From 73b4787043e1c5f253d34cd4de4c3089af4ca391 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 00:25:19 +0100
Subject: [PATCH 01/27] Add Tailscale (CCF) solution
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Microsoft Sentinel solution for ingesting Tailscale audit and network
telemetry via OAuth2-secured APIs. Targets the Codeless Connector
Framework (CCF) so no Azure Function code is required.

The solution ships two complementary data connectors split along the
boundary that Tailscale's pricing draws — configuration audit is
available on every plan, network flow logs require Premium or above.
Users install the connector that matches their tailnet tier:

- Tailscale Standard (CCF)
  - Endpoint: /logging/configuration
  - Plans: Personal (Free) + Standard
  - Custom table: Tailscale_Configuration_CL
  - Status: shipping in this release

- Tailscale Premium (CCF)
  - Endpoints: /logging/configuration + /logging/network (two pollers,
    one OAuth client, one Connect)
  - Plans: Premium + Enterprise
  - Custom tables: Tailscale_Configuration_CL + Tailscale_Network_CL
  - Status: scaffolded but awaiting validation against a real Premium
    tailnet (network flow log shape verified against Tailscale docs)

Files added:
- Logos/Tailscale.svg
- Solutions/Tailscale (CCF)/README.md
- Solutions/Tailscale (CCF)/ReleaseNotes.md
- Solutions/Tailscale (CCF)/SolutionMetadata.json
- Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json (manifest)
- Solutions/Tailscale (CCF)/Tailscale.svg (per-solution copy)
- Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/
  - Tailscale_ConnectorDefinition.json (UI card, OAuth2 form)
  - Tailscale_PollerConfig.json (single RestApiPoller, client_credentials)
  - Tailscale_DCR.json (Custom-Tailscale_Configuration_CL stream)
  - Tailscale_tables.json (Tailscale_Configuration_CL)
- Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/
  - TailscalePremium_ConnectorDefinition.json
  - TailscalePremium_PollerConfig.json (two pollers, same OAuth client)
  - TailscalePremium_DCR.json (two streams + dataFlows)
  - TailscalePremium_tables.json (both custom tables)
- Solutions/Tailscale (CCF)/Analytic Rules/ (5 detections)
  - TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml (Medium)
  - TailscalePolicyfileACLmodified.yaml (Medium)
  - TailscaleAuthkeycreated.yaml (Low)
  - TailscaleExitnodeadvertisedorapproved.yaml (Low)
  - TailscaleMasscredentialrevocationinshortwindow.yaml (High)
- Solutions/Tailscale (CCF)/Package/ (createSolutionV3 build output —
  mainTemplate.json, createUiDefinition.json, testParameters.json,
  3.0.1.zip)

Implementation notes:
- OAuth2 client_credentials auth wired with the PascalCase field names
  expected by createCCPConnector.ps1 (ClientId, ClientSecret, GrantType,
  TokenEndpoint, TokenEndpointHeaders, TokenEndpointQueryParameters).
  The earlier camelCase / Mustache-placeholder shape caused the build
  tool to silently skip Package generation.
- Parameter substitution uses the ARM double-bracket escape pattern
  ([[parameters('clientId')]) so that placeholders are evaluated at the
  inner deployment (Connect-click) scope, not at outer Solution-install.
- The /logging/network stream schema mirrors the Tailscale API response
  (logs[].virtualTraffic[], subnetTraffic[], exitTraffic[],
  physicalTraffic[]) — arrays are stored as dynamic columns and
  unpacked via mv-expand in KQL on the consumer side.
- Premium poller uses a single OAuth client with both scopes
  (logs:configuration:read + logs:network:read) so one Connect deploys
  both pollers with one shared guidValue.
- sampleQueries field added (required by Sentinel deployment validation
  — its absence returned the BadRequest "Required property
  'SampleQueries' not found" earlier).
- Support metadata follows the Community-tier convention used elsewhere
  in the repo (support.name = "Community", link to Azure-Sentinel
  issues) to avoid the duplicate-author rendering quirk in Content Hub.

Testing performed:
- Built via createSolutionV3 in -VersionMode local — Package generated
  cleanly, three valid JSON files plus zip.
- Standard connector deployed end-to-end into a test Sentinel workspace
  (Tailscale_Configuration_CL table created, UI card visible, OAuth
  Connect form renders all three inputs).
- All five analytic rule YAMLs validated against Sentinel schema.
- Premium connector files build into mainTemplate.json with two
  contentTemplates and proper guidValue / innerWorkspace plumbing for
  multi-poller single-card deployment (matches Proofpoint TAP pattern).
- Live Premium endpoint testing pending — requires Premium tailnet.

Breaking changes: None — net-new solution.
---
 Logos/Tailscale.svg                           |    1 +
 .../TailscaleAuthkeycreated.yaml              |   42 +
 ...TailscaleExitnodeadvertisedorapproved.yaml |   45 +
 ...Masscredentialrevocationinshortwindow.yaml |   48 +
 ...NewAPIaccesstokenorOAuthclientcreated.yaml |   43 +
 .../TailscalePolicyfileACLmodified.yaml       |   40 +
 .../Tailscale_ConnectorDefinition.json        |  108 +
 .../TailscaleAuditLogs_ccf/Tailscale_DCR.json |   67 +
 .../Tailscale_PollerConfig.json               |   50 +
 .../Tailscale_tables.json                     |   51 +
 .../TailscalePremium_ConnectorDefinition.json |  119 +
 .../TailscalePremium_DCR.json                 |   59 +
 .../TailscalePremium_PollerConfig.json        |   98 +
 .../TailscalePremium_tables.json              |   47 +
 .../Data/Solution_Tailscale.json              |   22 +
 Solutions/Tailscale (CCF)/Package/3.0.1.zip   |  Bin 0 -> 13726 bytes
 .../Package/createUiDefinition.json           |  200 ++
 .../Tailscale (CCF)/Package/mainTemplate.json | 2153 +++++++++++++++++
 .../Package/testParameters.json               |   38 +
 Solutions/Tailscale (CCF)/README.md           |   62 +
 Solutions/Tailscale (CCF)/ReleaseNotes.md     |    3 +
 .../Tailscale (CCF)/SolutionMetadata.json     |   22 +
 Solutions/Tailscale (CCF)/Tailscale.svg       |    1 +
 23 files changed, 3319 insertions(+)
 create mode 100644 Logos/Tailscale.svg
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json
 create mode 100644 Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json
 create mode 100644 Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json
 create mode 100644 Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json
 create mode 100644 Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json
 create mode 100644 Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json
 create mode 100644 Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json
 create mode 100644 Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json
 create mode 100644 Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
 create mode 100644 Solutions/Tailscale (CCF)/Package/3.0.1.zip
 create mode 100644 Solutions/Tailscale (CCF)/Package/createUiDefinition.json
 create mode 100644 Solutions/Tailscale (CCF)/Package/mainTemplate.json
 create mode 100644 Solutions/Tailscale (CCF)/Package/testParameters.json
 create mode 100644 Solutions/Tailscale (CCF)/README.md
 create mode 100644 Solutions/Tailscale (CCF)/ReleaseNotes.md
 create mode 100644 Solutions/Tailscale (CCF)/SolutionMetadata.json
 create mode 100644 Solutions/Tailscale (CCF)/Tailscale.svg

diff --git a/Logos/Tailscale.svg b/Logos/Tailscale.svg
new file mode 100644
index 00000000000..b7d6e8a1905
--- /dev/null
+++ b/Logos/Tailscale.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" id="Layer_1" x="0" y="0" version="1.1" viewBox="0 0 512 512"><style>.st0{opacity:.2;enable-background:new}</style><path d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8" class="st0"/><path d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9"/><path d="M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512" class="st0"/><path d="M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8" class="st0"/><path d="M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9" class="st0"/></svg>
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml
new file mode 100644
index 00000000000..9a163d91b35
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml	
@@ -0,0 +1,42 @@
+id: 6b052c8d-5de8-eab0-1956-69a297765a32
+name: "Tailscale: Auth key created"
+description: |
+  A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet — confirm it was expected and revoke if not.
+severity: Low
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Configuration_CL
+queryFrequency: PT15M
+queryPeriod: PT15M
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - Persistence
+relevantTechniques:
+  - T1098
+query: |
+  Tailscale_Configuration_CL
+        | where Action == "CREATE"
+        | where tostring(Target.type) == "AUTH_KEY"
+        | extend ActorLogin = tostring(Actor.loginName)
+        | extend KeyDescription = tostring(New.description)
+        | extend Reusable = tostring(New.reusable)
+        | extend Ephemeral = tostring(New.ephemeral)
+        | project TimeGenerated, ActorLogin, KeyDescription, Reusable, Ephemeral, Origin, New
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: PT5H
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml
new file mode 100644
index 00000000000..b6dcde87f30
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml	
@@ -0,0 +1,45 @@
+id: f42f2906-c8e6-23d0-e48c-0620e50d5510
+name: "Tailscale: Exit node advertised or approved"
+description: |
+  A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator — rogue exit nodes can intercept tailnet egress.
+severity: Low
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Configuration_CL
+queryFrequency: PT30M
+queryPeriod: PT30M
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - CommandAndControl
+  - Exfiltration
+relevantTechniques:
+  - T1090
+query: |
+  Tailscale_Configuration_CL
+        | where Action contains "EXIT" or tostring(New.advertisedExitNode) == "true" or tostring(New.allowedExitNode) == "true"
+        | extend ActorLogin = tostring(Actor.loginName)
+        | extend NodeName = tostring(Target.name)
+        | extend NodeId = tostring(Target.id)
+        | project TimeGenerated, ActorLogin, Action, NodeName, NodeId, Origin, New, Old
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: NodeName
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: PT5H
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml
new file mode 100644
index 00000000000..693a9e44e41
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml	
@@ -0,0 +1,48 @@
+id: f817e2fa-6fa0-fc25-5369-cef9b58771af
+name: "Tailscale: Mass credential revocation in short window"
+description: |
+  Five or more API keys, OAuth clients, or auth keys were revoked/deleted within an hour. May be routine rotation, but also a typical cleanup pattern after credential compromise.
+severity: High
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Configuration_CL
+queryFrequency: PT1H
+queryPeriod: PT1H
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - DefenseEvasion
+  - Impact
+relevantTechniques:
+  - T1070
+query: |
+  Tailscale_Configuration_CL
+        | where Action in ("REVOKE", "DELETE")
+        | where tostring(Target.type) in ("API_KEY", "OAUTH_CLIENT", "AUTH_KEY")
+        | extend ActorLogin = tostring(Actor.loginName)
+        | summarize
+            RevokedCount = count(),
+            TargetTypes = make_set(tostring(Target.type)),
+            TargetIds = make_set(tostring(Target.id)),
+            FirstEvent = min(TimeGenerated),
+            LastEvent = max(TimeGenerated)
+          by ActorLogin, bin(TimeGenerated, 1h)
+        | where RevokedCount >= 5
+        | project TimeGenerated = LastEvent, ActorLogin, RevokedCount, TargetTypes, TargetIds, FirstEvent, LastEvent
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: PT5H
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml
new file mode 100644
index 00000000000..7571356a77f
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml	
@@ -0,0 +1,43 @@
+id: 668b43fd-cf28-961a-85af-957850df5027
+name: "Tailscale: New API access token or OAuth client created"
+description: |
+  A new API access token or OAuth client was created in the tailnet. These grant programmatic access — verify the actor and intent.
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Configuration_CL
+queryFrequency: PT15M
+queryPeriod: PT15M
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - Persistence
+  - CredentialAccess
+relevantTechniques:
+  - T1098
+  - T1136
+query: |
+  Tailscale_Configuration_CL
+        | where Action == "CREATE"
+        | where tostring(Target.type) in ("API_KEY", "OAUTH_CLIENT")
+        | extend ActorLogin = tostring(Actor.loginName)
+        | extend TargetName = tostring(Target.name)
+        | extend TargetId = tostring(Target.id)
+        | project TimeGenerated, ActorLogin, Action, TargetName, TargetId, Origin, New
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: PT5H
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml
new file mode 100644
index 00000000000..cb63c61af5f
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml	
@@ -0,0 +1,40 @@
+id: 1e7249c2-1a9d-05fd-45cb-c859eef5b8ae
+name: "Tailscale: Policy file (ACL) modified"
+description: |
+  The tailnet ACL/policy file was modified. Review the diff — incorrect ACLs can silently expand blast radius across the tailnet.
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Configuration_CL
+queryFrequency: PT15M
+queryPeriod: PT15M
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - DefenseEvasion
+  - Persistence
+relevantTechniques:
+  - T1556
+query: |
+  Tailscale_Configuration_CL
+        | where Action in ("UPDATE", "CREATE")
+        | where tostring(Target.type) == "ACL"
+        | extend ActorLogin = tostring(Actor.loginName)
+        | project TimeGenerated, ActorLogin, Action, Target, Origin, Old, New
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: PT5H
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json
new file mode 100644
index 00000000000..696ab22b6b5
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json	
@@ -0,0 +1,108 @@
+{
+  "name": "TailscaleCCF",
+  "apiVersion": "2022-09-01-preview",
+  "type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
+  "kind": "Customizable",
+  "properties": {
+    "connectorUiConfig": {
+      "title": "Tailscale Standard (CCF)",
+      "publisher": "Custom",
+      "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
+      "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration` endpoint) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Personal (Free) and Standard tier tailnets.** For Premium and Enterprise tailnets that also need network flow logs, install **Tailscale Premium (CCF)** instead.",
+      "graphQueries": [
+        {
+          "metricName": "Total config events",
+          "legend": "Tailscale_Configuration_CL",
+          "baseQuery": "Tailscale_Configuration_CL"
+        }
+      ],
+      "dataTypes": [
+        {
+          "name": "Tailscale_Configuration_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Configuration_CL')]"
+        }
+      ],
+      "sampleQueries": [
+        {
+          "description": "Recent Tailscale configuration audit events",
+          "query": "Tailscale_Configuration_CL\n| sort by TimeGenerated desc\n| take 100"
+        },
+        {
+          "description": "ACL policy file modifications",
+          "query": "Tailscale_Configuration_CL\n| where Action == 'WRITE' and Target startswith 'acl/'\n| project TimeGenerated, Actor, Action, Target"
+        },
+        {
+          "description": "New API tokens and OAuth clients created",
+          "query": "Tailscale_Configuration_CL\n| where Action == 'CREATE' and (Target startswith 'apikey/' or Target startswith 'oauth-client/')\n| project TimeGenerated, Actor, Target"
+        }
+      ],
+      "connectivityCriteria": [
+        {
+          "type": "HasDataConnectors"
+        }
+      ],
+      "availability": {
+        "status": 1,
+        "isPreview": true
+      },
+      "permissions": {
+        "resourceProvider": [
+          {
+            "provider": "Microsoft.OperationalInsights/workspaces",
+            "permissionsDisplayText": "Read/Write on the workspace",
+            "providerDisplayName": "Workspace",
+            "scope": "Workspace",
+            "requiredPermissions": {
+              "write": true,
+              "read": true,
+              "delete": true
+            }
+          }
+        ]
+      },
+      "instructionSteps": [
+        {
+          "title": "Connect Tailscale",
+          "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** scope. Find your tailnet name on the Keys page.",
+          "instructions": [
+            {
+              "type": "Textbox",
+              "parameters": {
+                "label": "Tailscale tailnet",
+                "placeholder": "tail-XXXX.ts.net",
+                "type": "text",
+                "name": "tailnetName"
+              }
+            },
+            {
+              "type": "Textbox",
+              "parameters": {
+                "label": "OAuth Client ID",
+                "placeholder": "k...",
+                "type": "text",
+                "name": "clientId"
+              }
+            },
+            {
+              "type": "Textbox",
+              "parameters": {
+                "label": "OAuth Client Secret",
+                "placeholder": "tskey-client-...",
+                "type": "password",
+                "name": "clientSecret"
+              }
+            },
+            {
+              "type": "ConnectionToggleButton",
+              "parameters": {
+                "connectLabel": "Connect",
+                "disconnectLabel": "Disconnect"
+              }
+            }
+          ]
+        }
+      ],
+      "id": "TailscaleCCF"
+    }
+  }
+}
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json
new file mode 100644
index 00000000000..2eddd667b5c
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json	
@@ -0,0 +1,67 @@
+{
+  "name": "TailscaleDCR",
+  "apiVersion": "2021-09-01-preview",
+  "type": "Microsoft.Insights/dataCollectionRules",
+  "kind": "WorkspaceTransforms",
+  "properties": {
+    "dataCollectionEndpointId": "{{dataCollectionEndpointId}}",
+    "streamDeclarations": {
+      "Custom-Tailscale_Configuration_CL": {
+        "columns": [
+          {
+            "name": "eventTime",
+            "type": "datetime"
+          },
+          {
+            "name": "eventGroupID",
+            "type": "string"
+          },
+          {
+            "name": "actor",
+            "type": "dynamic"
+          },
+          {
+            "name": "action",
+            "type": "string"
+          },
+          {
+            "name": "target",
+            "type": "dynamic"
+          },
+          {
+            "name": "origin",
+            "type": "dynamic"
+          },
+          {
+            "name": "new",
+            "type": "dynamic"
+          },
+          {
+            "name": "old",
+            "type": "dynamic"
+          }
+        ]
+      }
+    },
+    "destinations": {
+      "logAnalytics": [
+        {
+          "workspaceResourceId": "{{workspaceResourceId}}",
+          "name": "sentinelWorkspace"
+        }
+      ]
+    },
+    "dataFlows": [
+      {
+        "streams": [
+          "Custom-Tailscale_Configuration_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "          source\n          | extend TimeGenerated = eventTime\n          | extend EventTime = eventTime\n          | extend EventGroupID = eventGroupID\n          | extend Actor = actor\n          | extend Action = action\n          | extend Target = target\n          | extend Origin = origin\n          | extend New = new\n          | extend Old = old\n          | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old\n        ",
+        "outputStream": "Custom-Tailscale_Configuration_CL"
+      }
+    ]
+  }
+}
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json
new file mode 100644
index 00000000000..241b54d2e59
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json	
@@ -0,0 +1,50 @@
+[
+  {
+    "name": "TailscaleConfigPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscaleCCF",
+      "dataType": "Tailscale_Configuration_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Configuration_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        "TokenEndpointQueryParameters": {
+          "grant_type": "client_credentials"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/configuration')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 5,
+        "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+        "startTimeAttributeName": "start",
+        "endTimeAttributeName": "end",
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$.logs"
+        ]
+      },
+      "isActive": true
+    }
+  }
+]
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json
new file mode 100644
index 00000000000..4b8c5f69af9
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json	
@@ -0,0 +1,51 @@
+[
+  {
+    "name": "Tailscale_Configuration_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Configuration_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "EventTime",
+            "type": "datetime"
+          },
+          {
+            "name": "EventGroupID",
+            "type": "string"
+          },
+          {
+            "name": "Actor",
+            "type": "dynamic"
+          },
+          {
+            "name": "Action",
+            "type": "string"
+          },
+          {
+            "name": "Target",
+            "type": "dynamic"
+          },
+          {
+            "name": "Origin",
+            "type": "dynamic"
+          },
+          {
+            "name": "New",
+            "type": "dynamic"
+          },
+          {
+            "name": "Old",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  }
+]
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json
new file mode 100644
index 00000000000..41d58f8cff4
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json	
@@ -0,0 +1,119 @@
+{
+  "name": "TailscalePremiumCCF",
+  "apiVersion": "2022-09-01-preview",
+  "type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
+  "kind": "Customizable",
+  "properties": {
+    "connectorUiConfig": {
+      "title": "Tailscale Premium (CCF)",
+      "publisher": "Custom",
+      "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
+      "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration`) **and network flow logs** (`/logging/network`) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Premium and Enterprise tier tailnets.** For Personal (Free) and Standard tailnets, install **Tailscale Standard (CCF)** instead.",
+      "graphQueries": [
+        {
+          "metricName": "Configuration audit events",
+          "legend": "Tailscale_Configuration_CL",
+          "baseQuery": "Tailscale_Configuration_CL"
+        },
+        {
+          "metricName": "Network flow events",
+          "legend": "Tailscale_Network_CL",
+          "baseQuery": "Tailscale_Network_CL"
+        }
+      ],
+      "dataTypes": [
+        {
+          "name": "Tailscale_Configuration_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Configuration_CL')]"
+        },
+        {
+          "name": "Tailscale_Network_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Network_CL')]"
+        }
+      ],
+      "sampleQueries": [
+        {
+          "description": "Recent Tailscale configuration audit events",
+          "query": "Tailscale_Configuration_CL\n| sort by TimeGenerated desc\n| take 100"
+        },
+        {
+          "description": "Recent Tailscale network flows",
+          "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
+        },
+        {
+          "description": "Top talkers (by bytes) on the tailnet",
+          "query": "Tailscale_Network_CL\n| mv-expand t = VirtualTraffic\n| extend src = tostring(t.src), dst = tostring(t.dst), txBytes = tolong(t.txBytes), rxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(txBytes + rxBytes) by src, dst\n| top 25 by TotalBytes"
+        },
+        {
+          "description": "Exit-node traffic (data leaving the tailnet via an exit node)",
+          "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| project TimeGenerated, NodeId, SrcNode, ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)"
+        }
+      ],
+      "connectivityCriteria": [
+        { "type": "HasDataConnectors" }
+      ],
+      "availability": {
+        "status": 1,
+        "isPreview": true
+      },
+      "permissions": {
+        "resourceProvider": [
+          {
+            "provider": "Microsoft.OperationalInsights/workspaces",
+            "permissionsDisplayText": "Read/Write on the workspace",
+            "providerDisplayName": "Workspace",
+            "scope": "Workspace",
+            "requiredPermissions": {
+              "write": true,
+              "read": true,
+              "delete": true
+            }
+          }
+        ]
+      },
+      "instructionSteps": [
+        {
+          "title": "Connect Tailscale (Premium)",
+          "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** and **Network Logs - Read** scopes. Find your tailnet name on the Keys page.",
+          "instructions": [
+            {
+              "type": "Textbox",
+              "parameters": {
+                "label": "Tailscale tailnet",
+                "placeholder": "tail-XXXX.ts.net",
+                "type": "text",
+                "name": "tailnetName"
+              }
+            },
+            {
+              "type": "Textbox",
+              "parameters": {
+                "label": "OAuth Client ID",
+                "placeholder": "k...",
+                "type": "text",
+                "name": "clientId"
+              }
+            },
+            {
+              "type": "Textbox",
+              "parameters": {
+                "label": "OAuth Client Secret",
+                "placeholder": "tskey-client-...",
+                "type": "password",
+                "name": "clientSecret"
+              }
+            },
+            {
+              "type": "ConnectionToggleButton",
+              "parameters": {
+                "connectLabel": "Connect",
+                "disconnectLabel": "Disconnect"
+              }
+            }
+          ]
+        }
+      ],
+      "id": "TailscalePremiumCCF"
+    }
+  }
+}
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json
new file mode 100644
index 00000000000..59c721ead6e
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json	
@@ -0,0 +1,59 @@
+{
+  "name": "TailscalePremiumDCR",
+  "apiVersion": "2021-09-01-preview",
+  "type": "Microsoft.Insights/dataCollectionRules",
+  "kind": "WorkspaceTransforms",
+  "properties": {
+    "dataCollectionEndpointId": "{{dataCollectionEndpointId}}",
+    "streamDeclarations": {
+      "Custom-Tailscale_Configuration_CL": {
+        "columns": [
+          { "name": "eventTime", "type": "datetime" },
+          { "name": "eventGroupID", "type": "string" },
+          { "name": "actor", "type": "dynamic" },
+          { "name": "action", "type": "string" },
+          { "name": "target", "type": "dynamic" },
+          { "name": "origin", "type": "dynamic" },
+          { "name": "new", "type": "dynamic" },
+          { "name": "old", "type": "dynamic" }
+        ]
+      },
+      "Custom-Tailscale_Network_CL": {
+        "columns": [
+          { "name": "nodeId", "type": "string" },
+          { "name": "logged", "type": "datetime" },
+          { "name": "start", "type": "datetime" },
+          { "name": "end", "type": "datetime" },
+          { "name": "srcNode", "type": "dynamic" },
+          { "name": "dstNodes", "type": "dynamic" },
+          { "name": "virtualTraffic", "type": "dynamic" },
+          { "name": "subnetTraffic", "type": "dynamic" },
+          { "name": "exitTraffic", "type": "dynamic" },
+          { "name": "physicalTraffic", "type": "dynamic" }
+        ]
+      }
+    },
+    "destinations": {
+      "logAnalytics": [
+        {
+          "workspaceResourceId": "{{workspaceResourceId}}",
+          "name": "sentinelWorkspace"
+        }
+      ]
+    },
+    "dataFlows": [
+      {
+        "streams": [ "Custom-Tailscale_Configuration_CL" ],
+        "destinations": [ "sentinelWorkspace" ],
+        "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
+        "outputStream": "Custom-Tailscale_Configuration_CL"
+      },
+      {
+        "streams": [ "Custom-Tailscale_Network_CL" ],
+        "destinations": [ "sentinelWorkspace" ],
+        "transformKql": "source | extend TimeGenerated = logged | extend NodeId = nodeId | extend FlowStart = start | extend FlowEnd = end | extend SrcNode = srcNode | extend DstNodes = dstNodes | extend VirtualTraffic = virtualTraffic | extend SubnetTraffic = subnetTraffic | extend ExitTraffic = exitTraffic | extend PhysicalTraffic = physicalTraffic | project TimeGenerated, NodeId, FlowStart, FlowEnd, SrcNode, DstNodes, VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic",
+        "outputStream": "Custom-Tailscale_Network_CL"
+      }
+    ]
+  }
+}
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json
new file mode 100644
index 00000000000..3234b26713a
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json	
@@ -0,0 +1,98 @@
+[
+  {
+    "name": "TailscalePremiumConfigPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscalePremiumCCF",
+      "dataType": "Tailscale_Configuration_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Configuration_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        "TokenEndpointQueryParameters": {
+          "grant_type": "client_credentials"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/configuration')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 5,
+        "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+        "startTimeAttributeName": "start",
+        "endTimeAttributeName": "end",
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$.logs"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscalePremiumNetworkPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscalePremiumCCF",
+      "dataType": "Tailscale_Network_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Network_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        "TokenEndpointQueryParameters": {
+          "grant_type": "client_credentials"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/network')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 5,
+        "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+        "startTimeAttributeName": "start",
+        "endTimeAttributeName": "end",
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$.logs"
+        ]
+      },
+      "isActive": true
+    }
+  }
+]
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json
new file mode 100644
index 00000000000..d42945375ce
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json	
@@ -0,0 +1,47 @@
+[
+  {
+    "name": "Tailscale_Configuration_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Configuration_CL",
+        "columns": [
+          { "name": "TimeGenerated", "type": "datetime" },
+          { "name": "EventTime", "type": "datetime" },
+          { "name": "EventGroupID", "type": "string" },
+          { "name": "Actor", "type": "dynamic" },
+          { "name": "Action", "type": "string" },
+          { "name": "Target", "type": "dynamic" },
+          { "name": "Origin", "type": "dynamic" },
+          { "name": "New", "type": "dynamic" },
+          { "name": "Old", "type": "dynamic" }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_Network_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Network_CL",
+        "columns": [
+          { "name": "TimeGenerated", "type": "datetime" },
+          { "name": "NodeId", "type": "string" },
+          { "name": "FlowStart", "type": "datetime" },
+          { "name": "FlowEnd", "type": "datetime" },
+          { "name": "SrcNode", "type": "dynamic" },
+          { "name": "DstNodes", "type": "dynamic" },
+          { "name": "VirtualTraffic", "type": "dynamic" },
+          { "name": "SubnetTraffic", "type": "dynamic" },
+          { "name": "ExitTraffic", "type": "dynamic" },
+          { "name": "PhysicalTraffic", "type": "dynamic" }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  }
+]
diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
new file mode 100644
index 00000000000..e90cbcef696
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -0,0 +1,22 @@
+{
+  "Name": "Tailscale (CCF)",
+  "Author": "noodlemctwoodle",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** — Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** — Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Tailscale (CCF)",
+  "Version": "3.0.1",
+  "TemplateSpec": true,
+  "Is1PConnector": false,
+  "Data Connectors": [
+    "Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json",
+    "Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json"
+  ],
+  "Analytic Rules": [
+    "Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml",
+    "Analytic Rules/TailscalePolicyfileACLmodified.yaml",
+    "Analytic Rules/TailscaleAuthkeycreated.yaml",
+    "Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml",
+    "Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml"
+  ],
+  "Metadata": "SolutionMetadata.json"
+}
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.1.zip b/Solutions/Tailscale (CCF)/Package/3.0.1.zip
new file mode 100644
index 0000000000000000000000000000000000000000..38245235a0ec7fb220f34daca7cffcf2e7f5135f
GIT binary patch
literal 13726
zcmZ|0V{j%+)Sw+>!ihbxZQHhO+cqY4GO=yjp4hpgJGRYlo_)VRyIb4+<8*hOI$h1W
zy80YN8E^<R5D*X;5LobP-IE=_F5C|gkP<Qw5X^tACeCI?u4ZahqGsk+_ExS|4)*lc
zE)MpW+Mo8gV?V!l6qwrCk>iQt8;y%96e$d?c-W|Uf@?@AMM<=_5#w<$FLm9YMVTss
zct!K_<I^ap%&$W{(9C#h4<RhS6J0%;n(lA2;&YZ2JU|KsI$gs$BIAg(y$ss-CyKq3
z4+bOQU0C^l3Z!8qr`)||W#N%~Bo{du-6{jUnVTqi{T~mA=u?&S6Qy#~Hmd6G4}2t!
zkme)Xv|&luw71VHr0KY{-%N2dJ+M@p(=Bs|hnjn8D(k}Pi6!D!#KvwG@j(J9$(mHP
z-r<p{o@3vXG_moAlr1BQj)sIeQ|;5kJy7(l)qv-6--UPZ*>b=B>NIIK$TJ^m92UA-
zsxaru4T-~Ys|t)U%z2tADmVjqHzr`s4#+Kpt<rzQMs@u?`dOX&Pz8N|qVODD<pn{b
zx<1)9n>RhZ2_G>#zJKcoQ-%{JQr|8Lm)l>5oL0<MlR9A-B-02p$;r@s#PP9}NUxP{
zVyNHu@!{Y}aIyLhb3EIyH?7l=9wNRhJ)PxtkI|rXBQ{-KbRZ!S@eALNJB#n@<YYG4
zJGx#ZX)5Co6ywA;41)+0SCcT?081NJaVAwyXgEyLnZxOEG<KI>QDc}1&9X<4ynJRw
z2@$72Tv3-p-+#*-R>rMWnA0J3?FUfjxIt*I<~7Z<K#ZAn1=Nh$bz5la2e0+tc>sbg
zHK>8SOdmH6kE~2IN@<yb?pgq+FJ*UNO3c7gvRl4viG0_7J_hzUA#JD#tf`?$$>oK*
zrP1C#(9wRB5zl_7?`BZahz#DmY3$!z{2L`hMp!*n4a|oaRVuVxX2^gCs+?A-EW1<}
z>&^(Q?_t6-KBB@rH?#22Zi85i5Z1aq3m%xxOuh#!FH;3Q*`zv|&H(W``rVRo?c_%+
zvp+o4=bsBmTDF=ULS|ohfWl*EFTrCi?KjE(Jcc^gg%u<3@*q~qz&Ti22?JfLH9QTp
zzZt1^53J&_tC^%qD-dfNJQ-VR=>)GzgA0$qMH@~U^3kZ~qcR+>Si9hMf2q(EQJ4q0
z#9(=xtA(@mMWiD8?j-pBn*2uCj9fFDyT2AISmZi&f_tEpN`?HiNN-#>Q%Zz~Xq!1V
zs|cbp1z~XMgZh;^k!u1zVsW<|_31BGZjqsAd&-YcA-EBY3n#GniSX1|mJJ8OW|AA~
zo<QJ@*5wnyj;TGrl%e<txnsGR*Bv8gv%hnO_5)*iKo>d%9y8UbiwgrRRsHYcjblU6
zxccT4=-lIgvDgq{)0Zk*_aIzMkHRiDb{^O`aa#(KhtVpu+;r|2#H;(@dsMU)!I?~H
z+VTe<L03AJaOth$DXcHp)sAM^_s3{}E)7+z$a)P;2@U3!az{-8NTQfTiQMhdLP?UE
zAOAJ7VB150mLYoHl@-8RcEgTGXS-Scgksd`&=oa2lt%Qoy)vthLa6w8h?0Z(%6>gz
zrzgTCtQj>zXts;)Qi0F<*Jq^(wOqxTMJZlS!eDgH^Ck%u6_YDrfJ)M$<d89hO(;Ac
zW#33~DZFSb0dx&QXRzBauvMC?Wp2$?)F;f|_a&^PaV=HX5pa7V%_Z*P3csC(Pw&y$
zXOj!CuL2b=JKsY#F=Kh4Sai^S<ym-<`$^fVZ+V*~YsXKw6cf`{>=PaNkZBAoVxec3
zDe2G(9Wl2dh4v@oB|KMFBMUulIYV}Zj=)igZ=B*LBN2(1`a9c{0C6c;H1T0Q$FfBz
zui4}2iq&`FyvrIpb3HKpyImu;*VA=n$WRrg?+2j7R2c}p1%o#nl~fdhc(%i?$d4I@
zv+DO0QZ!UFbPFuoAL@d>ojU21kl=W?|8%#{Qp!!1BG9HLSlDolYSGL$KkI>^Y?gEq
z(^i*=z#O0=<aP{*JuWE`b}lrasS#?bn>ay)=caV*Lxh^qDTwj#5rH^d6;2=jRdlb5
z7V;xFgc=J9+OPlD@B~?Me12&(aKJ+MyS>g0T!ErlTqi&#B}QVd8vxhANiZPj^%p!(
zSTiC7hX-0<n#O0gXy40~5sVzJO5Bk#Ui_X?vhn-8DunYYs3W|ok+O~~B(9~^s!T-L
z=-e!aEPHGZK`NN#sFiCQE<XnaP@-i?bSwKxIC>5vQm6mgqSNV)^5|c1700Lly7j}^
zgfSbK`dwA}VC(@IwzeInJ`%%Wxw~~RctklQg%D(R=Blt+zwP=%a`%_2Ftuzs9fy({
zo|@mn+Tv6zFs0x1bbi|v4_|08!{wL~G*<KGl`_=Y;B2JSWqewiEKKTk97?UJo)7i5
zf&DbC+iqiH0I0+5RGr$<?o%ayfdABeE&QszqYgKI1XEhM=ijCWD=S^q363vSA#<mG
zHCGaD;<tD%XT5D=&TEf#edG5?Am{t=9-q7|^iaxp`tuV>d}98)=-{&GVCKpQ=%%Lz
zSh=ooS@bi|>)@<_^+u2~y0s}twT&ZIVo@-XWE!l!-%~sA4Okap&M6wH!nHZq2m0%&
z*_plddktPrqXJ-T4#0H68}#)p2VAB(MqOBFtwK7+CbpD^?WeJXPd!kpuE}uxPA8}f
z#!&bqN(>qjw>ar?%0BKLW|DY6)hD3KOnc_`)u$YW7~cU`sY5<BuCenwy&;|hu+g0o
zg}uNHZx{Gk$7ygAWUI*{5d}=kK-&N)jRLu=yDlP#x~fKl9KV7WdroigG;bp=$a{9`
zx-gq1dwHivECygSR78T75ieRAGtHf@<H<6f*RXGtI$ag8pj<pI96O9ASI_eT%=G#7
zkO%DOgdN01TDt@{H;@p%v?&?OImx<Wn}hes-L(w~skh1MsAX||qWGkID#J2GuJhSI
znJ#_ce6rY-E*`bC2^I5=r;HV+jw4V5(!{VJ?A|a;wFG<sr=6gaAB~g01HmyArn7(g
z(lkcFe=3FuXBi6;8z(oE2_7dEKa>k0Mcgw!ysnf~zY+~JmaIn0K^|n;%?6waO73LZ
zZYD(YC{{x(12HVd=r)NSc?kvHkJEOu3&EDRQ<(r>3WA7X-W#1Bmo73`BK8`W=GmX7
zdP&|xe{FYITf-ih;!&PXh-ctzWD=*u7#!p{yQm$)V2WD)epp#o%f&)V32!_B^`SW_
zy?Ix)fS8VxWen6QH!`2^KngE-Zwo3Y8w_jI-O&ucDX(Q|m+V5<>Sbh2TDiuQdk(;5
z<x@`|KY<xjve)9Ajq#5CUA4PNUcmN^B$~>05PBVg9qJn~xyD>yxIli>{Pqi0hRmba
zaAH+MIC??DqX_JyRIy?%!5XcUHh;I-93j$?@$`kTq`N+aCgK~vwKmV(=U$iEPw6Rq
z9}pevbgWOyZ9skgv5RkUFesU8+jpMr8!C_@++{9?<;nqQ+q;|V;!s2qxfPGN672Q?
zV&-rlh0u>YtprOwU8wE!*0ULGdAS`6DE@E!s3S7nl}Zf)B2Wej^79`*+8J5dtD4z4
z+Ww=+{~<@eS7!ic>+`qQkCZD}FDtvW8e0zeRAN9wC*7DGP0n-$tE@1J?e7ERd^4}o
zsw)v+g&V#Nza$-KT~TESOu954^HS@Lq<TC&JP>Gs?8BW|Wa`flDiP+vlGSq7gH6*q
z8@A)DGnjKvL2=PzHD3pv;z}%%XAX6nB@cbIGoREqc{#FDbJ={|_!wCP7v&!F@GpZB
z=H@yqZVK-25X~4IZr3K2nxXIPJc&>fbeEIwe?177huZP8(o&Y=hF2yg4vy_1DG4=m
z2G3xjbuhAKsfb8yUgA6=z&$c9X9TkavjZ-RY8F^RzfgKI*9J)jqee<Ut-^x~V83xg
zrG1T2EOVWr&%oPE^3%>JM1S2Fow9A*_Nhtz0^odu+q9NHP80vFrwi+Dg9mJGR(k9C
zA~mDow*gR8XstUBQsfchY{i$DI~%zcV3neNw+G4o#Tr~GAACjF3w3%pjsl1s8e6XY
z(dJ_FJjAcSGm%k)Pc08n|M@10yo^nu8K(a87s|u&TD^Tn6uR<l<OgbOgeo@iWP&uU
zw~XpiTTCLQ|AMeT<SzBcyUd5i4Q9cDt&i3V&Y__^zn==c-hi*mel~n4Bi8s&>0#d2
zo6^t%X-FopV30vD@Ov1s7)#NhKK4l!q4muh|DCmsw_N6vUCl$2Bx#Mb2LHP^VQvDh
zJ%3|(MVYaUP?fNP+XPJrw+dtIzb7uPLay>|g#)3?gLW+b@I;w>BP7hT-P4l%a~T?E
zJ?wKJI8NbQ$N3q4=(gP7o~(ag$XVDXIYR90?A0o?#c|n)P+!9_ZK0Lep65QMFEDh_
z46I1&(?4$xwsQKFT`6cKCLvo7x2$_Q_t9_sugjTmot7P1w)p>8EmYi1m)X0RyiJAA
z)|~#~@+bq;98dd8Y;9tB$yWF?Mv-9<t#ES}g%DY=1(4OpGXJ30>^tqhNHNsk2(LvA
z!&UF{BgcJ>cN98)I4l3+fG$>W`%!!miiKw=Rt|YB8;YICws&ceB$UEIU8%fI3E=)r
zm&424g1_N_p1{=sO(R_`3ZF3#$9kbVxBPTh=a!zAv2>Mpn%-JKa$9DlRE3#uRDz?I
zP=~wz7}yEy*S7SDPRm^v5<_2Pwy%(;RliU7T*d@?;uIl_O}acuIfRnm{v{@{jz2<M
z9S!+yLsHg0Db8KCRO??~m@cafc;PC>=(3*ds7XZ9SQQ2G47hN;G<6AGzi5P?a=nvi
z&h!|z!@a-Wr)&6h`Lz^2;4;wE<zDYjPLW?}=(8Dg+paA8H*I?|*-@^=wXr}T<)7{{
zL>lX)DEN{$vl=^<AHyPL3*%~a<`D${{L!68FI(6zYYJeqffcn+Q7OUHQ97OGj7&H}
z<sh+0E7*{B9Xosp55<sF<e}s^7hDwg0@uOaLpn%s2PPb~64lUGzEv{L?KLOaNy<my
z3a@3~hNVnst=kok+mke1aFb0$k8abHD6J3FElKyRYtZ<}9aa{0+x8L{?{s@dMajD3
zMo-zNU9n8ro5(e0*&(l+wKe#!PqP+pHg;tZcXef&X{7l2t2wZzq+6F%B&DMV*PW&2
zXiOic9@jbUFGpj}W_h*|C2wt!U36i0&eC>uoo{%sAP{$5T=56{aZDvRPhIK%zPK_=
z(^G2fTRq{>U(VA=Nk8x^X{cJEF}*HPt`Klol4`1D&*E{*yttyH@6!6ujE_yymTky5
zeV5O9`j)K7Bwg1u+Pa<je^$Pok0GrdoDRKyt<w0F%vZB|<n>ij7Jr{rzTS;Q<8P)<
z*t@_sW)-~uZ3O71Uzp>Fy06>ugRM_97o)8|cKwcXhyya&T>-rmc;&&P%#=3kt~!H3
zxk+5-RKA7sA8`Co!E=Qox}t817}RMUb=<WM>k<QZvsgj6*w141j$f;dwGYygZktI#
zwq-P7h0G6xNjX{%+{*f`uwD^)pHg~9P%iqQ!&<>pGekAkp||oNZy!0F$D$CoWaoj?
zFR|2K)+h-;X6cP9-psK{1cFF+(<BZ*w6`mysb=_O&1|T8uiKtJ4+)|>UF55jfPSG#
zSp)@h&~LanH*_6qm{%m_Tij(xeCUDNkVEl|v)ua7(S|pReaf1kl6$&nTPQ8o`>S`2
zleRe)>6fx~zQK3QgAr!T%gu6s&;DB;`6A^2^tSyMHjK3w;bD0xlct=%9cnL+4!R9?
zfEZj7Z={PqbYxmVLLJVQpOS#^?Xr+H<9^i1mTDTBwLZTRC3e!4l%<#8KTM4I@QgQX
z_(0H#2EYJ=2gzk$9V5x?^Q6UCS!`XhhmS_ymF;1#{Ozrm9v7p%g8Q<b+rs9h{GYZ-
z$&O3?w$ZJpDj&DvxtZGp1N@BV$@il3x*l$|xPax9(O;-;4~g#EHXIh1eeQj}E39HZ
zUaJMyPc!t~`-pz4uHS%{x7SslkJD5?_xTQ<4*uet{ko&oS?hOekDE%DEgV-sO^$sX
z3+E-iJol;(L+aN3(eitIU-n7a;}uh1nE&nZ{SkC0$Lrk7(AV9m#?zy5g#W9nwcpm~
zqx$Dk_ba2d^_l(W;l!0yj&JAUOzrik0e>ED&U0Vi+2#^%8KzI{%mDDfwXyB}u(!*_
zc`M8xcWXlbzIb(=r{jy6v*&8#7ya2@SNwCtzP(S~I+rDae4W5XSu@)e9^S^Ujhcyw
zR!g`q471dCLBHd!o|%F4_vCZX%WeU)fBkId>3w+D5j3And~VAeek$R&?SSscZ?#@`
z^#pBwF7*iXtaW+3p*6Sr3F&a?`aX9|b*+NGr*OOGK7jRo&iC+i5Wsh?M##mlEN)-B
zYg|JCU>DXe=F<DJ@%wNquc1Tgpxrjk{nme)oZ`zj-biI~vWA~H2DtQsdqX{)78C47
zubgkUU8p#0;}i7nRD7K22W;|nT)}rfNBB^zN~~_Z$Gdxgx$Hk&-;5S%Jh)vi;EQBQ
z)UlLZd0f48dm;K!oasMmhuB|3ZRpE<H@U2=bLCvf-A#Cut(W-l5Zdr7#CKtzVndv+
zcb(y1`Lzdr?U(^2t{)5?p&$M&+}r5@W<tnqy3|&(9~VMimog6b!`9>Sdy&uDV#?Oe
zSQGDCkH7TuSx(5+R>afxmb2-*IkIl_wl3rtUT)uvovFdyXy4-HXD7MVZ(vr_^*2hu
zC<Luy=US&yYy+p?EWDfvs7c4AofuwNtIGk2ZB>ec1IaWNWAm$p919e9C6aZ4ascrj
zKZre1rHhGmpD{}%(p*H^bOb`NWy%R26^0Vfqq>25WBZHp?;NGbmlIyY4i5<i_#wC*
zfmWz3QFYbge!7Y=QCvkS>P#g7a57$>@P0-kO>ma2St?e5*@m?z^7rRT2GPZ7f;{I5
zet8|X3DaC-ed5rc@YXhP*Y=v<r~y8JrlP9Rdmlq1mzOR%TAU(o@9({41SKEQb}>jo
z;w8io6NHz=GH_A*FrbNUSsb$v)bM<q??OOxNYi7HA8{SR8<ZlSloerXuSpKt*ResQ
z@K#{yVphg|{pe!jF*bgN^MKlMHYG$g&S#?kIqnLK{_?lpH{2&QlMm}4Mh``~goJ58
z=rubq{#g`SEu&l~FmoIhB*#q%iiww*jk)bZ^kUkun;WURB10^fTJu{PGg{_TAQBrx
zLIV}e7z-?TSEK*;oO};GP{FIfsC9#4oRzgwRx!^SA{IXNslp{*)7LOAQC|j&H~-VG
z`S!GXk!KUROBP87eDLS~+MccKE3%!TSe2b1-y$=}0|HAiJOXyw3liHyBVbT^%~^W1
z+-*f@vz>?=_2D=E`c?w=#kk<&9oG`SfUOtpM$CSql*4#&YtV4Gz<m>_`!0IK<i@Bv
zHw$WJhSy~W^v|9W--T963XGB0^n8y*{!!Y{+Iq2xp|%X`m*3VYL)pWqipF>@S&(*1
zB#@LmE=+-|kvi;NX-Zep<PG8}pryzGb%+Dx7WCYNhk4l{GYH#NIoJsa(oPu<;Lt4R
zi9A;q37R#2!4u+!y!@n~B+t&=LH0J=L7!AIdZk$APYW2Y>2h?1xn{e)I%e=gP8J&5
zjh47oT9Xx`B>vG0!A?oE-(NoF9pHXbjUz|S15sRK6({?gSH{@{k#{u=jp^P#h=bmi
zsA3r;ND#|0pvzU8HadZMn)pgRqcF#+zv}<2ttYG<3a+%a>FmMqgVJ>c3u3jkB_bzK
za~F30CJ(<n?}+2-rYY@9gcTttNbuxio#f(LP2$Adm@}Nv#rA+5#JM&j`S*CGDGUR$
zc@#(a2{PcQkI&6*(t%m4@dtc;bWCcoiMTn4;;{#%H0ExcDwC^w3nQ!(ClDOP2Y$x!
zw&8nS;T@QM$+b{p4nSgERoBJ6skpocQ>yzrS#X%{RZ67dZ9=a$G#FL9n)j1A(KRu$
zrCwo&1c`62XXC!zk&i6D$ai-*y~~&+NNY781${4PXD5B!`3aRIhW`X*{0vB2(SC6;
zMbvnFJIrj0a6LNd`tqHjr@A)gsq)6W*Bf;1Q_NiZ!;fC~$*23&+ctjicV=2TciciB
z(F|$Ze*h4spS2~PJ(0*q6YjfhS_<iO38kT<%QqG#qP(~tXrY4Igftv8{5<~Ufx@Qb
za49Rt0$@dmE^FCh7bnq);BmO92Z5PUlr4Ibn=>>Le4Xn>q4tKOMbG}O^8|5^Wj04m
zvm=Znf}2NQ_lBC!#Z}M@7o>0P)&1@a4d+|Gb1!GSO9X$>oL@i43xK}7w~ZLQm-eHW
zG9q+}0dwg_-w=2i7n&X928Yi&6fiZtGQUm2*q5aOe6)+*oCH$haBfh5VAR@)l7Y^r
z@5%lyST7pZu><Qqhzb+z1yzy-GwkNlV4}dAoHUHP3l4>0=pH`TSn}|LOfj73;1mhw
zp1+NxrYQtn8P|U8#~1bLiD9JW&VTz8HD}Vi7g5qbw`8W6fFJ(X^NdCQ@c==d1*$j9
z{VUl3gPf?IV+>7-x12AHSz|U+crH47-f43H@0Zo6CcEwFIb=4z6u>)Ngv7s)Y?dg|
zD#bl3(WKG7-9z#Fi6ID6Ho*DlQaR86{ugPjuk`_y+m2U77=ww-FYi8cno|M}eWPa+
zTd&*6@TWvhJX5k^z%R6dZ~_6G;{u0YTs}6onMlTCBJbntZ^l#oO-K9-6P&$}2%Kh?
z)-M_p?*+3g&kE^qNg5lCG6vX|lp-37@}xGkrfZwcuVD%26?~TRw>f$dJLy%JWdP-2
zs|lXR7;Wbtri1vn7itw#oi$b+Ehamoe7DYj7O}|G?Bv?~VJGW+^JYt%k6IXRB5yRN
zwP7U}(^;&d?v)9jBH)J<7Njsvc%%gMPuulmq95Tm*Zo$PUaf)&y7!DIPWrHYa&_XH
zU<8E%rOu!|!Ejfr-jd>TRmR|(I9>04al=->N5%bnAcs}WYCrL`59tP4ZFE8*LExR)
z?0<%pfV{6Z-{UhP_B64%eM7gj$F}5#z57*GM@7QDOH=svu;Ojcv#B_;XERpP+R+o-
z@cLq`ishdsoxWgyWBBD|(GlN<=D2x$6R5nh?o1h3`OgL%bbVD#Zq|MmU>0kAfAb;@
zvfP3m*k9^2R8QTio;O?yXCEXA7A@8jxb&QlgmpZEWAYME99+zd(YSHv^3V$vCOakh
z1Qe<`$y@BHQtS<SwL22fXGg#t1OHc1zxCb`$oj!3KQu8j$TFwpf4uve9enHpg{bE`
zxIpUmrZ+jX)S2yb2rlowmxKL)lH;y%TAdYsL4T0)?wRA{g6Lyk2Iy;Ps_~^Wb*{`Y
zvKFV%_G*ioX;h|ICp}(s^sFbfSfiD%cM|`ea`M*u({#=&U%Q^I<HFfe%H34T)lkY=
zM-IRYNS_I)R5`1bwD1uA<l)IH<;fY1(4N}$NFQmT=~Fq)o+;My#cAS>H)rPbC2Tcw
zftm(F{E1eQlFy4zlZlegcHwp~ciZ@TQQg7$?96FmZfwqfJoO=;&P3v$_HaO=L7tRN
z`Rxs(>R&RGxSm6teg;n^wvd;0zfZjfR>s9cf1rYKy~!D`V&ZQx3PCZt8*N>^Xx!Ok
zTp#6mJd9R0jAk($mV+DuLC%RknS)@FvM`bZmwu(1F_o!!*O}W+A<%<-O<xy1cNI_5
z?DH2zQ&`etqR|ViVQYx+Z+~fJ`d<#H=4jIQ&(h>upRCF(C!Qn+LzumTQbZ{TSQ*vT
zD7G-cMn%G(CnX6*f6w3(S!b0ynIrh)DQrqrDPz5f=l3Os_|+PUgZ7G2Ox>HGY&jD4
zzC%BDj2WA>pzmiaP2p(FE%u|>&DU{+SQW{CxJhxDMB0i?@WKk?U>{Lv`W`0j7r|h|
z+)wc%t6d@Rv6!Ja8abVT<)I`QhejkY**xG$<fr_Jm>p_(G4mlOatj<M2AeNTcVwSc
zrDfSx6y{B7o|2J`CEismSO4iq$((Rfk>ff#-ZtFM$5dTx-tH`4LxSf9a}gAYuC?5|
zox{X3Z(p+QnebPXCT7e<9?Kzf2`KS3tzMfOA!HGy4%5oU6>F}XvVqp}s1vE-FM_MH
z{KB1tK&)0Yy`fNCS<FMx8alSd^>JecNM-d);bDjq)8SQ`K~>&#<Qq}#>}wr*GqrU)
z*04gormJ>Q@Xf{%0K@ROP4zZhM?r&jh#n%3<rmCqb_X~T<k}1plZzyeK~zN{NnCm9
z-olKPR&<1mwRBB-^410dHAY%l3u(fo_Y6=MVSk33T43upLiLaS(w!M=|6+;4#F9oP
z=WDE&8aiKC)Ke)N?uj3$B}n<x&xUX_7^__kTc(<u51<E%h>YLA59#|d8J#{vomDbj
zo#_1lIH>3&S0}`UlKo=k&XgrjwQnn|?AhO6Et<C(?VViVX%$Tg#yH04X~dUQ-OMaT
z%pohRYEbL{&Aj~q;o>YTk@9UXU33+)n!#p;+nQ0T7p2Wa96rtS26>R8R#0>N=t*8y
z6Q5RyoGhUM73dfZL(GDZBc&!gMsTZPeqxb<bVx8(5}-O@*~;1mPGDyE=1#+OLgjny
zyTfAxdffE_kdbHLy<P@VdG7G_aFpaXZcuKg5dZ+nrrwP`Okvp=D7hKAn^Oz3X>9FE
zrU?FX)dP)T=oh_`IJz&N82)`>I}X5SotMwAC8?0MxhM9Q%4yF9dk1Km4uS6u6b7TH
zS%>NX$3lq)9nNi7PFtq?{E85O3#qrB1r+d(ID`*DdV#k{HmWF{wO4TYC2@pEZ{awh
zECZM8c<DGUxP4MdzKh;jppN4C{x4(5m~?NV9EHoY$r(2Jo@N&jhDeqMsw*2X)Xr-r
z-HMBOF@n9bCV>YPkr`%;AkG=4ud84wvqZ4jeTa!3aG+*RrDImiOz@>`=35o>vc*HF
z@==Vv2mM@C!`x^d;M#|RcpRh#twh(|_?N)Wd-`jyr2#T|kX8(txO9+Fsfem{vaUPH
zDu^-?eM=E`53z2pw7z2rrWZ1Yl#%Ns&G=@8%p--Qys@R<m5bnet?}j{g1q{b9UK(9
zZB9ouFK1aW3L@Q~qS+d|!-#*Xa6{+=B2Np7V;D*GIIG)w@VJKgj7;vM!*?&*bxW+%
zUdl(T^XjEF&%4vU`E+{|rFD^QR6elB!w1k6J3OprD5id0tpB@u`!+1PdOLu@9#g9a
zm5RR6n}MsU&4-dd^<ewPTd#eEci{!&wiJ?v$@DghKFJ5OmtE$z#j9|l2UkGC+2I+B
z*4dYVVXVz|jLzA2Rzfmyzia#!pS*DVwkH>F=TJ6FZP&`H1(1@Py?-UN0<O7DYWnJv
z@27l~{TL`ZzS%>N0FjpDb#1g#@+U3m+GxCeIxXtjDAFjC`Hl~s?xz2Plah(W{6uHM
zKKGV-jB`18S#27t*|l1ZQ|-vJ<4)~^>JRF2v&nDL?Oxvk7lyh;jd3x0{r~7hq)}<T
zz65E_5ml1=^GL>vA&B3iOliYTJZ_>BxZQHz7641TmPvP@GZuOo{DiMU{o<@WJe!<*
z)8s>PBklR?Q<(S^Y(qlW3dxV|PN4t!W-Nu4VrYopxfyVZB!6ey9FG_4@&;~Ny(Ynp
z4LxbiNGzg~xa2(iE9<>Xrk%7zeEqT)z9+T7FKRd)J}Zm84_TSbEo_2{x8Z#a1(I|6
z<lce2Gj0zv0j3}(SdlZ}Mc`#UVSrQSgX3YbfF2{5pd5&UA>{SU@J+$c!LR`>Lw~IB
zJyx%Tvms%GKsYCK!-&CdGBCT?!p=t#G~7?oCrLU&yCIQCf>82D>Gi|ui+3rcRBhXH
zDsdon$i&gM{sU<pWv7%O%QP{EkG+?HYs$x)pp1C+-5CBOin;eaV(K60fS;@X@zlpF
zvXO4R%-%Z3Zp+fM<^%UgNnvyI{{u2u<GBXA3)q(_&wW3Ux<R5s%<0g2M#bldduz@8
zoYBBuW%JZf($jdZ_3kdsnO&S%UGjS&t|uoJZi{D|M{d8XjtaJYt{(Fw;6Eg^fE(u2
zA#K)TeOXq4aeDIHLpO_8X<m2{b&+6{iIGS_gP~>mQtWLPskjaQ%_$<5T|hje_|u|1
zl0|hGTig9#wRcWr6jM5mhBYK_8ehV)_eJP_1VI`c^nMI_5*L%wftS$B-N<V*uY|X%
zhNgGc*=ZvpeupHl{(zH@$*U&~Bi$nP)^p*=rlFmuDyl6x`RH};4DHsnuveLDy?3*n
zORPIP<&sK8H#?JS3JY3d+s?Qf*D5=!_=O!fw;^?F+c?}1bw8{pzxk(Rq$-m_Uas|p
zm1}RIc(h0=S|k}IfPDS*y36%TWq<PT?+0EdQ~!+@rc);qlw?h^u$gg`9HIc-46gkF
zQ&^cKwl5j-t~+RBomNkJuD$jHV^!tNG>NH_VNP0?QG*E_4>FhT)RB&Kl3ZzW^P}jz
zBmsNrzma)le5sReaqv!xU*3@tHL0T<69lWK6}Pg*NJ<Jc{u9(FH^n0~T9mY+zP?Fb
zdr1fJ5=qDrq?QTDxE`c@+miKBFE7MYPGZV?QM7mxq>_fho5)_>3E1fFw=aY;@o-5r
z1d+p>WKIhH-W^N2`j}ix1R97f8D#aISItYqHv)DjEsVzdWw7z{A~MvcCOZ4u*Ch@+
zuFU=pDsC+HB6rg+LVqN)6YWKd=)+j@ED8mQXJv>aa=&>}Ypc0N_bUESu@$~W3Ce<2
z$P{~hShlC9jPpuM9U)8Q9-=CL<RyIT!1t#8nd05ZFtdS}7tExjB|nUDf*f~cRtRnv
z4}XQlFz7gVQ51$6{Am35C7372M`DH&`u|gjLU=?1kTvTbBt`lD=9M0^&$_FKS~#-y
z;K$5S=5I47csUr$40pGv3MEl^gk@^taB(OUzLw+}tk*QGHi~e!C3wu4SZq91OEE)L
ziR$sar<UuOs6Y>z$I%c{FnuGzX_rCIsbWNdyXy{TGCqvJw3A4~lhnmv8nF>MCF8y@
z%_ENH2DR8al689JM?m$bXr*+gOK{_hc;u@||2R8?)q=T)K3><XXJNKRNjuQny3)1H
zE}~^>?QEuQfqYv>^Emf~lg%IELV2I&F$Na}1=?ZgKPJ)qA10}^!8<dvyvs0TyQQ1p
z%b_6vuCcP6(XMRhneh^6^!wKt>)_0zi;&$S#hix1`1Ciy$LoL_?jzA3o9KRL4#UaP
z!Xy(It`!5_POTa%RQ9%K4C9fc<#rdK)_~%4D|p(}3UhYpHw8ooub)N?y&3hbZ=!C?
zSRN1bVS4RU3@}H^5`%=OI61Q9$<l2)O3T}~x99UGY$gU~=lD9ryAshZ(faF%ywvuJ
z$~%@Y3s^d07~KsJ?sycgqOaGbtcMt!hT6%kM$uLqsg&3x#%tY02FN3GYL@3-e7O@=
z=S3xy!w2)Jppl!z!Q-+b7Rq6ZO!S|r*l*ZJA|3bsr@zz~vlyl?r=+n(Q94pH!1$>3
zCfGWuQcA{ZXvs#4D3^-ynEHM|N~uz#6;qTGcGUg|vqsCv5@z%6uAEniyD_3e-XkG6
zn#MjKVwv&$!NgAxeJW>2xfVN$@M9kO_O7F;K@GwG+|A1f1$f(`f;E1?mJsze;T3T~
zh21v8t*HcKBD~K;Tky@L9c29T=Jy*AQg-Z*WK`$}$QcZOmpsxHDUpWp&&a!(ov8~l
zJ+!Ugps=nUf%zM$H@Q5|`)3z}If>b6;<N<13`}if7jQQcH#XlT^vpM0bz@(PDa@pm
zH6z22x-WmS{&3KA6KWIldY@N^WVZwk8w-Y`yTjs`Kox+6?o%UhrK&4ANMZ>IcR(Ev
z28BtG{H@q)dFlJU|2DLn`x0Gp8SDuWK}PS6b&*KGDeA#s+ESTtlZv&;JYjrig!8Lz
zz~ZR0%^jE5nk89`*6NF=m$|$jQop`wM5EjHQQ~$otRh@PE&#RDPt&%@`PGN--$9!?
zZ+0qjZgTx1@m}oWxzR;yCkKEXofZHctIl^QeZf%WpngbQx0Y|a(W(C<6O*ebHY^jb
zo^PGsK3w7|ZOLlMuL%4^kS_~DeoJ@qP_U4X8)lQy7(U2;obl$Fu5G@-ZYXz|lA@e|
zfhoN?qjigtzErZM0<h8%>%t-FVmoeZamiEpXHeU27KVT}WV5Js3#4zu0b9I9@TPvW
zi91;SgyQEfS*1L}VRn<DYr%V779_33x}J!%u&ouvzGFlR5}uk&1nxV;t(<b;W)X9;
zfB4`j5Uqx?(n-UDWh#zF5u6A8P>et#?q7}@*~~TeA)8dR{91_f;d#_xAk+LiGjnxs
z`w3#^yD(A;i<tF#)T$6wTB@3=fh4-{*m`$bN_g9e;#O{GvBT!Y*~msmmH27UK{{>}
z5h2}zCZ_v-oQ7XX6TFe2Idxw#xN+64mZTdCja-;>7D7Ayqh+AIV{lT=GsJq-PO<O<
z#>GtXaR3e8+G>Ny5sDRBiYyw7d>-&;AQA^F#MB`Raer&r;g#);JP*^MDdw?uW=}8u
z8fZoaW&e74k!H((vZEvz5SGOUk+E)CDlU>Q+&Q_U<S~iclBx6U>uugIgkRlW#8I(c
zexRh&-(7sn(yentjjVVnaxrV<!EudFn@qGFBc)q7p=Vl4x@*S{=#@<{GV;O19-oE%
zQ;R~c`!yNY$uWWPba!2Odvd31a+d{z6ieSXL1t?c5CGDa2)4`q1H?lM<SMg3$!wtv
z$Erm^Jp4y`SQ-49xY%qBRziE;&w4w_=ezO#0G$3-Oc<(F>%1k|21I09h@b^;nS$Rl
zBN-4!l?(m`yY;FX@Ka#bwaffQk^|hvswCX2<l_j~9+1zFrbek7@J1OT7=u3d11%Py
zckDWs$#i-B5l|NR#gF^zL4p=jpvCSqxT-XBTk7wmFqbp16Gu?8Wyq({2*Ho&oK``}
z{QTJufe%qL<3KtLA6qU289f~74O<Mw^830#VK_?GBNx!HqhR5pNmmIwUM#c?P52+N
zM1D$?tm#QTD3q*#!%@4I{}h+XiUNhx>l@QS!pu9NXFz=?#dkU8#}RywY@K1V)^>iq
zY|4T1d%*3wX!TQc<8LNN85QEBa<v%?F8PZOyJ&QpNkDxiXO{n_yyq|_7Mux+$W%-8
zl<o@Jz0nLIm28dUGIS;$nxs>MA?`G@#F5NPMxx0`0cTVKs@lgQyZzOj$dN*;cY$PF
zB5oT+5NeKhC1H3tReIuR6n7((XB0qRDW78I`;3)EEOo)D_Ld%9?suJ4=c8Z;#}K2@
zx_WM6L!2hU{t0I@Pd)rj^a~l6y!S#yHTUU(6JApxX8lk%zi}}@0X<a@cJGIK1?1k3
z?;pc0g1RRBn2|R0!)%p*J(jkhMRYwdMRZLh4bYsXOAhKFoTlA7oOS4sSHYYfPbraC
z$*M2N2y0<iXSp2JvA6tDyE>d!vgPQF&fnhmt9__A&-H_v=;18FKFSix(5u=MV}CB!
z*TW`%6)UZlLv*5p2S2kE*7_{i@i5=y!MM2rRenap?kalV3+kIpV$Z+9G%1SjGrzDK
z;zvOgjO);h&q<+w2C-ER8Y3T-%TIyS<Iua3{yTwKYo;5yCV4-Uz-S}W4?<c^K|s{x
zS)b-?mVdz{n7^9xvvR|Mg;vbWnVsIalzC`@84G(JrpV{xCoy+{&}}O2PlA8ZQFYUj
zV&cr83-?RW^bCW55kM}+EQ4OCWsDtx8hV^-foe)kfCbWltg(V%(A#Tj=x{@9@1+%t
z80;cmzp3um2Gag4ufY_&ln&as!+AZp3}5eXwPmzYJ`wAHu*1}J4>A*QqUG@xJ1h4=
z3OBo^3pX1}=%q}{IX`Pgq2&RjF59*AH^R{Z%8L3M|J!$gX2<Q_vq5%Kqd<;^bX>s9
z`T<I7W1m3lmh3=l7G!G=t!-B{b{14GG>JrnhN^|g(4NW9*H74xO(i8)8Yt2m3y6-a
zg-_mpQww##U)TmQlb8tFf1xFTg_16E>y;5={jNT0((j1hWY|)Q5(~nPC<999fRBIx
zs4S$<&8G>b9fJCV(1OAwO`lJl{`d10#JGownuejw8teuTC10b{;U4spr)Aa4kz^7t
zHH)Dn;UaR-JRArwJ;w_sicF2mF6qtHgg=f5@O_z%9dUH@bj~2b5V2m{bRJLex+U!V
zOAuQxb{+MM{=wrhEO-zr_%10Znx%7S_%p&9)S=Lib&%r#n#7mIUDb(=$J&^$QrsF}
zDf(7q{1IfiycauoX~;~$F`u$G8Z9TS`%h@XOO<7nSu;y^W*f4@_EnMjkB#`JvWL*b
zZ$p_wLXoncp;}ywH+Rhix~*$tT5=8Xiv(bCr-qu{5NHgbE|B9VF|yS+Wc(oAlmsBz
z0bwQXLH1+5^mCWGC+-jSOG;Tt;r1MuB5nU2hOHSl3vJlWoXgs?R_%NMWas6gQa(UN
zb6rNT?YOgSHppd4{D5QrZ>-Dlf0xC^Zzp@Cz#QnKT+EcTf;Le5>HJDq9k-`tLez;&
zgdWok4IDEOWBkyn;Y-&6md}iMR?6p5-}i8*sX1r|1q6BhzKV{#xlD0JaM2ot{#>QC
zh$jR_GYFAIngwXfxU(1&xe$k44~Ji#pQYx#Jxe<o4&ToKUjdBU6&fHt1D2MFUteZN
z(`h=POX3+$#>>1%jelnU1hAid+jiTw#ec1Ps_{?+dt&{pid&jm(0Rrs?e$g}au7j#
zf?#HL?jO)vxIw6m(~RvX_6#xP=ww>S5!r2gQ1=y{kvIVjx-hJSI|BKp6d?ebna(tN
zuud&kDv*b!=akT9XFWAOtQ<$=_gi@E)F<>kC5)+vK7tx$7gPi~6(;^X&=qS#<MFg9
z8WhwaqXucPl}@DK0HF<Bu8yYVv>K<(a_>EjgNBcrN5@bI<^F@!ihi=TRNu>nF3^Ul
z6Y{-UzO&vu2szgIn{HVPRiy*c=WwnB&Pb;OPv}my`4tKUr?1A#$}81yfP?LJUme}g
z6hiWW8&bk<t$gk%QEWV|KK`jQ&;3GMsEPXQ<hQv<K3qI{8j0UB2V1N(^Z_}=EO)L!
zLY4~FBT={b5wO5Ou{Z?~=leo$#CRdX_{L5*DY@CdlQ0ipK{)4D3L7_CYU`kL^oj>H
zeOTESp3dB=AoW{PGqyr)Fa!}~Vl`oewUuH**<=Sfvw+t;fFa}#{?ua}?Wl}AW|T<U
zDhrV&Y-{!u%0NG3iB^Sh9;KwP6{kl~pl3J{qy*oL)XD*?i#v*k!u`M@$p$ChFMdL-
z)p?E`qS>`o>s@Mw`~tbg2GR!ZjUc(hr2kDrPDD+J`oT@XNmwe&Bpb~BdAMJ<SwqbY
zw)hBCMf=>zZu=>pirWXrvFKw<AtdC0TbgVzSJL7_2r=<FEE??AeEOA+V1&fx8fFXm
zCr}Qs&cLexKKHJ)!z?~iehlR0#nDUK{(^FlASZ}KSWK6-@F(%vMB_skH!b2d>#V|z
zqH(I1b)nX8Y!d4(@rM3uc6tdrkaooz0Hhf@Vrpb?fBDY0m3y;Dv!-;Key2Elu$7%F
zK~2G}*f=*pDTE}^fZ`628&N9To|^|@l7X!s9^9`iGF*$%wC8cw8&YGDj|uvz$W(dZ
z?x-bfQh5jbGCLJp?Czp1AObyH{{CQJtP%G&NeUvr!)cfkVm3{Hr5;E42~k(ykRZs7
zhHOjxb(ZIRsL*l7;5&kZa<W#9td|KnFP;0I((aW@AX-g8I~gVB)R`H?5nV8rrNyW~
zZ&Bej>S3IBek^~-H&nugP}MMFL}n66BjesWtSWGh<IvkoG!=c*QG0s?httlh@a`7N
zk=J!~SIw}>w(XmyGbI9SB%bzToZ)m~ECwG#L{4ZvPW5hTL>+9|MW<E~`qdGgZ6AcX
z{>^@qqN&VC0Y3DbOGXV`7Tv<2PUZ?d^ehC1L1z0Mr;@Nuu~}3?7bIjj)bpSqv#GQ(
zy63J$J6?D;n2v1dsB{{iWyB(Y@BN<-D<~Km`2RZ!>YpR)|4PL{|B3%cOw|8r<o|Sq
k{T~w`AjLs~{{pQ3FUMF#8Az!ARKWh_(0>ww?Z4Xp2a6`kvH$=8

literal 0
HcmV?d00001

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
new file mode 100644
index 00000000000..98f301d0624
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -0,0 +1,200 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** — Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** — Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)\n\n**Data Connectors:** 2, **Analytic Rules:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "dataconnectors",
+        "label": "Data Connectors",
+        "bladeTitle": "Data Connectors",
+        "elements": [
+          {
+            "name": "dataconnectors1-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for Tailscale Standard (CCF). You can get Tailscale Standard (CCF) data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors-link1",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
+            }
+          },
+          {
+            "name": "dataconnectors2-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for Tailscale Premium (CCF). You can get Tailscale Premium (CCF) data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors-link2",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
+            }
+          }
+        ]
+      },
+      {
+        "name": "analytics",
+        "label": "Analytics",
+        "subLabel": {
+          "preValidation": "Configure the analytics",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Analytics",
+        "elements": [
+          {
+            "name": "analytics-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
+            }
+          },
+          {
+            "name": "analytics-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+              }
+            }
+          },
+          {
+            "name": "analytic1",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: New API access token or OAuth client created",
+            "elements": [
+              {
+                "name": "analytic1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A new API access token or OAuth client was created in the tailnet. These grant programmatic access — verify the actor and intent."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic2",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: Policy file (ACL) modified",
+            "elements": [
+              {
+                "name": "analytic2-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "The tailnet ACL/policy file was modified. Review the diff — incorrect ACLs can silently expand blast radius across the tailnet."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic3",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: Auth key created",
+            "elements": [
+              {
+                "name": "analytic3-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet — confirm it was expected and revoke if not."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic4",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: Exit node advertised or approved",
+            "elements": [
+              {
+                "name": "analytic4-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator — rogue exit nodes can intercept tailnet egress."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic5",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: Mass credential revocation in short window",
+            "elements": [
+              {
+                "name": "analytic5-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Five or more API keys, OAuth clients, or auth keys were revoked/deleted within an hour. May be routine rotation, but also a typical cleanup pattern after credential compromise."
+                }
+              }
+            ]
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
new file mode 100644
index 00000000000..41c52cc1c5b
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -0,0 +1,2153 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "author": "noodlemctwoodle",
+    "comments": "Solution template for Tailscale (CCF)"
+  },
+  "parameters": {
+    "location": {
+      "type": "string",
+      "minLength": 1,
+      "defaultValue": "[resourceGroup().location]",
+      "metadata": {
+        "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+      }
+    },
+    "workspace-location": {
+      "type": "string",
+      "defaultValue": "",
+      "metadata": {
+        "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+      }
+    },
+    "workspace": {
+      "defaultValue": "",
+      "type": "string",
+      "metadata": {
+        "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+      }
+    },
+    "resourceGroupName": {
+      "type": "string",
+      "defaultValue": "[resourceGroup().name]",
+      "metadata": {
+        "description": "resource group name where Microsoft Sentinel is setup"
+      }
+    },
+    "subscription": {
+      "type": "string",
+      "defaultValue": "[last(split(subscription().id, '/'))]",
+      "metadata": {
+        "description": "subscription id where Microsoft Sentinel is setup"
+      }
+    }
+  },
+  "variables": {
+    "_solutionName": "Tailscale (CCF)",
+    "_solutionVersion": "3.0.1",
+    "solutionId": "noodlemctwoodle.TailscaleCCF",
+    "_solutionId": "[variables('solutionId')]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "dataConnectorCCPVersion": "3.0.1",
+    "_dataConnectorContentIdConnectorDefinition1": "TailscaleCCF",
+    "dataConnectorTemplateNameConnectorDefinition1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition1')))]",
+    "_dataConnectorContentIdConnections1": "TailscaleCCFConnections",
+    "dataConnectorTemplateNameConnections1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections1')))]",
+    "dataCollectionEndpointId1": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]",
+    "_dataConnectorContentIdConnectorDefinition2": "TailscalePremiumCCF",
+    "dataConnectorTemplateNameConnectorDefinition2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition2')))]",
+    "_dataConnectorContentIdConnections2": "TailscalePremiumCCFConnections",
+    "dataConnectorTemplateNameConnections2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections2')))]",
+    "dataCollectionEndpointId2": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]",
+    "analyticRuleObject1": {
+      "analyticRuleVersion1": "1.0.0",
+      "_analyticRulecontentId1": "668b43fd-cf28-961a-85af-957850df5027",
+      "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '668b43fd-cf28-961a-85af-957850df5027')]",
+      "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('668b43fd-cf28-961a-85af-957850df5027')))]",
+      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','668b43fd-cf28-961a-85af-957850df5027','-', '1.0.0')))]"
+    },
+    "analyticRuleObject2": {
+      "analyticRuleVersion2": "1.0.0",
+      "_analyticRulecontentId2": "1e7249c2-1a9d-05fd-45cb-c859eef5b8ae",
+      "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '1e7249c2-1a9d-05fd-45cb-c859eef5b8ae')]",
+      "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('1e7249c2-1a9d-05fd-45cb-c859eef5b8ae')))]",
+      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1e7249c2-1a9d-05fd-45cb-c859eef5b8ae','-', '1.0.0')))]"
+    },
+    "analyticRuleObject3": {
+      "analyticRuleVersion3": "1.0.0",
+      "_analyticRulecontentId3": "6b052c8d-5de8-eab0-1956-69a297765a32",
+      "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '6b052c8d-5de8-eab0-1956-69a297765a32')]",
+      "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('6b052c8d-5de8-eab0-1956-69a297765a32')))]",
+      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6b052c8d-5de8-eab0-1956-69a297765a32','-', '1.0.0')))]"
+    },
+    "analyticRuleObject4": {
+      "analyticRuleVersion4": "1.0.0",
+      "_analyticRulecontentId4": "f42f2906-c8e6-23d0-e48c-0620e50d5510",
+      "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f42f2906-c8e6-23d0-e48c-0620e50d5510')]",
+      "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f42f2906-c8e6-23d0-e48c-0620e50d5510')))]",
+      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f42f2906-c8e6-23d0-e48c-0620e50d5510','-', '1.0.0')))]"
+    },
+    "analyticRuleObject5": {
+      "analyticRuleVersion5": "1.0.0",
+      "_analyticRulecontentId5": "f817e2fa-6fa0-fc25-5369-cef9b58771af",
+      "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f817e2fa-6fa0-fc25-5369-cef9b58771af')]",
+      "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f817e2fa-6fa0-fc25-5369-cef9b58771af')))]",
+      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f817e2fa-6fa0-fc25-5369-cef9b58771af','-', '1.0.0')))]"
+    },
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
+  },
+  "resources": [
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition1'), variables('dataConnectorCCPVersion'))]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]",
+        "displayName": "Tailscale Standard (CCF)",
+        "contentKind": "DataConnector",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorCCPVersion')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition1'))]",
+              "apiVersion": "2022-09-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
+              "location": "[parameters('workspace-location')]",
+              "kind": "Customizable",
+              "properties": {
+                "connectorUiConfig": {
+                  "title": "Tailscale Standard (CCF)",
+                  "publisher": "Custom",
+                  "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
+                  "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration` endpoint) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Personal (Free) and Standard tier tailnets.** For Premium and Enterprise tailnets that also need network flow logs, install **Tailscale Premium (CCF)** instead.",
+                  "graphQueries": [
+                    {
+                      "metricName": "Total config events",
+                      "legend": "Tailscale_Configuration_CL",
+                      "baseQuery": "Tailscale_Configuration_CL"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "Tailscale_Configuration_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Configuration_CL')]"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "Recent Tailscale configuration audit events",
+                      "query": "Tailscale_Configuration_CL\n| sort by TimeGenerated desc\n| take 100"
+                    },
+                    {
+                      "description": "ACL policy file modifications",
+                      "query": "Tailscale_Configuration_CL\n| where Action == 'WRITE' and Target startswith 'acl/'\n| project TimeGenerated, Actor, Action, Target"
+                    },
+                    {
+                      "description": "New API tokens and OAuth clients created",
+                      "query": "Tailscale_Configuration_CL\n| where Action == 'CREATE' and (Target startswith 'apikey/' or Target startswith 'oauth-client/')\n| project TimeGenerated, Actor, Target"
+                    }
+                  ],
+                  "connectivityCriteria": [
+                    {
+                      "type": "HasDataConnectors"
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": true
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "Read/Write on the workspace",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "write": true,
+                          "read": true,
+                          "delete": true
+                        }
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "title": "Connect Tailscale",
+                      "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** scope. Find your tailnet name on the Keys page.",
+                      "instructions": [
+                        {
+                          "type": "Textbox",
+                          "parameters": {
+                            "label": "Tailscale tailnet",
+                            "placeholder": "tail-XXXX.ts.net",
+                            "type": "text",
+                            "name": "tailnetName"
+                          }
+                        },
+                        {
+                          "type": "Textbox",
+                          "parameters": {
+                            "label": "OAuth Client ID",
+                            "placeholder": "k...",
+                            "type": "text",
+                            "name": "clientId"
+                          }
+                        },
+                        {
+                          "type": "Textbox",
+                          "parameters": {
+                            "label": "OAuth Client Secret",
+                            "placeholder": "tskey-client-...",
+                            "type": "password",
+                            "name": "clientSecret"
+                          }
+                        },
+                        {
+                          "type": "ConnectionToggleButton",
+                          "parameters": {
+                            "connectLabel": "Connect",
+                            "disconnectLabel": "Disconnect"
+                          }
+                        }
+                      ]
+                    }
+                  ],
+                  "id": "TailscaleCCF"
+                }
+              }
+            },
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition1')))]",
+              "apiVersion": "2022-01-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition1'))]",
+                "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorCCPVersion')]",
+                "source": {
+                  "sourceId": "[variables('_solutionId')]",
+                  "name": "[variables('_solutionName')]",
+                  "kind": "Solution"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "version": "[variables('dataConnectorCCPVersion')]",
+                      "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+                      "kind": "ResourcesDataConnector"
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "name": "TailscaleDCR",
+              "apiVersion": "2022-06-01",
+              "type": "Microsoft.Insights/dataCollectionRules",
+              "location": "[parameters('workspace-location')]",
+              "kind": "WorkspaceTransforms",
+              "properties": {
+                "dataCollectionEndpointId": "[variables('dataCollectionEndpointId1')]",
+                "streamDeclarations": {
+                  "Custom-Tailscale_Configuration_CL": {
+                    "columns": [
+                      {
+                        "name": "eventTime",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "eventGroupID",
+                        "type": "string"
+                      },
+                      {
+                        "name": "actor",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "action",
+                        "type": "string"
+                      },
+                      {
+                        "name": "target",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "origin",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "new",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "old",
+                        "type": "dynamic"
+                      }
+                    ]
+                  }
+                },
+                "destinations": {
+                  "logAnalytics": [
+                    {
+                      "workspaceResourceId": "[variables('workspaceResourceId')]",
+                      "name": "sentinelWorkspace"
+                    }
+                  ]
+                },
+                "dataFlows": [
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Configuration_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "          source\n          | extend TimeGenerated = eventTime\n          | extend EventTime = eventTime\n          | extend EventGroupID = eventGroupID\n          | extend Actor = actor\n          | extend Action = action\n          | extend Target = target\n          | extend Origin = origin\n          | extend New = new\n          | extend Old = old\n          | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old\n        ",
+                    "outputStream": "Custom-Tailscale_Configuration_CL"
+                  }
+                ]
+              }
+            },
+            {
+              "name": "Tailscale_Configuration_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Configuration_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "EventTime",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "EventGroupID",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Actor",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Action",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Target",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Origin",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "New",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Old",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_Network_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Network_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "NodeId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "FlowStart",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "FlowEnd",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "SrcNode",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "DstNodes",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "VirtualTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "SubnetTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "ExitTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "PhysicalTraffic",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition1'),'-', variables('dataConnectorCCPVersion'))))]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "version": "[variables('dataConnectorCCPVersion')]"
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition1'))]",
+      "apiVersion": "2022-09-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
+      "location": "[parameters('workspace-location')]",
+      "kind": "Customizable",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "Tailscale Standard (CCF)",
+          "publisher": "Custom",
+          "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
+          "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration` endpoint) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Personal (Free) and Standard tier tailnets.** For Premium and Enterprise tailnets that also need network flow logs, install **Tailscale Premium (CCF)** instead.",
+          "graphQueries": [
+            {
+              "metricName": "Total config events",
+              "legend": "Tailscale_Configuration_CL",
+              "baseQuery": "Tailscale_Configuration_CL"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "Tailscale_Configuration_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Configuration_CL')]"
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Recent Tailscale configuration audit events",
+              "query": "Tailscale_Configuration_CL\n| sort by TimeGenerated desc\n| take 100"
+            },
+            {
+              "description": "ACL policy file modifications",
+              "query": "Tailscale_Configuration_CL\n| where Action == 'WRITE' and Target startswith 'acl/'\n| project TimeGenerated, Actor, Action, Target"
+            },
+            {
+              "description": "New API tokens and OAuth clients created",
+              "query": "Tailscale_Configuration_CL\n| where Action == 'CREATE' and (Target startswith 'apikey/' or Target startswith 'oauth-client/')\n| project TimeGenerated, Actor, Target"
+            }
+          ],
+          "connectivityCriteria": [
+            {
+              "type": "HasDataConnectors"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": true
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "Read/Write on the workspace",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "write": true,
+                  "read": true,
+                  "delete": true
+                }
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "title": "Connect Tailscale",
+              "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** scope. Find your tailnet name on the Keys page.",
+              "instructions": [
+                {
+                  "type": "Textbox",
+                  "parameters": {
+                    "label": "Tailscale tailnet",
+                    "placeholder": "tail-XXXX.ts.net",
+                    "type": "text",
+                    "name": "tailnetName"
+                  }
+                },
+                {
+                  "type": "Textbox",
+                  "parameters": {
+                    "label": "OAuth Client ID",
+                    "placeholder": "k...",
+                    "type": "text",
+                    "name": "clientId"
+                  }
+                },
+                {
+                  "type": "Textbox",
+                  "parameters": {
+                    "label": "OAuth Client Secret",
+                    "placeholder": "tskey-client-...",
+                    "type": "password",
+                    "name": "clientSecret"
+                  }
+                },
+                {
+                  "type": "ConnectionToggleButton",
+                  "parameters": {
+                    "connectLabel": "Connect",
+                    "disconnectLabel": "Disconnect"
+                  }
+                }
+              ]
+            }
+          ],
+          "id": "TailscaleCCF"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition1')))]",
+      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "properties": {
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition1'))]",
+        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorCCPVersion')]",
+        "source": {
+          "sourceId": "[variables('_solutionId')]",
+          "name": "[variables('_solutionName')]",
+          "kind": "Solution"
+        },
+        "author": {
+          "name": "noodlemctwoodle"
+        },
+        "support": {
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
+        },
+        "dependencies": {
+          "criteria": [
+            {
+              "version": "[variables('dataConnectorCCPVersion')]",
+              "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+              "kind": "ResourcesDataConnector"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections1'), variables('dataConnectorCCPVersion'))]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+        "displayName": "Tailscale Standard (CCF)",
+        "contentKind": "ResourcesDataConnector",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorCCPVersion')]",
+          "parameters": {
+            "guidValue": {
+              "defaultValue": "[[newGuid()]",
+              "type": "securestring"
+            },
+            "innerWorkspace": {
+              "defaultValue": "[parameters('workspace')]",
+              "type": "securestring"
+            },
+            "connectorDefinitionName": {
+              "defaultValue": "Tailscale Standard (CCF)",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "workspace": {
+              "defaultValue": "[parameters('workspace')]",
+              "type": "securestring"
+            },
+            "dcrConfig": {
+              "defaultValue": {
+                "dataCollectionEndpoint": "data collection Endpoint",
+                "dataCollectionRuleImmutableId": "data collection rule immutableId"
+              },
+              "type": "object"
+            },
+            "tailnetName": {
+              "defaultValue": "tailnetName",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "clientId": {
+              "defaultValue": "clientId",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "clientSecret": {
+              "defaultValue": "clientSecret",
+              "type": "securestring",
+              "minLength": 1
+            }
+          },
+          "variables": {
+            "_dataConnectorContentIdConnections1": "[variables('_dataConnectorContentIdConnections1')]"
+          },
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections1')))]",
+              "apiVersion": "2022-01-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections1'))]",
+                "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+                "kind": "ResourcesDataConnector",
+                "version": "[variables('dataConnectorCCPVersion')]",
+                "source": {
+                  "sourceId": "[variables('_solutionId')]",
+                  "name": "[variables('_solutionName')]",
+                  "kind": "Solution"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscaleConfigPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscaleCCF",
+                "dataType": "Tailscale_Configuration_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Configuration_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  },
+                  "TokenEndpointQueryParameters": {
+                    "grant_type": "client_credentials"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/configuration')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 5,
+                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+                  "startTimeAttributeName": "start",
+                  "endTimeAttributeName": "end",
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.logs"
+                  ]
+                },
+                "isActive": true
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections1'),'-', variables('dataConnectorCCPVersion'))))]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "version": "[variables('dataConnectorCCPVersion')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition2'), variables('dataConnectorCCPVersion'))]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]",
+        "displayName": "Tailscale Premium (CCF)",
+        "contentKind": "DataConnector",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorCCPVersion')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]",
+              "apiVersion": "2022-09-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
+              "location": "[parameters('workspace-location')]",
+              "kind": "Customizable",
+              "properties": {
+                "connectorUiConfig": {
+                  "title": "Tailscale Premium (CCF)",
+                  "publisher": "Custom",
+                  "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
+                  "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration`) **and network flow logs** (`/logging/network`) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Premium and Enterprise tier tailnets.** For Personal (Free) and Standard tailnets, install **Tailscale Standard (CCF)** instead.",
+                  "graphQueries": [
+                    {
+                      "metricName": "Configuration audit events",
+                      "legend": "Tailscale_Configuration_CL",
+                      "baseQuery": "Tailscale_Configuration_CL"
+                    },
+                    {
+                      "metricName": "Network flow events",
+                      "legend": "Tailscale_Network_CL",
+                      "baseQuery": "Tailscale_Network_CL"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "Tailscale_Configuration_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Configuration_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_Network_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Network_CL')]"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "Recent Tailscale configuration audit events",
+                      "query": "Tailscale_Configuration_CL\n| sort by TimeGenerated desc\n| take 100"
+                    },
+                    {
+                      "description": "Recent Tailscale network flows",
+                      "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
+                    },
+                    {
+                      "description": "Top talkers (by bytes) on the tailnet",
+                      "query": "Tailscale_Network_CL\n| mv-expand t = VirtualTraffic\n| extend src = tostring(t.src), dst = tostring(t.dst), txBytes = tolong(t.txBytes), rxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(txBytes + rxBytes) by src, dst\n| top 25 by TotalBytes"
+                    },
+                    {
+                      "description": "Exit-node traffic (data leaving the tailnet via an exit node)",
+                      "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| project TimeGenerated, NodeId, SrcNode, ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)"
+                    }
+                  ],
+                  "connectivityCriteria": [
+                    {
+                      "type": "HasDataConnectors"
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": true
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "Read/Write on the workspace",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "write": true,
+                          "read": true,
+                          "delete": true
+                        }
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "title": "Connect Tailscale (Premium)",
+                      "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** and **Network Logs - Read** scopes. Find your tailnet name on the Keys page.",
+                      "instructions": [
+                        {
+                          "type": "Textbox",
+                          "parameters": {
+                            "label": "Tailscale tailnet",
+                            "placeholder": "tail-XXXX.ts.net",
+                            "type": "text",
+                            "name": "tailnetName"
+                          }
+                        },
+                        {
+                          "type": "Textbox",
+                          "parameters": {
+                            "label": "OAuth Client ID",
+                            "placeholder": "k...",
+                            "type": "text",
+                            "name": "clientId"
+                          }
+                        },
+                        {
+                          "type": "Textbox",
+                          "parameters": {
+                            "label": "OAuth Client Secret",
+                            "placeholder": "tskey-client-...",
+                            "type": "password",
+                            "name": "clientSecret"
+                          }
+                        },
+                        {
+                          "type": "ConnectionToggleButton",
+                          "parameters": {
+                            "connectLabel": "Connect",
+                            "disconnectLabel": "Disconnect"
+                          }
+                        }
+                      ]
+                    }
+                  ],
+                  "id": "TailscalePremiumCCF"
+                }
+              }
+            },
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]",
+              "apiVersion": "2022-01-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]",
+                "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorCCPVersion')]",
+                "source": {
+                  "sourceId": "[variables('_solutionId')]",
+                  "name": "[variables('_solutionName')]",
+                  "kind": "Solution"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "version": "[variables('dataConnectorCCPVersion')]",
+                      "contentId": "[variables('_dataConnectorContentIdConnections2')]",
+                      "kind": "ResourcesDataConnector"
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "name": "TailscalePremiumDCR",
+              "apiVersion": "2022-06-01",
+              "type": "Microsoft.Insights/dataCollectionRules",
+              "location": "[parameters('workspace-location')]",
+              "kind": "WorkspaceTransforms",
+              "properties": {
+                "dataCollectionEndpointId": "[variables('dataCollectionEndpointId2')]",
+                "streamDeclarations": {
+                  "Custom-Tailscale_Configuration_CL": {
+                    "columns": [
+                      {
+                        "name": "eventTime",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "eventGroupID",
+                        "type": "string"
+                      },
+                      {
+                        "name": "actor",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "action",
+                        "type": "string"
+                      },
+                      {
+                        "name": "target",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "origin",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "new",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "old",
+                        "type": "dynamic"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_Network_CL": {
+                    "columns": [
+                      {
+                        "name": "nodeId",
+                        "type": "string"
+                      },
+                      {
+                        "name": "logged",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "start",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "end",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "srcNode",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "dstNodes",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "virtualTraffic",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "subnetTraffic",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "exitTraffic",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "physicalTraffic",
+                        "type": "dynamic"
+                      }
+                    ]
+                  }
+                },
+                "destinations": {
+                  "logAnalytics": [
+                    {
+                      "workspaceResourceId": "[variables('workspaceResourceId')]",
+                      "name": "sentinelWorkspace"
+                    }
+                  ]
+                },
+                "dataFlows": [
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Configuration_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
+                    "outputStream": "Custom-Tailscale_Configuration_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Network_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = logged | extend NodeId = nodeId | extend FlowStart = start | extend FlowEnd = end | extend SrcNode = srcNode | extend DstNodes = dstNodes | extend VirtualTraffic = virtualTraffic | extend SubnetTraffic = subnetTraffic | extend ExitTraffic = exitTraffic | extend PhysicalTraffic = physicalTraffic | project TimeGenerated, NodeId, FlowStart, FlowEnd, SrcNode, DstNodes, VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic",
+                    "outputStream": "Custom-Tailscale_Network_CL"
+                  }
+                ]
+              }
+            },
+            {
+              "name": "Tailscale_Configuration_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Configuration_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "EventTime",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "EventGroupID",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Actor",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Action",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Target",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Origin",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "New",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Old",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_Network_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Network_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "NodeId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "FlowStart",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "FlowEnd",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "SrcNode",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "DstNodes",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "VirtualTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "SubnetTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "ExitTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "PhysicalTraffic",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition2'),'-', variables('dataConnectorCCPVersion'))))]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "version": "[variables('dataConnectorCCPVersion')]"
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]",
+      "apiVersion": "2022-09-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
+      "location": "[parameters('workspace-location')]",
+      "kind": "Customizable",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "Tailscale Premium (CCF)",
+          "publisher": "Custom",
+          "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
+          "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration`) **and network flow logs** (`/logging/network`) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Premium and Enterprise tier tailnets.** For Personal (Free) and Standard tailnets, install **Tailscale Standard (CCF)** instead.",
+          "graphQueries": [
+            {
+              "metricName": "Configuration audit events",
+              "legend": "Tailscale_Configuration_CL",
+              "baseQuery": "Tailscale_Configuration_CL"
+            },
+            {
+              "metricName": "Network flow events",
+              "legend": "Tailscale_Network_CL",
+              "baseQuery": "Tailscale_Network_CL"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "Tailscale_Configuration_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Configuration_CL')]"
+            },
+            {
+              "name": "Tailscale_Network_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Network_CL')]"
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Recent Tailscale configuration audit events",
+              "query": "Tailscale_Configuration_CL\n| sort by TimeGenerated desc\n| take 100"
+            },
+            {
+              "description": "Recent Tailscale network flows",
+              "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
+            },
+            {
+              "description": "Top talkers (by bytes) on the tailnet",
+              "query": "Tailscale_Network_CL\n| mv-expand t = VirtualTraffic\n| extend src = tostring(t.src), dst = tostring(t.dst), txBytes = tolong(t.txBytes), rxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(txBytes + rxBytes) by src, dst\n| top 25 by TotalBytes"
+            },
+            {
+              "description": "Exit-node traffic (data leaving the tailnet via an exit node)",
+              "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| project TimeGenerated, NodeId, SrcNode, ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)"
+            }
+          ],
+          "connectivityCriteria": [
+            {
+              "type": "HasDataConnectors"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": true
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "Read/Write on the workspace",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "write": true,
+                  "read": true,
+                  "delete": true
+                }
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "title": "Connect Tailscale (Premium)",
+              "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** and **Network Logs - Read** scopes. Find your tailnet name on the Keys page.",
+              "instructions": [
+                {
+                  "type": "Textbox",
+                  "parameters": {
+                    "label": "Tailscale tailnet",
+                    "placeholder": "tail-XXXX.ts.net",
+                    "type": "text",
+                    "name": "tailnetName"
+                  }
+                },
+                {
+                  "type": "Textbox",
+                  "parameters": {
+                    "label": "OAuth Client ID",
+                    "placeholder": "k...",
+                    "type": "text",
+                    "name": "clientId"
+                  }
+                },
+                {
+                  "type": "Textbox",
+                  "parameters": {
+                    "label": "OAuth Client Secret",
+                    "placeholder": "tskey-client-...",
+                    "type": "password",
+                    "name": "clientSecret"
+                  }
+                },
+                {
+                  "type": "ConnectionToggleButton",
+                  "parameters": {
+                    "connectLabel": "Connect",
+                    "disconnectLabel": "Disconnect"
+                  }
+                }
+              ]
+            }
+          ],
+          "id": "TailscalePremiumCCF"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]",
+      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "properties": {
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]",
+        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorCCPVersion')]",
+        "source": {
+          "sourceId": "[variables('_solutionId')]",
+          "name": "[variables('_solutionName')]",
+          "kind": "Solution"
+        },
+        "author": {
+          "name": "noodlemctwoodle"
+        },
+        "support": {
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
+        },
+        "dependencies": {
+          "criteria": [
+            {
+              "version": "[variables('dataConnectorCCPVersion')]",
+              "contentId": "[variables('_dataConnectorContentIdConnections2')]",
+              "kind": "ResourcesDataConnector"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections2'), variables('dataConnectorCCPVersion'))]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "contentId": "[variables('_dataConnectorContentIdConnections2')]",
+        "displayName": "Tailscale Premium (CCF)",
+        "contentKind": "ResourcesDataConnector",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorCCPVersion')]",
+          "parameters": {
+            "guidValue": {
+              "defaultValue": "[[newGuid()]",
+              "type": "securestring"
+            },
+            "innerWorkspace": {
+              "defaultValue": "[parameters('workspace')]",
+              "type": "securestring"
+            },
+            "connectorDefinitionName": {
+              "defaultValue": "Tailscale Premium (CCF)",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "workspace": {
+              "defaultValue": "[parameters('workspace')]",
+              "type": "securestring"
+            },
+            "dcrConfig": {
+              "defaultValue": {
+                "dataCollectionEndpoint": "data collection Endpoint",
+                "dataCollectionRuleImmutableId": "data collection rule immutableId"
+              },
+              "type": "object"
+            },
+            "tailnetName": {
+              "defaultValue": "tailnetName",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "clientId": {
+              "defaultValue": "clientId",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "clientSecret": {
+              "defaultValue": "clientSecret",
+              "type": "securestring",
+              "minLength": 1
+            }
+          },
+          "variables": {
+            "_dataConnectorContentIdConnections2": "[variables('_dataConnectorContentIdConnections2')]"
+          },
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections2')))]",
+              "apiVersion": "2022-01-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections2'))]",
+                "contentId": "[variables('_dataConnectorContentIdConnections2')]",
+                "kind": "ResourcesDataConnector",
+                "version": "[variables('dataConnectorCCPVersion')]",
+                "source": {
+                  "sourceId": "[variables('_solutionId')]",
+                  "name": "[variables('_solutionName')]",
+                  "kind": "Solution"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumConfigPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_Configuration_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Configuration_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  },
+                  "TokenEndpointQueryParameters": {
+                    "grant_type": "client_credentials"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/configuration')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 5,
+                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+                  "startTimeAttributeName": "start",
+                  "endTimeAttributeName": "end",
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.logs"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumNetworkPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_Network_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Network_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  },
+                  "TokenEndpointQueryParameters": {
+                    "grant_type": "client_credentials"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/network')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 5,
+                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+                  "startTimeAttributeName": "start",
+                  "endTimeAttributeName": "end",
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.logs"
+                  ]
+                },
+                "isActive": true
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections2'),'-', variables('dataConnectorCCPVersion'))))]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "version": "[variables('dataConnectorCCPVersion')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject1').analyticRuleTemplateSpecName1]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A new API access token or OAuth client was created in the tailnet. These grant programmatic access — verify the actor and intent.",
+                "displayName": "Tailscale: New API access token or OAuth client created",
+                "enabled": false,
+                "query": "Tailscale_Configuration_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend TargetName = tostring(Target.name)\n      | extend TargetId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, TargetName, TargetId, Origin, New\n",
+                "queryFrequency": "PTPT15M",
+                "queryPeriod": "PTPT15M",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Configuration_CL"
+                    ],
+                    "connectorId": "TailscaleCCF"
+                  }
+                ],
+                "tactics": [
+                  "Persistence",
+                  "CredentialAccess"
+                ],
+                "techniques": [
+                  "T1098",
+                  "T1136"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "lookbackDuration": "PT5H",
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 1",
+                "parentId": "[variables('analyticRuleObject1').analyticRuleId1]",
+                "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject1').analyticRuleVersion1]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: New API access token or OAuth client created",
+        "contentProductId": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]",
+        "id": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]",
+        "version": "[variables('analyticRuleObject1').analyticRuleVersion1]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject2').analyticRuleTemplateSpecName2]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "The tailnet ACL/policy file was modified. Review the diff — incorrect ACLs can silently expand blast radius across the tailnet.",
+                "displayName": "Tailscale: Policy file (ACL) modified",
+                "enabled": false,
+                "query": "Tailscale_Configuration_CL\n      | where Action in (\"UPDATE\", \"CREATE\")\n      | where tostring(Target.type) == \"ACL\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | project TimeGenerated, ActorLogin, Action, Target, Origin, Old, New\n",
+                "queryFrequency": "PTPT15M",
+                "queryPeriod": "PTPT15M",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Configuration_CL"
+                    ],
+                    "connectorId": "TailscaleCCF"
+                  }
+                ],
+                "tactics": [
+                  "DefenseEvasion",
+                  "Persistence"
+                ],
+                "techniques": [
+                  "T1556"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "lookbackDuration": "PT5H",
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject2').analyticRuleId2,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 2",
+                "parentId": "[variables('analyticRuleObject2').analyticRuleId2]",
+                "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject2').analyticRuleVersion2]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: Policy file (ACL) modified",
+        "contentProductId": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]",
+        "id": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]",
+        "version": "[variables('analyticRuleObject2').analyticRuleVersion2]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject3').analyticRuleTemplateSpecName3]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet — confirm it was expected and revoke if not.",
+                "displayName": "Tailscale: Auth key created",
+                "enabled": false,
+                "query": "Tailscale_Configuration_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) == \"AUTH_KEY\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend KeyDescription = tostring(New.description)\n      | extend Reusable = tostring(New.reusable)\n      | extend Ephemeral = tostring(New.ephemeral)\n      | project TimeGenerated, ActorLogin, KeyDescription, Reusable, Ephemeral, Origin, New\n",
+                "queryFrequency": "PTPT15M",
+                "queryPeriod": "PTPT15M",
+                "severity": "Low",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Configuration_CL"
+                    ],
+                    "connectorId": "TailscaleCCF"
+                  }
+                ],
+                "tactics": [
+                  "Persistence"
+                ],
+                "techniques": [
+                  "T1098"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "lookbackDuration": "PT5H",
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject3').analyticRuleId3,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 3",
+                "parentId": "[variables('analyticRuleObject3').analyticRuleId3]",
+                "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject3').analyticRuleVersion3]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: Auth key created",
+        "contentProductId": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]",
+        "id": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]",
+        "version": "[variables('analyticRuleObject3').analyticRuleVersion3]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject4').analyticRuleTemplateSpecName4]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator — rogue exit nodes can intercept tailnet egress.",
+                "displayName": "Tailscale: Exit node advertised or approved",
+                "enabled": false,
+                "query": "Tailscale_Configuration_CL\n      | where Action contains \"EXIT\" or tostring(New.advertisedExitNode) == \"true\" or tostring(New.allowedExitNode) == \"true\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend NodeName = tostring(Target.name)\n      | extend NodeId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, NodeName, NodeId, Origin, New, Old\n",
+                "queryFrequency": "PTPT30M",
+                "queryPeriod": "PTPT30M",
+                "severity": "Low",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Configuration_CL"
+                    ],
+                    "connectorId": "TailscaleCCF"
+                  }
+                ],
+                "tactics": [
+                  "CommandAndControl",
+                  "Exfiltration"
+                ],
+                "techniques": [
+                  "T1090"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
+                      }
+                    ],
+                    "entityType": "Account"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "NodeName",
+                        "identifier": "HostName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "lookbackDuration": "PT5H",
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject4').analyticRuleId4,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 4",
+                "parentId": "[variables('analyticRuleObject4').analyticRuleId4]",
+                "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject4').analyticRuleVersion4]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: Exit node advertised or approved",
+        "contentProductId": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]",
+        "id": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]",
+        "version": "[variables('analyticRuleObject4').analyticRuleVersion4]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject5').analyticRuleTemplateSpecName5]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Five or more API keys, OAuth clients, or auth keys were revoked/deleted within an hour. May be routine rotation, but also a typical cleanup pattern after credential compromise.",
+                "displayName": "Tailscale: Mass credential revocation in short window",
+                "enabled": false,
+                "query": "Tailscale_Configuration_CL\n      | where Action in (\"REVOKE\", \"DELETE\")\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\", \"AUTH_KEY\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | summarize\n          RevokedCount = count(),\n          TargetTypes = make_set(tostring(Target.type)),\n          TargetIds = make_set(tostring(Target.id)),\n          FirstEvent = min(TimeGenerated),\n          LastEvent = max(TimeGenerated)\n        by ActorLogin, bin(TimeGenerated, 1h)\n      | where RevokedCount >= 5\n      | project TimeGenerated = LastEvent, ActorLogin, RevokedCount, TargetTypes, TargetIds, FirstEvent, LastEvent\n",
+                "queryFrequency": "PTPT1H",
+                "queryPeriod": "PTPT1H",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Configuration_CL"
+                    ],
+                    "connectorId": "TailscaleCCF"
+                  }
+                ],
+                "tactics": [
+                  "DefenseEvasion",
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1070"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "lookbackDuration": "PT5H",
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject5').analyticRuleId5,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 5",
+                "parentId": "[variables('analyticRuleObject5').analyticRuleId5]",
+                "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject5').analyticRuleVersion5]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: Mass credential revocation in short window",
+        "contentProductId": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]",
+        "id": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]",
+        "version": "[variables('analyticRuleObject5').analyticRuleVersion5]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "version": "3.0.1",
+        "kind": "Solution",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "Tailscale (CCF)",
+        "publisherDisplayName": "Community",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.</p>\n<p><strong>Data connectors in this solution (install one based on your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> — Configuration audit logs (<code>/logging/configuration</code>). Use on <strong>Personal (Free) and Standard</strong> tailnets. Included in this release.</li>\n<li><strong>Tailscale Premium (CCF)</strong> — Configuration audit + network flow logs (<code>/logging/configuration</code> + <code>/logging/network</code>). Use on <strong>Premium and Enterprise</strong> tailnets. <em>Planned for a future release.</em></li>\n</ul>\n<p><strong>Underlying technology:</strong> Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.</p>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the <strong>Audit Logs - Read</strong> scope (Standard connector). For the Premium connector also tick <strong>Network Logs - Read</strong>.</li>\n<li>Copy the client ID and client secret (secret shown once)</li>\n<li>Note your tailnet name from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Analytic Rules:</strong> 5</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">",
+        "contentId": "[variables('_solutionId')]",
+        "parentId": "[variables('_solutionId')]",
+        "source": {
+          "kind": "Solution",
+          "name": "Tailscale (CCF)",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "noodlemctwoodle"
+        },
+        "support": {
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
+        },
+        "dependencies": {
+          "operator": "AND",
+          "criteria": [
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+              "version": "[variables('dataConnectorCCPVersion')]"
+            },
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentIdConnections2')]",
+              "version": "[variables('dataConnectorCCPVersion')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
+              "version": "[variables('analyticRuleObject1').analyticRuleVersion1]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
+              "version": "[variables('analyticRuleObject2').analyticRuleVersion2]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
+              "version": "[variables('analyticRuleObject3').analyticRuleVersion3]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+              "version": "[variables('analyticRuleObject4').analyticRuleVersion4]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+              "version": "[variables('analyticRuleObject5').analyticRuleVersion5]"
+            }
+          ]
+        },
+        "firstPublishDate": "2026-05-11",
+        "lastPublishDate": "2026-05-11",
+        "providers": [
+          "Community"
+        ],
+        "categories": {
+          "domains": [
+            "Networking",
+            "Security - Network",
+            "Identity"
+          ]
+        }
+      },
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
+    }
+  ],
+  "outputs": {}
+}
diff --git a/Solutions/Tailscale (CCF)/Package/testParameters.json b/Solutions/Tailscale (CCF)/Package/testParameters.json
new file mode 100644
index 00000000000..554801e41b7
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Package/testParameters.json	
@@ -0,0 +1,38 @@
+{
+  "location": {
+    "type": "string",
+    "minLength": 1,
+    "defaultValue": "[resourceGroup().location]",
+    "metadata": {
+      "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+    }
+  },
+  "workspace-location": {
+    "type": "string",
+    "defaultValue": "",
+    "metadata": {
+      "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+    }
+  },
+  "workspace": {
+    "defaultValue": "",
+    "type": "string",
+    "metadata": {
+      "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+    }
+  },
+  "resourceGroupName": {
+    "type": "string",
+    "defaultValue": "[resourceGroup().name]",
+    "metadata": {
+      "description": "resource group name where Microsoft Sentinel is setup"
+    }
+  },
+  "subscription": {
+    "type": "string",
+    "defaultValue": "[last(split(subscription().id, '/'))]",
+    "metadata": {
+      "description": "subscription id where Microsoft Sentinel is setup"
+    }
+  }
+}
diff --git a/Solutions/Tailscale (CCF)/README.md b/Solutions/Tailscale (CCF)/README.md
new file mode 100644
index 00000000000..25c08cde364
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/README.md	
@@ -0,0 +1,62 @@
+# Tailscale (CCF)
+
+Microsoft Sentinel solution that ingests Tailscale telemetry via the OAuth2-secured Tailscale API.
+
+## Data connectors
+
+Install **one** of these connectors based on your Tailscale plan:
+
+| Connector | Endpoint(s) | Tailscale plan | Status |
+|---|---|---|---|
+| **Tailscale Standard (CCF)** | `/logging/configuration` | Personal (Free) + Standard | **Included** |
+| Tailscale Premium (CCF) | `/logging/configuration` + `/logging/network` | Premium + Enterprise | Planned |
+
+The split mirrors what the Tailscale API actually exposes per tier — Network flow logs are only available on Premium and above. If you're on Personal or Standard, install Tailscale Standard; if you're on Premium or Enterprise install Tailscale Premium (which covers both endpoints).
+
+## Contents
+
+- **Data connector** — Sentinel UI card ("Tailscale Standard (CCF)") that uses OAuth2 client-credentials auth, polling the configuration endpoint every 5 minutes.
+- **Custom table** — `Tailscale_Configuration_CL` (typed columns for actor, action, target, origin, new, old).
+- **5 analytic rules**:
+  - New API access token or OAuth client created (Medium)
+  - Policy file (ACL) modified (Medium)
+  - Auth key created (Low)
+  - Exit node advertised or approved (Low)
+  - Mass credential revocation in short window (High)
+
+## Pre-requisites
+
+1. A Microsoft Sentinel-enabled Log Analytics workspace.
+2. A Data Collection Endpoint (DCE) in the same region.
+3. A Tailscale OAuth client with the **Audit Logs - Read** scope:
+   - Generate at <https://login.tailscale.com/admin/settings/oauth>
+   - Copy the Client ID and Client Secret (secret shown only once)
+4. Your tailnet name (e.g. `tail-XXXX.ts.net`) from the [Keys page](https://login.tailscale.com/admin/settings/keys).
+
+## Connect
+
+1. Install this solution via **Content Hub**.
+2. Sentinel → **Data Connectors** → search "Tailscale Standard (CCF)" → **Open connector page**.
+3. Supply:
+   - Tailscale tailnet name
+   - OAuth Client ID
+   - OAuth Client Secret
+4. Click **Connect**. Polling begins on a 5-minute cadence.
+
+## Why OAuth client, not a personal API token
+
+Tailscale's `logging/configuration` endpoint requires the `logs:configuration:read` scope. Personal API access tokens (`tskey-api-...`) are unscoped — when used against this endpoint, the API returns HTTP 200 but with `logs: null`, silently. OAuth clients are required to grant the specific scope.
+
+## Verification
+
+After Connect, in Sentinel Logs:
+
+```kql
+Tailscale_Configuration_CL
+| sort by TimeGenerated desc
+| take 50
+```
+
+## Support
+
+Community-supported solution maintained by noodlemctwoodle. Issues: <https://github.com/noodlemctwoodle/Azure-Sentinel/issues>.
diff --git a/Solutions/Tailscale (CCF)/ReleaseNotes.md b/Solutions/Tailscale (CCF)/ReleaseNotes.md
new file mode 100644
index 00000000000..87485d6bcee
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/ReleaseNotes.md	
@@ -0,0 +1,3 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Changes** |
+|-------------|--------------------------------|-------------|
+| 3.0.0       | 11-05-2026                     | Initial Solution Release |
diff --git a/Solutions/Tailscale (CCF)/SolutionMetadata.json b/Solutions/Tailscale (CCF)/SolutionMetadata.json
new file mode 100644
index 00000000000..116e0785314
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/SolutionMetadata.json	
@@ -0,0 +1,22 @@
+{
+  "publisherId": "noodlemctwoodle",
+  "offerId": "TailscaleCCF",
+  "firstPublishDate": "2026-05-11",
+  "lastPublishDate": "2026-05-11",
+  "providers": [
+    "Community"
+  ],
+  "categories": {
+    "domains": [
+      "Networking",
+      "Security - Network",
+      "Identity"
+    ],
+    "verticals": []
+  },
+  "support": {
+    "name": "Community",
+    "tier": "Community",
+    "link": "https://github.com/Azure/Azure-Sentinel/issues"
+  }
+}
diff --git a/Solutions/Tailscale (CCF)/Tailscale.svg b/Solutions/Tailscale (CCF)/Tailscale.svg
new file mode 100644
index 00000000000..b7d6e8a1905
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Tailscale.svg	
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" id="Layer_1" x="0" y="0" version="1.1" viewBox="0 0 512 512"><style>.st0{opacity:.2;enable-background:new}</style><path d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8" class="st0"/><path d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9"/><path d="M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512" class="st0"/><path d="M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8" class="st0"/><path d="M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9" class="st0"/></svg>
\ No newline at end of file

From f556403bdaf946f008d9f687a91030295a6f71f3 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 08:20:52 +0100
Subject: [PATCH 02/27] Tailscale (CCF): add hunting queries + Standard/Premium
 workbooks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Expands the Tailscale (CCF) solution with proactive hunting content and
two operational workbooks. The split mirrors the connector split:
Standard-tier consumers get configuration-audit visibility, Premium-tier
consumers additionally get network-flow visibility.

Hunting queries (8 total):
  Configuration tier (works on Standard + Premium):
    - TailscaleFirstSeenActor — first-time configuration actors
      vs 14-day baseline (T1078)
    - TailscaleACLPolicyChurn — short windows with 3+ ACL rewrites,
      indicating rule-hunting or misconfiguration spiral (T1098/T1556)
    - TailscaleOffHoursConfigChanges — events outside Mon-Fri 08-18 UTC
      window for impromptu / suspicious changes (T1078)
    - TailscaleAuthKeySprawl — actors creating 5+ auth keys in an hour
      (T1098/T1136)

  Network tier (requires Premium connector + Tailscale_Network_CL):
    - TailscaleNewNodePairs — src->dst pairs in last 24h that did not
      appear in prior 7d baseline; lateral-movement candidates
      (T1021/T1018)
    - TailscaleTopTalkers — top 50 src->dst pairs by total bytes,
      virtual traffic (T1041/T1567)
    - TailscaleExitNodeUsage — egress via exit nodes, by node and
      destination, with byte totals (T1090/T1041)
    - TailscaleBeaconingCandidates — flows with 80%+ inter-flow gaps
      clustered at a single delta (10+ flows minimum); C2 / scheduled
      exfil signature (T1071/T1095/T1029)

Workbooks (2 variants — install matches connector tier):
  TailscaleStandardOperations.json (3 tabs):
    - Overview: summary tiles, activity time-series, top actors,
      target-type distribution
    - Identity & Configuration: actor/action/target heatmap, ACL
      change history, auth-key lifecycle, API/OAuth client activity
    - Security Signals: rule-summary, severity distribution, recent
      Tailscale alerts

  TailscalePremiumOperations.json (4 tabs — Standard tabs + Network):
    - Adds Network Flows tab: summary tiles, top-20 talkers chart,
      exit-node traffic table, subnet router throughput, virtual-
      traffic-bytes timechart

Manifest + metadata wiring:
  - Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json:
    Hunting Queries array (8) + Workbooks array (2)
  - Workbooks/WorkbooksMetadata.json: appended two entries
    (TailscaleStandardOperationsWorkbook,
    TailscalePremiumOperationsWorkbook) with correct
    dataTypesDependencies and dataConnectorsDependencies so Content
    Hub gates visibility on the right tables and connectors
  - Solutions/Tailscale (CCF)/Package/ rebuilt with createSolutionV3:
    24 ARM resources (2 dataConnectorDefinitions, 19 contentTemplates
    covering 2 DC pollers + 2 DC connections + 5 analytic rules +
    8 hunts + 2 workbooks, 2 metadata blocks, 1 contentPackage)

Testing performed:
  - All 8 hunting query YAMLs parse cleanly via PyYAML
  - Both workbook JSON documents validate
  - createSolutionV3 build succeeds; mainTemplate.json,
    createUiDefinition.json and testParameters.json all valid JSON
  - Total ARM resource count went 10 -> 24 as expected
  - Hunting queries reference correct connector IDs (TailscaleCCF for
    config-tier hunts, TailscalePremiumCCF for network-tier hunts) so
    Content Hub gates them on the appropriate connector being deployed

Live deployment to test workspace deferred (Azure session expired);
will redeploy after re-authentication.

Breaking changes: None — additive only.
---
 .../Data/Solution_Tailscale.json              |   14 +
 .../TailscaleACLPolicyChurn.yaml              |   31 +
 .../TailscaleAuthKeySprawl.yaml               |   31 +
 .../TailscaleBeaconingCandidates.yaml         |   37 +
 .../TailscaleExitNodeUsage.yaml               |   26 +
 .../TailscaleFirstSeenActor.yaml              |   34 +
 .../TailscaleNewNodePairs.yaml                |   33 +
 .../TailscaleOffHoursConfigChanges.yaml       |   31 +
 .../Hunting Queries/TailscaleTopTalkers.yaml  |   23 +
 Solutions/Tailscale (CCF)/Package/3.0.1.zip   |  Bin 13726 -> 22108 bytes
 .../Package/createUiDefinition.json           |  194 ++-
 .../Tailscale (CCF)/Package/mainTemplate.json | 1174 +++++++++++++++--
 .../Package/testParameters.json               |   16 +
 .../Workbooks/TailscalePremiumOperations.json |  410 ++++++
 .../TailscaleStandardOperations.json          |  314 +++++
 Workbooks/WorkbooksMetadata.json              |   35 +
 16 files changed, 2294 insertions(+), 109 deletions(-)
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleBeaconingCandidates.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExitNodeUsage.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleNewNodePairs.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleTopTalkers.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json
 create mode 100644 Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json

diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
index e90cbcef696..971860475ea 100644
--- a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -18,5 +18,19 @@
     "Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml",
     "Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml"
   ],
+  "Hunting Queries": [
+    "Hunting Queries/TailscaleFirstSeenActor.yaml",
+    "Hunting Queries/TailscaleACLPolicyChurn.yaml",
+    "Hunting Queries/TailscaleOffHoursConfigChanges.yaml",
+    "Hunting Queries/TailscaleAuthKeySprawl.yaml",
+    "Hunting Queries/TailscaleNewNodePairs.yaml",
+    "Hunting Queries/TailscaleTopTalkers.yaml",
+    "Hunting Queries/TailscaleExitNodeUsage.yaml",
+    "Hunting Queries/TailscaleBeaconingCandidates.yaml"
+  ],
+  "Workbooks": [
+    "Workbooks/TailscaleStandardOperations.json",
+    "Workbooks/TailscalePremiumOperations.json"
+  ],
   "Metadata": "SolutionMetadata.json"
 }
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml
new file mode 100644
index 00000000000..18ed36bcd13
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml	
@@ -0,0 +1,31 @@
+id: b82e5d4d-2c8f-5e3b-ad2e-1f4c6e8d9eab
+name: "Tailscale: ACL policy churn"
+description: |
+  Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change.
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Configuration_CL
+tactics:
+  - DefenseEvasion
+  - PrivilegeEscalation
+relevantTechniques:
+  - T1098
+  - T1556
+query: |
+  let bucket = 30m;
+  let churnThreshold = 3;
+  Tailscale_Configuration_CL
+  | where Action == "WRITE"
+  | where tostring(Target.type) == "ACL"
+  | extend ActorLogin = tostring(Actor.loginName)
+  | summarize EditCount = count(), Editors = make_set(ActorLogin), FirstEdit = min(TimeGenerated), LastEdit = max(TimeGenerated)
+      by bin(TimeGenerated, bucket)
+  | where EditCount >= churnThreshold
+  | order by EditCount desc
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: Editors
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml
new file mode 100644
index 00000000000..8c47377239a
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml	
@@ -0,0 +1,31 @@
+id: d64e7f6f-4eab-7a5d-cf4a-3b6e8aafbcad
+name: "Tailscale: Auth key sprawl"
+description: |
+  Actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context.
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Configuration_CL
+tactics:
+  - Persistence
+  - CredentialAccess
+relevantTechniques:
+  - T1098
+  - T1136
+query: |
+  let bucket = 1h;
+  let sprawlThreshold = 5;
+  Tailscale_Configuration_CL
+  | where Action == "CREATE"
+  | where tostring(Target.type) == "AUTH_KEY"
+  | extend ActorLogin = tostring(Actor.loginName)
+  | summarize KeysCreated = count(), KeyIDs = make_set(tostring(Target.id)), Reusable = make_set(tostring(New.reusable)), Ephemeral = make_set(tostring(New.ephemeral))
+      by bin(TimeGenerated, bucket), ActorLogin
+  | where KeysCreated >= sprawlThreshold
+  | order by KeysCreated desc
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleBeaconingCandidates.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleBeaconingCandidates.yaml
new file mode 100644
index 00000000000..c7990870aa0
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleBeaconingCandidates.yaml	
@@ -0,0 +1,37 @@
+id: b28cbdd2-8cef-be9b-a38e-7faceedfdbec
+name: "Tailscale: Beaconing candidates (regular periodic flows)"
+description: |
+  Detects flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise.
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+tactics:
+  - CommandAndControl
+  - Exfiltration
+relevantTechniques:
+  - T1071
+  - T1095
+  - T1029
+query: |
+  let lookback = 2d;
+  let minFlows = 10;
+  let beaconPercentThreshold = 80.0;
+  Tailscale_Network_CL
+  | where TimeGenerated > ago(lookback)
+  | mv-expand t = VirtualTraffic
+  | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)
+  | project TimeGenerated, Src, Dst, Proto
+  | sort by Src asc, Dst asc, Proto asc, TimeGenerated asc
+  | serialize
+  | extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)
+  | where Src == NextSrc and Dst == NextDst and Proto == NextProto
+  | extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)
+  | where DeltaSec > 5
+  | summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec
+  | summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto
+  | where TotalFlows >= minFlows
+  | extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)
+  | where BeaconPercent >= beaconPercentThreshold
+  | order by BeaconPercent desc
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExitNodeUsage.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExitNodeUsage.yaml
new file mode 100644
index 00000000000..cd2929ff458
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExitNodeUsage.yaml	
@@ -0,0 +1,26 @@
+id: a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb
+name: "Tailscale: Exit-node usage patterns"
+description: |
+  Summarises traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise.
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+tactics:
+  - CommandAndControl
+  - Exfiltration
+relevantTechniques:
+  - T1090
+  - T1041
+query: |
+  Tailscale_Network_CL
+  | where TimeGenerated > ago(1d)
+  | where array_length(ExitTraffic) > 0
+  | mv-expand t = ExitTraffic
+  | extend Src = tostring(t.src), ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)
+  | summarize TotalBytes = sum(TxBytes + RxBytes), FlowCount = count(), ExitDestinations = make_set(ExitDst, 25)
+      by NodeId, SrcNodeName = tostring(SrcNode.name), Src
+  | extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)
+  | order by TotalBytes desc
+  | take 100
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml
new file mode 100644
index 00000000000..3f05846f874
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml	
@@ -0,0 +1,34 @@
+id: a91f4d3c-1b7e-4f2a-9c1d-0e3b5f7c8d9a
+name: "Tailscale: First-seen actor making configuration changes"
+description: |
+  Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials — review whether each surfaced actor is expected to have admin rights.
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Configuration_CL
+tactics:
+  - InitialAccess
+  - Persistence
+relevantTechniques:
+  - T1078
+query: |
+  let lookback = 14d;
+  let baselineWindow = 14d;
+  Tailscale_Configuration_CL
+  | where TimeGenerated > ago(lookback)
+  | extend ActorLogin = tostring(Actor.loginName)
+  | where isnotempty(ActorLogin)
+  | summarize FirstSeen = min(TimeGenerated), Actions = make_set(Action), Targets = make_set(tostring(Target.type)), TotalEvents = count() by ActorLogin
+  | join kind=leftanti (
+      Tailscale_Configuration_CL
+      | where TimeGenerated between (ago(lookback + baselineWindow) .. ago(lookback))
+      | extend ActorLogin = tostring(Actor.loginName)
+      | distinct ActorLogin
+  ) on ActorLogin
+  | order by FirstSeen asc
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleNewNodePairs.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleNewNodePairs.yaml
new file mode 100644
index 00000000000..ac682cb2d1f
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleNewNodePairs.yaml	
@@ -0,0 +1,33 @@
+id: e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe
+name: "Tailscale: New src->dst node pairs (lateral movement candidates)"
+description: |
+  Lists tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs).
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+tactics:
+  - LateralMovement
+  - Discovery
+relevantTechniques:
+  - T1021
+  - T1018
+query: |
+  let recent = 1d;
+  let baseline = 7d;
+  let recentPairs =
+      Tailscale_Network_CL
+      | where TimeGenerated > ago(recent)
+      | mv-expand t = VirtualTraffic
+      | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)
+      | summarize FirstSeen = min(TimeGenerated), TxBytes = sum(tolong(t.txBytes)), RxBytes = sum(tolong(t.rxBytes)), FlowCount = count() by Src, Dst, Proto;
+  let baselinePairs =
+      Tailscale_Network_CL
+      | where TimeGenerated between (ago(baseline + recent) .. ago(recent))
+      | mv-expand t = VirtualTraffic
+      | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)
+      | distinct Src, Dst, Proto;
+  recentPairs
+  | join kind=leftanti baselinePairs on Src, Dst, Proto
+  | order by FirstSeen asc
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml
new file mode 100644
index 00000000000..a8858f9cc40
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml	
@@ -0,0 +1,31 @@
+id: c73f6e5e-3d9a-6f4c-be3f-2a5d7f9eafbc
+name: "Tailscale: Off-hours configuration changes"
+description: |
+  Lists configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity.
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Configuration_CL
+tactics:
+  - InitialAccess
+  - Persistence
+relevantTechniques:
+  - T1078
+query: |
+  let businessStartUtc = 8;
+  let businessEndUtc = 18;
+  Tailscale_Configuration_CL
+  | extend HourOfDay = datetime_part("hour", TimeGenerated), DayOfWeek = dayofweek(TimeGenerated)
+  | where DayOfWeek in (0d, 6d)  // Sunday and Saturday
+      or HourOfDay < businessStartUtc
+      or HourOfDay >= businessEndUtc
+  | extend ActorLogin = tostring(Actor.loginName)
+  | extend TargetType = tostring(Target.type)
+  | project TimeGenerated, ActorLogin, Action, TargetType, Target, Origin
+  | order by TimeGenerated desc
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleTopTalkers.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleTopTalkers.yaml
new file mode 100644
index 00000000000..c6d15a32a93
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleTopTalkers.yaml	
@@ -0,0 +1,23 @@
+id: f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca
+name: "Tailscale: Top talkers by bytes (virtual traffic)"
+description: |
+  Ranks tailnet src->dst pairs by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise.
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+tactics:
+  - Exfiltration
+  - Collection
+relevantTechniques:
+  - T1041
+  - T1567
+query: |
+  Tailscale_Network_CL
+  | where TimeGenerated > ago(1d)
+  | mv-expand t = VirtualTraffic
+  | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)
+  | summarize TotalBytes = sum(TxBytes + RxBytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), FlowCount = count() by Src, Dst, Proto
+  | extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)
+  | top 50 by TotalBytes
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.1.zip b/Solutions/Tailscale (CCF)/Package/3.0.1.zip
index 38245235a0ec7fb220f34daca7cffcf2e7f5135f..f42b2df7d903435791266c2aa1526694c8003cad 100644
GIT binary patch
literal 22108
zcmZ^p1B@@hzvaiaZQQYKTX$^Rwr$(C@BGHLZQHzK?)|^_c9Y#?lTM|o)9IZ4_DS`p
zPnDt!C>R<L5D*lQs&I|Y7J$D09uWv=TnY#X^WRxxCsRWgQ&me*Q!`6DOBYLfJ9;Z;
zd%J6$ODEjX#_#&_vjHx85XOcA3of+`(sHaZS(Wf6PqK|Vw94NQJh9tMX67r-z#*Jf
z6Cy{@4;G$DDzjJgZbFKf*+{w*Z=_M3&Ccg<9Uqr@1m7-*1uwho(~Sn*#%ISfsm~tF
zkqSvcRB48R6XaL*I|fM?MPBBV;p1ON7CJaOFgkK&5SfGa`Me|TiUZKKN#%On_qvIn
z1}*RPI}u?MnFlEF@J}iw;@W)f<5FiG%R)AtqQ;?WO8^!XA8qDA7#9nhTP(j0NT4~H
zmaOQSH~a$1tCxfNsk<Gfsmwo|Rr*sI=;tSkcQM6svA=ZL&VC|DK&=-f)MGW^w8=9a
z+Vef5DV8S^EhK*#!r$-SJFCe5N=XjV3^#KsW3i>gl$Fe8j*QebQ|HrwzIl*P?`Gg<
z(ARw;l1MzRd;6NCaV-rStZx}S+(()rXO1>-h=a(1NGF|YN%10Afndq84kk)*m6i4q
zzO7BmTXBM0TJ8P*R`9?$TJ?lZpJjZO6IsXn@~U*q<fxy<9`XvDt)9_}{yaLnOD+yy
zJU^$D=*?9T2|-Q@LbTu)MC}-xCqlD<X9<}MU7!IU(Av#|(rzeeK-GrVQP>JwX}kxL
zW{rbJPm^Cj#<-A*E$E`}I_Q`}$yyeRb6BS}Vu4<@A%He%K;G5CwMc+#aS^P5t8Jch
z0Y@OmIGe&r3+m^f+&Pvoj;`bw+duk@gg-<KkIyttuqtJA-OxayrZ2~C)R)8lBb>n$
zjrS+0<++Saiz*Wb4>4Tb3T|-!<jr{$%{)xRpPLUKF8r>(_Xo60$hOO{(Ep^}fymXY
z@FzWTNs~f_U24<zn^|&CJDT;z!6R<OYMAU%0sa6e<6xR`kT~H8jXS#!HC1{xkwb<V
z8DspJY!)740MkDAu)JWd_K#+t&c(8J8C?FriRzQCJN|M7>rZ`(h%%00V{_1cyNNV0
zV&{y(O)ke8tuYqIo%Znjm}>w@S^L6obL)kDe8x<xIF#Db<6-!4WoBzbCBwG{6#Du-
zkV>?QEl#$vN=OPi#@h!Nu2YCn2>-_cm~eKR?=P^tXj$;cON<8NaD#cS!ltw)sa)t(
zm-!hF;-wNho_W@zJ!yP$Bsq3Q)hEnT%yL<AGfrM;Tvu@(mN4@%C}j3!a^c=UBhY6d
zkn)WXhRbP-9pGfOVAOMvf99#Sy?xBqshma0xNySvsyKN#a$K9c;E1jig8aHDpB~?{
zNIlq-=93J9j>%HF=K7^ZG!;uPoS*&^Z4FC4dDl$_=xf3M^QUv&W`m3qr{CeVn>{*n
zC3-p;b@*r_5-raY+YOb!eANE|EEn#3wix;TP2}SJ0WMQXF+t9l<$4>TO}DwSzkD^!
z705sMvYWN+YnqTlE%VX^3D4zNxi-Hg_hMud<PlEmS}y8ToB=#O@3UzcXoGA&8>N_H
zvmBl(lXVaf)^*N9k^f7Ee?=aO7hpoQA*C75XNVFDJJ8eKERSf|YiH+O#*!EoW|C`D
zzkDP1_h*$(Nh-HV*NA$KX$Ei8OWsD>Auh1`Q_4YDY<n0=4GNnZ$u3y0lEnbMik6kx
zLZOBYpTuAwDsw1{=Q_uwJKUdjBYl&_TvV~gi=0*n;0`zQs>blLAyCcF(NzN>9G#!Y
zykNxQVotfs@z;KOq;_)7s2LXCFBw%iC&j2Ll|{>qe?dzRD$D0KXlp@7vM7~N+djmk
z|9A>`L96IT*h7sDe_*4(XlRMp-aXf97!<Q?hN0PjUQWMgLTBeTqE0~4!ZUb&e^0Cv
zlKISH8$tFcOT+dyUSHRRag8Q(a?qhtjmr580PzeNxmO&Faj~na<ToqLREPCeTs&Aj
zc)$Pe_zLci-g&~u-|lj+cHab4(!<myjf$toKS{UX%CL(_)w+`uq|grQ$Pfg_oEj<z
zwCsI{<(`VC=jaSbOF}0-YtgI+3BiIte;F9$8VYlDDvKrfkCsSyt#{IDtj8l=Ntm7y
zx&Zq#N~SIOfT?x@^S&qXk~0}>y1&cT&#By^^h1(X<X?wu888O*IB10UNt@9=(_G<w
zx}YEXF7xzU;Ku}Hh1QEZI4tApJ`Kpa_4@iUV!8C`^lM@rt;Pt+XyG<5TA?&P6*Zx(
z7`|bU3Sl^l6uX01Ok%fgPLUmY5bI=&WaB`n5x%rscL3m?Zltyed3=rmd}FZ_4uSPs
zgeCHroBC%3o11e{x${75UDnzfkbEXfNEY&Rd16b?Wgf(V0@jFB%KfcdOVrQ5sxnL<
zFKw5o0+ZWCoR#;ugR%xtM~?!crhg^DRBhxw*=)mvvoLTfQ-Ql9jSo<G6#;Qtc6P<C
zZw&17*d1uVw6yiE%9S9y@!E^L;n-JGNFG2HMS1ngsS8u?M7UjqUoKIIvE25Vi+~iI
zcqLceGP&~B@$6i@JkdqHo~_nX<|aH*u${BMBQ7Ns|EwmtuO@kK_77}oEW2?okV~)b
zXbJFC<G4UcS>EwbfY*y8>g9S8OA=op_;{59>OR(uYqbi8FL8Y@XU4np)oo861Fu86
z%_uK2AFl&Y=(#469&wo|gsc0iges_mJIA5Rw8S^C{@iCVc~nC;#9>43tk_>fUP-lc
zpdf0!R4ZL-E9so(vImVj7N$CE#Ec6=vi0avs>9xIj}JOGsdnJQyMoV8+_J4F$raf)
zd~L&Px%p0XmUqi+`t5x8f`jT#Z?=p;+#IFivR{B@CGg7EQ^rdW2_r1m2A0axhHA&}
znRr21&ZvYXz+V2*j5jiKc5?a#%h4+Up*qQ^Q;sa&vlW5J_i7|jmffHm-WVBv+SUJ*
zUBbJ@W<%F(H=VmGaq5MbTiUW&nE2{N7F3kB?}S9cb>4CB02@65iN#my>5EN0f!b+;
zlQ8&-NtzV*X1<{3*f94z-`-0vJnjA^k_^2ig?(}L*H$r1m-LHdqQTkeRsuVVYn#jT
zEbnOLFUa9wrlFFwczBsTJn%(wM%a(LSCjVvFfNnd6mLK=Daox9N)vwh4!7>-_eXSz
zq(02|nGWvgQJd!Rq{Hv;Cf!+w>aIeJcLI+=CZAXu?pTPlG8cMm-#qqh(4Gi(Kc2cm
z&6(}CFjU3crX%#`r>4sxdsp!cMf6~?F*s!e>0*|_sG!6PRlX!h%_8K#9?atho@GUG
z!e3)OR3dcye2QVloU6Y}thrf*&hlkvArvj>PYwY4j_Ol}&GVv&l&040A(38<Qk`vK
z(Qmw09g3CgVe&-sW#;T9AvFmVIXa*{)X<<T<29gzZFd-0wS8`LPlbK=>->GltQLWn
zUm7v9Hw#7$UX~$2aOm^WK|<Xou=^H}T}Cs7MID%NGKnMw%v#b~?lh>1LN&zMWd+UJ
z7r6SVOe}&HOl?cBU`&vu0(k5MSD?81-6#kkG-f`LBaw>ZCIP7~+@6~no(}37mF#?E
z78a=0EhwR=GetR|%_>5{Eu7*)P%y&CQl#)z&(Z}4lZoo;e5kZ85mqj6YB4jscJI+<
z;X1KWjV|y@j4T!}g!L=9cW?ZRk16YWY1K{@1q6*CK{<b>TMDhnhMz9n<{#g-3(i$&
z6X%eb*F-hPW@5NShs9r6#Vy3Z)8?)2pwY9Dp(+KV8%l{*cgXHoF${k5QlovjsG^Tg
zb!vDF_tnZIGDBC2mia)FXR;Lsg!YxRKvvRA7sDFfgNiqM(nh~Csfk^~S+-J_+wouf
ziVVKMGIu7wr;24Q9~ES6Ym>?zf?l??eVIzScpnSnltv}m!Ex-T4`*wmd_e`zScSIY
zG69AFJ2Fci)G@Bc(G^u^Wd^W8k{tFJ%GJ+qvX16*?#6NX-YkeMhKADsy+4ymSQ*KZ
zZZHLLgrzId*fN-@;nKoabWEu7XvCQ!V0~d`s!dr}^^0_{liFb%BboP6U^PxITsVSh
zCkBVSo-G_j!&Fl4>rFVYvYh!v0cvY;S@nU&kx|;zsdmr4+<e>ohBq7x`fk(!efinF
z9O`Je_Hx(>Mfm4w-VLaAnKPMDa8=%nlbwo9$Y*@;ZUvB%6O*k?ya|+=suDXIim>a9
zwY>=_7_Wi?TtRYEW-%fDlStV07xI-|BFq_(7YYgiDgy+?dQKWlDoc=3#!)r`^UJ=t
zT;p?+fk+`@8}&sSD!Alc>uS{LrM<2NReQc<C-|f@7A6NGY5K;6`FJJBXOw+^mi+ig
z(G5h?%iCXP0<h%yoil+BQm|2}h1_!8g|K`ZJT#o_HJ;)Ue^X#%nl79>$R#k=2b60$
zwc{0H_iW(95#tdNM_<nMU!RS*CHF#p_G+W0DPd|{5^3H0b+Sg^3$cJuRN&2AUgB<A
zrn=!urqZ~#M1hb$#m{-sRAQo{F8sw)%9cd;*!{@CkX7pY=2=gR35(@<*Q{42)52<x
zt}pv^$ytid;o5nH1&y~k_9?_t@$(b=q--@wN7sC&m$>~zv207nH{O_FrL%*^N5p`-
z7k9qs!zf+&%Hu@GO+yS??s17z1<G`xRvRsHlBCyaMZ{cPl_vmkgWZB&4ef1@VQ3T~
z-XtY{jeXo`dWSSGOje_MPV7TYwNj({PTI#m(iCG93sU8VC@|e{Fv7SKA{~=EztM%w
zZQai$te%&~h@%8&X>p{Vmytp6;qmy0WSKFQx%B;=9cwi$L)h<zGd>}8p;CjKLOb#L
z*pPX2kD&&kbgDsD6-le~3m}NY=FsHlh$Sj^?e%SHX(<0#rprIp>rUf!HHWG2^=K+p
z@dUWnlJu^JN9ov9NkrVttRT=mrVnr`AQu?^Z9mg#?j+BBo!&khVkyJmxEQj5m**)`
z6oQ#yG(E+VT47e1wRtQ7eNRcHEuEn4fR*DIyiBV1bbu(N<&XgAKt^m-<y5br)n{RO
zR+chURSQ%;C)wl4(&D(q(4+TuI{BnT-3|B5L};Zdw^Z+nXxtC$mL^06Aye4Yt`H^C
zT|QdZqCQfBvO{u9U0zLTlclK)V>{_CqlH-e%*FQuB`+J!M(7MDm0nUW=few!^@cvl
zRci6&I{2mx_uCNc2^6EPpwyyjnuwzDr*p?llBF0`;-_f+l2Ck{U`BV#d5;g5|5>kk
za3HLDfGoMhAU@xiD+2;z&@AW{cHWS0a`kq=N4ypHCkS7l#Z5<-`%@UDW8iYmf~iTr
zst8M*6G)$l*H4XUN$?mJ1XZ;K?>{ayYv={mES@BqyMWi8F2ojbr(XDj=w*h=S&Z^J
z*3cnOb23gq;P*iFggt@}Ns`jIAWY5owT@;W?mf&A2q$sAHd=<e8h_8t!PVkkdaDz?
zt%FR^YB%&kFCyIi!(u<mJbW&HIonOlGeF3f4EQF|ajXruFOyl-<x#gBbY1g;zpie$
zuKw<xd{6i596sq`W?N@cbG^+fd3)cv^!|ZR{J&BHqLdjITQMLYz&r>L^1qb8*3i;U
z#njfp=3iFu-}!*=xzlDF;O55<CS`_e)lDmjT=OBpuDp(vC$htKl*f&muZ;#iF(D*_
zWEspt`#iVmFVZRWO>r(|dkYW((Xdhy9pY5o23;~x+seSeqapl{Pq^Z-Kqfnhv5sdX
zHR%lH)$vK0&u>CwRK)R&jIOv|ZuUy+l{Mc{cJ0^`z1sOYwybRKOso~O3EhPIp}w4@
zUdGAKcxm*FRoZ0K<R4)haXM7~#Tt%1|A(gxhZ<vq-JesQ5Tq)D@OWBWn5?u?T$7r6
z+<OrfB)YhLW4Nds?Xba0Q<57$9C%t>T>~pdcwDer_fC6u>RsYTIUm~~TV9HsHQLua
zLrbizyL=**{YB`&6YSPXE*Al~rQd%uGDP^Rx<uuED&-;8m|hvy97JmcYzAmYSH`qA
zohUAGU2jqSsp-Vt+_a6d<S6O6QkA1g!;!nA-Vr1yh`HyHTj#)7!W#JM9Q{H$4e`EQ
zul$PK_?z%V>T|Wap0k#A47FEjbI<&jk>5p;*sv)z!qt!oksnuMP4ye0S0txN9~fL%
ziZ-B>!d#3Nt&55SZDYmm4?&OAfhq@j?GJi|d!SU!HYZ6}E5KkU&Jm}X*``)k`4b8i
zAz-CSMW+@K>t(R2mXSycpbBXFG9-Q(4H4mdYE?r-HT9fy>u;{TvIJYEuA1bbw9p{d
z=Xco?qsEtZ5NeCK7#JB(RF2F|N34P6Doz73*!IqHGIFwp0uW3?c#=H`gt@(=Mosek
zvgdsY8Y@=3Z3~E5N!D|csZJi3%cB1p8;q>34;A?6+FJV-%Rf<TZK822#qhP@i#~a3
zg63Xouc$UdfMkWY8>ION5Caq)!&YXw*j;TdaW$Luda$P!l`{BvlNPb9=rRjgvSTV)
zdIbDFmrrmu(O%$-Xxa0-p~vwJQ_p^@#-=E*OxJo9?>xeI+<JRWNo&4nU%Ty2u~Jok
z?kl(UV03BzUFOPI;%_^guRVpI&Fkr5fBplwk-@{|OP=44XqNM@GO|`JnW^wwoVcqD
zxav%^M2XdQYxPbWdOLLxYVSTf|4tTRE}#Jaoka{xQv}trXRB2pk%V)PkpV_gWzD8r
zU8{<p{C$m7S#}xa1DntVD2yQMCa8FUi=OE0+Iqj<qDnuYA-*wj9MpA=m-RJLsz53-
zwN=h#SU2;qRNDm(%r1PQ)bcWmL{+5#xXQU2{nLa{_d$)PVEkua!*^!)yjGF2<L`3L
z#YTs^t1Y_9Dw+K0(nhDbnh$yU3Lr0R#mJrTt)FS^;~TT+zN`bSx_%qF<2?U72>rQP
zYlaWF1Jv8wyLER5=ZwvEZlm_vmc!AuH5js`duGP2ybzH)c13<JVIz)%r2<y5?~`jD
zFZ-dAAp|sd4e!Ep0<?NgD{mGu+8_j^zVt8jd;#UdbXGQ%Xq_rc3+ATM_4K%?g*DD9
zsX3sON6Tg8_%$j7BBFz*!VO1oQOgy6)A|51sU%lsVT&E5I=bpx6Wk)P_Q+Vu&q3~2
z_7TIM;GE@cwXhq2(`6m4l$+KyU#+V30blpZ8Qh~*XYrHuhMjqQf>3#Hv{cd!0AqEV
zH-EOavlji_j-TS;($4y+BRjfuprbRjuv5F;RXt_vhJ%~VR=wWUrAeE#ZMTB$g?qE*
znr~}kbAA10uU0MT#*WT#XZrqatE01}%98^V_084&5_qc9Q-ivu^BQj3_H;#8$!X3G
zUduc7Itw5Ju&$-+RwBLDtzB8OW0Nc|bmyKH|0f0Wf23UhZz<mYBV}`ZZd=}N8=V}o
za~gjEXK&*fh{FoBcDd3O0C=&&!M=Lp>Ez*&<CR?4o<VWp7(I2qv@=)z_ZX3%9h;s&
z9ogZfaNGD?0ceOn$4K5d&T7i~<+;mCPW#O`JJtvr?`dk*&+d}7d=~o~c`HlS@J-9N
zaBhEeeGwtyE3a#gN?6~$#ho7<5@ecc;l=?@GHNMTw*W~A`^%Oz08fSMm|Abx6GkN)
zq^)iC)rB|M%U>x#3(5G&K2f?!D>GSVs&-RR380y6jRODo=E94COG}GZz74z;-PXK2
zgf|%CyB7brU9Du3C+8UXx?7mZW;;2J^u?xa6U!RG(gxUzHBTF8_!E1b?NjSGJw#PQ
zo<h?#x)eJiWINgBc!CXOtBIJ@!a3aDN6Sn>{j%G~W=R<b_m`ITCbj{b%99lTxSJZ;
zIxpT)($&A4w>tlmkN2nbUaxnz!q!->{@Ri!7{}7ix+ShB`omZ57M1Q42GIRK^4<T*
zPyQ#LY-i)#Sk8LI?VY>Q&=+$Rq87g!Aou*9Rfl}`;FGkixx7OJ`A<)0Hu3uQRuVe-
zN3Cvc{blV&oj61b|N7<X-3oo>HC%&u1b+biEam#P>NUKR0}`p`EkB=S^9AOez2(4a
ze%`sT!^h8fXJI^Rf?w*M^DTOKa!S*1KDkJ@(EU!G39QeeLgz&kxlVUqG-iVpHPY&k
z&6lYT<JRLTzk}yCJ?>aiz^61^d>%nqD4OTy#LB{&_AIaThE`b;;Nh3$B`~!mjf@oe
zJa(5kjpb$kzmc|7vG79=rl}JGK_(MNe4ghGZ9I#q>Q2#$0=<2YVXFO<rf1|g65Q-s
zRBnkD#oPN>O0<i*3cpX8fe~tz25AdUEuH1NPWIYSR#J9BiFF6y4C!~M(wK&&Eor-*
zfigNkO9jrA#(xOqYV#p1K{!`7qO$p=Y!~+6p71CQ6_p<qE3S5Q*6>_6*@#t5%u=$V
z{I5pmfXKXj(g`?3xBt71oQ<`xjXZiY-~HBZiI{n|@QQBWr(jTu92{?M3;3fOGjXwC
zYE*tD)fuOXKy4bXv6a^Z%E94{+;{OGYLU};-j2#BixIOQ?K9o60p?FDx466S$|jAI
zg51qLhAD^7n8hl#=L0jm-VqQ~{fM;yR`!oXu5y^(@6>95Zn&ehY;RDTnGAW1plUr?
zEurNqGo%ZaHk^rYd!oBZ<*xfXgej>JWXT97YfT|}0@KvJ4EKmg(|BF@?rvNx;d@5n
zwcFFxw&mr^`K8;>Vr{Xnt>Wj6hzQT0y7<;dI^T_T?o7A3mPR+<hvU7IlFk=ZLhC;-
zc0(WG$@LqX9QuB}7K+!~3Slenrd9C*3p?6}7gwL<$-91RaMNqu*Ym5_&3|{~;(Kn|
zer&(KFBSCf%lS^Py4<}#k0YLUzWCq1)Vnu#ac-V^@Zc0WAg7a~ckUh!EH*wCc9sGB
zF7NgNe*QLj?D9MJ*01#6Pa>y$whFtgevW=0kEkDCT~huZE>=H1Pm3+zmCjFoTTG9&
zBRBUemcc$9Y%@JuJD<;&kkv2G`rh5u;+KzI+ZXr*ath_wwYxoetns}$eeT+ni*Bc{
zMXUVZ51V(7laYVFyNL6AKfPR>7i`_V!XXD283=Qgy&M*Kc%63K5zB5ni|AhICam;R
z-ybwP-Cs9X4;e%@yuBy<KAs*g*WVQMp9Vp_K3lr0yL}h?wpWQ-m0PdtDKSM(j~2&Q
z7ymx1zsU(jf6!T6Mn#+V=G`STh@7TKbH_8JxcBC45%^;xDD>dD@@gqCd>`jzP+IX&
z=jIY@e|=wVUnYLLaejU^2r<z6S;Oej$CY^=mB^9D5_504KVZ+XxX72oi_wn^kFSEB
zE?v4)fxhNa)h9C$w#M~7hEeLrZ;a~i_;9_w&vRu8?~dKdtb060+55Vl#}!T&t3OwM
zOdZc&p3bo-wfZ|U^0v1H0n{J9*7+~l{*}v;>FdT--l7w_<7D!2TT0$5jGFKIdsyk?
zi_7Q7mB3RchXBDoFfaK==<xB5V=g#*w+vq4CE4=zi7YXU!1t^4=XqK^WARU||Mt|x
znSQMDhTS8Ag59qBX6xkqb#);(Mt9F|PlOl!TW)3s&rc2odOxj1`r$FTnUCGkdZsAQ
z31~pQ%cXctk9nFQ<M90bFsvMHXq?UivYX3<ewSbvn~B9&z1$!ULM7K0T<SY4@+!Lr
zs8X_a;BDey1()b8A|AgL@pQq^kz{iu!fj*!#o2Il{6J^|^AW=+^6n&y5zCrS!4n5N
zF)mcLSHq{1w9OC`o9uw**D&nkNK+zgY($a-1?BTl*&TW-)&c1hGJ6KO4{@Rt=M~Rf
zUxOW3vFiSA1UzWBN8#K)fLiSnlYy6T%&V&_oINiFNUoGgTjExK%T8p80M$-8uq47Z
ze7F(#-#a5FSsk!syD4^J5egH%iSt<ya9`ee-{O<6ga3dJ1U6?y($?pu5B+(AESfVn
zD0gPcog&4tPv=8)-wT73$VC(--AlZ1ejn{?8Z~hEQ8>hX=P;V_h_QW7Er8{w_%QbA
zL=f0PK?Mwm?gBYSnSdC~b`%6)5h%bhw|<LmO$X>F(->2mC74sM?5<lmT7Kg)O`cQ;
zh!F=86G82OsD)(3iU;{r!8Ur%@rk2O7HpuwR|w6mEu05TI1e4fNI_15?!yK?zszrx
zBX&m@voTHT7<fx^8sTl`Y%B5$TWheeuNLeK0ruP|X%nbfP1X+tmYA#UVBJa5l%0YR
zX1pS_)rU-i^q5FHQJI6Wu`RTELOKZJ5O|SmN5?IM>&IN2;Ul5_Pg=nFKiQ;?Pd3B>
zjLM-I-dF9g$lYZ=8!c3n?8C$11?~xc;hIpohS5pk^-OFI`8X*e`9r9RhIr25m3ftk
zASt=+SbZ`>w&6bM%D2?0M)6djvc%sy_(5_rIxa*?e&Z-9lpghNc7h~I(Ss#~(o<JK
zTTWaeM!tVhUD!cJ{a0z!xewKwp<T59Vq7VBUNBE*9WmG@_u^Zje$j?MZc}sg#cg(u
z(?tUs^U8DN;SO3eG#KTRlk<NvwQmi2O?ix*xK2%&N2|^bId2T$FoupQ8JN?(oDl}h
zEKtNUND;x<YKYk`x2&}T@-+yRos*Ff(ywfkr)(sroC>TN^zb6cU$NZQ*}x`V55Q4i
zeoNR_R2EkrzkcXoPxPrS=8vZoLK7st`dX+sjsKQO*0B%{CSGi{Q%+&y7nU~C1bvA_
z4qMfcSMCMYXKD}^PurJAR;+%$tndBSI<3ho?ifW5mm(^zX}xx#LM7!Z6<;8d)R`g-
zcrE33FXewhfQ9*~(o<0D2M41cRafv|Sm3A3($(2sN6+loEY<=(7g@{4om`223XnOF
z_9DJ3>S+iQ3GQ;^Y@IrGjp{t)d43=H(n||)nJ8jI{E~2%rrw{<hqc48#6k|J0NOQe
z!T9D`2zPh=IQHxbf1aB6{(3twFxiS`yS>nxiic8u4YLZm-mCIBe%Y6L@s4(xvDw`k
zM}M1|He3j8)xYy9+%#)NUgwfpjVg5Dlqv&vysj#ytILbINl;u&4lq|nWkDQrIFMNU
zpp4D3DCyRbV=-rLw8>j`Tg8dTN1f?vv;juSDb5g@rdc*HlzbaIkEVME)}S8ysrLkW
zrZAl%rX?g@NC?f)TJV5a&cjvE2ot7f@7bE;p@R4BIG$ECJSqmdbCj@7?)}Dh6FAaF
z16aqJ<qZ=No56ToY!`k7$K&a&t(gQEHXlUG{wB-vkc*CNPGNm>%-*{vo`-`<$^g-5
z10c7ci3%W_FVGHRm*-h2?~yCefjz)S7~udNKDEbj?JKfFpH$FGMnKIadwoWUH+6za
zI}CJiiUjeq-Dg<2i-N`^rcMOPh<dgJHP~>MoJ2)38oLd@$OM|6O%@Odz-2lwo9ASm
zqvjaG`<`AO(D?rb8;(GCFOj?uzK%?3|HuIf(ld#TOGY?(jWygRYs~fV2DX;i_>*Tm
zA8~sYa+x5>LE*<<K9s~i*d6+Q+6%6S)Rpw*W(lG29Xph$5U*2uGnuXBfu;RE=AB(%
z(z)dkx-DQl8LiF!Cw}N4K}C4$O9<I2^L}eAy2qF7bY+eCb~q;dIWgzmXtJ;6gr9j_
z&IcAka)SBsZZqUVMBnU2K^+FV^^a<L5A~d4r~){l6qYmk<UVS6K5RF_l@M&z?G@*z
zbNk1EjdoO<u2XZOb9xSNrh{d$ullCxB2&yjr}6Fx-;;yZ92U9rW|r+&(S`j3Z@&Ga
z)>2O&=>Q=c4LOl@Z;o|3Cj+>V-&nujMxIHaeff3#ZHoQsf)QKH<hr{Up@7^v<Sx@D
z)yHm*ex5g>Ich)<P%<mxJsL$__efHDp0Z__CO!8sW-i)1U*Yk|(!%~(bJ82a4CARm
z7J&LBFo4wAv`L_q4e2M!tVd*I|I$V*|0i@~tA8Xk7810oHX_2g+#aPz3n$L*Jc^1F
zR}OnQZ3XkCjld7{1-kTnLi8Q`2d_Inn=WY&n&<N7+g$c|(TF2F^^NZ*@%Fvm+PU*P
z+%CcF>nB<VYIX=x(#?7|0$n$-T1&y^)QCL(hzR=NWy-Z4GyQo4QRmJfC*dy-;cn&P
z{gxy2@7$Qhtq<kgC|GV(b8h7HnZeS(4(Gf&+=&0xy=%%1mnq->aKw>!$H)tuiQ<8r
zJw@ZqXK^?yKwT*lE#EEGk*%F*=g8c5q1?ePOF#SLoj%i{Id&r~-;TJ7-Ac6S%(KmJ
zWxjdTm@rxCCSJjnYmqFFeL<UjMwWeohl_xib^@0@3e7%q=FcTxFXQZ%J37vm?`#cR
zz9MVBLQA;<ce?EIaUg*DA+Sj0s#f}!r;y+5bkU}K@m0~9>+|NJ%?;h1I(IRXHD1A3
z?{r=VBK(C6;4@PIo+AhgO+9`7w_loSInr7Fbh=AEyFHf;GhGkZd`f44_QXeX>zq04
z@OGijCy4{qQa)w(1~j!-`E=}4K2gRsOjdLuKmG5a?hyEllbg<1IqgonBSHDd!AuO5
ze9T3xRn4Lipt)#6w9DBjOxY-m<zPTQf;x~&K74#8j3s+vI2ShkMnz*RlX2gT&sE;f
zk9bE{Gre$|P|e~cgSa6i;Rbr}1bfI0F_=*#{G!)jFw%Lj{>&r*KiK=0#{bhWDZ3S6
zdG*kYY_|_-X?&V12?j;2!V-liK=45^p<qsiSR#9yr41)dO8sW;^xkAT1xNY6GCPn*
zy4165NK$^?W>nB&399jHi|cheqG|uoPj{w_^_pN$dtSE?^yVCoqS*B~Atcoa(ZV{>
zaSakW%??==Nm7ZQis4%wXCE|TNJGDM@1hC5!qYNZU>%Jd?&JED5-dXury6r-`oPGg
zEq{WzVZ=>(byKh+9<GpP&km!^`>@{!g(moVMph}n;leEw0V2raMb&N_ILW-^Bh!)l
za#nGq<_7r0ts(}9qE}-T&oA3tEU322IJMs6vM%BG9{flnh!iRl#jhsWU3`eaGtiyF
z4YgDjtjUd)(`$fl<fPQyxeal?9{B;V#P;Ipk6g*+klFDylstpeyFrDlI+R6;_Ae5;
zjf2P}bxFr7FWkkUw-($Tg%P!Md(><XYvW|^3sP$zHQJj48r=ZX=qiLAv~WsRFJQjH
z>{U9?`z|V4BPZ6kI0L??gE8HBYl3|bW+t7%qUp_z>1jE5xL&I`TO{RX7Zm^O47mtK
zGM-7tWHvA+zmsvNm=8btClC?n0hDxF-okyy^J`s}&LO_|{+c?gSSMM~E(cqdl@J!C
z{Jmz%ka*g{S^IeUgJ@`(a)qU(+Uz_}VZ--pGE6X<5{`i+M4Vjt^2LpDDY;dKoo;U~
zf?kuWmy-K9TjbKc0O#yyeCWt17Ud!l^Uw@08}x>v7!HB{9K1!Q<DV=t@omU@Chv_F
zym>io=*=jmM!X%C*+{cY?msQt5tvRZubgwN%=`0+z(iXlQDYQo<0!2e3k3I+W|`(0
z@kxAfG(Vb<#p@GW2p%bc=bNrULJH^Jryo1(u$;TY`Fb#3`<|@`v;7}8Z`)Lr*{Wj<
zx;u1y6`iG$FGromFkEycI!t_>*`?)aY*<a*>6*c}4Au?{eZK|tDd6e9{A7A}7j9c0
zKj^;v@?948;2#gbU#q4)7J57i)tvNyTq*Sip!s_nzxyi*hVAw}DEAtMr@G4!Ze|kC
zTvM?_s-qdbtE?7yb<Bq5Weyc8ab`8~7E(R%AMl(>F|XbSl#p(dCifOiZ%&tw{PGNy
zb=9IAF<effJUbdFB8(5C*5GPi$}0qpLu@@}(lxo5n>BIuSI4fwFqol63F4ffZnqUL
zrdEiwI>}=vS3GmqH^kA;W5Nk9W9(Isdwt<eqSV94_1fautH$zt&-qahPA4jYD=_pl
zPhwWP&3a!p)&k@W0TfWkx`uL!)ubI0^*)r_AWBHqWu>S?r8RRM4ehK@Jz;#23tVSe
zMt3XZttq4xO^t%?Qt|#an;!4$NGm><(t;!Kk1%Xz-l|lI2MY`$)oO{jC(YDV_#^Ij
znYNBHT?G{Sr%%wI-AZDZmiRx!?T3>t+ol~iA<q*o+xNBtFD}~_+kEY%vgI@}xj@dh
z(U?1yWE6EEG|gV+zNJ$a`1);A7hi29x@J%ErT@C!M>RV)MXx$Z-h<b!=URUS54DG~
zF}5O!qjz00w>lqNG^6ULS>$fEy>Q06w@n+S?z_A2cBNSCG7r7^g(vWKP2+AEk^eQz
zN3V4!Sv4uu$DO%lQ;&G=FU$me4;18+yL{8h<1?BslA=kSt9(g)%*?mjvu#Vw%y-*}
z*sE{M_uGg}wCdtLABEub8H5nz$vN2XHzw?}o+-xvaAi|<5QiXREyJm5+R^#g{vMQ-
zvSTrhD#`2pA$5kY3!*h48n5f1B$zAAq*%&^QqN#eipcgUo8j0O<dJJLHZp&js<C9&
z;dbrm?=A>zT6d_=Wk!SUTn}q$P`D7XfP&YA^^53U>fQGvY-9<n1!1I|_gUlE576ws
zgkaj#T|@lQ4Z8<%vU#yDnR`w@?3hMlysT4k3R?i_<eXB`al~x)$09i|ajE$7mk)Z6
zTIe$>YmX6^&%vE@p=uzFtk7{}?r2&?pQd<zysYc-h{8NnBQ|(xg1{%HAG-<T49X9D
zH#hUJAY&>{ogs3HyZ>8#*HMoJA#MAS!jI|NFZk=?I|RYEfDSC!Y^JAMgBtKlvV@Ay
zW6a2s46%=2O(li0EY$k^52uNhS!$l2YNS)DgS?Wsv_J7ak@n5uavc*h^tk@?T$A2z
z1m(=DA4VWP!q~fC!=|NRCV{T*Ssr?{#Wd0Yy49QIyKA#_E%-yH<ffwd{IUQC_bE4+
z*XKKwDoj1E-=88AV&-=LAslhLT{V{7H|-HsrdvA|^(Rkv@2;ZE+0Eqov%mYneNhom
zx%_IP!A?h-$lz}?nuv~kJ~Kiy7!i&DNsDHSyXsS<gRA`^nhC=4Gx<Z*Y5aa#HUcFr
zqK2hck>LXb(-B<iL%3AOunA5P)0{%)8AWV!i}ioQSK$|I{a<`_b8vp_?s$c72awa4
z9KT?}XbA`_EOZKr?gNsVVJSzyG$&d%st!JAG0VGuUirrH(+J8bDe6}j4j#5ldGl(%
zwP<f<wud&UB>(z2x=wg-E9qAT8R^??<uL2Xk36Q((9g)`AIAhIf37cia6~%VEgWoy
zh**~oH;<!^Qp}*bb2(b4Vbq)Dak9M~ETTooBxA=@&>+Z(e`dOr_x=Y|Sn8%~q-Rkj
zPR2*#$K!C5vxcbYT*ULv;D!$ermzty6f}~$?)9D4Q+Jcs9)_K%kVZ=r3Kk9kyc$%c
zBZiqQ-_kp6H0_7AwDjE|_bN`%%^II62ad`{oZs}<Rji(~iKGY<tsiYm9gD9NZ--g5
zY<W@#VoQIc^qnxFJ(><uY0)r9`1!|q9i^g1Nu?r1ig3t=M)1euIEvVj3H8ZH>m<c_
z6GIOpD!|Hy;HBa)nVUm(dHKf{4ujC5Ad?JolDH`adUdSoY9{fl5NX1-rjRsv-L=e&
zUMaIh>0;JiEeDLB3(<4o8jKxoeUIY>WS#!56ux_Hg&bv{2C*k{l5UU1b)d}n<V6R8
z`Rc)NjlcD>oKIvM)8<uW{x-HEfE_|h=upYBCy04mK*{`vDEK7f%|60eKQM2%Mt3b!
zIw$iZHlsul)TTuZ8bu~G{6vfA%u0^2cwfaBz0TA3g&}w$Z>G1A)B@RF@)IaXVZ)Wm
z-_lb2*k;6|R_v!B8Isdqr=2>V71vIxVMyJ{q@3C1G-=q3tmFlTEA!-K;@C{AD%CMq
zIEG{$R^_!!<H|-`IaoWzC!7v-(|ZL*>R{roLve6+{x7*K$aiYB^Bw7;eePI_e?bjD
z4TMX1qh{O3vmZ5pxDDf>!t}uD+L!@t*x73W!X$rjwKgk8SEVxOnO|Bxdr>R1?zpg1
zhB<_32|y_<AEaeBuAZa+e8f;n?@$jnUfL?7ns3^9xMOSU_Q=^B)W*u)RL0lbYc|Tn
z*1H($CMIxupc3TGorOMy*y*(%i9Jz-dvRs?NHpYmr61MJu*Ey@W@4!zto#q0T)q4s
zIO+cfCk>FilaB5G7o4EN4xnH%{x_VM{0B~Q`|;}k!HEUv)qmgwkNf|H6YJ{#11A_a
z|KP;Al4F1f_5TYecZdHCC-G6JDn<6JV3skpNoZY-AZ~c0F0yaE6p>V|eZY%(ZgdhZ
zi)sTD#<H~GFH_D%nq>&Kwj2kcIc)q0tg*5lE+#-Etq~+mk)};U@a3%ZUy+(8*eAs%
zr(YBPEB!V-%&iPGrbtpp-2G^0Lf5G}#o12Hj}06$mG{3UY<~x4=pRE!sZeuB&N>7i
zbx@~hla|^~)XooX<M5qA5k7+u^B)-Q1U2&W9>$y^9Uc~D?EI=R;K1RqiP(wGp8c0F
z>H1#yKKKZSjG8yICQw-sp*|)5#aLH%a&}l5%o4{!<sq2F_z-BPnX>`WQ_AlSIA24e
zN=zUW#P8p&TMXWm8e7%?tJ?C>F=JS-I#W|&oy!GYvQ?k(z1d2yZU%K1cSe9Sa(3++
z$|3lR*f)D&{8L6h@R~Df{9`4Ji@eQbbO1u{Gc`SxjZT0BNy7WyuZcL`7%*fYn1=5L
z-O&#x3=TD_isM9GTO5sS2o^cb#)*kw%S&J^&sIPD^L6_Z*eC?4tfUa;4H-^EZGw9m
zmtYa|{Cmh{mTZ-rt<Ka)_*R4guA$#(tLwp&WU?twq71Xyk5E_bKd~Eq96ilEa}Q=|
z45&8ba2OQ4#aEM)!^+3!-+BA=RO*hJE`e8%`y1z%Hg^{<N6mGp4W+{q!eHaHi)^aA
zftA>(uL&ErH%*UnHRnhs<*Epe^LZE*^(e}=6o?S<;1f{v9eW3ERpB%Jkz790{4V5C
zT4mH+XE#T;`Kuf<41QAf)bgB^q?iCBnEIIs==n;PIJ#q53U=hW(C|8hF}Lhn<|sl_
zYTVXy2T7auvZ#;K3GKqJ=V7SPsDWBXrY2}m!u$ytG-o*It=}||3%;t6L+FQm*!MAX
zDZfa$rh<Q4{DVH9Pq`cJFEe9hu+cF8_++Z1EJ@ku-+_V@DUL=XUIida`@v8Se~g*R
z%h&2rY{}fdBMEyf*q_}{8#2tCt$B9c1DN^w`jeqKZ7?piHCKZj5Lo4M5>emH1S1R0
zeJJ0wi=e5GI2~;9cR0h4tvfhSD^|6sg1AoUoo<Ju(zCLNxJy=~%I}E5^vX{d753+h
zQvWUbwY+(Gf$<%OT}$HdvNuu;UEyGmdd-&dcsik|!cBHu7++KK{&hVt<5%*FX=g7w
zVHC_nfEz5Q;~1b+cL*Kf;;n0@*Si_&t8L5OPMU`NVu88R-#0-7He30(8-ZAn*n4t!
zF?+dXI#c<_=R<Z_2*0MSn6h%c;z&umuc!o*rAzznSAos7$N__aJI5_DZ94HzjFe8*
zxNb>3O5dgrz_*=faN(JLU~Cag?iPh!=lkCr&p{4<b)2tyIDg#k@sJJGES|o5gi_Wr
zins@02HH}C-lK=@<7<Yil7n0#g4{lAEFH|;=K=*NEj!at<Gi2&Z>k;W5Ey=r0|79l
zCEJ5<?oUKxK*2zT3jXXURum%!Q3keOxG*Ad(z3Bl0)VS|&Inja3{jb^kdkqgkHTUu
z2R(t;HOdi0u-+3w?{<tFt}}&q-i2N~1}X1)`ZXi}`0?_fo!O`gS#dlFwSa8%oe@;e
z-Q*<L81}ISNbcey)zlA3$>col@0Wy|2+E4b)iq`qS8HlqEGRC>mxl<;{Q46jjQT@g
zI47)V;li@LsQm&F3cv^!HkQ;!gQ5E~-h=v!b$5Tnw&g$9E|nLD2&XePr2~bYa6`@j
z`%pOUam-W0`C!;MK_{;rLh`pV2h7%@yy{@wLAyh$n`mWKh`Y|zR#a>#i}JRjlwUy|
zDoly0ie~nbC<8ko@J-dk4XJLRgN2VmkO?`-P5~#QVyo3viX$=EPBIF9nDEoGQ9&9M
z4ODIskWx?Uj9-UX7@WcwRLIrU(gd9WWvVHiEf!xPYZgmKpiU`-vRyRED)>_@4i+dZ
zSCt=?)w#UbEF%sX5*1mHZ~F3UA6hVz7#kUrYK3|*L;*J%9#r#-E$_)74hB4}W#P||
zQ{#Sm*Hv8Q64e=`YmwBEAN*^e{nI0?iHF!aGH=hdU&7k#=)&4Y5_*0eXjvrtQ$|?#
z45n^cMYg3yR4YhCw$U4!FaSHsarw;zHdD-Bb2O@AnbWQPb4=Z6d^3Q>VZ|-7nI6_W
z^s_vn9Q|@tF&25d=^l*xOS8C63EqW<I_d>YY1QrE55D0ibYUI6548~!Fy2KR=$N%E
z7wHI)A;yG-4)`vF4M`#qnx`?iCPihjeuI!J7Tf@yDgX|s`dC;3B(kNpP$cNN#FttW
zx`9|P32`Hd7)S+tevPzVH6NL1`gy#|-UR~<N;$c3a$>%|J9-iZ33Y%5lsnK(a^ec)
zj{{CD4dSc2@V+T=`<z1|5(sncBMK;#2O1c5HTsom#wZ4`K`V|Y@LEU`IgmC;gC-Cy
z-c~~;VFr>%^ky2ee*jMhzG84EOp|B<KnbM99cD@GG<A_DdOJU1&v-cGX!;L%8lU!`
zp{8Z~6b-iv<jV5aTlh&khA`97e|1gMJv(!u)Ntz|t^QY6({v5Mzq*<-{HLyy^bQ{R
zpqugsgZ4$bSex|!scX|{ysbNP!?k>*Ed%T(e}4>k;BEhy(nM62jmi3_xTv512$8!A
z`gT+l1ix59XEJBL1eQND(F?AZoB=+zHqcbwQwXsm8(Mz2l*(o+a}O|_dKUO)Ha8QL
z!673W&;$GYn9~(Ecfaxy<rn~OEuU!fAn1ttf(OqqSQCnrKeumAI7_JETy_rZD$N#k
zADEIIMx1h?=6(n;l9Cvdz!BrrQfQDP!U)E+kcf9t9XWirf0q6t(AkKE5FZy0Gh{Rd
zm#qzt&CEa`n$C5|1UOee;0y96EWwHBLbf1;Ui!DgstO}f1=a)gx|pelBp-YKvQcMv
z`Rcs#se+*LDQqK#P^b>FLVWrOsf2*uJ0`X0mHjvCul4+}gjc^m%hXnJX76-l+3Ft^
z$$`(sUjccH5A^^QRd5_pBs0~}d#gD`V(lw;Pr1fjQ(dsG;z1=(RK*>zDRiP@jy!`{
zhI<f$@-CoXbS*M2JomRK+w>uJ60_ob-Ol!BZstrbJYkPw^Vh=WWjsQye{)s0)nr^c
zMO%HjrCq$CNxh-Zo^?(ixg2iD;yx+3Lmh8|<me55d)sinj0Gz3qDe^y1C3oQGEZ*i
z?r(vhaZ(PUeSFQ{f>bIGBz#b!bl<t`UD?EX3yyCcEXC|w7v-bcSQm3LdYkdOS;gjR
z8MB8DUCAFeuT^?@-DyG{I{*DPv~UU}PIf;QV-i%aaE?Vb>d;&od4)mKP>zq3#5Hur
zBIQ)Xn;M@>DyXgc612eSvqp;RLM7Ocm<D_gmO>+bWFQA;iJrhb>z4u#5C~$4|L76(
z{#og^w-Ia%lB`{&H!TAn%urYjt~%(B-zV|ci-45U&EO8{nvlRHILUyV7Q@6C4Fe+4
z1VRkoS1GuR7Lx<>zV!`;<7DR&yF{Uz23a{YU8nqn@X%Hli|UDYS%Iip9TawF+G=Nf
z@F&e>mY0j5tz~Qtq-7bXHN6~yAO_0~$i#?Wg7^qkqg_)&D|?^-bM2M{`c>DsAJKFg
z#}`1ZfWUPU%f(N!Bo4Yq?DpwtiQ@Y<iLawe7Ror5;KUskD$Xgxs01ga0!ts-R;u%H
zHgTd@rksL{c;>@T!cL-rOH6UTv|SlUooLe*D*n3hh0!!jt33<fWHPo8%-ejl#$uU3
zRGWp9Vk9pN!pItpAt+{ipgv^eN$$oPj8FAZVF|`P(VGcZ`>^k8@QHBJ{LVSH-sI?h
zrtA@%ky~s9K7~1057UwxrC&*{2-K71ZhryL8c-+qIbKv6P?y14Q+lN~)Y<JXBqQi^
zO2>+;AM;AOs>&S^cdZ4e>EeEMQ}_`{(0-meg<k*?HFQ-}u~TEGXym2(wNSZXF^V{m
zt}7c$Wp9i6Py>#&up4wTJFPv5Z8}Gp30&Nd)=rv3kBe|#0)D&k0cq4dSs48L1T#4;
zI#?FWO^WZl$GM61N!nL4xjAy&<L^4b>K%)2FReA?^FNwctbKacp9mg<EL}^M^IFkR
z5rEX7gl+Jy%`{&wS_bhI|9NuOr(9!vE_Y;){#^y*fR*rKB|x%=WQU#-{C2$$qRuxf
z9u<0nl)1XTFY5FwOLB&SgFRGn!r}_+-`Z&qCqAm01Rp&`xb?v@G50atIl>tbmXJ3<
z-tH42H|UuZ7fx>L4dDnXQJ8ad1HCack_|^0V~4c~x~1_x7$zOKlpVWGBWDoL220sQ
z@E3A~cn}e9q|ny&Nw=|%;YZI!rd)lcP}mVvm}!vlk8gmkcjs~lnI`$slOl1w+QCYf
zt9^pH8+{QvWACq{)P?6SLA|$UU%P7ZBUNENethzymXN@1&ZE?(eSe(_wWuKimMS&|
zZ3U#|jS0b)i6L1Tk(M1qh+EoGvxmFw)PR>}@YbTJmw+Y~J|G9{%lQE9TgYG>PPXQc
zM&?VNn5>XS=LqiiL~9GeYcGJ=O*N@<Izv`xW<h$iT7R350OyeMpLik|Dj@89%C(cr
zbaVrR&(Pw&1>(FOLLU+^xE&YX76^_Io#{Op0uQtlh}EMoJ+aMq2;uDPvn?i9IE(PO
z876ldd<Ak^({&hKff)w^<+Ei!Q7C6%C%e$TM0N`9a>4Hchke<nIRjQ}UnqXq%_=?{
zsOt=70#%<Ypbg0qRYF3;I9fSp8(fkF&K#xO*Saq~^T-MyxY|n-LAi!Gqq8B9+KTQ*
zs$UYuFQ&yx)&oDq@tE7O+}v}$oG~&9adE_JVT=t&7$|wp7FJvUTwctubh)r4=F2lu
zQqWOB&`EI{BggwV7@j6*ccdE9oQ$<4Np!>WlFGHrNJ+>gFbtcv$<oyn1sR@36jpEE
zf_1fn8UM>2!R9L$W*P%Or8(Nt>kr`Rhil4z)9hRg*t8F~^qdVesJG)B?T^rbqoD;A
zh|d((Mwbnr5L|6;U}371ds^1kr#UlU{@Uw^2VhN8WuHJXE*CN&w}lYi?WEkmSUCT7
zioS-+iJ18ff0@39C0th{fu+j;a2HxL=trTvl3ID8^3jk#{>ME7A5=jOjbEENg$XZa
zCIxT*zBJfm-!o=RMUXZjYhu3o%i=Udkg4TtFl-2{m_#R3G|%U-fk>1>bO0_hXL&x*
zJcC>pDR^ToXF?iClZ#@gkJYt^)Mz8kux|(^FQ&{izHwhWgV@8I>k~3Co@q?tNNg4?
zng!Wlk%Q-O1)a&7=#xq%>{b>;u`;d$Fsw060ctb|>aL58oRTDiYzWl>V}Vy<6X=l3
zIJo=Z4LOPCQM2)sD@yJL5LRwJQM0sqj!<lNJJ9R(wXe{0JBa#^@2%4Q`M$vH%`NGl
z@2%8|%>Mb_3h>YOV9L!yq(g_o<G;b4GnAS<*S&&%X;Olc(=58v!jtomb0p;4!YO~e
z;be$CT>~GVc>ob<p3VoDAR$JsYh9<#Y~d-O&RPFKhyp>HUhBY+hA{WmB}+8JoeW#B
zDH`X6nzk@u`4jKfW!{v6<z^v(Q+S!;fMg<WLyvtb%YGC-gY#d3J?&6Hh<?R1zKzbB
z2V+4Uc1C<n?xw-piHK^~j17FuG8Ur13U<M7bHFg&eNdK9?keS7>(Bb<{T#iWzC!z$
zL4VFYcPpHXPsrpbh+i~=Atd<@){5NF2WmpSvo`8c=a6_wZ$gcT<J{->=gzgbz<1`y
zX_fb2d_Fr3ve+%k!EorYY395*f$<)jrO#=5#k+Dy4t~wQ|5uarmw_6?5v6MQG5ix|
zsoC?7=u9KjY%TVU%E0+t%4U!1_RRHgZM)xI_u$*it8KUb6OE4G;G#tAutrVG^N^WH
z!QfWWGd9d+GgwnsaYWT$LuD}quF6&{IRC4TtBi^=>ee73T>}zBD=p2?Eg><0(mex6
zcaC(YDBUrHNOyxUq=YmBQc8CSN)E_{d;fjwe((8l_FikRbJjZRdCz`#ybskJp+F_m
zQmYT`se!xSx`441rv9=+2BZEH=H@J9oOO|5)=w#BlDcFV`TjC6IwO|>g7uvjkGZ5V
zK!(wxE4O*c9+x?du~1VPmzf6&;U!|`@$L6D(Xxy+U=W-YeZ0Z!m&b!?TGUG247D~Q
zKy8RYiuZ%EmO4wzv9U=~HgGr86k0sxoC57^%vd-m9Z@k?!_pPjiU~`LeL0AsXNQ1j
z-=vhh(o&1a*Ku{h{-N#mm0F$Gv5U=}u9ONse|TvIG?T~7XtR0}fs+CA9$3J>F}q8G
zr2r*$z8bHovDHjTzkmv#dqs4DXB`_C&m-@PVvRznoxxgPnEZ9_rim%(QNd#s3b0BU
zMOv6^Q_j*4D-7mbothZB(C_kB>5*&(MgFm@*ur3Yq6%ld(2&|ZjK(5i<||*$NlrbA
zz%gmt?Tm-;!(pfe_suq6Yle6vy}_p3^Jq88;%z<|4eyhTA5+{^m&4ahi%kS!IKTxY
zqlJ@fzxa{_3-bkxr0%Gn4t4RB$zrKOzJEHyoSan64i!jJ=Wi_Ef+Qp5BIVEjNJeVh
zi!h@l<???9Ga)gErDYJr6n;G0CriV@2yay!M?;c_O|~G;mx*gk@0-~Tbk-h@H&4oj
z+;L|L4uOw>+@5X*OZ$EFIFws8t4C{glDu;y@fcD*kgbXHcY^De^5cKvV5zU;XTNnl
zt)t2qWyuV7%g{<o;H@0hplA{g$>&tpllqFs9Gnlw<m^7)5VyUEWN%`0eirVHkEg~q
z7xetcE4X#hsjFL~$AY4IuN7Qzi1BK1>~s&qai09SyV}+rM@5`jqE8u7SaE~dq=;p#
zLIOyPp}>nelMon9;Dlp~&1ySukR9p|m34x5_35sDxWbrysO%bBhHriQ@fu<mFvROi
zsLG%6uQUM#v4}abzyR+y4NPH@Q_Bi{v-&~4O3}!>3q!O5b2cBNBj0&}HYaLbiWuWW
zeFqGJ>BTX!KtIXf58;d*bm!-4ORjE@i`@g3yFWi*`L}V`*U|?pcc=c&e!y}!_am0O
zw?xAwc@W%+?w_b#v(u~Ca9WS7(VRP2R-0cUjzB$GSj|sOf6<&T^g6$3ddNR4UgSVq
zR+KS1uEnb|4DekM{Ixi*6}jm?-avF3JWurc>Z@-I!ql<3C(^yt!Lr$CV0&T78a261
z>bjm4t$5~^rP5cK>#cd0Tc~DxH5F45OTj@#olGG%jP%#n+^4Uac>*IB0C~yxN*{iZ
z1OIZp*_B~wp~Wi-uu3wP-cZLsVfnOv-nL3auSzt~_o@dd`S%L&X@CLmEoaukr7`AI
ztkUN5o`^C(<|N{xNcX7z)vFv^duxJRBJ2Z)54LG#H7WwZF}5EGSWpr3LtL}CeR=EP
z<}EX%3$sbUUBAU`Jouk?^l(^nx$X9~*p%?3bnnG)!Oale(VG)f3<b>-^a#Qc7HabL
z5jq`z7XRV_7sZb?$hwWbFQ=PDlxQ({FF>{}v01SSePeR#pMKO)hnn|!(R)+%yy}e^
z%*^>+oC+uGAPN`jwN;3EZW-ITM~bG4q5<kY{<HHMUPW^Ci3mJYDxUz7T}k6&&Y<c^
z)PGEEV!~<QQM++S8!t~sLw$iwNWb%2yr7m-^IxyB*E>LKX%hW_NTEI`$q{kfIAJL9
z{$vA7q0!5lNY~Sq1H^sHg{sN<>1ugLOjPfRU!SgzendqHe>Zz|)`PQJEx#rLJ~*pt
zqxJF!XI0()_>opEe!}s`Eu@NL-Tyn};KBX-)>25%wNzHH7cUZo6tR@Hla%_7*Ogfs
zUuHsglesRxgys8YZFUiHOpdrtCyb+c@gr;(Yj=HT5Cjr&AL24|X@Jn|T`>*OF(XTn
zXAS3?Dgzgnu}Z!#<BHn8)Ztvn?*`qYg4W60e2-)N_iZXGV{Z=ys>o^H408J!DV{JT
z9dGv-YO-R=V$+d0l~eb7K|PhfU{VkWdnn!O-O2*YN^EYhshsBEI~zAx-bwVWr3|WN
zdjHz~TBAlsMn^}=25=ke7b-<~xR9fGTUOtBxOnfccHXkDzuS7(;JZhd^<Wjm!^Kys
zaC9$Q7f^dV9I$aV-PtMh^}Sm3@R%qk!6L*$nX1vGm!H=R^XNK&?cxuw+3S4GF##}h
zQZU@(8$IHXI@?5--0Yr9%w^ad=%um@991g#Z8x7XB@GIv5lt?L_hR<=?Cb5nd?uF(
z2H^o+mBE8`&~VXHJiibAyoYy%x8-LZ4zkdi?1S`F7o-~hNW`u(=0SgCl$`RBqJ-+v
zUjDuCxa9eso4|#iq!wq(QW*~?+DC^z9FouOpe^mE>?cpVtJTbavvF-Cl>T8$L?I>U
zGl`f7&QEjExI31Puy0Y@!fqPjaeSROJN3Odu$f+kOZ?f(XyT^YrXyjJfGNioz|Y1O
zBV3m!?$$<2c1Nt8i_VS7W=-OLXWH>DL4l|XoAdhKtJ#FJY^^?sy!ZMuYyoC-Ju~6*
z^nc>(((RQW?sVm;4L!Y+Nv9Z^=5^`p$3J*C?R+YGPqBX*Z1oY9WFe}hq=QR42(65}
zq~Rx+dbgf>s8nda+GTERy@i{+*DX01U=i(eg4D~L(JzmXrkcb#H}y6h*<7wOY4`o<
zeio!<I~P-+eeF+^dK_DCB5-GTZDJ>-o_DiCee;iCFZu9a0&CN>(6BM==VF@RDbfxn
z=(-&2$%%bMi$4<tmz9wB^v!w`mo3{Oz&e?*AD75s)3JGIpyHE#e<irtGD^jD|2z|D
z!oPOUKK{{pzc`?Hlrko!jxk^7vXu*9>3cNU)1Fj(a8`e|_v&OFCosB+OH6To>)jSw
zMq8z9hd_^+(9E3rhBHyEf0Z8xVioXqWmQS1nmWf_|4%zV*VmL~&xK@`N;PtehUuE)
zRSLDjwXQJpwe#0nd(Mqp0K#?s47LPE({h!`hQfIC;^HS2AbtZ`wS}Sf_uM=i%g9rp
zB$9Tp>XfbAV}a;OUdO^~@$*SRS>vkMHns>W(8%M3U;%o>WHe!0r(+_*?BTtuXrFpL
zL+HbHGRR4)KM~N@<HNSj!ds~*Zl?}0|L5vkZZPr{t~;WRKYr`qPCvUcv~aE3F2U=r
zp{+2E%UMb@88w=!gM}7#XpPbSBNRNg;^W3v7geP)_Iv~S*VWsnUt^-p*IK?Ivc!>W
zIXgP~jq^+wT8ZA0N@yt!$w21{fkB1Vb%^<`HvEt?hz%=@(fi=D;RY@&r0q^+Vd@to
z$7;B#|5u$MHHxeb%U4UHZ1c`B8lx>e0D>x)*EXh50b|vbZCOVuBrc2@kIxSBzEToV
z1@^A9y3xicO_ikEdCfSH#^Y>TO19;5C+HNJsF}e@lRBdc$PBM-!^Vzt;w(dvkQ~)c
zk-vhEt=LC>E_^8+rwlns*|mk?*CUgu$NX7CX}zM`s=_kWtdOzNYb!~5CoLkjKkA&S
zW@}fTy=#uWxGLd-I%=iK<rWF&R75uXZ67g`Qh37>i->EKhqV$e<FP!aM-_IS?{MiV
zMSZFsYAhl7^IJD5%hq&v({Mt2xLj-cQeLg&+t;EQ{P(eD7n`6WsNHCB%OXp~>WV{l
z&>M{3VXd8VS#mwKNC~>?w|6fmyJ_+!QOo|mFw5n^qctZ<8xmDF=!_u94f;)?J633s
zU?D?bXkLiWx!7JfgbP9k1pu`*Kvoji(5X0b$_<n4E@Tl3&6Z2_P?3(*CCtsygOz6v
zDvR>J9@VPFk6#M*J<{2l@NfqQm;8o}G#n6Amzo$}evwbA5dHc-7nwiz0#~!FMcy<8
z<$8oPx*lFU0B+ZvMvJrAA=Ri93Xm0eJ_vH2(;f2)>7mV#se<OD^Wg*KOo3x*eYX2{
z4)4&5Ikr}g2$*nQyynE$=N^PQ4jdP%>weX_iJgl1Am8&UXJKMi07frZd$jWXGf~jQ
zdW_QrVMVvt;Oh7q&GYMRvEIYo`ZMm)_t=$3NrXi<NAh=F1O($`1Ts42GMWN{7wn%;
z`m*M8NxP${fSgdtCdr-fd(@}--xF5t`GpPi5i+u7G6#g9a9j_qqVeh|8OG1&cTvui
z=V7(uA$xIjc%!NhO?S0-e>gU*Owvm#gKjzEyrjbNKh#(E{vCwi?5S{+<VajyMC2Y2
zzgF)-QR}J8T&2Y`K-5%fh98QnjT!&|f;d_%;2IsS`7!b?S{Wg7-k7|XlvJEPaH}M}
z(}1t@5+%v<aut~L?)BarPk?M*67lPtR~-V5$*qZ~XH3H*J$q2e#4NB_h9D~}ja7_N
z>8ZScZ1So{Y3W*lgv-D+4J%CY8EeH-K=LP&AZv9v>$cr2s_yTiVadG4b|cOCcuc15
zj_`H-Wp_*wj}f2hi`;Jekk6}Su#84k;^eLO8Li$E6T>|(ie*0i>amK<Rg4_y^Wlp*
z$9OHFQxLOOTicD!hD{A{)|?V2c30I&W$$9{HKou1tOlaJ2~zyWz2qKQ6w@biJUml;
zjwS_`)Wn@n@8kcl+G*Io^kTn=)LYoi5AY-AXx391@X(khd``*RyHY)eYr%BaM7kTc
z4tG~_WDS$+uESlB%}#vYd63mxo>|TEuR!mVo79X8^WgI*l|9S1HyM)J3;-W@Bc9CT
ze%5-j(uVVwsrx%>`We#{C7ux+rcl*Kahqu=F1?!XGne`vo_2e0%6}KXCyC^#$d<P<
zwNsHQC3MI^kHN&n1aLl>66Rg1>(u$Yx>nOqw9GVrRqA5AulyB(T7tGC6%5PqhRvOT
zhHq<pb}3Aw1W4S7T1ra&DIgmqR#$dzLy}wZ74$TmuQehbotX(x9r|iywvA(GrOX$<
z^~n&={Lo+Vbsk8g*bNitWOO;kd|PAGM3lE7i>hCl%;<><jy>f!m=WQG30jr8S^<nB
z2z>+4SZ!f;+4L=I*5rwP&8znUVPC#r>yvY{;KB+u3QpoGlCtKEGyO~gMiR4^SZ4Lx
zHFWmKC|(ZL?v~GT@^NY=hx32X{Dz_P*#nxBT%cYcUoI~7A{Tf2i-wu5m}aed=*?Rx
zh5b`q&IF-6Us28!AH@!gvDaNLoUn<_w@0|T)uKJ18P#-pIW;hJ{h!9O2X30fxr?=2
zZdDP~^jMc?1MkYA+M^gqB!Z&;5<fjEZ53zkyFhtX@3In>e)nPIXGHQH#wp?Zmp?D)
zi*vUeWoCRX_Z=7xe(8MYX!P3Yx==A^4>(dYM@`Su4?Gbe4rBCj=dwhT%%wuB>WD#~
zG_ofMp1b8oE7Zk*`NoG91L0wm&xVQU{CKNEe-f)>?LYUBr@W=fOqueseqXJg(<QeM
z{Ud6P)9oOwJwNc<H|!LY+u6SIpwlRA*Av^btxws<=DXh+Gf1tH(GTUg-7aNn3HsVY
z{Obb*Y7uYEXaEQR>?D35UB+3%%rr|z!|d)P=w9ZpoTqXr+6`$@A{ZN$-j=T63|P;l
zlUl0>n+x3|?QiuRT9yL-m{)xrBUT_Grmed%=&tN^&u2W{{RY0}R9K5ZNDsndZ(c+S
z`9~aBHt*5lNwNM&wOh$>S9vfb3u3xv^G82Ba93BnF=dh&Nl=DSfUO54@>1<r*#20M
zD^p)i2r;&dj&PaNhdwc1b`3xMMt^1%%MN?vRsvz~q29`}urrx0$7ORYEDCF&$7etL
zi=9@D2n`S6NMA+XU$xt~TV!IM^FzkdIL6dMi8TovoiX=!0tfh4?+N#VUUGbfz*}7D
z<Nkbk$cMZ-kg-qGFms}rbA3I=q|PJP!yqy+8ZUk`gp;rvAhcggNY#FMz1o+z<V|<3
zKIZCKh$^i8e1QyF7P4i2#blZ17}!P3z~j*n)uo*H)>&fsup=COsb^2*<0-@N6*4mf
zoV+W)#YZE$To=QPCJ?x#0@c27hO023cY#VQ5F}1kMv<T#PVKiJuzk35slxe55*>Q~
zVsHB}Q8B4dJ1W@MJFq>_$S^zJ*Y%LlDq5%Be2?r%=%yQCXLD5I<<{g~OH=f0pb!*~
zz_pN)RH~CM*=F@HJrs^;$`N-q4U?`3&MEh=O6-ck$%b~wP-|jY<D`GbC}92u2Y~*D
zKor55*5KD9;*3;nKrhTG-1Vd0+MbvFW!_ssy$$}csOa)tQwITx`1ZyNq6p@;ApXLI
z@FK6v?p`HA!xAOo6jsPIQFc*}H!eDyqb*PQOy3HxK^W#=h)W-fJ2S7o(48p8gU}|=
zb<_=rxe~RxJ-|3oJ;E?4<9H`7M=hc#8tVT`NXJ%0YpVEMMWN&LS=s1Fg=MG{ARemN
z6EM2QzoA@7cCU1u^><!sWqLj9Qhy5)0AAqw;+T-s(n*gy6}lktvl9erV?iZ;jEY{!
zVkQIrn%!a@fcASYsr;;IHBPm3u;o}HN6_<f?P6DxUGQ>A<PIOb!-~go48H3&-;&6E
zk>{V3P_s!>2YD+Voq{jPNkCJkJY|r;4y1jX9sM*+Ko(B$+XgzR%)*DYse<K`B$u0M
z91V+xVt>$_YamHGWQbT{<NLV*NMy^Q>#OpbAkTnLZjG!oAdOgzf7<szn%EI(Hm&H$
z7oNXNmP&*47*Jl>*9&njdI9?b7$#!fRSJQ|ale;hcUqd<16#<hSB%1cRlx#V^u}Ez
z5`SGV-!^YtJJsa;(qQh+RlGXt|Fe{tZ0@sz2b{M<_f}Q~y=#BVFd=9<AW|W1>e_BZ
z(@~}1jsIQmbZoG8$q3Y89CP?AqjEhv9_r(OJZuImaP#R8hyeSX{g8*=WDlC|qjo&<
zrTj?2yM+?!Baydqq}$MuJajzHe0bd7(9vM;?E_d?F%4f?fqDDvScyy_tkyn|dSIfN
zqwhr!*>PN^@$6+@ZeZ982C}-W5WO?8Z}nTQ28lOW@3N9OZn#tYJrRFy^BybccmB;<
zD@ND=)uwC<qvwU=Z`%pe)U3Yf@1dnJpb054qh9><B31RoMAT?Hvi>`fpk+#5dV~RI
zS|1xx`dVW*>SE>osg@f06LO6I&f)q%(DJ`eameHJUl?8gbCLg~c=^92(9nuQSV{gL
W!WS(yEbK><Cl4e1VeZv^)cyyJhD1{U

literal 13726
zcmZ|0V{j%+)Sw+>!ihbxZQHhO+cqY4GO=yjp4hpgJGRYlo_)VRyIb4+<8*hOI$h1W
zy80YN8E^<R5D*X;5LobP-IE=_F5C|gkP<Qw5X^tACeCI?u4ZahqGsk+_ExS|4)*lc
zE)MpW+Mo8gV?V!l6qwrCk>iQt8;y%96e$d?c-W|Uf@?@AMM<=_5#w<$FLm9YMVTss
zct!K_<I^ap%&$W{(9C#h4<RhS6J0%;n(lA2;&YZ2JU|KsI$gs$BIAg(y$ss-CyKq3
z4+bOQU0C^l3Z!8qr`)||W#N%~Bo{du-6{jUnVTqi{T~mA=u?&S6Qy#~Hmd6G4}2t!
zkme)Xv|&luw71VHr0KY{-%N2dJ+M@p(=Bs|hnjn8D(k}Pi6!D!#KvwG@j(J9$(mHP
z-r<p{o@3vXG_moAlr1BQj)sIeQ|;5kJy7(l)qv-6--UPZ*>b=B>NIIK$TJ^m92UA-
zsxaru4T-~Ys|t)U%z2tADmVjqHzr`s4#+Kpt<rzQMs@u?`dOX&Pz8N|qVODD<pn{b
zx<1)9n>RhZ2_G>#zJKcoQ-%{JQr|8Lm)l>5oL0<MlR9A-B-02p$;r@s#PP9}NUxP{
zVyNHu@!{Y}aIyLhb3EIyH?7l=9wNRhJ)PxtkI|rXBQ{-KbRZ!S@eALNJB#n@<YYG4
zJGx#ZX)5Co6ywA;41)+0SCcT?081NJaVAwyXgEyLnZxOEG<KI>QDc}1&9X<4ynJRw
z2@$72Tv3-p-+#*-R>rMWnA0J3?FUfjxIt*I<~7Z<K#ZAn1=Nh$bz5la2e0+tc>sbg
zHK>8SOdmH6kE~2IN@<yb?pgq+FJ*UNO3c7gvRl4viG0_7J_hzUA#JD#tf`?$$>oK*
zrP1C#(9wRB5zl_7?`BZahz#DmY3$!z{2L`hMp!*n4a|oaRVuVxX2^gCs+?A-EW1<}
z>&^(Q?_t6-KBB@rH?#22Zi85i5Z1aq3m%xxOuh#!FH;3Q*`zv|&H(W``rVRo?c_%+
zvp+o4=bsBmTDF=ULS|ohfWl*EFTrCi?KjE(Jcc^gg%u<3@*q~qz&Ti22?JfLH9QTp
zzZt1^53J&_tC^%qD-dfNJQ-VR=>)GzgA0$qMH@~U^3kZ~qcR+>Si9hMf2q(EQJ4q0
z#9(=xtA(@mMWiD8?j-pBn*2uCj9fFDyT2AISmZi&f_tEpN`?HiNN-#>Q%Zz~Xq!1V
zs|cbp1z~XMgZh;^k!u1zVsW<|_31BGZjqsAd&-YcA-EBY3n#GniSX1|mJJ8OW|AA~
zo<QJ@*5wnyj;TGrl%e<txnsGR*Bv8gv%hnO_5)*iKo>d%9y8UbiwgrRRsHYcjblU6
zxccT4=-lIgvDgq{)0Zk*_aIzMkHRiDb{^O`aa#(KhtVpu+;r|2#H;(@dsMU)!I?~H
z+VTe<L03AJaOth$DXcHp)sAM^_s3{}E)7+z$a)P;2@U3!az{-8NTQfTiQMhdLP?UE
zAOAJ7VB150mLYoHl@-8RcEgTGXS-Scgksd`&=oa2lt%Qoy)vthLa6w8h?0Z(%6>gz
zrzgTCtQj>zXts;)Qi0F<*Jq^(wOqxTMJZlS!eDgH^Ck%u6_YDrfJ)M$<d89hO(;Ac
zW#33~DZFSb0dx&QXRzBauvMC?Wp2$?)F;f|_a&^PaV=HX5pa7V%_Z*P3csC(Pw&y$
zXOj!CuL2b=JKsY#F=Kh4Sai^S<ym-<`$^fVZ+V*~YsXKw6cf`{>=PaNkZBAoVxec3
zDe2G(9Wl2dh4v@oB|KMFBMUulIYV}Zj=)igZ=B*LBN2(1`a9c{0C6c;H1T0Q$FfBz
zui4}2iq&`FyvrIpb3HKpyImu;*VA=n$WRrg?+2j7R2c}p1%o#nl~fdhc(%i?$d4I@
zv+DO0QZ!UFbPFuoAL@d>ojU21kl=W?|8%#{Qp!!1BG9HLSlDolYSGL$KkI>^Y?gEq
z(^i*=z#O0=<aP{*JuWE`b}lrasS#?bn>ay)=caV*Lxh^qDTwj#5rH^d6;2=jRdlb5
z7V;xFgc=J9+OPlD@B~?Me12&(aKJ+MyS>g0T!ErlTqi&#B}QVd8vxhANiZPj^%p!(
zSTiC7hX-0<n#O0gXy40~5sVzJO5Bk#Ui_X?vhn-8DunYYs3W|ok+O~~B(9~^s!T-L
z=-e!aEPHGZK`NN#sFiCQE<XnaP@-i?bSwKxIC>5vQm6mgqSNV)^5|c1700Lly7j}^
zgfSbK`dwA}VC(@IwzeInJ`%%Wxw~~RctklQg%D(R=Blt+zwP=%a`%_2Ftuzs9fy({
zo|@mn+Tv6zFs0x1bbi|v4_|08!{wL~G*<KGl`_=Y;B2JSWqewiEKKTk97?UJo)7i5
zf&DbC+iqiH0I0+5RGr$<?o%ayfdABeE&QszqYgKI1XEhM=ijCWD=S^q363vSA#<mG
zHCGaD;<tD%XT5D=&TEf#edG5?Am{t=9-q7|^iaxp`tuV>d}98)=-{&GVCKpQ=%%Lz
zSh=ooS@bi|>)@<_^+u2~y0s}twT&ZIVo@-XWE!l!-%~sA4Okap&M6wH!nHZq2m0%&
z*_plddktPrqXJ-T4#0H68}#)p2VAB(MqOBFtwK7+CbpD^?WeJXPd!kpuE}uxPA8}f
z#!&bqN(>qjw>ar?%0BKLW|DY6)hD3KOnc_`)u$YW7~cU`sY5<BuCenwy&;|hu+g0o
zg}uNHZx{Gk$7ygAWUI*{5d}=kK-&N)jRLu=yDlP#x~fKl9KV7WdroigG;bp=$a{9`
zx-gq1dwHivECygSR78T75ieRAGtHf@<H<6f*RXGtI$ag8pj<pI96O9ASI_eT%=G#7
zkO%DOgdN01TDt@{H;@p%v?&?OImx<Wn}hes-L(w~skh1MsAX||qWGkID#J2GuJhSI
znJ#_ce6rY-E*`bC2^I5=r;HV+jw4V5(!{VJ?A|a;wFG<sr=6gaAB~g01HmyArn7(g
z(lkcFe=3FuXBi6;8z(oE2_7dEKa>k0Mcgw!ysnf~zY+~JmaIn0K^|n;%?6waO73LZ
zZYD(YC{{x(12HVd=r)NSc?kvHkJEOu3&EDRQ<(r>3WA7X-W#1Bmo73`BK8`W=GmX7
zdP&|xe{FYITf-ih;!&PXh-ctzWD=*u7#!p{yQm$)V2WD)epp#o%f&)V32!_B^`SW_
zy?Ix)fS8VxWen6QH!`2^KngE-Zwo3Y8w_jI-O&ucDX(Q|m+V5<>Sbh2TDiuQdk(;5
z<x@`|KY<xjve)9Ajq#5CUA4PNUcmN^B$~>05PBVg9qJn~xyD>yxIli>{Pqi0hRmba
zaAH+MIC??DqX_JyRIy?%!5XcUHh;I-93j$?@$`kTq`N+aCgK~vwKmV(=U$iEPw6Rq
z9}pevbgWOyZ9skgv5RkUFesU8+jpMr8!C_@++{9?<;nqQ+q;|V;!s2qxfPGN672Q?
zV&-rlh0u>YtprOwU8wE!*0ULGdAS`6DE@E!s3S7nl}Zf)B2Wej^79`*+8J5dtD4z4
z+Ww=+{~<@eS7!ic>+`qQkCZD}FDtvW8e0zeRAN9wC*7DGP0n-$tE@1J?e7ERd^4}o
zsw)v+g&V#Nza$-KT~TESOu954^HS@Lq<TC&JP>Gs?8BW|Wa`flDiP+vlGSq7gH6*q
z8@A)DGnjKvL2=PzHD3pv;z}%%XAX6nB@cbIGoREqc{#FDbJ={|_!wCP7v&!F@GpZB
z=H@yqZVK-25X~4IZr3K2nxXIPJc&>fbeEIwe?177huZP8(o&Y=hF2yg4vy_1DG4=m
z2G3xjbuhAKsfb8yUgA6=z&$c9X9TkavjZ-RY8F^RzfgKI*9J)jqee<Ut-^x~V83xg
zrG1T2EOVWr&%oPE^3%>JM1S2Fow9A*_Nhtz0^odu+q9NHP80vFrwi+Dg9mJGR(k9C
zA~mDow*gR8XstUBQsfchY{i$DI~%zcV3neNw+G4o#Tr~GAACjF3w3%pjsl1s8e6XY
z(dJ_FJjAcSGm%k)Pc08n|M@10yo^nu8K(a87s|u&TD^Tn6uR<l<OgbOgeo@iWP&uU
zw~XpiTTCLQ|AMeT<SzBcyUd5i4Q9cDt&i3V&Y__^zn==c-hi*mel~n4Bi8s&>0#d2
zo6^t%X-FopV30vD@Ov1s7)#NhKK4l!q4muh|DCmsw_N6vUCl$2Bx#Mb2LHP^VQvDh
zJ%3|(MVYaUP?fNP+XPJrw+dtIzb7uPLay>|g#)3?gLW+b@I;w>BP7hT-P4l%a~T?E
zJ?wKJI8NbQ$N3q4=(gP7o~(ag$XVDXIYR90?A0o?#c|n)P+!9_ZK0Lep65QMFEDh_
z46I1&(?4$xwsQKFT`6cKCLvo7x2$_Q_t9_sugjTmot7P1w)p>8EmYi1m)X0RyiJAA
z)|~#~@+bq;98dd8Y;9tB$yWF?Mv-9<t#ES}g%DY=1(4OpGXJ30>^tqhNHNsk2(LvA
z!&UF{BgcJ>cN98)I4l3+fG$>W`%!!miiKw=Rt|YB8;YICws&ceB$UEIU8%fI3E=)r
zm&424g1_N_p1{=sO(R_`3ZF3#$9kbVxBPTh=a!zAv2>Mpn%-JKa$9DlRE3#uRDz?I
zP=~wz7}yEy*S7SDPRm^v5<_2Pwy%(;RliU7T*d@?;uIl_O}acuIfRnm{v{@{jz2<M
z9S!+yLsHg0Db8KCRO??~m@cafc;PC>=(3*ds7XZ9SQQ2G47hN;G<6AGzi5P?a=nvi
z&h!|z!@a-Wr)&6h`Lz^2;4;wE<zDYjPLW?}=(8Dg+paA8H*I?|*-@^=wXr}T<)7{{
zL>lX)DEN{$vl=^<AHyPL3*%~a<`D${{L!68FI(6zYYJeqffcn+Q7OUHQ97OGj7&H}
z<sh+0E7*{B9Xosp55<sF<e}s^7hDwg0@uOaLpn%s2PPb~64lUGzEv{L?KLOaNy<my
z3a@3~hNVnst=kok+mke1aFb0$k8abHD6J3FElKyRYtZ<}9aa{0+x8L{?{s@dMajD3
zMo-zNU9n8ro5(e0*&(l+wKe#!PqP+pHg;tZcXef&X{7l2t2wZzq+6F%B&DMV*PW&2
zXiOic9@jbUFGpj}W_h*|C2wt!U36i0&eC>uoo{%sAP{$5T=56{aZDvRPhIK%zPK_=
z(^G2fTRq{>U(VA=Nk8x^X{cJEF}*HPt`Klol4`1D&*E{*yttyH@6!6ujE_yymTky5
zeV5O9`j)K7Bwg1u+Pa<je^$Pok0GrdoDRKyt<w0F%vZB|<n>ij7Jr{rzTS;Q<8P)<
z*t@_sW)-~uZ3O71Uzp>Fy06>ugRM_97o)8|cKwcXhyya&T>-rmc;&&P%#=3kt~!H3
zxk+5-RKA7sA8`Co!E=Qox}t817}RMUb=<WM>k<QZvsgj6*w141j$f;dwGYygZktI#
zwq-P7h0G6xNjX{%+{*f`uwD^)pHg~9P%iqQ!&<>pGekAkp||oNZy!0F$D$CoWaoj?
zFR|2K)+h-;X6cP9-psK{1cFF+(<BZ*w6`mysb=_O&1|T8uiKtJ4+)|>UF55jfPSG#
zSp)@h&~LanH*_6qm{%m_Tij(xeCUDNkVEl|v)ua7(S|pReaf1kl6$&nTPQ8o`>S`2
zleRe)>6fx~zQK3QgAr!T%gu6s&;DB;`6A^2^tSyMHjK3w;bD0xlct=%9cnL+4!R9?
zfEZj7Z={PqbYxmVLLJVQpOS#^?Xr+H<9^i1mTDTBwLZTRC3e!4l%<#8KTM4I@QgQX
z_(0H#2EYJ=2gzk$9V5x?^Q6UCS!`XhhmS_ymF;1#{Ozrm9v7p%g8Q<b+rs9h{GYZ-
z$&O3?w$ZJpDj&DvxtZGp1N@BV$@il3x*l$|xPax9(O;-;4~g#EHXIh1eeQj}E39HZ
zUaJMyPc!t~`-pz4uHS%{x7SslkJD5?_xTQ<4*uet{ko&oS?hOekDE%DEgV-sO^$sX
z3+E-iJol;(L+aN3(eitIU-n7a;}uh1nE&nZ{SkC0$Lrk7(AV9m#?zy5g#W9nwcpm~
zqx$Dk_ba2d^_l(W;l!0yj&JAUOzrik0e>ED&U0Vi+2#^%8KzI{%mDDfwXyB}u(!*_
zc`M8xcWXlbzIb(=r{jy6v*&8#7ya2@SNwCtzP(S~I+rDae4W5XSu@)e9^S^Ujhcyw
zR!g`q471dCLBHd!o|%F4_vCZX%WeU)fBkId>3w+D5j3And~VAeek$R&?SSscZ?#@`
z^#pBwF7*iXtaW+3p*6Sr3F&a?`aX9|b*+NGr*OOGK7jRo&iC+i5Wsh?M##mlEN)-B
zYg|JCU>DXe=F<DJ@%wNquc1Tgpxrjk{nme)oZ`zj-biI~vWA~H2DtQsdqX{)78C47
zubgkUU8p#0;}i7nRD7K22W;|nT)}rfNBB^zN~~_Z$Gdxgx$Hk&-;5S%Jh)vi;EQBQ
z)UlLZd0f48dm;K!oasMmhuB|3ZRpE<H@U2=bLCvf-A#Cut(W-l5Zdr7#CKtzVndv+
zcb(y1`Lzdr?U(^2t{)5?p&$M&+}r5@W<tnqy3|&(9~VMimog6b!`9>Sdy&uDV#?Oe
zSQGDCkH7TuSx(5+R>afxmb2-*IkIl_wl3rtUT)uvovFdyXy4-HXD7MVZ(vr_^*2hu
zC<Luy=US&yYy+p?EWDfvs7c4AofuwNtIGk2ZB>ec1IaWNWAm$p919e9C6aZ4ascrj
zKZre1rHhGmpD{}%(p*H^bOb`NWy%R26^0Vfqq>25WBZHp?;NGbmlIyY4i5<i_#wC*
zfmWz3QFYbge!7Y=QCvkS>P#g7a57$>@P0-kO>ma2St?e5*@m?z^7rRT2GPZ7f;{I5
zet8|X3DaC-ed5rc@YXhP*Y=v<r~y8JrlP9Rdmlq1mzOR%TAU(o@9({41SKEQb}>jo
z;w8io6NHz=GH_A*FrbNUSsb$v)bM<q??OOxNYi7HA8{SR8<ZlSloerXuSpKt*ResQ
z@K#{yVphg|{pe!jF*bgN^MKlMHYG$g&S#?kIqnLK{_?lpH{2&QlMm}4Mh``~goJ58
z=rubq{#g`SEu&l~FmoIhB*#q%iiww*jk)bZ^kUkun;WURB10^fTJu{PGg{_TAQBrx
zLIV}e7z-?TSEK*;oO};GP{FIfsC9#4oRzgwRx!^SA{IXNslp{*)7LOAQC|j&H~-VG
z`S!GXk!KUROBP87eDLS~+MccKE3%!TSe2b1-y$=}0|HAiJOXyw3liHyBVbT^%~^W1
z+-*f@vz>?=_2D=E`c?w=#kk<&9oG`SfUOtpM$CSql*4#&YtV4Gz<m>_`!0IK<i@Bv
zHw$WJhSy~W^v|9W--T963XGB0^n8y*{!!Y{+Iq2xp|%X`m*3VYL)pWqipF>@S&(*1
zB#@LmE=+-|kvi;NX-Zep<PG8}pryzGb%+Dx7WCYNhk4l{GYH#NIoJsa(oPu<;Lt4R
zi9A;q37R#2!4u+!y!@n~B+t&=LH0J=L7!AIdZk$APYW2Y>2h?1xn{e)I%e=gP8J&5
zjh47oT9Xx`B>vG0!A?oE-(NoF9pHXbjUz|S15sRK6({?gSH{@{k#{u=jp^P#h=bmi
zsA3r;ND#|0pvzU8HadZMn)pgRqcF#+zv}<2ttYG<3a+%a>FmMqgVJ>c3u3jkB_bzK
za~F30CJ(<n?}+2-rYY@9gcTttNbuxio#f(LP2$Adm@}Nv#rA+5#JM&j`S*CGDGUR$
zc@#(a2{PcQkI&6*(t%m4@dtc;bWCcoiMTn4;;{#%H0ExcDwC^w3nQ!(ClDOP2Y$x!
zw&8nS;T@QM$+b{p4nSgERoBJ6skpocQ>yzrS#X%{RZ67dZ9=a$G#FL9n)j1A(KRu$
zrCwo&1c`62XXC!zk&i6D$ai-*y~~&+NNY781${4PXD5B!`3aRIhW`X*{0vB2(SC6;
zMbvnFJIrj0a6LNd`tqHjr@A)gsq)6W*Bf;1Q_NiZ!;fC~$*23&+ctjicV=2TciciB
z(F|$Ze*h4spS2~PJ(0*q6YjfhS_<iO38kT<%QqG#qP(~tXrY4Igftv8{5<~Ufx@Qb
za49Rt0$@dmE^FCh7bnq);BmO92Z5PUlr4Ibn=>>Le4Xn>q4tKOMbG}O^8|5^Wj04m
zvm=Znf}2NQ_lBC!#Z}M@7o>0P)&1@a4d+|Gb1!GSO9X$>oL@i43xK}7w~ZLQm-eHW
zG9q+}0dwg_-w=2i7n&X928Yi&6fiZtGQUm2*q5aOe6)+*oCH$haBfh5VAR@)l7Y^r
z@5%lyST7pZu><Qqhzb+z1yzy-GwkNlV4}dAoHUHP3l4>0=pH`TSn}|LOfj73;1mhw
zp1+NxrYQtn8P|U8#~1bLiD9JW&VTz8HD}Vi7g5qbw`8W6fFJ(X^NdCQ@c==d1*$j9
z{VUl3gPf?IV+>7-x12AHSz|U+crH47-f43H@0Zo6CcEwFIb=4z6u>)Ngv7s)Y?dg|
zD#bl3(WKG7-9z#Fi6ID6Ho*DlQaR86{ugPjuk`_y+m2U77=ww-FYi8cno|M}eWPa+
zTd&*6@TWvhJX5k^z%R6dZ~_6G;{u0YTs}6onMlTCBJbntZ^l#oO-K9-6P&$}2%Kh?
z)-M_p?*+3g&kE^qNg5lCG6vX|lp-37@}xGkrfZwcuVD%26?~TRw>f$dJLy%JWdP-2
zs|lXR7;Wbtri1vn7itw#oi$b+Ehamoe7DYj7O}|G?Bv?~VJGW+^JYt%k6IXRB5yRN
zwP7U}(^;&d?v)9jBH)J<7Njsvc%%gMPuulmq95Tm*Zo$PUaf)&y7!DIPWrHYa&_XH
zU<8E%rOu!|!Ejfr-jd>TRmR|(I9>04al=->N5%bnAcs}WYCrL`59tP4ZFE8*LExR)
z?0<%pfV{6Z-{UhP_B64%eM7gj$F}5#z57*GM@7QDOH=svu;Ojcv#B_;XERpP+R+o-
z@cLq`ishdsoxWgyWBBD|(GlN<=D2x$6R5nh?o1h3`OgL%bbVD#Zq|MmU>0kAfAb;@
zvfP3m*k9^2R8QTio;O?yXCEXA7A@8jxb&QlgmpZEWAYME99+zd(YSHv^3V$vCOakh
z1Qe<`$y@BHQtS<SwL22fXGg#t1OHc1zxCb`$oj!3KQu8j$TFwpf4uve9enHpg{bE`
zxIpUmrZ+jX)S2yb2rlowmxKL)lH;y%TAdYsL4T0)?wRA{g6Lyk2Iy;Ps_~^Wb*{`Y
zvKFV%_G*ioX;h|ICp}(s^sFbfSfiD%cM|`ea`M*u({#=&U%Q^I<HFfe%H34T)lkY=
zM-IRYNS_I)R5`1bwD1uA<l)IH<;fY1(4N}$NFQmT=~Fq)o+;My#cAS>H)rPbC2Tcw
zftm(F{E1eQlFy4zlZlegcHwp~ciZ@TQQg7$?96FmZfwqfJoO=;&P3v$_HaO=L7tRN
z`Rxs(>R&RGxSm6teg;n^wvd;0zfZjfR>s9cf1rYKy~!D`V&ZQx3PCZt8*N>^Xx!Ok
zTp#6mJd9R0jAk($mV+DuLC%RknS)@FvM`bZmwu(1F_o!!*O}W+A<%<-O<xy1cNI_5
z?DH2zQ&`etqR|ViVQYx+Z+~fJ`d<#H=4jIQ&(h>upRCF(C!Qn+LzumTQbZ{TSQ*vT
zD7G-cMn%G(CnX6*f6w3(S!b0ynIrh)DQrqrDPz5f=l3Os_|+PUgZ7G2Ox>HGY&jD4
zzC%BDj2WA>pzmiaP2p(FE%u|>&DU{+SQW{CxJhxDMB0i?@WKk?U>{Lv`W`0j7r|h|
z+)wc%t6d@Rv6!Ja8abVT<)I`QhejkY**xG$<fr_Jm>p_(G4mlOatj<M2AeNTcVwSc
zrDfSx6y{B7o|2J`CEismSO4iq$((Rfk>ff#-ZtFM$5dTx-tH`4LxSf9a}gAYuC?5|
zox{X3Z(p+QnebPXCT7e<9?Kzf2`KS3tzMfOA!HGy4%5oU6>F}XvVqp}s1vE-FM_MH
z{KB1tK&)0Yy`fNCS<FMx8alSd^>JecNM-d);bDjq)8SQ`K~>&#<Qq}#>}wr*GqrU)
z*04gormJ>Q@Xf{%0K@ROP4zZhM?r&jh#n%3<rmCqb_X~T<k}1plZzyeK~zN{NnCm9
z-olKPR&<1mwRBB-^410dHAY%l3u(fo_Y6=MVSk33T43upLiLaS(w!M=|6+;4#F9oP
z=WDE&8aiKC)Ke)N?uj3$B}n<x&xUX_7^__kTc(<u51<E%h>YLA59#|d8J#{vomDbj
zo#_1lIH>3&S0}`UlKo=k&XgrjwQnn|?AhO6Et<C(?VViVX%$Tg#yH04X~dUQ-OMaT
z%pohRYEbL{&Aj~q;o>YTk@9UXU33+)n!#p;+nQ0T7p2Wa96rtS26>R8R#0>N=t*8y
z6Q5RyoGhUM73dfZL(GDZBc&!gMsTZPeqxb<bVx8(5}-O@*~;1mPGDyE=1#+OLgjny
zyTfAxdffE_kdbHLy<P@VdG7G_aFpaXZcuKg5dZ+nrrwP`Okvp=D7hKAn^Oz3X>9FE
zrU?FX)dP)T=oh_`IJz&N82)`>I}X5SotMwAC8?0MxhM9Q%4yF9dk1Km4uS6u6b7TH
zS%>NX$3lq)9nNi7PFtq?{E85O3#qrB1r+d(ID`*DdV#k{HmWF{wO4TYC2@pEZ{awh
zECZM8c<DGUxP4MdzKh;jppN4C{x4(5m~?NV9EHoY$r(2Jo@N&jhDeqMsw*2X)Xr-r
z-HMBOF@n9bCV>YPkr`%;AkG=4ud84wvqZ4jeTa!3aG+*RrDImiOz@>`=35o>vc*HF
z@==Vv2mM@C!`x^d;M#|RcpRh#twh(|_?N)Wd-`jyr2#T|kX8(txO9+Fsfem{vaUPH
zDu^-?eM=E`53z2pw7z2rrWZ1Yl#%Ns&G=@8%p--Qys@R<m5bnet?}j{g1q{b9UK(9
zZB9ouFK1aW3L@Q~qS+d|!-#*Xa6{+=B2Np7V;D*GIIG)w@VJKgj7;vM!*?&*bxW+%
zUdl(T^XjEF&%4vU`E+{|rFD^QR6elB!w1k6J3OprD5id0tpB@u`!+1PdOLu@9#g9a
zm5RR6n}MsU&4-dd^<ewPTd#eEci{!&wiJ?v$@DghKFJ5OmtE$z#j9|l2UkGC+2I+B
z*4dYVVXVz|jLzA2Rzfmyzia#!pS*DVwkH>F=TJ6FZP&`H1(1@Py?-UN0<O7DYWnJv
z@27l~{TL`ZzS%>N0FjpDb#1g#@+U3m+GxCeIxXtjDAFjC`Hl~s?xz2Plah(W{6uHM
zKKGV-jB`18S#27t*|l1ZQ|-vJ<4)~^>JRF2v&nDL?Oxvk7lyh;jd3x0{r~7hq)}<T
zz65E_5ml1=^GL>vA&B3iOliYTJZ_>BxZQHz7641TmPvP@GZuOo{DiMU{o<@WJe!<*
z)8s>PBklR?Q<(S^Y(qlW3dxV|PN4t!W-Nu4VrYopxfyVZB!6ey9FG_4@&;~Ny(Ynp
z4LxbiNGzg~xa2(iE9<>Xrk%7zeEqT)z9+T7FKRd)J}Zm84_TSbEo_2{x8Z#a1(I|6
z<lce2Gj0zv0j3}(SdlZ}Mc`#UVSrQSgX3YbfF2{5pd5&UA>{SU@J+$c!LR`>Lw~IB
zJyx%Tvms%GKsYCK!-&CdGBCT?!p=t#G~7?oCrLU&yCIQCf>82D>Gi|ui+3rcRBhXH
zDsdon$i&gM{sU<pWv7%O%QP{EkG+?HYs$x)pp1C+-5CBOin;eaV(K60fS;@X@zlpF
zvXO4R%-%Z3Zp+fM<^%UgNnvyI{{u2u<GBXA3)q(_&wW3Ux<R5s%<0g2M#bldduz@8
zoYBBuW%JZf($jdZ_3kdsnO&S%UGjS&t|uoJZi{D|M{d8XjtaJYt{(Fw;6Eg^fE(u2
zA#K)TeOXq4aeDIHLpO_8X<m2{b&+6{iIGS_gP~>mQtWLPskjaQ%_$<5T|hje_|u|1
zl0|hGTig9#wRcWr6jM5mhBYK_8ehV)_eJP_1VI`c^nMI_5*L%wftS$B-N<V*uY|X%
zhNgGc*=ZvpeupHl{(zH@$*U&~Bi$nP)^p*=rlFmuDyl6x`RH};4DHsnuveLDy?3*n
zORPIP<&sK8H#?JS3JY3d+s?Qf*D5=!_=O!fw;^?F+c?}1bw8{pzxk(Rq$-m_Uas|p
zm1}RIc(h0=S|k}IfPDS*y36%TWq<PT?+0EdQ~!+@rc);qlw?h^u$gg`9HIc-46gkF
zQ&^cKwl5j-t~+RBomNkJuD$jHV^!tNG>NH_VNP0?QG*E_4>FhT)RB&Kl3ZzW^P}jz
zBmsNrzma)le5sReaqv!xU*3@tHL0T<69lWK6}Pg*NJ<Jc{u9(FH^n0~T9mY+zP?Fb
zdr1fJ5=qDrq?QTDxE`c@+miKBFE7MYPGZV?QM7mxq>_fho5)_>3E1fFw=aY;@o-5r
z1d+p>WKIhH-W^N2`j}ix1R97f8D#aISItYqHv)DjEsVzdWw7z{A~MvcCOZ4u*Ch@+
zuFU=pDsC+HB6rg+LVqN)6YWKd=)+j@ED8mQXJv>aa=&>}Ypc0N_bUESu@$~W3Ce<2
z$P{~hShlC9jPpuM9U)8Q9-=CL<RyIT!1t#8nd05ZFtdS}7tExjB|nUDf*f~cRtRnv
z4}XQlFz7gVQ51$6{Am35C7372M`DH&`u|gjLU=?1kTvTbBt`lD=9M0^&$_FKS~#-y
z;K$5S=5I47csUr$40pGv3MEl^gk@^taB(OUzLw+}tk*QGHi~e!C3wu4SZq91OEE)L
ziR$sar<UuOs6Y>z$I%c{FnuGzX_rCIsbWNdyXy{TGCqvJw3A4~lhnmv8nF>MCF8y@
z%_ENH2DR8al689JM?m$bXr*+gOK{_hc;u@||2R8?)q=T)K3><XXJNKRNjuQny3)1H
zE}~^>?QEuQfqYv>^Emf~lg%IELV2I&F$Na}1=?ZgKPJ)qA10}^!8<dvyvs0TyQQ1p
z%b_6vuCcP6(XMRhneh^6^!wKt>)_0zi;&$S#hix1`1Ciy$LoL_?jzA3o9KRL4#UaP
z!Xy(It`!5_POTa%RQ9%K4C9fc<#rdK)_~%4D|p(}3UhYpHw8ooub)N?y&3hbZ=!C?
zSRN1bVS4RU3@}H^5`%=OI61Q9$<l2)O3T}~x99UGY$gU~=lD9ryAshZ(faF%ywvuJ
z$~%@Y3s^d07~KsJ?sycgqOaGbtcMt!hT6%kM$uLqsg&3x#%tY02FN3GYL@3-e7O@=
z=S3xy!w2)Jppl!z!Q-+b7Rq6ZO!S|r*l*ZJA|3bsr@zz~vlyl?r=+n(Q94pH!1$>3
zCfGWuQcA{ZXvs#4D3^-ynEHM|N~uz#6;qTGcGUg|vqsCv5@z%6uAEniyD_3e-XkG6
zn#MjKVwv&$!NgAxeJW>2xfVN$@M9kO_O7F;K@GwG+|A1f1$f(`f;E1?mJsze;T3T~
zh21v8t*HcKBD~K;Tky@L9c29T=Jy*AQg-Z*WK`$}$QcZOmpsxHDUpWp&&a!(ov8~l
zJ+!Ugps=nUf%zM$H@Q5|`)3z}If>b6;<N<13`}if7jQQcH#XlT^vpM0bz@(PDa@pm
zH6z22x-WmS{&3KA6KWIldY@N^WVZwk8w-Y`yTjs`Kox+6?o%UhrK&4ANMZ>IcR(Ev
z28BtG{H@q)dFlJU|2DLn`x0Gp8SDuWK}PS6b&*KGDeA#s+ESTtlZv&;JYjrig!8Lz
zz~ZR0%^jE5nk89`*6NF=m$|$jQop`wM5EjHQQ~$otRh@PE&#RDPt&%@`PGN--$9!?
zZ+0qjZgTx1@m}oWxzR;yCkKEXofZHctIl^QeZf%WpngbQx0Y|a(W(C<6O*ebHY^jb
zo^PGsK3w7|ZOLlMuL%4^kS_~DeoJ@qP_U4X8)lQy7(U2;obl$Fu5G@-ZYXz|lA@e|
zfhoN?qjigtzErZM0<h8%>%t-FVmoeZamiEpXHeU27KVT}WV5Js3#4zu0b9I9@TPvW
zi91;SgyQEfS*1L}VRn<DYr%V779_33x}J!%u&ouvzGFlR5}uk&1nxV;t(<b;W)X9;
zfB4`j5Uqx?(n-UDWh#zF5u6A8P>et#?q7}@*~~TeA)8dR{91_f;d#_xAk+LiGjnxs
z`w3#^yD(A;i<tF#)T$6wTB@3=fh4-{*m`$bN_g9e;#O{GvBT!Y*~msmmH27UK{{>}
z5h2}zCZ_v-oQ7XX6TFe2Idxw#xN+64mZTdCja-;>7D7Ayqh+AIV{lT=GsJq-PO<O<
z#>GtXaR3e8+G>Ny5sDRBiYyw7d>-&;AQA^F#MB`Raer&r;g#);JP*^MDdw?uW=}8u
z8fZoaW&e74k!H((vZEvz5SGOUk+E)CDlU>Q+&Q_U<S~iclBx6U>uugIgkRlW#8I(c
zexRh&-(7sn(yentjjVVnaxrV<!EudFn@qGFBc)q7p=Vl4x@*S{=#@<{GV;O19-oE%
zQ;R~c`!yNY$uWWPba!2Odvd31a+d{z6ieSXL1t?c5CGDa2)4`q1H?lM<SMg3$!wtv
z$Erm^Jp4y`SQ-49xY%qBRziE;&w4w_=ezO#0G$3-Oc<(F>%1k|21I09h@b^;nS$Rl
zBN-4!l?(m`yY;FX@Ka#bwaffQk^|hvswCX2<l_j~9+1zFrbek7@J1OT7=u3d11%Py
zckDWs$#i-B5l|NR#gF^zL4p=jpvCSqxT-XBTk7wmFqbp16Gu?8Wyq({2*Ho&oK``}
z{QTJufe%qL<3KtLA6qU289f~74O<Mw^830#VK_?GBNx!HqhR5pNmmIwUM#c?P52+N
zM1D$?tm#QTD3q*#!%@4I{}h+XiUNhx>l@QS!pu9NXFz=?#dkU8#}RywY@K1V)^>iq
zY|4T1d%*3wX!TQc<8LNN85QEBa<v%?F8PZOyJ&QpNkDxiXO{n_yyq|_7Mux+$W%-8
zl<o@Jz0nLIm28dUGIS;$nxs>MA?`G@#F5NPMxx0`0cTVKs@lgQyZzOj$dN*;cY$PF
zB5oT+5NeKhC1H3tReIuR6n7((XB0qRDW78I`;3)EEOo)D_Ld%9?suJ4=c8Z;#}K2@
zx_WM6L!2hU{t0I@Pd)rj^a~l6y!S#yHTUU(6JApxX8lk%zi}}@0X<a@cJGIK1?1k3
z?;pc0g1RRBn2|R0!)%p*J(jkhMRYwdMRZLh4bYsXOAhKFoTlA7oOS4sSHYYfPbraC
z$*M2N2y0<iXSp2JvA6tDyE>d!vgPQF&fnhmt9__A&-H_v=;18FKFSix(5u=MV}CB!
z*TW`%6)UZlLv*5p2S2kE*7_{i@i5=y!MM2rRenap?kalV3+kIpV$Z+9G%1SjGrzDK
z;zvOgjO);h&q<+w2C-ER8Y3T-%TIyS<Iua3{yTwKYo;5yCV4-Uz-S}W4?<c^K|s{x
zS)b-?mVdz{n7^9xvvR|Mg;vbWnVsIalzC`@84G(JrpV{xCoy+{&}}O2PlA8ZQFYUj
zV&cr83-?RW^bCW55kM}+EQ4OCWsDtx8hV^-foe)kfCbWltg(V%(A#Tj=x{@9@1+%t
z80;cmzp3um2Gag4ufY_&ln&as!+AZp3}5eXwPmzYJ`wAHu*1}J4>A*QqUG@xJ1h4=
z3OBo^3pX1}=%q}{IX`Pgq2&RjF59*AH^R{Z%8L3M|J!$gX2<Q_vq5%Kqd<;^bX>s9
z`T<I7W1m3lmh3=l7G!G=t!-B{b{14GG>JrnhN^|g(4NW9*H74xO(i8)8Yt2m3y6-a
zg-_mpQww##U)TmQlb8tFf1xFTg_16E>y;5={jNT0((j1hWY|)Q5(~nPC<999fRBIx
zs4S$<&8G>b9fJCV(1OAwO`lJl{`d10#JGownuejw8teuTC10b{;U4spr)Aa4kz^7t
zHH)Dn;UaR-JRArwJ;w_sicF2mF6qtHgg=f5@O_z%9dUH@bj~2b5V2m{bRJLex+U!V
zOAuQxb{+MM{=wrhEO-zr_%10Znx%7S_%p&9)S=Lib&%r#n#7mIUDb(=$J&^$QrsF}
zDf(7q{1IfiycauoX~;~$F`u$G8Z9TS`%h@XOO<7nSu;y^W*f4@_EnMjkB#`JvWL*b
zZ$p_wLXoncp;}ywH+Rhix~*$tT5=8Xiv(bCr-qu{5NHgbE|B9VF|yS+Wc(oAlmsBz
z0bwQXLH1+5^mCWGC+-jSOG;Tt;r1MuB5nU2hOHSl3vJlWoXgs?R_%NMWas6gQa(UN
zb6rNT?YOgSHppd4{D5QrZ>-Dlf0xC^Zzp@Cz#QnKT+EcTf;Le5>HJDq9k-`tLez;&
zgdWok4IDEOWBkyn;Y-&6md}iMR?6p5-}i8*sX1r|1q6BhzKV{#xlD0JaM2ot{#>QC
zh$jR_GYFAIngwXfxU(1&xe$k44~Ji#pQYx#Jxe<o4&ToKUjdBU6&fHt1D2MFUteZN
z(`h=POX3+$#>>1%jelnU1hAid+jiTw#ec1Ps_{?+dt&{pid&jm(0Rrs?e$g}au7j#
zf?#HL?jO)vxIw6m(~RvX_6#xP=ww>S5!r2gQ1=y{kvIVjx-hJSI|BKp6d?ebna(tN
zuud&kDv*b!=akT9XFWAOtQ<$=_gi@E)F<>kC5)+vK7tx$7gPi~6(;^X&=qS#<MFg9
z8WhwaqXucPl}@DK0HF<Bu8yYVv>K<(a_>EjgNBcrN5@bI<^F@!ihi=TRNu>nF3^Ul
z6Y{-UzO&vu2szgIn{HVPRiy*c=WwnB&Pb;OPv}my`4tKUr?1A#$}81yfP?LJUme}g
z6hiWW8&bk<t$gk%QEWV|KK`jQ&;3GMsEPXQ<hQv<K3qI{8j0UB2V1N(^Z_}=EO)L!
zLY4~FBT={b5wO5Ou{Z?~=leo$#CRdX_{L5*DY@CdlQ0ipK{)4D3L7_CYU`kL^oj>H
zeOTESp3dB=AoW{PGqyr)Fa!}~Vl`oewUuH**<=Sfvw+t;fFa}#{?ua}?Wl}AW|T<U
zDhrV&Y-{!u%0NG3iB^Sh9;KwP6{kl~pl3J{qy*oL)XD*?i#v*k!u`M@$p$ChFMdL-
z)p?E`qS>`o>s@Mw`~tbg2GR!ZjUc(hr2kDrPDD+J`oT@XNmwe&Bpb~BdAMJ<SwqbY
zw)hBCMf=>zZu=>pirWXrvFKw<AtdC0TbgVzSJL7_2r=<FEE??AeEOA+V1&fx8fFXm
zCr}Qs&cLexKKHJ)!z?~iehlR0#nDUK{(^FlASZ}KSWK6-@F(%vMB_skH!b2d>#V|z
zqH(I1b)nX8Y!d4(@rM3uc6tdrkaooz0Hhf@Vrpb?fBDY0m3y;Dv!-;Key2Elu$7%F
zK~2G}*f=*pDTE}^fZ`628&N9To|^|@l7X!s9^9`iGF*$%wC8cw8&YGDj|uvz$W(dZ
z?x-bfQh5jbGCLJp?Czp1AObyH{{CQJtP%G&NeUvr!)cfkVm3{Hr5;E42~k(ykRZs7
zhHOjxb(ZIRsL*l7;5&kZa<W#9td|KnFP;0I((aW@AX-g8I~gVB)R`H?5nV8rrNyW~
zZ&Bej>S3IBek^~-H&nugP}MMFL}n66BjesWtSWGh<IvkoG!=c*QG0s?httlh@a`7N
zk=J!~SIw}>w(XmyGbI9SB%bzToZ)m~ECwG#L{4ZvPW5hTL>+9|MW<E~`qdGgZ6AcX
z{>^@qqN&VC0Y3DbOGXV`7Tv<2PUZ?d^ehC1L1z0Mr;@Nuu~}3?7bIjj)bpSqv#GQ(
zy63J$J6?D;n2v1dsB{{iWyB(Y@BN<-D<~Km`2RZ!>YpR)|4PL{|B3%cOw|8r<o|Sq
k{T~w`AjLs~{{pQ3FUMF#8Az!ARKWh_(0>ww?Z4Xp2a6`kvH$=8

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index 98f301d0624..a1a2a8ab424 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** — Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** — Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)\n\n**Data Connectors:** 2, **Analytic Rules:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** — Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** — Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 5, **Hunting Queries:** 8\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -92,6 +92,62 @@
           }
         ]
       },
+      {
+        "name": "workbooks",
+        "label": "Workbooks",
+        "subLabel": {
+          "preValidation": "Configure the workbooks",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Workbooks",
+        "elements": [
+          {
+            "name": "workbooks-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
+            }
+          },
+          {
+            "name": "workbooks-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
+              }
+            }
+          },
+          {
+            "name": "workbook1",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Operations (Standard)",
+            "elements": [
+              {
+                "name": "workbook1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Tailscale Operations workbook for Standard tier — configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals."
+                }
+              }
+            ]
+          },
+          {
+            "name": "workbook2",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Operations (Premium)",
+            "elements": [
+              {
+                "name": "workbook2-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Tailscale Operations workbook for Premium / Enterprise tier — configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput)."
+                }
+              }
+            ]
+          }
+        ]
+      },
       {
         "name": "analytics",
         "label": "Analytics",
@@ -189,6 +245,142 @@
             ]
           }
         ]
+      },
+      {
+        "name": "huntingqueries",
+        "label": "Hunting Queries",
+        "bladeTitle": "Hunting Queries",
+        "elements": [
+          {
+            "name": "huntingqueries-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the following hunting queries. After installing the solution, run these hunting queries to hunt for threats in Manage solution view. "
+            }
+          },
+          {
+            "name": "huntingqueries-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/hunting"
+              }
+            }
+          },
+          {
+            "name": "huntingquery1",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: First-seen actor making configuration changes",
+            "elements": [
+              {
+                "name": "huntingquery1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials — review whether each surfaced actor is expected to have admin rights. This hunting query depends on TailscaleCCF data connector (Tailscale_Configuration_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery2",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: ACL policy churn",
+            "elements": [
+              {
+                "name": "huntingquery2-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change. This hunting query depends on TailscaleCCF data connector (Tailscale_Configuration_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery3",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: Off-hours configuration changes",
+            "elements": [
+              {
+                "name": "huntingquery3-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Lists configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity. This hunting query depends on TailscaleCCF data connector (Tailscale_Configuration_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery4",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: Auth key sprawl",
+            "elements": [
+              {
+                "name": "huntingquery4-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context. This hunting query depends on TailscaleCCF data connector (Tailscale_Configuration_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery5",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: New src->dst node pairs (lateral movement candidates)",
+            "elements": [
+              {
+                "name": "huntingquery5-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Lists tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs). This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery6",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: Top talkers by bytes (virtual traffic)",
+            "elements": [
+              {
+                "name": "huntingquery6-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Ranks tailnet src->dst pairs by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery7",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: Exit-node usage patterns",
+            "elements": [
+              {
+                "name": "huntingquery7-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Summarises traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery8",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: Beaconing candidates (regular periodic flows)",
+            "elements": [
+              {
+                "name": "huntingquery8-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Detects flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          }
+        ]
       }
     ],
     "outputs": {
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 41c52cc1c5b..f473b5f8236 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -41,6 +41,22 @@
       "metadata": {
         "description": "subscription id where Microsoft Sentinel is setup"
       }
+    },
+    "workbook1-name": {
+      "type": "string",
+      "defaultValue": "Tailscale Operations (Standard)",
+      "minLength": 1,
+      "metadata": {
+        "description": "Name for the workbook"
+      }
+    },
+    "workbook2-name": {
+      "type": "string",
+      "defaultValue": "Tailscale Operations (Premium)",
+      "minLength": 1,
+      "metadata": {
+        "description": "Name for the workbook"
+      }
     }
   },
   "variables": {
@@ -95,6 +111,58 @@
       "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f817e2fa-6fa0-fc25-5369-cef9b58771af')))]",
       "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f817e2fa-6fa0-fc25-5369-cef9b58771af','-', '1.0.0')))]"
     },
+    "huntingQueryObject1": {
+      "huntingQueryVersion1": "1.0.0",
+      "_huntingQuerycontentId1": "a91f4d3c-1b7e-4f2a-9c1d-0e3b5f7c8d9a",
+      "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('a91f4d3c-1b7e-4f2a-9c1d-0e3b5f7c8d9a')))]"
+    },
+    "huntingQueryObject2": {
+      "huntingQueryVersion2": "1.0.0",
+      "_huntingQuerycontentId2": "b82e5d4d-2c8f-5e3b-ad2e-1f4c6e8d9eab",
+      "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('b82e5d4d-2c8f-5e3b-ad2e-1f4c6e8d9eab')))]"
+    },
+    "huntingQueryObject3": {
+      "huntingQueryVersion3": "1.0.0",
+      "_huntingQuerycontentId3": "c73f6e5e-3d9a-6f4c-be3f-2a5d7f9eafbc",
+      "huntingQueryTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('c73f6e5e-3d9a-6f4c-be3f-2a5d7f9eafbc')))]"
+    },
+    "huntingQueryObject4": {
+      "huntingQueryVersion4": "1.0.0",
+      "_huntingQuerycontentId4": "d64e7f6f-4eab-7a5d-cf4a-3b6e8aafbcad",
+      "huntingQueryTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('d64e7f6f-4eab-7a5d-cf4a-3b6e8aafbcad')))]"
+    },
+    "huntingQueryObject5": {
+      "huntingQueryVersion5": "1.0.0",
+      "_huntingQuerycontentId5": "e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe",
+      "huntingQueryTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe')))]"
+    },
+    "huntingQueryObject6": {
+      "huntingQueryVersion6": "1.0.0",
+      "_huntingQuerycontentId6": "f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca",
+      "huntingQueryTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca')))]"
+    },
+    "huntingQueryObject7": {
+      "huntingQueryVersion7": "1.0.0",
+      "_huntingQuerycontentId7": "a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb",
+      "huntingQueryTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb')))]"
+    },
+    "huntingQueryObject8": {
+      "huntingQueryVersion8": "1.0.0",
+      "_huntingQuerycontentId8": "b28cbdd2-8cef-be9b-a38e-7faceedfdbec",
+      "huntingQueryTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('b28cbdd2-8cef-be9b-a38e-7faceedfdbec')))]"
+    },
+    "workbookVersion1": "1.0.0",
+    "workbookContentId1": "TailscaleStandardOperationsWorkbook",
+    "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
+    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
+    "_workbookContentId1": "[variables('workbookContentId1')]",
+    "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
+    "workbookVersion2": "1.0.0",
+    "workbookContentId2": "TailscalePremiumOperationsWorkbook",
+    "workbookId2": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId2'))]",
+    "workbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId2'))))]",
+    "_workbookContentId2": "[variables('workbookContentId2')]",
+    "_workbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId2'),'-', variables('workbookVersion2'))))]",
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
@@ -1542,24 +1610,24 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "PT5H",
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "groupByEntities": [],
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "PT5H",
+                    "matchingMethod": "AllEntities"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -1655,24 +1723,24 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "PT5H",
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "groupByEntities": [],
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "PT5H",
+                    "matchingMethod": "AllEntities"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -1767,24 +1835,24 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "PT5H",
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "groupByEntities": [],
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "PT5H",
+                    "matchingMethod": "AllEntities"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -1880,33 +1948,33 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "NodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "NodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "PT5H",
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "groupByEntities": [],
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "PT5H",
+                    "matchingMethod": "AllEntities"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -2002,24 +2070,24 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "PT5H",
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "groupByEntities": [],
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "PT5H",
+                    "matchingMethod": "AllEntities"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -2064,72 +2132,962 @@
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject1').huntingQueryTemplateSpecName1]",
       "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
       "properties": {
-        "version": "3.0.1",
-        "kind": "Solution",
-        "contentSchemaVersion": "3.0.0",
-        "displayName": "Tailscale (CCF)",
-        "publisherDisplayName": "Community",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.</p>\n<p><strong>Data connectors in this solution (install one based on your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> — Configuration audit logs (<code>/logging/configuration</code>). Use on <strong>Personal (Free) and Standard</strong> tailnets. Included in this release.</li>\n<li><strong>Tailscale Premium (CCF)</strong> — Configuration audit + network flow logs (<code>/logging/configuration</code> + <code>/logging/network</code>). Use on <strong>Premium and Enterprise</strong> tailnets. <em>Planned for a future release.</em></li>\n</ul>\n<p><strong>Underlying technology:</strong> Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.</p>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the <strong>Audit Logs - Read</strong> scope (Standard connector). For the Premium connector also tick <strong>Network Logs - Read</strong>.</li>\n<li>Copy the client ID and client secret (secret shown once)</li>\n<li>Note your tailnet name from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Analytic Rules:</strong> 5</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
-        "contentKind": "Solution",
-        "contentProductId": "[variables('_solutioncontentProductId')]",
-        "id": "[variables('_solutioncontentProductId')]",
-        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">",
-        "contentId": "[variables('_solutionId')]",
-        "parentId": "[variables('_solutionId')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Tailscale (CCF)",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "noodlemctwoodle"
-        },
-        "support": {
-          "name": "Community",
-          "tier": "Community",
-          "link": "https://github.com/Azure/Azure-Sentinel/issues"
-        },
-        "dependencies": {
-          "operator": "AND",
-          "criteria": [
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentIdConnections1')]",
-              "version": "[variables('dataConnectorCCPVersion')]"
-            },
+        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentIdConnections2')]",
-              "version": "[variables('dataConnectorCCPVersion')]"
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_1",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: First-seen actor making configuration changes",
+                "category": "Hunting Queries",
+                "query": "let lookback = 14d;\nlet baselineWindow = 14d;\nTailscale_Configuration_CL\n| where TimeGenerated > ago(lookback)\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize FirstSeen = min(TimeGenerated), Actions = make_set(Action), Targets = make_set(tostring(Target.type)), TotalEvents = count() by ActorLogin\n| join kind=leftanti (\n    Tailscale_Configuration_CL\n    | where TimeGenerated between (ago(lookback + baselineWindow) .. ago(lookback))\n    | extend ActorLogin = tostring(Actor.loginName)\n    | distinct ActorLogin\n) on ActorLogin\n| order by FirstSeen asc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials — review whether each surfaced actor is expected to have admin rights."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess,Persistence"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
+                  }
+                ]
+              }
             },
             {
-              "kind": "AnalyticsRule",
-              "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
-              "version": "[variables('analyticRuleObject1').analyticRuleVersion1]"
-            },
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 1",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1)]",
+                "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject1').huntingQueryVersion1]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: First-seen actor making configuration changes",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject2').huntingQueryTemplateSpecName2]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "kind": "AnalyticsRule",
-              "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
-              "version": "[variables('analyticRuleObject2').analyticRuleVersion2]"
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_2",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: ACL policy churn",
+                "category": "Hunting Queries",
+                "query": "let bucket = 30m;\nlet churnThreshold = 3;\nTailscale_Configuration_CL\n| where Action == \"WRITE\"\n| where tostring(Target.type) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize EditCount = count(), Editors = make_set(ActorLogin), FirstEdit = min(TimeGenerated), LastEdit = max(TimeGenerated)\n    by bin(TimeGenerated, bucket)\n| where EditCount >= churnThreshold\n| order by EditCount desc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "DefenseEvasion,PrivilegeEscalation"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1098,T1556"
+                  }
+                ]
+              }
             },
             {
-              "kind": "AnalyticsRule",
-              "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
-              "version": "[variables('analyticRuleObject3').analyticRuleVersion3]"
-            },
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 2",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2)]",
+                "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject2').huntingQueryVersion2]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: ACL policy churn",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject3').huntingQueryTemplateSpecName3]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "kind": "AnalyticsRule",
-              "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
-              "version": "[variables('analyticRuleObject4').analyticRuleVersion4]"
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_3",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Off-hours configuration changes",
+                "category": "Hunting Queries",
+                "query": "let businessStartUtc = 8;\nlet businessEndUtc = 18;\nTailscale_Configuration_CL\n| extend HourOfDay = datetime_part(\"hour\", TimeGenerated), DayOfWeek = dayofweek(TimeGenerated)\n| where DayOfWeek in (0d, 6d)  // Sunday and Saturday\n    or HourOfDay < businessStartUtc\n    or HourOfDay >= businessEndUtc\n| extend ActorLogin = tostring(Actor.loginName)\n| extend TargetType = tostring(Target.type)\n| project TimeGenerated, ActorLogin, Action, TargetType, Target, Origin\n| order by TimeGenerated desc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Lists configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess,Persistence"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
+                  }
+                ]
+              }
             },
             {
-              "kind": "AnalyticsRule",
-              "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
-              "version": "[variables('analyticRuleObject5').analyticRuleVersion5]"
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 3",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3)]",
+                "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject3').huntingQueryVersion3]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Off-hours configuration changes",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject4').huntingQueryTemplateSpecName4]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_4",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Auth key sprawl",
+                "category": "Hunting Queries",
+                "query": "let bucket = 1h;\nlet sprawlThreshold = 5;\nTailscale_Configuration_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize KeysCreated = count(), KeyIDs = make_set(tostring(Target.id)), Reusable = make_set(tostring(New.reusable)), Ephemeral = make_set(tostring(New.ephemeral))\n    by bin(TimeGenerated, bucket), ActorLogin\n| where KeysCreated >= sprawlThreshold\n| order by KeysCreated desc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "Persistence,CredentialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1098,T1136"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 4",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4)]",
+                "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject4').huntingQueryVersion4]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Auth key sprawl",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject5').huntingQueryTemplateSpecName5]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleNewNodePairs_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_5",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: New src->dst node pairs (lateral movement candidates)",
+                "category": "Hunting Queries",
+                "query": "let recent = 1d;\nlet baseline = 7d;\nlet recentPairs =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | mv-expand t = VirtualTraffic\n    | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n    | summarize FirstSeen = min(TimeGenerated), TxBytes = sum(tolong(t.txBytes)), RxBytes = sum(tolong(t.rxBytes)), FlowCount = count() by Src, Dst, Proto;\nlet baselinePairs =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | mv-expand t = VirtualTraffic\n    | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n    | distinct Src, Dst, Proto;\nrecentPairs\n| join kind=leftanti baselinePairs on Src, Dst, Proto\n| order by FirstSeen asc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Lists tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "LateralMovement,Discovery"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1021,T1018"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 5",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5)]",
+                "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject5').huntingQueryVersion5]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: New src->dst node pairs (lateral movement candidates)",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject6').huntingQueryTemplateSpecName6]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleTopTalkers_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_6",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Top talkers by bytes (virtual traffic)",
+                "category": "Hunting Queries",
+                "query": "Tailscale_Network_CL\n| where TimeGenerated > ago(1d)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(TxBytes + RxBytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), FlowCount = count() by Src, Dst, Proto\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| top 50 by TotalBytes\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Ranks tailnet src->dst pairs by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "Exfiltration,Collection"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1041,T1567"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 6",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6)]",
+                "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject6').huntingQueryVersion6]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Top talkers by bytes (virtual traffic)",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject7').huntingQueryTemplateSpecName7]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_7",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Exit-node usage patterns",
+                "category": "Hunting Queries",
+                "query": "Tailscale_Network_CL\n| where TimeGenerated > ago(1d)\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| extend Src = tostring(t.src), ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(TxBytes + RxBytes), FlowCount = count(), ExitDestinations = make_set(ExitDst, 25)\n    by NodeId, SrcNodeName = tostring(SrcNode.name), Src\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| order by TotalBytes desc\n| take 100\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Summarises traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "CommandAndControl,Exfiltration"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1090,T1041"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 7",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7)]",
+                "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject7').huntingQueryVersion7]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Exit-node usage patterns",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject8').huntingQueryTemplateSpecName8]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_8",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Beaconing candidates (regular periodic flows)",
+                "category": "Hunting Queries",
+                "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n| order by BeaconPercent desc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Detects flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "CommandAndControl,Exfiltration"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1071,T1095,T1029"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 8",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8)]",
+                "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject8').huntingQueryVersion8]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Beaconing candidates (regular periodic flows)",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('workbookTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleStandardOperations Workbook with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('workbookVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.Insights/workbooks",
+              "name": "[variables('workbookContentId1')]",
+              "location": "[parameters('workspace-location')]",
+              "kind": "shared",
+              "apiVersion": "2021-08-01",
+              "metadata": {
+                "description": "Tailscale Operations workbook for Standard tier — configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals."
+              },
+              "properties": {
+                "displayName": "[parameters('workbook1-name')]",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Standard)\\n\\nSecurity and operational view across the **Tailscale Standard (CCF)** data connector. Surfaces configuration audit data (`Tailscale_Configuration_CL`).\\n\\nFor network flow visibility, upgrade your tailnet to Premium / Enterprise and install **Tailscale Premium (CCF)** + use the **Tailscale Operations (Premium)** workbook.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"WRITE\\\" and tostring(Target.type) == \\\"ACL\\\"), AuthKeysCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) == \\\"AUTH_KEY\\\")\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"AUTH_KEY\\\"\\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Auth key lifecycle\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"API token and OAuth client activity\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-oauth-api\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"}],\"fromTemplateId\":\"sentinel-TailscaleStandardOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "version": "1.0",
+                "sourceId": "[variables('workspaceResourceId')]",
+                "category": "sentinel"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
+              "properties": {
+                "description": "@{workbookKey=TailscaleStandardOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Standard tier — configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Standard); templateRelativePath=TailscaleStandardOperations.json; subtitle=; provider=noodlemctwoodle}.description",
+                "parentId": "[variables('workbookId1')]",
+                "contentId": "[variables('_workbookContentId1')]",
+                "kind": "Workbook",
+                "version": "[variables('workbookVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                },
+                "dependencies": {
+                  "operator": "AND",
+                  "criteria": [
+                    {
+                      "contentId": "Tailscale_Configuration_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "TailscaleCCF",
+                      "kind": "DataConnector"
+                    }
+                  ]
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId1')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook1-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId1')]",
+        "id": "[variables('_workbookcontentProductId1')]",
+        "version": "[variables('workbookVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('workbookTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePremiumOperations Workbook with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('workbookVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.Insights/workbooks",
+              "name": "[variables('workbookContentId2')]",
+              "location": "[parameters('workspace-location')]",
+              "kind": "shared",
+              "apiVersion": "2021-08-01",
+              "metadata": {
+                "description": "Tailscale Operations workbook for Premium / Enterprise tier — configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput)."
+              },
+              "properties": {
+                "displayName": "[parameters('workbook2-name')]",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Premium)\\n\\nFull security and operational view across the **Tailscale Premium (CCF)** data connector — covers configuration audit (`Tailscale_Configuration_CL`) **and** network flow (`Tailscale_Network_CL`) telemetry.\\n\\nFor Personal (Free) / Standard tier tailnets, use the **Tailscale Operations (Standard)** workbook instead.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"network\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows (Premium)\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"WRITE\\\" and tostring(Target.type) == \\\"ACL\\\"), AuthKeysCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) == \\\"AUTH_KEY\\\")\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"AUTH_KEY\\\"\\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Auth key lifecycle\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"API token and OAuth client activity\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-oauth-api\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Network Flows (Premium)\\n\\nThese visualisations require the `Tailscale Premium (CCF)` data connector. If no data is shown, install the Premium connector or confirm your tailnet is on the Premium or Enterprise tier.\"},\"name\":\"network-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Messages = count(), UniqueNodes = dcount(NodeId)\",\"size\":4,\"title\":\"Network flow summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\"},\"customWidth\":\"100\",\"name\":\"network-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Src = tostring(t.src), Dst = tostring(t.dst), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\\n| summarize TotalBytes = sum(TxBytes + RxBytes) by Src, Dst\\n| top 20 by TotalBytes\\n| render barchart\",\"size\":0,\"title\":\"Top 20 talkers (virtual traffic, bytes)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-top-talkers\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(ExitTraffic) > 0\\n| mv-expand t = ExitTraffic\\n| extend ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst\\n| top 50 by TotalBytes\",\"size\":0,\"title\":\"Exit-node traffic\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-exit-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(SubnetTraffic) > 0\\n| mv-expand t = SubnetTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\\n| top 25 by TotalBytes\",\"size\":0,\"title\":\"Subnet router throughput by source node\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-subnet-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\\n| render timechart\",\"size\":0,\"title\":\"Virtual-traffic bytes over time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-bytes-timechart\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"network-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"}],\"fromTemplateId\":\"sentinel-TailscalePremiumOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "version": "1.0",
+                "sourceId": "[variables('workspaceResourceId')]",
+                "category": "sentinel"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId2'),'/'))))]",
+              "properties": {
+                "description": "@{workbookKey=TailscalePremiumOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Premium / Enterprise tier — configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput).; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Premium); templateRelativePath=TailscalePremiumOperations.json; subtitle=; provider=noodlemctwoodle}.description",
+                "parentId": "[variables('workbookId2')]",
+                "contentId": "[variables('_workbookContentId2')]",
+                "kind": "Workbook",
+                "version": "[variables('workbookVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                },
+                "dependencies": {
+                  "operator": "AND",
+                  "criteria": [
+                    {
+                      "contentId": "Tailscale_Configuration_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Network_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "TailscalePremiumCCF",
+                      "kind": "DataConnector"
+                    }
+                  ]
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId2')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook2-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId2')]",
+        "id": "[variables('_workbookcontentProductId2')]",
+        "version": "[variables('workbookVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "version": "3.0.1",
+        "kind": "Solution",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "Tailscale (CCF)",
+        "publisherDisplayName": "Community",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.</p>\n<p><strong>Data connectors in this solution (install one based on your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> — Configuration audit logs (<code>/logging/configuration</code>). Use on <strong>Personal (Free) and Standard</strong> tailnets. Included in this release.</li>\n<li><strong>Tailscale Premium (CCF)</strong> — Configuration audit + network flow logs (<code>/logging/configuration</code> + <code>/logging/network</code>). Use on <strong>Premium and Enterprise</strong> tailnets. <em>Planned for a future release.</em></li>\n</ul>\n<p><strong>Underlying technology:</strong> Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.</p>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the <strong>Audit Logs - Read</strong> scope (Standard connector). For the Premium connector also tick <strong>Network Logs - Read</strong>.</li>\n<li>Copy the client ID and client secret (secret shown once)</li>\n<li>Note your tailnet name from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 5, <strong>Hunting Queries:</strong> 8</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">",
+        "contentId": "[variables('_solutionId')]",
+        "parentId": "[variables('_solutionId')]",
+        "source": {
+          "kind": "Solution",
+          "name": "Tailscale (CCF)",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "noodlemctwoodle"
+        },
+        "support": {
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
+        },
+        "dependencies": {
+          "operator": "AND",
+          "criteria": [
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+              "version": "[variables('dataConnectorCCPVersion')]"
+            },
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentIdConnections2')]",
+              "version": "[variables('dataConnectorCCPVersion')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
+              "version": "[variables('analyticRuleObject1').analyticRuleVersion1]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
+              "version": "[variables('analyticRuleObject2').analyticRuleVersion2]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
+              "version": "[variables('analyticRuleObject3').analyticRuleVersion3]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+              "version": "[variables('analyticRuleObject4').analyticRuleVersion4]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+              "version": "[variables('analyticRuleObject5').analyticRuleVersion5]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+              "version": "[variables('huntingQueryObject1').huntingQueryVersion1]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+              "version": "[variables('huntingQueryObject2').huntingQueryVersion2]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+              "version": "[variables('huntingQueryObject3').huntingQueryVersion3]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+              "version": "[variables('huntingQueryObject4').huntingQueryVersion4]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+              "version": "[variables('huntingQueryObject5').huntingQueryVersion5]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
+              "version": "[variables('huntingQueryObject6').huntingQueryVersion6]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
+              "version": "[variables('huntingQueryObject7').huntingQueryVersion7]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
+              "version": "[variables('huntingQueryObject8').huntingQueryVersion8]"
+            },
+            {
+              "kind": "Workbook",
+              "contentId": "[variables('_workbookContentId1')]",
+              "version": "[variables('workbookVersion1')]"
+            },
+            {
+              "kind": "Workbook",
+              "contentId": "[variables('_workbookContentId2')]",
+              "version": "[variables('workbookVersion2')]"
             }
           ]
         },
diff --git a/Solutions/Tailscale (CCF)/Package/testParameters.json b/Solutions/Tailscale (CCF)/Package/testParameters.json
index 554801e41b7..8e1e27a3c33 100644
--- a/Solutions/Tailscale (CCF)/Package/testParameters.json	
+++ b/Solutions/Tailscale (CCF)/Package/testParameters.json	
@@ -34,5 +34,21 @@
     "metadata": {
       "description": "subscription id where Microsoft Sentinel is setup"
     }
+  },
+  "workbook1-name": {
+    "type": "string",
+    "defaultValue": "Tailscale Operations (Standard)",
+    "minLength": 1,
+    "metadata": {
+      "description": "Name for the workbook"
+    }
+  },
+  "workbook2-name": {
+    "type": "string",
+    "defaultValue": "Tailscale Operations (Premium)",
+    "minLength": 1,
+    "metadata": {
+      "description": "Name for the workbook"
+    }
   }
 }
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json
new file mode 100644
index 00000000000..4edfc21850c
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
@@ -0,0 +1,410 @@
+{
+  "version": "Notebook/1.0",
+  "items": [
+    {
+      "type": 1,
+      "content": {
+        "json": "# Tailscale Operations (Premium)\n\nFull security and operational view across the **Tailscale Premium (CCF)** data connector \u2014 covers configuration audit (`Tailscale_Configuration_CL`) **and** network flow (`Tailscale_Network_CL`) telemetry.\n\nFor Personal (Free) / Standard tier tailnets, use the **Tailscale Operations (Standard)** workbook instead."
+      },
+      "name": "header"
+    },
+    {
+      "type": 9,
+      "content": {
+        "version": "KqlParameterItem/1.0",
+        "parameters": [
+          {
+            "id": "timerange",
+            "version": "KqlParameterItem/1.0",
+            "name": "TimeRange",
+            "type": 4,
+            "isRequired": true,
+            "value": {
+              "durationMs": 86400000
+            },
+            "typeSettings": {
+              "selectableValues": [
+                {
+                  "durationMs": 3600000
+                },
+                {
+                  "durationMs": 14400000
+                },
+                {
+                  "durationMs": 43200000
+                },
+                {
+                  "durationMs": 86400000
+                },
+                {
+                  "durationMs": 172800000
+                },
+                {
+                  "durationMs": 604800000
+                },
+                {
+                  "durationMs": 2592000000
+                }
+              ]
+            }
+          }
+        ],
+        "style": "pills",
+        "queryType": 0,
+        "resourceType": "microsoft.operationalinsights/workspaces"
+      },
+      "name": "parameters"
+    },
+    {
+      "type": 11,
+      "content": {
+        "version": "LinkItem/1.0",
+        "style": "tabs",
+        "links": [
+          {
+            "id": "overview",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Overview",
+            "subTarget": "overview",
+            "style": "link"
+          },
+          {
+            "id": "config",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Identity & Configuration",
+            "subTarget": "config",
+            "style": "link"
+          },
+          {
+            "id": "network",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Network Flows (Premium)",
+            "subTarget": "network",
+            "style": "link"
+          },
+          {
+            "id": "signals",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Security Signals",
+            "subTarget": "signals",
+            "style": "link"
+          }
+        ]
+      },
+      "name": "tabs"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "## Overview"
+            },
+            "name": "overview-header"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \"WRITE\" and tostring(Target.type) == \"ACL\"), AuthKeysCreated = countif(Action == \"CREATE\" and tostring(Target.type) == \"AUTH_KEY\")",
+              "size": 4,
+              "title": "Configuration audit summary",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "tiles",
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "TotalEvents",
+                  "formatter": 12
+                },
+                "showBorder": true
+              }
+            },
+            "customWidth": "100",
+            "name": "overview-tiles"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\n| render timechart",
+              "size": 0,
+              "title": "Configuration activity over time, by action",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "overview-timeseries"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize EventCount = count() by ActorLogin\n| top 10 by EventCount\n| render barchart",
+              "size": 0,
+              "title": "Top 10 actors",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "50",
+            "name": "overview-top-actors"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by tostring(Target.type)\n| top 10 by EventCount\n| render piechart",
+              "size": 0,
+              "title": "Target type distribution",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "50",
+            "name": "overview-target-types"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "overview"
+      },
+      "name": "overview-group"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "## Identity & Configuration"
+            },
+            "name": "config-header"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\n| summarize EventCount = count() by ActorLogin, Action, TargetType\n| order by EventCount desc",
+              "size": 0,
+              "title": "Actor / Action / Target heatmap",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table"
+            },
+            "customWidth": "100",
+            "name": "config-heatmap"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\n| order by TimeGenerated desc",
+              "size": 0,
+              "title": "ACL policy change history",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "config-acl-history"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "size": 0,
+              "title": "Auth key lifecycle",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "config-authkey-lifecycle"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "size": 0,
+              "title": "API token and OAuth client activity",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "config-oauth-api"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "config"
+      },
+      "name": "config-group"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "## Network Flows (Premium)\n\nThese visualisations require the `Tailscale Premium (CCF)` data connector. If no data is shown, install the Premium connector or confirm your tailnet is on the Premium or Enterprise tier."
+            },
+            "name": "network-header"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| summarize Messages = count(), UniqueNodes = dcount(NodeId)",
+              "size": 4,
+              "title": "Network flow summary",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "tiles"
+            },
+            "customWidth": "100",
+            "name": "network-tiles"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(TxBytes + RxBytes) by Src, Dst\n| top 20 by TotalBytes\n| render barchart",
+              "size": 0,
+              "title": "Top 20 talkers (virtual traffic, bytes)",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "network-top-talkers"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| extend ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst\n| top 50 by TotalBytes",
+              "size": 0,
+              "title": "Exit-node traffic",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "50",
+            "name": "network-exit-traffic"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| where array_length(SubnetTraffic) > 0\n| mv-expand t = SubnetTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\n| top 25 by TotalBytes",
+              "size": 0,
+              "title": "Subnet router throughput by source node",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "50",
+            "name": "network-subnet-traffic"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| mv-expand t = VirtualTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\n| render timechart",
+              "size": 0,
+              "title": "Virtual-traffic bytes over time",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "network-bytes-timechart"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "network"
+      },
+      "name": "network-group"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "## Security Signals\n\nIncidents and alerts raised by Tailscale-related analytic rules."
+            },
+            "name": "signals-header"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertName, AlertSeverity\n| order by Count desc",
+              "size": 0,
+              "title": "Tailscale alerts by rule",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "50",
+            "name": "signals-by-rule"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertSeverity\n| render piechart",
+              "size": 0,
+              "title": "Severity distribution",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "50",
+            "name": "signals-severity"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\n| order by TimeGenerated desc",
+              "size": 0,
+              "title": "Recent Tailscale alerts",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "signals-recent"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "signals"
+      },
+      "name": "signals-group"
+    }
+  ],
+  "fallbackResourceIds": [],
+  "fromTemplateId": "sentinel-TailscalePremiumOperations",
+  "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
+}
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json
new file mode 100644
index 00000000000..519a9ba2cf8
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
@@ -0,0 +1,314 @@
+{
+  "version": "Notebook/1.0",
+  "items": [
+    {
+      "type": 1,
+      "content": {
+        "json": "# Tailscale Operations (Standard)\n\nSecurity and operational view across the **Tailscale Standard (CCF)** data connector. Surfaces configuration audit data (`Tailscale_Configuration_CL`).\n\nFor network flow visibility, upgrade your tailnet to Premium / Enterprise and install **Tailscale Premium (CCF)** + use the **Tailscale Operations (Premium)** workbook."
+      },
+      "name": "header"
+    },
+    {
+      "type": 9,
+      "content": {
+        "version": "KqlParameterItem/1.0",
+        "parameters": [
+          {
+            "id": "timerange",
+            "version": "KqlParameterItem/1.0",
+            "name": "TimeRange",
+            "type": 4,
+            "isRequired": true,
+            "value": {
+              "durationMs": 86400000
+            },
+            "typeSettings": {
+              "selectableValues": [
+                {
+                  "durationMs": 3600000
+                },
+                {
+                  "durationMs": 14400000
+                },
+                {
+                  "durationMs": 43200000
+                },
+                {
+                  "durationMs": 86400000
+                },
+                {
+                  "durationMs": 172800000
+                },
+                {
+                  "durationMs": 604800000
+                },
+                {
+                  "durationMs": 2592000000
+                }
+              ]
+            }
+          }
+        ],
+        "style": "pills",
+        "queryType": 0,
+        "resourceType": "microsoft.operationalinsights/workspaces"
+      },
+      "name": "parameters"
+    },
+    {
+      "type": 11,
+      "content": {
+        "version": "LinkItem/1.0",
+        "style": "tabs",
+        "links": [
+          {
+            "id": "overview",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Overview",
+            "subTarget": "overview",
+            "style": "link"
+          },
+          {
+            "id": "config",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Identity & Configuration",
+            "subTarget": "config",
+            "style": "link"
+          },
+          {
+            "id": "signals",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Security Signals",
+            "subTarget": "signals",
+            "style": "link"
+          }
+        ]
+      },
+      "name": "tabs"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "## Overview"
+            },
+            "name": "overview-header"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \"WRITE\" and tostring(Target.type) == \"ACL\"), AuthKeysCreated = countif(Action == \"CREATE\" and tostring(Target.type) == \"AUTH_KEY\")",
+              "size": 4,
+              "title": "Configuration audit summary",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "tiles",
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "TotalEvents",
+                  "formatter": 12
+                },
+                "showBorder": true
+              }
+            },
+            "customWidth": "100",
+            "name": "overview-tiles"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\n| render timechart",
+              "size": 0,
+              "title": "Configuration activity over time, by action",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "overview-timeseries"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize EventCount = count() by ActorLogin\n| top 10 by EventCount\n| render barchart",
+              "size": 0,
+              "title": "Top 10 actors",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "50",
+            "name": "overview-top-actors"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by tostring(Target.type)\n| top 10 by EventCount\n| render piechart",
+              "size": 0,
+              "title": "Target type distribution",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "50",
+            "name": "overview-target-types"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "overview"
+      },
+      "name": "overview-group"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "## Identity & Configuration"
+            },
+            "name": "config-header"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\n| summarize EventCount = count() by ActorLogin, Action, TargetType\n| order by EventCount desc",
+              "size": 0,
+              "title": "Actor / Action / Target heatmap",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table"
+            },
+            "customWidth": "100",
+            "name": "config-heatmap"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\n| order by TimeGenerated desc",
+              "size": 0,
+              "title": "ACL policy change history",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "config-acl-history"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "size": 0,
+              "title": "Auth key lifecycle",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "config-authkey-lifecycle"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "size": 0,
+              "title": "API token and OAuth client activity",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "config-oauth-api"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "config"
+      },
+      "name": "config-group"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "## Security Signals\n\nIncidents and alerts raised by Tailscale-related analytic rules."
+            },
+            "name": "signals-header"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertName, AlertSeverity\n| order by Count desc",
+              "size": 0,
+              "title": "Tailscale alerts by rule",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "50",
+            "name": "signals-by-rule"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertSeverity\n| render piechart",
+              "size": 0,
+              "title": "Severity distribution",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "50",
+            "name": "signals-severity"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\n| order by TimeGenerated desc",
+              "size": 0,
+              "title": "Recent Tailscale alerts",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "signals-recent"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "signals"
+      },
+      "name": "signals-group"
+    }
+  ],
+  "fallbackResourceIds": [],
+  "fromTemplateId": "sentinel-TailscaleStandardOperations",
+  "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
+}
\ No newline at end of file
diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json
index 1db435f6159..50c09195a9f 100644
--- a/Workbooks/WorkbooksMetadata.json
+++ b/Workbooks/WorkbooksMetadata.json
@@ -10596,5 +10596,40 @@
     "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json",
     "subtitle": "",
     "provider": "archTIS"
+  },
+  {
+    "workbookKey": "TailscaleStandardOperationsWorkbook",
+    "logoFileName": "Tailscale.svg",
+    "description": "Tailscale Operations workbook for Standard tier - configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals.",
+    "dataTypesDependencies": [
+      "Tailscale_Configuration_CL"
+    ],
+    "dataConnectorsDependencies": [
+      "TailscaleCCF"
+    ],
+    "previewImagesFileNames": [],
+    "version": "1.0.0",
+    "title": "Tailscale Operations (Standard)",
+    "templateRelativePath": "TailscaleStandardOperations.json",
+    "subtitle": "",
+    "provider": "noodlemctwoodle"
+  },
+  {
+    "workbookKey": "TailscalePremiumOperationsWorkbook",
+    "logoFileName": "Tailscale.svg",
+    "description": "Tailscale Operations workbook for Premium / Enterprise tier - configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput).",
+    "dataTypesDependencies": [
+      "Tailscale_Configuration_CL",
+      "Tailscale_Network_CL"
+    ],
+    "dataConnectorsDependencies": [
+      "TailscalePremiumCCF"
+    ],
+    "previewImagesFileNames": [],
+    "version": "1.0.0",
+    "title": "Tailscale Operations (Premium)",
+    "templateRelativePath": "TailscalePremiumOperations.json",
+    "subtitle": "",
+    "provider": "noodlemctwoodle"
   }
 ]

From a97e95fa684eee60ec1fa1c0fa7d2c08b22dfa09 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 08:33:14 +0100
Subject: [PATCH 03/27] Tailscale (CCF): pre-emptive CI fixes (mirrors UniFi PR
 fix-up)

Applies the same five CI-failure classes that hit PR #14253 to the
Tailscale branch up-front so PR #2 doesn't need a fix-up round:

1. ValidConnectorIds.json allowlist
   Appended TailscaleCCF + TailscalePremiumCCF, CRLF-preserving
   surgical edit so the diff is two new lines.

2. Duration short form
   Converted PT15M -> 15m, PT5H -> 5h, PT1H -> 1h on all 5 analytic
   rules. ScheduledTemplateTimeSpanConverter rejects ISO-8601.

3. CustomTables JSON schemas
   Added Tailscale_Configuration_CL.json + Tailscale_Network_CL.json
   to .script/tests/KqlvalidationsTests/CustomTables/. Required for
   KqlValidationTests to recognise the custom _CL table names in any
   detection / hunting / exploration query referencing them.

4. SVG sanitisation
   Tailscale.svg verified clean (no style= or <style>).

5. ASCII-only YAMLs and source files
   Replaced em-dashes, curly quotes, arrows, NBSP across:
   - Analytic Rules: 4 YAMLs cleaned
   - Hunting Queries: 1 YAML cleaned
   - Solution manifest: 1 file
   - README.md: 1 file
   - Connector definitions: 2 files
   YAML files are now strictly ASCII so NonAsciiValidations passes.

6. Package rebuild
   Bumped to 3.0.2; mainTemplate.json regenerated with the
   description-text changes propagated.

Testing: validated YAML parses (PyYAML), byte-level ASCII scan across
solution directory returns zero hits, surgical edit to
ValidConnectorIds.json produces a 3-line diff with no reformatting.
---
 .../Tailscale_Configuration_CL.json           |  14 ++
 .../CustomTables/Tailscale_Network_CL.json    |  15 ++
 .../ValidConnectorIds.json                    |   4 +-
 .../TailscaleAuthkeycreated.yaml              |   8 +-
 ...TailscaleExitnodeadvertisedorapproved.yaml |   8 +-
 ...Masscredentialrevocationinshortwindow.yaml |   6 +-
 ...NewAPIaccesstokenorOAuthclientcreated.yaml |   8 +-
 .../TailscalePolicyfileACLmodified.yaml       |   8 +-
 .../Data/Solution_Tailscale.json              |   4 +-
 .../TailscaleFirstSeenActor.yaml              |   2 +-
 Solutions/Tailscale (CCF)/Package/3.0.1.zip   | Bin 22108 -> 0 bytes
 Solutions/Tailscale (CCF)/Package/3.0.2.zip   | Bin 0 -> 22104 bytes
 .../Package/createUiDefinition.json           |  14 +-
 .../Tailscale (CCF)/Package/mainTemplate.json | 152 +++++++++---------
 Solutions/Tailscale (CCF)/README.md           |  10 +-
 15 files changed, 142 insertions(+), 111 deletions(-)
 create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_Configuration_CL.json
 create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_Network_CL.json
 delete mode 100644 Solutions/Tailscale (CCF)/Package/3.0.1.zip
 create mode 100644 Solutions/Tailscale (CCF)/Package/3.0.2.zip

diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Configuration_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Configuration_CL.json
new file mode 100644
index 00000000000..b9abf4409b9
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Configuration_CL.json
@@ -0,0 +1,14 @@
+{ "Name": "Tailscale_Configuration_CL",
+"Properties":[
+  { "Name": "TenantId", "Type": "string" },
+  { "Name": "SourceSystem", "Type": "string" },
+  { "Name": "TimeGenerated", "Type": "datetime" },
+  { "Name": "EventTime", "Type": "datetime" },
+  { "Name": "EventGroupID", "Type": "string" },
+  { "Name": "Actor", "Type": "dynamic" },
+  { "Name": "Action", "Type": "string" },
+  { "Name": "Target", "Type": "dynamic" },
+  { "Name": "Origin", "Type": "dynamic" },
+  { "Name": "New", "Type": "dynamic" },
+  { "Name": "Old", "Type": "dynamic" }
+]}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Network_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Network_CL.json
new file mode 100644
index 00000000000..2a49931e28a
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Network_CL.json
@@ -0,0 +1,15 @@
+{ "Name": "Tailscale_Network_CL",
+"Properties":[
+  { "Name": "TenantId", "Type": "string" },
+  { "Name": "SourceSystem", "Type": "string" },
+  { "Name": "TimeGenerated", "Type": "datetime" },
+  { "Name": "NodeId", "Type": "string" },
+  { "Name": "FlowStart", "Type": "datetime" },
+  { "Name": "FlowEnd", "Type": "datetime" },
+  { "Name": "SrcNode", "Type": "dynamic" },
+  { "Name": "DstNodes", "Type": "dynamic" },
+  { "Name": "VirtualTraffic", "Type": "dynamic" },
+  { "Name": "SubnetTraffic", "Type": "dynamic" },
+  { "Name": "ExitTraffic", "Type": "dynamic" },
+  { "Name": "PhysicalTraffic", "Type": "dynamic" }
+]}
diff --git a/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json b/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
index 0a126ab4fd7..fcdc2de464f 100644
--- a/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
+++ b/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
@@ -302,5 +302,7 @@
   "D3SOARConnectorDefinition",
   "ValimailEnforce",
   "VaikoraSentinel",
-  "VaikoraSecurityCenter"
+  "VaikoraSecurityCenter",
+  "TailscaleCCF",
+  "TailscalePremiumCCF"
 ]
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml
index 9a163d91b35..5a49799e49b 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml	
@@ -1,15 +1,15 @@
 id: 6b052c8d-5de8-eab0-1956-69a297765a32
 name: "Tailscale: Auth key created"
 description: |
-  A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet — confirm it was expected and revoke if not.
+  A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not.
 severity: Low
 status: Available
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
       - Tailscale_Configuration_CL
-queryFrequency: PT15M
-queryPeriod: PT15M
+queryFrequency: 15m
+queryPeriod: 15m
 triggerOperator: GreaterThan
 triggerThreshold: 0
 tactics:
@@ -35,7 +35,7 @@ incidentConfiguration:
   groupingConfiguration:
     enabled: true
     reopenClosedIncident: false
-    lookbackDuration: PT5H
+    lookbackDuration: 5h
     matchingMethod: AllEntities
     groupByEntities: []
 kind: Scheduled
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml
index b6dcde87f30..c0f2831d89e 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml	
@@ -1,15 +1,15 @@
 id: f42f2906-c8e6-23d0-e48c-0620e50d5510
 name: "Tailscale: Exit node advertised or approved"
 description: |
-  A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator — rogue exit nodes can intercept tailnet egress.
+  A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator - rogue exit nodes can intercept tailnet egress.
 severity: Low
 status: Available
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
       - Tailscale_Configuration_CL
-queryFrequency: PT30M
-queryPeriod: PT30M
+queryFrequency: 30m
+queryPeriod: 30m
 triggerOperator: GreaterThan
 triggerThreshold: 0
 tactics:
@@ -38,7 +38,7 @@ incidentConfiguration:
   groupingConfiguration:
     enabled: true
     reopenClosedIncident: false
-    lookbackDuration: PT5H
+    lookbackDuration: 5h
     matchingMethod: AllEntities
     groupByEntities: []
 kind: Scheduled
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml
index 693a9e44e41..cbf4b0cdc1a 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml	
@@ -8,8 +8,8 @@ requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
       - Tailscale_Configuration_CL
-queryFrequency: PT1H
-queryPeriod: PT1H
+queryFrequency: 1h
+queryPeriod: 1h
 triggerOperator: GreaterThan
 triggerThreshold: 0
 tactics:
@@ -41,7 +41,7 @@ incidentConfiguration:
   groupingConfiguration:
     enabled: true
     reopenClosedIncident: false
-    lookbackDuration: PT5H
+    lookbackDuration: 5h
     matchingMethod: AllEntities
     groupByEntities: []
 kind: Scheduled
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml
index 7571356a77f..d3928b81c74 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml	
@@ -1,15 +1,15 @@
 id: 668b43fd-cf28-961a-85af-957850df5027
 name: "Tailscale: New API access token or OAuth client created"
 description: |
-  A new API access token or OAuth client was created in the tailnet. These grant programmatic access — verify the actor and intent.
+  A new API access token or OAuth client was created in the tailnet. These grant programmatic access - verify the actor and intent.
 severity: Medium
 status: Available
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
       - Tailscale_Configuration_CL
-queryFrequency: PT15M
-queryPeriod: PT15M
+queryFrequency: 15m
+queryPeriod: 15m
 triggerOperator: GreaterThan
 triggerThreshold: 0
 tactics:
@@ -36,7 +36,7 @@ incidentConfiguration:
   groupingConfiguration:
     enabled: true
     reopenClosedIncident: false
-    lookbackDuration: PT5H
+    lookbackDuration: 5h
     matchingMethod: AllEntities
     groupByEntities: []
 kind: Scheduled
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml
index cb63c61af5f..f8181059e59 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml	
@@ -1,15 +1,15 @@
 id: 1e7249c2-1a9d-05fd-45cb-c859eef5b8ae
 name: "Tailscale: Policy file (ACL) modified"
 description: |
-  The tailnet ACL/policy file was modified. Review the diff — incorrect ACLs can silently expand blast radius across the tailnet.
+  The tailnet ACL/policy file was modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet.
 severity: Medium
 status: Available
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
       - Tailscale_Configuration_CL
-queryFrequency: PT15M
-queryPeriod: PT15M
+queryFrequency: 15m
+queryPeriod: 15m
 triggerOperator: GreaterThan
 triggerThreshold: 0
 tactics:
@@ -33,7 +33,7 @@ incidentConfiguration:
   groupingConfiguration:
     enabled: true
     reopenClosedIncident: false
-    lookbackDuration: PT5H
+    lookbackDuration: 5h
     matchingMethod: AllEntities
     groupByEntities: []
 kind: Scheduled
diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
index 971860475ea..475c2c9abc4 100644
--- a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -2,9 +2,9 @@
   "Name": "Tailscale (CCF)",
   "Author": "noodlemctwoodle",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** — Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** — Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)",
+  "Description": "The [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** - Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Tailscale (CCF)",
-  "Version": "3.0.1",
+  "Version": "3.0.2",
   "TemplateSpec": true,
   "Is1PConnector": false,
   "Data Connectors": [
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml
index 3f05846f874..26e49979708 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml	
@@ -1,7 +1,7 @@
 id: a91f4d3c-1b7e-4f2a-9c1d-0e3b5f7c8d9a
 name: "Tailscale: First-seen actor making configuration changes"
 description: |
-  Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials — review whether each surfaced actor is expected to have admin rights.
+  Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.1.zip b/Solutions/Tailscale (CCF)/Package/3.0.1.zip
deleted file mode 100644
index f42b2df7d903435791266c2aa1526694c8003cad..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 22108
zcmZ^p1B@@hzvaiaZQQYKTX$^Rwr$(C@BGHLZQHzK?)|^_c9Y#?lTM|o)9IZ4_DS`p
zPnDt!C>R<L5D*lQs&I|Y7J$D09uWv=TnY#X^WRxxCsRWgQ&me*Q!`6DOBYLfJ9;Z;
zd%J6$ODEjX#_#&_vjHx85XOcA3of+`(sHaZS(Wf6PqK|Vw94NQJh9tMX67r-z#*Jf
z6Cy{@4;G$DDzjJgZbFKf*+{w*Z=_M3&Ccg<9Uqr@1m7-*1uwho(~Sn*#%ISfsm~tF
zkqSvcRB48R6XaL*I|fM?MPBBV;p1ON7CJaOFgkK&5SfGa`Me|TiUZKKN#%On_qvIn
z1}*RPI}u?MnFlEF@J}iw;@W)f<5FiG%R)AtqQ;?WO8^!XA8qDA7#9nhTP(j0NT4~H
zmaOQSH~a$1tCxfNsk<Gfsmwo|Rr*sI=;tSkcQM6svA=ZL&VC|DK&=-f)MGW^w8=9a
z+Vef5DV8S^EhK*#!r$-SJFCe5N=XjV3^#KsW3i>gl$Fe8j*QebQ|HrwzIl*P?`Gg<
z(ARw;l1MzRd;6NCaV-rStZx}S+(()rXO1>-h=a(1NGF|YN%10Afndq84kk)*m6i4q
zzO7BmTXBM0TJ8P*R`9?$TJ?lZpJjZO6IsXn@~U*q<fxy<9`XvDt)9_}{yaLnOD+yy
zJU^$D=*?9T2|-Q@LbTu)MC}-xCqlD<X9<}MU7!IU(Av#|(rzeeK-GrVQP>JwX}kxL
zW{rbJPm^Cj#<-A*E$E`}I_Q`}$yyeRb6BS}Vu4<@A%He%K;G5CwMc+#aS^P5t8Jch
z0Y@OmIGe&r3+m^f+&Pvoj;`bw+duk@gg-<KkIyttuqtJA-OxayrZ2~C)R)8lBb>n$
zjrS+0<++Saiz*Wb4>4Tb3T|-!<jr{$%{)xRpPLUKF8r>(_Xo60$hOO{(Ep^}fymXY
z@FzWTNs~f_U24<zn^|&CJDT;z!6R<OYMAU%0sa6e<6xR`kT~H8jXS#!HC1{xkwb<V
z8DspJY!)740MkDAu)JWd_K#+t&c(8J8C?FriRzQCJN|M7>rZ`(h%%00V{_1cyNNV0
zV&{y(O)ke8tuYqIo%Znjm}>w@S^L6obL)kDe8x<xIF#Db<6-!4WoBzbCBwG{6#Du-
zkV>?QEl#$vN=OPi#@h!Nu2YCn2>-_cm~eKR?=P^tXj$;cON<8NaD#cS!ltw)sa)t(
zm-!hF;-wNho_W@zJ!yP$Bsq3Q)hEnT%yL<AGfrM;Tvu@(mN4@%C}j3!a^c=UBhY6d
zkn)WXhRbP-9pGfOVAOMvf99#Sy?xBqshma0xNySvsyKN#a$K9c;E1jig8aHDpB~?{
zNIlq-=93J9j>%HF=K7^ZG!;uPoS*&^Z4FC4dDl$_=xf3M^QUv&W`m3qr{CeVn>{*n
zC3-p;b@*r_5-raY+YOb!eANE|EEn#3wix;TP2}SJ0WMQXF+t9l<$4>TO}DwSzkD^!
z705sMvYWN+YnqTlE%VX^3D4zNxi-Hg_hMud<PlEmS}y8ToB=#O@3UzcXoGA&8>N_H
zvmBl(lXVaf)^*N9k^f7Ee?=aO7hpoQA*C75XNVFDJJ8eKERSf|YiH+O#*!EoW|C`D
zzkDP1_h*$(Nh-HV*NA$KX$Ei8OWsD>Auh1`Q_4YDY<n0=4GNnZ$u3y0lEnbMik6kx
zLZOBYpTuAwDsw1{=Q_uwJKUdjBYl&_TvV~gi=0*n;0`zQs>blLAyCcF(NzN>9G#!Y
zykNxQVotfs@z;KOq;_)7s2LXCFBw%iC&j2Ll|{>qe?dzRD$D0KXlp@7vM7~N+djmk
z|9A>`L96IT*h7sDe_*4(XlRMp-aXf97!<Q?hN0PjUQWMgLTBeTqE0~4!ZUb&e^0Cv
zlKISH8$tFcOT+dyUSHRRag8Q(a?qhtjmr580PzeNxmO&Faj~na<ToqLREPCeTs&Aj
zc)$Pe_zLci-g&~u-|lj+cHab4(!<myjf$toKS{UX%CL(_)w+`uq|grQ$Pfg_oEj<z
zwCsI{<(`VC=jaSbOF}0-YtgI+3BiIte;F9$8VYlDDvKrfkCsSyt#{IDtj8l=Ntm7y
zx&Zq#N~SIOfT?x@^S&qXk~0}>y1&cT&#By^^h1(X<X?wu888O*IB10UNt@9=(_G<w
zx}YEXF7xzU;Ku}Hh1QEZI4tApJ`Kpa_4@iUV!8C`^lM@rt;Pt+XyG<5TA?&P6*Zx(
z7`|bU3Sl^l6uX01Ok%fgPLUmY5bI=&WaB`n5x%rscL3m?Zltyed3=rmd}FZ_4uSPs
zgeCHroBC%3o11e{x${75UDnzfkbEXfNEY&Rd16b?Wgf(V0@jFB%KfcdOVrQ5sxnL<
zFKw5o0+ZWCoR#;ugR%xtM~?!crhg^DRBhxw*=)mvvoLTfQ-Ql9jSo<G6#;Qtc6P<C
zZw&17*d1uVw6yiE%9S9y@!E^L;n-JGNFG2HMS1ngsS8u?M7UjqUoKIIvE25Vi+~iI
zcqLceGP&~B@$6i@JkdqHo~_nX<|aH*u${BMBQ7Ns|EwmtuO@kK_77}oEW2?okV~)b
zXbJFC<G4UcS>EwbfY*y8>g9S8OA=op_;{59>OR(uYqbi8FL8Y@XU4np)oo861Fu86
z%_uK2AFl&Y=(#469&wo|gsc0iges_mJIA5Rw8S^C{@iCVc~nC;#9>43tk_>fUP-lc
zpdf0!R4ZL-E9so(vImVj7N$CE#Ec6=vi0avs>9xIj}JOGsdnJQyMoV8+_J4F$raf)
zd~L&Px%p0XmUqi+`t5x8f`jT#Z?=p;+#IFivR{B@CGg7EQ^rdW2_r1m2A0axhHA&}
znRr21&ZvYXz+V2*j5jiKc5?a#%h4+Up*qQ^Q;sa&vlW5J_i7|jmffHm-WVBv+SUJ*
zUBbJ@W<%F(H=VmGaq5MbTiUW&nE2{N7F3kB?}S9cb>4CB02@65iN#my>5EN0f!b+;
zlQ8&-NtzV*X1<{3*f94z-`-0vJnjA^k_^2ig?(}L*H$r1m-LHdqQTkeRsuVVYn#jT
zEbnOLFUa9wrlFFwczBsTJn%(wM%a(LSCjVvFfNnd6mLK=Daox9N)vwh4!7>-_eXSz
zq(02|nGWvgQJd!Rq{Hv;Cf!+w>aIeJcLI+=CZAXu?pTPlG8cMm-#qqh(4Gi(Kc2cm
z&6(}CFjU3crX%#`r>4sxdsp!cMf6~?F*s!e>0*|_sG!6PRlX!h%_8K#9?atho@GUG
z!e3)OR3dcye2QVloU6Y}thrf*&hlkvArvj>PYwY4j_Ol}&GVv&l&040A(38<Qk`vK
z(Qmw09g3CgVe&-sW#;T9AvFmVIXa*{)X<<T<29gzZFd-0wS8`LPlbK=>->GltQLWn
zUm7v9Hw#7$UX~$2aOm^WK|<Xou=^H}T}Cs7MID%NGKnMw%v#b~?lh>1LN&zMWd+UJ
z7r6SVOe}&HOl?cBU`&vu0(k5MSD?81-6#kkG-f`LBaw>ZCIP7~+@6~no(}37mF#?E
z78a=0EhwR=GetR|%_>5{Eu7*)P%y&CQl#)z&(Z}4lZoo;e5kZ85mqj6YB4jscJI+<
z;X1KWjV|y@j4T!}g!L=9cW?ZRk16YWY1K{@1q6*CK{<b>TMDhnhMz9n<{#g-3(i$&
z6X%eb*F-hPW@5NShs9r6#Vy3Z)8?)2pwY9Dp(+KV8%l{*cgXHoF${k5QlovjsG^Tg
zb!vDF_tnZIGDBC2mia)FXR;Lsg!YxRKvvRA7sDFfgNiqM(nh~Csfk^~S+-J_+wouf
ziVVKMGIu7wr;24Q9~ES6Ym>?zf?l??eVIzScpnSnltv}m!Ex-T4`*wmd_e`zScSIY
zG69AFJ2Fci)G@Bc(G^u^Wd^W8k{tFJ%GJ+qvX16*?#6NX-YkeMhKADsy+4ymSQ*KZ
zZZHLLgrzId*fN-@;nKoabWEu7XvCQ!V0~d`s!dr}^^0_{liFb%BboP6U^PxITsVSh
zCkBVSo-G_j!&Fl4>rFVYvYh!v0cvY;S@nU&kx|;zsdmr4+<e>ohBq7x`fk(!efinF
z9O`Je_Hx(>Mfm4w-VLaAnKPMDa8=%nlbwo9$Y*@;ZUvB%6O*k?ya|+=suDXIim>a9
zwY>=_7_Wi?TtRYEW-%fDlStV07xI-|BFq_(7YYgiDgy+?dQKWlDoc=3#!)r`^UJ=t
zT;p?+fk+`@8}&sSD!Alc>uS{LrM<2NReQc<C-|f@7A6NGY5K;6`FJJBXOw+^mi+ig
z(G5h?%iCXP0<h%yoil+BQm|2}h1_!8g|K`ZJT#o_HJ;)Ue^X#%nl79>$R#k=2b60$
zwc{0H_iW(95#tdNM_<nMU!RS*CHF#p_G+W0DPd|{5^3H0b+Sg^3$cJuRN&2AUgB<A
zrn=!urqZ~#M1hb$#m{-sRAQo{F8sw)%9cd;*!{@CkX7pY=2=gR35(@<*Q{42)52<x
zt}pv^$ytid;o5nH1&y~k_9?_t@$(b=q--@wN7sC&m$>~zv207nH{O_FrL%*^N5p`-
z7k9qs!zf+&%Hu@GO+yS??s17z1<G`xRvRsHlBCyaMZ{cPl_vmkgWZB&4ef1@VQ3T~
z-XtY{jeXo`dWSSGOje_MPV7TYwNj({PTI#m(iCG93sU8VC@|e{Fv7SKA{~=EztM%w
zZQai$te%&~h@%8&X>p{Vmytp6;qmy0WSKFQx%B;=9cwi$L)h<zGd>}8p;CjKLOb#L
z*pPX2kD&&kbgDsD6-le~3m}NY=FsHlh$Sj^?e%SHX(<0#rprIp>rUf!HHWG2^=K+p
z@dUWnlJu^JN9ov9NkrVttRT=mrVnr`AQu?^Z9mg#?j+BBo!&khVkyJmxEQj5m**)`
z6oQ#yG(E+VT47e1wRtQ7eNRcHEuEn4fR*DIyiBV1bbu(N<&XgAKt^m-<y5br)n{RO
zR+chURSQ%;C)wl4(&D(q(4+TuI{BnT-3|B5L};Zdw^Z+nXxtC$mL^06Aye4Yt`H^C
zT|QdZqCQfBvO{u9U0zLTlclK)V>{_CqlH-e%*FQuB`+J!M(7MDm0nUW=few!^@cvl
zRci6&I{2mx_uCNc2^6EPpwyyjnuwzDr*p?llBF0`;-_f+l2Ck{U`BV#d5;g5|5>kk
za3HLDfGoMhAU@xiD+2;z&@AW{cHWS0a`kq=N4ypHCkS7l#Z5<-`%@UDW8iYmf~iTr
zst8M*6G)$l*H4XUN$?mJ1XZ;K?>{ayYv={mES@BqyMWi8F2ojbr(XDj=w*h=S&Z^J
z*3cnOb23gq;P*iFggt@}Ns`jIAWY5owT@;W?mf&A2q$sAHd=<e8h_8t!PVkkdaDz?
zt%FR^YB%&kFCyIi!(u<mJbW&HIonOlGeF3f4EQF|ajXruFOyl-<x#gBbY1g;zpie$
zuKw<xd{6i596sq`W?N@cbG^+fd3)cv^!|ZR{J&BHqLdjITQMLYz&r>L^1qb8*3i;U
z#njfp=3iFu-}!*=xzlDF;O55<CS`_e)lDmjT=OBpuDp(vC$htKl*f&muZ;#iF(D*_
zWEspt`#iVmFVZRWO>r(|dkYW((Xdhy9pY5o23;~x+seSeqapl{Pq^Z-Kqfnhv5sdX
zHR%lH)$vK0&u>CwRK)R&jIOv|ZuUy+l{Mc{cJ0^`z1sOYwybRKOso~O3EhPIp}w4@
zUdGAKcxm*FRoZ0K<R4)haXM7~#Tt%1|A(gxhZ<vq-JesQ5Tq)D@OWBWn5?u?T$7r6
z+<OrfB)YhLW4Nds?Xba0Q<57$9C%t>T>~pdcwDer_fC6u>RsYTIUm~~TV9HsHQLua
zLrbizyL=**{YB`&6YSPXE*Al~rQd%uGDP^Rx<uuED&-;8m|hvy97JmcYzAmYSH`qA
zohUAGU2jqSsp-Vt+_a6d<S6O6QkA1g!;!nA-Vr1yh`HyHTj#)7!W#JM9Q{H$4e`EQ
zul$PK_?z%V>T|Wap0k#A47FEjbI<&jk>5p;*sv)z!qt!oksnuMP4ye0S0txN9~fL%
ziZ-B>!d#3Nt&55SZDYmm4?&OAfhq@j?GJi|d!SU!HYZ6}E5KkU&Jm}X*``)k`4b8i
zAz-CSMW+@K>t(R2mXSycpbBXFG9-Q(4H4mdYE?r-HT9fy>u;{TvIJYEuA1bbw9p{d
z=Xco?qsEtZ5NeCK7#JB(RF2F|N34P6Doz73*!IqHGIFwp0uW3?c#=H`gt@(=Mosek
zvgdsY8Y@=3Z3~E5N!D|csZJi3%cB1p8;q>34;A?6+FJV-%Rf<TZK822#qhP@i#~a3
zg63Xouc$UdfMkWY8>ION5Caq)!&YXw*j;TdaW$Luda$P!l`{BvlNPb9=rRjgvSTV)
zdIbDFmrrmu(O%$-Xxa0-p~vwJQ_p^@#-=E*OxJo9?>xeI+<JRWNo&4nU%Ty2u~Jok
z?kl(UV03BzUFOPI;%_^guRVpI&Fkr5fBplwk-@{|OP=44XqNM@GO|`JnW^wwoVcqD
zxav%^M2XdQYxPbWdOLLxYVSTf|4tTRE}#Jaoka{xQv}trXRB2pk%V)PkpV_gWzD8r
zU8{<p{C$m7S#}xa1DntVD2yQMCa8FUi=OE0+Iqj<qDnuYA-*wj9MpA=m-RJLsz53-
zwN=h#SU2;qRNDm(%r1PQ)bcWmL{+5#xXQU2{nLa{_d$)PVEkua!*^!)yjGF2<L`3L
z#YTs^t1Y_9Dw+K0(nhDbnh$yU3Lr0R#mJrTt)FS^;~TT+zN`bSx_%qF<2?U72>rQP
zYlaWF1Jv8wyLER5=ZwvEZlm_vmc!AuH5js`duGP2ybzH)c13<JVIz)%r2<y5?~`jD
zFZ-dAAp|sd4e!Ep0<?NgD{mGu+8_j^zVt8jd;#UdbXGQ%Xq_rc3+ATM_4K%?g*DD9
zsX3sON6Tg8_%$j7BBFz*!VO1oQOgy6)A|51sU%lsVT&E5I=bpx6Wk)P_Q+Vu&q3~2
z_7TIM;GE@cwXhq2(`6m4l$+KyU#+V30blpZ8Qh~*XYrHuhMjqQf>3#Hv{cd!0AqEV
zH-EOavlji_j-TS;($4y+BRjfuprbRjuv5F;RXt_vhJ%~VR=wWUrAeE#ZMTB$g?qE*
znr~}kbAA10uU0MT#*WT#XZrqatE01}%98^V_084&5_qc9Q-ivu^BQj3_H;#8$!X3G
zUduc7Itw5Ju&$-+RwBLDtzB8OW0Nc|bmyKH|0f0Wf23UhZz<mYBV}`ZZd=}N8=V}o
za~gjEXK&*fh{FoBcDd3O0C=&&!M=Lp>Ez*&<CR?4o<VWp7(I2qv@=)z_ZX3%9h;s&
z9ogZfaNGD?0ceOn$4K5d&T7i~<+;mCPW#O`JJtvr?`dk*&+d}7d=~o~c`HlS@J-9N
zaBhEeeGwtyE3a#gN?6~$#ho7<5@ecc;l=?@GHNMTw*W~A`^%Oz08fSMm|Abx6GkN)
zq^)iC)rB|M%U>x#3(5G&K2f?!D>GSVs&-RR380y6jRODo=E94COG}GZz74z;-PXK2
zgf|%CyB7brU9Du3C+8UXx?7mZW;;2J^u?xa6U!RG(gxUzHBTF8_!E1b?NjSGJw#PQ
zo<h?#x)eJiWINgBc!CXOtBIJ@!a3aDN6Sn>{j%G~W=R<b_m`ITCbj{b%99lTxSJZ;
zIxpT)($&A4w>tlmkN2nbUaxnz!q!->{@Ri!7{}7ix+ShB`omZ57M1Q42GIRK^4<T*
zPyQ#LY-i)#Sk8LI?VY>Q&=+$Rq87g!Aou*9Rfl}`;FGkixx7OJ`A<)0Hu3uQRuVe-
zN3Cvc{blV&oj61b|N7<X-3oo>HC%&u1b+biEam#P>NUKR0}`p`EkB=S^9AOez2(4a
ze%`sT!^h8fXJI^Rf?w*M^DTOKa!S*1KDkJ@(EU!G39QeeLgz&kxlVUqG-iVpHPY&k
z&6lYT<JRLTzk}yCJ?>aiz^61^d>%nqD4OTy#LB{&_AIaThE`b;;Nh3$B`~!mjf@oe
zJa(5kjpb$kzmc|7vG79=rl}JGK_(MNe4ghGZ9I#q>Q2#$0=<2YVXFO<rf1|g65Q-s
zRBnkD#oPN>O0<i*3cpX8fe~tz25AdUEuH1NPWIYSR#J9BiFF6y4C!~M(wK&&Eor-*
zfigNkO9jrA#(xOqYV#p1K{!`7qO$p=Y!~+6p71CQ6_p<qE3S5Q*6>_6*@#t5%u=$V
z{I5pmfXKXj(g`?3xBt71oQ<`xjXZiY-~HBZiI{n|@QQBWr(jTu92{?M3;3fOGjXwC
zYE*tD)fuOXKy4bXv6a^Z%E94{+;{OGYLU};-j2#BixIOQ?K9o60p?FDx466S$|jAI
zg51qLhAD^7n8hl#=L0jm-VqQ~{fM;yR`!oXu5y^(@6>95Zn&ehY;RDTnGAW1plUr?
zEurNqGo%ZaHk^rYd!oBZ<*xfXgej>JWXT97YfT|}0@KvJ4EKmg(|BF@?rvNx;d@5n
zwcFFxw&mr^`K8;>Vr{Xnt>Wj6hzQT0y7<;dI^T_T?o7A3mPR+<hvU7IlFk=ZLhC;-
zc0(WG$@LqX9QuB}7K+!~3Slenrd9C*3p?6}7gwL<$-91RaMNqu*Ym5_&3|{~;(Kn|
zer&(KFBSCf%lS^Py4<}#k0YLUzWCq1)Vnu#ac-V^@Zc0WAg7a~ckUh!EH*wCc9sGB
zF7NgNe*QLj?D9MJ*01#6Pa>y$whFtgevW=0kEkDCT~huZE>=H1Pm3+zmCjFoTTG9&
zBRBUemcc$9Y%@JuJD<;&kkv2G`rh5u;+KzI+ZXr*ath_wwYxoetns}$eeT+ni*Bc{
zMXUVZ51V(7laYVFyNL6AKfPR>7i`_V!XXD283=Qgy&M*Kc%63K5zB5ni|AhICam;R
z-ybwP-Cs9X4;e%@yuBy<KAs*g*WVQMp9Vp_K3lr0yL}h?wpWQ-m0PdtDKSM(j~2&Q
z7ymx1zsU(jf6!T6Mn#+V=G`STh@7TKbH_8JxcBC45%^;xDD>dD@@gqCd>`jzP+IX&
z=jIY@e|=wVUnYLLaejU^2r<z6S;Oej$CY^=mB^9D5_504KVZ+XxX72oi_wn^kFSEB
zE?v4)fxhNa)h9C$w#M~7hEeLrZ;a~i_;9_w&vRu8?~dKdtb060+55Vl#}!T&t3OwM
zOdZc&p3bo-wfZ|U^0v1H0n{J9*7+~l{*}v;>FdT--l7w_<7D!2TT0$5jGFKIdsyk?
zi_7Q7mB3RchXBDoFfaK==<xB5V=g#*w+vq4CE4=zi7YXU!1t^4=XqK^WARU||Mt|x
znSQMDhTS8Ag59qBX6xkqb#);(Mt9F|PlOl!TW)3s&rc2odOxj1`r$FTnUCGkdZsAQ
z31~pQ%cXctk9nFQ<M90bFsvMHXq?UivYX3<ewSbvn~B9&z1$!ULM7K0T<SY4@+!Lr
zs8X_a;BDey1()b8A|AgL@pQq^kz{iu!fj*!#o2Il{6J^|^AW=+^6n&y5zCrS!4n5N
zF)mcLSHq{1w9OC`o9uw**D&nkNK+zgY($a-1?BTl*&TW-)&c1hGJ6KO4{@Rt=M~Rf
zUxOW3vFiSA1UzWBN8#K)fLiSnlYy6T%&V&_oINiFNUoGgTjExK%T8p80M$-8uq47Z
ze7F(#-#a5FSsk!syD4^J5egH%iSt<ya9`ee-{O<6ga3dJ1U6?y($?pu5B+(AESfVn
zD0gPcog&4tPv=8)-wT73$VC(--AlZ1ejn{?8Z~hEQ8>hX=P;V_h_QW7Er8{w_%QbA
zL=f0PK?Mwm?gBYSnSdC~b`%6)5h%bhw|<LmO$X>F(->2mC74sM?5<lmT7Kg)O`cQ;
zh!F=86G82OsD)(3iU;{r!8Ur%@rk2O7HpuwR|w6mEu05TI1e4fNI_15?!yK?zszrx
zBX&m@voTHT7<fx^8sTl`Y%B5$TWheeuNLeK0ruP|X%nbfP1X+tmYA#UVBJa5l%0YR
zX1pS_)rU-i^q5FHQJI6Wu`RTELOKZJ5O|SmN5?IM>&IN2;Ul5_Pg=nFKiQ;?Pd3B>
zjLM-I-dF9g$lYZ=8!c3n?8C$11?~xc;hIpohS5pk^-OFI`8X*e`9r9RhIr25m3ftk
zASt=+SbZ`>w&6bM%D2?0M)6djvc%sy_(5_rIxa*?e&Z-9lpghNc7h~I(Ss#~(o<JK
zTTWaeM!tVhUD!cJ{a0z!xewKwp<T59Vq7VBUNBE*9WmG@_u^Zje$j?MZc}sg#cg(u
z(?tUs^U8DN;SO3eG#KTRlk<NvwQmi2O?ix*xK2%&N2|^bId2T$FoupQ8JN?(oDl}h
zEKtNUND;x<YKYk`x2&}T@-+yRos*Ff(ywfkr)(sroC>TN^zb6cU$NZQ*}x`V55Q4i
zeoNR_R2EkrzkcXoPxPrS=8vZoLK7st`dX+sjsKQO*0B%{CSGi{Q%+&y7nU~C1bvA_
z4qMfcSMCMYXKD}^PurJAR;+%$tndBSI<3ho?ifW5mm(^zX}xx#LM7!Z6<;8d)R`g-
zcrE33FXewhfQ9*~(o<0D2M41cRafv|Sm3A3($(2sN6+loEY<=(7g@{4om`223XnOF
z_9DJ3>S+iQ3GQ;^Y@IrGjp{t)d43=H(n||)nJ8jI{E~2%rrw{<hqc48#6k|J0NOQe
z!T9D`2zPh=IQHxbf1aB6{(3twFxiS`yS>nxiic8u4YLZm-mCIBe%Y6L@s4(xvDw`k
zM}M1|He3j8)xYy9+%#)NUgwfpjVg5Dlqv&vysj#ytILbINl;u&4lq|nWkDQrIFMNU
zpp4D3DCyRbV=-rLw8>j`Tg8dTN1f?vv;juSDb5g@rdc*HlzbaIkEVME)}S8ysrLkW
zrZAl%rX?g@NC?f)TJV5a&cjvE2ot7f@7bE;p@R4BIG$ECJSqmdbCj@7?)}Dh6FAaF
z16aqJ<qZ=No56ToY!`k7$K&a&t(gQEHXlUG{wB-vkc*CNPGNm>%-*{vo`-`<$^g-5
z10c7ci3%W_FVGHRm*-h2?~yCefjz)S7~udNKDEbj?JKfFpH$FGMnKIadwoWUH+6za
zI}CJiiUjeq-Dg<2i-N`^rcMOPh<dgJHP~>MoJ2)38oLd@$OM|6O%@Odz-2lwo9ASm
zqvjaG`<`AO(D?rb8;(GCFOj?uzK%?3|HuIf(ld#TOGY?(jWygRYs~fV2DX;i_>*Tm
zA8~sYa+x5>LE*<<K9s~i*d6+Q+6%6S)Rpw*W(lG29Xph$5U*2uGnuXBfu;RE=AB(%
z(z)dkx-DQl8LiF!Cw}N4K}C4$O9<I2^L}eAy2qF7bY+eCb~q;dIWgzmXtJ;6gr9j_
z&IcAka)SBsZZqUVMBnU2K^+FV^^a<L5A~d4r~){l6qYmk<UVS6K5RF_l@M&z?G@*z
zbNk1EjdoO<u2XZOb9xSNrh{d$ullCxB2&yjr}6Fx-;;yZ92U9rW|r+&(S`j3Z@&Ga
z)>2O&=>Q=c4LOl@Z;o|3Cj+>V-&nujMxIHaeff3#ZHoQsf)QKH<hr{Up@7^v<Sx@D
z)yHm*ex5g>Ich)<P%<mxJsL$__efHDp0Z__CO!8sW-i)1U*Yk|(!%~(bJ82a4CARm
z7J&LBFo4wAv`L_q4e2M!tVd*I|I$V*|0i@~tA8Xk7810oHX_2g+#aPz3n$L*Jc^1F
zR}OnQZ3XkCjld7{1-kTnLi8Q`2d_Inn=WY&n&<N7+g$c|(TF2F^^NZ*@%Fvm+PU*P
z+%CcF>nB<VYIX=x(#?7|0$n$-T1&y^)QCL(hzR=NWy-Z4GyQo4QRmJfC*dy-;cn&P
z{gxy2@7$Qhtq<kgC|GV(b8h7HnZeS(4(Gf&+=&0xy=%%1mnq->aKw>!$H)tuiQ<8r
zJw@ZqXK^?yKwT*lE#EEGk*%F*=g8c5q1?ePOF#SLoj%i{Id&r~-;TJ7-Ac6S%(KmJ
zWxjdTm@rxCCSJjnYmqFFeL<UjMwWeohl_xib^@0@3e7%q=FcTxFXQZ%J37vm?`#cR
zz9MVBLQA;<ce?EIaUg*DA+Sj0s#f}!r;y+5bkU}K@m0~9>+|NJ%?;h1I(IRXHD1A3
z?{r=VBK(C6;4@PIo+AhgO+9`7w_loSInr7Fbh=AEyFHf;GhGkZd`f44_QXeX>zq04
z@OGijCy4{qQa)w(1~j!-`E=}4K2gRsOjdLuKmG5a?hyEllbg<1IqgonBSHDd!AuO5
ze9T3xRn4Lipt)#6w9DBjOxY-m<zPTQf;x~&K74#8j3s+vI2ShkMnz*RlX2gT&sE;f
zk9bE{Gre$|P|e~cgSa6i;Rbr}1bfI0F_=*#{G!)jFw%Lj{>&r*KiK=0#{bhWDZ3S6
zdG*kYY_|_-X?&V12?j;2!V-liK=45^p<qsiSR#9yr41)dO8sW;^xkAT1xNY6GCPn*
zy4165NK$^?W>nB&399jHi|cheqG|uoPj{w_^_pN$dtSE?^yVCoqS*B~Atcoa(ZV{>
zaSakW%??==Nm7ZQis4%wXCE|TNJGDM@1hC5!qYNZU>%Jd?&JED5-dXury6r-`oPGg
zEq{WzVZ=>(byKh+9<GpP&km!^`>@{!g(moVMph}n;leEw0V2raMb&N_ILW-^Bh!)l
za#nGq<_7r0ts(}9qE}-T&oA3tEU322IJMs6vM%BG9{flnh!iRl#jhsWU3`eaGtiyF
z4YgDjtjUd)(`$fl<fPQyxeal?9{B;V#P;Ipk6g*+klFDylstpeyFrDlI+R6;_Ae5;
zjf2P}bxFr7FWkkUw-($Tg%P!Md(><XYvW|^3sP$zHQJj48r=ZX=qiLAv~WsRFJQjH
z>{U9?`z|V4BPZ6kI0L??gE8HBYl3|bW+t7%qUp_z>1jE5xL&I`TO{RX7Zm^O47mtK
zGM-7tWHvA+zmsvNm=8btClC?n0hDxF-okyy^J`s}&LO_|{+c?gSSMM~E(cqdl@J!C
z{Jmz%ka*g{S^IeUgJ@`(a)qU(+Uz_}VZ--pGE6X<5{`i+M4Vjt^2LpDDY;dKoo;U~
zf?kuWmy-K9TjbKc0O#yyeCWt17Ud!l^Uw@08}x>v7!HB{9K1!Q<DV=t@omU@Chv_F
zym>io=*=jmM!X%C*+{cY?msQt5tvRZubgwN%=`0+z(iXlQDYQo<0!2e3k3I+W|`(0
z@kxAfG(Vb<#p@GW2p%bc=bNrULJH^Jryo1(u$;TY`Fb#3`<|@`v;7}8Z`)Lr*{Wj<
zx;u1y6`iG$FGromFkEycI!t_>*`?)aY*<a*>6*c}4Au?{eZK|tDd6e9{A7A}7j9c0
zKj^;v@?948;2#gbU#q4)7J57i)tvNyTq*Sip!s_nzxyi*hVAw}DEAtMr@G4!Ze|kC
zTvM?_s-qdbtE?7yb<Bq5Weyc8ab`8~7E(R%AMl(>F|XbSl#p(dCifOiZ%&tw{PGNy
zb=9IAF<effJUbdFB8(5C*5GPi$}0qpLu@@}(lxo5n>BIuSI4fwFqol63F4ffZnqUL
zrdEiwI>}=vS3GmqH^kA;W5Nk9W9(Isdwt<eqSV94_1fautH$zt&-qahPA4jYD=_pl
zPhwWP&3a!p)&k@W0TfWkx`uL!)ubI0^*)r_AWBHqWu>S?r8RRM4ehK@Jz;#23tVSe
zMt3XZttq4xO^t%?Qt|#an;!4$NGm><(t;!Kk1%Xz-l|lI2MY`$)oO{jC(YDV_#^Ij
znYNBHT?G{Sr%%wI-AZDZmiRx!?T3>t+ol~iA<q*o+xNBtFD}~_+kEY%vgI@}xj@dh
z(U?1yWE6EEG|gV+zNJ$a`1);A7hi29x@J%ErT@C!M>RV)MXx$Z-h<b!=URUS54DG~
zF}5O!qjz00w>lqNG^6ULS>$fEy>Q06w@n+S?z_A2cBNSCG7r7^g(vWKP2+AEk^eQz
zN3V4!Sv4uu$DO%lQ;&G=FU$me4;18+yL{8h<1?BslA=kSt9(g)%*?mjvu#Vw%y-*}
z*sE{M_uGg}wCdtLABEub8H5nz$vN2XHzw?}o+-xvaAi|<5QiXREyJm5+R^#g{vMQ-
zvSTrhD#`2pA$5kY3!*h48n5f1B$zAAq*%&^QqN#eipcgUo8j0O<dJJLHZp&js<C9&
z;dbrm?=A>zT6d_=Wk!SUTn}q$P`D7XfP&YA^^53U>fQGvY-9<n1!1I|_gUlE576ws
zgkaj#T|@lQ4Z8<%vU#yDnR`w@?3hMlysT4k3R?i_<eXB`al~x)$09i|ajE$7mk)Z6
zTIe$>YmX6^&%vE@p=uzFtk7{}?r2&?pQd<zysYc-h{8NnBQ|(xg1{%HAG-<T49X9D
zH#hUJAY&>{ogs3HyZ>8#*HMoJA#MAS!jI|NFZk=?I|RYEfDSC!Y^JAMgBtKlvV@Ay
zW6a2s46%=2O(li0EY$k^52uNhS!$l2YNS)DgS?Wsv_J7ak@n5uavc*h^tk@?T$A2z
z1m(=DA4VWP!q~fC!=|NRCV{T*Ssr?{#Wd0Yy49QIyKA#_E%-yH<ffwd{IUQC_bE4+
z*XKKwDoj1E-=88AV&-=LAslhLT{V{7H|-HsrdvA|^(Rkv@2;ZE+0Eqov%mYneNhom
zx%_IP!A?h-$lz}?nuv~kJ~Kiy7!i&DNsDHSyXsS<gRA`^nhC=4Gx<Z*Y5aa#HUcFr
zqK2hck>LXb(-B<iL%3AOunA5P)0{%)8AWV!i}ioQSK$|I{a<`_b8vp_?s$c72awa4
z9KT?}XbA`_EOZKr?gNsVVJSzyG$&d%st!JAG0VGuUirrH(+J8bDe6}j4j#5ldGl(%
zwP<f<wud&UB>(z2x=wg-E9qAT8R^??<uL2Xk36Q((9g)`AIAhIf37cia6~%VEgWoy
zh**~oH;<!^Qp}*bb2(b4Vbq)Dak9M~ETTooBxA=@&>+Z(e`dOr_x=Y|Sn8%~q-Rkj
zPR2*#$K!C5vxcbYT*ULv;D!$ermzty6f}~$?)9D4Q+Jcs9)_K%kVZ=r3Kk9kyc$%c
zBZiqQ-_kp6H0_7AwDjE|_bN`%%^II62ad`{oZs}<Rji(~iKGY<tsiYm9gD9NZ--g5
zY<W@#VoQIc^qnxFJ(><uY0)r9`1!|q9i^g1Nu?r1ig3t=M)1euIEvVj3H8ZH>m<c_
z6GIOpD!|Hy;HBa)nVUm(dHKf{4ujC5Ad?JolDH`adUdSoY9{fl5NX1-rjRsv-L=e&
zUMaIh>0;JiEeDLB3(<4o8jKxoeUIY>WS#!56ux_Hg&bv{2C*k{l5UU1b)d}n<V6R8
z`Rc)NjlcD>oKIvM)8<uW{x-HEfE_|h=upYBCy04mK*{`vDEK7f%|60eKQM2%Mt3b!
zIw$iZHlsul)TTuZ8bu~G{6vfA%u0^2cwfaBz0TA3g&}w$Z>G1A)B@RF@)IaXVZ)Wm
z-_lb2*k;6|R_v!B8Isdqr=2>V71vIxVMyJ{q@3C1G-=q3tmFlTEA!-K;@C{AD%CMq
zIEG{$R^_!!<H|-`IaoWzC!7v-(|ZL*>R{roLve6+{x7*K$aiYB^Bw7;eePI_e?bjD
z4TMX1qh{O3vmZ5pxDDf>!t}uD+L!@t*x73W!X$rjwKgk8SEVxOnO|Bxdr>R1?zpg1
zhB<_32|y_<AEaeBuAZa+e8f;n?@$jnUfL?7ns3^9xMOSU_Q=^B)W*u)RL0lbYc|Tn
z*1H($CMIxupc3TGorOMy*y*(%i9Jz-dvRs?NHpYmr61MJu*Ey@W@4!zto#q0T)q4s
zIO+cfCk>FilaB5G7o4EN4xnH%{x_VM{0B~Q`|;}k!HEUv)qmgwkNf|H6YJ{#11A_a
z|KP;Al4F1f_5TYecZdHCC-G6JDn<6JV3skpNoZY-AZ~c0F0yaE6p>V|eZY%(ZgdhZ
zi)sTD#<H~GFH_D%nq>&Kwj2kcIc)q0tg*5lE+#-Etq~+mk)};U@a3%ZUy+(8*eAs%
zr(YBPEB!V-%&iPGrbtpp-2G^0Lf5G}#o12Hj}06$mG{3UY<~x4=pRE!sZeuB&N>7i
zbx@~hla|^~)XooX<M5qA5k7+u^B)-Q1U2&W9>$y^9Uc~D?EI=R;K1RqiP(wGp8c0F
z>H1#yKKKZSjG8yICQw-sp*|)5#aLH%a&}l5%o4{!<sq2F_z-BPnX>`WQ_AlSIA24e
zN=zUW#P8p&TMXWm8e7%?tJ?C>F=JS-I#W|&oy!GYvQ?k(z1d2yZU%K1cSe9Sa(3++
z$|3lR*f)D&{8L6h@R~Df{9`4Ji@eQbbO1u{Gc`SxjZT0BNy7WyuZcL`7%*fYn1=5L
z-O&#x3=TD_isM9GTO5sS2o^cb#)*kw%S&J^&sIPD^L6_Z*eC?4tfUa;4H-^EZGw9m
zmtYa|{Cmh{mTZ-rt<Ka)_*R4guA$#(tLwp&WU?twq71Xyk5E_bKd~Eq96ilEa}Q=|
z45&8ba2OQ4#aEM)!^+3!-+BA=RO*hJE`e8%`y1z%Hg^{<N6mGp4W+{q!eHaHi)^aA
zftA>(uL&ErH%*UnHRnhs<*Epe^LZE*^(e}=6o?S<;1f{v9eW3ERpB%Jkz790{4V5C
zT4mH+XE#T;`Kuf<41QAf)bgB^q?iCBnEIIs==n;PIJ#q53U=hW(C|8hF}Lhn<|sl_
zYTVXy2T7auvZ#;K3GKqJ=V7SPsDWBXrY2}m!u$ytG-o*It=}||3%;t6L+FQm*!MAX
zDZfa$rh<Q4{DVH9Pq`cJFEe9hu+cF8_++Z1EJ@ku-+_V@DUL=XUIida`@v8Se~g*R
z%h&2rY{}fdBMEyf*q_}{8#2tCt$B9c1DN^w`jeqKZ7?piHCKZj5Lo4M5>emH1S1R0
zeJJ0wi=e5GI2~;9cR0h4tvfhSD^|6sg1AoUoo<Ju(zCLNxJy=~%I}E5^vX{d753+h
zQvWUbwY+(Gf$<%OT}$HdvNuu;UEyGmdd-&dcsik|!cBHu7++KK{&hVt<5%*FX=g7w
zVHC_nfEz5Q;~1b+cL*Kf;;n0@*Si_&t8L5OPMU`NVu88R-#0-7He30(8-ZAn*n4t!
zF?+dXI#c<_=R<Z_2*0MSn6h%c;z&umuc!o*rAzznSAos7$N__aJI5_DZ94HzjFe8*
zxNb>3O5dgrz_*=faN(JLU~Cag?iPh!=lkCr&p{4<b)2tyIDg#k@sJJGES|o5gi_Wr
zins@02HH}C-lK=@<7<Yil7n0#g4{lAEFH|;=K=*NEj!at<Gi2&Z>k;W5Ey=r0|79l
zCEJ5<?oUKxK*2zT3jXXURum%!Q3keOxG*Ad(z3Bl0)VS|&Inja3{jb^kdkqgkHTUu
z2R(t;HOdi0u-+3w?{<tFt}}&q-i2N~1}X1)`ZXi}`0?_fo!O`gS#dlFwSa8%oe@;e
z-Q*<L81}ISNbcey)zlA3$>col@0Wy|2+E4b)iq`qS8HlqEGRC>mxl<;{Q46jjQT@g
zI47)V;li@LsQm&F3cv^!HkQ;!gQ5E~-h=v!b$5Tnw&g$9E|nLD2&XePr2~bYa6`@j
z`%pOUam-W0`C!;MK_{;rLh`pV2h7%@yy{@wLAyh$n`mWKh`Y|zR#a>#i}JRjlwUy|
zDoly0ie~nbC<8ko@J-dk4XJLRgN2VmkO?`-P5~#QVyo3viX$=EPBIF9nDEoGQ9&9M
z4ODIskWx?Uj9-UX7@WcwRLIrU(gd9WWvVHiEf!xPYZgmKpiU`-vRyRED)>_@4i+dZ
zSCt=?)w#UbEF%sX5*1mHZ~F3UA6hVz7#kUrYK3|*L;*J%9#r#-E$_)74hB4}W#P||
zQ{#Sm*Hv8Q64e=`YmwBEAN*^e{nI0?iHF!aGH=hdU&7k#=)&4Y5_*0eXjvrtQ$|?#
z45n^cMYg3yR4YhCw$U4!FaSHsarw;zHdD-Bb2O@AnbWQPb4=Z6d^3Q>VZ|-7nI6_W
z^s_vn9Q|@tF&25d=^l*xOS8C63EqW<I_d>YY1QrE55D0ibYUI6548~!Fy2KR=$N%E
z7wHI)A;yG-4)`vF4M`#qnx`?iCPihjeuI!J7Tf@yDgX|s`dC;3B(kNpP$cNN#FttW
zx`9|P32`Hd7)S+tevPzVH6NL1`gy#|-UR~<N;$c3a$>%|J9-iZ33Y%5lsnK(a^ec)
zj{{CD4dSc2@V+T=`<z1|5(sncBMK;#2O1c5HTsom#wZ4`K`V|Y@LEU`IgmC;gC-Cy
z-c~~;VFr>%^ky2ee*jMhzG84EOp|B<KnbM99cD@GG<A_DdOJU1&v-cGX!;L%8lU!`
zp{8Z~6b-iv<jV5aTlh&khA`97e|1gMJv(!u)Ntz|t^QY6({v5Mzq*<-{HLyy^bQ{R
zpqugsgZ4$bSex|!scX|{ysbNP!?k>*Ed%T(e}4>k;BEhy(nM62jmi3_xTv512$8!A
z`gT+l1ix59XEJBL1eQND(F?AZoB=+zHqcbwQwXsm8(Mz2l*(o+a}O|_dKUO)Ha8QL
z!673W&;$GYn9~(Ecfaxy<rn~OEuU!fAn1ttf(OqqSQCnrKeumAI7_JETy_rZD$N#k
zADEIIMx1h?=6(n;l9Cvdz!BrrQfQDP!U)E+kcf9t9XWirf0q6t(AkKE5FZy0Gh{Rd
zm#qzt&CEa`n$C5|1UOee;0y96EWwHBLbf1;Ui!DgstO}f1=a)gx|pelBp-YKvQcMv
z`Rcs#se+*LDQqK#P^b>FLVWrOsf2*uJ0`X0mHjvCul4+}gjc^m%hXnJX76-l+3Ft^
z$$`(sUjccH5A^^QRd5_pBs0~}d#gD`V(lw;Pr1fjQ(dsG;z1=(RK*>zDRiP@jy!`{
zhI<f$@-CoXbS*M2JomRK+w>uJ60_ob-Ol!BZstrbJYkPw^Vh=WWjsQye{)s0)nr^c
zMO%HjrCq$CNxh-Zo^?(ixg2iD;yx+3Lmh8|<me55d)sinj0Gz3qDe^y1C3oQGEZ*i
z?r(vhaZ(PUeSFQ{f>bIGBz#b!bl<t`UD?EX3yyCcEXC|w7v-bcSQm3LdYkdOS;gjR
z8MB8DUCAFeuT^?@-DyG{I{*DPv~UU}PIf;QV-i%aaE?Vb>d;&od4)mKP>zq3#5Hur
zBIQ)Xn;M@>DyXgc612eSvqp;RLM7Ocm<D_gmO>+bWFQA;iJrhb>z4u#5C~$4|L76(
z{#og^w-Ia%lB`{&H!TAn%urYjt~%(B-zV|ci-45U&EO8{nvlRHILUyV7Q@6C4Fe+4
z1VRkoS1GuR7Lx<>zV!`;<7DR&yF{Uz23a{YU8nqn@X%Hli|UDYS%Iip9TawF+G=Nf
z@F&e>mY0j5tz~Qtq-7bXHN6~yAO_0~$i#?Wg7^qkqg_)&D|?^-bM2M{`c>DsAJKFg
z#}`1ZfWUPU%f(N!Bo4Yq?DpwtiQ@Y<iLawe7Ror5;KUskD$Xgxs01ga0!ts-R;u%H
zHgTd@rksL{c;>@T!cL-rOH6UTv|SlUooLe*D*n3hh0!!jt33<fWHPo8%-ejl#$uU3
zRGWp9Vk9pN!pItpAt+{ipgv^eN$$oPj8FAZVF|`P(VGcZ`>^k8@QHBJ{LVSH-sI?h
zrtA@%ky~s9K7~1057UwxrC&*{2-K71ZhryL8c-+qIbKv6P?y14Q+lN~)Y<JXBqQi^
zO2>+;AM;AOs>&S^cdZ4e>EeEMQ}_`{(0-meg<k*?HFQ-}u~TEGXym2(wNSZXF^V{m
zt}7c$Wp9i6Py>#&up4wTJFPv5Z8}Gp30&Nd)=rv3kBe|#0)D&k0cq4dSs48L1T#4;
zI#?FWO^WZl$GM61N!nL4xjAy&<L^4b>K%)2FReA?^FNwctbKacp9mg<EL}^M^IFkR
z5rEX7gl+Jy%`{&wS_bhI|9NuOr(9!vE_Y;){#^y*fR*rKB|x%=WQU#-{C2$$qRuxf
z9u<0nl)1XTFY5FwOLB&SgFRGn!r}_+-`Z&qCqAm01Rp&`xb?v@G50atIl>tbmXJ3<
z-tH42H|UuZ7fx>L4dDnXQJ8ad1HCack_|^0V~4c~x~1_x7$zOKlpVWGBWDoL220sQ
z@E3A~cn}e9q|ny&Nw=|%;YZI!rd)lcP}mVvm}!vlk8gmkcjs~lnI`$slOl1w+QCYf
zt9^pH8+{QvWACq{)P?6SLA|$UU%P7ZBUNENethzymXN@1&ZE?(eSe(_wWuKimMS&|
zZ3U#|jS0b)i6L1Tk(M1qh+EoGvxmFw)PR>}@YbTJmw+Y~J|G9{%lQE9TgYG>PPXQc
zM&?VNn5>XS=LqiiL~9GeYcGJ=O*N@<Izv`xW<h$iT7R350OyeMpLik|Dj@89%C(cr
zbaVrR&(Pw&1>(FOLLU+^xE&YX76^_Io#{Op0uQtlh}EMoJ+aMq2;uDPvn?i9IE(PO
z876ldd<Ak^({&hKff)w^<+Ei!Q7C6%C%e$TM0N`9a>4Hchke<nIRjQ}UnqXq%_=?{
zsOt=70#%<Ypbg0qRYF3;I9fSp8(fkF&K#xO*Saq~^T-MyxY|n-LAi!Gqq8B9+KTQ*
zs$UYuFQ&yx)&oDq@tE7O+}v}$oG~&9adE_JVT=t&7$|wp7FJvUTwctubh)r4=F2lu
zQqWOB&`EI{BggwV7@j6*ccdE9oQ$<4Np!>WlFGHrNJ+>gFbtcv$<oyn1sR@36jpEE
zf_1fn8UM>2!R9L$W*P%Or8(Nt>kr`Rhil4z)9hRg*t8F~^qdVesJG)B?T^rbqoD;A
zh|d((Mwbnr5L|6;U}371ds^1kr#UlU{@Uw^2VhN8WuHJXE*CN&w}lYi?WEkmSUCT7
zioS-+iJ18ff0@39C0th{fu+j;a2HxL=trTvl3ID8^3jk#{>ME7A5=jOjbEENg$XZa
zCIxT*zBJfm-!o=RMUXZjYhu3o%i=Udkg4TtFl-2{m_#R3G|%U-fk>1>bO0_hXL&x*
zJcC>pDR^ToXF?iClZ#@gkJYt^)Mz8kux|(^FQ&{izHwhWgV@8I>k~3Co@q?tNNg4?
zng!Wlk%Q-O1)a&7=#xq%>{b>;u`;d$Fsw060ctb|>aL58oRTDiYzWl>V}Vy<6X=l3
zIJo=Z4LOPCQM2)sD@yJL5LRwJQM0sqj!<lNJJ9R(wXe{0JBa#^@2%4Q`M$vH%`NGl
z@2%8|%>Mb_3h>YOV9L!yq(g_o<G;b4GnAS<*S&&%X;Olc(=58v!jtomb0p;4!YO~e
z;be$CT>~GVc>ob<p3VoDAR$JsYh9<#Y~d-O&RPFKhyp>HUhBY+hA{WmB}+8JoeW#B
zDH`X6nzk@u`4jKfW!{v6<z^v(Q+S!;fMg<WLyvtb%YGC-gY#d3J?&6Hh<?R1zKzbB
z2V+4Uc1C<n?xw-piHK^~j17FuG8Ur13U<M7bHFg&eNdK9?keS7>(Bb<{T#iWzC!z$
zL4VFYcPpHXPsrpbh+i~=Atd<@){5NF2WmpSvo`8c=a6_wZ$gcT<J{->=gzgbz<1`y
zX_fb2d_Fr3ve+%k!EorYY395*f$<)jrO#=5#k+Dy4t~wQ|5uarmw_6?5v6MQG5ix|
zsoC?7=u9KjY%TVU%E0+t%4U!1_RRHgZM)xI_u$*it8KUb6OE4G;G#tAutrVG^N^WH
z!QfWWGd9d+GgwnsaYWT$LuD}quF6&{IRC4TtBi^=>ee73T>}zBD=p2?Eg><0(mex6
zcaC(YDBUrHNOyxUq=YmBQc8CSN)E_{d;fjwe((8l_FikRbJjZRdCz`#ybskJp+F_m
zQmYT`se!xSx`441rv9=+2BZEH=H@J9oOO|5)=w#BlDcFV`TjC6IwO|>g7uvjkGZ5V
zK!(wxE4O*c9+x?du~1VPmzf6&;U!|`@$L6D(Xxy+U=W-YeZ0Z!m&b!?TGUG247D~Q
zKy8RYiuZ%EmO4wzv9U=~HgGr86k0sxoC57^%vd-m9Z@k?!_pPjiU~`LeL0AsXNQ1j
z-=vhh(o&1a*Ku{h{-N#mm0F$Gv5U=}u9ONse|TvIG?T~7XtR0}fs+CA9$3J>F}q8G
zr2r*$z8bHovDHjTzkmv#dqs4DXB`_C&m-@PVvRznoxxgPnEZ9_rim%(QNd#s3b0BU
zMOv6^Q_j*4D-7mbothZB(C_kB>5*&(MgFm@*ur3Yq6%ld(2&|ZjK(5i<||*$NlrbA
zz%gmt?Tm-;!(pfe_suq6Yle6vy}_p3^Jq88;%z<|4eyhTA5+{^m&4ahi%kS!IKTxY
zqlJ@fzxa{_3-bkxr0%Gn4t4RB$zrKOzJEHyoSan64i!jJ=Wi_Ef+Qp5BIVEjNJeVh
zi!h@l<???9Ga)gErDYJr6n;G0CriV@2yay!M?;c_O|~G;mx*gk@0-~Tbk-h@H&4oj
z+;L|L4uOw>+@5X*OZ$EFIFws8t4C{glDu;y@fcD*kgbXHcY^De^5cKvV5zU;XTNnl
zt)t2qWyuV7%g{<o;H@0hplA{g$>&tpllqFs9Gnlw<m^7)5VyUEWN%`0eirVHkEg~q
z7xetcE4X#hsjFL~$AY4IuN7Qzi1BK1>~s&qai09SyV}+rM@5`jqE8u7SaE~dq=;p#
zLIOyPp}>nelMon9;Dlp~&1ySukR9p|m34x5_35sDxWbrysO%bBhHriQ@fu<mFvROi
zsLG%6uQUM#v4}abzyR+y4NPH@Q_Bi{v-&~4O3}!>3q!O5b2cBNBj0&}HYaLbiWuWW
zeFqGJ>BTX!KtIXf58;d*bm!-4ORjE@i`@g3yFWi*`L}V`*U|?pcc=c&e!y}!_am0O
zw?xAwc@W%+?w_b#v(u~Ca9WS7(VRP2R-0cUjzB$GSj|sOf6<&T^g6$3ddNR4UgSVq
zR+KS1uEnb|4DekM{Ixi*6}jm?-avF3JWurc>Z@-I!ql<3C(^yt!Lr$CV0&T78a261
z>bjm4t$5~^rP5cK>#cd0Tc~DxH5F45OTj@#olGG%jP%#n+^4Uac>*IB0C~yxN*{iZ
z1OIZp*_B~wp~Wi-uu3wP-cZLsVfnOv-nL3auSzt~_o@dd`S%L&X@CLmEoaukr7`AI
ztkUN5o`^C(<|N{xNcX7z)vFv^duxJRBJ2Z)54LG#H7WwZF}5EGSWpr3LtL}CeR=EP
z<}EX%3$sbUUBAU`Jouk?^l(^nx$X9~*p%?3bnnG)!Oale(VG)f3<b>-^a#Qc7HabL
z5jq`z7XRV_7sZb?$hwWbFQ=PDlxQ({FF>{}v01SSePeR#pMKO)hnn|!(R)+%yy}e^
z%*^>+oC+uGAPN`jwN;3EZW-ITM~bG4q5<kY{<HHMUPW^Ci3mJYDxUz7T}k6&&Y<c^
z)PGEEV!~<QQM++S8!t~sLw$iwNWb%2yr7m-^IxyB*E>LKX%hW_NTEI`$q{kfIAJL9
z{$vA7q0!5lNY~Sq1H^sHg{sN<>1ugLOjPfRU!SgzendqHe>Zz|)`PQJEx#rLJ~*pt
zqxJF!XI0()_>opEe!}s`Eu@NL-Tyn};KBX-)>25%wNzHH7cUZo6tR@Hla%_7*Ogfs
zUuHsglesRxgys8YZFUiHOpdrtCyb+c@gr;(Yj=HT5Cjr&AL24|X@Jn|T`>*OF(XTn
zXAS3?Dgzgnu}Z!#<BHn8)Ztvn?*`qYg4W60e2-)N_iZXGV{Z=ys>o^H408J!DV{JT
z9dGv-YO-R=V$+d0l~eb7K|PhfU{VkWdnn!O-O2*YN^EYhshsBEI~zAx-bwVWr3|WN
zdjHz~TBAlsMn^}=25=ke7b-<~xR9fGTUOtBxOnfccHXkDzuS7(;JZhd^<Wjm!^Kys
zaC9$Q7f^dV9I$aV-PtMh^}Sm3@R%qk!6L*$nX1vGm!H=R^XNK&?cxuw+3S4GF##}h
zQZU@(8$IHXI@?5--0Yr9%w^ad=%um@991g#Z8x7XB@GIv5lt?L_hR<=?Cb5nd?uF(
z2H^o+mBE8`&~VXHJiibAyoYy%x8-LZ4zkdi?1S`F7o-~hNW`u(=0SgCl$`RBqJ-+v
zUjDuCxa9eso4|#iq!wq(QW*~?+DC^z9FouOpe^mE>?cpVtJTbavvF-Cl>T8$L?I>U
zGl`f7&QEjExI31Puy0Y@!fqPjaeSROJN3Odu$f+kOZ?f(XyT^YrXyjJfGNioz|Y1O
zBV3m!?$$<2c1Nt8i_VS7W=-OLXWH>DL4l|XoAdhKtJ#FJY^^?sy!ZMuYyoC-Ju~6*
z^nc>(((RQW?sVm;4L!Y+Nv9Z^=5^`p$3J*C?R+YGPqBX*Z1oY9WFe}hq=QR42(65}
zq~Rx+dbgf>s8nda+GTERy@i{+*DX01U=i(eg4D~L(JzmXrkcb#H}y6h*<7wOY4`o<
zeio!<I~P-+eeF+^dK_DCB5-GTZDJ>-o_DiCee;iCFZu9a0&CN>(6BM==VF@RDbfxn
z=(-&2$%%bMi$4<tmz9wB^v!w`mo3{Oz&e?*AD75s)3JGIpyHE#e<irtGD^jD|2z|D
z!oPOUKK{{pzc`?Hlrko!jxk^7vXu*9>3cNU)1Fj(a8`e|_v&OFCosB+OH6To>)jSw
zMq8z9hd_^+(9E3rhBHyEf0Z8xVioXqWmQS1nmWf_|4%zV*VmL~&xK@`N;PtehUuE)
zRSLDjwXQJpwe#0nd(Mqp0K#?s47LPE({h!`hQfIC;^HS2AbtZ`wS}Sf_uM=i%g9rp
zB$9Tp>XfbAV}a;OUdO^~@$*SRS>vkMHns>W(8%M3U;%o>WHe!0r(+_*?BTtuXrFpL
zL+HbHGRR4)KM~N@<HNSj!ds~*Zl?}0|L5vkZZPr{t~;WRKYr`qPCvUcv~aE3F2U=r
zp{+2E%UMb@88w=!gM}7#XpPbSBNRNg;^W3v7geP)_Iv~S*VWsnUt^-p*IK?Ivc!>W
zIXgP~jq^+wT8ZA0N@yt!$w21{fkB1Vb%^<`HvEt?hz%=@(fi=D;RY@&r0q^+Vd@to
z$7;B#|5u$MHHxeb%U4UHZ1c`B8lx>e0D>x)*EXh50b|vbZCOVuBrc2@kIxSBzEToV
z1@^A9y3xicO_ikEdCfSH#^Y>TO19;5C+HNJsF}e@lRBdc$PBM-!^Vzt;w(dvkQ~)c
zk-vhEt=LC>E_^8+rwlns*|mk?*CUgu$NX7CX}zM`s=_kWtdOzNYb!~5CoLkjKkA&S
zW@}fTy=#uWxGLd-I%=iK<rWF&R75uXZ67g`Qh37>i->EKhqV$e<FP!aM-_IS?{MiV
zMSZFsYAhl7^IJD5%hq&v({Mt2xLj-cQeLg&+t;EQ{P(eD7n`6WsNHCB%OXp~>WV{l
z&>M{3VXd8VS#mwKNC~>?w|6fmyJ_+!QOo|mFw5n^qctZ<8xmDF=!_u94f;)?J633s
zU?D?bXkLiWx!7JfgbP9k1pu`*Kvoji(5X0b$_<n4E@Tl3&6Z2_P?3(*CCtsygOz6v
zDvR>J9@VPFk6#M*J<{2l@NfqQm;8o}G#n6Amzo$}evwbA5dHc-7nwiz0#~!FMcy<8
z<$8oPx*lFU0B+ZvMvJrAA=Ri93Xm0eJ_vH2(;f2)>7mV#se<OD^Wg*KOo3x*eYX2{
z4)4&5Ikr}g2$*nQyynE$=N^PQ4jdP%>weX_iJgl1Am8&UXJKMi07frZd$jWXGf~jQ
zdW_QrVMVvt;Oh7q&GYMRvEIYo`ZMm)_t=$3NrXi<NAh=F1O($`1Ts42GMWN{7wn%;
z`m*M8NxP${fSgdtCdr-fd(@}--xF5t`GpPi5i+u7G6#g9a9j_qqVeh|8OG1&cTvui
z=V7(uA$xIjc%!NhO?S0-e>gU*Owvm#gKjzEyrjbNKh#(E{vCwi?5S{+<VajyMC2Y2
zzgF)-QR}J8T&2Y`K-5%fh98QnjT!&|f;d_%;2IsS`7!b?S{Wg7-k7|XlvJEPaH}M}
z(}1t@5+%v<aut~L?)BarPk?M*67lPtR~-V5$*qZ~XH3H*J$q2e#4NB_h9D~}ja7_N
z>8ZScZ1So{Y3W*lgv-D+4J%CY8EeH-K=LP&AZv9v>$cr2s_yTiVadG4b|cOCcuc15
zj_`H-Wp_*wj}f2hi`;Jekk6}Su#84k;^eLO8Li$E6T>|(ie*0i>amK<Rg4_y^Wlp*
z$9OHFQxLOOTicD!hD{A{)|?V2c30I&W$$9{HKou1tOlaJ2~zyWz2qKQ6w@biJUml;
zjwS_`)Wn@n@8kcl+G*Io^kTn=)LYoi5AY-AXx391@X(khd``*RyHY)eYr%BaM7kTc
z4tG~_WDS$+uESlB%}#vYd63mxo>|TEuR!mVo79X8^WgI*l|9S1HyM)J3;-W@Bc9CT
ze%5-j(uVVwsrx%>`We#{C7ux+rcl*Kahqu=F1?!XGne`vo_2e0%6}KXCyC^#$d<P<
zwNsHQC3MI^kHN&n1aLl>66Rg1>(u$Yx>nOqw9GVrRqA5AulyB(T7tGC6%5PqhRvOT
zhHq<pb}3Aw1W4S7T1ra&DIgmqR#$dzLy}wZ74$TmuQehbotX(x9r|iywvA(GrOX$<
z^~n&={Lo+Vbsk8g*bNitWOO;kd|PAGM3lE7i>hCl%;<><jy>f!m=WQG30jr8S^<nB
z2z>+4SZ!f;+4L=I*5rwP&8znUVPC#r>yvY{;KB+u3QpoGlCtKEGyO~gMiR4^SZ4Lx
zHFWmKC|(ZL?v~GT@^NY=hx32X{Dz_P*#nxBT%cYcUoI~7A{Tf2i-wu5m}aed=*?Rx
zh5b`q&IF-6Us28!AH@!gvDaNLoUn<_w@0|T)uKJ18P#-pIW;hJ{h!9O2X30fxr?=2
zZdDP~^jMc?1MkYA+M^gqB!Z&;5<fjEZ53zkyFhtX@3In>e)nPIXGHQH#wp?Zmp?D)
zi*vUeWoCRX_Z=7xe(8MYX!P3Yx==A^4>(dYM@`Su4?Gbe4rBCj=dwhT%%wuB>WD#~
zG_ofMp1b8oE7Zk*`NoG91L0wm&xVQU{CKNEe-f)>?LYUBr@W=fOqueseqXJg(<QeM
z{Ud6P)9oOwJwNc<H|!LY+u6SIpwlRA*Av^btxws<=DXh+Gf1tH(GTUg-7aNn3HsVY
z{Obb*Y7uYEXaEQR>?D35UB+3%%rr|z!|d)P=w9ZpoTqXr+6`$@A{ZN$-j=T63|P;l
zlUl0>n+x3|?QiuRT9yL-m{)xrBUT_Grmed%=&tN^&u2W{{RY0}R9K5ZNDsndZ(c+S
z`9~aBHt*5lNwNM&wOh$>S9vfb3u3xv^G82Ba93BnF=dh&Nl=DSfUO54@>1<r*#20M
zD^p)i2r;&dj&PaNhdwc1b`3xMMt^1%%MN?vRsvz~q29`}urrx0$7ORYEDCF&$7etL
zi=9@D2n`S6NMA+XU$xt~TV!IM^FzkdIL6dMi8TovoiX=!0tfh4?+N#VUUGbfz*}7D
z<Nkbk$cMZ-kg-qGFms}rbA3I=q|PJP!yqy+8ZUk`gp;rvAhcggNY#FMz1o+z<V|<3
zKIZCKh$^i8e1QyF7P4i2#blZ17}!P3z~j*n)uo*H)>&fsup=COsb^2*<0-@N6*4mf
zoV+W)#YZE$To=QPCJ?x#0@c27hO023cY#VQ5F}1kMv<T#PVKiJuzk35slxe55*>Q~
zVsHB}Q8B4dJ1W@MJFq>_$S^zJ*Y%LlDq5%Be2?r%=%yQCXLD5I<<{g~OH=f0pb!*~
zz_pN)RH~CM*=F@HJrs^;$`N-q4U?`3&MEh=O6-ck$%b~wP-|jY<D`GbC}92u2Y~*D
zKor55*5KD9;*3;nKrhTG-1Vd0+MbvFW!_ssy$$}csOa)tQwITx`1ZyNq6p@;ApXLI
z@FK6v?p`HA!xAOo6jsPIQFc*}H!eDyqb*PQOy3HxK^W#=h)W-fJ2S7o(48p8gU}|=
zb<_=rxe~RxJ-|3oJ;E?4<9H`7M=hc#8tVT`NXJ%0YpVEMMWN&LS=s1Fg=MG{ARemN
z6EM2QzoA@7cCU1u^><!sWqLj9Qhy5)0AAqw;+T-s(n*gy6}lktvl9erV?iZ;jEY{!
zVkQIrn%!a@fcASYsr;;IHBPm3u;o}HN6_<f?P6DxUGQ>A<PIOb!-~go48H3&-;&6E
zk>{V3P_s!>2YD+Voq{jPNkCJkJY|r;4y1jX9sM*+Ko(B$+XgzR%)*DYse<K`B$u0M
z91V+xVt>$_YamHGWQbT{<NLV*NMy^Q>#OpbAkTnLZjG!oAdOgzf7<szn%EI(Hm&H$
z7oNXNmP&*47*Jl>*9&njdI9?b7$#!fRSJQ|ale;hcUqd<16#<hSB%1cRlx#V^u}Ez
z5`SGV-!^YtJJsa;(qQh+RlGXt|Fe{tZ0@sz2b{M<_f}Q~y=#BVFd=9<AW|W1>e_BZ
z(@~}1jsIQmbZoG8$q3Y89CP?AqjEhv9_r(OJZuImaP#R8hyeSX{g8*=WDlC|qjo&<
zrTj?2yM+?!Baydqq}$MuJajzHe0bd7(9vM;?E_d?F%4f?fqDDvScyy_tkyn|dSIfN
zqwhr!*>PN^@$6+@ZeZ982C}-W5WO?8Z}nTQ28lOW@3N9OZn#tYJrRFy^BybccmB;<
zD@ND=)uwC<qvwU=Z`%pe)U3Yf@1dnJpb054qh9><B31RoMAT?Hvi>`fpk+#5dV~RI
zS|1xx`dVW*>SE>osg@f06LO6I&f)q%(DJ`eameHJUl?8gbCLg~c=^92(9nuQSV{gL
W!WS(yEbK><Cl4e1VeZv^)cyyJhD1{U

diff --git a/Solutions/Tailscale (CCF)/Package/3.0.2.zip b/Solutions/Tailscale (CCF)/Package/3.0.2.zip
new file mode 100644
index 0000000000000000000000000000000000000000..9f87fff7c34915dbd51ba072edd02f74a6c5c300
GIT binary patch
literal 22104
zcmZ6SV{j%>yR|c!*tTswv29Ll+qP}nwr$&XGO;Fkl1$8R-a6-es_NRc_x{nfcGv2=
zu3C4uqRdY)G!PIFD3A(~8l9{D9N;Y?2uQaS2ngoCU1KLxLl;w3OHorZOFK&!OM5#8
zD`$JVYn>}6-0{Y*`ttK3E(TDhh5`#NwG7g7tO;3_@Fq{Ptva;IUl2U8yUb?hYtBDH
zIIE^aj-l@@Jd;%B|1h`-DPm?L=}x_pMs+tkU%Ym`U*!>exgZui@3YS~8uS{UpUkB`
zd9Xw(Bn45Y83s;~|Eb?INV+WYGN%lm{5-bM!O?-ykt>799JbHr9qUvag04*}*W<p^
zP5dxueXHM#2%E}0M1hBYR4EbH=5wEvI`3K)vgsBz4pm!e1E~0Dvkb$ySl9ru{JJ1P
z7GzqpqHA993n>3QAJ)&@?lI3~ws2PI&t#xqoG#zS6wAd@>9U=FN09uqUXoCc)qv9`
z&vfX__l%}kol3Njq%wrR+rM*Gk*7*Y4$=%ab1DPaQew(VX0t>_>YAzZX+YoHOQ`oU
z@-yn|J`zbJp47d5PSd)Uh7H%Z4j&yL&5^T28#u&4<Upj8&a|d@k*h!ea;$@iQe0)F
zy@Y|aX?bf-a4YNmUtbCy7{}|L(CPC`PjVugn4eyij+q?wv)ChEf%DaKTG1cJ=eNnl
z;ma2nloI{9Dk34sNkNDf{DP=m6N^M>Ht>Lu>Ch!w@FA`JJSgpkk_J?5cpZhEu(ifJ
z5NXypX!JDsC1i|Csn~)ZhMvQ&8I-J5u{eiKIwJt|x(xxeNdxk}4z5K4T&s&<1zc_O
zf(tkTImY=6PFm0)2j$+0gmH8w$Hc+$M<o0aVt9O}ae`GTlk1iS5)DH+cB8%=c8hQZ
zb2MH{Q0r3}n-+B@4jy8-x)t2;!Rf2>IGTBwh(9+UK3w>1egF5*G9lX@!$SYlP6r}a
zv%>H6$Q4Zr6?Um@+b<T$-`dfvHx3?gV^*VN4+`*yAQ^|VOvA(p$7tNy1E{Ie^NAcX
zEXWv>Ph|7(7(<x$xku#%3$-np13H(h+GTM0L#L{by6*U^6|CR&DI&@^hK<cZ2c0I;
z#E9K<1~<7J8+6849Jkt|ixaK^BxRjTzs#+d4)B>Wt>RE>OHW4O!<AXA4V4UE8&DYP
ze}h({RqSxGO;kcs&@%z=VYtp9#v%M4hG4?kZN5Ii@}gzIBd;(TjKd8UxeA-onxt}}
zQ(YG4Jcw6H?06PgkAF+!lOxHoGpRmeo?({DikorrLgTuM^8mukC!mnoSILF@1C4$@
z34xYxg)m;tTI~HuRtrYG0R3m4YFpq#woc_dO2(xVzE{QR{juZ5!X-y^r4Z!jW%=yn
zZ;RB!-_m@NLC`T-D%V_8YD6=!48r;8-_h2v<kPpkWNibj_$@8nn>JfyoH&CHFTL#1
znQPIr$*7~pTajpap4e`v{N>~R_h7kjU-QMtcdsIsZ})JSN{R_`#(?Wxgbv;2%E9vW
zFjo-&;HzHNvd>vU4z<iH7bHBF6Xn|c*4)dnZO{iet!ufcGjT@n_`Hv%Rgf*RgKU&y
zitTcE>P*(*wy>TH9*TS_8U8hSDBd;`>MbeFcs@gvSlFSy&SrT;!+twE?=nDQSeQw!
zP5tVP*x&DUdL^mcCS4<%1?D-tZ7+EnX@|JL>JKRgVX@s&C^aZ-ZX~;4y-I)qdKDcj
zi-kfB8$OA_P*mnf7SDB#OK-S8>sI<Uz+6<Z&x@Q+sLdU2?nRC9c}t+0pQEP+LO41<
zk!8sU;9^d>&+*rOcC2=K!KfJ)-Y*$dIVZ)aDixsR#=oSc2bJXm4BA=Jkt|AO(zXvV
z89bT!v7}Y>E$pF2k3Y0ESTwRiZ10|HHTn~?Y>u(nfI&{bXi8@f7*Qu6Y2g{Xc<@`S
z8<OSRVi!U7I7`D87_YDE!n8q~IX&!9sYdPm*#_|h8Tq?77~^tZRmpE&nz;_^wYYe=
zc=+z%-}M<h7`^w1kH6dFUhTf!R>=TUn=~$-9{(uaiYvn|B30{7QjkJ7sv|=X9CK!<
z9MJmvD=ha+JUvHeNLms)=}C)rGe`&){OQxcAlFcst6Nzt!GF9&!fUgePGd73>5qiz
zIibrBe<sPa6(2Cw?jO8wNxbCD2HWm$vh@opK$Jm9(u(}+kR1c2pgsqU5I<=%x+mH{
zcpon4C%&sZeV6z#0a>B-;tme0xVn!+vTpspzD!sy13H76SjX!zLNZ#o&C6COjgLi5
zC~JnV7^FfN&LYL`pcd2E?b|bCM;^pF8DrTv5Nd?at=C;`aE~`qyM#PGCvAKau~QC#
z^*e+m@|fHD=LOr_3sJd?AZ$I>+8U62CM!r5^7MIPD^Fz}#DN0Vh}6o1?K>+pPgGSI
zCXiRQE7XC>og&W4zqy05hET_k1EOZBl3=Q~avyDWVZs57oXXVT?nskE6kbIjoR-}^
zv71{%2RwF%8ZfOL{p)fi$Zov$BCk01)fAG4P(@K*{c`HUlzS0wm*H0{6k-72fVl{0
z!Kqhr6_DALw~lA;^7)ZI>g9aBo-#M#k%H}l^$l?)srY+6$$dS^dwXzbTVvIYbBSDf
zeNRh(ry9ovO3Lz<hXTA_BvCKdlUS1Y4}y<ZX<Oa<rg5!S;pi2v@73I7Z@#+i=|kXk
zNUs^?W#+?m015-wRMG=33x#m?K$TDhO>p-lbeWd;7FNq$7PCh+bVD3A<ldV7W#k{J
zP7V}At><c`D{Up6vt0I|Nyoxehpm`NVMw+<T}pM>yWPoQ=O)!Ie0W#z#VH`$W|CZy
zZNuj-yq25qRCjr=%(ma&S3meq-P!HdF^HSvR9yB;FdQt7o5oabf<P#2m3D|U?nX2_
zzM$j_>=G_zY+;6)Wi!4g&)LbzS5ybDK$wyY<1TsfxS)FYSMSTwC|PF9_7y8!^mTv#
zI{>qDi}{R-%1Ih=bMnL|4v{jTS&H`WH^hq|b?-F+zm2Tt{sjtNGAyf`XeTI#S{A9t
zGz(tfBS4xC_j<CRd&eUGq|`lFKP>mT2v!cmfl{{uFyAhO=@$DCeLnQ>!4c|OoVuL3
z6naN#&%?$bo`s50W8-J^rGBlKGr>OtA55M{ey|&TWN?8<NRaKFkeTqv_qukyd_H4J
zCHA3xEOxTTO*%GDr5~hxn0BWfsBwwVKkzw(8NcADyP&|+$z8~@c=6hHg?l60ez@U@
zH0N|X!ci9NnNHH0U74;+?O*yZ6~aJ7Ct#Q1rHGq{p@WmIR(s(Mqr_&61Eeq%SkPTj
zX(XQHFs)v10vYgzJJU#XmmQ&nzfHW@1B9KKG27wex{ctoZ7HlcskNucMOUKbwoKV{
zX3m%(3V+$c<?`mp&f7?WYZ5DQbwc>4qJWwuX+nlM9?&yo^<NWRi3lAv`wEg;%!97K
zH)7=PmbMx^E<ydorXfiI3-X%87)nI&7|jt8dt|^%ClM1gZAodlQG+M|)er;72~oDK
z0QzW*`2!k^94axPj1Z*#IZb#sAX)y^P&_dHnHQ8;)Iz^W5ZVjb`?kdU-*pMUY&|8X
z7bw)M$?qw0#JC{MD(xVw9b<x!&_b3H#c@=QQUym-NQ>*dC^XKIW-VZT#mw>Ac|}u%
z=fp@gy1>sc0W6*gOV<v+eF&kvrfeL>RiRZB<1`)x=QdBb6v2}Yy<EFB-ahOaTxilH
zH=s1Fi)c)Y#qooTNIh_VwiFdjSpZ%_U}m6#R8qtyekEAjqj=y%Gf*R-NBMPCIhma5
z(zO}=UMrQ%3{fFb?h8qh%~Bc=7F^m2R>3S?3~hM%QM|#MCj5y-Tj&<nq`mr!BmcIq
z@ZcRheOKypie$#hNpbe3HnH?B@LFr<i-oMc*NNEk*Qhv0Smy2Y;S7DGU&x?Y>(F*A
znzoTPkX(xweXOfdOhr{kxdB|LB%3iBTGgAUtfRTCn|XY`H#6L;p}|a>aqEN%ZbpiX
z2V8MH_Se;DOlkC#2s!a-S_U*_RKf`Hv%N?&jhNii`bApk3H`9looNr+k7_*KIEaK&
zt_@BZz3Ui@JE<j|wi<CzRQVFB81%N{W9#1<MTcoo#o4;~@(S(qDetq>>A5)9>B|7l
zaxD^(xr?CtU%|eA<JkG1Q0|wIh0r0(Iyo+%41FaAZ<0YOxH6yEgPXvrX;QbNLJfH^
z*gIH)hVZG*=M<z~Wt0-aJr9M)d?Oz@CPJGBdLyY7U{ZfB(2h-sNqY%KPCLeqZ*nsk
zpJ{YOI2b8HZLb2fVTO-^TT`L{HqLt1Rqgo_onW#{**~}uaWXZm55_Bjy(3TiGiSy{
z2~Q%LZ#*#1^TLT|b<2c0OF>5T74pjV=P>b4b1-r6=6Q>Tyrv+<HE%gLqlsc|w<@%A
zYe&kYoZ7<&!$-rzcfN0!eZ3h7D4YiZ9#=(6k)X7?WYfA#>8FiGR1p4Ps=?U1ZN=Gi
z&Wu0Fn@bVg5e32OmADbXQ}c_8qVkc+DcKg=W7VOF!BnXnSZ6cO$16|~pR#~WrG~Vg
z@7xaRkuetBA{g;V3mVUI4N}ae<K|=zzqHpTnA!CKt#O3N;@Z$nZe}w<OJxR4j>v+*
z7We+>L1^8H$|FT5Y+@DL4{^!g@s^lF;B+|UB}J}Rib~|WDfcx;4yXwPHgz<;#GcRx
zW>A&-bd?CDYcEs2F<Xu4G4PH$)=PKkJ8GT%NzhG^E`636A;OHoK?`B`371XnDxM3P
z+q!RwS$u3x5hM$M=r9ytS0BM}Pzgk+<e5>?x%GV=9cwk5LU<o$if<ux!O{ZW0|rP3
zxe<AF>>(!5^~(Xam53^g3ZV#M)=*TJ4rH3AZFS8nD`?xT6O>QubY@6k4Y6vxy;{oU
z+P-e}g#A+?31)T{a#444s|f68Dbt+thxvvN12^WCofM^?GY9uwOyy`SH?wx|avYUP
zLJ&Z9lS@3Q6^;#n%XbmLZ%Qsxi4$!nu&jIAHDgVXBSbYan@GR@qo|GMpo(p@nnGO9
z>LU8GNujFu7#9+CIt0JidIVU9M_5YY(^&tvP_0+x`tlh`&Bsw4x}?Y;1X{bAP10nV
z`&H`->@zW7)=_?mo8vD=B)O_%n2vfY*uf#egE7;9iR%i0M7`1EqD%V0JUC(B-q2UM
zKuv*C2g}rvDI4--o+_|a^hy*18##2o6yb;kx>UmovJ_(q8LhWTHWa`7>nL&AzpaXQ
zC%o$8$3>8sWG8zIHOPPrhDH5CPFu3gE`iSYaQ9;Vcp=gBn5h`5Z3PS_mhRsfv9xKn
z6=5jK0vQU4hAFWu$lgMtpeonleY*wc41&R$L^7pvR*4%^MR<}A)${M*yiKsVigP}e
zn!4pE&!+J3d>?7wFvsygDASsj1Zf3-D)5X&y*oLgVI}UT#*48>k)F9-xoh1E9!x`y
z^q}!tp4;B(1bN{1%zJ~ZW7p`LGjJsCR${)SwjU~8>*^r;VhMbG?qt*9N1L9=`@QwM
zlRvQOt90M4v9nNC&MiiDw}ry8ukZP7um6YQ{}U1fRJ<fwiGhHGErNm|{|gCh4K3|d
zOl=)({zV1<6%Y8nJ8ieE0l$4=V*2a}w=2nHnvP|(%;RWzBDJ>f;&RJucch3>l8}^3
zqyySgZ)SWD9rJ$kZh0mFV1I*`c%+(4W17wXnIZ$JYi)3NH`M)lMJSx|2iS^^b=;$<
zisvY7OwY=_mhg{J5F{}(d*b`M+WcCtX?%~fZNr)E)hgDtX60~YVXmQ0=_Wdg4CJcx
zH%xogPo-(8*QB7N_)gu3(W3Av)3hJ>KE7f;&=|+-`<{1)B32nhAk<_>W2Kkjn9w-l
zI1H~K(!v`a$3o+3hYMGp7Tx(|#nE8z8dx#FVTaNJy6M}i^og8jzifeRd&qJ&YToh<
zFEOzm2nbaSm7{{r0_>EX&;76}N>7=Y!+lgdBeTAgbKx3{Z}l4wBDC^thUmuECUCc%
zD6Vi_fvEm8^kT1W+D2J&lnh*{%F(3Z$h}c-2oe;;+>6NV3t)h-2EIB+zfev?yieCZ
zenoElO?V>pxmrC>sFl5=ZFQR5i{DkG4~axpEb<KqwIuu`=k>VLeMYD?iCGfI`sZe%
zt;j`i7b9isq7py1aiR~$At&lVeuet)kNAiBAXm+_rAyQ)L1UyWQ_ixm&8)BQB^N3}
zz)F>h&MYI=%V1TlB9RtA70?Z2NKhG#5aE1iRYOEI^_}+WZ*RN+f-O_mP4ZA$X%XuQ
zd+mu)<4d~;wMASEjEtu$#};NIHo$TfXWKH^exK)L<YbKmAee^mBzq7Db9+aPo8<Xr
zFZvWTR;+p377(+NZ000WpFXUXMgKK67+c>QDe%#?we~HRf27gcM&nkB;cLYgee~4)
znR}(ZrrHbvnibw@kmkcd+@|Olwl>ej?rL*|tJ$pAhdr~bl)=ZFw2W;<pIHdVj;RFn
z3HW`ip5knyJ;N8#vFG<fPvRS<p8ryfO;KK(t@SG2yNB@rdV9@CYd&jVyXnufQdj%j
zS8D6S?$x|r;>lV8ckj;E{)U+==<DNpYiU1|$HnGNo;!?emI<gfw$l7ESLwGjeNhp7
z(w%0F9HZ~v=94-6aPBDB(R*<Do+QRrOa`T%O$b0&3emb{r(YnIiuHh%1w~zL&8k~n
ztBRBQc8gG1b`|Rbm(<%<6iw1YT=5PQJJHp%`*gcWk-1Ana&PK5sOyv{<8P!=fm&>8
ztDH->0rap|0|N$T7v50m`I<)}X;8Pj%D5Z<X@Xq$MUN|I-g2nnKLb9fRiN&^TFJZG
z?pAlT!BknJlsj8p?*eH1l4Pv46-2BXyW@R;SjW2Gu!|nbx>2j^H(<LD^Dcuh@0#>y
zc_6!iy}iBL_V(}(S?m_qYfo+29c|l#!CQLf=IzT1kh$X4lopb<<Js6N;8X@*ITmqp
zuPc~CfkHM2kGv;=suuL~XTf4j!h!2cuOSu-sIO+TvuGsiRhe7S*A-8vCL}Fvu~&(J
z?InDA?jt83G2x%0yZ9<R@CBB&U18U3cR!_;=EyDWa3fd6RKIILTPD=*8_5JZC{pC^
zF}H-~F70SV+_gJh)zip$YM=7fs@U%G^sHSVylQtB-`H&1n<XX+miI@=q};Wmuk7;X
z&(?O=qFgu#QD0r#TfKH?M}Haa?oKW2*6wuCO4~i-=BBk(uXA&6)*|oNuVi`WUT-}S
z*j-=$v2njuqm^=RPh$d}zWCVf?rN>}WJgDSbag+1obK|{p|9<_h269{U)51@S+qmc
z_Kvy9ZIf@euBGi&BtF%tS=+SZlq@gs<eHI6xo`iEl&AlZ()-_1u1(JEDBEwMl7e?n
z5iH>yY`p_;TLafFSGcvez1d>np5AhIb8{&O$S&;6p}Vq={&u>yH`Dw(hN$1}H805S
z?C`I!n>akdsPKQ5;)~^~uB>04v$E>E)r1GKLE8GtRI|PFl&lf7IM^y!U$#PQUb;i@
zY}NIJ2Zyb=sX6_^`Q$6+^5mQ#-&6}T(e5Otm40&9E-7w*)RNi8U*R^X)*tqYUdak>
zYm;+(<O_O#CEM0YH2Le0Ak(CcowPeeuc`EFdlSbd8KKhl!kejUORH9)4Wbp}=A0*(
zF9_0?KHsEWjck(_?>NbZN2KX`CkdVW@tS=T+Xm6fHt4+-e<yI*3wOQkZQBI%r>e$0
z<>pfqS$24^PSUlBWLvU!QxVyP3&icGmifZERrjauuVvg^zuMYsI3|dyH?n*a9@-=u
z0t6>1w|_U^{*Qcwt!<C`efyQR#<KONmRzA&*7jB{iT%;fzOv`YG-vQ_z5kZa^H2Wd
zKlv#3*AI<lY}P!!xhoBQ(bmChaeCVn-oA3{P%fVQlQ%V1_6foN^z6<i{IRo}j7s`k
zt6N)tRI^nl4c5y4^Jwj1oxb7*p+PE2D42eh{O6|X34)6=BC*CjKd(je5%#5>_25cj
z-i5g1^ZR^vK>|mzU;4K5Iciu+dh>8Tsc^5r!(P1!yzio1*L4)7PVe_9tOgr;gtbxI
z7YhTH-J3IEM~_`Pyor>cA9<LB0^+c6RFAExwdJ2$a{_W(dSxkX&y<!&kkppc(vqZe
zxV`4omPdnstJ)GJV$c0(7B0y6nT%|Sd0zLl@ysR~d!;MNbdLRoDUQ>c9?^WTVL+P^
zWo4RFA3w_p$u4>-Vm@`oMhMNCWUaWhOcwt-1$$@NF$L8{RvkTeh>9T^i<;K9WF78?
zN@y(xy2$QSxkiw$_8!u&iezYJ*QdD$Zz0|<Q9CZ?13=)xhSvvP+8!IVxUp(VScn&Q
zd@C(4+BKP_p25O<`TW{Q8^y?}3iCGV{HL6jOB=PxF8Tx_ndIikz_O;cpgkoj3yezT
zOK4V5oXF#{RVQ;<Svegs|IOa9fOIvB3;)TYoT?~*{e52;D2$PIpx*2p@~n_L$^v=4
z1L1ENc4VHTR@;clarDB5k?|rt0#VYq89&3N`tn$>(|XMvqiy_#KEkF=V+dB|MQ-^i
z*qz2zFuY+zggO=5Ln`yxx6DC>i_AmB)>mK%Paha#7^lC)Opqk!#`p2%X7jNy9%Iv9
zZEmli?Jw(Z^(?T*y|oT8YQN9XB69WSA+x_!o?Dx2d8UPHy-ul*U?<<@t^e34?rks8
z<Ink8)$93r5+4n*y7y&cQLA76_VV+(m$`0k&Y%DFlVf-xW_O$5v(ndXulr&#pZmsN
z+yCR~ulk4MJQojem%yK^sJGo;_UlCs_|zWe-OC6$oO~nn_qd3Ix0f^PsjtPowe~sp
zD;sg2FuOc9x%~sDFWTRG-&10H*}YajcVFOZ=8MyQX<s03%ireHr`G?EPA{%IoNslb
zcaQ595utr-Gh;hP|M%10W$){=9<XYWo6o-8D_mlE+0y&!xt?<Nh>`MkcWts|m#go*
zHNO9YpZC-0u!qM!!kn;=U^mBQJ9qD3@b+OE@+^g5=K&!;$9*^WqPxxl)-SqgOTDzu
zXYB_6>+A7lI^k(Ar)l4x=hMsW>#zFfZ2*D4EzrtdkHg`aGGV)N`)NHny3qOl?)d7$
z^S%0`tYGvLqs4V}w0U3tWiq|cS(-d|9CNB$U%@WEA1<6yKaQKAwjA@@O@0Qo6+d-O
zKK{nf|LLhb@ym?!<ETN1k-^U%Mvoz`%=5TJjy#r_d&m7Adja4gUk)$EFg7~5{_||*
z%ANY>OD=VNG9zJIT>nEDrGEU@xW1l0*X!FLSElg(1W;zv;~~o4*YzT<aJE?esq%g1
zWd7=G0ie|G@5sd4*%8#He*d}2f5oOyer?J8dE+W?(GA^oI{k1hCGQnR!*~5Ps`S3g
z<?~(6d*8vyhqnjHN4Xn3c5whKfaK^`z|Fg%T)y3wB7x_7TTcJVUe`C2UvB&I1<)4z
zbI4nEFY@qq`mWpVGf1@8hh1tsyh)#M?fCazP4pb!?eliNc#3tQk#cYW{R#WWs1T?q
zH~N-paU0+AG{XkbB*rlrSsT%~ohBtV7ODO3K(W^n3LpE~;jKAKP8|R$myDu1+rQyO
z<?O)wBoK;Ek$QO?UMfOagHe)6XDPUQ#v!VUF&X)xFomZQ`tc-u80RBq4gLnM>2HVF
z5ZPP~-cM6EB9E^yL7P8fGA>w8i!-p2NE2k{Y@lWjsqYv?#4|~37^K~Xic%aj00n;z
zcOl29h5D1S!#x~^3Wsl3Y24}e-1-n*-Q5#xd9Z-8rjFU*_xd|_!z+2qcF2Jzk+k7s
zj6+PA3x-GNz?QFe#81tFVWV{N+)I7$sCr*HKXZ1n|KR|G$XOJ$@xACk`#K|x5Y7+G
zof~ywiMQy{ed65-#3jIU-9wEHkf@r!C=WD^AN>85KgRJuIFfURwf#UVgy|ytH2&g-
z@7F_2VG|nJ_u~|85^NyPRp<vZZyuJ3-DhM+_K$uF^)ZzhqIs2?{^r%gr4K}-v{@zp
zC}B_$L8Kn=8Ynj0Sg=<WOryUA-Z2zuLao#|iopeqrOQ83&mu;#lM&J&hcH2}fyJ%y
zKyOS5YooNzfu{tA5zaQQ?n0lCwFWbrI-%Z3+revj4I)*GiKbEi3RAURj2lt9@?!}6
zoJXYgx`;`zUL$cgN)reG%R-9}wCg@0z6Xg`eDY$5UgE_m4hrhmj5Vy!i*?e}Y-_BI
zVHphb^M*4fiI?1Ki?y=6O;j|Z5Rm8-qZz4d2!k9^-`MImKO0pze<WqW5a%g^GM_Rj
zI2DgGb3l5;Ho_}I`JO7p2!S$0hVVxxH&}K~=ec0fM-n-e!mZx*PJn0;M!1wfO2#I5
z=ZRC;$lIyJxeZv{cb$5j%UHb`>UrBK{RZLR71J!XN&PJff1VYJH%)|#ZdJPg{C4+b
zZ46suJ_W8^tPy+WMuQv*N`Y@c``)16wA;wB)7+#<oa*AZ<IW%!UBslaz6rzQDPG9z
z0$CK31Ob$lhKSW#=Xx86KqG(IDFrDW!{%mL#%4msiQu|k4=0k$E%ToyYp9gFQCKpx
zk~lqOWeMf!yXQ`pl)&n;{sd|fR9>>X_l1h%q|!8s&V>*Nkuv+;GAe7Ikd%=oh#OQ=
zxcbhVGQXdFMh3Albi=tM1!~vr`+o1WbDDe-uJNP@$%5jV_S+Y~D8#*_V@re*Ix+-6
z?qqy#q<wGjG0?tLd-H07V4-y4>hr!zN`2*7yF0p?X<1y`C0aq3!W#rQ(rPiUex#42
zJ_!F7^EHGIhj^Vl*kMUur@n~;Zd~C$duxI&QAe-wJ`m1QSB7x-Gjv#%7>a@vf%>Gc
zYP|p@3HMg7)6ZTBwg3{q$Fu0*L`TN8o@#Gq0TS5*+$!j{;OfKF{cy@%ApH_ov#&Fy
z`Z0hbTncl~Z}2MAE_+wp<cv(0Hf-pCEE8j-wK}e?!;7U$L|9G%G*3=$h8Jl#l28tq
z&uUea_~gVkn=?7m<f*o;Yt8E>%lUV#30%-2&Ip37UL`n`_=L2avF#kvppxjj|MbU3
zb_#QNgHMd42!@fB)DgCdw;it`HcaQni<1bjg!Ruw8iz<|Vm#=;IDW0%*PHu>Z@#_K
zMjcz0Cq{5c2KDbs_wXk~ekTV*<K!P<vr&vJQi&FaZ1fa!zm|^2ZG*<cMFB*TMlc2k
zTjDFfkUm9oq?+N(bG)kL0@Hb0ktR5ZqAWpT*3Y<4Lqs;oGK#y1h)Dz$F7Ie@CT|d^
z2BEJG;h^7EMvSX=k>Q!d)o36YkWW@&hMF!CvS=xWVm8tD8Nt&E|7C6;OeS-x`Hog)
z3Jzgx54r8p^&e8mXryX8i6oV<t(3n`Z=6A)yb{^C<+(GC{`E+cN8Apt!E5j>m%ZY|
zNc)OW>qJO)GhQ}xP-NcVo-r=<zc4(6Zl#~LOR;%h5m6-g`J7U_811bN3~eq*fwp}~
zH%>?BZr?HVjCPv~{3y{Pzn~qTA;l_8$DBzS-<}e4w2h~GPyqy65>A)V^gq|L-Y3X7
z?&z_IsHYc(?NM(KeKR`+bg9X9meh3Lssu&Q`O$sI3};m7!WHoR7#_GAAn7amnvZVh
zPi~@{ZK)64CTGRxbe$kfhDza|bZyh+#+hJ%alW|EE5nvT#wjzl)@_f`RsEBHefs3A
zmEJ+)q5M~BQUYo|o$7QCd(a|Yi6P%Dy_3NEa@z#@l>2mLqF0$1%=giKKUhr(ea3Cd
z|M)xmdEWTu$brCs$}aJaC}(s$;mGKD$(LfAb)KW?yZjP;4oS;amI*JOmp<j;9L@>0
z+^Wie1dW?Xo&4Ha6a1jfdPTqvuWv^8{ZhAbhQ!5WCxEMHBO#f~?UQ=3vgGV4r7iny
z!)mIct);(n<n^MvLzz-Wi+W-HA@ks8*CrW6`KPA)J)b#MA$k{2?ezIWqVKA|Zua_(
zuuCZG@te_!m=~3hXtUOrRLupv&Wf)wH#(I!DVQu`AF$r5r?Z7C;4nDsC_D%B@hO)d
zcOEB~bY+ou1}eDHFr3TgT!`v$Bc{&{m;QCQ;Qg=Zv>O3KZWwUfl5<zn1A?3O29Gyi
z`POG{pfFfoBO4{xFWrf`mF8^EBy2g?!#qQ;X!%B$`^t>C8<y*YU&nkW$Y%c9<-H=;
zHhEl_p?nLw@YJP9?#rgC*`_GjCd=7|lUE}PU_(H;!CCx$!r99(yXi_mx$ZMp3!b9|
z$klAl(E#MAFJDK0%l`S6Enm@0odbrvW#lR}=gJ?6)SldSPakcm?o_(Sn=kS5$9m>U
zIAi1OC2!nw1!FjX(vwxNmd``dma0(BapiLS<+eR_Thr0;0?%P~hHlRIYwB1&jTP4~
z(|s?sCtJd$<kyX;@+F^3`j<zHVHKMNS;}8;F5Vp(lXH60kvPA}<7~_`2Pc{bP{zqz
z#ZlELAH6vjWrcb-7l|z&i9Htq%R^iRR>p}>!Gk+zBaP|Kpwp#nNNhe7vi-Qi_4*p>
z;cluM=H{<axN96XfFj&Q372h-w9N-M1czVs9R*K02j5?m{KF0Irnlbb%_J$C17UUj
z$c$`%0BL1%mMaMcMXkaTg(pDpUNNCyL55f&dl%4wlP0Bpvv782GMj><{5K;*gdg;Q
zKJ`2sl9XS!8TIF=1oh;##r38g(X4;yhdXn|W=*iCJ+E5`dUK9PQS4@%5R&SYXkne`
zqy`DSW|yprB&o!A#VAn6*$0gn($H_yyJ(89@T`pPhmJ-L_ep(936>#-Q;oSZLtx~}
zjz2-%DB?DQx+z!@4_8RDXO~gtUD&U~LKA#FBde4j;liy`0V2raMb&OwILW-^W3!P5
za#nGq<_7r0?IH$<qJJhTo}PEP0I0UBIJMrBvM%9w9($-`h!iSQ#V;n=J$#74bI{$w
z4Ykx3tjUd)vm0%GFq2dE7PiF%`jm!26FZBipYkPELuV#7&<YLCF9(!z>X8@4JAR26
zws)eFv?ZKwy|I>uA6xK1O5^J3_DH#&#>Pp$$3!-MS`7EQREB{jF;z(Ws9{u`-hjM?
z*{if3k3BRDX09wBnT9+s$K$$jws;5LOsqP?#Z%ks)6+7DFnzXh_J~SN?#O<*846LX
zq}-E^Nt_@ofxjkPW4;3EUV(*RhLJKDc?-844^MTOx`%n=25Rc9;#_4v^g7zGt%ouz
z6mB<Bha}P#&Nw76??yvPmnEz&*W~7T3z<IMl3;_-m#hsZA!Fssmo2Z4OUkY=?f3ie
z;`LdcB$hnJ+ai8B40Ou9$AyTFW>PN}HVe!0wZUj8jb-N>$j4n|-1{q_6yF4|XYgHX
z#hsVchS-i~XdnPH&qSML@wc|@Mqs(Deef)BGH=f(K#=T^#Y|AAO(L~rE#qGR%`<=*
ziAjR-)bG0BMH^E)NZzS|himS^g7SynzrMgf;5ooU1xE1R+aB%kv){hYA2%s0voy!)
z48SykmEB(@-uJuAp*a}8>N4_nXP1<xao{%hrfUYD)7dyJ4Jz{)lOfXm`b+oiFP^pE
zKGXdA6}T;LA-wKDeOAqQE%kd8X*=t`yHFVq!1DJszJII48?`(1pgL?Ao$4t=x}Qlt
zbWOnxt%_yvsj^uTFaQqEOYh26V$bLhE~I-9JmWeOVcmQWs3P1aO>Zw)p8r}o3CuTC
zGSH54!g4#0^6F}!jx;)o*@UgVE3f1`4YBi{P1oRMZq~%sTOYfD!eWOQBT8_EJlj#Z
znpq>&?k0_yUiHk`*cL~*j19-Tj&W2)?0<ooM5%|7>vhDlS54&kUhtzJoJ~~(S77LA
zp2n>An)N?#Z3M_0woyPK>l(@_R+Dy3)%#HHf+`_dmzAQ9l-4YCHFUB<^@Z_8E^(b_
z8Qrdtx2KR+G&KskOU3)!Y<s+IBCYvcNehm_Kfth=d8<+<9xgG8RI4T8o;K4|;g7lB
zX4*Q+^b}C&pFKi<^eTyATH=56cOFf<?3#Anggi~T?B3Z5JiF{#?DBP%%9hi{<bpT@
zqcQg^$tdbTX`8*ueM@I9@%1}qE<Za;bj=>+OaD!Kk8AdBie7Y*yoaw{FSPy&9%+wc
zW9&o{NAJ62?sPx2YDU%10_1LXy>KRbcTF2+?s|Lh_N4%JnMdCI!c%zrrg1<f<bT8J
z@k`xlR!vIvNq279%mbeLGYi4MJq7vnKHqHe<ecWSq-aw2I$zQN3kz^}zGJ1C<#rbl
zd;OK=ZWoc6PF=k3y%3xsgAjr|IS2dg#)N&|GsQS3>tb7V7>6KZBg3g`*3tRI{_ZC$
zW!G{Xb&}WHed-)v4@7%HG+xhPNibKKNwJg-rJljC6p`&?Hsgse=mXbwY-Ii{bz{lA
z190PUdLI-vtvA%?Dx*Pnp^vpRC|n3xK*4Lu`dRdM>h0G9Y-9<n1!1I|_j%*QH^}^f
zgkajtZA1L=4Z8<%vU#yDnS0J4?1V;RysT4k3R?i_^ny~+NyL2i`!YE%ajE#~rw@9c
zTIdrhYo8I9&*80ep=uzltk6kh?s!_ofTnnUysYcVn8G4dBQ|(xg1`r+AG-<D9LhI*
zFE`7mAX6$%ogs3HyZ>u_&vBmxAzkOO!nf%L75sJaErQ@{Ko=HlHuEFUpa%SkETQ7#
z1T(TEL+qWZsiaUAK%>upf0kI8rRMpeMmnQ9%qxjY_Z{yOY2O?!*EKcAfa}k|HSO(2
zP|mXcZUpKhjJ^LkYFY|r66orl<)KGcOe@_+zkaiNdu^7k1%Kp}+*A~wUl!otKH~=S
z@^p(*g{kND>qBHp%-n8~ukb|NZeI<s|EfKv$_%tqQGfJw_wFgmoZn8aKmU6WJP;KD
zmCLUt8tinei46War-|su=QAfXhY{h}CTY=Zaa(<cbol3Bgm#Ls{9OJBbrye+j*UP`
zi>P7cMP&34!E_9l<_Ip;F>H!c#5AXnWlj;>++y?J@<sR=Tc3)rZUN4Z-5sy+^$>Cv
zlY<HtjE;b?!a}E@=q@0s8J2SVQ*)|ytLpHb4zs-X`-N{3KaHTAlA?Zn>F|EXlsB*D
zON;JiZg*sxTJo=tqwAChw~~HkkdeOKP7aHn{MbVZEyJ8_{z*)5^2g?i2S=o%-O}N9
zh=_IhX!9iMIK>>QJC~z%8b-ZY9w*!D;WAo;Ofq&n1ucS{_(!HodA|Vay8xhWrbc=m
zRpNAVEPgT$H#uvBhTcUy?;LLQXlMo-kwQTuspn4LX)|^IAE}HwQzMO+CKN0kw()9E
zmyQ``0=}g8I%qqOYUvnyLGM(Ypqn*5QVt!JjX1v;uB%u*=Mza0rrO^-R=Sp7C|-}U
z=-Be44#igfM(I0YLVGkFrqZEdknr<Q@;XXIjgv}6iWK3Hjf~+>#&Hy}BNOVAk=99y
z^CpHKMO1*5jlfIAVX`!b>hkhWEFA@*ML{MR<Ro!Z3iRt()zwVnSs~JfYt0~O@VaZ6
z8NE<ui_*tzyjTtyKNX_?r!D9J^gUUoOy22ntmq@)AbvgVERZ9cljLYBt_uO=pA``a
z<);hFJADCVyY5f1qRXwyRx+~2L7Blz7*bFFK}v6n=&6#lQ@G?kU4Fu8zwlQ#mJdB3
z-Lr*xn;EJ|I+KbnjS9OOal+*vn&|v*G@<$*G?_2UOKt)SF?764>Hn3a5T-fNm^Ir8
zLh;M_`;`Gxz^Yp(l~@#b3^jLp5oHPiCkJhj;p!4usU!{uze+<ICXN+Zw`FN9d!K^E
zK^gX3!G(}x4dATUKo3;HZzK)g-uFF|1?y3@Zn+^xzQu=F@ln7M$WWw?KXkUcr{Kc~
zkl!E;DpVJOt&5?z8>4tqmNfAbvBrIT;f7uoJN;q@x|67)@>2#ky@*GQ8V``k=|xIq
z@A@UW<^O{d?b3g6VrzA1vkebq`2XR=t@0n7)X<{*g0vs{51cgo7o1e=9V;?QB-=x;
zDFc&sRy$9T<0w&srv|$`wYxhzD+53EW*gy+tkUEU8L^t7k)Hz0xft5Rh{oo5HRBxj
z=S%erjD$1}LBl9nc^P_hZOqa;$^jWis<lc8wgLEcwqsc$l$WSJPa(I7<PWd2i()>^
zhPIE1SzWHn00pX<q1@vj1BOQ}EED14<qH=r9<IuZx6$o(#_^-{n9oGky+(RaKRgG!
z<v!8_CC4D?huAQp*hbZ)AP%*GxTB0X>hEVV<`WD~gRSMdlL)&l=?#;Z$dlVVPkGkq
zmBQL<@t%a{vGKsNMCkZ9IKg8KB~kW9*|d&>l(A9)z%=i$Ps*Pj{Z}A&#;p43lW8d&
zNu&;C1}I-eZ<4i(vRxX%lNmJ|fmo*;4btE09im9-6Nn3Jy96EeP$%n>2f0o*uMX|v
zGrWUgJ)#i_-WhGCwQ%#CJ3J#FUbJQ0Q1n0IM`7@bJdS@ib+#+26?zr&6e4b4Y|<cD
z#NbVe{G9ekyru0B=DakPp^S~jjW><HDc!-d<OXOjn=zU2aY@Kg?tfO0zHGaCIq*Pt
z;zSFkYR6CiA=gIVjf#Tk0t9qjOLxxazB{?P{hqU!``2Nti%ZW~HvanYqUrl*e?<%{
z|F6d%eK||gA|7#Boq^E!&P>ndp`V9>Arb<dSHxTx30QCwO~VXA92r6tAO{`NBJ!oK
zF3cn`M2(#gXG4Xt<Hj?Ur>z>ni9(RdN-_}MknTh@WVmNB2^LXLzeHW;$=1kO>r9P=
z_eBWd8U~GWdhTC|r<?Kw$}k)K2zAxEfbj?naSXJJEPaTjF`(Lztzj>47N1Q{4r}ip
z(~H3LRGO}u9-bG6yC>)84tEzXN6k&BEv4d9!eH&R%S`ILp|RMg-6<QkS51#{HRniX
z<*Epai$xd}^(act6o?RUk<*{(d-e`os-WlkW4XMh`8^onbjql?&Tfl;a>y|FNZC^<
zb4HwE0)D~x&rLxuRs!PaPh=_Bk>x|f?Y_Hf`(~;9QYtNW%7%#>PpoL{@@VZt4!1B#
z@n|91$3`b8;Cj4i7?oyzkU2=!;z^FHl0&G+?3;{Gwkbx%9D^WA7n+)m-zIW&?muM5
z$|2z4zVOMHC76;h6H9{&XDE(EVqbZ~5QQTW4iv_X=42c7OSdF${H64JDcaoFmJ>A0
znytO|+5a*1@&Kkl@w-a1#vU>S%S(Lq_);29*B%FvA_UBzRw*3D5kbc|d_B&vq_p8%
zO)|KIlb82WaCs!q-)^_CjG_X*(sk+88;W?nl50kpvqh1di!{17$aQsmE0vqWRa|P%
z#(1U`nJxUsm$Lzu1QE&x9hnM>$v5j`bgyWBQi(OHweU=xA#>5Q&Z5U(eLE9{x?Sl<
zF5cQ^2A!LchT0C_-K1HF&t~X9+6SVDfu?K!zC<8qBKEG{U(Q}_oy}bS@_CmTWyY^*
zFQ%;6v^ZA69VjZn1axTMLKWCth#WE+*mD3EY14n~#Zc>1RqB@1qX=&Mu={ov3@x29
z3{5P9$pBF(biO9yy4c9!|D5FiI#N36^tjK4Y8Fr5KSn8Q9Y@@0V+q(+gWh3)?ci&M
ztCE9UA%fgJYAhXAI^g=*s<i4%OM~-_7PzH$s6$}*F$vO&DNWTGd~<gy8uJtEr%*xj
zo?=Dua}Z@<+ocPWAe*S%Y?JN4IYQSsoaKgS49>{$7+PoG;hTe&Ap2V7Fj5$S32{n0
zmaKOfQoG**-`?$Hx4ohoNe$r~0yvGfD$-W04^pk5D`M9;O$iSrnl=^{e8HkSM94Yq
z-69I1ug1$cF*Z_iVzD)y*}4@*SQo2H%Q7{w;%j|~pbS(?h#+RLU~%?&-d-06R7)!s
z7>>wW5t2pW>|?HA!7BorT{StFmT&<-J~>!dNMbJ-6ze*)1Hu3x@@Idfn&CjRL9$H7
z2!X)w&eR_scBuhpO&|&#fDV%7B{H@uXFD;m)jX1=&QwlQ2`qmjib|5I5A;kJ2j}xb
zQ&+OOg*qZEUUs63L}Mcai=2rHCposD2utm-A6t}v^(&<~tym~y`NUOlT9dY+7YC})
z1r@V(wAH~Df3VaRC6r67lQ!|EE>L7-!(1(!W@dc}mxT+(SE(vY%IRMG*{lLa4hxDd
zO1HiHw2dvAh>neniMPPq>7o5J7#>mgjj9?<SF>;MvYACVMu~<0;!|gRl21@;5TQ?0
zdr>E;C127asf{MCU6k`t*ze*fakXYHVGDZ@OI#Dqe&-R=`ioz+qb5_*DyrqnEnVUY
zP3jFTX+1UQjNro-Y1bcFJM>~TNRiIu%ID|Pnj2W(CgbC(`9gEd73x!?(H~|NbDkDU
zxo|O$V;gH#psl3TQy$UQhFX3Nb)*1g>uRWs><k^C=#D4&Wi*A&3<1@wczQ_l!eW3L
zDOxarOFO|Lh5s1^Uo~uibXwkI8lXmx$tlccqAd~*Rx9PL5&>Z#qC!SkMJ@tT4pY=1
zp;yh1E0}SO>bYM*SAkeYA(Eb2yzhmXj!r}oq72~zdY$0432t^khoerQ2n-pT7Ir8+
z5H18Yxj!d|fVriDy8lI+QOy)Si`ZkwcK@Ru`b7G7E0|t$fI4TBp|SuIaSKK}J?YoE
zn+s0?ggd%PB#3P>m<156ptep?eor<-U)r8NE#t{kiCSozJWSVUV;*NXjv&^{>wS;u
z&yx|B8{9>-(MD*Ttb35*8BbMLZ5ozaq~W_u3f2>f_!A1#AJFk9E~aZT{tt?+Q0D6(
zIR---?~e>O%Ad<ODH%^qOxLJ08b})iGdQI+6_es=v-YAU&*pG;5~_=}6&Amh!P<Eu
z|9XbpQU0{+FIxv&OKb#B_@k+Sg`h6t=#e4X>|1?^D`;Oz+|XBv8Vo{#Ao8QY4mFl;
zysj9PSIjraW;*Z_x{01avaYCa7@0jIl<9C88jijM8!UScOm0AalO37B!Km24g=7{-
z!Nyt^n;Ob(m`WWNW{fL@4~Z0ivam0!0u~tW=ldLu>w0i|{!$^h5;`-`v6^ske`x5G
z2_P`e_9NdTeR<Za3Y>rqd`bj~SmUU&LY8U;;aKFyIikJKMD8P)R@Ir!%hQU#Ow_8c
zoP9w)b_%ds(LoHnIA|KzppLR96$?)Kw1f%<N@&*>om!Ob3paVT#&ctH3Tz>sLmPit
z$*8Ip2*ntvsbbYbz@s<x`DM?)yxFdy4`_48{EV662{`kEOrS&)x91&P1bc=R`sN{j
zVEj&P+a&)NA8$n;Y%MA)DFAnH>vlEa*5inMm2|onEHC68u6@c?+E-E5860i%<51T1
zh9>kt>-g58eGx)<B1!ur<qbo+|5GMb2yln^oD9$q#oiW)MjGE*X7=68q1pp}&OtMe
z8Xo@L7Q9ShI{u0jW#q*t;?X`LP|RxMWHWxrIzI#3-l9Sn%fpV()iN$$%aB81?pA)K
zbEC;4@WB{*+3E2I$<i^HSk(1Yf}29W)G-dpunTKp?gIs1TM;2y65qfZBUq%tIW@76
z>QGz#dO_6%xyA`01wKSPDK*!AJ6H}4^P7znP$X&we5zY2HbBCMIrghVA=bJAad8!E
zh{Ug2Wil-XnNF7<3#vST#qAUMn1=^Sm<0%ib@z*5;q0e_j*FqAjl@Kf7$C!jMCj*l
zMoOrId*1s*KjY-&7rREJnu#7gG@qdRf9$QPCKdrnb6W#19~%~QAKVyRJ_IDoW0X;g
zBxq-BiKb&5tT(wEg`k8e4a!E1TL%3K(P3NB!7F>9g>)HFen(o{a2EaPG)6R-Ocsgr
zG>(ghYFz~Jh`{&P0~OW(a)MOHv?PRMDana5EJVIRmPHdmnF+cgvZKc2?`q--5sh@(
z{-HZBF(M9TO*%rB+Qq}HNNxt-z5u1)tuNe`VSE*>)!>!%@OzGq`bie2M4-AXtRN#f
z0R(Ec2pnl~H-}R%5^t7BVv4~E=SSSVJ-LXrj|V1JzyE6uKY~+}%?|z(+8%+~S%KD%
zzoQG)!nWl_>QyjkAoZuang8DG->T4huP!OSS5Y9`(0Zh?*4-V*BE#!<$it3koASuI
zt;!pfbgOGs*TwzoBMB#vVZS?f^1E!w)G$?5#Z5{7Mk)VlSPPj83Z+62_O`O2Uhby4
z1rzL4gP>ABJ=M~y*t%(qdEde3YJ0U2>Z};!D@f5n1WB>x!%@8X*WKM=)yAQEXmV`t
zE7nD3n%lOD(Or@A8E@YTQs-jkV1xNH{>+CB#_n%c&BfFS;>@!|9ls?R6%JAr63C9&
z^7qfHOP0YnmF>sQI&@p~r)5rUQA!mkF2r%~Ry-7Eh!*&XfuDCrgX%mW#;6ci^wiaj
zQwcAMBC2^ZR*u+&1&0Ts95t9oemrDVDL#7gAj`uwLY_;c>nAtJ*nD1YGH#<tdBNud
z1OU~&?<beA3DR7no0yHER_s_xC`YV~u&vEUL6E6nr5pqU${7<R?id<25;s^;JQ0+H
z5t4hiClE`0qpjY{Y}wi>ftV}EF!T4EKcT_;o*f%8x*D`6pUOmaY6qMBF79z^uCoRB
z3?qzZX^XEwf_k5C{<amgXKF&af&{cDy`cdkf@i7C3n6AzDoNvbjMeP)8mee(8;fEs
z%a7$H#aj2^LG9_rOkN*%^535}gS8chd<Ar}h#)&#UaY^@x(5p&=4Sr*+048l6jK=f
z!7GaK`;D_D(VbVC`F=UEauR)NM{#~qq{_sw507w%c1;?=4I?;q2Hp1hW(uD1Q{aHA
z!6l*`2tf$_!<hqLp>`0SSRL?^1W5p1I!NAGsJ__N7r1ar!R;=K|8uLb*m(wDdt4b>
zMzc+LJsyxVj^@=$h&-edkfTlPP!JnAPMsh?rNfEI$BH#8Ll`talxBs9E6h_CBY{rH
z6TpsQxjZhBK`OJ1w;d+QieRon*(cM#u1SIeB67uzt%yq3g2mk^NNZJZ3p2I2;k#+E
zl6CuiJ}l;59Eb40h;W2bQfv&>L_9;=85*KakfjxO4KW>hV46(aI>Y@oFfqWqFwlgY
zt)bIXJQQU!gb#KFMM=TV_Df8|3qYf0Ml$q+Ef5^{#_59XWO+%x25go9(V{K2<L^J@
zSfJzaoq@^FM`M+-eD@P<_Ia23S7ljgg#iDmEUWg=fF2&}w10w!4whCF2q7Shol#o>
zNyOURz``^sx0HhUJ5+X_lD&^PkKPSKwF5Fm`Rs>*`L#rF?kn|r#=;p-Gpu!-PK2zV
zL@Vsoj3Fk52_$0%rVsH|gZ@N{tEm<DD*qo$mTP>o@jhkcp!qbo69~v+06DIQ&jk^^
z2LUMyIudM2nbU)nz!n#=qAdMe12OYp1(X_bBIQ0O9aJndGLr~}xvR@>Y%?j$kpg!1
z@+K5PwK(WTM!DSch>SK<ET+aF%3{k+W1ANYGpIdHgm0nW#&9f1o=SkhLs_u3huOIf
zSFsr!D1VsL1D<3Mm8#-8TV}Q9$$*X90bO-*u+n3BQLLa^P#nleEh1UUncMb{y+Iam
zf@(KkOr^-&+J%*xPSva|K9ZH1+>UkoeO#-w+y<k6zK_cKkMAoq`*KURts=8hD>4-%
zBD4PE`@t2uJE*%3#U`{sKC=`Xy|z3e>9tA0$*C568Iei(N%)d?p5Yb0J_s`<UvI%q
zE&>qAHBVL|Y*7)THZ|{307v^W*aJ>&a1n?opsg-6X>d~yQ>u7#tf`PS+k)j=2!OK=
zcU_DR%%md^!{3S@JLCTMuT~~<ri?gOGW=^`^Vm9@6VDG=W}<`t(>=9@I3=|{W7p_=
zRYb1`X#X^3`%hjEQL*xWN9EW4?Eb7R(cAfDIwo}na~`?cVdVTnC&oYeN7EaEQR?BZ
zC=NfNC)PV_q3?B#NSE{_*9xgD{QUiZZpDP3GoQ|@y$2Es*{Kml?$C>eL-$QH7Nqga
zf3jHn{_3cFQVY)^sO2N$Hcfg9tuY-{tU??kIA`XZJ?xIkHb%<P<6f@}oX;g|_N?yA
z{28X_fbV_zUwvF<P#i#$#UV&wae@<Ig9MiZ3GR!#6I_-J?(S>|kig>Z8r*^t0)gPV
zxVu}B0DB~LRaf=Z-Oc=%?y9MoKU43`^mM-vNUFo)wb&NCIRu4)ARV21ZhyBO6w!^+
zAY&syp=pC_?I9Q6A7HL2JNAvGfdUWr0OKjY$#GFQ){DJG)H$`1CWP&n9~94q3@{wt
zm#G_PS3aQuM8OqAu-%XGq=!bHSEFo`p#wDMJ7@{GS5y`p8_)ns1mnf|Xn<s{YBEd!
znW(uaM+vt~MI42FMsg((iyvYm{%L_}s+qmytmo;zumKgZ$l)$?e0rq}WbuwQKiCHK
z;W#in-|w~VNmE+YKA0t3kuX9LQIa9uKrZJqt7h?6oTM))>``TH7DPQPZC=JLA`@64
zN`0<{JLd4)w+fGw8fD0c$6pc+B+|MLM)j`>P!Ji!qbXaiJS|Mf9(%`VDsbf<-ljYS
zuAje(K;%OWLMR~0YQ^+^S`QQWWHi2U!{yRm6=E_}UQP`e3vf$RhD@!hXzGw5$(!T|
zpkBTolo>-n+5UMsL?tA+It#TvUx4Aphjolqha_P5o$Yo?z(}xz{MIw|ZLa1Np$Hni
zO^KIL&LRcdTw*F7Cn@mp*W}j&w+-_RxS?2-bJKL@j^e#S3&Knczr6@*j(Vy8{BEZ=
zUnrOCop{0>z+c=UsPQwDe8L?78-V)>cL4uz2f*e>>SaWr2c@FrMf-<4C<_BYT^@>9
zV10t8O}5M+*THM_-i@#HwAL1(&@53KV(`v*j#<tyzcc1$&^zB)*F%X_lUk%kN0A3G
zf$LAX1M#YlevUc1CEPf1EKIdE+^_DP&T7b0elev6Ij5*4#dB8tQXy#&3eIK)>4>&t
zGX!Plps{uyZwT4`j(F8T2O$mfz`<4m&LHUEQaRT7XHL%bu5&V=9?Kk=pL93#!>4<w
z;926AE=pSuEae|fK6{ov4^6By856XCO2_lRrOkDxNX4U!!ga*5#bCCb)k_cYdoS*o
z)A3z<HRc9&>giM0&?0QBA1-fZ=l_$#2TzeZ@v$WSkC}P&i8-qBZo`jpG-3*IzJ5zM
z@hV9@=dM>*GiAnRbt!F%&n!=iBZW3ewBcu62UOgN`C-BUUy;)Vm36!KJIkw0ncCeS
z?4H=T^Dio$8g{goJh5>n>@@v}jXVFbap%^XFcFTf*D@|~6i(@X&vNsTH4>ziX|<8P
z>j)Uaj|0a4*1^AD7rvBdzoVm7fAsb{q%{u1<HFs5yM}Z%$ifT|4>b^?y6P^m-dnDW
zurj`?!AQk5$l^RmNedD{PMZRInIwn&<TVd%&3z#QX;P2m`Qa>j^6T1hI_b+dx<2a|
zi4q<=6%3Bg=Z5Q%VB>q-I-m#;5lUXeBCxBQHx{S}c}pz&l;6_i*OyAVtVHwUz_puN
zB#{al85ttzwR;An`6xzQpv6~r(u9>q^695s2#)5pG$XAn-q!Qz?z6Y!Q$yrJ)VMRV
z<m2p`rU{lvMB`KxiobEHKI@hcMTq`L2mfj>Taj+QyNmvD<B)!TM38{#s69S(;hN`|
z;~#dkX7dxZJn3qs6(cHZ85Nr{QHkf38%((5M)5}e;|i22P@_K<Kf5m>&IE~(HGV2*
ziPfH!5Kj;@TFkuP8Y=*A)*JpF4gVSNg^f#3f=-CQp%B3~Rz83_HiqTANDfKs$N{W1
zJ{)ELGPqH4RZNJFJ|A0R2Fcy<Ym}Kenw*KFv|B$xkbMwM9;Z(B^mvVx@j!eipjCn8
zeyOjsBU0dpr$f(c&nO_SUBq{~d0Ns;N;KN3TpK0n20atJwe{B7V8n+bSo8iyx3(t{
zet7G3MEUVoY+YrG0Cgk&!lOUk+85LUPXPy`hF<NbfP<0yGgMz^Bll&^?F|$|&EDIT
z?iuenpGz|~zlsm~y6W-`6ew~^YVP!ER~Z(X{f)=G-^b*1k5w_nuJ{K0sWoz7YX$U~
z$ou9&<Mr>yuZn^xJV+_Xc!l`|dIZK@Gn~>I`XKDq2iaesM<*noF7-&|TvaUqhv90k
zIq-^iGJX~ZbPSgL9N|b%%mr92))s4DK40I3&}3X$3L#mJA&(cONf=?udV&?@yUlok
zmmhw_@vh1E6xjp~TjSk{e$_Rj-IMrumz!v}m96yQYiC7UTSbOJhB#aLu+K)VMtg;t
zO5b7a`T3++vLqfS8)y2o(ubc$Iwp^<`oZ)}_6RcQQLww}K4o(9_EzEEuz@59(xLu-
z1Y=UDCuf5&#`}!HcJ$<JO?u#&q>rC{k{#h^6tqm?-$>gd@Ts!A(>v1veWl0w5~Xz$
zLji1b)z+ez-=*|ZU8%T^6-22l({<|`N%#ZcGH!T~usu&K-pk%-UAV=j@B1UNEnQf)
zAu6`-l2K=cU%3gCn?qWRK@TV(f-7XtIj?T7ia2j_-Y!**OQ>1d2-av>QgK&DRx_fM
z4SEGDXUP`o@>==hZhStUV={!^yh^#~fyIXx70amSDZGnjJGTT8TwM`tigsn73R{~N
zOD2)+N+vC8G0p9e^D7CjbZiRV{b=2qd0Nyyt>{G*&pSD<;vl#-?UA2(SvEbFkZtex
z=VGBrtUQ^duQ(!cCF}(TQ7w@tS3Lf0?Rl+w`=u`6dfdwDunI8vGq27tChD=I{p-G(
zt95<3Xdq~~TrCch(RDGI_`5Stp5iLUa|`3P*{JtX97I)?f`kt!*AMeNK-ClwVvGBj
zNUF`ZxN$I}L*w;jcaUt!N$r6K^G@v6#Pmf{0wP?pP6an}aA&f_O*e7t%iieVj^e@l
z^Qn`Ov1=RoY|HCNzEW6`!g9|=Ut>mem5S8OFI~qxP42E8y_82B^m#zu<YbJ&BHA|?
zcW{K3X$<J?0@F^P;<vf`{%rbA<39Ke?ZD6~6d8f(?BYfQJbG!|ArJb9K3DLq-#C?Y
z(joHs42;+~IT`jZWA{|5!g%1>Hx5oV%&s9T^m*9cRi1aF^$Snlpe=_bB_xdO_<fA)
zT$kb1#MZRgPx^a>n?=8}*xwuH5v0Nb+%c>42=T6|@3E`oLKHpIUuWAAwD*VvYaM7P
zhh&jB;?mKRz$>D=Q49uUXNFbRSx1biJG(W9-!HxhED%aQ3Ia+q=@c8^(WEKjWLX@4
zuyD!cm*c^Ip@#Jd9zXDlbnl=6(AZK&`H64I$@3giK<Iq7m`v&C$zXEcV^EOLhxU65
zzqlC6w1{I+I8?vdJ6e1ovGge;vx>3xVtt!WW-%itqzu`=*+4-X$*CVAkn{01d}`63
z%#+X;o;D@ILnDiC<0*G|nNe=T%;#V`$lTo$9fh?eaD=00-;l`|RfeoSv@jf0i4CK@
znHEDI{Ce)G!G&esWRk|86@;I%kex{VfLElDWTbRYoerzv1Q_OEHY6x6k4C(S_npIR
ztYYPB(EdE7MUZX)v6d%JU259`Io|VFy5!f>A375Df3_ud^zqgaTp}HhGJDsT@MjK1
zfq$@J6a5AKfG;`gXV@nJ_~A&)8)i6eUumzfl-S>p`uMwh4Bi$>L^n&zGd9JPDqQ0|
zn*3-mON_-=%Zm+rl$n?`)xM2!j4dag(Skfnl2}z{su8A)c*!?X4Pip1tQc?O)|^Na
z_TJDb-14Nnxm)!~#6|a9(Gv%@i@3dW>CmupyV-?;9I(0ZO_@rgXTnvou0&uJ*i8Pw
z`g-3*VWIZ;;$16M6W$j|jUb<L<67+H_QqQ>ek8G|Uz7zD#6t${lWVNgqbLvMYtPz8
zhl?Wx`y3Z(mit^Wa*4?VL^X-XJV2M_@_EDYpIAb{%9E?IW!6N^NHYL|8tyGEsYVL|
z(sp@g?h&hFL(y;eL5(5bO{M_j0_6PyHtPn|81<vcow(?&W6gLavntw;BEVTRTkN=E
zk=Bt_=pf8Jkd?6oI+;GJ|6r&5<uuWUZAzvEf7YZDmR-@_@t%e<uEh0=PJ5UHu|a#8
z6DDYlFz~Tqza2zPPHoSopWPOa_-y0Y)&0CG-5hB9!9OHjBg%S1|K@U0m}gd`A<4Xw
zv17-8V!-fHKS6h8+xo(chno)0*D#c36R3G{m<hLDslH3Mz#XCb%JSty#><$eU$vE5
zBb%-njyZOp8P=(jUtNpr-KSDlmluq@7I7Lr?<%~PD9(JMYH|pRG=I4&->e|K@DP$k
ze^`VL)NfENuj))RrO3H3`S%ZfZcsH0Rs!KV>S9<6R4Hxn-0CvMBH3pPV%a<@eeQOB
zcYCV(6$hz*EEC<Q3k5M=%B#w9Z!P9Fae|Ek#m!NcN2}l8bvN1j;ZrL5D35T_7P_aB
zKZ?<9Uv6Ory?aag`{gpy%2b_7k+9+y9nuSm+l*0WwVM44t?D3C`6NK0Ve2KrOYxD`
zdE{`gT6tae*dUCN4YN4%Oxj*x%WNoRRXc4{kDMB7;1m?nnVT08dE7>_W0SIaq?b|w
zxpsdid7sK1oR(6oKH5KFVUtQDoH}Vg#S667$y`_!T)t+G{bt+!>a*Kp8G2Gk@w)K@
zYr9g?j`6yIs2FhPOZ=lqz|NPyTuh3;(!w}{Lw745&K&W*rvoE{+!E9*Dsv$6lUZGR
z{Td4Q(0-#7bb#FZha|NL{EH%%`T0sSkTYQh^^)hTjnPQ#c|TXkq%}Y_p(IciK92U#
ziMSP$->iwd=2P(Gk>E5j(+oUgSUj@Nq{E&tr3`-eYJ|n6*O~|S(jh$_ub$#<M=OM-
zB5hA+oz{+|lW?s@vfAV>Iq{LHFmQnPiqjcb{DkW&U<TS?A;VFP(tr-PP?jY#MZuH_
zyrO?5O>L#u9){+(?nDSzAtmVlG1<L0Qqc;alzATk@6lQ)iMN+8#cPqULv5tTOrMb%
z2M(iY9pJ^=4HPFzd>Nyx+sEV!Eo!^#UP`h0CCu$h_58CeMeUGUrrN2GvolG%vy1v_
z>)czm7Fj4QsVY{eA)K6!&}EhNO#vt^J!CPntSN{s=+Na8sOsf0ifnp5tp;z$Q0BSS
zaoA8eFHbp(gdbxrQ+!yChjUEv^yv`#*j)oLH2IK>>z%{_>$bb8Z-v4zlhc(@A`s~1
zqv0eot}zh^+$X;4Xl5;a)(&gwpDw1-Z!wniFFcTjaj18PEJD93R-)ve^C^&jzi|^0
z*A^n{drL7$%vw-3DK(L57O=mm4ZA@5#aO~QEyYM}T8N^sQ5u;q>8)EYJQlP0rzqqa
z#4(+vwgn|J;;nSs1Jq9uGasK=uBG$zLL6zA=knZYIE@dL$o@?H==f*uIMrl3&%F{o
zlxn;wjP$3+|1%@%1s^RrG=2jY!y1k6U$;9!p4X54%`56z74W;JL-_}lq@m}rP4;E@
z#AwH59p}TLIy?A+3(E!AG=V_u-5{Ed`w*QCS_s6<{Uc)h>F|~a|3+L>&FnZMvS*{k
z1{RDz55{!*4ECg(zD(e08DSrVMgJ?x`@?0#1X<GXocwSL4{{MxF?sme?3nsp7YWpH
z?>zZ{lSzTb8v^DD5-nkZJYpuj*AtAFYgEM`g%2ocqIfaXF1La@@10%G_b2Y1&-W1z
zqX?N38P72699r%dbC%VCslI!g0`$uR<3t<_mogVsIvb{yOOWfUP6OZclW01cH|AG0
z0s7us?<Cg8<I-=mqk3?H{bJ6DuM}|YZm?(j!IQ#-KA>v0$#2|SU!Ep1JxZRd-k@ww
zZ>2!%TO|V$>EljW(}tj)B5c#&RJVV;isd=ZwiSmY!*n}D(9k=Y*N`^iL^lVB)lYNR
zK@w^qyo3BdChAMHi8$cWa+o%vq-vXcc<jc(4_K&D9Np!JGxyQeUY=+B7UCJNHD4s7
z(Poju7qO;BAD|Xp2+Apho(501_=oN$;gR&g>ImFQM2WtTcY~eYcY6Lvt`;=(z(rzC
z!Tnv-m*RQX<0Y*Ebi2ztq4>Tk3r`9f{NKl;k3aS#&FdnZCv&24!$ID)x3};7numsI
z?r3BbTaFm(P6#o;m^LeK`T`j@bZwrZ33)iM@3yN>{mf9LpEodIxbj?UFtb0>=}Za~
zS*rfC9mR}O8AyTq#bSe-IYFPe^jG9bhm@6YvoJ=h96;&7SD2A<U3B$*KZcYOajNz{
zFC|3s(c@KqMm0ryy-0hQFzNWP&d@F~M%2|Q`H#DlwDckO>ILFPm;Gk<;oCM8m$LH)
zSs!Kwa75*!B|Aw9y%7(77?dhhWopbfgoOX83W;7~HOOoeG6m>mj%vdGj!{QYJP$)W
z8$D(@ep#01SvjD^w?8p2Obp$8{1IhM6g#toz{cUXOnot@mKLNS435EAU_x^$+Vr6r
zF#XIjG{1Th&FuAx8Dz?9g^=BDMp9LGtJS_@TF=iotHN)?X}EUEElS)&vs#>5#X9$!
zRLflwmr0lb0`~e03pm)SVxKiC^F3)rUB8a(kD;wmyvN*fm@vI|Q~KzzYzhm#;<u{G
zsFhG$KKEgi#<4!}x|o^TOgfYkqG7OhfXajYG?UYbBLNGJK=00Vh<0pcZXs9`$-Av0
zhq757-dS<z#@v)l!pBgJ{2LJfJ8}Esb*>=U@x`GxL}8CkgX6S>%eH_<#zG<w>?H5V
zK!ZDo6wK3=9WFr&>mrT^k}N7<xLY67t<y(Pyn3fUDydf+NbHf_<rSwYp5^3$+cYDp
zX%-@>%jP+%;{XGDm!pSH=OGzp&0%OIjQP7d=084V>&!ZC+i-U1UzL*KIBnfG65cw#
z?)ku$wK6k!yQH}3=>Q05TEAT~c-wg-9kB56bRl-<Noy%UIQrg$bghYK^n;B`z)~g~
z*r*sCPR%l%xTokZGU`UMQgP?jy=QNC*ho0{n#=HqAmw+6!}KA9sn*b}7WzRTVyRNQ
zZb8Mesmq9D1&rHz^yDc#d0PKGw(PP-qPZoLu%#m}k0#yWV-<#0;g8j=M5D(eWphi)
zmY$vf56_LcrObpSY1D-9I+-EBy)SwJnNUIDqT#m!o8>tClHr@wHh1Af?$Whm=hm6s
zsWf}Pb!@%9E!N!?ciEA1?8jBHD=BBpZ7BE8V2A|#aIR}StB#dF5|E0{P2`Z}>QWy@
z#x4g-VR(6+%vo+lL2ca!jO4_r(fV7l!y#oCczx80z*kd3Mj=N1zx7*@{<{?f|26&(
lHP`=K<UjRY{$~*;g8xPBMNJ7E<L?xdrylk+c4+_g{tFEt@k0Or

literal 0
HcmV?d00001

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index a1a2a8ab424..97038396d1e 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -127,7 +127,7 @@
                 "name": "workbook1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Tailscale Operations workbook for Standard tier — configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals."
+                  "text": "Tailscale Operations workbook for Standard tier - configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals."
                 }
               }
             ]
@@ -141,7 +141,7 @@
                 "name": "workbook2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Tailscale Operations workbook for Premium / Enterprise tier — configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput)."
+                  "text": "Tailscale Operations workbook for Premium / Enterprise tier - configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput)."
                 }
               }
             ]
@@ -183,7 +183,7 @@
                 "name": "analytic1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A new API access token or OAuth client was created in the tailnet. These grant programmatic access — verify the actor and intent."
+                  "text": "A new API access token or OAuth client was created in the tailnet. These grant programmatic access - verify the actor and intent."
                 }
               }
             ]
@@ -197,7 +197,7 @@
                 "name": "analytic2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "The tailnet ACL/policy file was modified. Review the diff — incorrect ACLs can silently expand blast radius across the tailnet."
+                  "text": "The tailnet ACL/policy file was modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet."
                 }
               }
             ]
@@ -211,7 +211,7 @@
                 "name": "analytic3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet — confirm it was expected and revoke if not."
+                  "text": "A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not."
                 }
               }
             ]
@@ -225,7 +225,7 @@
                 "name": "analytic4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator — rogue exit nodes can intercept tailnet egress."
+                  "text": "A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator - rogue exit nodes can intercept tailnet egress."
                 }
               }
             ]
@@ -277,7 +277,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials — review whether each surfaced actor is expected to have admin rights. This hunting query depends on TailscaleCCF data connector (Tailscale_Configuration_CL Parser or Table)"
+                  "text": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights. This hunting query depends on TailscaleCCF data connector (Tailscale_Configuration_CL Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index f473b5f8236..6822898ed97 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -61,11 +61,11 @@
   },
   "variables": {
     "_solutionName": "Tailscale (CCF)",
-    "_solutionVersion": "3.0.1",
+    "_solutionVersion": "3.0.2",
     "solutionId": "noodlemctwoodle.TailscaleCCF",
     "_solutionId": "[variables('solutionId')]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-    "dataConnectorCCPVersion": "3.0.1",
+    "dataConnectorCCPVersion": "3.0.2",
     "_dataConnectorContentIdConnectorDefinition1": "TailscaleCCF",
     "dataConnectorTemplateNameConnectorDefinition1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition1')))]",
     "_dataConnectorContentIdConnections1": "TailscaleCCFConnections",
@@ -1566,7 +1566,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -1580,12 +1580,12 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A new API access token or OAuth client was created in the tailnet. These grant programmatic access — verify the actor and intent.",
+                "description": "A new API access token or OAuth client was created in the tailnet. These grant programmatic access - verify the actor and intent.",
                 "displayName": "Tailscale: New API access token or OAuth client created",
                 "enabled": false,
                 "query": "Tailscale_Configuration_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend TargetName = tostring(Target.name)\n      | extend TargetId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, TargetName, TargetId, Origin, New\n",
-                "queryFrequency": "PTPT15M",
-                "queryPeriod": "PTPT15M",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
                 "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -1610,22 +1610,22 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
                     "enabled": true,
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "lookbackDuration": "PT5H",
-                    "matchingMethod": "AllEntities"
+                    "reopenClosedIncident": false
                   },
                   "createIncident": true
                 }
@@ -1680,7 +1680,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -1694,12 +1694,12 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "The tailnet ACL/policy file was modified. Review the diff — incorrect ACLs can silently expand blast radius across the tailnet.",
+                "description": "The tailnet ACL/policy file was modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet.",
                 "displayName": "Tailscale: Policy file (ACL) modified",
                 "enabled": false,
                 "query": "Tailscale_Configuration_CL\n      | where Action in (\"UPDATE\", \"CREATE\")\n      | where tostring(Target.type) == \"ACL\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | project TimeGenerated, ActorLogin, Action, Target, Origin, Old, New\n",
-                "queryFrequency": "PTPT15M",
-                "queryPeriod": "PTPT15M",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
                 "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -1723,22 +1723,22 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
                     "enabled": true,
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "lookbackDuration": "PT5H",
-                    "matchingMethod": "AllEntities"
+                    "reopenClosedIncident": false
                   },
                   "createIncident": true
                 }
@@ -1793,7 +1793,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -1807,12 +1807,12 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet — confirm it was expected and revoke if not.",
+                "description": "A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not.",
                 "displayName": "Tailscale: Auth key created",
                 "enabled": false,
                 "query": "Tailscale_Configuration_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) == \"AUTH_KEY\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend KeyDescription = tostring(New.description)\n      | extend Reusable = tostring(New.reusable)\n      | extend Ephemeral = tostring(New.ephemeral)\n      | project TimeGenerated, ActorLogin, KeyDescription, Reusable, Ephemeral, Origin, New\n",
-                "queryFrequency": "PTPT15M",
-                "queryPeriod": "PTPT15M",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
                 "severity": "Low",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -1835,22 +1835,22 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
                     "enabled": true,
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "lookbackDuration": "PT5H",
-                    "matchingMethod": "AllEntities"
+                    "reopenClosedIncident": false
                   },
                   "createIncident": true
                 }
@@ -1905,7 +1905,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -1919,12 +1919,12 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator — rogue exit nodes can intercept tailnet egress.",
+                "description": "A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator - rogue exit nodes can intercept tailnet egress.",
                 "displayName": "Tailscale: Exit node advertised or approved",
                 "enabled": false,
                 "query": "Tailscale_Configuration_CL\n      | where Action contains \"EXIT\" or tostring(New.advertisedExitNode) == \"true\" or tostring(New.allowedExitNode) == \"true\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend NodeName = tostring(Target.name)\n      | extend NodeId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, NodeName, NodeId, Origin, New, Old\n",
-                "queryFrequency": "PTPT30M",
-                "queryPeriod": "PTPT30M",
+                "queryFrequency": "PT30M",
+                "queryPeriod": "PT30M",
                 "severity": "Low",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -1948,31 +1948,31 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "NodeName"
+                        "columnName": "NodeName",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
                     "enabled": true,
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "lookbackDuration": "PT5H",
-                    "matchingMethod": "AllEntities"
+                    "reopenClosedIncident": false
                   },
                   "createIncident": true
                 }
@@ -2027,7 +2027,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -2045,8 +2045,8 @@
                 "displayName": "Tailscale: Mass credential revocation in short window",
                 "enabled": false,
                 "query": "Tailscale_Configuration_CL\n      | where Action in (\"REVOKE\", \"DELETE\")\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\", \"AUTH_KEY\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | summarize\n          RevokedCount = count(),\n          TargetTypes = make_set(tostring(Target.type)),\n          TargetIds = make_set(tostring(Target.id)),\n          FirstEvent = min(TimeGenerated),\n          LastEvent = max(TimeGenerated)\n        by ActorLogin, bin(TimeGenerated, 1h)\n      | where RevokedCount >= 5\n      | project TimeGenerated = LastEvent, ActorLogin, RevokedCount, TargetTypes, TargetIds, FirstEvent, LastEvent\n",
-                "queryFrequency": "PTPT1H",
-                "queryPeriod": "PTPT1H",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
                 "severity": "High",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -2070,22 +2070,22 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
                     "enabled": true,
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "lookbackDuration": "PT5H",
-                    "matchingMethod": "AllEntities"
+                    "reopenClosedIncident": false
                   },
                   "createIncident": true
                 }
@@ -2140,7 +2140,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -2161,7 +2161,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials — review whether each surfaced actor is expected to have admin rights."
+                    "value": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights."
                   },
                   {
                     "name": "tactics",
@@ -2223,7 +2223,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
@@ -2306,7 +2306,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
@@ -2389,7 +2389,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
@@ -2472,7 +2472,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleNewNodePairs_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "TailscaleNewNodePairs_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
@@ -2555,7 +2555,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleTopTalkers_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "TailscaleTopTalkers_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
@@ -2638,7 +2638,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "TailscaleExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
@@ -2721,7 +2721,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "TailscaleBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
@@ -2804,7 +2804,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleStandardOperations Workbook with template version 3.0.1",
+        "description": "TailscaleStandardOperations Workbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -2818,7 +2818,7 @@
               "kind": "shared",
               "apiVersion": "2021-08-01",
               "metadata": {
-                "description": "Tailscale Operations workbook for Standard tier — configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals."
+                "description": "Tailscale Operations workbook for Standard tier - configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals."
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
@@ -2833,7 +2833,7 @@
               "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
               "properties": {
-                "description": "@{workbookKey=TailscaleStandardOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Standard tier — configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Standard); templateRelativePath=TailscaleStandardOperations.json; subtitle=; provider=noodlemctwoodle}.description",
+                "description": "@{workbookKey=TailscaleStandardOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Standard tier - configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Standard); templateRelativePath=TailscaleStandardOperations.json; subtitle=; provider=noodlemctwoodle}.description",
                 "parentId": "[variables('workbookId1')]",
                 "contentId": "[variables('_workbookContentId1')]",
                 "kind": "Workbook",
@@ -2890,7 +2890,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumOperations Workbook with template version 3.0.1",
+        "description": "TailscalePremiumOperations Workbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion2')]",
@@ -2904,7 +2904,7 @@
               "kind": "shared",
               "apiVersion": "2021-08-01",
               "metadata": {
-                "description": "Tailscale Operations workbook for Premium / Enterprise tier — configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput)."
+                "description": "Tailscale Operations workbook for Premium / Enterprise tier - configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput)."
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
@@ -2919,7 +2919,7 @@
               "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId2'),'/'))))]",
               "properties": {
-                "description": "@{workbookKey=TailscalePremiumOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Premium / Enterprise tier — configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput).; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Premium); templateRelativePath=TailscalePremiumOperations.json; subtitle=; provider=noodlemctwoodle}.description",
+                "description": "@{workbookKey=TailscalePremiumOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Premium / Enterprise tier - configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput).; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Premium); templateRelativePath=TailscalePremiumOperations.json; subtitle=; provider=noodlemctwoodle}.description",
                 "parentId": "[variables('workbookId2')]",
                 "contentId": "[variables('_workbookContentId2')]",
                 "kind": "Workbook",
@@ -2976,7 +2976,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.1",
+        "version": "3.0.2",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Tailscale (CCF)",
diff --git a/Solutions/Tailscale (CCF)/README.md b/Solutions/Tailscale (CCF)/README.md
index 25c08cde364..28fc7e01e2b 100644
--- a/Solutions/Tailscale (CCF)/README.md	
+++ b/Solutions/Tailscale (CCF)/README.md	
@@ -11,12 +11,12 @@ Install **one** of these connectors based on your Tailscale plan:
 | **Tailscale Standard (CCF)** | `/logging/configuration` | Personal (Free) + Standard | **Included** |
 | Tailscale Premium (CCF) | `/logging/configuration` + `/logging/network` | Premium + Enterprise | Planned |
 
-The split mirrors what the Tailscale API actually exposes per tier — Network flow logs are only available on Premium and above. If you're on Personal or Standard, install Tailscale Standard; if you're on Premium or Enterprise install Tailscale Premium (which covers both endpoints).
+The split mirrors what the Tailscale API actually exposes per tier - Network flow logs are only available on Premium and above. If you're on Personal or Standard, install Tailscale Standard; if you're on Premium or Enterprise install Tailscale Premium (which covers both endpoints).
 
 ## Contents
 
-- **Data connector** — Sentinel UI card ("Tailscale Standard (CCF)") that uses OAuth2 client-credentials auth, polling the configuration endpoint every 5 minutes.
-- **Custom table** — `Tailscale_Configuration_CL` (typed columns for actor, action, target, origin, new, old).
+- **Data connector** - Sentinel UI card ("Tailscale Standard (CCF)") that uses OAuth2 client-credentials auth, polling the configuration endpoint every 5 minutes.
+- **Custom table** - `Tailscale_Configuration_CL` (typed columns for actor, action, target, origin, new, old).
 - **5 analytic rules**:
   - New API access token or OAuth client created (Medium)
   - Policy file (ACL) modified (Medium)
@@ -36,7 +36,7 @@ The split mirrors what the Tailscale API actually exposes per tier — Network f
 ## Connect
 
 1. Install this solution via **Content Hub**.
-2. Sentinel → **Data Connectors** → search "Tailscale Standard (CCF)" → **Open connector page**.
+2. Sentinel -> **Data Connectors** -> search "Tailscale Standard (CCF)" -> **Open connector page**.
 3. Supply:
    - Tailscale tailnet name
    - OAuth Client ID
@@ -45,7 +45,7 @@ The split mirrors what the Tailscale API actually exposes per tier — Network f
 
 ## Why OAuth client, not a personal API token
 
-Tailscale's `logging/configuration` endpoint requires the `logs:configuration:read` scope. Personal API access tokens (`tskey-api-...`) are unscoped — when used against this endpoint, the API returns HTTP 200 but with `logs: null`, silently. OAuth clients are required to grant the specific scope.
+Tailscale's `logging/configuration` endpoint requires the `logs:configuration:read` scope. Personal API access tokens (`tskey-api-...`) are unscoped - when used against this endpoint, the API returns HTTP 200 but with `logs: null`, silently. OAuth clients are required to grant the specific scope.
 
 ## Verification
 

From 05a01effea9ff2cb094636311684ab7e784f4ff7 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 09:00:28 +0100
Subject: [PATCH 04/27] Tailscale (CCF): rename to *_Audit_CL, fix OAuth, add 5
 Premium rules

Three changes in this revision:

1. Renamed custom table Tailscale_Configuration_CL -> Tailscale_Audit_CL
   The data sourced from /logging/configuration is semantically the
   tailnet's *audit* log (per Tailscale's own docs which call it
   "configuration audit logs"). Renamed across:
   - All 2x DCRs (streamDeclarations + dataFlows + outputStream)
   - All 2x PollerConfig (dataType + streamName)
   - All 2x tables.json
   - All 2x ConnectorDefinition (graphQueries, dataTypes,
     lastDataReceivedQuery)
   - 5 analytic rules (table reference + requiredDataConnectors)
   - 4 hunting queries
   - 2 workbooks (KQL queries)
   - CustomTables JSON schema renamed
   - Solution manifest + README + WorkbooksMetadata.json

2. Fixed OAuth2 Connect failure on both Standard and Premium pollers
   The CCP framework rejects OAuth2 reserved keys
   (client_id/client_secret/grant_type/etc.) inside
   auth.TokenEndpointQueryParameters because it injects them
   automatically from the GrantType field. Removed the block from
   both:
   - Tailscale_PollerConfig.json (Standard)
   - TailscalePremium_PollerConfig.json (Premium)

   The CCF_README.md example showing
     TokenEndpointQueryParameters: { grant_type: client_credentials }
   is wrong - omitted entirely here. See CLAUDE.md / Solutions/README.md
   for the gotcha note.

3. Added 5 Premium analytic rules (Tailscale Premium: prefix) keyed
   off the new Tailscale_Network_CL table + TailscalePremiumCCF
   connector:

   - TailscalePremiumUnexpectedExitNodeEgress.yaml (Medium / T1090,
     T1041) - first-seen Src->ExitDst pair vs 7d baseline
   - TailscalePremiumLargeOutboundTransfer.yaml (Medium / T1041,
     T1020) - single src->dst > 100 MB in 1h
   - TailscalePremiumBeaconingDetected.yaml (Medium / T1071, T1095,
     T1029) - 80%+ inter-flow gaps cluster at single delta over 10+
     flows (promotes the hunting query)
   - TailscalePremiumMassFanOut.yaml (High / T1018, T1021, T1046) -
     node connects to 25+ unique dst in 15 min
   - TailscalePremiumSubnetRouterThroughputAnomaly.yaml (Low / T1572,
     T1041) - subnet router 3x baseline bytes in last hour

   Total analytic rule set: 5 Standard (Tailscale: prefix) +
   5 Premium (Tailscale Premium: prefix) = 10.

Package rebuilt to v3.0.3 (auto-bumped). Tested end-to-end against
test workspace stl-sec-siem-law: full teardown -> reinstall ->
Standard connector Connected successfully.

Breaking changes: Table rename only affects pre-PR test deployments.
Solution is not yet in Microsoft catalog so no downstream impact.
---
 ...ration_CL.json => Tailscale_Audit_CL.json} |   2 +-
 .../TailscaleAuthkeycreated.yaml              |   4 +-
 ...TailscaleExitnodeadvertisedorapproved.yaml |   4 +-
 ...Masscredentialrevocationinshortwindow.yaml |   4 +-
 ...NewAPIaccesstokenorOAuthclientcreated.yaml |   4 +-
 .../TailscalePolicyfileACLmodified.yaml       |   4 +-
 .../TailscalePremiumBeaconingDetected.yaml    |  56 ++
 ...TailscalePremiumLargeOutboundTransfer.yaml |  49 +
 .../TailscalePremiumMassFanOut.yaml           |  49 +
 ...ePremiumSubnetRouterThroughputAnomaly.yaml |  60 ++
 ...lscalePremiumUnexpectedExitNodeEgress.yaml |  59 ++
 .../Tailscale_ConnectorDefinition.json        |  14 +-
 .../TailscaleAuditLogs_ccf/Tailscale_DCR.json |   6 +-
 .../Tailscale_PollerConfig.json               |   7 +-
 .../Tailscale_tables.json                     |   4 +-
 .../TailscalePremium_ConnectorDefinition.json |  10 +-
 .../TailscalePremium_DCR.json                 |   6 +-
 .../TailscalePremium_PollerConfig.json        |  10 +-
 .../TailscalePremium_tables.json              |   4 +-
 .../Data/Solution_Tailscale.json              |  11 +-
 .../TailscaleACLPolicyChurn.yaml              |   4 +-
 .../TailscaleAuthKeySprawl.yaml               |   4 +-
 .../TailscaleFirstSeenActor.yaml              |   6 +-
 .../TailscaleOffHoursConfigChanges.yaml       |   4 +-
 Solutions/Tailscale (CCF)/Package/3.0.2.zip   | Bin 22104 -> 0 bytes
 Solutions/Tailscale (CCF)/Package/3.0.3.zip   | Bin 0 -> 25471 bytes
 .../Package/createUiDefinition.json           |  80 +-
 .../Tailscale (CCF)/Package/mainTemplate.json | 902 +++++++++++++++---
 Solutions/Tailscale (CCF)/README.md           |  12 +-
 .../Workbooks/TailscalePremiumOperations.json |  18 +-
 .../TailscaleStandardOperations.json          |  18 +-
 31 files changed, 1202 insertions(+), 213 deletions(-)
 rename .script/tests/KqlvalidationsTests/CustomTables/{Tailscale_Configuration_CL.json => Tailscale_Audit_CL.json} (92%)
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumBeaconingDetected.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumMassFanOut.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml
 delete mode 100644 Solutions/Tailscale (CCF)/Package/3.0.2.zip
 create mode 100644 Solutions/Tailscale (CCF)/Package/3.0.3.zip

diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Configuration_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Audit_CL.json
similarity index 92%
rename from .script/tests/KqlvalidationsTests/CustomTables/Tailscale_Configuration_CL.json
rename to .script/tests/KqlvalidationsTests/CustomTables/Tailscale_Audit_CL.json
index b9abf4409b9..7c497a5b893 100644
--- a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Configuration_CL.json
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Audit_CL.json
@@ -1,4 +1,4 @@
-{ "Name": "Tailscale_Configuration_CL",
+{ "Name": "Tailscale_Audit_CL",
 "Properties":[
   { "Name": "TenantId", "Type": "string" },
   { "Name": "SourceSystem", "Type": "string" },
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml
index 5a49799e49b..164dd75e837 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml	
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
-      - Tailscale_Configuration_CL
+      - Tailscale_Audit_CL
 queryFrequency: 15m
 queryPeriod: 15m
 triggerOperator: GreaterThan
@@ -17,7 +17,7 @@ tactics:
 relevantTechniques:
   - T1098
 query: |
-  Tailscale_Configuration_CL
+  Tailscale_Audit_CL
         | where Action == "CREATE"
         | where tostring(Target.type) == "AUTH_KEY"
         | extend ActorLogin = tostring(Actor.loginName)
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml
index c0f2831d89e..190f09ad7c3 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml	
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
-      - Tailscale_Configuration_CL
+      - Tailscale_Audit_CL
 queryFrequency: 30m
 queryPeriod: 30m
 triggerOperator: GreaterThan
@@ -18,7 +18,7 @@ tactics:
 relevantTechniques:
   - T1090
 query: |
-  Tailscale_Configuration_CL
+  Tailscale_Audit_CL
         | where Action contains "EXIT" or tostring(New.advertisedExitNode) == "true" or tostring(New.allowedExitNode) == "true"
         | extend ActorLogin = tostring(Actor.loginName)
         | extend NodeName = tostring(Target.name)
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml
index cbf4b0cdc1a..6cbec67b06c 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml	
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
-      - Tailscale_Configuration_CL
+      - Tailscale_Audit_CL
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: GreaterThan
@@ -18,7 +18,7 @@ tactics:
 relevantTechniques:
   - T1070
 query: |
-  Tailscale_Configuration_CL
+  Tailscale_Audit_CL
         | where Action in ("REVOKE", "DELETE")
         | where tostring(Target.type) in ("API_KEY", "OAUTH_CLIENT", "AUTH_KEY")
         | extend ActorLogin = tostring(Actor.loginName)
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml
index d3928b81c74..7db2be31550 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml	
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
-      - Tailscale_Configuration_CL
+      - Tailscale_Audit_CL
 queryFrequency: 15m
 queryPeriod: 15m
 triggerOperator: GreaterThan
@@ -19,7 +19,7 @@ relevantTechniques:
   - T1098
   - T1136
 query: |
-  Tailscale_Configuration_CL
+  Tailscale_Audit_CL
         | where Action == "CREATE"
         | where tostring(Target.type) in ("API_KEY", "OAUTH_CLIENT")
         | extend ActorLogin = tostring(Actor.loginName)
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml
index f8181059e59..a2dfe0be0eb 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml	
@@ -7,7 +7,7 @@ status: Available
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
-      - Tailscale_Configuration_CL
+      - Tailscale_Audit_CL
 queryFrequency: 15m
 queryPeriod: 15m
 triggerOperator: GreaterThan
@@ -18,7 +18,7 @@ tactics:
 relevantTechniques:
   - T1556
 query: |
-  Tailscale_Configuration_CL
+  Tailscale_Audit_CL
         | where Action in ("UPDATE", "CREATE")
         | where tostring(Target.type) == "ACL"
         | extend ActorLogin = tostring(Actor.loginName)
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumBeaconingDetected.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumBeaconingDetected.yaml
new file mode 100644
index 00000000000..0fa21b2798b
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumBeaconingDetected.yaml	
@@ -0,0 +1,56 @@
+id: e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b
+name: "Tailscale Premium: Network flow beaconing detected"
+description: |
+  Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs).
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+queryFrequency: 1h
+queryPeriod: 2d
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - CommandAndControl
+  - Exfiltration
+relevantTechniques:
+  - T1071
+  - T1095
+  - T1029
+query: |
+  let lookback = 2d;
+  let minFlows = 10;
+  let beaconPercentThreshold = 80.0;
+  Tailscale_Network_CL
+  | where TimeGenerated > ago(lookback)
+  | mv-expand t = VirtualTraffic
+  | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)
+  | project TimeGenerated, Src, Dst, Proto
+  | sort by Src asc, Dst asc, Proto asc, TimeGenerated asc
+  | serialize
+  | extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)
+  | where Src == NextSrc and Dst == NextDst and Proto == NextProto
+  | extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)
+  | where DeltaSec > 5
+  | summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec
+  | summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto
+  | where TotalFlows >= minFlows
+  | extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)
+  | where BeaconPercent >= beaconPercentThreshold
+entityMappings:
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: Src
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml
new file mode 100644
index 00000000000..d6cf85e2ea2
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml	
@@ -0,0 +1,49 @@
+id: d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a
+name: "Tailscale Premium: Large outbound transfer over tailnet"
+description: |
+  A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs).
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+queryFrequency: 1h
+queryPeriod: 1h
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - Exfiltration
+  - Collection
+relevantTechniques:
+  - T1041
+  - T1020
+query: |
+  let bytesThreshold = 100 * 1024 * 1024;
+  Tailscale_Network_CL
+  | where TimeGenerated > ago(1h)
+  | mv-expand t = VirtualTraffic
+  | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)
+  | summarize TotalBytes = sum(Bytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), SrcNodeName = take_any(tostring(SrcNode.name)) by NodeId, Src, Dst, Proto
+  | where TotalBytes > bytesThreshold
+  | extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)
+  | order by TotalBytes desc
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: SrcNodeName
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: Src
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 5h
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumMassFanOut.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumMassFanOut.yaml
new file mode 100644
index 00000000000..9fea64a1247
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumMassFanOut.yaml	
@@ -0,0 +1,49 @@
+id: f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c
+name: "Tailscale Premium: Mass fan-out from single node"
+description: |
+  A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs).
+severity: High
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+queryFrequency: 15m
+queryPeriod: 15m
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - Discovery
+  - LateralMovement
+relevantTechniques:
+  - T1018
+  - T1021
+  - T1046
+query: |
+  let dstThreshold = 25;
+  Tailscale_Network_CL
+  | where TimeGenerated > ago(15m)
+  | mv-expand t = VirtualTraffic
+  | extend Src = tostring(t.src), Dst = tostring(t.dst)
+  | summarize UniqueDestinations = dcount(Dst), SrcNodeName = take_any(tostring(SrcNode.name)), TopDestinations = make_set(Dst, 25) by NodeId, Src
+  | where UniqueDestinations >= dstThreshold
+  | order by UniqueDestinations desc
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: SrcNodeName
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: Src
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 5h
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml
new file mode 100644
index 00000000000..b25391fdee4
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml	
@@ -0,0 +1,60 @@
+id: a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d
+name: "Tailscale Premium: Subnet router throughput anomaly"
+description: |
+  A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs).
+severity: Low
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+queryFrequency: 1h
+queryPeriod: 8d
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - Exfiltration
+  - CommandAndControl
+relevantTechniques:
+  - T1572
+  - T1041
+query: |
+  let baselineDays = 7d;
+  let recent = 1h;
+  let multiplier = 3.0;
+  let recentTraffic =
+      Tailscale_Network_CL
+      | where TimeGenerated > ago(recent)
+      | where array_length(SubnetTraffic) > 0
+      | mv-expand t = SubnetTraffic
+      | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), SrcNodeName = tostring(SrcNode.name)
+      | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName;
+  let baseline =
+      Tailscale_Network_CL
+      | where TimeGenerated between (ago(baselineDays + recent) .. ago(recent))
+      | where array_length(SubnetTraffic) > 0
+      | mv-expand t = SubnetTraffic
+      | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)
+      | summarize TotalBaselineBytes = sum(Bytes) by NodeId
+      | extend BaselineHourlyBytes = TotalBaselineBytes / 168.0;
+  recentTraffic
+  | join kind=inner baseline on NodeId
+  | where RecentBytes > BaselineHourlyBytes * multiplier
+  | extend Multiplier = round(RecentBytes / BaselineHourlyBytes, 1), RecentMB = round(RecentBytes / 1024.0 / 1024.0, 2), BaselineHourlyMB = round(BaselineHourlyBytes / 1024.0 / 1024.0, 2)
+  | project NodeId, SrcNodeName, RecentMB, BaselineHourlyMB, Multiplier
+  | order by Multiplier desc
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: SrcNodeName
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml
new file mode 100644
index 00000000000..474e7f6cdd4
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml	
@@ -0,0 +1,59 @@
+id: c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f
+name: "Tailscale Premium: Unexpected exit-node egress"
+description: |
+  A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs).
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+queryFrequency: 1h
+queryPeriod: 1h
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - CommandAndControl
+  - Exfiltration
+relevantTechniques:
+  - T1090
+  - T1041
+query: |
+  let baseline = 7d;
+  let recent = 1h;
+  let recentEgress =
+      Tailscale_Network_CL
+      | where TimeGenerated > ago(recent)
+      | where array_length(ExitTraffic) > 0
+      | mv-expand t = ExitTraffic
+      | extend Src = tostring(t.src), ExitDst = tostring(t.dst), SrcNodeName = tostring(SrcNode.name), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)
+      | summarize FirstSeen = min(TimeGenerated), TotalBytes = sum(Bytes) by NodeId, SrcNodeName, Src, ExitDst;
+  let baselineEgress =
+      Tailscale_Network_CL
+      | where TimeGenerated between (ago(baseline + recent) .. ago(recent))
+      | where array_length(ExitTraffic) > 0
+      | mv-expand t = ExitTraffic
+      | extend Src = tostring(t.src), ExitDst = tostring(t.dst)
+      | distinct NodeId, Src, ExitDst;
+  recentEgress
+  | join kind=leftanti baselineEgress on NodeId, Src, ExitDst
+  | extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: SrcNodeName
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: Src
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 5h
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json
index 696ab22b6b5..0d5ccd997d7 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json	
@@ -12,28 +12,28 @@
       "graphQueries": [
         {
           "metricName": "Total config events",
-          "legend": "Tailscale_Configuration_CL",
-          "baseQuery": "Tailscale_Configuration_CL"
+          "legend": "Tailscale_Audit_CL",
+          "baseQuery": "Tailscale_Audit_CL"
         }
       ],
       "dataTypes": [
         {
-          "name": "Tailscale_Configuration_CL",
-          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Configuration_CL')]"
+          "name": "Tailscale_Audit_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
         }
       ],
       "sampleQueries": [
         {
           "description": "Recent Tailscale configuration audit events",
-          "query": "Tailscale_Configuration_CL\n| sort by TimeGenerated desc\n| take 100"
+          "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
         },
         {
           "description": "ACL policy file modifications",
-          "query": "Tailscale_Configuration_CL\n| where Action == 'WRITE' and Target startswith 'acl/'\n| project TimeGenerated, Actor, Action, Target"
+          "query": "Tailscale_Audit_CL\n| where Action == 'WRITE' and Target startswith 'acl/'\n| project TimeGenerated, Actor, Action, Target"
         },
         {
           "description": "New API tokens and OAuth clients created",
-          "query": "Tailscale_Configuration_CL\n| where Action == 'CREATE' and (Target startswith 'apikey/' or Target startswith 'oauth-client/')\n| project TimeGenerated, Actor, Target"
+          "query": "Tailscale_Audit_CL\n| where Action == 'CREATE' and (Target startswith 'apikey/' or Target startswith 'oauth-client/')\n| project TimeGenerated, Actor, Target"
         }
       ],
       "connectivityCriteria": [
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json
index 2eddd667b5c..711eba9f9c2 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json	
@@ -6,7 +6,7 @@
   "properties": {
     "dataCollectionEndpointId": "{{dataCollectionEndpointId}}",
     "streamDeclarations": {
-      "Custom-Tailscale_Configuration_CL": {
+      "Custom-Tailscale_Audit_CL": {
         "columns": [
           {
             "name": "eventTime",
@@ -54,13 +54,13 @@
     "dataFlows": [
       {
         "streams": [
-          "Custom-Tailscale_Configuration_CL"
+          "Custom-Tailscale_Audit_CL"
         ],
         "destinations": [
           "sentinelWorkspace"
         ],
         "transformKql": "          source\n          | extend TimeGenerated = eventTime\n          | extend EventTime = eventTime\n          | extend EventGroupID = eventGroupID\n          | extend Actor = actor\n          | extend Action = action\n          | extend Target = target\n          | extend Origin = origin\n          | extend New = new\n          | extend Old = old\n          | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old\n        ",
-        "outputStream": "Custom-Tailscale_Configuration_CL"
+        "outputStream": "Custom-Tailscale_Audit_CL"
       }
     ]
   }
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json
index 241b54d2e59..afab3f33a55 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json	
@@ -6,11 +6,11 @@
     "kind": "RestApiPoller",
     "properties": {
       "connectorDefinitionName": "TailscaleCCF",
-      "dataType": "Tailscale_Configuration_CL",
+      "dataType": "Tailscale_Audit_CL",
       "dcrConfig": {
         "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
         "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-        "streamName": "Custom-Tailscale_Configuration_CL"
+        "streamName": "Custom-Tailscale_Audit_CL"
       },
       "auth": {
         "type": "OAuth2",
@@ -20,9 +20,6 @@
         "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
         "TokenEndpointHeaders": {
           "Content-Type": "application/x-www-form-urlencoded"
-        },
-        "TokenEndpointQueryParameters": {
-          "grant_type": "client_credentials"
         }
       },
       "request": {
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json
index 4b8c5f69af9..316e67e71ff 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json	
@@ -1,11 +1,11 @@
 [
   {
-    "name": "Tailscale_Configuration_CL",
+    "name": "Tailscale_Audit_CL",
     "apiVersion": "2022-10-01",
     "type": "Microsoft.OperationalInsights/workspaces/tables",
     "properties": {
       "schema": {
-        "name": "Tailscale_Configuration_CL",
+        "name": "Tailscale_Audit_CL",
         "columns": [
           {
             "name": "TimeGenerated",
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json
index 41d58f8cff4..05f3fcfec8e 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json	
@@ -12,8 +12,8 @@
       "graphQueries": [
         {
           "metricName": "Configuration audit events",
-          "legend": "Tailscale_Configuration_CL",
-          "baseQuery": "Tailscale_Configuration_CL"
+          "legend": "Tailscale_Audit_CL",
+          "baseQuery": "Tailscale_Audit_CL"
         },
         {
           "metricName": "Network flow events",
@@ -23,8 +23,8 @@
       ],
       "dataTypes": [
         {
-          "name": "Tailscale_Configuration_CL",
-          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Configuration_CL')]"
+          "name": "Tailscale_Audit_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
         },
         {
           "name": "Tailscale_Network_CL",
@@ -34,7 +34,7 @@
       "sampleQueries": [
         {
           "description": "Recent Tailscale configuration audit events",
-          "query": "Tailscale_Configuration_CL\n| sort by TimeGenerated desc\n| take 100"
+          "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
         },
         {
           "description": "Recent Tailscale network flows",
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json
index 59c721ead6e..bdbb8b0a280 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json	
@@ -6,7 +6,7 @@
   "properties": {
     "dataCollectionEndpointId": "{{dataCollectionEndpointId}}",
     "streamDeclarations": {
-      "Custom-Tailscale_Configuration_CL": {
+      "Custom-Tailscale_Audit_CL": {
         "columns": [
           { "name": "eventTime", "type": "datetime" },
           { "name": "eventGroupID", "type": "string" },
@@ -43,10 +43,10 @@
     },
     "dataFlows": [
       {
-        "streams": [ "Custom-Tailscale_Configuration_CL" ],
+        "streams": [ "Custom-Tailscale_Audit_CL" ],
         "destinations": [ "sentinelWorkspace" ],
         "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
-        "outputStream": "Custom-Tailscale_Configuration_CL"
+        "outputStream": "Custom-Tailscale_Audit_CL"
       },
       {
         "streams": [ "Custom-Tailscale_Network_CL" ],
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json
index 3234b26713a..8281fabe560 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json	
@@ -6,11 +6,11 @@
     "kind": "RestApiPoller",
     "properties": {
       "connectorDefinitionName": "TailscalePremiumCCF",
-      "dataType": "Tailscale_Configuration_CL",
+      "dataType": "Tailscale_Audit_CL",
       "dcrConfig": {
         "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
         "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-        "streamName": "Custom-Tailscale_Configuration_CL"
+        "streamName": "Custom-Tailscale_Audit_CL"
       },
       "auth": {
         "type": "OAuth2",
@@ -20,9 +20,6 @@
         "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
         "TokenEndpointHeaders": {
           "Content-Type": "application/x-www-form-urlencoded"
-        },
-        "TokenEndpointQueryParameters": {
-          "grant_type": "client_credentials"
         }
       },
       "request": {
@@ -68,9 +65,6 @@
         "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
         "TokenEndpointHeaders": {
           "Content-Type": "application/x-www-form-urlencoded"
-        },
-        "TokenEndpointQueryParameters": {
-          "grant_type": "client_credentials"
         }
       },
       "request": {
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json
index d42945375ce..29380f7f30f 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json	
@@ -1,11 +1,11 @@
 [
   {
-    "name": "Tailscale_Configuration_CL",
+    "name": "Tailscale_Audit_CL",
     "apiVersion": "2022-10-01",
     "type": "Microsoft.OperationalInsights/workspaces/tables",
     "properties": {
       "schema": {
-        "name": "Tailscale_Configuration_CL",
+        "name": "Tailscale_Audit_CL",
         "columns": [
           { "name": "TimeGenerated", "type": "datetime" },
           { "name": "EventTime", "type": "datetime" },
diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
index 475c2c9abc4..0cd17a9a136 100644
--- a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -2,9 +2,9 @@
   "Name": "Tailscale (CCF)",
   "Author": "noodlemctwoodle",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** - Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)",
+  "Description": "The [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** — Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** — Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Tailscale (CCF)",
-  "Version": "3.0.2",
+  "Version": "3.0.3",
   "TemplateSpec": true,
   "Is1PConnector": false,
   "Data Connectors": [
@@ -16,7 +16,12 @@
     "Analytic Rules/TailscalePolicyfileACLmodified.yaml",
     "Analytic Rules/TailscaleAuthkeycreated.yaml",
     "Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml",
-    "Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml"
+    "Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml",
+    "Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml",
+    "Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml",
+    "Analytic Rules/TailscalePremiumBeaconingDetected.yaml",
+    "Analytic Rules/TailscalePremiumMassFanOut.yaml",
+    "Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml"
   ],
   "Hunting Queries": [
     "Hunting Queries/TailscaleFirstSeenActor.yaml",
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml
index 18ed36bcd13..6eb5ddf8f93 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml	
@@ -5,7 +5,7 @@ description: |
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
-      - Tailscale_Configuration_CL
+      - Tailscale_Audit_CL
 tactics:
   - DefenseEvasion
   - PrivilegeEscalation
@@ -15,7 +15,7 @@ relevantTechniques:
 query: |
   let bucket = 30m;
   let churnThreshold = 3;
-  Tailscale_Configuration_CL
+  Tailscale_Audit_CL
   | where Action == "WRITE"
   | where tostring(Target.type) == "ACL"
   | extend ActorLogin = tostring(Actor.loginName)
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml
index 8c47377239a..47f3c118375 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml	
@@ -5,7 +5,7 @@ description: |
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
-      - Tailscale_Configuration_CL
+      - Tailscale_Audit_CL
 tactics:
   - Persistence
   - CredentialAccess
@@ -15,7 +15,7 @@ relevantTechniques:
 query: |
   let bucket = 1h;
   let sprawlThreshold = 5;
-  Tailscale_Configuration_CL
+  Tailscale_Audit_CL
   | where Action == "CREATE"
   | where tostring(Target.type) == "AUTH_KEY"
   | extend ActorLogin = tostring(Actor.loginName)
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml
index 26e49979708..545df8d85f1 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml	
@@ -5,7 +5,7 @@ description: |
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
-      - Tailscale_Configuration_CL
+      - Tailscale_Audit_CL
 tactics:
   - InitialAccess
   - Persistence
@@ -14,13 +14,13 @@ relevantTechniques:
 query: |
   let lookback = 14d;
   let baselineWindow = 14d;
-  Tailscale_Configuration_CL
+  Tailscale_Audit_CL
   | where TimeGenerated > ago(lookback)
   | extend ActorLogin = tostring(Actor.loginName)
   | where isnotempty(ActorLogin)
   | summarize FirstSeen = min(TimeGenerated), Actions = make_set(Action), Targets = make_set(tostring(Target.type)), TotalEvents = count() by ActorLogin
   | join kind=leftanti (
-      Tailscale_Configuration_CL
+      Tailscale_Audit_CL
       | where TimeGenerated between (ago(lookback + baselineWindow) .. ago(lookback))
       | extend ActorLogin = tostring(Actor.loginName)
       | distinct ActorLogin
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml
index a8858f9cc40..0df6a5d895c 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml	
@@ -5,7 +5,7 @@ description: |
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
-      - Tailscale_Configuration_CL
+      - Tailscale_Audit_CL
 tactics:
   - InitialAccess
   - Persistence
@@ -14,7 +14,7 @@ relevantTechniques:
 query: |
   let businessStartUtc = 8;
   let businessEndUtc = 18;
-  Tailscale_Configuration_CL
+  Tailscale_Audit_CL
   | extend HourOfDay = datetime_part("hour", TimeGenerated), DayOfWeek = dayofweek(TimeGenerated)
   | where DayOfWeek in (0d, 6d)  // Sunday and Saturday
       or HourOfDay < businessStartUtc
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.2.zip b/Solutions/Tailscale (CCF)/Package/3.0.2.zip
deleted file mode 100644
index 9f87fff7c34915dbd51ba072edd02f74a6c5c300..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 22104
zcmZ6SV{j%>yR|c!*tTswv29Ll+qP}nwr$&XGO;Fkl1$8R-a6-es_NRc_x{nfcGv2=
zu3C4uqRdY)G!PIFD3A(~8l9{D9N;Y?2uQaS2ngoCU1KLxLl;w3OHorZOFK&!OM5#8
zD`$JVYn>}6-0{Y*`ttK3E(TDhh5`#NwG7g7tO;3_@Fq{Ptva;IUl2U8yUb?hYtBDH
zIIE^aj-l@@Jd;%B|1h`-DPm?L=}x_pMs+tkU%Ym`U*!>exgZui@3YS~8uS{UpUkB`
zd9Xw(Bn45Y83s;~|Eb?INV+WYGN%lm{5-bM!O?-ykt>799JbHr9qUvag04*}*W<p^
zP5dxueXHM#2%E}0M1hBYR4EbH=5wEvI`3K)vgsBz4pm!e1E~0Dvkb$ySl9ru{JJ1P
z7GzqpqHA993n>3QAJ)&@?lI3~ws2PI&t#xqoG#zS6wAd@>9U=FN09uqUXoCc)qv9`
z&vfX__l%}kol3Njq%wrR+rM*Gk*7*Y4$=%ab1DPaQew(VX0t>_>YAzZX+YoHOQ`oU
z@-yn|J`zbJp47d5PSd)Uh7H%Z4j&yL&5^T28#u&4<Upj8&a|d@k*h!ea;$@iQe0)F
zy@Y|aX?bf-a4YNmUtbCy7{}|L(CPC`PjVugn4eyij+q?wv)ChEf%DaKTG1cJ=eNnl
z;ma2nloI{9Dk34sNkNDf{DP=m6N^M>Ht>Lu>Ch!w@FA`JJSgpkk_J?5cpZhEu(ifJ
z5NXypX!JDsC1i|Csn~)ZhMvQ&8I-J5u{eiKIwJt|x(xxeNdxk}4z5K4T&s&<1zc_O
zf(tkTImY=6PFm0)2j$+0gmH8w$Hc+$M<o0aVt9O}ae`GTlk1iS5)DH+cB8%=c8hQZ
zb2MH{Q0r3}n-+B@4jy8-x)t2;!Rf2>IGTBwh(9+UK3w>1egF5*G9lX@!$SYlP6r}a
zv%>H6$Q4Zr6?Um@+b<T$-`dfvHx3?gV^*VN4+`*yAQ^|VOvA(p$7tNy1E{Ie^NAcX
zEXWv>Ph|7(7(<x$xku#%3$-np13H(h+GTM0L#L{by6*U^6|CR&DI&@^hK<cZ2c0I;
z#E9K<1~<7J8+6849Jkt|ixaK^BxRjTzs#+d4)B>Wt>RE>OHW4O!<AXA4V4UE8&DYP
ze}h({RqSxGO;kcs&@%z=VYtp9#v%M4hG4?kZN5Ii@}gzIBd;(TjKd8UxeA-onxt}}
zQ(YG4Jcw6H?06PgkAF+!lOxHoGpRmeo?({DikorrLgTuM^8mukC!mnoSILF@1C4$@
z34xYxg)m;tTI~HuRtrYG0R3m4YFpq#woc_dO2(xVzE{QR{juZ5!X-y^r4Z!jW%=yn
zZ;RB!-_m@NLC`T-D%V_8YD6=!48r;8-_h2v<kPpkWNibj_$@8nn>JfyoH&CHFTL#1
znQPIr$*7~pTajpap4e`v{N>~R_h7kjU-QMtcdsIsZ})JSN{R_`#(?Wxgbv;2%E9vW
zFjo-&;HzHNvd>vU4z<iH7bHBF6Xn|c*4)dnZO{iet!ufcGjT@n_`Hv%Rgf*RgKU&y
zitTcE>P*(*wy>TH9*TS_8U8hSDBd;`>MbeFcs@gvSlFSy&SrT;!+twE?=nDQSeQw!
zP5tVP*x&DUdL^mcCS4<%1?D-tZ7+EnX@|JL>JKRgVX@s&C^aZ-ZX~;4y-I)qdKDcj
zi-kfB8$OA_P*mnf7SDB#OK-S8>sI<Uz+6<Z&x@Q+sLdU2?nRC9c}t+0pQEP+LO41<
zk!8sU;9^d>&+*rOcC2=K!KfJ)-Y*$dIVZ)aDixsR#=oSc2bJXm4BA=Jkt|AO(zXvV
z89bT!v7}Y>E$pF2k3Y0ESTwRiZ10|HHTn~?Y>u(nfI&{bXi8@f7*Qu6Y2g{Xc<@`S
z8<OSRVi!U7I7`D87_YDE!n8q~IX&!9sYdPm*#_|h8Tq?77~^tZRmpE&nz;_^wYYe=
zc=+z%-}M<h7`^w1kH6dFUhTf!R>=TUn=~$-9{(uaiYvn|B30{7QjkJ7sv|=X9CK!<
z9MJmvD=ha+JUvHeNLms)=}C)rGe`&){OQxcAlFcst6Nzt!GF9&!fUgePGd73>5qiz
zIibrBe<sPa6(2Cw?jO8wNxbCD2HWm$vh@opK$Jm9(u(}+kR1c2pgsqU5I<=%x+mH{
zcpon4C%&sZeV6z#0a>B-;tme0xVn!+vTpspzD!sy13H76SjX!zLNZ#o&C6COjgLi5
zC~JnV7^FfN&LYL`pcd2E?b|bCM;^pF8DrTv5Nd?at=C;`aE~`qyM#PGCvAKau~QC#
z^*e+m@|fHD=LOr_3sJd?AZ$I>+8U62CM!r5^7MIPD^Fz}#DN0Vh}6o1?K>+pPgGSI
zCXiRQE7XC>og&W4zqy05hET_k1EOZBl3=Q~avyDWVZs57oXXVT?nskE6kbIjoR-}^
zv71{%2RwF%8ZfOL{p)fi$Zov$BCk01)fAG4P(@K*{c`HUlzS0wm*H0{6k-72fVl{0
z!Kqhr6_DALw~lA;^7)ZI>g9aBo-#M#k%H}l^$l?)srY+6$$dS^dwXzbTVvIYbBSDf
zeNRh(ry9ovO3Lz<hXTA_BvCKdlUS1Y4}y<ZX<Oa<rg5!S;pi2v@73I7Z@#+i=|kXk
zNUs^?W#+?m015-wRMG=33x#m?K$TDhO>p-lbeWd;7FNq$7PCh+bVD3A<ldV7W#k{J
zP7V}At><c`D{Up6vt0I|Nyoxehpm`NVMw+<T}pM>yWPoQ=O)!Ie0W#z#VH`$W|CZy
zZNuj-yq25qRCjr=%(ma&S3meq-P!HdF^HSvR9yB;FdQt7o5oabf<P#2m3D|U?nX2_
zzM$j_>=G_zY+;6)Wi!4g&)LbzS5ybDK$wyY<1TsfxS)FYSMSTwC|PF9_7y8!^mTv#
zI{>qDi}{R-%1Ih=bMnL|4v{jTS&H`WH^hq|b?-F+zm2Tt{sjtNGAyf`XeTI#S{A9t
zGz(tfBS4xC_j<CRd&eUGq|`lFKP>mT2v!cmfl{{uFyAhO=@$DCeLnQ>!4c|OoVuL3
z6naN#&%?$bo`s50W8-J^rGBlKGr>OtA55M{ey|&TWN?8<NRaKFkeTqv_qukyd_H4J
zCHA3xEOxTTO*%GDr5~hxn0BWfsBwwVKkzw(8NcADyP&|+$z8~@c=6hHg?l60ez@U@
zH0N|X!ci9NnNHH0U74;+?O*yZ6~aJ7Ct#Q1rHGq{p@WmIR(s(Mqr_&61Eeq%SkPTj
zX(XQHFs)v10vYgzJJU#XmmQ&nzfHW@1B9KKG27wex{ctoZ7HlcskNucMOUKbwoKV{
zX3m%(3V+$c<?`mp&f7?WYZ5DQbwc>4qJWwuX+nlM9?&yo^<NWRi3lAv`wEg;%!97K
zH)7=PmbMx^E<ydorXfiI3-X%87)nI&7|jt8dt|^%ClM1gZAodlQG+M|)er;72~oDK
z0QzW*`2!k^94axPj1Z*#IZb#sAX)y^P&_dHnHQ8;)Iz^W5ZVjb`?kdU-*pMUY&|8X
z7bw)M$?qw0#JC{MD(xVw9b<x!&_b3H#c@=QQUym-NQ>*dC^XKIW-VZT#mw>Ac|}u%
z=fp@gy1>sc0W6*gOV<v+eF&kvrfeL>RiRZB<1`)x=QdBb6v2}Yy<EFB-ahOaTxilH
zH=s1Fi)c)Y#qooTNIh_VwiFdjSpZ%_U}m6#R8qtyekEAjqj=y%Gf*R-NBMPCIhma5
z(zO}=UMrQ%3{fFb?h8qh%~Bc=7F^m2R>3S?3~hM%QM|#MCj5y-Tj&<nq`mr!BmcIq
z@ZcRheOKypie$#hNpbe3HnH?B@LFr<i-oMc*NNEk*Qhv0Smy2Y;S7DGU&x?Y>(F*A
znzoTPkX(xweXOfdOhr{kxdB|LB%3iBTGgAUtfRTCn|XY`H#6L;p}|a>aqEN%ZbpiX
z2V8MH_Se;DOlkC#2s!a-S_U*_RKf`Hv%N?&jhNii`bApk3H`9looNr+k7_*KIEaK&
zt_@BZz3Ui@JE<j|wi<CzRQVFB81%N{W9#1<MTcoo#o4;~@(S(qDetq>>A5)9>B|7l
zaxD^(xr?CtU%|eA<JkG1Q0|wIh0r0(Iyo+%41FaAZ<0YOxH6yEgPXvrX;QbNLJfH^
z*gIH)hVZG*=M<z~Wt0-aJr9M)d?Oz@CPJGBdLyY7U{ZfB(2h-sNqY%KPCLeqZ*nsk
zpJ{YOI2b8HZLb2fVTO-^TT`L{HqLt1Rqgo_onW#{**~}uaWXZm55_Bjy(3TiGiSy{
z2~Q%LZ#*#1^TLT|b<2c0OF>5T74pjV=P>b4b1-r6=6Q>Tyrv+<HE%gLqlsc|w<@%A
zYe&kYoZ7<&!$-rzcfN0!eZ3h7D4YiZ9#=(6k)X7?WYfA#>8FiGR1p4Ps=?U1ZN=Gi
z&Wu0Fn@bVg5e32OmADbXQ}c_8qVkc+DcKg=W7VOF!BnXnSZ6cO$16|~pR#~WrG~Vg
z@7xaRkuetBA{g;V3mVUI4N}ae<K|=zzqHpTnA!CKt#O3N;@Z$nZe}w<OJxR4j>v+*
z7We+>L1^8H$|FT5Y+@DL4{^!g@s^lF;B+|UB}J}Rib~|WDfcx;4yXwPHgz<;#GcRx
zW>A&-bd?CDYcEs2F<Xu4G4PH$)=PKkJ8GT%NzhG^E`636A;OHoK?`B`371XnDxM3P
z+q!RwS$u3x5hM$M=r9ytS0BM}Pzgk+<e5>?x%GV=9cwk5LU<o$if<ux!O{ZW0|rP3
zxe<AF>>(!5^~(Xam53^g3ZV#M)=*TJ4rH3AZFS8nD`?xT6O>QubY@6k4Y6vxy;{oU
z+P-e}g#A+?31)T{a#444s|f68Dbt+thxvvN12^WCofM^?GY9uwOyy`SH?wx|avYUP
zLJ&Z9lS@3Q6^;#n%XbmLZ%Qsxi4$!nu&jIAHDgVXBSbYan@GR@qo|GMpo(p@nnGO9
z>LU8GNujFu7#9+CIt0JidIVU9M_5YY(^&tvP_0+x`tlh`&Bsw4x}?Y;1X{bAP10nV
z`&H`->@zW7)=_?mo8vD=B)O_%n2vfY*uf#egE7;9iR%i0M7`1EqD%V0JUC(B-q2UM
zKuv*C2g}rvDI4--o+_|a^hy*18##2o6yb;kx>UmovJ_(q8LhWTHWa`7>nL&AzpaXQ
zC%o$8$3>8sWG8zIHOPPrhDH5CPFu3gE`iSYaQ9;Vcp=gBn5h`5Z3PS_mhRsfv9xKn
z6=5jK0vQU4hAFWu$lgMtpeonleY*wc41&R$L^7pvR*4%^MR<}A)${M*yiKsVigP}e
zn!4pE&!+J3d>?7wFvsygDASsj1Zf3-D)5X&y*oLgVI}UT#*48>k)F9-xoh1E9!x`y
z^q}!tp4;B(1bN{1%zJ~ZW7p`LGjJsCR${)SwjU~8>*^r;VhMbG?qt*9N1L9=`@QwM
zlRvQOt90M4v9nNC&MiiDw}ry8ukZP7um6YQ{}U1fRJ<fwiGhHGErNm|{|gCh4K3|d
zOl=)({zV1<6%Y8nJ8ieE0l$4=V*2a}w=2nHnvP|(%;RWzBDJ>f;&RJucch3>l8}^3
zqyySgZ)SWD9rJ$kZh0mFV1I*`c%+(4W17wXnIZ$JYi)3NH`M)lMJSx|2iS^^b=;$<
zisvY7OwY=_mhg{J5F{}(d*b`M+WcCtX?%~fZNr)E)hgDtX60~YVXmQ0=_Wdg4CJcx
zH%xogPo-(8*QB7N_)gu3(W3Av)3hJ>KE7f;&=|+-`<{1)B32nhAk<_>W2Kkjn9w-l
zI1H~K(!v`a$3o+3hYMGp7Tx(|#nE8z8dx#FVTaNJy6M}i^og8jzifeRd&qJ&YToh<
zFEOzm2nbaSm7{{r0_>EX&;76}N>7=Y!+lgdBeTAgbKx3{Z}l4wBDC^thUmuECUCc%
zD6Vi_fvEm8^kT1W+D2J&lnh*{%F(3Z$h}c-2oe;;+>6NV3t)h-2EIB+zfev?yieCZ
zenoElO?V>pxmrC>sFl5=ZFQR5i{DkG4~axpEb<KqwIuu`=k>VLeMYD?iCGfI`sZe%
zt;j`i7b9isq7py1aiR~$At&lVeuet)kNAiBAXm+_rAyQ)L1UyWQ_ixm&8)BQB^N3}
zz)F>h&MYI=%V1TlB9RtA70?Z2NKhG#5aE1iRYOEI^_}+WZ*RN+f-O_mP4ZA$X%XuQ
zd+mu)<4d~;wMASEjEtu$#};NIHo$TfXWKH^exK)L<YbKmAee^mBzq7Db9+aPo8<Xr
zFZvWTR;+p377(+NZ000WpFXUXMgKK67+c>QDe%#?we~HRf27gcM&nkB;cLYgee~4)
znR}(ZrrHbvnibw@kmkcd+@|Olwl>ej?rL*|tJ$pAhdr~bl)=ZFw2W;<pIHdVj;RFn
z3HW`ip5knyJ;N8#vFG<fPvRS<p8ryfO;KK(t@SG2yNB@rdV9@CYd&jVyXnufQdj%j
zS8D6S?$x|r;>lV8ckj;E{)U+==<DNpYiU1|$HnGNo;!?emI<gfw$l7ESLwGjeNhp7
z(w%0F9HZ~v=94-6aPBDB(R*<Do+QRrOa`T%O$b0&3emb{r(YnIiuHh%1w~zL&8k~n
ztBRBQc8gG1b`|Rbm(<%<6iw1YT=5PQJJHp%`*gcWk-1Ana&PK5sOyv{<8P!=fm&>8
ztDH->0rap|0|N$T7v50m`I<)}X;8Pj%D5Z<X@Xq$MUN|I-g2nnKLb9fRiN&^TFJZG
z?pAlT!BknJlsj8p?*eH1l4Pv46-2BXyW@R;SjW2Gu!|nbx>2j^H(<LD^Dcuh@0#>y
zc_6!iy}iBL_V(}(S?m_qYfo+29c|l#!CQLf=IzT1kh$X4lopb<<Js6N;8X@*ITmqp
zuPc~CfkHM2kGv;=suuL~XTf4j!h!2cuOSu-sIO+TvuGsiRhe7S*A-8vCL}Fvu~&(J
z?InDA?jt83G2x%0yZ9<R@CBB&U18U3cR!_;=EyDWa3fd6RKIILTPD=*8_5JZC{pC^
zF}H-~F70SV+_gJh)zip$YM=7fs@U%G^sHSVylQtB-`H&1n<XX+miI@=q};Wmuk7;X
z&(?O=qFgu#QD0r#TfKH?M}Haa?oKW2*6wuCO4~i-=BBk(uXA&6)*|oNuVi`WUT-}S
z*j-=$v2njuqm^=RPh$d}zWCVf?rN>}WJgDSbag+1obK|{p|9<_h269{U)51@S+qmc
z_Kvy9ZIf@euBGi&BtF%tS=+SZlq@gs<eHI6xo`iEl&AlZ()-_1u1(JEDBEwMl7e?n
z5iH>yY`p_;TLafFSGcvez1d>np5AhIb8{&O$S&;6p}Vq={&u>yH`Dw(hN$1}H805S
z?C`I!n>akdsPKQ5;)~^~uB>04v$E>E)r1GKLE8GtRI|PFl&lf7IM^y!U$#PQUb;i@
zY}NIJ2Zyb=sX6_^`Q$6+^5mQ#-&6}T(e5Otm40&9E-7w*)RNi8U*R^X)*tqYUdak>
zYm;+(<O_O#CEM0YH2Le0Ak(CcowPeeuc`EFdlSbd8KKhl!kejUORH9)4Wbp}=A0*(
zF9_0?KHsEWjck(_?>NbZN2KX`CkdVW@tS=T+Xm6fHt4+-e<yI*3wOQkZQBI%r>e$0
z<>pfqS$24^PSUlBWLvU!QxVyP3&icGmifZERrjauuVvg^zuMYsI3|dyH?n*a9@-=u
z0t6>1w|_U^{*Qcwt!<C`efyQR#<KONmRzA&*7jB{iT%;fzOv`YG-vQ_z5kZa^H2Wd
zKlv#3*AI<lY}P!!xhoBQ(bmChaeCVn-oA3{P%fVQlQ%V1_6foN^z6<i{IRo}j7s`k
zt6N)tRI^nl4c5y4^Jwj1oxb7*p+PE2D42eh{O6|X34)6=BC*CjKd(je5%#5>_25cj
z-i5g1^ZR^vK>|mzU;4K5Iciu+dh>8Tsc^5r!(P1!yzio1*L4)7PVe_9tOgr;gtbxI
z7YhTH-J3IEM~_`Pyor>cA9<LB0^+c6RFAExwdJ2$a{_W(dSxkX&y<!&kkppc(vqZe
zxV`4omPdnstJ)GJV$c0(7B0y6nT%|Sd0zLl@ysR~d!;MNbdLRoDUQ>c9?^WTVL+P^
zWo4RFA3w_p$u4>-Vm@`oMhMNCWUaWhOcwt-1$$@NF$L8{RvkTeh>9T^i<;K9WF78?
zN@y(xy2$QSxkiw$_8!u&iezYJ*QdD$Zz0|<Q9CZ?13=)xhSvvP+8!IVxUp(VScn&Q
zd@C(4+BKP_p25O<`TW{Q8^y?}3iCGV{HL6jOB=PxF8Tx_ndIikz_O;cpgkoj3yezT
zOK4V5oXF#{RVQ;<Svegs|IOa9fOIvB3;)TYoT?~*{e52;D2$PIpx*2p@~n_L$^v=4
z1L1ENc4VHTR@;clarDB5k?|rt0#VYq89&3N`tn$>(|XMvqiy_#KEkF=V+dB|MQ-^i
z*qz2zFuY+zggO=5Ln`yxx6DC>i_AmB)>mK%Paha#7^lC)Opqk!#`p2%X7jNy9%Iv9
zZEmli?Jw(Z^(?T*y|oT8YQN9XB69WSA+x_!o?Dx2d8UPHy-ul*U?<<@t^e34?rks8
z<Ink8)$93r5+4n*y7y&cQLA76_VV+(m$`0k&Y%DFlVf-xW_O$5v(ndXulr&#pZmsN
z+yCR~ulk4MJQojem%yK^sJGo;_UlCs_|zWe-OC6$oO~nn_qd3Ix0f^PsjtPowe~sp
zD;sg2FuOc9x%~sDFWTRG-&10H*}YajcVFOZ=8MyQX<s03%ireHr`G?EPA{%IoNslb
zcaQ595utr-Gh;hP|M%10W$){=9<XYWo6o-8D_mlE+0y&!xt?<Nh>`MkcWts|m#go*
zHNO9YpZC-0u!qM!!kn;=U^mBQJ9qD3@b+OE@+^g5=K&!;$9*^WqPxxl)-SqgOTDzu
zXYB_6>+A7lI^k(Ar)l4x=hMsW>#zFfZ2*D4EzrtdkHg`aGGV)N`)NHny3qOl?)d7$
z^S%0`tYGvLqs4V}w0U3tWiq|cS(-d|9CNB$U%@WEA1<6yKaQKAwjA@@O@0Qo6+d-O
zKK{nf|LLhb@ym?!<ETN1k-^U%Mvoz`%=5TJjy#r_d&m7Adja4gUk)$EFg7~5{_||*
z%ANY>OD=VNG9zJIT>nEDrGEU@xW1l0*X!FLSElg(1W;zv;~~o4*YzT<aJE?esq%g1
zWd7=G0ie|G@5sd4*%8#He*d}2f5oOyer?J8dE+W?(GA^oI{k1hCGQnR!*~5Ps`S3g
z<?~(6d*8vyhqnjHN4Xn3c5whKfaK^`z|Fg%T)y3wB7x_7TTcJVUe`C2UvB&I1<)4z
zbI4nEFY@qq`mWpVGf1@8hh1tsyh)#M?fCazP4pb!?eliNc#3tQk#cYW{R#WWs1T?q
zH~N-paU0+AG{XkbB*rlrSsT%~ohBtV7ODO3K(W^n3LpE~;jKAKP8|R$myDu1+rQyO
z<?O)wBoK;Ek$QO?UMfOagHe)6XDPUQ#v!VUF&X)xFomZQ`tc-u80RBq4gLnM>2HVF
z5ZPP~-cM6EB9E^yL7P8fGA>w8i!-p2NE2k{Y@lWjsqYv?#4|~37^K~Xic%aj00n;z
zcOl29h5D1S!#x~^3Wsl3Y24}e-1-n*-Q5#xd9Z-8rjFU*_xd|_!z+2qcF2Jzk+k7s
zj6+PA3x-GNz?QFe#81tFVWV{N+)I7$sCr*HKXZ1n|KR|G$XOJ$@xACk`#K|x5Y7+G
zof~ywiMQy{ed65-#3jIU-9wEHkf@r!C=WD^AN>85KgRJuIFfURwf#UVgy|ytH2&g-
z@7F_2VG|nJ_u~|85^NyPRp<vZZyuJ3-DhM+_K$uF^)ZzhqIs2?{^r%gr4K}-v{@zp
zC}B_$L8Kn=8Ynj0Sg=<WOryUA-Z2zuLao#|iopeqrOQ83&mu;#lM&J&hcH2}fyJ%y
zKyOS5YooNzfu{tA5zaQQ?n0lCwFWbrI-%Z3+revj4I)*GiKbEi3RAURj2lt9@?!}6
zoJXYgx`;`zUL$cgN)reG%R-9}wCg@0z6Xg`eDY$5UgE_m4hrhmj5Vy!i*?e}Y-_BI
zVHphb^M*4fiI?1Ki?y=6O;j|Z5Rm8-qZz4d2!k9^-`MImKO0pze<WqW5a%g^GM_Rj
zI2DgGb3l5;Ho_}I`JO7p2!S$0hVVxxH&}K~=ec0fM-n-e!mZx*PJn0;M!1wfO2#I5
z=ZRC;$lIyJxeZv{cb$5j%UHb`>UrBK{RZLR71J!XN&PJff1VYJH%)|#ZdJPg{C4+b
zZ46suJ_W8^tPy+WMuQv*N`Y@c``)16wA;wB)7+#<oa*AZ<IW%!UBslaz6rzQDPG9z
z0$CK31Ob$lhKSW#=Xx86KqG(IDFrDW!{%mL#%4msiQu|k4=0k$E%ToyYp9gFQCKpx
zk~lqOWeMf!yXQ`pl)&n;{sd|fR9>>X_l1h%q|!8s&V>*Nkuv+;GAe7Ikd%=oh#OQ=
zxcbhVGQXdFMh3Albi=tM1!~vr`+o1WbDDe-uJNP@$%5jV_S+Y~D8#*_V@re*Ix+-6
z?qqy#q<wGjG0?tLd-H07V4-y4>hr!zN`2*7yF0p?X<1y`C0aq3!W#rQ(rPiUex#42
zJ_!F7^EHGIhj^Vl*kMUur@n~;Zd~C$duxI&QAe-wJ`m1QSB7x-Gjv#%7>a@vf%>Gc
zYP|p@3HMg7)6ZTBwg3{q$Fu0*L`TN8o@#Gq0TS5*+$!j{;OfKF{cy@%ApH_ov#&Fy
z`Z0hbTncl~Z}2MAE_+wp<cv(0Hf-pCEE8j-wK}e?!;7U$L|9G%G*3=$h8Jl#l28tq
z&uUea_~gVkn=?7m<f*o;Yt8E>%lUV#30%-2&Ip37UL`n`_=L2avF#kvppxjj|MbU3
zb_#QNgHMd42!@fB)DgCdw;it`HcaQni<1bjg!Ruw8iz<|Vm#=;IDW0%*PHu>Z@#_K
zMjcz0Cq{5c2KDbs_wXk~ekTV*<K!P<vr&vJQi&FaZ1fa!zm|^2ZG*<cMFB*TMlc2k
zTjDFfkUm9oq?+N(bG)kL0@Hb0ktR5ZqAWpT*3Y<4Lqs;oGK#y1h)Dz$F7Ie@CT|d^
z2BEJG;h^7EMvSX=k>Q!d)o36YkWW@&hMF!CvS=xWVm8tD8Nt&E|7C6;OeS-x`Hog)
z3Jzgx54r8p^&e8mXryX8i6oV<t(3n`Z=6A)yb{^C<+(GC{`E+cN8Apt!E5j>m%ZY|
zNc)OW>qJO)GhQ}xP-NcVo-r=<zc4(6Zl#~LOR;%h5m6-g`J7U_811bN3~eq*fwp}~
zH%>?BZr?HVjCPv~{3y{Pzn~qTA;l_8$DBzS-<}e4w2h~GPyqy65>A)V^gq|L-Y3X7
z?&z_IsHYc(?NM(KeKR`+bg9X9meh3Lssu&Q`O$sI3};m7!WHoR7#_GAAn7amnvZVh
zPi~@{ZK)64CTGRxbe$kfhDza|bZyh+#+hJ%alW|EE5nvT#wjzl)@_f`RsEBHefs3A
zmEJ+)q5M~BQUYo|o$7QCd(a|Yi6P%Dy_3NEa@z#@l>2mLqF0$1%=giKKUhr(ea3Cd
z|M)xmdEWTu$brCs$}aJaC}(s$;mGKD$(LfAb)KW?yZjP;4oS;amI*JOmp<j;9L@>0
z+^Wie1dW?Xo&4Ha6a1jfdPTqvuWv^8{ZhAbhQ!5WCxEMHBO#f~?UQ=3vgGV4r7iny
z!)mIct);(n<n^MvLzz-Wi+W-HA@ks8*CrW6`KPA)J)b#MA$k{2?ezIWqVKA|Zua_(
zuuCZG@te_!m=~3hXtUOrRLupv&Wf)wH#(I!DVQu`AF$r5r?Z7C;4nDsC_D%B@hO)d
zcOEB~bY+ou1}eDHFr3TgT!`v$Bc{&{m;QCQ;Qg=Zv>O3KZWwUfl5<zn1A?3O29Gyi
z`POG{pfFfoBO4{xFWrf`mF8^EBy2g?!#qQ;X!%B$`^t>C8<y*YU&nkW$Y%c9<-H=;
zHhEl_p?nLw@YJP9?#rgC*`_GjCd=7|lUE}PU_(H;!CCx$!r99(yXi_mx$ZMp3!b9|
z$klAl(E#MAFJDK0%l`S6Enm@0odbrvW#lR}=gJ?6)SldSPakcm?o_(Sn=kS5$9m>U
zIAi1OC2!nw1!FjX(vwxNmd``dma0(BapiLS<+eR_Thr0;0?%P~hHlRIYwB1&jTP4~
z(|s?sCtJd$<kyX;@+F^3`j<zHVHKMNS;}8;F5Vp(lXH60kvPA}<7~_`2Pc{bP{zqz
z#ZlELAH6vjWrcb-7l|z&i9Htq%R^iRR>p}>!Gk+zBaP|Kpwp#nNNhe7vi-Qi_4*p>
z;cluM=H{<axN96XfFj&Q372h-w9N-M1czVs9R*K02j5?m{KF0Irnlbb%_J$C17UUj
z$c$`%0BL1%mMaMcMXkaTg(pDpUNNCyL55f&dl%4wlP0Bpvv782GMj><{5K;*gdg;Q
zKJ`2sl9XS!8TIF=1oh;##r38g(X4;yhdXn|W=*iCJ+E5`dUK9PQS4@%5R&SYXkne`
zqy`DSW|yprB&o!A#VAn6*$0gn($H_yyJ(89@T`pPhmJ-L_ep(936>#-Q;oSZLtx~}
zjz2-%DB?DQx+z!@4_8RDXO~gtUD&U~LKA#FBde4j;liy`0V2raMb&OwILW-^W3!P5
za#nGq<_7r0?IH$<qJJhTo}PEP0I0UBIJMrBvM%9w9($-`h!iSQ#V;n=J$#74bI{$w
z4Ykx3tjUd)vm0%GFq2dE7PiF%`jm!26FZBipYkPELuV#7&<YLCF9(!z>X8@4JAR26
zws)eFv?ZKwy|I>uA6xK1O5^J3_DH#&#>Pp$$3!-MS`7EQREB{jF;z(Ws9{u`-hjM?
z*{if3k3BRDX09wBnT9+s$K$$jws;5LOsqP?#Z%ks)6+7DFnzXh_J~SN?#O<*846LX
zq}-E^Nt_@ofxjkPW4;3EUV(*RhLJKDc?-844^MTOx`%n=25Rc9;#_4v^g7zGt%ouz
z6mB<Bha}P#&Nw76??yvPmnEz&*W~7T3z<IMl3;_-m#hsZA!Fssmo2Z4OUkY=?f3ie
z;`LdcB$hnJ+ai8B40Ou9$AyTFW>PN}HVe!0wZUj8jb-N>$j4n|-1{q_6yF4|XYgHX
z#hsVchS-i~XdnPH&qSML@wc|@Mqs(Deef)BGH=f(K#=T^#Y|AAO(L~rE#qGR%`<=*
ziAjR-)bG0BMH^E)NZzS|himS^g7SynzrMgf;5ooU1xE1R+aB%kv){hYA2%s0voy!)
z48SykmEB(@-uJuAp*a}8>N4_nXP1<xao{%hrfUYD)7dyJ4Jz{)lOfXm`b+oiFP^pE
zKGXdA6}T;LA-wKDeOAqQE%kd8X*=t`yHFVq!1DJszJII48?`(1pgL?Ao$4t=x}Qlt
zbWOnxt%_yvsj^uTFaQqEOYh26V$bLhE~I-9JmWeOVcmQWs3P1aO>Zw)p8r}o3CuTC
zGSH54!g4#0^6F}!jx;)o*@UgVE3f1`4YBi{P1oRMZq~%sTOYfD!eWOQBT8_EJlj#Z
znpq>&?k0_yUiHk`*cL~*j19-Tj&W2)?0<ooM5%|7>vhDlS54&kUhtzJoJ~~(S77LA
zp2n>An)N?#Z3M_0woyPK>l(@_R+Dy3)%#HHf+`_dmzAQ9l-4YCHFUB<^@Z_8E^(b_
z8Qrdtx2KR+G&KskOU3)!Y<s+IBCYvcNehm_Kfth=d8<+<9xgG8RI4T8o;K4|;g7lB
zX4*Q+^b}C&pFKi<^eTyATH=56cOFf<?3#Anggi~T?B3Z5JiF{#?DBP%%9hi{<bpT@
zqcQg^$tdbTX`8*ueM@I9@%1}qE<Za;bj=>+OaD!Kk8AdBie7Y*yoaw{FSPy&9%+wc
zW9&o{NAJ62?sPx2YDU%10_1LXy>KRbcTF2+?s|Lh_N4%JnMdCI!c%zrrg1<f<bT8J
z@k`xlR!vIvNq279%mbeLGYi4MJq7vnKHqHe<ecWSq-aw2I$zQN3kz^}zGJ1C<#rbl
zd;OK=ZWoc6PF=k3y%3xsgAjr|IS2dg#)N&|GsQS3>tb7V7>6KZBg3g`*3tRI{_ZC$
zW!G{Xb&}WHed-)v4@7%HG+xhPNibKKNwJg-rJljC6p`&?Hsgse=mXbwY-Ii{bz{lA
z190PUdLI-vtvA%?Dx*Pnp^vpRC|n3xK*4Lu`dRdM>h0G9Y-9<n1!1I|_j%*QH^}^f
zgkajtZA1L=4Z8<%vU#yDnS0J4?1V;RysT4k3R?i_^ny~+NyL2i`!YE%ajE#~rw@9c
zTIdrhYo8I9&*80ep=uzltk6kh?s!_ofTnnUysYcVn8G4dBQ|(xg1`r+AG-<D9LhI*
zFE`7mAX6$%ogs3HyZ>u_&vBmxAzkOO!nf%L75sJaErQ@{Ko=HlHuEFUpa%SkETQ7#
z1T(TEL+qWZsiaUAK%>upf0kI8rRMpeMmnQ9%qxjY_Z{yOY2O?!*EKcAfa}k|HSO(2
zP|mXcZUpKhjJ^LkYFY|r66orl<)KGcOe@_+zkaiNdu^7k1%Kp}+*A~wUl!otKH~=S
z@^p(*g{kND>qBHp%-n8~ukb|NZeI<s|EfKv$_%tqQGfJw_wFgmoZn8aKmU6WJP;KD
zmCLUt8tinei46War-|su=QAfXhY{h}CTY=Zaa(<cbol3Bgm#Ls{9OJBbrye+j*UP`
zi>P7cMP&34!E_9l<_Ip;F>H!c#5AXnWlj;>++y?J@<sR=Tc3)rZUN4Z-5sy+^$>Cv
zlY<HtjE;b?!a}E@=q@0s8J2SVQ*)|ytLpHb4zs-X`-N{3KaHTAlA?Zn>F|EXlsB*D
zON;JiZg*sxTJo=tqwAChw~~HkkdeOKP7aHn{MbVZEyJ8_{z*)5^2g?i2S=o%-O}N9
zh=_IhX!9iMIK>>QJC~z%8b-ZY9w*!D;WAo;Ofq&n1ucS{_(!HodA|Vay8xhWrbc=m
zRpNAVEPgT$H#uvBhTcUy?;LLQXlMo-kwQTuspn4LX)|^IAE}HwQzMO+CKN0kw()9E
zmyQ``0=}g8I%qqOYUvnyLGM(Ypqn*5QVt!JjX1v;uB%u*=Mza0rrO^-R=Sp7C|-}U
z=-Be44#igfM(I0YLVGkFrqZEdknr<Q@;XXIjgv}6iWK3Hjf~+>#&Hy}BNOVAk=99y
z^CpHKMO1*5jlfIAVX`!b>hkhWEFA@*ML{MR<Ro!Z3iRt()zwVnSs~JfYt0~O@VaZ6
z8NE<ui_*tzyjTtyKNX_?r!D9J^gUUoOy22ntmq@)AbvgVERZ9cljLYBt_uO=pA``a
z<);hFJADCVyY5f1qRXwyRx+~2L7Blz7*bFFK}v6n=&6#lQ@G?kU4Fu8zwlQ#mJdB3
z-Lr*xn;EJ|I+KbnjS9OOal+*vn&|v*G@<$*G?_2UOKt)SF?764>Hn3a5T-fNm^Ir8
zLh;M_`;`Gxz^Yp(l~@#b3^jLp5oHPiCkJhj;p!4usU!{uze+<ICXN+Zw`FN9d!K^E
zK^gX3!G(}x4dATUKo3;HZzK)g-uFF|1?y3@Zn+^xzQu=F@ln7M$WWw?KXkUcr{Kc~
zkl!E;DpVJOt&5?z8>4tqmNfAbvBrIT;f7uoJN;q@x|67)@>2#ky@*GQ8V``k=|xIq
z@A@UW<^O{d?b3g6VrzA1vkebq`2XR=t@0n7)X<{*g0vs{51cgo7o1e=9V;?QB-=x;
zDFc&sRy$9T<0w&srv|$`wYxhzD+53EW*gy+tkUEU8L^t7k)Hz0xft5Rh{oo5HRBxj
z=S%erjD$1}LBl9nc^P_hZOqa;$^jWis<lc8wgLEcwqsc$l$WSJPa(I7<PWd2i()>^
zhPIE1SzWHn00pX<q1@vj1BOQ}EED14<qH=r9<IuZx6$o(#_^-{n9oGky+(RaKRgG!
z<v!8_CC4D?huAQp*hbZ)AP%*GxTB0X>hEVV<`WD~gRSMdlL)&l=?#;Z$dlVVPkGkq
zmBQL<@t%a{vGKsNMCkZ9IKg8KB~kW9*|d&>l(A9)z%=i$Ps*Pj{Z}A&#;p43lW8d&
zNu&;C1}I-eZ<4i(vRxX%lNmJ|fmo*;4btE09im9-6Nn3Jy96EeP$%n>2f0o*uMX|v
zGrWUgJ)#i_-WhGCwQ%#CJ3J#FUbJQ0Q1n0IM`7@bJdS@ib+#+26?zr&6e4b4Y|<cD
z#NbVe{G9ekyru0B=DakPp^S~jjW><HDc!-d<OXOjn=zU2aY@Kg?tfO0zHGaCIq*Pt
z;zSFkYR6CiA=gIVjf#Tk0t9qjOLxxazB{?P{hqU!``2Nti%ZW~HvanYqUrl*e?<%{
z|F6d%eK||gA|7#Boq^E!&P>ndp`V9>Arb<dSHxTx30QCwO~VXA92r6tAO{`NBJ!oK
zF3cn`M2(#gXG4Xt<Hj?Ur>z>ni9(RdN-_}MknTh@WVmNB2^LXLzeHW;$=1kO>r9P=
z_eBWd8U~GWdhTC|r<?Kw$}k)K2zAxEfbj?naSXJJEPaTjF`(Lztzj>47N1Q{4r}ip
z(~H3LRGO}u9-bG6yC>)84tEzXN6k&BEv4d9!eH&R%S`ILp|RMg-6<QkS51#{HRniX
z<*Epai$xd}^(act6o?RUk<*{(d-e`os-WlkW4XMh`8^onbjql?&Tfl;a>y|FNZC^<
zb4HwE0)D~x&rLxuRs!PaPh=_Bk>x|f?Y_Hf`(~;9QYtNW%7%#>PpoL{@@VZt4!1B#
z@n|91$3`b8;Cj4i7?oyzkU2=!;z^FHl0&G+?3;{Gwkbx%9D^WA7n+)m-zIW&?muM5
z$|2z4zVOMHC76;h6H9{&XDE(EVqbZ~5QQTW4iv_X=42c7OSdF${H64JDcaoFmJ>A0
znytO|+5a*1@&Kkl@w-a1#vU>S%S(Lq_);29*B%FvA_UBzRw*3D5kbc|d_B&vq_p8%
zO)|KIlb82WaCs!q-)^_CjG_X*(sk+88;W?nl50kpvqh1di!{17$aQsmE0vqWRa|P%
z#(1U`nJxUsm$Lzu1QE&x9hnM>$v5j`bgyWBQi(OHweU=xA#>5Q&Z5U(eLE9{x?Sl<
zF5cQ^2A!LchT0C_-K1HF&t~X9+6SVDfu?K!zC<8qBKEG{U(Q}_oy}bS@_CmTWyY^*
zFQ%;6v^ZA69VjZn1axTMLKWCth#WE+*mD3EY14n~#Zc>1RqB@1qX=&Mu={ov3@x29
z3{5P9$pBF(biO9yy4c9!|D5FiI#N36^tjK4Y8Fr5KSn8Q9Y@@0V+q(+gWh3)?ci&M
ztCE9UA%fgJYAhXAI^g=*s<i4%OM~-_7PzH$s6$}*F$vO&DNWTGd~<gy8uJtEr%*xj
zo?=Dua}Z@<+ocPWAe*S%Y?JN4IYQSsoaKgS49>{$7+PoG;hTe&Ap2V7Fj5$S32{n0
zmaKOfQoG**-`?$Hx4ohoNe$r~0yvGfD$-W04^pk5D`M9;O$iSrnl=^{e8HkSM94Yq
z-69I1ug1$cF*Z_iVzD)y*}4@*SQo2H%Q7{w;%j|~pbS(?h#+RLU~%?&-d-06R7)!s
z7>>wW5t2pW>|?HA!7BorT{StFmT&<-J~>!dNMbJ-6ze*)1Hu3x@@Idfn&CjRL9$H7
z2!X)w&eR_scBuhpO&|&#fDV%7B{H@uXFD;m)jX1=&QwlQ2`qmjib|5I5A;kJ2j}xb
zQ&+OOg*qZEUUs63L}Mcai=2rHCposD2utm-A6t}v^(&<~tym~y`NUOlT9dY+7YC})
z1r@V(wAH~Df3VaRC6r67lQ!|EE>L7-!(1(!W@dc}mxT+(SE(vY%IRMG*{lLa4hxDd
zO1HiHw2dvAh>neniMPPq>7o5J7#>mgjj9?<SF>;MvYACVMu~<0;!|gRl21@;5TQ?0
zdr>E;C127asf{MCU6k`t*ze*fakXYHVGDZ@OI#Dqe&-R=`ioz+qb5_*DyrqnEnVUY
zP3jFTX+1UQjNro-Y1bcFJM>~TNRiIu%ID|Pnj2W(CgbC(`9gEd73x!?(H~|NbDkDU
zxo|O$V;gH#psl3TQy$UQhFX3Nb)*1g>uRWs><k^C=#D4&Wi*A&3<1@wczQ_l!eW3L
zDOxarOFO|Lh5s1^Uo~uibXwkI8lXmx$tlccqAd~*Rx9PL5&>Z#qC!SkMJ@tT4pY=1
zp;yh1E0}SO>bYM*SAkeYA(Eb2yzhmXj!r}oq72~zdY$0432t^khoerQ2n-pT7Ir8+
z5H18Yxj!d|fVriDy8lI+QOy)Si`ZkwcK@Ru`b7G7E0|t$fI4TBp|SuIaSKK}J?YoE
zn+s0?ggd%PB#3P>m<156ptep?eor<-U)r8NE#t{kiCSozJWSVUV;*NXjv&^{>wS;u
z&yx|B8{9>-(MD*Ttb35*8BbMLZ5ozaq~W_u3f2>f_!A1#AJFk9E~aZT{tt?+Q0D6(
zIR---?~e>O%Ad<ODH%^qOxLJ08b})iGdQI+6_es=v-YAU&*pG;5~_=}6&Amh!P<Eu
z|9XbpQU0{+FIxv&OKb#B_@k+Sg`h6t=#e4X>|1?^D`;Oz+|XBv8Vo{#Ao8QY4mFl;
zysj9PSIjraW;*Z_x{01avaYCa7@0jIl<9C88jijM8!UScOm0AalO37B!Km24g=7{-
z!Nyt^n;Ob(m`WWNW{fL@4~Z0ivam0!0u~tW=ldLu>w0i|{!$^h5;`-`v6^ske`x5G
z2_P`e_9NdTeR<Za3Y>rqd`bj~SmUU&LY8U;;aKFyIikJKMD8P)R@Ir!%hQU#Ow_8c
zoP9w)b_%ds(LoHnIA|KzppLR96$?)Kw1f%<N@&*>om!Ob3paVT#&ctH3Tz>sLmPit
z$*8Ip2*ntvsbbYbz@s<x`DM?)yxFdy4`_48{EV662{`kEOrS&)x91&P1bc=R`sN{j
zVEj&P+a&)NA8$n;Y%MA)DFAnH>vlEa*5inMm2|onEHC68u6@c?+E-E5860i%<51T1
zh9>kt>-g58eGx)<B1!ur<qbo+|5GMb2yln^oD9$q#oiW)MjGE*X7=68q1pp}&OtMe
z8Xo@L7Q9ShI{u0jW#q*t;?X`LP|RxMWHWxrIzI#3-l9Sn%fpV()iN$$%aB81?pA)K
zbEC;4@WB{*+3E2I$<i^HSk(1Yf}29W)G-dpunTKp?gIs1TM;2y65qfZBUq%tIW@76
z>QGz#dO_6%xyA`01wKSPDK*!AJ6H}4^P7znP$X&we5zY2HbBCMIrghVA=bJAad8!E
zh{Ug2Wil-XnNF7<3#vST#qAUMn1=^Sm<0%ib@z*5;q0e_j*FqAjl@Kf7$C!jMCj*l
zMoOrId*1s*KjY-&7rREJnu#7gG@qdRf9$QPCKdrnb6W#19~%~QAKVyRJ_IDoW0X;g
zBxq-BiKb&5tT(wEg`k8e4a!E1TL%3K(P3NB!7F>9g>)HFen(o{a2EaPG)6R-Ocsgr
zG>(ghYFz~Jh`{&P0~OW(a)MOHv?PRMDana5EJVIRmPHdmnF+cgvZKc2?`q--5sh@(
z{-HZBF(M9TO*%rB+Qq}HNNxt-z5u1)tuNe`VSE*>)!>!%@OzGq`bie2M4-AXtRN#f
z0R(Ec2pnl~H-}R%5^t7BVv4~E=SSSVJ-LXrj|V1JzyE6uKY~+}%?|z(+8%+~S%KD%
zzoQG)!nWl_>QyjkAoZuang8DG->T4huP!OSS5Y9`(0Zh?*4-V*BE#!<$it3koASuI
zt;!pfbgOGs*TwzoBMB#vVZS?f^1E!w)G$?5#Z5{7Mk)VlSPPj83Z+62_O`O2Uhby4
z1rzL4gP>ABJ=M~y*t%(qdEde3YJ0U2>Z};!D@f5n1WB>x!%@8X*WKM=)yAQEXmV`t
zE7nD3n%lOD(Or@A8E@YTQs-jkV1xNH{>+CB#_n%c&BfFS;>@!|9ls?R6%JAr63C9&
z^7qfHOP0YnmF>sQI&@p~r)5rUQA!mkF2r%~Ry-7Eh!*&XfuDCrgX%mW#;6ci^wiaj
zQwcAMBC2^ZR*u+&1&0Ts95t9oemrDVDL#7gAj`uwLY_;c>nAtJ*nD1YGH#<tdBNud
z1OU~&?<beA3DR7no0yHER_s_xC`YV~u&vEUL6E6nr5pqU${7<R?id<25;s^;JQ0+H
z5t4hiClE`0qpjY{Y}wi>ftV}EF!T4EKcT_;o*f%8x*D`6pUOmaY6qMBF79z^uCoRB
z3?qzZX^XEwf_k5C{<amgXKF&af&{cDy`cdkf@i7C3n6AzDoNvbjMeP)8mee(8;fEs
z%a7$H#aj2^LG9_rOkN*%^535}gS8chd<Ar}h#)&#UaY^@x(5p&=4Sr*+048l6jK=f
z!7GaK`;D_D(VbVC`F=UEauR)NM{#~qq{_sw507w%c1;?=4I?;q2Hp1hW(uD1Q{aHA
z!6l*`2tf$_!<hqLp>`0SSRL?^1W5p1I!NAGsJ__N7r1ar!R;=K|8uLb*m(wDdt4b>
zMzc+LJsyxVj^@=$h&-edkfTlPP!JnAPMsh?rNfEI$BH#8Ll`talxBs9E6h_CBY{rH
z6TpsQxjZhBK`OJ1w;d+QieRon*(cM#u1SIeB67uzt%yq3g2mk^NNZJZ3p2I2;k#+E
zl6CuiJ}l;59Eb40h;W2bQfv&>L_9;=85*KakfjxO4KW>hV46(aI>Y@oFfqWqFwlgY
zt)bIXJQQU!gb#KFMM=TV_Df8|3qYf0Ml$q+Ef5^{#_59XWO+%x25go9(V{K2<L^J@
zSfJzaoq@^FM`M+-eD@P<_Ia23S7ljgg#iDmEUWg=fF2&}w10w!4whCF2q7Shol#o>
zNyOURz``^sx0HhUJ5+X_lD&^PkKPSKwF5Fm`Rs>*`L#rF?kn|r#=;p-Gpu!-PK2zV
zL@Vsoj3Fk52_$0%rVsH|gZ@N{tEm<DD*qo$mTP>o@jhkcp!qbo69~v+06DIQ&jk^^
z2LUMyIudM2nbU)nz!n#=qAdMe12OYp1(X_bBIQ0O9aJndGLr~}xvR@>Y%?j$kpg!1
z@+K5PwK(WTM!DSch>SK<ET+aF%3{k+W1ANYGpIdHgm0nW#&9f1o=SkhLs_u3huOIf
zSFsr!D1VsL1D<3Mm8#-8TV}Q9$$*X90bO-*u+n3BQLLa^P#nleEh1UUncMb{y+Iam
zf@(KkOr^-&+J%*xPSva|K9ZH1+>UkoeO#-w+y<k6zK_cKkMAoq`*KURts=8hD>4-%
zBD4PE`@t2uJE*%3#U`{sKC=`Xy|z3e>9tA0$*C568Iei(N%)d?p5Yb0J_s`<UvI%q
zE&>qAHBVL|Y*7)THZ|{307v^W*aJ>&a1n?opsg-6X>d~yQ>u7#tf`PS+k)j=2!OK=
zcU_DR%%md^!{3S@JLCTMuT~~<ri?gOGW=^`^Vm9@6VDG=W}<`t(>=9@I3=|{W7p_=
zRYb1`X#X^3`%hjEQL*xWN9EW4?Eb7R(cAfDIwo}na~`?cVdVTnC&oYeN7EaEQR?BZ
zC=NfNC)PV_q3?B#NSE{_*9xgD{QUiZZpDP3GoQ|@y$2Es*{Kml?$C>eL-$QH7Nqga
zf3jHn{_3cFQVY)^sO2N$Hcfg9tuY-{tU??kIA`XZJ?xIkHb%<P<6f@}oX;g|_N?yA
z{28X_fbV_zUwvF<P#i#$#UV&wae@<Ig9MiZ3GR!#6I_-J?(S>|kig>Z8r*^t0)gPV
zxVu}B0DB~LRaf=Z-Oc=%?y9MoKU43`^mM-vNUFo)wb&NCIRu4)ARV21ZhyBO6w!^+
zAY&syp=pC_?I9Q6A7HL2JNAvGfdUWr0OKjY$#GFQ){DJG)H$`1CWP&n9~94q3@{wt
zm#G_PS3aQuM8OqAu-%XGq=!bHSEFo`p#wDMJ7@{GS5y`p8_)ns1mnf|Xn<s{YBEd!
znW(uaM+vt~MI42FMsg((iyvYm{%L_}s+qmytmo;zumKgZ$l)$?e0rq}WbuwQKiCHK
z;W#in-|w~VNmE+YKA0t3kuX9LQIa9uKrZJqt7h?6oTM))>``TH7DPQPZC=JLA`@64
zN`0<{JLd4)w+fGw8fD0c$6pc+B+|MLM)j`>P!Ji!qbXaiJS|Mf9(%`VDsbf<-ljYS
zuAje(K;%OWLMR~0YQ^+^S`QQWWHi2U!{yRm6=E_}UQP`e3vf$RhD@!hXzGw5$(!T|
zpkBTolo>-n+5UMsL?tA+It#TvUx4Aphjolqha_P5o$Yo?z(}xz{MIw|ZLa1Np$Hni
zO^KIL&LRcdTw*F7Cn@mp*W}j&w+-_RxS?2-bJKL@j^e#S3&Knczr6@*j(Vy8{BEZ=
zUnrOCop{0>z+c=UsPQwDe8L?78-V)>cL4uz2f*e>>SaWr2c@FrMf-<4C<_BYT^@>9
zV10t8O}5M+*THM_-i@#HwAL1(&@53KV(`v*j#<tyzcc1$&^zB)*F%X_lUk%kN0A3G
zf$LAX1M#YlevUc1CEPf1EKIdE+^_DP&T7b0elev6Ij5*4#dB8tQXy#&3eIK)>4>&t
zGX!Plps{uyZwT4`j(F8T2O$mfz`<4m&LHUEQaRT7XHL%bu5&V=9?Kk=pL93#!>4<w
z;926AE=pSuEae|fK6{ov4^6By856XCO2_lRrOkDxNX4U!!ga*5#bCCb)k_cYdoS*o
z)A3z<HRc9&>giM0&?0QBA1-fZ=l_$#2TzeZ@v$WSkC}P&i8-qBZo`jpG-3*IzJ5zM
z@hV9@=dM>*GiAnRbt!F%&n!=iBZW3ewBcu62UOgN`C-BUUy;)Vm36!KJIkw0ncCeS
z?4H=T^Dio$8g{goJh5>n>@@v}jXVFbap%^XFcFTf*D@|~6i(@X&vNsTH4>ziX|<8P
z>j)Uaj|0a4*1^AD7rvBdzoVm7fAsb{q%{u1<HFs5yM}Z%$ifT|4>b^?y6P^m-dnDW
zurj`?!AQk5$l^RmNedD{PMZRInIwn&<TVd%&3z#QX;P2m`Qa>j^6T1hI_b+dx<2a|
zi4q<=6%3Bg=Z5Q%VB>q-I-m#;5lUXeBCxBQHx{S}c}pz&l;6_i*OyAVtVHwUz_puN
zB#{al85ttzwR;An`6xzQpv6~r(u9>q^695s2#)5pG$XAn-q!Qz?z6Y!Q$yrJ)VMRV
z<m2p`rU{lvMB`KxiobEHKI@hcMTq`L2mfj>Taj+QyNmvD<B)!TM38{#s69S(;hN`|
z;~#dkX7dxZJn3qs6(cHZ85Nr{QHkf38%((5M)5}e;|i22P@_K<Kf5m>&IE~(HGV2*
ziPfH!5Kj;@TFkuP8Y=*A)*JpF4gVSNg^f#3f=-CQp%B3~Rz83_HiqTANDfKs$N{W1
zJ{)ELGPqH4RZNJFJ|A0R2Fcy<Ym}Kenw*KFv|B$xkbMwM9;Z(B^mvVx@j!eipjCn8
zeyOjsBU0dpr$f(c&nO_SUBq{~d0Ns;N;KN3TpK0n20atJwe{B7V8n+bSo8iyx3(t{
zet7G3MEUVoY+YrG0Cgk&!lOUk+85LUPXPy`hF<NbfP<0yGgMz^Bll&^?F|$|&EDIT
z?iuenpGz|~zlsm~y6W-`6ew~^YVP!ER~Z(X{f)=G-^b*1k5w_nuJ{K0sWoz7YX$U~
z$ou9&<Mr>yuZn^xJV+_Xc!l`|dIZK@Gn~>I`XKDq2iaesM<*noF7-&|TvaUqhv90k
zIq-^iGJX~ZbPSgL9N|b%%mr92))s4DK40I3&}3X$3L#mJA&(cONf=?udV&?@yUlok
zmmhw_@vh1E6xjp~TjSk{e$_Rj-IMrumz!v}m96yQYiC7UTSbOJhB#aLu+K)VMtg;t
zO5b7a`T3++vLqfS8)y2o(ubc$Iwp^<`oZ)}_6RcQQLww}K4o(9_EzEEuz@59(xLu-
z1Y=UDCuf5&#`}!HcJ$<JO?u#&q>rC{k{#h^6tqm?-$>gd@Ts!A(>v1veWl0w5~Xz$
zLji1b)z+ez-=*|ZU8%T^6-22l({<|`N%#ZcGH!T~usu&K-pk%-UAV=j@B1UNEnQf)
zAu6`-l2K=cU%3gCn?qWRK@TV(f-7XtIj?T7ia2j_-Y!**OQ>1d2-av>QgK&DRx_fM
z4SEGDXUP`o@>==hZhStUV={!^yh^#~fyIXx70amSDZGnjJGTT8TwM`tigsn73R{~N
zOD2)+N+vC8G0p9e^D7CjbZiRV{b=2qd0Nyyt>{G*&pSD<;vl#-?UA2(SvEbFkZtex
z=VGBrtUQ^duQ(!cCF}(TQ7w@tS3Lf0?Rl+w`=u`6dfdwDunI8vGq27tChD=I{p-G(
zt95<3Xdq~~TrCch(RDGI_`5Stp5iLUa|`3P*{JtX97I)?f`kt!*AMeNK-ClwVvGBj
zNUF`ZxN$I}L*w;jcaUt!N$r6K^G@v6#Pmf{0wP?pP6an}aA&f_O*e7t%iieVj^e@l
z^Qn`Ov1=RoY|HCNzEW6`!g9|=Ut>mem5S8OFI~qxP42E8y_82B^m#zu<YbJ&BHA|?
zcW{K3X$<J?0@F^P;<vf`{%rbA<39Ke?ZD6~6d8f(?BYfQJbG!|ArJb9K3DLq-#C?Y
z(joHs42;+~IT`jZWA{|5!g%1>Hx5oV%&s9T^m*9cRi1aF^$Snlpe=_bB_xdO_<fA)
zT$kb1#MZRgPx^a>n?=8}*xwuH5v0Nb+%c>42=T6|@3E`oLKHpIUuWAAwD*VvYaM7P
zhh&jB;?mKRz$>D=Q49uUXNFbRSx1biJG(W9-!HxhED%aQ3Ia+q=@c8^(WEKjWLX@4
zuyD!cm*c^Ip@#Jd9zXDlbnl=6(AZK&`H64I$@3giK<Iq7m`v&C$zXEcV^EOLhxU65
zzqlC6w1{I+I8?vdJ6e1ovGge;vx>3xVtt!WW-%itqzu`=*+4-X$*CVAkn{01d}`63
z%#+X;o;D@ILnDiC<0*G|nNe=T%;#V`$lTo$9fh?eaD=00-;l`|RfeoSv@jf0i4CK@
znHEDI{Ce)G!G&esWRk|86@;I%kex{VfLElDWTbRYoerzv1Q_OEHY6x6k4C(S_npIR
ztYYPB(EdE7MUZX)v6d%JU259`Io|VFy5!f>A375Df3_ud^zqgaTp}HhGJDsT@MjK1
zfq$@J6a5AKfG;`gXV@nJ_~A&)8)i6eUumzfl-S>p`uMwh4Bi$>L^n&zGd9JPDqQ0|
zn*3-mON_-=%Zm+rl$n?`)xM2!j4dag(Skfnl2}z{su8A)c*!?X4Pip1tQc?O)|^Na
z_TJDb-14Nnxm)!~#6|a9(Gv%@i@3dW>CmupyV-?;9I(0ZO_@rgXTnvou0&uJ*i8Pw
z`g-3*VWIZ;;$16M6W$j|jUb<L<67+H_QqQ>ek8G|Uz7zD#6t${lWVNgqbLvMYtPz8
zhl?Wx`y3Z(mit^Wa*4?VL^X-XJV2M_@_EDYpIAb{%9E?IW!6N^NHYL|8tyGEsYVL|
z(sp@g?h&hFL(y;eL5(5bO{M_j0_6PyHtPn|81<vcow(?&W6gLavntw;BEVTRTkN=E
zk=Bt_=pf8Jkd?6oI+;GJ|6r&5<uuWUZAzvEf7YZDmR-@_@t%e<uEh0=PJ5UHu|a#8
z6DDYlFz~Tqza2zPPHoSopWPOa_-y0Y)&0CG-5hB9!9OHjBg%S1|K@U0m}gd`A<4Xw
zv17-8V!-fHKS6h8+xo(chno)0*D#c36R3G{m<hLDslH3Mz#XCb%JSty#><$eU$vE5
zBb%-njyZOp8P=(jUtNpr-KSDlmluq@7I7Lr?<%~PD9(JMYH|pRG=I4&->e|K@DP$k
ze^`VL)NfENuj))RrO3H3`S%ZfZcsH0Rs!KV>S9<6R4Hxn-0CvMBH3pPV%a<@eeQOB
zcYCV(6$hz*EEC<Q3k5M=%B#w9Z!P9Fae|Ek#m!NcN2}l8bvN1j;ZrL5D35T_7P_aB
zKZ?<9Uv6Ory?aag`{gpy%2b_7k+9+y9nuSm+l*0WwVM44t?D3C`6NK0Ve2KrOYxD`
zdE{`gT6tae*dUCN4YN4%Oxj*x%WNoRRXc4{kDMB7;1m?nnVT08dE7>_W0SIaq?b|w
zxpsdid7sK1oR(6oKH5KFVUtQDoH}Vg#S667$y`_!T)t+G{bt+!>a*Kp8G2Gk@w)K@
zYr9g?j`6yIs2FhPOZ=lqz|NPyTuh3;(!w}{Lw745&K&W*rvoE{+!E9*Dsv$6lUZGR
z{Td4Q(0-#7bb#FZha|NL{EH%%`T0sSkTYQh^^)hTjnPQ#c|TXkq%}Y_p(IciK92U#
ziMSP$->iwd=2P(Gk>E5j(+oUgSUj@Nq{E&tr3`-eYJ|n6*O~|S(jh$_ub$#<M=OM-
zB5hA+oz{+|lW?s@vfAV>Iq{LHFmQnPiqjcb{DkW&U<TS?A;VFP(tr-PP?jY#MZuH_
zyrO?5O>L#u9){+(?nDSzAtmVlG1<L0Qqc;alzATk@6lQ)iMN+8#cPqULv5tTOrMb%
z2M(iY9pJ^=4HPFzd>Nyx+sEV!Eo!^#UP`h0CCu$h_58CeMeUGUrrN2GvolG%vy1v_
z>)czm7Fj4QsVY{eA)K6!&}EhNO#vt^J!CPntSN{s=+Na8sOsf0ifnp5tp;z$Q0BSS
zaoA8eFHbp(gdbxrQ+!yChjUEv^yv`#*j)oLH2IK>>z%{_>$bb8Z-v4zlhc(@A`s~1
zqv0eot}zh^+$X;4Xl5;a)(&gwpDw1-Z!wniFFcTjaj18PEJD93R-)ve^C^&jzi|^0
z*A^n{drL7$%vw-3DK(L57O=mm4ZA@5#aO~QEyYM}T8N^sQ5u;q>8)EYJQlP0rzqqa
z#4(+vwgn|J;;nSs1Jq9uGasK=uBG$zLL6zA=knZYIE@dL$o@?H==f*uIMrl3&%F{o
zlxn;wjP$3+|1%@%1s^RrG=2jY!y1k6U$;9!p4X54%`56z74W;JL-_}lq@m}rP4;E@
z#AwH59p}TLIy?A+3(E!AG=V_u-5{Ed`w*QCS_s6<{Uc)h>F|~a|3+L>&FnZMvS*{k
z1{RDz55{!*4ECg(zD(e08DSrVMgJ?x`@?0#1X<GXocwSL4{{MxF?sme?3nsp7YWpH
z?>zZ{lSzTb8v^DD5-nkZJYpuj*AtAFYgEM`g%2ocqIfaXF1La@@10%G_b2Y1&-W1z
zqX?N38P72699r%dbC%VCslI!g0`$uR<3t<_mogVsIvb{yOOWfUP6OZclW01cH|AG0
z0s7us?<Cg8<I-=mqk3?H{bJ6DuM}|YZm?(j!IQ#-KA>v0$#2|SU!Ep1JxZRd-k@ww
zZ>2!%TO|V$>EljW(}tj)B5c#&RJVV;isd=ZwiSmY!*n}D(9k=Y*N`^iL^lVB)lYNR
zK@w^qyo3BdChAMHi8$cWa+o%vq-vXcc<jc(4_K&D9Np!JGxyQeUY=+B7UCJNHD4s7
z(Poju7qO;BAD|Xp2+Apho(501_=oN$;gR&g>ImFQM2WtTcY~eYcY6Lvt`;=(z(rzC
z!Tnv-m*RQX<0Y*Ebi2ztq4>Tk3r`9f{NKl;k3aS#&FdnZCv&24!$ID)x3};7numsI
z?r3BbTaFm(P6#o;m^LeK`T`j@bZwrZ33)iM@3yN>{mf9LpEodIxbj?UFtb0>=}Za~
zS*rfC9mR}O8AyTq#bSe-IYFPe^jG9bhm@6YvoJ=h96;&7SD2A<U3B$*KZcYOajNz{
zFC|3s(c@KqMm0ryy-0hQFzNWP&d@F~M%2|Q`H#DlwDckO>ILFPm;Gk<;oCM8m$LH)
zSs!Kwa75*!B|Aw9y%7(77?dhhWopbfgoOX83W;7~HOOoeG6m>mj%vdGj!{QYJP$)W
z8$D(@ep#01SvjD^w?8p2Obp$8{1IhM6g#toz{cUXOnot@mKLNS435EAU_x^$+Vr6r
zF#XIjG{1Th&FuAx8Dz?9g^=BDMp9LGtJS_@TF=iotHN)?X}EUEElS)&vs#>5#X9$!
zRLflwmr0lb0`~e03pm)SVxKiC^F3)rUB8a(kD;wmyvN*fm@vI|Q~KzzYzhm#;<u{G
zsFhG$KKEgi#<4!}x|o^TOgfYkqG7OhfXajYG?UYbBLNGJK=00Vh<0pcZXs9`$-Av0
zhq757-dS<z#@v)l!pBgJ{2LJfJ8}Esb*>=U@x`GxL}8CkgX6S>%eH_<#zG<w>?H5V
zK!ZDo6wK3=9WFr&>mrT^k}N7<xLY67t<y(Pyn3fUDydf+NbHf_<rSwYp5^3$+cYDp
zX%-@>%jP+%;{XGDm!pSH=OGzp&0%OIjQP7d=084V>&!ZC+i-U1UzL*KIBnfG65cw#
z?)ku$wK6k!yQH}3=>Q05TEAT~c-wg-9kB56bRl-<Noy%UIQrg$bghYK^n;B`z)~g~
z*r*sCPR%l%xTokZGU`UMQgP?jy=QNC*ho0{n#=HqAmw+6!}KA9sn*b}7WzRTVyRNQ
zZb8Mesmq9D1&rHz^yDc#d0PKGw(PP-qPZoLu%#m}k0#yWV-<#0;g8j=M5D(eWphi)
zmY$vf56_LcrObpSY1D-9I+-EBy)SwJnNUIDqT#m!o8>tClHr@wHh1Af?$Whm=hm6s
zsWf}Pb!@%9E!N!?ciEA1?8jBHD=BBpZ7BE8V2A|#aIR}StB#dF5|E0{P2`Z}>QWy@
z#x4g-VR(6+%vo+lL2ca!jO4_r(fV7l!y#oCczx80z*kd3Mj=N1zx7*@{<{?f|26&(
lHP`=K<UjRY{$~*;g8xPBMNJ7E<L?xdrylk+c4+_g{tFEt@k0Or

diff --git a/Solutions/Tailscale (CCF)/Package/3.0.3.zip b/Solutions/Tailscale (CCF)/Package/3.0.3.zip
new file mode 100644
index 0000000000000000000000000000000000000000..70013811406a574225fe0f44c0f0766a9a42fccc
GIT binary patch
literal 25471
zcmY(qbBrfnxI8?zZQHhO+qP}b&W>&KGq$;7+qP}b{`Py{d;fToPP$L0yPl^jC)G)v
zI!dyjU}!)<Ku|zjlGS=KR`KQHC_q5IT0lUU|L&T)m>av9t6PhiTUa|-yIDIrFxa>{
zI$Z00yWnyr{oPfZAMQz!{)HzK)#IEZ+lt1$<DQ#iMNeKqJDCb@nZ^2>=?@rTNe8#)
zwdfY=R`GSR9eWV=j8clA$%0(>t0JB=)0@>-=V!#t$d?Ob!7CvJeZ5(a=^6Tp#)%gT
zbRQXcGTkUjsr=e*?g*K>xt|3E<hZd5TP@oRHv<I#Cv*6gKyU~<eanSBnNmUP$3OGS
zEagkoQA`wF&H{uT{y7YwgU#MF9(mijENsOqY2Ti-)XJ*nrNcZe(_AipixtoT3N$C1
znseX%j$1G~jresdXW3(#!EEfLCYZr8xVT*P(*`GB>1}>k@OOL?FGiuS-Daq0on*X&
zerpMPsUj&&OjP9F7V0m)VL`KAQAWy?)>1NSDlKb=nO;T;wA>V5-$j3jW$W8P<?H$P
z#jrXe%#pWoc3)q2lBNsSmxMMS0m8l>5i1mqWqChMJ@|kebRmY`3Da=q0+b%kWLSaW
zS%>n#yiQ#3$H%GQ4`QCryF0-^69DU@tZ?cvpl7LmYID_s-K6JF^qRJ9A|XD$pWD;k
z)6=}9WWM|XQb1VA6a*V#0kl3wIkHS^81+DtZ3PBOJ98~Rvd47Nf}9*)dtUo}jp!k;
zS~>mU0%LB;ApBA?j<CC`*RgyiIa}2v$i8;d?`1N(CU3HYei=X3(n4XDr3GLHSGE<Q
zMRYARt)gYw3|ENVJT6_lSokspQwYk__*lX~F26ClP&Mhu3iS=3bYt%6-``y3N+`w?
za25q*bg7Fq^ECZOdtO}KNv2o`ntg^^6s%>eXZd*oIB*envw>fXIX*4US?@oYlkMPz
zE}-9i@?jIM43E+q4v%fZAiLNl&JlyIOA^u)1%IVT5rW36u`Rg3l5)gsQM~9>_gSX0
z$j^bI&HR&2ab#~MR%h-_6Ra?03<u@Phi%K?2nR2e{pz~nxM-&T+FC1XX5n5{8+kEg
zq-4D7TQa$>SlgvB!{NT=PANr~Mv#<+tBD-TF6_fIajRp)u>DHI<iI0H)P9V9n2Z2#
z6Ayze2`O$qR5O*}XEF}r))hO-vBk6fT6Z3#$LV{IfY!Uy^NFm&s27ben$ux;OlyQr
zb<K2}pJ_~*l-~9zvKs48<&z=Gurp$L!92k%lasLE;=9Lnm*8dn1sH=urcg&0=?gXi
zeGvwUPkC`%$)4u}rHBEUT(reP=!@LkIp^$1$|rNGtSr4Ho;ki3?JK-z46TrW{eG*X
z9^0eJJlK=jk?n?t%R+m_BcnyO&`Ir`wfq|{3yMB@Uqj{*E6ZwS?b)>6EbYV=vVR9z
zS_hEPuM6N#l%u0p+^;|l;M~6p3iumMdUbTC8IctMiCBJXX*t#$mK1}NO=HQqcl}HG
zS)r%38uX2@eO=ac)9~BHG>tVCp*tc@VY%IUv#NHBUP!T6SpncxyPRX$pDJj}9>gL0
z);dryaUwk^Lor=nL+t1qA33^^kj#!M5?`SeWudZcs+b{U-_z`PTfG>%Tfe!PSCIqg
zCC;Q=v~BU-`T9GVRvsp^PQjdNr9DEY`<Z)&Hp}v4cFf2}s<xybV-%cF4DO(LhfV{D
zVQgNIDC}!ebB+Xh_)8Id<;eQ5<dXlZNuyRLpPTg8!!xV{RAY~6{YHyV$Kns?O9zPs
zJCY7qY;z(;b}>KidtqjvEr*BpJ4Thh)m?VZ*+a<zKt`uV?3BE8h#WBf$}rA2-A-fx
zy?87m1!31uM^r=3#S{i`KHpnKfB-MUX!2OCNXn!fTzYTX+LYbKq;l1L;w`#FMA6wX
za%1w^xe2D@!RZ1<4JXmr{Cr$Z$A^2Nv49oSt2CRi>#GU=79MDt-^RGuRa5>Mq7jHo
z`HC(MEe^f!|99+f_do7T<Ku7ldPZ|@wyLV9$xtA+R1#E%+i_ypMTO`%iV2ZxMTMhi
zbD8VC$pf#1eA0RdELKj8QPQ;|5n0uxqS0eDD;ez|K#bUol(OThgEie|I!Ph=&dO*!
zgMxhuV}E#d1@-Ytoh<o*HEaX*z9s3AD;q7gUC7ZZjaov_LXegRZbEhR8-e*dG(3H)
z$>Cl}UTu9J(~NyqdipJQ@q*Z#?BeuqSM8ito?14(pHFs$3PVmI&*+(Y3}Q8xw6O5j
zPyp-B7N;^{RIOq`H)hZh^dJk_?zC@P&}jWi-}<obt}FyR8yjxc+D<Du<}K~79l&<o
z2s^0%lJzt0L!s$02o&|+Hi*zTi-9QL*WVoYSQ3?h4?bBU(HXLL<Ygke+no@eD0!uC
zYk}c^@S<85^2K$R*)y|H-t}<77oOgaG_wdwl0T<9R&U|GJa2R-n8BaTkUMvS45q7&
zQ*;AS*kEupZ(VVE`<2awp=UsN<A!P-2H)3K=oi{H44uT)T^_Piw}`$Qx!8^WIj&}t
z)R@^u*(?B}<k};B<tv9De;K#>;ol*SO!)osT;gicBQMVr`vc!{boRI9Xu9QS=EHd3
zz1rrRYk^#bGY^N8KN_AVtYqPhAC<2vo}`E8NhCpJ&F}79ePZp#7BSThpWa~SLYGtF
z=DOR474T|DIR($FJX_)jf#yuDq*k(<z<Q(WtpTq$f^<Vel|h4SRlGWaJF?e8@kgtS
zo=a7*g0hkH*g$&AcH2>+rmd)bMZ1(6^-x9HA(bFG{KckQpHdU{etLWme4S=l0Nx#Z
z9_EgHK1sdAzW!&2UdO|AA{)>ny&16m(+2^nKfT#J0&#PcipyccZG**m(}2!P0Q^d<
z)&-WPBXH`$9g@7rDg{g78Ww_E_2hyElAWCVIBK-aE`#Lv>zoCh>!EiA@~#4N&~-da
zTeZqvZR_jvy>4h~K8_i+Vj_*WDRJx@gGiONNt*WQFU*?|dCs{7p+;G^qdIt6r0tT0
zSOW-e8jYyauVXHd!!k7Om5D^*wr~vwMjA`V+h4hDMX>T{PNe$fqO+R?u-Otml%4g?
zE{>9zS=`sT3~r0<&)q`2`Al@Q{ZytOIv<7rW1O4a^YN?Spw&Zf#I8Yb^od@&2?^6&
z?jw~Cih_C+<{zZ9y<D0bEX)oX@5PGAf7ci+)@Urt!+SwzoZxo%LR9AeETkkQ^&e7i
zPv3wyn{PV9O}o4tVkrpqjwfMGElt*j_A(1+C_#q`kFh6X(A2n0Pb4K?3=@npNlsf5
zQ;&<#sH$-Gx|yxI6{g)HoDDGN(DpBqm&zi2Py#GLsnka-{Wka3Fm1K$S(OK+mvtD3
ziwx`*YOBWI>>y0{Sk!e?Pxg<Vrrwki_CZR~W&dEJ6C2TFG!$r$<N`}Pa^joyFk1OF
z!diJ<cZ?i6R1Z^rHe*y9;20B0N{1y0DKV}GDV_%<PwAwn-6iek0HCN^P(oI=qkzPM
z#Iq`7C)QME--=-Ffd-;RIyxoxSQ9S3i4S)e67K)0X#b;e+O)Fn4QvKmeUwYmro=>#
zKQXyO2jb)$#YhW^_u)!G1~97{S7-~DgaH(a-?bDeJk5g)5zFzPa?@Eb*keW3C<JPq
zV+73}@MKX134qo*ghhreTbE$z%0XWrEEvD>NY|kj=y58k8h?T-NBDwT2pMb38bjL6
zEu?Jx8y+;SfQ`IbxZPB_sFECzqG=F@nmV?f1V<qZYY36LIdUTz+Qd0nURb3pPlSu~
z-wiEp7IzLcUFQ19D1e+0O@g$husDUhtkI9q!bYfCYN`e~=i5&G^C-TUkO|fvR&R3b
zw?6(}=z|@mTHsbTZ87@1Gi0?z6SktizRe~{xDKR4q0z4|1g@rozSI+$LBL^*(hwYs
z!mo=<hkDTV3SzRf#D|X$lr!6@!N1^zapi;Dvgye2?|ZH^^+y|P4Z<-^6A3VpA(fw%
z6cA+tDT`O8@DfbE*oxzNJk}XczKWk%kS6r?7RH6>`LsA}<;Y@1nl6jb-$=8M!?4$l
zJ3LM$ZoDo_eaaa;UXDKZ=M2vWG3R)~+`Q@v7GU_+<&`?q)M@BBQy%C?i~iJ5?>511
zz(!x@7IbPcmlpkM&DZda^ci7;p`cz5>S!X-OUo3P2%~1M#hNljXaEIObY;i}VrXk@
zb!yeC1RF1q4-yXDf+4svx*iX8kaPtI7a?O9(PhOHf0|7B=mdi_nRGd}N&{>0(TrW_
zBEl<_`Q7GKc5xZ)PrG`=PrK|mfi=|df)CY<BK-tvbK8uSltCZ~aTgp{N~~}k`U~#$
zb4W-+e>fYA0Bm34<7$=!7)edRa<?5w(h3D0QDg17kipRS9<k{l60$8XMWJgd`GcyH
zWjKX+9S}{NGZW>Lu-6XSy~W{RZtS0Ki$C*AkSlmp&WD&HIwKEB4sKrpd*AB}``6<S
zG2_hYyk7a(*ErISU3))vvuPV$E`hI8kQaPkV{io9j%Q8DUzV%=(bm}KpNC1ZmJJPy
zm~j(TxcAPY5pILA_72=?Zfi``$zl7*O5Fymz}VX7+$tc-))Q>0rl#p`jFMGR$IQuY
ztS3$5393FaMl<w`(!gIv<;EzAQN1!$N}d@e{U=*ZpS$1>h=?B0-_g1#_J2xfGPNAI
zL;UMG-#k~=DOo#=CJPW$r&$kB@O4bk@BPTnMM@(?X;LOl1VN!Z*;wC>#EUt%ve;{P
zl_I?e?)s;k>buL|*lX``7^sn?!n(lCLvoeqZ1K7I|61z?3Th|F#A)(w2|&yhhL6No
zy?kg~lD=a_m1|9oH4TB^sB-SmNb81W3kXI;3*fT0*ro?NFd7Aj54KI_dQd*&$`*`_
z3+HUxq5?L&?{M@27grs)t$XfcEBbVs%I_Skm)Ii%f;yJk2d*hZbWL<`$gn@G(EXsS
zyOQ)##X66P3Jt7eg$rl0UJex)a`N6U6#}Nq44UZ^E|KEbse(q}sodow7Ji8+%XFAO
z@LMwXYFGa$x+_x8&5-*HxXd`nNYT?pvw~d;qND#4rfuPD=|!tAk~MkaOg7iM$C4+!
zA=4WMN1Kvah$`1~2>`^e$d-Lh4-$TxuMjHE?&Z{uS-D`Ot2r>Qu^ZYPnowryRr*CM
z*EKuoI1tYGPV5W32xTQoJ5oZx^;2t5wWxI0=N&A!&*e0FDJ`_o(a=oplY6I)iapVX
zpB(aLAWKi=Af)mQdGY<};`@E!Ji?9unEaKe2g&7rz$@G*H_VQj-<JB@qS6_IeF^(?
zuqp(hH$|;-R#cc(knHM~O#S=X?xfiD#9#Y`-@I=2D|c9aIED)V9`4j9qk3ALJ)u2F
z4UMEKq*_T22uUNV3Xs_KCWf`!i%i1SjU%*HpbQIz9EF5D6#ZcI^YrGC+9UfM$Hq;G
zO@F@kp%=k+$po8Ez_~ND$l%_m&ZtP~lSSO}jhx`2I_Dsl>HNb|q=PH&W`8XHB^(5E
z!@49Nc^gpz`|6?7YD_bYVe+}Qt0^FmA!8UL!n>>Ws6Mk45wsyd5=_yE);@G$Pm#V)
zK44KbQ>?#de39XMjS`ecZ7FC7E_dlh(*YIuW&agcCyKks@P-&U$A!M#Q#OaH55-$L
zH@_A*|0_Vt-{laUooi3fNyrA%0pb&P@NFPKN~a+?1oWU@evFR{4x18JE8<gz{WVG$
zH}hQvzNvKJeP-k3oYN+4Ng5wZNi{U<LT$sipx8G|+(Hz8fOFSi$Euavw|jhV7pXzL
z;m>e<0=4%l2iotbn~GpTQYs#XZqxcxd3Ms5HyiNC%rgI~F@y_>xP2G*<6x_6H|u$!
zz?l~Js^&ukHxtEURK?8hUUkYc+4>0-^9L0xKuk8Aa}6c_9H82STA!k*&NDnrgo|{x
z8};s03fAn=e9V3bSE{9~U448)4_b5NBUX(&(O!Y6ufxSJA?ohDb^>=3ooRmfb`Pro
zFz_2zGcAV6I14REh{JG}SxGNIJr;{5H00LpB=;i3ulA2U&1@wAl{Qo)SapA2uoOr=
zSuAe!Nao!+6Y5z|iJF04*jaRauCJr=ssQ8=tJlWmFYU$=@SZFZ&61vZb8c^p(dS1K
zKqn@mw|;2p+?r*+1|%lrG+b+^d=RU@XwUi{K^^TbIV%fn=4{5pNJ}4peqdZz^<u=6
z;_pr)Ai%cWo>_9~=Oe|f+cD#rqp{nJ(<ZRL;(Ic9{B8KoO-aG}0kv57U9t!j=pmQ!
z0smLN%;(Lb^U1$#rY-;LHT#0Sxo>;vheQ8X`&+Va+vGWz-loyG`mK;D>12|Z@%9T=
z>Hp_EmEa_M^C<xV1?hnTA^&rp?2WA*)XeRj?Ed*r|DWgN|LL;Xx^ny1A10>Pk#MuZ
zO1AMxR>v~Vls8sq^FA)O4AWEPcNp0aS_Mi0erXr$u4oP=SG-5w(G-XmFtq`>_CxqO
zYZnW2kS#E5+ivIgH@ry8UyF}~7^iFUN_cL<rgUB1hw&3AT`wVtp@ZzVs>=lVZ36Gx
zHI1tItyLWRn)xl3v9)GOrJJaj5sDMDN7kmAzm>~{{@blw4R5nU#!IbxtkcsFUy8j1
z$Z_yf`=5b<p-3X^R}Y2PLc)`+@X0Z50h9s1VTy*4{bGa@WjEcpTj+;+6pMSW3uxu!
z%S@9Co{Nh)aa$abJ|z9@WAOP%a=7Te@~khhvY_&a)DDxGgHNzM%h~S);FeS_Q?x(@
zs{j21_bP-x*4W=?*WAQwcJT-7R_DhN<F4aYIXS)+zY3etPB(2M&k^u_kCtZa<MbqA
zcrH5dw8OB5gtjD1r?3WQqz=CzoCml*9+y7DJh+?n7w2Z|YkMd*bg!^F?U4>=<--I}
z#OOz$ISSN=BEY`AEqOWZV%&?~#eO1heyI_XOe6^7`N+a8d0r(_1^E09ftjniyCu9g
zobQ8LF59GCsJkbiTUYG6Y%MkI?S09E3u9W7f+08Q^?MT?NGKzg5JD2t3S!Pz8u~5m
z_ST|-2yX5_9oW~}a4(6lNK<#tS1O~4Y#{itD}q5F?JU>=c{Vq25~iA4*hTCN#Z%mA
z%GxzMPu{@Q@*5g-0?KoAoKMW`1uuS#?vR80UC30s;&oF9)Jm+8n^bk`x<WqvbaW`D
zuBk!#y>nybV}yeJ!pdHDOpN<w$peYq!W`bL)^d|m9-hYv<77bnVLO9MWC&ZQ?`Vys
z-qh}>#%EZA$xy=h`A&MqqP)fE7Xuzk(T$b&7g*Ocy$97zrr5fjz&mUb=b+7fO(g*>
z;3|7FJ9gT>FX(TtE!kB{ws4iCq+?lDih2NIxvnAXZZ-G;9)rzo&->Z(BfxT1%MkZn
zr3?Fsi=zvpIF#5@w_jy=<w8ndIkYVGTs5>;u#rCcY|A4qj$wi8FB&~nJf=RWmy6uT
zQjw4h>q5VbrkKthB0Up{b?h6i91Q9+`}AB(OQ-F8pB~AuoBsJO3R#^!m41>w;*f8Y
z__4mSL#W41s_cC#lxJi6`E>_n8gnbP+V8o>*3#N^JK9e6s@tGHHDf=hjQlObku;{G
zy`>P&YZ~<sju0d{a;Dw;V%`h_XEkF)K9|ce2OBz-?X5CVwm1M*nd@&>+FlhY8(l?F
zn+DG~zuT-M{ae;~Z`JLn<<%XKZMYk^eS}YG`qOQop2(i2rd3<VS9tl`wwLDbT#A(!
zp7y$HPmfm~_~KpbW{<&NOCDdT!rMV2CybFdJSmDH3S4ZFgN1pFeD$z3=<j~*&?8iL
zx}A8a_!32Hl^v<VM>_nPJ`JepJ0Wsnab?n^F8gc0szx>S;vA*SLdpT5J^*00n&s8{
zCW-(e>5WpdX<O2k&T^bB^&pIO8RoPj$kniV=^qlxG3#~v<1vS-`m2c~v$o}(Rb3s_
zTU?#uMb2gq$y@6W1Izq`06<%Wbk<etN%}TPJ|kUM4f?nPGey*-gY9#p?(fot#;#n_
zuFY_B&6KTkb{=~F**PAF^+l)~_U4lSOUcdk(VFk=?OcQ%htlzz7m$^0kpDn7t8_eJ
znU(cC+6e!2>W2M8*_=t-_Ap*YC;z<G=xf<sn}6bOEN*Fy{Ux#C+qtr4%`OEncH^0r
z_}9tl|8{cyf1UXLZzr4MiQ5YQgW)@^zi?q{4~WOrF?4iqo_U$+Eld6hsB3EL+8p|3
zTfe3g@__a0t-tcnAnyv#pknCCg(T_{*P@~C;^l7aQq}Shm+rA{9`op{VRx<q*k9U<
zUMA%Bwno4DeEJMpC23S%-Apldi3=ENd3b7&bq)Uq!CRHSEkc)?w!MwFzD-ZpRa8QT
z?Afg0sJpr$5n;vqtzR8Z=5WZizMX665&d8Bn_4N4=>J&o)MV@m|F5|3zv7zz6_++~
zq~vI8P8jlFl=pc3Kkj{LleSId(9*YimM0yE(_|)Z0^+W2Fw^vvRg%hYM^4f(lGf%I
z%{&8<JzKtJG1IocQ@59+nEq9GB^=PN0g^2>Z(AQzRbY#<r4&<^E^WZfHqenej!Ue}
zvzlV;6Yn+D6P(vd1j0Nl3JWP}@PTF+QjG&c)UUtB{@Ns;ArtN@>z!GstvD{)VDH|&
zYKyhkw|()5T)AnhZ>{5muMuwb&HbtEwY;JQ7_{W3p0)l8l#f;bMu2&?qXk&%hWl!y
zTwS+FjauRA$nIX+;x}$D*3XmZH0`c<j^#BdI@M{-wrVUjiE~jcHEnY9cj>oVic9-@
zcJ+z!h;4Gb03%vo>crc<wqV>~b$$DXeDe2b%{tVTTShx6m0SLMVUuC2si>r3k)rE6
zw|9l29dLbsP_DVDwRv-$zz?TpT>KAT^MCPkbMmgyZnTw?+<5%odRNY0-R$eyMA?ex
z&#mqK+v1s(mPv<wTAPaU=m&%g^R~y&*K-H>X=PqEdA<5pZLN5<IGg?b+v*Ze;%ePv
z__r?4CF0M(J?nGPpY4$Ueejio!t4#kKYSF&+n4%U&X(;wVK%!f<C@(K_GbLX-9`A^
zKM9zZ>)YzN@G$?i|LWr7QRg%pmDID6x5FBf)(S}OT_OGChj+Y1wr`7f7l{#o^KQu7
z)?HpN0D^?(ztj~1;A@0}1ncWB87*^iAYQi!esC-|Ks3hof!ur_IHjw^y)BxRb2$EN
zrs4(P`e=_tMut^Uq>tlQ<9JfCGwTN;Qy6>pWHRdg)K5Y@_y`4%2TK|v6z8J(Zcd~x
zi199yh-~PTB(z3BSziLfSko#>k<W8?pTb&S_Wv6hN*(4N1v1VY!SS)US`he0Ojr{D
zCMvs!zt#D6Kr}P{eAm99d^2F>J=}0lK9NHoB~q8o8fbz8Wrak=RvZW}*fh76HdS(X
zjM0;O8cWZvTkTMnct}vcCbh&qbrxdEEzQa~*HnM!NjdHLWB0?rvrwe<?`Zc^{T}U0
zX3WvL%bZ)b<oAZ3B*=o}%;%XH5b@6({eUO<?Xf_{=+^&5YGix0W_sXM$)yu{+D}a1
zyOHuR3jK-blhD`@Nx8VA`y)+pFjA^=kJ<u;KY9UJb|ICcH`F5W+v-d9$k8yr_%aaV
zSZ2t2X#AmkU^qa<^k?spc>BB5t94Y8yDm;U;q(x-xPbF1O{<_}8W+weVkd=@{WBIL
zE3Wi+1a*@%-Pu>HPsCF`T_!WQQcqe(aE^5IVo}(H`3!Ypx`<WwyLXe78W)9<jJ>14
z8qqE|#yHM!0hu6y-h=n;WpeDRHUfLydX;e}uPq?E+u>Cp!1=ijK5Dnu@oe<v`n<Kl
zUXEweGI^#(V8L-#fN&=l|2mLeg6Fyy|6%9;t?Fkmd$v!Xz5M4zQq}RBk6D7y>J{?w
z<lten$uN*vetYY4p|oxjGkv>@!GHVyXY=Daov`m9{_|$o{B`pD6m`S@bMvjuFs69t
z#i;M|-O0(rZH=$%0%4|3fnt01n&1D^AMiRD;iy>iII^xA0J}Tf*L~Yvd_CT^GJ8`;
z7--g~&v9NyIGelM8raP);Nh?n%Tv~{y~evO;Fu6^I2Ao>coXn_+_U|?zx%nJEphqP
zxP3v8FE>MZeQns6$F3-t-|wkwne1`;RJkee{dKwb^_cm2(@31>|K{W3>9KU<7LN#d
znlIRX`gB+8>vz!0%aha1i(=pJsI2j~aw&awWBc$QPyoT)4dUt5s^LtZf!@#CGM7LJ
zz;M&|1JM!Z?Tr0tvt#vTwW%uD_vQZT^4<Ki>Z`0^_!FbqeQ>zRaOQ3OG}u>xJQtuj
z(Um{jn-f3)HzSbm=BG1T_j8@6ZE3?xlbg%1{rPfmeOY)vXmq#f9BQEdy@A%Pmn#?b
zlq`_QCUJJRGj1s~`-eZDEhT`tZl;%@^Yo{EQXpuz<J<k^eemV{^k(nsQu_1hF?-h1
zP_W$+6$|&>f1OjH=RntxzZ2E!@jTV^g8%XDag_T(Zs}SdA7Q4}q2M~zFVJVIbNW%*
zS4E+>E0=Y{A*34I|Kp{ah#xdH&*S!@<ogDt_iv|Epk6K^VlNQCrDR0x<DsE2!c9Of
zo8P)3U_ZS{4X5+z`E&=-v3DS=%<=E1LudTYHW%Pp;`Qxnva9$deR%9;S|~UAN2`KQ
za<tADS2x}7C)-j}uvRJ!<wL&qbC=?lS!OJV^=b?2C3nrA(QeU9#wrVw(X9c!(`8a}
zjh!m+9whT6sPI{^P0p98V8w`5<w8-6&v6D`jNTz)o<vWg2H3~*?7<lJoPr!fvQre!
zD_*`e(xCf|D5O{ESI9LN2K{LW7aRhi)pxAu7{ovtvO`}E3Z%1~e6&;R`vJI*DeqXQ
zgxEN0G^*v5(p!`!+&%FLRQ43cylsLwR}QbzZu2czu{&}iL^g%by-4Apt@_m)qrsc9
zEl2XF@7~@$(wthBliSl@@>~wFYvg?dbg3vVk2SpPIYECOp(BkjY?+U8KDh+oL_l%S
zlVSu@RDPVoqHRC7s8Js^I_l;49LjuPKRDF_UyfZZ#i4fRfS`K%J_Ja~pVSlndFUY+
z7_QGAM_y8=@Sm=G#1BN18>=w<kJJKM9ui2>FLV5WFCjXv2NYA#DT*>dILifY-mv}o
zH8R#oNje~?J8Nh288W#8z5aJv|F^oDzeE<ic+V763&K!P!EHgng%-t$3yjYlYrK3s
z;-;G=A7IZF(sN@RR{0a3{a0|~NSqM^xcK;Z1ugNnU7D1(Cd=&uGeJ&6TpnCq#eTn6
z>Kz<vgnJrHLt7~}kln4uJca_x?U#EnZc2G)#_@T&&qy40k)ok}hG8!0>)|xC3ap*^
zU7voA=5Di|OM0;vaaq=NL{0YdeC$P^*yL5(T3Qo#BQtX~z2dxaVR}maT#l3!@S-La
z+5d`sVKhO>44jZ7?wZ&f5U^86G)PetjBuSWsG5Qd!zg*|Zyy_y+_WEMhdgNDqFRb!
z8-b3$9zuON?{7b-elqqz9?Ngl>0@b0rS4FjkD`2bk{Gt@K{qr!BSYZ+TW(+^NP-L1
zn5CSvo!<2l#Hg5b^VREa7X5Ll5RHij>A6+!0QKmemv_`|j*TTbhBHYj7+wmIPRjZD
ziXU)+Jf#>#kDer_JjC|s1B$<=Fm1mtW%O=fUovz>Y9)!L9Kd@wDzio`ZyEn?1^*ox
zi`>$RwO>GIscT{`YLW`7?RzgmSB&%-M+_g#)aw--7Gzh%xx_Lz<PrK<2}g1od9G+S
zFo%UG_2A92<9gncw(Ob+4qqlW`;$amJ>EdAI+@ijIYlLR@-Gtr{}vVL&eAOJ7#XCq
z!PxipFiByV4PN<)=d1<hGVw7g9nZqN$ZAs}AF?F>1?<+Ba!N`)yM36H8`#v5$q?e|
z)}CXie<=O>LO!4Sa4_RAHpEL{P3}VoQoFMrr|ba6hoZ>>WBgS~>&wJ6Zkz79sk2q!
zMcJzwXxDvv?4BU3-F@PGXEl;1<NY|A6Cr`qvo6Zl>iD1&{ezD?__<*6&OAzDdD0#b
z&<YjC{ZVt`f8G|Nl~c+tZ+aC*vzvO^viRio2siVzwiR9JD+8KQ){X$PGgHd`f|D4U
zTt*NBMk3FOEM=paYcKt5rq`2_6@d8G$_#xe1VSl{_t@7|9y!XzxWwi<YPz}aZBMvf
zoM_vh%b7?I<OYkzTH#)dLjXrb*vaoKCI}V{`u;ZyQOr?!L~kI9nFL<tcPU`n66reg
zK1>|y$nS9y)+cMeo>BJ)23=f028i&rnG^hT_kRA<Bzquk#R_8`PNhgaWOSQ<gBk2!
zP9c;Y0*jrtZ@gp}NItDO464mKn$Q!903UTb?CuFWDBSX}fSl;L;w{M``-bX~BO93Z
z{eURJUI?Wr2s5x6ehNCG(fUrpUqM7nYH7+=lh5OgUnxZOWsn*rCNf-7t&bAN$f3HK
zuw5)ka}&8$6mm(28Che%+N%R?t*ikGCTcJq+|zfYBDJSJ^M%N%m!a<vFkBt4Z9E!f
z<}eqK&T{LADl+?cH7(r}${k?3;c0CLu%S1a9n)E1<%m84R!|Nc`o;L{3hqmD&APRl
z5%?jy2f9zoZLq5Gb|fgJcOR2c`6Ogxv~O&3j{4WWA!&!>5cB0nj*hX}<_suOp13A#
z?pYYwMt6KmYIp}Y$=1ds)6=9>6jF-8JJMXp-#duTC4DOdn%_KI;>kX$m+6f47O)CS
zy|LCQX^3xCJ_s0yFPUn|x_)SwWDMtv@W=rl_VC&HZdiMC?4%c4pl)BM@`9NO7He-#
z?X5ekKhCl^UvxBz&hvh!vl2`4rJHWkP(Eh!$7l4QqPJz-Lq(p7OGQcWBw%oZ$w>ui
zKtMARyqsblZEKq8d!1;r6mGy7Ii~3<iqE&qalOsFj(N22XPos@aD@`$3u4z9^#Xxi
z4KVH3o$g>uuI9*o$d;E_<uANG+2Yu<X-axVxS>ina%rVG2@XQFHTMrZKb!le)p?J@
zj;L!w_y4iHaKg;iM7Vja=p`Xx*v=Dwv$5uS7txgKA9flj@2zjpItX}^U!Y7Wvo$@3
z{8H7s<<KV^R(0RN|BervI6Y<yX<6rgRNl*SJY(%Tkz^BH{CPJ=>rwsrJa;(7jnvl^
z0l)OzEL|Hn)y5xu<6%9&OhSo-2nHvJOLlTT-Sc&a$>VkqDnoTj`}8kcbd<K-)uY^<
z=xB4fsmbxBJ>B`AOZ{e7$K$0gJiv~f<qq{(b@!tKH(=XkrZX{GUd=}(*X2}&kACx=
zBe&m<a+8_@^GwZ`aHiS&_qCov6XL9PD_IvS@34T3<(gY2<Ixk(awd4L-lAak`Bc`$
zP}Xrb4*X#1akb8nH2XMJAhSXRtgA%sFmy}Cqct>OQO|Obk8%<3biwX(S5ReCaMjvP
zrzDy;Qo!PL&JQqmlwbk=br98Vkm~u7Gr!*Sd)8R_bVlS?u<S*v$xIe`4x6mITAJ!f
z=yj<a<s^14Z8VQMhDTXW->VFlEXKu@%S_^NE(t2v4~49IazMtIi_4cK_Sr`d4<m-B
zj$V0_2@T0lcMj?;>5oGm>w%tt;rL8M6BmA(C&!c%iyC`zq(b=nOqdPo_)I9bLMZo4
zh$}C2C71;lco{FK0=~?t=Z|jtq9L_q9~!;)N!HhwNQJMzez;Pg7V#2l*&h%Q06;F=
z5=oRFW&lpl<|{^?b6mdHB0<1I{-&?)`=?9%CcvqpA+MPP{8tE(f`LQ4oKw97eKZ#_
zm`Yd(TCf2W_s3Iae{#KECrkvEB86?`(r+EW5Y8QOfn%oFE`P=is~aUdk#A1YK-^p}
zJj6n%CY4uuP^LU@kf$W6rWWaBIOR^pVHTKjsT|&g%r&-d$=`_^RP+TZCIOp!-}D?H
zaVjA#B@byeZ_cNIl+qyBM^(UAYN8*>gh=qW-3UEXYS!^-SH|DQYiD(FsLpg*u55EE
z3~WRyQUmFoWAZ`?bR;U3Di|m<Q?g!L%WLLyS(Ak<EdCOVc9&l(h!0#~9{fX*(-(VN
z`b?m6tt<Z`kDzn>Ba_~WSb}(}>x9Rcn@@+{Xl@GJ=poZ`!loHHgLX5{&#zL1;P5r}
zb`-19+E^}%jpBW%Rap<**q{Bkb0|L#)|09>Iuwq0CFD9R%qr$7LuG+T^7@MLMgKg@
ziwAofR6(w_gWmQroP0Fdjw2aOqyD0(;J%W5=2+UCQMb!ha`b84frnC|WJhQY7Ig8Q
zpQ`t;!~3--xQNzXD^E{P94r^>T2mC+Hh7k<7bPqTq_j@)J?7XM$iLMYo8&v+kQ&PF
zODVR<d#<*+k!A4}htT=_q<&Vg-XHr%G#wfBR3B3GgT0qJmS|~R3O>U1AKs*NhXwQF
zW-RkFGi-zHKA$hgR!>O{y9+1S9$}t;iBA!(J5WN<JX6#p$8Z{AhG>lZGwg1Hxw%V8
zC;sv)#EKy9Xv`dqc?>hz1MCh-O}e^m^-;E4;jC-{iCg2|58maMW>ber&;_e}A!8%0
z!z%G^3p2Np7P^=jh>QI0wtst|N6K0<@mHxpRhu@^K(i(+>F=~%Pn>jQd+Af23?7w#
zPWM_~zTCJj_K_YaG&^%3OD7}Y6`6AthSmf{OCPV;xE1MfYqN?Ch$|+3`6{kEEmEX?
zywhMi95d>^Pip)$ruNw#Gk%sN?>iJ=GXCMTn*e<thHXiD{h0N=ua&<~m4B+5ej0j)
zq2!&FpjS)FLV30N1qPU$iqXxF=x|kcvDl}f+|k1@lvy^LNlK`(%zbP-Qc90Q@XFr`
z&#!gCVdMndqxoKVD905$A!$x6rt(YRWpfT0TlH`X_drwH4SJePO@e36Zk%b58jjQp
z3u8T4EeU$vh9g<VAt+DSTbH!VaAp=eE+zJRJvH>dN#Nfz)&<MmPc#q1-p)(lb1yRX
zNDesbX4)ei_cKmz&3FFur2=qqnW(1b!HG?%u9$7yhm^omZ_TxcXbLRWA%yi_&~-3d
zqbd5^oK}<|Ah%WE4C;<xkD)5<rkM2>TnTs)^88rB)weoP3Y<WDL}JgC)n&}uM<$hu
z-H*b1s-ta2$3gw}*S0Vi%ZFFrPq2P=%8RS2g9Gyg?$mWIXz1N#eE*$~TJwE%Y?^Pj
z$5_%9(MO1aT3&}?|E?q=<p-&+S2gvjnAa&V=$Y3A==JEE*Ugl)PZ;#<T`ljFz3C-s
zg=%!VD0>$;lO)MQ+zbnmTXo8q=)YIf4Ot#%QZzX5$C9n=aA+Mj8t5@xHlw#qnCr(S
z(4@PkPV&fzrB3>=cT``7V^E8y`t?nwq~>1QQ$GUJS+g{5(_81tdA911AY0$)%8~^i
zn-%EJbhACM%+p82Y?@%7r-}Zzu<XFy9Axrtti-~QQE_9S@ff1nE@ksMWLjyBh(K?r
zz_n~Srv)zgi8LIUUymAPw$lkx_{dOG_~M)gtEqBp6i0k+fwNf=W!nyHb{%l6(hU&G
zT^vmR=m_CYeZjslYzp|0HR^LoQ8I!@Z2{#;pisSIqC+`?p7pxk2Kz$!$rmP0tOmj-
za@LCH!|+Dk<NksgPs&6_NZ?!k#c1|m<rZ`#&FTk?O@NRfev{Hj;bfK#A=82e?e!So
z69y<LDEG~;8(h7Z3y3ONwM&oJ51=lgcC)6YVvD?70RiWj{r#92S<QDwokWC?PXzZM
zc}Fq^0w<w$(3hx5nU(>RrZUJ%6!NfBx0jl~gn=J4oc4v?9fOl!2#U6SpNd$XT~`mU
z`WN9;tDO-fa>7tJQOic%EyzR{Yl1x;=0oy_uR#r!CV$r_ro$%%(%KgNOPOxp_Q!1;
zWBuIzARgS3Q*qW(?U*CK<}gpm;?W3In;O{LXsd@p3v=^0DoJLN--q4LcRgKWu$?ca
z`t0x&n`o22DHphwzk6uEv@HuRFy5vqv*R*v&Vw}Gwo3apg!G^?;}xN->Z98e&tQJy
zG{0Z->HVxfP+UyR0hhK&xZ|MucZkVrWkfrnz-fV*>kwHsC7L#$*0L*<^o!F0EP6bx
zTitz_MI2WewjdR)lcq&?fs1p9%OR+`b8uz5kh)$04TBOoW_c8B^Vz>4UxE1u=tLYS
zTX_C7-YY<_JKx1Q;6bSG;ofgz<enP0kCK1W!6zrLW65GNZnQ}Y&*S~xV*!$iw^l*K
zpelTLz9asP+xw8sFem3TGF~<5Wc^@I?cVXASDw7fzrop|@{NOgQl*fKL)BD+$wB_Z
zlJ#)0WTbRFN)i>`ITt;!Olm8WY<7KkC{tU@FH`$q0xg<Sl_XBi;VYxNotgXIq%rsD
zM+*P%78lbZ3BT-CIwkHcx!{bf1q+~B2~)g?Iwk&)#q=wU#8@n9#Fp9&vA4v579+4!
zY%5g-KNa2bxc^1PVk-svuoNveS%phr;;ToK<VU)2h7R+##4jfqEUs@{CAch~8)k_9
z-4c7E(l=I8g%4p|<S@R3CL>R?JMmL0EE&_#td<F3{9eo=l2k<?KuTf@X?c!_SwSkm
z52+>c$cu>ES;*xea0>rbl$?olM$*SGzJm1X>z)sTV6<56D-NwVd5Zo0{h00XqjSRi
zrQRizTrT+CHRG5<EU<BWs_3_T0s-$no(`)NVHd^g?rOl_Z4ytx_9ZPvodl33-2{px
zGe2Bj<<%nWK3L@hl37?{O8#4S27Pf?e{xlJbsMo7)!+;em2~OH?a=d{YOx(>8JGyR
z2l}i8f^L!iE-*iO&UDXi=23R&BAHAsy0i^e55$D?D*<KaSdhbFj6TnC=z=hiFmUs9
zG4%xXZX$DPsKKu#>Oga{;Fv}wBhGARP`OfzcW=tmJ{w;>bz;HWW0)BW>?m=Fw<##0
z3{Q9Ia%J(in59Y*zY(m++YN1BxsRlbW(tYfa&U$mTUD-dF7)6AJZF<+UM_!3xv{Pq
zb{$#iG2eJ#rd`w##8I^u$#-_n?}R)kAwUjte?e72sm9Da$LZaNZ%I|iuN4lC<jWE|
z)Q;1QqTNV!`S%>SN)#+~jQH)OR;^MB*_RRF4Mz%8(iSOcyN}U@rR8TTpDej*hTSrb
z`_NGOo9O83d+7#7`C2#g-Gtv*Z?Jd-i|rvka%~Q}D$G5@g$BVCyC`;M7jfO&T9449
zhYixlM_V67+uPgLMgTxZoHX4w$JiB&xbcFJ*2S;jQ8pgJuVhn)bgwpIE!AaZRR-yx
z<r;hPEObB|rQb`;T_OF^c|>y6k;y>kIcW>rXRU3nveq-tIe0(cc`TD(m;`0=xEL?*
zBHZD{^=5kUyzEGTY_{bZaxg0bx2M%?s#8gOL&*o0DAV8&jkPd>tr4fQjAY7R-<+%@
z7(DFU@x<#W;|+!NCCMQV@6}GSPJ8UR6$R3c<j12&rPc9_QF2tIdT+4ASo`Qwg1Zvr
z)A*@Y1}4HX-u~4eU(~5tTh`Ao6$oT*2UR&of~EB#R+kC{O2kj6B<$5fp1hRbsp|Mj
zVx<>BjUk{>mRW}Q@+l1!aTJKJRu4I(>Rhg2l~TXhWk;&-Vv+MitD_=JY>MhbddlaW
zh`cG;{HI%D<)175Z9rj0&Wo9zAS$UAmfB*R+BKUU-`*F;yyP*K%i*$<%;`Him+*x0
z0``9Z^)*#3xe^vGa0CnVmH62qB33j({{8TB$nrRbDPC7Z5)AD@i2X5{nHsr>>M7%b
zAb;TG-b=Q%6Q%e^@#0X372VWt<kGqzYCdAfX*%r9!_|=0^^r%Ma;OmM)Zc4f+=YRN
z89U)xOyB5+2{hevzg(JBAtn3FMhZ(9w4F4Fb^A|$G4hGptL~DK#oUkBQd0kT|95y)
zo;*vhB72VyHA%uL$|Z8v5=(>8l`-7Mni;f${Q6I8W6Z7RnWToG&}vKZD`kWx<!Xyp
z<{wQZ3Fd7u=U;CiR^Oc-Ui05ii{o{xEj*pIJ-lB|&o7Jf)~`oj7oDxht;G_ag5a;D
z%b?19;h?zafRuBaho(D)niFJGb2a4oo<sEVLNrC^960FM2oFe_uiZVJ3NW8Oh0go&
z1}{<u%`^sx<Acg|ZdrOCVLTc~j*4R}U}Lm^=oVHJCC?PC3H*3`lAO~x{^nKNXM2VF
zWIf<R1bn#Pq@K!!#x>tWU@ILs2SW~bHhS>*1An4RUr@;P_(Vo0HwxY6)J&wv-ylc)
z1Z7MAW$d*I(6TsvMT6YNAI<0VOd2<afR3g8p|z1zP~De^o*>L~v?6;`foQ<$A@vTl
z2KcG(tHcPSSOYF1>at?Ld(f7O*SB`4U+@cJ6ld<d;A(##kEpFY_a}+!W47(5G@PrN
z;BfCs|4p+Bi3+&#)%oJAwWh!+l@CvQ_6&E*?TEKylJ1eE*GIyS3`+9YB@ilivVo66
zdx`GL%lSj(#Z0kqG7RPFFI6M_`w%b7LW#LFN%V@jAx<tEx%l!vu~%yNWrFRmp|f6t
zqmNdfa{Bm8z0*i+)>ajIl*Jv{jH=UC^uC7oX9IZlFt{f&7hnLM0Hmz?U+RK%PxxoP
z*Ou+lR#&y{bA2W`>X2QFa@0|7QMvh$!@*pd(Nc-yG|`ZIK(ezhjDNjavql8MLbc2w
zv&^iaK?c}5dc7Jw1cElZ5sOq26|YB8%juq#_og+OqX9FJR$d~}@_^ckWCBOuFBw*A
zg+Nega{|~#7hS1~s^DdSqe9?ZH5rc}H_i^!0d5vMBQ`ouQ#r9605#RBvig8^s0fkK
zqasp@Pmt>nJIp7<gbaprsTeN*WN=3|rylz9DJ8nJU_T0McXM}^LX5BbTRB;4D~E^?
zNe9sZcB~)59eaQ&gf8SFE!3P5?O+8lUV#(jAq{*$M(lZTxIxJH5{9Hp87>K(>Slkw
z0%m^(swWLXLX_$$7rOA2hOc=*ln{czNA6?D<md<^dbv3-B9j3Q{@RUZtSN-=y9oVA
zTR87gDDPg>b=8U<{=se<(wibdfbmHCg2|sT!LmU%X4MAVTO+|zND|ze!N`IU=z-4d
zFdKMJ?vTi;NF8U7Zv6-ZqhS=$$>9_zXA}KT2UQTN8yKgVN@mW8`Ak*$?+sNkjyBcw
ztA9*P9jS>)_YtE4TOjzQ*r7tFuET?Ij#7|aI@3=9hofSPI8-PgHQ;Ts34fU7QLtBp
zQMgudk&2bh)4a1#@MzV5oSi4=e*PlbkWACZICwhu0b40WnE-QDG1l*-QeDU&JL1BV
zZn@y@*i?h??!53lU^&b3A|Le?&_6WeBO^U9Vl@bVW1Il4RX(@`7Jt5zt>Tp8Zvjv`
zh4%^=K0O;GsMoXBBrL;dr;5{>wTNh(3Tqrjywo=Iu$ig%+)o8n|3^)u&IMB-<Csl@
zY|5%lc(ulujgVw`_5V<#J>70K69g!m$7gHM$5EvJM@?GoXgr|R^=`={9KZmh7|xfQ
zpooUsrWA`j=y8Vy@vU84<qZ8qLlg3fHoxp~(TH#Q1zlK0AV*_D1$=it4La5*%S~!Q
zXpAx5tqW-gZbzIrhVt$TzK*djCTN<B!-O5?U15h^ptcDblkf}AcQ2`)-P#dm=Nmzc
z8>T>;1xTrq?84`u4W}MBj2k#{Qp8x;j;RH!vo`l@p{KJJ7#UfQr3BIHS4uwt60GN3
z$wQC>0L=i+1QtHs<vU$E9`o$&Ru$<)Rf9>x_(liMYTE$~R7Z6}UC0)^xva3rNqjKP
z*-F@o?q<#6LH+tjHa}|%H3l4{G1eqjJ?JVX$j*Nyz{j@f*d4{MT95L*$~IhEGo$69
zZlHQqRzJK`!q+;(-B)0WC-}*m`BFu*#J9gXT3^0LgLbNOpc<5iX37Vc)fYI!J<|3A
z4$A|FP#E=k0n1~Y0<%7aKLD;PIn>yb2F_O*>jm3_4z3>2BD%4zeE3)E;O)P>mL;6U
zsQ7$UxzwI2SQBr>rFYCdC8$MTVH?;>Vj{fKmAEDr#44$?dxlsYXw^QikbP-kU4uDN
zG7toUDsX{4EWG{dx|pR`hz}TdE9@!i(VAX@o+N)dsT~Wh@erkHhK>{`bn6x~PAGn(
zDe>0nknsMMSSLRY@5^r%6_l-C+O-^LGp<mUL>4?rs{S3yXgm2|UpJJDQ3Lnm=hBf>
zFdf16m&l7p?}J+`o@@gM-!fm4ceg!w0g1D~_(Z|(HI7TmBuO^F7Db?J1Dr>wq<;K~
zRV7*aq)i0uCM`Qk5%;KL{Xom*Ed;=`#pa3)DrkX`=<u>H6v$IOn2s%RS%VeM(NEJ=
zpiATZ&-21kifD(Lx|LP<I3sW7?&0@7Yf8|U7j45aRl6s`KaS@{TE;)<Cx$f5;+||H
z_h479!rxu!ONQ$PpW?K5T>}lL{SAk01-0|qIC0yVh@%Qb{swqmOV?)xPFE&vDs{^+
zqqR;~L2)pn27jgufa3TUWBnk+cw>tTA{DH~y3GD5=MsTnQBQKH)vem^mw|z|iIgEi
zx?SR3PCq_mi^5r~$vD`;f5O=V_-%e$QhUxkk`I^WPla9r=fr=r7m$B(mUi%)oZ~=r
zir8%!iS@T~upS159xm^a$6T!ikXI}=Gc}ggAm4(Re)>MJaLW5w3-`TCbz~`M4X+td
zptS5251Uu?b0lOaB1f+%)-!PJA{H@$I)rhKjtlG+?+cXi(1;j7s3(PPc55?;tre^T
zV=xUUITG0qiWaMb7#n|47gvC0-uFnHlR&wwYSj+PfsTmo*8pp6TZ+&yYCQ`fZwhkr
zO{su{|8E=+YCBGu{`-I?M&)*iNQQ)5TJ22K2u^532?YEC{lhL>*gS5rbSp<!EN_xk
z2{$6*jgqUwhuHXQiQr95D8wuG^#zG$A`d*icQX{*KM|Ki!kQ{XoO85GchPYU?2KA$
z31uk{uwDt@rNvcR{JUmxy~>#AaoF*_ELgkcqOoL)Znq81@^!_ls0@F+9kN@?r}}<N
z;+}2ZWghZBTEjd6qj>d#2`hkY&8JQ`oCk(>6uZ~m?~v82Yo4J6g2{OoAH^U09WIf6
zA&luo?86Kl>MBBT%$=0+Bp_OoeP2L?i;JAvj8^!U$~?9_6F#k%VT7Q6{2}v?qgOc8
zx7Llc7d97^C5GEww{-)WOgFEl9qb6tiq-IKLjEc*UKxQ=Lr~|tCa1<9@NUIw32j5?
zvyKlPn$>5=y*_DVM?>5iGgt@HIFFj^(b6Hr$B~#YrtFEPS(Y#DRQ^$~%zjo$|EX<g
zVq2b`@vF=RTR2tUP5}YE5qDRG3%l2;QR7U#peQI-*`_nHn62rgj^3FnXp%N1w=w}V
z&y@W)5vK|IW-K@*Et_=D?J%mFxWP?lJQ;3*XIzer{>_lb7<7*RlVo&`t_s@!bfcs`
zID?x)cxt{y6XMV+rUJARml+h#M5+%=U<kv81Ly3Dz0ole6<X@Xm!O~wq82jm`40t3
zGR(7Hgfqr+!5?+VkXN`ck1#5r1OTma3Rw_=>Gue}V-f9YlCV!Z;vumEsk5Ru>RY2Z
zFR2|wC7{7n^dT<QN{j5VwXFn<|Kd6Cszbb72M8WPNnWXr4d*QUPgu`iKTmt|;%99f
zbYnF_$mPH?1kVQSy$kOQpD2r?frbux1EuJ?$7$v-_=zaSij4#wAHnYh&FGYsqH>%R
zH26pWPq6%Nr@yHSU&HY6Z43nRv;lv7L3ER!&ES>v&`EiwFG<Y9L`V#WCHxrd`vViM
zv4((gQU>b9)Uv{4lJA1pppnsq57ghsIOK~MwZi8d$|{j`WIbKV)u2*g3RQ^JXu?iQ
zM1C8Jc8%ODs6ll-Rv@8B<!gp3UHJGg(uA4R2d&zaiu`*T7(W%p_@B@R(}X464Z(GW
zvE_wOc*tI&$Z&K7nP1;uqP)1cLHnjM825LEt%6-5jaWI!wJR;~oAQh3eRM}f&GC!#
z4;Wmy5SV_ApCRvLyx_xDcRS1F?g?p<P9aMmV7F6vm|cD8I<2qSeqHLCy&j{=@7;j%
zS^U4gzAC7)9_kWzcXxMpySRJfZjHM&4i|TKcN%vZcZbFrcXx-z8Ty-=mw#&JoQLdF
zm84GXtlE{Vtn5g0>qDu8+n(U|gD7!^kJYaiWyUx_O8@5Kn*9^cwu1q7aNOI!?grEJ
zV?k8Vp9^g6_Zw2wF#(s#QadDZd|)0#@7+s$1h|<-K(9nGlQXy@U*Vz=WoC#=b3we|
zfUX@@zWTMp_%TSc&*#_v^*#wOvhOb<3UN;W1q_yE3W|5k)Udo4^ykFHqL7FSE$Jt^
z@((DXhOUSwHjCTlH&R_};i7Zn-i1#fjuQ=+1Wg$WDd=;50Sli9)^mSZHqUm~zDj2|
z#(JOFSb?V}gC{Ud$ba`nqBr~8d3F*oL*`m-DK3Pjrxm&-ackV$Bz3_m-zNvQFEWjw
zD7Bviczu81gqp~%ry2vHGV#ryLFKrGGhwfI!MUNrS{OgGcEdOYpwFJ3edpTC4Gjvj
z`!l<6Cs*i@4<4M;M;$I)l8U(LtwUmX34q2(l_R4sZAid0gxw;z(LEViI$ei#<r>?E
zS1=GOcj$LNE3de>Z2F}MP3z(^>y@+URI*sHz!x_UFyq$mXxx&~d^=~>y-};+peRX^
zEsB>dvQnpufv%bh-wN*--kej%^S-O#_=lbnmD5rmX1W*?n2;~@%$2L-eW6Fz^gr~(
z?6!>}tVVOV2T?uB+OYpa59Y;<4f~@@6YgsYmucTB0u1(FDBUZ)kLW)*PW5+mbaRgw
ze{fza<UFHq%8rmo1y0K)crlNwl{o@x0hQ>*){c<9`PNYByRfsfk_*nfu-T+c`U50b
zr>1g^`bevA8!b5IGX>74y|8esgt~QheIY^U&{-&+lF%_D;%$=aE7Q`ZJ|?174BpYu
zY_^zCPVsOkN<Z?B8E0Dw%@RQmTp?W4eWH0RC*-0S_`a1!hzPO`wyK*YY6ZrMK~&to
z$`0<ULRo;~Aps@sF{`I-4bXCCeQD_m>mH#=ZAN~U6OxGa@1eagAGv|_KJqN;#UBBB
zSE?1)IZ4kWA*>Au#oIY{b>fvfi=zN#TB`fW&fh|V;i8!0>G}*Ul9+SKoH>OW9fnBF
z0$E&Lm<eqZrOMa%Q$7I){>p(5aRgPhZ^%R(TEsnn-D2KL0v}%Q0v}+Df5R`PwIgrB
zYZ;ysT{i0kK45AQ&!_}Gz^AXkL!3n!Tz?NZoll3&TxLf6lV<A-dbY9`cA6DKP}RLs
z-unUxd`PqZP4?Dx0q59PztQJ-ek(RXWbASqee+7IeQ*7f><I(ar_bZIpXmELt?`oy
zR(LY<AmGgCkAE07+WZyoLO{7#0*IthgB|G_7#Cz|bykaw=Y?%PX$!(N?(zp(z-Mx!
zR%#^4aeUesSPhN=)!_td7im3=^g_@XL2;z=wdXO){BUSuk+!(3Y7Qnu{b&Ot<NCKh
z5Lof{;N4eFjLA^ls-Svgbs;QAIH41!j+7vu=4R2JbsD4$*p-k*Zy%!sd$1GJ;;haJ
ziX&8%NPGd1%&Id3H&^^(A?NXLlTZoH_3Kb2yCj%$Dy%s!yIn>lj;aw_co88~@hIf{
za%d4H9*?fv;{kF+<l0@hpH-R%)faq+gSF{1t60{T=djwbqfQ*$keDw$Mvg(r7zGVd
zgqNBThW-VU#1d<6rHXVX8~H8GDGOLn93pdeG^OGVk&ALL=HKEtOBWOhc{mADufUSi
z35KX`UQFFWR>Du^PJplBKbzCee4X&dcCoQ47W9AXZG59B)L7>=HRh|Gwx`#x|8{WL
zrZl8c(v?x8`b$SZ;bLl`n%KTeZhngc|BluXt>P<ktD&K^VN)uqungO@s_v;<X9vW}
z#x%ySbcskP!jgQ4(pRLD0^qX_ANz8&$Cq5xTe*fZO&;|1>`b3HwYJn(2<50AtG{GR
zoVWxH)`U3<zTI=3yUF6*eu$f3<i>7N8ScKF+=Dc6$(RgZGqN(ly5AcoPFq+Dxi<~h
zET(haW((E&pdDcvA_+xIKP~8W*M#WpfHu7sBAkAz9@3`bwz9%-;A8<oq|l7XeZ#8(
zyHhn#d`W?f^}gR;l9+=kW}`Fh3}Ls$a*0E{C9mnuuf>+~JM}urke@Kr9v6s|<s|+L
z%`2c2i9ypA=+ZRWrg!@^5NX8lg6vaz2`!XOJ{^#=JcKF73EVQ}%XY6p+@u<S5@b=g
z4x$aET=SC})BcKC+N<+h_J;(#8>M&0AS!~KL+23oo=|!Vq>gEuTZ7kK(WHS!;=6Z;
z?<V^`TTz-gnWNJAgDU?G!!X*#%Bq2g)GI^Q&CWKN%ro_oE+=={q@HdSF+Ta*b5-xE
zc&UC+?1*Yoh?AI}id3O-F1_i!LAr~{g*z87V9`5sN9u&q_kzMIQ?kPdkz7EMhTA%e
zvgKtc8mpzo4NuO%D|oV3@S|%PQ_=9Spay;T6q}`HyQm~71QiXe_(zjSd}db=iX$X}
z0;tq@g%#RBOe8TOxwqH-LYj}kbFmQ8l_CCLXaR{h;FR97735^vK(%ahPJ~VcnKD>Y
z<^#oPvkpK5(+qP)1)u?+zU<UXXKt`HfJuSdblZY+-Kej0*5OrFuVOgAcxp4yvp9(S
z`}><}u2L75YGu?<x}t^z?G827y2aqWpcoohE^ljF+KCRDYY34x4J4SQpCWA%fsSEP
zW!Nn;4`Z`4ZdKpm`-dpM7zUVC7pNVbIH=(N^mwGdrJ(~2IHng}NVTc7X1FAY#;LlC
zpjMZs`<5vzA?wR(ZHTu#Y87j2b|%CZWK#tN_);k4OdUyw-A$B<q6GA@kwN7nz-)x1
zHPc4mXp+Gub9S#eKhV4xQ7bkf9(Fm;3>@fKjHNd#fm$PyGe5u724g#70hR6D`WRxi
zFa-`2mxFJ88s~SIV<A4>$4Kn^@%&-ViVRyX$s+Q8{ah;8WSov(a&LTtATGWGkhmbP
z9$THX)(KYuZV|210O6O=Tkd!uNotZ75!OmN-}0Lx<XC`e*u5acv^f*k6f9d`E)M%>
z6iLqdKC8>g@*?XAdQ?J^E<%xEkK-{T=U6~?ud6(4Z6`v!jeo7*pL16<Q5|*VC9#lp
zoeHVj#ku^N#h>{#42MS{?QE+CNDJT2JCDA`O&@dN-?-_2joY1=J}&h8NQi~`{j#ZK
zqlNhyY@zlVujQh9hy^3ul-JS~um>;64^Im1*smpDL+|=)0@f+`U0IHB^Vwp{7pQaf
z;)~dMzT#{<=EYQmWqh7!8s@)^^4slqE6trjj#jA8?7AFehd?si;a<lFYi{}2!tnCW
z*%GJGX*-rufriwG=WWer0t(A__UpmREmY^m+)PVG8U@CtO_o#3k!2A}8+iS8tYBsk
zvt6`XN<2@p9hx<j;}^fky<pLJJBI!@d68^QfQk2ZR+)w}YEQJD@6M7>Qd|36{%1$*
zCNGEmK4!DL_wvjNt+@cxHO?SBs#V8GSUS1xlKu!Ol-Uo91(I;3;eLw=Vg}UQpaM7G
zeFdd6Mj<<Xv8eZ+GD__5=7gk}P5);RvZfS%*73~KIU7?Sue3G|D}UWO+O(IYNe5C;
zMC?$L^Qg%F(p#_e7N^9M6<5nIPpObU%jq33kI0G)wkO50bxd`dLqFw%>+-ScwgWCx
zH&uly&im==&Tj(D*D9z#E=mH;*DAp#8q)Ky873^fd5yH|U5dX5xzuk)+FyiRDx;Cf
zZ{$?W9uWbibA}>tVs>{fdR-+Hew!ns?-y|Vy6KeZ6Jf#$V+YH99*2!Xle=I?-_-Zd
zc}*=Yq<|TL97XtS0Qu3ou9ZN@8_WX_b^ba<SpK?yH2Dx>pO9YHf2_ERF7REP>Rfv8
zoK@YsE^oBhJNraV22rbH6Fn_3pE^~5+9NAg69g_VI?RkB(YGXp$}b{@OwyDN1?w?$
ze6|w!lrP@P(tJD++7D5L@P<UWi-7|)RvN`6$>T9GX^99DaG3kUQWaAjQ3au#Vq?t0
z!X6$Nez05$3s2|Cpwq%0G-;bFfg9w}GSP$Hh68lWG%Y{T>hG5ybV8h*Z1WXkK;-iW
zOWEPyLy=z<mx>=%aFNdAx$a$43WcClFv3+I7r`Ne0*8YJY=nbLX)AVLmjKP+7&L_8
z^Z=9=Eu!-chwkP&k6%aB+)r_Px;UDuy6Bo1qMm=uHbl3i0aG#g0bbP_mf9hykgn>M
zD_~TQVDb~HwMcRBgcHYgBhj%_<BRCxBYeEaT4kamSRt`FN&Ml;K7kc?K8WMHw};=<
z2hVwdra4mJv492g!{b$Ypi>5$1%h+T;=9i|IWr{7`UN7Kg|4mXEQ(HgAq7#bEnh-J
zx;y-oVq(s;UTOwu$qzz(9<J6Qc<URtZr;!ybZ66j3I2|kLaNDh*<R3VU1wNfLTDcQ
z%t!snHT3veIVtRY@4;a&|C(+^dE>;qZZnA@RB@TCOH_$V)xtiB*NK+h7=hty>$&4;
z4;jQ%m|uL$f|A*~CgKgk&8q?H#<7<oIMZAD3Yh=+6_beK#Oi}m4PyJKKVyv#?6x*B
z&>y8=f)ZsB2)#zq$JI{W+|+3D;fCs^f&FuOP*mNicKHQ^!0<RI@$+JX5I#9@RQ^gZ
z)W$Cqi%))`n8c($spSjBWEvzUUnnMH`iEk&Y40H~J!MnLRw0XWCyka|l7+S;aL!A0
z<-NlEVR~<$kSYAz=)mE&rXQG?q~6mad(%arc(v#CZRO};ur^GAn$=sfJ|n-Wx|GdW
zaqGsxpt9!DIPimXXx@s0yw!ShBhM&{mva<rD~$sD8n<5To=%XA4iZmLO^kNGmcP_@
zm~n8xu%DXrJ~CsnmGNnr(Wz^u3sx{&3;Fj0AtRfnXH=L(X9_6LL;|!&NG)1<(nkxr
z30!o+lVne6u_Ib#K0(8!^2P>#ossWD9tiRYSL3(WB19^+^q<(F^D}H9e?i)lmQjhP
z3~cM1W=dKnP^(t4$C5JoIAz<Oq^D=rH~X1oQK51*R00N91H#?h-RZ^8Z%9n|E2tlH
zN=QxkD@6zY#R1fRaUfi)p1k0TeGdN?uJy$}hyRNMap5W5@B&OQ3`NAm>=6IO0kE~H
zz+QKH7+V#T<uUB>zV%D+0q|Q}mAbaxFDLSPPtz=476JN1GC2#todLPNBfMW4SY~aI
z|I|1UoZAC#`AcHmTwlafdgw?p+Ve6FhF{y07TDxLf_yKJJdE5R_M&N7tWM615++t<
zjY=3(KpqJMUC-v8Li{<RinZc81HuUwR;psvC%`dOWJ+>xXV)^#IXpdhOe8X1=DIp<
zj2&dzo>p=nKIKKNg;rAHR8=2}*8JVb;SeHX+uB)B^o)%Rp9>Y22W1pNe#X9D2o-j{
zf^%6!Fs-r|7nZ7ANpY)Q3T7g%zMyx`D_-IrE7*kOU4?Y1Zy9TAhzf6BH>-#hhAqId
zW~h#`m)_EF<|e?2yKT&Pf~P5(d~G+@Zt)w1y@WwEB8#*QH~rJaO|L^oMQg}LNuNVU
zWzg0?hx`3=__c0*WBC_kd%j)kenGb9zrfpr*%mCo)XP|OM8v-RpTiy3CP3F8>3Z!{
z0@iGT-0*FYW5H||zQcD64Sh{iq}N<RHy())&#^|EOiUPiL6-)}NHCib+fIQhQ~h1K
z3Txdb#)ND*O+JQ;sLddDU>p@I*Ii7I3D|?69%7tc>jtLi<H;irZ_LbVKN-o*0YOtZ
zKxOl}Yy>^BgVsUhmG&oGb0ts34`|k1W!t%0@q*86pB-f!LXs$-9kuDEYlB-F14FpW
z?Sg$}0RgPeKCwLE8?Cnjl9Iv<V7|n$&TP03MOz(0Pt^WETfsUjD{nVNdnW2Y{`<!Z
z9{JbywM`;|5m_$2*qGN2_br@TVO^PLlEW`e<jimlL*YhT|GoGgJ(HWdYQ9V_Kbd<(
z*MK_qCx{=0e;WF{e}l}Xd5ahiI9ox5<T{3Z@dU(H|A!~oo;SOlg%1#iOvG!^l~O2?
zDw+cH#|{3%4KyrrBXY;-GwqL<&d|FqPRR!^Lki~Yx0Hq!a|wDoKn3}Bgq7vy%3b`T
zoL`Od6o<qxS}YpBAtl9F8)ak+A!Xnzjj)6fU>#0W_}e|su25~QJAoA1)IF);?l0cw
z3)U*e)}LVAOOQC+IfXPplQ07mH-eC5@2Ez&^)Da1{vnSZ@XxK)TE{;lz{<-K1GvAb
zp_P}_aGFyleg=A+MHdI#KZls`4Jt8fbasA%5@Oc02Sf-8*YKS&-Z=$U<8C~s_bqC#
zc-<S(`&4}$0e6ya#s!t4S9W7ken>Q(=#52X8JLl(-O5AqJC#fP%SR?cKOjTS2EITE
zQlve<J8B43x}5RdKt5+-8HIn4#&N*PI;Kl}lB<m}g@214?WB>R=CFH^j0c{Sk@mgx
zDtnX~kUQQ!I?R+LQ$T9I?oQ=)kF<MiPiWw3&Ie*PCp1glE+YUf>0mD_-Djr8eeXYR
z_`NXeeqj_OO963M&`N!q;6yBHxc+>8b!+KE$6w$3hdzHRZ=gm?W>(CZ&U?EgFK+$W
z>crM(H<pQ~zV}L%;j7wV`{V7^8J;|?%4?7EE=<*HSGSX|oxY*&$4|=ku?cp%$rU4Q
zDI7DsAXa9B;0s7{YQ;Nd1L-)WjTQzn)qs4trIUfxjC9p+7zUp%e7a+K_*seN+$}&d
zz`Q+ek)U<tj>iZ%G`_fn<U{q}HbN0rUF&ns?MR(y)A?w}ZR|(fCk?IVp=b5isY=k0
z_nnQ-ns>DxEEiqZ=XfI^&ov7{{`(V11^L^&;b90fm%gH8pLAINJ|Z`#IHZUJVZ4vZ
zPh~Yww}6Xo<WsNxW<XUsv~3@E+a8)FUOa(J-A>FV?o31LynSzve<u}Fgd;+zroZ75
z4k)pX)}~+Ri_lF1R*Od`)Gl-8h5LBcqdWb9g7mbyO-FTCvL=6w`)Z}ecSFCQH@}HL
z-|nQ|+lQY9li#^ZOUJ~wU^n3Rg}ZCIY!_;Q8w1|1`uLFEK(?ae`&lw7;nVU;wuS7>
zgVWJG)iWx#UD7dvzZ64`G0_odZ4m<m*jH{QnI@xy^t{o7ZT(&OEt5m&l<b~ABE1JO
zt~M*G*;>ogqkLG3QBS?ky^_Z`P3v9V-tG4N3&`DMWb@UYeXvqC6&tkJfPbD;tpsIr
zUp8o8KEg+n2tL9onj0v_wjBK&Z9NFW=RrQ;#ItbJ<*#wMia$jQT*Z&?DaGV;L|R?2
zX2Or7GH5kBPV}^_GADb0DK~j%5LqAS8K8Qs%bz6nkp_ju;AW%P6;^d5-V3uQ3G)6Y
ztzxfdva&U2XR9NBH!9JeNFS^2gY}k{n#GI`+o3MTIlOK<b<|?KaeE@0FR9;xl%!d~
z-^<qNc@A<12`SId8;+==3@D6+3sE9c{2r*Pm*Ety2;U+v#e!t7v>5Y_QL6j-fXSz-
z0{sb?cK4*9n9Jo6GGKFKp^qCj1zvaVL;l+pmu&WNLaM+C_ujjLRGJAQUu217$XZyh
z)!^*!Qw5VAP{{ytB(rm8aW605aKf5#adJ7TPV^4!1aX>l?^}{9#!mQ6=?R4C@ZM+d
z2Xb|$0)u5b^HfA`FClH@GkXjISIUeWV(c>7-Q8f!g@miXQwo>uzK!;kfP&_oYv)g~
zH5o!}@2Y1rf%{)+Z3x(S39M6Dkqt7AI%H(GZDQVF_Bt2aFohf>k<VqAb%26faAD|H
z0bcPw8Q5Uq8_SZlBGxDOAA8a(V}?e~W)p(sJP9kjM@UYCKa{CU?(eLF!GCD@k{p$)
z%4rkIz=m9^PADjZuvKRC*j2<BO37O$a|OT4pT42S6fz1soTe_3;h{}Rd3I)#$71A(
z>gv+KCU*Xb6gALTxklmNqe?e<O{0LjlHdC$bO1nK<4<l}20<U~GtrT#bUT~vA7jLr
z%c%%BQ-<Lyfz{btgW@6^!X-}(Gem_aV)F3fI&xq;%EE0EB%qlTM`G<WgidIPmhQ$=
z984G$;soqDv0<$Hm?CN4-;F|!{*?`xIT*lao5e68s-aPZuZGv|Jbo$E!tQ@ols@`T
zkR!VpiruB9AfvJ9etczpQt0uiibbOZB8ei4U7Uq6sq((INjEeN^=tk*o$1c;WG_Sp
zx-rb7E?X2Qq`$=GM09p|uq|?b34u4AZM1;{mQyBEOvK5C#MaoQzao}kiGra9=7wcl
zB3I709XYTiao%77RfP>_1nIjdArd;@HvO_+|GdQ<VBVpO$=@JR7mP#VNG)OByxipW
zrJWm9@K@wohOkyw1eJ`ZY!N1IVSn29p2cy8>5pZWycj7C9;*(6af--u1GkwSRpsvA
z-I`r#w4b|bc9gG4!m(_#Yiu56BKpZ~BCoILmVBgeF%B8?53YK-+7+qB<`msW+R!qL
zPfZopM)ZwtJVaS26q&23hig-o-8pD$ry1@JHo<+c1MH-5(bmEBGj11o0%_QF33A-u
zb6XA(hS@mK<ye=M1@GT-GaAS%1h5w0cA|gKQ)mgnCY25S!g#ytc@Om`O9CQfJkY)&
zHQcN?l+z-_4d7*+yI&Kk>Ii!-FUoJhX5nddF4xzEQlx$@72C2|6eY9f-tPYjo7IzV
z$y1kAQ8R6z;xNDXCM!>8c|rGcJ@8XtZ379`imt$H2LC$d7q{+%-5D>&N1S{Tn%FD(
zfgC5f?2uRtea3k$jk%G_B#k?F6Xiv&+|n+3cEhAzAC0p6-CJw=;VX?fkdMLYXS7(Y
zkE%r-kFD-JJFz9Si}B)+mU;q9c_D_WMPVky)iJ-0imJUqV6qB4E>=@~_F^y(&6yDr
zcF{^o*Rho<CtY(~)@%J(Wtf|%^3aa)UZAM@$&P<Y^*TwRg3XLWoj7gKJg9N4-YKe+
zqB*+TDJoETaI}wsmXJ4cg~2v7Eik{k!yiJSb5mwmF|+Kdy`UL@o)it^L1mc}rcH7x
zyRMI#RD<LJ>qr>D(?w>QYT5zZSw6s*yG61R6uCm#n&`V5a8zLLv`f7~iFnl%ClsIg
ze9ij=ihn$tAt#s}q1^96wnSqy7Y<aXA{Jr2|3V!P+*Nl55Ks+p^*F(-i0IbabQ~%6
zpZ>Ze>HDT}1C5$X1%aPpD1Csf`Wzyl)`Q~Uq{EQ0*-v!~U0!+5k#c%O|2Jjax5U}7
zVqKH&pLsyK?4x-}pYkeu(5?EbR{j5D_5scDQ0O=WG{yR1Zjs0)=NCjA{os<mOV8xd
z!u=F3150;%9c?&J8z-SX%K3&276DN6dsi+q=T}WTh%PJ`qY-PttU!mwV*V1y#UzC7
zZvGzA8oN;WVDps3u~b3_kr?Hz+>T(Av4aBhsIk7$0O`Wa%=i#lhbG_};4!n%%HSOu
zpM;H<`!1rP<_IATkRyRKzPMdhsNAW1o_(o4#}NL-WaJ*S_^s+J@QbaQB6oaXQ>TFT
za7VM3m|>f<D;vjnY3Zb?fNe@?9!V+#)2<T~1ur-o3}O1#+piazD_so+yrq=EsfTbC
z5K(EzkmTg;$Dl2aoEJ;XaP&RJz)YFIh$1Uz9ulK?HYfp+DJlyi7nSg6@{W&oeOHm`
zN|0*as&F2G{Ub@g;RV5%**|z|j}=HOx;y*0v%yHW^fb=d?Hp69w@3fa^n+S@qScHV
zXBRRNGyE}}b{p-$*vIZCYj!oj`T_8C6~IFNK|C|<5}$|ntK?;b`h_CJW#4wA!{28W
zo9^>zT)6u-PAZ~qYJg-^cb%^1y=?C*=M-_z`=aRkqi*Bt#Yko9a^dBQ!<Gj}-jJQY
z#?dPWvs;N~>Dweb*XAx-Mk=qHwRcU-My||CJkQ81oy=>hSEk>D6jk!8-`lD8FyR_r
zCz#Rg!C&1?!{dI6bkzNLp=^L%!SmHxsnr%>bCKv|&FGU!0d_lLl<kW3{r0u`rqbr@
z^``Rkuka^!7xn-uZ9w;k<#GH+pW9A#5`XX$w^WbIipC7*r#0utpH+T7ue;jCk40~?
zaOl|O!_l^yuG?Iao8wo;H#*Us6cHiGFS!jxAcqf-TgrB#2kk|^4u7J%aX-~h-<$G7
z^j7H!Y`^{>J(8of@RLSNXvd8s_i}UAwbmZW%m6WoX0I;>>gA&Sk?t570GQcu41_%-
zx_!k^xenQt2PpURk24O<HI<jZE?Jr64@5D+)7~CHwbab`1qYI*ZF4?7wL3VP=t4ZO
zkW9Bw#>n*}$0^v_1@9jD4sq^$D&YArF#a&4Y28lB*~c_r1rJ^9S+WCmuCiV91?Yfl
z>GcO~IYgv=@qysvB88u`Z5^B>#~()n$ghe^S>-k-r8X$!$8b`zTZeyjsT9m<OvaOb
z|8AX~FgJdjX{FH^x1rAQjbkz5?|h|V{Sd_MYG<i8M->Yvkn~OKKvLlgh&Fics-u+R
zPA*0U*~~;|H4YbQvYjWAPo|^=1jX3`(}P)$$$kf%AXZ%!nu;rpgOI8w3exi`c!bxT
zk5Gv@VrF2S!b5YA`u|E+QCv>eTkX~hij_cU%wgdV0o}E5jWsb9uVy^t9k+wk<#pTi
zI`r`a{iP16N-l_i+ES?D&jtlog+i3k&xW28ByV{v*cX}3wn3CMb0eJn3qK3S1fD`S
z#5idsT<x9eDcIp}@;&OenYi;CagNj3RY9zv{r92pOO)8fu1`34PBUG;73ItT34ZHn
zs1ZsC$I^YT)Z8y!pjLCA1A5Gj2t#_H+4xONwG(M>;iy?9(Y<tlGgXh!J*M>)prAC_
zimPALfXN;rqS>l=!GNa73O^Y}W$#LLsadlOf*%X7FEz-!WdfZlewpe67|Dri>l0c{
z%}H!Ku>+Omq&3Y$T9Ws}7i|~vF0NC;=JZznQIHT3#l^Kmj=-mtR*9C0Ja$R(C2)wp
zGJ6$Vm$wY$-cw)9BVUH6t>(gg*s#XNQhFPL;O+hA@&m=gX%dug$&$2qQiDpd=&_2`
zf^=6DRiXIvar~+{8(uOH>>yv*rAUY_5SK=Ysy!+8RGyYJku{W-K}dg^%*fdh`!ToI
zM``*g$N5Kei@R&VHbjXl{omgjHYv8xYmmT;LI~aN4Jh@bWnULN)4QY>p7J$@X#?lR
zQ#Il6t?_5OlH0Y+uq_R?p6Zmlj-2tUM}aqc>bs6EXTP<Ix0a)w)|^QP?}ImY)#r=J
z0SD@gt?BXS4VeRv??iqciO(C_ygeNiZ<o^pSN3c@9rQ;Y%qd%4Kb|(^4m}(W-Y&~-
zJA{#YUdP@pYqPg3$lrTs)6WKHrFoq>EcRDA>;}xeRf7%+R26tlD&oHLnox3A3gz5|
zH?z3wR-C8u7*ld*_1fF~Ikzus(A^D4S+@oIN<wAPnlo-6are!+5%#=AbIP7NWdm)b
za^C`d`JyUwBS+m`F1sc%OTozF`=9g6(yxY&|26EWwD|hD4Ycq7Rn2*@O|i!0_OQ;x
zWkakAxL55}4XqE6@~Tl$%HxYRlvWEg#RVZopmJ}Ll(PBRH)CToty^wnl#e<<j5*2S
zi8uI;Y*&Roqc{+X^FFU~>Wl1cjcDSF1!eu`EgbF!%@2aPc_dlr)(_IRnMUqp-3;d1
ze3p@O?Z7l`qV0X_?QZH5T3HSh3<LcCea*#JzQO;V;=q5!|Krk&|Jlj^%vkupy8r<x
e4)prELF50*U#Khx3H7fE*w-8URUVl9`}$wt5YX@d

literal 0
HcmV?d00001

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index 97038396d1e..137f7b9eca2 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** — Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** — Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 5, **Hunting Queries:** 8\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** — Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** — Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 10, **Hunting Queries:** 8\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -243,6 +243,76 @@
                 }
               }
             ]
+          },
+          {
+            "name": "analytic6",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Unexpected exit-node egress",
+            "elements": [
+              {
+                "name": "analytic6-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic7",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Large outbound transfer over tailnet",
+            "elements": [
+              {
+                "name": "analytic7-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic8",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Network flow beaconing detected",
+            "elements": [
+              {
+                "name": "analytic8-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic9",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Mass fan-out from single node",
+            "elements": [
+              {
+                "name": "analytic9-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic10",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Subnet router throughput anomaly",
+            "elements": [
+              {
+                "name": "analytic10-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs)."
+                }
+              }
+            ]
           }
         ]
       },
@@ -277,7 +347,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights. This hunting query depends on TailscaleCCF data connector (Tailscale_Configuration_CL Parser or Table)"
+                  "text": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
                 }
               }
             ]
@@ -291,7 +361,7 @@
                 "name": "huntingquery2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change. This hunting query depends on TailscaleCCF data connector (Tailscale_Configuration_CL Parser or Table)"
+                  "text": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
                 }
               }
             ]
@@ -305,7 +375,7 @@
                 "name": "huntingquery3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Lists configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity. This hunting query depends on TailscaleCCF data connector (Tailscale_Configuration_CL Parser or Table)"
+                  "text": "Lists configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
                 }
               }
             ]
@@ -319,7 +389,7 @@
                 "name": "huntingquery4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context. This hunting query depends on TailscaleCCF data connector (Tailscale_Configuration_CL Parser or Table)"
+                  "text": "Actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 6822898ed97..e6763148da2 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -61,11 +61,11 @@
   },
   "variables": {
     "_solutionName": "Tailscale (CCF)",
-    "_solutionVersion": "3.0.2",
+    "_solutionVersion": "3.0.3",
     "solutionId": "noodlemctwoodle.TailscaleCCF",
     "_solutionId": "[variables('solutionId')]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-    "dataConnectorCCPVersion": "3.0.2",
+    "dataConnectorCCPVersion": "3.0.3",
     "_dataConnectorContentIdConnectorDefinition1": "TailscaleCCF",
     "dataConnectorTemplateNameConnectorDefinition1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition1')))]",
     "_dataConnectorContentIdConnections1": "TailscaleCCFConnections",
@@ -111,6 +111,41 @@
       "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f817e2fa-6fa0-fc25-5369-cef9b58771af')))]",
       "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f817e2fa-6fa0-fc25-5369-cef9b58771af','-', '1.0.0')))]"
     },
+    "analyticRuleObject6": {
+      "analyticRuleVersion6": "1.0.0",
+      "_analyticRulecontentId6": "c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f",
+      "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')]",
+      "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')))]",
+      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f','-', '1.0.0')))]"
+    },
+    "analyticRuleObject7": {
+      "analyticRuleVersion7": "1.0.0",
+      "_analyticRulecontentId7": "d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a",
+      "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')]",
+      "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')))]",
+      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a','-', '1.0.0')))]"
+    },
+    "analyticRuleObject8": {
+      "analyticRuleVersion8": "1.0.0",
+      "_analyticRulecontentId8": "e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b",
+      "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')]",
+      "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')))]",
+      "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b','-', '1.0.0')))]"
+    },
+    "analyticRuleObject9": {
+      "analyticRuleVersion9": "1.0.0",
+      "_analyticRulecontentId9": "f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c",
+      "analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')]",
+      "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')))]",
+      "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c','-', '1.0.0')))]"
+    },
+    "analyticRuleObject10": {
+      "analyticRuleVersion10": "1.0.0",
+      "_analyticRulecontentId10": "a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d",
+      "analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')]",
+      "analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')))]",
+      "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d','-', '1.0.0')))]"
+    },
     "huntingQueryObject1": {
       "huntingQueryVersion1": "1.0.0",
       "_huntingQuerycontentId1": "a91f4d3c-1b7e-4f2a-9c1d-0e3b5f7c8d9a",
@@ -199,28 +234,28 @@
                   "graphQueries": [
                     {
                       "metricName": "Total config events",
-                      "legend": "Tailscale_Configuration_CL",
-                      "baseQuery": "Tailscale_Configuration_CL"
+                      "legend": "Tailscale_Audit_CL",
+                      "baseQuery": "Tailscale_Audit_CL"
                     }
                   ],
                   "dataTypes": [
                     {
-                      "name": "Tailscale_Configuration_CL",
-                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Configuration_CL')]"
+                      "name": "Tailscale_Audit_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
                     }
                   ],
                   "sampleQueries": [
                     {
                       "description": "Recent Tailscale configuration audit events",
-                      "query": "Tailscale_Configuration_CL\n| sort by TimeGenerated desc\n| take 100"
+                      "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
                     },
                     {
                       "description": "ACL policy file modifications",
-                      "query": "Tailscale_Configuration_CL\n| where Action == 'WRITE' and Target startswith 'acl/'\n| project TimeGenerated, Actor, Action, Target"
+                      "query": "Tailscale_Audit_CL\n| where Action == 'WRITE' and Target startswith 'acl/'\n| project TimeGenerated, Actor, Action, Target"
                     },
                     {
                       "description": "New API tokens and OAuth clients created",
-                      "query": "Tailscale_Configuration_CL\n| where Action == 'CREATE' and (Target startswith 'apikey/' or Target startswith 'oauth-client/')\n| project TimeGenerated, Actor, Target"
+                      "query": "Tailscale_Audit_CL\n| where Action == 'CREATE' and (Target startswith 'apikey/' or Target startswith 'oauth-client/')\n| project TimeGenerated, Actor, Target"
                     }
                   ],
                   "connectivityCriteria": [
@@ -335,7 +370,7 @@
               "properties": {
                 "dataCollectionEndpointId": "[variables('dataCollectionEndpointId1')]",
                 "streamDeclarations": {
-                  "Custom-Tailscale_Configuration_CL": {
+                  "Custom-Tailscale_Audit_CL": {
                     "columns": [
                       {
                         "name": "eventTime",
@@ -383,26 +418,26 @@
                 "dataFlows": [
                   {
                     "streams": [
-                      "Custom-Tailscale_Configuration_CL"
+                      "Custom-Tailscale_Audit_CL"
                     ],
                     "destinations": [
                       "sentinelWorkspace"
                     ],
                     "transformKql": "          source\n          | extend TimeGenerated = eventTime\n          | extend EventTime = eventTime\n          | extend EventGroupID = eventGroupID\n          | extend Actor = actor\n          | extend Action = action\n          | extend Target = target\n          | extend Origin = origin\n          | extend New = new\n          | extend Old = old\n          | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old\n        ",
-                    "outputStream": "Custom-Tailscale_Configuration_CL"
+                    "outputStream": "Custom-Tailscale_Audit_CL"
                   }
                 ]
               }
             },
             {
-              "name": "Tailscale_Configuration_CL",
+              "name": "Tailscale_Audit_CL",
               "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/tables",
               "location": "[parameters('workspace-location')]",
               "kind": null,
               "properties": {
                 "schema": {
-                  "name": "Tailscale_Configuration_CL",
+                  "name": "Tailscale_Audit_CL",
                   "columns": [
                     {
                       "name": "TimeGenerated",
@@ -526,28 +561,28 @@
           "graphQueries": [
             {
               "metricName": "Total config events",
-              "legend": "Tailscale_Configuration_CL",
-              "baseQuery": "Tailscale_Configuration_CL"
+              "legend": "Tailscale_Audit_CL",
+              "baseQuery": "Tailscale_Audit_CL"
             }
           ],
           "dataTypes": [
             {
-              "name": "Tailscale_Configuration_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Configuration_CL')]"
+              "name": "Tailscale_Audit_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
             }
           ],
           "sampleQueries": [
             {
               "description": "Recent Tailscale configuration audit events",
-              "query": "Tailscale_Configuration_CL\n| sort by TimeGenerated desc\n| take 100"
+              "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
             },
             {
               "description": "ACL policy file modifications",
-              "query": "Tailscale_Configuration_CL\n| where Action == 'WRITE' and Target startswith 'acl/'\n| project TimeGenerated, Actor, Action, Target"
+              "query": "Tailscale_Audit_CL\n| where Action == 'WRITE' and Target startswith 'acl/'\n| project TimeGenerated, Actor, Action, Target"
             },
             {
               "description": "New API tokens and OAuth clients created",
-              "query": "Tailscale_Configuration_CL\n| where Action == 'CREATE' and (Target startswith 'apikey/' or Target startswith 'oauth-client/')\n| project TimeGenerated, Actor, Target"
+              "query": "Tailscale_Audit_CL\n| where Action == 'CREATE' and (Target startswith 'apikey/' or Target startswith 'oauth-client/')\n| project TimeGenerated, Actor, Target"
             }
           ],
           "connectivityCriteria": [
@@ -745,11 +780,11 @@
               "kind": "RestApiPoller",
               "properties": {
                 "connectorDefinitionName": "TailscaleCCF",
-                "dataType": "Tailscale_Configuration_CL",
+                "dataType": "Tailscale_Audit_CL",
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-                  "streamName": "Custom-Tailscale_Configuration_CL"
+                  "streamName": "Custom-Tailscale_Audit_CL"
                 },
                 "auth": {
                   "type": "OAuth2",
@@ -759,9 +794,6 @@
                   "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
                   "TokenEndpointHeaders": {
                     "Content-Type": "application/x-www-form-urlencoded"
-                  },
-                  "TokenEndpointQueryParameters": {
-                    "grant_type": "client_credentials"
                   }
                 },
                 "request": {
@@ -830,8 +862,8 @@
                   "graphQueries": [
                     {
                       "metricName": "Configuration audit events",
-                      "legend": "Tailscale_Configuration_CL",
-                      "baseQuery": "Tailscale_Configuration_CL"
+                      "legend": "Tailscale_Audit_CL",
+                      "baseQuery": "Tailscale_Audit_CL"
                     },
                     {
                       "metricName": "Network flow events",
@@ -841,8 +873,8 @@
                   ],
                   "dataTypes": [
                     {
-                      "name": "Tailscale_Configuration_CL",
-                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Configuration_CL')]"
+                      "name": "Tailscale_Audit_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
                     },
                     {
                       "name": "Tailscale_Network_CL",
@@ -852,7 +884,7 @@
                   "sampleQueries": [
                     {
                       "description": "Recent Tailscale configuration audit events",
-                      "query": "Tailscale_Configuration_CL\n| sort by TimeGenerated desc\n| take 100"
+                      "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
                     },
                     {
                       "description": "Recent Tailscale network flows",
@@ -979,7 +1011,7 @@
               "properties": {
                 "dataCollectionEndpointId": "[variables('dataCollectionEndpointId2')]",
                 "streamDeclarations": {
-                  "Custom-Tailscale_Configuration_CL": {
+                  "Custom-Tailscale_Audit_CL": {
                     "columns": [
                       {
                         "name": "eventTime",
@@ -1071,13 +1103,13 @@
                 "dataFlows": [
                   {
                     "streams": [
-                      "Custom-Tailscale_Configuration_CL"
+                      "Custom-Tailscale_Audit_CL"
                     ],
                     "destinations": [
                       "sentinelWorkspace"
                     ],
                     "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
-                    "outputStream": "Custom-Tailscale_Configuration_CL"
+                    "outputStream": "Custom-Tailscale_Audit_CL"
                   },
                   {
                     "streams": [
@@ -1093,14 +1125,14 @@
               }
             },
             {
-              "name": "Tailscale_Configuration_CL",
+              "name": "Tailscale_Audit_CL",
               "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/tables",
               "location": "[parameters('workspace-location')]",
               "kind": null,
               "properties": {
                 "schema": {
-                  "name": "Tailscale_Configuration_CL",
+                  "name": "Tailscale_Audit_CL",
                   "columns": [
                     {
                       "name": "TimeGenerated",
@@ -1224,8 +1256,8 @@
           "graphQueries": [
             {
               "metricName": "Configuration audit events",
-              "legend": "Tailscale_Configuration_CL",
-              "baseQuery": "Tailscale_Configuration_CL"
+              "legend": "Tailscale_Audit_CL",
+              "baseQuery": "Tailscale_Audit_CL"
             },
             {
               "metricName": "Network flow events",
@@ -1235,8 +1267,8 @@
           ],
           "dataTypes": [
             {
-              "name": "Tailscale_Configuration_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Configuration_CL')]"
+              "name": "Tailscale_Audit_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
             },
             {
               "name": "Tailscale_Network_CL",
@@ -1246,7 +1278,7 @@
           "sampleQueries": [
             {
               "description": "Recent Tailscale configuration audit events",
-              "query": "Tailscale_Configuration_CL\n| sort by TimeGenerated desc\n| take 100"
+              "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
             },
             {
               "description": "Recent Tailscale network flows",
@@ -1456,11 +1488,11 @@
               "kind": "RestApiPoller",
               "properties": {
                 "connectorDefinitionName": "TailscalePremiumCCF",
-                "dataType": "Tailscale_Configuration_CL",
+                "dataType": "Tailscale_Audit_CL",
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-                  "streamName": "Custom-Tailscale_Configuration_CL"
+                  "streamName": "Custom-Tailscale_Audit_CL"
                 },
                 "auth": {
                   "type": "OAuth2",
@@ -1470,9 +1502,6 @@
                   "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
                   "TokenEndpointHeaders": {
                     "Content-Type": "application/x-www-form-urlencoded"
-                  },
-                  "TokenEndpointQueryParameters": {
-                    "grant_type": "client_credentials"
                   }
                 },
                 "request": {
@@ -1519,9 +1548,6 @@
                   "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
                   "TokenEndpointHeaders": {
                     "Content-Type": "application/x-www-form-urlencoded"
-                  },
-                  "TokenEndpointQueryParameters": {
-                    "grant_type": "client_credentials"
                   }
                 },
                 "request": {
@@ -1566,7 +1592,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -1583,7 +1609,7 @@
                 "description": "A new API access token or OAuth client was created in the tailnet. These grant programmatic access - verify the actor and intent.",
                 "displayName": "Tailscale: New API access token or OAuth client created",
                 "enabled": false,
-                "query": "Tailscale_Configuration_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend TargetName = tostring(Target.name)\n      | extend TargetId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, TargetName, TargetId, Origin, New\n",
+                "query": "Tailscale_Audit_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend TargetName = tostring(Target.name)\n      | extend TargetId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, TargetName, TargetId, Origin, New\n",
                 "queryFrequency": "PT15M",
                 "queryPeriod": "PT15M",
                 "severity": "Medium",
@@ -1595,7 +1621,7 @@
                 "requiredDataConnectors": [
                   {
                     "dataTypes": [
-                      "Tailscale_Configuration_CL"
+                      "Tailscale_Audit_CL"
                     ],
                     "connectorId": "TailscaleCCF"
                   }
@@ -1610,22 +1636,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
                     "groupByEntities": [],
-                    "reopenClosedIncident": false
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true,
+                    "lookbackDuration": "5h"
                   },
                   "createIncident": true
                 }
@@ -1680,7 +1706,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -1697,7 +1723,7 @@
                 "description": "The tailnet ACL/policy file was modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet.",
                 "displayName": "Tailscale: Policy file (ACL) modified",
                 "enabled": false,
-                "query": "Tailscale_Configuration_CL\n      | where Action in (\"UPDATE\", \"CREATE\")\n      | where tostring(Target.type) == \"ACL\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | project TimeGenerated, ActorLogin, Action, Target, Origin, Old, New\n",
+                "query": "Tailscale_Audit_CL\n      | where Action in (\"UPDATE\", \"CREATE\")\n      | where tostring(Target.type) == \"ACL\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | project TimeGenerated, ActorLogin, Action, Target, Origin, Old, New\n",
                 "queryFrequency": "PT15M",
                 "queryPeriod": "PT15M",
                 "severity": "Medium",
@@ -1709,7 +1735,7 @@
                 "requiredDataConnectors": [
                   {
                     "dataTypes": [
-                      "Tailscale_Configuration_CL"
+                      "Tailscale_Audit_CL"
                     ],
                     "connectorId": "TailscaleCCF"
                   }
@@ -1723,22 +1749,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
                     "groupByEntities": [],
-                    "reopenClosedIncident": false
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true,
+                    "lookbackDuration": "5h"
                   },
                   "createIncident": true
                 }
@@ -1793,7 +1819,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -1810,7 +1836,7 @@
                 "description": "A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not.",
                 "displayName": "Tailscale: Auth key created",
                 "enabled": false,
-                "query": "Tailscale_Configuration_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) == \"AUTH_KEY\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend KeyDescription = tostring(New.description)\n      | extend Reusable = tostring(New.reusable)\n      | extend Ephemeral = tostring(New.ephemeral)\n      | project TimeGenerated, ActorLogin, KeyDescription, Reusable, Ephemeral, Origin, New\n",
+                "query": "Tailscale_Audit_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) == \"AUTH_KEY\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend KeyDescription = tostring(New.description)\n      | extend Reusable = tostring(New.reusable)\n      | extend Ephemeral = tostring(New.ephemeral)\n      | project TimeGenerated, ActorLogin, KeyDescription, Reusable, Ephemeral, Origin, New\n",
                 "queryFrequency": "PT15M",
                 "queryPeriod": "PT15M",
                 "severity": "Low",
@@ -1822,7 +1848,7 @@
                 "requiredDataConnectors": [
                   {
                     "dataTypes": [
-                      "Tailscale_Configuration_CL"
+                      "Tailscale_Audit_CL"
                     ],
                     "connectorId": "TailscaleCCF"
                   }
@@ -1835,22 +1861,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
                     "groupByEntities": [],
-                    "reopenClosedIncident": false
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true,
+                    "lookbackDuration": "5h"
                   },
                   "createIncident": true
                 }
@@ -1905,7 +1931,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -1922,7 +1948,7 @@
                 "description": "A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator - rogue exit nodes can intercept tailnet egress.",
                 "displayName": "Tailscale: Exit node advertised or approved",
                 "enabled": false,
-                "query": "Tailscale_Configuration_CL\n      | where Action contains \"EXIT\" or tostring(New.advertisedExitNode) == \"true\" or tostring(New.allowedExitNode) == \"true\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend NodeName = tostring(Target.name)\n      | extend NodeId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, NodeName, NodeId, Origin, New, Old\n",
+                "query": "Tailscale_Audit_CL\n      | where Action contains \"EXIT\" or tostring(New.advertisedExitNode) == \"true\" or tostring(New.allowedExitNode) == \"true\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend NodeName = tostring(Target.name)\n      | extend NodeId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, NodeName, NodeId, Origin, New, Old\n",
                 "queryFrequency": "PT30M",
                 "queryPeriod": "PT30M",
                 "severity": "Low",
@@ -1934,7 +1960,7 @@
                 "requiredDataConnectors": [
                   {
                     "dataTypes": [
-                      "Tailscale_Configuration_CL"
+                      "Tailscale_Audit_CL"
                     ],
                     "connectorId": "TailscaleCCF"
                   }
@@ -1948,31 +1974,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "NodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "NodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
                     "groupByEntities": [],
-                    "reopenClosedIncident": false
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true,
+                    "lookbackDuration": "5h"
                   },
                   "createIncident": true
                 }
@@ -2027,7 +2053,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -2044,7 +2070,7 @@
                 "description": "Five or more API keys, OAuth clients, or auth keys were revoked/deleted within an hour. May be routine rotation, but also a typical cleanup pattern after credential compromise.",
                 "displayName": "Tailscale: Mass credential revocation in short window",
                 "enabled": false,
-                "query": "Tailscale_Configuration_CL\n      | where Action in (\"REVOKE\", \"DELETE\")\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\", \"AUTH_KEY\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | summarize\n          RevokedCount = count(),\n          TargetTypes = make_set(tostring(Target.type)),\n          TargetIds = make_set(tostring(Target.id)),\n          FirstEvent = min(TimeGenerated),\n          LastEvent = max(TimeGenerated)\n        by ActorLogin, bin(TimeGenerated, 1h)\n      | where RevokedCount >= 5\n      | project TimeGenerated = LastEvent, ActorLogin, RevokedCount, TargetTypes, TargetIds, FirstEvent, LastEvent\n",
+                "query": "Tailscale_Audit_CL\n      | where Action in (\"REVOKE\", \"DELETE\")\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\", \"AUTH_KEY\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | summarize\n          RevokedCount = count(),\n          TargetTypes = make_set(tostring(Target.type)),\n          TargetIds = make_set(tostring(Target.id)),\n          FirstEvent = min(TimeGenerated),\n          LastEvent = max(TimeGenerated)\n        by ActorLogin, bin(TimeGenerated, 1h)\n      | where RevokedCount >= 5\n      | project TimeGenerated = LastEvent, ActorLogin, RevokedCount, TargetTypes, TargetIds, FirstEvent, LastEvent\n",
                 "queryFrequency": "PT1H",
                 "queryPeriod": "PT1H",
                 "severity": "High",
@@ -2056,7 +2082,7 @@
                 "requiredDataConnectors": [
                   {
                     "dataTypes": [
-                      "Tailscale_Configuration_CL"
+                      "Tailscale_Audit_CL"
                     ],
                     "connectorId": "TailscaleCCF"
                   }
@@ -2070,22 +2096,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
                     "groupByEntities": [],
-                    "reopenClosedIncident": false
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true,
+                    "lookbackDuration": "5h"
                   },
                   "createIncident": true
                 }
@@ -2131,6 +2157,605 @@
         "version": "[variables('analyticRuleObject5').analyticRuleVersion5]"
       }
     },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject6').analyticRuleTemplateSpecName6]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePremiumUnexpectedExitNodeEgress_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Unexpected exit-node egress",
+                "enabled": false,
+                "query": "let baseline = 7d;\nlet recent = 1h;\nlet recentEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst), SrcNodeName = tostring(SrcNode.name), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize FirstSeen = min(TimeGenerated), TotalBytes = sum(Bytes) by NodeId, SrcNodeName, Src, ExitDst;\nlet baselineEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst)\n    | distinct NodeId, Src, ExitDst;\nrecentEgress\n| join kind=leftanti baselineEgress on NodeId, Src, ExitDst\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Network_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
+                  }
+                ],
+                "tactics": [
+                  "CommandAndControl",
+                  "Exfiltration"
+                ],
+                "techniques": [
+                  "T1090",
+                  "T1041"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Host",
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "IP",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "Src"
+                      }
+                    ]
+                  }
+                ],
+                "incidentConfiguration": {
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  },
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject6').analyticRuleId6,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 6",
+                "parentId": "[variables('analyticRuleObject6').analyticRuleId6]",
+                "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject6').analyticRuleVersion6]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: Unexpected exit-node egress",
+        "contentProductId": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]",
+        "id": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]",
+        "version": "[variables('analyticRuleObject6').analyticRuleVersion6]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject7').analyticRuleTemplateSpecName7]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePremiumLargeOutboundTransfer_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
+                "enabled": false,
+                "query": "let bytesThreshold = 100 * 1024 * 1024;\nTailscale_Network_CL\n| where TimeGenerated > ago(1h)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), SrcNodeName = take_any(tostring(SrcNode.name)) by NodeId, Src, Dst, Proto\n| where TotalBytes > bytesThreshold\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| order by TotalBytes desc\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Network_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
+                  }
+                ],
+                "tactics": [
+                  "Exfiltration",
+                  "Collection"
+                ],
+                "techniques": [
+                  "T1041",
+                  "T1020"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Host",
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "IP",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "Src"
+                      }
+                    ]
+                  }
+                ],
+                "incidentConfiguration": {
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  },
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject7').analyticRuleId7,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 7",
+                "parentId": "[variables('analyticRuleObject7').analyticRuleId7]",
+                "contentId": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject7').analyticRuleVersion7]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
+        "contentProductId": "[variables('analyticRuleObject7')._analyticRulecontentProductId7]",
+        "id": "[variables('analyticRuleObject7')._analyticRulecontentProductId7]",
+        "version": "[variables('analyticRuleObject7').analyticRuleVersion7]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject8').analyticRuleTemplateSpecName8]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Network flow beaconing detected",
+                "enabled": false,
+                "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P2D",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Network_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
+                  }
+                ],
+                "tactics": [
+                  "CommandAndControl",
+                  "Exfiltration"
+                ],
+                "techniques": [
+                  "T1071",
+                  "T1095",
+                  "T1029"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "IP",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "Src"
+                      }
+                    ]
+                  }
+                ],
+                "incidentConfiguration": {
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject8').analyticRuleId8,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 8",
+                "parentId": "[variables('analyticRuleObject8').analyticRuleId8]",
+                "contentId": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject8').analyticRuleVersion8]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: Network flow beaconing detected",
+        "contentProductId": "[variables('analyticRuleObject8')._analyticRulecontentProductId8]",
+        "id": "[variables('analyticRuleObject8')._analyticRulecontentProductId8]",
+        "version": "[variables('analyticRuleObject8').analyticRuleVersion8]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject9').analyticRuleTemplateSpecName9]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Mass fan-out from single node",
+                "enabled": false,
+                "query": "let dstThreshold = 25;\nTailscale_Network_CL\n| where TimeGenerated > ago(15m)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst)\n| summarize UniqueDestinations = dcount(Dst), SrcNodeName = take_any(tostring(SrcNode.name)), TopDestinations = make_set(Dst, 25) by NodeId, Src\n| where UniqueDestinations >= dstThreshold\n| order by UniqueDestinations desc\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Network_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
+                  }
+                ],
+                "tactics": [
+                  "Discovery",
+                  "LateralMovement"
+                ],
+                "techniques": [
+                  "T1018",
+                  "T1021",
+                  "T1046"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Host",
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "IP",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "Src"
+                      }
+                    ]
+                  }
+                ],
+                "incidentConfiguration": {
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  },
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject9').analyticRuleId9,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 9",
+                "parentId": "[variables('analyticRuleObject9').analyticRuleId9]",
+                "contentId": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject9').analyticRuleVersion9]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: Mass fan-out from single node",
+        "contentProductId": "[variables('analyticRuleObject9')._analyticRulecontentProductId9]",
+        "id": "[variables('analyticRuleObject9')._analyticRulecontentProductId9]",
+        "version": "[variables('analyticRuleObject9').analyticRuleVersion9]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject10').analyticRuleTemplateSpecName10]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Subnet router throughput anomaly",
+                "enabled": false,
+                "query": "let baselineDays = 7d;\nlet recent = 1h;\nlet multiplier = 3.0;\nlet recentTraffic =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), SrcNodeName = tostring(SrcNode.name)\n    | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName;\nlet baseline =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baselineDays + recent) .. ago(recent))\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize TotalBaselineBytes = sum(Bytes) by NodeId\n    | extend BaselineHourlyBytes = TotalBaselineBytes / 168.0;\nrecentTraffic\n| join kind=inner baseline on NodeId\n| where RecentBytes > BaselineHourlyBytes * multiplier\n| extend Multiplier = round(RecentBytes / BaselineHourlyBytes, 1), RecentMB = round(RecentBytes / 1024.0 / 1024.0, 2), BaselineHourlyMB = round(BaselineHourlyBytes / 1024.0 / 1024.0, 2)\n| project NodeId, SrcNodeName, RecentMB, BaselineHourlyMB, Multiplier\n| order by Multiplier desc\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P8D",
+                "severity": "Low",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Network_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
+                  }
+                ],
+                "tactics": [
+                  "Exfiltration",
+                  "CommandAndControl"
+                ],
+                "techniques": [
+                  "T1572",
+                  "T1041"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Host",
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
+                      }
+                    ]
+                  }
+                ],
+                "incidentConfiguration": {
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject10').analyticRuleId10,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 10",
+                "parentId": "[variables('analyticRuleObject10').analyticRuleId10]",
+                "contentId": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject10').analyticRuleVersion10]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: Subnet router throughput anomaly",
+        "contentProductId": "[variables('analyticRuleObject10')._analyticRulecontentProductId10]",
+        "id": "[variables('analyticRuleObject10')._analyticRulecontentProductId10]",
+        "version": "[variables('analyticRuleObject10').analyticRuleVersion10]"
+      }
+    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -2140,7 +2765,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -2156,7 +2781,7 @@
                 "eTag": "*",
                 "displayName": "Tailscale: First-seen actor making configuration changes",
                 "category": "Hunting Queries",
-                "query": "let lookback = 14d;\nlet baselineWindow = 14d;\nTailscale_Configuration_CL\n| where TimeGenerated > ago(lookback)\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize FirstSeen = min(TimeGenerated), Actions = make_set(Action), Targets = make_set(tostring(Target.type)), TotalEvents = count() by ActorLogin\n| join kind=leftanti (\n    Tailscale_Configuration_CL\n    | where TimeGenerated between (ago(lookback + baselineWindow) .. ago(lookback))\n    | extend ActorLogin = tostring(Actor.loginName)\n    | distinct ActorLogin\n) on ActorLogin\n| order by FirstSeen asc\n",
+                "query": "let lookback = 14d;\nlet baselineWindow = 14d;\nTailscale_Audit_CL\n| where TimeGenerated > ago(lookback)\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize FirstSeen = min(TimeGenerated), Actions = make_set(Action), Targets = make_set(tostring(Target.type)), TotalEvents = count() by ActorLogin\n| join kind=leftanti (\n    Tailscale_Audit_CL\n    | where TimeGenerated between (ago(lookback + baselineWindow) .. ago(lookback))\n    | extend ActorLogin = tostring(Actor.loginName)\n    | distinct ActorLogin\n) on ActorLogin\n| order by FirstSeen asc\n",
                 "version": 2,
                 "tags": [
                   {
@@ -2223,7 +2848,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
@@ -2239,7 +2864,7 @@
                 "eTag": "*",
                 "displayName": "Tailscale: ACL policy churn",
                 "category": "Hunting Queries",
-                "query": "let bucket = 30m;\nlet churnThreshold = 3;\nTailscale_Configuration_CL\n| where Action == \"WRITE\"\n| where tostring(Target.type) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize EditCount = count(), Editors = make_set(ActorLogin), FirstEdit = min(TimeGenerated), LastEdit = max(TimeGenerated)\n    by bin(TimeGenerated, bucket)\n| where EditCount >= churnThreshold\n| order by EditCount desc\n",
+                "query": "let bucket = 30m;\nlet churnThreshold = 3;\nTailscale_Audit_CL\n| where Action == \"WRITE\"\n| where tostring(Target.type) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize EditCount = count(), Editors = make_set(ActorLogin), FirstEdit = min(TimeGenerated), LastEdit = max(TimeGenerated)\n    by bin(TimeGenerated, bucket)\n| where EditCount >= churnThreshold\n| order by EditCount desc\n",
                 "version": 2,
                 "tags": [
                   {
@@ -2306,7 +2931,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
@@ -2322,7 +2947,7 @@
                 "eTag": "*",
                 "displayName": "Tailscale: Off-hours configuration changes",
                 "category": "Hunting Queries",
-                "query": "let businessStartUtc = 8;\nlet businessEndUtc = 18;\nTailscale_Configuration_CL\n| extend HourOfDay = datetime_part(\"hour\", TimeGenerated), DayOfWeek = dayofweek(TimeGenerated)\n| where DayOfWeek in (0d, 6d)  // Sunday and Saturday\n    or HourOfDay < businessStartUtc\n    or HourOfDay >= businessEndUtc\n| extend ActorLogin = tostring(Actor.loginName)\n| extend TargetType = tostring(Target.type)\n| project TimeGenerated, ActorLogin, Action, TargetType, Target, Origin\n| order by TimeGenerated desc\n",
+                "query": "let businessStartUtc = 8;\nlet businessEndUtc = 18;\nTailscale_Audit_CL\n| extend HourOfDay = datetime_part(\"hour\", TimeGenerated), DayOfWeek = dayofweek(TimeGenerated)\n| where DayOfWeek in (0d, 6d)  // Sunday and Saturday\n    or HourOfDay < businessStartUtc\n    or HourOfDay >= businessEndUtc\n| extend ActorLogin = tostring(Actor.loginName)\n| extend TargetType = tostring(Target.type)\n| project TimeGenerated, ActorLogin, Action, TargetType, Target, Origin\n| order by TimeGenerated desc\n",
                 "version": 2,
                 "tags": [
                   {
@@ -2389,7 +3014,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
@@ -2405,7 +3030,7 @@
                 "eTag": "*",
                 "displayName": "Tailscale: Auth key sprawl",
                 "category": "Hunting Queries",
-                "query": "let bucket = 1h;\nlet sprawlThreshold = 5;\nTailscale_Configuration_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize KeysCreated = count(), KeyIDs = make_set(tostring(Target.id)), Reusable = make_set(tostring(New.reusable)), Ephemeral = make_set(tostring(New.ephemeral))\n    by bin(TimeGenerated, bucket), ActorLogin\n| where KeysCreated >= sprawlThreshold\n| order by KeysCreated desc\n",
+                "query": "let bucket = 1h;\nlet sprawlThreshold = 5;\nTailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize KeysCreated = count(), KeyIDs = make_set(tostring(Target.id)), Reusable = make_set(tostring(New.reusable)), Ephemeral = make_set(tostring(New.ephemeral))\n    by bin(TimeGenerated, bucket), ActorLogin\n| where KeysCreated >= sprawlThreshold\n| order by KeysCreated desc\n",
                 "version": 2,
                 "tags": [
                   {
@@ -2472,7 +3097,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleNewNodePairs_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "TailscaleNewNodePairs_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
@@ -2555,7 +3180,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleTopTalkers_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "TailscaleTopTalkers_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
@@ -2638,7 +3263,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "TailscaleExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
@@ -2721,7 +3346,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "TailscaleBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
@@ -2804,7 +3429,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleStandardOperations Workbook with template version 3.0.2",
+        "description": "TailscaleStandardOperations Workbook with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -2822,7 +3447,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Standard)\\n\\nSecurity and operational view across the **Tailscale Standard (CCF)** data connector. Surfaces configuration audit data (`Tailscale_Configuration_CL`).\\n\\nFor network flow visibility, upgrade your tailnet to Premium / Enterprise and install **Tailscale Premium (CCF)** + use the **Tailscale Operations (Premium)** workbook.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"WRITE\\\" and tostring(Target.type) == \\\"ACL\\\"), AuthKeysCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) == \\\"AUTH_KEY\\\")\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"AUTH_KEY\\\"\\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Auth key lifecycle\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"API token and OAuth client activity\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-oauth-api\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"}],\"fromTemplateId\":\"sentinel-TailscaleStandardOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Standard)\\n\\nSecurity and operational view across the **Tailscale Standard (CCF)** data connector. Surfaces configuration audit data (`Tailscale_Audit_CL`).\\n\\nFor network flow visibility, upgrade your tailnet to Premium / Enterprise and install **Tailscale Premium (CCF)** + use the **Tailscale Operations (Premium)** workbook.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"WRITE\\\" and tostring(Target.type) == \\\"ACL\\\"), AuthKeysCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) == \\\"AUTH_KEY\\\")\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"AUTH_KEY\\\"\\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Auth key lifecycle\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"API token and OAuth client activity\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-oauth-api\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"}],\"fromTemplateId\":\"sentinel-TailscaleStandardOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -2890,7 +3515,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumOperations Workbook with template version 3.0.2",
+        "description": "TailscalePremiumOperations Workbook with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion2')]",
@@ -2908,7 +3533,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Premium)\\n\\nFull security and operational view across the **Tailscale Premium (CCF)** data connector — covers configuration audit (`Tailscale_Configuration_CL`) **and** network flow (`Tailscale_Network_CL`) telemetry.\\n\\nFor Personal (Free) / Standard tier tailnets, use the **Tailscale Operations (Standard)** workbook instead.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"network\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows (Premium)\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"WRITE\\\" and tostring(Target.type) == \\\"ACL\\\"), AuthKeysCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) == \\\"AUTH_KEY\\\")\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"AUTH_KEY\\\"\\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Auth key lifecycle\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Configuration_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"API token and OAuth client activity\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-oauth-api\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Network Flows (Premium)\\n\\nThese visualisations require the `Tailscale Premium (CCF)` data connector. If no data is shown, install the Premium connector or confirm your tailnet is on the Premium or Enterprise tier.\"},\"name\":\"network-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Messages = count(), UniqueNodes = dcount(NodeId)\",\"size\":4,\"title\":\"Network flow summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\"},\"customWidth\":\"100\",\"name\":\"network-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Src = tostring(t.src), Dst = tostring(t.dst), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\\n| summarize TotalBytes = sum(TxBytes + RxBytes) by Src, Dst\\n| top 20 by TotalBytes\\n| render barchart\",\"size\":0,\"title\":\"Top 20 talkers (virtual traffic, bytes)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-top-talkers\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(ExitTraffic) > 0\\n| mv-expand t = ExitTraffic\\n| extend ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst\\n| top 50 by TotalBytes\",\"size\":0,\"title\":\"Exit-node traffic\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-exit-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(SubnetTraffic) > 0\\n| mv-expand t = SubnetTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\\n| top 25 by TotalBytes\",\"size\":0,\"title\":\"Subnet router throughput by source node\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-subnet-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\\n| render timechart\",\"size\":0,\"title\":\"Virtual-traffic bytes over time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-bytes-timechart\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"network-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"}],\"fromTemplateId\":\"sentinel-TailscalePremiumOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Premium)\\n\\nFull security and operational view across the **Tailscale Premium (CCF)** data connector — covers configuration audit (`Tailscale_Audit_CL`) **and** network flow (`Tailscale_Network_CL`) telemetry.\\n\\nFor Personal (Free) / Standard tier tailnets, use the **Tailscale Operations (Standard)** workbook instead.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"network\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows (Premium)\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"WRITE\\\" and tostring(Target.type) == \\\"ACL\\\"), AuthKeysCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) == \\\"AUTH_KEY\\\")\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"AUTH_KEY\\\"\\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Auth key lifecycle\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"API token and OAuth client activity\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-oauth-api\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Network Flows (Premium)\\n\\nThese visualisations require the `Tailscale Premium (CCF)` data connector. If no data is shown, install the Premium connector or confirm your tailnet is on the Premium or Enterprise tier.\"},\"name\":\"network-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Messages = count(), UniqueNodes = dcount(NodeId)\",\"size\":4,\"title\":\"Network flow summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\"},\"customWidth\":\"100\",\"name\":\"network-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Src = tostring(t.src), Dst = tostring(t.dst), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\\n| summarize TotalBytes = sum(TxBytes + RxBytes) by Src, Dst\\n| top 20 by TotalBytes\\n| render barchart\",\"size\":0,\"title\":\"Top 20 talkers (virtual traffic, bytes)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-top-talkers\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(ExitTraffic) > 0\\n| mv-expand t = ExitTraffic\\n| extend ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst\\n| top 50 by TotalBytes\",\"size\":0,\"title\":\"Exit-node traffic\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-exit-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(SubnetTraffic) > 0\\n| mv-expand t = SubnetTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\\n| top 25 by TotalBytes\",\"size\":0,\"title\":\"Subnet router throughput by source node\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-subnet-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\\n| render timechart\",\"size\":0,\"title\":\"Virtual-traffic bytes over time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-bytes-timechart\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"network-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"}],\"fromTemplateId\":\"sentinel-TailscalePremiumOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -2976,12 +3601,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.2",
+        "version": "3.0.3",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Tailscale (CCF)",
         "publisherDisplayName": "Community",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.</p>\n<p><strong>Data connectors in this solution (install one based on your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> — Configuration audit logs (<code>/logging/configuration</code>). Use on <strong>Personal (Free) and Standard</strong> tailnets. Included in this release.</li>\n<li><strong>Tailscale Premium (CCF)</strong> — Configuration audit + network flow logs (<code>/logging/configuration</code> + <code>/logging/network</code>). Use on <strong>Premium and Enterprise</strong> tailnets. <em>Planned for a future release.</em></li>\n</ul>\n<p><strong>Underlying technology:</strong> Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.</p>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the <strong>Audit Logs - Read</strong> scope (Standard connector). For the Premium connector also tick <strong>Network Logs - Read</strong>.</li>\n<li>Copy the client ID and client secret (secret shown once)</li>\n<li>Note your tailnet name from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 5, <strong>Hunting Queries:</strong> 8</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.</p>\n<p><strong>Data connectors in this solution (install one based on your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> — Configuration audit logs (<code>/logging/configuration</code>). Use on <strong>Personal (Free) and Standard</strong> tailnets. Included in this release.</li>\n<li><strong>Tailscale Premium (CCF)</strong> — Configuration audit + network flow logs (<code>/logging/configuration</code> + <code>/logging/network</code>). Use on <strong>Premium and Enterprise</strong> tailnets. <em>Planned for a future release.</em></li>\n</ul>\n<p><strong>Underlying technology:</strong> Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.</p>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the <strong>Audit Logs - Read</strong> scope (Standard connector). For the Premium connector also tick <strong>Network Logs - Read</strong>.</li>\n<li>Copy the client ID and client secret (secret shown once)</li>\n<li>Note your tailnet name from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 10, <strong>Hunting Queries:</strong> 8</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -3039,6 +3664,31 @@
               "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
               "version": "[variables('analyticRuleObject5').analyticRuleVersion5]"
             },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+              "version": "[variables('analyticRuleObject6').analyticRuleVersion6]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
+              "version": "[variables('analyticRuleObject7').analyticRuleVersion7]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
+              "version": "[variables('analyticRuleObject8').analyticRuleVersion8]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
+              "version": "[variables('analyticRuleObject9').analyticRuleVersion9]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
+              "version": "[variables('analyticRuleObject10').analyticRuleVersion10]"
+            },
             {
               "kind": "HuntingQuery",
               "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
diff --git a/Solutions/Tailscale (CCF)/README.md b/Solutions/Tailscale (CCF)/README.md
index 28fc7e01e2b..952ddc373b9 100644
--- a/Solutions/Tailscale (CCF)/README.md	
+++ b/Solutions/Tailscale (CCF)/README.md	
@@ -11,12 +11,12 @@ Install **one** of these connectors based on your Tailscale plan:
 | **Tailscale Standard (CCF)** | `/logging/configuration` | Personal (Free) + Standard | **Included** |
 | Tailscale Premium (CCF) | `/logging/configuration` + `/logging/network` | Premium + Enterprise | Planned |
 
-The split mirrors what the Tailscale API actually exposes per tier - Network flow logs are only available on Premium and above. If you're on Personal or Standard, install Tailscale Standard; if you're on Premium or Enterprise install Tailscale Premium (which covers both endpoints).
+The split mirrors what the Tailscale API actually exposes per tier — Network flow logs are only available on Premium and above. If you're on Personal or Standard, install Tailscale Standard; if you're on Premium or Enterprise install Tailscale Premium (which covers both endpoints).
 
 ## Contents
 
-- **Data connector** - Sentinel UI card ("Tailscale Standard (CCF)") that uses OAuth2 client-credentials auth, polling the configuration endpoint every 5 minutes.
-- **Custom table** - `Tailscale_Configuration_CL` (typed columns for actor, action, target, origin, new, old).
+- **Data connector** — Sentinel UI card ("Tailscale Standard (CCF)") that uses OAuth2 client-credentials auth, polling the configuration endpoint every 5 minutes.
+- **Custom table** — `Tailscale_Audit_CL` (typed columns for actor, action, target, origin, new, old).
 - **5 analytic rules**:
   - New API access token or OAuth client created (Medium)
   - Policy file (ACL) modified (Medium)
@@ -36,7 +36,7 @@ The split mirrors what the Tailscale API actually exposes per tier - Network flo
 ## Connect
 
 1. Install this solution via **Content Hub**.
-2. Sentinel -> **Data Connectors** -> search "Tailscale Standard (CCF)" -> **Open connector page**.
+2. Sentinel → **Data Connectors** → search "Tailscale Standard (CCF)" → **Open connector page**.
 3. Supply:
    - Tailscale tailnet name
    - OAuth Client ID
@@ -45,14 +45,14 @@ The split mirrors what the Tailscale API actually exposes per tier - Network flo
 
 ## Why OAuth client, not a personal API token
 
-Tailscale's `logging/configuration` endpoint requires the `logs:configuration:read` scope. Personal API access tokens (`tskey-api-...`) are unscoped - when used against this endpoint, the API returns HTTP 200 but with `logs: null`, silently. OAuth clients are required to grant the specific scope.
+Tailscale's `logging/configuration` endpoint requires the `logs:configuration:read` scope. Personal API access tokens (`tskey-api-...`) are unscoped — when used against this endpoint, the API returns HTTP 200 but with `logs: null`, silently. OAuth clients are required to grant the specific scope.
 
 ## Verification
 
 After Connect, in Sentinel Logs:
 
 ```kql
-Tailscale_Configuration_CL
+Tailscale_Audit_CL
 | sort by TimeGenerated desc
 | take 50
 ```
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json
index 4edfc21850c..c49fbaf11df 100644
--- a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
@@ -4,7 +4,7 @@
     {
       "type": 1,
       "content": {
-        "json": "# Tailscale Operations (Premium)\n\nFull security and operational view across the **Tailscale Premium (CCF)** data connector \u2014 covers configuration audit (`Tailscale_Configuration_CL`) **and** network flow (`Tailscale_Network_CL`) telemetry.\n\nFor Personal (Free) / Standard tier tailnets, use the **Tailscale Operations (Standard)** workbook instead."
+        "json": "# Tailscale Operations (Premium)\n\nFull security and operational view across the **Tailscale Premium (CCF)** data connector \u2014 covers configuration audit (`Tailscale_Audit_CL`) **and** network flow (`Tailscale_Network_CL`) telemetry.\n\nFor Personal (Free) / Standard tier tailnets, use the **Tailscale Operations (Standard)** workbook instead."
       },
       "name": "header"
     },
@@ -114,7 +114,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \"WRITE\" and tostring(Target.type) == \"ACL\"), AuthKeysCreated = countif(Action == \"CREATE\" and tostring(Target.type) == \"AUTH_KEY\")",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \"WRITE\" and tostring(Target.type) == \"ACL\"), AuthKeysCreated = countif(Action == \"CREATE\" and tostring(Target.type) == \"AUTH_KEY\")",
               "size": 4,
               "title": "Configuration audit summary",
               "queryType": 0,
@@ -135,7 +135,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\n| render timechart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\n| render timechart",
               "size": 0,
               "title": "Configuration activity over time, by action",
               "queryType": 0,
@@ -148,7 +148,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize EventCount = count() by ActorLogin\n| top 10 by EventCount\n| render barchart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize EventCount = count() by ActorLogin\n| top 10 by EventCount\n| render barchart",
               "size": 0,
               "title": "Top 10 actors",
               "queryType": 0,
@@ -161,7 +161,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by tostring(Target.type)\n| top 10 by EventCount\n| render piechart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by tostring(Target.type)\n| top 10 by EventCount\n| render piechart",
               "size": 0,
               "title": "Target type distribution",
               "queryType": 0,
@@ -196,7 +196,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\n| summarize EventCount = count() by ActorLogin, Action, TargetType\n| order by EventCount desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\n| summarize EventCount = count() by ActorLogin, Action, TargetType\n| order by EventCount desc",
               "size": 0,
               "title": "Actor / Action / Target heatmap",
               "queryType": 0,
@@ -210,7 +210,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\n| order by TimeGenerated desc",
               "size": 0,
               "title": "ACL policy change history",
               "queryType": 0,
@@ -223,7 +223,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\n| order by TimeGenerated desc",
               "size": 0,
               "title": "Auth key lifecycle",
               "queryType": 0,
@@ -236,7 +236,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\n| order by TimeGenerated desc",
               "size": 0,
               "title": "API token and OAuth client activity",
               "queryType": 0,
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json
index 519a9ba2cf8..109ce999d67 100644
--- a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
@@ -4,7 +4,7 @@
     {
       "type": 1,
       "content": {
-        "json": "# Tailscale Operations (Standard)\n\nSecurity and operational view across the **Tailscale Standard (CCF)** data connector. Surfaces configuration audit data (`Tailscale_Configuration_CL`).\n\nFor network flow visibility, upgrade your tailnet to Premium / Enterprise and install **Tailscale Premium (CCF)** + use the **Tailscale Operations (Premium)** workbook."
+        "json": "# Tailscale Operations (Standard)\n\nSecurity and operational view across the **Tailscale Standard (CCF)** data connector. Surfaces configuration audit data (`Tailscale_Audit_CL`).\n\nFor network flow visibility, upgrade your tailnet to Premium / Enterprise and install **Tailscale Premium (CCF)** + use the **Tailscale Operations (Premium)** workbook."
       },
       "name": "header"
     },
@@ -106,7 +106,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \"WRITE\" and tostring(Target.type) == \"ACL\"), AuthKeysCreated = countif(Action == \"CREATE\" and tostring(Target.type) == \"AUTH_KEY\")",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \"WRITE\" and tostring(Target.type) == \"ACL\"), AuthKeysCreated = countif(Action == \"CREATE\" and tostring(Target.type) == \"AUTH_KEY\")",
               "size": 4,
               "title": "Configuration audit summary",
               "queryType": 0,
@@ -127,7 +127,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\n| render timechart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\n| render timechart",
               "size": 0,
               "title": "Configuration activity over time, by action",
               "queryType": 0,
@@ -140,7 +140,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize EventCount = count() by ActorLogin\n| top 10 by EventCount\n| render barchart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize EventCount = count() by ActorLogin\n| top 10 by EventCount\n| render barchart",
               "size": 0,
               "title": "Top 10 actors",
               "queryType": 0,
@@ -153,7 +153,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by tostring(Target.type)\n| top 10 by EventCount\n| render piechart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by tostring(Target.type)\n| top 10 by EventCount\n| render piechart",
               "size": 0,
               "title": "Target type distribution",
               "queryType": 0,
@@ -188,7 +188,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\n| summarize EventCount = count() by ActorLogin, Action, TargetType\n| order by EventCount desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\n| summarize EventCount = count() by ActorLogin, Action, TargetType\n| order by EventCount desc",
               "size": 0,
               "title": "Actor / Action / Target heatmap",
               "queryType": 0,
@@ -202,7 +202,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\n| order by TimeGenerated desc",
               "size": 0,
               "title": "ACL policy change history",
               "queryType": 0,
@@ -215,7 +215,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\n| order by TimeGenerated desc",
               "size": 0,
               "title": "Auth key lifecycle",
               "queryType": 0,
@@ -228,7 +228,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Configuration_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\n| order by TimeGenerated desc",
               "size": 0,
               "title": "API token and OAuth client activity",
               "queryType": 0,

From 4e1dc8ad16e59fc53675fa480ea80cb0ce1fd1ff Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 09:30:05 +0100
Subject: [PATCH 05/27] Tailscale (CCF): rename network-tier hunting queries to
 'Tailscale Premium:' prefix

For consistency with the 5 Premium analytic rules added in the previous
revision, rename the 4 network-flow hunting queries (which require the
TailscalePremiumCCF connector + Tailscale_Network_CL table) so they
clearly carry the Premium tier identifier in both the filename and the
display name.

Renamed files (Hunting Queries/):
  TailscaleNewNodePairs.yaml       -> TailscalePremiumNewNodePairs.yaml
  TailscaleTopTalkers.yaml         -> TailscalePremiumTopTalkers.yaml
  TailscaleExitNodeUsage.yaml      -> TailscalePremiumExitNodeUsage.yaml
  TailscaleBeaconingCandidates.yaml -> TailscalePremiumBeaconingCandidates.yaml

Renamed display names accordingly:
  "Tailscale: New src->dst node pairs (lateral movement candidates)"
    -> "Tailscale Premium: New src->dst node pairs (lateral movement candidates)"
  "Tailscale: Top talkers by bytes (virtual traffic)"
    -> "Tailscale Premium: Top talkers by bytes (virtual traffic)"
  "Tailscale: Exit-node usage patterns"
    -> "Tailscale Premium: Exit-node usage patterns"
  "Tailscale: Beaconing candidates (regular periodic flows)"
    -> "Tailscale Premium: Beaconing candidates (regular periodic flows)"

Configuration-tier hunting queries (FirstSeenActor, ACLPolicyChurn,
OffHoursConfigChanges, AuthKeySprawl) keep the "Tailscale:" prefix
since they work on either Standard or Premium tier tailnets.

Updated:
  - Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json (manifest)
  - Solutions/Tailscale (CCF)/Package/* (rebuilt to v3.0.4)

Net hunting query split now mirrors the analytic rules split:
  4 config-tier hunts (Tailscale:)        - Standard + Premium tailnets
  4 network-tier hunts (Tailscale Premium:) - Premium tailnets only

Testing: rebuilt via createSolutionV3, redeployed to test workspace,
all 8 hunts visible in Sentinel content templates with correct names.
---
 .../Data/Solution_Tailscale.json              |   8 +-
 ... TailscalePremiumBeaconingCandidates.yaml} |   2 +-
 ...aml => TailscalePremiumExitNodeUsage.yaml} |   2 +-
 ...yaml => TailscalePremiumNewNodePairs.yaml} |   2 +-
 ...s.yaml => TailscalePremiumTopTalkers.yaml} |   2 +-
 Solutions/Tailscale (CCF)/Package/3.0.3.zip   | Bin 25471 -> 25484 bytes
 .../Package/createUiDefinition.json           |   8 +-
 .../Tailscale (CCF)/Package/mainTemplate.json | 200 +++++++++---------
 8 files changed, 112 insertions(+), 112 deletions(-)
 rename Solutions/Tailscale (CCF)/Hunting Queries/{TailscaleBeaconingCandidates.yaml => TailscalePremiumBeaconingCandidates.yaml} (95%)
 rename Solutions/Tailscale (CCF)/Hunting Queries/{TailscaleExitNodeUsage.yaml => TailscalePremiumExitNodeUsage.yaml} (95%)
 rename Solutions/Tailscale (CCF)/Hunting Queries/{TailscaleNewNodePairs.yaml => TailscalePremiumNewNodePairs.yaml} (94%)
 rename Solutions/Tailscale (CCF)/Hunting Queries/{TailscaleTopTalkers.yaml => TailscalePremiumTopTalkers.yaml} (93%)

diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
index 0cd17a9a136..5707ce2a734 100644
--- a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -28,10 +28,10 @@
     "Hunting Queries/TailscaleACLPolicyChurn.yaml",
     "Hunting Queries/TailscaleOffHoursConfigChanges.yaml",
     "Hunting Queries/TailscaleAuthKeySprawl.yaml",
-    "Hunting Queries/TailscaleNewNodePairs.yaml",
-    "Hunting Queries/TailscaleTopTalkers.yaml",
-    "Hunting Queries/TailscaleExitNodeUsage.yaml",
-    "Hunting Queries/TailscaleBeaconingCandidates.yaml"
+    "Hunting Queries/TailscalePremiumNewNodePairs.yaml",
+    "Hunting Queries/TailscalePremiumTopTalkers.yaml",
+    "Hunting Queries/TailscalePremiumExitNodeUsage.yaml",
+    "Hunting Queries/TailscalePremiumBeaconingCandidates.yaml"
   ],
   "Workbooks": [
     "Workbooks/TailscaleStandardOperations.json",
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleBeaconingCandidates.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumBeaconingCandidates.yaml
similarity index 95%
rename from Solutions/Tailscale (CCF)/Hunting Queries/TailscaleBeaconingCandidates.yaml
rename to Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumBeaconingCandidates.yaml
index c7990870aa0..616c7b710b1 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleBeaconingCandidates.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumBeaconingCandidates.yaml	
@@ -1,5 +1,5 @@
 id: b28cbdd2-8cef-be9b-a38e-7faceedfdbec
-name: "Tailscale: Beaconing candidates (regular periodic flows)"
+name: "Tailscale Premium: Beaconing candidates (regular periodic flows)"
 description: |
   Detects flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExitNodeUsage.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml
similarity index 95%
rename from Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExitNodeUsage.yaml
rename to Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml
index cd2929ff458..d1e712f3a99 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExitNodeUsage.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml	
@@ -1,5 +1,5 @@
 id: a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb
-name: "Tailscale: Exit-node usage patterns"
+name: "Tailscale Premium: Exit-node usage patterns"
 description: |
   Summarises traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleNewNodePairs.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml
similarity index 94%
rename from Solutions/Tailscale (CCF)/Hunting Queries/TailscaleNewNodePairs.yaml
rename to Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml
index ac682cb2d1f..738c75aaf99 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleNewNodePairs.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml	
@@ -1,5 +1,5 @@
 id: e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe
-name: "Tailscale: New src->dst node pairs (lateral movement candidates)"
+name: "Tailscale Premium: New src->dst node pairs (lateral movement candidates)"
 description: |
   Lists tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs).
 requiredDataConnectors:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleTopTalkers.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTopTalkers.yaml
similarity index 93%
rename from Solutions/Tailscale (CCF)/Hunting Queries/TailscaleTopTalkers.yaml
rename to Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTopTalkers.yaml
index c6d15a32a93..38a0b1182d9 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleTopTalkers.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTopTalkers.yaml	
@@ -1,5 +1,5 @@
 id: f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca
-name: "Tailscale: Top talkers by bytes (virtual traffic)"
+name: "Tailscale Premium: Top talkers by bytes (virtual traffic)"
 description: |
   Ranks tailnet src->dst pairs by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.3.zip b/Solutions/Tailscale (CCF)/Package/3.0.3.zip
index 70013811406a574225fe0f44c0f0766a9a42fccc..af894ce06457b55cf96ac8d9b436e64c29b68756 100644
GIT binary patch
delta 19397
zcmZsCQ*dBi)MaejR>yY7wr#Ux<Hok#u{w6rvF(m++v@4>ubHZus(HHS;XbWZXYaMv
z-skTyXv_#GzLG3B1O^BQ2n<N6Y?Yq>XSu&H8VE?X76=G-GKwi)A_p3bOs7+dYzxL}
zqM|csZ(_eaXlF7rC@1P&<@0LS*^oLi+<}*Ic27@7vInRRtn1&0hdD{fpNh$Apa5uZ
zvJO}YP|#FPH-+e~!OV{>Co}m`!<NBw&dxc36NdPqU{O9aFN(S#LR)Z0d3pntkyD8P
zi6=S%kB<~TTJ<XadN>fYPSy{p(x<%URLN3Al)>Da!$9Ud%@N1(b<wtq6}$a00Kw?V
z*fppQzfvH|Y{ii7CA%6j-Y(Z+WvM-OSp0(zP-Z{aks+c)k>g~>eTTn?SEV9nBglJ+
z<t@s^9Z)q3fl01}E7%sQ2Yn|Al$3erI-j!214WkzJUrz<2;UyGzkbNp8&gE%R{t~q
zjB<SU61YA4lHR9Q6zc!6jA7=OBIo2tDJb6wi;#u!Oh7@0YN3<bJ!APdR2Cd_;<lP1
z`4gNK?71SD1!5Ywf#iZ%-D1(Y)alx={)_*vhuVk-!w@8~CKWw3mzVo7JK4j5|GUaJ
z`VS-fi@buXm&&awWwl1(eUi#v(!zmH`a!yd9!hP<sWT-7c#9EM!V($*PX9ui>y0gR
zFqmqz_V07GvB_lPvk&d7%aSYjly-(U!nsFiSOy1XUL1bF;aLcaFm^K_QUta7^7D1q
z96GowYPBCZoi>wo-NDufNVu_cZ4G_nQcn@AkBTR!{Cjt@b7JJ{2>3dBdfaq+xJXL2
zUT^MAwOp#DmL!dVS64#Ykgmr<W*6o!;iD?SrkNCoVJYBZ`>O^t?|en&&NNlB-oe5%
zLcpxqQi=ocPz)Fut-*oySx(kd5}17#K2!wr16z$r>YpHe{z_qAn~XcxNJ%^##KLx5
z0Zct)n$j3657oS?@Qb(F{f&JvXWN`2KbUcZf9lfv31Tily`%DZ0PS#h-DiY`k5_R4
zS+A`Uj?a}`9cQnZcK&a7S4Oj-E+K5o8Jo;d4AwyPq{1)h-lcmh%9x=u4v8T8qbNxS
zh}kTzAFY{iX}grI{&=-EC)R!|%Pr?RY>U~{Zrm*|{WU%bx~aQphAXw9GPTRwN(QaV
z1(>`=pf;Y%Ep-Bq3Cg1RJk1eUPV4JP2(TZm&IzoieiQc9BJuo0GMuwp61iyHnc9o3
zxq5)4l8Yx<CT_l&DzA)}`sK8Dhh1*C%Lp5lD(|K+3H+~p^xS~tmI>X=Y7T<#U8*?9
z^yP5AO))&<fopr3?HzlkAPOX=%KYbZ*CCHRc83vv*3_(GyQ53k>UfYvJqNURBGr-o
zj{RnT!yn3nl0AOkPjj>#RFf5o08s{>HvnMpa$#t1^w;tv{G}rp=NdU5TQ)2|V-k!+
zTEXr=12J<}Bvp&lg;I>dN$l&L%G&b222QCf8J*txwiKJ}!&kdDdHQ`F)@49pk?k}a
zR9p`Z1M`&YAm&{oPaQm+CFD08T&WDi+DY?m7>j2$EOVMQ{Pd#YS>%OOyC&MR&NGm$
zd|pjc<ECLfJ=ms}q+2p#R?vm#usrrh#MkA{QMg5>Sy5D9xCzWxzR3*J8o#Q?BRXv}
z=kCbbVZOz%^>1yTkmfySb$uY8*I`(!P8{BFtdHGLoMf*b%pb<UlC+t2{kWZj2ZZ^c
zF@l1fVcIT&(B7kigAW!hw^%fYpT<Ck9AsQ)?IWn~+0cz1tMSsJ4Iw7iU;i&U7MCW|
zNwLZX^HDnr=N`z>#Yww)xX&Ii0VP<=j@9tgZ`Zo&f#!R7&A7@{y>TVuC^^PFalLKd
z#M7Fc&1UTjQYWIvSNnb&A6K7<phIp*VV}+3bDs2<CT>MC+U0Dl&xKkj_>=+go9sWn
zGtEv@BTUFJk7snJeJxvOguQ!sv-0hM(6RWB5|D_>Qfy&Sn6WA3)>nQkAg4=bevLLV
z&7`)-#bm30oh%#(wnXE$jN{rATnDfb3~;sOtFhOymlT`bc*=M*`heQ6x)X>t=6rI8
zp(i*r96+)?Hk{`>$e~cF^&0^w&QryqGQad18_bHm>ql57mG8BsWEv92Qx;>H2v<4u
z%MX8pcQ_&(%iOq1pQ43)jh(K7$fVxlZgX-!4dH35%Pl&pG^fc%lw)T%o!hVqWcT5;
z$)zr(cyaT5XA{6MYZI~_Lc0+chsl7mptnkMvJ9B}kcZa3hR6GP0fq+{_|!PH<J;bj
z2~<P=N|(SHRYohIKv|UK+)?G-p=iXS#OyTVKK=$KQyr4;)=CC~YLsYkmc-h!$ktsh
z!XHpq=u}gK`hrmG4UE3HVvl;h1nJ)RW|+GyroDqvAyyUU9JD0fopvXnwQhu)TcPjk
zM0PsaDoqC9(&qH(5Rd~*5U}0u#feauUX&=A&PI#%mO-I+Ww_$u7}d_<zqW$LNU4id
ztL(tpCONV;f2!EtZm&ZI<uUJXI#mVUjiXi)jq+rRSknq8W$M^r%RWB^mq_}?g&-0)
zQ&oy^S}c;%Pz98+2*FoYB5;ytD}~|;Csa1TXrsX$x`HW+{GkMLMca!3`znG=Ui`{x
zoE7sSRVot9(c)kEWXYwJ%m9h?rEulA%&#PTUx$^qeIzmx76eCx?Xlsn8l)RxuNL@9
z!K<m%xu}yiaE->*n6hrhX8S~uYVcMiW>J6W9PQg}8JCjXMkfgx6DUY((Z@Rc3y>c+
zFp=iPo!#9KZ+O7{4Io@je&#qmZ$4-$@Dc<^-_Gf7hq7PAS}anSf7V?Y8Cb!5$o{Ss
zj5=vBtje0MfJgPYwIDDYs0Cl8tz|WI90i4F1Ce-=y5TA!IC$@SEAqRl6^Y>6W*otz
z14b#*R<?m}i)<ISDX*l`v_fh!uCOFtWu=BolsP1IqdoxnYG(*1(yc?H4}t@v;=*I@
zcW5(X+WQ3C!Bg$t?11F?5{Ax_xiyc44zR3loTMhv3{@<si7yJ<Nr~u4sE=dt731Xv
zbVp2K(Xa%6ldaWH?JY?TBv8ueS9(M@|0!d!KvtYyGEa#fTdAot$8zKmbn^aN?1Agj
zO+Ha&NdUmV7!X)5EqZ<yBQ5{JD7C^ilUc<p<v3&xP)^Jl-hh=TkcjqHaDV&ilOzt#
z3N;)ykmC7;P~1QF2bnhaxlgJxd0I&et7+$E$COE#EguG!YYSb8PbT@L(u*T_p(w34
z6{<rkg=g3A3hu?#$w(nguol;m{V|XOT4v)VGyzDf?<~eA>_PSfx@A3m8u(3}<^CXT
zSxWqtm|tgX6Wnerd8*mi{(c|Gi!8_*EcuN0c0uuX)$PVaN8)X(?O<Np?&2Y|=<ZCy
zcVm`x)6q0r7YUP)Q*NBX*b@Syc3DnHLc=>QMMy1+RsL{gg>rLZuF}M7l43LF)sFQb
zB@aN$aG8)*0TINp$rwy7tVM%cBrMgc<9WXL@(BDG2-X+*yO$=0&s-rxm8KhKM0|nx
zmFxC2CdatKT0Wq5AJZllo~9+vZz$cNbh?`Wci6Bp1JX}8g&^QHcY@ez5qr+1MwSQd
z%gjbV&qV7VYugzn3kQL=`$IU>h#F%;M-ot&0oInb6|stw_WvNY#)G<A72NJuc6I-G
zlM)Ccqg`UXqjw5?UyN;)naA2KotfD!oEet8Tr<yKhtDvaySa2O+m!wsMk{x6MzMTe
z8?10A>V#U}erVQJ&~flJJ-c3_r|s0mbCWM5He%$car_-Qo3@h1CmklB14%5hRs)zV
zLnQv-kt)YtQ&B2!Ed6XthA*@H>PR+htiZO1Kj0lS<%G+30+-QWC}=8BN>TZd={utx
z<A6n1N7HGgPEEDYz0F(7O+~qk1-S;sK_Uy!Y@DXOfx9J>o^aIQMF88x)D~lz(2~SN
zIsj*GaRRY$@pgJz^q6$&e}5whWCD*P3vAqFbgWr9LzJny2<}tqYi%piROz(aCW~|o
zIce+R_j%53@!u0H%;wi4K}8*-FlDMSn5xP=IT+c?=!sGu7^0)bojs-V4p~tBWD8zj
zkSxTKSj$8yky(h4Zy1pay>pym2TmIbsFy(%a$gi?nN*#o2C?la3o~tU!~sON;n$nW
z{9q=^)U$h~*-2#BcRp!#fG_*?B*)7z%};UloDHyaQe`2ZwiYJcsGVPYJt=iwa+CoZ
z#F$O7nW)I89IgC0=V34khVNNuHk`IEnY94ByYqG1*Y}d}1;4GIhlIvG=I=ZVWxj9j
z*J%)~6sAWd%w7!jk&bJj0C>V#&>mjTgFhP-HXzA#$VVnI*2R=BNucWMdZ7X+`9bdp
zZmN6lq^JF5d<^T%sTT0{eizqt#KdwXOcDjT4ppzTmS>_u_QZ)o=-P04CXbxS6E|qa
zjq1m9j5o|~lU?qxLNh6ihE-stZoH{_A%b6={{71ZvDVlh;bK-fK-86i>PaMHNUq9>
z)kTk$s9=>q`)w2+!3{AtNi#fG@Mo;CudyISbzAGYTAv9fFLI>l@EF#TagWMWSI}&j
zMYqX-T}425<FMabd=`V73JlcZVt%Q2syp||iE2MZV*$}_wgZy``+AP}mf4F##7d>s
z$)4nBN~bM8t=P~ru-N+(6N3<ci{<3L6c5eEx4CdIW}#c%yzCJ@{TCgIm`j;#G}N0*
zO|@<bsYgD(4{e#}_`zd!2aA4?dKyhix(HwBhFOfQ-)VrLIi~EXGpgSd9R*H*rq@w!
zP>-e#Nj8&c4f&Q-CC6~JjMkA%8|#uw@pz=2OaJRs>Ors?5Rr?eP^CF6w%ilEKa>YY
z#i*yv+8<`E0uHw7`~6wy_Dwz2q#OsXdok0a68nw^qP4>ASDr!@4qT{WsAljt$eOGJ
zXMO?A@%Ra`a`+$_Cu`Uw{PD=IDRqmoR9r)@W>7lb!@wO`4BACK^QP+VNuzh~rZSya
z=<b`r#Zy~WV6_@7Ht0B1YpZ+#r>}6w`W8tY>n1rX3u5|2!NbTvpBih=y!IEAF>gw!
z8?A@{J7Ig~;JI&>6pwEEv`3!Cb|+q|!0nRH(ZK1a;cGiJ72BKCLha|l0u10Tm+^-9
zcdFF;#iHZkvvj((;Nv;>jH9XNa`DSu|62P~vS-ue+aoBWO@ndO3n@#|(F7mU^#}a_
zYk(C6do|>hKtMK<6Vdd*H`(|aZ_q42!M6qX8nrQ=p@9m&`cY}V#%PU{-2=?B5{{>2
zjhy^p0(iral>~Oq&qUnxsQj;3>J~}H{ig{3(5o!QR90~H_M|5Ne94wSWx<0cv(zcs
z;+AP|eyx@&oD>RDHqOEeL@Qvp0|Y(A<oqPM7w$Kg>4~rU$ZQP@HHMwv9X>g|Hn03X
z_Rb9PF*JMpwrArn*B9(f*E3vOW~g#?{ff8q`~*7r_}2c~#JH~c@f~#S-)eq_bNvK<
z+bDfr#+Pord6~or%w8cMO${B!TlRdJWOcMZm&h8nGBN)4(0}XL|7@fpga8L*dF><C
z$omOt6EK`E>UcN{fH&8G(P|jBlm}(63=(iMMM==ppGd|Sf`qxH%Rw$-z5c4SR7=SP
zl!bpGvGb+w9UI!SVk}SL{;KJR;lm_=X=Xi(QKQh&>|8u|U&i!ezFiLso(M*?7oobJ
zXa?1sL=eQ>q`SS`g4gei%EkbQ%-I=V%sJA>7bszprpc4^#PuK~y=6nGJju+FE|ABy
z54$}rU%?rdj*Hp(QqZI%5L;kSAz85!GChmOCf7G77_s)rXXuM%RKn!z`F^z5(2Z;q
zq8kKo4z8|_0ZRhi*9N&&k?Q+!eBk}4`zyN_ad)IT10C(nP>;iLh-*NWmE>Xp={o9P
zrS(c5h7DPdoMb*%&pGjpZc;4thbYV?T_fD8I-!L<@1v8?v4U-mb7?=eQZBQG=CHy3
z?~iL?C)QcTKWy#Ed(heVYHtYcIWfFtUk^qLa=0<lf7*P7zA#vzri4t%5_JzP4t}>$
zK{8F06N+`3)Gr-|h{6Q&FZzE^^oVUZjd4L9R&!EKN3ixnC0&o8zU=q^J}i4O^hO@f
zZZrJNT$e!Gr92-``Q#?v?bwcHVtP)Fz!{WaYrs!|3ss$`n7^FWbL&s9l79Ns=4l=N
zai|iGgAM7u{mU8p!m}uQtHBB%Uwj;QkU}`R0y3F`=kt{~^biS{mXD*uN|#j_X1nkQ
zCEAxCcHEaWyfd*a?>Qo|6UR~v;koORTOd-hO@6nBM?uFYx3OpG7uKF`85|EAq=jyH
z+6&c^Ablbf#RD_;y#<2>T@`aEH_wl}ggREo6`Mw1_&FL<z(SO8aBtRmJnzHs>zE84
zPcAd>lTuVG*;ExMP2+Hi&rr^o+-JYXzrjR5H?zv#LIZ7XGW35vOqZYLgjaj!*{g#&
zNO_D;CNeiEwOo|ShN#GX0YCBoHY2H$_j`nr@2`amn?A(xi6c)>$8hr1rEDSJ;ZW{o
zLZk=(yv&0DgkD!8VbKPRCq<1JM*oYt=97_8(lX<5OLH3_e5>GF_O;@<J#kJF+~7I2
zzcUx}J@xJ=o(DOW-McZ|({B5q8S9geGwiu!=*~1we0tL9^TQ4m#^phG>V4h;vYuPk
zHfwkVR=t~U*|zNT^awZSw7wl%{W%4SS>A~dqcd05_JV^9np*xl4y;&~1zEyk4exr=
z*;t$RH;zw$=*Hd@Z7C2!A&C13uvA8mcQPoqK8hP@8Mt2)Xpkgd4&rkl(*-%fqOnjp
zm*C*XQ4(<V*^BUp!GgZ~%RwBmRT$GAf@vy-SBxU7m_0+X#<mX|jWYUrl#cztUSw?8
z@_|Vk<(mQ`aAoZP_tdjr^gP5FN?1Kd-+)^z_6q`t|LxOc3X>2_2d#_1Y@^|yEFBG+
zMQ;s@`eOl0@Ct>Wm#PDH_mm9;er8x$R_ILimU5GGQ~AiA6I|nNNSI_jfWiWl=}QYg
z10BhHVJG%2CnO@FJaf6m^Ww%QAEN9cT$KU`9X`I?Uy;3cL(5vwF_NOTh1@P2sl3^Q
ztSSUpxN-hgCvS?1fe}s&fAtijO6OzDb}78$tM5Oe7_Cj**dK>EwvqqIXukDI6_R(n
znw{(o?ea0)bUnYK@JFXNFR{7G(hh43Jg4w00@3j7816}J&9beB<?lm!FLb}Ab7xKU
z%@~l-wuj52ej2#g+dnWkPyMxSLfK_M%ya>KW@;H&{h0+t%NEgrEjSM*TWm>cPmJmU
zr&wMbWW64g2}erMyF;4@c)J79K45HzME4%&j6GS$@H3vZ+)}K?R%xnti|^*0RSH)O
zC6>;#<yb#7O*e$|Lb~LJkGg#5d^fE>-gecEC{}fBRKCH;0grUFrt>o#F`nR<nlA&k
zd$GRX-)YZAP&{j8IaC*pTfgxdTqx-*8T3+<Wf0O)l3eraonUa&L7EWK^!hJln#MU;
z<^tEL4l_X}95EB>?&8FPGu+2pZ0oqk>p_NjuQ^930iGbXO>wsnST&!+L9JOX)>PW|
zoQGW5F*QCS>r?Iay?-ny&j~k_8T)_(JM~F$Q0k@ex3BrRf_KfPJ3=-jLrc21kD0|?
zM$TG-jcZjuaWTD)@6k7Z<{j@sYchhOcSDr@j7{qYKX0;&6=~#`hv$)B%G$Q<JEWq@
z&YJk%h+$J_CafWB8-0$7dO5adE#0T$t-?w_?<Z)y%RZhLHmAAJe%FM+EnNdGvh~R$
z4ZLBuZWi;)l$2<QVDS6|)Vq7rea~kY{4N^-a@0HY&+l?&+ey>i?F!wgE)Itqx;)Ps
z(_Q~_{B3o-HD2MtqtLZF-KjdO?RC8Atnm9V$Bi62yZoV;_i(zzQ>W$Lo;P?^p+!}W
zakk<~AjkS1WxYMef;g`cu#<MTbdT~&nXWr!H5@&4t7L=cZ7&5l7cx2iL~=}cao~l~
zO=veqB-<n@f0^W{U?0WsMx)!X950|Ll(kQndMT9hOqZ-a^#H|jK+VEQlN7cGn&0Gf
z!K*^S80i$;%Mhkh7wz=}Pf?>K>d%3~>D*8R@bpFdp&SlbZtFDQten1V5_(-WQz4Cw
zR};&vlKw)D=O4X}Y4nSkhdJaEeBxA&AM$BuRG-X=hX*e+th0|kZU*#MO>Ih+Luz6l
zUOd!Wk{_G=mV@oS-ATE~mQK9%*LE4ZX5}^#=(%wBxv+nzl5(M4a-dvtAdlVA)L<ta
z;p9A^a(GjwuRnlR$Fd%kY5#9Jcat2iuc0c>Zyj(2Uv(no)N+B4Aqt9_oHHb0-WVac
zZHq6s**}u9eWytLF0wWN!}m{*=#9@E71Qt5;&2F%!a1EAM43BAu{u~zA~3};kl(<%
zP@Er5*@CH!+g&k{Sn}kS)GAP$6(TuyM1{6lBfEW=H!Xn^1skC!Zpu)?0zZ6&V(40>
z8%9vJY<H0BIEk7%i8Oe{PL>f4*g~01?#0wKwic<sshiZa#mYv$i+j(EJfKlZ0d@Ho
zN#%DxPC~!Qf?^+)DZJ8=zlx=Vg1xWC=o-;-Ow4$&{54<SuZ%)*WlDGCoKT`?B~p^;
zOzNDF6^R9CNtB8;Fi~iRrF@sC*G%Wr2a7payrmc%4-u+~51e2wyd%)F|Ma#0HiF8x
zub$J9fy(!ZNx#oy_UA5b5FBS}IUTvDImvORg~-kf8fNARU(MM+yG|5<!_!$`k*i5=
zU_Qt*i}t71;5c+)eG1+#p!_&oNGn@xlH1~zl5GOaOp3>8BIW;*WOd{biO<AG{yAJ<
zr1E#H8}f5X<Pi9l<~){K(;Fm?2@XgPnBr-2$Dc0Q%hG1Gh8)TUQf;HznbAgdern#s
zj_lW;;v(7m&0Sqxu`?gc>y1#P{lGVKzbs&uBcXST?lr~BMgG!eX_f7KN3JS7EC04k
z)_V*rwV=rptB#-x_(;6WV%<FqjHx@b7%M*{>V)|%H&4^hd*nU@89m-hXblS&C6AdE
z=H^<5IXymIPRyN9n)Z}Tv0cDie~C^LuDMV`e7mBlh)duw!Hrb!ePdqT0C#bgkxcpP
zlY<vZ)LES~mUtOuyr!@^EIH`zwcJ6`VUL@P%Z367)p|iB#@a`h5S<q1ZpTlyFftRD
z`kXC&`Jl(h+p_W1C_|N6w0?tPPo2@(X*`<TZA$air8(_7D*Bk|v%P#hbzB@EJ&><)
z<w2H7N5{`I;mwVx2f}2ISFN4%bU5`mB)ddZQW2l?8g@(N=^yXaSvSTFTkg`UKg{WX
z)p5Y^Nt$|KQ;5kRz+oi?`YamThVuIH=kuO^_8wjKiDvd`<T<8-dtR(gIXwsE)f@t>
zLV6}{s{pdgapl2ezq&$aJAHRb<ya0SsqPH#vBOvaBO&39Ks&sk{vo@;4~6}2Pm7m@
z1d_WXH5p}eJ~7;!4iN*h-VQ<D=n5-g*MmStIy~#o=DBK#?il0XAm)R)a^PkQo^+ak
zurOtPUdlGtfmL$5oILpU#5DLemUqw406cRq)jAq`t0<P&xzx}*K4iazb)959*f6cV
z$gOAfpMT&qQpzZT7a3GqF<m^1D1f8go~RR26Pjv33~IZeYhtv+mJf2+ttvo3>Htb`
zIt|9K$5GW*GfdlxkNMpR_+QQ7ezmz#3hhF9hvF?1Ri=zO#-<lYoR7l$Xk-70ONM^w
zuWx5CP>Qa-pJMswQkK-z2LCJIxAUuMQC;UO<*Bl1am-%uxoOdA^LL^-eHmShFo^AS
zH1=0DIjI2XuLey^zmjo-T)nn&gHNE%`}e=Iv{P!Aci-x-F8SMbih8JO*Tcd)p?xum
zY=n*IK$%(B)WMEBZS9DeaW;9AO>aEusxJGwar3S=y(Me9AE^@^1f=SW=d|f=DG{{k
zk2cQQ%kT^;QM9lA>EG!1me*B|z_sSh%zo?6^JZSzHH(qWZ?vXKflZ7FwE{U_)(7T=
zx=6UKL#*=*;W!#JY@5zjphI^9`DS{|s+(O^N07CSiHlE>BWepo1Uf4@j+Ha{^>A@d
zq*3UC#?%;Noo<jK$ND;=m;3zKHN{(f1fug(>@BL8%Z}iqYoFsKo{E9IW#LSZE|5O7
zmuwq77N7sriT@!@K`$Pa4FK&*B44^=tVJ=3o_D+U8}^0rLoir`OdFI}Xs?dQi~f$P
z*X0E@iIR<+fW)g3(Qx!&?gV5k+2RF^m7jnldgGh9{LUyRVv5Z-w40;P2N*?ZVdZB5
z!|>Wa1)mtwwX2N8zdux@R8Qtrl&sK}t0Cd+@=%Y-(Y3v1RVjoC1Q3LA4&ryj6CiP7
z>INHW8JnR2G@2#D{Q-6I!{kCFOuy}C_P-8#3zOqL0*ag&#akt5j4%;mLeeuAur3|v
z>SNA@ghEPAHi%K|_^bW%Iv8az@1^07_->D92n!Mmq)!=IlBH7-1xh&$L6NlNlaHj$
zP^1~IR$0^}B93=b6%^cl-(jP=#CotNr`Xbi_6-n#*75ath823ow&-3S%pW%>%;veV
z@_3-gckxg9McRhzSsj}*?s;kiwSBxi{-#-Rg@mn6bh6$&!3{j|ALFP3^PiL#V-{UD
zn5@j%tdHaDl+m&3a8kOH7S$;1TB|8TI9^#hCw~1w(LYz6T63EsyIypyS)=&T6@}52
zmrnM8Y`xxwr<cGr4WxgzFknp_v>Cfa`ce94*1^q*s~NuI8!+8#r}xkq6*c%>+^8kB
zBW(l+VC}s~MWem^_lGV05ok~($*dMYYghOjL>*Xz*R(B(SD5yL56Q?ST(S(|bVVd4
zYjE!f!Ygpr+fi2tiL-nHB@ERJRjrkP-Ulc^Y4!JX?LbXvrAN^qt0ZQOgM`!7L|KhB
zNvINXLXKBZhw+d&X=Z1}6DhcsgZZwxTYyRQ#(XntI!}#7PTi_iRr<(3>1u3cRi-MO
zSEvB#rIB#_u#I`34R;qqob_A6);ht`R$!DZ@WG38MkV~zCy+l{-=tH6ZnQCo9~|JN
z9d!X^^8rn;EWqDJ0I|e_7Dlh02eBNZ!mf+>?jPX72fedV12QcRnv+l7Mw&c+z|QDm
zATGX`N7m4u+hO((4HK#|GMP8TOc-XDog%Yrsq)DmByBvLq}uVe#z-_dqbSa@Zb1=;
zE2XgW)c5Qa(v<9(x<k06w6Pjv=>W@IpADvvV)(`y7sQ-E!$kv1nc^~e9b>8zRYo%0
z`Mh{$(w7+3$gWhS`pnp7DeLHh`ZjvH@bVxX&({4Z9`!ycE-G~PE$twnjN}-LW{6Bv
z8E&Z4C45%#{d*wY!{cjV?Q>97P_A`omBwf#jREN|%m!ZU20XzgkJ!r+QsCEFtR<8g
z$3Juu|EPq&`Uq=8>lgk*$E;aI1Du!E%<VsLMs0@0U7+|mVz2($-FZ)&|G;tm?$6(x
z8(h{x$M2@>NqcY_;#;`V7HSiN(-J(wd@_TlA1j-$sf^lL7E#lpntqA1uLz_6XrzKF
z3LBv4KqT~~KaR`t4!|@@9c}Wy&>F!<ilvSIq#JD+rFz57UJMu`nUpo304Z4`G74co
zSOHHDsh0Lpy}9xr8CM3GN&*c~p;TT*@A(seNHPf<p@#(rZxUQFH0ySGkbd>Y4KX5O
zCyCTgh^-jmDL|`Di#iqBm9ONc5JlIjE#<sN&bw1+1o#=m4E$^es)ut~-V-`^FT$D4
zQmFycq08q$#0;gwYl#ts7cq4j;Y_Zzp*DP5JjgSmM@g{9u&n|!vxG1^Z+u$N&1R@g
z{%CIS#0K@kw8+&e@2^Uo(a3N+QZKh{N)OX+Jszk+m->m_$mk~Cfj!x=@@LVuxxb2T
zk~hDozY3eV5x@@6PH!un2{10ZMP;93j5SWTa|V@N-5;sr<H2z+>#xHOHU4Ql+z;|@
z)I#$frDJEs_n{zW0Sp_t>tS?7ML`INGyhKR$oubB8a?5A%Nh~mu7V61xP}@#en-;`
zmww=_!|MiL)WCbg(}iMzHQHgu1X*jDopsNZcMYQk$|Vy_e>(~Y$4x<wxh=Zz^iwsW
zO8BydRfM`G8%+=vv8<5tVfFhd5MWFz6t5T6o5s_SQ})?s9NLKP@`pP@nUs?A{7J_b
z-~Ak$x%R&+q#^j3la~@vn1H|1Lc}7UCpgLAB1wKRTRR9q{Ow8~V7lYU2dAj3d5rDQ
z5mR9RdgWXLBwoUNO+sp^om15sZOxX7B&wG1&zSwecyRLZnwQ9TyqYe)X+-TY)fXC%
zZBYcZKkrp9DZ6lU{7CHfatq+)X%pauIgK>=u#t6Z79GIpsj6W%K*pyv*8gnDaC%(l
zAN|WfNYN*VdGuG0<u6$QLq`!y9JSF;__OV5Am3lPtf8yM@#3_Hj^H;&9AOWnTkQ0_
z<HfWuw>#MB{oYE+56R~sQ|#ZV-qjl1?xCj8u4>#*U=~kcju)9f4%kT6tO+3HU1iAE
zDF4;c!lxJ1%Ul96pE8jqY^-6;Qi?C5SESeO-Tg>rc)wvScRiSYq+NU$r}v?DlaFTs
zzRc<_L@P+l1J0eGpWoFaTQMZ*>rshKkP7I+GK6E`4jPzu*H#Kzg55d5du=Bpr2B;M
zj}ocQIuMXy3MVCNrXtf#<>?8nHc7!>WpzxJ3;J}c6!~#{>uw4A%aI*(hhc8ZSz-1U
zlXQ)?>m^~xIjMLd&q~a^j<%qR>nTTpW}Fs?47r#cQLVmF#Ici%t+gBF$SrcFj@t-U
z{Vsk{M^jK^7K}Wnt`Z2^ynxi#m4cXjH>O9HGtos9DdXSDaB<Jsev$ngGOmFadSl}`
z+?~>%%+4numw4Oyx;K-g9b!J&1Ec8eoQ2@9b5!QU=?=bjTyPuRBA!OI6KR}4A!Pmj
z&KPyF7Px>OG;Bu_SbLyBL71Vd>o2dq!a(+t6vN)&3noJSp|e*imxtJna>q%}ht$3o
z2|^o+%u=8D5_@mLt~^K3X_xgTaq};6{xzZPuo;5uOhwgv<b>XPN*HIdowypiIQhT$
zlZ4eivCmY2)g2;bFXTq!_>=%Ze~e#7wCf>s#EYOwLbUD8S{KO4^(W9*iu_cQi-sPJ
zSCdcSl1@FVw)$`W3}-V+)hsmCsf(Qx-nGoSj2%4fyEdHh%d|lexK=m4sXp#B!=hc&
zT6XM?Bw;hBM!s|To;8#7Dav%?P&r{|^^UX;0fqln<*F4|dUb(TWnvf5P+U7W-7R3t
z<i?b?DmnCiG|N0VR<5!+2(Mm=f7qCMMs+{G&EcL_+Oe9c=$0(>)>)aYV$|DJ{v#@o
z+2B{|S*gk<gsWO*Hss_*yE>QoTsE#Nr*##C{6)&rYRbP_@@sW}dG+Gx#Lk^AcPhw@
zv&?Anb^7pouXYWAUA+L{lvm$R#TfXnqut~c_FHhdQO2`;g<x=^u#Hee@N_(l8xh2^
zxCwcXTLg$AoTm4NuZT=Zfai8eJTW+tfsXmjfG;lgKK3>et%#YZ6y%*VPZ#20w4Djv
z<OR;gp+JJ%xl%?YLCl&~ZMW^qyB_MWN+CZR^AFln)I?Z;8MXj+mLXF@kL>PtQd{+C
zh|y+SPiZOnl3iQL-&<kS;q&`ID`C%4CBVB-GU}dZJeD<Bb$*s8qe?tFDScX=Ibvsn
z*5rj(lvznI5@fIMK{mheZW9b_=U2TXRU%dtJufi%HA`7DL{$n)&n0+PqOXL&JR5$S
zGTgZFJl~sZ+Jgo<sp~kj6_-GU)L9A_IvG_YXejQ~?FNtMu|A+z<Ae$Fg}))lij_#0
zv%?}wC8H>#QW&Jh+bvMM1*yYaTKwCrYj&j$mkCv>K%vDHDG~8hpbdH9XtKRvln<@r
z`w2(-ud%Abl+=_x7mCn8!FyI~(1yr_qRc8+pkOgKVwVFVG_Z=3`La^`->ghpn-~ks
zlHs+Mh<X@}nIzNeG*8j6s$@Oo>yV6NphiOADL2`c$OlViewD*)sxFdWlrSE%4F8NF
z+Ksi|uJ0YkA6bM&a^>hJFg{2Kv^9|&p6-E6kL?=n=@xf46qtj!66iGzb6qe;2^~$#
zBSpAT3(f!tCcam$zGwtI*qNg1BYs0yAXSP(qMy_c7s{4oSiH9+C;6Pbu8Wv9Mt7^$
zy#d92kp|(fMb6|FvVerq6FVd00x2W6LDVSJ=GMfATV?C~V*x4y`Bx?mNonGF8%J3d
ziM1TZcN^sP7G5gI$VnZxetE@ive@IMr_=5doIM>tyAuRWwcH_J&yHX+r81l#Zg9J0
z8z+L2`xJ~o4L4B@afU-jOJE{^D*`u5Wbz%41mBV+8akKlBjisZhzcJG;_^JXrzSFl
zm>groo+5x?5Lu3rI3Vu}HGk2kAcm6jStJ_3=%f%rI+)yX6%)X1+BP&at((NPO+qjt
zTY?7Q2!+XONjQ@$<53+<gsVGiG$ad%*ioyy{Vmw8tZ6(~GzjIt_fWh+@d~Zr`UbtI
z+N|z$l|kMe61fT)w^KBj(Bf;~rru1U_N4mzR!`>&StiSM&mM4uyiwV;#%0OGOJw`F
zC9rZ~S1(%=YTD$=RNr$Gin%W|^S$S~4$S~x4VZ$dGW*}k*|Vgf*_1m}tof-^B|aoJ
zIG)l<=U1{7OA`OxdD>VNu0tPXYYb7Ef7&cnqGTTCq+AUTK4TSL%^G7w++x<ExE`Io
zUQ;JqxnT^l$|~M4yZ&d<)Jkm=F8q>(P+J?<iuduIWz}#*bgrgyVoO>1@QR{-zbOzS
z_}v3$S6Px_yh6w!v=G!6Q74x~J(vyzN}a72Lop(bvoLK!dI!Pj6c4IiiC8!5(s@?n
zq-BUE7%5d1T0tq|bS20ho)II5dnKfojn|5ws-I(T+Fb%~A06GqeASdc!T1+*M6g<b
z=lHvrLuB_QNiqUW8F@z0p6Q^lt^uH9Hdnza4{?@A+Fe4HJP7AXKqghPtw~0e&dLlw
z>xe^NSZn2Gai4S&b0w>c8rm!fqs^xwehGq$MwC7a@YI5Xw2agr1@R+;P5*G)tARDv
zq)@s)BbhHjT@DJ_qtr*>9ZDiAOZml0p{C^;s0RDRn(ceapZe=I(~k~`6dnjE$o4ta
za^V%(+^YCMru`cXS5^Cg?3|}&^hsdk_p!Ci@stj=bUg#TM4ceOq-A&};K^j<SMSrd
zYy-KZY2+s)3Aw~%WWj_|#pK=h6SPv%l*-Dahh5F^KN>9Ki7OpAo$KB#ionjX5ta=9
z%a)&8=z1YX+@S~RCy*HcpOC3Bw&CkCv$<atQ9G()H;~(7@IE<@Wg)xK+9WChDA3ix
z>VFCIq~v;zmB0&;#KCX^$67+|;8!p*T7In6>^3(BhOMynS{l8}f_$k?n`qMp<%=3n
z!MB-sW@a#rJcJFBktoCe=t`g!>Dw<5mBYuEiL*fcChewyGDtQ7v@|(ts-tTObs)ZU
zk2EXcy~sd1M)qR$=a}L!#`mRye55C`?Dgq{*6CGY1>C-qyTnk_^Pvxoa_|slr*NNu
zV0B6fBaif4BVaa&-m&3}jSo5Fr$hy-(TfkcPDefmrS?lxnpjg{WeJJIT+mBXq;0J(
zY|?-;dc~MMT6{DD2C1zr=NafdCL*@F<?W5sW;|pga~l|HCx3(bU{zE?#);h83@QCT
zLs<a~`{hjDieiu8wIvM|-JJyx>DGb_v@u#8Cejr3?@JjfT#<W=j#}ODN+!-2KdVmT
z|6p2>S2C3#Uy)ZX8Pq%vSyMzCY89(^e0OovOpMTRI*thiPCI#jSGx{rq-O66VCv2Y
z`>3|-sI6rW>I!anr<e9va~`SgP^bvj!j(~wI5NrP6dJ`W|0o%*SmXvJOvSS#ZS)C@
z%0UyFM(D^<iwoj3iJ5!1awU~rH(fYE(9f6%1_p8$_J7!$s`~Mk%vL<`M9&{XMCv2&
zdcU07ubig<%m<&5gEahvUGm+7uM4N3R`yAQF}u1ZdT19X0~EPai@q0DvHI04_6IzE
z2Co#;bln8LXt}o)?Y{c(?fu|Z@8Y<Ne@iA+>DhjmqF6C=LW9Op^h>;<=mrnUsw28m
zf$N&QS3Xd0_o)=&a;$fw^@j5c!ac|AsITmX*9dz7?VjR9H{VJxD!%8ZMO8+ZWmEBo
zA*qP8Dp{;D`@NcduflTy8I^tTEmzFEoscv-LoOilI?xwN^=*aSW9S0o=2ZL<Nf|}A
z>mkyw;*4KAV*FY67cS_nkJ%3&KL=z5nU^nMLH5a$KDlvx5z1&=nGqa=>%tdx=-d0<
zg3RC^FixiS1(tt>{7q|sfm0urp<RKvg_~z6LvZ9JK}qtcQ!&ROuz&s<*fu@Q*{B$o
z-X$9pW1-mnMyOJ~lGyp&Av#EB$68G4H5pKFEV@S$^hj!wBr~83LnA88$o8X%wEM9;
zgrL6k$I=n|%#+Xji0Hj{JzY-sq^Lf1%pWErK(9|ymKvU%0z&HEDv*T32a<FLjynr1
zE=6^LA`Bl>kXPdA;iQ7;wewEek6^2Z^9tEBiU>Npy>0<6gDG4$)rJqfSw%b_!s_3+
z{GYcAs-hjG%`Xb7!eXx94^SWP><*`sVzoN7XW6m*owwxis9;*uU0VHTISi<dB+i=w
zUP}0XdfOLkV5_T3n3FfUmlYdT!v;g*E2G&xEv~4fc_{C|1~^s|pwy@bI!1%-BE>5(
z*(IMP7Zsdq&0vK@%jW#^*iFX>{mn#(Fdm++QNtp6iAZ2wRyozjA`NnN`SvmVDe}IO
zh)wmm!S&L!a3+d|%m1@0ptszg9to7E())P2(#oa{?})@)4(9V?d37)nfn}gUF8L<Z
zFvepl(LiSK4ei=~P(JC9sdT}f4cRVrZK)acCv<8;*T==?tN$B%BoBmxXuA2KQ-`gf
zh-^!3M7{=BuN>1Q!N2;>5n7CrdLSL<Xmvk+3(WWku`gs4v)Oq_dvS{ZJp$gs;8{VQ
zuDiWd7s<9k&(R!mgZ&>64;@ILh3Tp5`RN;2-0EI);gUd0kWPJIawhcbve3<fzOz^)
zU<>oMkC`6L*H{1VC<sTQ$A5QL*Cq*+C-5`_&A<znWckbBvvT#6BBZH2za|{ctyv}h
zpt?j@zgk^bUwd)}-VHEs>LMurwc<7NkGl@qa=L%qb^PP*IJ|=u=`9|9YW$>rB*tQD
zd<k8wvBhP!>Jn~B2P5mTW*Zvdpz30ZqnQ1)6RvLC@xsLP@|n(0<L$hk>VAi6-g<n;
z^IUB_TuFM=lVIpyp&UW_+e?~vp68%^)Wutm@LJfO4(IL#&|prEczl}jD<@aP)(<S#
z+V(EGG31F<$Hm<q=>H`rHJY~AiQMcVKd|`DF{h)HrDN4)yf_zEA2_>&)#1tjV+b-j
zNO>U3ek0be+)_0A_=zzB8%naS74n)Hz+D?O_|(g#Se;MikK6v%U;9es<W?g5*MqRj
z#cE@e&L;B-s4Hkx9rx7RVTr&dn|F^#W|3^E`5h;UFnTvxE{yUsCUh!IP>YNoQuG|^
zR8{tXM$D2^D)ec%fP^5nD?K)BDdevtaZMa2=Ul<<s<~c}OG1N^iMvrd<;TJ7pgSQ1
zI$^Z+VM5?&?Q39Sw{6tTf}NeqZ5-UMdKM4V3*sCtU}avK&{*H7HcCAc##oras1J0L
zp{vAKWi?dYXmuZSqD58lV_g<}qD2!j&74J$Nh@vc$+@?|<XEcq4;=lk-iClUIC|aQ
z!8~GmI{!dVy%lW<XaS20JB^k+68EL)zUehg_ZDVZ=5%C$EP0|n_<GVZI&%ne`d9hr
zs>|>suoe%+25v3EWfqi?aO~3v4!=h?eqHWvl#AwWBzdif6pbI`*XI3xT9#~h+yeC;
zDYudcV{caeWF(j<{mi|Po`hHD-bKv_F04rJrEtYbSPOz7fQvjPMe!~}C;x$lFCH_j
zMnZqVky@k)eJdOpU~DrNju;9nf%`%zGx&`efEvh4U=tE>8XUAkhxFPi{$;F%uZyk?
zn@_vkZ)9YF0**RSFOQC;cB9o~X9<zH${)=Nac!3lP&=|f?Xr(3E!2mEW=8DeWn?<N
zhiT!tenHR<cnp(fG)2adBxWBa2srHow*EwbmC5R5eM$>t7DIr-Knm(Wg^p{;@!gdL
zpvN$@s{Aq9f@CJ`LQBo3F2|cLPz%g27uo!MtgW<t)UC9!?(YlDaqXF)8R*=D9(1Z_
z8{in=Ps(Q-AmuI~Gtx>72#K(H)8>rhaS5|itEnU6+?;3Y6++_}xL+rE+Jk3@u`_sQ
zmTTx4-T%4FwLCV7B`*pbZJaH%AQBcpa@hbkW&(lLG{K?is?3tu3pa4L(m|<i&jdeO
zVzEDl^7h7j!ApMdLD#Aw>Ehz3VG;p%`uybop2_4U(2_H~tp35~0EX2Bkc9S=WM5W!
zdgB+Gu1%(Yf`sVvc93k7b1uERJi3`kB!AdZ(c#6CSgpCn(>Md^XatOFhAo&52P_i0
z$()|u;Wl+*qksCYSoSv1$deE%|3Hx-ySPI4JAPf+RIdC>V$dh(QtkM;n%^9Cs}%B1
ze;VuB@;eG1u5<>1k$q($7OWh}zc!g^v84HS5gpkW!j`VsESYaT!KwPPXP8hwS}bbg
zm9A)GmSzlnbY=i166+Iv7}2?HT^e+9_5B$CGFLe#P;?&yIVUI0>XA?(3)gE?2@*^5
zb6BzjJ|36@g-{_zoWRb85zUoO(it2e2L3-m-+UY+c*W2AaXU^F{m$o<QTK|*y!2Kb
z;`foW01ru!>{LbHS@-R`LSte@XrT)25m)GQg`=Se8L)Lq(Fw<X!u4Lg9rhCg6pJ-e
zj5LhJ;GaPrH@q!pE-ioS?oUtIXomBu_-5PwT_QK^#t2bHP;c?#d&>_M<;E=tr=7lJ
z=PRS=$4FP>F3hnK5ef#d=u^)aw{dDKyK%8&HzrYG!<7|Km_kI@?pzp@=s%&$E&(O&
z8VP|rSb(#e$OR7qQhAMah`SFND&Ia%(g=3=Od3*Zg_r)hWQ#SLvGi}e{3=8tZA;5m
zuyG<}rIuvxfNgC&rItq8eER5DufT?wmUQqGOg_AS37wEOWD2CKn$Rj3)ze-;!@Nh(
zNN9}t!?CHvu*H8En*Qb)UHK6j!+?X!_bS2z;2irIc?#t*aAT$O)fSTdn877j_jBFB
zk!q%57iS!8zIGcSf*_!RHyY_nR-~$j@@+$U@D5n{pJ8EnrV1G`Yj8g@Hm9sm4}TJD
zMiOj6B=@}c#iH^rbl&#<!ap2mvyeCFA;O2tKAo^=-J~*8uw|jQJN^Ch;7@`uaTq}P
zsujPU=cNh~YVrxL6e=rh_v3s3RNFekP=s%R%EUP5P`Om>uL%<3YT|FxIV7l=@-?zn
z`e7~uRAk`Lh53PfYYa=&Wbb^<Q26D?&X|hieGrdhr+iN^#;+`#7$~~PDhXRbN(jYl
zbQCf;>wCXf#7w<yUD%<7q3ovqWq$xfDdZ(QFA*~VG&a8-Zg`rLneImYR0rH_^(bWv
z=#lNEMd<i<BDEh}k9T#y+0}k{sF&;gR}h^4D+sA{?o^LD)k^Jfss9RsQv1JxFjU|S
z$w(d#A3kx?Hxe`OU*jCyeR6he>w*i{Wk!0=GTMZK4=w5qd0Z`YaykX>X=z2CbLQH*
zB*TXx8>&|<;U{}J>S3J4?ZHt%nESNbqN}XexxQD4YJ{X+qwp1C1t@{Aa^QELmy+BC
zaql#iOBAo$+KFV|IsW{6XujTSUMwtC$83u7C5QJj(6Hnq?S)hqTd?Q?_Ictji3CBE
z{97u`!_VaZ6DR<_<K)=?-$Wr=5CcS=-36ryMxPEZF&+XtZPz2w7l-Q?9~IR|x|n98
z9nSw`31Y1brt(Rka)bBwG@0xl5(Whd7>Jk-cb6Y$!sv5n=a!uN4g`1Uvh+kP>XNE6
zOp)DzNGR@5KS|Q7bT~bM>rA>gXXG6_Eyk&jS@f&AJ-S^h27kKG7oA)_(8?@10dG*L
z3J|RU_w(|K2dgF?DY7JPF7k4_rs)ABc~3d+Ii6(ryryriJ19ZSk~oN`Mpg<5J^WzP
zXB#GsaaUn##BeBBL9p|IkgM7-4euxAhi<6!F*}G=$dS8QV3vr0u=vC3RlU5c%{mur
zjPc~Siu;$rzTvh=_TKNTn@hqS7SWDV)(Db_p`9>LL`0lbxPMPji$q^wuRV7D>b_%c
zym{^{buIGkZO#Ats`pj@r>a^l{)wu#=9Q9xf1*m4u8rfLsM5t|uE&OMo%UY$)x)uq
zXce$PaMx%d0=`4R6Q8d>$rD)HOE53M+2+FAb{(v+)|o;~GC$0nKbHlUy(JxV#lg&u
zJ1#^_g1Es7SuZtl-=znBb3e+&R;A|T97JM)+i=a&F=av>K>Q(lIQ<$W_C_B~*TGZ|
zGc6`1D|31JoBd8Y0lblswQE95-AW3#HCLLjD;TFs7YN7J&$I!_Y*KuP{DC%eIhUP{
zro+6tDF6BMZaM4ZpXg%kwNMRqQpCgLR(wM#a-x54dU|f|Su$KUFj$_pSIAGTKC;;F
z(CDdAR*<;pc)EM;sSU+3ST^81U;avIuj%@D?|@R3S^Q#3;RZYRuXWHf)LmXq>#>Ra
zap#-?2iS6HEuli;rsq#aV;lSQjYg_|Mq|$_s<kpiM?8?7%)7nSxl@(eVumjN&6y6l
zJ032jIE%f^mx5@~9k+_lGI`m&?d^j~)YkOd7x)34Fqwuoir7|&wZFnnPVf@y2i1)!
z5#S{7$N%0&$QbbCs<r*QSUa?Vr7u9SLW0DP06<#_3J9IS{M#Y)+KrY^PgZ80FJSf>
zkVjMoRnmi|FifFcR1+dJ>bwr_Ao8+Dp*sTAyFt8agUEsslSH%gEb@SAy0~n@zu6Wv
zKu;HILm&9nQ)?R&aLhpOASmkh^F<1NozDRL7JJH_?@-?7cj_G#g=J;)=90nquUrYf
zOF;csBa`5tm*aTg>$S*V-_+M+{0m=o!L0B)1PRKS?jOvYXUlz8yWcx%VuQMbGnHN6
ztWcAQ-4@kxZ4{=Q-3}Bh+|Y4v6U^d#l1$nZhQ(lWCXC~vpLtp2S<LoQ2_#JPb`6wt
zk6t5_a69>jzMDjOTrX;5uB%px3*gMd0FU3@zmFee)oXQhd~x3O%qDhFP|jBP3Pj5|
zP;1j?_SyJWG!aoMeqLet0b&QzNPt+9j&{<41GgY|3m?*;H3$G%D33r(^@4yu4-_cz
zlDWPm6;Lwduk*lLi9HNWru^D;&8udQJ=*RYf0=O$8v7eL$yl>;51?>~Gr=wZpsWYc
zix|2InP(>tQl(1|>jj@~l$*<sZkPM-SASqXP<%AJ8*0zb*GQRN^n=~aqq;q(Ybu7j
z>`aDqo|7Z{sEacKiPWwzbDS0T;?UgPS6!0DnUd;=m0`|hdc2c0{)xJ0B!BT|QsEMh
zsx(E{2q)uQ;STq2M7yI=oNo!h2AtgTAO+~Dndtjfvr?be?>)gAH4ofYN#cq=bH1H_
z32usce0Mn6c+fJ0pS_4c^O4e#3ix<FDs)3256m>t8w#IZYNSM(oF}zAQ(UAH`}2YD
zmaZpuXJQ&|4r<{2^O<D1UPE`C`ZzuQj|bldqNPn5?h~0pe!(mSRj~yCmad$98yr*S
zs5jWfy%AK@c3}7LE4(F{x8X_ae$4a4g~<t*k)6ymiwn~{d1paP496w>31XvZtq)bq
zS_tD_k<KVu<Ph2)>4%qdL{Kss46rvR(<*7|_<1*+*pS@Q`!Jg3BjHHa=rT>X7jd7j
zAai>B2L}4C>P=``z9bE3;7vk<+bl`T&Vn=7U<1}w@O$Di=4tF<__7vX$??Q>{S}rN
zYQ@<pGU9JMc_azG352$^D4|h!{lX0GjA`B_bsv^z9)e<)#@Nan4z*YD3qsoA%IMmJ
zM4legR}(7qJscgK`-V4>R_J*kgT$2wVYImj#!A$UL6aV<jfDzO?mIdc?po#TrabiX
zkWmgwVKR({BmA!b1`GN0m#u^>$RSC}m%&sq0LSBGD7g8?9J1)=s0)zql?tKDhc{%R
zDa1TnQKS}H7qWQK^+mBRg!7${&ZE=r$@!JM4KI4Jnv$%n?a<%V(nat7r7Tde0E{4%
zE=V^in5Fu+y;X{x4RWX9F@Ig=;nK$olMZGN?_fEFFbaiB*V2Wejfrs;iM1JWFlCUk
zX%cFZG>3rV)<D?8=7dunIj%`qToK}7l#4u<`g9)xZ6&9@s3U@CFpeG0ggP81bih}z
z{e-8@q=Tm4PF?=IB)0@;iq5AZr^`^q<n?uLB6@Naw=;jRdJ|2O@PCv>D>6idFVB9h
zmEWBGv0*+Nk7#hxcD<BI6xqG%pu?r0e4l-<dN1<_#;4j!_9uTFW!AW5?oNTaC~<-I
z_b1SFLXaBYGN<e5xIFVxEyK!4e9yBEl3MU-lhwdhX6tY~HX*b$wJpuJo6&qbCAQTw
z?cUZ1gENL_LKGO)2!CUt>)Jngt}kFCmu}WPZPgi!WoRarVz8ll>iIo0Wk*tZF0A>(
z8S`35uzV6GPm6Oc_}_o~4gW+Y2N^Q!Q}`XE_OstmQy3tJH8$Dp;5($We(<oZnZ6S?
zHL!TGV_^+RES(Z|a5-U|j5ekD>F<BYVn@E2PEJ`*T)HDLUVrraD50D;^$vt>>UT&i
zzy~?DN8bh3i0|P*NpHyo=EJNZ6Vv}Y#N3|z0MIAr!a>ZM{~z_Plj}~BCY9xUK0Xz*
z<x{Njd=V_+*O6!Z=+&<LH=dIJMv_yyGHuhik*5~XleNS1<76UrhjK7NOz{d$a}116
zgb<dAs46}koqwkI3o2rG?5$f#eu639ilxaqI(k!#kYHs@p(f#J+;g$=xLKsfP42Q9
z_pC`+RcAKTP4<~dqAp%AP9&YZYKg7jsd$C7DzA`*N8ou*P9YKbdHhZxQ|!z$Egrs8
zNTL;g`jrZeO_xP|1voLuh;V0u)_IsSqOOGH6`|_taDSHo*8vFQEAnhPwmTS(UB0m-
z?~v95^bYa896Ub^*EGZ1W*HBWxPL{|K?ME3|M@>iB(qQU5J`3pK`&ll%Xsl3I^1g6
zFnZCS8=)L1P9+z_VKS=o8;6h$v=zIyd+sExp6d=0TxAu15aDS;uu=JiRDL0qU&u4{
z3-K1G#UhgFEo>safVxUgQ>lKwa$l+3S1R|F%6+ABU#Z+z9)itxlc`%FlfPR9e-u1e
zrU9Ws!*ewxj3DnI!aPk41nH+Rd4>f2nWCWjb1HyYw~s7aKBWwDcHUX_Adna|<<}2&
zTDBu~S<WaLnv61JTah}Epz%WS6xSGeDDM57jFlW8<u8M0gn{-n0Z@dLv<jXmbJ%7e
zaObKPZw1g>p_%Cq#C^bFGmJxKf2Nh0Q?1OLAGvgbWHl8>fE2U@QV`ZIkKMEyzM3Dc
z-^xz$bMFFXCum*8x*kZ6J=Qz|S1&_FQgmnM=vD+RBO7<BOrdYfi;|jOTUmQNc`A@3
z+aoj(x=vi^QUxqbap;NEDljNtl7taUK*s|VrAuK{lOs%#LaI1DB$)}<f2U4SQMpX9
zD1!P@JVXxgRSJ+adU`k_RCGtX2gyj+AC=S_c~twIDtDYvZM4#@N6?}vOf2ta5tt$*
z9&I1q-J)`huUz9R*Z9gczH*JPT;peOjh}M0s668%HuRNed@0ZP))GA9r$qKX9OEB^
zN5^CFkoN)YJO}xykz1;Ne|(}(QaMM?*1h}3r+uOFkFWgWEB|<u2-`dig1p78^4otp
ze*3Na@!M}L)Nj8vyWf7iYKblCp8fWHNAp?S_GfjzPxDe&dS%MbJY(Z6E|IAjRO8!o
zZS3|;%7(-_j#f$9x75@0TRt+O-1p;G-!tym*5DNYlP|yD^8P{>e<s0<Acyqf3~CF_
zf8RDu`wsH9_DJ6b`*&$d08d1=d5`Ir-*1gyU0dIeU;V%T`M>DB7>-B*^gTvHhx8Aw
z3vZp=A;iBq`kl+Rg0A^jtMRYa-qF#Uf3^0v-V;GQaKtu8#&zwL_XLSY-*4ep5elya
z@-e~_)FTO`;Tya;e_~tymC$E`-B|XWCAakJ+AHxFl7GS%AdfA_RHV5T{YM${39qB^
zboY*?dv!A)^J<tx84qqW&~MkZS3!RW3WDy23rsNgkl&|>f-e+j3W5^eQEn-grbR7H
zxK0xT9bR-<NRcl$uyuv@BMc0=1h2uz*L{N%+ajok0dcl1e`#D2et2wRYa<jt?<=ke
z|8LUZV`<6zLb(N>>?E%!(;hIi{=IG+<kgmG4+hj4z~T}X{C-Qk+}K1P7y%OfkH+1t
z0YUdaAAZ<(y52-xOE+DE7(rJ!Qu;Q(-!f?`LlIM+e15)-UM>r>hrUIzQeHdh?0bX(
z+u_|eiSh5rf9TbPi7ks5LgX;&yWDk%(g9@j%I}3OIl7@FeE{&*oQMfS^r2;&_F$qc
zNeL2sWE;dJj6oN9225{YeHR@gdQt`mk&^6L$!WSngk?WA8G@_Gv`}9-pb7cQrHpdI
zrsUH0<q~u(VwmlO*(nSVH=}bD8zX9MG0#zMOW4Y(fAiKe=kp85r7Dmb>0yYl6}9@4
zF;HNI@W>RFndlT`LPPHfR>YL)_Lzi@|KZHt*hCOpAlWJmo6JU>>NmkBe7mQlkEnuv
zWREAJQIFQ{u@EHhFGh5SaJ26ID=gHIZRun~X#y7Qs4*HGmk_|2lIvM|{)S9o)ds&!
zG{yt5e_#fZDaSXq#)Wu_B9pCp&?5oLnf&_DSE#)Qg_=^P*$4}HxwsJ|)~1nCd!dY`
zZBQaajlWA>*Iu0x>{w_7TMF*kE>D<1Vw?C6D%NDM@fo(B)O@flhZ}6hVL9W3lz!&*
zNr)HBKk^o>smn9j_jEKs%+ZxDaq!)yJf*mde>h${=?50?ta54(Y~`E+(BpLt-GL_I
z;JUWk8GpI1p&@}2aPar5V%L+@t4|vAm0lweP0B`*3ZX}(Q6u#(nurqRqeE&F$!Jgx
z3Y3HX%#He}1ZJQ-ndnYBsxzg8NX8hZu=sR2i-5_&UD$g9^F2A^cgp24+S<{Df)kX|
zf34g<Tdh^H<!=`Zwu=&M`F0ynO=9=WwT;bB>f@kpvp9Rn&8koRAbu<7x0T9oYaV`E
z$^5of&hK_AzuWWhyPeGM_R9Hfr}EpLhu?NGzwMRt+eziOGY`L=WPUp<=XWQS-<^5*
z-AU$mXXX6vrt-Tx55K#~{O+!t-@R0RfA{9$cQ2XWy_NI3pUUt4JpAq_^Si%tew&T-
z14m=76GtQE$kCXQXYaNRm+eUjmWN6;<%p#|p5=&@+^qU^&Lh^s*lne<TjGS3+-w57
ztyQzToyu;B16Fdg3G8mKn%#CPyCu$7$;~FP+g>%hom6&99Iuj_O<=dPYIb*0f7vZ@
zx=L;~f!&=|v%8zhZi&NHa<d8S?yj2My;OEfoUM|ZO<;G{vsJ29+}x>YX2>+K0@6zX
zOBu!%9_hJ8J$>phej!Z-j%5IRFqqiU8Xc{v21BobId7qYfq_O0e^fBj;As%|KeVw<
zKsyZ^V)Rc(srNnXsWpi8Ss18QLh~ak#7p=Qywo03`pEkg^wpv)rE`-Zz?Vh0)NGfJ
zT`uGHfAh~b{~u6G0Rj{Q6aWAK2mq!_tXzKmsD42b005hl{$e;Erc10`Pd~s`O;7*;
h+*|_y5dZ)H0000000000q=9ymRbwOu@?ro0003#IapC{~

delta 19397
zcmY(JQ;;T2+iu&oZQHhO+qV5Qr)}G|ZJX1Wwrxzi_q<=kf3PDeqUxZIu3T}&ohvhD
z9QbDp7*|Oa6buar2nY&@OR`2U#wxx-90dr-R|^OTGa26$Cy^ZmDyr8xMYau%J5kXE
zcqDPi9=Ic!377-<pz81W*TtwhBFvGuadv-yPqHVl4)oLB)6=4)WWIdzA7B9RM6wP@
zDZtiRSu+dws>aBRAtNQ@P2ZBqb=BG~jTsL2HFriSx-^`mEKE)0SaxY2o{3u>8;0#y
z8YTxGL8A6!^uu&Gc)NHgY)No&%b}X71V58;Ah)jAQI0L1?dOK`Fg;HHTR61dot{r*
zHAaJIxY2?R!(&<#bgFBn+u~eP(zNup2cXDmVlb6YhA6|%h~)+I1hY&|!h(zM9@kxh
zm-Scq1QarbI=V=IkO}CEFi3pLi{oncA|EJ449N7dEfzw5<mS#fXJ=AAnNw9&=`Hcx
z@x5q&;XPwWr3CEPYd!VE9#!VSp3IJH4>VjB+Fv{}T4W2I)V_JkpD<Za^y&Lrvg9vN
z77)aWWM;5Az%#4^R8y~M!=F~4&gE~;mrfE3b|f9J*p@_$>|%c2x57+-Er*Bp8%DLh
z)m?VZ*+a=exr|P&*eQAG2zmMBUxrD>*$yHD=;dP>DG0kkI-*)~E~e0O=kvWa1PJgl
zjAoCu%A`!n;gz@Mtxef&Oe$C1C*Gn<L=>GJBR3{5z|Kt&9S=@7Flrcy&gRGCS~@=5
z3ylS=pk9^PlwE&q(3kK~^Wrwf#jcw2_Xv$ZT*_y3aY%8<{ouc6e|zw8XBHoSyU#P4
zbF)oVJxzuJv9*ezD$I@(!!9aV$5Bj(Tq`OJMVrf9?^PanHTZ+pLtwdTYJ!rk1BuA0
zJ{1i>kJX}Nw1WUKW;0gGj;jvVe4FVch3Gpkqwx$1_92Y@?%5sK&ntDZ;s@5a4b=CV
zq(`o7wA_9nN3S$)2|W)%S^?OE>Krrz^LJ=``cjj_y^_4z`Z}hW_^9&q``yh8Vso;K
zGq_#7b5?a~+4Ock-5nwfIfFc>XX-JG)lvdzW#O%*0M?x^PG!QVUc-WJ%Ah6aMHaH%
z>DacQ(fXCX^={o$RapLPY`9rxJFDcFx3a%}0NZ^d?4bTj*3Y;fg{Id4AnLts5Uz0+
z15vTBzd7{2A}RqNbh1LCGh*+^%S3j!J0(0-@|V876^8%8i)us27uQ{8&&)!3*TV&X
zFFd;+X=V|aB!5nItlr9ddEVqsFo!>%A$RTu8AMkTr|1Tv@Q1<CylvI#^;b3*hMoc8
zjT@?UD13i=p<hV*D0C86Pet%f{WAJ)<Z=)G$E2D~Qd4F-Ws3lal54N@m9HFr{AJwQ
zyML!RGU3<DbBU`(ue>}@>^FSt(b*56^=P*BXzty3-@V4>i))EohBFU`lRp}sC$wbg
zl^>O_I-aDL=Sd_%WZm!XTzzW&#uhQv4xip&=R%iL;pV!>hPC{!9pwx>ukw6}BLtc=
zwUS!NZUXC#uD1rf-Wbvi4OIpWvQ_cg81C3!E5(3T89kS(U?pV}>9K+ImhCpcQKGiJ
zsAE;TlpFO>McN^iAUW*CrbnMr6ZU>~au|Gr=C=U6JNP2Z9s6REdWn6*_YS>|hwD^!
zd9U<l!1i}P1gQS(X3H4F%~2{YhYhz47UxYPIxhk6Ut+axurwWkQxERo<YiVVSPIwB
zVBG2_7c`LU<mAV3qu=Z@NPfQn=Pc-44}GhUca@mKu9KnKs@3jlTc00q^&>Njam=Wd
zQ)$G_i4$KKM5?UK(zH)MFt0-7Ip-FH8f86>>fmXSwksB5jUc>fG@?$wj=4Y%%h0q}
zrxJzR!!#HeX)Gacf919p!OEjKk?L27&TkgLW=r@`b~QM=I7(t>abM>G7~GaSo_mCN
z^O@*q2dPZob>0ojjd5;v&nK@UKx;-`iCqKX=o7tk6B1^*+{daO6b1Dt%->1p`?xg!
zurNDlycH`Z|Ex1utkYOlg!O^WIl=Aj1*<F$ETtqR4IWZ&&)$Hym~T46&APlCVkrpq
zO(tQ^tW4L1^f3!(C_#q+geTaOF=%RCW~Y)8FGdN*nIvZ|iK!<=XjD}=``pad+zQif
z5zdB~b7%*b$xCIC-YLs1L8;WoEd4h3)-i3h>{*qErGM)%5EmKPE!9;|zS=>U?y;!r
zsGjT}J<Yr-CG3NgqRS3oq7xg@WHc6NkL3bOJaXcj^)g!dHNjc|yskUPjvZ=7DL+~;
zY7B6Ui6o^%lZ2EQHv$#U1CwWTQq=B}_H)Xis9I5iSGS{p!~(^$DrKkERpwudVD5p2
zqQ*MAB=%SnF20BlcNh}x|MltMqjB1-vhEFR23tdvOVXyqRIfiVxkD%7^a90LD~k8w
zYC#4ts~T5GE0+Yo01CzLT8b2&=0S#t<#?dNbRG=$Sdldffm-JnL9-V;SyVxyTx$cu
zBEy!gTd;KXpuZm$jNf>y`%nw?IF(e5Kf#qFY)LJcjJ0*0A?@ZCQa1h-4;oj%MqVw<
zZl*$1Ne)QSG!R2g9otTVqY#EQm`L3mxrq#I>KrUDv`QAh6Ye7Y^GA!D#hpV<m$_j&
zs$5QpCP7+LSe!y$*63Sk=}(ASYN`e~=j%?x^EkekkO|fvR$p@Lmp=Yp$b%iG8el7%
zwitcU8M4Nr8C%g`-)55}Ob61T(CF7E0$1}vf9i?MaQR`3(g+-k!mo=<hX&A&N@B9K
z#E18Hlrvkv%<vC*VO+&9w`@9c{M()@O~cWj^+w^C=BWgj$l$7vDhi0Qp_Jt-Q+Np`
zUu?xmJs#_fCtt-6EJzdj1`Fdt^n6+zwhCmiB2AZN=r5%C$5GhprX3!q5;tC#m44+6
z9xq3q`*VipgP3zXVQyY^1q(2I>xwF!S?V<OoEZ-Q`q8pKHPo9;kQ=bkr?~~4TFj-z
zpjyi{d=q^}=x_+A*MmBmNc75Y3QUA?GuL8GnIg1u1yyuq$VOslYixCD)vE*>FOYW<
z4&8zgxH7t44|R}q1qc@*V;IrjiYfjynex#I25B<sa%@!w*5czCyU<01S160SEo<!J
zGTI*iy9UG$yX-iDb=0tech!s{{RC=r+l<weVIT={7aUhgtS}t<3+|0`NJv6|I2()r
zY+vHz8kPhYNln2Dw;f2*N(CNKW9^0D;gI-VvDrWpvMnz~p=&DngX)vta0>A{AeuO5
zCdwzFe>-XSmPdoQvA=sP1{PN!SMjKv4>3gmI%5w>4sM?UdtVz2``42XF_X;dyk7a(
z*ErIS-Fx45^J#y&T>yV)ATRhnC*TOS9nYGRKP}e=qph*eKMs>*EgKt`G2^DHaqpc)
z!`+5s?H#z)+}4?>lSB8Bm3j<Vfw8sExm7@vt*6*hO-<9?7$vKtj+v9)SWlWK6I6Ww
zGDdUsjMBiLMis^=icx(sR7##1CW9wi%^$nq4~U2!&|lHIDE0#-G?`is+`;}0oUfj%
z8<eb_M$-ids<W&IDEK-i==Xl)=OU%yqBJSfCW4?)o@}hIN8-htTUqRNyGoH>1b2fo
zP7OU3uk3aAI1JQCQlZ`8=E1p2bhh{aZvG!@U4Wo=f=rwy@0I|>LSfigeD%w_#wF<+
zR#b)7^hEOr_>C&(4vn;KXtsc0c(ed6YpZQ~kOQMpfcS9xbgl>GGp=mG*ragIwk>M;
zAMZOHJ;3ss1GjbWeQagFZga(*gY^n~WI$l&O2^POg@~?+?hP6CyA`@0lyx^CNgq|L
z>zJs}z)DuQa4zfRP=O&Q@9k0{V7APlg+AdDDSm@0a15TxT|Rv2mx!`Vr}+cFC3By4
z%|Ovzk$P^1+(*D=#z97ko-Udd>`EXV{XnR;g|np>t-eUs^ocXsLf;-sp70-;zEC*Y
zl*~d@x#r9A^7vKRvX9we!Y^~cDxu>1UQXSFl?z6?ngjDXyP?gY31y~Um0z@SeT$Qh
z1L2(S)V{!rP*$R}BP9gfAhiZnt4dEp-ofvVg`6fYrKNT{8k*^Sa__Wpu_yYllSAGN
zWa+6KgjBu}FTR0pzK9FwF?NLV>0fzzkX-Huyu$r*qwJ{p?WqwKRn8ay_7&{Y;p$+7
zz7(~pc~N0jL9(k`GWD-(yOUzq6MyX&e)IbI&)iY@(HO3B@Gz%-8P(I`>?!SGYG@=?
zA=N7S^58V0>HvvdZ(>-xy~reN-8e#P1<KG6$Z<%>L(z9eKTmHSsXelfNo?Gd*!1Un
zA9@jNmrSt51e`lViwthSK6OTAO1~`PmT%+~57jvbxlGppOOXz)xSRd4_@{6n%nj>`
zeB^C-3G81Foi<~dSqzhp^<7N?feabL7!lrGtw;5_mGHnn0wh5cO=uk>7xonC`{Y9w
z)pN!Ad&U<TzSk&$dDNDIhTw9SZZw@xfKU6+(0WnaWrkP8$OSF{`gU*G0;)a~Z|TC~
zI$-fvfR?|@Av!zPo}iPE4W<Lc2k!9eP=J(9V{$O)L4*7R9~m4rC9YQZhYb7QC}G^p
zHyQZm(xJDxKQHH;Hfbx;_*hD+Az2q{e~b%?eM7}9MDd3>cMW!|+PHmtCiixc8r2&I
zM&lExz1KL<BBE{pl|h1}R6GnlrVXd^?4&QRHsFz&W&YI@2p1G_`!4RsK~~pp){8=b
zxmNe;mO}(L6UAdx#mt^Qb;>f?hA9;D2NkRGm~1%bT1xzd@){FreTt%b&#+JtF4FlP
z)Vse@ux5|u6ZRvxQmthj>XTD?(3)fKv1;6j_6kh>oi2WWgs8jox+&aEbf(48+dZtt
z@}US=&9oRM<1Dm5Ar8ZNW+lA<^;j&Lkl<UlliZ77zq$c?n)#}7RN4@cAl3bS!BQag
zWU;vMBbhhnOsHo;C29tGVQ0~eh5pW}s{)WitUeo;AKE`hz<aVtG%I@MExCO$Mj!9Z
z<vKCpeGMakm2+#B#afV<;L|Xzor+<s!J<9udjxf~yX34au(`824<jx8a`Xe^`sx=W
zo)mv~8UX>e?T*ZnOFtheZr#o~&m4{27Mym0{Z-$S;o~pEH*QJ_)_17o`md5@D1e7t
z#yk9ve3{RyMc0#m*<5@6=ilrL_Llzbm2VFHTkS7;$^LDV=OB8UCgYmdLZ+mXX<o+L
zPuTx|6I_Cm?9HbH1QeJYi=qd*!P?z?g<=5=dP{iUtd8~<60p*zbySkOAx=Bx^bobY
zg!3UytDs~W7se=JCxw&!JrN@-uJkj8x=EVu>?_tU;whgllNnT{C#@s6K)QLcENsGj
zhB`G{#47vMx5-M4i$Y1p-dSLcXcrV?9A~(MOprkD!Tb6$J@Hu=j=f>M#<-K$9+2JR
z@K+$f`MDlGN^`f*@ofC%`n;{tUXEweGI_36V99Y_fN&=l{~Ew9!E@b*|FCoaTKzqo
zJ>Rd-Uh(}Rsp|N}$1Fi;^%wH-<ltev*$}`izrFRbR9e4@nZDi4;J<zU-AsZH1_~h0
z<q*3@-bX-}isJHE$ID(2^yd*e(g?+td9UD;O8`zRFAjWC3}=eUk5gE-9pn}@>Ze9W
zy_{S?Sp*D%Q!Vl3*ws-SYIh9@s;BQmfRqfRp71Y1kHEliee^o=k~)Qbci$tvBbwY;
zh2p=b7SQsLK$3o%;|F{S(Q!SXm;yj&D9QxkESI=>L-!Zg$ylc)>42c_tews0$m9<6
z2H$A?U+Zgsh%9*Vo++r7grT5<+5>?LEs7JD7@s@WdHHz6O*c#4!JaFn7bZBY@~1uq
zuiz$;IKzi<@$vBrTH|lKH7RXPes>Jb1v-szd2n?X`$eoaI5^Y__coe_v;ipoAiG;l
zc#Hrl?0@%S+?4XpP2%(PoRK)}B1J>{jKW;fH^6CV6<9m-yFPs%E!<{3m-JyT<Fah%
zh??x@`Php-vB|5nx3(qjMrP(}dc}F;!t|E<xg04e;6+U<vj2#DVl+d^44sf8?wZ&f
z5U^8+H%d_yjB%YXsG5R|!T^*!_P37>Np3ohvV$Kqa8WJAu#G?`{~khpI`3~ksD3c^
zLLSR+)$3zvNu};kosXk@bdeZ#=s`C&J|jcm{u}QZ36kJKH0CK6Y-e}91TiY7-F)?W
zT13BHDn(<WL3(f1J3&2q7UdnaTVi8Lj^Rv_3Px9grIT{LKjVj7AOWWo<LJ@T<dlcl
z9{oV^_Y|fb_oa;9jqEFiu1IYp(Ue1YZ$@R-h!w4qUv1zKk+I0FZCLvSbe6g%=AtI4
zpxVCoB6P(_A92L+K}>yKL7{<mMVu=v3nLyOk5zCar;+E1W<v{Dh*A&UEIY2}y=lK)
z6T#uj<mSJVh-)SrsR63fSsjuyRB|WIS#R*KQIYN}E%J_$fjWN}`#&G1DJ-+Wt3L3Y
zwZL4a-p8fmS(ukuZA#>WSL8o|-TG5bNvY?z50i2M&7GMH!LDu{IfnX&(tlsb7jqvD
z<{TzQcnPe@eF#D7b~fUa9l-cdG+AJbKdWecnV2SR(_J@pwg3fQlzplIyPn%)_XJ_>
zo)hOgtFb&8@5k|+a0#5=4N<-}#|NG0Z+zV0k0p~g=5Z3sla7FZHmFeU_u3Qx^Y&n^
zoKkjq)2mRL-PFt0<tMjCxVfkGt>`LW8PJTf4g{E;xl;BQoWzjiGJ+T|5_wi+DI3jP
zd+BF0z220p0081^8#DB!5D29(-eZ4rMdUaa;|iPWxasD;w>{xTaiZ;DE@vV=kQ*!-
zYo&WJ4gnk$VHdx%m>^g*=-W>gqL`!dnBGtnGYPy(L}~e~CDL`~eW*Cpk>BGqtWVZr
z1EcOY47#|03=rYp7EbVw-TTE4lkB0mRV$1QIF%yxV8Hk`{~u<sf4(e)9s-M<wtuo@
z6i7a;B^0XNI-1ZEiU1#VJM``eJ21@huz;NCx$-s1A^V2vks}+J_U(Wu!CnZZIS><2
z13v>D-ei3z;jbVfCbcqStI6l_%C8ix`Z7$75)&CFsn$=4W8_fNLf9deq`8UQCJMQt
z!;Gvk1hDq%L|ZRwgo240jtBSj9ji?3ZOD8fa_VE~KP(@uiPttBk1}&u2uNqS^+Oez
zf4rKN?hWA%F#Y3cZC7qXZ!|xlv&za5eFUta3>f*v`0NVqOLNV-wVMHWm)!&1r{y+S
z(|A1+l+wG8$*6h~vN75>HaSQAv2RS;;W)&60es8RF}B#80Y%Ca*M=@U3nSa;PHst!
z?f@s*+L&Z|nv{w{N-=mxnhW`R2hzEuZv{j1n`cWr*+=y;ow44QufbCPS?`iG#J8##
zE+2|7nQ6_serTL#4C4#;$N?Yq@Y(rlTz_=zq8D4D?%1I6f|&~v>u5>st3PZw&ayaP
z1~?i;=Xt-;S&1e2(#^JOC?B)=<1>0t(c3cap(4-3rJ^Kw5-_;I<fMW$BA^)wUd}L&
zw>QuA|D9^L6mG;BJErL_iqE&qalOsFj(M~nWSsX?aD@`$3uM<B_X2@k3osqjo$X{x
zuHndj$d;E_<1f5E+2Yu<X-;}ZxS>in0=Tr%oCF1;+M4?V&d(OUXm#G=u*2({(fz+I
zFPt#5H4$$9R`!vQFl^_EzuH)Hy@_bb4UReuRrED9Y8?c;$}dr-l-Zh|Lw>62-E!!Y
zjjFo;!T*X6ojN^c3vS)ue^lPfay(=0K9OV-UH*PEN9$Gn{y29y#f{Y06al~V1Z<YB
zPnv4u55MxTo?j-RL_!3C6T~GuIiK$Ny2IpgI|!AbI;DO1mn}O=Tkh&n?oM^KyWG^~
z_|l&4{O?o0#nth6r5mq&$Ifzx`mCns(Sf^s+hwjRF<M^DM<v(gRE3Xz^Nk~S(2jDG
znga7o&6jYl#XI6!PoWucUK`Lx*3HU0Dj;LI?v}}T^u+T!6FgUMSup#2ChKA(>$nF8
zemM2GMrTBteUb{mtWXK-Dv>)1-J0=e4PCyhXSvKrxr}$ZWcRTvs4_0NX6>d^63rVa
zU~#(OSH5tRU;+Ml5Y=Ij>iM3txX~OjZ>)SeC-N&u_M**XE{i;eO%~v;mZo|Va$PD%
zIgOo58_lDR;Zc^;|5t`f7UN>ZWiIhJmjspTn?lw-IUr-g#pTly`|Q1!hY`b5N3WvU
zgofn1CkOSG^xGki^*~R+aB?oZnF~M7lViq-MUA~UQX%YZF4P8faxR2hA%uG_*p(N$
z3e18Fyo?uA0bl0S^BbVsv1~|f*^fr=eUkP0DN^a{uOFra&>~(zEgJw4DKD4HwnP%;
zhZ%y?v-ymX=bV)9vq%u|kiY4#|N8D0zX@=vY|LvR0sj?Dq+s9>FXz-CK_AUU45ktq
zj22`7#r^)2Ihfp_*98-frAT30wGyFIK7w;cT;P}~w#%P!!wPVtWGC{?Ng9e<=!1t?
z3elwUN)ODG=MD6fB-PX+oerbi$vDgcQ!bUmyO6oY)-Cy&x<N%>qGA%Tx%W-a0TQPY
z(o*t}R`ce38cHb*gnd*k|4dEvBbgEj`m!6NXG+aFKJCu<X}We+7l-Ofm*vVfr^3KS
zq#`wt-Z>^OlmMV3QK?kJK%tqE_1RipGoQ<vEM;Nwmtb_b{8~kP-~#jDABmj3*xS-)
z0$pfZwW22nUEm*^_Ey9a#8cfMJjUF7I`l?!Q{YAqo|O|e&Bz(Hn{$5tD@6znUu$ni
zu_mpJ<)YXm-j7<H^}vn&F?hRx^8H{vt!kq~;fPm4t^;6URxwW*DFYzM>np|=osN%O
zJlNZy3UaL<^mR<&<fF-U9?57L4HiWO^_T23$I|AEyIr=CqtEINJ(LP1J3@1?po{N(
zSHFcG-mgEwg}3!td3t){V7XY=nWD(H!?Se1C}B|`rFDt#F~`n9{?ue_lJ9&$YACy}
zq}U?wxdLo;Bg^6|525q<N&T!~z2EnbXgV_*sNSXMhx;ydEYZ@s6?}vn-n~ib4ht41
z%~%%a=GcZid_G=|t)7w^cb87EJwiQyh))r&J5hqsJX6#pCvX~LMre%uGwg1HxVcM7
zr+)YqVnq;lH0F*bJVu%9%k2(HO}cw*^-;Fl-~d*(<%wI9-Vfdtmu54ENzesre8CfA
zZKEpjZcB5wk`}s{8HmgL?zTU@&|_t-nfPl|psLNAXrNhBmh^Ypt|v}9vVHU^PX>?5
z-=}-6FQ0B)7yC#L6q;Q*kfqa+@QTd23M1=+qNR^lY}|_UxOG{@2E>(9zkC%poR%rl
z-T`kk*bc{xx^L4O-%Y9gcE^k#CCU2^1(=KjoOV;7&!e!dNq^txeedh!?^ETUs%M`@
zo?$3?=OyUX(y~zgTKxhmpPq@)%@6N%Rd=!2r=i@@!!VTjZ8n#bP-~g{*nXsx9*5wS
zzZI5W=Yqq?S$>b^d*PuRSL}qOIkTL~F9E>I<{UA$>g5#fg{HI{_B5H92G5-TbEZLR
zIMyI6jP+o(BItD+hGZFspgd)7UD7(onOW?(k~rw~)HwJmfq&0fA0&4_)iMfuyC{Lr
zz0BAvIpnOHX^(U~$T+>V*tL7r9)OF>L^ZPrPHaMT#cbm~q6D6LYpz8^Q(&<HAq>!a
zLD#`-i>4TCcUo0~fZSGrGpIj;J%*~Xn_<>lawXtJ$n#?fQ{U=BDR2Vq6^T7pR+lmB
z7@Jlqc0UU1t%<f7p9J;WU*E!DtQcK;JHh(isVJ_l2?FE`+^Oqa(9pZf`2KqzwdMQj
z*tFbiPq3sdqmK~<w*DQ3{aH;!0^|p(Z&Ww;shHO*FzA`r2k7<co7c~kbW9oa?p^)f
zDSOpR(hAY&a#8j!a3)EThqxIPBDd<2G0}gkp&PM0&ZKB`;EyF+-QmzWZZgngxNJdh
zpEB2vOQ1=2Po3tG5lfx+VehQD48x!nPxb4cPD#zZw5NUqrn6>g+NQV81;}}}>5w2>
z-{{Jc1s$6e=+5=9J+Lg&hsSK1V4tUn{%3U@xLX2E-i(!47&0nv3^X2tH9MqiK1NKd
ztPv6D?G(6vTP|pUOMW1YM&>u5Mw#t&ffPP6)E2%t=fP^K+#1CZpIhK;Rz}%&0GnM0
z9INz{3*{~kr@waw^QXQ5ux|{T1Kwqg`dw0#jNnmQL3t7=RPUJRP>!JIy{@;xK2g5&
zg^3eufbfZ&wc`0OyixbKKcOa*GLaDy_<sLlG<&de3p|o$^#jHxKu8e3Nok^RGRuaL
zX+?wfdJOOhEiWmk@XfCuUb|Qbh$>mLOOMwNpe~_yv!<qEi@aRL0|Dolk9bUstl>MO
zP9j3cCxUyByd#+afs@cWXr^Fjg#=gyM+IE@>U?t6SySMY%7>*rdxkmXcE;N=N%zXq
z>m%Vu1}1sz5(rf|*}zAky+rrt<qQycF;gs^j6%8kOVtWT9O7kJC^45NiC!@`#>r(P
z7hm2d_DPMtOtJkKI_ot$`e^klr%%o`IE}?-ZB?U3S=^D$sXA>%?`wE}Gy=f0N5MUj
zxypy&2|&tfnj57__k_O}`)t`RZFN=KKQ`u)qYl}%D90V;mX%u$IULNT87-AKP7@8e
zha|iDL-{vqG;2j5EL6)3GRw>w8)bm4qc>{MgCS_Mo3Ka~QSo{ewVdu*d2ia1IT|qm
zwDJ;(mIu^UBvUy0e#x*}s{jH)rOhc|8(nmzZmNQpA&yFcbJb)#g4{SePzShq?2Opx
zJWb`qj&i7(HkGvptV2bJj9wLyQhb73huBd*Atq!noJ++p`6q)rvIX^!mk%k?l_mRe
zV7r^UvlL={-3aAmt*sm)MkF0X2iS>02zTrureM0@i?k4PMzn)fL_oX(C&)t@_>hd)
z^YCb+kntr9Nw+dw5<1n*{$eG}{v1?q8ia%>)l)8X;VBJY%aAA`1c8s-`-sWW5k~ay
zmb~yx1~~X@H=2p&V7{*+^doKIyhowDdr{XlD|+|`yIDwYiUa}1Bkc<&f5rsMM%kD(
z8*p!p1WO@FaBl`93jia~1D)GpHt?R@A(2&)I?f*5#t{fc<2a&|!zobCCi*}pRUoPx
z7^j&^X3m)TTy;gnA5}4qcGdK&e_6~NsfkJV6QcrKAo!)&p+cu_z=Ls)Q;=Oc)6W2h
zp<;_TR4O1f;%%}CznkSzuvdmsxK?wKij^+Xys=R5Xw`z80nQV2KYkJYkxbLaICwhu
z0b4CanF4cFG1l**QeDcQIO4*SZoS~{+*E_`?z-?jU^&b3A|Lk^&_6WeBO^U9Vl@bR
zWt;-8Q$Dx^7Jt5zt>%>CZ!M>E3hNUve0nxWP;X$ZP52F?ohnXi)+(ZLDy(rB{!-W2
z%VwtDdp{Fc1NbkUCY=i=0ON#Bqio8WO<0Y_gpH77Sk1q57=g5BJFMmc%gYw=*&6k6
z6zTtklU6q#U*6_=x8f02&H$qr#+RF*h=$v)6pK9Uafb!*rCnU@4E;ny6Z{u#@wdlC
z6TayubYV4t9E}MT@ZI?==tRFPH>m}oF~($%E+oJZ+>SVL0_DvWd;?=cOwcqLhY35>
zyV4H3Ky4E=CgB&J?_N>^yR{?C&KH6hH%x&x3y@M3*@e$RJ5B>|C^vB8w1}~=9aAe-
zS6%MsQg2rsFfy_pO9`UYuarRoBv{Xdl7~Qtax?=p6Il3km#=i`c+9icTUDeJRShN$
z;~Rhup4GMk8mNxyl)8{DcuQGfk(2mvnzNO#72VCc#e@3wk!*g}7HSMQNK>pyta{*8
zOrV|rYJiVz^RYXMUyUB+TeWSNwq{1_L;X<Anyh|UmxQl%hP$u83{TLLH}j>6W{K}$
zO|-szuLkW**H8^856z4ZFsm<chI^##I~)MZ1BXx;^?C`*W0C^1A%#Bxt~)uz*pmj%
zR~hRC+ky_R0nsA5slH<LSKIKdnAwXZoW;2KVs(Yoo+?-~Z{?+T%snNjMSo#C*h^v}
zywa7pCKkjRsk3{ASUqU<KCh5{X<>b%IZ`qZ1cEAXfjum|{o00@rB|>I7<U`&DJtM-
zT`xgTl0Ti)js@3vgwixaM~V}=ZHpNv1i#6Yc<XdTc>hYQiyw#gC4xl-W$TxA9S7Q+
zE0iUX1y7Qyf2T6qPX6cT4JBjL(Ea4ObR-o_XOR6R^77H!@D__F+YrK+%%|ktZ7*Ix
z;yf@uQILDB<H~Q6BpYChB2cy=&LaRSsULr0bxD>!X)^)4N$ZYM_&w^xAkgoMRs!Jp
zVspht6*NF3I=t))1@cTUrekYd)^MeB^wVrL=*r~a^P;enBHE#*ZdElt&e*HDd)U3t
zx)Su|Mf+$>_3nxAx8u2ymhm_Gi6KpkxF_4#J=m42@K-nbis6RAhd3=>_Yk1*bg=QT
zy`XMU8z*i%6LDOD$ln03d*%Af!0F1QU8Vjv%y^yCRbU*<xWT}T0Z<(Oa;zVO7;kKG
zL8OAUShv}~5?vt>Eb2`TvAR`@co`acok|%Yq}wIl<@Do2wkVv(nvR1l{8yp9<q_t$
zC3WY_WBG7t{#58Ca8CR;dw_uai?g(Y2y%`C(HUa5Q6$y~<sdx_3O!uj6_15F3m~sp
zY-VaKt6{z+G5z#?VBwUviB|4=mzu~@&{|$IB7n5)6%U(N^m8O+2qH(HDAqG@-7*$2
zfjWe7j*biL74Hj_@yM81xlnHk-Tc;OAX^()C&q9ZP;w-)9~3QCCx93me_0n-fM(J6
zNSu>ExvYB44$6U!i0;=AYh8Pa&?ssH3n6a`a?4GrfP{Yp4hXd!r_A7eKr^FqheRYp
zLN2X#CTch*G@=9oeu4gBw=HZQw^+KBqbrs-$(n>45%HgrtHX!b_-l!vO-(4oEBB2h
zi54OcJia$G6x)IDO8}9urV0_~0`1CObesb_qZV62S;_;fSHf3makUozu3224GA4Q)
zc6=WT)^3GpEZMT#ZDWgkeeoJ9!+^I#c3Z_ve}p9N+2&p5A^)Q_%o8w*S09+L0@&7K
z>TKgVAf&U{z5afOtU+D#3=IG#=Usdhf9!X-Li&j?p%=an0~k5fRfOPJI4R>vK(r?N
zx_}517df>Vuk<gKd2D?qeA+0(2u6P&AoGu-S2)zS){V3mHW!p7hTGk+bpx7CH?N@`
z?hMO{)$nab{;Vio9fMIrQ0KcQr^X-hZo_H~X-DU?jt?1`*JsDQK51e{L)@A$*Z|Ww
zk6P%}(jmmh0Z2?4Q}#yF{FX26QvO!2%6?W!|E_CnX8S!m=U0^twsfk#odN=SBkryW
z7kaN#tHzmnK~YewvQ1}XF<;w79lbMC&@63AZe>#5GFSE=jk5&(a~7PEmd(27b{I9y
z+~B5jo(#9Zb1uh5|0sEkLFf3tc1Gvut_0BjS0E(~K^fc>!ZVAlnh=LpF_oZQxXhq<
zCQ|)i0wWkU95`oJ>`ji5sL)b3z61qj5Ot7w&jS=F$uQ4);m#Pp3kK97ga5*XdW2E|
zC6v=Dr;r5_n0}4nI~LKdB?<d<ARZDskUA@hqrNto^OD*@RFyZHiax}pT4|9z0@~V3
z!1yno^R7C@D|CS15tQVW>e+D4!UjTnfBZb{$%~)0anOy`2qAw1$`CvovG*>#Gkl^f
zj)odL=?#>k>mO&CKjEjM7%TrI@c0OREonxltQJ+^q@ck^mh%M3M>zeYE`5%|$G0;O
z$kPT4_=4yrKbyfT>7kSI%wCe1142be3`ZsW80-fD3D;O7z&I&G4Pt6pp)$#Lfo#yo
z=)wo;ZxbByMT}Zu3l3#fNIJ5fE){A}sW62q#A-C5rzIj0hN9hLH%n?z-H(+>C{p>F
zVM-T1K8!S>CJljWHl-r}{szWRg)#nD`av|INp~Y~U7>7w!4w{{mnbp-j?O^y>-$TT
z7Z*2Z-&6+U!LHCXuuG&dD<`=Qr6qn-ei6O*o~Wn=esTUGg9{e|)6dB><eiKceAt>E
zXSv)xAx+X5WC;Z94hj#mt5030jdk14OI@?S$EfmqH=ukLQk?n_$`N+w*h4^y>=BcV
zTg6$ij^I-B92|?k6Ik{EXduUD14CQxP%YjoBK!ajkfr%ggy=Io4&}8jaKeP3e6WGX
z_k>7LGmXFj@e&3XP$!<ERU`7OFxS??1pZ-NdyE3LJIARrpjN-1fBO80C?sm|FFX=q
ze;^qYhGr^~Z|v-toDbyB^z^ELkSjIu52}(kgg{eo<SUECL+dAiSQk^U_{w--<tGHo
znTkW4s+@@!_-&|=iAM<IZKynlYp?f6xu*|pYfyBu(94U?D<oV1aBwd^kaOj-I3v73
z;#O-VCV--+^=nuB!FZrW@|sz0P!{A!Xbw(6@+evO<Lj9nVmhahViJhL#J^wxne73_
zgthV=>z)E*W$F@O<BoPAjJkMnX~}Vz_bWKu{`ca_qim650cdFMAZ3JLX&U^FuMUyn
zjW8rynk)%zSyLjqA@nZZz3%z=+Qk;M8^`1kth|9}h2xONWkuzaRZFKPB(<ySqEGIs
zbLnd33Qzp9uo<U*ck`~a=I0fo?!9Uy8(C?pOmTutv9%h2CKj@0DPlLGdu(S(4afJf
zlI=f)N|i6l{1|CsO`yX5A+%JXhVu_08PoqE6noGy0rw|{%_ErNMaGs@<{v@m*Y~!p
zFRm@vAE_LsgMZ+lF#kg6-s*kF{Kj%_e59dSdO`b*^-(G76?0#Hia^YFQ6bKaepai*
z76_;pu0}1faRMJGuz|=pfL>gbSaIQo&LL*dA11=MFqLiANB9G?-G*hpQ0Q_o01d;8
zuiIch7#55QnT_Nn0U0|k)*-RAF(+l}XChKV=NkjbVuudloB)HQ=$(H?zu1m%mIQq4
z2Ii{f7sF*WEgMb8qh1y%#LqI)u4a~`6$FSA1*?4ekQq5rfv^C^K?o6lLa&{(GeF5*
z^rxmNYIuPpwjHmkz$X$NIz)MAJaq>ec;Q;rOE?uC*r-+5Vkf?e0<$r|7wcj>&`D70
zDTx*?*HSr3aZ&#j3KPwcKr?7)k<6G|?!qq6>^Mqn7R2P{%7|~PAX%}=oBAVs3;-wv
zJ;&qK)PEupuxSzY|8<Z3Dh+!6cno@mE}4g2P47b7fz>j+BDiVQ33^7?B3w`odWOx|
zfCamZHn_74yjaeF&RS=L|DA5<0(`k~7=Do*i&xXPQ8Dli9`c;-Fi-N?dky0>*tk9D
zboC%QO<?T$5Oe=Qt^H(EMe>S<><1Y1d>A6I{Gv8~HNl8TK^zgjH2Mt)r$kx4<z5M_
z5KRP<Flw?V-UQ(QFRRUNv-P^RD<E!zyTe}pMhW~$Y1T@MB05V*p9HDHGN3q_X6_|!
zgpyhbzQikuQo8dxLs}mDl~k-PCZm#z4%Rr)L{Gn^{u>M<!2z`I)|oy9q7R?~tVhxi
z#&nAHYueO_9O%c~EXJ!rgP0Dp8r<mfdjjtedU{Tb*+pJqoPr#IClH)bWnuXKmRB_F
zD&cbmBGILB3!?OZ2whg0IoI`|*QnG<B~l9~GK?YtiIi6sC9>4>#f@_+P?msHyBGVX
zM)SD#n&)JsK4akzhRw|tv^F4a!kLW|9R0oD$SF7lt*}WF|3)*?5KuTnD8A`lra*JP
zUC`E=x`Oe_CbVQvRVLOHwJHl`t{%@`wjy7|#g3PD3zCw7H%e*yZt5Pk5pf}V9`X@U
z)tY|k?~F5ffQeDLqCc;<txi^?vBhm_%u_$-K&#)VetgoQII2<Fn+d2>>D1wqzn)#G
zC3NVOUEXEGeWZ3msr=XCswhYunB)q|Ok=j~Du-$|Ie~F9vCRn^y+Yy&&_tFH`U*6X
z!nn+1XZ~zm38mMK)^5KTW{wB@_vg-?+uIr|1#(r+)ZTN%&s~E@>cXA)Kc6_R+-0yH
zzQs(?^5S+V3=clfp8!BD9MUFZcl68*&>m05Nplu90v;`6b*mX14><z$ekiBth6n<Y
zbFV9UeRW}a`@k(<MQ|5CDks!w*zL?vY*^VLK$0lNr2Y}L!UwZ;5Io62^o{=N@5zk8
zm5VW1_J+`VqIra2z7lsdS9hXo1wDE_B#5tQsxK=9O0wd=M*++7s05;r)P=fK&2|}m
zeoX`#vD`pM<URr`<uk9xq)gA@O7VOT3<WZMn_%~82EcgPl<gxZqp5ei#KzQ}v1^A7
z0qX#8;V+|%zF2q#pex8+{DE_FU%s?SZF3vYhFhw1;3!;=zKDYq|2J!L6K8W|8UV1;
z-*7ae1B~oCFhG=EIihY(j>$~Esh?B@sp}5qT)U9*`QQHAMmL2Uwc`>eWRoJSq>MC#
zN{uV29p7!@19T4Tr35~UfrUq6XQaV*BxdQ-eR{BzLZWo+_C=&!A48EiEmclfQaWz_
z^TR^#-gR^Z!;``~)UgXprn<f2(&R8?6p#|{7NLZ!UO+IC6F8ncu;f&wHOg>o6d^vT
zug}v;x}U*Yi2%Z_A?{yDKJoaFS-o{@@R{`CTA9||NS#U&C6Jb^XR?b{9bpZ0GxP;z
zVGY=fb>{&ZbA#PsbTaIghc>LcW_`uWZlCf-Wy9sw3)|uT)e*#b%TJX&#a<4T>gXz(
z;-*CHZh)#v!)oYYa4Z!xhp&wt^>jDY9hgvu1_IPtl~9LxkW;v1IcA&m^W@@!dyOUR
z&?xyo1p)QP6=Gi}9wPLA7X*msr67Y0*ydJUiM1)T7C0mbrYQP~A^xn-4X%?}fj5@d
z+Y;`2)+^N6?oW%Y$fWV}@uZT=nmQ4Wd6*~x2%`D)F%f~~B0+2gq%_mVVW?6-W^xbi
z*uPPH>5(gUz@87-FAW@Nn2e=%szbEKB^Ijw9e7Ociw0JA_35LD+CddMlHH7a4r*LI
zqECkT^_?NG9wqRGyC~4@zNZMu1q^X0W0J5t`N)3qi~za%4})U^eR%HnP}?Nl2D(QA
z+UJA?-+w)DCWH{BC2J92Y-I4Pe=2}a2C9TV@q^8oGjPm8vkc~8u}(x2<!&7@yPmJF
zGM}SHCnoE{6&v<Dozb&T2IdU7$wAlmz$MrM>H~gXxuJ;Ys41<9hIQ#wN<OSE71XU(
z71Yt4oQ8F={4qdSQNQXr{kL@b=qu=ee`}}zZ|xpM^|2wp#=|VkpVmz!nk~#Pp^LOP
zxvf?`!Yt@vW_{LfL;7)&18^i!&H~yBH1zKN&160NmP)etJ8u@d{vkTI@BZ*TR~s&N
zlRgZ^7{*sgrs04+q<Q!GcB)5%T&-Vzi(9hb-Fzu9Cx_kN%y|`)D`V^Xmumoaql+#K
z#X=3qaj%EEpF|`kOV+!Qn_Xm==DaK`dMbJPmK~-GtMPRqD_dCoE{sq{AhQFM2XY)Q
zl6|U8<+JyIsKZc^1be!nPdT9+O<@z?z3g%gCFK4XJ^%eRzvPatrGlUCxE*dbha>b>
zIp6h#4Qg{fhC8egSY+$&@o+!}sqUKoI5C8ox5WxkgyPtc#WW!ua$azud&pBIxeHnm
zD{hI1@1YV>+}O^vgsAP%PcfpVByRTE!s`_a!yvbmHWf2(!xqY%kCjO`LU3f<Xp75)
z(9zoGfYdI#_^UNXTc?*~*zfg>Zm1VT1v<O)lDGzj2F=kbxzL6Jj0V77;7!_&ia_Pn
z5KY6?eW3YfCFS>ZX^{D5HOO>RMm{Fpw3RQnk#?hN$v<(Irf#JDPu!)^8=1@_rlI!>
z@iAP{6@wD8dT`L{DkAaPo*G$R!|>{6kY`MX3noq;uMc{jG>^_4fSjtU9bIvoT3kzp
zWCpPn<FW|LO+5B)1OdSB(T_dVcpDU;c^iuVQihMh4+`k@emyNu*1PJ4e2Gz9NsU}F
ztNAwMPn7uPoXbkXYjy9SrUw;JrtwjFX2)p)!Q{t;n~^2?m!?t#M8=Xxn9?9&ykt!+
zR)@S6hz&5co(=yR0xO35L?Ayv!wNB0oWLf^=Q1&Aiwx#-Tmt-Ns)?<QtN~L>wKZm9
zVvPujI9@M<hNbbM(`jQ3p0Udl#}4*vo9;*LzzT87GOak*8XA%tafY9n>F^h&gXaN&
zr0(+`BFX&`lT4V9ca_TLx*OP3`~^lXZ-lKjC4@x+0SW^tyd425sjbj=R~ljlL#H7K
zqbE#m(I&FobOP`&*LjIpX!5wg?(b!5sp+L@p^JX=UTlhKOAkpy=N0y;)v(eIO9OXP
zv)TZmcma`{R;fpbhsB>hYZ#A-o1I!k6&vT_KGP}}8OI2V%T4BuQ1T0^eDs5#I(Rry
zR~xzF4l&J@1dS73Aw4<!LmT3p$zlQL61)24cSXtw&IH)HhKI4xwKH8r(#a?yBdE9I
zNsP?!fSpxH%AM0o%Oo!K#@FZKXdi{Oxp(j5{?(7_VtORb+x=cdF_R%P0DPzG0xgIS
z$>ossqCc~Vnout*iFxEZGUfxQ>r;?3PRj2y6E8*<lg_?D7Qay`8WjJSZaawO8@sbv
zI-B#9h6kiUb@Ht9OXTR9h&2he{t4VNj=K@Un%mWvNB>X3m_(K&)gG5=5IRKvo@{<*
zwX=<d{4V=<tfeFbrq@jT@~4M8FD-_2tf_Ww_~?oj7+H6=OK!y=C?Xz0?5e~dj7Js}
znYS7Qx%nT;Vl)3xCNgPEZu^Hai3X9$Ka>F^4F9oAGUq$$qo-sl(Jo+7;jGb?N3_zB
z49b3^rgT_TFh=X^7dDIg5EC@k(c+DcPV74;bU0TGj8lKr*inHR4sFX2q*=Qw<2OD}
z(W_*}jNLE=0+GFx&W0PTL-kn_?5jGE7j;QqvYx9@Uu_f^(7gL@|9XyKbewdK3@|Y|
z__sTzd_<3j2??*#r1g`Yl&MZg&x%RgG+nWV+FdDl8V(!ZF}<WfC%BYHf+XOhK1FEL
z%9lD_(M{x_37sK%O^+MbD)$Q>E0Z%e`0IlB6!wf)fd409Z!=P;T1)?x6|x}H7Q7SO
zfw-JPEOmHK=ORnODv?s9hBc0u9^mJkV|SjBk=585V3tjR%+XXWJn|<n!rjAzR_yAY
z$b`3&@+G&F*o3!QWaPg-K>n`}BD5Mw3;(I=2=xf9f2um-zdneMNbQ5=V}PP7CM0A9
z`(Gb`Y|aJ^c+f)GDI={<VonWi-GB~*KG-QYbPW89k=u8UY8`M>EIcTb#a;;NBAn+x
z&i(Ih4x={E|BeMC+4qLs3)V#YIR4qGj9=p^C~xanXaOCsS|BsWiE;y6a!|4(n5(Ac
zaXPsRis%^Cb;{ukf%!yWH2ph=@(EY)$~FpHba3Yw7-<SMKf+GGgk~iU_YbVnT_Q3<
zCxxOCr0;6e0h6pi>kiZsN3f~ys%_K~;uk9V5Y*;hMvf<7k$W~S{34euB)A;N*jz{x
zaB>R{jRMHfTb1nVLj38~1K7|M6^aVGjgnB)@r{K8OFjwWPZ*&lL|@9pYlG_;yQ361
z%evXc%up<WR&}Ed<O8%;h70$B&YT^S#?xFaF{GOZfH?bAbutHWgIahdDO*n3*X#QM
z$L`AZu<g=8$L{Lj-TyKV_%HK2-NxpMf8h43-|7AXxBq_~+>hQ7%EvH3Uwlfyy7#}#
zoi?X|w_a!l?3DvIZG+u$?GWQYY*#E{yGKX=O)gTKuD`Zl2;i?UCR$8P=m&rSYa=8?
z=&kS_7a_{CL%q84n|<fT_$*j0euk^atw8o5Y?T{#y$s-qm?OZRqU=6f2BxS}DdW$d
zjEtLA^rYs(!LwK)O6E&BaC#)i?IVaAU9Z^Yie3uekjw{4c1!hQg+Dod`$|~&MA3fx
zs&g%O1`kvQhA=mKg-1$!d>B1|LD77{d#%qxqSB(wkOJ{Doy7=0vW^D0{^+COj>0Ww
zX6`<+t}Nu?g0Js)9MUd(Y}+I_Ba%E^(Mg|u&IcIxqK0y>WXDcT#H<JnL&0Wjz+pna
zp2>YfEl-wDfb<i*TVMn0E10+8@1{ZDd7#B~Um@dR7i);HJg4w~9)S>G{eL21Z`tf&
z5jIc^JPD^wS5m%IvUpZ_D1M|9JIJuuoxlTY&~zwrE>rKWB((sv93hl@$Vv)Q)HV3?
z7#T?Y6eHW+jkDxksh}3=H6DR(qC_NNTT+s~KHA6_Owzz#3T_Q8&?bVQXx<~<zDRYm
zFOeA1)FZj+@h<@9=N;n@+V1aA-5a2I>?Qeh;TAzU2u?TwtAPoP2%AnnoS{+Ae$b!Y
zKlM(($3v=bN)2HCrv0kEsfE#;H3=}#V=ulw-m4mAz%{5wuhZGD0>($L>k5qI7p&vC
zq<?e{s>R-Z%NShM-tc)cqV=n>+~jnYYQ+YYq*ZcfP<jR=nNAPHAu|mxNY?M>BLrN?
zCjI3h5uzQICS?I#AqOhfUOt#GgeY6jv^0>*U0Fxs9ieg>wzi4w6`SGcAW!AprA0Y!
zrmH*Y8zJF>C8nqTD!a{@pcKxV>Y5m1NR}=nHsA7~aDPHLICH=^a5LutGFuW@r0kOB
zgOqS|kdXomnyGR=0j3Nsi?W|qCV;Z#;m7!`)%NhtMWe?Wua^Jpu6^qO^nJbcdE2>z
zG}^MVV=r~Sx+J)<8!!J%@BZ{*n0V>?ZqyilsGfAaJltO5$WbeQ^eY`e)qM2!Is4n|
z8|r>nk#|i_v(n6L7->slndt>HGa7_mgOgG!JTd|dq~aB~+vrGC0t;l<&WHbGW~iv6
z8T`2N=uYP2W+zo}wuO)gFFQ~d^V>x2dya!b;)+>FJlFp1z!zfHwYg&7i_(cPU5;_u
z!+gPh)zEqyeN+3Gtp*PJ+TZS}`%>-4aMg8tOE3!Ix?{pC_<9AZB>h}AJPBju&{vQc
zlnMt79l>+5i-8L{;wShiS1G9iy9ZwPAzt_#wF=i{K-vv*b{wKu;UwTmH|)pmU@tVa
zFFOqM19~VJBAwuVX#xz_uz(45v~~i1y$jqYVzhboKpZe;U3*Mrzj)9d%S+9v*>>0V
zrfBlUdi<%@urv&)x}PWf`Fxc8>Kc0;N%;bBmX%G4?Lu$E9trl<_1dk}hinh~y6NMB
z`-ZR-pFJ&-PzYXBRI{w)WF22j<f~j#upAIi;{7EXb&8FNMCphe#>2dIH_0-Y7@_5k
z8R;16Eohq=MI~qT@{aNyLA%|ltYv90SBv&zDnY*Rz4A$!WH)VebN{kG0u++EOUnQX
zRNwqCQg;-Zv{*uZzp7aC%jCUpQ@?*lOeEudN07BPkxlM81vuGx;zcY2eZz=lW2wpA
zVRMxHh!nbsojs9@%IXNUyJ9RvoJD6+Yj&UOX<28@^oOM0=U;+lf1_ps>oKqY5IIB{
z6qSIQO<-19HxT)*ES@LI0nXb+KP~|>GIf`if5!iASEIfXztlX1>aDG{iW;4CL0nI<
z`P}#DsK)wY_eZtfP<{q0N-=|em2c5<9p{bUlV4pmol-;_kQoaWAw{MJJX6%J!^q#_
ze@5Mi2Fu)P(dVBb)eiB5q+F=*4JD%6KM@0?uUAA$gDg${dfB!u^m+6c1?&MTZ&)1S
z1yn+&Jq8{N)2OBi{1L@d!0VxX{)FaO&KAyiLZk?jBA8vdi23;VN8r~@iIK`u^q_WQ
zCW=vI_&yNb()YmbNKM1dMGU<8K9j036dJ74n5V&W`Uq$vUOJ%Rxshk)5@ME99~^|D
zuO!|EU68r%4Q_XB1QxdL-?;#OL^q}JwS8;e%=n%<(>vfWaT1wlv!j}%opeY@9y&yQ
zK^%0h_n?Z{h@#%g(Hn#dA3y~m+xfV~2Bo1x1@Em&H;b8HJ-iR4HYN>?T+F8VNx2d?
zxK9zBN4%9NOP?NXLP5PX{E1G>RAjaBrJ=)aRHo(S!&s^_`|T@Z4J83`Rw*2zUvd|p
z$gxHAf{qtyYa}=*Gm>6CIizuD`69ZyRM1I1zoSG9G&b&#cn>KuOg_@dU~c6O|GO$7
z40(q;vwaf`d3wY^L!{j2Vs><f7Hcl6%;!QLj;jdL;9vucjc5pyGCf8Y9g&32#f|O6
zhUp{&^Zx=C3+eRW9FY=Yq>2{ge=LT}RzjxYkR;{HV4@g+<8d+++<apWS@iSB1<3bG
zh0x{08#2)pVjiw2QVXpMS-j}_qF5Kg`A$gZ(P{VO{7T-27rj_bNmkZ&=<jOjqIdsN
z7ARN%Mi5FDq?;7XQT^NAD#gwQxzq5NF7t5d<Aq5Fvxj%EoI)6d!li5Je?rm5#JGy&
z*9<wBGRU$t2{lQYLqKtBAZ%fC!l{lN*CZ^i2=Oq=MV?E2x(|W2lG9$)5m7Q2#|~#g
z9S##Z;49dE!qaBbLDO%iE`MH<TLLsi=Tni>WvF8E`nop}J-Le8nLk*)i6%*SN~0AS
zqQaMFzt+lc&i>dipN&T}e>iEoUdkkj>|S-y;Zjh(&%Rf^mnr|^Q*9;tlRu6!(c3b2
zr$AklxIp{+6KFai3XN}>)Ae**o>{4uVPzz~=UE3yE%>ylYG5m~bvPcI5G0z~mgd{d
zXuh2i+v=HiZ)=3X3BxlX3XE!mvCwtxpFEcru#rnQXP&m^48}4ve-leF*ib$6{GOSz
zBdI(V*8Jg&c`GDXJ_(bj#kmyx@4x+qe<G8E44L&Q{0_45*>9*R43EPao9uS*9a369
zc-YoV-wB%<SiIP=u!ba-P6<1>oG?yCo6`LB_djH@Bi~FXr>rL~-4Pfs`hAp8&YOA%
z!Z!6gBo^R<9NVMse*$a7_i&)3x8wrzVb+j|>Hi&KZclyy=#z8dAZEq?k9yb1bt6fW
z%5uIQpNiS?Db{$t2$t~Y$TNQQYFB<6Pswj1$q8MVwrSkRQ;X=y+Tr<eGLgDNIT#_P
zc!Q=n1jZ*q2+KrN6`zhyQ~U%KF+BFxtt9`z6fecnWE~y7e<?;turj7llkha|u~>Q9
zEYi~^cUg^l)FiB`GaKqA`^+R!7cUqmlFnYW#8&WByh2))SIFYLLOiSG=j0R;k)Ox!
z6f(umJk#RgJB1`#@uy#@(AacY)K`ELlZ*&=CTN|9Ss?04++7iqt`2tza2<d+y&_|l
zW4nXl*yS5bfAS7#JwWde-^;=C!*ESAyls~85Q+O&L>)xX|NEc+gGB!MWDk*K=MePb
z1-6VAFQUV(mJOp8{kaj!f#OthK^!K-HotKQ*+5&dYrE%8!s@y1Ai-5u@dpu}CIlOm
zUr6N_Qu&2EQ@;>zaat^y-ohsG2dJy`G?nV-EBBSk7Ja31U#Z+zD)*JjedQt8d{^!(
zmHSGQv0EX3!GmQQ5Gpi0S3|-G@(v=*)6_t4ehQOkNYI}t3aUS+0+@CC$g<^A${;D{
zomCG4i9u6-{ZOZ6J5rbBjH02*C_}atsS^nnFBDI4jgg1q-p|Qc$?Z}8GI&N9XipOW
zMaVg;;E6IxZ3Y5&u4?gC0KFBOnf^fB2OKuTIAmsjSeZG+%FGFnOJ_h<Q*Z=GK}#S7
zVeRtRO{?Ln`O*5V>=Zw_E?{<o)>W+Qf%Mp8%_DI2GE^i7cXkqPMbI+RZKui<`nJ3%
zsR^`|wa1gE0$H#<LIa`e#Dy+Zz`|UHo=B|%gYqRw7_kI&JU~&p6h<{U!W1c_iqk`q
znQ(o7>J$}~%M^<us4vAsB>7&Y07;{#ha*BoceHzujCB1`NxhLrwcn|7#|hO&E8Tho
zEt<l_@@^J^DMI4W_Tk+vD%beRHNJ9<uUz9R*Z9gceg@b0DOZciGd^NNUwOut@{DgS
z!83kJWbeZ<{y}(jJQfdmAJEQoke?d4rTWKzC;B9nbL4E@yMKJz7b^ew%0IsHk4K5H
z&BGwbTihzY{iox%-?|^a{nkSL_FJ?2?Z>N@*rM*)Z{K$`pT%u|R_FUPFLk9?ru@t^
zHs0bAnU*<qYJ0AY-JVI=kT}QDDoOj6dYXRAM<$f}e*Eft#vR)lyaHhI<@a0OU+BVr
zB$yH8kUpG2ZK3(^+ooyXLEhFL>DyrcE=>vGiO4eVG5zxUt?{dC>-+Jm|Mx%t7rht5
z5h;Ma$7tw~{=s$Ot&=;1_%}ztbJ<qVHUDZg{?*z$I(qZ3*8bLeB8Uf$*yhN%uD$Y}
zAo1w?E&M7%;gvu>MtFjHB!M)1gEvQiY|FnA`b@AJ%f7SZmVRA(CH_M4Pxu1lvE`VG
zG`FJvC__Hsbu^yt-qCcgZU$st4U;J2!Hov`?Yj0V=np|b(A{u>3FaR1`xH^|h2l&>
zP{KRPEydEbsHF+lX=0$mi!KW(^5q7$uF!sjfgzXRHTd|tZ*XE;1obc=&bB3gjZ4B0
zk4<cCgyQFY#WmsoO&WYGEqPxkx8ReV<P~Mw1BTYW*KLEm+A{6IfLa4sT*89iZ;6*1
zo9F{0K%)QAxVtqV=>F%!5BpBno2YB)rfU!*=n6+l-{$vQCQW51V#<@x&$rRbWnuQv
zw<uQ1YbTw3k1$|6y!$3G{yiCgy}B^5Wf4P&97cVYyADx0fQ(-Gy|5)mH<Y9g0N$Dt
zF=2>4v~1HJOq3-lL4uELgP4Rd=pxU6=?$#!qGLo)$^ao!l07RqO?QZ}?8hcUa21&r
z>I(-nA%D4)QBK&DT-v@|f{sNDvz;(Ig#qGbbdF+UM6E66Im&GbTRC-q-g@SIegU~u
z1yUnD3=y`XR(~=E3ak(wnZhy?oq|kg=sm%Tm@?fSlhE-$oVgpD2x1E)TZLhh*@#p9
zCisMJ_muPzRnU*@@kBK0(b_#0g5>?hi0%-M*1i7<3pHe0I@wT~fJHlMj0VRg1aPM0
zdX}EQArn}&!EY0d@jxtpn1N)<@r|u<A)cbhWUC(ZNPu!CzdrO8YVSdzrj%(m!a`my
zZUl+7X{6L%D5Gf`ln7Dd?^4&bSEmF!78=2pf_t{h6DE+@CjNtpH5qJthOH+xA8gCv
z2AgqM&Nv~ZpLu-};sx`MyhUs3@=W$U9Ssn3bfrrie77l2DJ~;_j@M55fyFzkoZ16h
zIi~>hcwIwxph-BmuI+ZlU#@FtNZ<q<{Qauf^(6J`lLmdI*GNQ@vQeZ$=uv6ZNWF_D
zqD1-VklI8t8kB<q<)A-vqdqEu87NOCx|5FTOerCfF@`BDK3&ctU~+I5_MX6ePtN$A
za(Rrlc66cO1f_I;EBDV<Yn5#I+XaK|q6AyM-3C;X*nM+tWAl^xIH=n!&R%k}>Qg_6
z-^%%IrSjXFhu>B*zpa(?yPeAK_B{M<C-b|#a(>&X{I=)ex1G#yd*%FgQu*!7!*3^<
z-_FYU-AUzlXC8iclKI_PIlsH9{O-=f?`|@`yDR5+FO}bay?OZEOXhcP<^1la^1D9|
zzx&Dj?ysERW+VN;(U|MR(MUORG-l-4yKTc|ds2esp;ApbVyTa3IbtO@t3I9ch_x_w
zTdC}pIAJ9>o4{^s)$DGkvRmSSmE3FsyW6W~x1GvviSt!*vkC0BSIurGmE97@tK?=A
z*zK&E-JMi_c1xVDlABFncW2e??xwO^;&7GRYy!Kxt7dmEmE96&tK?=A*q!xkm1-3?
zcWRm$G7YSN^isf5hOvc5dahAVpE`_RNK=7h82}#)CU&$&M{BCV&}(4MTc}`Qpb^6#
z70fhv8pQn%ZLAZ}PQ!*6{nJtEeGhwT4Pt#325Qwp{D=zi5`F|Pwa1h`@_q$<wJ1yJ
z+++ywWzj7)+vQ`I%eejD{PWHK2T)4^0u%!j00008060giT#RUss6`S00DF@QV>ll;
sN32|=8k2cEPyhgcTmt|R00000000000001_fqIi-V<ZOUVgLXD0EQTR=l}o!

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index 137f7b9eca2..1bd36def98b 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -397,7 +397,7 @@
           {
             "name": "huntingquery5",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: New src->dst node pairs (lateral movement candidates)",
+            "label": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
             "elements": [
               {
                 "name": "huntingquery5-text",
@@ -411,7 +411,7 @@
           {
             "name": "huntingquery6",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Top talkers by bytes (virtual traffic)",
+            "label": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
             "elements": [
               {
                 "name": "huntingquery6-text",
@@ -425,7 +425,7 @@
           {
             "name": "huntingquery7",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Exit-node usage patterns",
+            "label": "Tailscale Premium: Exit-node usage patterns",
             "elements": [
               {
                 "name": "huntingquery7-text",
@@ -439,7 +439,7 @@
           {
             "name": "huntingquery8",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Beaconing candidates (regular periodic flows)",
+            "label": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
             "elements": [
               {
                 "name": "huntingquery8-text",
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index e6763148da2..f04f78fd144 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -1639,21 +1639,21 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
                     "enabled": true,
-                    "lookbackDuration": "5h"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
+                  }
                 }
               }
             },
@@ -1752,21 +1752,21 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
                     "enabled": true,
-                    "lookbackDuration": "5h"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
+                  }
                 }
               }
             },
@@ -1864,21 +1864,21 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
                     "enabled": true,
-                    "lookbackDuration": "5h"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
+                  }
                 }
               }
             },
@@ -1977,8 +1977,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   },
@@ -1986,21 +1986,21 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "NodeName"
+                        "columnName": "NodeName",
+                        "identifier": "HostName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
                     "enabled": true,
-                    "lookbackDuration": "5h"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
+                  }
                 }
               }
             },
@@ -2099,21 +2099,21 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
                     "enabled": true,
-                    "lookbackDuration": "5h"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
+                  }
                 }
               }
             },
@@ -2213,8 +2213,8 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
                     ]
                   },
@@ -2222,21 +2222,21 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
                     "enabled": true,
-                    "lookbackDuration": "5h"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
+                  }
                 }
               }
             },
@@ -2336,8 +2336,8 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
                     ]
                   },
@@ -2345,21 +2345,21 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
                     "enabled": true,
-                    "lookbackDuration": "5h"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
+                  }
                 }
               }
             },
@@ -2460,21 +2460,21 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
                     "enabled": true,
-                    "lookbackDuration": "1d"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
+                  }
                 }
               }
             },
@@ -2575,8 +2575,8 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
                     ]
                   },
@@ -2584,21 +2584,21 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
                     "enabled": true,
-                    "lookbackDuration": "5h"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
+                  }
                 }
               }
             },
@@ -2698,21 +2698,21 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
                     "enabled": true,
-                    "lookbackDuration": "1d"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
+                  }
                 }
               }
             },
@@ -3097,7 +3097,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleNewNodePairs_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscalePremiumNewNodePairs_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
@@ -3111,7 +3111,7 @@
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: New src->dst node pairs (lateral movement candidates)",
+                "displayName": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
                 "category": "Hunting Queries",
                 "query": "let recent = 1d;\nlet baseline = 7d;\nlet recentPairs =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | mv-expand t = VirtualTraffic\n    | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n    | summarize FirstSeen = min(TimeGenerated), TxBytes = sum(tolong(t.txBytes)), RxBytes = sum(tolong(t.rxBytes)), FlowCount = count() by Src, Dst, Proto;\nlet baselinePairs =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | mv-expand t = VirtualTraffic\n    | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n    | distinct Src, Dst, Proto;\nrecentPairs\n| join kind=leftanti baselinePairs on Src, Dst, Proto\n| order by FirstSeen asc\n",
                 "version": 2,
@@ -3165,7 +3165,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: New src->dst node pairs (lateral movement candidates)",
+        "displayName": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
         "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
         "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
         "version": "1.0.0"
@@ -3180,7 +3180,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleTopTalkers_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscalePremiumTopTalkers_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
@@ -3194,7 +3194,7 @@
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Top talkers by bytes (virtual traffic)",
+                "displayName": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
                 "category": "Hunting Queries",
                 "query": "Tailscale_Network_CL\n| where TimeGenerated > ago(1d)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(TxBytes + RxBytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), FlowCount = count() by Src, Dst, Proto\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| top 50 by TotalBytes\n",
                 "version": 2,
@@ -3248,7 +3248,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Top talkers by bytes (virtual traffic)",
+        "displayName": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
         "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
         "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
         "version": "1.0.0"
@@ -3263,7 +3263,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscalePremiumExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
@@ -3277,7 +3277,7 @@
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Exit-node usage patterns",
+                "displayName": "Tailscale Premium: Exit-node usage patterns",
                 "category": "Hunting Queries",
                 "query": "Tailscale_Network_CL\n| where TimeGenerated > ago(1d)\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| extend Src = tostring(t.src), ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(TxBytes + RxBytes), FlowCount = count(), ExitDestinations = make_set(ExitDst, 25)\n    by NodeId, SrcNodeName = tostring(SrcNode.name), Src\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| order by TotalBytes desc\n| take 100\n",
                 "version": 2,
@@ -3331,7 +3331,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Exit-node usage patterns",
+        "displayName": "Tailscale Premium: Exit-node usage patterns",
         "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
         "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
         "version": "1.0.0"
@@ -3346,7 +3346,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscalePremiumBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
@@ -3360,7 +3360,7 @@
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Beaconing candidates (regular periodic flows)",
+                "displayName": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
                 "category": "Hunting Queries",
                 "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n| order by BeaconPercent desc\n",
                 "version": 2,
@@ -3414,7 +3414,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Beaconing candidates (regular periodic flows)",
+        "displayName": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
         "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
         "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
         "version": "1.0.0"

From 7e261e96690bcfa7f9281d18d59f74bce9cb9632 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 10:34:57 +0100
Subject: [PATCH 06/27] Tailscale (CCF): full Free/Standard coverage (9
 pollers, 8 tables, 16 rules, 12 hunts)

Expands the Tailscale Standard (CCF) connector to comprehensive Free/
Standard tier coverage. Polls every accessible state endpoint plus the
audit log, with audit-log-based detection for any data shape that doesn't
fit Sentinel CCP's strict-schema model.

Standard connector pollers (9):
  1. /logging/configuration -> Tailscale_Audit_CL
  2. /devices               -> Tailscale_Devices_CL
  3. /users                 -> Tailscale_Users_CL
  4. /keys?all=true         -> Tailscale_Keys_CL (auth keys + API tokens
                               + OAuth clients; new KeyType + ExpirySeconds
                               columns)
  5. /webhooks              -> Tailscale_Webhooks_CL
  6. /dns/nameservers       -> Tailscale_DnsNameservers_CL
  7. /dns/preferences       -> Tailscale_DnsPreferences_CL (MagicDNS toggle)
  8. /dns/searchpaths       -> Tailscale_DnsSearchPaths_CL
  9. /settings              -> Tailscale_Settings_CL

OAuth client scopes required (granted as Read on each):
  logs:configuration:read, devices:core:read, users:read,
  auth_keys:read, webhooks:read, dns:read, feature_settings:read
  (or the bundled all:read).

Endpoints intentionally not polled:
  - /dns/split-dns         dynamic-key JSON (per-domain map); cannot map
                           cleanly to Sentinel's strict-schema CCP. Full
                           coverage via audit-log rule + hunt that diff
                           Old/New per domain (richer than a snapshot).
  - /user-invites          requires write `users` scope; audit log captures
                           CREATE/UPDATE/DELETE of USER_INVITE targets.
  - /acl                   requires `policy_file:read`; audit log captures
                           full Old/New on every change.
  - /posture/integrations  Premium feature; returns empty on Standard.
                           Documented for Premium connector in
                           PREMIUM-ENDPOINTS.md.
  - /network-logs etc.     Premium tier.

Analytic rules added in this revision (Standard tier):
  - TailscaleSplitDnsModified          High / T1556, T1568 - DNS hijack
    risk via per-domain routing change; expands Old/New for added/removed
    domains
  - TailscaleDnsNameserversModified    High / T1556, T1568 - tailnet-wide
    DNS resolver change; diffs added/removed resolvers
  - TailscaleMagicDnsDisabled          Medium / T1556 - MagicDNS toggled
    off; potential precursor to wider hijack
  - TailscaleDeviceKeyExpiringSoon     Medium / T1078 - device machine key
    expires within 7 days
  - TailscaleDeviceAdvertisingSubnetRoutes Medium / T1021, T1556 - device
    starts advertising subnet routes vs baseline
  - TailscaleUserRoleElevated          High / T1078, T1098 - user role
    changed to admin/owner

Hunting queries added (Standard tier):
  - TailscaleDormantDevices            devices not seen in 30+ days
  - TailscaleAuthKeysNoExpiry          auth keys without expiry
  - TailscaleOrphanedUsers             users with 0 devices
  - TailscaleSplitDnsPerDomainChanges  diff per-domain Split-DNS over time

Reserved-word fix: Tailscale Users API returns `type` field which is
reserved in Log Analytics custom tables. Renamed column to `UserType` in
table schema, DCR streamDeclaration, transform, and CustomTables test
schema.

OAuth Connect fix: removed TokenEndpointQueryParameters block from both
Standard and Premium PollerConfig. The CCP framework auto-injects OAuth2
reserved keys (grant_type, client_id, client_secret) and rejects them
inside that block. The CCF_README.md example showing grant_type there
is stale/wrong.

Table rename: Tailscale_Configuration_CL -> Tailscale_Audit_CL across
all 20 files referencing it; matches how Tailscale documents the data
(configuration AUDIT logs).

Premium connector unchanged in this revision; pending validation against
a real Premium tailnet. Premium-tier endpoints documented in
Solutions/Tailscale (CCF)/PREMIUM-ENDPOINTS.md for future expansion.

End-to-end verified against a live Tailscale tailnet at Standard tier:
all 9 pollers fire on the correct endpoints with the correct OAuth scopes;
seven tables ingest data within minutes of Connect (the two empty ones
are correctly empty - no webhooks or auth keys configured on test
tailnet).

Testing performed:
- All 16 analytic rules + 12 hunting queries pass YAML + ASCII validation
- Schemas in CustomTables/ match table definitions and DCR streams
- createSolutionV3 build succeeds; arm-ttk gives expected failure on
  CreateUIDefinition-blank-property (false positive unrelated to this
  solution)
- Full teardown + Content Hub Install + Connect cycle verified
- Tailscale_Audit_CL, _Devices_CL, _Users_CL, _DnsNameservers_CL,
  _Settings_CL all ingesting; _Keys_CL, _Webhooks_CL, _DnsPreferences_CL,
  _DnsSearchPaths_CL pending first 60-min poll
---
 .../CustomTables/Tailscale_Devices_CL.json    |   27 +
 .../Tailscale_DnsNameservers_CL.json          |    7 +
 .../Tailscale_DnsPreferences_CL.json          |    7 +
 .../Tailscale_DnsSearchPaths_CL.json          |    7 +
 .../CustomTables/Tailscale_Keys_CL.json       |   53 +
 .../CustomTables/Tailscale_Settings_CL.json   |   14 +
 .../CustomTables/Tailscale_Users_CL.json      |   18 +
 .../CustomTables/Tailscale_Webhooks_CL.json   |   13 +
 ...ailscaleDeviceAdvertisingSubnetRoutes.yaml |   54 +
 .../TailscaleDeviceKeyExpiringSoon.yaml       |   46 +
 .../TailscaleDnsNameserversModified.yaml      |   46 +
 .../TailscaleMagicDnsDisabled.yaml            |   43 +
 .../TailscalePolicyfileACLmodified.yaml       |    9 +-
 .../TailscaleSplitDnsModified.yaml            |   46 +
 .../TailscaleUserRoleElevated.yaml            |   53 +
 .../Tailscale_ConnectorDefinition.json        |   96 +-
 .../TailscaleAuditLogs_ccf/Tailscale_DCR.json |  354 +-
 .../Tailscale_PollerConfig.json               |  340 +-
 .../Tailscale_tables.json                     |  376 ++
 .../Data/Solution_Tailscale.json              |   12 +-
 .../TailscaleACLPolicyChurn.yaml              |    5 +-
 .../TailscaleAuthKeysNoExpiry.yaml            |   22 +
 .../TailscaleDormantDevices.yaml              |   25 +
 .../TailscaleOrphanedUsers.yaml               |   25 +
 .../TailscaleSplitDnsPerDomainChanges.yaml    |   42 +
 .../Tailscale (CCF)/PREMIUM-ENDPOINTS.md      |   34 +
 Solutions/Tailscale (CCF)/Package/3.0.3.zip   |  Bin 25484 -> 39222 bytes
 .../Package/createUiDefinition.json           |  174 +-
 .../Tailscale (CCF)/Package/mainTemplate.json | 5190 ++++++++++++-----
 Solutions/Tailscale (CCF)/README.md           |   10 +-
 .../Workbooks/TailscalePremiumOperations.json |   21 +-
 .../TailscaleStandardOperations.json          |   21 +-
 32 files changed, 5716 insertions(+), 1474 deletions(-)
 create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_Devices_CL.json
 create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsNameservers_CL.json
 create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsPreferences_CL.json
 create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsSearchPaths_CL.json
 create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_Keys_CL.json
 create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_Settings_CL.json
 create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_Users_CL.json
 create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_Webhooks_CL.json
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceAdvertisingSubnetRoutes.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceKeyExpiringSoon.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDnsNameserversModified.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMagicDnsDisabled.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleSplitDnsModified.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUserRoleElevated.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeysNoExpiry.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDormantDevices.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOrphanedUsers.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml
 create mode 100644 Solutions/Tailscale (CCF)/PREMIUM-ENDPOINTS.md

diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Devices_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Devices_CL.json
new file mode 100644
index 00000000000..b03537339d0
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Devices_CL.json
@@ -0,0 +1,27 @@
+{ "Name": "Tailscale_Devices_CL",
+"Properties":[
+  { "Name": "TenantId", "Type": "string" },
+  { "Name": "SourceSystem", "Type": "string" },
+  { "Name": "TimeGenerated", "Type": "datetime" },
+  { "Name": "DeviceId", "Type": "string" },
+  { "Name": "DeviceName", "Type": "string" },
+  { "Name": "Hostname", "Type": "string" },
+  { "Name": "User", "Type": "string" },
+  { "Name": "Os", "Type": "string" },
+  { "Name": "ClientVersion", "Type": "string" },
+  { "Name": "UpdateAvailable", "Type": "bool" },
+  { "Name": "Authorized", "Type": "bool" },
+  { "Name": "IsExternal", "Type": "bool" },
+  { "Name": "Created", "Type": "datetime" },
+  { "Name": "LastSeen", "Type": "datetime" },
+  { "Name": "Expires", "Type": "datetime" },
+  { "Name": "KeyExpiryDisabled", "Type": "bool" },
+  { "Name": "BlocksIncomingConnections", "Type": "bool" },
+  { "Name": "Addresses", "Type": "dynamic" },
+  { "Name": "Tags", "Type": "dynamic" },
+  { "Name": "EnabledRoutes", "Type": "dynamic" },
+  { "Name": "AdvertisedRoutes", "Type": "dynamic" },
+  { "Name": "ClientConnectivity", "Type": "dynamic" },
+  { "Name": "MachineKey", "Type": "string" },
+  { "Name": "NodeKey", "Type": "string" }
+]}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsNameservers_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsNameservers_CL.json
new file mode 100644
index 00000000000..5d12e1bfb53
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsNameservers_CL.json
@@ -0,0 +1,7 @@
+{ "Name": "Tailscale_DnsNameservers_CL",
+"Properties":[
+  { "Name": "TenantId", "Type": "string" },
+  { "Name": "SourceSystem", "Type": "string" },
+  { "Name": "TimeGenerated", "Type": "datetime" },
+  { "Name": "DnsServers", "Type": "dynamic" }
+]}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsPreferences_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsPreferences_CL.json
new file mode 100644
index 00000000000..009c486f5d0
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsPreferences_CL.json
@@ -0,0 +1,7 @@
+{ "Name": "Tailscale_DnsPreferences_CL",
+"Properties":[
+  { "Name": "TenantId", "Type": "string" },
+  { "Name": "SourceSystem", "Type": "string" },
+  { "Name": "TimeGenerated", "Type": "datetime" },
+  { "Name": "MagicDNS", "Type": "bool" }
+]}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsSearchPaths_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsSearchPaths_CL.json
new file mode 100644
index 00000000000..002a4e73cca
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsSearchPaths_CL.json
@@ -0,0 +1,7 @@
+{ "Name": "Tailscale_DnsSearchPaths_CL",
+"Properties":[
+  { "Name": "TenantId", "Type": "string" },
+  { "Name": "SourceSystem", "Type": "string" },
+  { "Name": "TimeGenerated", "Type": "datetime" },
+  { "Name": "SearchPaths", "Type": "dynamic" }
+]}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Keys_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Keys_CL.json
new file mode 100644
index 00000000000..29cd0280364
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Keys_CL.json
@@ -0,0 +1,53 @@
+{
+  "Name": "Tailscale_Keys_CL",
+  "Properties": [
+    {
+      "Name": "TenantId",
+      "Type": "string"
+    },
+    {
+      "Name": "SourceSystem",
+      "Type": "string"
+    },
+    {
+      "Name": "TimeGenerated",
+      "Type": "datetime"
+    },
+    {
+      "Name": "KeyId",
+      "Type": "string"
+    },
+    {
+      "Name": "Description",
+      "Type": "string"
+    },
+    {
+      "Name": "UserId",
+      "Type": "string"
+    },
+    {
+      "Name": "Created",
+      "Type": "datetime"
+    },
+    {
+      "Name": "Expires",
+      "Type": "datetime"
+    },
+    {
+      "Name": "Revoked",
+      "Type": "datetime"
+    },
+    {
+      "Name": "Capabilities",
+      "Type": "dynamic"
+    },
+    {
+      "Name": "KeyType",
+      "Type": "string"
+    },
+    {
+      "Name": "ExpirySeconds",
+      "Type": "int"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Settings_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Settings_CL.json
new file mode 100644
index 00000000000..cc53edf1a55
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Settings_CL.json
@@ -0,0 +1,14 @@
+{ "Name": "Tailscale_Settings_CL",
+"Properties":[
+  { "Name": "TenantId", "Type": "string" },
+  { "Name": "SourceSystem", "Type": "string" },
+  { "Name": "TimeGenerated", "Type": "datetime" },
+  { "Name": "DevicesApprovalOn", "Type": "bool" },
+  { "Name": "DevicesAutoUpdatesOn", "Type": "bool" },
+  { "Name": "DevicesKeyDurationDays", "Type": "int" },
+  { "Name": "UsersApprovalOn", "Type": "bool" },
+  { "Name": "UsersRoleAllowedToJoinExternalTailnets", "Type": "string" },
+  { "Name": "NetworkFlowLoggingOn", "Type": "bool" },
+  { "Name": "RegionalRoutingOn", "Type": "bool" },
+  { "Name": "PostureIdentityCollectionOn", "Type": "bool" }
+]}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Users_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Users_CL.json
new file mode 100644
index 00000000000..ed74a89c266
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Users_CL.json
@@ -0,0 +1,18 @@
+{ "Name": "Tailscale_Users_CL",
+"Properties":[
+  { "Name": "TenantId", "Type": "string" },
+  { "Name": "SourceSystem", "Type": "string" },
+  { "Name": "TimeGenerated", "Type": "datetime" },
+  { "Name": "UserId", "Type": "string" },
+  { "Name": "DisplayName", "Type": "string" },
+  { "Name": "LoginName", "Type": "string" },
+  { "Name": "TailnetId", "Type": "string" },
+  { "Name": "UserType", "Type": "string" },
+  { "Name": "Role", "Type": "string" },
+  { "Name": "Status", "Type": "string" },
+  { "Name": "DeviceCount", "Type": "int" },
+  { "Name": "Created", "Type": "datetime" },
+  { "Name": "LastSeen", "Type": "datetime" },
+  { "Name": "CurrentlyConnected", "Type": "bool" },
+  { "Name": "ProfilePicUrl", "Type": "string" }
+]}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Webhooks_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Webhooks_CL.json
new file mode 100644
index 00000000000..422a80a7134
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Webhooks_CL.json
@@ -0,0 +1,13 @@
+{ "Name": "Tailscale_Webhooks_CL",
+"Properties":[
+  { "Name": "TenantId", "Type": "string" },
+  { "Name": "SourceSystem", "Type": "string" },
+  { "Name": "TimeGenerated", "Type": "datetime" },
+  { "Name": "EndpointId", "Type": "string" },
+  { "Name": "EndpointUrl", "Type": "string" },
+  { "Name": "ProviderType", "Type": "string" },
+  { "Name": "CreatorLoginName", "Type": "string" },
+  { "Name": "Created", "Type": "datetime" },
+  { "Name": "LastModified", "Type": "datetime" },
+  { "Name": "Subscriptions", "Type": "dynamic" }
+]}
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceAdvertisingSubnetRoutes.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceAdvertisingSubnetRoutes.yaml
new file mode 100644
index 00000000000..38acd1b2068
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceAdvertisingSubnetRoutes.yaml	
@@ -0,0 +1,54 @@
+id: c2b3d4e5-2345-6789-01ab-cdef12345002
+name: "Tailscale: Device started advertising subnet routes"
+description: |
+  A tailnet device began advertising subnet routes (subnet-router capability) that it was not advertising in the previous snapshot. Subnet routers expose adjacent networks to the tailnet; unexpected advertisement can indicate a compromised node trying to expand reachable surface area or an unsanctioned admin change.
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Devices_CL
+queryFrequency: 1h
+queryPeriod: 1d
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - LateralMovement
+  - Persistence
+relevantTechniques:
+  - T1021
+  - T1556
+query: |
+  let recent =
+      Tailscale_Devices_CL
+      | where TimeGenerated > ago(1h)
+      | summarize arg_max(TimeGenerated, *) by DeviceId
+      | where array_length(AdvertisedRoutes) > 0;
+  let baseline =
+      Tailscale_Devices_CL
+      | where TimeGenerated between (ago(1d + 1h) .. ago(1h))
+      | summarize arg_max(TimeGenerated, *) by DeviceId
+      | where array_length(AdvertisedRoutes) > 0
+      | distinct DeviceId;
+  recent
+  | join kind=leftanti baseline on DeviceId
+  | project TimeGenerated, DeviceId, DeviceName, Hostname, User, AdvertisedRoutes, EnabledRoutes, LastSeen
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: Hostname
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: User
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceKeyExpiringSoon.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceKeyExpiringSoon.yaml
new file mode 100644
index 00000000000..0babe6a9790
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceKeyExpiringSoon.yaml	
@@ -0,0 +1,46 @@
+id: b1a2c3d4-1234-5678-90ab-cdef12345001
+name: "Tailscale: Device key expiring within 7 days"
+description: |
+  A tailnet device's machine key expires within the next 7 days and key expiry is not disabled. Expired keys force device re-authentication; surface this proactively so it can be renewed in a planned window rather than during an outage.
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Devices_CL
+queryFrequency: 6h
+queryPeriod: 6h
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - InitialAccess
+relevantTechniques:
+  - T1078
+query: |
+  Tailscale_Devices_CL
+  | where TimeGenerated > ago(6h)
+  | summarize arg_max(TimeGenerated, *) by DeviceId
+  | where KeyExpiryDisabled == false
+  | where isnotnull(Expires)
+  | where Expires between (now() .. now() + 7d)
+  | extend DaysToExpiry = datetime_diff('day', Expires, now())
+  | project TimeGenerated, DeviceName, Hostname, User, Os, DaysToExpiry, Expires, LastSeen
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: Hostname
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: User
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDnsNameserversModified.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDnsNameserversModified.yaml
new file mode 100644
index 00000000000..9ad0bc8b2f6
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDnsNameserversModified.yaml	
@@ -0,0 +1,46 @@
+id: c5d6e7f8-2345-6789-01ab-cdef12345011
+name: "Tailscale: DNS nameservers modified"
+description: |
+  The tailnet's global DNS nameserver list was modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device on the tailnet that uses MagicDNS resolution. Captured via the audit log which records every change with the full before/after document and actor attribution.
+severity: High
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Audit_CL
+queryFrequency: 15m
+queryPeriod: 15m
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - DefenseEvasion
+  - CommandAndControl
+relevantTechniques:
+  - T1556
+  - T1568
+query: |
+  Tailscale_Audit_CL
+  | where Action == "UPDATE"
+  | where tostring(Target.type) == "TAILNET"
+  | where tostring(Target.property) == "DNS_NAMESERVERS"
+  | extend ActorLogin = tostring(Actor.loginName)
+  | extend OldServers = Old.dns
+  | extend NewServers = New.dns
+  | extend Added = set_difference(NewServers, OldServers)
+  | extend Removed = set_difference(OldServers, NewServers)
+  | project TimeGenerated, ActorLogin, OldServers, NewServers, Added, Removed, Origin
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMagicDnsDisabled.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMagicDnsDisabled.yaml
new file mode 100644
index 00000000000..c8a497c18df
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMagicDnsDisabled.yaml	
@@ -0,0 +1,43 @@
+id: f8a9b0c1-4567-8901-23ab-cdef12345020
+name: "Tailscale: MagicDNS disabled"
+description: |
+  MagicDNS was turned off on the tailnet. MagicDNS provides automatic hostname resolution between tailnet devices; disabling it changes DNS behaviour for every device and is occasionally a precursor to a wider DNS hijacking attempt (e.g. attacker disables MagicDNS, then changes DNS nameservers to attacker-controlled resolvers). Disabling is a legitimate but unusual admin action - verify the change was intentional.
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Audit_CL
+queryFrequency: 15m
+queryPeriod: 15m
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - DefenseEvasion
+relevantTechniques:
+  - T1556
+query: |
+  Tailscale_Audit_CL
+  | where Action == "UPDATE"
+  | where tostring(Target.type) == "TAILNET"
+  | where tostring(Target.property) == "MAGICDNS_PREFERENCES"
+  | extend ActorLogin = tostring(Actor.loginName)
+  | extend OldMagicDns = tobool(Old.magicDNS)
+  | extend NewMagicDns = tobool(New.magicDNS)
+  | where OldMagicDns == true and NewMagicDns == false
+  | project TimeGenerated, ActorLogin, OldMagicDns, NewMagicDns, Origin
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml
index a2dfe0be0eb..4a3f450b5f1 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml	
@@ -19,10 +19,11 @@ relevantTechniques:
   - T1556
 query: |
   Tailscale_Audit_CL
-        | where Action in ("UPDATE", "CREATE")
-        | where tostring(Target.type) == "ACL"
-        | extend ActorLogin = tostring(Actor.loginName)
-        | project TimeGenerated, ActorLogin, Action, Target, Origin, Old, New
+  | where Action == "UPDATE"
+  | where tostring(Target.type) == "TAILNET"
+  | where tostring(Target.property) == "ACL"
+  | extend ActorLogin = tostring(Actor.loginName)
+  | project TimeGenerated, ActorLogin, Action, Target, Origin, Old, New
 entityMappings:
   - entityType: Account
     fieldMappings:
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleSplitDnsModified.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleSplitDnsModified.yaml
new file mode 100644
index 00000000000..ace173aa676
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleSplitDnsModified.yaml	
@@ -0,0 +1,46 @@
+id: b4c5d6e7-1234-5678-90ab-cdef12345010
+name: "Tailscale: Split-DNS configuration modified"
+description: |
+  The tailnet split-DNS configuration was modified. Split-DNS overrides per-domain DNS resolution within the tailnet - if an attacker adds a new domain mapping or changes the resolver IP for an existing domain, they can hijack DNS for that domain (e.g., point `*.bank.example` at an attacker-controlled resolver). Captured via the audit log which records every change with the full before/after document and actor attribution.
+severity: High
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Audit_CL
+queryFrequency: 15m
+queryPeriod: 15m
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - DefenseEvasion
+  - CommandAndControl
+relevantTechniques:
+  - T1556
+  - T1568
+query: |
+  Tailscale_Audit_CL
+  | where Action == "UPDATE"
+  | where tostring(Target.type) == "TAILNET"
+  | where tostring(Target.property) == "DNS_SPLIT_DNS"
+  | extend ActorLogin = tostring(Actor.loginName)
+  | extend OldDomains = bag_keys(Old)
+  | extend NewDomains = bag_keys(New)
+  | extend AddedDomains = set_difference(NewDomains, OldDomains)
+  | extend RemovedDomains = set_difference(OldDomains, NewDomains)
+  | project TimeGenerated, ActorLogin, AddedDomains, RemovedDomains, Old, New, Origin
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUserRoleElevated.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUserRoleElevated.yaml
new file mode 100644
index 00000000000..f2642cadb7d
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUserRoleElevated.yaml	
@@ -0,0 +1,53 @@
+id: d3c4e5f6-3456-7890-12ab-cdef12345003
+name: "Tailscale: User role elevated to admin or owner"
+description: |
+  A user's tailnet role changed from a lower-privilege role (member / billing-admin / IT admin) to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review.
+severity: High
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Users_CL
+queryFrequency: 1h
+queryPeriod: 2d
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - PrivilegeEscalation
+  - Persistence
+relevantTechniques:
+  - T1078
+  - T1098
+query: |
+  let elevated = dynamic(["admin", "network-admin", "owner"]);
+  let recent =
+      Tailscale_Users_CL
+      | where TimeGenerated > ago(1h)
+      | summarize arg_max(TimeGenerated, *) by UserId
+      | where Role in (elevated)
+      | project UserId, LoginName, RoleNow = Role;
+  let prior =
+      Tailscale_Users_CL
+      | where TimeGenerated between (ago(2d) .. ago(1h))
+      | summarize arg_max(TimeGenerated, *) by UserId
+      | project UserId, RolePrior = Role;
+  recent
+  | join kind=inner prior on UserId
+  | where RoleNow != RolePrior
+  | where RolePrior !in (elevated)
+  | project TimeGenerated = now(), UserId, LoginName, RolePrior, RoleNow
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: LoginName
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json
index 0d5ccd997d7..86372669012 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json	
@@ -8,32 +8,112 @@
       "title": "Tailscale Standard (CCF)",
       "publisher": "Custom",
       "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-      "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration` endpoint) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Personal (Free) and Standard tier tailnets.** For Premium and Enterprise tailnets that also need network flow logs, install **Tailscale Premium (CCF)** instead.",
+      "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Personal (Free) and Standard** tier tailnets. Polls nine endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events (includes ACL, DNS, tag/group, settings changes)\n- `/devices` - device inventory (hostname, OS, IPs, tags, lastSeen, expiry)\n- `/users` - user inventory (role, status, deviceCount, connection state)\n- `/keys?all=true` - auth keys, API tokens, and OAuth client metadata\n- `/webhooks` - webhook configuration\n- `/dns/nameservers` - DNS resolver snapshot\n- `/dns/preferences` - MagicDNS toggle state\n- `/dns/searchpaths` - DNS search paths\n- `/settings` - tailnet settings flags (device approval, key duration, etc.)\n\nSplit-DNS state (per-domain DNS overrides) is captured via the audit log rather than a separate snapshot table - every change is recorded with the full before/after document and actor attribution, which is richer than a periodic snapshot.\n\n**OAuth scopes required on the Tailscale client:** `logs:configuration:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`). For Premium and Enterprise tailnets that also need network flow logs and posture integrations, install **Tailscale Premium (CCF)** instead.",
       "graphQueries": [
         {
-          "metricName": "Total config events",
+          "metricName": "Audit events",
           "legend": "Tailscale_Audit_CL",
           "baseQuery": "Tailscale_Audit_CL"
+        },
+        {
+          "metricName": "Device snapshots",
+          "legend": "Tailscale_Devices_CL",
+          "baseQuery": "Tailscale_Devices_CL"
+        },
+        {
+          "metricName": "User snapshots",
+          "legend": "Tailscale_Users_CL",
+          "baseQuery": "Tailscale_Users_CL"
+        },
+        {
+          "metricName": "Auth keys",
+          "legend": "Tailscale_Keys_CL",
+          "baseQuery": "Tailscale_Keys_CL"
+        },
+        {
+          "metricName": "Webhooks",
+          "legend": "Tailscale_Webhooks_CL",
+          "baseQuery": "Tailscale_Webhooks_CL"
+        },
+        {
+          "metricName": "DNS nameservers",
+          "legend": "Tailscale_DnsNameservers_CL",
+          "baseQuery": "Tailscale_DnsNameservers_CL"
+        },
+        {
+          "metricName": "Tailnet settings",
+          "legend": "Tailscale_Settings_CL",
+          "baseQuery": "Tailscale_Settings_CL"
+        },
+        {
+          "metricName": "DNS preferences",
+          "legend": "Tailscale_DnsPreferences_CL",
+          "baseQuery": "Tailscale_DnsPreferences_CL"
+        },
+        {
+          "metricName": "DNS search paths",
+          "legend": "Tailscale_DnsSearchPaths_CL",
+          "baseQuery": "Tailscale_DnsSearchPaths_CL"
         }
       ],
       "dataTypes": [
         {
           "name": "Tailscale_Audit_CL",
           "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
+        },
+        {
+          "name": "Tailscale_Devices_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Devices_CL')]"
+        },
+        {
+          "name": "Tailscale_Users_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Users_CL')]"
+        },
+        {
+          "name": "Tailscale_Keys_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Keys_CL')]"
+        },
+        {
+          "name": "Tailscale_Webhooks_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Webhooks_CL')]"
+        },
+        {
+          "name": "Tailscale_DnsNameservers_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsNameservers_CL')]"
+        },
+        {
+          "name": "Tailscale_Settings_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Settings_CL')]"
+        },
+        {
+          "name": "Tailscale_DnsPreferences_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsPreferences_CL')]"
+        },
+        {
+          "name": "Tailscale_DnsSearchPaths_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsSearchPaths_CL')]"
         }
       ],
       "sampleQueries": [
         {
-          "description": "Recent Tailscale configuration audit events",
+          "description": "Recent audit events",
           "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
         },
         {
-          "description": "ACL policy file modifications",
-          "query": "Tailscale_Audit_CL\n| where Action == 'WRITE' and Target startswith 'acl/'\n| project TimeGenerated, Actor, Action, Target"
+          "description": "Current device inventory (latest snapshot per device)",
+          "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| project DeviceName, User, Os, ClientVersion, LastSeen, Expires, Tags"
+        },
+        {
+          "description": "Users by role",
+          "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Users = count() by Role"
+        },
+        {
+          "description": "Auth keys without an expiry",
+          "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Expires) or Expires == datetime(null)"
         },
         {
-          "description": "New API tokens and OAuth clients created",
-          "query": "Tailscale_Audit_CL\n| where Action == 'CREATE' and (Target startswith 'apikey/' or Target startswith 'oauth-client/')\n| project TimeGenerated, Actor, Target"
+          "description": "Tailnet device-approval status",
+          "query": "Tailscale_Settings_CL\n| sort by TimeGenerated desc\n| take 1\n| project DevicesApprovalOn, DevicesAutoUpdatesOn, UsersApprovalOn"
         }
       ],
       "connectivityCriteria": [
@@ -63,7 +143,7 @@
       "instructionSteps": [
         {
           "title": "Connect Tailscale",
-          "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** scope. Find your tailnet name on the Keys page.",
+          "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with these **Read** scopes: Logs > Configuration, General > DNS, General > Users, Devices > Core, Keys > Auth Keys, Keys > Webhooks, Settings > Feature Settings (or tick `all:read` to grant all read scopes at once). Find your tailnet name on the Keys page.",
           "instructions": [
             {
               "type": "Textbox",
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json
index 711eba9f9c2..9d64929fff7 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json	
@@ -41,6 +41,278 @@
             "type": "dynamic"
           }
         ]
+      },
+      "Custom-Tailscale_Devices_CL": {
+        "columns": [
+          {
+            "name": "id",
+            "type": "string"
+          },
+          {
+            "name": "name",
+            "type": "string"
+          },
+          {
+            "name": "hostname",
+            "type": "string"
+          },
+          {
+            "name": "user",
+            "type": "string"
+          },
+          {
+            "name": "os",
+            "type": "string"
+          },
+          {
+            "name": "clientVersion",
+            "type": "string"
+          },
+          {
+            "name": "updateAvailable",
+            "type": "boolean"
+          },
+          {
+            "name": "authorized",
+            "type": "boolean"
+          },
+          {
+            "name": "isExternal",
+            "type": "boolean"
+          },
+          {
+            "name": "created",
+            "type": "datetime"
+          },
+          {
+            "name": "lastSeen",
+            "type": "datetime"
+          },
+          {
+            "name": "expires",
+            "type": "datetime"
+          },
+          {
+            "name": "keyExpiryDisabled",
+            "type": "boolean"
+          },
+          {
+            "name": "blocksIncomingConnections",
+            "type": "boolean"
+          },
+          {
+            "name": "addresses",
+            "type": "dynamic"
+          },
+          {
+            "name": "tags",
+            "type": "dynamic"
+          },
+          {
+            "name": "enabledRoutes",
+            "type": "dynamic"
+          },
+          {
+            "name": "advertisedRoutes",
+            "type": "dynamic"
+          },
+          {
+            "name": "clientConnectivity",
+            "type": "dynamic"
+          },
+          {
+            "name": "machineKey",
+            "type": "string"
+          },
+          {
+            "name": "nodeKey",
+            "type": "string"
+          }
+        ]
+      },
+      "Custom-Tailscale_Users_CL": {
+        "columns": [
+          {
+            "name": "id",
+            "type": "string"
+          },
+          {
+            "name": "displayName",
+            "type": "string"
+          },
+          {
+            "name": "loginName",
+            "type": "string"
+          },
+          {
+            "name": "tailnetId",
+            "type": "string"
+          },
+          {
+            "name": "type",
+            "type": "string"
+          },
+          {
+            "name": "role",
+            "type": "string"
+          },
+          {
+            "name": "status",
+            "type": "string"
+          },
+          {
+            "name": "deviceCount",
+            "type": "int"
+          },
+          {
+            "name": "created",
+            "type": "datetime"
+          },
+          {
+            "name": "lastSeen",
+            "type": "datetime"
+          },
+          {
+            "name": "currentlyConnected",
+            "type": "boolean"
+          },
+          {
+            "name": "profilePicUrl",
+            "type": "string"
+          }
+        ]
+      },
+      "Custom-Tailscale_Keys_CL": {
+        "columns": [
+          {
+            "name": "id",
+            "type": "string"
+          },
+          {
+            "name": "description",
+            "type": "string"
+          },
+          {
+            "name": "userId",
+            "type": "string"
+          },
+          {
+            "name": "created",
+            "type": "datetime"
+          },
+          {
+            "name": "expires",
+            "type": "datetime"
+          },
+          {
+            "name": "revoked",
+            "type": "datetime"
+          },
+          {
+            "name": "capabilities",
+            "type": "dynamic"
+          },
+          {
+            "name": "keyType",
+            "type": "string"
+          },
+          {
+            "name": "expirySeconds",
+            "type": "int"
+          }
+        ]
+      },
+      "Custom-Tailscale_Webhooks_CL": {
+        "columns": [
+          {
+            "name": "endpointId",
+            "type": "string"
+          },
+          {
+            "name": "endpointUrl",
+            "type": "string"
+          },
+          {
+            "name": "providerType",
+            "type": "string"
+          },
+          {
+            "name": "creatorLoginName",
+            "type": "string"
+          },
+          {
+            "name": "created",
+            "type": "datetime"
+          },
+          {
+            "name": "lastModified",
+            "type": "datetime"
+          },
+          {
+            "name": "subscriptions",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "Custom-Tailscale_DnsNameservers_CL": {
+        "columns": [
+          {
+            "name": "dns",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "Custom-Tailscale_Settings_CL": {
+        "columns": [
+          {
+            "name": "devicesApprovalOn",
+            "type": "boolean"
+          },
+          {
+            "name": "devicesAutoUpdatesOn",
+            "type": "boolean"
+          },
+          {
+            "name": "devicesKeyDurationDays",
+            "type": "int"
+          },
+          {
+            "name": "usersApprovalOn",
+            "type": "boolean"
+          },
+          {
+            "name": "usersRoleAllowedToJoinExternalTailnets",
+            "type": "string"
+          },
+          {
+            "name": "networkFlowLoggingOn",
+            "type": "boolean"
+          },
+          {
+            "name": "regionalRoutingOn",
+            "type": "boolean"
+          },
+          {
+            "name": "postureIdentityCollectionOn",
+            "type": "boolean"
+          }
+        ]
+      },
+      "Custom-Tailscale_DnsPreferences_CL": {
+        "columns": [
+          {
+            "name": "magicDNS",
+            "type": "boolean"
+          }
+        ]
+      },
+      "Custom-Tailscale_DnsSearchPaths_CL": {
+        "columns": [
+          {
+            "name": "searchPaths",
+            "type": "dynamic"
+          }
+        ]
       }
     },
     "destinations": {
@@ -59,8 +331,88 @@
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "          source\n          | extend TimeGenerated = eventTime\n          | extend EventTime = eventTime\n          | extend EventGroupID = eventGroupID\n          | extend Actor = actor\n          | extend Action = action\n          | extend Target = target\n          | extend Origin = origin\n          | extend New = new\n          | extend Old = old\n          | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old\n        ",
+        "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
         "outputStream": "Custom-Tailscale_Audit_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_Devices_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend DeviceId = id | extend DeviceName = name | extend Hostname = hostname | extend User = user | extend Os = os | extend ClientVersion = clientVersion | extend UpdateAvailable = updateAvailable | extend Authorized = authorized | extend IsExternal = isExternal | extend Created = created | extend LastSeen = lastSeen | extend Expires = expires | extend KeyExpiryDisabled = keyExpiryDisabled | extend BlocksIncomingConnections = blocksIncomingConnections | extend Addresses = addresses | extend Tags = tags | extend EnabledRoutes = enabledRoutes | extend AdvertisedRoutes = advertisedRoutes | extend ClientConnectivity = clientConnectivity | extend MachineKey = machineKey | extend NodeKey = nodeKey | project TimeGenerated, DeviceId, DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, Created, LastSeen, Expires, KeyExpiryDisabled, BlocksIncomingConnections, Addresses, Tags, EnabledRoutes, AdvertisedRoutes, ClientConnectivity, MachineKey, NodeKey",
+        "outputStream": "Custom-Tailscale_Devices_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_Users_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend UserId = id | extend DisplayName = displayName | extend LoginName = loginName | extend TailnetId = tailnetId | extend UserType = type | extend Role = role | extend Status = status | extend DeviceCount = deviceCount | extend Created = created | extend LastSeen = lastSeen | extend CurrentlyConnected = currentlyConnected | extend ProfilePicUrl = profilePicUrl | project TimeGenerated, UserId, DisplayName, LoginName, TailnetId, UserType, Role, Status, DeviceCount, Created, LastSeen, CurrentlyConnected, ProfilePicUrl",
+        "outputStream": "Custom-Tailscale_Users_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_Keys_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend KeyId = id | extend Description = description | extend UserId = userId | extend Created = created | extend Expires = expires | extend Revoked = revoked | extend Capabilities = capabilities | extend KeyType = keyType | extend ExpirySeconds = expirySeconds | project TimeGenerated, KeyId, Description, UserId, Created, Expires, Revoked, Capabilities, KeyType, ExpirySeconds",
+        "outputStream": "Custom-Tailscale_Keys_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_Webhooks_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend EndpointId = endpointId | extend EndpointUrl = endpointUrl | extend ProviderType = providerType | extend CreatorLoginName = creatorLoginName | extend Created = created | extend LastModified = lastModified | extend Subscriptions = subscriptions | project TimeGenerated, EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions",
+        "outputStream": "Custom-Tailscale_Webhooks_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_DnsNameservers_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend DnsServers = dns | project TimeGenerated, DnsServers",
+        "outputStream": "Custom-Tailscale_DnsNameservers_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_Settings_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend DevicesApprovalOn = devicesApprovalOn | extend DevicesAutoUpdatesOn = devicesAutoUpdatesOn | extend DevicesKeyDurationDays = devicesKeyDurationDays | extend UsersApprovalOn = usersApprovalOn | extend UsersRoleAllowedToJoinExternalTailnets = usersRoleAllowedToJoinExternalTailnets | extend NetworkFlowLoggingOn = networkFlowLoggingOn | extend RegionalRoutingOn = regionalRoutingOn | extend PostureIdentityCollectionOn = postureIdentityCollectionOn | project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn",
+        "outputStream": "Custom-Tailscale_Settings_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_DnsPreferences_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend MagicDNS = magicDNS | project TimeGenerated, MagicDNS",
+        "outputStream": "Custom-Tailscale_DnsPreferences_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_DnsSearchPaths_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend SearchPaths = searchPaths | project TimeGenerated, SearchPaths",
+        "outputStream": "Custom-Tailscale_DnsSearchPaths_CL"
       }
     ]
   }
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json
index afab3f33a55..9cad1df327e 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json	
@@ -1,6 +1,6 @@
 [
   {
-    "name": "TailscaleConfigPoller",
+    "name": "TailscaleConfigAuditPoller",
     "apiVersion": "2023-02-01-preview",
     "type": "Microsoft.SecurityInsights/dataConnectors",
     "kind": "RestApiPoller",
@@ -43,5 +43,341 @@
       },
       "isActive": true
     }
+  },
+  {
+    "name": "TailscaleDevicesPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscaleCCF",
+      "dataType": "Tailscale_Devices_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Devices_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/devices')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$.devices"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscaleUsersPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscaleCCF",
+      "dataType": "Tailscale_Users_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Users_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/users')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$.users"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscaleKeysPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscaleCCF",
+      "dataType": "Tailscale_Keys_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Keys_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/keys?all=true')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$.keys"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscaleWebhooksPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscaleCCF",
+      "dataType": "Tailscale_Webhooks_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Webhooks_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/webhooks')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$.webhooks"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscaleDnsNameserversPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscaleCCF",
+      "dataType": "Tailscale_DnsNameservers_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_DnsNameservers_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/dns/nameservers')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscaleSettingsPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscaleCCF",
+      "dataType": "Tailscale_Settings_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Settings_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/settings')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscaleDnsPreferencesPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscaleCCF",
+      "dataType": "Tailscale_DnsPreferences_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_DnsPreferences_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/dns/preferences')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscaleDnsSearchPathsPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscaleCCF",
+      "dataType": "Tailscale_DnsSearchPaths_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_DnsSearchPaths_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/dns/searchpaths')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$"
+        ]
+      },
+      "isActive": true
+    }
   }
-]
+]
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json
index 316e67e71ff..b18a2b3db3e 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json	
@@ -47,5 +47,381 @@
       },
       "retentionInDays": 90
     }
+  },
+  {
+    "name": "Tailscale_Devices_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Devices_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "DeviceId",
+            "type": "string"
+          },
+          {
+            "name": "DeviceName",
+            "type": "string"
+          },
+          {
+            "name": "Hostname",
+            "type": "string"
+          },
+          {
+            "name": "User",
+            "type": "string"
+          },
+          {
+            "name": "Os",
+            "type": "string"
+          },
+          {
+            "name": "ClientVersion",
+            "type": "string"
+          },
+          {
+            "name": "UpdateAvailable",
+            "type": "boolean"
+          },
+          {
+            "name": "Authorized",
+            "type": "boolean"
+          },
+          {
+            "name": "IsExternal",
+            "type": "boolean"
+          },
+          {
+            "name": "Created",
+            "type": "datetime"
+          },
+          {
+            "name": "LastSeen",
+            "type": "datetime"
+          },
+          {
+            "name": "Expires",
+            "type": "datetime"
+          },
+          {
+            "name": "KeyExpiryDisabled",
+            "type": "boolean"
+          },
+          {
+            "name": "BlocksIncomingConnections",
+            "type": "boolean"
+          },
+          {
+            "name": "Addresses",
+            "type": "dynamic"
+          },
+          {
+            "name": "Tags",
+            "type": "dynamic"
+          },
+          {
+            "name": "EnabledRoutes",
+            "type": "dynamic"
+          },
+          {
+            "name": "AdvertisedRoutes",
+            "type": "dynamic"
+          },
+          {
+            "name": "ClientConnectivity",
+            "type": "dynamic"
+          },
+          {
+            "name": "MachineKey",
+            "type": "string"
+          },
+          {
+            "name": "NodeKey",
+            "type": "string"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_Users_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Users_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "UserId",
+            "type": "string"
+          },
+          {
+            "name": "DisplayName",
+            "type": "string"
+          },
+          {
+            "name": "LoginName",
+            "type": "string"
+          },
+          {
+            "name": "TailnetId",
+            "type": "string"
+          },
+          {
+            "name": "UserType",
+            "type": "string"
+          },
+          {
+            "name": "Role",
+            "type": "string"
+          },
+          {
+            "name": "Status",
+            "type": "string"
+          },
+          {
+            "name": "DeviceCount",
+            "type": "int"
+          },
+          {
+            "name": "Created",
+            "type": "datetime"
+          },
+          {
+            "name": "LastSeen",
+            "type": "datetime"
+          },
+          {
+            "name": "CurrentlyConnected",
+            "type": "boolean"
+          },
+          {
+            "name": "ProfilePicUrl",
+            "type": "string"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_Keys_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Keys_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "KeyId",
+            "type": "string"
+          },
+          {
+            "name": "Description",
+            "type": "string"
+          },
+          {
+            "name": "UserId",
+            "type": "string"
+          },
+          {
+            "name": "Created",
+            "type": "datetime"
+          },
+          {
+            "name": "Expires",
+            "type": "datetime"
+          },
+          {
+            "name": "Revoked",
+            "type": "datetime"
+          },
+          {
+            "name": "Capabilities",
+            "type": "dynamic"
+          },
+          {
+            "name": "KeyType",
+            "type": "string"
+          },
+          {
+            "name": "ExpirySeconds",
+            "type": "int"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_Webhooks_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Webhooks_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "EndpointId",
+            "type": "string"
+          },
+          {
+            "name": "EndpointUrl",
+            "type": "string"
+          },
+          {
+            "name": "ProviderType",
+            "type": "string"
+          },
+          {
+            "name": "CreatorLoginName",
+            "type": "string"
+          },
+          {
+            "name": "Created",
+            "type": "datetime"
+          },
+          {
+            "name": "LastModified",
+            "type": "datetime"
+          },
+          {
+            "name": "Subscriptions",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_DnsNameservers_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_DnsNameservers_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "DnsServers",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_Settings_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Settings_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "DevicesApprovalOn",
+            "type": "boolean"
+          },
+          {
+            "name": "DevicesAutoUpdatesOn",
+            "type": "boolean"
+          },
+          {
+            "name": "DevicesKeyDurationDays",
+            "type": "int"
+          },
+          {
+            "name": "UsersApprovalOn",
+            "type": "boolean"
+          },
+          {
+            "name": "UsersRoleAllowedToJoinExternalTailnets",
+            "type": "string"
+          },
+          {
+            "name": "NetworkFlowLoggingOn",
+            "type": "boolean"
+          },
+          {
+            "name": "RegionalRoutingOn",
+            "type": "boolean"
+          },
+          {
+            "name": "PostureIdentityCollectionOn",
+            "type": "boolean"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_DnsPreferences_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_DnsPreferences_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "MagicDNS",
+            "type": "boolean"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_DnsSearchPaths_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_DnsSearchPaths_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "SearchPaths",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
   }
 ]
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
index 5707ce2a734..852a27bfba7 100644
--- a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -2,7 +2,7 @@
   "Name": "Tailscale (CCF)",
   "Author": "noodlemctwoodle",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** — Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** — Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)",
+  "Description": "The [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** - Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Tailscale (CCF)",
   "Version": "3.0.3",
   "TemplateSpec": true,
@@ -17,6 +17,12 @@
     "Analytic Rules/TailscaleAuthkeycreated.yaml",
     "Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml",
     "Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml",
+    "Analytic Rules/TailscaleDeviceKeyExpiringSoon.yaml",
+    "Analytic Rules/TailscaleDeviceAdvertisingSubnetRoutes.yaml",
+    "Analytic Rules/TailscaleUserRoleElevated.yaml",
+    "Analytic Rules/TailscaleSplitDnsModified.yaml",
+    "Analytic Rules/TailscaleDnsNameserversModified.yaml",
+    "Analytic Rules/TailscaleMagicDnsDisabled.yaml",
     "Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml",
     "Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml",
     "Analytic Rules/TailscalePremiumBeaconingDetected.yaml",
@@ -28,6 +34,10 @@
     "Hunting Queries/TailscaleACLPolicyChurn.yaml",
     "Hunting Queries/TailscaleOffHoursConfigChanges.yaml",
     "Hunting Queries/TailscaleAuthKeySprawl.yaml",
+    "Hunting Queries/TailscaleDormantDevices.yaml",
+    "Hunting Queries/TailscaleAuthKeysNoExpiry.yaml",
+    "Hunting Queries/TailscaleOrphanedUsers.yaml",
+    "Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml",
     "Hunting Queries/TailscalePremiumNewNodePairs.yaml",
     "Hunting Queries/TailscalePremiumTopTalkers.yaml",
     "Hunting Queries/TailscalePremiumExitNodeUsage.yaml",
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml
index 6eb5ddf8f93..ea7e7885a30 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml	
@@ -16,8 +16,9 @@ query: |
   let bucket = 30m;
   let churnThreshold = 3;
   Tailscale_Audit_CL
-  | where Action == "WRITE"
-  | where tostring(Target.type) == "ACL"
+  | where Action == "UPDATE"
+  | where tostring(Target.type) == "TAILNET"
+  | where tostring(Target.property) == "ACL"
   | extend ActorLogin = tostring(Actor.loginName)
   | summarize EditCount = count(), Editors = make_set(ActorLogin), FirstEdit = min(TimeGenerated), LastEdit = max(TimeGenerated)
       by bin(TimeGenerated, bucket)
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeysNoExpiry.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeysNoExpiry.yaml
new file mode 100644
index 00000000000..0bae1501be2
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeysNoExpiry.yaml	
@@ -0,0 +1,22 @@
+id: f5e6a7b8-5678-9012-34ab-cdef12345005
+name: "Tailscale: Auth keys with no expiry"
+description: |
+  Identifies tailnet auth keys that have no expiry timestamp set. Non-expiring keys grant unattended enrollment in perpetuity and should be rotated or replaced with ephemeral, time-bounded keys.
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Keys_CL
+tactics:
+  - Persistence
+  - CredentialAccess
+relevantTechniques:
+  - T1098
+  - T1136
+query: |
+  Tailscale_Keys_CL
+  | summarize arg_max(TimeGenerated, *) by KeyId
+  | where isnull(Revoked) or Revoked == datetime(null)
+  | where isnull(Expires) or Expires == datetime(null)
+  | project KeyId, Description, UserId, Created, Capabilities
+  | order by Created asc
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDormantDevices.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDormantDevices.yaml
new file mode 100644
index 00000000000..c510a59837b
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDormantDevices.yaml	
@@ -0,0 +1,25 @@
+id: e4d5f6a7-4567-8901-23ab-cdef12345004
+name: "Tailscale: Devices not seen in 30+ days"
+description: |
+  Lists tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation.
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Devices_CL
+tactics:
+  - Discovery
+relevantTechniques:
+  - T1078
+query: |
+  Tailscale_Devices_CL
+  | summarize arg_max(TimeGenerated, *) by DeviceId
+  | where LastSeen < ago(30d)
+  | extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)
+  | project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, DaysSinceSeen, Tags, AdvertisedRoutes
+  | order by DaysSinceSeen desc
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: Hostname
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOrphanedUsers.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOrphanedUsers.yaml
new file mode 100644
index 00000000000..291ebd4b71e
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOrphanedUsers.yaml	
@@ -0,0 +1,25 @@
+id: a6f7b8c9-6789-0123-45ab-cdef12345006
+name: "Tailscale: Users with zero devices"
+description: |
+  Lists tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records.
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Users_CL
+tactics:
+  - InitialAccess
+relevantTechniques:
+  - T1078
+query: |
+  Tailscale_Users_CL
+  | summarize arg_max(TimeGenerated, *) by UserId
+  | where DeviceCount == 0
+  | where Status != "suspended"
+  | project LoginName, DisplayName, Role, Status, DeviceCount, Created, LastSeen
+  | order by LastSeen asc
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: LoginName
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml
new file mode 100644
index 00000000000..ff9112296c9
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml	
@@ -0,0 +1,42 @@
+id: e7f8a9b0-3456-7890-12ab-cdef12345012
+name: "Tailscale: Split-DNS per-domain change history"
+description: |
+  Reconstructs the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended.
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Audit_CL
+tactics:
+  - DefenseEvasion
+  - CommandAndControl
+relevantTechniques:
+  - T1556
+  - T1568
+query: |
+  Tailscale_Audit_CL
+  | where Action == "UPDATE"
+  | where tostring(Target.type) == "TAILNET"
+  | where tostring(Target.property) == "DNS_SPLIT_DNS"
+  | extend ActorLogin = tostring(Actor.loginName)
+  | extend OldKeys = bag_keys(Old), NewKeys = bag_keys(New)
+  | extend AllDomains = set_union(OldKeys, NewKeys)
+  | mv-expand Domain = AllDomains to typeof(string)
+  | extend OldResolvers = Old[Domain], NewResolvers = New[Domain]
+  | extend Change = case(
+      isnull(OldResolvers) and isnotnull(NewResolvers), "added",
+      isnotnull(OldResolvers) and isnull(NewResolvers), "removed",
+      tostring(OldResolvers) != tostring(NewResolvers), "resolvers-changed",
+      "unchanged")
+  | where Change != "unchanged"
+  | project TimeGenerated, ActorLogin, Domain, Change, OldResolvers, NewResolvers
+  | order by TimeGenerated desc
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+  - entityType: DNS
+    fieldMappings:
+      - identifier: DomainName
+        columnName: Domain
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/PREMIUM-ENDPOINTS.md b/Solutions/Tailscale (CCF)/PREMIUM-ENDPOINTS.md
new file mode 100644
index 00000000000..0e25abb8c0a
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/PREMIUM-ENDPOINTS.md	
@@ -0,0 +1,34 @@
+# Premium / Enterprise Tailscale endpoints
+
+Endpoints that gave 403 or are explicitly Premium-tier features. These are NOT polled by the **Tailscale Standard (CCF)** connector. They should be added to **Tailscale Premium (CCF)** when validating that connector against a real Premium tailnet.
+
+## Already in Premium connector
+
+- `/logging/network` -> `Tailscale_Network_CL` - network flow logs (Premium feature; scope `logs:network:read`)
+
+## Premium-only data sources to ADD to Premium connector
+
+| Endpoint | Scope | Yields | Notes |
+|---|---|---|---|
+| `/posture/integrations` | `feature_settings:read` | List of MDM/EDR integrations (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) configured for device posture enforcement | Endpoint returns 200 with empty list on Standard tier - only meaningful on Premium |
+
+## Tier-gated but uses scopes we already grant
+
+| Endpoint | Scope | Status | Notes |
+|---|---|---|---|
+| `/user-invites` | needs WRITE `users` scope | 403 with `users:read` | Tailscale requires write scope to read invites (PII concern). Audit log captures invite events (CREATE/UPDATE/DELETE on USER_INVITE targets) so we have visibility without granting elevated scope. |
+| `/acl` snapshot | `policy_file:read` | 403 with our scopes | Audit log captures full ACL document on every change (Old + New + Actor). Snapshot is redundant. |
+
+## Endpoints that 404'd on Tailscale's API (tier-independent)
+
+These paths appear in some references (e.g. third-party MCP servers) but Tailscale's actual API returns 404 - feature may have moved, been removed, or never existed at that path:
+
+- `/services`, `/services/*` - Tailscale Services (newer feature, may require enablement)
+- `/contacts` - tailnet contact info
+- `/status`, `/audit-logs`, `/log-streaming`, `/network-flow-logs`, `/nameservers` - alternate paths used by some clients
+
+If Tailscale ships these endpoints in future, add as needed.
+
+## Split-DNS coverage decision
+
+`/dns/split-dns` returns a dynamic-key object (`{"domain.example": ["resolver"]}`) that doesn't fit Sentinel CCP's strict-schema model. Covered via audit-log-based analytic rules and a hunting query instead - strictly richer than a periodic snapshot because we get the full Old + New diff + actor attribution on every change.
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.3.zip b/Solutions/Tailscale (CCF)/Package/3.0.3.zip
index af894ce06457b55cf96ac8d9b436e64c29b68756..8492bb673c4527b54a28b5a9829e4b5ecdabaf01 100644
GIT binary patch
literal 39222
zcmY(pW3XsV(4~27+qP}nwr$(CZJYPlwr%?!+n)P=J>5O?tD>T6t({pJQL*F6Qji7)
zK>+{&fB>jhuF<ih52#v02LMoX0|59p02n)&8oHROT8fyOS=w2;SlZjsSvlL=UF%*t
zVY8?G<d<`d?4(GB%1SxmkWZSGu{iM@X>BZMO_sFQr~tX)vl$i!!Ud4cWXi7aP4R8=
zO{{VXuy;{TriZZb=6xSQZ^T}@!_A&>@9*&go_$wKn`=buLOz-8rr((Gz~#q46^h1z
zTJa<KSJT8PDG%Rnzd5+DaLGwUJ4Z&}XNn%&f0D;LP_;ZQo-Hg%dA_e1JuPB>)Ata%
zvLbUSTU1t;GqsFnR^sP6E!BbzHaR!TVad+9bwcf>4MqX+YOQex_W1(=%uC1SO?JQY
z3&?lkAMb_Cc#$)pP9D_%7!l>jsMkH1V|Ff2E{@6l%A#>{WcxYq&_ts~E7E<}WU0W}
zS~ZuK7K$ElhVUm#FY8&U90_s6yZP8T9gV6BQKdtL60^_MdDkao=KDJDc)u0+xb6gF
zPWt@K{{21B(!UH2HXl8j7y#6vK!F=LM4|Nn_6uWRmC6iV=9F=;q6u1_g)Tiq{@BG-
zUC@yW*!<Z0{lWK`y<B@o(&HJMXLCLAyINC*UF!C>+a+2>?v9CVA$vc+KPVs5&&%cg
zd3vjMybAKhK-~x!1!gIz#?%TCqA?7*I~2<f1v}SS!HZ}|EFO&2y=up6KPn#@0;X8-
zB4m}%RTJl`0A~$(csWFETeA@<?#v?WwjgW33bAL4M>DC{>aA>;C&0W|0jzX(*%e$u
z@leqyXp_#62HeY4^K;ALkfDyo%+cd<-2NRHAU*&s5wn)*X@Dz%Te9@J8Y2u|fIvQA
z04_GPq}sZuRS|-hgM<6y3Iq;bJxAX&pIMLjG&hR}4+lpO$c&aX31z3NlKE61b5rp9
zsFBH&&V^roZSIE`v+o_gd^s=xs%74+Fz;`J2u|R#>f+=8&}@g*gFS$pTSYZglbHZp
zfKdy7KWIc)eF#hZ1;g?Y+Q81BYIYw6IAmV`LDjpKD|(eI_FMa6Ax(|zHtO$C7_ypi
z9|xVG*4wx)b4Xyb`^qI;odzQ;W4=j|OfTujE^s_;QZdh&rMGV5Awv~QK9U?B`qTu0
zDv>I3oxE%$MhkHwpyG$7=xoT?@Fq=~`*h}U6ffpL={$33t5pC88zg*NI;$O2CPVjJ
z5$%$QsuX`|J{H!AqjPzL2;vGWH1;z1HkcqefP<6sAeOr{OLB(;dN5F0CUVBkU=zTH
zF<@-`KI6rlbt^z&-aqvO1_zfnVtd=n-MRWI?qD`a+J-RpaExeg@s&TcToms2wKXHL
zfsuQ-ujS8Y^o(9Yal>h$NFY;7**=5*8z&83I)0z4b_JGhH=lH6)?}Hy?*Rc0&X3{E
z%=p*rd7=`{>f97+j(VgEQe1!j)V~sfoAXONRBe<#uJRuJl%ggqh$Sl{W6~aAn>Kcm
z+^bd%{7&DYD^;wa@8?8}+?)*e?jA>8MO}7N{Nkbp^i0#GtdUYrgE?K3V@$spFQ7H@
zPB&68ZD(ne1e1NIwX^$@w=mB_oV*4b*++*`$>pf=#+wF3Yi`Qd-8dJ`W9-K7W&4=v
z1YDB8L+`Q!KimIzQ;W(}slhT6>WK(huf|udHD#K~MEZoDiCAM<7RE3zp&0yJ{Y{k&
z9MSQlKr{HIUu%f)QJRZWQA1k}8(jDHAiuV9@;MQjNxs*Y6xXoT9cWjrR*lc{7k5iX
z)07oKYZWt+Se8xP-|s`1`DfMQtMQmzt!sYY-Nh<;NhuHWx>hkaJw{PI32d*c$k>t!
z6*HAV^AFlYU_K<ggfrwR`rspn>wZVDaA@UN&5nze%V-({>kpB6sO2Y=>y7#M?BX*x
zan`PZ2gh5(4p60wiyttVS(we{Zhl|Sg+aYK6#vnUQnB*Er!C|ayciSqu65y$E$B&n
zQHo^qSRW@J51$NNpA2054XoeQ&hEm&j(3|!mn}E5sNvIDBI^lp)BJUKYDPg(IXh8-
z3eiZWqNW2Qou{%u^Zrj(?pzHeGZzY)5~V`(npia&j24B%Eg0}=ZNg?(EK$&gerQ!f
z?^O?l$Ob&Z6}aKq-X+k_t^rH=SU5sHc0ap+K~vI|{@Ux`ZJPPf+kdga6#m!{AA<!G
zK9!CIZBd50uE(!;yuM!6@2>SEU+(r0&KrNNBHZY{hOP19P5ia@?_tMq>Bl*sp*3qu
z5wvbmvnqd<=wFRjl;(&(!A=3OoK8jTK@_kabNtMVM8edQoE!4k3AR}Z_qD~>wT|+7
zEQmvjulxFdbSh`iIiUU}H(ktrW`~)2;c6B#UKWJC)k0sTgQsK#!BU=DBszMbvo{3!
zwWN{={o8c%r(7tS$%_R0YF8{r%z^9K;?_w!Tmk#u#MCT6OJ+RYNbx$(tI>vY$di=0
zP}%9400WwOFLHZN@pD|evX&L6_k@g0>LR;1*N*79{@{@<#eT!qF`yZzTSf3@Z3fk@
zq_GkAZ9?WkOqAKK)nenj&bG(VhPyB<x$~gK&41?*3E%(CY0**h7AbjF_%}q!>FZbN
z;YI0TqO<9atlDY^_Z&;At=Dzsn1^qkQ9>%(A63e%g?h2tm>z^OWF}6&j%C(e-`m7x
zs^#r@w#oHqfA?C&cJwLlIi#zU{37vbCqRgfS%q|h{aENh*+w;ZnbEH+3ZhI5v?;Ol
zK8?wv7|KCU13tC7uM)hG_&~3gLwX0CcvTxwN8i)9R6)|P`Dv7_q);=a&3k+$`t4<O
zi1eIl=_RZadLinLbs<T$!nXcr7gx#6dptY5M{?6|>!%M8Sa)KJWen`bg^GQ(BHe<}
zGHy)m&I2OJxWW&T=-G+x+X<rF{4`-UWERnE(bG762w?*!UyldS-cBJnNm(Yna*!~;
z1*fN6EoZt#!A`bjRnhVDm;Xm>8s`>+c|m1^$%GBd2_MMBYRYCi>bnn&PoZkkbqStY
zb@#Olgnk)Ti@ii6P`-Hrfr{J-C#aeXMXR-pDD=jBRpq^==4=1e@HBTilnknUL8roa
zZi@k(?fI!|Iy5%eo87q(b7^-b)DEr<4}CqVDO9u)q*Qv(;%Ch>WAx>=`Pj__xF+r1
zxD}A;$z=EwleSTMane)y>pr|%G4Y3_$(}CeS%`Fo#{UrKUEY>#NX<6PYr)-sIj5gl
zM*$B@Buhz+DaT{fZOI$ZcEb%W%#7=k6GKk0ZzctOaAoOFa4(}U2hmTE@ObS!o|Lr{
zb(B!T*$5hPMsey=LMjSjdSxZ%-`J~7or*Pg@V|qQIvAu&q@~gbAOB7hm_mlE+-Yln
zJ$<Eq(~Jpr%+$IwB*Lq)n5~j5d5MyQz}2dzbb9D~qvJ>+AsMPgUAkYLl+d6k<k3Ks
zj2b*>^p<PfOMkw-589&sX?x#^ee>{#uO+miTnuAeF<DTOprZULK$%Oy@_^Usu*-xa
zof62(I;F_7jR*kIU}3r$)YPWZ)JHYU1Hf?PaC@6zoYLa)C*l5`F5&)~`aJO3FmYzV
zYvPI&x~L@QxHa+Ny*B}=EoX?SInwcuNw?&!f~+8i(X2raj<6mGtPGx|S}=wlaYUL^
zeTDH92=vfy3?cbQR`;N)wcyD-p|LWJFEH~oZRd`6<?{poI%rTH)YzCKiC}{R$SN@I
zteqK+V}gqr+SbTo@VCKvLk_WFaPg{1RYDx58w?71{}M$3s3KMH?D(h%BQXRLZFEAZ
zp&1o-P<fz}q+iAIQ(OFWqT~tij#Pkt8WSp%QmBwRX-dgr4cGvjq&2*fa>^>o;(_<j
zDtcG{YB7OM$?m->CGCW@PJ4JlWa$=NN$+~PSJkti0@*7L3Q;a1Ojc%bHMyLW_z^X}
zdH}2Z<2q7Fu`ndl`S|m+*d1-(>>LNwpOV<w#tZ}rNM=EUJ}~tS%Y9V|@fT+CBL&(4
zOfE>tXhaFcBO;8wpvc<cK^P`DwKq&~rI4_iLtJDmnG?~UpZ+(8aD#1^u;yS1?a|{Q
zc;IA)ft>guZZg<m>&3HV3<+sbN-`zMJ{*uFx#nVs?A#@GfGlW8nUj7?#m>xo;&vPG
zzv}?ZaWyIFM5M{IVxQyUHrjUj!lml1TDFVziRf|rG4*i-T3k%fU<qx3WHwgm{Y4Vy
zIQ^9)LK-Lw3>D4DSq($DiKz%dE4Q%6`Zqwwd)&<iu|fi&&Tb7ok&n!1(?Z2Nbp3tX
z=>3%j$9dKcv&nGU8K6mJ0Ea;vCCyHBsDE9klI?X37zLq?GbG}ENew+m?~bWzP{^_0
z^@p&^4>Ap#!Wabm1eTA@6;^|mZGipQgQCmiOL8M$Qh))OGv|=XJOl6aO4uz1Wb_u%
z=7MoM5z-FvYx<)Xlg}NwyW6>S{92%O^wOk0ju)E#U75djLOA-@{KE$~84m2r4O(c-
z;?|@cSfraI%%G+1=g@~3qZH0lK^mN$PLqCeu%wBmAxuuS#>Al%(n>L-V)qb%h<5IA
zXn8szP%tlf8Cp1dIE&8Gt6j|RN+s+(cwTApA?rT);_ns^rHPwEbKu31^X$Yvq)|!-
za|Ax#E|3jW6V_uj=l%>q%!*3a;-jHFIP2BcW(JJO=P)#7qh@dpaVgvIk|SjdMp~4p
z)$yYPDYG(K_nCr+D8(VW+MEZjKK4m2F73$Ne>X_gl{lJ32zC=8aB**R!)`doQ!^o2
z*iQOMZlD$|M?=2Z4PuKyTpuTd%+~GLOuTVqY7jABF%9HlkuQKhig-;soyL(AIbH5l
zj+w5ZZp35ma!KT}NNaiuXobDy&lAnGKy>vr8+m42I>AVxNQY02Gy&I2GZVlvF;6>U
zs$6N7%Outg-Sx*#pamPnUX_QCb08bnu5ERk*+v2-l?7WMg(^uoBhxZ4<5c)TnIxR9
zvO*MSf@@Iu;MGnQw+B;o?kbD8hb*m`t$taNuE2;rnzPU%n+A2fG!xVX8q%cH{~%Sx
zeKDSOS{7?{f+&xT`<8k3@@H;<Zjdn1$?bopel{OUg>amtm0HMqmMraGD_UW8qb^m-
zXjZot_r*?eMblY}>KPqXOBo*+CMgcfai}B(4eq%`l7iG?{864_lPR!gg#U%A<|+X@
zCDI*T*XMi7s?scV<#QxS<Ees~XoMm&aFNrAtSng=^Gc8N-*S|{jAP^IDb2yYU<sii
zBwK+x=Taj-S#DP-(dE}oc8RfVa`|Yh3IM;AXS%snVww$|NhH!lRz8oZFUDP|OFq%P
zoTZH(-(|8!$u4XUmrdq3nH8oiu{D!%g9z{A9Cvr|fRO)1Q7<%ISO&D?kfIpGJqj*v
zk4c_Xno$F93VgT*MGZw(j;1OD`XS=dt{;XWBkHM~MAT8`Dlv*cIjmTXfeRFRb3q&b
z+FTc^5L=hFrm*~q4?3T7k32WOj+9NH0$KMrPMcZ1F5@lz#Z&IFH$I7ARcSIE^dr-l
zrY4QpJXx5PRQLCMJ2y8dJ4g;ur$jFeR#A1C6SMW=Y^-2X(F5V+;QES5PpN_Zo3&sm
zFo#H+T1UyC%)xC}+uk71)^37|No{+!#0%@J^y8W97<0jALMaT@$cYUEyE+y0XYLIg
z@GV#uD5oh|xe%F({vepSicPDRcIa~;uZ0!=%x49D%oa1C1S%e%1#(JiO1}!uD62au
zpcq_|(DkHYVI>_EwVC~r95<Z0l-QcgBb~I=U6+cb&;w#Pp;;(#B`=ADM$?%-h8F2G
z-32y^wRD`={grLXESZTMz1Xza*&N3Y7LCgsP^i)6B>k({;5S;===TB6iW$NdsxVDE
z?02`ZTo=kcALT@dCYVE}W_mpD3``s5l!SFhf5br|wX$)27GN+{19RJdWjyxDZsyQ_
zI`Rya!I!4wfnM4(*t#`#S)_-ksSDIJD3^)In)H1G%<A%YpTW8~c?GU5H;{_}#eC*L
zZHhRT$yLNU>>1>h68lypIzMzu)eq9W+U9t)Zl}-5ed5g;&xgI$%UuB<!;}{e?(l3^
zLbVMwc<taLTZdNN62JIarnNV@4X!V~y|=XppU|6k)}d?pakY`w9ZA%;8%i()z>$zc
zVQofygk#%nHfc8J#W_bOOoiVu;Jvkt!;)XvQdq_82#94YfRX(;gN+O&@lBg5-xh5w
zek6;X$i;Iha=N(=McU{C4UO5v3^ozTN=OK|Go3bwO7c&E41>0KnzT+a`XZVW)OuP4
zvpAnj)1|q2{95$#=S({P{kI{1Ztf7Mu9VSveS6XVmBHGJ5;i*b!K`wvVT^BS)8xhV
zkf;2@EICXGW#tna>Jnm(k*r3v3jAe>S2Q$rBs(mqF0PgmVG7NeiKkE)pEBGbcSd4j
zbCHi^E>nM(8-l6;DJvZLl-z|U?<n%|RO%wsv#WN5MG0EDq7bJ}U0MN0swm?38N4Xp
zta!+GE(*90d#+Q+Y!CfRZ+XRE&OM}-N*|O{mO_Llc1tbCkR_E}#h^B_9l46Ee5r^*
zt!L&=wRD#H;Bql@qfDOGB%Y8VdU-hbWa1Cx-aamD1*dn@6N)kHlJYVsx8jsQUO5C<
zNT6OAXDv#$0UgV?51|AfsgzzIB6*Kx7t`^Cs%)4{>uTi?T)@u5047^k#pf{+==|Ge
zh0#<sn&p><zB;Ig0;-O$aJSxtztm}5;Q^cG!w^~HO2_PM_Ru{xZ^PG<S#FZC)kina
zi2_%grc}SrR3=);>*o;$uWg*<?GN;Yx&}&Q&&rFo?kHYG)E=`GE-81QgHHod7k61z
z<ond5l2?PeHa_Cmy$|@wDm?4BkDMk#8~6!WH~4<7qF{dJP@g<_s~iXiG6vpRWcaVV
z8XGd85HP@G1Ifg*kszG`>qFnddijVvM2z#*WTIJWqN0gP^@}?KNES{mr>&1J3xw|M
z<wV6AI*U{@P&U?TH+si$z~Y<B;o#+|lsA*?TL`ui=7lPeVP*{sDJu+VrA2g%8%STo
z5-+p>+?B$bsK||Z3o?l5ZqkU$vv;pIWXnkPT$r0o3h9~k==-9A=r&%R)tcn8p>TaD
zQuVhS*esNfNWLTNz4Ifq%*vHCC<30VD>3T5ye!L7fN9J$6der5v&gf9W1VTVf*Euv
zyX=1WH&HA24WI1IWon{Z;kQHZg6_x-`8eAc5DPOtfwJCzKFF}Mnc9cHzh={z1<QQ8
zLn2B9G{}}gt}(B0m~+XHiD{5Uix*oZ(z^$Z$aos|+XW1CifBuSU$Do_(+dF-K#9;0
zoB_EmKRy~0#MalX@}=VqD7KHXoZJM{(>U>SLi>2a9i7dUl=Sgo=wp{7g$9HnW9Dfi
z!H6yP8XJ<M(osWuMRRU<xm$cWH<TBqoMF`Q)hWBW*7KaI2aA~BS3*x<PdUDr0KkcW
zgSl2e8}WH#PLvCSZ&d_%LItg79V;|r2xZVArwvgWG}KHm&4vu>=lNqoGsle(T2(#v
zFM@L8nq*kaug^MjDL8XL5cjEyrW0ZQWR&xucu}r?hHKC_30@3}d9^2a#$cFeP&L8$
z@pJEEKL6ZvAn0GG*)?l4*aQ74NI;b>cLQ$Tc52XH?9%Rdu4W#EJ4m@|NWe{pU`}h2
z=lgtda<&YDS9-kctkjONB`dOv#@W#}u;1GSX~Y)azLTX%y_PzXl1y;mi}W#Df3+eZ
zY5VjPh^%h*ikhOIa8he_Xz6N;2R=+BRok2{dKs0AzYM^I80&{}&xQ7OD07iX-;FAx
zq@@?mh}cGyw+y@N%e#(KdScehWEP`Lmr;(TzA^1%M!hr5mmabvwM;i#MV^YOijstt
zU)9(g*Y@^g_~Z~dHcKaJoUV`E9ndAsc~9}7hZ4B7hv|#_{o)FYl;E$PG8MWP<dCO+
z?UI5w0-X*+O7P-ncq3R=VA1Q+aa1ve`@^zbr%*Udu<GvA{-$O+$lo=8)m(5Y4?EU=
zGWTL#<s7M&74wpMKFOU>!b{qV&ltM1LZhLyMO(&>x)4qw5PruSGdpfyZapN;>`2T}
zKGh!ly}~;#wD~RD>|`h$DH*Qy(;zuvOJ{J(ZYpy!RrLtWTa8aGrPVjH;yqB4^JD*&
zi&x0};hMYmq0KA&Rf;sZVt*HZy}ZLdREocQ{#610%OKAi{u2Mt?C(<ZTJ$5|_dR@(
zo_v-F>pP+!P_**(oUG6P&ad$Q>jk*bM8O&c006X*f&w7^>jl^vTH2|Y+B(?$>j?Z$
z7vQSL(|wC$k^SS>2TG@Jj#p1Bsl{tT=hYi!OERU^#J$8NO)j5BL<q?yN(H&Z^gZ+a
z<`o6t50R)+^a;mP&bb0fT9uIDr)uF{->;Cxsec9&k#YAU)O8Gv^`IUuUKD#N<LZ4v
zOr%}vU9oLal2ObFyPF2Bx?J>$SA!0x%7h5BS;8OjQDj){5|=5M@82tw0-uq2+9GX#
zgk(kGa4V`(rZ0IPJY?wV^`MX6SA7V==3rZElZ*rfb{JJ+<B_Zf@Vvluj<87#l5?yq
zTSZ~<v>Gf}802S$m5d<PpqJUXy{p?V=)&KJO|tc2V<W_5&u7c9phAdOSRw9J8=(RZ
zvrHBI$*4fBDt$y>i&!_k!l+L*QeYeFReX&m&p-UKgD_hv<JwF0<ldj8<xzb;q@nL=
zq>Lja$da>iWAzC$5n2MiTS8ofREmkF1(0SihR!<8HQXkMW`%uqCa5Df<Mpg9>x?yr
z)=EC%vZ{<KML)ViXUKvo=4b;{DN!|ug8uTbk8!f~LQ!yu{>A4JRKy~fN|BPckx^h}
zjDIKUvc_isltTM{AN)If5H~aF>0@<<kftfh`B8<{>s#7B17SLtFeE5QjpF<`WCs-*
zA}|0&0Zai$afA?wu@v_$+x96ZcmF*4y8Hjufs}oBk3OPQ>soqzA1{Zx@St7znZhV4
zk8MsDK?yG*GD2D@kFaDg)+?l+p{+!M!A?e)$`^S;oY{cKPcU7xmA?xZtJS(s3J6n(
z)OV05Pv3k-&(6k&WwwlwVYR$`nO<L~S7-@zh3k+vHk{IfE4pf~3Y>m~IjU0z1*93y
zVw2X94<A#_&g-oWc1Fp%@>?!Tvj=f<K^2D!KNy8oS(}}Wk{DaX=f~l@w|0z?jrhjC
zk!9b`29S8K%Xw5$g)F}Rozbe)sp5ppxus<_Dx>Kr&CBo0q*gL{Un;e;U;AvltZHJf
z@J;wu{OjClF1@pb%dMsDL>kwUHhbn^(je?!VbleBjIX#;<hx@IZsKou#-&Iz#KYeg
zdGzJYP^h8TtnxYoim8wbM41{8;9CTdvQMK`AbJSpNS1*?2Gu31N_m53llx<gTv+DK
z_ijeu>ApvvH1aOcbE@&=D?L@KJuB96+yc^$Ji*F&s&{cQT#!I0Fm+St-)#~;P`U97
z3&8_3&3~}$tc)|q#2D*cg_MljY3wkedSHPy1S)>v{2^8chNT#%E?s5)EV<H>rKo$v
zp{r!gK1WkWn!2i{AGT`L5%*<aecb6UjZ%G>AN8Go0-)>o>aq*-xsxw<17JGF$HjHN
zW)0j@0aHajvQ!L3m&bBf;IYZUXPL4hSggbQ0`-u76a(`EId0r5jj~m;I*lr%Ok4)~
zj&l;IX~8c0yi0;n)K6K-O$gO2(y9390GQYnDsnwyrs1v3gs71v)-oPzS<#Aw=Sb@#
z4um`0$3?+1DX?T`h@Rc`1qiv=8N{L~X5*H(vQrH}Ta@BL6A9(s(FpkiL_O}gQ%iPc
z$J%lem2%v!#jjd50>!5qeKIOQyNWH<SCPXa2Z_n@L7p*uZs+Q{BdhFdwNq;+>Au96
zsOMh2wYH-|W4gMd6?C(zbV(=gxlGSqH5sX8Q*m4(;n1g3lfxDlC0^d{<>lkE+}~oA
zbF;e2a8p*n*K)Jk%6d~~MAUP$nm5p%9acKssVzUh<7KsTLJ9tSQQ)P;M@2<`T%l20
zc|uf~PcibK*dl{v+OklQa^%w1+j&z~`JYK!N!NLXL|xbO^`#wE8q=j6v7kG4rE7XQ
zPL4{Pq-#L5IIs>KT#8lkdIfGS8Y&aVHM?9~JhcZxc~>m!nO)R{@}-@zc4u}}<WuLC
z2UzF-1mc}i&?Ww#$(6c;YGviKQK?onI=1-OztS<?prfY3?5h^*{24yKS-9xTF8f&S
z^lm2IksTB9+Tq>o{g)JF(+wW^*^T3Wxujb4m90t^Lx7;h$I1V@WTg_u*Pn0h|F^LF
ze+zg2Utu1}*^T6X!j&u~^4I~z1~q#e)OdNhsSznw2@_g5cX_q79hQ~y)tzM8b2~1w
z#mk$C7gu&v=}gyG7D0D;<$qP!sH28`j=&j{hr9P~Sz@ihR8q;;a+hywF_ReiFGyc7
z>oAu8$|l7*!J#N;pSv#!ni`z^_Fjn8b&N_{({3lB=<oF@;;9WCuA*bYppcS3Fi8k2
zzro6}(498WJDLn9cW2pGqZ0Kzy5M+!+^j>XW(~+y-2hxqVW>Jx*zxm()lG}6%|*v#
zamQTWP<lw&1xAj!;SrRAHJwa_+9G8Y?9~ud{cR*$Sv>;AiG>n>FZruNS&ga`8#*ll
zNgX#pc_Cjnu*K9|dPEcq#t$s5O_kSZ?T}O%OD<74z*AX(#2&TcCri1y0!E1k8|S!C
z+!$ue>H)jj%JN*kwr`ucwdj~A7@Qy2LyP)f*c1Ds$R*1Lc`6DU{7|lqMdGGC_|*f}
z^&O>^{5@dyQ)g*$(J)wFFg13S9+Q6tB+c0K2ui`Ahp@|)IN|<hzi{NrzN^Nr(sI6D
zaGRNz^oS@JtRGx!8w-!=+CIq<wtRw8u&0t>sTb0PiD>*JF{@hent{KxvcDJXZW<sR
zE;=U58>Ys-(tS$705SF~Caiy3Bxm&9)3d+c@%g1Z`qR@$d8(jpE#-*RZwAU`Fcn?i
zzk|{sYw<I7sL81)?-i}@%c*_ai2KP@&qcv0NwQ%TY+PARI-&d|S6x)Nv}&lzfr)}u
zx<qf#A|075_=A&({G77y$2FnWMzX>3pMX}dvE@HO>e1$Y1dBvNSzeI6m@eguq^&~D
zVVD;W2dT%r`l4iOE9pep0YR$CC1g@<c^Zv;CEm)!{l0}l4e~ZU-Vs>4*P3I)DnAi9
zM#Z2N*Tm}owkH;BjQ!7EQr8wH?#_{?M*UBDvW>BHlI)Nm)dU`?#0y1>iRYwXFwViz
zPo!~Ol}dDrSHd4Lt_eI_$wo^K3DS)tkO{p1z8Dz~HujBtvfNOtVm;zTEU~8eZ<D>X
zZ9-76N)oSR!j+`e#6yZf5l{yIu4I9dEcr&VZ7dk&e-=w16M1F-EF`gF0b?FVMhogt
z<UhnqD$=mOjdVHj3}A}=^GlMi&Ra>cgMwYSL!B1Y3UmDG`jg=<#NV3t=+Wcri_qj#
zj|3A{;!=!+c?Z6Gi(Vp=+?o`2S2ePOLR}VRw<Ao~BO_}yuG`~LOO<$Ts!JkPkaciW
z;#Uq4Ij^a!gbGfSrQEH(8&GIUlI<4FXg2jQX>}WLtMe#)Rcq1YQJ5%RCM^3RtjS9}
zc>19TF95XoN?qDo@udfZLR@koFdP8_v-^3~abYy}L9p)+U45L4tU{nPeBRbhb|vB7
zQsLDy$%p*^ZoGG*t{ZOZyKwL(Is7JmS^$0qdyAkl=KJG{2bF)93euHthyqF?A+(6x
zot+sfNEFtsn9#<?C?|+XR$r<tT49ma@(GjHl2KL?a0R}a{F`b2n^9Y8NXYpblBMq_
zT1r2jfh=dAI?~nVw>fkZO=M$3O~CfGK0<v@VCF^NEbC!NkFSXTh4v*BJ;9>&NsEAd
z9)Yh)t7b*4spnvv;3ZY2FNI-iu|j`<CRX++-1&a%)<Y>V$YIpC=*i_LhIA{w1-)XX
z%0$pLUF+O}`g+bk9w6dUISTdKjK&*6W1k6PkOyrZ|2aP6QM<WINJlRB)Pv~l(`h9u
zV<apS^$l!&^LEcf!?R@?F@87(M=G%?I@s`eqBAE&hB!JYKV+|R=A!#j{alJ=T){Pk
zylZ$T$TigR)jgeK={!eY&`Fv31?vShDgx!7iAS8x*GId&YL*T^gJQzrJyeN4S*k!B
zn`s#AM<-Y%j-63&JXSdP+m~$RZO1%?u_TVL=2Mk{ceX|?cq#5>cLvNABLl`%n3mRR
z{(jl^iDgP`<W(X@z8q6HP>Z-eSa*g2KS9`q|MS4G`m-|@gR=t7e#^B|*R=NhQx2}}
zNu&IABdpoMa8qYxC7a7?b**`%he`c<z4f=**YBeu4t3Luz3~G*S^VTWd#kR8Np-hp
zE#(5A+4U>2b=S(BedqO>KA%-~K@Lyr$@RNzE35VFGVH7E<N5JZ{Of$V_q-MFj~%_`
z<<8o~+T4X_9~+PD4qN#3qgm;WH7s|}l;&ltU(qrj%ZEMxk5j4p<hA=M?{YN1zlF}y
z$5rP?`1i?@_e+a*p+2AMbY08q>qYtK&U1TVWy`~aYOOL^K3;S7R`_}P9DdB|)}Fk!
z`-xS#c3mqSoq4Wi&&x@JZbzrBaL>w1&2IZe%Y}NIepv2StM3l&qdPu6efjmHSF!5?
zj+-6-Chlg=Kh^c+<KL@~oOIARp4x}ADf-<NZFGISI=k@Z=hmTKpBtWCmp%R}bXl)w
z4SvPlUdp4#HG;M{n$LzE?9FTW>oK{uABv0P=JC#g8t&-6&+XRDHsLN|&|G!iy*B<$
zc=fg+!_Sw-gZa(#Z@aeV);=8m+*mZ;_mjUnmx&*49A93FWj(v;P^YEtoYKVPreqc{
z^Mrko?gDf3H`9}R9Tq(=#!ELG*K{TTbCC~Ldww;#JFQ{YV^be1|ElwHB;Lgv+=}=N
zy}|MH(1}O7gV@aZ6vdW$OX4rb4ZeHd{jKM`ezPOEp<U_UJEN64Tf;Y1wpS~by-HnR
z{YPf6MR}3=X-WC^mF{v)x8m0o%kzl~eF(gu+;^A8ovt?kPo{5rGVW$<>8=A;S~$A5
z_qxyb5yCi2>C=~szIbm6SBt)lZWDg(^f~<b>}6+u4?VZ_;StBCZ`IdA$LX!E+55Jw
zL>kcv`RIp!!8wNB#0ERty^8Uq>9&J0FT(@``r7*tTG0+MHYU<^)<b6_I2hZANdvH;
zhn<Y@6XLRp8ypXZAQ}l-GsB9jK?8CJBWpB4&NV0k`4nCe7n4iSDfI3l`$v|(s1Kgi
zn4{zaL2V0|t9eA}$X-Px5FKKRss*7V9OKd={vyh(I;8OLyDFfrODCww!2x0Xj7|W+
z2!I(=NlZN-iH-hpNs@OJ0+?yExQHvo9D})qy$J&}nggiI4sF3I>=9`rP>{ituFw+@
z5j?Whtcf8TF&RA+-WO<Qm>5)q=6a*1pqh)_dZ#KtoXMNmPwsfp&3MeWevPGhnk6y?
zQqT;shqk~>Hd<p0cTp2i`nxM~FC`XfXK2oTe^CbIc|1U0Akwk3LYNX17dMC)CgUwB
zG<q%_yy%}DWMoEM`StPo?q%d;m<UN1$}ToMCD2BVQHKh|fvEH>L>sDN$W}4CjYHJK
zTM?o1P=Zhu?79^&EIg)W@+}B?gV4wpAPJDlq;w#nG^I^&(hDJiE227Z3PEpVBQ#ZD
zH@a@Oqr40<RmiRI{S~M@jaEq&7kS3`bQ%<C=CJYMRfuJe5Z90%hpRY&1kfoN6%bMu
zbEUQdiDZf}NWr`EWvqK9@Yb?IK1>WU&SBu_3<*{g>=({%L`E7e#8#T*mv_9zebF}d
z%0pr!AsMR*6~{;lz%g)eA=nHf8HnZIc-cTw2qylASEEAmIykuby(~tPI-rZYNfM3k
zu7IDk@55B1jA7r2=dEv0tan_NMc*TfZ1t!cUU&#FLVx!x6(0d_CK1=YRn^#vGy59L
z!zDk+9!41wMp?QN=^diK!zB*n0XP~0RA_@(%x^8g669z$81n+mW%EHX<~bNJRN^Xa
z;|fN_pnhWjt1K=K`;lXnadijqa5>%(QVYaq^TWxA7!nr4X7lgSoBVg%3>ivsv4izn
zPqAi+Es?%}m`Du^j+Q^O&VKxTQFEZ$V0L4X6BwEF_2)Cwv!Q2IaY<$-lE-FK3@1~a
zfUSIk^Sva>3GS3>+cDS%5%E~_u}$|6*qO8=QOWkeIX+24@@!%`I#Ucsb6t^i%jZOU
z%{dL==QT$sx>dw8sr7((-i4Wb*vYz?)|f9}p6tsWy{bxoN4xGH=r%kGk=TZd{Rz`E
zC+OyUfIZVqm{f#Vk`e8775Eh3YjV7sCYX{tf}hMX(+u$e89u>_5Ze33P4DLd4dV!T
zK7Z4Gqkn=kc=3#r`H+^2jh)y=;l1zf(#`;ekX-TO<fqkPIL@`SeDm5^9v{QnAFFl=
z{3n#3!`hvxb_whwm0!a&lArAonpB+M|E;d{O!%eysqLw}LMzt`+9}K4VjnK4znX0^
zUyJm0yuc{cYuYW%zGWY=NeJ?^RieYf#FJxbVu3>FZiD_K)+tc1Z{&XRzp}sZMq!qP
zKQN#qK?Oo@P<&h!N_2JQEy6ZATV;?w)5TTWfTIrt&5#0yJS%==Vm+<^<|`|}HgJ7&
zm4bk{SHUDAWob~FWMzPMtq-^`R-hnD_JF!gKwPIBnawHa^QqA9dO*k08i3Dt3AQ3`
zKCl4GKz2EjWV089!6F3F3E}C22o7N={S~hsjqn1KWErma;Bcu}Z2g5uYIDP#I=UwN
zU+hfCG11YmluNd<TgfwB@i0r4RxWN~DmIAGaT9nXn|l!?Ikoj?FrwhcX>P$XgLkre
zmSchMcmr8ULDoI{y^XX-M<5{s`?TsP^cz*gmBug~<*QfQC1{M4vwQ_yH&nL_&~FS4
zsuM%68CLD`tX6^D#gOZXGbddQj41(wAyd4zdV~zOU(}^!*D?{DWiX?~7PqMZ&Wo{6
z1Cgov-5{a)G0EI5Tk<twV3K_Zd6v8n29fV@)#3RC4Y=B&?vl2InF5+w(ST(WQ??|P
z%G_ls*(i(Ynq~cQHal-go*Npn$#SGvj?yu*7^M^Ux4%-g?gqe&wss{~S|*LdSYyv=
zNx2J6;v?|Zg$oOqZ3bQt8axf5IO@VP7)m`RoTkp`!ZmS~H(2QKuyzuzHBK=F!NBwV
z!N8WB-k|9y%um$oCA?i4fRPuhPu2A_-u&+fXL0d7#gb4A9sTff6g*w_Ile}KoWU#~
zs6B|IjJK%l(TXRt=J3H&Md4&%ajdWd)MM-6v?gazfWeq6sw~VlYj<>Xq-nU($_xX-
zNVYRjZLU7t^j4Ss2r#+b_B=FadJFEkV`VE2`4)n0+!N=6Tm@*b)FvhtP71*~BXjxu
z{&bo(DMVdEiJ(JjLR#iW#FR(IOF=k}J8W)(_b|isUIiM&#jB!X2Yabf_f+jc{UZ_c
zO8U*sT_TK4)!bdgO+^XvjKNRj84Z<&RU29YN$sg>cQ?Y<j`}HUt)`eCA6TM)6zg(Y
z6Q4;TB}!>>9tV9}N=l4+zgiBN(!s7-9QtnilBA%2;93sKx({=?ZGfx4?mY8P?3(57
z((7y{^>=%=c$-c?K(coclWOymBOgEYOCA4inGuVd|CK`-#tm^q-mP<i5=A4zBEM-D
z+&B7cCl*&c`S8|O;d7LCmXQ+&n$_%za3lyq)-c32!y$)b?KG^w!lYhJ;V+@i+DMKx
z)RHvK$3AMP9irn+qP>%mO_VAA$o(Z)O3)(inqx<m<rpCO(Y`|BAd_zvp3IQd;1U}K
zWG|w2{Ki!AwgfT3h3e4y4eHg?)Tl4ko`paiwqg=s#m>s!e!o5Z67G~ds5t8~u^TW!
zaQ@^Jk=@?!pg_Mo%hWJ85HZ{!&ur&DDQ30h)7@5>qDkJr2UTRbtJ4K&7-v=<fuN7p
z5RqYI@$PnD?*f2uUJleY0^rvLLFKf)4j6H~>|AHH(-PVZQvMvYO_z@50PBO4YM*kV
za-4SIDVq$l2<UB4<<wZmq1#U24JCj{hO6u~C3=cjxm!{)u(;r&&_HC!#V+x=QOd?G
ztLWV6?f>1O0-Y_)y;cGgCvBAu9B9?<69~!?U39|^#-_<0^lIxr-X|`z$G{r+5G$kU
z<t>UA*<m6~(dE+^UT$bL6+%f45cJxjrao2KYdzneg^!-8louSu&2;<?-vBk8w{5Nc
z<2$2pqam#x!?+UO>-)F$v#Ba8q#*^iwWAasM|Ot^Qsgx1VW9q-F|Jh@TJ6@5d@2u;
z(};`bm9yO@vw%@eOohBJaU)GVCajZ;Xtl?}eGZ`einNPgX;}^OU>AFfTv+Q`TiXsz
zZ%B<&<IMMi1ck(dk5BgXu86gSFyx|Pb=xPhn~e+QK=;qgaY*O$$oVh}m<lnw%DaWt
zoCBTntWVEf<@702yX%|z7V<bVCR5&o-73lJ=*~-N;eMn80XXuO8#{oz37B|pTXo4{
zfjIijALWgz$IDJ|*<Z&+SZ#D(=?k}P;l+kLNt>4U6mJn*ec^Wos|@uyW9NsM)j(U}
zQs7Qst&AOa^Y50J%1b=4zjHSBZVZa~<rrV#9qcp#clRx{_HfG)P0n+{C41vnLU@iH
z{m?=Jwtm4=##6l6Xh+NaiECwLn94;jF|S}NxXzh86&<DqLSmiX#h6Rfi1f~vM$8il
z-blcQKR9QJhQC@=?G{?hbHuj1DYgbh5TL>9R~(#airo2?G(v?$Y}C+yRbQHu&86H8
z%@lnb%uCE*cCg!<x?s9?OLijzE2`~<B+<Oyyoyla7I!VTRCBzGOM+=(h754F8o*ly
z&Rr6BY3|r!?e;A+L$c{xJ5!RPsz;r8y!}7J@fnb6Lw<ta91&PuzJ6sy&;!%;lB8c%
zzs%2lE=nByIwP}qQm!*$EHC|G731E$J?_R2f0EB&AjPF_hge@NMa(5Q*uC(%OrmBJ
z<jQ)Ru^db+s2&C}LW=m>yC=jYJp>V^e-FfcL3u$neF3eg1>PC6dX3jthg&;!vIVX(
zQ^=e+bczSbM1{WxRMgnZygzr%$#bB&gjHbs!er4+0{yq;Z%e!hxP;@%3tkh!-FcA@
zx_D=TBq+ch^+1S*1X5D^?d$3b)-Y4By^dUA*GOSH!(WGF=bdz00+esV#gqF%1F+tY
z{hWx_3YgjLI_iYE5#>b2Q4ftD+v<Pexq>-p3*GG=)*Np*&tOJ6Z{9@qJr)8$w$1l2
z7(?jyj}D1<Z|#6+K>R+V;JkwFu!QP_VlQ8p9JD#^7H8(&zA5H0A9ARCf>RwF_9v<H
zjKnF#bD;w>MB*mtBIHmOTY}_^q4-WHIlPcC=PdpVK;Oq|-C@aq2vLD(1NVZ9Ud>;n
z8x4^61QA!1hHs1r@05XWjxc8VUm2<mM?k?h=Iudn3G>k-?adzrlrg-t&-KdD^3r<D
zx#a=30R2GgAK<?N+e|ND#>buXTsi3jx{wW#hLQu@^@DTy_Nn3V&Ye!rD-3^0vk%4Y
z$;8YW;M{%3;i89pLHi}5^Bf3)rwmfJ3sE~zqLygn0E+5yAu>WuHz`3Vb-A?ZEHkq0
zP@;=r|2BM*#OtxO-8d#X{JGezd;dctvt0SnA0#>mZm1TzOOf9V<Xa|3vGTh#7kYKL
zh=W<R!U)Ud+SO<L36&0g)-~0==C9M^e##^1Pbff3FXB=JfGF)A2x`@Sj+cN@^fPt?
zy1Ss%`{V3CO^R?-JJ*Yek)o?zjFH@vKX7xv49xXC{7ZH1bEq+UoOAf|^p~km61uFp
z|Mm^`&s5***TV9fz)d5GcVPU@yw84uGDK2C^8>lX{wRC@xgFzMLl>a9G-oiw4gDe_
z{mH}S6${diOB31d?p-ju#d^p&o$mMT-=t64m|mQ~wF4PK?1FUKFT(mTh$OVe-Owa5
zti>FpB;*f*e$PwvF%V+CPc>@7PZa&OkUdXi;qG^czmcH&$Zl_xMAc&KvpU17??j3Y
z0Y<aZV5|IuH_*}TdS2raXSMPS;3XX}Cu4X_+uUyeVM*}~US}kFrbrTK=g7_0S)clT
zS8mUa5YmEsb?d9orkbUJ$)?=)O`q011MY|P3z1L*%9Q0W1IY;Sv3nQo9U43cLOjlA
zxMeZp804b8Ql6g*MKe6_O5lB?BU=GWoB(v*O(E6`TU3CO10G86K(x|;ZMtO!{)v5q
zP_Fb`mJN!%p^0wNG0;<YX;il~5RFZSt>_?YlA4c;e0XGmZ%znj3LaFwLggo{@~qG|
zEK}s!rJ}DvW!PgpUAc&J%#ilweq%5_xtoUBUAb9x8*Ue{8E<VQPbq=Pi=L5mJ<}3!
z8O@qNJm68Zhy?fVwz1xEsUFtVS0ThD*nj+H>CL3I5H4eyYW*@X-YlA?6#afT-KyZ;
zxNNOoQ`!0#%qB8kFE)_~^Qbr6$fibatSzbiXR%Axr4t{o7m|X!1+$3{jGIbp6{8T;
zut^EtUEab5>Pr$-vG=lRc`EuAHs5DTv@12=)a;O9HE`0X-ly$)2{o&JJk2*~X$O`(
z&U!;q!;b_q>3JGyc@B?Xf>v?2_uRFO9h}-5V&%KHjQpmQ`_mW+&)IuhASq-q8fNU;
zN~6ErQs`r~{i>elob#T(;+Ecr(`^s6NxINk-rw!^H|6+c5b5oTLEhxqY#i}qknwLw
z=SF{=iMNUfXDn0G56YR`e~9vNnL4XUr0zgx5F^R`^hC<<@)^dvgj;XwCEVyMiA&(1
zJ2dC%F8b%(Bqg!IoSXxk&NP<Nh7)gSR??=YGzWR@)MT8)M_WVv=n;1rNk!*8tFrmM
zQsq4|*Zd)od<2*D1{M3#7fFS}S03mRJETb@?m%55j~^51jpRwvVLaW(cX81oZa|-b
z9W=MmTwtI#{)Ea}Yfl3MrhmMQ5-0=S+fR78571QjYL5=_S6FUnTxNPO6ilW?oNfB%
zYHXDrJOtWh24yeAD4N>Z-iJIM^c7Xzq4qEjOyc4t?G1M~EU~h1A6Flc+{=dkM4awr
zP80Qkmy?n+w|xwsgv1xxL=^&8vzHZaLS@_#)ES*YwZ72!h`$s~25MY_E>qm1yG3_}
z>Z)#>z>lw<^Rt~l0D8%zA!X;A_w=Ks`B{fiO5K|)eCN-BR?@EcItzlSlq(pCqDA<0
z1ZU3K>vUY-ibvV;jr#=bQ#81~%iLJk|LfIKeIoCQvzyV_`g2y%ut-@YEIDq+9kM7M
zPlB2_p4BFFiZsYt&1|16JTSdL5?U>&@zJJHk3>q|RNm@%yohEaKgZ#MMLbH}mqnSP
zJIw;gjbatX2Qr5`N^@Aa3r_tn779~)=tg5@IdFn4!n>ksQ)O}c^)=&XAhVUZ?i<^P
z$jGY{1j%A-G46@qS7gjX5`N|PHZ`R2>5k9rq(Z;leW}tntGD)<k7skzAamaZZ+bG=
z-d9!0>bhFdVjk;lTC?3|pS|?*eqPL_W^uVQexWaem)d4;*Y`51;`yqlT;)H#d@sJ~
zRlT$0ve(w<v&tgM?P;;F_MB~Jy;)R;{jhhjHg}7EU#|RFw&m5{*;7*Mu1~JdUw!($
zdDrZ^h0{8ho$6M{di9Sb*KU18Dt*qM^?kohrS4L;?P<O$(EofDI?7%)U0&e7q|4uK
ztl5S7y)QHNt?uqs=VQ6A9fg&xPLiv)$YuI?&D+`Gm+ABQGicfS^V{yER_EIFY<9Ni
zxSBn0rjNOuT(rVIt8F!T9aXJW>F@Yqy4h{LxVBC2`TBI{w9Z||u8KOZcYIs8TR8ty
zHP_8$H(fgGq47L6PZrbnd8pg#`gnGC;x4Xk!F@h-JbEno{#NL*oUa&vi+FyP#mwmk
zZ*w(Xjk(!dwDGs#bMJf<S0pbHT?RGY(EQvuZ&~fZUBjWe=so-F{aEnp?7)RzZ%u^>
zTbI9f?W}J7IDNUWX+0gMXS>&lUu+%RU5aMDc<EE+r0<^4#O9>@`^yyw|03H3<Q48>
zrv5xGdftqe?K*1iN&w^`pRD%%Y;bek!fM5*zf}KMovnEM>lc_!v1NLbqxq>zuM`*Y
z`M>kjn<~A@U!2!C9%GL$-ZO?>?%<~Or9ba%)~Z}hA2iv1ZCJKibpd}mn0(jdB<JSk
z<$LzJYV_R;f7UFI7cO;R@B{K*Je#&V-hjLqzL}`GJMra*PTgo=X+J(%e_v*ZV=Sev
zU(dT^{OH{+dbT_NWtqQ*zgoQIF6^)GvN<{DT>q{0TIe`&(6@NgvzJ6CIxZXY*#~lp
zrZ4lCjqO&&c+z~q*_elMBH}D&7x{R`7;RxZL*p;ZzgI1|INJ!x12AzfyBQ%@#56$p
zj~zGr0GcToawM*5LhNB>j3vss?Sb}~MO;iSLB}w^|A&hjDs!p4p-{&L`WF*Hbqin=
zNkw|=V{8_87Hv=&R(SfU3ZUoO0oqw`;0Otn02wXT#H1juhKF27XPLN2QfTuKRSA2B
zaSD6S=HmQc7#f7_(?f71Fg570E<q8sw{buX5j2EuLh}~Hf8h<tkwjkp?oJflNzDA>
z-%ysTSteT`(H;Rjs5E2>#!hR3=?+522au^RECb|83xb6VJ)|Xw!kn5Ht`Ot{H>n^c
zXdd2q8VpoPXpk?NQTYEQpmRoml{*gpX^c2lBK3!*XpV<u0FGRy(drR>$dI{cK`2VL
z-D=nt4jZF+HpDcxO`r)7N~H9lA~dDV@KVdU7Ryu*UI9qW?1W~DtfLth|A%~vrwFn*
zFzi&G<r$g8MySxtU=Sf|6Du4ct|E%X^aCvs{SiP2M^{8lna`2j2_lj$!YGqcVJTgW
zNaw6)g?*mrXP6+w(-;=1DqJ_VV73r(<o{pjGp#tFjJPVs!%*cOk&%#$Ri&z3BqiV|
z7`PBjhLH^9;&-g9KdJC>vqz8S>3C%T@I#w9>`GMtS1%K!+8=#>uTj5S2`0InzQeDp
zPk^{DSgg|?$M#Wbq30BEfZ+I6E;$O`Vh&&w;$o{4O1=FnmQ~hglfIBWEYePfsq7^K
z`dq0kf|HSw_@*C7sR3a%BhW=ih5RoSmc=NFR>FM@6Ax8Ur)XG^s+z#RS4sbuey+g7
zd0+*tC^;PCWO*=s?2whM6MS`Gz=R7XQ_aqHpJTTWIao507#Sy#T@ly-2E=H}gvn(1
zCdeGb9#CmYDWQkfMiH{zl%?1lKWrs2Az}N6@PsX&Z4oyjPI^<iWV^78;;}^&GBS1g
zvq9myKf8d?@n9ebo7kYd#87Si2R&1jgp+aAj!;}3EADNYUxk=;xDL^|&_)w*v2QrK
z>V2F1tPIIL!-t{06(#nrnm^HTDkJ3^kH(PuD0FNAXyE>gH-sKM2}DVfO1o%j)B!Di
z1X6_TBCn9X%SV93)b{NB(*B}<gEM;bj3R7DjotBLABFb>SUUK(1-PA3KNY5BL%6pS
zUi46{3HX1hG!kCqLahmSU!gP+E}HsU7x)}(HxXX=y8aQqO*Su<t@LmI%j(eN;I)Z>
z-^;bOgeQr-`gfC9<I$^KGHZZsOt${7r=1bGVAvRPY{{<fy8_Jte9ay2^Pui3|Gjsa
z{f9pSvkdgJd7;6Z0-_IS6Gc_Z)P@$hNLkD#Vj!30eu%v%!VpLSP@WY(D)DajsHWo<
zZ1&Kt^NgAR_-B75vMgF7hvV1xn%}723#OwhIechal+D{Vm<pg>T9mmt+jM^eggU}B
z0TrJxl!3E14<`Is6BP4}U%aqj7_38l2&{4gnfVk<&OHH2f*%)AfG2~4(m#~h^bcir
z3E#qS{)l)dSoo95<<iC~tQG+;N^UcwHuVnh*z)JBt)rlChRA!A;AEoc8w@xnYYmrh
zcm_C4@BO2e?cDXvD@KTqXhJjr-9e~V68F7AsRbeK6fzXsNWV~kF<*5VX*-z+&N7%!
zr~eOI?*JqF6SR%4ZQHhW);7-C##!68ZQHhO>#Wb(wsGhGe(z1b+}va`$s|3Ko~Qe%
z>aKdKejZ^X_&@=Bkw_=@PQhu0!BIuV19L{taktNRNfZZ_Pvb%4qaM`+zJcQQO!95T
z<AG#C->268E_9Pa4a>tS2+N*Lf{`p|XyYk0$Y&GK{U?PtGz;O{gMEpgIe~pYkv4w)
zTyj~s#GM!!#pzDEjF1)61iidFGa^O7OL2x+a2gEtA>yg*hII%7-y%<mN6DJMqwk2-
z##G#5z``In!?{j*NKbcx*!Fh?Np|aYrL{tR!8a4b>@efY^+ft$U=v=F5TUQ#2Us(M
z^?RWOxC(ABdmWyE?FVAmet$-8L&a};jqKS}ZoS#tm|$C280~5-A$2<ndRY^Ts6zqm
zsHiVY*Xx32wsYyx@RS(@hLMF!hi$TK5Oe)z&LM{3QQvV7cV&IfwlaFmVx;^C-l08Y
z#f3pI@_uurz)>3?pFcDJu80DJF28jeHU0>3gc-qx2Bovj25S87|M=`%Y=;(a2jfpz
z6OBW%qC@kFk<qYlD_QKOp(CbRK-E4+Brjo5ntnV7$QG-qUg=8XH^5jq*k##s4#}u-
z6LK+)y2fm(>ujbXp`TKu(;exZj>c6|3CGH%0rlV^A2j4+KU#;8xP6}mLORc%pE2q?
zetCo1zmE}kszS5nnmUvy-jvi<t|ZRd!O6V1<e4sIN*L+-p5P@vh|~k<UFI~AT9<qN
zH78$UC`Mntz*@Kk+#Y-is3ZF(liCH}*rl?7it*%@0J~_;P_CtELJ3^Dp0i0=BAWT#
zNS@GKA56RGy}TF132S6vo23hvar|RaiHSzHnj|cYGI%yIN>|gtJ{fhlzSujx{<Z7S
zyxS!H^y~Gqnk8%*XWgf_-I{-c0{MsD^$0vFESWj0-U39Gg}77N+4MVpH8#=Hygibn
zy0mXTOxP3G(zt94@}(NKwVHbD5FLVf!YVGB5|2!qDRd?B$ny}Zvy__nIXgfE?=dgG
zS~*wl)yienwICa5e5fv9&VbDgAuId=V^3&HK*hu2PXCYh{pvEfLCS#y<nPzpUoAha
z?VGPG{-~Kn<a-4Nep^Ka*Hq-&$)g%$A|TgB<Zwf1gssE>M@JhnNLXo7h|MZ_vaHl;
z8v5-QC{jT79+xtjCpI;mQy}+Opx!J@GZ}`bztxO;$L;%5nR2O(L-nOloa|+nvK%#n
z=Nnr~=0;JM5)k|-E+7&wSQU<C=`)MRNtINuR3^JKnJK|h{)#*mu>y176D};96Zft(
z63=akC?o@kMBBI&HFgLT<uSL6-}e>1ZWI1ZO=um{JZhZP<rf)1sgwT43QS2qlZgwH
z7P|=1;MpkSl{g0N>Oi5_Va7oz7%jNtPhL1phlqllCR}?xk4u9=^)H0ExC-jyCi1d=
z4a@8!A&9Wz8oO3<^??|@m6>N9nL6X893J6e*6rXX(@djYa*lczsqJpjLk%BTj5bPr
zQ@h?z0=^MFpM`;!@gA>tzR$wKqL)V}Qwh6m<?FlE)>Sub=(&xk<MdZzW=mN(hTqE8
z+<Y%M4S4$mwD#4J=>@e{485dXdWW_hofSe%T<+F%NQllJRon%_1nUx8uk4;k9<iD@
z_whSt-43W~&CpgW0-!98up9pv#ZDry@ln#6{#-zt##F>=QVbYN<nL#DF`so$7BbVw
z+s76<!YZ+6Vi|Hq8ZBwYj3QK?42YSSxZbh1hPN5KyDW<xzSgD(hs6wQIm2b=5a7K$
zR0Xis?m@$EPEbDH_R?G)gngzPM3U?vS2HwYOh~n#BE?do#zg9QyeekPmx<Y9(ruKA
zJC7(%+*62ND+p;^@&-_{tr2E}8y89*Qb2|N_N#h(76)3qA`s8zkFilGZ<VV~7<f9n
zGG*k!c5{6fb@`j#`p6NoSBsp7gqOQ*|06@?%#k${dF864>UFc-gA=FE{LEgPXSftN
zE$0zG9|JkmCu&a8iIV}2AS&urVGyOWz}(`SC;E!tF=LUz>Oj6ls}hwlH8xydlX|_C
za}R@`QWTP1oF^wnj7nRb;qP5j7;bHJO6RIenJu%!DuOxiu|HUM^{D`jKypoo9~0h4
z!Id-e`o$YZ9`Tqpkw!Y_%-y)_FV{<yp&dV*BNfu;Ej7q`B$G&~lQ@3ximMSkEZhEu
zmgf?gCimEA?r}|)HFr1X9IJ2N<i$S}X7+ljh;W-Wcf+g9-zTv5IZJwR*!1y`^Unjc
z=duG|KIKsPgEeR4;6{GV{CR$w02>(k`#vJae3J5+GJ6fw0q+6&`%V6qmt-?4cP9t5
z>J9Hl_T+VBb@=4L+afm(o&?J8O=phv$mt7p_DTMA(>v3zcd2_xoYAWianyB+^3$AW
zj}r1{s_e^S>2sf|`!-GC8!(kOfszn@_YmP;2=`Vi|1`d*UkPRRQa>5;?@>mF$4g&Z
z&V;x<1b~_30%r0~nSGiA75oO5H+Q?avGoBGa`N!WnsbswI&sqEvwZBkP{RoLi*JD6
zJrTG&-gbLY;(t0({%I}s-KoKOTmJDb`wq5JzpoImJlA(N$N4-`7MM#`_)_3~`lw}`
zE&I;%Igdl|xJc<_MP88egB{b)R6s%XU5dFu!w1qbyEch}I}+XOWQPB%mJO`nirFq@
z&d9)`3d}zF5%O=})^JrNMfW@SKb3S6L!4I|rA!39|49tO1bO5X&WFr=JWcksZ}BY)
z*nuP1>QRH5kDMB9ij1k>;AO$E$u_Uz{U=OyCZw#dEpU>^OcH~=<1YVGxa|>Kl7Mde
zA-Ix28-AdZW{f1R{llXaM|STf2}j!#+9uXJ)V`MC$y)-$Hf-mM4Y?bg-;=9;ku@18
zg`;#4s^#dsKO0e>x^r~cVf;TtKMyRcpHSS|xbu)Kx196U^$X9RrJx$#RBGRsf@&SC
z7j^cQ(pi9}z1pEJI_2Zp#%Y6Jz(-{a#-;~X^DAni=>B=;YE>_T=4RVU`YA4h=UY<S
zuB9vM`r|omF0<5v5|RGB(-)8n)_!ym`PTk=fBPc+cDCGc)&{77(wd*HFAguvpStyN
zb6ah*h5+};#p{;Pob97(7i|G0OG2ElHbTFS#a~Cyzb**QNAd*NYXA7S>V6G<-=Fb)
zY}Cv%=J6b_ZhUw>DIZ*WZp|-iy&YDrP$wxMZp>T_Jx-k<ieFsal+|=Owk*}CYh$K0
z%~tDu+^^N@{A(@Pw)9f7(|OW*s@h~6nzh;Ny-t1Wii=BIdiLm9=(Iri)kb)QU?UIs
z*7K8xldI3{RG@jTn#bc2=FNFc6l0uvo5+UerlCH+8-ZQt4dLG?iXPAEJSw}L<hwVk
zctAbj*V;Aw)pOaiahbLsnv0{BiLT;G&d83Bt@hPs!M}pQ*{a-|O~R|Ns?EK6AFp+L
zi>pW9woT7X{n)%&@u=KS$A{}DNuOVMzCBb+dN(p54~t#dB?(C^sB93Y@jJu6^35&W
z%uMrin)N;!{<vkkVzT(3h<dcx39QuGY7adhn0}o<&)9t275&Q<+6;dWvBvZC(2YyH
zhT6dM6w8`)OB5)}0ljhG_O0W#e!0%StXUS=F{_a_SIaY9x=|~VyFj03S1-NUpgzNX
zKdX50N_)CsSpMOO;q}ak+5??m;<rovg{d!ySgLPkD)Dmg=XEO<&_YUo=Xs~sBbZsP
z;)_2gZQ<q!p(afm^D6A(;eE){`NQ_~CQ4rW%>$uT|AL>5f%{W^qvu6?u>`6k!r><k
zt9hXdqA_OX*WdK}2~0ulV_m`s1OyO6%n`m>NJuD>(}JEpMA9JE@18gWg!)>N91W&`
zq5v~lkJKPgKZ>`v8y``ZDM9&1eG}G7#1Wfh)e|0RLO69{NJv6#p_Oo!!`XEUgLDgD
zeh3x@m#B2qBw+&SEg3w`vt1y7OvYJ67NQEf`DK*MB=5xG#?2lD6KU%R%1x92Z&(-9
z!M-0AxmtY3q>YvB&IHXZrS$<5{-u8-OM^mHXWX^daGzoASq;Mk%8+bHd^DxQU|~;B
zG?zlw8m=)Zpd(h_DRoa8qaIGbw|XI4j99xNo<F})rupgf>TcqyxnSxbC-USvTEDg8
z#6xCD3wM9EiYK>k8GiQGy)dEVm;0%$-mc1v?lEkT?lA+QLrvRK{-2vihP2hCYpKh(
zvM6gjkC=ATT+dN3O^vRgsEe0(*5y3S&qOx|<=g!(x21ZHUdF^QXjw%J9uYsqrN)L8
z);j}1ZYMkvWn@-#=TJJ4t>8xUl=O;A%=pRbU8@w$4{#H{ZU~k)%9&ll!>TV3mJ@+V
z^$(pDJv&yqYVJQ7eA`ZuUnA7Ugg7A?FqFZZA<RO5A?#>4AH*|{?gO;M{wYE?23OA$
z^btvtz7nk9^o|O>pbeR>9R_GYHD1=u>-<+}Ggum7zQgYOG))jsf@@9q6*>7(b1nl+
zNLdPui3Hx#;m;E)tz`-9A_q<Y%eyJ&47!sZYI=*P()L`v2<Cf(sc5G(<QH!Dsv0KM
zVNvw5oS8GGJD0vTioo)O02za2t$KgUSBi7341e7e&fdoitL<7%AHUgPOID8IB;*~f
zbt8*XSNpOT&xv9i^`ANfob32eKIV4hIgIEG6C^0qs&vF6?(dMo{MxL=sqP;&Neac(
z<7z~Kl8LDs2ZbCQ>&<1db2*r^DLQ2XiB?<hiEiuaQmHbOn0E3}is;3|*B8H%m0vri
zPr6a|zuZ<B&VY&<S>GvM_&P|nnX*G6Y|QI}7BqC28D0X{gkyb#SVL71yU@ywE4v^;
zgWJF}e_IW=T<`ib`pu(X8bm=Y-|za{y&)iE>q^|>s*|b-+m+WAW*BziN`k>^N@Nkw
zqG#?BM|2JIQti6$F`(F=!)`Tg@$vf=bgf!S(Wa(b{bT+c`M=j9YBAR^QrOYR;O5!m
z0l%<qfTF{P+*Rs7MMtvkD{I03t?2mI1+3rLY|MZqtLWw`VJ1eLX9RJkz+|jEq|(&l
zPv$^dv-{@r7`>-R3b+-)ye?L+Q8^mAA2r8RGfD~4nC@j`URRNmqdy$gp|7U0g)2`;
zA%ALex~#9a-uS_3mpph8aXKIt&vo}oA5=e>je{f5IE8+E8jS;9DGZ^}j%O#fCZg*5
z@2us|i>E_8XpT==>Q%6?^6h@?Un;Ey9n`$=df9%GoSb;*Qz>jt!WPw!dGTxcn2E5Q
zkFwRQ_44(XPI8ay2_E<nGMJqEkxqn|q6_uu$wnXIpFQyn`N>8W&+dEMuD}>a7T|3b
zKpP!UH4YnEBN)JW@9nC3myw+G#CCE+xpZ5>9&K?^USphs(6Jd9Cz6WhJOs+7B5Yt^
z$8AKAuvtSPn@wd%!G?>(f7@h(2^y$;wP4`nbRofMjZ&S0lIN1U*9~E;Md)3+zJPiE
zgm+#!uza&DQIe5ddoELw1wborrGAu5(&Y!*WJG`X+jve5Gj-LWUU<xdgdUv;O_;D5
zt7ux`mJrS;+wP@{J&jDM%wTc2RL{^=(it{5racoxqUsq+kZHDGIHt(kYVlnh(BRfm
zof*LP?e(%OSdZb<8ba1vJWn~2^HOq-f)H5tuATpurm4l5S~vT8MjZ1Mqa|L&r8tFj
zrqC(fElE3E^g;j8yavlgn^oXcO6n@eCGOQg?1r$T|0W>dZG1Jt_@o^U`q;~4WLm&R
zp_RK436ovGUYuA?Qv;2KlM`#mC1J3;S3=Q40(<Z)FTf=G|4YJmlhRYCP&jUB0kZJi
z4&Meev>2ZJa=TFqiV%0ZzW#UluouksgZn=a{JQ7epr^ffivduJQ<N`DAv)6ethZ|@
zao1z{57;~+1K2z20e<&Ky@uaAdV~+hVnhosQ*w@|+4b|-Fmi@e3%ZjjaqivAUkoY;
zeIZCrAw-CStCL^Ig_dX6jT)vWWf6TVQ3E5tuq1@+QyitC7zXHuf|9Kfq5vnDDY%}F
zF%3+RU2482RL-mk+eKfwSbf*x%{{t{sw;UCZE_;$XqlEHy;KnX|I(ZbC>|l5m;rXU
zN7{f3@^HIGv~|V(EJ(b~kToOF>hG2A$JRkI12Yh>GT#7mCi|S!Ro=gJTsH{{95PYY
z;BuTs9j!Tcv$`a<Q63#k|J0rwxw}ge<}`!sD&BVo{bWSJTyeDv2iiu~QNYihRp%V|
zKQn?7YmkzxQxr}13{(X~BpXjq^{ISx3Svf4wRrZ|2497uK-}n~F_Y=#6^*>}c^MQ5
zFsb5TlgGd(4?vC_0#@(=A0Z!;@BA^wfHQ~YQe!`o=(iPGxdf#0^`G7OH4k1*Vs=p1
zQo&OMIOOM~&6>($$C~u;p3e@hhB@c=+j*R#YnfwbDfUmuT9zyw963-4DM@FhMg}Gh
zc7o?POwm3(54H~PY*0c=R2;02H|R{aGG8q*N6R8&WSXc5<d}w^3SU|O?9YnkWa}zq
zXS9r@X;Re6cDl1*?~jv>#z{ruCLuAJ-4XZn8EpzMBTRQoGorp6jf{Fp#XdCN`WA~7
zFf58Hj}wfUPQ23p84NFuSxuZI{EQe*W%!m3ZKuruYoVH*Y)V-iY^RnPm65`wBzN&n
z{#%kp{4GUeXcpy`$Tuqm28iC6fW+uK6^Coz@02mA*{~5vy>pRS#R#BS8N7Gw$5`)^
zWEa1Z(1tjK$5J-R;w4<(iC_%F-~GZ79fg*PMcij3;USO|#)}VrC8Qnux<zd#nw9YO
zj_V-5Jip^zAs8c7{*1*cOA0Z*pK~kANOti}TYu=BqAP^0_6^gNt$TxJV1*^&xW->b
zzL>{Pfvd04oPEg=_*tHKtdaZMQw}`g(gkiqqBPr9fc_+Z>v^SuHhlV^H6GEY!;?_k
z?B*k;%${Z``$QX?4)VJ#{`jmZVY^VKaVWVM;m@Hv8}Z0j@Rl9&tJXf>`re?dHfi|#
zVz6O@#srp+U@7L*aGX`K1)<-4j8!Zwc`?zn+=r-22c}C|F&%`VMh?$T9eA1`gr+2O
z7Ckrc=<kQe7x~)Wzo|M$!~&d+;O0|oBRrtq3{ZmU%`Oq+2@<bxhm)k<p;-TSu%T8-
z*_zAk#9pzN2E?4(D3qtI>s{W1*seySmVY9o8yC+1Er99&L>k7nUd24gfbg5d!NO{j
zbG4vlHiJhl@_>~(z^|^;3Ll2yP$MojnxBFjM^z{TE8FEm&WziJ;nf<_$fsP9zOxpF
zp=f`jWz9CSxjOS9)>4o*Mb$Nkb+b3va-WkpdcVA-iJPBeyOHHX%mRf`vRUWn&JTT5
zGRYEZ#WRW}+(4;eZp0p1>o`M=B}Isfo$z{7$(JpWyq=-kD3f*?m7913k+}UKqH`VW
zN5#2BoSkG=B6H*fGp_9W>zzf`f9{G%`Y+OW6SdL?)yl-)$J1*)N`AB_i(g5Xy_CL3
z&T!dkm=f%zm~-n68761OtjVZLSLN?^ms{QFfqJx0%!N7Nw8Wa3YP#4<zbn~m9KmM{
zHvmW4Gz`wY1>6@w%Tu~?le9)#u}f6M{fpCjTec-#%10J%)ACHW5UUf$^#2oM@c(~f
z3;~qcT!0uu-@pphH`3?qPjdg4xA_@sL9&o&><89rmU#<Df;_|9{-Fn>JjSTYcp4?P
zk?9dES}wJIzO`WhiSENgNkpB^eaXawZszB70u7*YR#kK;6WdsgYZgjCq&o6s-*Vp=
ze5!n*o~YwEwRiH`cj9NIqVX5;Cz&z18`Q)(5(+=&v1}tgi_La(eIe55Yvd5q+q+D)
zEm~4Pb^eXKfnD_-tyetmDei#X*&!n?v{Z~({$vZ`)C{R6x~X^`g!rouUA;bojcoQ!
zyHn=Ua`>OO51HX>dLPKoYriY4QsHRE4n7w-=E?B#Rt)4F+anvZ{T}%NgoVSs?krAv
zvUiaE9AIp-Tc~L?R<8S5M9al~;z^YA7${N;C@(NBSx&Y)_h|Y`E^>?l^Z9}36O@68
zy;s<y#2ClkIF}yJ5z=@{6k6yQnvB!==XnUw>V|L;xv06#NVeGy5z5AQ?Dtlu@4d$L
zuFqCf`GZ_^G$mP?{8=P@pevuvKikc{Kdx^_oASUun;o{kmpvc8zJEI}AA7GZy^das
zy7UL`NPnP3zcDbZlk0vTH$_<PWeH@FiR;IQNW37J=T|a%Ob<xK&D&eJ<qvv<7NztG
z-s}{*dKc1f-_E4e-imjesp4F%6>|<38=0eK#Ud+;``S8`$*EYzktze^tWvLg9k3D4
zlfQS!$@*kfn5K${h?z&|Ch4nx*>wzN_8`Zi1x+vDW&{sVr{<_r86E85cW?cP1kLQl
z`i*=7Dq=3cs=K!vsAzO{;+kSHOier*z^HT%OZeL+i6n66M#COf_)-l27m{ZXOVnwC
zIW4e?y&>Y-a6`DyZ<88P>^pW}>yaMmw?{IFr*aibiL-Oy$!bkp1qypKX6-Bls)gm?
z>brFh<m4zbBKQY8Yq_XL)~qOu3%JMa`GmW`G^`xdef!(I(!yK#@5N3Lmk=kcaDNoP
zCd$XN)ak}kq${MrNM)b&QVq(ti*@o_iXx@qyE^PqT|!#7Z{}*|$cq9BW(rY(RXA}K
z!hg&MSaU3+sVs%>^Fhg(na95|Hfd&&ustlfW-1!2A!1{=Y)xMXwVSlFyD$S>XfAh&
z4JHY)EZBeu$QZA*ElcXXxZ1k(ZTZfAxx;Ty?BOqYqg~a<X{#+ZaVOWbAHLA<f$q=k
zDzsh#qB}wB*;T8;>WzxpBmT{2-YdU_f;tp5!xPe=V{K6|bo}NJ2sa}x)-HBZ#EZsd
z?hY}KO=4>M#@XSl1o#!T<$x@!xD~q?@}EcN%UN(0W7y{EMnhpXqw=uR;j40|PnX)$
zpr+M~$L^617$MTH-h@lo=jsqBy9tR-q3~i{I)$Nqc6l9~RZD_^X-Fz*L;rwqtn&65
zNe=KBsgQP-%*4Y5uY~;rVQG-I31w;~g3a$-H(19dbnu#asPakchWD>my1f|7f`#s5
zfY9^U*K2b5+i^)RO^<6u;RKkA=y|lkB??gmWR#v2QYgcixRdpxhd~jhiJ-GM!woZ`
zCal!!*+%?=IBA%`h(3bf@vS+6UoC`RDCRtU%e%>~xeNO%Yv7~m-kdD#MNEI*83$YA
zGT!&}o<dqI-nWj(oF3?BhUH5e*c$d&fVL<*>sm$w02?C#{xwY*pkG$pYaI;rsF&bw
zCaGO{p)T@fj};p-qTE&uBCg?gn8&`8q@_Cv*pM7y2-0f8Ti&ja0kaJdm@jKQtw4SU
zZ6RCAAw-2)p``)O5x=rNF=f$4_-K!@l=k|i2`EH?5!HYM<s9v{kVPRSIU5Ia5Of9n
z%PRaC2U?Q7GHa)59ywXMZnYNkT0~08^-1T<zXYuz3Zczejy~S-(vpy|QBke-=!W0o
zXK2|ay$4FlcmFo~oGjBC_ky0BUd%=H+Jb3<=PluBhV<cS&LsTB)6|96glF8)w!E5%
zSN(}Khc;mcK$GxSHtH>gsOpSE2>=aXpeg_wP2K;XY3wv8>Hy2dk!aHvrDx5}{0|yk
z0sdSqg?{A=?%YlWUi9nB;4ZNSPsDXBC3sYY`~^QtXZGp<mLi2aJ(5nXIQ&+T=sqH6
z)xl!kToj<ZM#6sG?qwrUT%u`^wp)zdEsz!DzGW0{A8>3Q>H>j!an)0}t-mVCaEg`0
zz@#dorOeF{>Y2BEAxYm9qP&g;nk-<7G^FRAXUXS{z`+>|2?`;Dfg1*utdBM)_fAzW
zHjv>^yNLuof~-1(bO9P`Y2qc2&c7(`I+3)gxRkMg9Dwg}f`GWt+}&tDnAEPXGYKqe
zQkH;gn9m&Z*&($K6qVKr4RvkKktn8E;ORZ9T;G`TGs)47WBjeTbq%?Ry2yyM*9x<@
zvFYBAb2PZQjgKjc!IlrxU1BwVmeXC_X_tRrD1>URst;9@O6sFG%{Gf|K$+#(TG7bN
zFkj#`xt@(PU$8%3vKy>mx1PxutT}kMi!HMnuVF{&3@JVz7_Y^E!F44VuU!BNpwgKc
z*ZAA%VKkL;V&IlC@2Rc?nA7pq#4;Aj0vM5}ZHHq|h)4C|(!WBtQPU+xAp{#Z>94VL
zpoZ5BL3&(!Ld*O&U?lXP6v=Ub;qW>^1UGqbuv;~SZFog|0%eCnpP*Ubqmp#~Yq6qX
z3^6#KDVJ|WEJmu)Mri@!J6;-l+fPDq?@0;B(GIhXCMQJiay&Zv3F!%h88md4kuLnr
zgE_`vwiM9$cKF&Xfl~5v@Nj|79s96?any!tr>G;iPhCG?<~SpD&>Pr+T=@L7g>(+(
zVrp*FzokT0aWX;4DPZm;-N9~nCh3TrT>p)ETx3bLifhSofpTr^Z>_Qe>whxPtiG0p
zCJ>zHN&V3Tbi9q2rX`rNpwk6z@^FD|Nw)ibI$cB=e)l0m^9p`G@?i>2cmQ6P54ZjI
zW|3RHPbTnlXTcEdHp%!~fc7|#qFKy}cVKU7O+D~E&Z%7g^Qd=~J2vNFt!i&=PghaK
zh8H{bp9cI`ERl~Y-mj%=3sNrEPTdMR_OS*hyv-8Qv4++8rd5Aq#uie2kcHTTar(jp
z?1fp4LmY?}Lc#@pX~E_=M^P``@Mmy0{I8g420{w7_{3VnQvv2cd^JA6syQ$s5Aa9g
zPXH)^1=e-;E&zLSrW-nn)v6VocSk&r3*`i4Y2Uaq5fl=e5J?OcTI)Gs7R~~t6QD9F
zf>};J{0nvO4;Btq>HfP#Rxwl*TlyFn>yP*}2c!nDg6$;G1*rRBt_ABbTzD$5-ll&9
zYL4tkj2)I7TlEE=Ko~b-#u^SXswQbQ>EBR2xcE*(ZTEEa4~&C=F}!5*5F&Sd+(UXx
zqX4Esq2LGg;IPqcWP=iZL2N^(S04ml`urdtAU!dFIFWV<d(#ZF(WAd8Yw4_{K$es4
z-%2yzf}{1$2gOc4e?w{TsfEISiuZCA;r%^KXSm(EsAT<J><jEdY3I;>DZ*OXZ-l%2
zz1ih;+X3n(qDT$2Y>it|ot6P9q<1G^ACqCad@D7m<zre*q<;*=o}Pj)RQUP0IdpMq
zpT>fndU;+(iftuJF<VQnpQNMH<JX>-kDrt-d<>t8^Biyy+~qygid`r!g;8a*LRWd9
z%LsPSTIUN%0UHuk0UOB0bugCZ8%#D}%kphXDJ94Gt_YT0&WHKWIG)cqf>(6fSLF4V
zT;f|Ku`I^x|B+GyK+5$oXpLuwSkpSpDO*nm^iEfO$`#0=R;Z5%=Bs*`$!Pu=uZZ+#
zhf6^Mqt6kejdF!hUhi;Bi{Lwg0sLxc5wCsogdetqKuSPq8H{?3CaE=dLniPhf+#Jr
zKUZ3`A?vU+uOaCWO+js)dlIAv2Ua#;=Lk&u%=z$sc9DVesUNBK%f8Sr$P{;?Kgf-u
z;MLhgmriGDBMlT&0C9Wj-d2e@N_Dimq%ox07{vffd}Ix4wNsp>9<r#alDLLG23cI>
zAqvuMq(%n>I5I;A>mEE_Ozu#c7*ywlO*dHNH6v~oMXt|kIDfOa*DRBa3Ulvuk-pN~
z&W<xtXB_rIe{v()I>Yj8h57>HE)#rs*Wq!+n!{pMvZjhUU0c4N-;&r6kfWcKBL0Ad
zeQ82Kh)a|w2-Bm#m=W>#j<o;B5E({%@JLSHy3mia-d0K!-oqU8&vg0^dNbI{#wZ`*
zR1xP$7IcYjjp*ug(YAiNHXKRhI6Xwi2vHjruYQz}`{w%ZxV&j2`|ivUB7nc5hsbCx
z!fn7R4gxl*_@7bj&W9L50IT|>3D>xbAcKXl|LPFMHEYc^4j^Y}GvSWCeWC#u*91J|
z1q)uk{BBS|f=tZT&tV#0XbZrjQ*X*Nqh}8z>;bH4d`-XE@Rn)qL_ZrF$$~vPysU9F
zQ=sIUnS;@yS7ie6uyFwUR(kZuuxMDh0(;E)P@&)=qEZ#5;FC}P!JG0xz^51v0SZ9*
zHtbBSH!_c{WPR)Ib_G=(Y`et+{ix`%97P;0?#xBAZ9GE(rH!F>9UcL<9j*wL4pa(s
zd5-Z?LZ|>F940;ibvG1G^h)liXrJMjp#j=`gW(&xoDn;wvi|X~iBKm#Yyv&5(7o^C
zxA|tJUwGv}0b*dN3;{y*E4pk5Y7%sYOSU6~r@n1mRgf1X0H}jlc`Ut<^_z@4GkuvU
z&6vu7r@XRC13r*9)C0)T4lD=ZOo;-xGN=_c6z(7W5+kd@&ky$l44f~z%clTw$0%gT
z9wiKnL*a2r$8Y_%g8WPis_~*8UUk-hrH<Tp8aea)KIgHwGBz~4ykTq@-_#4Pf50SR
zgHBZ516g=5`oJ)VH<eoF6G=jQlvP4||B*1ne8a{D3`U`C3P3_dcZ3iC2^C-eBVqn+
z^v46a!7Z2G7KuE|(C&XEw0}Mr+AV`-di{eCR0j)jGbns4Y;GeG0zWbb7ZmotYZyGB
zU>tVy-!T>9#zXHkyzU?hP~q*rxZN7x)gNb?MpaOoHQ7#CDz#@c1I-*&3G5lW3(8h^
zn(_V0EYB_`3i+v~0NFEI3De&yUn+^gf)NfRYXXvB-VLUA&Bv^C0TDPk-X%Q1?m^{*
zLG&-$YbNfLUhSHTFFy6-VQT+H@{a~heuR(<?3a(?x$#%6D8YYOmOkXx&t-HWa9NR{
zc53;r4|3;N%2aq{+iU9MW<w~9Xg1^U|MZJM$sDpN#Qoo9iLl%T(NH*RnW66{2I+^2
z!#3*hBgX_k{<{F%=MR?j+=0g$`0_73)mh5{)NoS-c=N5KfY6R16RGIm2M&IA4&^nw
zwtCLgcH#2xHglFSv9gaIFQ>ofK7FUoV!hD=8~@-|Gd%}fKm*HO?rwj9F>G|LfCSj^
znBXLoi<Ewg%Bhm~Hexln@8TMP*h5Afar%yxdq1E22#(q_%UMI~G5D%h^aZo6=DnBG
z2A}Vvalho<PbsqYAH+DT=Z_XoA>R`M6Z?(c&7a&z>EenaAUrT5c^sUc_>Vu7pK*)l
z8Xsnjjt^<qrh2}cV7;ALVtIg_RT&*-v>M?Kj4#;)m{$DHAO?JH@!rtf9*Ah(Ar5zF
zZ{AqMw(zCtSNBnpRi@;x*H`zFY@m4cNp9iZRwz~;&;%Bv!0RKfx9;bOY~K>E2ubdf
zU!G`)P2VUD_qw5>nG0h$V`(mJGDI;fv|#C+s;UrV`oYwsa9Hhhy<8<UcbK%#W^hk(
zpjF-Sz;+@7{<g5mn&Lgof$qN~dTqq9EDwlP1A)GrBpQSEO&O5}uGu!z{!JnJ>G*2k
z4_!-B=M2OpRyGlNUin<d|2buq2qgu!%7_{oy5|O|j}@)_SFOkVC*k~b3uVBy-~z8=
zHo=lpDOTk~(&c~O?64|wHy`^8e<teBBMIHLK&oSleO23e4ty<0{arSC%IP@6s-4C+
zN=U=1R~Nfhkq^i`#=5{X@TUT_#lw+1BZOC3l6!#0I}^b))g8w@b>mxrdYq59d|z0D
z{-&hs9VxeALaV9o1L$$V2vP0Ypa)b$zZo39GirbY5+*}HK?f-uT5p4GY^?+yV*;nz
zC(?$hPlEL)=Sy4fdt#_ayLOcWZHtl=&S7!JqZkLtXfnQl3XgdplOt$~PfigWLVgos
z5USpuHQ2)#*0Y?Pw}Vf?(F3?5%-PA$o=-5=&o<;9)8O8^FPMS16)1moJRTsz5fRyG
zjj!399?j%+13!%~C?bi*ab`LQbiH+)Mmpjddz%gq?20+us()wMy>Wf8xxiz(%|cAG
zV-V1Bon=%X>(9B%Jvqe<g%EW9Lr0Evf0C;JH||c<uuG<Ri#>+l{tPjBt6P<cu;<$7
z7{2+@ASU|@(ImHMBTDJ2W$-UI1-u_OMUL?zH$@K#1^)JC|Hk(j)7fNXx-;4nt?}Y|
zD__<?v9c|<X~+Kz1MEnOp49Cg2wBgCZzpV~&ctwB^~RtDO<3J2tY?t^Q%e*q-I;+?
zmw*LM3T$Ps&xM}r8$ikuUxYkOWR31;dd-==H0iDRM$BmG@2es2@O#uiY1aO=G=%(M
zY6K)`rTvXD^4w4&r}iW)m&84YJnnV3v)y)ZdjFUh`rK9(gbdXC?}U>UYyuP@>zZ{i
zo+OTkpgM~=GLbt`_cmI=fESI7y9?5C{;eO*K?^}SGjweKf7vuCg2l)Vfs&(;=BR~=
z`Ff{nx2?1Nrdjf0$m;I$r#-+a_q)4Ta&R#;tZb!p_7)Yv{7~_c9>4_&c=ALCCAP>;
zM!&`9bE7k2ATpW3C2U*spzT~EeL}h&BBKPM)ax5bK=8ZCQSqw^G`7oGV7ieH4!k8V
zV-46<lkJoizXN5Mgn~SUi9uiVV{fAFJynTj(k7*dkdJCBUIQ$vhGk9r0FQxSqJ5Pz
zUGW8W?7u~{+5Mr@Pcwj9XUtz^ZLh)TwSt(l=DSt@IK{llq28I1c=H9#gu^s01kBfy
zY2(Eg_z4cyN*;fj;AUd*gB46g5X*)z=QC_d<#crE?*=te_m*m$elbFO!}QVI$#S9-
zXURL*Nm`127V5QpN+H|hc%!!~+_v}C>M2|(qwc>4_7mdD<f^CN>poQZ=ii-0xnr6@
zj!lCQGcb<PdU-Ab7X=E|`spv>aiZi5gb*rC#i7+RP)htU_Y~-P=P7ynr7An~-%C2F
z8!CU(#bmqVIf%1YW)y7O|A^+~?^iet%_tbPL)(2C9(*{5W}QcdW>KB1b8MLmfpHkO
zOGS*0J30-?*|s~Jjl*+Vo&BT5wQU69o=SJDj8IFnbXAsL0WiI?2S{0-ej-_UN{-u#
z<47mK{G!F?3E1-tP}~h_^gZpGttE^2P_Z4=e6YMP@dTj!cr2*8ofR0fGWB;Q3#=Ry
z`#|xK7cf`~HtsG2{~!-Q3|;<}2^oVJT$X^m&s>QnVJ~SQ4Uns)BHd_|+ht7~2@Szq
z`tKs#5_4uE5i*d;QSom=`%h|gG*OZ-H@Ogj1G>-f-Ts_-iL(V|x(wkN&$LL&$r=l?
zH=++k8EnT7Mbau!^AUHrXcz#IxemzJcP3Ar`iqR*=K)TSMM9s$7b<{~A;RTm>*@}B
zFO+2hW2O#f_^DmOa@(srQt(t@j_5EAQYm1c^q*4=85Ugi&(IXCp@`=4eo;}nlcc)W
ztY5S`JbvtUh=Xp2zgEn>7D5Z^LqcKYBF9&S2@?83wY<qm2mRs=2Pd+>r}e?%kUIj1
zIhlA#K}Gr<kvbgs!<_UdGwETUsPYW%Dzs+lVfPu^=nhjuwi=N>DB9?%jWnU`#0+Vl
zom0Vo)O@k0gaI}}8>8{+H>a_tWCRjm)ux1PHSN#F>0tq@X4On*B1)6W%)E?J1Ke^+
z5n3HmYwGR=OcCmt7*UX$g|%XB<StilbgDwAhZMDW>udHP%vb96wtOv?iFtk};uZdc
zX{_g7gspu19()j=5&#LkpVmT>1ZM-E^%))Jfe6VfKlyXRIF1$0DTXkHco$48)`UG=
zo~9I!)n84sKu336CH;mO`%h#yZ#$gDHyCVjp&*u6nm^e?Pt2!GA`sZ08w56;M7q3W
zXDA|p_)$nNoQo8s)Quo@+%LblKWIY3S@vm94Gsa{Pl&*)63=19z{>vl^b}4tXNkbL
zGD;j`D#$6(U)@(k);{@VlR|#7<o@?DRM~MEhcsO{C>rnz>kwEFTpc#+ohEPi;+t_i
zADrTc9}+3W2#ya~z?wKB2AR0IBqid?Rs!NHgZp7#SN1P=YOX^@MlQSC#l5(`V*&4i
z1b1e0+Xx~py>R!Dj(JrH(fyLC=Hh3NPJ=WcZkpC`v9aJCvii0ugKT9taO{3jNeF(P
zEn#1=nEZ@TKkhIl>QlHodup#OXB5kjKy6W`54}x;R5l$AJxy@7mtL7<ALr0|?oWO|
z6PEAhYqvjmj*kSgB6^)vjl!vT33uwgiD3dChp!tuZaT{HY;Rlr>c?vMbz2~nuVgrM
z*Q-tGy&bkr3Qr_$&xb3ygb!R34&4hU&B%6$JYT?9LLDUs85%tIyXpcxC8XW7p}KoZ
znmp&UT0Dj2`s<4cHbdRmG7{4D!l_x>JdQG9G7`3D8ZtL}MJ1$sqK(lBMY$Gn<>s7@
zCiKqqq?@ozj%<n1crjb!4S)s|xUA0*7ptvLtlFG7%>O3K>=+k27s3f=MXLL{hfqK1
z2>w=xahFeBA=<MPYydUq5$4x(U+;2aG3|6jh&#x-Y?53rMAX()ib{Z1W5REOkcJwa
zMzh41pYqq|3d;`g$Qstq)rUv0hwByj6Pt`8{+5Mz(lJ?)4f59>1w$0Oq=kbS2yBxS
z&93pEBJge_znu(^KseHc)+tY=TIeA*qAf+l^3c(|>(}cI)ePDbF$HE7Z)w=dh#YlS
zevTsA_)56g2+{vL8&9L?WQaWODh_;mEmhvmd}tVqsUi4R{FNw(G7`$tmk&0a%^r!E
z#A6f``t7NoTeRm67d_jM!xPq%T>PNbVGfhTO0<lY@(#(F*IxGr`R32K0<Gxx5!Uy^
z@a@AAi~wIK;r7SC_Q@I3=V&CB?|**%b-gttYv5Mdb^_qnL-UMZ0e(HS58&6u;RLSq
z{IJ3L5};Z+8%baP^Xu);AV{A@WMDs361S_-yKYy#^3{l;GYb$)^<hO3Hta6O(Jkw9
zaOZ?0k8F7`y^@MQRKDJb4d01^KHIRbVkpC+Ub|lcBdoypFLIT_^M!(+r1n=U2?d~8
zc!z3iLu#hn9~Qwb=(8Bh1UgngEgGlSu$*QI-Grdecu<AZDT;2wH<DETD1Qxc;V>0n
zfjp7I%?w)l897FASVi;6e+nQRh?{Ir#q4aK^rL{&+y%c9t!%~YtKsaOK`!=tkB}X(
zwqW*m;F}YUVpXA{1}x$8`<7TR-A6HY?3i2GqvYA7Wt|~F^@s|<o;iJPLXafyeV_xJ
z3vf|cLX@Q4?nXZ4FbKJ5E9xqtbmbdXtf<|m7@XKgl3=~`qDl0UOiU8khW<{{-N0=w
zo5_!cFCr)%od#bx3dRL->M7bHIpdD?oDMd9zh-@`j&C4(e~p=cTYmgX;R4@dykM%N
z<N8pHSA7RD1b+|{9i$0{c{qwG<l@LobyA_apF|I<ew&2hHv?^D%7f!TPQD<!OCC*O
z7BD|~X1uv6Yw;_A9!KXNZr~u*IN+i=^zsE%CTVo~5;)2Gk{y(Bo&>vn)nEAVIL$6Z
z9%ujOVoyv!0WNk{3VIY^texa-X8|sDhWkHb&30k}<e1uUibsy4AKR$y+=$VcT5u)N
zbQ*1aIyJOoI7i*F`H%5!XBOMp(QCHzlKa}FL2fO?*Y89s2PO1SVOV?bXw4>(efCU#
zuHO>1#0+i+wMC}BBD&C;!|AI*iH;C+>On8>;UeY6yJ!D&z>OjLCZ(*cC7yslcpXwx
z@kf3C+1MeD6CwoS#z}Fv|7k-K+t3HABWD9RYhoU0tylk}$W6aNDUQZv3~E;}H}BO0
z{w0a>wzTFqt+oy+wD&!OmnmGuwZz}I%|wVgA;DfG#^f^yXML;I6I1vcD9KL#&Wh=`
zrzrK^55zs<ntskSn!6gXbNX0l4UMjDN*;x4*rfwx3@77zJ*<_N!!(p-x2&@?#e??#
zURrBR`8le)`LB83(r4fg1jn<&_S{>K=CYBjJWDc+H1q;T2%w)&q#%|p;~9+jL>mNy
zNL1ZuZl7r!WXnR}Tcq_JouCp@zY{3sFxjtBDPObjI}^!#eVDCfBcc&31zBU+f%J;>
zV81~e5izn<?D@x)@bqv4)8O>{-zlKLrsF*rGc5B^J5!nQ6JyJZmERk&Wca*nQjzq&
zFtS!OFoxCkpjR+qt!RxL!o2=$5g1TrPKhX^QvpTXyW?$^nIZN?k1}KZ*#tUIVs+}h
zANpP&bzd{U3Ij(5<jAfYAP?*IRkEgxqBWm1@xaYmuH=9?J#iIYqvP2)aTUAsC6fXA
zQXOYKcmzbvAsQ&8-OIj-x<&E}Y}d%Y!RymJ-EShq1h<iQl~m-c9P=ku8W>Hr?7+Z(
zFl-pIqDuAaGR9M!-49@lK*3cM{`S4v9!^NM>`1j9zAnZVDj7L(*2+JBgxc#zC!z~v
zPW{x7YTt+a?Pnfn+4kO}(G*Wz4y=7}uQ$LDH|{kGt-A^Q4r8=HMkxeo!<D{lP7Y?o
zn%v%O#y)VMwIham%q}XO*0qzhB3=GBaW-9_139HzxeNo|!f>1B-v`#f1-VKao&rS{
zIdETF|AH+L%nyrHB_Q%;KO1NbMA&$m@N%J9P7eZ<md3CxbH`1jLqB!~C^HPa<p!xV
zk`MaOdH0z_;DjooHXA2XPSV0yzz<Ue+53j3Ex-`<sz2p(xJN?g{Zz$u2GTjkk1Nkd
z?Sn?3cC-NF=IMQMv+of)#V~2;H9@sBy4vy8fu~}h5DawXXlf{(iHBeqPajBu-FME`
z$l&M3a}|ORH9x#35V^p#mGx9$XCX_Q4>Bg<6aZ&%_56LRiW3uFkHyXNth3Nyc}dgz
zZgQ&OqJ6qXa;z>khLQZmcB;`yUP#9-G3MwzT|z1`wld$KE-{923GYh>WF0W<YXW4g
z*{Vkbq$UH@@9idj476qmwDx2GB(aswRqw!1f0u^=2}_$hjn&EWW<D}tDFBDy%7=xv
zXTa};^U~BiQ!bBnp|#e`uZ4vAJnSHxl*izr>Rp~ayl;$B68P=T*WS<i!)JqPt>v}j
z>R(~^Yj1NM<`iVE7BUYC7?BHoE_xt2zN=^L*VfjuiiDSGi+}90PcQ<a(&`HFJ}?og
zZhNE>z-vfgm&Vop*u@@%i`pk>`oER<b7ctadf7kD<PF3jGqgj@SIyiN(!Rnt=fa+D
z6dU%{=d*4;gwEDdH4VbV3H2Z$U;C~=X^$(SZL&qcq)D+>qL|E3Y|Tvlp(9ubEZ|Fl
zE1#_s5VZkqE_@v=&c{1SQa^HR0QnIk^g8({`RVJa(zo3leg3&oHfUMWrcE%B`nENm
zle;=xNm{;JyS~1x=AkANMzM-igr1LW&C2iz{{VYgc$T`(2K5Ic|Gk4;lm11TA_c??
z$pwVq%SCwD@}Nys401w*TR3>xzXqFgJ{}$h91tPzpaotXR`JUZqZ-!}YfuZWW7v%W
zCllUO(%>h4y399B73zxU*%G_Za2a+L5(A|D+J#Vun?`m5rrz4Czp+O)#?Q{!U|mno
zV4dw)9ek>^xd*%6nxF4?o0h*RxCX|8lE0}{`dU?x=>s8AE9|eV#emJ|9Qvsh_3)gl
zx&GN|6%%mR*1|gts*jtsQ&+5ciJNsJz+->PXk*EDyld0fzgG;*h-MCRW5NYJzKu$a
zl_bTV@Hd?=4S<&#9<n$evSNF_->%2vZni&tOs(qOtjT7XaT1L;gL;gMrlKmY(`rGj
zR^eg6p*$@oXrDD;oq?%7&DP98WwBCKGc!<*JfcUfiRiA`vx=IQ?u4ZL4P6(?;6sRu
zKy=X2_tCI}l;{sZ;uSKPn5z<~)U)s9qpg(vifMpV(BIMErtyxEjv==m41~ZbCGsFa
z$FEE2C!x9z3O)%On1PYG!W3C=7Y5-(`ozu55_eepU~&WkCvS5M;VAx&bCU&CK~ztH
zxaYql@ss{R)d;z8gbE=V@*fn!<HGQ#p<So!aEPA{9HBW$cqt#8c4VWsx<oHE)ecU*
zGCzO)z!jM?D>Il2cvD?yq_(kxpwChWTCTyc&<scwb4IgR$Dw$}k)2|RL)Z+7l{>4q
z5g$u6y`U8xLomxX78`wQDKN&g$GblQ_p<*rw^nSev+q1o7H|0t-ER!34I1}{n}R<L
zOa!i-f4!;?%&MwoBWdKz)GSuG-v}-eq9+bjF9`h}q{zKO+SL{EmVJ0!t&VAMMNd~V
z@DCE)z13EyZ`j$mal$~xfos>V9UkXLn~>K}WJQLh--9dCK8hs@{_%%Q*XT@F&@_iZ
z<?&8)F=aAa;^c3pOoQhUFdkRD{cF(22BEYG{dtMawn5CP4yw-0xB1{05d9#`i_}mm
z8gxKT1~$;`5}^c7*nxs7C~-oW1wA~{S}~`l?3RhHJbOgLF0A$=d=<hnq%8TQB*hmV
z=T3;rPWZ$1G{NFN)xw=HY$buV1KFbdoTXazOi1JTF;*fm*~&W(LW1$l{_wA$Xi$nz
zu<gS%S#J8#i{2+7<meRYn_wjPCY6JbxS$DUCqT0R_=Sr9gI_dLVQ#SogXlLf2>^bg
zMF9NgM2p!l&#uJM%AR&v$R(!h?=Z+EL)hWJ6M#MbJ*(|U_Pwz=2Q4&>B#)ZPt9!#_
z#O48&I=8c@Cw6cmOKbQb1T_A07ISyug)W^nGC)aZ*OW}8{hWVrwOs@4GndDf|9<Dx
z(8NBpfP_h*wA@P$sV<AR)%cRHGxaC`bPv%PjtU4&*)3=lu8eo$DYjW1!n1*{9$%wg
zpoexfjW1jioEVL4)+yIeOGF4275sfddo4nvjR_xH|C<rWnrcXN0y3+RIH`a(C93T7
zVLk}!3#JFSOt9Z2ltA20A|qOMn&$P+5|^cx1)Ll`R5XNm0mDczEMxLwZ<Hy2Jp$Cp
zz*iN{LV7c6!2ftD%DD<0Ld8H386O;?IW(e&U!;&4=FW9bK-tqa>n`s<Z0_=kuwUnt
z0)DFL)l``-mGijmVZ3`G#Qw7dT8_`z19?R?z<!F6Df!<?;9FSE-q@ECav350gdr^&
zLPhcX_%L6|%LkloiIa-)0zqXtP~g?7(@M3j5Ys|stfpkn$S;y1TlR6P&Y<WYs2HQh
zvY{xi@+N;p+s0t1R7kg1xo<x$rlCVk?n^ia*Cd4-{khqVR(|C~A(F+<`v-iaHx4Nw
z{OR7TY2}8;LxQ#WMrD%H&EtKpFhQgP(r0V^Wirr@K2Pn>(17d_ydW|T70<FGG{$Di
zUhF+i#|2YF&)1%ajF9my3STcE`6c1C{1l=hl<V6~+!eZ|^!IWsU9Rz*IkLDO0Wmwf
z=^MRO7+jtWmWF#$#W9W}6czs{1Xa%1S2g>80F5|SE&u>3ud*u&095`zKzZcZwB5ED
z(k-ONY*=NR>9qBUWu19JDR>wR3S9<7+w#%$UiUM>G4YUcPYC{c>pVM)$sFdg8aa2f
zha<zdKJA}lTyj++Ot!{KO1{^|`y=@vKT@rd`C_WK5!%)5=x_UUw|DBY_$Srg4mkBg
zMP?^*T={@$7@q_|?k&}=9lS=-K3k~!TzObB2M7mF#1-5)5>|?gl!I5ZxC2$;^((8O
zJ6ftk>ensA-(AO&xJL_W6!B^Jj#GcWA*x<seg=MBNAhL5sexKn1kJ0c)Z?S0N#h!<
z+oU01IfTrS_cm=Zs7qFf;s@W-D8Y6bSdv!I=X<696=&n0p!l|q(UHb|ud7VFZ*Nhf
zek?LiZOAw#ERd`k&K}rP^;2`EO&PW)gEX)T8s4c#cnN_UM1Tl3fBub9$2cJt;ta~)
zKS-0^J?6!Jp9&egAfE@<e&9+RiB1QF^`{r4t##RL8Is=}M!VZ6Zg?*T$(6HUdTuZu
z))U<0vMYyQNd+oIx)4Y$If?jl7x+vW62}=>SY=3%p)REKuT*f-%{>rXE`rh|PJwQ?
zpBQxE(y0Tq&hx(=ixUE=0BNi<cC7yU@K!gpFD4&d_uXe_IE@yms_|E>!fiwOZ7JNn
zS6QEvmYZx^!bKgR*`Od1$#r*){%mb9CjxVV#aK=VCxR1jCwai$NOuB|Er9!E>BFT8
zd|I<V8?ZN~JO0}n(;aI8c3nhs)H&@l@h6SeJ|XcZ6L8}X#s0jj;2wIA*1MrWw9oD%
z_^xvQ%&iGI8C*LH$!+GauXxu{nv*ONz7ZTik)12eWBqqU5rP+7iG}c?;6x=LgMsk3
zjJnG2JBwB!t3ma-$l=GxT#ExeY7sRy6Ff?#_Z~^hV9FyU4kD#a6@!)bVgjlYPZzKu
z&VIw6<zI8;Ly>*{g*TDx>GF5&s-5k|0`_kMCd-H>V%J0!g1i@j$?(2}f`anHx1YER
zxtPKa)+3MO$Hj%|bpf@pb(4lT06v~VcYHYuLryQs5zfJ%;EN?pIA^X-;XES`Z2y1S
zILn|ons1FS?rvE;Xn>I27k9`)fZ!5bgF71_i+do1-~<Tn&O&fDxI+lOcwljY1rH8)
z-}>LWAMU-~AI{VBn|ZpXrfRzD)ST%viI;WShfo=^bTuyJg>O1r4f+Kacen{&<4YaN
zr73M(>yTNeBc1+QZc5X~@fGcR+o;4Fdf;_&7%owW)n@xu@s)#?YaiAheAo%31ep){
z1*&6G@f#(Mn=HGr<~44jAeeEGj9YS{Tos&u%mZ68pNSBgGA9)BZX$#NQ*+8ZtS%B6
z4Y&_m_Mwj^->!(ucVeT8R-~!rx~LDiy8})y$=ma|XQjLn|8f#VhVngGI7tyot{!B;
z2%y=D?TtO6X_j@g;}gd-a~9$Cj`b_-0yg8@OASi_vt5YMk;p!4;I2Y!<4cohxZqgn
zyM2A4tlBOhy98m@I}$2?y{vbEO7KGnYpK_f2z$av-31L>LhKDOew{W5JS1$L;2q$j
z)PB2jkT3ZZ_PvB3{kX$j<{8$VlHGM#H<?)0pEA1~u@19Y8A*~6-agd{m34l_G~He0
znD<s5=Wi~lCY&atF0_+iVtn9^>$szc<&-H6S%30!`apFWH-M0^+jzi+aKa}L^eVlr
zq4PuhHZCo^x*K$VjwK#(b=6UCo!G2Of3Y0|XTC2>;1XcJPGCe%(t~;Lz4GfB_E7c^
z`$LMvuJBY3pq7P~5xJa?82EerS_8JoY`*+r=)8x6=*~@hGz{mDm5!<$q#{s}MKQ|e
zB^M?bQz*pvcfIDK*ioqeS_ls-JpAcifkOHOK1I@B(@s&@$fkE~2cz6Wh;rJ+AL5r%
zk+{>>dA7G9sZ5N_G!6@Y^K8rHiz-iIZw8L*zGVB!hb(wK7)1OmY3cw@xR`TlH=A_X
z;kckTwq174>A&`|#%N`jUFdW~8kL%Xd?q=yH5B~LKOrOZIL1wO4d{ss!iHDI!~V{n
z;ryfreox?pj?;skU6?F!!_4~mipUi*iJ!6su72jmNG!(`!vFodaPThY;0Vx8&%u{0
zNVELnQ;`v;U9W@I)h@)5C+aI#dT1<=kOavx;r~|~{HZ-$%jisQsjyKAdzN2$0LtLC
z%8egBS`%c7MFFxdr+L~mj}m!NmF4>QO0J$Y*6)57;@0dG^#OvEi)O9g2|pFFrJ%iB
z)#;Hz?A_=gp>L3SF3(ugaIfN8nS^-dQM!%bM5ZW)s7^zWCFD(4(qSl!6=aW3RS|=b
z=8uVeMTJZVH}7~8_<W3b?S_n%S~^=DtIbM0D9z92w+!@kB<oN}b3{j;%)04>%oI9T
z{+%FgA(~`y>x)JKDa`dY7PEYbt*AONFw((=wA^_!5~;owY+K}Jyw3pH+eT`j>mqav
zSl^@HWID~M!|gIfZgHN&sc$`}Z=jX6h+^O^eJx`9xl6T?rKj`2c93O5Z+Fa^lmINS
z1K&(g9<Q$Nj}g1qC|v$G+ey<I0U(atPbegW>V-Fe2B4eWcsuQvg=&6!HOu2jf3y&~
zj|Il*(k*nmlS&+NrVR<-Fq5?`7?=K-m9*hU^5Z!vMh3`zQQu7k|2ws+P&Zb2EV7G0
zH;^c}Z1%)HN&0-|j*j9vw0!3w+34J&R+Ex2S$Dl&)1xPlZiSEe<bvM=kBsKy)iI`T
z_{T`ufS6#zJYEq``o^f2<oOgA_=sbs=~sJeE!WF9XB_Rea&g0?x0CN$m$Th*uxmU!
z^lSiB)`6Cj6v7^gq)GTZ9qF!QhMzK&^-<TKh^|E}J3szRduKu;aB`RW{>P?}N}W|&
z?22=}BKsv^eqgKaCv_uqkY;>>k0IFP{wiGBo2^JVJKz*^LKoX?1IAbM_QIhKQ9m7n
zNSAX;exC!g=_BF-V!!Ic(Oh80&HG4Bj5F`;ADEJZlcv;V9*#E@U1>#!30|^SXpzqS
z0k-_$J?yLNP4PTtRpQsKAon@Be{87YDTDiGdf)Nuc9k6gyV!Dx$CigtRR^k0lUGWs
z%uIw+Cy*gp`Ddin1sG5tJjEt}1>MM4m_|Q0-myD+WwLC>4|BC+p~=h)x6DMm{HA+t
z0SwEYy@_O<7msK8zKj{h&pIC!hZ$xzvT4qO-FndNIRag9WNMvhIhcxZm3~3Q;*9=l
zJw^wY77{bij6d*mQHMMhx0PZ-=WfuWAGtpJYsGjV9>B9(n@Ru+SqvzhF6sAeAT3%?
zuUyYpbf*fW2iwPmYZe;IYV>;*_D)-=baEy}+Dg?jeB#UlCRV6$Ob}gMGkbD9(Nq>^
zgF=F!TV)XQ+)kFy+a^z0%s<w3-rn3KDF=-QtRu{3f$v#WU-+r+A<7eQ-331H?eveM
zzlrj<vI!Ygq#2NQeIr*X6jkV%f75WTG*Wc|pYn!J(WDU@FSsK261odFRYb_q#~!Z=
zBdq3m1Lw*betvOG>9{S_3*(7se1zyISq`52A!bfZ_)%5H^XgLO_@7h&7y{Mc3_8&I
z--1N><%fQvE%U{-j&bm3VuUacug<_5nw9JK0-9qrTN!MGNj4k>&C)GBuC2_Z!D0tE
z$hW-js%syUr63NlLssZlr+&I5Kl3mw-Ffga<stUqb;GUtTu6_dk28E~M}=rd1m>Ho
z{SoIF%$%2ef>Eb*wS2VFNRg>Jj6113*i-az>HRm%knb4EGN~Dr<xvtL0qzCgGui^l
z`SMR*TtyN?aMiK83h`m*zwfad7+L<zt#yun|6~$rK6Jbnum2hhosZZ$tkFV|=Q_MS
z(h>zf6x4R+p4bJ~q@Qqc*%vexZoeC-?7az^t=#VZbo1u^43sPTsN<OOfzh|(F|vAx
z;6So138BkmSkq9jEHCSnf;+ilIr_|7r}0TLi$Bs8=%n`3!+#Ui`VeT<XPw09$``$+
zCC;U?noR1+i1PlrvzD;NCmiz=QFvI^q#}^QA?SCV)0F=4NM;@${moTRH2_>fvF8jE
zwsjgc1evATF<gT@+(55+yo_^m6^mD1&#Kxr(4&mu+{5*qk}pvp0$-ip+=QZSq1OTo
zV~^NUjEd{X@J_Z#ySUF(0iQ^AK^&=Z*x8B#6^=x|S7LC4p5BNF&NzvtNAT~5oy9xY
z-u+TJA@spQq<?TdeH6^0`3H+u${YFlr<#-P8zV1~SJQDz%e6_}jRjs%xITd>{J<0n
z7h^EhU$fzD(XTwGpLb9BLF2&;&LTuo?R>3V87}&Lw>|0-ZJK+qN*B~|d$Q3g8vGGO
zb1}L<vKdZhxP5oOmC47^ZmJI<POEm}PO3(p2ILfomc0YQ{RtwM$09=N|Hxh>g)qQN
zQQbA0FFw9;DmIhem0Klw<mQzO<P50&WyxU1Ogv#pTFN@q@%wC$<+wxh2$8$y$W5I@
z_OLCX(}<M=EJmgm?E3Rk;rOZ}7~SIW+N%>3S+=nV=|w2z*uI5?*iG+F%Pk6M=W<cq
zNaclBuEJp^OjPG}9ow#ciQPc(#Gf;k{C)wM0l3vRMC8ejNe$Cxshzw*VPmd7O)UAl
zKAM9>_g>pkWGJ5Ki6T>EYPi$+*2llBo;KItoQ8b%JVEc<bDR|-|5TNiW%PZ>dSWRJ
zUBb89k`z;ZLlZ@*NQc==XArnrGYQlo(JuNJdR)ru#w7D3>?oaC$)N3;=^(3RQIIV#
zetg17E7VWN&#*}(YgNv%M^k~%#DS-hoHKvI42Jkr{%y#~u8F_(M8C&v&<QIRCa^;$
zq5@NwSv6Z`+ZE)+^J)RoD190?H8FWk5ZxB=>MdKE2PCj5`e&trW_ePv3JB3YmZ(05
zzkoN6*v?r3md6ZyRTlMw_A{H*C+*s)qOSb~-tcq2Lz*JF_)Qu%^w<S*!UEurZS_Sz
zpP-J6oQ-Vo=+};6C+MVDJ?o7^3Ii>nA<4i9-i>$*g6x*~o05AQu^`Bfpv72RNj{a@
zyMLfKxhI22v58hPB}(ga&Q|Hm0P46Jq9M}xL~><Y^QV*V!zSp6i#8C@GQJ%NZOB5W
zeW8=W8P|IzthnM`0!_{F^pNRe*xJ<5Dm>{&iMlkc@=MG;!Xa0o=o<A3jBpbb<zDsn
z#19Sg`Gb98do>t{_Z6=r|IEoP6)dqKyYna^Q*wlDxBd5H$26`MwWrA?mtSGLdprF8
zmU6lt9ixQ@eV07nYnIp#hNVb}?7l4)R<Nx()5H77M*~v@8$D!)(rYOqWBKW`s$4<V
zl(DYP?yEw$(8($Pg;<paQJEQ!h0>p573WTwzp@Kj6OlNJ2bxeg-b<4h;E&>tiAma&
z86Ga-D`{84!s-BSxDb19!tz{iKHgfI*&l=0MCF+$TT#nRgG;SggmL(b=3I5GFGs%W
z@18wxCIjP-G;L-J*~AP8G=2Jku3m3Ps*S5XQK#0wMP;lp*3WDHbN2E!=K?tMc*#<-
z=I!Do@yd=Q0wqr>^)P!eu`N=qO-0sz^l9d1cUolmnwdn|@`RGk;b!nIZlrJbP+3`|
zjK_H-_^u#2n<4WH(6+I~l(b7{{9Ic_T>3&|lKjj+jOcimSU&TJeY%xF>)A3MOx-qk
zF=6feF(>L9Tn2Dnj(|$obv-P|Opl%y4ki8QH)WC;vv09W&jC`HcBQ{fEzYerYk3}^
z{({JnbYZq(bY0Pre?GZ*&VX)L0fuQ1)^8T6WRt4<>q;T&Z85gT!^vG>WK9-lB%R-~
z%30#bG1BB~)!A9|83iRg28b+@V!B-9%Tk-&wGr?%V)EvEZKRjhq@wOk`MS`pZB;Ds
z&#4~WJYfedU6kD#X6;{q(D*PG+f&)4BaDB#$9SjLcm3sxGOFxZ%7-S1UQL0`1>#A*
z5-Zv$4GdHB>VGwknbQxg$DSXSH#GVAisty+97|+f+f#$6Z7Qz_FxUO!F6(*QRRbbQ
zvadz(<rG8M-45ze6}<2NT~gsYH@5Fd*v;5yy5Y5^k%2`2ApSuQOJ6P1dbzS^gYH-Z
zKWw}Y=Bop_6>Lk6<h{N$X0c4b!?a7GVb8Ky3Av-}_ptNnN-vVi=|qT|-D{?j-z?^W
z0)z=IVtWh<k7u6!UujL0TKE639C(c)?cT>Zpm!kGlgZnHi8)I0*yV^}l>O#h%+gm2
zZiucK?9=#+u7O<7fKn%AL{wOb+Wi&gN4&jtt|uJf8i+8ctTs0V6QjG)K#h`+&9yDH
zFkgD_x_xr)*O1B{>T}}LMB~+T6-x;m^6zyuRUUF-+Zp+GtR2`A^?hP$>gBaw8nMO6
z8!xh$=Ee}@Os1JW&{$^>DW}l>wnpZGRGG#<pA0Y{5aTmL6#MR4Zv_`P7?{B=dv=aJ
znwqEnx<89YcXMmKz=qqPX_lE^)6+(I_JbnC8~nm69g~*3ahfd!kHd<CfM0}7A}8<J
zaskdT@mm$@y8d0BVYN0Hrk{Mg&A@FzEsIZhTp?q+AzvcKrz!G%y&FKRz=b&=k-4=)
zg?ecP6L&}d(EI(D#uc<wnUY2dmw(DD4yPqesDoA`SbWy-%&$V}{*_mhL90|jI1vm!
zJ(g`yEQ=wMHUx&~F+t)zrTMC6PvBdVU)>~m(jyE3R+}Pw#5sE*^<U?#&OS?q+Xv=D
zaY0$#ME1}m!X+t^u=90&vGQPPjlEIOM$w9CWwM{AFZabs1(A!k#r*4KA3e}UVMkS|
zZ>nn33?G%ojIPMaHK%}}?Do}PQ~F5PahgC{Q;y1_Lz5<v`$9$^tv@rz2Pp{{m;Uwu
zwV+EUgU46Z(uz3j82e$QKTftgN2KFrA^Kw?`ySvy{SxeB?CEIdl1~3dNh#;+nn?S{
z>&wSP2F5rAjMM0(psw$wa742P5NxLrSK`_4h7?8#?W2U^$H!4Y(^3oVZ<VE>98OrJ
zdJ@x`_%eQts^gT@D^E}V$zz|g<0+c-H)e=3^W+dxi}KHvy>U`?PZ>J~6+C<Z$))PN
zHdC{TzTY9V!mmkKv$-VY@^7R~^qtczR8!=p|J|&=`+SeAh;`3RtV_W&{;Le<3$X`f
z$us`|MPF!n9lw+Qq~=#~OBjb$bj+`=S(>GIe6WJNd13s~lW?j(f>R|SVxAVjv_2MQ
zKO|^yy|k0k@3>}1k!3_>gm%PL*ipPn)0+8+pzf@qmkHLie_}p<;s33n569wgeZ(X7
z?)ejP2O04{M#NW$Yo9x#4GUBDw4gyErfmf#if0Rz?TZ(`)L@j6QuQsq=~9Mcql~_<
z2UK=pb?I|97}F;R(bz)+7bxsd8)Z)#&A_>=6^T(lZyzo=jo0dAW6g5|3^8&4kR0*;
zM&{DT-G*O@XUcz!Y5Sk2d7m3jrc4Z%YOUX#zQ+coP&-p0oVfoAvO|f}sekVS++GHe
znXRdCaoHrH>u+yq7;SO{1Sj9rrDo+Kfh`Z!6EY^Pj56-yMy@0Fgk`q8Nx&@{rLtV`
z^>nw4<@*Vn0zDpIG68K)(HLV0uSCF*71^cFY^pPM*6(Tlo-%H+M7JH8n-8_VDz{Pm
z+dBbbJ&MBcG`eTXH=u3_jAR?7M;7=r{-tD<i!cTeY>J%Z4JW2n$+};94j$hR{oMm5
z1_FU1Y18NI!*4bun>zXpqdAjDRgmlyJ?RfOjR>{Y&=H|ZwGHr#BG2bkLum(Gs>0S!
zM;EifPd+ac7#G)H#^A~TyMiD~QeSuk@h_u-6R$I3VA3DGr!wOIZu)p<7w~9m$Jf!A
z%lG(nFWmfT6P8qY>c2(mr-02=sfu}HsLQMJ%rI|hcviom;56s5rML+2XP!4vsYOxD
zH6@NTGS`@M%0BNwF*tYBTVz=3(q_$kL0BihXqSA-bYik6Au*6#JtE3ZULHoZt2IH4
z?|^$=FR*D%C5E$}PIzb|FF_?rz6<EZCeP)!C*Tm5z~AQvqo%3E?Xwt@;n@}@tlbbg
zK8qZ<U5-ooJ)|qB7GN^qfK|b>+HvBF_&XWIIOF<r+}yAJuP#;f3-6%J^g9uQwdV9O
zcR}x<OM&ZUlL%D1SJ0)$j<;+w>R#_^Sre_igUAG~r41uc;a)*x9y^!dWK^%-m9!dK
zc?ZR#k#Pj7&?_h&jl_~s8)&3~R^CCHXk-+DO7;rU^w??E9@iJ!<8x%ZAWkXFksa6l
zQZ>_1^<0=QSh_M1?jWo`)$naiDCcahk$&NazBQ*S5rf8tcyJ&ZLea40KM+B`pkiRn
z3I7jlM?)VpZ2K3c&9n=t5kA{>z(~E-7v6Vpku~3T$Xcno_v$Y^S)6yZt84A@%U*FI
zY#nV|SRS$Q4lR~wU!aCvp4y>rb{R*1_uNi*etA4|Ib01!XP7sgss8qo)g4AAxL{`K
zs^KmYvHZ(myAaL9s7pmNd;Vyz95CCXP1D8xwTVBoyW~LI#P#itmVEP1YR%9dpB1DP
zqp%msDse=5+WSU3HD<V_6q{~Uo0XqIB}Vvm4d$WrBO^|R=`RTQxVuf*O0`LgKwh<?
z{Zo3$GSda$_i-WSe3GL?DNcA*dSsOs;ZD68tvZ+%6$nDb*;?z%&e`nu=R!Zg)RHa5
zzeFS%>oC-}d;eLBMJEPl?cXV1RS?(<oA)T3HTeJBW54Iyt9*|rA609`wis~ZIng4O
zFBibR-#yEHV9`>=z@)~a1^@u~fN#20rf#5+ia9y}KpO@Cpu_*PqR@Y(wTJCnFIzoF
z1zS5uH%Bi=cefW#p6+h{+r;a6G|Af#0HBc*2SD*Z763p|DDe{j!1b-8+Z$U~s0-Ta
Vzc0tZ{r4<PbpL>kSzrGh{TH_#90dRX

literal 25484
zcmZ^~Q<Nr6v@Ke;ZKJ#FF59+k+qTtZ+qP}<E8Dhx`#)#zJH~yuZy7l<=UOo%bFG<k
zWXMZ_f}sHc0YL$kNL6Y3ewFzOpa217ssjOG{yS^rXky@OqGBOzVrpS);cQ`NOK0h1
zXM3gn<%s(y;b%u~ez-eHA{0+jvdbY!ss(Lr+a){8oR++tdNLW@EQ2|mp%09(sGURY
zN@x>xv+yd>n$;hBMm~wpa6!83MGnt_;nn=J<0I^P<kJx{?}d<pw$8ZQ=oEcf_1K*W
zx|fVRk!BR7SY~x6dxT8I#M_hta@@d?rG{mOgN~vUCw=&afUgfbb<>eNky2Lu+b8|g
zIO$W!PFM(C+7yHp{wcUr6PvYhJmRKfNx+;-%%&{?(88?juE{tp*;FQTgXP-}3N$B`
zoORdrhMPA!jre&ZZPsm+#%N%#%$LSAxVTjL-3ljD;bC%+_cK0;7cJY{WjR!^Ml#+`
zy9vMslqaMJ3klv?LH*$C<uz#+q$N$M0}`2&shQi2wbPQIrKh-i&-(+-T3+ufUe>zL
zhgA?^4m}JqdwV+))EwDAMK!ny5caf*n4xgY%KEA5zz3wE^D(rK8HUprptNx&gY)!G
z+Z6`pHDd$b-%t3y5pz7>TnGjlOR?Td@~0kry8(4m8!M))hTVNps~T2+3Gwm0ot=Lk
zALqrya^?1se1nUoAXo_Vpmi|HkR@A!e-AWTm1Cf^G1l-PyG|!8NK50j<+R;Z3mpI}
zm(d<9&}SD7!UGa<1YDHdk7UxxSt=(%_B0y9m&mLeJ;>twCB2!8^97gy3&3<vEX(|h
z=;~<d1xr$CP7pge>{@s+@FlWF5R@lzF@%2X-hDJd$`TRfD(gV01{~AjU+gCGC<YU7
zrg>yE$&1zVRQ-p$?(AI&Mpy`Hy?W{t%q7gHxjDQzaACKzexLMNp3M#!Z{O*YZQ%Ki
zpkKW*!4pn&4-)IP53K?qJJ>}IVS`QpQ3;B?A8}Fy|M4npQ+BX~EMY4YcN(QVrl}0_
zGoUDApM(<}sq2ZAnLDF+b4*FSLFuw#s}eZE!E*)g+Rj*Zs_CEnrZVbjcvn>hZcJ&(
zsm~hbG>!`vwn?l|_)l5Wvf%|G<V8WM{Co1VTZpu*3OH~ap-EU=gt)P)H<7oa!N3iY
z0dU2Bg>{Dt#zKNLhQ2IX62}?VSk~{$wmpoPozFoqI(NG6Ar;uwd?5yN+Efpzwcv?%
z=?-%<jq#%*TP_8b!(B-NawKUs2J8>m2UsNvQf9oI*BH*iZ0tcL<6x-73Yh#I{(9gK
zq5v_;k3SdF<~hKqq5(%|tZ-pFLpC>$ncCxWDC{ar3ol3~_pbpvbFZoW%7r1mpDSp_
z_DRwX_T+prUC?kDXfJqV)X1iq$vv}XKOs_}=#zKVWUet%%;pwujcZL3_AG&Ww~)oP
zrII?ez8rt0X=vs4%29p)?A`kN{zQ>p9^R^jWrRV#l;4<{jWq=)MB`*qnf=+l3RQTL
z?QW?8eI;yLlQP=S`*Ji&VNOQq3X7FpYO~m=tl6aHmn&3|Ep@M1$};Ou=Cfk;XOntu
z8OWPBmKc<zn69fPw)2XM7+r`@WJMK>D_4&+Ra`QXOXIicZnC?nS`6B$+t|n{&noR9
zPN!V7YWCXx{FzKC3zl4?U`#gG7@^Vn$Ua4zWqLF|qUR=62IxfV2gDbG+p687Q$b=F
znB@Hx@G`7ELjpYrl>=Wsv^Xfb;Q4G+t<lWoAPv301^)xKw#}%1rP;k{@q_!JjogR>
zMH?u(E*>>KpOgJLH`U9E+garuwM57ADkJOcp?If6Uaea2kf6Aquz2W|dYEdejZ_<a
z=15Kk+M<sUzl?&1HL%#`d}{?61fmqB(RrafK9y*2{;6?&ReTMb)K2@3KmP;?O>4)%
ziN$UA!jFL;v*jNlh+KX3^|ogM8PpxQHh`E)mCm$bXQl5Ke{1dB8uI=}C5f*-GLDq|
z=l*o}RNvd)&)eSJ?Y7I!NldKuW@~@C<w`lZIAI*Lx&qRYcq0ZpvmkF77g-)U#V}tO
zLlzs;SINJ5_d7CswyA>Y9vYSo3~JqqTm%+^7A>tcD4;&W!D3nzz5mjS0&ih(yD>rK
z3#i{$KJ<HwZubTufrFJ$!1|9reJ_cc1lsCjHK!6R;7((pu^;MuhfUCy0ZSlPi^hi!
zeG%dVnaj<u9p=909AEG0I@UkqtyR?irQ%P=`CGcR@B96={v5DVF!M^<76SyWMfH?y
zr9|KIgE@Kh@Hwk!AkA^4m>t+$#vj|(beNPq@>XA*TFX-lpVgI?3r%J~CZ!8|%j-am
zSG-p89*W*-ZHQ#;%8tBl>q<U4XCbhq`$|h4?^C>jP##BfIEKT<1_B)PXRBj8)0xkt
zO|@VgH-RME+_q>o3VXT+pfy`tOy0?zBpo}?Scy~8L*;75v%@+&%xRRFLWy%rfC#qo
z05#h`v1L*#y_yxTXOAKlJar|EYfBi%VDQG~*UqkuLm(LfeMR2Oh4Zl6K8xL`FH>?x
zk@fKvbafmMK-&)GgFtEYpyQy~SI<^qNUYa~=PXOZPAO5g&`*e#<K2(e!-=-N(O2Ca
zzfzMg);VG!rgTJR)-VWxxSYjz7HsysP`nnQ8>tA1jnLaOnW^Pt9h6*4EGo72eK{u4
zi>r2h>WpUt+G$W0z<iboETRpAhJN<vF#1C^M+G#MF}M>3rbH5K{j~Wml+nE!njysk
zb_O7K9&st&u7>iW`I4z{QT?mNMb%<vs7*ORt9aBnzZ=JHWqe7{+v(n3phdD-PDn?f
z3B+5b$r#-Nx2o4IDrGC{{@B89p+&Ftr?#J8?SZYjK7h;PC^SYh7H1^J%X&Cgtj`B(
zi7ucxWwu=>cK7fRZXs|SFMoH0sv9q)@A&ZWlTqCz1_dnFphFrwwyX9D*!z6=R-4IS
z8DNQz{^!T{o0`$7$!JQrqQPX$n#{2md<-yUy#Vvo3&JZ8ZPu|Cmi+rhOC`W$AEy~x
zp{g&ocmgTQfFriA?YBruv!n5xO@8uZ)WlkUr@=|}sURx&ra0#L+ymR`K*`_j2s-Pm
z&5ijGQ(3Q4*ew=Y9{RZ%O1Mc$hKaPEl<yUbw9pSXPbRK?AZkY6F+3t6DY9)0GGk`h
z?D~q&MZ{Ez^zX4o`q|_b>F7+A@6*LYzLqHLmI-Xj{2PB}yum+hdCDwxEX75}x9*Z|
zjb6YuYp!@gjagspp{Vh84Ts>&PYoA&cG5@`$^-gHj?+aUl9k$x4aP;D^`nea3J)6M
zk`3__Nq`u7{54jcvZGGW4tuy0$y;ZMGnC-(@v}7`$>cli9X9soVI0*BX@I?AbBa`W
z8D?hFg(VYjW<OS&bn<eN2RjE3GcTHP8^6Uc%B_e9R2qyajd_ZLng9H!45Y>lEKcqv
z2#&5-jYB)G)!jI6HF#yJDAt$)N<JA9K#FZwiF22%5rZ7P%b5M-H;80)aGpym2@taW
zU(@phrWOEmPnjUMe_eq?O%3uZT#={W*sC+<nEPv>)~$D%i4!2@1B3#;svzsI<?sDj
zPdrNNW|)aN>ValNmxGo3ls`6AR=*}5DLoi;k89Ci2y_o}q;yApK)qRD$bBicNElkR
zV_4;O;5ad5p;DDKDDxC+##XMP)!ohpcwi30!Inc+!2JYr1;H3crl19tKtj5vHKx?d
zb5OCEcWf{`VKYUAAe$+G_!otLDI-5@MFkuiX{LM#wm^JE1C#~|%#kyQoZu39worSK
zpG_5BIwx*LHP))huo49k`dCqA9!X*eIfEaO#g#zCgk)s`uD9Ll`vC$85hI*E+|KyO
zcMZa=fJX~#1>f~_@_giJ8>njIT6Ad-U9-(!!D`S}c?Kb0$SjS!9Z9F+y+#MoUxpCi
zltNE+xR*e-mQWEUMO{5TVDC5&w|)X;r04cC3noKGysv>UH0^Az)<_3cOhtkPdFMS9
z5dq~4M=T%eLC90OBT7uEvN#l9+l#y-0qU?-8tUf5Cy@~FmSBHRlQ*3O`Gy|6?*u!m
zS`qMmZ^hz0*`bvnY-j3vw@7uf8*z%s&&VbxVhf1jR8*)sMVf$9HtK-CS?j?F_Gl96
z0AcwhW5c2!bZ9W3+js?8!&2<s?gHg_<A=<VxHON43^J~5o+c;!8ZKW{76AxYiwkOs
zs!X7972)Lg_k>Sl{9+9HEmf<N+*h0!fG3|eApeAFk}GMtNK%wqyg-f`Q=z6g&v@(>
zc>2*P{P^d}Mdq*KGB57sAn!&=;meCKaoIOoi8-dR<Qh&1>k)&$!r!csO=!`4(I`(@
z*Z1#!F~XpX5WNvyagIv3qJjA(M5^qUe({RL8F_V#rrq0JBYFkqJSgZt+o<wfl8LVs
z9;`u&g(-c>5FP4C9D6?3Ft5%I`m&*Xwb=G7PXVlulAEs~@hSCPMY#CAi0*zpQtn<2
z+(wSlO9<O$qMf1(8+2`aJB`K9HJdv;4*{Hrd`v-NFF5a)WIt;zw}zUc@7ryM3mVp!
zk0FKk=c3-5bHrQrMwwa&==f~X6J!SNU}&`~()^;Tp0P>%${9>DN2{ykTa)t@h8|O7
zThVXUOovH1C}~cUQi?!)Se9u+i3PPNFaZ1#^*WB1%Wt=U&%q!a!JqvUVO)lCNs1J$
zSbf4v`0s3&=W%JeRi?5*<%j4t;jk2S5pF$+4*9dac$lMx)mfkc{AoB|kNH#hR@0b^
zKguLIklqZ;cr^4>zA;u^p;9nlD0{X7>H3stlbT|(vwrK#J8~FB2?t9Et#QE4=J|IA
z72Q2c@8Z0nBvi{x_cRUxAAp!v$pwtPlG)k4g4q%2t96sS4cIij`P(bU(k+Rv5tK3q
zM<lbC^`UZCf-Z=aoyTS^Sxq}{qw||(8mcZW92c1aLVY^c8vD+Oxs=ruE{RZHO>jcN
z^%~<9u)nq(;$@iYit=TRC0}icu%%|-9f^94<(M|Ghnz!3Y%qBapprU^`AzxqNs6}V
z-m@Cfb{N!kzq-s-C@B_ub~sDeDacnaz}G=oiKJi|3{o^Uv9~2t<BuCW@SvOM+oH|l
zTN3Dr2VqQ1Pr(*1-_OnppAyb|A8y6`(w{~bnb}LJnKH75$&<C<T&Gjl+g2qgQmJ+f
z0o1fvDH~xAIgV{{Jn^Q+3mXx@LiUm9lGSMRRi*B%bS$Mb1WAvyQIQjl?h-jijL1Gx
z`ERcXrostKr9$M0j0A|cbch9>Sq?FSXASw3E5NeZud;LWN)FRQm^S1E>6Td{@Gc{7
zw-tFo^yJCs5At(Uh|nKg5-NUNnQy0A9(pN0a%&gNer66zjHELb0>qoO3xK!N631nG
zNsuA5xg^WU@;vgfirjfO-7yec_X6XQlmoGhMd-cV@4No~*Z6PP9i1Em6!vjn#}NpV
z0~4Pv-6;7`Z3+RFB8bmaY*Sfx7*ndFn+4Dp-GT-L$qt!_1iHHDvSm?Z9W4)JKcu|C
z4>%X4{SV@^fl@Bo4TfY>*m|GK8)`yA>0)}({A|0bH!8DpA$}Xezx=2gFxrMsY>AV%
zC<cuxC-Zc-3@%gMuF(9mNsW3{ASEuG$=bnu-)z1EEBP@Nn4e+7=2?-~x=N=Jbivt*
zr{<Tv=0bc`yzO_9IC!^&>_pA5e}cYZ47?5a$g0~~H<bGg(K!(#ghs|OmJNCpr@I5^
zLQQ)N2d&Hfdm2Z4-s3W8T@;}p0D!y_&tzBj(^I7Zvc`OZy-YiLJC=<sk!|BwyYSTt
z_0xT^v7|05Tq@z=7eHSwIvPIiHsk3-2@Z;vcXPo|^kR>SN$C@6Y9%$2uv4j26vVqz
zO|@1rv0EOl7geeI#NktQ2cu4)O3JUKR6(wgP2*@QpEG|x6LhIFM`WLAYBH>WbdTfg
zz+N>?qD*?B8q#g?3f7ToN%dpNHl}5#qKOD=r-8TW<ijB4@N5j(Dzy>emENF(;T#wW
zI&BT6flv!YP>?lmo)`YRca>zrGAx)LK)PE6<~;{kYq@o0j%*bcOo&{FTF`Isnv6q7
zZeF#CxJltM*g#1K3+M#giHPrM71PpWY`s6tz|@>a0lQLYQ~+(0rs|$4{SVKkQq361
zp4%b7nHAGoHAqb0Nr?J(*&<ed!LG#}f(piMVnzno%&DxKzOD`>#=c2yC4>QIQiuzc
zATJAkd-~9YcZN8JR{M-wj_OVqPAl)-ve)t8*_Ym1J0%74yZB=5*Wn_RpR07*JN(ad
ziRY_n$KzMYOl$t<OZGWyQ|}ev+g0aA<4de}%kT-9&a%Ov>Xn!=;dqjZ{^k=_{{Q1T
z$?^56%E$u&ZEAx8A^&roYz!=Hl}&8yt^avX|JQHw`EcB5S-$!4fr;+1BitxAmufha
z(lm=T;)>DSxQop$!E{p$4<;KzD@V!0FYaXC5z3-uk8{mAoC0wN{;f-{aUZh9%*6!l
zZv_n7y3_IX1uxkAWBMK+ZGS~x0nb6$n5w09KYk3Q<<2iUw4eD}c@ZzOMc{F>s#-a}
zxq@R;J-^8`w%SA~e;pY;LUC;Tz}#5<Q?Zoqv(>_0|2jKl0BG4|o}PyIl<Oftj)kAv
z`|$G%LK0-XywAVl7np2;PmFf<rSuJlDHulfju!YUwc*UsOgq#qSJ-ovM=dQ=Vw9No
zR9N^2x7iNqUCi4i8lRgai=E~($KnDj11g6|`5=)o;27JjjP;fm4xo6Eqz=kk)h#@|
zTQ2av%KA3D>MT;dgFj%sGCz(OdlkF#hwV%5GrtM#WWy@r3<2Nk5HMpCt1TMMdESnv
z5sWp&zbR@og*7lEe((w5Fu?x)0Qd-Y<!I7boSU(!>84oMy2R?RK{}X~3Fbu+rX7K1
z%TpN&1N-tY<N9MA?Nab2{2g%}s!T{S5ifw}DFp{`yZrmh*E2j2X0Gyfhi_kRz87k#
zWP^I4_KtvNO|JK%rP!#a=Q#&1m|;~MhTO2n`&DQlzJyqmABkVxpD|Z{C|tt%wOJJr
z+{9<vueYWCP7Gm@s`iY#SW*pHm+yT?5Q9L%fv*|zbZ+1{SSdTdlh^@@v#`U6xpQ`&
zyq>)|92#^2%58L<TiEy+FK&$HfQ|f(-$<kUWrH8oT)2UQRB7s}TqgBobSS#Ev0mb>
zV}1F3go5?l+(v3lnBy7Xio|Ma0&iSnw(&;>p3@xTctGWTD~(-n2wSuFaFwaf$ojC_
zb6Ax@Pt@S)R$|7qtXV&l4v(qe+T7z4taF;y_1AT}@R~L68*IX#LCd@93IgiV%gl|;
zm}#3{|DPT!vdg4Qfl4tkyON9~6<@?MEj`$sD)4<gI?J2xx6`GEQnM9xJ={0NPV7f^
zwoZ(~AYwDEe#PPCb8#JoppxV>rJx?Z2HL38P1o31x&`(hG}>Qrm^!5Hj?(Xd0)9#6
zg?>pjVa;1aS_Tq}m{(kB7}O`$>AB|S4y*ZIZIWSUowFSjvRa#8Ite<6Ltc?0M>-0&
zL9W-yQg_KvZVhc`SM8K3j4i*F!{-`WifdA>sXJIJZ~XhJ$G%bNd76hKsEkH?iXj|U
zRqG(^AV{*Ljk@-PJ?MB(tH+2uFP5VB*EK8JS|lT_a7vjaufCY6dlbbjwd8~>>)m3#
zZ!!*bZkXpil(r(5R<=R5;I5tb5I!VmPqu)%Bf1+KSFG$_;AL)FpPRn2DVCo(+iI`e
zTwgfh3wJD<Tn9q|uAj*QTmFK_^byybNpgX*>?{$3`8o95b+FawZ{BUtBfoC7I`B~O
zMGICd+LHwiHF?xL>rqp;1EqyyOC(4g_f|tIN7b}r?Zk}(%SwYhOMzLcmsaW;DSU|}
z){Duetw@_Y%5XMS{4v%f8B-1+SAy##zDX#@EY@s}#%wF=E+-O<TbH(1v@}s~a5W1T
z|1`OZ-B`Tqn&rm(mbQjTWL&l!r*4tt($jQSqmSD%QbbPLT0J#rg%>Y0bY_!wZiJYq
zC2gLua?<+D&T&GlEka$hHXZw#iEXTnR)1}6Wg~3c7LQ*)gDh`>{0Fj8sp$sGsG#lI
zO4!$-75oonW9ILctHByN`Nx%NZ}ZOT{3B08VRK7NsOY*^$MUKLt9Yq_Gv~DEzf4a4
zCzGrH&BW_}GT9jayCwU7FubO97S4@qO5<=f_3T`lW}atyN)o?)Ya3fTH-^4g)~;yy
zU17a@>MmVX$vZ>Re$jPiLlSk0s8i8)a&a_tDyh4QNOW5?jk)$#vpQ6k+FaNOUBqYi
zv_!ples~U=C#Y6jUQf|?ity^GySk~8bq@ar!Bv^MB}kK;vbBY`wna<RSx`iV?AD}e
zr?s*!8fMP*rBf9`W_!T0ww0~t8uefB>l$&_sQ*}SQ={(;`7gNFzu;>B1(z_iqhxDs
ziXU>NmvMdhU+%rA6SfSc(Ned%mnLnAQzR#^ePb`LF;jFD6cfsBMvhZ35?1FIjoti^
z-I_mVF;lj_lDC#38U96hAso=D29hc^X<Zvrl4Xgsq7+t;D6YrM)YTL}iv3%WV?IUS
zE7GH<%{Q<97YOs9AULp~-V>T`NGTQ!QK#+-`*VYQhD@Ndq-SQKru?X2owaM{vNgs=
z$LiTNV)?qYuBG-5e6>J}SN3;JkJ%-4scv(2@@Y$`pG=f2FapezHFc?(R*08s(&bgN
z_^3Iqrqs@b6@J6kV%<E6X5-GX+gMJ$oPDkOY>O(OQH1>$pmBqPr&FiROhm%Rt+Q8%
zQ+R{z85q&xLNm_#r5WQItMkhz@PnsYeb%<N%q+@YzRc|34I6ZujRi&Zixiz-**(h?
zZKYTH2xV#;>KoTr@jP(K28I9d)&2)RJ1gf3?OH=2!I{(NwP*S4#o4B|Rfwf<{>;M0
zr!|gIeu;G0v!$^hhju_9KWFQoIgvfULoNBd!R6k&Vr9;y{-?>ur?vL)acqrCG|%S6
znP}W8xLaK|`ja*CzX@O3%FbS6{KH4FyLqmw`P00WBfw&PX;8hh&f0|Eu(JrC-4~B}
zv9_g>4G;5Q`Y(>2uC?~FkqO<)Ior(9DJ`XmJ<FsYJn(im$TqEUE`rg#a31wJTUtwN
zc|efRJQrI0rTD5rAOSi$0R5#uY=~FQeD7>a^$-m)y&%_L`}V1dv9F89Wo&le8_9S9
zH=Y_J5fQ<a6shC*RXA>xtc*H-$P@-{-Rbn&-*uA^_n!Q|<N;!O2!+{bUK<ms3&LDW
zB!cUjMe!|>P!<=!Fc#Eu;^gxjT_>;>7ybW6dg2G!hko=khj83XPNoDtVG|Yvr4toh
z!(S@g+aPLbeP1=tC|`6~IrrBblaJ)khkt*U%<8Iv17!q8#+2{#Em$_S6gO6|xsK72
zyBSE#u9<KDE^-z9{gTie^VpG(DGivFcBroU$`QBU^}+6kfoGyf>EG7q{}n#kn@FFf
zew#kGWX9tGKS_`Q_a~QgVnEO*ee@lkAl!9<jNZBblT_d8a@A<xzJgsd;-sILwr4%*
zeiZrx(KEiGK7w*_TkBhbVt=Gq@eZ{a41e^zbjguanpRJp#Cx+h(KSoe<or`tm~DwJ
z<G$gW@}6!V71M{cTlDp(+^2p_f~zq~HEHh<y|kG1IZ-t$Zv+okFL*Vch3)Gvc4}na
zcMN5V7~R2hxNpdH23;}}s7iZ6lW(3_%Tj63kl`F<Ql^Mm%DYdinIapRthlA4z#_pa
z2=*XeZxJask=CW_?N#dEHyuRghQ%7aE*`rtHjk}qpU?esJzTV2pPjk5tBpk)qm4A@
zmRX8yEuW&D93S2;F0S<-%V_6yAFjjhgFCgaus^weotE-nS8*lV?;eKHymQxx$J4_{
zab~^Wh8Z30FU3-Nt@L!AZaVKB2VWcSSE+=(`*9!F!zM42XD6uZJ|7#et$NXg+t2#F
zA8+>duFk96o#zNMwXzgjvsXMmA3miogJE`Z)ej?UTE4J5!@XTMU4>WUoy)V=wS<1g
zy*g}XwS=?TJ1u@)th}za+cBIa^;@f4TfBDhae7lxvwGLQUq{_rUwb<rTbZI4pAB2*
z1i8{Plvh`Jy*aFMe7XH@T4sr^Cyx~yykDOeyPpr~AJ+}UIX<tRj&81iYv(vb$dg>Y
zwv)%(8ZYnt9xl$TE-n<Ceme!#p9(<g?E2QhKOkR%fAc=MT+y59)z$ufU1H}gD%IQY
zdPlUwc|B!)+-P5UUTLfh@Or+xym&MDsQfI+8~(s(av2<M)SG!-I|=ZTCC@HZo9N7)
z?aA^bfScjXb@tYrt^K~r(J-^*qRP&u+xmFkzq-i38`Qtua0t@X`C3Qo($1ESd`#s1
z%OZMuyFG5kKikKX%aY{FSUb~0&~ftJHp%P1)Bff1{5JS}c5=OYc_H!f_>ehkrpMQ2
zhKhyz=Ck&Pw|iepkEa9G{NXIw=$z-_^<k9bUK((vgO4y%W1DxC?Cs|{)iM1b;iV|s
z)0xe@ZW~wy?(_a!MZ^P|oa1_PUi5X1((}_H?x&qih}Z+fV<r|B^KhUifN<@b&EmZ#
zSGt$lsEpI`_;j+3XxB54QDXP=VcQY+y~SR7CHnGuIoVnGoH{)AJk6gS^{rmcEjC)~
zg{zh7{hev1##bYrg7Pj?^RYv5!zelC&wROw^_;!xLvOukENPyBN$*^b-r+bYw#xd;
z?+zsW*+2h@uT|QMA#YiqTJc;?nA>g!UYOQ4Y@S40v>Mpc?eyLN_KboYL##sx&OJ`1
zB|^9Bl_;=BJ~Z%(9fS5HkR1+z(EKY#XbfT?1=+SY3kA|aS|-ZA<!v9_(}-&<NK|+n
zH44@2QvNkk4epNk7%FoLW8NxWgguK(ey8aMtk4DdFGMDV=bd2wpq0wyE4}Wkf)!ih
zhu7}z9nzd~hQ0ISj})g(_&VtTK2<!L!(|-@TfX1Bv;SB%6m!y}f=3z=D2bdH@L4W`
z0U95EcF9VhQ)r*B5*5XAVm^7n4>)F?_=9~zdq%X`8O)EePAD!^JcwGxi!db;^{?H_
zm!7NWKJ@pS5x!Ht@b*Gv*Hg8?n$vK+=-X76*E`Vq-7%?Xc!tchZ-y+1lS`yfF{8vO
z8p3)YqQ27MWR66J2q*B9+Q+@#mhYgnD|<j@o;V~i5!f~eL~urosAMnT#PH_!6fMRk
z@f;OUN+CeHk>^8o1KG$-CbWqMW9RH_@4w93bEBJG6`^tf!v#8ke6YHA8GBExIoQ$O
z4DmD)3%{OWE(XXa-a!75->C4S-IQ|6O5}2OpBLHeA;v&`j6`47(#Ni<<6qqOJU;yz
z&);FaknmwH`D5JB96B_>^Rym%YLQW7Yh^>)i^|MZdyDtLhUO{tb~u)w#g3MmYxy1W
zN^6Ro6g(|O&@&7e;;~djF#0RaALB5kQ!)Y;iJo^k&^g&Fyy-Ch2mGj-jbbL8sShII
zW)%7LV4(A;^jXgnaU!!#ualuJo~m16A&&gnMWn~R9mUY-f)tJ|Fy2a+n+zMGI!7*V
zC8PJwmqs!5?77X|BJA@>F$@b6+;gYW5%SW#Fmt=X92Zw)0(*!|AgUZZk&NT(jWFa0
zVMZpF8Y5Loc7*xT7ntBcX2kwLO7Gs#s;u{z$XWzLE|}xKUwV;1-YW6K1{Mhwm(<dR
zaX>(0re$a%bchPF;dwtqU6lA4UkC@p!21pa8hB0EuFNDa;tJwK1zUIqbuo7=IG>Rq
z{_w%L>tw-;w(^7o7DqZg=ZjoOJ<&+1B!$%>E=?hA>VV||_ZA)X!q_}>8wI$zNzeD~
zC{<>L4OaPuW4{jSFzG2Sk-)^T#0(&w309u@3VQ1Mdsa*_r*o8?>&MiISqJRo)Sjca
zV<hqVN~(bCXgGT-KEjQALGqCoOuM@gzi<=Eovg+fZQxZ!?O9(xVTJCbrMXSuPS(5h
zd)0ks@`5O+!F~E*cRrdY`TjVL12KlhvoXxwdgrhi<BN+e^rd+C-Y8aNX3F8~(;6Ad
z=}~L?W5Eu*o?Xf+V`LRtrH6XOs`Tva7(45%z8zELB?*E-#sMF#D_hFyl9dFKQicZ$
zS~$a$Bpy)1xsh-_-sbt6^^4%v#t3CO08BQJ{n*b;0X5D+x6I-=cC=;iVV$=@jC3WC
z%Z@|~=oI6Zsp5qwD>s%rud~;FxGxk2<oypTVfc1IbbBzmkuXjXl9XKLEYUji0dy47
z*xPX`<|9j?fnLieI#r~15)kjTg&oXu??K_qFk1+I^*l`jc9C!;SX`%9lMz&W5H+M0
z9D}8*Z=ysLa0ZP9G_vg?2H!OjHz!30^xhdW5bW%TfE53^(jEC0+m^zy4I8NH{jdPh
zhCi7pF#WeWZW=0r$>MIzdsc9Gd|CQRjr--TR~}gDWtb8f7AkC9nXep6-=?|+pM3;b
zZ40S&7(!XIAxTy6;;rNFIvFEmG_){6*z4zLC2B7N<|~0+Zyn!JxhM_7#(`M$@y)z1
zI+N`;ir}1+wai3MNT<({rkjOT*(J@soWIRgX4V+vpjidq;qZFrCos>->t=1ej6aX5
zeUJlcj$Jj?x8r{CZTr}aDrW(JzJbA^1<LOYL-KB$5&Fxobah?xr8!`fOhHZP{EHwG
zKubdV-^gxIvK7D()6I}%7(%@EJ<6p2`#q4xAzeE-s^<h-%;^T2kHMVTwp=ZyVpF|K
zTo31*e3)Dap+veB>&B5$sve97!WBDg<ke%>hf)2>j<Z&Hk&=C*!Yx`BXoS55wU6GY
z!6fVSLg`K)2G7I2##}hri+YA#b-{$iJE!iYyymiQA0<f|J~cVf4Y&3w8ap+(A^xvE
z-{o|pSUa<9znf&c*+4_q=t&h<5kkIM_LFVq4eXPRK)sx|tYaj9cOa{#*gG(cny-<-
z)(j^L3Jn{!qd%F^HC}=n)9p5WOQz%(_?rrJ{fE{nQ=q_<%M<V43-kFOYEAd}%m{jB
z)bF3OfIT|4TD;90B_9!C?GB!(+oc8j`;eNnz^J`o1s?;W`k}Ae%p$p8GAknsh_9t>
z+cq8Ik)`KNT<?U?$+MFdU{;M@$Ax{YJ9B2P({bjZC0`GdzdTDnUlzA!{-AW$1j8)f
zv`Ez_jy7<H-np1AtdNtVz=ObY<5BMI&-A~Xqj5WJ`b$&p(!6{~m+mCY^t8+NBs<w1
zZEA76sLpi%pTkb`lkJIeHxAkEwV5uZISr4KEl1hTqbwIv%*?XKBF>|kVt37!2OG|y
zHQ5#=X}Y=cXWlG}2c(VmEK|aqMr#RIGuKF;q?x)iCcUvUmkMTB&h`>Nw#9VTr3ltZ
z4_2H|>Pd~}@I=c5g>S<wMa<)9&L~t%#*;-9+0yoz5)auDj+x@M=U%^}SihRZ(<X6D
zHx!?#nfy1|{Bh!GnAc%+hi<ByM~=cqGvwUCf|=|PIM7sp&2Sd06uU*rc^OUV6y%0f
zx@-zFry7P!1<j>2$G@euPoV*%A7znFa*0sbf6AnsQ+zS}Jvw}yWtw~Pa?z!^ZfcV^
z8&($n^x&Y}7W>@dHXCa9?n%f-G;`pjxv@^$GcL0fMa_nJ$cA2`NXUkC%7Spp0zYv@
zQHGwfhmm%J$l^?zx%q6hFYQ&F@%^oNKgIg?7NYp_-T{;UT_;#ZDIEYFEGw7JHcJ%h
zi586A26)BJv`xtLo+k3S%-HnP`}lH;+Wgv8G~%%kfq?@T$m-f8NZ-|u(Zp~Ngermp
z{|(ZO<oI~T97Ji*?u?GWm?OQcT#no<8^O9O#J|H7(c{IiWp*lS$^Xnw9)h3mg9}##
zSu1}_2h5!53Um`IT2m*Q0xQ?WILZoLAeqh%NM2`d5&ucvqNFNP(Dw%HztC|2N6P!x
z<y|I}-P@jq{FVa7JT8@eqb7Y5P6`3}Sc}%ur(&I)bz}T7**K_(L~^E2wP%}@r(q(H
z7wt;unv@cZp(2tmQbkAlH6rf4GP7>9kUCVv%IGOhYkve+O?c=4b?F(7nz_{9-l-3f
z_s<&El!VChicWpVVen-yY2cfnZ#f%%_;s4)NClRe9yr3l5w@0faDMZb7Y0XjV^z8)
zv4P<*$2iKDQkC_{iRn3LC!hTDXfdS}&?LRhE-uw%Y*;k$D?;XnD5E2XKx8&9V(DlD
zK;dg&H|*o^mzDQ-isN{4O<$l0I;fw-pb?H5d)(QwjTBWzYw(d&0L2c9wJ}v>*O%G@
z^yoqT88(8A&;0fEH4DSxg7zp`iY>0O>s3C3G!czURG$$}HsZGiW2;ox2VzyhdD-t3
zlD?DW78DsmrBPH~FVWXIjQhvIaTP~K1BJ)GnxQ@`%`?Af+_E17^`9O@)kg#h6UU7U
zva>Bh9iE=ACg)Gdje3ixnJ=MkzJ+G+*PY10eqaA8kBw(F#EwwuduLeN1a)$h6ifQ?
z%EAdD=&H^d|9cf_ur9kcA~xjevC=`-VS_!lEKAy+_;C0jzcQXSN{-53>jCyR#wMzm
z;H)TnCvK{Rj)Abm>wNj!3pHBCikYiM0iwjT^*01d@~q}=<MGs9Q;N6Nue0vs!q3@$
ztE;y&d%z&^p-hc42cl#uDsGM;XLfkKU#R5CnuTMICYv^^Sht{JGW<(U!(NFD&C`Pl
z)8>R;%YAC~rwO&++JxS-1m)lsKfSKM-D(o#c@(B4`OQ=A%f3$LK6U1)TIN~A1-h(j
zPK;(54J-NeJRG!aYC3i+FQU^)#o^R|ifmUqO;1wAcosRa)-30V-FQA7KK?ClJ1n2h
z5sR*^?7{D6z*PaB*d9?$S}C<xG&`GJ_~4wUU7#nb>}u%EP+BT1Q*QHowP;VYK~NyW
z;e46j?KUj&3?6<#(#C?gRkj_I*iIQ~(A}v~&|M7YzMd{<`hK!S6y|ne45wp>o@ZR}
zK?~Cc(L|75N_(M8@7ljFW;T8Kv_e?HA^BA!z<GE+4AstL9ltXFbOU@~+a+}qoi(OR
zpxs_oJ{&?vF;<uEIOYVh@>-fvThR%(D<1coF-&Ef3pxKDgl7oOVqrznn0-uYzUajm
ztd|DnQfwmR>p*=wt*(4j?ZY(VXSafwng-|(ug`8}6F^1tJn6Zj2{3NM_tFF~-|GBp
zLQ_f|EdXS76NUL*O-jrQT-l&z=2JYOo2}h8q5IY5+4=8K!Xdfavwy9!Tjs8vtRAA;
z`KaKY|3H{56K*pqKyuDGd8p%FLnC~4f?39J%M(YUs@tY+!lb)Rd)b28HhHoGk64B7
zf-2P|DV!?x$<k3{1(sGZlIqPj^*1%w%7)@GsQQAjai`V-XZp2uvoOiRW^0N#$mBSG
zYnF$_p-F)j0(R>#(*kW6mg+C&Ek|?U;rqcnV{Hbdt?sI0@LK!7fai!&<wXKK&DAXX
zirKt+nAm6HNK`%pO0@AV7jVH79ZjLD18&TkqV0Y>p@nId7A5o*d(g4<uZd!Jxd6`6
zF#0Daa4)JW=FMKyuYbbC_vlxC9}a~jq%)CB$*zGq*%)fh-FheVEBPm1kRXW$Fem?h
z9f1eUJw>0>D{=xkGbtXCM+Lmz*x~#s(0HQhD+m)e9#PchZxfl_F*f)l%ik!s$6t?7
zauNaxFT8qTwM+S5XcDz+bcCIsisDMA3ySjQC@a<AFxEN9C#0wv9&<`$0(iUvSch@D
zBJto@(RD+;f7K{c(tuJF2bqZi@3(7rlXC$W`2NEwpV(c|IJx<tXj^y5h-I0zb?{0*
z2q)@o^dJ!vdIEpdEmfTT4YjZ)SW{u%#lE@gl~Jj3cRZupJ(D0Utk6FdX!fkWoyRfO
z&TRJMz|H>1&6+76vE^1D<j9*o=%Z@<2KLb3?50r1+&GF%keuZ4WcBu1OI00g<BqO6
zJvhN8+Tdx-2Cm`h8rmyv&4BZZvusRnzsQ+$C5^MH)VK*G-LFV{K`5zw?{dS_ou4?#
z?N@tzJMH%q5f-+^r7jR?->(V}G<>NDYa`@6$uo8uBFm&i)8JNLa)Oe0w%><EkE3?3
zy$d#tWlzE8`$cW9X4;kK=n&|50IK2;P|?P(qMb)YCy$O<775#Q`ftdcXEFjh5ev!^
zk~@v}QmWmR>*(Nn&)<80=RGlU_ZzpDl4rx#Gb^VZU^*E)+Nh4_`gZ5K0QrlnMpjU_
zGGutZJ?@pm<A6mkE9)a7PATDdZGTt!&ThX)hP>0K-oduwm5pOkF`u1H$w-yKR_5J|
z`CzeVq<B113>DrX8{Mx&d^4SFc5QelT|?bFU1NU&Es9c!Bv#t?Gp(zQk>k#=A^Y)L
z9RFvNoneuLM`|;b68DCjZ$`?LskBNSQ>5T`QrrQP(Ps*YfpFxA)o)|Oo+4Xn48LOG
z&16OVWOTEm{%1wg%_QuDVzih<MRwka&u%r6Z;AXF8qAv_@2o_y*xqr)fRbDem?7FX
zGwg{9uNW~!ZiI2cgSaB9v>dgrzaQekiI{rEH4F&jcfzI-q>8-0;-Z^KOLIhwvf{qp
zNX-$4?nE38{Eqv6Q}{1J<P4-UVxHb{<)oLNcib2RqlL<!v1o;f|H+agmWTI_36tkK
z$8>V(fH$YKBMM=^hViL_aG7`lu01?WW^uw!ikF=g-=8fKH@-H2x}0V_NTXIfMS`(6
zE|<be0d_B}LOjVVEHNd|jSHQQh?5Vw603@(aJ5oE8i-=5#KTt5S$CE2wu2;07|T6v
zMm#~6V1Fl=H|?KPxBpjy(4?$0yCTM)UGge8#DE+WV)VL=L+1s91cRHT3aiAcbP<{S
zh8p|?{Pr^;3y5xz*Z-6004iN<`sP7-(rf9ZtwPLqa|APEiXABe@j3;?pXTNwQKlgB
z8V#r*@gBj7xLMcml73G}YoZXHEd!^^vQlC%V@D6D$8#`D<YM>1lpgD>X4RCE81sq)
zX4pX;K^#?n7JFm;^A(>1#b26*+@DvOSFAcS&vtVA?p0J77`n{HmUvM_gW7(wUa%9P
zBJ-97SAl|sjuE$&(4t;UA@w{Wux>|zO4=+gVf{Y309bnZ<(VN}MYmJJb{7;xdmR;3
zbth3z|F5N*?8Jv-y~5%VEVc!DO1Ii-DKd5s=j;Ao5po{ewWa=lM2N)E;pTh6*4CDV
zeraiYtOU&#+t?+Hh`|EC`gv%;C<`ayXQGj9s(UN3y3&$@5}kzqQnd|v26|~MrT266
zZ9eVcSy*D_q2WNs8EG@zM~zjsg8CEZ8F)YUSqy`Buqb8XxG)#jBHY3G)kbRJywr%V
zRHoS~asV>|hnx9qvVBooebGCX5X0aQm4yI;mHr=x|EobV5@7JKv;S9v0RI0q2vXhu
zYLMF^<dgr=AYA<`|1`+dtQGS|up$I9hpm#d9RXl%h}p3mffDh<J^_0rpED;ZJXr-_
zUby(&zabDb(kw#{UnZ%(JeC6S#r!^tRE6CsxI#RXRcfT_HU>FIs46nd(6XQ|u)A#D
zp2&le#b>%XM&_yf-{uoW<ecc~38JDZ0r5@xsU73l@vS`(%nMEf=`40@v8>+1Gf_7v
zcVM4;P%k5;qDujRJUcKyFVXL9B4Rm1<na6F1Ez;DOp)3Gk^pE|LhSd+^yG*|R5wXS
z1etw%mmads?MS&kx$^^lW^^O(kqe8w$oa4#`|03US0_DYrw2|E%AtIy6Q6&smm?h!
zBX<0iu#WyU18Az-UYP``Y*OZ_r8t%VXd9_N^HyJfA@Z^EixxoNbnaUikkCKg{}mFM
zBg51q$J*`rn<V}O<pMbaz*Mh)X#n@WY78wav-aK65PjozDyGWEztUXzLK&t;xzg;O
z-lrxn%D4sQ5c&#Y{?*~?KL7Q&I9|Kb%-K=X&Gl*j^t?E4@pAZi-qC{GQYh-i2mV63
z1ggLt0*Z@XnsjD)-*_uqeT-~mqKrJ>eSlt;k0$4k1qU4y<_bymxwETT4(8b_+i^Eu
z?@mgmmO=+{v|q8tAw}ycfJbG=R(^y9Y=Gt))y!-t@0O%KfgguYl64Zx)3jpsWFvc*
zs11C8fDac=>ZXuyQ2j*&w%m@hKV*ArsSS@m&=*zwj6$x>EjT*4p6@)TY$#6t3OVA<
zCsk}Oj;Nl8mhs0+$lrPV!DLR`uwi`&=t#l`S_4TD)dfKG2w{??9?_EwL<Lp{slBg0
z!1MdAQkXE3+4nrGHY4V%8x2snwz>WL89y&tZsyh<t|t6wM0xqCKS4+bvvn`2{!Gab
zhhs<LCk5r#vfja<3h7Z|0Rp<u&I`+ro%Z6?L@%!#TUya}aS9z&xG=xO>?O2Q$A!wc
zV*x(Dyn`itBn$4^z=9@PDbz<v*b}bH(>dIt=pylRnz~rYba=jeRzqL}73tIyaWe#Q
znzMNZC6S>0y?8kpyAKa^WVdiH=F~KEYT$t`T<gR}9PKI%U0YNi2fFPo5`#&0j0_Gi
z;(gq+PN9b0Mn=chtZR-kUTr@ohp$maYyp0&1GSVVM^FPt+~))`@4^@P<+y3LB{~yB
zCezad3wczG3XHhclxZ~*i~3s9FqTKg?y1i}U{vm!Lu+<ZME9$f1ydw9s+<6-!t&{U
zrgmS$^J~DmD#Ab4)_+|DxEZrW;z=Sm<M8&>*%;UU-EXGPTKlmpGIEGVM874uBV`oJ
zkE!o68HMWV-xXFg$H0LRM04tXRMrJAfs_F?I88fZI0Y%TTnPG3VPd6lXRCtI8AJQW
zU>*T;p7vV&2yA7ONTJBa$jYsFG+y~gt-kKg9mw&mG)Sr>6@+xL;4oThNNX{M@m2f|
zh;gziP;R29%`6N!g84VnP&{gT`RD}i47YPe3zQh7l&$JjB~RQ_&Iab@rAh)h1+w5C
zs_`d}JLrcRF!#}f8J(h57V&0QykpD(j~>LcieYD70o+kKhFz-EV~v5_pqx}=PQc7w
z!0~4JxI1t_W;l=nsMQNVX5$o?b>Td|{!UzwyPGvYGa|rQd8BQ`i4%t`bWXY=B7hu{
zhW6|Z<9}QjQk0TNzQd<OF*xlO8fS`^P1zE)aj+3<#90|2{K^_ba+Goj3_n^efnK0|
zU@4a%XGzx@#wMnUQ5{cZobR_p=a&oHT>k?$&)aa>fK)2CLRv?cEKiY^2y?L@lAiD_
zOfkAAUZL`@kd-ivEvoFGrV6YKQFClRoZ(O&5Mv`lX5LW^`6(dS$DrsT{;CMm)9e;F
zFX!P2pniOME2w=5tP0Gw2&qyXtN5i$T#4SmiP?a|*W?y+RZLuY9%BY!%=(X-ze|c?
zZ(ahbQ91?xs4;F9RQ*SdvCDtdj9HF|I6-i;#$5mNq8HpP|D(p4$CtY~JE*jUn%hOe
zo$Bx`*t=l0EyOY!t0icZ;dB;9Cq^nyO#!*9G`yxoDfJ5LKn_ahNna6J2-;uHj)4DL
zX9An?1FBK{c#HFuN*^{tIAtuCdaPxP;vG8^;6F|@C1o-RRJ=~0AIx&N3Yr>RE#akf
zd+kOvp#U_U0PL?wuCRjIyW|f~GzA^5jR6B|7*swy=W=zJdcEWVA0ED&K<vZMTm<**
zuimCknGEU7ReW23q-EZgbkQsA*~LHVmmA2C+Ynd}<FvBRf8kn)HJ71S1ENWt#|n=g
zLXFcBEd(oQ<S@#XSZhhC_YOGB(WgO*w?VV20x>oNGrnkiUewB@txf!FZg9s0_CPny
zRxcZ<N}g3sb2(Nivua8W)o48#tU?vf#cZT=5$V93>R4R@STzq+QBQH^6%JHkGBjfP
zYoxZ7%=#OY-XXKh)5RF1S~~(utsRWkadBX|mJZZmh8W};j0^yM=(qg(h}5(;=lYZt
zHuW3PchyGgj*JB36=CR1?8y1=b<}^x^_0>l#9jj$)^!dsu;)Qh3zK-{ti$O61*qb@
z<7h!JLhJ7`paZS9%+0xG%Q%NpmWjn1b=va^#7={cy8xUx1}GYlMZK9q%R`(K^(XNQ
z8CQw9Fa~^N@z7>ui#7`DjpBZhlK0!B9a#$PafjJM7?zN7ET!U#?0t>T-uT`Z{KCu4
z`q#w^;&E472pDB@_@-!`#7HmaYKQ#5e!5c!>F+u6K*{QAo?<#Qg%xT0q@DdmUqihO
zgKH@rla(8-jF$^VtCn%k8GJ!Fu<~%4mq~X$nl68<M()$s7Z{9hlLfZF>{l-<II*+Z
z{_XK_@#o}d<K=`pi!l7OlyYen8pP_Ys$tMY#HBLO`D#gXc-r6|`=P}r>*qs1{?TUq
zA<3uhC}fPK)X#-I->J^?RVZ!fuCc#7>!rr)M2p4m1$T*=S+KvH@n&}gIeXY&Ew&YV
z2{gj&O!ll+Wp@oRf^=49e+Dsq2C=_Pw>@MgTDQOhmvNRPT_^unK?|N=k*~7xguO}y
zn=mm()Jn*{_1_TQdiD+?7+`%y)Lpfq{;k+0j|hzyrHf1)<F|3$rBFGMiT{NI<jaS$
zSSy+sO+7N9AwoWNXqrGY%wYq=-uh~OOOPuoXrI+oxI{lc?(tuW^A0#fsDdf6n(2sC
zBN-Ze^DSb~Hz`fSmHd9KDmiW}@47qufigt<>=CHDGA5`4K!TS3PQ4fuDH{bR_<6Ch
z$MH5qQ9b!sGgb>&nsoH8kb3_Z{P=0w_WG?t#5O5?$6Yv+PB*uZy%DehBU+9_cQF`M
zj(_soYJPN{3;h%0xex$J+@MndCiW%MCt`qA(mCK#dwe2`y-UKK!SNL63TH=0>voE`
zL)a^Ga16DbtpF5yp2CDM)y~`c56otdpu2wUWC~jWc>TfdIA!9$pEI=~p*s>l+5>d+
zL-m}UD?R!P0$7TZ^!kD>>G5@j&)+DV9%DMn?5Erxllxyq@h!>HOT6NWZ9MV2bL@d<
zoHm+7Ouj|9*ZFrsXYp>*<&^Re<NF@Sp&UteV{5EqWqxp{@T<LIUMK>pI|NH#N%bdi
z$^B?fa7zjH-1v_<;nau-c08Ht0@(g61$c{-o~ix$MT5er#wB}2t&&k&{gXG#){Im&
z2T5_}WbJ@+Be@}I4NLW*0b}qwqgx27-a})ggFQnFux?t<jM){#Z)Q`?b1d7ppqDs9
znrR#^!|$rzmGHtN^S!QEGyjuXov&W;x4WUJc4(%D*NWbSK4nd8_~UqvVQ9Qeacc-x
zr2_Y;G5MV0VPS{WHKn9uEnUtfk^jA`B2!Vnue;1PGJrw1GWonjaSO~@xgryM>atzs
zkI8%{wlkYW6`0Ir((+o;zZz1xcCfN`d3<W^N}W9&=)zX2KlL_q#M7rygJ)gO>yT4F
zKtUJquZP{{6bzXDaUuWrI0mD!Au*4Vg>!T~Pw3;tFuL%&k(&Ao!JVb{g{=xsi-Kl%
zi$2pjkN}VS%z^>{eNTOj1gpY^iupMg3^N5dXl>{Gw>bfGu}I)R_s-;z31D+ZRXc45
zGR{YuOyY<y2HZn7WHsUDAbKs<X2H|^Pb{w1;@kBo@KMIw&nZcHV%^(`JgrbFuzCH!
z70~C&qM+SKX>~8NZY!!xnz_Xa$f8dU@?U1>_L!N#H92ABrRJh^c$pjf;LWd`J9vXT
zc~!3o74YSSFN^d(&Egickre_G^YQK#sH?$HFM7YH^)_$aFZSn~_943{>sU49mVt&<
z7z-A==oCeNk=?6U51lMvd_u0p3gG1l{DzYfE|w@`fkqThL{dN|(@l=EUL<=DRDrrO
z{kO@u*_kp-GDN-{i3(k?SkPUTD)^PP$?B3$CZvul7l!y>D^-Cit|@&f5c~xJ>t3x&
z6)YKoG^bFGgz>N9mkIuYmYd3x5<mEDZrIvHmv5X1tG-OoOJ_hYmRhHFhJsNg<t|f)
zU=R&48VpOm#k@>9R6JW*2DPOGAiXT6J7FBjjV9QOvDm5ao4_3fKqEM_4&WIa#s^p#
zijB<lf~UrGkM#D4xa#rFgI)9X8HGA8njnRYrQ{I9-6{vA;Z5>Xti7uGKUy21>cIa-
zl_i#sMWC6|3FFTcqXj&ekrI7P-PDE87@)dTYyCfcePvW!LANFD?(V_e-Q8V+y99S9
zG!P&Vym1JSU<r-8yF;)vO>l?c?l7HiX04g^X5QTXQPpcz)sK6+>+ZAfKD*9gN$*u)
z#A~o~gryx2QOxB3(h0$o)4O0AmY4_|k)ti~b^dmMRYiPLO~TTixLYUDQN!Y`APHTE
zxwt@A23UC+pw=xyTqnN=ocDCPp1|{G;ay6>0v$K#m-FJdY#A*lsO$YM_{OP_)L*3H
zaAR%sqP@}Z@lv=b(7wUjrE-Oi$HT9wQ4Jlb^-+pvP<)OZ0SE;iTrp8uB212P5>HVe
zaL6uxR@|ZQi?P2qXP`z>4_TlZAn0U}#@d<O@RgS&ZCtmsw5^>a{g8%XMF&Pkqm-eq
zp%F~~k&NqMBLnKJHdHF6;>QJbhdc0{Ix`1C3@J4vdKey&M5Q65p@4fmm!*xaa>UDB
zDqm^qHimi|R&tXI;Q1784=_9wG+iL=n6BPEvm+4w$mrUVl&hMom>1%g!Yf1!T6Cr~
zaw$*+T?tdl`_DItJr(#4{d%n@lme=5vsCcssvz^}wCg&HGXWK!6;}jqGt1^6d0M5Z
z(EmE?7hR#<5FKX%Ic6vj11grzp&V4`lc8rXq3b&nj3_wFIDD_e=dUw*pQlqlhFIm4
zY?)X0_1hGrrjZmK>>%CRDg+7MzjUk`j!P&o(n)PDuNa1CnfKc!N=XEuZ0aa+j8{r~
z#FW5>V!kh+F^FP=K{DX$CD4jX5-iD_P}#unIwV7?)224fJ@K9~JZK(bj=}=!A!};K
z9YO$Z=$r)k!jR}*K2axe#(sgVX@5nsZG3zi`z2fP6ziYdaZ&mo1IM4_J>t7hXwos5
z%jvVfZP^aWm|DEIo2}&4K=_+V+g(bRK8WT^L8n~0ZbZkJ#mkL8<4M9^Qsd<3aFuqD
zc&es@8`C6(Vj^a!Z~{Y$N0l`bAyNYm(>zkQ2N1`Gn|Alxsz$XoV$i<&OEXuBy9kKh
zdS{LyI+R9Np7E2HLEqRnQXln|H!t*19QgAhCyWh?7CpK+FXYhJM^tuot@0V0^(_jm
zs^%HnyHMZig~BTAd2LbPHVX-S_6r%zlp@JxZ24C*kjpBpE~ItQ1rcmy6(+5O2<EbK
z;KHfm3hw&~`$Nl?(aENVU*Gay3>=fGe|QLb*FHLYgF7O|09*ch)qB^>){8jek33K}
zfz1&TJvGKRd{%BZ`?K=%hMxR6;`$hRNd8TE^k#wyjjkjPGAPR6jj~W#y=Pw=z647F
zjwEudImQ(oLXh3;{-=7gsUh+cgtynx>PZdeRd3qHgcVREXTgZxY7>}~%{6lUX^@Ua
z2i?6Zg;ln1yI4-0oLn`@0hdL^&k$#jZlbx-)5rkdSh^kazI&ueo9tc{(KEi6s6XG9
zgfqDh2=knk%Cpt?KBm^Jis<9T6TMF&6T2Ax(5Qe2WnPBx0Sr;6vJCb}&lv_`z1$@q
zx%~K$H+jbAD1CN?A>ZlvI{>g><(-W)15vKDY~nGy3Pa}F()=njJZDg%-HpR@g9Wgq
z`6wH|$42&pX+>KDlbs0N$m|M%{=pld4^>w;dYsCy)$(2VOAK!Wf!kt^Xyx~Ss6Svs
zUDJ(u7?qadY`ihn_gu6Y1`^<GU7`4`1yAE{bZr}Ng0EGF$-fC5=znmPVxQ9g09#bw
z4LLI;SQ>xV4Uq8hGfItn@3o&8bJ!``0rDL(1m<l^5}N*!3DIkNum2}+&{S$AIIFD3
zS#VEpgF#oS2CbZd#*<4mzr-qW(Y<uIazPlD5=iDq+Yl1@IUi4Y8lyd5KM5dclQ{e2
z<V&lzY&(B|VV*q^6){jSzwPd3s~09(I#YQqk}$WA5O0pX8GL`}206;$-g${1WEQ9F
z(&!$1m_LMda!VUb+%&Z@!#h40U?`Yc2t9WCVh-YQ+Yt$~cwm@j>!t|BE4Zj^3pGb?
z>xXxGQXpM;E1lG1=X1BkapD$4hD~DVSA4`VjT%%l!1QH=H??{Cam}>er~8dmV7VKw
zH&$E<?JjY{0J0fdEfdrhs6chjQg&P^QIz@lM?!fXqxdH*UD+0Ghb8W?2Rn%>G9Q>x
zwd>Fdt(=PqC9A*K#Z*B%=F-5>7St_{E;wO9E%*3$pV>A8Wczi!$!kWeUuxgb0FQm#
zVdUibFc54}v5)g=w}I^G4dV+)R_i*P@B~7~p}0dVPnYwmgInWt`mb<Br`RmU0~~_p
zs2pvY)Xl;oL)lUz_bJ*+d!1VO9+CZXXA$eRhxsd&<0_kUgYrBKn=F*NAV_NGUAx>M
zn=9{k+Mvmg#rtwwG=Ljgn>5t{Qxs-78BRX;Z?xSv-O&_vW$xfT{$IBtb0czB!F6o;
z-IH?WOo_j_tjzk9)R@re84#4OoFZuiLJ(;;(1dg0k}~w>89tE{N{K4oULRC)J#=2G
zgi);Z2%cgGex^dsYpb0{%jSwT1-gjgH|Z)AAvi&`YS8=*P{lgRTJ#N2MZ{gV{n22&
zvpbeenb&F8jc3ELqYxZ$qiOrCy9`=3@hJinPhI%yzEu2cu-kV-Vgmz3d-?|d^6yq4
z)F?!99X!|D1&D5DfX)W$M^6w1PPIX#X9C<NR<b6SYx>{xZ^cK(zlfp})bgQ8bmKlo
ze-jlZN<g6R=V95xR4lkIr+m=9Y`uDIkz1m8hDN9oW@BAJRGrEUnvIs_;(ug%W{dq<
z@fAS!kU(EnwanoS*~F8<B5|Uic1|j|Y&=A8Xi7C_GNCpzVz$`O=7;BZx9{n6yHNiQ
zeE@f@>09-ubQ&SoC4DI}fT|DD2V!B2{KD{=K0$C~*Ogb|AEH2zeYQ08htOF{hf&%9
ztlfO$?i-fK?B{5=5>9!SjqA*Nzc|>v$4}_IFt=yjL3#^x>##?79tBb1*O<E=G{`dS
zOm*Vy^*nyH4+Usxu%%dsAt?D1X0EyTb^r+;hZJHN(Y7($y}3Hj|Dt(F6nnxqXG~qv
zU_~Miv+*o~NNE;dEna>s9Wq2WRuomoqWLxHChvesWz0baGUg_eztH{c8@nhfenNtN
zLF3lWTEPa5TRSvv`?2l3SdYo*Q{xA9BZ&@E<6wOGhGw6csuQ%S_XN2&)$7O+0*qZ;
zNenYDt}>w3jUYn8ppfaJOwrD(sqQDFrnQ?VvcRQ=T}axEnIcC&<lP9?TQ6<lQK5&<
zUYBSc#zRS47Mgz$GvVY&z>BT8PI~2+x`D--54{V19EGx=q@;@-^EY~0t7(Ug_|+cz
z9R~@4+4tJH@144=7iN>{B4@xv?Y<l+mN27(?{?Jq&*l4dn!nB5ybz3_#?UMqM?d6z
z6s`db-u4P<fr{wDN!uR#YaSTA{7Pls0w}wDoK{BJTykz}iyQRD1I;#g;)v<y{FAYH
zl$xtMlH@Q(FDENxaK0wSOl3+L(}^R>9U&d+sqHY!I|?et+zuDhP<-ji`tk`J{iZ}+
zog^qYTYRx(ZwBy5sn@pgw`zO$yfZWCPl<p}nc%#e5;<D)5SiNj;q&>ttE<mN657u?
zo&elq>U?9!oC>A2xmC?)gB%oV84jyH*j0|M(oo%{7z3-NZP<xsJ+0?uHTa2UBg9O5
z9w{#4%-LJ--g=vT<(l7U>_2<!KPI8EoAwSCQnRy#M+TZfOcaqN9gbZMn+s|D!P9-y
ze+d1Xxz)I{up{WwC+eckCLI%Uh7hNJR*WwB3{U<^M&g5aRur-WWT)(hG{B>8v5lWq
z_*)g=`CBQSX<;Rh1HxK^pAO5@E%%#|p5oOZsVHuC6}MJWsVaBE^I2(Rwf<d9obWPQ
z>_M8Rf|NBd1d^oKW6BIqs%#q1c;pI+!}>Jr#{$4_M#vX3@gJ>SW@9m9P!&n<DOCqq
zxRC}5Q~0DMy#@ze@eza8zW=l~CO5@5K`mlk?6<OVz=6k|sMEkF(mywDbah0?SrSj+
zML2WKieU2OLE7XW(Vnl1j>(DJCd<z8dirEc=KG4kIuI~So81_nM3b7gmm=x45!vz;
z164J*m-jX^l3N}Fi2w`Gj*FaBpC7uZhCD`KToq2x3Q(PNjVZIAIvH;~#x1r#S>Ou~
zadt8ZF>o>=y1FW{Cw1dO=3w&&T)zj+)T42rA5_fLBdQ-GW@naKP*M?#X3knClTzjZ
zK}>N;e%>>6nlVWn!Vi-oZBaAB#Mz?17OUAg{h^uUpF%!Ga1aBD3CS8BfQCnD(SkH_
z0)y8!#iQ}G+>ttnG;;HYhj#6j4S9m%LVx1Bi*x(=AdSImQ>Xg0<Kw;hNet5Iql5ob
z4^fc9O3!t_^qW{9Vpv}iOL{v^?S4t5H+jDC%x3y4OtiUZJIy-1Ao$7W#?MAE{n?d~
zjqD4J(;wetX74OK3eG>4&4eC1Jc_32f`Q$!F17Nbzxz&kwpQ@y(=dMgMxw#?@kQ?U
zd_8sf0fEvi_!DeES8<`HM^Do#&BDX4)}|lCJ*9Rbosn>Kueq4TkUfouMmuAk%+M~X
zJr_&VGKdS<e(e@bFO)yqhUvy(!Gx>~VnSG!J@nj}ZKJq6(MOO_(As6lre4=i03}k@
zy<qV}EY!Wcj6fqX(hk07wu&^4_D866DPkfhJDM@loFtK*^&>`*PTF525sB#kfP2$^
zqSUFl=<~%mRl<{)S9a|K9yj<A6dm@QKaY+`k?vK+-dW2cq1ljH8B?Omx+fHKSLtaf
zOSg8&(22%>AoK)U|MZmrmWVe;p7s-u1vCR5x4fv}E~|L#?$63tX+jICWcko0p;++g
z+zL}w%533SqS;+nr(q4jYojmS`_wAoCf?V&i*T$|mVpB<;V>}KZ=A`=bzFYmk4sL*
z5(0rmDZxbTE<nLa_#Lz8^RcweFeP$>$lFi$SOf#BqS`syKZFifY?~x)ggEwBCKj+V
z$oxpD*%{ATrGu=f3RBv|(Xj<?oC;gJIX(E}x(S(fa|3G;d%{CdWPM_D7JLSw7#Wm$
zlQu!jK=jp@UV>x1-TGKR7XTQENwmM-w^bZ=_;&|wJ48ky?lFlRB&1>wvLYn=VOD|C
zg&e{}Sz^$4c<#SQDVD>0H%OG582J@AN1M+4MyL=d7}2dp`qH%+>yScQv95zZLjI%C
zsmRf#qvnn3$0in3lkO2uL(NV@EshtS3qD@Z`H3&u)?e~l;O`9LIexUv?qWzMDqc6O
z>J(~u%*953{~Y|S6iO07#gdb_S>TB-7H;|hsWL7vYWL0DN2Jzej-j~FV%>>x!J!J}
zFFz+}s6o^$)A=;GIU3b!PUfF{1{mq!kxPmq`~Gl%ndqLxnvlpV_Pq(U==%_E#ty}9
zQLG<$1PO3Vv2|0{0NNPe`Pdj#NtU-dAo8}sAAI<cWRP5^{*iiRh$rZxRNNHE#Nw``
zv6)_WrYm(*?PxQg(Ra<Tdmm05V#Xz?^xcJSE^9mZ_1yyuD$M?E1m6EP0w9||<IQ`J
zb{iTHx)Er%K{tY-VsAuF`egLjiG#k8#DRa0%E8TBZ_m~)v{+Math-#RRV4J7Z@tks
zOC?@jhgYnuvUmBjtzAm7!-(}Dh$H%BuRtA&w}Kly4h(mnNozut^Rkdcm7HO8<{6Gy
z3DHMw7+wML?xQlAOMvi3Lxtk^<qxj1IhUSa-*)Ynd+oo=DA#h^;=HPpeT}p%ea^h6
zH6@n%c8q#A@kXOa@mb>$$b9`Z{eKe%^u+&9!XQD40LFmd2d5FmoQ*6s8G$%+GaxmT
zMChj&BjZSxyitQI$$zK<`4$dajWk&G!7DfB9R6oTi(*XzOhS*#ljpxO__KeH90j*M
zC@!<q*r}Qgl=Oaa#dk+y;rJtcrOB##FBo{1!}jQnz2R!iIrTh)e_Ff6w&}zX&h~Qu
zzCaB2N3ObLFsyPVjPZc~QAOpoQ=^D7U7D~EeT8e|^Z=Gdpt|s^NIH69Ba80_4uD&U
z1oP0!Ni(HK9B%sWicLe(zbbMx93lYfTqNR>2}=FbLB*~gE_>nzW)*h)W-go~ri{Y%
z(rKNBugkI!Z=&_&xUT=J#kS?TY~EH!?)eGj29I3(A#WT_+|b4+SWHZkB{Znb-Z!~>
z)U$w%H`6D=mB+vhaMyy^*4iAjHRuEVgHSCFPzcr91SuVWLMT(VRskr4G9~7&BSvnS
z4qgs5BXL!1k#xZDH*BVoKtiWJTDsMsaCTGVo=5vofc~NDKNaB!lib&{M|b5><&SAQ
zT}dc2<DT<zlQ4d$($3&U;mfQ@7XQ5*Vm&57!9gq@v=!gn_qJTP1DNh=yVDP!<saD-
z*xI@3P^RUT)l^RoJNPeEQs5gndAla$4V;uoTMAStyP`<COk;`7b6j9@8nv$D-SK{%
z%;x3cz2{z9(0KWJxtMzZMOeJO4th~uT4aR6T8}v2yx5-_Z||CVz?O>^7K_tvnngg+
zp2K##VNbP=rs8q??d4rhO$>>}qJ`km;%i1*b=UJ#JCdI2!YfyXFx*jijfa_~>EdE$
zk4wD!rFS;k2O(oHE)r>0(PRR#bx7Z6yxvO!@tl@^3r9lSHQm9S-(#&mW7!A7n8mmJ
z>FCS-;WCE5UrvgY5t>cMosx5H?pH5*`;byijKa1h-H}r!Gs#9VTT6(xA^h|d_c38e
z-GquCy(E8!U%5zIM+6Ghe0W=^8CoGSmt=s@V2NWOJ4s1O|3!hS^@BDOG_ullxaW$w
zg9bD(bzrs4kQpp9SQqrADXlusqS~o~+;G_TV9m}kPg@akk>r)|Tm!!aAT=JJG?GIt
z2`uol<XiCve)iOSNc_0Z!R{d?7xwjD8GTvI0{(({%3o|(Bcua($;jaNqiGdvG5)ha
zQS8LvX9Jhi@B97ah}Va2;pVoXHsi14dh>QAXVF+l-fYl&Eckb^?{rh5z4{BFOD0Fh
z_t6PAo!W1~fYe2E%G+;8tI`jj^diMBDJ0FNRdZM#HGjf7DdA3(M}x<13rL}8W439b
zZMydmpGMj#J|toDIpA!;FlSlshk_)@9LkM^zr^@XZk=&^`>Wt(&rE7N!@HTvP{{;U
z4<-}#oIaP(%0{YpS}&&rVG;5>Dp(QnY41(ac07cogqy{%2AyFd5KA;LSQ+mz$mb%8
zwMFTCAJdB8aTG0!pgYN54^3wLT=gvk@qgJ{?;F4W<p&shi=X7IhFnG92q|!(&cpKV
zBrFh^rsVuRxK=I$UoRKG_`O?Qyzx8Pemeb)`iv7|7+ha-bo7Uo+s8c0-~MxV;B<B6
zaF?si(EGde_&%oZ*^yNGr-b?5T3bnY{{Blo=?YwFwbVK&N2)!+>4s1QcZU_Oa7Qas
z8c>y~<s0W^T_Dr$&qB31`dRQXWd%)ragYJ_&`$2@v`M=!sAEg&Tt9%cMTxqy&t7Z;
z%F1TgCwIrvjRO`D!rWvfoA$K#bm7N~aFOdHMNp=x9&yCXfboi%>VZuDTuJfT{C7Jt
zYo>w3ovE3m`M8l+cYl>C%<8*q4aV8Y-LFIIslcnu!Uw7);!?Sqdh+wAY!&qD@Pw*+
zy-_~?4X|<_1~zwJW1G`O>u-&(#sUv~xV%U?`RQzPg$V7_H|FK#Nqk~&5mp-i^x?`o
zOA}mau~{X^?jna{xd(a20n+hMBDQ8#Ta;`)UoMAJ>(hIBuSYXO6g}x0e5NV4;;xD`
zRS)-nqaa^aJxWh&lxEh8rs1KjmS*PVqS+hrMJ(%*_atS{F}tCN<t{wXlPQ>nYl1my
z6!;mklg|T1lqgsvW15?_@fd=B62^2UHf_@S4{LA_A#tk^tmO>Hxao!gur`FUyH*jg
zr^n3orAtD0M@MH_$R;vN0(VrggbER?Ru|xSsk#Z6v%Z)R;lA7U^e)+SD%{Mt?iZnZ
zH>ga=F&c}J1&U@LrBxY+I*jtbjBML6w>}J0)F13upr@Px(TXQxh3raL2F1;Ez7xGC
zt`D5OQK;jLzA8wW{x*L)_5kd}<O;6KO{=OpnOXlmr*QUK%C21tlSq@nsVu~jUHaJ4
zW$?KG)4P0=$9!*dZUj9Y%K`h$N+gCGEk<o|E~ey5ycc176R9`1eM-GEo=X~k?8hyz
zG~}Nn2&G81im@5)mUTvgc-EsYHJsbK@~#ScfD?BT<#e<t1*31TQSD1~`PBEQvUN@K
z*G`5O1gFo_<#go}+Cw`xejaqe-h?fD5w*ei8foVlifp{{F<igGLBRF=mpW@n@?<B^
zIe)0rF#*)Yw`icWDD-PsO)%FL@^JYd)mx?r3VU#?{i$YTJF{2h?H$vMuWSn0I&b;W
zVXOF+F2}&Qa_FxHthD#%&gs8<4IPd=#RX{_`I|VVTJmN?#ojgl<~vyfqeSt2a+D<?
z`Hf;*eDp^usG7@)KFb{}?)IBB(cXzM)26mK`0s-RpS_Z95NFlH0O{3x<=Rj@My&)N
zj{Eh9C(Ji_Mr2anBfWdd@3#%>+Il23u>yiiCmUkl8^h0QK{?&{f&#UHb+*=+D(uj7
z(Nn}aKT)vs;qWYC)JCa0M^n>8%dDNA+v56(xj0|w1}oa_Z-6p;FS1Cp(mEnI?rc+9
z#bXR{Z=i}6fBsEuaHa4WW`=3MUuH7*jryiK{YW#75x5&FDM{F{t5<aqip##anCkd^
z@Vok1s4(qKF-@<X*KNKvwVY@+y=mZT+m6mJ)|*>a{Q^zH2P07{8YeTpf>jb)K6;PN
zY7=-2GF1r&u&jM99TOD|)=NyWvR5x=+;m>?sk>}7`97j?T2FRYrDAO0D7c_;o1;>~
zX~C_@P|)QP589{<jA>-8Nr_R~2-4J~#eE2R)}+-tp5)`8>ef>(A&htgqJ7cGQV2s7
z<{69gbOeBdviVA?qjw35|NiyNf?0$`*=D<R6=@bDNiy%QV>n9z!(U@vbWw;)VJz|w
zEIW{5r?y5w4e=0OdfpzSlo=YdZgEunv1GU`tR@04=tNgsmbimwzmgYIFl)Xe9<=8D
zaYY`Rg4sye(HwHhP*r$@g=c0@7=g3tEL*Gd5ThSX3$z^NyFtGoDj!Na<Zz|y`q-|j
zrB@l=?QL1PV#Im}91kn~PnQZX6|mc_+g780$_9K={r_|c#Er{fi)9CV1Q-%&&S?6@
zH82ql%ejL-A-v?26g~Q|el%%GW;c~A#qjoDGr6HjA>rR$#P)mNOz&qh%}kb?$ZKbs
zDw<k!A$vivND{<+`jVdrq@dpAigJvOyyb`0j?QRAD`fV8IM8_R{~+=}oG~rVIm8|e
z>$T=flyfKp=IDVY^Qqf>0d@j}N*@Ut5p;3DoXM+=WZk*cp!IRh3!gJM2PP-;p>`_e
zWC^f1oDr9tg08RQ{(&I^2R(Vf5A|Y?iG;LVOH-2&@gUX|hGlwwoOVsK16@RRb+3c?
z1y*im%d}`*HR%y}f>JeW{d9WuRM{WG5)3)0i{+X+I&JE8%z#H-ae1tB1GE(W;9y}o
zeP5*x<T2$%YTyESkp5EvYe2rXTjLx^X{Lllo&C%KH=B-u%8hz$wZ!{NjoCKa;{CWl
z_kX&Mo?pItH&uvl(+ge$9Ya}u-GlMOx69>kB`LP4qm@Q%FH-JcPsEWQDpO5=M1+=T
z>53>#gS(za%EO8;lWU&0+1>&(P?p6p0G&gi%jF2s@F&pI#j*#-f=7=)$9j0DOFYNl
z!k61Hr7M$_TSvcctt(xlVEgf3;<noyoT-(h`rFGsZpXLk(2`n_Btw-yEerG4rjoqH
zD|g#Q>wKpW@CG4FI#<v7<*O_)V_zao?DZyw3;I;Vx}e4r)@Adp@;cH}fU_!$mV9$i
z@?qAx#}`X;)AeM_e?Q@#gD#RJW!P&8MY-5(>}qt6f)(1q9+Ag_iDp3cgVE268t~fe
zY+gjuZOa<IjJW5Zpwh743GfafUTNK9(+C%>2H}#YAAf-!_4_7yr-+T|D{#gUuxfl;
z@UG?h=nvZkaau$_F-<bZi2nCB!WSjdOVpZg7ru8%Wg&iiG*>R!@}$`A{4*YlO-3>i
zC}@DwPw490cPZ=TaR4p?M>GK5nvOe5W|;zqMyn=1Jf(%NiE=8JP_19gEj<QC8$wOr
z$YNL&{xV%fEUZ^EhqD=8c%ZAz2YLdjGq!5fH;=guTj#MS**3(l#|$;h^Hki8uU+os
zJHIoXv5^+YdbjY1p2O8TS0M7#B(Qid$-}E4SeZL1>TpOv`<lGDnvi)EiHwo3?xSGO
zI<GUU9IjqrXn6M*3r_Tg*lvY7T??_p<B(|B<;_*0_=~f#gWoan90??{JKTReR{Y}T
zVC}BQ&tf=4+KU;&V9vq$aj0_F#rAo(Rwe8zsCc1v<bw=}GQ>eh>K;~M#FX^Gx=1Lg
zX~!mG&h2v1_ELhRfS;p{+Lppas1FmRiQfHXJ9D?Yc)sj5*(cFUEEqUK-+T!EQ*r%E
z$6XCFUU>!P+rL5|EoDt1JG73gC2V?3=h3!`IUgm+%sC*ila)I|H5|-1yv>eIdfS{_
zg~;QW(k!uJ<V`B({}t+E3hgNWo?HP4w@YR!(MblM*5NRmaVh%7dN!WEu(2<sxIy8V
zGaS)L1rHfT7EW(Y+L1}{>nC-q-$*?g{KN2dR!C_qBSOu?F@c}y(m}y9^swVO&yO=k
z6<x?Nxw>UbDCj|Lt+))}vQ*uW;>0pHZ94fcJ!<BQ76o|6#!d*PXs1h@Q0s4-ynAd`
zuwCs1X>;L1Xe~!9x$CgC$aZu__}-059Py;oB@w7{f^X^0mtT5v7Rc#!zFH<;+L|Z~
z4F)pNS(Ud7w(D*_+|0Hg=4vG4=0<z-GHFCxbun!uzUTSfPn*T`g`Zkv*FXz;T#a$X
zRJ3BHQXTpm&fGY>-EVR(_+w7mSZEnhuajRMD-axt#B&ZbMSt*>Mk^1Kl-1t*iX?m-
z>obRhz+Fj*YzK_*^8EQT8w0@4m;<dynSu=JcRh$PniKF`AN<L+HEiyn67DIeu)4^-
zK{#Y=>W9_~O*q?r3vk@y168=`*mJYt^qD_v&+^rIN5SOT?f8RR`Q>t9?7Ba1&k68q
zS!K6{54)$pE?kUlKY$6iUJ!J@s<Id0xchuscG)3@-P1Ald|I8q-lZRYx3?L<m9yRj
zyz2Nme)cN<e9Cmy(c>MS_vIR1$+j9_iGFu<HapevtQj-wL<Kc7R#jj(u2iycHx9T`
z_2@fI5AKJ!mDZbXMFUq{;W|JD4IKsJ?(y)3-VLb7?lrlq{;VDErj5p?7;Bd;1Ud@z
z{naRH((*K{S{hvZ19X=-yxLXW1tV7rpcC_;69)|bO+2m6UG0Jn%?JG(8USuE_+hZJ
zQt9k4%3ljNrv|G=I!r`$*rq5E29?OsY9J=r!-R5YLuSb+L6t~yHIX77#em32MT`i2
z?)eR8oI9z;I!$RYOmdrREv3pkiQ`IvxEm9a3WF<p)<Ly<+|C6my~oif!t389?4>^G
zw7pphEeoz$$>vbcnTV@jLT}XCYOrtw@c;dp7f=Jj|6JcA|26;32^jx%k^gF8_&=9`
gf%zWk4?Rxf|1vbxRzpPkHv|s)iH5e9Hvhi;4;q!vegFUf

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index 1bd36def98b..af3ae618b7c 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** — Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** — Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 10, **Hunting Queries:** 8\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** - Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 16, **Hunting Queries:** 12\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -247,13 +247,13 @@
           {
             "name": "analytic6",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Unexpected exit-node egress",
+            "label": "Tailscale: Device key expiring within 7 days",
             "elements": [
               {
                 "name": "analytic6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "A tailnet device's machine key expires within the next 7 days and key expiry is not disabled. Expired keys force device re-authentication; surface this proactively so it can be renewed in a planned window rather than during an outage."
                 }
               }
             ]
@@ -261,13 +261,13 @@
           {
             "name": "analytic7",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Large outbound transfer over tailnet",
+            "label": "Tailscale: Device started advertising subnet routes",
             "elements": [
               {
                 "name": "analytic7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "A tailnet device began advertising subnet routes (subnet-router capability) that it was not advertising in the previous snapshot. Subnet routers expose adjacent networks to the tailnet; unexpected advertisement can indicate a compromised node trying to expand reachable surface area or an unsanctioned admin change."
                 }
               }
             ]
@@ -275,13 +275,13 @@
           {
             "name": "analytic8",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Network flow beaconing detected",
+            "label": "Tailscale: User role elevated to admin or owner",
             "elements": [
               {
                 "name": "analytic8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "A user's tailnet role changed from a lower-privilege role (member / billing-admin / IT admin) to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review."
                 }
               }
             ]
@@ -289,13 +289,13 @@
           {
             "name": "analytic9",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Mass fan-out from single node",
+            "label": "Tailscale: Split-DNS configuration modified",
             "elements": [
               {
                 "name": "analytic9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "The tailnet split-DNS configuration was modified. Split-DNS overrides per-domain DNS resolution within the tailnet - if an attacker adds a new domain mapping or changes the resolver IP for an existing domain, they can hijack DNS for that domain (e.g., point `*.bank.example` at an attacker-controlled resolver). Captured via the audit log which records every change with the full before/after document and actor attribution."
                 }
               }
             ]
@@ -303,11 +303,95 @@
           {
             "name": "analytic10",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Subnet router throughput anomaly",
+            "label": "Tailscale: DNS nameservers modified",
             "elements": [
               {
                 "name": "analytic10-text",
                 "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "The tailnet's global DNS nameserver list was modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device on the tailnet that uses MagicDNS resolution. Captured via the audit log which records every change with the full before/after document and actor attribution."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic11",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale: MagicDNS disabled",
+            "elements": [
+              {
+                "name": "analytic11-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "MagicDNS was turned off on the tailnet. MagicDNS provides automatic hostname resolution between tailnet devices; disabling it changes DNS behaviour for every device and is occasionally a precursor to a wider DNS hijacking attempt (e.g. attacker disables MagicDNS, then changes DNS nameservers to attacker-controlled resolvers). Disabling is a legitimate but unusual admin action - verify the change was intentional."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic12",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Unexpected exit-node egress",
+            "elements": [
+              {
+                "name": "analytic12-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic13",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Large outbound transfer over tailnet",
+            "elements": [
+              {
+                "name": "analytic13-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic14",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Network flow beaconing detected",
+            "elements": [
+              {
+                "name": "analytic14-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic15",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Mass fan-out from single node",
+            "elements": [
+              {
+                "name": "analytic15-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic16",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Subnet router throughput anomaly",
+            "elements": [
+              {
+                "name": "analytic16-text",
+                "type": "Microsoft.Common.TextBlock",
                 "options": {
                   "text": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs)."
                 }
@@ -397,13 +481,13 @@
           {
             "name": "huntingquery5",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
+            "label": "Tailscale: Devices not seen in 30+ days",
             "elements": [
               {
                 "name": "huntingquery5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Lists tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs). This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Lists tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -411,13 +495,13 @@
           {
             "name": "huntingquery6",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
+            "label": "Tailscale: Auth keys with no expiry",
             "elements": [
               {
                 "name": "huntingquery6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Ranks tailnet src->dst pairs by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Identifies tailnet auth keys that have no expiry timestamp set. Non-expiring keys grant unattended enrollment in perpetuity and should be rotated or replaced with ephemeral, time-bounded keys. This hunting query depends on TailscaleCCF data connector (Tailscale_Keys_CL Parser or Table)"
                 }
               }
             ]
@@ -425,13 +509,13 @@
           {
             "name": "huntingquery7",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Exit-node usage patterns",
+            "label": "Tailscale: Users with zero devices",
             "elements": [
               {
                 "name": "huntingquery7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Summarises traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Lists tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records. This hunting query depends on TailscaleCCF data connector (Tailscale_Users_CL Parser or Table)"
                 }
               }
             ]
@@ -439,11 +523,67 @@
           {
             "name": "huntingquery8",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
+            "label": "Tailscale: Split-DNS per-domain change history",
             "elements": [
               {
                 "name": "huntingquery8-text",
                 "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Reconstructs the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery9",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
+            "elements": [
+              {
+                "name": "huntingquery9-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Lists tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs). This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery10",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
+            "elements": [
+              {
+                "name": "huntingquery10-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Ranks tailnet src->dst pairs by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery11",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Exit-node usage patterns",
+            "elements": [
+              {
+                "name": "huntingquery11-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Summarises traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery12",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
+            "elements": [
+              {
+                "name": "huntingquery12-text",
+                "type": "Microsoft.Common.TextBlock",
                 "options": {
                   "text": "Detects flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
                 }
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index f04f78fd144..958ab697645 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -113,38 +113,80 @@
     },
     "analyticRuleObject6": {
       "analyticRuleVersion6": "1.0.0",
-      "_analyticRulecontentId6": "c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f",
-      "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')]",
-      "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')))]",
-      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f','-', '1.0.0')))]"
+      "_analyticRulecontentId6": "b1a2c3d4-1234-5678-90ab-cdef12345001",
+      "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b1a2c3d4-1234-5678-90ab-cdef12345001')]",
+      "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b1a2c3d4-1234-5678-90ab-cdef12345001')))]",
+      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b1a2c3d4-1234-5678-90ab-cdef12345001','-', '1.0.0')))]"
     },
     "analyticRuleObject7": {
       "analyticRuleVersion7": "1.0.0",
-      "_analyticRulecontentId7": "d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a",
-      "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')]",
-      "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')))]",
-      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a','-', '1.0.0')))]"
+      "_analyticRulecontentId7": "c2b3d4e5-2345-6789-01ab-cdef12345002",
+      "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c2b3d4e5-2345-6789-01ab-cdef12345002')]",
+      "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c2b3d4e5-2345-6789-01ab-cdef12345002')))]",
+      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c2b3d4e5-2345-6789-01ab-cdef12345002','-', '1.0.0')))]"
     },
     "analyticRuleObject8": {
       "analyticRuleVersion8": "1.0.0",
-      "_analyticRulecontentId8": "e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b",
-      "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')]",
-      "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')))]",
-      "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b','-', '1.0.0')))]"
+      "_analyticRulecontentId8": "d3c4e5f6-3456-7890-12ab-cdef12345003",
+      "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd3c4e5f6-3456-7890-12ab-cdef12345003')]",
+      "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d3c4e5f6-3456-7890-12ab-cdef12345003')))]",
+      "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d3c4e5f6-3456-7890-12ab-cdef12345003','-', '1.0.0')))]"
     },
     "analyticRuleObject9": {
       "analyticRuleVersion9": "1.0.0",
-      "_analyticRulecontentId9": "f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c",
-      "analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')]",
-      "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')))]",
-      "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c','-', '1.0.0')))]"
+      "_analyticRulecontentId9": "b4c5d6e7-1234-5678-90ab-cdef12345010",
+      "analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b4c5d6e7-1234-5678-90ab-cdef12345010')]",
+      "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b4c5d6e7-1234-5678-90ab-cdef12345010')))]",
+      "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b4c5d6e7-1234-5678-90ab-cdef12345010','-', '1.0.0')))]"
     },
     "analyticRuleObject10": {
       "analyticRuleVersion10": "1.0.0",
-      "_analyticRulecontentId10": "a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d",
-      "analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')]",
-      "analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')))]",
-      "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d','-', '1.0.0')))]"
+      "_analyticRulecontentId10": "c5d6e7f8-2345-6789-01ab-cdef12345011",
+      "analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c5d6e7f8-2345-6789-01ab-cdef12345011')]",
+      "analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c5d6e7f8-2345-6789-01ab-cdef12345011')))]",
+      "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c5d6e7f8-2345-6789-01ab-cdef12345011','-', '1.0.0')))]"
+    },
+    "analyticRuleObject11": {
+      "analyticRuleVersion11": "1.0.0",
+      "_analyticRulecontentId11": "f8a9b0c1-4567-8901-23ab-cdef12345020",
+      "analyticRuleId11": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f8a9b0c1-4567-8901-23ab-cdef12345020')]",
+      "analyticRuleTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f8a9b0c1-4567-8901-23ab-cdef12345020')))]",
+      "_analyticRulecontentProductId11": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f8a9b0c1-4567-8901-23ab-cdef12345020','-', '1.0.0')))]"
+    },
+    "analyticRuleObject12": {
+      "analyticRuleVersion12": "1.0.0",
+      "_analyticRulecontentId12": "c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f",
+      "analyticRuleId12": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')]",
+      "analyticRuleTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')))]",
+      "_analyticRulecontentProductId12": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f','-', '1.0.0')))]"
+    },
+    "analyticRuleObject13": {
+      "analyticRuleVersion13": "1.0.0",
+      "_analyticRulecontentId13": "d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a",
+      "analyticRuleId13": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')]",
+      "analyticRuleTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')))]",
+      "_analyticRulecontentProductId13": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a','-', '1.0.0')))]"
+    },
+    "analyticRuleObject14": {
+      "analyticRuleVersion14": "1.0.0",
+      "_analyticRulecontentId14": "e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b",
+      "analyticRuleId14": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')]",
+      "analyticRuleTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')))]",
+      "_analyticRulecontentProductId14": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b','-', '1.0.0')))]"
+    },
+    "analyticRuleObject15": {
+      "analyticRuleVersion15": "1.0.0",
+      "_analyticRulecontentId15": "f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c",
+      "analyticRuleId15": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')]",
+      "analyticRuleTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')))]",
+      "_analyticRulecontentProductId15": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c','-', '1.0.0')))]"
+    },
+    "analyticRuleObject16": {
+      "analyticRuleVersion16": "1.0.0",
+      "_analyticRulecontentId16": "a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d",
+      "analyticRuleId16": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')]",
+      "analyticRuleTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')))]",
+      "_analyticRulecontentProductId16": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d','-', '1.0.0')))]"
     },
     "huntingQueryObject1": {
       "huntingQueryVersion1": "1.0.0",
@@ -168,23 +210,43 @@
     },
     "huntingQueryObject5": {
       "huntingQueryVersion5": "1.0.0",
-      "_huntingQuerycontentId5": "e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe",
-      "huntingQueryTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe')))]"
+      "_huntingQuerycontentId5": "e4d5f6a7-4567-8901-23ab-cdef12345004",
+      "huntingQueryTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('e4d5f6a7-4567-8901-23ab-cdef12345004')))]"
     },
     "huntingQueryObject6": {
       "huntingQueryVersion6": "1.0.0",
-      "_huntingQuerycontentId6": "f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca",
-      "huntingQueryTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca')))]"
+      "_huntingQuerycontentId6": "f5e6a7b8-5678-9012-34ab-cdef12345005",
+      "huntingQueryTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('f5e6a7b8-5678-9012-34ab-cdef12345005')))]"
     },
     "huntingQueryObject7": {
       "huntingQueryVersion7": "1.0.0",
-      "_huntingQuerycontentId7": "a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb",
-      "huntingQueryTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb')))]"
+      "_huntingQuerycontentId7": "a6f7b8c9-6789-0123-45ab-cdef12345006",
+      "huntingQueryTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('a6f7b8c9-6789-0123-45ab-cdef12345006')))]"
     },
     "huntingQueryObject8": {
       "huntingQueryVersion8": "1.0.0",
-      "_huntingQuerycontentId8": "b28cbdd2-8cef-be9b-a38e-7faceedfdbec",
-      "huntingQueryTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('b28cbdd2-8cef-be9b-a38e-7faceedfdbec')))]"
+      "_huntingQuerycontentId8": "e7f8a9b0-3456-7890-12ab-cdef12345012",
+      "huntingQueryTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('e7f8a9b0-3456-7890-12ab-cdef12345012')))]"
+    },
+    "huntingQueryObject9": {
+      "huntingQueryVersion9": "1.0.0",
+      "_huntingQuerycontentId9": "e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe",
+      "huntingQueryTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe')))]"
+    },
+    "huntingQueryObject10": {
+      "huntingQueryVersion10": "1.0.0",
+      "_huntingQuerycontentId10": "f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca",
+      "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca')))]"
+    },
+    "huntingQueryObject11": {
+      "huntingQueryVersion11": "1.0.0",
+      "_huntingQuerycontentId11": "a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb",
+      "huntingQueryTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb')))]"
+    },
+    "huntingQueryObject12": {
+      "huntingQueryVersion12": "1.0.0",
+      "_huntingQuerycontentId12": "b28cbdd2-8cef-be9b-a38e-7faceedfdbec",
+      "huntingQueryTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('b28cbdd2-8cef-be9b-a38e-7faceedfdbec')))]"
     },
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "TailscaleStandardOperationsWorkbook",
@@ -230,32 +292,112 @@
                   "title": "Tailscale Standard (CCF)",
                   "publisher": "Custom",
                   "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-                  "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration` endpoint) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Personal (Free) and Standard tier tailnets.** For Premium and Enterprise tailnets that also need network flow logs, install **Tailscale Premium (CCF)** instead.",
+                  "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Personal (Free) and Standard** tier tailnets. Polls nine endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events (includes ACL, DNS, tag/group, settings changes)\n- `/devices` - device inventory (hostname, OS, IPs, tags, lastSeen, expiry)\n- `/users` - user inventory (role, status, deviceCount, connection state)\n- `/keys?all=true` - auth keys, API tokens, and OAuth client metadata\n- `/webhooks` - webhook configuration\n- `/dns/nameservers` - DNS resolver snapshot\n- `/dns/preferences` - MagicDNS toggle state\n- `/dns/searchpaths` - DNS search paths\n- `/settings` - tailnet settings flags (device approval, key duration, etc.)\n\nSplit-DNS state (per-domain DNS overrides) is captured via the audit log rather than a separate snapshot table - every change is recorded with the full before/after document and actor attribution, which is richer than a periodic snapshot.\n\n**OAuth scopes required on the Tailscale client:** `logs:configuration:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`). For Premium and Enterprise tailnets that also need network flow logs and posture integrations, install **Tailscale Premium (CCF)** instead.",
                   "graphQueries": [
                     {
-                      "metricName": "Total config events",
+                      "metricName": "Audit events",
                       "legend": "Tailscale_Audit_CL",
                       "baseQuery": "Tailscale_Audit_CL"
+                    },
+                    {
+                      "metricName": "Device snapshots",
+                      "legend": "Tailscale_Devices_CL",
+                      "baseQuery": "Tailscale_Devices_CL"
+                    },
+                    {
+                      "metricName": "User snapshots",
+                      "legend": "Tailscale_Users_CL",
+                      "baseQuery": "Tailscale_Users_CL"
+                    },
+                    {
+                      "metricName": "Auth keys",
+                      "legend": "Tailscale_Keys_CL",
+                      "baseQuery": "Tailscale_Keys_CL"
+                    },
+                    {
+                      "metricName": "Webhooks",
+                      "legend": "Tailscale_Webhooks_CL",
+                      "baseQuery": "Tailscale_Webhooks_CL"
+                    },
+                    {
+                      "metricName": "DNS nameservers",
+                      "legend": "Tailscale_DnsNameservers_CL",
+                      "baseQuery": "Tailscale_DnsNameservers_CL"
+                    },
+                    {
+                      "metricName": "Tailnet settings",
+                      "legend": "Tailscale_Settings_CL",
+                      "baseQuery": "Tailscale_Settings_CL"
+                    },
+                    {
+                      "metricName": "DNS preferences",
+                      "legend": "Tailscale_DnsPreferences_CL",
+                      "baseQuery": "Tailscale_DnsPreferences_CL"
+                    },
+                    {
+                      "metricName": "DNS search paths",
+                      "legend": "Tailscale_DnsSearchPaths_CL",
+                      "baseQuery": "Tailscale_DnsSearchPaths_CL"
                     }
                   ],
                   "dataTypes": [
                     {
                       "name": "Tailscale_Audit_CL",
                       "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_Devices_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Devices_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_Users_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Users_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_Keys_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Keys_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_Webhooks_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Webhooks_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_DnsNameservers_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsNameservers_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_Settings_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Settings_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_DnsPreferences_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsPreferences_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_DnsSearchPaths_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsSearchPaths_CL')]"
                     }
                   ],
                   "sampleQueries": [
                     {
-                      "description": "Recent Tailscale configuration audit events",
+                      "description": "Recent audit events",
                       "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
                     },
                     {
-                      "description": "ACL policy file modifications",
-                      "query": "Tailscale_Audit_CL\n| where Action == 'WRITE' and Target startswith 'acl/'\n| project TimeGenerated, Actor, Action, Target"
+                      "description": "Current device inventory (latest snapshot per device)",
+                      "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| project DeviceName, User, Os, ClientVersion, LastSeen, Expires, Tags"
+                    },
+                    {
+                      "description": "Users by role",
+                      "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Users = count() by Role"
+                    },
+                    {
+                      "description": "Auth keys without an expiry",
+                      "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Expires) or Expires == datetime(null)"
                     },
                     {
-                      "description": "New API tokens and OAuth clients created",
-                      "query": "Tailscale_Audit_CL\n| where Action == 'CREATE' and (Target startswith 'apikey/' or Target startswith 'oauth-client/')\n| project TimeGenerated, Actor, Target"
+                      "description": "Tailnet device-approval status",
+                      "query": "Tailscale_Settings_CL\n| sort by TimeGenerated desc\n| take 1\n| project DevicesApprovalOn, DevicesAutoUpdatesOn, UsersApprovalOn"
                     }
                   ],
                   "connectivityCriteria": [
@@ -285,7 +427,7 @@
                   "instructionSteps": [
                     {
                       "title": "Connect Tailscale",
-                      "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** scope. Find your tailnet name on the Keys page.",
+                      "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with these **Read** scopes: Logs > Configuration, General > DNS, General > Users, Devices > Core, Keys > Auth Keys, Keys > Webhooks, Settings > Feature Settings (or tick `all:read` to grant all read scopes at once). Find your tailnet name on the Keys page.",
                       "instructions": [
                         {
                           "type": "Textbox",
@@ -405,6 +547,278 @@
                         "type": "dynamic"
                       }
                     ]
+                  },
+                  "Custom-Tailscale_Devices_CL": {
+                    "columns": [
+                      {
+                        "name": "id",
+                        "type": "string"
+                      },
+                      {
+                        "name": "name",
+                        "type": "string"
+                      },
+                      {
+                        "name": "hostname",
+                        "type": "string"
+                      },
+                      {
+                        "name": "user",
+                        "type": "string"
+                      },
+                      {
+                        "name": "os",
+                        "type": "string"
+                      },
+                      {
+                        "name": "clientVersion",
+                        "type": "string"
+                      },
+                      {
+                        "name": "updateAvailable",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "authorized",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "isExternal",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "created",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "lastSeen",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "expires",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "keyExpiryDisabled",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "blocksIncomingConnections",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "addresses",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "tags",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "enabledRoutes",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "advertisedRoutes",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "clientConnectivity",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "machineKey",
+                        "type": "string"
+                      },
+                      {
+                        "name": "nodeKey",
+                        "type": "string"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_Users_CL": {
+                    "columns": [
+                      {
+                        "name": "id",
+                        "type": "string"
+                      },
+                      {
+                        "name": "displayName",
+                        "type": "string"
+                      },
+                      {
+                        "name": "loginName",
+                        "type": "string"
+                      },
+                      {
+                        "name": "tailnetId",
+                        "type": "string"
+                      },
+                      {
+                        "name": "type",
+                        "type": "string"
+                      },
+                      {
+                        "name": "role",
+                        "type": "string"
+                      },
+                      {
+                        "name": "status",
+                        "type": "string"
+                      },
+                      {
+                        "name": "deviceCount",
+                        "type": "int"
+                      },
+                      {
+                        "name": "created",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "lastSeen",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "currentlyConnected",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "profilePicUrl",
+                        "type": "string"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_Keys_CL": {
+                    "columns": [
+                      {
+                        "name": "id",
+                        "type": "string"
+                      },
+                      {
+                        "name": "description",
+                        "type": "string"
+                      },
+                      {
+                        "name": "userId",
+                        "type": "string"
+                      },
+                      {
+                        "name": "created",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "expires",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "revoked",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "capabilities",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "keyType",
+                        "type": "string"
+                      },
+                      {
+                        "name": "expirySeconds",
+                        "type": "int"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_Webhooks_CL": {
+                    "columns": [
+                      {
+                        "name": "endpointId",
+                        "type": "string"
+                      },
+                      {
+                        "name": "endpointUrl",
+                        "type": "string"
+                      },
+                      {
+                        "name": "providerType",
+                        "type": "string"
+                      },
+                      {
+                        "name": "creatorLoginName",
+                        "type": "string"
+                      },
+                      {
+                        "name": "created",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "lastModified",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "subscriptions",
+                        "type": "dynamic"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_DnsNameservers_CL": {
+                    "columns": [
+                      {
+                        "name": "dns",
+                        "type": "dynamic"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_Settings_CL": {
+                    "columns": [
+                      {
+                        "name": "devicesApprovalOn",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "devicesAutoUpdatesOn",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "devicesKeyDurationDays",
+                        "type": "int"
+                      },
+                      {
+                        "name": "usersApprovalOn",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "usersRoleAllowedToJoinExternalTailnets",
+                        "type": "string"
+                      },
+                      {
+                        "name": "networkFlowLoggingOn",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "regionalRoutingOn",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "postureIdentityCollectionOn",
+                        "type": "boolean"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_DnsPreferences_CL": {
+                    "columns": [
+                      {
+                        "name": "magicDNS",
+                        "type": "boolean"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_DnsSearchPaths_CL": {
+                    "columns": [
+                      {
+                        "name": "searchPaths",
+                        "type": "dynamic"
+                      }
+                    ]
                   }
                 },
                 "destinations": {
@@ -423,28 +837,108 @@
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "          source\n          | extend TimeGenerated = eventTime\n          | extend EventTime = eventTime\n          | extend EventGroupID = eventGroupID\n          | extend Actor = actor\n          | extend Action = action\n          | extend Target = target\n          | extend Origin = origin\n          | extend New = new\n          | extend Old = old\n          | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old\n        ",
+                    "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
                     "outputStream": "Custom-Tailscale_Audit_CL"
-                  }
-                ]
-              }
-            },
-            {
-              "name": "Tailscale_Audit_CL",
-              "apiVersion": "2022-10-01",
-              "type": "Microsoft.OperationalInsights/workspaces/tables",
-              "location": "[parameters('workspace-location')]",
-              "kind": null,
-              "properties": {
-                "schema": {
-                  "name": "Tailscale_Audit_CL",
-                  "columns": [
-                    {
-                      "name": "TimeGenerated",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "EventTime",
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Devices_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend DeviceId = id | extend DeviceName = name | extend Hostname = hostname | extend User = user | extend Os = os | extend ClientVersion = clientVersion | extend UpdateAvailable = updateAvailable | extend Authorized = authorized | extend IsExternal = isExternal | extend Created = created | extend LastSeen = lastSeen | extend Expires = expires | extend KeyExpiryDisabled = keyExpiryDisabled | extend BlocksIncomingConnections = blocksIncomingConnections | extend Addresses = addresses | extend Tags = tags | extend EnabledRoutes = enabledRoutes | extend AdvertisedRoutes = advertisedRoutes | extend ClientConnectivity = clientConnectivity | extend MachineKey = machineKey | extend NodeKey = nodeKey | project TimeGenerated, DeviceId, DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, Created, LastSeen, Expires, KeyExpiryDisabled, BlocksIncomingConnections, Addresses, Tags, EnabledRoutes, AdvertisedRoutes, ClientConnectivity, MachineKey, NodeKey",
+                    "outputStream": "Custom-Tailscale_Devices_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Users_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend UserId = id | extend DisplayName = displayName | extend LoginName = loginName | extend TailnetId = tailnetId | extend UserType = type | extend Role = role | extend Status = status | extend DeviceCount = deviceCount | extend Created = created | extend LastSeen = lastSeen | extend CurrentlyConnected = currentlyConnected | extend ProfilePicUrl = profilePicUrl | project TimeGenerated, UserId, DisplayName, LoginName, TailnetId, UserType, Role, Status, DeviceCount, Created, LastSeen, CurrentlyConnected, ProfilePicUrl",
+                    "outputStream": "Custom-Tailscale_Users_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Keys_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend KeyId = id | extend Description = description | extend UserId = userId | extend Created = created | extend Expires = expires | extend Revoked = revoked | extend Capabilities = capabilities | extend KeyType = keyType | extend ExpirySeconds = expirySeconds | project TimeGenerated, KeyId, Description, UserId, Created, Expires, Revoked, Capabilities, KeyType, ExpirySeconds",
+                    "outputStream": "Custom-Tailscale_Keys_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Webhooks_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend EndpointId = endpointId | extend EndpointUrl = endpointUrl | extend ProviderType = providerType | extend CreatorLoginName = creatorLoginName | extend Created = created | extend LastModified = lastModified | extend Subscriptions = subscriptions | project TimeGenerated, EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions",
+                    "outputStream": "Custom-Tailscale_Webhooks_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_DnsNameservers_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend DnsServers = dns | project TimeGenerated, DnsServers",
+                    "outputStream": "Custom-Tailscale_DnsNameservers_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Settings_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend DevicesApprovalOn = devicesApprovalOn | extend DevicesAutoUpdatesOn = devicesAutoUpdatesOn | extend DevicesKeyDurationDays = devicesKeyDurationDays | extend UsersApprovalOn = usersApprovalOn | extend UsersRoleAllowedToJoinExternalTailnets = usersRoleAllowedToJoinExternalTailnets | extend NetworkFlowLoggingOn = networkFlowLoggingOn | extend RegionalRoutingOn = regionalRoutingOn | extend PostureIdentityCollectionOn = postureIdentityCollectionOn | project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn",
+                    "outputStream": "Custom-Tailscale_Settings_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_DnsPreferences_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend MagicDNS = magicDNS | project TimeGenerated, MagicDNS",
+                    "outputStream": "Custom-Tailscale_DnsPreferences_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_DnsSearchPaths_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend SearchPaths = searchPaths | project TimeGenerated, SearchPaths",
+                    "outputStream": "Custom-Tailscale_DnsSearchPaths_CL"
+                  }
+                ]
+              }
+            },
+            {
+              "name": "Tailscale_Audit_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Audit_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "EventTime",
                       "type": "datetime"
                     },
                     {
@@ -481,115 +975,1639 @@
               }
             },
             {
-              "name": "Tailscale_Network_CL",
+              "name": "Tailscale_Devices_CL",
               "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/tables",
               "location": "[parameters('workspace-location')]",
               "kind": null,
               "properties": {
                 "schema": {
-                  "name": "Tailscale_Network_CL",
+                  "name": "Tailscale_Devices_CL",
                   "columns": [
                     {
                       "name": "TimeGenerated",
                       "type": "datetime"
                     },
                     {
-                      "name": "NodeId",
+                      "name": "DeviceId",
                       "type": "string"
                     },
                     {
-                      "name": "FlowStart",
+                      "name": "DeviceName",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Hostname",
+                      "type": "string"
+                    },
+                    {
+                      "name": "User",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Os",
+                      "type": "string"
+                    },
+                    {
+                      "name": "ClientVersion",
+                      "type": "string"
+                    },
+                    {
+                      "name": "UpdateAvailable",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "Authorized",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "IsExternal",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "Created",
                       "type": "datetime"
                     },
                     {
-                      "name": "FlowEnd",
+                      "name": "LastSeen",
                       "type": "datetime"
                     },
                     {
-                      "name": "SrcNode",
-                      "type": "dynamic"
+                      "name": "Expires",
+                      "type": "datetime"
                     },
                     {
-                      "name": "DstNodes",
+                      "name": "KeyExpiryDisabled",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "BlocksIncomingConnections",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "Addresses",
                       "type": "dynamic"
                     },
                     {
-                      "name": "VirtualTraffic",
+                      "name": "Tags",
                       "type": "dynamic"
                     },
                     {
-                      "name": "SubnetTraffic",
+                      "name": "EnabledRoutes",
                       "type": "dynamic"
                     },
                     {
-                      "name": "ExitTraffic",
+                      "name": "AdvertisedRoutes",
                       "type": "dynamic"
                     },
                     {
-                      "name": "PhysicalTraffic",
+                      "name": "ClientConnectivity",
                       "type": "dynamic"
+                    },
+                    {
+                      "name": "MachineKey",
+                      "type": "string"
+                    },
+                    {
+                      "name": "NodeKey",
+                      "type": "string"
                     }
                   ]
                 },
                 "retentionInDays": 90
               }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition1'),'-', variables('dataConnectorCCPVersion'))))]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "version": "[variables('dataConnectorCCPVersion')]"
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition1'))]",
-      "apiVersion": "2022-09-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
-      "location": "[parameters('workspace-location')]",
-      "kind": "Customizable",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "Tailscale Standard (CCF)",
-          "publisher": "Custom",
-          "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-          "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration` endpoint) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Personal (Free) and Standard tier tailnets.** For Premium and Enterprise tailnets that also need network flow logs, install **Tailscale Premium (CCF)** instead.",
-          "graphQueries": [
-            {
-              "metricName": "Total config events",
-              "legend": "Tailscale_Audit_CL",
-              "baseQuery": "Tailscale_Audit_CL"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "Tailscale_Audit_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Recent Tailscale configuration audit events",
-              "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
             },
             {
-              "description": "ACL policy file modifications",
-              "query": "Tailscale_Audit_CL\n| where Action == 'WRITE' and Target startswith 'acl/'\n| project TimeGenerated, Actor, Action, Target"
+              "name": "Tailscale_Users_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Users_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "UserId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DisplayName",
+                      "type": "string"
+                    },
+                    {
+                      "name": "LoginName",
+                      "type": "string"
+                    },
+                    {
+                      "name": "TailnetId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "UserType",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Role",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Status",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DeviceCount",
+                      "type": "int"
+                    },
+                    {
+                      "name": "Created",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "LastSeen",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "CurrentlyConnected",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "ProfilePicUrl",
+                      "type": "string"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
             },
             {
-              "description": "New API tokens and OAuth clients created",
-              "query": "Tailscale_Audit_CL\n| where Action == 'CREATE' and (Target startswith 'apikey/' or Target startswith 'oauth-client/')\n| project TimeGenerated, Actor, Target"
-            }
-          ],
-          "connectivityCriteria": [
+              "name": "Tailscale_Keys_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Keys_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "KeyId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Description",
+                      "type": "string"
+                    },
+                    {
+                      "name": "UserId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Created",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "Expires",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "Revoked",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "Capabilities",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "KeyType",
+                      "type": "string"
+                    },
+                    {
+                      "name": "ExpirySeconds",
+                      "type": "int"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
             {
-              "type": "HasDataConnectors"
-            }
-          ],
+              "name": "Tailscale_Webhooks_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Webhooks_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "EndpointId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "EndpointUrl",
+                      "type": "string"
+                    },
+                    {
+                      "name": "ProviderType",
+                      "type": "string"
+                    },
+                    {
+                      "name": "CreatorLoginName",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Created",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "LastModified",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "Subscriptions",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_DnsNameservers_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_DnsNameservers_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "DnsServers",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_Settings_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Settings_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "DevicesApprovalOn",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "DevicesAutoUpdatesOn",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "DevicesKeyDurationDays",
+                      "type": "int"
+                    },
+                    {
+                      "name": "UsersApprovalOn",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "UsersRoleAllowedToJoinExternalTailnets",
+                      "type": "string"
+                    },
+                    {
+                      "name": "NetworkFlowLoggingOn",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "RegionalRoutingOn",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "PostureIdentityCollectionOn",
+                      "type": "boolean"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_DnsPreferences_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_DnsPreferences_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "MagicDNS",
+                      "type": "boolean"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_DnsSearchPaths_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_DnsSearchPaths_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "SearchPaths",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_Network_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Network_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "NodeId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "FlowStart",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "FlowEnd",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "SrcNode",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "DstNodes",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "VirtualTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "SubnetTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "ExitTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "PhysicalTraffic",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition1'),'-', variables('dataConnectorCCPVersion'))))]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "version": "[variables('dataConnectorCCPVersion')]"
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition1'))]",
+      "apiVersion": "2022-09-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
+      "location": "[parameters('workspace-location')]",
+      "kind": "Customizable",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "Tailscale Standard (CCF)",
+          "publisher": "Custom",
+          "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
+          "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Personal (Free) and Standard** tier tailnets. Polls nine endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events (includes ACL, DNS, tag/group, settings changes)\n- `/devices` - device inventory (hostname, OS, IPs, tags, lastSeen, expiry)\n- `/users` - user inventory (role, status, deviceCount, connection state)\n- `/keys?all=true` - auth keys, API tokens, and OAuth client metadata\n- `/webhooks` - webhook configuration\n- `/dns/nameservers` - DNS resolver snapshot\n- `/dns/preferences` - MagicDNS toggle state\n- `/dns/searchpaths` - DNS search paths\n- `/settings` - tailnet settings flags (device approval, key duration, etc.)\n\nSplit-DNS state (per-domain DNS overrides) is captured via the audit log rather than a separate snapshot table - every change is recorded with the full before/after document and actor attribution, which is richer than a periodic snapshot.\n\n**OAuth scopes required on the Tailscale client:** `logs:configuration:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`). For Premium and Enterprise tailnets that also need network flow logs and posture integrations, install **Tailscale Premium (CCF)** instead.",
+          "graphQueries": [
+            {
+              "metricName": "Audit events",
+              "legend": "Tailscale_Audit_CL",
+              "baseQuery": "Tailscale_Audit_CL"
+            },
+            {
+              "metricName": "Device snapshots",
+              "legend": "Tailscale_Devices_CL",
+              "baseQuery": "Tailscale_Devices_CL"
+            },
+            {
+              "metricName": "User snapshots",
+              "legend": "Tailscale_Users_CL",
+              "baseQuery": "Tailscale_Users_CL"
+            },
+            {
+              "metricName": "Auth keys",
+              "legend": "Tailscale_Keys_CL",
+              "baseQuery": "Tailscale_Keys_CL"
+            },
+            {
+              "metricName": "Webhooks",
+              "legend": "Tailscale_Webhooks_CL",
+              "baseQuery": "Tailscale_Webhooks_CL"
+            },
+            {
+              "metricName": "DNS nameservers",
+              "legend": "Tailscale_DnsNameservers_CL",
+              "baseQuery": "Tailscale_DnsNameservers_CL"
+            },
+            {
+              "metricName": "Tailnet settings",
+              "legend": "Tailscale_Settings_CL",
+              "baseQuery": "Tailscale_Settings_CL"
+            },
+            {
+              "metricName": "DNS preferences",
+              "legend": "Tailscale_DnsPreferences_CL",
+              "baseQuery": "Tailscale_DnsPreferences_CL"
+            },
+            {
+              "metricName": "DNS search paths",
+              "legend": "Tailscale_DnsSearchPaths_CL",
+              "baseQuery": "Tailscale_DnsSearchPaths_CL"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "Tailscale_Audit_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
+            },
+            {
+              "name": "Tailscale_Devices_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Devices_CL')]"
+            },
+            {
+              "name": "Tailscale_Users_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Users_CL')]"
+            },
+            {
+              "name": "Tailscale_Keys_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Keys_CL')]"
+            },
+            {
+              "name": "Tailscale_Webhooks_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Webhooks_CL')]"
+            },
+            {
+              "name": "Tailscale_DnsNameservers_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsNameservers_CL')]"
+            },
+            {
+              "name": "Tailscale_Settings_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Settings_CL')]"
+            },
+            {
+              "name": "Tailscale_DnsPreferences_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsPreferences_CL')]"
+            },
+            {
+              "name": "Tailscale_DnsSearchPaths_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsSearchPaths_CL')]"
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Recent audit events",
+              "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
+            },
+            {
+              "description": "Current device inventory (latest snapshot per device)",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| project DeviceName, User, Os, ClientVersion, LastSeen, Expires, Tags"
+            },
+            {
+              "description": "Users by role",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Users = count() by Role"
+            },
+            {
+              "description": "Auth keys without an expiry",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Expires) or Expires == datetime(null)"
+            },
+            {
+              "description": "Tailnet device-approval status",
+              "query": "Tailscale_Settings_CL\n| sort by TimeGenerated desc\n| take 1\n| project DevicesApprovalOn, DevicesAutoUpdatesOn, UsersApprovalOn"
+            }
+          ],
+          "connectivityCriteria": [
+            {
+              "type": "HasDataConnectors"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": true
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "Read/Write on the workspace",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "write": true,
+                  "read": true,
+                  "delete": true
+                }
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "title": "Connect Tailscale",
+              "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with these **Read** scopes: Logs > Configuration, General > DNS, General > Users, Devices > Core, Keys > Auth Keys, Keys > Webhooks, Settings > Feature Settings (or tick `all:read` to grant all read scopes at once). Find your tailnet name on the Keys page.",
+              "instructions": [
+                {
+                  "type": "Textbox",
+                  "parameters": {
+                    "label": "Tailscale tailnet",
+                    "placeholder": "tail-XXXX.ts.net",
+                    "type": "text",
+                    "name": "tailnetName"
+                  }
+                },
+                {
+                  "type": "Textbox",
+                  "parameters": {
+                    "label": "OAuth Client ID",
+                    "placeholder": "k...",
+                    "type": "text",
+                    "name": "clientId"
+                  }
+                },
+                {
+                  "type": "Textbox",
+                  "parameters": {
+                    "label": "OAuth Client Secret",
+                    "placeholder": "tskey-client-...",
+                    "type": "password",
+                    "name": "clientSecret"
+                  }
+                },
+                {
+                  "type": "ConnectionToggleButton",
+                  "parameters": {
+                    "connectLabel": "Connect",
+                    "disconnectLabel": "Disconnect"
+                  }
+                }
+              ]
+            }
+          ],
+          "id": "TailscaleCCF"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition1')))]",
+      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "properties": {
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition1'))]",
+        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorCCPVersion')]",
+        "source": {
+          "sourceId": "[variables('_solutionId')]",
+          "name": "[variables('_solutionName')]",
+          "kind": "Solution"
+        },
+        "author": {
+          "name": "noodlemctwoodle"
+        },
+        "support": {
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
+        },
+        "dependencies": {
+          "criteria": [
+            {
+              "version": "[variables('dataConnectorCCPVersion')]",
+              "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+              "kind": "ResourcesDataConnector"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections1'), variables('dataConnectorCCPVersion'))]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+        "displayName": "Tailscale Standard (CCF)",
+        "contentKind": "ResourcesDataConnector",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorCCPVersion')]",
+          "parameters": {
+            "guidValue": {
+              "defaultValue": "[[newGuid()]",
+              "type": "securestring"
+            },
+            "innerWorkspace": {
+              "defaultValue": "[parameters('workspace')]",
+              "type": "securestring"
+            },
+            "connectorDefinitionName": {
+              "defaultValue": "Tailscale Standard (CCF)",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "workspace": {
+              "defaultValue": "[parameters('workspace')]",
+              "type": "securestring"
+            },
+            "dcrConfig": {
+              "defaultValue": {
+                "dataCollectionEndpoint": "data collection Endpoint",
+                "dataCollectionRuleImmutableId": "data collection rule immutableId"
+              },
+              "type": "object"
+            },
+            "tailnetName": {
+              "defaultValue": "tailnetName",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "clientId": {
+              "defaultValue": "clientId",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "clientSecret": {
+              "defaultValue": "clientSecret",
+              "type": "securestring",
+              "minLength": 1
+            }
+          },
+          "variables": {
+            "_dataConnectorContentIdConnections1": "[variables('_dataConnectorContentIdConnections1')]"
+          },
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections1')))]",
+              "apiVersion": "2022-01-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections1'))]",
+                "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+                "kind": "ResourcesDataConnector",
+                "version": "[variables('dataConnectorCCPVersion')]",
+                "source": {
+                  "sourceId": "[variables('_solutionId')]",
+                  "name": "[variables('_solutionName')]",
+                  "kind": "Solution"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscaleConfigAuditPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscaleCCF",
+                "dataType": "Tailscale_Audit_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Audit_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/configuration')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 5,
+                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+                  "startTimeAttributeName": "start",
+                  "endTimeAttributeName": "end",
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.logs"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscaleDevicesPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscaleCCF",
+                "dataType": "Tailscale_Devices_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Devices_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/devices')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.devices"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscaleUsersPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscaleCCF",
+                "dataType": "Tailscale_Users_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Users_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/users')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.users"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscaleKeysPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscaleCCF",
+                "dataType": "Tailscale_Keys_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Keys_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/keys?all=true')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.keys"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscaleWebhooksPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscaleCCF",
+                "dataType": "Tailscale_Webhooks_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Webhooks_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/webhooks')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.webhooks"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscaleDnsNameserversPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscaleCCF",
+                "dataType": "Tailscale_DnsNameservers_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_DnsNameservers_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/dns/nameservers')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscaleSettingsPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscaleCCF",
+                "dataType": "Tailscale_Settings_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Settings_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/settings')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscaleDnsPreferencesPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscaleCCF",
+                "dataType": "Tailscale_DnsPreferences_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_DnsPreferences_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/dns/preferences')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscaleDnsSearchPathsPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscaleCCF",
+                "dataType": "Tailscale_DnsSearchPaths_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_DnsSearchPaths_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/dns/searchpaths')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$"
+                  ]
+                },
+                "isActive": true
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections1'),'-', variables('dataConnectorCCPVersion'))))]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "version": "[variables('dataConnectorCCPVersion')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition2'), variables('dataConnectorCCPVersion'))]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]",
+        "displayName": "Tailscale Premium (CCF)",
+        "contentKind": "DataConnector",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorCCPVersion')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]",
+              "apiVersion": "2022-09-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
+              "location": "[parameters('workspace-location')]",
+              "kind": "Customizable",
+              "properties": {
+                "connectorUiConfig": {
+                  "title": "Tailscale Premium (CCF)",
+                  "publisher": "Custom",
+                  "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
+                  "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration`) **and network flow logs** (`/logging/network`) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Premium and Enterprise tier tailnets.** For Personal (Free) and Standard tailnets, install **Tailscale Standard (CCF)** instead.",
+                  "graphQueries": [
+                    {
+                      "metricName": "Configuration audit events",
+                      "legend": "Tailscale_Audit_CL",
+                      "baseQuery": "Tailscale_Audit_CL"
+                    },
+                    {
+                      "metricName": "Network flow events",
+                      "legend": "Tailscale_Network_CL",
+                      "baseQuery": "Tailscale_Network_CL"
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "Tailscale_Audit_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_Network_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Network_CL')]"
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "Recent Tailscale configuration audit events",
+                      "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
+                    },
+                    {
+                      "description": "Recent Tailscale network flows",
+                      "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
+                    },
+                    {
+                      "description": "Top talkers (by bytes) on the tailnet",
+                      "query": "Tailscale_Network_CL\n| mv-expand t = VirtualTraffic\n| extend src = tostring(t.src), dst = tostring(t.dst), txBytes = tolong(t.txBytes), rxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(txBytes + rxBytes) by src, dst\n| top 25 by TotalBytes"
+                    },
+                    {
+                      "description": "Exit-node traffic (data leaving the tailnet via an exit node)",
+                      "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| project TimeGenerated, NodeId, SrcNode, ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)"
+                    }
+                  ],
+                  "connectivityCriteria": [
+                    {
+                      "type": "HasDataConnectors"
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": true
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "Read/Write on the workspace",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "write": true,
+                          "read": true,
+                          "delete": true
+                        }
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "title": "Connect Tailscale (Premium)",
+                      "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** and **Network Logs - Read** scopes. Find your tailnet name on the Keys page.",
+                      "instructions": [
+                        {
+                          "type": "Textbox",
+                          "parameters": {
+                            "label": "Tailscale tailnet",
+                            "placeholder": "tail-XXXX.ts.net",
+                            "type": "text",
+                            "name": "tailnetName"
+                          }
+                        },
+                        {
+                          "type": "Textbox",
+                          "parameters": {
+                            "label": "OAuth Client ID",
+                            "placeholder": "k...",
+                            "type": "text",
+                            "name": "clientId"
+                          }
+                        },
+                        {
+                          "type": "Textbox",
+                          "parameters": {
+                            "label": "OAuth Client Secret",
+                            "placeholder": "tskey-client-...",
+                            "type": "password",
+                            "name": "clientSecret"
+                          }
+                        },
+                        {
+                          "type": "ConnectionToggleButton",
+                          "parameters": {
+                            "connectLabel": "Connect",
+                            "disconnectLabel": "Disconnect"
+                          }
+                        }
+                      ]
+                    }
+                  ],
+                  "id": "TailscalePremiumCCF"
+                }
+              }
+            },
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]",
+              "apiVersion": "2022-01-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]",
+                "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorCCPVersion')]",
+                "source": {
+                  "sourceId": "[variables('_solutionId')]",
+                  "name": "[variables('_solutionName')]",
+                  "kind": "Solution"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                },
+                "dependencies": {
+                  "criteria": [
+                    {
+                      "version": "[variables('dataConnectorCCPVersion')]",
+                      "contentId": "[variables('_dataConnectorContentIdConnections2')]",
+                      "kind": "ResourcesDataConnector"
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "name": "TailscalePremiumDCR",
+              "apiVersion": "2022-06-01",
+              "type": "Microsoft.Insights/dataCollectionRules",
+              "location": "[parameters('workspace-location')]",
+              "kind": "WorkspaceTransforms",
+              "properties": {
+                "dataCollectionEndpointId": "[variables('dataCollectionEndpointId2')]",
+                "streamDeclarations": {
+                  "Custom-Tailscale_Audit_CL": {
+                    "columns": [
+                      {
+                        "name": "eventTime",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "eventGroupID",
+                        "type": "string"
+                      },
+                      {
+                        "name": "actor",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "action",
+                        "type": "string"
+                      },
+                      {
+                        "name": "target",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "origin",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "new",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "old",
+                        "type": "dynamic"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_Network_CL": {
+                    "columns": [
+                      {
+                        "name": "nodeId",
+                        "type": "string"
+                      },
+                      {
+                        "name": "logged",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "start",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "end",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "srcNode",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "dstNodes",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "virtualTraffic",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "subnetTraffic",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "exitTraffic",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "physicalTraffic",
+                        "type": "dynamic"
+                      }
+                    ]
+                  }
+                },
+                "destinations": {
+                  "logAnalytics": [
+                    {
+                      "workspaceResourceId": "[variables('workspaceResourceId')]",
+                      "name": "sentinelWorkspace"
+                    }
+                  ]
+                },
+                "dataFlows": [
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Audit_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
+                    "outputStream": "Custom-Tailscale_Audit_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Network_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = logged | extend NodeId = nodeId | extend FlowStart = start | extend FlowEnd = end | extend SrcNode = srcNode | extend DstNodes = dstNodes | extend VirtualTraffic = virtualTraffic | extend SubnetTraffic = subnetTraffic | extend ExitTraffic = exitTraffic | extend PhysicalTraffic = physicalTraffic | project TimeGenerated, NodeId, FlowStart, FlowEnd, SrcNode, DstNodes, VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic",
+                    "outputStream": "Custom-Tailscale_Network_CL"
+                  }
+                ]
+              }
+            },
+            {
+              "name": "Tailscale_Audit_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Audit_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "EventTime",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "EventGroupID",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Actor",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Action",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Target",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Origin",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "New",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Old",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_Network_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Network_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "NodeId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "FlowStart",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "FlowEnd",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "SrcNode",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "DstNodes",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "VirtualTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "SubnetTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "ExitTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "PhysicalTraffic",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition2'),'-', variables('dataConnectorCCPVersion'))))]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "version": "[variables('dataConnectorCCPVersion')]"
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]",
+      "apiVersion": "2022-09-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
+      "location": "[parameters('workspace-location')]",
+      "kind": "Customizable",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "Tailscale Premium (CCF)",
+          "publisher": "Custom",
+          "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
+          "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration`) **and network flow logs** (`/logging/network`) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Premium and Enterprise tier tailnets.** For Personal (Free) and Standard tailnets, install **Tailscale Standard (CCF)** instead.",
+          "graphQueries": [
+            {
+              "metricName": "Configuration audit events",
+              "legend": "Tailscale_Audit_CL",
+              "baseQuery": "Tailscale_Audit_CL"
+            },
+            {
+              "metricName": "Network flow events",
+              "legend": "Tailscale_Network_CL",
+              "baseQuery": "Tailscale_Network_CL"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "Tailscale_Audit_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
+            },
+            {
+              "name": "Tailscale_Network_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Network_CL')]"
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Recent Tailscale configuration audit events",
+              "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
+            },
+            {
+              "description": "Recent Tailscale network flows",
+              "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
+            },
+            {
+              "description": "Top talkers (by bytes) on the tailnet",
+              "query": "Tailscale_Network_CL\n| mv-expand t = VirtualTraffic\n| extend src = tostring(t.src), dst = tostring(t.dst), txBytes = tolong(t.txBytes), rxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(txBytes + rxBytes) by src, dst\n| top 25 by TotalBytes"
+            },
+            {
+              "description": "Exit-node traffic (data leaving the tailnet via an exit node)",
+              "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| project TimeGenerated, NodeId, SrcNode, ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)"
+            }
+          ],
+          "connectivityCriteria": [
+            {
+              "type": "HasDataConnectors"
+            }
+          ],
           "availability": {
             "status": 1,
             "isPreview": true
@@ -611,8 +2629,8 @@
           },
           "instructionSteps": [
             {
-              "title": "Connect Tailscale",
-              "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** scope. Find your tailnet name on the Keys page.",
+              "title": "Connect Tailscale (Premium)",
+              "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** and **Network Logs - Read** scopes. Find your tailnet name on the Keys page.",
               "instructions": [
                 {
                   "type": "Textbox",
@@ -651,17 +2669,17 @@
               ]
             }
           ],
-          "id": "TailscaleCCF"
+          "id": "TailscalePremiumCCF"
         }
       }
     },
     {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition1')))]",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]",
       "apiVersion": "2022-01-01-preview",
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
       "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition1'))]",
-        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition1')]",
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]",
+        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]",
         "kind": "DataConnector",
         "version": "[variables('dataConnectorCCPVersion')]",
         "source": {
@@ -681,7 +2699,7 @@
           "criteria": [
             {
               "version": "[variables('dataConnectorCCPVersion')]",
-              "contentId": "[variables('_dataConnectorContentIdConnections1')]",
+              "contentId": "[variables('_dataConnectorContentIdConnections2')]",
               "kind": "ResourcesDataConnector"
             }
           ]
@@ -691,14 +2709,14 @@
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections1'), variables('dataConnectorCCPVersion'))]",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections2'), variables('dataConnectorCCPVersion'))]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "contentId": "[variables('_dataConnectorContentIdConnections1')]",
-        "displayName": "Tailscale Standard (CCF)",
+        "contentId": "[variables('_dataConnectorContentIdConnections2')]",
+        "displayName": "Tailscale Premium (CCF)",
         "contentKind": "ResourcesDataConnector",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -713,7 +2731,7 @@
               "type": "securestring"
             },
             "connectorDefinitionName": {
-              "defaultValue": "Tailscale Standard (CCF)",
+              "defaultValue": "Tailscale Premium (CCF)",
               "type": "securestring",
               "minLength": 1
             },
@@ -738,29 +2756,231 @@
               "type": "securestring",
               "minLength": 1
             },
-            "clientSecret": {
-              "defaultValue": "clientSecret",
-              "type": "securestring",
-              "minLength": 1
-            }
-          },
-          "variables": {
-            "_dataConnectorContentIdConnections1": "[variables('_dataConnectorContentIdConnections1')]"
-          },
-          "resources": [
+            "clientSecret": {
+              "defaultValue": "clientSecret",
+              "type": "securestring",
+              "minLength": 1
+            }
+          },
+          "variables": {
+            "_dataConnectorContentIdConnections2": "[variables('_dataConnectorContentIdConnections2')]"
+          },
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections2')))]",
+              "apiVersion": "2022-01-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections2'))]",
+                "contentId": "[variables('_dataConnectorContentIdConnections2')]",
+                "kind": "ResourcesDataConnector",
+                "version": "[variables('dataConnectorCCPVersion')]",
+                "source": {
+                  "sourceId": "[variables('_solutionId')]",
+                  "name": "[variables('_solutionName')]",
+                  "kind": "Solution"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumConfigPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_Audit_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Audit_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/configuration')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 5,
+                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+                  "startTimeAttributeName": "start",
+                  "endTimeAttributeName": "end",
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.logs"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumNetworkPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_Network_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Network_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/network')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 5,
+                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+                  "startTimeAttributeName": "start",
+                  "endTimeAttributeName": "end",
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.logs"
+                  ]
+                },
+                "isActive": true
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections2'),'-', variables('dataConnectorCCPVersion'))))]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "version": "[variables('dataConnectorCCPVersion')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject1').analyticRuleTemplateSpecName1]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A new API access token or OAuth client was created in the tailnet. These grant programmatic access - verify the actor and intent.",
+                "displayName": "Tailscale: New API access token or OAuth client created",
+                "enabled": false,
+                "query": "Tailscale_Audit_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend TargetName = tostring(Target.name)\n      | extend TargetId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, TargetName, TargetId, Origin, New\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "TailscaleCCF",
+                    "dataTypes": [
+                      "Tailscale_Audit_CL"
+                    ]
+                  }
+                ],
+                "tactics": [
+                  "Persistence",
+                  "CredentialAccess"
+                ],
+                "techniques": [
+                  "T1098",
+                  "T1136"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true
+                  }
+                }
+              }
+            },
             {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections1')))]",
-              "apiVersion": "2022-01-01-preview",
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]",
               "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections1'))]",
-                "contentId": "[variables('_dataConnectorContentIdConnections1')]",
-                "kind": "ResourcesDataConnector",
-                "version": "[variables('dataConnectorCCPVersion')]",
+                "description": "Tailscale (CCF) Analytics Rule 1",
+                "parentId": "[variables('analyticRuleObject1').analyticRuleId1]",
+                "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject1').analyticRuleVersion1]",
                 "source": {
-                  "sourceId": "[variables('_solutionId')]",
-                  "name": "[variables('_solutionName')]",
-                  "kind": "Solution"
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
                   "name": "noodlemctwoodle"
@@ -771,51 +2991,118 @@
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
-            },
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: New API access token or OAuth client created",
+        "contentProductId": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]",
+        "id": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]",
+        "version": "[variables('analyticRuleObject1').analyticRuleVersion1]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject2').analyticRuleTemplateSpecName2]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscaleConfigPoller', parameters('guidValue'))]",
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
               "apiVersion": "2023-02-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
-              "kind": "RestApiPoller",
               "properties": {
-                "connectorDefinitionName": "TailscaleCCF",
-                "dataType": "Tailscale_Audit_CL",
-                "dcrConfig": {
-                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
-                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-                  "streamName": "Custom-Tailscale_Audit_CL"
-                },
-                "auth": {
-                  "type": "OAuth2",
-                  "ClientId": "[[parameters('clientId')]",
-                  "ClientSecret": "[[parameters('clientSecret')]",
-                  "GrantType": "client_credentials",
-                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
-                  "TokenEndpointHeaders": {
-                    "Content-Type": "application/x-www-form-urlencoded"
+                "description": "The tailnet ACL/policy file was modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet.",
+                "displayName": "Tailscale: Policy file (ACL) modified",
+                "enabled": false,
+                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, Target, Origin, Old, New\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "TailscaleCCF",
+                    "dataTypes": [
+                      "Tailscale_Audit_CL"
+                    ]
                   }
-                },
-                "request": {
-                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/configuration')]",
-                  "httpMethod": "GET",
-                  "queryWindowInMin": 5,
-                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-                  "startTimeAttributeName": "start",
-                  "endTimeAttributeName": "end",
-                  "rateLimitQps": 1,
-                  "retryCount": 3,
-                  "timeoutInSeconds": 60,
-                  "headers": {
-                    "Accept": "application/json"
+                ],
+                "tactics": [
+                  "DefenseEvasion",
+                  "Persistence"
+                ],
+                "techniques": [
+                  "T1556"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true
                   }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject2').analyticRuleId2,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 2",
+                "parentId": "[variables('analyticRuleObject2').analyticRuleId2]",
+                "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject2').analyticRuleVersion2]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
                 },
-                "response": {
-                  "eventsJsonPaths": [
-                    "$.logs"
-                  ]
+                "author": {
+                  "name": "noodlemctwoodle"
                 },
-                "isActive": true
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
               }
             }
           ]
@@ -823,165 +3110,102 @@
         "packageKind": "Solution",
         "packageVersion": "[variables('_solutionVersion')]",
         "packageName": "[variables('_solutionName')]",
-        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections1'),'-', variables('dataConnectorCCPVersion'))))]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "version": "[variables('dataConnectorCCPVersion')]"
+        "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: Policy file (ACL) modified",
+        "contentProductId": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]",
+        "id": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]",
+        "version": "[variables('analyticRuleObject2').analyticRuleVersion2]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition2'), variables('dataConnectorCCPVersion'))]",
+      "name": "[variables('analyticRuleObject3').analyticRuleTemplateSpecName3]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]",
-        "displayName": "Tailscale Premium (CCF)",
-        "contentKind": "DataConnector",
+        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorCCPVersion')]",
+          "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]",
-              "apiVersion": "2022-09-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
-              "kind": "Customizable",
               "properties": {
-                "connectorUiConfig": {
-                  "title": "Tailscale Premium (CCF)",
-                  "publisher": "Custom",
-                  "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-                  "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration`) **and network flow logs** (`/logging/network`) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Premium and Enterprise tier tailnets.** For Personal (Free) and Standard tailnets, install **Tailscale Standard (CCF)** instead.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Configuration audit events",
-                      "legend": "Tailscale_Audit_CL",
-                      "baseQuery": "Tailscale_Audit_CL"
-                    },
-                    {
-                      "metricName": "Network flow events",
-                      "legend": "Tailscale_Network_CL",
-                      "baseQuery": "Tailscale_Network_CL"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "Tailscale_Audit_CL",
-                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
-                    },
-                    {
-                      "name": "Tailscale_Network_CL",
-                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Network_CL')]"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Recent Tailscale configuration audit events",
-                      "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
-                    },
-                    {
-                      "description": "Recent Tailscale network flows",
-                      "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
-                    },
-                    {
-                      "description": "Top talkers (by bytes) on the tailnet",
-                      "query": "Tailscale_Network_CL\n| mv-expand t = VirtualTraffic\n| extend src = tostring(t.src), dst = tostring(t.dst), txBytes = tolong(t.txBytes), rxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(txBytes + rxBytes) by src, dst\n| top 25 by TotalBytes"
-                    },
-                    {
-                      "description": "Exit-node traffic (data leaving the tailnet via an exit node)",
-                      "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| project TimeGenerated, NodeId, SrcNode, ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)"
-                    }
-                  ],
-                  "connectivityCriteria": [
-                    {
-                      "type": "HasDataConnectors"
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": true
-                  },
-                  "permissions": {
-                    "resourceProvider": [
+                "description": "A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not.",
+                "displayName": "Tailscale: Auth key created",
+                "enabled": false,
+                "query": "Tailscale_Audit_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) == \"AUTH_KEY\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend KeyDescription = tostring(New.description)\n      | extend Reusable = tostring(New.reusable)\n      | extend Ephemeral = tostring(New.ephemeral)\n      | project TimeGenerated, ActorLogin, KeyDescription, Reusable, Ephemeral, Origin, New\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "Low",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "TailscaleCCF",
+                    "dataTypes": [
+                      "Tailscale_Audit_CL"
+                    ]
+                  }
+                ],
+                "tactics": [
+                  "Persistence"
+                ],
+                "techniques": [
+                  "T1098"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
                       {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "Read/Write on the workspace",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "write": true,
-                          "read": true,
-                          "delete": true
-                        }
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "title": "Connect Tailscale (Premium)",
-                      "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** and **Network Logs - Read** scopes. Find your tailnet name on the Keys page.",
-                      "instructions": [
-                        {
-                          "type": "Textbox",
-                          "parameters": {
-                            "label": "Tailscale tailnet",
-                            "placeholder": "tail-XXXX.ts.net",
-                            "type": "text",
-                            "name": "tailnetName"
-                          }
-                        },
-                        {
-                          "type": "Textbox",
-                          "parameters": {
-                            "label": "OAuth Client ID",
-                            "placeholder": "k...",
-                            "type": "text",
-                            "name": "clientId"
-                          }
-                        },
-                        {
-                          "type": "Textbox",
-                          "parameters": {
-                            "label": "OAuth Client Secret",
-                            "placeholder": "tskey-client-...",
-                            "type": "password",
-                            "name": "clientSecret"
-                          }
-                        },
-                        {
-                          "type": "ConnectionToggleButton",
-                          "parameters": {
-                            "connectLabel": "Connect",
-                            "disconnectLabel": "Disconnect"
-                          }
-                        }
-                      ]
-                    }
-                  ],
-                  "id": "TailscalePremiumCCF"
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true
+                  }
                 }
               }
             },
             {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]",
-              "apiVersion": "2022-01-01-preview",
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject3').analyticRuleId3,'/'))))]",
               "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]",
-                "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorCCPVersion')]",
+                "description": "Tailscale (CCF) Analytics Rule 3",
+                "parentId": "[variables('analyticRuleObject3').analyticRuleId3]",
+                "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject3').analyticRuleVersion3]",
                 "source": {
-                  "sourceId": "[variables('_solutionId')]",
-                  "name": "[variables('_solutionName')]",
-                  "kind": "Solution"
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
                   "name": "noodlemctwoodle"
@@ -990,244 +3214,242 @@
                   "name": "Community",
                   "tier": "Community",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
-                },
-                "dependencies": {
-                  "criteria": [
-                    {
-                      "version": "[variables('dataConnectorCCPVersion')]",
-                      "contentId": "[variables('_dataConnectorContentIdConnections2')]",
-                      "kind": "ResourcesDataConnector"
-                    }
-                  ]
                 }
               }
-            },
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: Auth key created",
+        "contentProductId": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]",
+        "id": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]",
+        "version": "[variables('analyticRuleObject3').analyticRuleVersion3]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject4').analyticRuleTemplateSpecName4]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "name": "TailscalePremiumDCR",
-              "apiVersion": "2022-06-01",
-              "type": "Microsoft.Insights/dataCollectionRules",
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
-              "kind": "WorkspaceTransforms",
               "properties": {
-                "dataCollectionEndpointId": "[variables('dataCollectionEndpointId2')]",
-                "streamDeclarations": {
-                  "Custom-Tailscale_Audit_CL": {
-                    "columns": [
-                      {
-                        "name": "eventTime",
-                        "type": "datetime"
-                      },
-                      {
-                        "name": "eventGroupID",
-                        "type": "string"
-                      },
-                      {
-                        "name": "actor",
-                        "type": "dynamic"
-                      },
-                      {
-                        "name": "action",
-                        "type": "string"
-                      },
-                      {
-                        "name": "target",
-                        "type": "dynamic"
-                      },
-                      {
-                        "name": "origin",
-                        "type": "dynamic"
-                      },
-                      {
-                        "name": "new",
-                        "type": "dynamic"
-                      },
-                      {
-                        "name": "old",
-                        "type": "dynamic"
-                      }
-                    ]
-                  },
-                  "Custom-Tailscale_Network_CL": {
-                    "columns": [
-                      {
-                        "name": "nodeId",
-                        "type": "string"
-                      },
-                      {
-                        "name": "logged",
-                        "type": "datetime"
-                      },
-                      {
-                        "name": "start",
-                        "type": "datetime"
-                      },
-                      {
-                        "name": "end",
-                        "type": "datetime"
-                      },
-                      {
-                        "name": "srcNode",
-                        "type": "dynamic"
-                      },
-                      {
-                        "name": "dstNodes",
-                        "type": "dynamic"
-                      },
-                      {
-                        "name": "virtualTraffic",
-                        "type": "dynamic"
-                      },
-                      {
-                        "name": "subnetTraffic",
-                        "type": "dynamic"
-                      },
-                      {
-                        "name": "exitTraffic",
-                        "type": "dynamic"
-                      },
-                      {
-                        "name": "physicalTraffic",
-                        "type": "dynamic"
-                      }
+                "description": "A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator - rogue exit nodes can intercept tailnet egress.",
+                "displayName": "Tailscale: Exit node advertised or approved",
+                "enabled": false,
+                "query": "Tailscale_Audit_CL\n      | where Action contains \"EXIT\" or tostring(New.advertisedExitNode) == \"true\" or tostring(New.allowedExitNode) == \"true\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend NodeName = tostring(Target.name)\n      | extend NodeId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, NodeName, NodeId, Origin, New, Old\n",
+                "queryFrequency": "PT30M",
+                "queryPeriod": "PT30M",
+                "severity": "Low",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "TailscaleCCF",
+                    "dataTypes": [
+                      "Tailscale_Audit_CL"
                     ]
                   }
-                },
-                "destinations": {
-                  "logAnalytics": [
-                    {
-                      "workspaceResourceId": "[variables('workspaceResourceId')]",
-                      "name": "sentinelWorkspace"
-                    }
-                  ]
-                },
-                "dataFlows": [
+                ],
+                "tactics": [
+                  "CommandAndControl",
+                  "Exfiltration"
+                ],
+                "techniques": [
+                  "T1090"
+                ],
+                "entityMappings": [
                   {
-                    "streams": [
-                      "Custom-Tailscale_Audit_CL"
-                    ],
-                    "destinations": [
-                      "sentinelWorkspace"
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
+                      }
                     ],
-                    "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
-                    "outputStream": "Custom-Tailscale_Audit_CL"
+                    "entityType": "Account"
                   },
                   {
-                    "streams": [
-                      "Custom-Tailscale_Network_CL"
-                    ],
-                    "destinations": [
-                      "sentinelWorkspace"
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "NodeName"
+                      }
                     ],
-                    "transformKql": "source | extend TimeGenerated = logged | extend NodeId = nodeId | extend FlowStart = start | extend FlowEnd = end | extend SrcNode = srcNode | extend DstNodes = dstNodes | extend VirtualTraffic = virtualTraffic | extend SubnetTraffic = subnetTraffic | extend ExitTraffic = exitTraffic | extend PhysicalTraffic = physicalTraffic | project TimeGenerated, NodeId, FlowStart, FlowEnd, SrcNode, DstNodes, VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic",
-                    "outputStream": "Custom-Tailscale_Network_CL"
+                    "entityType": "Host"
                   }
-                ]
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true
+                  }
+                }
               }
             },
             {
-              "name": "Tailscale_Audit_CL",
-              "apiVersion": "2022-10-01",
-              "type": "Microsoft.OperationalInsights/workspaces/tables",
-              "location": "[parameters('workspace-location')]",
-              "kind": null,
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject4').analyticRuleId4,'/'))))]",
               "properties": {
-                "schema": {
-                  "name": "Tailscale_Audit_CL",
-                  "columns": [
-                    {
-                      "name": "TimeGenerated",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "EventTime",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "EventGroupID",
-                      "type": "string"
-                    },
-                    {
-                      "name": "Actor",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "Action",
-                      "type": "string"
-                    },
-                    {
-                      "name": "Target",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "Origin",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "New",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "Old",
-                      "type": "dynamic"
-                    }
-                  ]
+                "description": "Tailscale (CCF) Analytics Rule 4",
+                "parentId": "[variables('analyticRuleObject4').analyticRuleId4]",
+                "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject4').analyticRuleVersion4]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
                 },
-                "retentionInDays": 90
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
               }
-            },
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: Exit node advertised or approved",
+        "contentProductId": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]",
+        "id": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]",
+        "version": "[variables('analyticRuleObject4').analyticRuleVersion4]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject5').analyticRuleTemplateSpecName5]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "name": "Tailscale_Network_CL",
-              "apiVersion": "2022-10-01",
-              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
-              "kind": null,
               "properties": {
-                "schema": {
-                  "name": "Tailscale_Network_CL",
-                  "columns": [
-                    {
-                      "name": "TimeGenerated",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "NodeId",
-                      "type": "string"
-                    },
-                    {
-                      "name": "FlowStart",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "FlowEnd",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "SrcNode",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "DstNodes",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "VirtualTraffic",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "SubnetTraffic",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "ExitTraffic",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "PhysicalTraffic",
-                      "type": "dynamic"
-                    }
-                  ]
+                "description": "Five or more API keys, OAuth clients, or auth keys were revoked/deleted within an hour. May be routine rotation, but also a typical cleanup pattern after credential compromise.",
+                "displayName": "Tailscale: Mass credential revocation in short window",
+                "enabled": false,
+                "query": "Tailscale_Audit_CL\n      | where Action in (\"REVOKE\", \"DELETE\")\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\", \"AUTH_KEY\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | summarize\n          RevokedCount = count(),\n          TargetTypes = make_set(tostring(Target.type)),\n          TargetIds = make_set(tostring(Target.id)),\n          FirstEvent = min(TimeGenerated),\n          LastEvent = max(TimeGenerated)\n        by ActorLogin, bin(TimeGenerated, 1h)\n      | where RevokedCount >= 5\n      | project TimeGenerated = LastEvent, ActorLogin, RevokedCount, TargetTypes, TargetIds, FirstEvent, LastEvent\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "TailscaleCCF",
+                    "dataTypes": [
+                      "Tailscale_Audit_CL"
+                    ]
+                  }
+                ],
+                "tactics": [
+                  "DefenseEvasion",
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1070"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject5').analyticRuleId5,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 5",
+                "parentId": "[variables('analyticRuleObject5').analyticRuleId5]",
+                "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject5').analyticRuleVersion5]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
                 },
-                "retentionInDays": 90
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
               }
             }
           ]
@@ -1235,240 +3457,462 @@
         "packageKind": "Solution",
         "packageVersion": "[variables('_solutionVersion')]",
         "packageName": "[variables('_solutionName')]",
-        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition2'),'-', variables('dataConnectorCCPVersion'))))]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "version": "[variables('dataConnectorCCPVersion')]"
+        "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: Mass credential revocation in short window",
+        "contentProductId": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]",
+        "id": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]",
+        "version": "[variables('analyticRuleObject5').analyticRuleVersion5]"
       }
     },
     {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]",
-      "apiVersion": "2022-09-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject6').analyticRuleTemplateSpecName6]",
       "location": "[parameters('workspace-location')]",
-      "kind": "Customizable",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
       "properties": {
-        "connectorUiConfig": {
-          "title": "Tailscale Premium (CCF)",
-          "publisher": "Custom",
-          "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-          "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration`) **and network flow logs** (`/logging/network`) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Premium and Enterprise tier tailnets.** For Personal (Free) and Standard tailnets, install **Tailscale Standard (CCF)** instead.",
-          "graphQueries": [
-            {
-              "metricName": "Configuration audit events",
-              "legend": "Tailscale_Audit_CL",
-              "baseQuery": "Tailscale_Audit_CL"
-            },
-            {
-              "metricName": "Network flow events",
-              "legend": "Tailscale_Network_CL",
-              "baseQuery": "Tailscale_Network_CL"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "Tailscale_Audit_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
-            },
-            {
-              "name": "Tailscale_Network_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Network_CL')]"
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Recent Tailscale configuration audit events",
-              "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
-            },
-            {
-              "description": "Recent Tailscale network flows",
-              "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
-            },
+        "description": "TailscaleDeviceKeyExpiringSoon_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "description": "Top talkers (by bytes) on the tailnet",
-              "query": "Tailscale_Network_CL\n| mv-expand t = VirtualTraffic\n| extend src = tostring(t.src), dst = tostring(t.dst), txBytes = tolong(t.txBytes), rxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(txBytes + rxBytes) by src, dst\n| top 25 by TotalBytes"
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A tailnet device's machine key expires within the next 7 days and key expiry is not disabled. Expired keys force device re-authentication; surface this proactively so it can be renewed in a planned window rather than during an outage.",
+                "displayName": "Tailscale: Device key expiring within 7 days",
+                "enabled": false,
+                "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(6h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where KeyExpiryDisabled == false\n| where isnotnull(Expires)\n| where Expires between (now() .. now() + 7d)\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\n| project TimeGenerated, DeviceName, Hostname, User, Os, DaysToExpiry, Expires, LastSeen\n",
+                "queryFrequency": "PT6H",
+                "queryPeriod": "PT6H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "TailscaleCCF",
+                    "dataTypes": [
+                      "Tailscale_Devices_CL"
+                    ]
+                  }
+                ],
+                "tactics": [
+                  "InitialAccess"
+                ],
+                "techniques": [
+                  "T1078"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "User"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true
+                  }
+                }
+              }
             },
             {
-              "description": "Exit-node traffic (data leaving the tailnet via an exit node)",
-              "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| project TimeGenerated, NodeId, SrcNode, ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)"
-            }
-          ],
-          "connectivityCriteria": [
-            {
-              "type": "HasDataConnectors"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": true
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "Read/Write on the workspace",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "write": true,
-                  "read": true,
-                  "delete": true
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject6').analyticRuleId6,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 6",
+                "parentId": "[variables('analyticRuleObject6').analyticRuleId6]",
+                "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject6').analyticRuleVersion6]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
-            ]
-          },
-          "instructionSteps": [
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: Device key expiring within 7 days",
+        "contentProductId": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]",
+        "id": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]",
+        "version": "[variables('analyticRuleObject6').analyticRuleVersion6]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject7').analyticRuleTemplateSpecName7]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleDeviceAdvertisingSubnetRoutes_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "title": "Connect Tailscale (Premium)",
-              "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** and **Network Logs - Read** scopes. Find your tailnet name on the Keys page.",
-              "instructions": [
-                {
-                  "type": "Textbox",
-                  "parameters": {
-                    "label": "Tailscale tailnet",
-                    "placeholder": "tail-XXXX.ts.net",
-                    "type": "text",
-                    "name": "tailnetName"
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A tailnet device began advertising subnet routes (subnet-router capability) that it was not advertising in the previous snapshot. Subnet routers expose adjacent networks to the tailnet; unexpected advertisement can indicate a compromised node trying to expand reachable surface area or an unsanctioned admin change.",
+                "displayName": "Tailscale: Device started advertising subnet routes",
+                "enabled": false,
+                "query": "let recent =\n    Tailscale_Devices_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where array_length(AdvertisedRoutes) > 0;\nlet baseline =\n    Tailscale_Devices_CL\n    | where TimeGenerated between (ago(1d + 1h) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where array_length(AdvertisedRoutes) > 0\n    | distinct DeviceId;\nrecent\n| join kind=leftanti baseline on DeviceId\n| project TimeGenerated, DeviceId, DeviceName, Hostname, User, AdvertisedRoutes, EnabledRoutes, LastSeen\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P1D",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "TailscaleCCF",
+                    "dataTypes": [
+                      "Tailscale_Devices_CL"
+                    ]
                   }
-                },
-                {
-                  "type": "Textbox",
-                  "parameters": {
-                    "label": "OAuth Client ID",
-                    "placeholder": "k...",
-                    "type": "text",
-                    "name": "clientId"
+                ],
+                "tactics": [
+                  "LateralMovement",
+                  "Persistence"
+                ],
+                "techniques": [
+                  "T1021",
+                  "T1556"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "User"
+                      }
+                    ],
+                    "entityType": "Account"
                   }
-                },
-                {
-                  "type": "Textbox",
-                  "parameters": {
-                    "label": "OAuth Client Secret",
-                    "placeholder": "tskey-client-...",
-                    "type": "password",
-                    "name": "clientSecret"
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true
                   }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject7').analyticRuleId7,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 7",
+                "parentId": "[variables('analyticRuleObject7').analyticRuleId7]",
+                "contentId": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject7').analyticRuleVersion7]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
                 },
-                {
-                  "type": "ConnectionToggleButton",
-                  "parameters": {
-                    "connectLabel": "Connect",
-                    "disconnectLabel": "Disconnect"
-                  }
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
-              ]
+              }
             }
-          ],
-          "id": "TailscalePremiumCCF"
-        }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: Device started advertising subnet routes",
+        "contentProductId": "[variables('analyticRuleObject7')._analyticRulecontentProductId7]",
+        "id": "[variables('analyticRuleObject7')._analyticRulecontentProductId7]",
+        "version": "[variables('analyticRuleObject7').analyticRuleVersion7]"
       }
     },
     {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]",
-      "apiVersion": "2022-01-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject8').analyticRuleTemplateSpecName8]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
       "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]",
-        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorCCPVersion')]",
-        "source": {
-          "sourceId": "[variables('_solutionId')]",
-          "name": "[variables('_solutionName')]",
-          "kind": "Solution"
-        },
-        "author": {
-          "name": "noodlemctwoodle"
-        },
-        "support": {
-          "name": "Community",
-          "tier": "Community",
-          "link": "https://github.com/Azure/Azure-Sentinel/issues"
-        },
-        "dependencies": {
-          "criteria": [
+        "description": "TailscaleUserRoleElevated_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "version": "[variables('dataConnectorCCPVersion')]",
-              "contentId": "[variables('_dataConnectorContentIdConnections2')]",
-              "kind": "ResourcesDataConnector"
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A user's tailnet role changed from a lower-privilege role (member / billing-admin / IT admin) to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review.",
+                "displayName": "Tailscale: User role elevated to admin or owner",
+                "enabled": false,
+                "query": "let elevated = dynamic([\"admin\", \"network-admin\", \"owner\"]);\nlet recent =\n    Tailscale_Users_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by UserId\n    | where Role in (elevated)\n    | project UserId, LoginName, RoleNow = Role;\nlet prior =\n    Tailscale_Users_CL\n    | where TimeGenerated between (ago(2d) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by UserId\n    | project UserId, RolePrior = Role;\nrecent\n| join kind=inner prior on UserId\n| where RoleNow != RolePrior\n| where RolePrior !in (elevated)\n| project TimeGenerated = now(), UserId, LoginName, RolePrior, RoleNow\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P2D",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "TailscaleCCF",
+                    "dataTypes": [
+                      "Tailscale_Users_CL"
+                    ]
+                  }
+                ],
+                "tactics": [
+                  "PrivilegeEscalation",
+                  "Persistence"
+                ],
+                "techniques": [
+                  "T1078",
+                  "T1098"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "LoginName"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject8').analyticRuleId8,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 8",
+                "parentId": "[variables('analyticRuleObject8').analyticRuleId8]",
+                "contentId": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject8').analyticRuleVersion8]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: User role elevated to admin or owner",
+        "contentProductId": "[variables('analyticRuleObject8')._analyticRulecontentProductId8]",
+        "id": "[variables('analyticRuleObject8')._analyticRulecontentProductId8]",
+        "version": "[variables('analyticRuleObject8').analyticRuleVersion8]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections2'), variables('dataConnectorCCPVersion'))]",
+      "name": "[variables('analyticRuleObject9').analyticRuleTemplateSpecName9]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "contentId": "[variables('_dataConnectorContentIdConnections2')]",
-        "displayName": "Tailscale Premium (CCF)",
-        "contentKind": "ResourcesDataConnector",
+        "description": "TailscaleSplitDnsModified_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorCCPVersion')]",
-          "parameters": {
-            "guidValue": {
-              "defaultValue": "[[newGuid()]",
-              "type": "securestring"
-            },
-            "innerWorkspace": {
-              "defaultValue": "[parameters('workspace')]",
-              "type": "securestring"
-            },
-            "connectorDefinitionName": {
-              "defaultValue": "Tailscale Premium (CCF)",
-              "type": "securestring",
-              "minLength": 1
-            },
-            "workspace": {
-              "defaultValue": "[parameters('workspace')]",
-              "type": "securestring"
-            },
-            "dcrConfig": {
-              "defaultValue": {
-                "dataCollectionEndpoint": "data collection Endpoint",
-                "dataCollectionRuleImmutableId": "data collection rule immutableId"
-              },
-              "type": "object"
-            },
-            "tailnetName": {
-              "defaultValue": "tailnetName",
-              "type": "securestring",
-              "minLength": 1
-            },
-            "clientId": {
-              "defaultValue": "clientId",
-              "type": "securestring",
-              "minLength": 1
+          "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "The tailnet split-DNS configuration was modified. Split-DNS overrides per-domain DNS resolution within the tailnet - if an attacker adds a new domain mapping or changes the resolver IP for an existing domain, they can hijack DNS for that domain (e.g., point `*.bank.example` at an attacker-controlled resolver). Captured via the audit log which records every change with the full before/after document and actor attribution.",
+                "displayName": "Tailscale: Split-DNS configuration modified",
+                "enabled": false,
+                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_SPLIT_DNS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldDomains = bag_keys(Old)\n| extend NewDomains = bag_keys(New)\n| extend AddedDomains = set_difference(NewDomains, OldDomains)\n| extend RemovedDomains = set_difference(OldDomains, NewDomains)\n| project TimeGenerated, ActorLogin, AddedDomains, RemovedDomains, Old, New, Origin\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "TailscaleCCF",
+                    "dataTypes": [
+                      "Tailscale_Audit_CL"
+                    ]
+                  }
+                ],
+                "tactics": [
+                  "DefenseEvasion",
+                  "CommandAndControl"
+                ],
+                "techniques": [
+                  "T1556",
+                  "T1568"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true
+                  }
+                }
+              }
             },
-            "clientSecret": {
-              "defaultValue": "clientSecret",
-              "type": "securestring",
-              "minLength": 1
-            }
-          },
-          "variables": {
-            "_dataConnectorContentIdConnections2": "[variables('_dataConnectorContentIdConnections2')]"
-          },
-          "resources": [
             {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections2')))]",
-              "apiVersion": "2022-01-01-preview",
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject9').analyticRuleId9,'/'))))]",
               "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections2'))]",
-                "contentId": "[variables('_dataConnectorContentIdConnections2')]",
-                "kind": "ResourcesDataConnector",
-                "version": "[variables('dataConnectorCCPVersion')]",
+                "description": "Tailscale (CCF) Analytics Rule 9",
+                "parentId": "[variables('analyticRuleObject9').analyticRuleId9]",
+                "contentId": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject9').analyticRuleVersion9]",
                 "source": {
-                  "sourceId": "[variables('_solutionId')]",
-                  "name": "[variables('_solutionName')]",
-                  "kind": "Solution"
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
                   "name": "noodlemctwoodle"
@@ -1479,97 +3923,119 @@
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
-            },
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: Split-DNS configuration modified",
+        "contentProductId": "[variables('analyticRuleObject9')._analyticRulecontentProductId9]",
+        "id": "[variables('analyticRuleObject9')._analyticRulecontentProductId9]",
+        "version": "[variables('analyticRuleObject9').analyticRuleVersion9]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject10').analyticRuleTemplateSpecName10]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleDnsNameserversModified_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumConfigPoller', parameters('guidValue'))]",
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
               "apiVersion": "2023-02-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
-              "kind": "RestApiPoller",
               "properties": {
-                "connectorDefinitionName": "TailscalePremiumCCF",
-                "dataType": "Tailscale_Audit_CL",
-                "dcrConfig": {
-                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
-                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-                  "streamName": "Custom-Tailscale_Audit_CL"
-                },
-                "auth": {
-                  "type": "OAuth2",
-                  "ClientId": "[[parameters('clientId')]",
-                  "ClientSecret": "[[parameters('clientSecret')]",
-                  "GrantType": "client_credentials",
-                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
-                  "TokenEndpointHeaders": {
-                    "Content-Type": "application/x-www-form-urlencoded"
+                "description": "The tailnet's global DNS nameserver list was modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device on the tailnet that uses MagicDNS resolution. Captured via the audit log which records every change with the full before/after document and actor attribution.",
+                "displayName": "Tailscale: DNS nameservers modified",
+                "enabled": false,
+                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_NAMESERVERS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldServers = Old.dns\n| extend NewServers = New.dns\n| extend Added = set_difference(NewServers, OldServers)\n| extend Removed = set_difference(OldServers, NewServers)\n| project TimeGenerated, ActorLogin, OldServers, NewServers, Added, Removed, Origin\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "TailscaleCCF",
+                    "dataTypes": [
+                      "Tailscale_Audit_CL"
+                    ]
                   }
-                },
-                "request": {
-                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/configuration')]",
-                  "httpMethod": "GET",
-                  "queryWindowInMin": 5,
-                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-                  "startTimeAttributeName": "start",
-                  "endTimeAttributeName": "end",
-                  "rateLimitQps": 1,
-                  "retryCount": 3,
-                  "timeoutInSeconds": 60,
-                  "headers": {
-                    "Accept": "application/json"
+                ],
+                "tactics": [
+                  "DefenseEvasion",
+                  "CommandAndControl"
+                ],
+                "techniques": [
+                  "T1556",
+                  "T1568"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
+                      }
+                    ],
+                    "entityType": "Account"
                   }
-                },
-                "response": {
-                  "eventsJsonPaths": [
-                    "$.logs"
-                  ]
-                },
-                "isActive": true
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true
+                  }
+                }
               }
             },
             {
-              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumNetworkPoller', parameters('guidValue'))]",
-              "apiVersion": "2023-02-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "RestApiPoller",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject10').analyticRuleId10,'/'))))]",
               "properties": {
-                "connectorDefinitionName": "TailscalePremiumCCF",
-                "dataType": "Tailscale_Network_CL",
-                "dcrConfig": {
-                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
-                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-                  "streamName": "Custom-Tailscale_Network_CL"
-                },
-                "auth": {
-                  "type": "OAuth2",
-                  "ClientId": "[[parameters('clientId')]",
-                  "ClientSecret": "[[parameters('clientSecret')]",
-                  "GrantType": "client_credentials",
-                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
-                  "TokenEndpointHeaders": {
-                    "Content-Type": "application/x-www-form-urlencoded"
-                  }
-                },
-                "request": {
-                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/network')]",
-                  "httpMethod": "GET",
-                  "queryWindowInMin": 5,
-                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-                  "startTimeAttributeName": "start",
-                  "endTimeAttributeName": "end",
-                  "rateLimitQps": 1,
-                  "retryCount": 3,
-                  "timeoutInSeconds": 60,
-                  "headers": {
-                    "Accept": "application/json"
-                  }
+                "description": "Tailscale (CCF) Analytics Rule 10",
+                "parentId": "[variables('analyticRuleObject10').analyticRuleId10]",
+                "contentId": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject10').analyticRuleVersion10]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
                 },
-                "response": {
-                  "eventsJsonPaths": [
-                    "$.logs"
-                  ]
+                "author": {
+                  "name": "noodlemctwoodle"
                 },
-                "isActive": true
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
               }
             }
           ]
@@ -1577,39 +4043,43 @@
         "packageKind": "Solution",
         "packageVersion": "[variables('_solutionVersion')]",
         "packageName": "[variables('_solutionName')]",
-        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections2'),'-', variables('dataConnectorCCPVersion'))))]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "version": "[variables('dataConnectorCCPVersion')]"
+        "contentId": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale: DNS nameservers modified",
+        "contentProductId": "[variables('analyticRuleObject10')._analyticRulecontentProductId10]",
+        "id": "[variables('analyticRuleObject10')._analyticRulecontentProductId10]",
+        "version": "[variables('analyticRuleObject10').analyticRuleVersion10]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject1').analyticRuleTemplateSpecName1]",
+      "name": "[variables('analyticRuleObject11').analyticRuleTemplateSpecName11]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleMagicDnsDisabled_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
+          "contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
+              "name": "[variables('analyticRuleObject11')._analyticRulecontentId11]",
               "apiVersion": "2023-02-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A new API access token or OAuth client was created in the tailnet. These grant programmatic access - verify the actor and intent.",
-                "displayName": "Tailscale: New API access token or OAuth client created",
+                "description": "MagicDNS was turned off on the tailnet. MagicDNS provides automatic hostname resolution between tailnet devices; disabling it changes DNS behaviour for every device and is occasionally a precursor to a wider DNS hijacking attempt (e.g. attacker disables MagicDNS, then changes DNS nameservers to attacker-controlled resolvers). Disabling is a legitimate but unusual admin action - verify the change was intentional.",
+                "displayName": "Tailscale: MagicDNS disabled",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend TargetName = tostring(Target.name)\n      | extend TargetId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, TargetName, TargetId, Origin, New\n",
+                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"MAGICDNS_PREFERENCES\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldMagicDns = tobool(Old.magicDNS)\n| extend NewMagicDns = tobool(New.magicDNS)\n| where OldMagicDns == true and NewMagicDns == false\n| project TimeGenerated, ActorLogin, OldMagicDns, NewMagicDns, Origin\n",
                 "queryFrequency": "PT15M",
                 "queryPeriod": "PT15M",
                 "severity": "Medium",
@@ -1620,39 +4090,37 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
-                  "Persistence",
-                  "CredentialAccess"
+                  "DefenseEvasion"
                 ],
                 "techniques": [
-                  "T1098",
-                  "T1136"
+                  "T1556"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "enabled": true
                   }
                 }
               }
@@ -1660,13 +4128,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject11').analyticRuleId11,'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 1",
-                "parentId": "[variables('analyticRuleObject1').analyticRuleId1]",
-                "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
+                "description": "Tailscale (CCF) Analytics Rule 11",
+                "parentId": "[variables('analyticRuleObject11').analyticRuleId11]",
+                "contentId": "[variables('analyticRuleObject11')._analyticRulecontentId11]",
                 "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject1').analyticRuleVersion1]",
+                "version": "[variables('analyticRuleObject11').analyticRuleVersion11]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -1689,43 +4157,43 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
+        "contentId": "[variables('analyticRuleObject11')._analyticRulecontentId11]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: New API access token or OAuth client created",
-        "contentProductId": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]",
-        "id": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]",
-        "version": "[variables('analyticRuleObject1').analyticRuleVersion1]"
+        "displayName": "Tailscale: MagicDNS disabled",
+        "contentProductId": "[variables('analyticRuleObject11')._analyticRulecontentProductId11]",
+        "id": "[variables('analyticRuleObject11')._analyticRulecontentProductId11]",
+        "version": "[variables('analyticRuleObject11').analyticRuleVersion11]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject2').analyticRuleTemplateSpecName2]",
+      "name": "[variables('analyticRuleObject12').analyticRuleTemplateSpecName12]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumUnexpectedExitNodeEgress_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
+          "contentVersion": "[variables('analyticRuleObject12').analyticRuleVersion12]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
+              "name": "[variables('analyticRuleObject12')._analyticRulecontentId12]",
               "apiVersion": "2023-02-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "The tailnet ACL/policy file was modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet.",
-                "displayName": "Tailscale: Policy file (ACL) modified",
+                "description": "A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Unexpected exit-node egress",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n      | where Action in (\"UPDATE\", \"CREATE\")\n      | where tostring(Target.type) == \"ACL\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | project TimeGenerated, ActorLogin, Action, Target, Origin, Old, New\n",
-                "queryFrequency": "PT15M",
-                "queryPeriod": "PT15M",
+                "query": "let baseline = 7d;\nlet recent = 1h;\nlet recentEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst), SrcNodeName = tostring(SrcNode.name), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize FirstSeen = min(TimeGenerated), TotalBytes = sum(Bytes) by NodeId, SrcNodeName, Src, ExitDst;\nlet baselineEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst)\n    | distinct NodeId, Src, ExitDst;\nrecentEgress\n| join kind=leftanti baselineEgress on NodeId, Src, ExitDst\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
                 "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -1734,38 +4202,48 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
-                      "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                      "Tailscale_Network_CL"
+                    ]
                   }
                 ],
                 "tactics": [
-                  "DefenseEvasion",
-                  "Persistence"
+                  "CommandAndControl",
+                  "Exfiltration"
                 ],
                 "techniques": [
-                  "T1556"
+                  "T1090",
+                  "T1041"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "Src"
+                      }
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
+                    "groupByEntities": [],
                     "lookbackDuration": "5h",
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "enabled": true
                   }
                 }
               }
@@ -1773,13 +4251,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject2').analyticRuleId2,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject12').analyticRuleId12,'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 2",
-                "parentId": "[variables('analyticRuleObject2').analyticRuleId2]",
-                "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
+                "description": "Tailscale (CCF) Analytics Rule 12",
+                "parentId": "[variables('analyticRuleObject12').analyticRuleId12]",
+                "contentId": "[variables('analyticRuleObject12')._analyticRulecontentId12]",
                 "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject2').analyticRuleVersion2]",
+                "version": "[variables('analyticRuleObject12').analyticRuleVersion12]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -1802,44 +4280,44 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
+        "contentId": "[variables('analyticRuleObject12')._analyticRulecontentId12]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Policy file (ACL) modified",
-        "contentProductId": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]",
-        "id": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]",
-        "version": "[variables('analyticRuleObject2').analyticRuleVersion2]"
+        "displayName": "Tailscale Premium: Unexpected exit-node egress",
+        "contentProductId": "[variables('analyticRuleObject12')._analyticRulecontentProductId12]",
+        "id": "[variables('analyticRuleObject12')._analyticRulecontentProductId12]",
+        "version": "[variables('analyticRuleObject12').analyticRuleVersion12]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject3').analyticRuleTemplateSpecName3]",
+      "name": "[variables('analyticRuleObject13').analyticRuleTemplateSpecName13]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumLargeOutboundTransfer_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
+          "contentVersion": "[variables('analyticRuleObject13').analyticRuleVersion13]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
+              "name": "[variables('analyticRuleObject13')._analyticRulecontentId13]",
               "apiVersion": "2023-02-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not.",
-                "displayName": "Tailscale: Auth key created",
+                "description": "A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) == \"AUTH_KEY\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend KeyDescription = tostring(New.description)\n      | extend Reusable = tostring(New.reusable)\n      | extend Ephemeral = tostring(New.ephemeral)\n      | project TimeGenerated, ActorLogin, KeyDescription, Reusable, Ephemeral, Origin, New\n",
-                "queryFrequency": "PT15M",
-                "queryPeriod": "PT15M",
-                "severity": "Low",
+                "query": "let bytesThreshold = 100 * 1024 * 1024;\nTailscale_Network_CL\n| where TimeGenerated > ago(1h)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), SrcNodeName = take_any(tostring(SrcNode.name)) by NodeId, Src, Dst, Proto\n| where TotalBytes > bytesThreshold\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| order by TotalBytes desc\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -1847,37 +4325,48 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
-                      "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                      "Tailscale_Network_CL"
+                    ]
                   }
                 ],
                 "tactics": [
-                  "Persistence"
+                  "Exfiltration",
+                  "Collection"
                 ],
                 "techniques": [
-                  "T1098"
+                  "T1041",
+                  "T1020"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "Src"
+                      }
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
+                    "groupByEntities": [],
                     "lookbackDuration": "5h",
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "enabled": true
                   }
                 }
               }
@@ -1885,13 +4374,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject3').analyticRuleId3,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject13').analyticRuleId13,'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 3",
-                "parentId": "[variables('analyticRuleObject3').analyticRuleId3]",
-                "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
+                "description": "Tailscale (CCF) Analytics Rule 13",
+                "parentId": "[variables('analyticRuleObject13').analyticRuleId13]",
+                "contentId": "[variables('analyticRuleObject13')._analyticRulecontentId13]",
                 "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject3').analyticRuleVersion3]",
+                "version": "[variables('analyticRuleObject13').analyticRuleVersion13]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -1914,44 +4403,44 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
+        "contentId": "[variables('analyticRuleObject13')._analyticRulecontentId13]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Auth key created",
-        "contentProductId": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]",
-        "id": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]",
-        "version": "[variables('analyticRuleObject3').analyticRuleVersion3]"
+        "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
+        "contentProductId": "[variables('analyticRuleObject13')._analyticRulecontentProductId13]",
+        "id": "[variables('analyticRuleObject13')._analyticRulecontentProductId13]",
+        "version": "[variables('analyticRuleObject13').analyticRuleVersion13]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject4').analyticRuleTemplateSpecName4]",
+      "name": "[variables('analyticRuleObject14').analyticRuleTemplateSpecName14]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
+          "contentVersion": "[variables('analyticRuleObject14').analyticRuleVersion14]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+              "name": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
               "apiVersion": "2023-02-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator - rogue exit nodes can intercept tailnet egress.",
-                "displayName": "Tailscale: Exit node advertised or approved",
+                "description": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Network flow beaconing detected",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n      | where Action contains \"EXIT\" or tostring(New.advertisedExitNode) == \"true\" or tostring(New.allowedExitNode) == \"true\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend NodeName = tostring(Target.name)\n      | extend NodeId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, NodeName, NodeId, Origin, New, Old\n",
-                "queryFrequency": "PT30M",
-                "queryPeriod": "PT30M",
-                "severity": "Low",
+                "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P2D",
+                "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -1959,10 +4448,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
-                      "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                      "Tailscale_Network_CL"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -1970,36 +4459,29 @@
                   "Exfiltration"
                 ],
                 "techniques": [
-                  "T1090"
+                  "T1071",
+                  "T1095",
+                  "T1029"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
-                    "fieldMappings": [
-                      {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "NodeName",
-                        "identifier": "HostName"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "enabled": true
                   }
                 }
               }
@@ -2007,13 +4489,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject4').analyticRuleId4,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject14').analyticRuleId14,'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 4",
-                "parentId": "[variables('analyticRuleObject4').analyticRuleId4]",
-                "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+                "description": "Tailscale (CCF) Analytics Rule 14",
+                "parentId": "[variables('analyticRuleObject14').analyticRuleId14]",
+                "contentId": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
                 "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject4').analyticRuleVersion4]",
+                "version": "[variables('analyticRuleObject14').analyticRuleVersion14]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -2036,43 +4518,43 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
+        "contentId": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Exit node advertised or approved",
-        "contentProductId": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]",
-        "id": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]",
-        "version": "[variables('analyticRuleObject4').analyticRuleVersion4]"
+        "displayName": "Tailscale Premium: Network flow beaconing detected",
+        "contentProductId": "[variables('analyticRuleObject14')._analyticRulecontentProductId14]",
+        "id": "[variables('analyticRuleObject14')._analyticRulecontentProductId14]",
+        "version": "[variables('analyticRuleObject14').analyticRuleVersion14]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject5').analyticRuleTemplateSpecName5]",
+      "name": "[variables('analyticRuleObject15').analyticRuleTemplateSpecName15]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
+          "contentVersion": "[variables('analyticRuleObject15').analyticRuleVersion15]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+              "name": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
               "apiVersion": "2023-02-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Five or more API keys, OAuth clients, or auth keys were revoked/deleted within an hour. May be routine rotation, but also a typical cleanup pattern after credential compromise.",
-                "displayName": "Tailscale: Mass credential revocation in short window",
+                "description": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Mass fan-out from single node",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n      | where Action in (\"REVOKE\", \"DELETE\")\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\", \"AUTH_KEY\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | summarize\n          RevokedCount = count(),\n          TargetTypes = make_set(tostring(Target.type)),\n          TargetIds = make_set(tostring(Target.id)),\n          FirstEvent = min(TimeGenerated),\n          LastEvent = max(TimeGenerated)\n        by ActorLogin, bin(TimeGenerated, 1h)\n      | where RevokedCount >= 5\n      | project TimeGenerated = LastEvent, ActorLogin, RevokedCount, TargetTypes, TargetIds, FirstEvent, LastEvent\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
+                "query": "let dstThreshold = 25;\nTailscale_Network_CL\n| where TimeGenerated > ago(15m)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst)\n| summarize UniqueDestinations = dcount(Dst), SrcNodeName = take_any(tostring(SrcNode.name)), TopDestinations = make_set(Dst, 25) by NodeId, Src\n| where UniqueDestinations >= dstThreshold\n| order by UniqueDestinations desc\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
                 "severity": "High",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -2081,38 +4563,49 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
-                      "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                      "Tailscale_Network_CL"
+                    ]
                   }
                 ],
                 "tactics": [
-                  "DefenseEvasion",
-                  "Impact"
+                  "Discovery",
+                  "LateralMovement"
                 ],
                 "techniques": [
-                  "T1070"
+                  "T1018",
+                  "T1021",
+                  "T1046"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "Src"
+                      }
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
+                    "groupByEntities": [],
                     "lookbackDuration": "5h",
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "enabled": true
                   }
                 }
               }
@@ -2120,13 +4613,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject5').analyticRuleId5,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject15').analyticRuleId15,'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 5",
-                "parentId": "[variables('analyticRuleObject5').analyticRuleId5]",
-                "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+                "description": "Tailscale (CCF) Analytics Rule 15",
+                "parentId": "[variables('analyticRuleObject15').analyticRuleId15]",
+                "contentId": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
                 "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject5').analyticRuleVersion5]",
+                "version": "[variables('analyticRuleObject15').analyticRuleVersion15]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -2149,44 +4642,44 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
+        "contentId": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Mass credential revocation in short window",
-        "contentProductId": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]",
-        "id": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]",
-        "version": "[variables('analyticRuleObject5').analyticRuleVersion5]"
+        "displayName": "Tailscale Premium: Mass fan-out from single node",
+        "contentProductId": "[variables('analyticRuleObject15')._analyticRulecontentProductId15]",
+        "id": "[variables('analyticRuleObject15')._analyticRulecontentProductId15]",
+        "version": "[variables('analyticRuleObject15').analyticRuleVersion15]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject6').analyticRuleTemplateSpecName6]",
+      "name": "[variables('analyticRuleObject16').analyticRuleTemplateSpecName16]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumUnexpectedExitNodeEgress_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
+          "contentVersion": "[variables('analyticRuleObject16').analyticRuleVersion16]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+              "name": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
               "apiVersion": "2023-02-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Unexpected exit-node egress",
+                "description": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Subnet router throughput anomaly",
                 "enabled": false,
-                "query": "let baseline = 7d;\nlet recent = 1h;\nlet recentEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst), SrcNodeName = tostring(SrcNode.name), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize FirstSeen = min(TimeGenerated), TotalBytes = sum(Bytes) by NodeId, SrcNodeName, Src, ExitDst;\nlet baselineEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst)\n    | distinct NodeId, Src, ExitDst;\nrecentEgress\n| join kind=leftanti baselineEgress on NodeId, Src, ExitDst\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n",
+                "query": "let baselineDays = 7d;\nlet recent = 1h;\nlet multiplier = 3.0;\nlet recentTraffic =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), SrcNodeName = tostring(SrcNode.name)\n    | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName;\nlet baseline =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baselineDays + recent) .. ago(recent))\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize TotalBaselineBytes = sum(Bytes) by NodeId\n    | extend BaselineHourlyBytes = TotalBaselineBytes / 168.0;\nrecentTraffic\n| join kind=inner baseline on NodeId\n| where RecentBytes > BaselineHourlyBytes * multiplier\n| extend Multiplier = round(RecentBytes / BaselineHourlyBytes, 1), RecentMB = round(RecentBytes / 1024.0 / 1024.0, 2), BaselineHourlyMB = round(BaselineHourlyBytes / 1024.0 / 1024.0, 2)\n| project NodeId, SrcNodeName, RecentMB, BaselineHourlyMB, Multiplier\n| order by Multiplier desc\n",
                 "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
+                "queryPeriod": "P8D",
+                "severity": "Low",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -2194,48 +4687,39 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
-                  "CommandAndControl",
-                  "Exfiltration"
+                  "Exfiltration",
+                  "CommandAndControl"
                 ],
                 "techniques": [
-                  "T1090",
+                  "T1572",
                   "T1041"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
-                    "fieldMappings": [
-                      {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "enabled": true
                   }
                 }
               }
@@ -2243,13 +4727,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject6').analyticRuleId6,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject16').analyticRuleId16,'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 6",
-                "parentId": "[variables('analyticRuleObject6').analyticRuleId6]",
-                "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+                "description": "Tailscale (CCF) Analytics Rule 16",
+                "parentId": "[variables('analyticRuleObject16').analyticRuleId16]",
+                "contentId": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
                 "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject6').analyticRuleVersion6]",
+                "version": "[variables('analyticRuleObject16').analyticRuleVersion16]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -2272,107 +4756,67 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
+        "contentId": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Unexpected exit-node egress",
-        "contentProductId": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]",
-        "id": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]",
-        "version": "[variables('analyticRuleObject6').analyticRuleVersion6]"
+        "displayName": "Tailscale Premium: Subnet router throughput anomaly",
+        "contentProductId": "[variables('analyticRuleObject16')._analyticRulecontentProductId16]",
+        "id": "[variables('analyticRuleObject16')._analyticRulecontentProductId16]",
+        "version": "[variables('analyticRuleObject16').analyticRuleVersion16]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject7').analyticRuleTemplateSpecName7]",
+      "name": "[variables('huntingQueryObject1').huntingQueryTemplateSpecName1]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumLargeOutboundTransfer_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
+          "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
-              "apiVersion": "2023-02-01-preview",
-              "kind": "Scheduled",
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_1",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
-                "enabled": false,
-                "query": "let bytesThreshold = 100 * 1024 * 1024;\nTailscale_Network_CL\n| where TimeGenerated > ago(1h)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), SrcNodeName = take_any(tostring(SrcNode.name)) by NodeId, Src, Dst, Proto\n| where TotalBytes > bytesThreshold\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| order by TotalBytes desc\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
+                "eTag": "*",
+                "displayName": "Tailscale: First-seen actor making configuration changes",
+                "category": "Hunting Queries",
+                "query": "let lookback = 14d;\nlet baselineWindow = 14d;\nTailscale_Audit_CL\n| where TimeGenerated > ago(lookback)\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize FirstSeen = min(TimeGenerated), Actions = make_set(Action), Targets = make_set(tostring(Target.type)), TotalEvents = count() by ActorLogin\n| join kind=leftanti (\n    Tailscale_Audit_CL\n    | where TimeGenerated between (ago(lookback + baselineWindow) .. ago(lookback))\n    | extend ActorLogin = tostring(Actor.loginName)\n    | distinct ActorLogin\n) on ActorLogin\n| order by FirstSeen asc\n",
+                "version": 2,
+                "tags": [
                   {
-                    "dataTypes": [
-                      "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
-                  }
-                ],
-                "tactics": [
-                  "Exfiltration",
-                  "Collection"
-                ],
-                "techniques": [
-                  "T1041",
-                  "T1020"
-                ],
-                "entityMappings": [
+                    "name": "description",
+                    "value": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights."
+                  },
                   {
-                    "entityType": "Host",
-                    "fieldMappings": [
-                      {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
-                      }
-                    ]
+                    "name": "tactics",
+                    "value": "InitialAccess,Persistence"
                   },
                   {
-                    "entityType": "IP",
-                    "fieldMappings": [
-                      {
-                        "columnName": "Src",
-                        "identifier": "Address"
-                      }
-                    ]
-                  }
-                ],
-                "incidentConfiguration": {
-                  "createIncident": true,
-                  "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "name": "techniques",
+                    "value": "T1078"
                   }
-                }
+                ]
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject7').analyticRuleId7,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 7",
-                "parentId": "[variables('analyticRuleObject7').analyticRuleId7]",
-                "contentId": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject7').analyticRuleVersion7]",
+                "description": "Tailscale (CCF) Hunting Query 1",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1)]",
+                "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject1').huntingQueryVersion1]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -2395,99 +4839,67 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
-        "contentProductId": "[variables('analyticRuleObject7')._analyticRulecontentProductId7]",
-        "id": "[variables('analyticRuleObject7')._analyticRulecontentProductId7]",
-        "version": "[variables('analyticRuleObject7').analyticRuleVersion7]"
+        "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: First-seen actor making configuration changes",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
+        "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject8').analyticRuleTemplateSpecName8]",
+      "name": "[variables('huntingQueryObject2').huntingQueryTemplateSpecName2]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
+          "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
-              "apiVersion": "2023-02-01-preview",
-              "kind": "Scheduled",
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_2",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Network flow beaconing detected",
-                "enabled": false,
-                "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "P2D",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
+                "eTag": "*",
+                "displayName": "Tailscale: ACL policy churn",
+                "category": "Hunting Queries",
+                "query": "let bucket = 30m;\nlet churnThreshold = 3;\nTailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize EditCount = count(), Editors = make_set(ActorLogin), FirstEdit = min(TimeGenerated), LastEdit = max(TimeGenerated)\n    by bin(TimeGenerated, bucket)\n| where EditCount >= churnThreshold\n| order by EditCount desc\n",
+                "version": 2,
+                "tags": [
                   {
-                    "dataTypes": [
-                      "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
-                  }
-                ],
-                "tactics": [
-                  "CommandAndControl",
-                  "Exfiltration"
-                ],
-                "techniques": [
-                  "T1071",
-                  "T1095",
-                  "T1029"
-                ],
-                "entityMappings": [
+                    "name": "description",
+                    "value": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change."
+                  },
                   {
-                    "entityType": "IP",
-                    "fieldMappings": [
-                      {
-                        "columnName": "Src",
-                        "identifier": "Address"
-                      }
-                    ]
-                  }
-                ],
-                "incidentConfiguration": {
-                  "createIncident": true,
-                  "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "name": "tactics",
+                    "value": "DefenseEvasion,PrivilegeEscalation"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1098,T1556"
                   }
-                }
+                ]
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject8').analyticRuleId8,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 8",
-                "parentId": "[variables('analyticRuleObject8').analyticRuleId8]",
-                "contentId": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject8').analyticRuleVersion8]",
+                "description": "Tailscale (CCF) Hunting Query 2",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2)]",
+                "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject2').huntingQueryVersion2]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -2510,108 +4922,67 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Network flow beaconing detected",
-        "contentProductId": "[variables('analyticRuleObject8')._analyticRulecontentProductId8]",
-        "id": "[variables('analyticRuleObject8')._analyticRulecontentProductId8]",
-        "version": "[variables('analyticRuleObject8').analyticRuleVersion8]"
+        "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: ACL policy churn",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
+        "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject9').analyticRuleTemplateSpecName9]",
+      "name": "[variables('huntingQueryObject3').huntingQueryTemplateSpecName3]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
+          "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
-              "apiVersion": "2023-02-01-preview",
-              "kind": "Scheduled",
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_3",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Mass fan-out from single node",
-                "enabled": false,
-                "query": "let dstThreshold = 25;\nTailscale_Network_CL\n| where TimeGenerated > ago(15m)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst)\n| summarize UniqueDestinations = dcount(Dst), SrcNodeName = take_any(tostring(SrcNode.name)), TopDestinations = make_set(Dst, 25) by NodeId, Src\n| where UniqueDestinations >= dstThreshold\n| order by UniqueDestinations desc\n",
-                "queryFrequency": "PT15M",
-                "queryPeriod": "PT15M",
-                "severity": "High",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
+                "eTag": "*",
+                "displayName": "Tailscale: Off-hours configuration changes",
+                "category": "Hunting Queries",
+                "query": "let businessStartUtc = 8;\nlet businessEndUtc = 18;\nTailscale_Audit_CL\n| extend HourOfDay = datetime_part(\"hour\", TimeGenerated), DayOfWeek = dayofweek(TimeGenerated)\n| where DayOfWeek in (0d, 6d)  // Sunday and Saturday\n    or HourOfDay < businessStartUtc\n    or HourOfDay >= businessEndUtc\n| extend ActorLogin = tostring(Actor.loginName)\n| extend TargetType = tostring(Target.type)\n| project TimeGenerated, ActorLogin, Action, TargetType, Target, Origin\n| order by TimeGenerated desc\n",
+                "version": 2,
+                "tags": [
                   {
-                    "dataTypes": [
-                      "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
-                  }
-                ],
-                "tactics": [
-                  "Discovery",
-                  "LateralMovement"
-                ],
-                "techniques": [
-                  "T1018",
-                  "T1021",
-                  "T1046"
-                ],
-                "entityMappings": [
+                    "name": "description",
+                    "value": "Lists configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity."
+                  },
                   {
-                    "entityType": "Host",
-                    "fieldMappings": [
-                      {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
-                      }
-                    ]
+                    "name": "tactics",
+                    "value": "InitialAccess,Persistence"
                   },
                   {
-                    "entityType": "IP",
-                    "fieldMappings": [
-                      {
-                        "columnName": "Src",
-                        "identifier": "Address"
-                      }
-                    ]
-                  }
-                ],
-                "incidentConfiguration": {
-                  "createIncident": true,
-                  "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "name": "techniques",
+                    "value": "T1078"
                   }
-                }
+                ]
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject9').analyticRuleId9,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 9",
-                "parentId": "[variables('analyticRuleObject9').analyticRuleId9]",
-                "contentId": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject9').analyticRuleVersion9]",
+                "description": "Tailscale (CCF) Hunting Query 3",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3)]",
+                "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject3').huntingQueryVersion3]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -2634,98 +5005,67 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Mass fan-out from single node",
-        "contentProductId": "[variables('analyticRuleObject9')._analyticRulecontentProductId9]",
-        "id": "[variables('analyticRuleObject9')._analyticRulecontentProductId9]",
-        "version": "[variables('analyticRuleObject9').analyticRuleVersion9]"
+        "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Off-hours configuration changes",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
+        "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject10').analyticRuleTemplateSpecName10]",
+      "name": "[variables('huntingQueryObject4').huntingQueryTemplateSpecName4]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
+          "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
-              "apiVersion": "2023-02-01-preview",
-              "kind": "Scheduled",
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_4",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Subnet router throughput anomaly",
-                "enabled": false,
-                "query": "let baselineDays = 7d;\nlet recent = 1h;\nlet multiplier = 3.0;\nlet recentTraffic =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), SrcNodeName = tostring(SrcNode.name)\n    | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName;\nlet baseline =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baselineDays + recent) .. ago(recent))\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize TotalBaselineBytes = sum(Bytes) by NodeId\n    | extend BaselineHourlyBytes = TotalBaselineBytes / 168.0;\nrecentTraffic\n| join kind=inner baseline on NodeId\n| where RecentBytes > BaselineHourlyBytes * multiplier\n| extend Multiplier = round(RecentBytes / BaselineHourlyBytes, 1), RecentMB = round(RecentBytes / 1024.0 / 1024.0, 2), BaselineHourlyMB = round(BaselineHourlyBytes / 1024.0 / 1024.0, 2)\n| project NodeId, SrcNodeName, RecentMB, BaselineHourlyMB, Multiplier\n| order by Multiplier desc\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "P8D",
-                "severity": "Low",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
+                "eTag": "*",
+                "displayName": "Tailscale: Auth key sprawl",
+                "category": "Hunting Queries",
+                "query": "let bucket = 1h;\nlet sprawlThreshold = 5;\nTailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize KeysCreated = count(), KeyIDs = make_set(tostring(Target.id)), Reusable = make_set(tostring(New.reusable)), Ephemeral = make_set(tostring(New.ephemeral))\n    by bin(TimeGenerated, bucket), ActorLogin\n| where KeysCreated >= sprawlThreshold\n| order by KeysCreated desc\n",
+                "version": 2,
+                "tags": [
                   {
-                    "dataTypes": [
-                      "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
-                  }
-                ],
-                "tactics": [
-                  "Exfiltration",
-                  "CommandAndControl"
-                ],
-                "techniques": [
-                  "T1572",
-                  "T1041"
-                ],
-                "entityMappings": [
+                    "name": "description",
+                    "value": "Actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context."
+                  },
                   {
-                    "entityType": "Host",
-                    "fieldMappings": [
-                      {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
-                      }
-                    ]
-                  }
-                ],
-                "incidentConfiguration": {
-                  "createIncident": true,
-                  "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "name": "tactics",
+                    "value": "Persistence,CredentialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1098,T1136"
                   }
-                }
+                ]
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject10').analyticRuleId10,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 10",
-                "parentId": "[variables('analyticRuleObject10').analyticRuleId10]",
-                "contentId": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject10').analyticRuleVersion10]",
+                "description": "Tailscale (CCF) Hunting Query 4",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4)]",
+                "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject4').huntingQueryVersion4]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -2748,49 +5088,49 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Subnet router throughput anomaly",
-        "contentProductId": "[variables('analyticRuleObject10')._analyticRulecontentProductId10]",
-        "id": "[variables('analyticRuleObject10')._analyticRulecontentProductId10]",
-        "version": "[variables('analyticRuleObject10').analyticRuleVersion10]"
+        "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Auth key sprawl",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
+        "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject1').huntingQueryTemplateSpecName1]",
+      "name": "[variables('huntingQueryObject5').huntingQueryTemplateSpecName5]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleDormantDevices_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
+          "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_1",
+              "name": "Tailscale_(CCF)_Hunting_Query_5",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: First-seen actor making configuration changes",
+                "displayName": "Tailscale: Devices not seen in 30+ days",
                 "category": "Hunting Queries",
-                "query": "let lookback = 14d;\nlet baselineWindow = 14d;\nTailscale_Audit_CL\n| where TimeGenerated > ago(lookback)\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize FirstSeen = min(TimeGenerated), Actions = make_set(Action), Targets = make_set(tostring(Target.type)), TotalEvents = count() by ActorLogin\n| join kind=leftanti (\n    Tailscale_Audit_CL\n    | where TimeGenerated between (ago(lookback + baselineWindow) .. ago(lookback))\n    | extend ActorLogin = tostring(Actor.loginName)\n    | distinct ActorLogin\n) on ActorLogin\n| order by FirstSeen asc\n",
+                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where LastSeen < ago(30d)\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, DaysSinceSeen, Tags, AdvertisedRoutes\n| order by DaysSinceSeen desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights."
+                    "value": "Lists tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation."
                   },
                   {
                     "name": "tactics",
-                    "value": "InitialAccess,Persistence"
+                    "value": "Discovery"
                   },
                   {
                     "name": "techniques",
@@ -2802,13 +5142,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 1",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1)]",
-                "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+                "description": "Tailscale (CCF) Hunting Query 5",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5)]",
+                "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject1').huntingQueryVersion1]",
+                "version": "[variables('huntingQueryObject5').huntingQueryVersion5]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -2831,53 +5171,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+        "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: First-seen actor making configuration changes",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Devices not seen in 30+ days",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject2').huntingQueryTemplateSpecName2]",
+      "name": "[variables('huntingQueryObject6').huntingQueryTemplateSpecName6]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleAuthKeysNoExpiry_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
+          "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_2",
+              "name": "Tailscale_(CCF)_Hunting_Query_6",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: ACL policy churn",
+                "displayName": "Tailscale: Auth keys with no expiry",
                 "category": "Hunting Queries",
-                "query": "let bucket = 30m;\nlet churnThreshold = 3;\nTailscale_Audit_CL\n| where Action == \"WRITE\"\n| where tostring(Target.type) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize EditCount = count(), Editors = make_set(ActorLogin), FirstEdit = min(TimeGenerated), LastEdit = max(TimeGenerated)\n    by bin(TimeGenerated, bucket)\n| where EditCount >= churnThreshold\n| order by EditCount desc\n",
+                "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked) or Revoked == datetime(null)\n| where isnull(Expires) or Expires == datetime(null)\n| project KeyId, Description, UserId, Created, Capabilities\n| order by Created asc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change."
+                    "value": "Identifies tailnet auth keys that have no expiry timestamp set. Non-expiring keys grant unattended enrollment in perpetuity and should be rotated or replaced with ephemeral, time-bounded keys."
                   },
                   {
                     "name": "tactics",
-                    "value": "DefenseEvasion,PrivilegeEscalation"
+                    "value": "Persistence,CredentialAccess"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1098,T1556"
+                    "value": "T1098,T1136"
                   }
                 ]
               }
@@ -2885,13 +5225,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 2",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2)]",
-                "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+                "description": "Tailscale (CCF) Hunting Query 6",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6)]",
+                "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject2').huntingQueryVersion2]",
+                "version": "[variables('huntingQueryObject6').huntingQueryVersion6]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -2914,49 +5254,49 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+        "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: ACL policy churn",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Auth keys with no expiry",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject3').huntingQueryTemplateSpecName3]",
+      "name": "[variables('huntingQueryObject7').huntingQueryTemplateSpecName7]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleOrphanedUsers_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
+          "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_3",
+              "name": "Tailscale_(CCF)_Hunting_Query_7",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Off-hours configuration changes",
+                "displayName": "Tailscale: Users with zero devices",
                 "category": "Hunting Queries",
-                "query": "let businessStartUtc = 8;\nlet businessEndUtc = 18;\nTailscale_Audit_CL\n| extend HourOfDay = datetime_part(\"hour\", TimeGenerated), DayOfWeek = dayofweek(TimeGenerated)\n| where DayOfWeek in (0d, 6d)  // Sunday and Saturday\n    or HourOfDay < businessStartUtc\n    or HourOfDay >= businessEndUtc\n| extend ActorLogin = tostring(Actor.loginName)\n| extend TargetType = tostring(Target.type)\n| project TimeGenerated, ActorLogin, Action, TargetType, Target, Origin\n| order by TimeGenerated desc\n",
+                "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| where DeviceCount == 0\n| where Status != \"suspended\"\n| project LoginName, DisplayName, Role, Status, DeviceCount, Created, LastSeen\n| order by LastSeen asc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Lists configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity."
+                    "value": "Lists tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records."
                   },
                   {
                     "name": "tactics",
-                    "value": "InitialAccess,Persistence"
+                    "value": "InitialAccess"
                   },
                   {
                     "name": "techniques",
@@ -2968,13 +5308,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 3",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3)]",
-                "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+                "description": "Tailscale (CCF) Hunting Query 7",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7)]",
+                "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject3').huntingQueryVersion3]",
+                "version": "[variables('huntingQueryObject7').huntingQueryVersion7]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -2997,53 +5337,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+        "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Off-hours configuration changes",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Users with zero devices",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject4').huntingQueryTemplateSpecName4]",
+      "name": "[variables('huntingQueryObject8').huntingQueryTemplateSpecName8]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleSplitDnsPerDomainChanges_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
+          "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_4",
+              "name": "Tailscale_(CCF)_Hunting_Query_8",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Auth key sprawl",
+                "displayName": "Tailscale: Split-DNS per-domain change history",
                 "category": "Hunting Queries",
-                "query": "let bucket = 1h;\nlet sprawlThreshold = 5;\nTailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize KeysCreated = count(), KeyIDs = make_set(tostring(Target.id)), Reusable = make_set(tostring(New.reusable)), Ephemeral = make_set(tostring(New.ephemeral))\n    by bin(TimeGenerated, bucket), ActorLogin\n| where KeysCreated >= sprawlThreshold\n| order by KeysCreated desc\n",
+                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_SPLIT_DNS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldKeys = bag_keys(Old), NewKeys = bag_keys(New)\n| extend AllDomains = set_union(OldKeys, NewKeys)\n| mv-expand Domain = AllDomains to typeof(string)\n| extend OldResolvers = Old[Domain], NewResolvers = New[Domain]\n| extend Change = case(\n    isnull(OldResolvers) and isnotnull(NewResolvers), \"added\",\n    isnotnull(OldResolvers) and isnull(NewResolvers), \"removed\",\n    tostring(OldResolvers) != tostring(NewResolvers), \"resolvers-changed\",\n    \"unchanged\")\n| where Change != \"unchanged\"\n| project TimeGenerated, ActorLogin, Domain, Change, OldResolvers, NewResolvers\n| order by TimeGenerated desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context."
+                    "value": "Reconstructs the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended."
                   },
                   {
                     "name": "tactics",
-                    "value": "Persistence,CredentialAccess"
+                    "value": "DefenseEvasion,CommandAndControl"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1098,T1136"
+                    "value": "T1556,T1568"
                   }
                 ]
               }
@@ -3051,13 +5391,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 4",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4)]",
-                "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+                "description": "Tailscale (CCF) Hunting Query 8",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8)]",
+                "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject4').huntingQueryVersion4]",
+                "version": "[variables('huntingQueryObject8').huntingQueryVersion8]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -3080,18 +5420,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+        "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Auth key sprawl",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Split-DNS per-domain change history",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject5').huntingQueryTemplateSpecName5]",
+      "name": "[variables('huntingQueryObject9').huntingQueryTemplateSpecName9]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -3100,14 +5440,14 @@
         "description": "TailscalePremiumNewNodePairs_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
+          "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_5",
+              "name": "Tailscale_(CCF)_Hunting_Query_9",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
@@ -3134,13 +5474,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 5",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5)]",
-                "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+                "description": "Tailscale (CCF) Hunting Query 9",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9)]",
+                "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject5').huntingQueryVersion5]",
+                "version": "[variables('huntingQueryObject9').huntingQueryVersion9]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -3163,18 +5503,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+        "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
         "contentKind": "HuntingQuery",
         "displayName": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject6').huntingQueryTemplateSpecName6]",
+      "name": "[variables('huntingQueryObject10').huntingQueryTemplateSpecName10]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -3183,14 +5523,14 @@
         "description": "TailscalePremiumTopTalkers_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
+          "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_6",
+              "name": "Tailscale_(CCF)_Hunting_Query_10",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
@@ -3217,13 +5557,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 6",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6)]",
-                "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
+                "description": "Tailscale (CCF) Hunting Query 10",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10)]",
+                "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject6').huntingQueryVersion6]",
+                "version": "[variables('huntingQueryObject10').huntingQueryVersion10]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -3246,18 +5586,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
+        "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
         "contentKind": "HuntingQuery",
         "displayName": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject7').huntingQueryTemplateSpecName7]",
+      "name": "[variables('huntingQueryObject11').huntingQueryTemplateSpecName11]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -3266,14 +5606,14 @@
         "description": "TailscalePremiumExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
+          "contentVersion": "[variables('huntingQueryObject11').huntingQueryVersion11]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_7",
+              "name": "Tailscale_(CCF)_Hunting_Query_11",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
@@ -3300,13 +5640,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject11')._huntingQuerycontentId11),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 7",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7)]",
-                "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
+                "description": "Tailscale (CCF) Hunting Query 11",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject11')._huntingQuerycontentId11)]",
+                "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject7').huntingQueryVersion7]",
+                "version": "[variables('huntingQueryObject11').huntingQueryVersion11]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -3329,18 +5669,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
+        "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
         "contentKind": "HuntingQuery",
         "displayName": "Tailscale Premium: Exit-node usage patterns",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject11')._huntingQuerycontentId11,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject11')._huntingQuerycontentId11,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject8').huntingQueryTemplateSpecName8]",
+      "name": "[variables('huntingQueryObject12').huntingQueryTemplateSpecName12]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -3349,14 +5689,14 @@
         "description": "TailscalePremiumBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
+          "contentVersion": "[variables('huntingQueryObject12').huntingQueryVersion12]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_8",
+              "name": "Tailscale_(CCF)_Hunting_Query_12",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
@@ -3383,13 +5723,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject12')._huntingQuerycontentId12),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 8",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8)]",
-                "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
+                "description": "Tailscale (CCF) Hunting Query 12",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject12')._huntingQuerycontentId12)]",
+                "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject8').huntingQueryVersion8]",
+                "version": "[variables('huntingQueryObject12').huntingQueryVersion12]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -3412,11 +5752,11 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
+        "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
         "contentKind": "HuntingQuery",
         "displayName": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject12')._huntingQuerycontentId12,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject12')._huntingQuerycontentId12,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
@@ -3447,7 +5787,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Standard)\\n\\nSecurity and operational view across the **Tailscale Standard (CCF)** data connector. Surfaces configuration audit data (`Tailscale_Audit_CL`).\\n\\nFor network flow visibility, upgrade your tailnet to Premium / Enterprise and install **Tailscale Premium (CCF)** + use the **Tailscale Operations (Premium)** workbook.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"WRITE\\\" and tostring(Target.type) == \\\"ACL\\\"), AuthKeysCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) == \\\"AUTH_KEY\\\")\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"AUTH_KEY\\\"\\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Auth key lifecycle\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"API token and OAuth client activity\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-oauth-api\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"}],\"fromTemplateId\":\"sentinel-TailscaleStandardOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Standard)\\n\\nSecurity and operational view across the **Tailscale Standard (CCF)** data connector. Surfaces configuration audit data (`Tailscale_Audit_CL`).\\n\\nFor network flow visibility, upgrade your tailnet to Premium / Enterprise and install **Tailscale Premium (CCF)** + use the **Tailscale Operations (Premium)** workbook.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\" and tostring(Target.property) == \\\"ACL\\\"), CredentialsCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\"))\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\"\\n| where tostring(Target.type) == \\\"TAILNET\\\"\\n| where tostring(Target.property) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| extend Type = tostring(Target.type)\\n| extend Description = tostring(New.description)\\n| extend Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, Type, ActorLogin, TargetId = tostring(Target.id), Description, Reusable, Ephemeral\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Credential lifecycle (auth keys, API tokens, OAuth clients)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"}],\"fromTemplateId\":\"sentinel-TailscaleStandardOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -3533,7 +5873,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Premium)\\n\\nFull security and operational view across the **Tailscale Premium (CCF)** data connector — covers configuration audit (`Tailscale_Audit_CL`) **and** network flow (`Tailscale_Network_CL`) telemetry.\\n\\nFor Personal (Free) / Standard tier tailnets, use the **Tailscale Operations (Standard)** workbook instead.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"network\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows (Premium)\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"WRITE\\\" and tostring(Target.type) == \\\"ACL\\\"), AuthKeysCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) == \\\"AUTH_KEY\\\")\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"AUTH_KEY\\\"\\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Auth key lifecycle\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"API token and OAuth client activity\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-oauth-api\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Network Flows (Premium)\\n\\nThese visualisations require the `Tailscale Premium (CCF)` data connector. If no data is shown, install the Premium connector or confirm your tailnet is on the Premium or Enterprise tier.\"},\"name\":\"network-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Messages = count(), UniqueNodes = dcount(NodeId)\",\"size\":4,\"title\":\"Network flow summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\"},\"customWidth\":\"100\",\"name\":\"network-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Src = tostring(t.src), Dst = tostring(t.dst), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\\n| summarize TotalBytes = sum(TxBytes + RxBytes) by Src, Dst\\n| top 20 by TotalBytes\\n| render barchart\",\"size\":0,\"title\":\"Top 20 talkers (virtual traffic, bytes)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-top-talkers\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(ExitTraffic) > 0\\n| mv-expand t = ExitTraffic\\n| extend ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst\\n| top 50 by TotalBytes\",\"size\":0,\"title\":\"Exit-node traffic\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-exit-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(SubnetTraffic) > 0\\n| mv-expand t = SubnetTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\\n| top 25 by TotalBytes\",\"size\":0,\"title\":\"Subnet router throughput by source node\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-subnet-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\\n| render timechart\",\"size\":0,\"title\":\"Virtual-traffic bytes over time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-bytes-timechart\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"network-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"}],\"fromTemplateId\":\"sentinel-TailscalePremiumOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Premium)\\n\\nFull security and operational view across the **Tailscale Premium (CCF)** data connector — covers configuration audit (`Tailscale_Audit_CL`) **and** network flow (`Tailscale_Network_CL`) telemetry.\\n\\nFor Personal (Free) / Standard tier tailnets, use the **Tailscale Operations (Standard)** workbook instead.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"network\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows (Premium)\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\" and tostring(Target.property) == \\\"ACL\\\"), CredentialsCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\"))\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\"\\n| where tostring(Target.type) == \\\"TAILNET\\\"\\n| where tostring(Target.property) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| extend Type = tostring(Target.type)\\n| extend Description = tostring(New.description)\\n| extend Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, Type, ActorLogin, TargetId = tostring(Target.id), Description, Reusable, Ephemeral\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Credential lifecycle (auth keys, API tokens, OAuth clients)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Network Flows (Premium)\\n\\nThese visualisations require the `Tailscale Premium (CCF)` data connector. If no data is shown, install the Premium connector or confirm your tailnet is on the Premium or Enterprise tier.\"},\"name\":\"network-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Messages = count(), UniqueNodes = dcount(NodeId)\",\"size\":4,\"title\":\"Network flow summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\"},\"customWidth\":\"100\",\"name\":\"network-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Src = tostring(t.src), Dst = tostring(t.dst), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\\n| summarize TotalBytes = sum(TxBytes + RxBytes) by Src, Dst\\n| top 20 by TotalBytes\\n| render barchart\",\"size\":0,\"title\":\"Top 20 talkers (virtual traffic, bytes)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-top-talkers\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(ExitTraffic) > 0\\n| mv-expand t = ExitTraffic\\n| extend ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst\\n| top 50 by TotalBytes\",\"size\":0,\"title\":\"Exit-node traffic\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-exit-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(SubnetTraffic) > 0\\n| mv-expand t = SubnetTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\\n| top 25 by TotalBytes\",\"size\":0,\"title\":\"Subnet router throughput by source node\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-subnet-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\\n| render timechart\",\"size\":0,\"title\":\"Virtual-traffic bytes over time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-bytes-timechart\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"network-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"}],\"fromTemplateId\":\"sentinel-TailscalePremiumOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -3606,7 +5946,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "Tailscale (CCF)",
         "publisherDisplayName": "Community",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.</p>\n<p><strong>Data connectors in this solution (install one based on your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> — Configuration audit logs (<code>/logging/configuration</code>). Use on <strong>Personal (Free) and Standard</strong> tailnets. Included in this release.</li>\n<li><strong>Tailscale Premium (CCF)</strong> — Configuration audit + network flow logs (<code>/logging/configuration</code> + <code>/logging/network</code>). Use on <strong>Premium and Enterprise</strong> tailnets. <em>Planned for a future release.</em></li>\n</ul>\n<p><strong>Underlying technology:</strong> Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.</p>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the <strong>Audit Logs - Read</strong> scope (Standard connector). For the Premium connector also tick <strong>Network Logs - Read</strong>.</li>\n<li>Copy the client ID and client secret (secret shown once)</li>\n<li>Note your tailnet name from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 10, <strong>Hunting Queries:</strong> 8</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.</p>\n<p><strong>Data connectors in this solution (install one based on your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> - Configuration audit logs (<code>/logging/configuration</code>). Use on <strong>Personal (Free) and Standard</strong> tailnets. Included in this release.</li>\n<li><strong>Tailscale Premium (CCF)</strong> - Configuration audit + network flow logs (<code>/logging/configuration</code> + <code>/logging/network</code>). Use on <strong>Premium and Enterprise</strong> tailnets. <em>Planned for a future release.</em></li>\n</ul>\n<p><strong>Underlying technology:</strong> Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.</p>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the <strong>Audit Logs - Read</strong> scope (Standard connector). For the Premium connector also tick <strong>Network Logs - Read</strong>.</li>\n<li>Copy the client ID and client secret (secret shown once)</li>\n<li>Note your tailnet name from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 16, <strong>Hunting Queries:</strong> 12</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -3689,6 +6029,36 @@
               "contentId": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
               "version": "[variables('analyticRuleObject10').analyticRuleVersion10]"
             },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject11')._analyticRulecontentId11]",
+              "version": "[variables('analyticRuleObject11').analyticRuleVersion11]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject12')._analyticRulecontentId12]",
+              "version": "[variables('analyticRuleObject12').analyticRuleVersion12]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject13')._analyticRulecontentId13]",
+              "version": "[variables('analyticRuleObject13').analyticRuleVersion13]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
+              "version": "[variables('analyticRuleObject14').analyticRuleVersion14]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
+              "version": "[variables('analyticRuleObject15').analyticRuleVersion15]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
+              "version": "[variables('analyticRuleObject16').analyticRuleVersion16]"
+            },
             {
               "kind": "HuntingQuery",
               "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
@@ -3729,6 +6099,26 @@
               "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
               "version": "[variables('huntingQueryObject8').huntingQueryVersion8]"
             },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
+              "version": "[variables('huntingQueryObject9').huntingQueryVersion9]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
+              "version": "[variables('huntingQueryObject10').huntingQueryVersion10]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
+              "version": "[variables('huntingQueryObject11').huntingQueryVersion11]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
+              "version": "[variables('huntingQueryObject12').huntingQueryVersion12]"
+            },
             {
               "kind": "Workbook",
               "contentId": "[variables('_workbookContentId1')]",
diff --git a/Solutions/Tailscale (CCF)/README.md b/Solutions/Tailscale (CCF)/README.md
index 952ddc373b9..adfbdbee2bb 100644
--- a/Solutions/Tailscale (CCF)/README.md	
+++ b/Solutions/Tailscale (CCF)/README.md	
@@ -11,12 +11,12 @@ Install **one** of these connectors based on your Tailscale plan:
 | **Tailscale Standard (CCF)** | `/logging/configuration` | Personal (Free) + Standard | **Included** |
 | Tailscale Premium (CCF) | `/logging/configuration` + `/logging/network` | Premium + Enterprise | Planned |
 
-The split mirrors what the Tailscale API actually exposes per tier — Network flow logs are only available on Premium and above. If you're on Personal or Standard, install Tailscale Standard; if you're on Premium or Enterprise install Tailscale Premium (which covers both endpoints).
+The split mirrors what the Tailscale API actually exposes per tier - Network flow logs are only available on Premium and above. If you're on Personal or Standard, install Tailscale Standard; if you're on Premium or Enterprise install Tailscale Premium (which covers both endpoints).
 
 ## Contents
 
-- **Data connector** — Sentinel UI card ("Tailscale Standard (CCF)") that uses OAuth2 client-credentials auth, polling the configuration endpoint every 5 minutes.
-- **Custom table** — `Tailscale_Audit_CL` (typed columns for actor, action, target, origin, new, old).
+- **Data connector** - Sentinel UI card ("Tailscale Standard (CCF)") that uses OAuth2 client-credentials auth, polling the configuration endpoint every 5 minutes.
+- **Custom table** - `Tailscale_Audit_CL` (typed columns for actor, action, target, origin, new, old).
 - **5 analytic rules**:
   - New API access token or OAuth client created (Medium)
   - Policy file (ACL) modified (Medium)
@@ -36,7 +36,7 @@ The split mirrors what the Tailscale API actually exposes per tier — Network f
 ## Connect
 
 1. Install this solution via **Content Hub**.
-2. Sentinel → **Data Connectors** → search "Tailscale Standard (CCF)" → **Open connector page**.
+2. Sentinel -> **Data Connectors** -> search "Tailscale Standard (CCF)" -> **Open connector page**.
 3. Supply:
    - Tailscale tailnet name
    - OAuth Client ID
@@ -45,7 +45,7 @@ The split mirrors what the Tailscale API actually exposes per tier — Network f
 
 ## Why OAuth client, not a personal API token
 
-Tailscale's `logging/configuration` endpoint requires the `logs:configuration:read` scope. Personal API access tokens (`tskey-api-...`) are unscoped — when used against this endpoint, the API returns HTTP 200 but with `logs: null`, silently. OAuth clients are required to grant the specific scope.
+Tailscale's `logging/configuration` endpoint requires the `logs:configuration:read` scope. Personal API access tokens (`tskey-api-...`) are unscoped - when used against this endpoint, the API returns HTTP 200 but with `logs: null`, silently. OAuth clients are required to grant the specific scope.
 
 ## Verification
 
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json
index c49fbaf11df..74a7eb999d8 100644
--- a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
@@ -114,7 +114,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \"WRITE\" and tostring(Target.type) == \"ACL\"), AuthKeysCreated = countif(Action == \"CREATE\" and tostring(Target.type) == \"AUTH_KEY\")",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \"UPDATE\" and tostring(Target.type) == \"TAILNET\" and tostring(Target.property) == \"ACL\"), CredentialsCreated = countif(Action == \"CREATE\" and tostring(Target.type) in (\"AUTH_KEY\", \"API_KEY\", \"OAUTH_CLIENT\"))",
               "size": 4,
               "title": "Configuration audit summary",
               "queryType": 0,
@@ -210,7 +210,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\n| order by TimeGenerated desc",
               "size": 0,
               "title": "ACL policy change history",
               "queryType": 0,
@@ -223,27 +223,14 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"AUTH_KEY\", \"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Type = tostring(Target.type)\n| extend Description = tostring(New.description)\n| extend Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\n| project TimeGenerated, Action, Type, ActorLogin, TargetId = tostring(Target.id), Description, Reusable, Ephemeral\n| order by TimeGenerated desc",
               "size": 0,
-              "title": "Auth key lifecycle",
+              "title": "Credential lifecycle (auth keys, API tokens, OAuth clients)",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces"
             },
             "customWidth": "100",
             "name": "config-authkey-lifecycle"
-          },
-          {
-            "type": 3,
-            "content": {
-              "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\n| order by TimeGenerated desc",
-              "size": 0,
-              "title": "API token and OAuth client activity",
-              "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
-            },
-            "customWidth": "100",
-            "name": "config-oauth-api"
           }
         ]
       },
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json
index 109ce999d67..33094db969f 100644
--- a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
@@ -106,7 +106,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \"WRITE\" and tostring(Target.type) == \"ACL\"), AuthKeysCreated = countif(Action == \"CREATE\" and tostring(Target.type) == \"AUTH_KEY\")",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \"UPDATE\" and tostring(Target.type) == \"TAILNET\" and tostring(Target.property) == \"ACL\"), CredentialsCreated = countif(Action == \"CREATE\" and tostring(Target.type) in (\"AUTH_KEY\", \"API_KEY\", \"OAUTH_CLIENT\"))",
               "size": 4,
               "title": "Configuration audit summary",
               "queryType": 0,
@@ -202,7 +202,7 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\n| order by TimeGenerated desc",
               "size": 0,
               "title": "ACL policy change history",
               "queryType": 0,
@@ -215,27 +215,14 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName), Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\n| project TimeGenerated, Action, ActorLogin, KeyId = tostring(Target.id), Reusable, Ephemeral, Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"AUTH_KEY\", \"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Type = tostring(Target.type)\n| extend Description = tostring(New.description)\n| extend Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\n| project TimeGenerated, Action, Type, ActorLogin, TargetId = tostring(Target.id), Description, Reusable, Ephemeral\n| order by TimeGenerated desc",
               "size": 0,
-              "title": "Auth key lifecycle",
+              "title": "Credential lifecycle (auth keys, API tokens, OAuth clients)",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces"
             },
             "customWidth": "100",
             "name": "config-authkey-lifecycle"
-          },
-          {
-            "type": 3,
-            "content": {
-              "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, Action, ActorLogin, Type = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\n| order by TimeGenerated desc",
-              "size": 0,
-              "title": "API token and OAuth client activity",
-              "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
-            },
-            "customWidth": "100",
-            "name": "config-oauth-api"
           }
         ]
       },

From 7f7272b1adc5122cf56f00a8fbe98577241bfeca Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 10:42:55 +0100
Subject: [PATCH 07/27] Tailscale Premium (CCF): full expansion to 11 pollers +
 posture content

Builds out the Tailscale Premium (CCF) connector to mirror Standard's
full state coverage and add Premium-only sources. Premium connector is
now self-contained - users on Premium or Enterprise tier install ONLY
Premium and get everything (no need to also install Standard).

Premium connector pollers (11):
  Shared with Standard (same shape):
   1. /logging/configuration    -> Tailscale_Audit_CL
   2. /devices                  -> Tailscale_Devices_CL
   3. /users                    -> Tailscale_Users_CL
   4. /keys?all=true            -> Tailscale_Keys_CL
   5. /webhooks                 -> Tailscale_Webhooks_CL
   6. /dns/nameservers          -> Tailscale_DnsNameservers_CL
   7. /dns/preferences          -> Tailscale_DnsPreferences_CL
   8. /dns/searchpaths          -> Tailscale_DnsSearchPaths_CL
   9. /settings                 -> Tailscale_Settings_CL
  Premium-only:
  10. /logging/network          -> Tailscale_Network_CL (already existed)
  11. /posture/integrations     -> Tailscale_PostureIntegrations_CL (NEW)

Removed TokenEndpointQueryParameters from the OAuth2 block on both
existing Premium pollers (same CCP-framework reserved-keys fix applied
to Standard earlier).

New table:
  Tailscale_PostureIntegrations_CL columns:
    IntegrationId, Provider, CloudId, ClientId, TenantId_Provider,
    ConfigOverwrites, Status. Captures MDM/EDR integrations (Jamf,
    Kandji, Intune, Kolide, Microsoft Defender for Endpoint,
    CrowdStrike Falcon, SentinelOne, etc.).

Premium analytic rules added (2 new, on top of existing 5):
  - TailscalePremiumPostureIntegrationDisabled    High / T1562, T1556
    Audit-log based; fires on DELETE/UPDATE of POSTURE_INTEGRATION
    targets. Disabling enforcement on a tailnet is high-severity.
  - TailscalePremiumNewPostureIntegration         Medium / T1098
    Audit-log based; fires on CREATE of POSTURE_INTEGRATION. New
    integration is legitimate at setup or vendor changes; unexpected
    addition warrants review.

Premium hunting query added (1 new, on top of existing 4):
  - TailscalePremiumPostureInventory
    Current posture-integration inventory derived from
    Tailscale_PostureIntegrations_CL latest snapshot per integration.

Premium workbook gains a new tab: "Posture" with current integrations
table, by-provider pie chart, and change-history view from audit log.

OAuth scopes required on Premium client:
  logs:configuration:read, logs:network:read, devices:core:read,
  users:read, auth_keys:read, webhooks:read, dns:read,
  feature_settings:read (covers posture/integrations endpoint).

CustomTables/Tailscale_PostureIntegrations_CL.json added for KQL
validation in the upstream CI matrix.

Status: built but NOT validated against a real Premium tailnet (we
don't have access to one yet). The /logging/network and
/posture/integrations endpoints are tier-gated to Premium+; on lower
tiers those pollers will return 403 with the same error pattern we
saw earlier on /user-invites. Schema, transformKql, and analytic rule
predicates are based on Tailscale's documented response shapes - they
will likely need a minor tweak once we observe real Premium data.

Total solution surface now:
  - 2 data connectors (Standard, Premium)
  - 11 custom tables (9 Standard + 2 Premium-only)
  - 18 analytic rules (11 Standard + 7 Premium)
  - 13 hunting queries (8 Standard + 5 Premium)
  - 2 workbooks (Standard 3-tab + Premium 4-tab incl. Posture)
---
 .../Tailscale_PostureIntegrations_CL.json     |   13 +
 ...TailscalePremiumNewPostureIntegration.yaml |   41 +
 ...calePremiumPostureIntegrationDisabled.yaml |   43 +
 .../TailscalePremium_ConnectorDefinition.json |  115 +-
 .../TailscalePremium_DCR.json                 |  502 ++-
 .../TailscalePremium_PollerConfig.json        |  394 ++-
 .../TailscalePremium_tables.json              |  518 ++-
 .../Data/Solution_Tailscale.json              |    7 +-
 .../TailscalePremiumPostureInventory.yaml     |   18 +
 Solutions/Tailscale (CCF)/Package/3.0.3.zip   |  Bin 39222 -> 47641 bytes
 .../Package/createUiDefinition.json           |   44 +-
 .../Tailscale (CCF)/Package/mainTemplate.json | 3028 +++++++++++++----
 .../Workbooks/TailscalePremiumOperations.json |   69 +
 13 files changed, 4100 insertions(+), 692 deletions(-)
 create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_PostureIntegrations_CL.json
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumNewPostureIntegration.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml

diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_PostureIntegrations_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_PostureIntegrations_CL.json
new file mode 100644
index 00000000000..482c4e98769
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_PostureIntegrations_CL.json
@@ -0,0 +1,13 @@
+{ "Name": "Tailscale_PostureIntegrations_CL",
+"Properties":[
+  { "Name": "TenantId", "Type": "string" },
+  { "Name": "SourceSystem", "Type": "string" },
+  { "Name": "TimeGenerated", "Type": "datetime" },
+  { "Name": "IntegrationId", "Type": "string" },
+  { "Name": "Provider", "Type": "string" },
+  { "Name": "CloudId", "Type": "string" },
+  { "Name": "ClientId", "Type": "string" },
+  { "Name": "TenantId_Provider", "Type": "string" },
+  { "Name": "ConfigOverwrites", "Type": "dynamic" },
+  { "Name": "Status", "Type": "dynamic" }
+]}
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumNewPostureIntegration.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumNewPostureIntegration.yaml
new file mode 100644
index 00000000000..84bc92cfeee
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumNewPostureIntegration.yaml	
@@ -0,0 +1,41 @@
+id: b2c3d4e5-6789-0123-45ab-cdef12345031
+name: "Tailscale Premium: New posture integration added"
+description: |
+  A new device-posture integration was added to the tailnet. Posture integrations connect Tailscale to MDM/EDR systems (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) for device compliance enforcement. Adding a new integration is legitimate during setup or vendor changes; an unexpected addition could indicate an attacker establishing a control plane or bypassing existing compliance gates. Requires Tailscale Premium or Enterprise.
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Audit_CL
+queryFrequency: 15m
+queryPeriod: 15m
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - Persistence
+relevantTechniques:
+  - T1098
+query: |
+  Tailscale_Audit_CL
+  | where Action == "CREATE"
+  | where tostring(Target.type) == "POSTURE_INTEGRATION"
+    or tostring(Target.type) startswith "POSTURE"
+  | extend ActorLogin = tostring(Actor.loginName)
+  | extend Provider = tostring(Target.name)
+  | project TimeGenerated, ActorLogin, Provider, Target, New, Origin
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml
new file mode 100644
index 00000000000..f088c28c546
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml	
@@ -0,0 +1,43 @@
+id: a1b2c3d4-5678-9012-34ab-cdef12345030
+name: "Tailscale Premium: Posture integration disabled or removed"
+description: |
+  A device-posture integration (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) was disabled or removed from the tailnet. Posture integrations enforce device compliance (OS up-to-date, EDR running, etc.) before allowing tailnet access; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise (posture integrations feature).
+severity: High
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Audit_CL
+queryFrequency: 15m
+queryPeriod: 15m
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - DefenseEvasion
+  - Persistence
+relevantTechniques:
+  - T1562
+  - T1556
+query: |
+  Tailscale_Audit_CL
+  | where Action in ("DELETE", "UPDATE")
+  | where tostring(Target.type) == "POSTURE_INTEGRATION"
+    or tostring(Target.type) startswith "POSTURE"
+  | extend ActorLogin = tostring(Actor.loginName)
+  | extend Provider = tostring(Target.name)
+  | project TimeGenerated, ActorLogin, Action, Provider, Target, Old, New, Origin
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json
index 05f3fcfec8e..6dc66f732fa 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json	
@@ -8,17 +8,62 @@
       "title": "Tailscale Premium (CCF)",
       "publisher": "Custom",
       "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-      "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration`) **and network flow logs** (`/logging/network`) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Premium and Enterprise tier tailnets.** For Personal (Free) and Standard tailnets, install **Tailscale Standard (CCF)** instead.",
+      "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Premium and Enterprise** tier tailnets. Polls every endpoint the Standard connector polls, **plus** Premium-only network flow logs and posture-integration inventory. Eleven endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events\n- `/logging/network` - **Premium** network flow logs (per-node traffic with src/dst/protocol/bytes)\n- `/devices` - device inventory\n- `/users` - user inventory\n- `/keys?all=true` - auth keys + API tokens + OAuth clients\n- `/webhooks` - webhook configuration\n- `/dns/nameservers` - DNS resolver snapshot\n- `/dns/preferences` - MagicDNS toggle state\n- `/dns/searchpaths` - DNS search paths\n- `/settings` - tailnet settings flags\n- `/posture/integrations` - **Premium** MDM/EDR integration inventory (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.)\n\n**OAuth scopes required:** `logs:configuration:read`, `logs:network:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`).\n\n**If your tailnet is Personal (Free) or Standard tier, install `Tailscale Standard (CCF)` instead - this Premium connector's network and posture pollers will return 403 on lower tiers.**",
       "graphQueries": [
         {
-          "metricName": "Configuration audit events",
+          "metricName": "Audit",
           "legend": "Tailscale_Audit_CL",
           "baseQuery": "Tailscale_Audit_CL"
         },
         {
-          "metricName": "Network flow events",
+          "metricName": "Devices",
+          "legend": "Tailscale_Devices_CL",
+          "baseQuery": "Tailscale_Devices_CL"
+        },
+        {
+          "metricName": "Users",
+          "legend": "Tailscale_Users_CL",
+          "baseQuery": "Tailscale_Users_CL"
+        },
+        {
+          "metricName": "Keys",
+          "legend": "Tailscale_Keys_CL",
+          "baseQuery": "Tailscale_Keys_CL"
+        },
+        {
+          "metricName": "Webhooks",
+          "legend": "Tailscale_Webhooks_CL",
+          "baseQuery": "Tailscale_Webhooks_CL"
+        },
+        {
+          "metricName": "DnsNameservers",
+          "legend": "Tailscale_DnsNameservers_CL",
+          "baseQuery": "Tailscale_DnsNameservers_CL"
+        },
+        {
+          "metricName": "DnsPreferences",
+          "legend": "Tailscale_DnsPreferences_CL",
+          "baseQuery": "Tailscale_DnsPreferences_CL"
+        },
+        {
+          "metricName": "DnsSearchPaths",
+          "legend": "Tailscale_DnsSearchPaths_CL",
+          "baseQuery": "Tailscale_DnsSearchPaths_CL"
+        },
+        {
+          "metricName": "Settings",
+          "legend": "Tailscale_Settings_CL",
+          "baseQuery": "Tailscale_Settings_CL"
+        },
+        {
+          "metricName": "Network",
           "legend": "Tailscale_Network_CL",
           "baseQuery": "Tailscale_Network_CL"
+        },
+        {
+          "metricName": "PostureIntegrations",
+          "legend": "Tailscale_PostureIntegrations_CL",
+          "baseQuery": "Tailscale_PostureIntegrations_CL"
         }
       ],
       "dataTypes": [
@@ -26,31 +71,73 @@
           "name": "Tailscale_Audit_CL",
           "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
         },
+        {
+          "name": "Tailscale_Devices_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Devices_CL')]"
+        },
+        {
+          "name": "Tailscale_Users_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Users_CL')]"
+        },
+        {
+          "name": "Tailscale_Keys_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Keys_CL')]"
+        },
+        {
+          "name": "Tailscale_Webhooks_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Webhooks_CL')]"
+        },
+        {
+          "name": "Tailscale_DnsNameservers_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsNameservers_CL')]"
+        },
+        {
+          "name": "Tailscale_DnsPreferences_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsPreferences_CL')]"
+        },
+        {
+          "name": "Tailscale_DnsSearchPaths_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsSearchPaths_CL')]"
+        },
+        {
+          "name": "Tailscale_Settings_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Settings_CL')]"
+        },
         {
           "name": "Tailscale_Network_CL",
           "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Network_CL')]"
+        },
+        {
+          "name": "Tailscale_PostureIntegrations_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_PostureIntegrations_CL')]"
         }
       ],
       "sampleQueries": [
         {
-          "description": "Recent Tailscale configuration audit events",
-          "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
+          "description": "Recent network flows",
+          "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
         },
         {
-          "description": "Recent Tailscale network flows",
-          "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
+          "description": "Top exit-node egress destinations",
+          "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), ExitDst = tostring(t.dst)\n| summarize TotalBytes = sum(Bytes) by ExitDst\n| top 25 by TotalBytes"
         },
         {
-          "description": "Top talkers (by bytes) on the tailnet",
-          "query": "Tailscale_Network_CL\n| mv-expand t = VirtualTraffic\n| extend src = tostring(t.src), dst = tostring(t.dst), txBytes = tolong(t.txBytes), rxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(txBytes + rxBytes) by src, dst\n| top 25 by TotalBytes"
+          "description": "Currently configured posture integrations",
+          "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| project IntegrationId, Provider, ClientId, Status"
         },
         {
-          "description": "Exit-node traffic (data leaving the tailnet via an exit node)",
-          "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| project TimeGenerated, NodeId, SrcNode, ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)"
+          "description": "Device inventory by OS",
+          "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Devices = count() by Os"
+        },
+        {
+          "description": "Recent audit events",
+          "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
         }
       ],
       "connectivityCriteria": [
-        { "type": "HasDataConnectors" }
+        {
+          "type": "HasDataConnectors"
+        }
       ],
       "availability": {
         "status": 1,
@@ -74,7 +161,7 @@
       "instructionSteps": [
         {
           "title": "Connect Tailscale (Premium)",
-          "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** and **Network Logs - Read** scopes. Find your tailnet name on the Keys page.",
+          "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with these **Read** scopes: Logs > Configuration, Logs > Network (Premium), General > DNS, General > Users, Devices > Core, Keys > Auth Keys, Keys > Webhooks, Settings > Feature Settings (or tick `all:read`). Find your tailnet name on the Keys page.",
           "instructions": [
             {
               "type": "Textbox",
@@ -116,4 +203,4 @@
       "id": "TailscalePremiumCCF"
     }
   }
-}
+}
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json
index bdbb8b0a280..8df8cb5fb6f 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json	
@@ -8,28 +8,386 @@
     "streamDeclarations": {
       "Custom-Tailscale_Audit_CL": {
         "columns": [
-          { "name": "eventTime", "type": "datetime" },
-          { "name": "eventGroupID", "type": "string" },
-          { "name": "actor", "type": "dynamic" },
-          { "name": "action", "type": "string" },
-          { "name": "target", "type": "dynamic" },
-          { "name": "origin", "type": "dynamic" },
-          { "name": "new", "type": "dynamic" },
-          { "name": "old", "type": "dynamic" }
+          {
+            "name": "eventTime",
+            "type": "datetime"
+          },
+          {
+            "name": "eventGroupID",
+            "type": "string"
+          },
+          {
+            "name": "actor",
+            "type": "dynamic"
+          },
+          {
+            "name": "action",
+            "type": "string"
+          },
+          {
+            "name": "target",
+            "type": "dynamic"
+          },
+          {
+            "name": "origin",
+            "type": "dynamic"
+          },
+          {
+            "name": "new",
+            "type": "dynamic"
+          },
+          {
+            "name": "old",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "Custom-Tailscale_Devices_CL": {
+        "columns": [
+          {
+            "name": "id",
+            "type": "string"
+          },
+          {
+            "name": "name",
+            "type": "string"
+          },
+          {
+            "name": "hostname",
+            "type": "string"
+          },
+          {
+            "name": "user",
+            "type": "string"
+          },
+          {
+            "name": "os",
+            "type": "string"
+          },
+          {
+            "name": "clientVersion",
+            "type": "string"
+          },
+          {
+            "name": "updateAvailable",
+            "type": "boolean"
+          },
+          {
+            "name": "authorized",
+            "type": "boolean"
+          },
+          {
+            "name": "isExternal",
+            "type": "boolean"
+          },
+          {
+            "name": "created",
+            "type": "datetime"
+          },
+          {
+            "name": "lastSeen",
+            "type": "datetime"
+          },
+          {
+            "name": "expires",
+            "type": "datetime"
+          },
+          {
+            "name": "keyExpiryDisabled",
+            "type": "boolean"
+          },
+          {
+            "name": "blocksIncomingConnections",
+            "type": "boolean"
+          },
+          {
+            "name": "addresses",
+            "type": "dynamic"
+          },
+          {
+            "name": "tags",
+            "type": "dynamic"
+          },
+          {
+            "name": "enabledRoutes",
+            "type": "dynamic"
+          },
+          {
+            "name": "advertisedRoutes",
+            "type": "dynamic"
+          },
+          {
+            "name": "clientConnectivity",
+            "type": "dynamic"
+          },
+          {
+            "name": "machineKey",
+            "type": "string"
+          },
+          {
+            "name": "nodeKey",
+            "type": "string"
+          }
+        ]
+      },
+      "Custom-Tailscale_Users_CL": {
+        "columns": [
+          {
+            "name": "id",
+            "type": "string"
+          },
+          {
+            "name": "displayName",
+            "type": "string"
+          },
+          {
+            "name": "loginName",
+            "type": "string"
+          },
+          {
+            "name": "tailnetId",
+            "type": "string"
+          },
+          {
+            "name": "type",
+            "type": "string"
+          },
+          {
+            "name": "role",
+            "type": "string"
+          },
+          {
+            "name": "status",
+            "type": "string"
+          },
+          {
+            "name": "deviceCount",
+            "type": "int"
+          },
+          {
+            "name": "created",
+            "type": "datetime"
+          },
+          {
+            "name": "lastSeen",
+            "type": "datetime"
+          },
+          {
+            "name": "currentlyConnected",
+            "type": "boolean"
+          },
+          {
+            "name": "profilePicUrl",
+            "type": "string"
+          }
+        ]
+      },
+      "Custom-Tailscale_Keys_CL": {
+        "columns": [
+          {
+            "name": "id",
+            "type": "string"
+          },
+          {
+            "name": "description",
+            "type": "string"
+          },
+          {
+            "name": "userId",
+            "type": "string"
+          },
+          {
+            "name": "created",
+            "type": "datetime"
+          },
+          {
+            "name": "expires",
+            "type": "datetime"
+          },
+          {
+            "name": "revoked",
+            "type": "datetime"
+          },
+          {
+            "name": "capabilities",
+            "type": "dynamic"
+          },
+          {
+            "name": "keyType",
+            "type": "string"
+          },
+          {
+            "name": "expirySeconds",
+            "type": "int"
+          }
+        ]
+      },
+      "Custom-Tailscale_Webhooks_CL": {
+        "columns": [
+          {
+            "name": "endpointId",
+            "type": "string"
+          },
+          {
+            "name": "endpointUrl",
+            "type": "string"
+          },
+          {
+            "name": "providerType",
+            "type": "string"
+          },
+          {
+            "name": "creatorLoginName",
+            "type": "string"
+          },
+          {
+            "name": "created",
+            "type": "datetime"
+          },
+          {
+            "name": "lastModified",
+            "type": "datetime"
+          },
+          {
+            "name": "subscriptions",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "Custom-Tailscale_DnsNameservers_CL": {
+        "columns": [
+          {
+            "name": "dns",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "Custom-Tailscale_Settings_CL": {
+        "columns": [
+          {
+            "name": "devicesApprovalOn",
+            "type": "boolean"
+          },
+          {
+            "name": "devicesAutoUpdatesOn",
+            "type": "boolean"
+          },
+          {
+            "name": "devicesKeyDurationDays",
+            "type": "int"
+          },
+          {
+            "name": "usersApprovalOn",
+            "type": "boolean"
+          },
+          {
+            "name": "usersRoleAllowedToJoinExternalTailnets",
+            "type": "string"
+          },
+          {
+            "name": "networkFlowLoggingOn",
+            "type": "boolean"
+          },
+          {
+            "name": "regionalRoutingOn",
+            "type": "boolean"
+          },
+          {
+            "name": "postureIdentityCollectionOn",
+            "type": "boolean"
+          }
+        ]
+      },
+      "Custom-Tailscale_DnsPreferences_CL": {
+        "columns": [
+          {
+            "name": "magicDNS",
+            "type": "boolean"
+          }
+        ]
+      },
+      "Custom-Tailscale_DnsSearchPaths_CL": {
+        "columns": [
+          {
+            "name": "searchPaths",
+            "type": "dynamic"
+          }
         ]
       },
       "Custom-Tailscale_Network_CL": {
         "columns": [
-          { "name": "nodeId", "type": "string" },
-          { "name": "logged", "type": "datetime" },
-          { "name": "start", "type": "datetime" },
-          { "name": "end", "type": "datetime" },
-          { "name": "srcNode", "type": "dynamic" },
-          { "name": "dstNodes", "type": "dynamic" },
-          { "name": "virtualTraffic", "type": "dynamic" },
-          { "name": "subnetTraffic", "type": "dynamic" },
-          { "name": "exitTraffic", "type": "dynamic" },
-          { "name": "physicalTraffic", "type": "dynamic" }
+          {
+            "name": "nodeId",
+            "type": "string"
+          },
+          {
+            "name": "logged",
+            "type": "datetime"
+          },
+          {
+            "name": "start",
+            "type": "datetime"
+          },
+          {
+            "name": "end",
+            "type": "datetime"
+          },
+          {
+            "name": "srcNode",
+            "type": "dynamic"
+          },
+          {
+            "name": "dstNodes",
+            "type": "dynamic"
+          },
+          {
+            "name": "virtualTraffic",
+            "type": "dynamic"
+          },
+          {
+            "name": "subnetTraffic",
+            "type": "dynamic"
+          },
+          {
+            "name": "exitTraffic",
+            "type": "dynamic"
+          },
+          {
+            "name": "physicalTraffic",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "Custom-Tailscale_PostureIntegrations_CL": {
+        "columns": [
+          {
+            "name": "id",
+            "type": "string"
+          },
+          {
+            "name": "provider",
+            "type": "string"
+          },
+          {
+            "name": "cloudId",
+            "type": "string"
+          },
+          {
+            "name": "clientId",
+            "type": "string"
+          },
+          {
+            "name": "tenantId",
+            "type": "string"
+          },
+          {
+            "name": "configOverwrites",
+            "type": "dynamic"
+          },
+          {
+            "name": "status",
+            "type": "dynamic"
+          }
         ]
       }
     },
@@ -43,17 +401,115 @@
     },
     "dataFlows": [
       {
-        "streams": [ "Custom-Tailscale_Audit_CL" ],
-        "destinations": [ "sentinelWorkspace" ],
+        "streams": [
+          "Custom-Tailscale_Audit_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
         "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
         "outputStream": "Custom-Tailscale_Audit_CL"
       },
       {
-        "streams": [ "Custom-Tailscale_Network_CL" ],
-        "destinations": [ "sentinelWorkspace" ],
+        "streams": [
+          "Custom-Tailscale_Devices_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend DeviceId = id | extend DeviceName = name | extend Hostname = hostname | extend User = user | extend Os = os | extend ClientVersion = clientVersion | extend UpdateAvailable = updateAvailable | extend Authorized = authorized | extend IsExternal = isExternal | extend Created = created | extend LastSeen = lastSeen | extend Expires = expires | extend KeyExpiryDisabled = keyExpiryDisabled | extend BlocksIncomingConnections = blocksIncomingConnections | extend Addresses = addresses | extend Tags = tags | extend EnabledRoutes = enabledRoutes | extend AdvertisedRoutes = advertisedRoutes | extend ClientConnectivity = clientConnectivity | extend MachineKey = machineKey | extend NodeKey = nodeKey | project TimeGenerated, DeviceId, DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, Created, LastSeen, Expires, KeyExpiryDisabled, BlocksIncomingConnections, Addresses, Tags, EnabledRoutes, AdvertisedRoutes, ClientConnectivity, MachineKey, NodeKey",
+        "outputStream": "Custom-Tailscale_Devices_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_Users_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend UserId = id | extend DisplayName = displayName | extend LoginName = loginName | extend TailnetId = tailnetId | extend UserType = type | extend Role = role | extend Status = status | extend DeviceCount = deviceCount | extend Created = created | extend LastSeen = lastSeen | extend CurrentlyConnected = currentlyConnected | extend ProfilePicUrl = profilePicUrl | project TimeGenerated, UserId, DisplayName, LoginName, TailnetId, UserType, Role, Status, DeviceCount, Created, LastSeen, CurrentlyConnected, ProfilePicUrl",
+        "outputStream": "Custom-Tailscale_Users_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_Keys_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend KeyId = id | extend Description = description | extend UserId = userId | extend Created = created | extend Expires = expires | extend Revoked = revoked | extend Capabilities = capabilities | extend KeyType = keyType | extend ExpirySeconds = expirySeconds | project TimeGenerated, KeyId, Description, UserId, Created, Expires, Revoked, Capabilities, KeyType, ExpirySeconds",
+        "outputStream": "Custom-Tailscale_Keys_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_Webhooks_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend EndpointId = endpointId | extend EndpointUrl = endpointUrl | extend ProviderType = providerType | extend CreatorLoginName = creatorLoginName | extend Created = created | extend LastModified = lastModified | extend Subscriptions = subscriptions | project TimeGenerated, EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions",
+        "outputStream": "Custom-Tailscale_Webhooks_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_DnsNameservers_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend DnsServers = dns | project TimeGenerated, DnsServers",
+        "outputStream": "Custom-Tailscale_DnsNameservers_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_Settings_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend DevicesApprovalOn = devicesApprovalOn | extend DevicesAutoUpdatesOn = devicesAutoUpdatesOn | extend DevicesKeyDurationDays = devicesKeyDurationDays | extend UsersApprovalOn = usersApprovalOn | extend UsersRoleAllowedToJoinExternalTailnets = usersRoleAllowedToJoinExternalTailnets | extend NetworkFlowLoggingOn = networkFlowLoggingOn | extend RegionalRoutingOn = regionalRoutingOn | extend PostureIdentityCollectionOn = postureIdentityCollectionOn | project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn",
+        "outputStream": "Custom-Tailscale_Settings_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_DnsPreferences_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend MagicDNS = magicDNS | project TimeGenerated, MagicDNS",
+        "outputStream": "Custom-Tailscale_DnsPreferences_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_DnsSearchPaths_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend SearchPaths = searchPaths | project TimeGenerated, SearchPaths",
+        "outputStream": "Custom-Tailscale_DnsSearchPaths_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_Network_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
         "transformKql": "source | extend TimeGenerated = logged | extend NodeId = nodeId | extend FlowStart = start | extend FlowEnd = end | extend SrcNode = srcNode | extend DstNodes = dstNodes | extend VirtualTraffic = virtualTraffic | extend SubnetTraffic = subnetTraffic | extend ExitTraffic = exitTraffic | extend PhysicalTraffic = physicalTraffic | project TimeGenerated, NodeId, FlowStart, FlowEnd, SrcNode, DstNodes, VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic",
         "outputStream": "Custom-Tailscale_Network_CL"
+      },
+      {
+        "streams": [
+          "Custom-Tailscale_PostureIntegrations_CL"
+        ],
+        "destinations": [
+          "sentinelWorkspace"
+        ],
+        "transformKql": "source | extend TimeGenerated = now() | extend IntegrationId = id | extend Provider = provider | extend CloudId = cloudId | extend ClientId = clientId | extend TenantId_Provider = tenantId | extend ConfigOverwrites = configOverwrites | extend Status = status | project TimeGenerated, IntegrationId, Provider, CloudId, ClientId, TenantId_Provider, ConfigOverwrites, Status",
+        "outputStream": "Custom-Tailscale_PostureIntegrations_CL"
       }
     ]
   }
-}
+}
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json
index 8281fabe560..c139d7f5179 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json	
@@ -1,6 +1,6 @@
 [
   {
-    "name": "TailscalePremiumConfigPoller",
+    "name": "TailscalePremiumConfigAuditPoller",
     "apiVersion": "2023-02-01-preview",
     "type": "Microsoft.SecurityInsights/dataConnectors",
     "kind": "RestApiPoller",
@@ -26,15 +26,15 @@
         "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/configuration')]",
         "httpMethod": "GET",
         "queryWindowInMin": 5,
-        "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-        "startTimeAttributeName": "start",
-        "endTimeAttributeName": "end",
         "rateLimitQps": 1,
         "retryCount": 3,
         "timeoutInSeconds": 60,
         "headers": {
           "Accept": "application/json"
-        }
+        },
+        "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+        "startTimeAttributeName": "start",
+        "endTimeAttributeName": "end"
       },
       "response": {
         "eventsJsonPaths": [
@@ -71,9 +71,51 @@
         "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/network')]",
         "httpMethod": "GET",
         "queryWindowInMin": 5,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        },
         "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
         "startTimeAttributeName": "start",
-        "endTimeAttributeName": "end",
+        "endTimeAttributeName": "end"
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$.logs"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscalePremiumDevicesPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscalePremiumCCF",
+      "dataType": "Tailscale_Devices_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Devices_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/devices')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
         "rateLimitQps": 1,
         "retryCount": 3,
         "timeoutInSeconds": 60,
@@ -83,10 +125,346 @@
       },
       "response": {
         "eventsJsonPaths": [
-          "$.logs"
+          "$.devices"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscalePremiumUsersPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscalePremiumCCF",
+      "dataType": "Tailscale_Users_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Users_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/users')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$.users"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscalePremiumKeysPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscalePremiumCCF",
+      "dataType": "Tailscale_Keys_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Keys_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/keys?all=true')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$.keys"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscalePremiumWebhooksPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscalePremiumCCF",
+      "dataType": "Tailscale_Webhooks_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Webhooks_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/webhooks')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$.webhooks"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscalePremiumDnsNameserversPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscalePremiumCCF",
+      "dataType": "Tailscale_DnsNameservers_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_DnsNameservers_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/dns/nameservers')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscalePremiumDnsPreferencesPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscalePremiumCCF",
+      "dataType": "Tailscale_DnsPreferences_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_DnsPreferences_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/dns/preferences')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscalePremiumDnsSearchPathsPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscalePremiumCCF",
+      "dataType": "Tailscale_DnsSearchPaths_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_DnsSearchPaths_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/dns/searchpaths')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscalePremiumSettingsPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscalePremiumCCF",
+      "dataType": "Tailscale_Settings_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_Settings_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/settings')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$"
+        ]
+      },
+      "isActive": true
+    }
+  },
+  {
+    "name": "TailscalePremiumPostureIntegrationsPoller",
+    "apiVersion": "2023-02-01-preview",
+    "type": "Microsoft.SecurityInsights/dataConnectors",
+    "kind": "RestApiPoller",
+    "properties": {
+      "connectorDefinitionName": "TailscalePremiumCCF",
+      "dataType": "Tailscale_PostureIntegrations_CL",
+      "dcrConfig": {
+        "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+        "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+        "streamName": "Custom-Tailscale_PostureIntegrations_CL"
+      },
+      "auth": {
+        "type": "OAuth2",
+        "ClientId": "[[parameters('clientId')]",
+        "ClientSecret": "[[parameters('clientSecret')]",
+        "GrantType": "client_credentials",
+        "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+        "TokenEndpointHeaders": {
+          "Content-Type": "application/x-www-form-urlencoded"
+        }
+      },
+      "request": {
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/posture/integrations')]",
+        "httpMethod": "GET",
+        "queryWindowInMin": 60,
+        "rateLimitQps": 1,
+        "retryCount": 3,
+        "timeoutInSeconds": 60,
+        "headers": {
+          "Accept": "application/json"
+        }
+      },
+      "response": {
+        "eventsJsonPaths": [
+          "$.integrations"
         ]
       },
       "isActive": true
     }
   }
-]
+]
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json
index 29380f7f30f..c17baffa2b7 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json	
@@ -7,15 +7,418 @@
       "schema": {
         "name": "Tailscale_Audit_CL",
         "columns": [
-          { "name": "TimeGenerated", "type": "datetime" },
-          { "name": "EventTime", "type": "datetime" },
-          { "name": "EventGroupID", "type": "string" },
-          { "name": "Actor", "type": "dynamic" },
-          { "name": "Action", "type": "string" },
-          { "name": "Target", "type": "dynamic" },
-          { "name": "Origin", "type": "dynamic" },
-          { "name": "New", "type": "dynamic" },
-          { "name": "Old", "type": "dynamic" }
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "EventTime",
+            "type": "datetime"
+          },
+          {
+            "name": "EventGroupID",
+            "type": "string"
+          },
+          {
+            "name": "Actor",
+            "type": "dynamic"
+          },
+          {
+            "name": "Action",
+            "type": "string"
+          },
+          {
+            "name": "Target",
+            "type": "dynamic"
+          },
+          {
+            "name": "Origin",
+            "type": "dynamic"
+          },
+          {
+            "name": "New",
+            "type": "dynamic"
+          },
+          {
+            "name": "Old",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_Devices_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Devices_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "DeviceId",
+            "type": "string"
+          },
+          {
+            "name": "DeviceName",
+            "type": "string"
+          },
+          {
+            "name": "Hostname",
+            "type": "string"
+          },
+          {
+            "name": "User",
+            "type": "string"
+          },
+          {
+            "name": "Os",
+            "type": "string"
+          },
+          {
+            "name": "ClientVersion",
+            "type": "string"
+          },
+          {
+            "name": "UpdateAvailable",
+            "type": "boolean"
+          },
+          {
+            "name": "Authorized",
+            "type": "boolean"
+          },
+          {
+            "name": "IsExternal",
+            "type": "boolean"
+          },
+          {
+            "name": "Created",
+            "type": "datetime"
+          },
+          {
+            "name": "LastSeen",
+            "type": "datetime"
+          },
+          {
+            "name": "Expires",
+            "type": "datetime"
+          },
+          {
+            "name": "KeyExpiryDisabled",
+            "type": "boolean"
+          },
+          {
+            "name": "BlocksIncomingConnections",
+            "type": "boolean"
+          },
+          {
+            "name": "Addresses",
+            "type": "dynamic"
+          },
+          {
+            "name": "Tags",
+            "type": "dynamic"
+          },
+          {
+            "name": "EnabledRoutes",
+            "type": "dynamic"
+          },
+          {
+            "name": "AdvertisedRoutes",
+            "type": "dynamic"
+          },
+          {
+            "name": "ClientConnectivity",
+            "type": "dynamic"
+          },
+          {
+            "name": "MachineKey",
+            "type": "string"
+          },
+          {
+            "name": "NodeKey",
+            "type": "string"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_Users_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Users_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "UserId",
+            "type": "string"
+          },
+          {
+            "name": "DisplayName",
+            "type": "string"
+          },
+          {
+            "name": "LoginName",
+            "type": "string"
+          },
+          {
+            "name": "TailnetId",
+            "type": "string"
+          },
+          {
+            "name": "UserType",
+            "type": "string"
+          },
+          {
+            "name": "Role",
+            "type": "string"
+          },
+          {
+            "name": "Status",
+            "type": "string"
+          },
+          {
+            "name": "DeviceCount",
+            "type": "int"
+          },
+          {
+            "name": "Created",
+            "type": "datetime"
+          },
+          {
+            "name": "LastSeen",
+            "type": "datetime"
+          },
+          {
+            "name": "CurrentlyConnected",
+            "type": "boolean"
+          },
+          {
+            "name": "ProfilePicUrl",
+            "type": "string"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_Keys_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Keys_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "KeyId",
+            "type": "string"
+          },
+          {
+            "name": "Description",
+            "type": "string"
+          },
+          {
+            "name": "UserId",
+            "type": "string"
+          },
+          {
+            "name": "Created",
+            "type": "datetime"
+          },
+          {
+            "name": "Expires",
+            "type": "datetime"
+          },
+          {
+            "name": "Revoked",
+            "type": "datetime"
+          },
+          {
+            "name": "Capabilities",
+            "type": "dynamic"
+          },
+          {
+            "name": "KeyType",
+            "type": "string"
+          },
+          {
+            "name": "ExpirySeconds",
+            "type": "int"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_Webhooks_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Webhooks_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "EndpointId",
+            "type": "string"
+          },
+          {
+            "name": "EndpointUrl",
+            "type": "string"
+          },
+          {
+            "name": "ProviderType",
+            "type": "string"
+          },
+          {
+            "name": "CreatorLoginName",
+            "type": "string"
+          },
+          {
+            "name": "Created",
+            "type": "datetime"
+          },
+          {
+            "name": "LastModified",
+            "type": "datetime"
+          },
+          {
+            "name": "Subscriptions",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_DnsNameservers_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_DnsNameservers_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "DnsServers",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_Settings_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Settings_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "DevicesApprovalOn",
+            "type": "boolean"
+          },
+          {
+            "name": "DevicesAutoUpdatesOn",
+            "type": "boolean"
+          },
+          {
+            "name": "DevicesKeyDurationDays",
+            "type": "int"
+          },
+          {
+            "name": "UsersApprovalOn",
+            "type": "boolean"
+          },
+          {
+            "name": "UsersRoleAllowedToJoinExternalTailnets",
+            "type": "string"
+          },
+          {
+            "name": "NetworkFlowLoggingOn",
+            "type": "boolean"
+          },
+          {
+            "name": "RegionalRoutingOn",
+            "type": "boolean"
+          },
+          {
+            "name": "PostureIdentityCollectionOn",
+            "type": "boolean"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_DnsPreferences_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_DnsPreferences_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "MagicDNS",
+            "type": "boolean"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_DnsSearchPaths_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_DnsSearchPaths_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "SearchPaths",
+            "type": "dynamic"
+          }
         ]
       },
       "retentionInDays": 90
@@ -29,19 +432,94 @@
       "schema": {
         "name": "Tailscale_Network_CL",
         "columns": [
-          { "name": "TimeGenerated", "type": "datetime" },
-          { "name": "NodeId", "type": "string" },
-          { "name": "FlowStart", "type": "datetime" },
-          { "name": "FlowEnd", "type": "datetime" },
-          { "name": "SrcNode", "type": "dynamic" },
-          { "name": "DstNodes", "type": "dynamic" },
-          { "name": "VirtualTraffic", "type": "dynamic" },
-          { "name": "SubnetTraffic", "type": "dynamic" },
-          { "name": "ExitTraffic", "type": "dynamic" },
-          { "name": "PhysicalTraffic", "type": "dynamic" }
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "NodeId",
+            "type": "string"
+          },
+          {
+            "name": "FlowStart",
+            "type": "datetime"
+          },
+          {
+            "name": "FlowEnd",
+            "type": "datetime"
+          },
+          {
+            "name": "SrcNode",
+            "type": "dynamic"
+          },
+          {
+            "name": "DstNodes",
+            "type": "dynamic"
+          },
+          {
+            "name": "VirtualTraffic",
+            "type": "dynamic"
+          },
+          {
+            "name": "SubnetTraffic",
+            "type": "dynamic"
+          },
+          {
+            "name": "ExitTraffic",
+            "type": "dynamic"
+          },
+          {
+            "name": "PhysicalTraffic",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
+  },
+  {
+    "name": "Tailscale_PostureIntegrations_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_PostureIntegrations_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "IntegrationId",
+            "type": "string"
+          },
+          {
+            "name": "Provider",
+            "type": "string"
+          },
+          {
+            "name": "CloudId",
+            "type": "string"
+          },
+          {
+            "name": "ClientId",
+            "type": "string"
+          },
+          {
+            "name": "TenantId_Provider",
+            "type": "string"
+          },
+          {
+            "name": "ConfigOverwrites",
+            "type": "dynamic"
+          },
+          {
+            "name": "Status",
+            "type": "dynamic"
+          }
         ]
       },
       "retentionInDays": 90
     }
   }
-]
+]
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
index 852a27bfba7..710f26cf29e 100644
--- a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -27,7 +27,9 @@
     "Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml",
     "Analytic Rules/TailscalePremiumBeaconingDetected.yaml",
     "Analytic Rules/TailscalePremiumMassFanOut.yaml",
-    "Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml"
+    "Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml",
+    "Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml",
+    "Analytic Rules/TailscalePremiumNewPostureIntegration.yaml"
   ],
   "Hunting Queries": [
     "Hunting Queries/TailscaleFirstSeenActor.yaml",
@@ -41,7 +43,8 @@
     "Hunting Queries/TailscalePremiumNewNodePairs.yaml",
     "Hunting Queries/TailscalePremiumTopTalkers.yaml",
     "Hunting Queries/TailscalePremiumExitNodeUsage.yaml",
-    "Hunting Queries/TailscalePremiumBeaconingCandidates.yaml"
+    "Hunting Queries/TailscalePremiumBeaconingCandidates.yaml",
+    "Hunting Queries/TailscalePremiumPostureInventory.yaml"
   ],
   "Workbooks": [
     "Workbooks/TailscaleStandardOperations.json",
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml
new file mode 100644
index 00000000000..d9b3cef67a3
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml	
@@ -0,0 +1,18 @@
+id: c3d4e5f6-7890-1234-56ab-cdef12345032
+name: "Tailscale Premium: Current posture integration inventory"
+description: |
+  Lists the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise.
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_PostureIntegrations_CL
+tactics:
+  - DefenseEvasion
+relevantTechniques:
+  - T1562
+query: |
+  Tailscale_PostureIntegrations_CL
+  | summarize arg_max(TimeGenerated, *) by IntegrationId
+  | project IntegrationId, Provider, ClientId, TenantId_Provider, Status, ConfigOverwrites
+  | order by Provider asc
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.3.zip b/Solutions/Tailscale (CCF)/Package/3.0.3.zip
index 8492bb673c4527b54a28b5a9829e4b5ecdabaf01..f9b5f2c7eb27f35c46d0de0339a954e36200a6e2 100644
GIT binary patch
literal 47641
zcmY(qQ*>t0)&v^cwr$(CosMnii*4Js&5muWW7|%Lx6k>{xZ~c}y=vE<HP_hdp=vHA
zSx_)EARr(pATjltU!w*Q`+3+vKm!3lK$!oYnmC&oxtgh4iJ6&O*;~0<IoLB;yExci
z>s>nIO1gjFmUD#;lLw3jU~1E9M**TKO7+aBBazSDO2yK*Gq{0tuFeSnuRw$LzfvtG
zijSpLPF?5V!N{i|z_hake**>g`kne^`ujl4e`u!9GGX?F&u4oYbcBC=>?bQTv}72^
zZNv}n%0?G2AKmk|`!n(2;gg4sbPkVvM~d&?Z<d#HCF*!tJ)LP+c7N&$cwNVQr|%?`
zWkKgsx3I0SX6hVH568!Oo~;7yuXF2A#+F&|s)jni8i~gd)L!z3{QEA@yliaVxYd_`
zK%VRFL?3MSGr^!3Rrt_FbfY7So!?}>*_jG0EFt9=XQtx7`qO3gyH<@>Oxfbxq|^C)
znS?hF4iDOn=o@RN&~>RqYd-Ah!cBf=rPD{c2u(UnC@E*Y{<9%5tKi3b72rqz{-g?$
zHDxKY{^w_m*0=QaB@Z_q@%3fzSD_;m2BqZy?j37Lr1B(PN!}n9<tT~Nb+=NKK;dn!
zGWqo}@x0d0$L<d(<KIsngTd-_tkJT{t=BK>YNPD-+Zo+q>tIZ$hE)ndL7unIvw?|;
z<hl6Xjd;~NxMDusd9MHrS8mbhglO^@WPLrG=6RxA+D%yGHRF^nUrfq6jGMRfyE`D5
z7JaE1-SVYGger0P!VXW5zcZ}33snpjQ1ut`Y|(em#|wdQS%=wJu<S{NJopJ-QM0@i
z;UMuaE>G^zF4TJ?PUjYqkwYyl83Xr!RmUE0uXAA-iP&{aE@It?-2N!=n+P&s$4Fqo
zhGS#F%c^dy+J>Td-8nkk%1}16ule}xht7t~6!<$om^QRSLgz3oq-flo6-}2wnw25E
z3*OMO=F0GID{jtxa$ya$BUr8W^tiOlS{4@k43i)Toz>)-Iv}2Hv3YR@mGh{Zg=zN?
z;|ekB=pA&9{7U=FtMLYI`2=fHZ&WmWfDaqSSn!wTyRIvmi?a5+@x>CB7T<lf4^S7f
znsFZsn~~DnqUB)B_-m(~N3=Q(PE^ifgNjuT<*P1mJaR&*(50ovas4ht3&$af6A|{@
z0+}X(CUS$aawJ9qX)=)Ni>~No%h>q7T!rU+;eLcLZcjvkJ-^*5kOvM5p(ovIgM`hj
zOeOxe6s9)Av)}VoZy`0L=DQ_WpkDC2Q+GpegQ+o-xA&NjvV|)vbhntWhhrr*(mOkx
zO#!0B-LTfTnH%;qfGCA^&&&(n+k5V?6)=jgciu(H#XOQE8DZn;HHnGybIR0uR!I2c
z&T7mdQO?z|Xb_k21x^zMK+rjYLbY)wcw8}XIxj#{^{Geg8ZE_bq3Y_j{Y}P&Gq|$@
z7}bxD?X(x*UKOG5k=r+`eB;=^1NQw+PikNd{h?Zzd>hfj`CP$<sV1h3qZloFvH=1F
z7dMI3|G5DAhP97VVSQ=;={T9ll!m0sD;9G*?x0t})rOsKK9jRj<!d)*XeJsnXe9_}
zi@Gc77n-`!u1&gHTWTxoz6OZ!uf&nnY*M~;h?JbYL|fnZ7S4MK+-yQ##`JT#e>7W|
z)2R9-yd__@=6&>jzs}Vbt5Bd{#!*W$vh0sco|ec?(21_9eUq>TiL(zQVL+)q5%~ri
zn3WNc)Zr~#%<F5}aF_T=Q;xyV&RAU+Rr7u}vzs;kb{4*vIOJSJHupvx*lc2-w7Bj&
z%!t*{04^-eMdn^KFF%`$>#JVd)rmF0_!M)2W%rXD;}B#xid@*iS^1mDe4(;<;GIsE
zMxm0Z0)1%aB8BiN=OMHqn_vLNc(@w)ihzJ#M$r5+U%7y7GsyN<P0cE|saa9(w|a}G
z=g(Ah4Ic&>e7i}CBrAEkW@v0KRet^T_udRLxJTp-TQMCc7iQN%)zF_QY5h(C_PH-b
z>6;8DQ_T1CvN*Un_-Ieq+0nz|&iD2t7QvyfYlN|@4K?{xB3_}ET46?{olwI#CMr)q
zIzS{6%|gO#V7OyX7I-1(L)TuQxoljDimpVZ;H)lIgC46zX>SJ+Vpf;96<{L`*4ziJ
zPU5@nof=(4Nc0DBc)o85{4;mJQXw9ZSb#I2{zs}Q>B(U2^<<iEe)Lv?1sAUH-Io3c
zBAEE8bS!6#I>hZy{GZOp_-e-;&7N@09$wLcu{TZ84wn^N{bvvI%f7F_vxf7)E+Ne=
z8QX>swM*826fP43YHvx?9SNcVOwb1zu_!$lLbL}RU(;HVaEzs=X5H7qtLH;KZQ^S%
z#rk~}L&Jx-eKf-M<YBTthkeQvJ^EjvMjQH}8dxzD6?=O3gOf+ZWnn@#)>b+tTRZ0T
zF?)jY(3SIay7t~QF;vCkO%k`Y6INhjsPQix&2CVsD2h7f5EUaCS5y=$H&tU(Y0P}|
zW)!Y6W%yubg^ju6pZKlf`a^9Rj&HDx%*rYTg!a!UR$>4C>_Q(=hiKT6!@Xh{*S@N{
zJEGE5yD>#`70$^^w`Pf{6aUi7>#;^u9Ii?TeeBm$c!K+dF-1!J<Yx|+bG|1<DRRjl
zMe@EJ83A2(jGa>T+ALB%@$=F4I=uW5NFEqzqk9LDi5eDhuhiR6qR@t&yL0r>zc+IV
zvG$o5g1a=jYYaDECDuJ<h|`o?@B+%UCASbq&Y6WY5xqt<WP&3)>{9q&?Xi+f>@*dz
za<QBl1H9S+kAq%Rde8E$3G~PSmjgLBLU?V55J%th*i;en&V@zXY@~2=mYte}YJ~fA
zT13p@YPn6E3j(pJAx&>t9L-I`XF$8s`V4u!!3&S|huiB90-P(g!#06UN3vR7t1{z)
zh)VQW+M@?ll5d3{G|96w!<RGE7^OwRY)Br-bjjl=L-;^*r@zlPT6d=eyo>^qUKva{
zoz1$pVlfx@ibyAVlaBbv%#Z&MEwf9D*|eCt*-(OZ^|&uwLM2=CSK93l{av6)Y8|eh
zrIzPzHb}S9n&oza54gYrg(y{S#sShVZi=-gc5-G{!RE4@*{DTCKV0`6S-py$0GpN2
z$=7aZH=}L2K50Fzu8vn#%nSDGUwUVwj@52~^xQfbm@-NoPq`QV=;4)aKeJNyvOGdA
zG5Jjh35As8J9B3VdP!-s*`JELdT|d=keR-|_BEI^m4LsXW8?mo7A&@E78MA-uslPe
z9&xZyqQO$CQ8Eyb7Pg$-nDc3N5=_gR>#>Gh5MQ!w-AHvC?#EBD$b-noj9ej==o_L&
zGs{tYm||W|!(b<t$7EvU;t^)nIAM<xZM6()r(NJ~`@}i8<V)nCvPkd$+6g)?PeJLt
zwD%`<b^aG?W!Q(fO;<>Sb#t-1%D)9vDWQvHE!o8I!(`U6IwDGR>-w|+2N;olE$GvM
zD7iEQu-aX>gy+HnCjjoe;YH`@v3tkJww^PrvRy0_lejz#d0@dt6DY#DP-W<A1@$iZ
zP^TQSl5R2Db=NU)1W>ef*$lO@Ea_o3$r~sXEyn2yj<AAIHez@TV|!rCm_rHVYPdLu
z<R!TUqc#%w2pMN=3L_vi#pC!Ytxz_`oBUYbE8H4nQ27K-V~qJobiRLr^w~-&Yz?ZY
z43F)Ci)CQ2f!$<Ws?l7>m{rG+o6OWUDzx4xOf}m6L&Mtb^R+Foz+$kGD^6NT4v+XU
zFr+yfTb5gjhc$Y}_<YB{;Yn;Zv0*^pMnyeh42~Bj3U;p&dp<~o26S%xg?c20NXkk(
zgbtonbpx3XmO9-uTt?piBZHfT!B?ssWiLHcE;LB3aNZ0UypgS1xIuXFckuF2D0`>t
z+d#u}xSio88xm$Cz(-X|_6Y~^M!?kgoCCH}@G6R5{ga3(nHRx1aTW^Vd3He^m$Iz*
zJ~p1RKd0Q!7J4yJDM*fog})h@?<D_`H7<wNYNnZv0!(F4j_8l%o(wOvC;DRI_w){z
znyh0O8L<;H2(|Suuwz|EV_GvK2pmY-&lr4a5mAkYSZMgNC*$}1eh>d>!(Wu58ww@x
zCJ*0ZfznuqDI@#z*$|U9i)YDaQnKR2qbkyUcp+rD6_Ustyo;PbS+LM@=lxd79hvu}
z9hST&TEMJvEh%dx<f-&tALA0XHumua%dvGDm25Rf;K(`1tH@%}lIFs|4;&@X*^^`q
zREyZWjx<e37~*PhGS?yIS9fA1<X{%hkf48q?E*e^!!c@<p(-3_DcU%l{6~YdEnBj|
z--7jkb6_NHI&e<A&mBXxr54eIIt@9fYjR{mRg)%7bx$+m7X}4l$UlCP9Qi)(o>+3w
zAaVa148fG|XBzp2F-i0ZEt^^>EeHLvh4<qOdh}8#$&P$a0R?8|&Lz(|0Uz{E)Gr2S
z^^@1+L-aZm(R%P_0-b|ZtQwPlJ$P~ayTak<sZ4dAymX35`~7p>!PUFb6Fs!uv|m?U
z%#Fb+X+xfg1HM7V${pHq4m-&lqkobHv4Hj4dC*+}oIKGigoUN{kf@Ui#yDnF;sGiS
znE()nk(U<^1J{<v)ynnlEHy`;c{_V#lc@jbb*7yL<@6>HS5{1nCSi>zcoRD+Vi129
zI}RHv7<6~NLY|^7t-)*l{27d#6A@%B$ii@BG^Vf43L2d$XJN?9&fyZ^QnKd<MY9@;
zoUBr*<=aB2c0OG~J_Scoen$SZGs&EP2w7Y*6kL18Jjd9PG+0;)c0ivvzdtZ*bru&~
z$zoEd(T2wo*%jiN<23lq+c2shWc_AJ%xa5>Tf~nrx*8F43fE8`2>lG~tDMiG$732r
zh0o(bQO0tOazhz&R|}?aL0VH&059q-xu58z3#MnFv&c7N+5|%GOg?;StPQ+Ynu!FF
ziGA7`Q$>zJqh3;d-z9nf7L;6b^2K(CWfAn`=8d|BC+}pqsHS8Wq+~5EQB*n&Cs~t^
zhb_kK9x5`PF1!IV6)Zt8LTh^#R2p?dS3Wai`Pr`2fE%;dvW}71JXra}LRlT)Lto0E
zN3C}J*JR#pNCMprS^=N*G4ti`zNI<t1O@Zq0kO|!hN66(*qy3<MwC06BoD$WL1@~5
zE_3F1N~iVahi-OFvt?77Dfwz!6&uD4CAQ~Ph$#64^=C)6mdJe64Nt4>5ZF6L`M$xv
zS~%O@uac>=k8A`2W%lZpS<1NaB+XP}D-B`rn9)dDrqq^qt=q*$2i_Aa_63~c_5>Hv
zWQcU~;Q}27J;}?G3>?g;mdo;LGJKOwZJsY&_5NT)No+v7G`7W{LL#5GiRwj6LoxnJ
zee#Lk{VaU)_$-OdQ8sa3xO}pp`K%~$Ni9Im3#zMceFEU&2sGClSw6pLNdw7=M{%?t
z_dTG@H|k_nX<i+?p73xDjvlI7hM_J8{weO-W*CVbBkrY#LE1s*1~sCj5>c$fiUQJk
zcTPw4Xk+41Xl=|`Q&@0+3%+DvkGeFsiHl3B4%P5As?CABmhF!A?Je@$+nPqIp)`{P
zy_sp~q(dWIsYh^~<MA9EJl6-r3Y|~pBcrO!C8aLy%R#d;l_-%~_&_p0us?w5Q&M8*
zScfeQ>J_)B(kUO9**~FtIUEaqagdZ+QqxkX=!<hQ{8_F(%-r;WR0>BtuEP<+rp4%D
zoqx{@{MKU!l2e?FT8K)+Xf%MWjf=k<w(sjOwv`3W)BbMMM-Q5ywZG8AW2kNYS9M)j
z4qp?+(SvcKl!1S>`@N_n=;i&h!~{_4S~3H6*;H^>CmTwEh8V~~R;yIfS}q1Hd$I*<
z@;LmLyj8fd3~4E&%bRt|9G{gEwYaqS(e%m>9*0K~Sfrt)QPz*~&(9D?qra1^H7k^z
zb72~8*w1WH`8L{(0P|$17KAgFZf2suf?FF_oV4|Y!HA<&Ds?m0ERcw74ctv{<++4c
zd(r*cg;)y=moHt&10#%QEbZ^u<rFV*YXIyd7_XVwD$GMO!t%+_fZ?hH<qUj#Y~Um@
z8ery0V}VpUbF!Fy$U3+WbEBhAeuIlM?wASs#ftBIQdcb8ka^eVeQAF-sB?fj8O_Fh
z`v;Jy7<Q*w*u3TprP#{Ij<8=ZA+5rcb<nPwqxAjj?l0dew)a)Iqwx$$*PVtwDIYQo
zIeAG{vbQj4p`s+{OIi*0UKzd&J;>^>SkUF%W$-4G)FbEh?`T-6=wVzM=pkZ00bl60
zm<Ot9eBNj$5~9bTaYzw`yW$3nGR)Z6A?l|zsK?d1#i%$vPNS5#5<6WJK7v<);kFZZ
zJh=q)QA8;KVw;U4ogqGqc$!_#hC7D#$=>=knq*1;hu(x<2l#uVW9N3~Y=85T#Yc#1
zyDNdqYhgu(pKCIhuGpfO${X6oW?CKnhp~Nvr~!r;l*_U<s*w+x3Y|_SUZDeGNtv29
zZEP`mr`YL4?WMWV``PF5C)w;DTt?V^uJe*O)wUO*he!U3XHbps8IkzLe39tJR&rxn
zyK%4fG@G8|fmhm%3x*5Q>aD2g;Evw_4cql3H?HvNzN4ahl@F|zldNLhsrJ406^GiK
zGfJ&tbU?>COwDQ|eLISr&!WeHXbu}DUj0RxnOJWtHuUQHl6}Y@@o|r06)bx%9L{SC
zDmy5J8vcL{9F~);&*oOjz$3rtkLL56w??gZdC!?0*OUr(iy1O=<^kid97CB-Pj!8L
z^ntWm9{8eP!qCcBWDQ&A#5{)^VhT=EAZ{n)shYd*|IC~fefqEWDZ-A}6GTc2M}?kF
zI_NN26>P{&jfIVlKQhqRsas=6N<6f+JA63+v?uRLp)4d>2Td}rAXU0p`<1i-YrD*m
z&{Q=6FmAVb1}Vs7Zt1l0quYb&t~cE2am{&C0oh!Z{;nG!8ZZSKyts6HeslI^<g+RC
zMVRLbd9fCi=wzuvyjBfarJM!f!0R)N7^}*Bq?dLT(pO`aeWBD3r5s<$fgV=-w2r!H
zkXb9yfg5%!9p{3%lpW<fRdsKcvN8@eY24YWd}V;=K|ewsc5bBE!?28V3O=8QhhqZX
zV*cIr@k9V!@LFlHTDcIv`iKyx7G_ihR1vYlEPo+osWJLAdRW(6kSVqD8wyqUd@%*S
zpA<w7v0H5-$rWO;f}rVxT93E@xz3w&^>a~OgK;58{Ffd&2!zIjdV}jDJEucbD;LUQ
z8Zv1GC>`@m-*@Z$)bE-yJ;RMUIyd#VP88@Au{ybPLiWU=s<>z|Fz-Mc?g8*S=xvZS
zig`Y8cHdGcIJY9+LMWL*->36nio;v_k-q-i)W|ClS(Ubw``Dk9ii4dOm;ezGq)kwj
zq3vKs4y}mQ^+AS_AsHIO1n3&YrIW)RPK27e`q1V9ekDRbL;&KOkA$O)X+buzcvhOH
zG_YvHqMj&9)5!S>>a1#?L7u%rYg^-JlX@XuR9r@<H?td_;6fP+L5`mIzNGz~#CkIi
zEP7W9+sn%$Xj)}aRm&FAC#jUXJdiH+n633i=A30+N|L*1;PC7Nz@B26Imm0y4yU4u
zejVnHq+DPrPhYzr`L|N4KN?Ts76~pJ^CO7wMC@FJ|9Z@J_Akh*Oifn(&PaDEYzR8@
z4AmIl@np)J7>p@iPB0^{`oX$;Z-3npJLE2ZNgEoC7SFexA1n{fmG;CyTzul+JB$t1
zb2ExkV`X9#G=UyQ(V0Z*0xt)oG)QTWGN7+;UU8XnNsY*9J)enIx+VIj4H?ji6MMfX
z+YJh4N{h)HU*;G@@%d22u8IeIwKCQ;`J1hcO=^7^_=AW6h~6jbKcp3a^2Y(Kw<*~_
z^}3K0>X^PBb|ngEF#0l7F@KP(n1bBpadoLbZD}TSo=vu2qO;4B@x{;djXgkxGMhT1
zuj$)i;CZthKvvw&<voNEcu7Qwm2JHT+@F{<ki((%D*`;6gEdMy3ta_&GwIbFLRUxd
zlX6LM)rcI|Tu+N(<Tlj4^J=cty2qGBdD=+oost|oB8dgiQoH0>Hc<EPm4*;;wD&;w
z>MKOmTzs7G|61)t(V}XGa~H(j!=Cv*$3il&<Au_vEDU4wA)d%oDV<yJ)nva+e6_E5
zwy=mN3{JTqJLF+9VK}OcrstYCIFn_u4n<VE{~S4v9a~*9t$D=T<}!9Lj?U9csk(jJ
zNSCn_?IZ?T;DRmM&ER{Mr6!Aea~Fx6*zBT6wNtC)XmMV5bs(4g>oGAyakA(|vlu1q
zp-U8}w^HAW_WrJMfyFq0tEjIf5auo{q35rxEC>0$97jq{8{ElVE&<+ZHRwlv6DcUl
zY!Ftn|3|*FC{u%EbgP0T{#lu}6YKgR_EoCnjZFH$F`KMW#~Nchd=pCGmhL_0G-!VR
zf=yTDRP)h;`nC1E5ySc}h>w2Tp{hSRw7`ajxcYb)r&~!zOZU2odL@FnWALt9BvhvB
z&q=`c2q(<b_j;sxwOj4(aw!MBcbkFwCz@sH#F>7lwFPWSOL6}zwWf1t6;{X}_v*b!
zuL&?lq4FCmtk^^YgI2KmnLn|6F+0-8PxW;~utu){bxmko8hT!Ijh`#ErWKsE<UMSi
z>>}A|d51B?hH8;D%P1u<Qv0n!O0k{1p3RWiA)CC-hlp#=(@Oz`VU3MGd{?(7ioYpf
z9_mAC?Rn%h$lnrWj9o_;Kya_#MPos#0T9%cTM0Wo*_cnZ$4tect01+N#>DkRjZot?
zId6K%nsPpV8$746s2ejSo3p%d^5@Y_k0RqI#~IR>dJR3AIp3>4{~R7Pp5k`y?+t(`
z!aoC<O7kno;6_W{fH7VF>5pe5Sszr>hUf=*!gc!Ai@y5Ld3(O)&a!lTO(t!xQ;Ndl
z>73v9)en%;|1Z+<4Mbe=%?AQ%u!I0Y{uk-k8Clt@nb|qo{tI^g8|Ga3+Nd6OEZ)6-
zq0{7*M@>;6IU5C(|7p+Yhsz`m#Ao51zOtX8YCC|!<Gq9>&T;wv(508{9l^v#nRXo1
zxaMkO*se|cy<+Y5bBP(U`n{$hVH&fBu&^=iMDeme8~1AN9RpvJ$jqE$_qnHIs>?j~
zncbsWe@&ofGh=NBkR(Ul&Jpeuz*cm<O1Q?|Wc#+L1-Ygz+eaGu8?42_4u572=z{q1
z%pV&bpm8tw@&5`!60!N?CQ$|s4!@-4#-fo!?QMvz6>V}h9Y&&AcEhvGmN3*MA-W{u
zE9a&=z$1)%{n9nlYJl{Pcxe|z&qsmKcvT>{t;WQ*-zRK2lPM3y=D>@=&bGrWBpd5u
zY&mOrjdcC)pw2Q}ck>zOmcH`7MACMy1LNtCd1GqgqU(AOs3_&y=_c20JPQeKUS-8U
z+7PQP2)rZ;MoO(1XI=o?<QQD-xZr9ZCvFS&%Xws|(j;A4S+SmTt#XilhSRMwt`hrd
zjGe~}sxaaOtDdKEmH_+8$Xc!CAAqTZA@VOckDwtHvnxS~-a$r(r+1l-$|of415rZ%
z{vP@^dlI*_>*dG(JxZ;Wpx{qaR%mEp@`bv9#hNj0B4Y~sjU;MZY>mDSh6S7fj)WRO
zl6@u?SpF>2PlbDV@bP|fvdb+M?j%1(o!VvU_(k$A0zu$?<!5hw_NV`Sx-crXjMNx;
zxirdb<78e~bJ(#$*cD4Do9l)QI~;26<t~HIeCvdZ(2#EOxd^^Qn3NzZUTo4Ga=$G4
zu-IgCy@8U)jbqTx&emSFHE0!prHCfVxP?%3VWJG0hnsP7ZI2H1gmo08{$MOZH+sOa
z(c#=sXe_%ut^0hW!8B0Z;02Y?j9kTtRVW)BQ_1Tm;NxTE5>6il$pa0YeQPXyz-mj+
zP({<|Ox(Htr_PR34EVmMm_lmOu5ZQtWBXUKeyX7F8OLfc<D~#EWb_850HG&8Ge7Ue
z=)0EVb(^A74FE3NnsjXEKApz9CuoqiYS-2By$1Mtv&;x-gt^xJg9ZNab|EOwYeD&o
zlhRZQ9;V<*0t$~ryac?kr9YyCodiq{1|{{ms!DB*wodrRDRQg~m-rn6$kUfqEa}Rt
zf5(L?tarlrvb|Z2PMZ<=s{4Q^y|X-whnZR}qQ9vZRiE)Xx55&^9~1~c@<6HYr7+w`
zgF4k+Ow)LU?+?H8qRoXp>M<1gNhf&rJWllRe35vi<FDafi)p&XCPz5YIwhI*Ofu5?
zyf)C9ahaI^EB6<ieZ;|4n7Gp$t3d(ai(ik(s4sl#9-k=xkGJ<nu(?TvMyio-pI1YB
zboB>4UkyRa&Q-hhMT2^EA2be3JE=xk0}xC?A4!yrvc(DNz7}N~=rh=30Gdwvxd2iS
zGnAODCTdZ?)Oc+cFSbzKzta{|*XbrzjHD=wB6hsgtf~&hzzN?+mIRfo2478wJ;17`
zDX!M-C4g_fj&I%rw{k^W-M=2B!J~G(@W`!WHe+Upu}FCK(VjmXaJkrhnM&qxF#}qv
zzdZtJ-MWfXwPG%dt(N+=3QRn-YDk#Owo@yZ3o!egezNT)-Ax-F!gsqmb*e|50`q83
z8V<l+?4FXjfw!*x-BhokOS4{&!dIaVK-BSG=>h#E=<#S?ABy|Twqr+UxSe{Yp9R1*
ztL;*e8h^Au1h460p+Y~|Hb=PSDD_NF#pAdfdKb2<uewU^vF<5ctt#oPSF`bc#<5yi
z*05<$8||7Yf2@;xUF_bZiv%1eB%E%W|Lvv?RWaJJJHE4*%>rmo?0?_jst_Jr>>#aG
ziI(nEwc&U}s)xcMLeze7I=J66#R7C;_w*ufN<G`vF>YmuiRZd%G5i0ojvl<7?SHO-
zhI2#orHrVZ2H-N*ytVb!yw6K%D7dO9iMZQ(#k$L?yX)0;C-wZFlvkMpJ#MliPe8rT
zPO3;H({1m>{x;`-`a$z7ENYjefeuu4)3YvEvFctdRCdwjkT=`KvMu{~lbz(Di2&`n
z<EtugD^sYJ0eE%s02utMU%IuBP1>eI(~eEodxi4@vh~8AAI6k47Vw(?zgPYKw*@!p
zb6qO`>0U724u8Ubs-9QVxghXNX24r~wT6V9$0qyFjs-WlLQwxJ@pTXU4DP?(-qzXK
z7nA>X4MKk|z`H4*3g1>sU9;Jb^a>XHc{oLFZ9;>jrh~y#TGkIZAqrM?LYU>(r*-Td
zjY4?6A1Elh(#Wpu;avF&-mq`oiRjl>)C=gr$g_4Dzct7Up5if19x4KY><eJ!pw5YM
zaoi!sr6rmesHteGUX?caQ*(3hUa+B*W!)<N61KwW;qO?mysW39$e!s*&*uc6cJ^Nm
z%l~mC|BplYe;knH_Uf0xVJdc2^eWr9y#p&ilMo8Wd*C^36HknD17`T`6GqAb!3O=F
z*=PzQ++4T)vFHg$h8oMk&JCE^rvKn4M5)1;jwcjLeSDDVZf6wX;=l-gz~%NTT<E8J
z-6otGLP^0r!JH7K4-^~|Rlq6q<p1za4-^ak!Mi_Eg#HH)ZQ;Q3U;NO2@!HCWGH!zZ
zg?n4mKr-%q%9r_jA~0M6DIi3H;C+H9?3Fmu%no=;I@Sb`K{gk80QPdxoP&4mdp0a3
z+;d`Gb%#L|_D$c@PxqSQ_KzB<`Ue>I@DyOm5AbpTNMkTk&P=oy!qPs$20hAlZAFe{
zoBuRmQ2w6=EXx0Ba8ltqcDx%8?aJG@WoR^qZl@p2Z?@MBnG$!<-3#6}QnjO6*&e`E
zu|v4*@G7{fTEVe`(;4EN?Daxo5ewO*KCT-&%l|u~2m(qyx#~itn_fmo%l)T5Ic-C&
z+Re;g%Pw)WAZmrD@&+M$l3-mE5sF}3xlJF%%#10a$d)v`3Epb5DQPl$)G@wAs<n_H
z!2g$OC4!WRR_$ThySazZonyg2yz>9>tl>@a|G{7ACwF7tz*ox$L9TFifUntQb!=c=
zCHlfC8L7uL%_LFL1_z><>2jyoNvo!%lF7HSZw)yt#%oy1b5FL(6xF~%sHAL96<+1B
znQ2cLMPKc627kGVH?AfXU+GJyqz(v0H90s_eMn?A?VQ*;yqP!D<CV}dweoXM_EO7o
zCiMSX|KLv9{*P8@dl1Lvtec8f-SpxsKke#3uz%eA<Aqm&|G1?Wt>KMw>)XOWOMeUg
zAyxl(N~&c~W)qJ#ydy^7nITRV)qp`b^M>l|XcSWPX&Q=$&+z*&VJ%mAYbjSlPG%dW
zUfocyr2USE1Qo|e5_fM_qP3|_6%vm7-HF=>!prPHyXwK(AJwGm%c>-eUj5O*Q`4th
z?R{iePyrK|m|kLU<;@I@c2tqwjxGCwEnQaEj$eIC3#wkL`HId`gD^f&5QY0u@@^i1
zF0xD<(@o|kyBRNCKqR@{4X@oKD9Ym2Lyz6;3g;``|BI`*4M94vO?M+t4kQ%pA__~<
z>IAbdfRLLECrL7735G<)7g@R37~V9z{jL#nWPk^YMQ0`$IqrhEH_doC6QOCao(zNl
zfhJjQ&+)CQgyQ6qk>qT|_0AHt2+O@bkPpVAhis4PjY+2D&zhG&I)%hRqS4|zNoEVf
zP{}jqc*!###dE;y0Dr#pC1aZO<zG1*%A_;KxFb@>mS@RBDv{CILoQ8@7+pRR!m$~|
zms3bAJzg<?mXOl}On27e<G-Jl;X%AkDt{$K3SIJ`;l;<R*Dl~0@f_TY6M1FIgrx}-
z?kiQP<YGjCpH?}SE+L%0ixSyH2Taz!<-q>LGvac8sZ4}mRrwmd75D4^NZ;Ta3vmiF
z4aFX@(|KF6fM9DVt)A!YdDd(h$F?SqdI~43_xZL^q;V6ciHa7It$Q2DN7r+Nk|01l
zfx@VG7agwq_{bDah=Hhw6~0NqLySpxTsn3#mxURoK@m(LisFZ}v$=hz?9VVoo*YR1
zP(IM3JhQ%A`Nbmn8|lzFFADHLnW60;p_l8|;*-^K`NdMw`5+sD&R_jiAm~(kdv@U7
zY}4Ch9(w{FXE&fRg9!UO8T`y@mpz(b9XS#}vAkerq0!+FC{Xnls{vX*3i@4{c~t|+
z`<4*bDB*s^d%gD2`0WpBo7`i5{7|F$!{NP&=hF#D4aXU=$hV%1^aSiE;a=3NoXzS0
zCbc>*ckmRuu7e@nYUXFx$FXzd2vS~e?R%eX)VMziXrBemFWy+MyVo2T>jhl<^e=xG
z-R=U;HcyV#Ej9`rbU%0B+b<Cj-=+e+Jy$vf`?yPUn;nuJ)~vnf=Mi`~$8_3#yEm@^
zE&4yMtDROiw6Th{10QpJdAL0~uhX5ue)rGitKfFC3>W?#27NvaeR|i6^#)$6?W5tm
z&$5><##@Uk5_Uh`3)P8?ukXh*Ur(3Ml+BOdufel+wL4wbtGtxu%{w*gZ}0Ql{C(#l
zea|;F>pZuBtW!>d)*bn^o{p+UKt7>D`L=uW3ODzv7ia!90e_ymg2Hz6%l%c+%tnxf
zhK489%Igk0FQozDtOMJI=WcVK{wo1Py#QYY<=E3_VP}1}zvj?&yHGoU!$;xf+SX0_
zjp%LF-@WGv!+l?2-F5_Tz_#0O&aBO1f}GQ@`F6qIucw?@t3BLy&|2PKyW4dO@a?E!
z%`1f;efoJl_?5Tp*PGI@FCPW~Y=*C;Ot{>XOh^+jgzp(|$U94W2MyQ-@mm04+;$!o
zARgi_N4EZE=5+M0yyT@o4#%9s&bBL|K-V^QOzc{pBrY)H<z?VdE>L#B8m{Vh+#%&C
z_e0zY{!@Ib{SU?lL+Q_7=F6)W^BHaC@0*t2EuFC4CreK?w9xSwVddOs`5cUO1wZX9
zPiL<RE#3j;n*w#u3cVnNa(%PbL9a_j9XDlz^Mwu$5VyPh{aIyfe)+RYXRkW(95%Vh
zH(%mio_$z5y(@z*$}#F#r)O_&H^!Gq{r>HnKT0T!<nuGSum19B%!LJKdbZnDCn?gq
zZQOZUreIMo_|WA0ju8r@!;R*2&hM+M<c+rTK=Y%#(FyV)@GI$oy1L_q!y*V}zlHI<
zarLr(+mi<4fFUDKU?_uTLJ0p7<@%g@o2n=x<o#V~wLCAhNuV<GtQJdH5k<m?<gR`}
z<P51THV?s$wyho+8@G9i?z-4jMFeTXOZOoJE^-&lyd*IRg^Sb3*^{T{EQxL`y17GI
z1kqxl!`i~kVh4%V0rR_~s$jNsMyG`qY7zPuvauRcXTFlnD6Wg0abwvY@m7M_MM;n?
zByXMGK7OnGnj=jBGNRISFY3-RedhWP;^ljyNherVh${`$j>i1Iks|IBdgd#b;=d!z
zKB}%VaFCIAullU2ELeeG5ITEv$~ew6ST6`f)~J_p#g2<z#uFS*yvD?v{ixoiJi_OZ
z;$g!i5aoK9Hfn)1ag|m)_e#(*n_#+=mO;6RyKS#9jR1XNW)Y>JW_c!SQG6SYjXjeP
z$^s+f9uPEPnz7QLh+<m@5L7+ks&JZ1NFrfeRAY5@RCk6Nz+;>ihI(WV^f@*fpVP1C
zinBQ5G~|90y6xqJ&|Kt(dnjBeNN7ng;RH}?iYgFP9oAXh`4Vxor64xOf0>$Awy5UX
zLI9k6^wnOWC|yZb6zm5cM+8=iLJ0m?5olX@4cK2@x~h<X45a8R8g(C{HsHfr`gnNT
zksPG6AHsAHnFI+lw7e05d^~%*Lc-sb>*2`mTrE%<{%Z4x0*nagOC;a2qr2aXd*iqL
ziQl*bcEYq0cYI`65ubW+m9M~dcVuv&Yf5fKMTA;wJ&M_zXSr6y_DiN>JnVSJ@^moT
z4sU}XYEDS2cFE+c!Vpe|LjhsGxkHg#v_~SXL{B4d5EeS@S_YfW4D}>+b%8y_0CM5G
z8z`CXZONKSGlR*<cnS0W1|#2OHv}6t8ZuPOaYM~sxmvQwUrw%JBP6<G;}9PK8js!|
zd_5Sp*nhYcWJZR)66GC?Tot-2X);=fWc2Mmn59Ci7=UZ%8d?NVs4G6GQa+<(g(7Nk
zm|~;%9}=etLZd3$!Q^`Hj?1w~idIb$px5+9(Ju4~6SNq(g5kO_mwlJTvTTf?xn4|?
zda;r;yH`!-Vb}B)_d;7r27>|E%f3f@BRX0raYo{GOi7wG59G_fWJ!$}Nr`eEm$=8I
zUjZju`SJv$)1js95n5rsU>WOz$e}`E0)!)i;brV$U}Qg4Uyxt8>o*=T^zTAS`Ee5q
zSi27WL*B*#*l88nj@)LwCJo69rpu>J$%%8agA8Y0k#EP*7vx5iJo+T|okiZ#759GW
z5t%7;1}N@@z3JSyN2TvgWd?Xb|MDO5o%9fkireG3@|psJ9S;d&Erzxx6o1b@62wwt
z8ah@D_Z~&blDfdgmDIpS4balspx@HFOFw3xxa(!d1p{#6R6zxzZ!iKpmhBq4)0SiN
zmR)J!9@Dz&nV>PK8S@l|FearOu*5iLz;NpMhz+H_`6j_I8yjFU9;rMuYMELT9qSK(
zh6;70h+UZ94YU<ASEipO-9fXy$+y%QK9PFDzBTKzh4@RrKspV$m_?EE1TacqRUS`J
zG#)^B#Nf8exHW$$fy}VS-(MijY1s9c!kwGFh?hIvm4P1PO;3n#N^eTr_AlNc2zTU7
zb&M+(7LZjMMe%qjaFr}ws8f)1jT~6iLKCy|anVR5q&z0-Kp$BL1x}EDVWIz|US{M|
z3c=y-ut-2h@w<_uhZ6&qGh68|kfIL`V5=N8xrf|`!zcV`Jl+sg@ewN&@CyJeKsG)d
zBHWQC;8ak*POMxa_B>88r4@9tk!<AbwBnO`G)ZQq)3+cgQ~l1-o<2>*?5x`J)evHX
z{0=<Jo+o+^CwOaad;$kBEYO8<UStFUy4iOjs8rK)6Q$BIB&pL;mQU5o0uTtdpVG89
zwNk0eQF7nt%P`~)j-FoqWgqc#0<{=;OS+xMkC1ud{zWmACXNKDy)`2ml8yF(9uYYn
z#*omOqT9<Ajn@%vnbE`=W6O7lm;gEV1R8~7+n~0#0MPcfw~2LPo^a9P-90%TF3f78
zdT;!%lUzDT!F80g`uLh6aT=mudyt@Ld0(8y`C7upi4uK<fSrA<yD0o<<zo(4f-pQ(
zD-4JjH~axwr$6ENrZ_Nxpsdyvmgc{|2Y8zaqa#O%G7MwM^36xaczko3M|qmShR6sr
zUa^;KW?@;2$u=?IA_&~N4l~SOfP2ogh)GpXqj8q2^bHIQ9C%;a#M}ZCL8mknv>WgD
z6B=8oizPN%<khM4f&TVjpPi3axTqw&wQp{o)4hQOdDDtW`mQYZl0>QJY+viLRC_&D
zVibIXZN4nGEE|*d3)7jQ1;y<8o<u*ay5TKpZ524;KmUq>zh#UUqG>&3SNznBFHxIJ
z@5`?^Sv=#0H*NSKuWvoO{e#6YMXPUW6>s_X{zD*i>)7n;7?6I<$hg%W<z1)Pfc}e^
z`YTT^YxhSL!otrs&DqWTMnZT)9IJ0{JK4VQPNI82y33v@%pPItF15JCeW;nfl7Nb`
zk{uj;Sg$L@jR+WZzCoTA9u+v&D62|gG>X*>(OG`;#?)9xL4VWEh0h)SPbp;)cwQyS
zh^zHh7$b|-GIl3uTP0T*uH4Q~wI*2I1gdZNMw_fHw^%o<{jk#F32VbkF+EYV;duEB
zW5#7yCOqs83a#3*hHAfBGuislRA2H7C3j(iCVZ*#3=%}6xXK#8m$2L<`A+nM9lkFt
zE(c!GpOH{Gv;)<fG5$F`tK-Eqoy|rlf_x-#$e#^3RM<XNb@{s{sn!VUvYR+oKr?n2
z(*VL18N^k&b{Prt>Y!Fm*;?sEM^ivIWckaqT{>bk0NxKffhpaL+Ibp|uWT~OFrZVJ
z1|QGXDigQqlqkeXITnW;)QHS-Xbv{8vN}3oFA`#@Q=I0Ap>@kFs_J+a{KcUXDMFU_
zSOi#;d@{7ZW$Jpj84Q}da%;d4GHq<<TyHc{6e=Uo>H-W`7FpZYTZ}M5hlOZapa&3P
zX4qpYgcjW&=(?Vj+OeX^fj9k^_=D@2yT5~+_2h?%w~#|FyJ_96AbYZQn;FeT4xYYc
zj?P=4x=P$u*SSBf{Jno=IZ2oZ!X!np3^&e64S`OpCpfp}OQipP*ogONPlZLuq$Z|9
zSRhGz0;jl=0V+bA_WBz?V6C<(oK!p&2I_H#iV)7vdY9T$OAE17B;nlmoet^9LqK5e
z395*F97rT~d1)&(s+)-mZLaHAzEhyiZ)cvyY2uX$a&-aSci0rOgV{A&Of%y2fyEg?
zGuQ;oCe!YO?Hci$>CK1A!oA2-Ap}X=V|yU`3Aj3*^r?~^@p#&CxQY$M)cR<BwxKoY
zbf4c?IVEYlczAImP>tmiswc?m0^v<&%Pq48qbEn;=Ye{vrJ_0lbZxwMrQaf}%i@fr
zkASxHu8a!CWVrpQEm;bo&v%`PY*6<7o2@CJbJEP*J6Z-xE>f`N2hI+<wykJvW(fFS
zp8TtBE;7r#e+Np!xEKyG*=0H8?xX;>t}b3TBU5y_wipW;l+0RN1|WQVR|b;cnDQ1F
z9wqb;P2^BfT1*kgb;%|Kt&gFLBp5Wtoh=Q)vw4~xGQVLr5!jpfN!?T*AG0w5*e^ZO
z!MLE(l@7+@Ec`y8i(Uwe19qF`T(1<$ki1xF18gm-jMl+RRv5dc9@!L#jx6*CL+Km2
zWTlJ0okA>b$Nc|*lRBi#_aS#76phyX5PB|%@0lqbE&Hc_XY%Gpp&XPOoMnVI@gES|
z4b>A*GJ7K;0&7kCqu>+IC9=FZ4*1|KAV1{b1|#ybh)a$WEh%Z^GqJd#gB!saD--%`
zy^%t89{^8(8)^FTd(d=$z&vRLzNm8f&ba1AUjAaX2Wi4I&Kf>;41~+Zgny<q(H_dN
zw}r?T=fZRislf4v&t|9q`FYEq?eHez5gAlvdK(YwBJkYr0-X(#qAJ7hjt~nAq@qsT
z6*f_>XSL*fp~%4LmBo^a-wQV=IP9_pE*ppkqL^a<n!ls`Nsjmx9QWCATnJ51lH)<F
zDFrnX@AO0H3g)C^eEWIeu(ahek1XT14V@_Du>b`Ac{-0%IDmQQ1Px5+&Iyc0(kCh}
z$uF#h*r?e!0RLh2MvCWou6g$Ehjs=9u7F-RGU?)IIDN@qTBj70OPiP>7G%a+ggW9;
zi*isQ6X8h{q=<5eJp=DS?yE#Q5a1b@K(nwAaI1_0n=zzT6H=jx9OCuFlHIdR?_D?(
zxA5u0*sLE@@kWCC7F$4y_CNwn&p&7hV-x>_m$kgL6f|Rdk9UrK)pv*feJ|KQiih8L
zrZq4{dqNu!=h0Ep!DI;e24r!zmaIAVvc=5C#{9Eb?}#lxAtBj-5aL%}2TSlpYm}r3
zaxe&XG+g~AR?S4C&ZRvZG?=VFRs-@_p;k06;H6_OA7iFCIc<3;_?lz7Fm>`ou!}OQ
z#s9`GnA$^XUCEtLNaphpr*6dYP+l-FuT0s3^Nl?kr0C>_hkdDz2Orh@wOi>Dx&Z#R
zEh&&8D6sp%5<g@RDKv$1PoWGJA*mP$$MNe0ZX90u$7L>P&zgGa=abL{y!)BMwHI4E
z<*Ql3K_0<RqFnL}OKCd!j#k@~L}9i=?%p4wiO#14oP_>?*Ejg`kdV*6&9yDzgX&%z
zDTtQ>5sWL93M=0H8xP^vJA@WP^uQcHd`4>uG1R3WMm!ifVZFtalI!|VR(8)mCE@%V
za#{WFu-zGS#C)bOYcc&X+L2kHVC#ECWPB1BovSAX4YpSz`IZC&CR30c!7pQufsi#~
zJ92k{k*Bn`E+M88Lc+kD@wcqzq4bEFEIuw5WX-?PzXk)*UGiA|T}NuDH#Pb?BPX?J
z69|S&kPdrrVZ`=B5MUC$A5#-R3(Y41dysyIJETeeIX)#=LkcT^3G*wBv#*#`h2Y9>
zd$e%(XXJQO@IuKgLE`ITpFrZ{zW<}8F?Kw15QuaTDth~8G9t!F|A=<tO0?7B<gYaT
zAYQs31l=jn+n;Ha?@0Yhpd;|Z#0PLMI<TuN6_77F|4_=OT(>3TN)PYw7INa7T)6aQ
zPe#)5*`$S8s5;X1$6{YTI*|KgqWQwpN{<KxYgi0+Z0;G2!IOm&Z}9^Oyt%aI18~W~
z<0r<r!l`row$9@xAEWdohogu-vLaasg``Im-<GUILME$DATR_pa^U{!N3&Y*gOm<7
zdfro*^Q5l)$7t$ESe0C-$*lCw!1%Q4xTa5=V^{opHyWE)a@;-3PQz($w^T5xJsFL-
zhG}<$<m*pzhXj>mlKM8uc(N_p4LnZ)4syF#G7&9$^nlOJeOZpM<IozN_Z_;&qHh&%
zi%e<R^YzDCx+R<h{4|=M*&A!ohl=mhTr*jf0W&^VgWwZlJSxp7N#+sKSo?aZTf^^O
zv)X~b`=e<L9#bN{rpQW7@(~}g=@bE`gAw$At{J_fDI)>wb|31mQ*zjzhQlYBJ9JbZ
z?G|tGLB^E8>KsohWJdc+pb!U+6e>uwgP|UCE4*G#6%06*c6I&m{K>7a=u}s#v$`bN
z0ZlSeXNS-3C~4$gqlPSmkup(?YyBm$1O(X5U&VThq500jiSVGEe8J9FI;zq~30<=4
zi}%inj`36EOIxLlO*OmmP`6aj3$hq)kDB!wAoUI3>7xHwU!3dSd(x<pyK369P(sVa
z5Wo!<QpWoT|I)mO{W8;%4?kEU4tA}#BnX%?)-E$qGOfq6<u)Tm1j@lVt`$xLIbuA2
zx*2vacx^&J{3%E~H12WO-%p?+2X;C}fICQm9XjWy#}1lWm@b<f96cbP5^XeK!z=Ox
zu`Q($5aEzXx<{XwK&mo}ly#cdUeyy@QkQ*XGv<_=yy#JcgX{5U^aPVLk!p?RHI}E>
z*|8(kPCvyYCG(TMAX$Fe0HbZ!A|>nrcfFom-p&xsr$R}B-fzL$wbKvvkFT36VsU|&
zs)i;sSwUL@Qe&i7bwfAwtEkQh3(AFu+)autaVH{{1aGy@PJO=cGSgFET?ciBe~*`~
z!_xgX8l`gCTt)e3V5@VzrCVbVefjRR4bocjc{eA4n4PMnV+vQSaARTeS~lN4J3F!@
zdrk}mm@Cp&Q?4WwqNY)Avn~{NhaAzI#?~KJ<Ap2AB_V_H`x8ktg=#PmgEz3sQ5<cp
zXm)xHl|b<j2|1}HeM7jlO*dETC@w509BoZs%u>yp666<<Oalv_Mlo_09HNvsAqnQ(
zk}EbA05NTDS(n=6VmeC{pTBBM$kJAHBrS?#;~J2i$ZltMfZ%E!AAuf#LSK-bHGz)c
zBQ>T)%KMW0a`~n8(+Au(q2KK6xmxX?-D8K)yVW%*8hg;J$bLNB&FfGB@3v~~YEjE;
zR<q^i5LdqaG7!w8VR>qM1gAiOIQaqK+<j-S%JH2~eJ5mf`^<FTxol6@B>Zhq@20o#
zddvG{_xMo7dOhDx|LyR#`5X@UdEDRAeX*6lo3l8(-agT8)5>pY37MO1QoAXzbN#}r
zQ}54nxyAOHI$FNE_jPJ87pq_EeX=Fo_x7%O8N^|M`7F3qZy@kzx6b{1jgkLS_i!lp
zz0}Q{+5X(RxXpj(Y-K#%`|IJv@BR5bdEN8pL-@2!<5rLTGB<fi+hNt#$M@_eZ`ZYO
z*9)*}oBPT;^O#+)b6a+)|7+z>*BoN`l6}|uMGl@#PxhRBJb~gr7xqT{!^3^S+-`uC
zwwf>G!uvKWH@P11loRK=`*z)+-W&0sUV`Oh6R+?2EzO<2>irkp0^RubulZ{m`&Zf5
zLcog8-MeYSU2j3HZg@}E4bL|2%(XJ&?4#e=CgJwSBd+}APEH$GP0#nO{n}aBCiKwy
z#r&56<J?Z%@@v-1b&15sSA7>;`uDk9n8M_AFf$0`&q)uc2U|O5b?8~qYZu~}y<$w4
zB&f%1spjj6%i(8Pu^XX6_9^GB{cptl?Hjn!(aYW9*nsrs=l*?#0QvsQSZe>Vd(=Zb
z&#?=H_kT{dKdfE);?HM>o4a@ONez}iKu2$53ta!v%4;<>L=tvr3GYcU8&h-sM;F`c
z$(wS6zkkV&aLtR-AP}+4z=D0?<DBUiK-K7MzMV7p^_IX;UKOWL@zm<cyH+y0byoWI
zyJ)-H0M238dcTuulqSZ-^^*tC=qA0_w|VVP6`785c2fJ%Ct)T_<>-&8+g`<OrqW^;
zM~Q)rJX8h%19zS#=D|iC%PK6iDy*%QHC`tgSol9fwdV>;Zq?3?I2=W`WV4}tp|tXn
zgQY_F^X!bH2!aJZs3S!1|Fu(3JsOIckf-=1{0eBIx`nVr5WOY_Y+Hok#R2NZ#fLAR
z;JHtAGzp^?lED?8=%y~aq$M#8g~;AZmyzK_VQoE<V(^x8E#{V@WcF1B(bX^)zcy;b
zyACYQD(*~yyO}X`v9gRKb4B2VArfH}u~eYTAu53+__`rJ6g*VhP0fD<Yc3_@j!`U8
zn%ISJK*l{>)`jCdWr=tZ=08C|*6y~1E#>gweg~~hr*xHz!hUkgh$?^&?J$E#ic`TW
z>(Lu$zvDM1*zHB~v*Z>$k#VhtE&9o6jV-g~dQ^aw_81nSazUcndDkO(pQ59Yf{}A=
zf)#Tt6O%4M5Ry*gd(a3WmpK2TiQt-ip<r5A5i3_neFjY^h=p#fs^T79Htfj;3^!HC
zT*-^sNnrzrQJ`-t$K)XI$CPH{G&Qh-a1a=Q8kwRhG2tJef-&>r{(l`)mB^^FW$Z?d
z@VdHUVC*c6^#RdvEh%<%0GtU#@ELjIP@KsE@TRlcysKC$vP}#PF%iXZQJD-nVT4`3
zhs~4;s4g=l*!#~|X+V-y!%ndF)&0c&D#m+Zc9t)eQMhQd;j<+8*WTlS5;OflpXulI
z4@lf60^WHa@)kymG1#1FP~iCPNP-vPd>C{DGMghj`h(9`|L+^$jV*~=Iaoa%Q@L$s
z(#6VsBpYMp>^E3gr4eDRc6n2zqNx5Y%ZhAOEa7bRBjy%l_;nQ82%NTHH+(xg@FV1H
zW<6h<=+ys*y?ct1tZVlLpSJC+v|VZ2wry70wr$(CGb>qX+qSLFdf#vFv-@;k^j+Va
zxQMY<#2n8Ub40|7SpW5VW)P@tL|12~2ay$QX&bm<2l6)14Ahz_2%nF~2v(^0`z4zV
ztfh_&6bI1&_%cYA$&JL~g3dXt+@(n&%~vi5Q}h-W%~68UN|vc2EZ?&cQRI@AU{HdQ
zXB5#}@9Rl*#bp8+7(k^OAcS*D+XI+v;z<HBGAoPnqg{OGq|5R9)9;$F=8@@HG5Hwh
zAE|)}z&vwrT%hOksn3I9xbd&E1CtH}Qe@65>rcD2A*gWX+jp5=vwl<I=6DQfqRjT^
zdaVYe1WMt7^x$5o)Kxj50>`-WUa?<+b~no_YG0}syvJK3&clW<hzRPrPX!F!TcMc|
z*43)hubv^_kdo10mlpChcMP;QhgKpPr0duYu(l*TmBerIO%q^0t=?38I^<OgWa~(>
zz_`w*^9WQgfg(FOP_%SvFj6$TS7Xyv$U_H)#SO{IZCS`8dze%iV%3#vChY!_(r6H<
z6%cV*(e$$ZI~Ha7_^()$I++2K!@tIkI^5Z^$)ErkI3dJYqL$;tPH_xU3I>@TwN@cR
zAr!<uDsMLiySeeo;kOFEW`=JW1UsCvP<@J>&GCHXG~`Q`dgpw}bnqyPFVwk-0vois
z8h{~Pv2>&V(hZ_QFH1{bcwMQjEdS8f6@y~ziGN#225gbs-fTU93AF-ZVoo%~GMCl$
z;_CMAhA=5Au}1g6!0%5I%Bm+)v4P|sgQYUYN$Z9p)XKC0EhqdDy9(i%`a4$c{-46Y
z{Hf+X?xB1(A3vnwEz{-bR?g-64FfuQj)5IOcVSMoy?t(>4tb~=c?9xv;!gxW%$JnJ
zIPHHj&eW;9Y!6F4kYFx_Zq3=w2yOqG9JW3>`}3Ub3uLe;@U8O%k73QDy7oIzF#ct>
zk7Ok5U4S4#SN|%a3b=-%!(^o5#W5Jl+x+pO@EDPNY$6PvhVBX>GH>Xf{TEJQpRX*A
zPrbcHEoX>d2eDy+;}2apY)s&f2QTJ$nj`~U!N&CV_I|iO?K8u?T7i#v=a-#@GS<S`
zH~UUgu|5g<qDSF`0-ZKU%`BnW3@jrwd*KOe+oHS!8j5<mwfS|PI9?|>381{|N&0l@
z)Py5yVJ5Bv0HLNnvFqS{sm<PFcUkWzne4%9Qr$8rTL?N>?4=6TG3XbaKxzVK@Hj_)
zq5uWk{u^`xVl_BGikKou)r#b+oII<Mdi*A3ELO|cvxgmjGs0i%Z6gipN#kJuLH(k2
zygdE;$6$)Bb-rOxq*N9inq0fPmzP)9#qt{F0>}UyH8_QFpujkRp2H_PCTkx^O0Owl
z1}hO4E_Bi1YdG?Svxi4EDjq+%EvfT-PPl}sP~HB@ST{*Sd5Ed9zXh_@n&O<o0r@b$
zI@E(d7mSzl(Cea8W}<7X!oYs}cv~)oEibHm(&`Ns*(a5Fq|d1RptP!w**xu<O%L?z
z+mwT=<n5}w=|XCQIRon-F5W*I!f*0WExw-c!;ryV6i-3MW&D7RvRcsRrPu-l-*;#A
zv6ZTFP#3IJX50bK=ASvT1m5vPw*FVPaV$jAP*bxI9b6M+Y)UIc-s=}iFky}04zA84
zZQ&vGcUemTZW#UuKbhvj1<Bo+q!brM)qWM96SP6DWl2emiCY#}M-Nvc$^zDd;fZ4A
zI9aUso8}o?{Ea?~weWab(QZC<yLQ!GT}rJx24ukGNRSOm2jmWIIjbmUIe(YX_s>0}
zAIe4A8X8iYcsfp{*BK{iCFInG{?d9g;?ftXk7RC?uVO}Cng$IEoc90&VoT+f*O1(l
zettWtzQA)3Xe^-z@Ah5L(qg%})Eq#+xmNfFwqMCNqq@^505oJ)xUtte=v_YJ*(`Zb
z+kvF5#NCeXH9n%Vx<#F=Ylc>OQNA6^EWyU%G@6^N9wj<!+}9Z1|3Y8(nc>GMYpgG1
zZ7B9>A1?EcQ3a-@pDE=&dK*y%Bbbh%+8c;lOP}v^Kjxljm09Ceh`-vgYmvp<@6qOp
zmP+*zsOVQm_+tB~p#eqHmN3~u4*E%)B8YJ-+Y}5fGLZ!xMD*y!LEK*rMoK7EcC|Bz
z#gL@p@K_^awF%>ETNMLPzL0Nwly5a&_D>6$@H)mn<}_V*qtvTq5MYzSu#Xfd4B>iH
zv!oMh#RUyK`v+4d*}GBsf#`eAnfM1?j%Q<wFwnE%w96S5bwiGplpx(6#Sl}WqU7MA
z*oc$5R}R&LS>1(M*BpqtLZw?AO9Rn6AzSd7Q0|E80;?oH4@vTd=34a3J#I_RC-8ej
zQ<f`CwLN9mJI1bd8q#Gp=cbynI^9y%_vox@u85FQR@E6vy~L$7kP9Tr2a=iWYHsEU
z4(ouH%0p2zR=aPr*dCBv#vY7m{AUIY%@NJ@{%{T>pUxCKhi6n5h|)|^loO0W6C6cl
z6wDkRSNe#U?Xxy^w`FOO89R+An;O4`DNCPBI#c@(`{!<QKUr*gB~>z0M%nqxuRzLk
zV`A`5j^U&WU`uN&t;v%x*0nz|H-$af-BT?OR@`XUK}66*KJ3SmS$efzqMHEMRqsGX
z<s`@+Pik*);&16Mfsmwg5vfgZ(d-JeQUVMogvoTNw>ju$$&@JDp;xvi%fJjOjqb%D
zr165*DIS1iPak_CKpE1CKa)Zv&t8`XJ&NcRYHo>ldZlw@Pg|$35hdKrz0G;sGaR1Z
z2Vs@7UtnlMjcHSL{b1wjGW<-LKDJ`XQ0~|$FMphxgd5%yT>DIBnW{bDJ23Q)n~nkh
z-A$}Y7@V#KN-IR{QKlD?Imh7SokRSL`||r(jfu|on82cN<d%U!yTmXQL^H&!CRu8q
z>yt|bh4I&JCS-C=34J~{11zU<&0VG>?{e{uu&Z<gck^S<njPY=i<z0wQZE=8Qwnch
zIzf^hZzd|I{h)FpOmr(1sL@P;cxN)yPZdhYibe(TY<ZHMrJI!8z(R=iq)<A_-4}!|
z8;Yq+BUQ%Fpg+&^lBHCTykt8Gg6zFp65S0FR4<>Aw^_oA>f%o+R2wS*T{bIlEfOmE
zA3@=djTo?0qda6Q$V5N-wj^r52lstO`g0=<|03Det@brVT+wOrL`PTow{)eM2o*ao
z*^y!ZME{n=;`eCvugH3xz#i?emlUeQL5waNdHkr0W~662rR^i|FU_!zmx7mb^3LlP
zq|eG(iD%v;NUxtk{Sx4=bsW8CXdi^P^Ag8Ba(OwZL@p$kM+06K_wLV{knSqxB*!`O
z(-9DXRFFOK*T&YDf`0v~_TSTcc^A8-GS6vjoBHz#<U^G<MOkI^$z*#e*cPLb??duB
zhV+qFiA6Q@WiRX_vznB2EQ|D^&OWzoOY*8-lyvN4GJ`Ln+lln?b&=1@zHdE!x;hYH
z^U8qdW8N($@hr{Tt!NKmrqiZM&6pV4>|~x+UJ(i!Bl~T?8sgB>%KbH(CjPiPb=BLH
z{o(Ks_zSp4Q6oHB`ZUF@eHWzRMh}=(e?F#w2Pm;^ObG3wLJW~WxC|Op1qc5p6F`F}
z89J*5BAK$(dr<D(PeG$+XW_E<OCWlgM=nlMBmFw-CovWJpymWQGGrHE**@%RuwoNj
zAxv(0xNm0ohExxMSx2VnUFi3B)(5hcc2AdlC6A%tQbw_)==0JOfsA}Tf*eCwD|J_m
zx>v)mU;M#m|3^>#A3gQ|zn-dN0W<&6vD~gaQI-O}f+I`K2*msr4Ps6lC+Nrsb_Rx(
zj<&jrv<rt#`LB7gNT{L#0rV4&=J&w%LtGB-oLYoIw81hENB($+?4A}zCfDTG)I{EB
zYH1D>t4a^%5d{0iht4Oskx3Z3HQb(^%0lc~sqmX1y(AH&Eu&?o4DJ!C#}NB3yYeGW
zoIcvo9nuv+{a6-<VR!*nmfsg94s&WG41p_uZd_TF0B|=Hs4Ukn2VqCUgDcxT7;mI8
z7Hz_v&cab-c*yD-CwMGgf`m5)i5i|$^Z-@+3GxgBe-jf&RU-%Sh8gQ4Je-0%a2|V2
zl=+#kM|Nq-$Nh;@1Q|kqY7Jc^>#ho+Wc(4W=6!pf>v;SOC*e{jf?B#;YvfKX$^a=5
zLhYSzeT8ap)#=}l3?UKvGiw(Y>r`#;fNknL&~+#pUhAo_!@>O)lH?Y3_1Sm$H`Hq=
z>_f1M+_0S%uzf;0hq5^6OFAP5fuNYAah*63bph&p^LQE5P`al7roOhHP$}X418AcV
zj<E-Fs)OYiHcED!(tb1d`l<l0Zw?$$zz)gJs%zQIm-m#+sQ<_%j!!zhsH<MAZ@C2U
zk6gN+t?))yI)qeKk6%FK|A#IG+gI7xc!)U#&sdeui=+(H>x=raY^n#=HZFf60a{9c
z@>42{&AbxPK#swyfFQN1#4-7^ybvDHF`PB?k_c9SYr6iJdrqu}sg1V8ELFGU^H$x+
z>~|LlGq$z0CZQ|(?{o49qX4sdSag>8fx1#c=Tqu?djr<ZNnbMrFcp@1<{Hq9;H{$u
zkCG5KnYwYb-T+Z6>R@pbxp6D4dO{%{Tx_(gatvC`zMgsp@tD8|N3I`eq6|N0fwPPZ
z<FFp~PQ*eZh6WKvyC<@uqz)GjONdaq1eERmh^?!SiOB2%EeXiMu*ai{Ff2LHp$~Gg
zHV5TmaM0658dQe}(1yDWKgf#8vwfip(!K=?vuLC(!DdIxO(}wf@BF6X2FsFLAklL;
zDPzit)zO4$2n53mFqU8%#URT<Drq0~4f#!^M6Dk}m(O&v?7WSzk1P+-MN}Shl(Q`b
z$OHR-!%YYv7ra<|Z?LYevM}`V$WBbV42Lc_W48~kXsN@}A`u!$&iqS~19Z9#-&^^6
zB)iEKHZ+jTn^#B-39~)Pf!d{4#*>_G%2w)gbZ~w4bx8|<l0&Rf{0|JMDspMy*T_L6
z2UH{sHIcHv8B}OqBwPzINI-Q;sII)Ujd&|*KwNZ7Bcs{gjSyK(b6XG`FIR|D5QfZv
zMou0(Q_jp!=hv}k)_UnN{s7EyIWYd5Yt+oQX`8C%)Vvt|Syr;pb;V&$gCFU_R@m;&
zrEx6;Bf^#(glPQB_1EVele5P*nVX6wS6PNu`CD?Z;ZaxR``$o@%HX(pa*)p>T&+s?
zXfmwRi1tz&KO139*V;^LSY~SaI3s#0YDHwM%qAJS*1NGMn=LpqB3A(=)8Q6{=bAY;
zx2@q!@<By>9Q;pdSa`f&iXw&AntoVT^4!TviRszH;q#ziCG1n6l7Re;85A4*n=vQ^
zm^mruGt@|lTcf>8b0sf_6#4tfdVn6Chqd9FI;#YaV~yzr(N%-Qkk5IbVt-fc%M+IN
zX9$Rj0oq=|s@xl}r`|1)dA6!SSl1PK-p&$rz24rTxQk|~ujRwlk<)fVKo8e5;XLp+
z=Ro0g|5h3XE*IojRl0IxGjLSYeo4cAC3y;yycaa3CwX&2{AN+tbz^p$=r(}{=|!`2
zS^n9g8KpEAxha3N<fmo1&}VttOjTic5dUFO!G;WMn|GSyR<Xb%ns?UEj7}?gC64C5
zSllW2y>yJBj<08=ZPS{fl+)}fXTr7&Ec%FLWPH9_es1-hlpHYDyi<kLT2cy^6kc2I
zCot>-)c3(FCU{{dEHc-9{;(3#f<|zTwS!-jj>5XZ=Kq@*n0LFV|GA5|6B+m$8Mywk
zjKB}a&v&q^e1^^B@GrOycO7#|1^9%z1(=($-4;Xm9EIUR^|=WlrD0nF*A3f35Cr^I
zQvKBcB~R;9+uz{<Cknhy-JV_fy2xbT45vlujG*20?%=us?srbmJU5Dqb$OpRiDhFu
zGUz03e+4uC7KzDn#F!-?Z%qLv6!SV_FU9octK(Q18&`Jc1Z$yO^L=Z<_0Y_3?;Y_=
zqAICeW)HedBazHGPs=C=?gY5?P@J0Ekvl5<abw%kGN*nG34-3juFKr?qCM|_ZnG7y
zzEB|B1n@w%++0#zgoX_WXFySaphbAb^j)`lPl)!A`<Gm6x;yPq@KcKDkMEQqo$Rwh
zRDtqfY)f|D(fl4DCW5UM=SxzjASN>Rx-o-#m%~nID`o?i+Idj;F?#H>{<1YPEC6tK
zw?&$C8Op{h$-9Z>qIyyhjO@hb5y_@wVgpE`qw_JaA`ddkH6X!RSPUlXesHmHh14a5
z%@634=IG`BlZLAK)=-}*|ItwR|3m_RHI!z^w}$FpaQ>!H8Ak7t0s|ch5-=pzJiwN`
zt7!EQ!Jez{{%tx_R%|GnBs+($fCUrrMv7W6*^RuTqrqJk)~X_;1B-v`T9Zh0%<rS{
z|6x$W%Y(+!_CM0y@WiQ7ns?p#jbuXe4fV%m(y$!>O+3*vm5|d6PA}OUY%}yRk+u3@
z%JtwT>T$#BRO$qO@QJ1;r<C9P0lM8}+z>w`9S<4gJXQlEW)r5K^vj+6mqCSs?U4Jy
z!8JFIU#vJF^f#7@M8*5jBPH%01@+D^2=iSFL7#e}RQ9IWw2h%Ck7YrhZz&L9q%|w@
zpxEJ;Ye7hLtbcNM#LC70!HtB3*f+dlqa(-_1fmC?n}=jc28?Qv%!e1E!9=jg+2kBx
ztkq%s5iY##*=98Xm6=j4CPCe08W^xHTbkt6{feWv9=}4t$N2xop*H?<D9Tn*ak%AM
zC46v8;{ZOGA@Uq4R-CL#9JN|^a8C8NAm6>P-_9d@MMl0uYMAl?p2Q9D%p!`~2nZ1>
zs~^yWHJZlo!>&}Q2!{jmJQ(jVJ&L!rwRjRiy^Ig>1l!$C2Qu)@PEY<f5&%F15vr88
z^*eHbvOm#Fi>OMF$8Z#~v=j~+ihB6eNohg4?d8#Kai}-m6`KLv2qcG~S0*&}Cp&3!
zu%NPC@eb?;R4&1`lgHHxzZB9Ee+^3w)cWLmYTxH$c3XDt&kb%9H?8k%+fj>za!Y43
z4wv4tC(;xYJAE>;kkN_3pQlse&fe<RZTQhWpw}1Ex?`sGO!ur03VEd&L2QBPG6Hta
zE$%^95~}skOKjpmxM~f*k4NX9rvS~0GIH*)YRlM(NVOc;+NlGKqB9x5q{|k|L_3A9
zmp)FwlQIwdQqKt~qFJ#!-4Jsx$(VDX^RzlKY6u;|3GdteMB3hIDdeQSNoIoPnneR%
zK>`t`M*CyGG|CW@{3c+I7?D`7rLl~}@FanfoySKsRs@VQoY)2JXSPhoSL0ZFkZ8lr
z@TVl8=w2!*(W*+$8a$VL&CFhuW_XYTURZ&VzL}Fg6e2?5amEKBx5!A0v>;77DJXg-
zU-d4rR-$H&?P@rce91RIqgtcc_s*6k#iL&eMvDhUN3P)e8g?B$mNDJ+t>|Qg=1*d}
z=%9StBCY5d>5G3Fr~eS;J3pg``*#%FcyL1sGhVrat~R+S(}womCR*x<&-cLvXW3z`
zmi2jTZ^|$Br~ld^ck@j!N5t=*za*weT8tv1b@6%+*<gDTfqX%n%LmMg?qrj{W+b;i
z?UDEzzrqjumt~RcvJ0Gt%k488@#$af5CBAI=lS(oZ3cYp_-kA8i;i?`A$cChQE&)=
zr3L>v^^Gg5Acqh^i&!|=8^UMbMupdVgol3J?Ni*@P|a<DYRu_Bu`E85(mD$Ng&f<3
zFh@+Q3T?F9nTf`WIfixUXvp+T4OEjyB((5sS=%9q`aJyQIAj}|OGHc?0fOIm0*~v4
z84EP&4`K7|vdlv0Sos`VMy_(}jt7DNg;}3f0I7I=@I8FPPmADE0r-GYn==S}zjNMY
zkJhchaS3+%kkh9(0lCMGKlgoJF<byeMPqL$9%&(lQxEf^qUFk;oI^qS<FLrLc|#T<
zq6XaqeSo%q;|==??7Nhnlrqtu5j;||wCbyB`velveL!h%C86Qw_13U7s=4u0N4j;D
z%%e)wI*<(Xq2?G<Me<S|_oMBguum!PcB(-BQu<EPW0}K$i4Gn?K}3#%WrG%m!`b|c
zwfg+aR+5g*dY{O{K*#kdRRrcMAOyJG(<XFIle?x(O4eW6Qq+5`z2jiDLS_)5*pWh#
z@qXFB{ReBUB>#)Gv;elL-uHZb8!#OMdxe=@Pl8Z`a;r84r7-C6Wqg_L&qgauJtmP6
z(^Gv;R9j&@pz?{-zy*2~mq24aljuj)tvF(G=>geqD0yZmBP9q|%hlvCHp41<xhSdK
zEvt16KO4u>F~+hJ(=ZFYFWFz>#*x0g7N&ol`?aMvrH4+qg2N9%@#lTF#XhTjS^fY5
zTUImXccw_toZWRIn#GE1IApK49>pW50_f|G7*Bd1&+aE<ypSFwzhvfJ>3j%;m~0?S
ztJZVO*bL|Mqij%qN5tZ<7v4iC*E8#pL7IB<w@Z`Fbe#7{nV49z)Ksz^)%sf@HrZck
zyI(Ly>dO^jg9PwjGF#iP&)`!zG~5usFK!%hl2W-4ww3brxYA!7*z8WQ_1fkgd7pmj
zfgi%~t35Ti5|h8Ua%%?XkKrw@7uxW?_zra~doD1)+f=(Qk5VfU-E!zq9D<=KMfijs
zBgju1z-iUxw{<J!2fh0fAa8d9qclL0cEXucF`$zaw+w87`V(vfK<o<*EoI_*hbr||
zT>p6a&c(OO7~@XuQNXAUxs3U~!t`}V`(I}yMJBDhz%YL#ble^3Fuva(=>_k`lzEav
z@d`uiC){HWDU<4-OmSBe!0@BOd`RGKyyMg>0B6ds8N=J@RL|vD8F6nlmzt+uXmJg9
zYy(%$s&4xqt~5}Sy`Ic(uVo>mxJGNpW%GjCXM4!{8KK8~4)YT7NFPH8XJrz4#P@EE
ztR)0`hd5t!Qz5K1fcF5^VLi+M%42yX{8`59qXhKo999HQ-Td9LyQdjOFwF83aQu6{
zn=etAa?z;_t7PrRK#F*lrz0ISqO@WIXZpG=*o(v8WL)Erp}1$RvUR`lKcjfTuI*yd
zuJRUx(4|YmQbnQ1K2bc9^c!S$-Xa?{V1n$ttJvA79Qa<uTk*#BZ>?Ca7H*ylfFFuW
z^ku^5Iy4g^=Q5BxHuQNIB%zlrTibQmcxtL5M=*|rN0Y~Ov(B7TPsR6LP)v3l=?K{A
z4u?$|?!9;<K!4B~)FhT{7!v4h(jXn1x;1j=T~*q_NDi(!>`_4ensO;Eob<qqb4`hK
z76H*2&Bng~HA4&)hDVz1nEVe&BY+P`s-+;cVibD{ABeKsrZ63Z&J6x@qRU2^G{=b{
zFn03NPg}ATimWCsloDA@?UHmqV<F<LbZ`KK(7K!i0>IlxW4VFsEmUN_!v3o`dHo~v
z$Vgl(_Ox1kv2#2sx>L&u1xHcxlw%iGbMaD=1?twmFZJn-1~RsHr4>g%?P8mH?L~6)
z$4hs1#f5y`g*@es&dlM+T|c$CB{AZW`?tCaiPfxUpr)&Sn0+!yn|V)O<#ZiRoO3v2
z7;8`it~XRY0)N!77Q<WkdUpzsSF%gv#Hr!GL!f=68Z1cNjT326Ep(~HCitt;7)De6
zhf3R`rj!O49l+APbk5Mtrwn;9qO}n};iXeQ4yswK1kq*aOA+o+C4Lt$Zy!qwLE=A1
zf#Q3<)C{wiBMp7GOdi_F2r};b;gECV^jtQ+F|8>c;(tlmhT<vANcbdkT#<^h!)aD=
zB4@>6G;_%;4RW%MIL5q6q76xdj<TYKIL1UiOxv9-1lP9KOoB^?J_=c<#W<l&MLYKT
z5sHHlkI-c#&+5bOLUIjt=EMG7)qw7Z@!2vBsqSpNf<oR^VqfkWRXXe)`@Y6N7Nxzi
z^B({QcA_)GbxpgTQZV(J@;)Yz9fC$~4f|)bt6_bP6Hz#?@UkEeTLOp>i7ua7)IMyT
zV=Rb|mT{;eHiY6AtV(@ds#PNK9#woo902YCo@25TIs<3ZER$9sb;VPgFBJ(QKTFDN
zym4{i*j)r7QV+2cqJ_J)f0AZpT+Aj=yR-4B&3K+H3gl>@-EQF(OHF@|=#r^?S{qp5
zLSRgtMYuUYc}j9wI}|<dyt0&F-(+xr?Wl+XXKa1he}~A`lxOFFZD1e6B&v}#tgb|5
z59$lZ=X#gxRvJ1~J5UzS4r{<o1+TU;Be7U08kKio@}<s=_HVN#YlkL;Cx;Ho!T>Ua
zYpBTPd4QHyOU;%${w|{dX;5oh{z=@?yEw#$5xl$u2qfWlxq~vflv;>`O{GkC4}rsT
zY(jy=7e&r;RTnB`Xl(^~+XRD6=!iCBn_&RxzDSiYF$-paq`wOkW<o{=?|y274Q&J*
zFg>XJN#$rbloO3PWjLNCG(3%-5$X7_VX7~zl3w?dxj?J~63Yj5RAg%F_JcpcurwO(
zp7ZX)Kl@_sWm&OQp`CJnux)6W=u7cXbt{$kd@L)@Om#VeZOWU}h`OwFDv3<$xSY6Y
zT;p+-8-}{bjLPgA-RF1vx;)hE5lL!*Z&&y-ERN=#oAmg2yge0sI%}$?dj0eY>9*F<
zaVo}rZ65rp^6B`z_U*xGO;OEyyUS2qWq)INajt3xhrP&kaHw=z8}8Wf7Cn2AHO<O6
z?4Es|$LjogKWm$*aGJ{GJVw{`vCy7AJkS3Od3zWGe_LCi{dg@h_4;m8QtWB8p&O#n
zww`~S!tTO)v9HnHT$k<9@nPh=^5H#RUp(!qFzIrz=Qx{4kE(&+*tpA}z1O^&Os~50
zE^+g|Q$E{p+=!^a@_2gLaa^@#)yzsTta7<qxtQ5AKiZ$~GQ*#uU9F^XH8D;Kk@LFJ
zZg9AL*m)Nz$a>;_J9E0)xjp?I;BGH9g`fWRZSa`ay`de?ZkqAiy(TWaPk8RD)8Tb;
zV9++v8=cN-U6!;<JPO*lPy5_9;l17pJbb(h%r`RTl6{+&zBVqfHtaa{*)(z6zs?R;
z*5Y1u=DM@y&3e9^Qg&u}vqq=I)7<Dqwzs!BT>xSZA5EGNwC}y2c9t)~em$81Otsyg
zZhG2eZaFqy{x-jRKirUh+G$wJ>RWdG@MuK5uJ6WUTZgQLbnRj|xMK4*$RxT_+u;9F
zJA1UvyHI$|!Eczfv0cnW-Mf;hkj&`lwd9eWYLCA*(|1h|_%y%Ug?ja&5{&V_66yeV
zZNJ#lxZ0<>?z=y$Bz5J*4L-A>gu#7%G`arV0IoEb*n2wRit?^`Fl$(3KiSl6%y^2}
zxzMEHLLXEM`V}3mdqmqz3;FKS@c~bAqX4wg>GZW!Y6WTRd}45>!dxO1+B|VHKuBb;
zd>@_57s)O}X1J@y^z$c8V-v{$mdOjl-@ePg8T7uKL70@(BTM^Fr;T9Zn8op_OutM-
zzvH;za2nJX0aWQ+D^P1|X~(6_Riyj|3#?ZuA!E_+6j}g5E5m65xK!1=)<tCA*VV0<
zc}=8*qcG*3vl)>&)*J!C1kwxd)A-$3X(k32qFfTzdKkK4G)w6}UM(Nj9h2(9Oc)MV
z>BhXFDGA_yC{RrqVj%(tuhdy03lU^}L*5$P5r0@o%FC4AA++nnso(HKaBtJlH(%8k
zv^!*q`b_V9?|(G$Lh;-4i6t2p=+6A7jdyz(bf9-fUXtBg@p1?5;n^XP6i48%LDLl_
zht2!_|1fBnA+z4wzy2DuTD@Xo@(bb0>|XhFvo(*PWzL%13Ec5q5K}(l&Ahy5W}WD}
zahXul^XFbC*>=tnvK%==-MlDxSFXz3m}NOz@`%b)tU`aDbdI3yzV70P?*kkL!XYYY
zl$~LS7R8}bP}D39|5a@@pLZS=9^?~{24Qr47vy+b(*bOFRVuOpQN;V6LPTkZrsgsD
z^_;#DJsgey0zT?z7*ozye8WthfyRK(sM_!sXypyA+HW5sj2~u$5ZNIhz$87;lpf!7
z%)E|*=Pw=O{QQ@WJ;t8G%#1sJI04CHYa@*X;{vX_nj+SJV<0s`J?XL^7RzvpPWMD=
zN$*Hf9iM&S2$ev<k-5^{VlR^8?H976)2DrCcq1N+MeWhlyRFH7=}q4r5d=>I4Y+r6
zb2Xec@4wUQpl?w&SnK{R%BIz~=Ru%pW<pz-;vi+9GXRc#k`?k|NjRbKpH>nA=&6eJ
zp(4%0&?5LpwNAeA7(7)xkiPw7o56M8gc|#`!WCW#UrH)mC5GMZV?2&;+S7o7uaxwf
zQY<=A^nE;anvWMj6jOsDGAbDNJ}@b)d-jnw$FVvjGgLtKL0>$Wdv=J@_kI~+xF4<7
z#DVXm<EbnlD>J4v1790(C{Ct&Gz*1ZF$oemm~p>+CeA>;XdcD%m{4d;>Sh5p&bKtH
zB_l|W00|7S^3ZGf6haZW3O)V(LAFoOJ2~{)WAVlRCDP1^XBbL0x_gZub@L&zpZLq6
z%YX5R6K2IX1ySEsd>UMv7U0uSyo>l)I0V|4TRD;r(s6SO=*Lvzm83t<{1M?ZkM2HQ
z#K#^t9ashzjox2X_Sct%_ubZpJ$3?EF){~}>>!>x0Ad)OAV~`RIJO789<xA`>?dh^
zbL&({LdK3E<A`g<4UB98;L<Z>Lp(F^7kQLT=6O!Ju{Fv_4ghOVOC~;s?(To#U9DOO
zhgF7|?Pk}9?Bq%yoB5GQ7fu{P3HRtIMD1T|ytCqxg^|v*3c=21^FMNF6TA^$G)h2x
zx7)%NJ>wu8sbU+f)!>GU^#;|9<E8Da!7aDZ?tfBg?xze`Q_ZF<X^{!vASv*(eDgJ2
z+iMnZrWv4u8g~8%w1OVpPw~dby}=hW4W!i8{vjEPbg~9l6nQK2t)pTIP-_MyqDw0|
z+5MtFVnQUhvcJG{OXPkliVKRY^}%RsiRa;&HGoc|nq%iHyDCx#q*$_HR~`?}(eE|z
zdSVa+B`+Irxu2F)n@Et;I$+}rQ-|N7Gw)#72VaB|#nP<NJSu?k1yb@culA*<z*~PW
zU?&pRAj03J&qEmkF)8FNjv3YjSvNEfhM(e=v&hW0=4<58{d=?X&fFip^4gkW7a?IA
z933nwr0C+?t?j}6O`-V#?wC_|{v+1{*8HvME8sXIM`%bUDQTHXM<N(a1$nT-;JWQx
zV;{6hIBqnbNv4qLU*E3gZ$jok#*AIOYH%3iV&}TQ;7t#w0Z+krBST*SNG5C<@DW)E
zMeQLt&Gy-l-|WCAam&8jbQfDt9XbOR7?|G`YjG2@?&{`*O@;nx)n#pNe%7D;Zq)@I
z-EuYI^$t`*v~3%Q-LC!tPmlWn25z^LV+DM1lwl&RVTT818ree-48-+jJJ1a;)Ajta
zZhM^Nl8Vx4Ff69j7L|#g=Q1x>5F(n33#DWFPa1tRii0(2q<SN?iBf?wUgPJMbMA}h
znq5@OrYH;^NKyuaTke5T$ktvh{cjxo03@OMpE#PcAl-M_50#)Oa=Mfq#A@}6a8EE}
zo9<1@=&snmgeZ4j$n{tLhK=o1Lq8D&iM`vWl2SWiILVaGBTbqzH&+FcQik4Ic6u_U
zC_CIAg;I24iW8<QzwbP{5JWPGkW|%l5>(pl%{;VxK6;7mMpxY6T{1bxy&X)b0L-OZ
zsb%fT-{$KM2XC;`c|MQxFjjkffo*EZ)n%r8$Z%KBmwpS{)n7kj@MCaA1c~o$;Gr+N
zoj~b#bbB2w^r$;%(X@Ai{~}Xp&LPnU$}Smu2ify5x;fKq;dOU(?bzJ=p<ojC?yz>l
zV62$OONeR6x>GoU$tP%x9$xSdkcsieU4-yWnEzUUQOu^_nGAW(es<L?W3SF~U~a$C
z4_|V~Gz+WcTHP!S%Sq(Ymm*~tew%UdQx~;bf^)ukqjrW6CRc)V`_+j2jumJL<%D}z
z5o5>v9om6>sHKhpjftn-V`8~eqIy(TZGf%Xi!u8c;g-q}*7|$l$N^?YenNr=+Gqf{
zL)pZ|_$Qao?=AxP7<K|ejZ|RWUJF`UBR7}$-3V9LGAOGFpRsjK^>4anOlCzk(sM+}
z@s-MLDS$eZisdi9OEvuUx)k~${Kun#dkAcCBo$+lC0IGUO5?xm+OyaHZr33Hv1>1*
z3M~K2uDv+??{*E1_)CP`?%S@RW6hQRW7ldo|Jt>wzjjR(lP%!et~tz5;+Fqo*BXdG
zYq3rGxx5(W6;Y{fSTvA`AxXt!(uCzWcM7Sivj_&i_BrXv)Zg-}JnfxkF=MpRLVGox
z{}*06`HR=KF$gk9^*e$Go&zK3vK%}W{Xz7+S4{oGZRd&zB<tw8aNCs%Dtln2=*p00
z&*OmTQL*xHQ0y3~yecN@!fo!tZJLfm+z~ZxPV@-rT%m1vO~?;L4Ir^o-m4@9qDpLg
zXPx(DSJHUBLul(1r=VctS{+ih`b?R#Ity|vIo-}^+kWdV%WR1f(>662NxjCWHj;`s
zDTTovy=LMjnhT#VV^<R(QL+5?Lgo4eMrxCGHl_hxU^y}?z}h$N5=}N=AbJzTs;wy7
zC{RKkP8}1T+2a)Lol(&DiAj*OHT`<%Y@e0bM5x-9bU~)VT*UdeFB`hu-H)K$ZK<PP
zrSfM#q_=U1$b*sId#jj(8Pvv4r!Z?#<v#<bn@jVgo0`jZARVsE-Bf7$b***TID}?Z
z@aP)9t$wJmbLHJI-9c`&Rd|>laGn!Z3MH6=RHT86X%VY}Zo4whl(DkATvp7TG(v5L
zC@;;1<)u=(y_XT*)&FoVpYKJ+%7Pd08Yh9=Lh9?s!fTqAfrN2B;|x<RQ5;5Yzd$lI
zV)S<RS(T+7>P+dD6J##IEs)e-uq5FO{%?xb`uhCSzA`Ok;1PjYVc;+|wR(<0sJTV3
zQB`v2hwXI?YLHasb8SEr#jnJ<8}O}4mvKo{tc(eh28$L=<%Q3cl^s`4v$d_+WOyrf
zxtHZ%)Esu)id1V+MIr*)M1SSm<-Hi=zld$@4rhVq8?kMWNk%NR{6%aYZr_Nl;~TM6
zn^A1?(Mj;{@UT!F>>E>&rRk@uo{CFxi+4Cc_)vicDQi%WlaQ0YHxEcKtCx}9z^Rmv
zW?J-nxv7?qj;Tm9Ub@#PC9p3L(;UORS1BQ@m=~pU6<G8W+0*coh|eH+duQ#pf%4$z
ze?g^9Ro_$+e~u+Tm(9ql+<MDwl7-j>^dvQ!CaKJRVis{jH?_q-(5Wsq0KV45-rGq#
zlN{?d=gLBpG{@gL*z+)8P`+0Ua8)!S-A$1n65TAS?tUJGdtj7)L7CI_TmM^Hoq$bM
z!AIt_L<BvgCu#q?bo>`4NzX`99nveE>Tv|aYYoEtOzQyE%~$=PkN5j&5)!>nVNO;R
z@TW>Sz_-`~&Av0@O-HaULhMwF+U^lXgb2FVr2wMSK^zhPs8s-oNAas%SG{gg08uMS
zBD@|C=ObS_kw8?V03x9R%Clml65bx90%BKBPzmRYCyY%JNBUF=|63R&TOARih~c{y
zm2j?<FrU$iS{VSHCg_L+b1TxPLq9Jw9n<&xc)sWNHbwp@%u$@wsXO|{c;F?#G5n3;
zR`PWjhc6_cQ|Evb$XgU3RG|1zpa5k@I*?^XIuzh^D(!1=#WUZz(go}%b8{D(!cy=K
z4Y>jzJmV5UNWDYP_hB?T?Q7KRtPyM9XBm}M5hZ`*@Wm>)64A7}{C8vBhC-6lW1v>R
z=UzM&-2{s*NfV$7D|>m{lGe=i2_B5XODGF+nCg%0wjb-LV=Bm4^+V3q9cZ*_Tv%_i
zapshPP%O1P4y8cuy`Yl!bsgPpxZYIlo#_amsdg?&@a1MarE2~9y1!22PQFiTsG#bs
zN!O(#$~dwK^VC4<1ATZ81N@vY;IPBCSp2uR_UQ462iVa7saU<Msbya(N2r3?=m{<q
zMPB1YkC4)GS{*VSDv`$^r&0o86W>AJ@w_j{ibDxLM{x6V!uT-}7Z$?WpR;r}(P&u+
zqT~3BkDu!UI@^4gjrfXDCx*EPS#}eE<mtYCsy;Q#=M=3k^5KdikIhqa;TeWd<_}Vi
z!*FEQX<#f`2f~_tH-#j6urlAR5}b|#i~&kpq+!rM(t`<Bu0diha)UCpbE3*0e=&A4
zeu>N>)<FPq5C5E=L438W`Z&37^?6;==!`UU$Mj=)U7ihXfIaVoBwl~Eym+p^``9~K
z>RF^bu4#(coBC+Dy11J(ulZV9HJOIfOjSM}Z=57R=iq?SFt#O7A~M$a<H=m3`HWUQ
z<j25R?l>O^r38zbqeeQ834%x^Oz6^t1eD0#Aan+ZvfEamG94tWUWS+Unbg>JJG6_t
zHjDv<ojCSsQ<0%@AFnpQ##@-&07+l)8|w@yseNxi;d>DdMC{^6$e6oHP3|!Y@ANUf
zXkq3kwQLk)NR`D+rr@SmqD(O`odVwaP+0NGB{=zhFp%AF4%+e8raew6Ctsp6<{xBD
zp;$9GbB~}a<^|GYiXZP~@mBX?7~ZokKWbBwN8V#Qk;PYOg^|SW@Ng=9-(>&|E|3--
z)&RkqQGN&6>ibS)X4T3{oF|bJ74MZeuWwc1o|j-?IJ;nb*na>RO;$#bA=3|_V=LBF
z*Gl40L9L;dL>|T>X-}Mxb<r(?7(3$J67yVXY0Hj_qnGEUwsSthM)z?fj1!6D-2B|k
z3-0%QJa_ABk8QnLq@Dvk9YKkPAYJ}hBB#wdu?DDO^V?FvGLc2Z@SL2;!pu+kKy67@
zKarnZtjq|}K_If(W>x6I&T|gE0bs6$spmlO-jpy3Ic+UrAuk)r3QTsQt1+?DdT?%-
zhK(w_2OW?b)%lvEISbY!e=hXqhi=nVX-CpSR@=tM-u>tgaSBNptSyEMQt?8u@Q(ak
z^f9t0p(NhIe$kN}rE8lyO`5WIdxx}5q@zr|fn~L#Ox}^A$^=H(YK1?82yR(JGsfwl
z=)4Vk>K${WkGn2KqbmENJNvAN!cnx{qoCB5yghl%*@mT6H84#PjPp9*)XYS%JYnzg
zWm!po_<GAKHL3xx24lB%$t<<1r22qiKsQRi89!BR=GU92Y5yUhe^_s2odKm)fh-J}
ziMH~IU1)hIR=BykUIwR4&YD;sSbdocjA#ylJul$d8GtkNNI#{Mb)Y`TMW}L1s`?`%
z$okNCr8#h0NRegYyR)M)WE<}Zmd^VAkG)B^tHvDVboj-{B{rKJk0NL+LwtQ=*ztVy
z_V)UyYO4aeAr^Om;DOrF6I>H2OOh$?cKR{1iY7*%>hT<^JJUZ`NiPktFHF^ZF7vMq
zX}o8$Og^N(pGtS81cUArhq7(3u(nRdpIT|WUTi9dQ=sGLpsBn?&OR~p&c*uMtnzeL
z=hVylKxlP2TgxjW49+YnLzBXooI9Q07tvKNOMYeVp$b+$VpU~E&3}JkKT|pIf(}A#
z#A7m9S@cUZM=jrA?pO1vElp6^!=C$oM3s(6s)U8=r?tbagMSv9EC+^_i}_8IFpJDP
z=#e}j=lg<FVerw|n{FZrg^bWgq;rC5@%ojNnRbILDIA)&lef&q7&#+F8ns%)NVNzC
zaOplE|FZre-5Ec)HMPW+6*-csrWT`0uq((=Gf#evik~krt@tuoc69g-qNA?+<xy25
zSy$;lb@Hday}q)Vx+1JcHF-fGd7*W7QyzQDL>>0Z6;EGX8sMYs`{6(D3e*+$8RVO%
z{|tY%tE8@gPF;bntu(RviLWm!9k6DbFTb3vQTzQS(&p{qZb~zhwXQxdi>NQj-c%f>
zSN31vEHy!1XuJji`{-G1$2#KEVHj|&nQ32@(rz{k?IAp)WKCFwYfjxsm;$yi3*}&$
z34vIH!2X70;C)hMy<MPIKPsck{06l6i}{;p@YPBvrN9m?PMctgl@hQc<xtg&594#0
zr=C!3UNsS3Mp!41U?UYktEx-#mGNN##&7*RX{o4dVT*&KJ~cSIF7LlIfPWA=j{@-c
zwwadqBS3ph7vAb^$WU~WN6`G#B8LG`QZqvU0Q7r8fd=SZ*FJ!)ib~JSV=h|%Gu_VE
zSgbCr9}x`uu<T2(9&LO&s@XL6MzDZ8i2?m{WKjidr3lN2DyC>I&72oMF1Nuz2&v-i
zk4cuAyK%#zSEbcrnr2?~swYc^)15iX8OU^wMFVZ4utxZVhK=PPP3@IRRTfM9=%fjE
zKqe1BmNTHWd(q|Ex$El;Gqh%XbSry6$(1SF-!=!!wVG7ekNH;1+E#1)S{`<q_h!Pd
z9!46IiGu=PbSx&r>T#+tzqT!ZnzSe^-C^w345fZVZz9GL86r#7rQjZ7XoU?d*KwaU
zT`_ZkR#Y7wS6r3~k?8@4lmQf514l_Mt%_)K2?G0nAM`#z)Qf-fRsUVUzH*JUe<V#>
z&w@ahY}t<NtEcNu*8*o4{p0J1qA_!It&kH^{CQ;#)(JCr$}Xgso$qR~%s4{XfMjM{
zO<gj0@=|8OE%XiKX=XBE{Z*o#hSM2|jFcd^EImzctlnGm)zc@B;F#bIuV0(r6J<(f
zUOymj3M?_f-wxZPElr+ls!zQ#^F&Pg!C2qspy2WKTz1QwTang6c8YeA@2*uLK4Hy5
zfZ6R=N(&bTOs(t}f4}7QRMV+9<{ls};b=Pxl`>NpWfO72F#_y0aNCiPmB}LI*{Fl*
zuEV@I_e0RDRwlm|m}{ha2Bd4Yl!sqb;j<{Ed1gJg1pSjU#}cK*<M1oZ42x)pnG4jC
zXvi<O_{gpCG7A>7^Q#oqsBqQ2NGLPaFUAb}2fDe~FS^DQ&~WNIpNerGv?a8o0D{X<
zB>Asy;SZIkRr~YI9-3j=fx5YpTnAGZa~uyBhUhH$dtr9xyt$bMyYm&9A`aEDI-23=
zKl<#>kW3vQ(cDX6o^bhDss-c`8~s8ZddVcz7H6`JPsIoq+>(uBgsUYAPWP&e9B&MT
zd=fSocboKmGVt6VxeU8HM17lM+M|l7KFlC*Y_mQpf99^(u=Lm_5Y6`l^;i(_fGp(d
zA4lN*9^(S~K!cA4MnyvH?X>)GD7DeqoQTPg<ILGk8GDdV%-#yYGJZZsm;Lb+;JWT;
z1x{a21U>`ix)obT+=b~h_FZJ5|Fs)OhI#{AkQc!%d+YFgNPr)~a}#%L2+s~UZoqd+
zjnJx^=vDFXqZ((w2%CSQ>*s#eCJ17^;Zl!yzgwVPjP)fT6|*m6zxS0lOpnUU8<ekV
z(pekw5oWb@f#L>t?hMTsW=Y<<VL$YDm-+)v&A`(=>OARg7y`Vt`?-08|EW`<w<q5l
zfDe&^cev<#a+zwrAc({(Li01;JHO!g{7i>Ms;ROu!zg=Qd5ppWn6Oall=6KRa!+{o
zjm56DNH?FOEyRrpc)Ldf;KsSpqUMeJj}6yJ8qCvdk9+mq#tXU)(;;Y8Zn&jTWed|D
z&qmm@qm1Cy32JDXv{eD?4>;&1GQ7yitga&di>|?3XOS87pw%EasVSf)Q_j*;Et>ge
zIZn!upjDFbbEI77xPnI<YR(!$c{Gn8b>}{6Nwu-X9OEll{gt<5<CL-b7{eYYR{k}j
z-E>g@Yu53`IYBvIv&hb+k;W$n^joDtU79%&>)C`$K?6}Dtx1S7J!!U8C7;Fp9G=r{
z0vp8?fl}s~VZ!?b7%R@5Dj~pMD~#0Jp&qUyZ&LF!QE^>#SzJtT&7wU!aHSLOLL=z~
zg)Yak<ktp1(|LLEj>J`3$!xuUAp3(QS_;O~19|<CAkl_q?;tPlizN3DDhzY<F2qQ#
z*&Yi;nmiF*l~3;LSm}tTZujHOwn5d~pfM3w>_a55*)p<!XNiMw&$46(<Y%}UZVeZB
zq_}d=Y{8_c@0LC^`A5s`&1HcH*%-=bAry_PpF=c_&2k<ClS={rT53{Paq7Q^JMeeM
zMKr!YnN-9D-v4A3;RdPb%ad#e^6(#m?d=Q{G9cXN&GCPm6RsqT8vM;0A^5e@*qTw2
z{GxfNoBE>5C#&~F<&kLV_L%qVre)rezGAB>{w_epFhU-XgmJ8-VxUI?R-<ST%j2BQ
z`6iiwaZX42{oHFlQh>nljA<Okcrc)2^*^KJ*((Qf1Jks#2XY}?QU&c|RddKAKKlIw
z{MD0d3#)pzxAnrew|k-B{vhG>9)6~`?T?eh*m5l!y3e10NA*2o8H0kiNxGKr)`+Pf
z*zNZ0#f|iu($4%`=hx1GMG)DBT&scgdKJ^21@@t?4Z)7(&v-V2ZYn!ds8LlU_JYpZ
zqAb+`#G~_37Tm9y6-%K%A0_e*bmbi1D@67k@*o!7c5+1RO6Y}IDAvKzpD*e1zCi2%
z<X3}Ocl*I(P>)OijR436xcm?}UxW_>m?v0*BJ^HMT>6UCMJ|*SPALzx8N<jcG&%Ac
zcy;A{Y$Mn+>UK2VjMquL`^{#r2330PP6$LU=m-gcZ__**j;hr0C$b9VpPvJpr)8A!
zGN35?!6CFO$Q+41j#0rp#-E<35}|M!lY|NZM!0iMzPmbQ_QAqaNRV>yA|2%jcllfs
zECHuqJM@$EZmL~-@MX>uE>J`?P~~pYG!79OT~_@3mgTv<?jCMs2L5*TG@OYht<yQe
zXYY)lpl{%A{y^B#OacC)6=A|VX=OA}OINkzp1WnI>+EV+P`qj|L8d5P@+dmTjStl1
zp3REYlMDHF5&Z@BYA8DW<FtT5=v+BdetmbRNXEb9FaprW>jMw0J{X>dDKOp(2Dgp%
zud$a$GTq;)9JV8`lNnt9>lOSSv3|g*e4`rBXKP5~Nc?ouG&hFrJ9`7DP~HoFpIBOu
zL5}J{+$~E`dl>u79MZ=oY6sk|Iw3XZBlVn)m9LGtz*M-j{0qR!V;}NF3hXo%9-mQo
zzipiV@J-Cq(Hm68*s)ShPWtkMtRmKixasiio^{<V_Q0=EAxGD=NBp$Q9TgVy0pxY<
z%^lkV-su(?KA83eyT6}W8#dT?O6xiUsk=u(l+2YJ=-Td1td1HR%(QRBnEQUdB#Vd7
z{E!m|@D2M!;~2C+R*uz9d!AJLFoEWvWkWxU&*B}pZ<wz=7lOxn%$XYE%GTbU@qEzK
zZY|q>nKmHUyN81t4FBS0!|Ldq@#f;@W$<9-qHx~bD&`)!B!%^fRTcfH<>`Ctw9S8V
zwE(=kZL$mpdz-5(%HwIf)$A@K!_LY<Jev_oJD!Ybrfv^`h)yQZ(NoY9z$I2~D}h1e
z!S?ROlF_&KXB+!~?5JFk30y-UFSCTIbeCi@d87|zKptA}UPnU^--Ng+<O>JFE&4gU
z7nh8Mc_<Fbp##FpWw!ACqGh}BKD&>mh)!r+NsQLf<ZuzgZA=8iZDc;(pAl%>!R(;8
zDQA$yHVqLQOgAOCu@TAC6%zVepy6%yXICBWd}<!F!#&UjYJCb#AD&GsDZu@SV3PeJ
zx6~W9pA=*~k=$dW!=gFfvp9}5afxH@rZu}K<vk)QpV0-`W2?(ao+}Z>AodjK6nft0
zY^ww>#Kn>H^mbWZ7hxO&<0`m<>=th@oVQs}wt_=^EvUweI<{)@Et0pmcKtJ|>jhcF
zxjrYvoGYF0s7U8ydo`x4rb|8?9Xgr%TgNIKfxM^D!wL5s-Cp9^3N0j<lOT()6k#C`
zS1@{6;^hURdsZeS3oEjg{<wLTlI1jI(MakF*5XYh3&~2F3LoQz?&s6M8J|UUr^S%j
zhrSDGMY<@e=v?sJ(6!kQ)a7?gBddgGr8sEnDU2Os*S{D)1~|bhC#(1qMav2A*%@h!
zDLg<&+Sy^%S!wENq1CC54{qpRH#CD6CNkBHVOmrnD>7cjT*^;tz*Iyl(e)Z3Jg=W8
z+BZ;es)wc2=mK$e_-X;s8UtQenaaziabHu!+%=AJ9Is_h@U(?A)?$BU+%r6jKMjjB
zBN+TaJaZ&w=&R=R-_GWN0fm!TgV6_}UYBLCrPd3EDjLPLj6VY?WH?EF-PXxxJ8VI{
z&FS5DD~gucvjEI>5s!i5@GZ*2g+Ory{Qmo{i)vpu2KWWNh1`uetK--d!{|~Rhx%+#
z3fFmY{lJAKzn&hvui+O+`s<3b20GIv(-bn(2&QYht`yluOb0-rCGd7o#n<({FuzDL
zq>6N6MxMk-{^(61JQ1~p6$qE-Qla%5d@7^W#kjVj)r2zVves2b^RYsjgvs|c#uEc6
z4zFgvu8-SPM+bh=EalgrG{-u_sXO`;%$Q6L-M{0$f9It+QZ#gckaC~Av%^Q)$Q%q!
z?9#WJ6&F?N*8qsL6!#q`2hAAw9aH7Nn9)Du1-)^;@eh(XjHtuIjoGG2x7d@WF}&)K
zWY`?g?Uj}HV6k{r8mQXKA))bHI-84H;8XeF35Yh&1G2qw0GI+W{9j#tV{~Lew{~pX
zPC9lnu_v6^wr$%J8xz~MZEKRu#I~*5^WOJ<Kfdm@dY?XBPpx&js&?(#dsjV7g=4?A
z(LH((w-qt0>S7HTm-ib%NBP0})S|<fGyW#P>d%+Rd!1q@EY`r`3hd5EhQ;OS)!xDy
zE)@%4b0F1er%sS=TZ(C-SblB$Nb+Dv*N&*MYMGO*nmrdpqvVLbj%^n&aC3=^9xlwl
zAX3ZYFf7kE2dVJ6!NlA<fg$I320e@BIt6hy&)O`xuAx&q-AR*f5}3WA|NKp}22tUt
zs)|K1H%^^lu_g6#D?aVF`%{Z}RM$wqqGD$MK>I)?0|f$Ie6AWVKJqy&cr+8K7VbNn
zQYb9DV$TgPRT-A+r8}+aOCJsPxHb}Y3N0V#q~Lv^r?!60Af8frL9PT!HP&V44*`0=
zF&WHz(w@UJ>pi`m-ag5&zI5Q~pe*hFQMbH6o2m}KCm1?dHrvxXBoAX-{10{MJ9&i)
z?e2-uN3w$+5n>#&7lK&N)I%;)Ibf8m7!T3BC51b)bVzPlcD!q<3xPZAyr)*MP*kIb
z&wTNChGEI3$?Y`eSOT+|*3_GSHVH(det_*K<~^Qnjtgl{zDz1pwDpj=Qe-2s?kOC<
zh%~wgyMUQxQiV3JEIthfX%@2pSS3QLmtS)eCy!fJ*0h`-dbef&v|Z}=<R7+>-(CsT
z9N1pAk)gK^VC}Tv;p`fud+WAKaL_%7`lqA$#E+~Yzo|K(rwqc`NoQ=p!`uA~%JLNB
zt}a(fQ*%_5oBtuBxvUpRZSI{(ZT{z{lQh<WPJr22t56eY_utpmJ>A`2Q|=kJ83eYl
z&C29Go1@xOU{53CMhe+<gWdHjb=!9c3`>6{Sx9IE$(lgGDGPk656_H&dVOtl!OL}!
zFXSIGUaETNmjtr$A$eDjbJr{IUbk;c^}}TakU)9J!^uYUhc>|s$7h46jAVx!Xh^gM
zLVpkR=hy)M@b{$uPVUh-`VQ(w9=SAUu6vr80;8vLkfEnmfVEs*s#Svkiy*WM;}*13
zJTG)bNxSm(=5k~z`d+@HvRL&Yzl040{uMxMK7#pC<3p9+CCpz>BMS!sjyn>kLn?)-
z8@Gi}Oc@$VS7JaZ;ZQ(HdreA4)@5qq|3I?PJ}I+zOY$ysS^sT)3JX|_y<y%39hV;i
z`<8ln4;~ivGc+AJmHQ&$1x|ykDxe<@M=w5rl$3jnk1ID|L%q~wd_XQ$t`10nr!gLs
zLjRwSqTJ@hP&7*TlR|2O;Z%SobKLEnB-X$7GRa@1dGMrw2XZuL*ZwOlqJl)HNp0$u
zMy*LLNqdOOVk4gdWrK~)f-&8cd~ksof#X&ZiQ`rkk#B-JI1AyPF44V7gQ^tvlsXL0
z%iTB$WIs{rs!Qr^Dy{gm8iLo?c^o3ocF0O(l>`X0YS7(EF*(#T+48+hFkf?7yx)Ku
z>ADtEIr<<YbDy?>LK8o%!=ph@oua54Jak)e3P`#k$NJm7CCi|rNlJJVK{36=A4$PC
z58}dtfe>+Oh+rs69Bq<oMBf`AP5elXfr;2G)+SrbE27OFhvCW7v!?_LmtiYx^NQ7T
zl#b^JG52zb(8_Nf4e+W+623*zLK{odM<vEMkX;)RF5FC)Awcc%ToZ|e^$TD%;5Qe5
zG1>pcqTafUoYMK8QAGr`^vN_7DPJ%1C5+Y+;|C)djg%na7r~N*+*W%^ZND|P-v3=y
z)bmDV1(7lAAt~*EILw+NW7;s8oV|KVOgFLlI;$>nX}D~m19+kdq&*DAXnzn44+(2x
z-ytv3S=OB#COB<^6?h?mB9(;2H=2?Jce%bhcpk9@@Tn4v>>{sxJktappF6re5qL(i
zEOpEn-CojcI3BUps}1DqI9WDZ7k&8f0Y~J5d@fzJdZk2yhwX%>{e<2axA(Oy-UMnu
z=d)7Z?|7wbt}R+CJci7v%VTD9yHtit%WN&nxRl4LQtolTp1GqvyB@ydy@mr}HQ>3A
zl!PlUDJd=($u33m!w$4MIYq|i!cr1yC)lYj7`)7aaYe@B8u@q4iAZ!O5fg@#gvC>r
zXq1GF<cXdk1iZ=zsJz3W1mD>hOijHZMPfHBMPha7_Ng_;ZZMrcA-%W2Zc>Z!JGmDp
zaO`W9I_iJ*W&!)nYc!yUf#{(u5A9U?1zdxw$u00v2K=Xx6ST5HA7W?Z#(IEPAW6c>
zknA?skf`qYvIdDz#JnL<DS?)XEb*#5>1IEX&%kyTX+)gvwcaAA@R%f?5+94d!k*E7
z&>#cn5dXm&++e`=I5iq>3nt2We?%&YzPL|Qu`%VCI412VwaAdP7;)XLm@OrtH!h)a
z(DvXCEQ`3cyTGrX8~x7XOo>fzodnjUhYGx6u?2_HWC~N_pdL@mDH|X;J7Q)U->Wy8
zNJal*;1+Z9{9v~nKp`df6b^>KCt4*tHIFMpVQgHJn1gS|^EZuiB3B~Iwj<gnKlX9x
zZoKD0T+!-heSa`}{*Meo5cGWvZk)Zv`Md;PSKh<3y&H`V92q{d5ska{r0!^k5vL5Y
zzAKrzM<V#IG=B0y_`B2EY%$1PN116&bUebrd~UJ_^_s)_jYE7<S$K=-Gzu+1<wACU
zGNX(V;TyQ$r{;g^&HP{s+pY|G^?o_?2AWf_r<0l_;8G~Wwn2|y=tMMQTaV@7a#3iX
zaYD_1M5ltSq{lWKHMfs_Xv^aGp>5z>{KXbPXgz2jzwb9nj*bSfL4(;#ySlIyAyXU(
zMS3~(1cP8e<%L5z;<{C^*0H#8E61k(D1^d{Uo+NY_-x5EWFd)w?$ZCQC5<XV1D-Bt
zAU~{qnN$}<NBa3KQUGmUE3{6lN;=@va5iffHJ4z^2&F9uNmts(1qNP^EFbD^mhef0
zW9;4oHqxa$0ygw7^)%MA5ntkPbJfIDKCMzejWnVRskd9s9EObj`Hh*%XQs<{s%Ep-
z=GO#$jqT3D>;CA!Eeg(8La_%!Tyo-Fc}gTWu5uX1WT~I&8@|aek541-zzBr?v{Z2w
z$y8TM!!6jK@Cv`;9T>V7oiIR^6)oG|S{2%n*CL#3D642q$S|J2=5m>h2$oq>zcbeX
zPr6mHWB*9+n%XDk*PYpcek0euG`?dp6~v#7S*I5}azA?Eh31}J0_#M>VQ$D_?h|Ff
zEUz@c%$l}BRua&F8|EGk=(~$>HVa|l(WjfK-_0r`P|H%DIA>JMQU=+dBA;LTMeDOh
z$2d=uX-OmVhc5p3Tt4aeTsu;394(t}r2k~P9Uv*MdYbG6<QJOU&HBi)G>h(4r<qxs
z)!$N9_5Z$05YD%NRF1g(BmT4KUPb8F7c_E*>OI|K)|Lfkwl~?eB<9D24jfTVft+w@
zkqlpelL4CJA-Cu?n#y;8fVY!fh&(aOYtROgM<Co2^A-t!jOPK)Yk=UKb-xKbGD05e
z9Q9mG$eYwK#F0Z!GB)D3>9(7+s+c&jJIx~xgsoqvaDN?@2BOcU%KX|1$1S)mYQg3P
zl`aaG;cruUCA(r%wYEjlEPo}_ga*R6kWh$86#9Xuf%BwKe~}Dy30s=%+j>!O#$Q9x
z5pphf*JMHY(VIJEGDV{`o~B~BF&WE<@IQYV;kXlUsZdl2#TJWtp`6%m+GgeGW^Lqb
z*s9ELj678?8b8~5oJQ^gTDN1BmkdqI0$PhZV=C>xwQkkUUd}Sv&wlQ`K0m(yIoN=5
z@I5@@8-aX;Oq21r=i)<~e=yEV!mg4a&GSeO@6vMLVQsP=_SlxT$C=uHP0^Z5I-{ZU
zOM7SVEe>5%O_(V9+0%~H7U5M<U@vf?IE&|_u}w&Ymuo!9`4sSwo75;l-y4=;{+I4q
zB`8oYJUOD{$w~3)@^T@DCzf|1!p5@cO=i1e*uuSQMPoHPV|~C5=n3ou<VJ4)sN-Ah
z?j<>&q5T-B>s)m_@icgfmQc;E4c)+UlQ^iW>r7tLB|B&IBg+o=ypkVYd>hVi|7VHq
z=z-n|q>pqV)88>>c<LvXI-Y-|Iz9>iulY5!0sTVf15^z#?%w;BXtz*UF@)h`W8;f!
zjZnN$eV7Qo{2v{VWf^g8B;Y;t(MZTKY!1OnzkzFRkjaq-%qc5nJ3MJF&}*5YNSLte
z4PS~JaE#8lZlayszA@74vAFzuIGE}0rc{JjZE`ljsF@;sD8#6Y4u6UXVpm{98v`fE
z@j7sp3WPJ<Be-#B$!>##n!nFhf#Yan^c^@uM|g;6ii#kGAC+#Snda)`N?m`fv^{ZM
z>2aL4AU!jj&y>u}f;He1Bhy#6G_5b3p7%0TGm2L(O5m+7FvY16(@R!1O7}8XGrFyN
z5^3@8Nhu#$TQ(OjD{|9UGXgE4QwIN*yIsEMR|8r(0qU8u|ESg$yXX$$KC#OW00FM+
z#ir`%;WCSuEv&0%$SeFqdmHIc67ScW{;pbS2>AyfvHRL9;{F~LTdowludp!;cQkIO
zopkl;zR}`-)#q<D$D?(OqkY%juN3cgP1w=?Zky=0!&@5G_F?|9H(%6-XY|Cu_7PJX
zeVn;%Or3n$y*?bH<*5$_tfEm25q1gx#}meHc(%>}ml?E<g6GEjLgJ0g5J2h3FNSC&
z)t+Q;gpyhu+mW~uzGjItP!E;TO^s;vP&xF^mE~e-7&P=J)_e<`n)~wv57u^60S-ou
zh1&4{xH}7`n>th4KFnNN&|DY8RgT1v)C)#p|7Ky>I6lOaw|hxY(5iywQjBYfZ*uI8
zq$zp;a(%Qi2&$>`;IKjN-r|EPi0bjF!9V-11^{xhEJQOb^MEA@-7?WbpC|&U&<o<Q
z)BxLTQuu^=g0>%F7_+Aa*hPFLa{i-$TP!#33ex83fEsMyc;9U~Vn<bJ2_}f-LP<X|
zoYOst532o1j^>{FJmQNwO3_sAYRp+v7o;bROnwyr*$g*4n&_ORX&^}<E<1bDj;0m6
zcuchJA~j@;*%l8~&&jy1{-fW)W)}f*5ACc(cH*D@LzTm(pb6|?wb0v~h^i@4g#eA|
zPW0t=Ej?3DRiM|VQaXLrQY(e6Hg^Xm5wZFn00l;7d)Tb&+NxOIQ`ueFbN2O-{hlA}
z9S9Zm`_Gc+z5pXJ2VDhgMk}`}>?TKk<F;sW=(L`8bM%2Ol?NnB4F}{vGkpjh`~YFD
zjt)zjn>gU3?`e}hL?(_47)F`fWDT*dMhxK<XcrRY&QXMha#_o&CUhZ!@o3zzLtr;e
zx?&+Gvy(TpDS<PvcoRs1+x~z4u?|g%*T}u3C~l5VBYO8k1xK)C`Vv!BPt<3b#Nkk#
z+6p(ac<S&2-R)=2&xDR@5;gCTb)fIB1010N2m9)nc^MnF53_XgiRcXt=C@~=_%P~~
zsD^TAg~#enSf#6RojXn0g>kIU?Y=T;1U3&EmE;^K^-_)~hJY}!)H8x(-(82=SIXy7
z%7WZNdk6A5wU=dx8#|_NMjSJq(7m9u|9JS)=p`VjQdr7&VR?>m8`NzB)u}%Ls>~o<
zQD$kz<%Emga!#-N_JrJ3DlV%ZL9Ozybld7^uvM&SXR$F;N^G-}`%QK6eEmwr@oLco
zlk_Onem4OR=N~M^Bde42Vq@UAC8RSnVv-xB%0gU$50JH}cZD*zQ#->1tGl29vH1g5
z*8sBGYKJWn=V1EVv0(N2*MY%FU@0;C$RF)P1G6Va&bORj!M<m1)+o#|OcEbegbt^u
zGxmM^_npUiqAn=3`6t@uIfZuY$WAZmB`VCsy{_^%FoYsgoM0e(ei6R)o~@uMV66$3
zc`iRCwmST&AlSDF_>49HB19u?N-#0IOWUyxJ1X-z%EG_{E;b;D#0tP!9l?>l5%MW<
z{d^H`7l>QtBA=f(thkLz-=yt<Uh%;lX-!1Ma^b->w`j{=!fJ!!l%Z|xwsCP2ZkI&%
zKp2EaExrWsw>QWEu6?gr&|%~VgN7`qm%9dL5)+`f*Igvjyz+*I=hdMK3m%6{nYr+w
z1v&7Vsot@Dd-=-)%0KKuvEgRsLAmDQ@zR1wEt|r{>90|LxX_oT$a^Jwy546e*=<W}
z`w5tcYyvlP*-(Q)Y#|HtG5@R$iqe8*GXBnv8x!xP07*R5eV_0%L6x$x&c@eZ&FwPQ
z-`ldz##^<{M(F@M)D-<z4~hPlEpfSXbKTTH1JL=Gn!;R<9d6o4OtKP{Eo;%|YG(eg
zr5YNuY0hm%8yXjqN5SU5Qljm`1pJ(~=-FhD|Ba8CO;)x)n)qf=g}D6jsJl*lg1=5R
z8f)j%z2eGwTC{~+tKy&9_O4oc|9*Kr>cd+He@KhJi@iQO{_w5SA3uI~DR`lDHMr=Y
z3cSDmm2sQMx9pn@f|iT;W+LQsepo_f_;Z3@+L#I^N_)Br*bW`aXv|YTUK<qCtEi!s
zzkkmnGi9!V=7zqFM5i@#bs?ZNqB$FSwmgqn5)G&TLk<qYZJVaZnblE;`d&cbIYn&n
zZGl?UAr5jkY2Szd83u14sRzI@RX3?wWk$6Meq%NFOzwfR$rf#>MEKXpN$*Z7?b$)t
zU;Y)sRMy}iWI`C{Zz))4@bg~?GB(ekcNCd$6DX|89I=(cpBdE(%~kETs*@`bsTcc~
zH}0w8lWuC?C#h8Z6ty@>uMXxK*4*NG)MX~=8KNc(Ej3}$J0X@E{uT~;&DX;sw#>NL
zY+7}T@U-xT#$IUgs9_QEhVI1!<ciZiTPu}-yU1UKjq|!q`C2+TJ$}R)@3RCJMS-5?
zUyMM{wa}{O(%aQK98!Z}u~DBtU5-{kRUUWW?-mpBxEu9>w}dS;E}NeiT6gBN_p?Lr
z4wL(db|cN_jFN@2g}ZhBx+387QvXim4K{&!m^|04#1sNmS)h-DJ$I$5aB)+4j9*)T
zo;I>bIa8SF!$xiR;DJfV8#m{k#r2yWB?R!S+)#Cv7mb-oTcJRy1unzW7i3rz3_WzC
zo|rEJ0%jPf0|wgCitkjkoS>&xNbgvRjsVtf_nIu2hquoz0?sF*qwrg`)_aK2m13}h
zjG&q2)|6aEmDU1l2?^p>qpSiF9^9yb!`oL;0<h{#jew%bj+=*o_Uv?a#70W2+4Dk%
zV<0eat_dsMK&yTRk>KXsI?yQ-EZJEZB$-6pOD&ce|KvonVDm<wT^TBgMfUxm4y8OK
zvYSgR(=oVPPs~!}teQ<RvsJ4$p87(TRN6b0I;F~fm}zY-j`TsoK9#0;G|O)e$I3o~
z=As%=8Sa2e2T?69u+S#68&xk0(7!|jl_XRROw>yD4m`8dOOkjL%7V*!f3TlxfE%Bu
zqNs@Gr!1x4xuyBweJe+yA5T-Cx9q~9u7bdB#!|w}{ui!Q7q^nBD^QS!t&MD~jK>&;
zlcu6u*b{kaK=WV@@o08+8Sl#M0uL4zSh@>DJSd~~%u{BkAj=cU@VM=XHu^*Lb2B9H
zD7@x=lX29f$Ve@PskT{@<Sw*T^E+9kWK$S|1(W+-M=Lv2Q!6bLd--h?YaXm8Q#j~!
z3)4co7L*CD0&rRl08Xn1G-$G`D7DyM8FNl&Q~rn5D|GvUZ_3ZJJqLotFBP}pzUQdW
za)I{h`PBT|_rW7v-jmnn{<hn31jAN&pTW=cD#so~kA)>aNS_NeqITG&Q{_8F1jS;W
zXJY!uwvUkwEJwkStT7#v%XML#i{>+w(0F3Bi+<K*$W-tISG>Rl--OVL!uFtBa_l_J
zgTbl9J-H(AF`YV7=(2ha5K3)H>Y(Iuxnk6~^I#E23x)WC9U4m`OW+pO+qJHkt-2d%
zSUeEt!u$XRyhelg(1>m3$5!H>!6)(+0~ixfy@EEA#$Y5fjwA=!i#dvH#t;Z7yBYYE
zgi(Se{kxFPkww0Ch)RgCC&m|<ep}GdUzTC{#hJ2?XUf#k!<{g1X*w<mR??Yp&$FvE
z<aUm4=;Hy_^)UgNDlgx;=R>;E1|!Y>h@9v!02;EWX~Pf1D1V#}bI;#*-+37pz#_KJ
zq+9$O-alNJA<+pneyCtkbp*=pl#kX%_)i2}ce&Ocp40>9y|BO9RN~OqqS5<(HNc$I
z03wO$1Y>P)3NhaaNR$Hed<i<lU3V`}XMbl`M?Y_WFHg2oaG<^N?KdbTwM)c$n>(_G
z@!c=@%SEPf<<}8PPgY`nH{IrRAu_ok-)+Ui{=I91<X|6@YZxu=KIJ9y<2fG!n{IK@
zfsS7ledS;Scoze=!ALu^y=9}Hv|9$7ofPsr{N&)xOM%w3Q{yF0aK)H)Q(bh4j|!J8
zq*och<nCiTa9*?>)j|T7fvF#?&hdwa;zWvH6phcp^Uk=Q$Guio$)oKXwh($Q(+Zr6
z4{6j3k}QSJ9?LnZ*)kmSgyTpW+JKwiMT2~d?|I~e1L)2)k-yXS3xYZX@W+NGvb!d|
zT<=3)B7k-$V!CMO_Ane4#EE4OoRaoA_bKF-&M+3!IJ%PtAfOgs{nR{gE7TX#>vU0$
zxLnEMJLLgL6)m~wbHC5hD3XaJC~1YA(2=@M+Okwz(iJPQ8y{g2r!|aw{}-lsqMS^W
zOqpr!XBaPX1NC+M{rxGjfoF1uyT-bq7tc+=V-vE*LxNh)O>vZ0I9DaoI?Sl~IrnIe
zbAgSdIvAI``xA-DUe0iqbqF`I6S5_=%wQID<v`Xy{d1TF)IZEeHgA5}mBU$B&f*7k
z>5c#N&mq0rwl>o~cRuQGT+bQpYV`;{K{??ZVuo9Kcu&0-6QSUKO3w}xr1pV(#Iw=j
z@NA$KvbE1}^V30JkGzlnlyU;UbhnZ~f(9-I+U848@{phqJS3n+ND%)Tb(cx6ZJzlq
z1b!nZC_#sE8_H^10$*t%)>AIuzZVUMQyK1dl!9O{8!B@Eh^a|=xlm-glt(uyyQ5Q!
zpni(^q8dD{jBYS4Ct#C<c<hPBkHeHl@;vdP5GO|Mn}!FAKGWsGQrRoW+eqKjYTU1D
zC|<)qG<R%};uR520sF+`=q$N{1aF8rC!}+RPozScVRhGx+|DRXPusbaHFj9+18B|0
zGohxB?yAZe)6$A9Sx%nZuep6if4{j64dI85HQdTe#Be9!?$|L4RO7#(=@7QO5P%lZ
zG#AK62-#-ryM+u253|32tc!GT8BncU4Q%D!CFZj4DMBG)gS2?J*@@vpahQ5HVkz-o
zlV2=)p&S_pIVX`+xLaOfsMG<rZD-6^gcd$ftF97~22Y@9k_NO70Ab(TtH7opBJI1P
z$R<F9;5`k%Vo|ve*H!ls;yOh=H5Q*q#kTi!LQVbLrFyw)lM`Qd68Como8J^auCETB
z`Fk7f3>Q$nI*t5OuWU0dd%#%pj0LwbP`%>Hq^|;hxQ*31`%VI2zv4k3^Q?S;gEeVn
zffVM%PZds`BC%h)#_B}2UlVb+Sv>(v&p)Q(nk>GPFmk@6LXz6ADG==nKOqItOQ$x!
zl&vD8!F?u66E+&IP*|+0#C`zw%9ZAmVLwOma>w6CJoFckUQ%JtGkut+9!1lkyWr6J
zwZz4sEV{f<x`G7K?Gw|?prXVV$G-V~;1UM;`^>Jf|7;D-j9HQEM*S!&NUe%C5N-Ms
zzaF4?nie%vQ~wknHM34mk%#1!3{ULcCF4W<cQ9}vJ8}`trYbnR4ZP=|Xp`W<OVt+c
zZ;CKOV93%dgkUVic#tGS9s~|pb04{2lhY=-b1<kPNj16d()U1CQuHCnOU2r6yrSAX
zOuTQPEZ>$zwD}EdWQqpvtt{4%<{CD-ePt$B!c)ij#U43()->>#CZCm<VAEx5z6!={
zj4mew%^K~{Tzjy7Y1&|=3>q~mQMr3=S6$y2bW5%cVd<KyarzJIkuzA!6`IP*OiGuS
znhTbJq;y{qJdOQ<G@H)qj%V54WM{UnA!H5?)J-BQ0tw^93zG2K+G7GsD2G^mx;fsY
z)RVvemfwY!s5+N$YnMi0DgN^W2NA7TCplGk$Rz>xIDK3gd=~jXiG^b;31wByl@Igl
z<Pc|A5XNmcyw~VZ!J7KM?MR|sWXcQ?t47{`xawJ3KCpwbA+0#^n6TS7${2Tlmi1Ey
zjpf8mtS5`nUnUrd`6*EP9k{O1Nn_wUL==Oz>@|_6OcY&|YXM1RpAnOLC1(Ly>cUAE
zsO}_;<{;=5WX9fj(J^A^?DVlsx5KBVjwUdt`~!K%Cl+`Hn3Mb7^-*E>39#%Tfe2j;
zz{D+zqo8+FZawA#e7210%sIR7I}~_%zgrfYitJ(}b=kfU=5>h5t!tu}WUIagitLmw
zWyoCFF6DrJ?j=nn?3BU8j(>l3kzJVccxHXOlx^FJjoszXZgI}vnInf<snaP_hkjIT
zgF-Po6iRNsogp<TjnJ%N8^5Srs+-AO=C3*TU_m5cbk2hZVJ8Uk!15}TJNT<7S4Hu&
z><J6hEckizhyrLp<fp|gj%eULzxyydbX~lKJY}2#*L-tjqM5re%szJwt_M_Yd6RQu
zdsEn2Qi##a%bolG8z0JPT7Jjg9V%Td{vr{7VH!sUjhrXF9Yba@>w$k#B|Nym*W_(0
zv!Z6onds;ruJgNXcpnU?VEr{nEpY;Y%Bq-V!oUZxA#-J^_H&ok2?WN60MSU^S95mm
zcZASKt~0!<2xVdwh|x}B83g$o6r?HcC1>D3(>5{A-p^FW=Vp8hd^eJ-mKLwmPm~AK
z1qV_S$m#vmtYyq~3A#FRa=V1_upLXxm#DUO+d3aB_{$kUR=qYXaTS;&eT;Xc{av>3
zd(s*q;o;OYM7gZM9gyQO2Tiz-ra<R9`7$5*4TVA%^wF}mcA#<W0ClzU3r5i~<w^vk
z(Km?e!czl6K)5POPOBr*zz||_M=qBukZ#Qy0dL;EYWnOrs2&<~hO#)O9PcadW)wNT
z)W=>H5A5kWzAzSFs0k;;^r(UrB-}mEoWX|yEBiYhrvKm2uNDC<h)!{smK1*#8wTY5
z7PT+~z>2>i1TW1KCFv?|95Ii6lmSCf%!DDT4NX!f9|Z4Jzw>n4c~O|IH6yP(a0sSt
z<cyfMGNdtNOzN>9NmMx_`%JU>-@E0XyUo;$;W*plO=R+Stzzh4CG#r=8q6!iI06s4
z*h89g=o5@XGG(tW_=bgmW5ZXz3l-kR<|yh!-!7*<A1QO-Uii~4GJNN^uMZmnoDY~G
zuGbb(<k!BkrK&YZ3G<7VN5xqZ^Bj{{JZM(o?#eQ&*RM(kjBcUK4KG+i;gi@<_#uA2
zec!o0@}3tPO3Rc<DA6>dT2Yj-j&_B@a;%X~kf9LBSFcysv-5kr8&qtQJa9y|S>^R0
z5L;7L%m8p!SgwMuSh-b@*fvER18R#R6C7?;43t9TXFMmLbxfx8AC%zMRaDU<dXo#K
z90l@!UhsD>4(3ZQQszq|AN11&WG8&3?kz`rQ)hlJ0Az9toHSllCiWTQ1TZ%YYjIsO
zm-4J-vkz-l*OdVtn!oD9S(=g!#8Md;u-G*WX8U{4Rl^De&)od^VQ2`Xc0MU(xzxaZ
zq8UR;rwNBq$wnnv5RO4`MuFuz^p3o(0%j1PbIht8<6)}{M3w8OdsxT@X(ye1xr|WH
zBL?<-nC5a>am(56dnv_X<a*;&qAQM{_sK9tD}MG6LKpP9`nbkIc#{x0S*E#&6Q)@Z
z>w4MIeqg1=5l;9s`L#&-m5q8qRjgGB_nJSzol}YOe>+lXJ{b|b8fgBs+bivik)eXw
zZ&<GSMq+mk1zF?Rdb6ni=?Mtm*%*<ZKGo$iz2x+JJ=%c!LGyCoTR26uilE)?<bJfV
z;ki>m`73f5o>a+D!Z4cd`tH*=OMl7PN&f4z+sUfL5dQA$m<k~}bH0@J=5TAIknO8l
zNj)@Zt|~GeG%k6O)7A6|dN3!BFbL>KAupiN5Yum&ngeI;s~v@O+Ymz>7&3$ukUU#*
z;h%O}lo#5q^FDLO?^VCr|C=hi30Nf+(23?fHtq<XBKmx|x>V(|nSsO=<0nL>+Spi1
zKn|eIM<&-V$)u?)a|z(9Ei`w%aWl|xoNm}A96*LKL1dP|T%GTJ!klobYh4WR_xr8+
z7v<y)$?oIME*RYb9eVOl?)FRFbtFN{lMB=d{&aSB7BBCg>MUMI#}TJL_JsR?*R9X@
zH>@uFRBEl>KYwree_21+1xF=RuG>rMrcJgaoxiAY7!-P8`|{rdgCxTDw#;T2gj-rg
zBXMhIhd5TT(@u>?Ol42;$2V<bV6Cc=JIon)(%Z18hizS3q&0M%KQ@&%B(t>t#^$Ky
zPbUpW+v#m{Iv#Y}o7M1H;Kxzw;iRGF{9azBRJImxKj1+YB>$4x^Vm4UJz&=pEKh!w
zQL<wxTz(!I<JaW7>oz`kvo_)@zm$(IS}97v@N@VaH1B7|ljDD;!&@K9cM6)l5q@>Y
zh>I2D9!yZ2)DmhfrO%7ZXEHC*x)|wUboaD+_=;8oQu?s^C}#C1Wd4e!>X~dTi0(xC
zP3TIlR0zy4WE3+A-vA{*kCkUsk$j{kUJrG-R^;Oob9Z;g->Q|1v!C5gd$;)BUS3lx
zYOONR)H-^Eoo3$J9{I3oiox%Iu-yBnOl3Y&eqW`JQSc_R%3m*1u4c9*EyBw}xo79?
zg6XL@=L7q_rovq>8^Gj~WGTluGs|c?Plw47A-t^b8wr8w#g}Vxj<3=iJ)sx0V=X~C
zh58Y$hqfQSvi!8IeoF_CDgSnHDh>U&+e^Rx_<ngiYBXl5aPmEneKA=XWkleru{5_B
zMZw?MKfE$K0G{)i%{62K`aRIbWClaGCyiCnM3?Oc+WLutwd&IOpiexwtl6&UvnO%?
zOv&PC5A&#)@k09C5$MH&`nponGK(<N8Kr+ol*>#&-=*IJe-R?h{!bTB_(aRgB)!sT
z9hxVcYcQ7e=-le5)sq`^_k81%5*K<xL4!vh{1A3@UZN~?PW-uMgckAHt>(^l{>iZB
zIvgh7OVgU)Y!74ca=(7k$~YW|nrH~-wop!K*&dCFEaxfk{e=%~$5dr{R(1(f(Z#qJ
zG`Kdm`zv$<!bf!CSM+{<WuQB{^o@M|s-C73uRYL9@vZKC!=V7m3h*xCW*VB>K&wQK
zkvaL}8z<(^DzhE)$*Fh7{3+voQrTgrqqr#y+Y^L-Gg;X(fqtWa@X58^vK_X?QU)T}
z3Xe)cI9l1w$2CdTGb*nEa!>6OZoyh^s3y(e^It$7VW9v17{xDm`dHazCy|dbT(4oc
zB)TUFo?V5TlKWJ;Mb^t^CssS^=MCD3`pZ!^_vnvfM~8JSEKOnwg3TX(QaPtk1@e4O
zvS3J+!aUuzwZYEAhPfc#E{m3u9>(h+>U2jIl8J-5s(XLO%kUr<?FxC8%ksoM4|Abz
z6uGdl^JM3Ug^^8$Dyh)`4h#lDgymP`badI&fyaXJiVU=OtWP|o1e5E4t}fph9J!>0
zQ0H3mVrd;C#B(%#hkfG-;Voy3C|N53P#VhPSR;1|3+R_X8IR0YYZCQCP8#|rmgMSV
zbJU!Knjh_bJ=;o;biM9|-37DiT`%M7Pa!WV%d_~ml6gPIUpObt0I8+NEp~AxGBvw(
zC~j)rD#}21lJ1n_f{a<G9c4Pfu~6T^L8~goqkZ2;Co09$MmMNZmcH-K{*yJ4E(!@b
zR&+0Np&!SStPFQ&7~|rs*vHpz5JvnCm;@F1S=NEED@9eZ3grn`ixte$`@A*TxHMrl
zgvjBH5FZ6om7&sP%?dQ(_RYF0n|KBe{`n84WQb_xxX!INZ|qSh3NVwuw+Yn^qF-58
zA}8kMn5P{FQgM|t>(*bd1}=YCo|>1vNPgtpCZBvg2@Xd4Qx*=w8gtU`0QMV*-b8fE
zt?>mFkK(%J$HqRcO)D>b65%N7JZ_ZBUnRPbDBrKe*FTn0S`PF-D-yFqcxaRtPIsIH
zKxDh?VptbW%H63kSp-SjL5SrPn_e)=H+2WY5(N_J=wFjMe#m{vM?l*?fKlgW!iUog
zKWt62ZK%9Ob}4F34ej`G4s(b;&=UkfM&p!NzMhm;mk(I8s*W{qag^BV*)G+5Z`mKY
zIk0pi<u&j=QO+`^&oBo`%Yk80la9Z8ONt`s<TA#|Id!F*<YXMBt#zoElk1sMi?=YH
zqLCe0ZfefqV5C`WGdXR@<Rl%}P(50ap5{awr`6>#?1*>ylz{hv(~E)?o6HnSzSP@e
z&=jH=nSIq3idHpGu)MitAYoNqxr<Y=IELaY$6<<)ff9QrZvvj-lA}t_l^Bht5ZVZF
zJTA&ii3_@6E?g^!AZ996f>Mob0f$;~Z(SJN=eoCOhUy&A#3H<a2lg@R|E0eKY8!9k
z9AP5^bN|WznDum(v|(Ek^YQ(w8Z8cdFlhJZv(E6!>n^&Iuy(m|XG`|>a(N5#yy6P8
zU%VM61n&yW0G_Z0dBis>h<xl)r>JslPTc)@o#Ig$%O1ZA8;<B(OXW|e$<hr&Q;bQU
zY!1?TDvFhmq0IOyp8^eZG;0wfSxLQ>zm5OB`+v8pU?cxqbU!8|e!pLm#<cwcT`vBU
z(TRZ}a4rOc%0D-+_W&mHlk<?}tSgGIq(&)r+vZA@d{#AH_1TABJ+WrK82Y}5iGD)V
z|11M(y!aZx&^%A^;K^wvZnC&*o>UtW48azhqstnObB*xH=S~HZFQc5;0*1!Eh=9nu
z%Y8gW@WIT|bN(09%-;W<FDPBgVbb(AOd*X{)rH@0@%OjJRjYIyvbeApKNvPC2$C42
z8U{~?m|VtKG_4qgrC3g4)k2bdEl89^`ZL;<CyV<!Ls@Kx2V=?N{+>9AC&nAEf?m(Z
zU^xDtw8t<UtRtBTLj)EM+~z6=u{8Jj&kAr7#yG2-xaQa^c$PRO7^3<$qUL>e5}53G
zE}bXBX}o<iWE+V5MQVX!0|^wEQUy+3efcirnA#->C1PaGT-`-1=(X~ljYuiK2&#!Z
z^bnCDz%5h2C25Gdvq;&`urF}M#e294^KeAdcx+T2h9iq{=sxbp8kVA^>90&s%fU_T
zZ1p$S1~N;v?_8{N?4}p1Jv%t$kC?9CTxf&eNUJ5y#D$k~E1387c+PWU+X3mg54A#L
zT}{$uw0(Dd<ymD3&fziarP>7WteC=1VQmTSFNS1yjxK%{dCODHbw@5sV;sjFk-7DC
z*gt*yr*4HA^PAUb1&j>Cn<SdsaF`@9@Fzx$hWo9gIV(Q}_&d3j{nbk*{wV2>{x?e`
zl{_%!@S@E^+POf1k@su#ftDO)^)|G@lUz2%q<oz{!O!_ny{Ha9ouyIah35>CstLPM
z&j8Ld(2}7aerh$|7YV@3G~nf^+tnWuv}ZYEFydub-ebUeVIRfKV8P$Xl-~7CL!WsC
zJNf}Kn01((sZhwvu~EQEFD@=~<?gx6GUc?egrheu^S%&LKymiGkjkZkH7+XClW=<9
z(}YFKbgFbB1o`Tmob?;M+v{By3&J|%f$wfE74i71T}J1L{!m}2OK!MCZu@n{Z(gvz
z*To}-59|&n*h7eyB6x3wVb0DeVE*)jSD9?b52AtM2_l`qw;i4Lle?Ac<C!-;zSrEZ
zPyb^rHwiM(*J#Bpz{X%_hG6ypfP#-ZEM~H`pyb84@@90Ue|$VmutmU57hTh%47C<H
zt22h&7jj%CxAj`FAfz?16yX}CSxS8V8oUPiS<Qn2fv%sJ?{U9e{&iy{;T^tQa0d})
z1gRv)hQLB_LQ&(I7BBYOl|h&4nIen*n<gdtd?eKRh20*t6|!bfS^EwM`ZPaA3r#^E
zZHQFa9@_-@uylB<YLcBu1o&w;AEP3d-S#5pnWa;JRzuDF<Tue_xkJ>Y5t2329Hrf8
zeLk0Z^~msCKbh?Te_gz8dL~+HK09kEctT%1XU(|6=~=?V_(F!X2d|~G{slC^dl#j>
z+UYSbK%wtC#d4I4q!dY?sF%})NlD^JZxoSWR}68dvR?hG>tNyUDFudE>GGlItpT_5
z!5nn5bn)GIZ5Jb!3Xi~(nd%!GE`e_Q>RkkRIKKFXP*6wPtBC_fOMmL=ng@n2bk}+8
zz6oh|&#2A{KJKLA$T7bmk|XTVoS2r>Gkn!WgP{p8t%QaZhPCRw7NF%w+yMcXcurlw
z0{@*qFAHv9bc6zal;W6WOwJ6KO<82g%gN8kT&SA?xb?9Wr)x8-QOjK5M_y{V#T50K
zb4YiHRrliqWMwd8iP*w1*oYXSF1ihZ(x#y(8gE;qxovT5U$|V$A%`2cXpkFGfqF>C
zuqG2r_zNt4tVu~n)lsPv$w@EQ$+K9V?1z6jWNi9xQcQAqjk+YbtvXea09MuNBTLUZ
zwYEQ8uPM=7c)K||^o0rKuiu(`hUtfKlB%ti$WV8tdVC3Jt961GekPQ7q5xhYec(L!
z?{fp$LphagM}yg~&M18ALvzbIV+!Gee322iy@USHqu{bh`jLNznoY94o^n?urTE^<
z#`e~ryG@|CNW9>0*1?>FEIxHM3alyOH_W=siT=I9k=@-Z?N~2>$a?0<ec$-GS*BA*
z#KuX}M|j0KhaQ27bjA7T9xiyvsgT?E`0e%0qNP#lvK<iTeIS?+nMg%mlrg7hXktPn
z#)dlY!fs-g5EE2Fl1FoFZn$rZ<p8#u5#e^5Fp~~JhR+-w`26meN-{n#tf3$Hl5<kU
zbG4s7b+JDY01*m7H>+R0LR*RH$He8s1gAo$5*sp#(PrOMxpXx>Io~+FR+*Mv?a6Vk
z)_MEd;&k>$tEi{?{Ix|*Z|maks~wZl*2Vd&U2RtnZ~McBW>F9C8c=xpx;vkBc1rrX
zHv+}&>*c|UyM4mzrRi^X`-6v#+3KrLGN7or`kXlPj@RA_{(kBmue%kT^83ly&R398
zX)A8+;iK*Ll@tF3KXycfH&%QmwXpt`M}F0Wp=EO7k6E=}?()=@1qb%J<#=@CY1eDF
z8k>LPvW`V7CEHBJ-RYC|^gE)ub3S3(6j$X;<(4zY-8bFoP&ZxHy(*qszbzox0|@r~
zFIb(;{|*R#`Y%`?2-X0C)Bl0*F8kS$pz#D~6%KlC(gTI2Chth%&uykF;mP6`D*jAV
z+XY@ZxwYUf+g5jU{ApiixR#ok;VkU<Q(1E<XXgs<6Vuo@U3NKBQQ7%RdjpJk_uPi9
zqO<e#^zuNhweK4j@1N+?OCa>^AM|DVAM_0f75)eH{10@Zx0BepQX9nA#Qc}yMjYLi
z8T;)MF65Ym+=wP`%*aF~pP_a0>L#tdbMx&+$}Z8Gs-A`azel;9aMytIHc|J?=T8Mb
z%EaAegHyFF7Sa`;MAHl=MtA&_R}fk&<Ex5sAR{oJOo<jqAsInIZFIGa*V$ZxtKa}W
z1z|3YL*rMff{)-DeQbrn%hs|nrBLL6Gt^EHcaP&WR;0(YZ01;3sCA6Wkxk|TW8acK
zFaD~&q-LsVAcsf|XP-LV&=1Cf5c1Ra#lH9J&lj|U3@8`|I0gs^2n>jrYL(82e#A}=
zE(l0}00;;+@b3S;iUR*#89SL8x|ph3ikX^O+F80-+S@T&IosR)|CRU#A}{;qf`HUn
tK!KqCUkyN66u1bi+Sbt0PQ}#L!3J2>f8mf&|4M-Y-yuNh-~R90{{YN-vnBul

literal 39222
zcmY(pW3XsV(4~27+qP}nwr$(CZJYPlwr%?!+n)P=J>5O?tD>T6t({pJQL*F6Qji7)
zK>+{&fB>jhuF<ih52#v02LMoX0|59p02n)&8oHROT8fyOS=w2;SlZjsSvlL=UF%*t
zVY8?G<d<`d?4(GB%1SxmkWZSGu{iM@X>BZMO_sFQr~tX)vl$i!!Ud4cWXi7aP4R8=
zO{{VXuy;{TriZZb=6xSQZ^T}@!_A&>@9*&go_$wKn`=buLOz-8rr((Gz~#q46^h1z
zTJa<KSJT8PDG%Rnzd5+DaLGwUJ4Z&}XNn%&f0D;LP_;ZQo-Hg%dA_e1JuPB>)Ata%
zvLbUSTU1t;GqsFnR^sP6E!BbzHaR!TVad+9bwcf>4MqX+YOQex_W1(=%uC1SO?JQY
z3&?lkAMb_Cc#$)pP9D_%7!l>jsMkH1V|Ff2E{@6l%A#>{WcxYq&_ts~E7E<}WU0W}
zS~ZuK7K$ElhVUm#FY8&U90_s6yZP8T9gV6BQKdtL60^_MdDkao=KDJDc)u0+xb6gF
zPWt@K{{21B(!UH2HXl8j7y#6vK!F=LM4|Nn_6uWRmC6iV=9F=;q6u1_g)Tiq{@BG-
zUC@yW*!<Z0{lWK`y<B@o(&HJMXLCLAyINC*UF!C>+a+2>?v9CVA$vc+KPVs5&&%cg
zd3vjMybAKhK-~x!1!gIz#?%TCqA?7*I~2<f1v}SS!HZ}|EFO&2y=up6KPn#@0;X8-
zB4m}%RTJl`0A~$(csWFETeA@<?#v?WwjgW33bAL4M>DC{>aA>;C&0W|0jzX(*%e$u
z@leqyXp_#62HeY4^K;ALkfDyo%+cd<-2NRHAU*&s5wn)*X@Dz%Te9@J8Y2u|fIvQA
z04_GPq}sZuRS|-hgM<6y3Iq;bJxAX&pIMLjG&hR}4+lpO$c&aX31z3NlKE61b5rp9
zsFBH&&V^roZSIE`v+o_gd^s=xs%74+Fz;`J2u|R#>f+=8&}@g*gFS$pTSYZglbHZp
zfKdy7KWIc)eF#hZ1;g?Y+Q81BYIYw6IAmV`LDjpKD|(eI_FMa6Ax(|zHtO$C7_ypi
z9|xVG*4wx)b4Xyb`^qI;odzQ;W4=j|OfTujE^s_;QZdh&rMGV5Awv~QK9U?B`qTu0
zDv>I3oxE%$MhkHwpyG$7=xoT?@Fq=~`*h}U6ffpL={$33t5pC88zg*NI;$O2CPVjJ
z5$%$QsuX`|J{H!AqjPzL2;vGWH1;z1HkcqefP<6sAeOr{OLB(;dN5F0CUVBkU=zTH
zF<@-`KI6rlbt^z&-aqvO1_zfnVtd=n-MRWI?qD`a+J-RpaExeg@s&TcToms2wKXHL
zfsuQ-ujS8Y^o(9Yal>h$NFY;7**=5*8z&83I)0z4b_JGhH=lH6)?}Hy?*Rc0&X3{E
z%=p*rd7=`{>f97+j(VgEQe1!j)V~sfoAXONRBe<#uJRuJl%ggqh$Sl{W6~aAn>Kcm
z+^bd%{7&DYD^;wa@8?8}+?)*e?jA>8MO}7N{Nkbp^i0#GtdUYrgE?K3V@$spFQ7H@
zPB&68ZD(ne1e1NIwX^$@w=mB_oV*4b*++*`$>pf=#+wF3Yi`Qd-8dJ`W9-K7W&4=v
z1YDB8L+`Q!KimIzQ;W(}slhT6>WK(huf|udHD#K~MEZoDiCAM<7RE3zp&0yJ{Y{k&
z9MSQlKr{HIUu%f)QJRZWQA1k}8(jDHAiuV9@;MQjNxs*Y6xXoT9cWjrR*lc{7k5iX
z)07oKYZWt+Se8xP-|s`1`DfMQtMQmzt!sYY-Nh<;NhuHWx>hkaJw{PI32d*c$k>t!
z6*HAV^AFlYU_K<ggfrwR`rspn>wZVDaA@UN&5nze%V-({>kpB6sO2Y=>y7#M?BX*x
zan`PZ2gh5(4p60wiyttVS(we{Zhl|Sg+aYK6#vnUQnB*Er!C|ayciSqu65y$E$B&n
zQHo^qSRW@J51$NNpA2054XoeQ&hEm&j(3|!mn}E5sNvIDBI^lp)BJUKYDPg(IXh8-
z3eiZWqNW2Qou{%u^Zrj(?pzHeGZzY)5~V`(npia&j24B%Eg0}=ZNg?(EK$&gerQ!f
z?^O?l$Ob&Z6}aKq-X+k_t^rH=SU5sHc0ap+K~vI|{@Ux`ZJPPf+kdga6#m!{AA<!G
zK9!CIZBd50uE(!;yuM!6@2>SEU+(r0&KrNNBHZY{hOP19P5ia@?_tMq>Bl*sp*3qu
z5wvbmvnqd<=wFRjl;(&(!A=3OoK8jTK@_kabNtMVM8edQoE!4k3AR}Z_qD~>wT|+7
zEQmvjulxFdbSh`iIiUU}H(ktrW`~)2;c6B#UKWJC)k0sTgQsK#!BU=DBszMbvo{3!
zwWN{={o8c%r(7tS$%_R0YF8{r%z^9K;?_w!Tmk#u#MCT6OJ+RYNbx$(tI>vY$di=0
zP}%9400WwOFLHZN@pD|evX&L6_k@g0>LR;1*N*79{@{@<#eT!qF`yZzTSf3@Z3fk@
zq_GkAZ9?WkOqAKK)nenj&bG(VhPyB<x$~gK&41?*3E%(CY0**h7AbjF_%}q!>FZbN
z;YI0TqO<9atlDY^_Z&;At=Dzsn1^qkQ9>%(A63e%g?h2tm>z^OWF}6&j%C(e-`m7x
zs^#r@w#oHqfA?C&cJwLlIi#zU{37vbCqRgfS%q|h{aENh*+w;ZnbEH+3ZhI5v?;Ol
zK8?wv7|KCU13tC7uM)hG_&~3gLwX0CcvTxwN8i)9R6)|P`Dv7_q);=a&3k+$`t4<O
zi1eIl=_RZadLinLbs<T$!nXcr7gx#6dptY5M{?6|>!%M8Sa)KJWen`bg^GQ(BHe<}
zGHy)m&I2OJxWW&T=-G+x+X<rF{4`-UWERnE(bG762w?*!UyldS-cBJnNm(Yna*!~;
z1*fN6EoZt#!A`bjRnhVDm;Xm>8s`>+c|m1^$%GBd2_MMBYRYCi>bnn&PoZkkbqStY
zb@#Olgnk)Ti@ii6P`-Hrfr{J-C#aeXMXR-pDD=jBRpq^==4=1e@HBTilnknUL8roa
zZi@k(?fI!|Iy5%eo87q(b7^-b)DEr<4}CqVDO9u)q*Qv(;%Ch>WAx>=`Pj__xF+r1
zxD}A;$z=EwleSTMane)y>pr|%G4Y3_$(}CeS%`Fo#{UrKUEY>#NX<6PYr)-sIj5gl
zM*$B@Buhz+DaT{fZOI$ZcEb%W%#7=k6GKk0ZzctOaAoOFa4(}U2hmTE@ObS!o|Lr{
zb(B!T*$5hPMsey=LMjSjdSxZ%-`J~7or*Pg@V|qQIvAu&q@~gbAOB7hm_mlE+-Yln
zJ$<Eq(~Jpr%+$IwB*Lq)n5~j5d5MyQz}2dzbb9D~qvJ>+AsMPgUAkYLl+d6k<k3Ks
zj2b*>^p<PfOMkw-589&sX?x#^ee>{#uO+miTnuAeF<DTOprZULK$%Oy@_^Usu*-xa
zof62(I;F_7jR*kIU}3r$)YPWZ)JHYU1Hf?PaC@6zoYLa)C*l5`F5&)~`aJO3FmYzV
zYvPI&x~L@QxHa+Ny*B}=EoX?SInwcuNw?&!f~+8i(X2raj<6mGtPGx|S}=wlaYUL^
zeTDH92=vfy3?cbQR`;N)wcyD-p|LWJFEH~oZRd`6<?{poI%rTH)YzCKiC}{R$SN@I
zteqK+V}gqr+SbTo@VCKvLk_WFaPg{1RYDx58w?71{}M$3s3KMH?D(h%BQXRLZFEAZ
zp&1o-P<fz}q+iAIQ(OFWqT~tij#Pkt8WSp%QmBwRX-dgr4cGvjq&2*fa>^>o;(_<j
zDtcG{YB7OM$?m->CGCW@PJ4JlWa$=NN$+~PSJkti0@*7L3Q;a1Ojc%bHMyLW_z^X}
zdH}2Z<2q7Fu`ndl`S|m+*d1-(>>LNwpOV<w#tZ}rNM=EUJ}~tS%Y9V|@fT+CBL&(4
zOfE>tXhaFcBO;8wpvc<cK^P`DwKq&~rI4_iLtJDmnG?~UpZ+(8aD#1^u;yS1?a|{Q
zc;IA)ft>guZZg<m>&3HV3<+sbN-`zMJ{*uFx#nVs?A#@GfGlW8nUj7?#m>xo;&vPG
zzv}?ZaWyIFM5M{IVxQyUHrjUj!lml1TDFVziRf|rG4*i-T3k%fU<qx3WHwgm{Y4Vy
zIQ^9)LK-Lw3>D4DSq($DiKz%dE4Q%6`Zqwwd)&<iu|fi&&Tb7ok&n!1(?Z2Nbp3tX
z=>3%j$9dKcv&nGU8K6mJ0Ea;vCCyHBsDE9klI?X37zLq?GbG}ENew+m?~bWzP{^_0
z^@p&^4>Ap#!Wabm1eTA@6;^|mZGipQgQCmiOL8M$Qh))OGv|=XJOl6aO4uz1Wb_u%
z=7MoM5z-FvYx<)Xlg}NwyW6>S{92%O^wOk0ju)E#U75djLOA-@{KE$~84m2r4O(c-
z;?|@cSfraI%%G+1=g@~3qZH0lK^mN$PLqCeu%wBmAxuuS#>Al%(n>L-V)qb%h<5IA
zXn8szP%tlf8Cp1dIE&8Gt6j|RN+s+(cwTApA?rT);_ns^rHPwEbKu31^X$Yvq)|!-
za|Ax#E|3jW6V_uj=l%>q%!*3a;-jHFIP2BcW(JJO=P)#7qh@dpaVgvIk|SjdMp~4p
z)$yYPDYG(K_nCr+D8(VW+MEZjKK4m2F73$Ne>X_gl{lJ32zC=8aB**R!)`doQ!^o2
z*iQOMZlD$|M?=2Z4PuKyTpuTd%+~GLOuTVqY7jABF%9HlkuQKhig-;soyL(AIbH5l
zj+w5ZZp35ma!KT}NNaiuXobDy&lAnGKy>vr8+m42I>AVxNQY02Gy&I2GZVlvF;6>U
zs$6N7%Outg-Sx*#pamPnUX_QCb08bnu5ERk*+v2-l?7WMg(^uoBhxZ4<5c)TnIxR9
zvO*MSf@@Iu;MGnQw+B;o?kbD8hb*m`t$taNuE2;rnzPU%n+A2fG!xVX8q%cH{~%Sx
zeKDSOS{7?{f+&xT`<8k3@@H;<Zjdn1$?bopel{OUg>amtm0HMqmMraGD_UW8qb^m-
zXjZot_r*?eMblY}>KPqXOBo*+CMgcfai}B(4eq%`l7iG?{864_lPR!gg#U%A<|+X@
zCDI*T*XMi7s?scV<#QxS<Ees~XoMm&aFNrAtSng=^Gc8N-*S|{jAP^IDb2yYU<sii
zBwK+x=Taj-S#DP-(dE}oc8RfVa`|Yh3IM;AXS%snVww$|NhH!lRz8oZFUDP|OFq%P
zoTZH(-(|8!$u4XUmrdq3nH8oiu{D!%g9z{A9Cvr|fRO)1Q7<%ISO&D?kfIpGJqj*v
zk4c_Xno$F93VgT*MGZw(j;1OD`XS=dt{;XWBkHM~MAT8`Dlv*cIjmTXfeRFRb3q&b
z+FTc^5L=hFrm*~q4?3T7k32WOj+9NH0$KMrPMcZ1F5@lz#Z&IFH$I7ARcSIE^dr-l
zrY4QpJXx5PRQLCMJ2y8dJ4g;ur$jFeR#A1C6SMW=Y^-2X(F5V+;QES5PpN_Zo3&sm
zFo#H+T1UyC%)xC}+uk71)^37|No{+!#0%@J^y8W97<0jALMaT@$cYUEyE+y0XYLIg
z@GV#uD5oh|xe%F({vepSicPDRcIa~;uZ0!=%x49D%oa1C1S%e%1#(JiO1}!uD62au
zpcq_|(DkHYVI>_EwVC~r95<Z0l-QcgBb~I=U6+cb&;w#Pp;;(#B`=ADM$?%-h8F2G
z-32y^wRD`={grLXESZTMz1Xza*&N3Y7LCgsP^i)6B>k({;5S;===TB6iW$NdsxVDE
z?02`ZTo=kcALT@dCYVE}W_mpD3``s5l!SFhf5br|wX$)27GN+{19RJdWjyxDZsyQ_
zI`Rya!I!4wfnM4(*t#`#S)_-ksSDIJD3^)In)H1G%<A%YpTW8~c?GU5H;{_}#eC*L
zZHhRT$yLNU>>1>h68lypIzMzu)eq9W+U9t)Zl}-5ed5g;&xgI$%UuB<!;}{e?(l3^
zLbVMwc<taLTZdNN62JIarnNV@4X!V~y|=XppU|6k)}d?pakY`w9ZA%;8%i()z>$zc
zVQofygk#%nHfc8J#W_bOOoiVu;Jvkt!;)XvQdq_82#94YfRX(;gN+O&@lBg5-xh5w
zek6;X$i;Iha=N(=McU{C4UO5v3^ozTN=OK|Go3bwO7c&E41>0KnzT+a`XZVW)OuP4
zvpAnj)1|q2{95$#=S({P{kI{1Ztf7Mu9VSveS6XVmBHGJ5;i*b!K`wvVT^BS)8xhV
zkf;2@EICXGW#tna>Jnm(k*r3v3jAe>S2Q$rBs(mqF0PgmVG7NeiKkE)pEBGbcSd4j
zbCHi^E>nM(8-l6;DJvZLl-z|U?<n%|RO%wsv#WN5MG0EDq7bJ}U0MN0swm?38N4Xp
zta!+GE(*90d#+Q+Y!CfRZ+XRE&OM}-N*|O{mO_Llc1tbCkR_E}#h^B_9l46Ee5r^*
zt!L&=wRD#H;Bql@qfDOGB%Y8VdU-hbWa1Cx-aamD1*dn@6N)kHlJYVsx8jsQUO5C<
zNT6OAXDv#$0UgV?51|AfsgzzIB6*Kx7t`^Cs%)4{>uTi?T)@u5047^k#pf{+==|Ge
zh0#<sn&p><zB;Ig0;-O$aJSxtztm}5;Q^cG!w^~HO2_PM_Ru{xZ^PG<S#FZC)kina
zi2_%grc}SrR3=);>*o;$uWg*<?GN;Yx&}&Q&&rFo?kHYG)E=`GE-81QgHHod7k61z
z<ond5l2?PeHa_Cmy$|@wDm?4BkDMk#8~6!WH~4<7qF{dJP@g<_s~iXiG6vpRWcaVV
z8XGd85HP@G1Ifg*kszG`>qFnddijVvM2z#*WTIJWqN0gP^@}?KNES{mr>&1J3xw|M
z<wV6AI*U{@P&U?TH+si$z~Y<B;o#+|lsA*?TL`ui=7lPeVP*{sDJu+VrA2g%8%STo
z5-+p>+?B$bsK||Z3o?l5ZqkU$vv;pIWXnkPT$r0o3h9~k==-9A=r&%R)tcn8p>TaD
zQuVhS*esNfNWLTNz4Ifq%*vHCC<30VD>3T5ye!L7fN9J$6der5v&gf9W1VTVf*Euv
zyX=1WH&HA24WI1IWon{Z;kQHZg6_x-`8eAc5DPOtfwJCzKFF}Mnc9cHzh={z1<QQ8
zLn2B9G{}}gt}(B0m~+XHiD{5Uix*oZ(z^$Z$aos|+XW1CifBuSU$Do_(+dF-K#9;0
zoB_EmKRy~0#MalX@}=VqD7KHXoZJM{(>U>SLi>2a9i7dUl=Sgo=wp{7g$9HnW9Dfi
z!H6yP8XJ<M(osWuMRRU<xm$cWH<TBqoMF`Q)hWBW*7KaI2aA~BS3*x<PdUDr0KkcW
zgSl2e8}WH#PLvCSZ&d_%LItg79V;|r2xZVArwvgWG}KHm&4vu>=lNqoGsle(T2(#v
zFM@L8nq*kaug^MjDL8XL5cjEyrW0ZQWR&xucu}r?hHKC_30@3}d9^2a#$cFeP&L8$
z@pJEEKL6ZvAn0GG*)?l4*aQ74NI;b>cLQ$Tc52XH?9%Rdu4W#EJ4m@|NWe{pU`}h2
z=lgtda<&YDS9-kctkjONB`dOv#@W#}u;1GSX~Y)azLTX%y_PzXl1y;mi}W#Df3+eZ
zY5VjPh^%h*ikhOIa8he_Xz6N;2R=+BRok2{dKs0AzYM^I80&{}&xQ7OD07iX-;FAx
zq@@?mh}cGyw+y@N%e#(KdScehWEP`Lmr;(TzA^1%M!hr5mmabvwM;i#MV^YOijstt
zU)9(g*Y@^g_~Z~dHcKaJoUV`E9ndAsc~9}7hZ4B7hv|#_{o)FYl;E$PG8MWP<dCO+
z?UI5w0-X*+O7P-ncq3R=VA1Q+aa1ve`@^zbr%*Udu<GvA{-$O+$lo=8)m(5Y4?EU=
zGWTL#<s7M&74wpMKFOU>!b{qV&ltM1LZhLyMO(&>x)4qw5PruSGdpfyZapN;>`2T}
zKGh!ly}~;#wD~RD>|`h$DH*Qy(;zuvOJ{J(ZYpy!RrLtWTa8aGrPVjH;yqB4^JD*&
zi&x0};hMYmq0KA&Rf;sZVt*HZy}ZLdREocQ{#610%OKAi{u2Mt?C(<ZTJ$5|_dR@(
zo_v-F>pP+!P_**(oUG6P&ad$Q>jk*bM8O&c006X*f&w7^>jl^vTH2|Y+B(?$>j?Z$
z7vQSL(|wC$k^SS>2TG@Jj#p1Bsl{tT=hYi!OERU^#J$8NO)j5BL<q?yN(H&Z^gZ+a
z<`o6t50R)+^a;mP&bb0fT9uIDr)uF{->;Cxsec9&k#YAU)O8Gv^`IUuUKD#N<LZ4v
zOr%}vU9oLal2ObFyPF2Bx?J>$SA!0x%7h5BS;8OjQDj){5|=5M@82tw0-uq2+9GX#
zgk(kGa4V`(rZ0IPJY?wV^`MX6SA7V==3rZElZ*rfb{JJ+<B_Zf@Vvluj<87#l5?yq
zTSZ~<v>Gf}802S$m5d<PpqJUXy{p?V=)&KJO|tc2V<W_5&u7c9phAdOSRw9J8=(RZ
zvrHBI$*4fBDt$y>i&!_k!l+L*QeYeFReX&m&p-UKgD_hv<JwF0<ldj8<xzb;q@nL=
zq>Lja$da>iWAzC$5n2MiTS8ofREmkF1(0SihR!<8HQXkMW`%uqCa5Df<Mpg9>x?yr
z)=EC%vZ{<KML)ViXUKvo=4b;{DN!|ug8uTbk8!f~LQ!yu{>A4JRKy~fN|BPckx^h}
zjDIKUvc_isltTM{AN)If5H~aF>0@<<kftfh`B8<{>s#7B17SLtFeE5QjpF<`WCs-*
zA}|0&0Zai$afA?wu@v_$+x96ZcmF*4y8Hjufs}oBk3OPQ>soqzA1{Zx@St7znZhV4
zk8MsDK?yG*GD2D@kFaDg)+?l+p{+!M!A?e)$`^S;oY{cKPcU7xmA?xZtJS(s3J6n(
z)OV05Pv3k-&(6k&WwwlwVYR$`nO<L~S7-@zh3k+vHk{IfE4pf~3Y>m~IjU0z1*93y
zVw2X94<A#_&g-oWc1Fp%@>?!Tvj=f<K^2D!KNy8oS(}}Wk{DaX=f~l@w|0z?jrhjC
zk!9b`29S8K%Xw5$g)F}Rozbe)sp5ppxus<_Dx>Kr&CBo0q*gL{Un;e;U;AvltZHJf
z@J;wu{OjClF1@pb%dMsDL>kwUHhbn^(je?!VbleBjIX#;<hx@IZsKou#-&Iz#KYeg
zdGzJYP^h8TtnxYoim8wbM41{8;9CTdvQMK`AbJSpNS1*?2Gu31N_m53llx<gTv+DK
z_ijeu>ApvvH1aOcbE@&=D?L@KJuB96+yc^$Ji*F&s&{cQT#!I0Fm+St-)#~;P`U97
z3&8_3&3~}$tc)|q#2D*cg_MljY3wkedSHPy1S)>v{2^8chNT#%E?s5)EV<H>rKo$v
zp{r!gK1WkWn!2i{AGT`L5%*<aecb6UjZ%G>AN8Go0-)>o>aq*-xsxw<17JGF$HjHN
zW)0j@0aHajvQ!L3m&bBf;IYZUXPL4hSggbQ0`-u76a(`EId0r5jj~m;I*lr%Ok4)~
zj&l;IX~8c0yi0;n)K6K-O$gO2(y9390GQYnDsnwyrs1v3gs71v)-oPzS<#Aw=Sb@#
z4um`0$3?+1DX?T`h@Rc`1qiv=8N{L~X5*H(vQrH}Ta@BL6A9(s(FpkiL_O}gQ%iPc
z$J%lem2%v!#jjd50>!5qeKIOQyNWH<SCPXa2Z_n@L7p*uZs+Q{BdhFdwNq;+>Au96
zsOMh2wYH-|W4gMd6?C(zbV(=gxlGSqH5sX8Q*m4(;n1g3lfxDlC0^d{<>lkE+}~oA
zbF;e2a8p*n*K)Jk%6d~~MAUP$nm5p%9acKssVzUh<7KsTLJ9tSQQ)P;M@2<`T%l20
zc|uf~PcibK*dl{v+OklQa^%w1+j&z~`JYK!N!NLXL|xbO^`#wE8q=j6v7kG4rE7XQ
zPL4{Pq-#L5IIs>KT#8lkdIfGS8Y&aVHM?9~JhcZxc~>m!nO)R{@}-@zc4u}}<WuLC
z2UzF-1mc}i&?Ww#$(6c;YGviKQK?onI=1-OztS<?prfY3?5h^*{24yKS-9xTF8f&S
z^lm2IksTB9+Tq>o{g)JF(+wW^*^T3Wxujb4m90t^Lx7;h$I1V@WTg_u*Pn0h|F^LF
ze+zg2Utu1}*^T6X!j&u~^4I~z1~q#e)OdNhsSznw2@_g5cX_q79hQ~y)tzM8b2~1w
z#mk$C7gu&v=}gyG7D0D;<$qP!sH28`j=&j{hr9P~Sz@ihR8q;;a+hywF_ReiFGyc7
z>oAu8$|l7*!J#N;pSv#!ni`z^_Fjn8b&N_{({3lB=<oF@;;9WCuA*bYppcS3Fi8k2
zzro6}(498WJDLn9cW2pGqZ0Kzy5M+!+^j>XW(~+y-2hxqVW>Jx*zxm()lG}6%|*v#
zamQTWP<lw&1xAj!;SrRAHJwa_+9G8Y?9~ud{cR*$Sv>;AiG>n>FZruNS&ga`8#*ll
zNgX#pc_Cjnu*K9|dPEcq#t$s5O_kSZ?T}O%OD<74z*AX(#2&TcCri1y0!E1k8|S!C
z+!$ue>H)jj%JN*kwr`ucwdj~A7@Qy2LyP)f*c1Ds$R*1Lc`6DU{7|lqMdGGC_|*f}
z^&O>^{5@dyQ)g*$(J)wFFg13S9+Q6tB+c0K2ui`Ahp@|)IN|<hzi{NrzN^Nr(sI6D
zaGRNz^oS@JtRGx!8w-!=+CIq<wtRw8u&0t>sTb0PiD>*JF{@hent{KxvcDJXZW<sR
zE;=U58>Ys-(tS$705SF~Caiy3Bxm&9)3d+c@%g1Z`qR@$d8(jpE#-*RZwAU`Fcn?i
zzk|{sYw<I7sL81)?-i}@%c*_ai2KP@&qcv0NwQ%TY+PARI-&d|S6x)Nv}&lzfr)}u
zx<qf#A|075_=A&({G77y$2FnWMzX>3pMX}dvE@HO>e1$Y1dBvNSzeI6m@eguq^&~D
zVVD;W2dT%r`l4iOE9pep0YR$CC1g@<c^Zv;CEm)!{l0}l4e~ZU-Vs>4*P3I)DnAi9
zM#Z2N*Tm}owkH;BjQ!7EQr8wH?#_{?M*UBDvW>BHlI)Nm)dU`?#0y1>iRYwXFwViz
zPo!~Ol}dDrSHd4Lt_eI_$wo^K3DS)tkO{p1z8Dz~HujBtvfNOtVm;zTEU~8eZ<D>X
zZ9-76N)oSR!j+`e#6yZf5l{yIu4I9dEcr&VZ7dk&e-=w16M1F-EF`gF0b?FVMhogt
z<UhnqD$=mOjdVHj3}A}=^GlMi&Ra>cgMwYSL!B1Y3UmDG`jg=<#NV3t=+Wcri_qj#
zj|3A{;!=!+c?Z6Gi(Vp=+?o`2S2ePOLR}VRw<Ao~BO_}yuG`~LOO<$Ts!JkPkaciW
z;#Uq4Ij^a!gbGfSrQEH(8&GIUlI<4FXg2jQX>}WLtMe#)Rcq1YQJ5%RCM^3RtjS9}
zc>19TF95XoN?qDo@udfZLR@koFdP8_v-^3~abYy}L9p)+U45L4tU{nPeBRbhb|vB7
zQsLDy$%p*^ZoGG*t{ZOZyKwL(Is7JmS^$0qdyAkl=KJG{2bF)93euHthyqF?A+(6x
zot+sfNEFtsn9#<?C?|+XR$r<tT49ma@(GjHl2KL?a0R}a{F`b2n^9Y8NXYpblBMq_
zT1r2jfh=dAI?~nVw>fkZO=M$3O~CfGK0<v@VCF^NEbC!NkFSXTh4v*BJ;9>&NsEAd
z9)Yh)t7b*4spnvv;3ZY2FNI-iu|j`<CRX++-1&a%)<Y>V$YIpC=*i_LhIA{w1-)XX
z%0$pLUF+O}`g+bk9w6dUISTdKjK&*6W1k6PkOyrZ|2aP6QM<WINJlRB)Pv~l(`h9u
zV<apS^$l!&^LEcf!?R@?F@87(M=G%?I@s`eqBAE&hB!JYKV+|R=A!#j{alJ=T){Pk
zylZ$T$TigR)jgeK={!eY&`Fv31?vShDgx!7iAS8x*GId&YL*T^gJQzrJyeN4S*k!B
zn`s#AM<-Y%j-63&JXSdP+m~$RZO1%?u_TVL=2Mk{ceX|?cq#5>cLvNABLl`%n3mRR
z{(jl^iDgP`<W(X@z8q6HP>Z-eSa*g2KS9`q|MS4G`m-|@gR=t7e#^B|*R=NhQx2}}
zNu&IABdpoMa8qYxC7a7?b**`%he`c<z4f=**YBeu4t3Luz3~G*S^VTWd#kR8Np-hp
zE#(5A+4U>2b=S(BedqO>KA%-~K@Lyr$@RNzE35VFGVH7E<N5JZ{Of$V_q-MFj~%_`
z<<8o~+T4X_9~+PD4qN#3qgm;WH7s|}l;&ltU(qrj%ZEMxk5j4p<hA=M?{YN1zlF}y
z$5rP?`1i?@_e+a*p+2AMbY08q>qYtK&U1TVWy`~aYOOL^K3;S7R`_}P9DdB|)}Fk!
z`-xS#c3mqSoq4Wi&&x@JZbzrBaL>w1&2IZe%Y}NIepv2StM3l&qdPu6efjmHSF!5?
zj+-6-Chlg=Kh^c+<KL@~oOIARp4x}ADf-<NZFGISI=k@Z=hmTKpBtWCmp%R}bXl)w
z4SvPlUdp4#HG;M{n$LzE?9FTW>oK{uABv0P=JC#g8t&-6&+XRDHsLN|&|G!iy*B<$
zc=fg+!_Sw-gZa(#Z@aeV);=8m+*mZ;_mjUnmx&*49A93FWj(v;P^YEtoYKVPreqc{
z^Mrko?gDf3H`9}R9Tq(=#!ELG*K{TTbCC~Ldww;#JFQ{YV^be1|ElwHB;Lgv+=}=N
zy}|MH(1}O7gV@aZ6vdW$OX4rb4ZeHd{jKM`ezPOEp<U_UJEN64Tf;Y1wpS~by-HnR
z{YPf6MR}3=X-WC^mF{v)x8m0o%kzl~eF(gu+;^A8ovt?kPo{5rGVW$<>8=A;S~$A5
z_qxyb5yCi2>C=~szIbm6SBt)lZWDg(^f~<b>}6+u4?VZ_;StBCZ`IdA$LX!E+55Jw
zL>kcv`RIp!!8wNB#0ERty^8Uq>9&J0FT(@``r7*tTG0+MHYU<^)<b6_I2hZANdvH;
zhn<Y@6XLRp8ypXZAQ}l-GsB9jK?8CJBWpB4&NV0k`4nCe7n4iSDfI3l`$v|(s1Kgi
zn4{zaL2V0|t9eA}$X-Px5FKKRss*7V9OKd={vyh(I;8OLyDFfrODCww!2x0Xj7|W+
z2!I(=NlZN-iH-hpNs@OJ0+?yExQHvo9D})qy$J&}nggiI4sF3I>=9`rP>{ituFw+@
z5j?Whtcf8TF&RA+-WO<Qm>5)q=6a*1pqh)_dZ#KtoXMNmPwsfp&3MeWevPGhnk6y?
zQqT;shqk~>Hd<p0cTp2i`nxM~FC`XfXK2oTe^CbIc|1U0Akwk3LYNX17dMC)CgUwB
zG<q%_yy%}DWMoEM`StPo?q%d;m<UN1$}ToMCD2BVQHKh|fvEH>L>sDN$W}4CjYHJK
zTM?o1P=Zhu?79^&EIg)W@+}B?gV4wpAPJDlq;w#nG^I^&(hDJiE227Z3PEpVBQ#ZD
zH@a@Oqr40<RmiRI{S~M@jaEq&7kS3`bQ%<C=CJYMRfuJe5Z90%hpRY&1kfoN6%bMu
zbEUQdiDZf}NWr`EWvqK9@Yb?IK1>WU&SBu_3<*{g>=({%L`E7e#8#T*mv_9zebF}d
z%0pr!AsMR*6~{;lz%g)eA=nHf8HnZIc-cTw2qylASEEAmIykuby(~tPI-rZYNfM3k
zu7IDk@55B1jA7r2=dEv0tan_NMc*TfZ1t!cUU&#FLVx!x6(0d_CK1=YRn^#vGy59L
z!zDk+9!41wMp?QN=^diK!zB*n0XP~0RA_@(%x^8g669z$81n+mW%EHX<~bNJRN^Xa
z;|fN_pnhWjt1K=K`;lXnadijqa5>%(QVYaq^TWxA7!nr4X7lgSoBVg%3>ivsv4izn
zPqAi+Es?%}m`Du^j+Q^O&VKxTQFEZ$V0L4X6BwEF_2)Cwv!Q2IaY<$-lE-FK3@1~a
zfUSIk^Sva>3GS3>+cDS%5%E~_u}$|6*qO8=QOWkeIX+24@@!%`I#Ucsb6t^i%jZOU
z%{dL==QT$sx>dw8sr7((-i4Wb*vYz?)|f9}p6tsWy{bxoN4xGH=r%kGk=TZd{Rz`E
zC+OyUfIZVqm{f#Vk`e8775Eh3YjV7sCYX{tf}hMX(+u$e89u>_5Ze33P4DLd4dV!T
zK7Z4Gqkn=kc=3#r`H+^2jh)y=;l1zf(#`;ekX-TO<fqkPIL@`SeDm5^9v{QnAFFl=
z{3n#3!`hvxb_whwm0!a&lArAonpB+M|E;d{O!%eysqLw}LMzt`+9}K4VjnK4znX0^
zUyJm0yuc{cYuYW%zGWY=NeJ?^RieYf#FJxbVu3>FZiD_K)+tc1Z{&XRzp}sZMq!qP
zKQN#qK?Oo@P<&h!N_2JQEy6ZATV;?w)5TTWfTIrt&5#0yJS%==Vm+<^<|`|}HgJ7&
zm4bk{SHUDAWob~FWMzPMtq-^`R-hnD_JF!gKwPIBnawHa^QqA9dO*k08i3Dt3AQ3`
zKCl4GKz2EjWV089!6F3F3E}C22o7N={S~hsjqn1KWErma;Bcu}Z2g5uYIDP#I=UwN
zU+hfCG11YmluNd<TgfwB@i0r4RxWN~DmIAGaT9nXn|l!?Ikoj?FrwhcX>P$XgLkre
zmSchMcmr8ULDoI{y^XX-M<5{s`?TsP^cz*gmBug~<*QfQC1{M4vwQ_yH&nL_&~FS4
zsuM%68CLD`tX6^D#gOZXGbddQj41(wAyd4zdV~zOU(}^!*D?{DWiX?~7PqMZ&Wo{6
z1Cgov-5{a)G0EI5Tk<twV3K_Zd6v8n29fV@)#3RC4Y=B&?vl2InF5+w(ST(WQ??|P
z%G_ls*(i(Ynq~cQHal-go*Npn$#SGvj?yu*7^M^Ux4%-g?gqe&wss{~S|*LdSYyv=
zNx2J6;v?|Zg$oOqZ3bQt8axf5IO@VP7)m`RoTkp`!ZmS~H(2QKuyzuzHBK=F!NBwV
z!N8WB-k|9y%um$oCA?i4fRPuhPu2A_-u&+fXL0d7#gb4A9sTff6g*w_Ile}KoWU#~
zs6B|IjJK%l(TXRt=J3H&Md4&%ajdWd)MM-6v?gazfWeq6sw~VlYj<>Xq-nU($_xX-
zNVYRjZLU7t^j4Ss2r#+b_B=FadJFEkV`VE2`4)n0+!N=6Tm@*b)FvhtP71*~BXjxu
z{&bo(DMVdEiJ(JjLR#iW#FR(IOF=k}J8W)(_b|isUIiM&#jB!X2Yabf_f+jc{UZ_c
zO8U*sT_TK4)!bdgO+^XvjKNRj84Z<&RU29YN$sg>cQ?Y<j`}HUt)`eCA6TM)6zg(Y
z6Q4;TB}!>>9tV9}N=l4+zgiBN(!s7-9QtnilBA%2;93sKx({=?ZGfx4?mY8P?3(57
z((7y{^>=%=c$-c?K(coclWOymBOgEYOCA4inGuVd|CK`-#tm^q-mP<i5=A4zBEM-D
z+&B7cCl*&c`S8|O;d7LCmXQ+&n$_%za3lyq)-c32!y$)b?KG^w!lYhJ;V+@i+DMKx
z)RHvK$3AMP9irn+qP>%mO_VAA$o(Z)O3)(inqx<m<rpCO(Y`|BAd_zvp3IQd;1U}K
zWG|w2{Ki!AwgfT3h3e4y4eHg?)Tl4ko`paiwqg=s#m>s!e!o5Z67G~ds5t8~u^TW!
zaQ@^Jk=@?!pg_Mo%hWJ85HZ{!&ur&DDQ30h)7@5>qDkJr2UTRbtJ4K&7-v=<fuN7p
z5RqYI@$PnD?*f2uUJleY0^rvLLFKf)4j6H~>|AHH(-PVZQvMvYO_z@50PBO4YM*kV
za-4SIDVq$l2<UB4<<wZmq1#U24JCj{hO6u~C3=cjxm!{)u(;r&&_HC!#V+x=QOd?G
ztLWV6?f>1O0-Y_)y;cGgCvBAu9B9?<69~!?U39|^#-_<0^lIxr-X|`z$G{r+5G$kU
z<t>UA*<m6~(dE+^UT$bL6+%f45cJxjrao2KYdzneg^!-8louSu&2;<?-vBk8w{5Nc
z<2$2pqam#x!?+UO>-)F$v#Ba8q#*^iwWAasM|Ot^Qsgx1VW9q-F|Jh@TJ6@5d@2u;
z(};`bm9yO@vw%@eOohBJaU)GVCajZ;Xtl?}eGZ`einNPgX;}^OU>AFfTv+Q`TiXsz
zZ%B<&<IMMi1ck(dk5BgXu86gSFyx|Pb=xPhn~e+QK=;qgaY*O$$oVh}m<lnw%DaWt
zoCBTntWVEf<@702yX%|z7V<bVCR5&o-73lJ=*~-N;eMn80XXuO8#{oz37B|pTXo4{
zfjIijALWgz$IDJ|*<Z&+SZ#D(=?k}P;l+kLNt>4U6mJn*ec^Wos|@uyW9NsM)j(U}
zQs7Qst&AOa^Y50J%1b=4zjHSBZVZa~<rrV#9qcp#clRx{_HfG)P0n+{C41vnLU@iH
z{m?=Jwtm4=##6l6Xh+NaiECwLn94;jF|S}NxXzh86&<DqLSmiX#h6Rfi1f~vM$8il
z-blcQKR9QJhQC@=?G{?hbHuj1DYgbh5TL>9R~(#airo2?G(v?$Y}C+yRbQHu&86H8
z%@lnb%uCE*cCg!<x?s9?OLijzE2`~<B+<Oyyoyla7I!VTRCBzGOM+=(h754F8o*ly
z&Rr6BY3|r!?e;A+L$c{xJ5!RPsz;r8y!}7J@fnb6Lw<ta91&PuzJ6sy&;!%;lB8c%
zzs%2lE=nByIwP}qQm!*$EHC|G731E$J?_R2f0EB&AjPF_hge@NMa(5Q*uC(%OrmBJ
z<jQ)Ru^db+s2&C}LW=m>yC=jYJp>V^e-FfcL3u$neF3eg1>PC6dX3jthg&;!vIVX(
zQ^=e+bczSbM1{WxRMgnZygzr%$#bB&gjHbs!er4+0{yq;Z%e!hxP;@%3tkh!-FcA@
zx_D=TBq+ch^+1S*1X5D^?d$3b)-Y4By^dUA*GOSH!(WGF=bdz00+esV#gqF%1F+tY
z{hWx_3YgjLI_iYE5#>b2Q4ftD+v<Pexq>-p3*GG=)*Np*&tOJ6Z{9@qJr)8$w$1l2
z7(?jyj}D1<Z|#6+K>R+V;JkwFu!QP_VlQ8p9JD#^7H8(&zA5H0A9ARCf>RwF_9v<H
zjKnF#bD;w>MB*mtBIHmOTY}_^q4-WHIlPcC=PdpVK;Oq|-C@aq2vLD(1NVZ9Ud>;n
z8x4^61QA!1hHs1r@05XWjxc8VUm2<mM?k?h=Iudn3G>k-?adzrlrg-t&-KdD^3r<D
zx#a=30R2GgAK<?N+e|ND#>buXTsi3jx{wW#hLQu@^@DTy_Nn3V&Ye!rD-3^0vk%4Y
z$;8YW;M{%3;i89pLHi}5^Bf3)rwmfJ3sE~zqLygn0E+5yAu>WuHz`3Vb-A?ZEHkq0
zP@;=r|2BM*#OtxO-8d#X{JGezd;dctvt0SnA0#>mZm1TzOOf9V<Xa|3vGTh#7kYKL
zh=W<R!U)Ud+SO<L36&0g)-~0==C9M^e##^1Pbff3FXB=JfGF)A2x`@Sj+cN@^fPt?
zy1Ss%`{V3CO^R?-JJ*Yek)o?zjFH@vKX7xv49xXC{7ZH1bEq+UoOAf|^p~km61uFp
z|Mm^`&s5***TV9fz)d5GcVPU@yw84uGDK2C^8>lX{wRC@xgFzMLl>a9G-oiw4gDe_
z{mH}S6${diOB31d?p-ju#d^p&o$mMT-=t64m|mQ~wF4PK?1FUKFT(mTh$OVe-Owa5
zti>FpB;*f*e$PwvF%V+CPc>@7PZa&OkUdXi;qG^czmcH&$Zl_xMAc&KvpU17??j3Y
z0Y<aZV5|IuH_*}TdS2raXSMPS;3XX}Cu4X_+uUyeVM*}~US}kFrbrTK=g7_0S)clT
zS8mUa5YmEsb?d9orkbUJ$)?=)O`q011MY|P3z1L*%9Q0W1IY;Sv3nQo9U43cLOjlA
zxMeZp804b8Ql6g*MKe6_O5lB?BU=GWoB(v*O(E6`TU3CO10G86K(x|;ZMtO!{)v5q
zP_Fb`mJN!%p^0wNG0;<YX;il~5RFZSt>_?YlA4c;e0XGmZ%znj3LaFwLggo{@~qG|
zEK}s!rJ}DvW!PgpUAc&J%#ilweq%5_xtoUBUAb9x8*Ue{8E<VQPbq=Pi=L5mJ<}3!
z8O@qNJm68Zhy?fVwz1xEsUFtVS0ThD*nj+H>CL3I5H4eyYW*@X-YlA?6#afT-KyZ;
zxNNOoQ`!0#%qB8kFE)_~^Qbr6$fibatSzbiXR%Axr4t{o7m|X!1+$3{jGIbp6{8T;
zut^EtUEab5>Pr$-vG=lRc`EuAHs5DTv@12=)a;O9HE`0X-ly$)2{o&JJk2*~X$O`(
z&U!;q!;b_q>3JGyc@B?Xf>v?2_uRFO9h}-5V&%KHjQpmQ`_mW+&)IuhASq-q8fNU;
zN~6ErQs`r~{i>elob#T(;+Ecr(`^s6NxINk-rw!^H|6+c5b5oTLEhxqY#i}qknwLw
z=SF{=iMNUfXDn0G56YR`e~9vNnL4XUr0zgx5F^R`^hC<<@)^dvgj;XwCEVyMiA&(1
zJ2dC%F8b%(Bqg!IoSXxk&NP<Nh7)gSR??=YGzWR@)MT8)M_WVv=n;1rNk!*8tFrmM
zQsq4|*Zd)od<2*D1{M3#7fFS}S03mRJETb@?m%55j~^51jpRwvVLaW(cX81oZa|-b
z9W=MmTwtI#{)Ea}Yfl3MrhmMQ5-0=S+fR78571QjYL5=_S6FUnTxNPO6ilW?oNfB%
zYHXDrJOtWh24yeAD4N>Z-iJIM^c7Xzq4qEjOyc4t?G1M~EU~h1A6Flc+{=dkM4awr
zP80Qkmy?n+w|xwsgv1xxL=^&8vzHZaLS@_#)ES*YwZ72!h`$s~25MY_E>qm1yG3_}
z>Z)#>z>lw<^Rt~l0D8%zA!X;A_w=Ks`B{fiO5K|)eCN-BR?@EcItzlSlq(pCqDA<0
z1ZU3K>vUY-ibvV;jr#=bQ#81~%iLJk|LfIKeIoCQvzyV_`g2y%ut-@YEIDq+9kM7M
zPlB2_p4BFFiZsYt&1|16JTSdL5?U>&@zJJHk3>q|RNm@%yohEaKgZ#MMLbH}mqnSP
zJIw;gjbatX2Qr5`N^@Aa3r_tn779~)=tg5@IdFn4!n>ksQ)O}c^)=&XAhVUZ?i<^P
z$jGY{1j%A-G46@qS7gjX5`N|PHZ`R2>5k9rq(Z;leW}tntGD)<k7skzAamaZZ+bG=
z-d9!0>bhFdVjk;lTC?3|pS|?*eqPL_W^uVQexWaem)d4;*Y`51;`yqlT;)H#d@sJ~
zRlT$0ve(w<v&tgM?P;;F_MB~Jy;)R;{jhhjHg}7EU#|RFw&m5{*;7*Mu1~JdUw!($
zdDrZ^h0{8ho$6M{di9Sb*KU18Dt*qM^?kohrS4L;?P<O$(EofDI?7%)U0&e7q|4uK
ztl5S7y)QHNt?uqs=VQ6A9fg&xPLiv)$YuI?&D+`Gm+ABQGicfS^V{yER_EIFY<9Ni
zxSBn0rjNOuT(rVIt8F!T9aXJW>F@Yqy4h{LxVBC2`TBI{w9Z||u8KOZcYIs8TR8ty
zHP_8$H(fgGq47L6PZrbnd8pg#`gnGC;x4Xk!F@h-JbEno{#NL*oUa&vi+FyP#mwmk
zZ*w(Xjk(!dwDGs#bMJf<S0pbHT?RGY(EQvuZ&~fZUBjWe=so-F{aEnp?7)RzZ%u^>
zTbI9f?W}J7IDNUWX+0gMXS>&lUu+%RU5aMDc<EE+r0<^4#O9>@`^yyw|03H3<Q48>
zrv5xGdftqe?K*1iN&w^`pRD%%Y;bek!fM5*zf}KMovnEM>lc_!v1NLbqxq>zuM`*Y
z`M>kjn<~A@U!2!C9%GL$-ZO?>?%<~Or9ba%)~Z}hA2iv1ZCJKibpd}mn0(jdB<JSk
z<$LzJYV_R;f7UFI7cO;R@B{K*Je#&V-hjLqzL}`GJMra*PTgo=X+J(%e_v*ZV=Sev
zU(dT^{OH{+dbT_NWtqQ*zgoQIF6^)GvN<{DT>q{0TIe`&(6@NgvzJ6CIxZXY*#~lp
zrZ4lCjqO&&c+z~q*_elMBH}D&7x{R`7;RxZL*p;ZzgI1|INJ!x12AzfyBQ%@#56$p
zj~zGr0GcToawM*5LhNB>j3vss?Sb}~MO;iSLB}w^|A&hjDs!p4p-{&L`WF*Hbqin=
zNkw|=V{8_87Hv=&R(SfU3ZUoO0oqw`;0Otn02wXT#H1juhKF27XPLN2QfTuKRSA2B
zaSD6S=HmQc7#f7_(?f71Fg570E<q8sw{buX5j2EuLh}~Hf8h<tkwjkp?oJflNzDA>
z-%ysTSteT`(H;Rjs5E2>#!hR3=?+522au^RECb|83xb6VJ)|Xw!kn5Ht`Ot{H>n^c
zXdd2q8VpoPXpk?NQTYEQpmRoml{*gpX^c2lBK3!*XpV<u0FGRy(drR>$dI{cK`2VL
z-D=nt4jZF+HpDcxO`r)7N~H9lA~dDV@KVdU7Ryu*UI9qW?1W~DtfLth|A%~vrwFn*
zFzi&G<r$g8MySxtU=Sf|6Du4ct|E%X^aCvs{SiP2M^{8lna`2j2_lj$!YGqcVJTgW
zNaw6)g?*mrXP6+w(-;=1DqJ_VV73r(<o{pjGp#tFjJPVs!%*cOk&%#$Ri&z3BqiV|
z7`PBjhLH^9;&-g9KdJC>vqz8S>3C%T@I#w9>`GMtS1%K!+8=#>uTj5S2`0InzQeDp
zPk^{DSgg|?$M#Wbq30BEfZ+I6E;$O`Vh&&w;$o{4O1=FnmQ~hglfIBWEYePfsq7^K
z`dq0kf|HSw_@*C7sR3a%BhW=ih5RoSmc=NFR>FM@6Ax8Ur)XG^s+z#RS4sbuey+g7
zd0+*tC^;PCWO*=s?2whM6MS`Gz=R7XQ_aqHpJTTWIao507#Sy#T@ly-2E=H}gvn(1
zCdeGb9#CmYDWQkfMiH{zl%?1lKWrs2Az}N6@PsX&Z4oyjPI^<iWV^78;;}^&GBS1g
zvq9myKf8d?@n9ebo7kYd#87Si2R&1jgp+aAj!;}3EADNYUxk=;xDL^|&_)w*v2QrK
z>V2F1tPIIL!-t{06(#nrnm^HTDkJ3^kH(PuD0FNAXyE>gH-sKM2}DVfO1o%j)B!Di
z1X6_TBCn9X%SV93)b{NB(*B}<gEM;bj3R7DjotBLABFb>SUUK(1-PA3KNY5BL%6pS
zUi46{3HX1hG!kCqLahmSU!gP+E}HsU7x)}(HxXX=y8aQqO*Su<t@LmI%j(eN;I)Z>
z-^;bOgeQr-`gfC9<I$^KGHZZsOt${7r=1bGVAvRPY{{<fy8_Jte9ay2^Pui3|Gjsa
z{f9pSvkdgJd7;6Z0-_IS6Gc_Z)P@$hNLkD#Vj!30eu%v%!VpLSP@WY(D)DajsHWo<
zZ1&Kt^NgAR_-B75vMgF7hvV1xn%}723#OwhIechal+D{Vm<pg>T9mmt+jM^eggU}B
z0TrJxl!3E14<`Is6BP4}U%aqj7_38l2&{4gnfVk<&OHH2f*%)AfG2~4(m#~h^bcir
z3E#qS{)l)dSoo95<<iC~tQG+;N^UcwHuVnh*z)JBt)rlChRA!A;AEoc8w@xnYYmrh
zcm_C4@BO2e?cDXvD@KTqXhJjr-9e~V68F7AsRbeK6fzXsNWV~kF<*5VX*-z+&N7%!
zr~eOI?*JqF6SR%4ZQHhW);7-C##!68ZQHhO>#Wb(wsGhGe(z1b+}va`$s|3Ko~Qe%
z>aKdKejZ^X_&@=Bkw_=@PQhu0!BIuV19L{taktNRNfZZ_Pvb%4qaM`+zJcQQO!95T
z<AG#C->268E_9Pa4a>tS2+N*Lf{`p|XyYk0$Y&GK{U?PtGz;O{gMEpgIe~pYkv4w)
zTyj~s#GM!!#pzDEjF1)61iidFGa^O7OL2x+a2gEtA>yg*hII%7-y%<mN6DJMqwk2-
z##G#5z``In!?{j*NKbcx*!Fh?Np|aYrL{tR!8a4b>@efY^+ft$U=v=F5TUQ#2Us(M
z^?RWOxC(ABdmWyE?FVAmet$-8L&a};jqKS}ZoS#tm|$C280~5-A$2<ndRY^Ts6zqm
zsHiVY*Xx32wsYyx@RS(@hLMF!hi$TK5Oe)z&LM{3QQvV7cV&IfwlaFmVx;^C-l08Y
z#f3pI@_uurz)>3?pFcDJu80DJF28jeHU0>3gc-qx2Bovj25S87|M=`%Y=;(a2jfpz
z6OBW%qC@kFk<qYlD_QKOp(CbRK-E4+Brjo5ntnV7$QG-qUg=8XH^5jq*k##s4#}u-
z6LK+)y2fm(>ujbXp`TKu(;exZj>c6|3CGH%0rlV^A2j4+KU#;8xP6}mLORc%pE2q?
zetCo1zmE}kszS5nnmUvy-jvi<t|ZRd!O6V1<e4sIN*L+-p5P@vh|~k<UFI~AT9<qN
zH78$UC`Mntz*@Kk+#Y-is3ZF(liCH}*rl?7it*%@0J~_;P_CtELJ3^Dp0i0=BAWT#
zNS@GKA56RGy}TF132S6vo23hvar|RaiHSzHnj|cYGI%yIN>|gtJ{fhlzSujx{<Z7S
zyxS!H^y~Gqnk8%*XWgf_-I{-c0{MsD^$0vFESWj0-U39Gg}77N+4MVpH8#=Hygibn
zy0mXTOxP3G(zt94@}(NKwVHbD5FLVf!YVGB5|2!qDRd?B$ny}Zvy__nIXgfE?=dgG
zS~*wl)yienwICa5e5fv9&VbDgAuId=V^3&HK*hu2PXCYh{pvEfLCS#y<nPzpUoAha
z?VGPG{-~Kn<a-4Nep^Ka*Hq-&$)g%$A|TgB<Zwf1gssE>M@JhnNLXo7h|MZ_vaHl;
z8v5-QC{jT79+xtjCpI;mQy}+Opx!J@GZ}`bztxO;$L;%5nR2O(L-nOloa|+nvK%#n
z=Nnr~=0;JM5)k|-E+7&wSQU<C=`)MRNtINuR3^JKnJK|h{)#*mu>y176D};96Zft(
z63=akC?o@kMBBI&HFgLT<uSL6-}e>1ZWI1ZO=um{JZhZP<rf)1sgwT43QS2qlZgwH
z7P|=1;MpkSl{g0N>Oi5_Va7oz7%jNtPhL1phlqllCR}?xk4u9=^)H0ExC-jyCi1d=
z4a@8!A&9Wz8oO3<^??|@m6>N9nL6X893J6e*6rXX(@djYa*lczsqJpjLk%BTj5bPr
zQ@h?z0=^MFpM`;!@gA>tzR$wKqL)V}Qwh6m<?FlE)>Sub=(&xk<MdZzW=mN(hTqE8
z+<Y%M4S4$mwD#4J=>@e{485dXdWW_hofSe%T<+F%NQllJRon%_1nUx8uk4;k9<iD@
z_whSt-43W~&CpgW0-!98up9pv#ZDry@ln#6{#-zt##F>=QVbYN<nL#DF`so$7BbVw
z+s76<!YZ+6Vi|Hq8ZBwYj3QK?42YSSxZbh1hPN5KyDW<xzSgD(hs6wQIm2b=5a7K$
zR0Xis?m@$EPEbDH_R?G)gngzPM3U?vS2HwYOh~n#BE?do#zg9QyeekPmx<Y9(ruKA
zJC7(%+*62ND+p;^@&-_{tr2E}8y89*Qb2|N_N#h(76)3qA`s8zkFilGZ<VV~7<f9n
zGG*k!c5{6fb@`j#`p6NoSBsp7gqOQ*|06@?%#k${dF864>UFc-gA=FE{LEgPXSftN
zE$0zG9|JkmCu&a8iIV}2AS&urVGyOWz}(`SC;E!tF=LUz>Oj6ls}hwlH8xydlX|_C
za}R@`QWTP1oF^wnj7nRb;qP5j7;bHJO6RIenJu%!DuOxiu|HUM^{D`jKypoo9~0h4
z!Id-e`o$YZ9`Tqpkw!Y_%-y)_FV{<yp&dV*BNfu;Ej7q`B$G&~lQ@3ximMSkEZhEu
zmgf?gCimEA?r}|)HFr1X9IJ2N<i$S}X7+ljh;W-Wcf+g9-zTv5IZJwR*!1y`^Unjc
z=duG|KIKsPgEeR4;6{GV{CR$w02>(k`#vJae3J5+GJ6fw0q+6&`%V6qmt-?4cP9t5
z>J9Hl_T+VBb@=4L+afm(o&?J8O=phv$mt7p_DTMA(>v3zcd2_xoYAWianyB+^3$AW
zj}r1{s_e^S>2sf|`!-GC8!(kOfszn@_YmP;2=`Vi|1`d*UkPRRQa>5;?@>mF$4g&Z
z&V;x<1b~_30%r0~nSGiA75oO5H+Q?avGoBGa`N!WnsbswI&sqEvwZBkP{RoLi*JD6
zJrTG&-gbLY;(t0({%I}s-KoKOTmJDb`wq5JzpoImJlA(N$N4-`7MM#`_)_3~`lw}`
zE&I;%Igdl|xJc<_MP88egB{b)R6s%XU5dFu!w1qbyEch}I}+XOWQPB%mJO`nirFq@
z&d9)`3d}zF5%O=})^JrNMfW@SKb3S6L!4I|rA!39|49tO1bO5X&WFr=JWcksZ}BY)
z*nuP1>QRH5kDMB9ij1k>;AO$E$u_Uz{U=OyCZw#dEpU>^OcH~=<1YVGxa|>Kl7Mde
zA-Ix28-AdZW{f1R{llXaM|STf2}j!#+9uXJ)V`MC$y)-$Hf-mM4Y?bg-;=9;ku@18
zg`;#4s^#dsKO0e>x^r~cVf;TtKMyRcpHSS|xbu)Kx196U^$X9RrJx$#RBGRsf@&SC
z7j^cQ(pi9}z1pEJI_2Zp#%Y6Jz(-{a#-;~X^DAni=>B=;YE>_T=4RVU`YA4h=UY<S
zuB9vM`r|omF0<5v5|RGB(-)8n)_!ym`PTk=fBPc+cDCGc)&{77(wd*HFAguvpStyN
zb6ah*h5+};#p{;Pob97(7i|G0OG2ElHbTFS#a~Cyzb**QNAd*NYXA7S>V6G<-=Fb)
zY}Cv%=J6b_ZhUw>DIZ*WZp|-iy&YDrP$wxMZp>T_Jx-k<ieFsal+|=Owk*}CYh$K0
z%~tDu+^^N@{A(@Pw)9f7(|OW*s@h~6nzh;Ny-t1Wii=BIdiLm9=(Iri)kb)QU?UIs
z*7K8xldI3{RG@jTn#bc2=FNFc6l0uvo5+UerlCH+8-ZQt4dLG?iXPAEJSw}L<hwVk
zctAbj*V;Aw)pOaiahbLsnv0{BiLT;G&d83Bt@hPs!M}pQ*{a-|O~R|Ns?EK6AFp+L
zi>pW9woT7X{n)%&@u=KS$A{}DNuOVMzCBb+dN(p54~t#dB?(C^sB93Y@jJu6^35&W
z%uMrin)N;!{<vkkVzT(3h<dcx39QuGY7adhn0}o<&)9t275&Q<+6;dWvBvZC(2YyH
zhT6dM6w8`)OB5)}0ljhG_O0W#e!0%StXUS=F{_a_SIaY9x=|~VyFj03S1-NUpgzNX
zKdX50N_)CsSpMOO;q}ak+5??m;<rovg{d!ySgLPkD)Dmg=XEO<&_YUo=Xs~sBbZsP
z;)_2gZQ<q!p(afm^D6A(;eE){`NQ_~CQ4rW%>$uT|AL>5f%{W^qvu6?u>`6k!r><k
zt9hXdqA_OX*WdK}2~0ulV_m`s1OyO6%n`m>NJuD>(}JEpMA9JE@18gWg!)>N91W&`
zq5v~lkJKPgKZ>`v8y``ZDM9&1eG}G7#1Wfh)e|0RLO69{NJv6#p_Oo!!`XEUgLDgD
zeh3x@m#B2qBw+&SEg3w`vt1y7OvYJ67NQEf`DK*MB=5xG#?2lD6KU%R%1x92Z&(-9
z!M-0AxmtY3q>YvB&IHXZrS$<5{-u8-OM^mHXWX^daGzoASq;Mk%8+bHd^DxQU|~;B
zG?zlw8m=)Zpd(h_DRoa8qaIGbw|XI4j99xNo<F})rupgf>TcqyxnSxbC-USvTEDg8
z#6xCD3wM9EiYK>k8GiQGy)dEVm;0%$-mc1v?lEkT?lA+QLrvRK{-2vihP2hCYpKh(
zvM6gjkC=ATT+dN3O^vRgsEe0(*5y3S&qOx|<=g!(x21ZHUdF^QXjw%J9uYsqrN)L8
z);j}1ZYMkvWn@-#=TJJ4t>8xUl=O;A%=pRbU8@w$4{#H{ZU~k)%9&ll!>TV3mJ@+V
z^$(pDJv&yqYVJQ7eA`ZuUnA7Ugg7A?FqFZZA<RO5A?#>4AH*|{?gO;M{wYE?23OA$
z^btvtz7nk9^o|O>pbeR>9R_GYHD1=u>-<+}Ggum7zQgYOG))jsf@@9q6*>7(b1nl+
zNLdPui3Hx#;m;E)tz`-9A_q<Y%eyJ&47!sZYI=*P()L`v2<Cf(sc5G(<QH!Dsv0KM
zVNvw5oS8GGJD0vTioo)O02za2t$KgUSBi7341e7e&fdoitL<7%AHUgPOID8IB;*~f
zbt8*XSNpOT&xv9i^`ANfob32eKIV4hIgIEG6C^0qs&vF6?(dMo{MxL=sqP;&Neac(
z<7z~Kl8LDs2ZbCQ>&<1db2*r^DLQ2XiB?<hiEiuaQmHbOn0E3}is;3|*B8H%m0vri
zPr6a|zuZ<B&VY&<S>GvM_&P|nnX*G6Y|QI}7BqC28D0X{gkyb#SVL71yU@ywE4v^;
zgWJF}e_IW=T<`ib`pu(X8bm=Y-|za{y&)iE>q^|>s*|b-+m+WAW*BziN`k>^N@Nkw
zqG#?BM|2JIQti6$F`(F=!)`Tg@$vf=bgf!S(Wa(b{bT+c`M=j9YBAR^QrOYR;O5!m
z0l%<qfTF{P+*Rs7MMtvkD{I03t?2mI1+3rLY|MZqtLWw`VJ1eLX9RJkz+|jEq|(&l
zPv$^dv-{@r7`>-R3b+-)ye?L+Q8^mAA2r8RGfD~4nC@j`URRNmqdy$gp|7U0g)2`;
zA%ALex~#9a-uS_3mpph8aXKIt&vo}oA5=e>je{f5IE8+E8jS;9DGZ^}j%O#fCZg*5
z@2us|i>E_8XpT==>Q%6?^6h@?Un;Ey9n`$=df9%GoSb;*Qz>jt!WPw!dGTxcn2E5Q
zkFwRQ_44(XPI8ay2_E<nGMJqEkxqn|q6_uu$wnXIpFQyn`N>8W&+dEMuD}>a7T|3b
zKpP!UH4YnEBN)JW@9nC3myw+G#CCE+xpZ5>9&K?^USphs(6Jd9Cz6WhJOs+7B5Yt^
z$8AKAuvtSPn@wd%!G?>(f7@h(2^y$;wP4`nbRofMjZ&S0lIN1U*9~E;Md)3+zJPiE
zgm+#!uza&DQIe5ddoELw1wborrGAu5(&Y!*WJG`X+jve5Gj-LWUU<xdgdUv;O_;D5
zt7ux`mJrS;+wP@{J&jDM%wTc2RL{^=(it{5racoxqUsq+kZHDGIHt(kYVlnh(BRfm
zof*LP?e(%OSdZb<8ba1vJWn~2^HOq-f)H5tuATpurm4l5S~vT8MjZ1Mqa|L&r8tFj
zrqC(fElE3E^g;j8yavlgn^oXcO6n@eCGOQg?1r$T|0W>dZG1Jt_@o^U`q;~4WLm&R
zp_RK436ovGUYuA?Qv;2KlM`#mC1J3;S3=Q40(<Z)FTf=G|4YJmlhRYCP&jUB0kZJi
z4&Meev>2ZJa=TFqiV%0ZzW#UluouksgZn=a{JQ7epr^ffivduJQ<N`DAv)6ethZ|@
zao1z{57;~+1K2z20e<&Ky@uaAdV~+hVnhosQ*w@|+4b|-Fmi@e3%ZjjaqivAUkoY;
zeIZCrAw-CStCL^Ig_dX6jT)vWWf6TVQ3E5tuq1@+QyitC7zXHuf|9Kfq5vnDDY%}F
zF%3+RU2482RL-mk+eKfwSbf*x%{{t{sw;UCZE_;$XqlEHy;KnX|I(ZbC>|l5m;rXU
zN7{f3@^HIGv~|V(EJ(b~kToOF>hG2A$JRkI12Yh>GT#7mCi|S!Ro=gJTsH{{95PYY
z;BuTs9j!Tcv$`a<Q63#k|J0rwxw}ge<}`!sD&BVo{bWSJTyeDv2iiu~QNYihRp%V|
zKQn?7YmkzxQxr}13{(X~BpXjq^{ISx3Svf4wRrZ|2497uK-}n~F_Y=#6^*>}c^MQ5
zFsb5TlgGd(4?vC_0#@(=A0Z!;@BA^wfHQ~YQe!`o=(iPGxdf#0^`G7OH4k1*Vs=p1
zQo&OMIOOM~&6>($$C~u;p3e@hhB@c=+j*R#YnfwbDfUmuT9zyw963-4DM@FhMg}Gh
zc7o?POwm3(54H~PY*0c=R2;02H|R{aGG8q*N6R8&WSXc5<d}w^3SU|O?9YnkWa}zq
zXS9r@X;Re6cDl1*?~jv>#z{ruCLuAJ-4XZn8EpzMBTRQoGorp6jf{Fp#XdCN`WA~7
zFf58Hj}wfUPQ23p84NFuSxuZI{EQe*W%!m3ZKuruYoVH*Y)V-iY^RnPm65`wBzN&n
z{#%kp{4GUeXcpy`$Tuqm28iC6fW+uK6^Coz@02mA*{~5vy>pRS#R#BS8N7Gw$5`)^
zWEa1Z(1tjK$5J-R;w4<(iC_%F-~GZ79fg*PMcij3;USO|#)}VrC8Qnux<zd#nw9YO
zj_V-5Jip^zAs8c7{*1*cOA0Z*pK~kANOti}TYu=BqAP^0_6^gNt$TxJV1*^&xW->b
zzL>{Pfvd04oPEg=_*tHKtdaZMQw}`g(gkiqqBPr9fc_+Z>v^SuHhlV^H6GEY!;?_k
z?B*k;%${Z``$QX?4)VJ#{`jmZVY^VKaVWVM;m@Hv8}Z0j@Rl9&tJXf>`re?dHfi|#
zVz6O@#srp+U@7L*aGX`K1)<-4j8!Zwc`?zn+=r-22c}C|F&%`VMh?$T9eA1`gr+2O
z7Ckrc=<kQe7x~)Wzo|M$!~&d+;O0|oBRrtq3{ZmU%`Oq+2@<bxhm)k<p;-TSu%T8-
z*_zAk#9pzN2E?4(D3qtI>s{W1*seySmVY9o8yC+1Er99&L>k7nUd24gfbg5d!NO{j
zbG4vlHiJhl@_>~(z^|^;3Ll2yP$MojnxBFjM^z{TE8FEm&WziJ;nf<_$fsP9zOxpF
zp=f`jWz9CSxjOS9)>4o*Mb$Nkb+b3va-WkpdcVA-iJPBeyOHHX%mRf`vRUWn&JTT5
zGRYEZ#WRW}+(4;eZp0p1>o`M=B}Isfo$z{7$(JpWyq=-kD3f*?m7913k+}UKqH`VW
zN5#2BoSkG=B6H*fGp_9W>zzf`f9{G%`Y+OW6SdL?)yl-)$J1*)N`AB_i(g5Xy_CL3
z&T!dkm=f%zm~-n68761OtjVZLSLN?^ms{QFfqJx0%!N7Nw8Wa3YP#4<zbn~m9KmM{
zHvmW4Gz`wY1>6@w%Tu~?le9)#u}f6M{fpCjTec-#%10J%)ACHW5UUf$^#2oM@c(~f
z3;~qcT!0uu-@pphH`3?qPjdg4xA_@sL9&o&><89rmU#<Df;_|9{-Fn>JjSTYcp4?P
zk?9dES}wJIzO`WhiSENgNkpB^eaXawZszB70u7*YR#kK;6WdsgYZgjCq&o6s-*Vp=
ze5!n*o~YwEwRiH`cj9NIqVX5;Cz&z18`Q)(5(+=&v1}tgi_La(eIe55Yvd5q+q+D)
zEm~4Pb^eXKfnD_-tyetmDei#X*&!n?v{Z~({$vZ`)C{R6x~X^`g!rouUA;bojcoQ!
zyHn=Ua`>OO51HX>dLPKoYriY4QsHRE4n7w-=E?B#Rt)4F+anvZ{T}%NgoVSs?krAv
zvUiaE9AIp-Tc~L?R<8S5M9al~;z^YA7${N;C@(NBSx&Y)_h|Y`E^>?l^Z9}36O@68
zy;s<y#2ClkIF}yJ5z=@{6k6yQnvB!==XnUw>V|L;xv06#NVeGy5z5AQ?Dtlu@4d$L
zuFqCf`GZ_^G$mP?{8=P@pevuvKikc{Kdx^_oASUun;o{kmpvc8zJEI}AA7GZy^das
zy7UL`NPnP3zcDbZlk0vTH$_<PWeH@FiR;IQNW37J=T|a%Ob<xK&D&eJ<qvv<7NztG
z-s}{*dKc1f-_E4e-imjesp4F%6>|<38=0eK#Ud+;``S8`$*EYzktze^tWvLg9k3D4
zlfQS!$@*kfn5K${h?z&|Ch4nx*>wzN_8`Zi1x+vDW&{sVr{<_r86E85cW?cP1kLQl
z`i*=7Dq=3cs=K!vsAzO{;+kSHOier*z^HT%OZeL+i6n66M#COf_)-l27m{ZXOVnwC
zIW4e?y&>Y-a6`DyZ<88P>^pW}>yaMmw?{IFr*aibiL-Oy$!bkp1qypKX6-Bls)gm?
z>brFh<m4zbBKQY8Yq_XL)~qOu3%JMa`GmW`G^`xdef!(I(!yK#@5N3Lmk=kcaDNoP
zCd$XN)ak}kq${MrNM)b&QVq(ti*@o_iXx@qyE^PqT|!#7Z{}*|$cq9BW(rY(RXA}K
z!hg&MSaU3+sVs%>^Fhg(na95|Hfd&&ustlfW-1!2A!1{=Y)xMXwVSlFyD$S>XfAh&
z4JHY)EZBeu$QZA*ElcXXxZ1k(ZTZfAxx;Ty?BOqYqg~a<X{#+ZaVOWbAHLA<f$q=k
zDzsh#qB}wB*;T8;>WzxpBmT{2-YdU_f;tp5!xPe=V{K6|bo}NJ2sa}x)-HBZ#EZsd
z?hY}KO=4>M#@XSl1o#!T<$x@!xD~q?@}EcN%UN(0W7y{EMnhpXqw=uR;j40|PnX)$
zpr+M~$L^617$MTH-h@lo=jsqBy9tR-q3~i{I)$Nqc6l9~RZD_^X-Fz*L;rwqtn&65
zNe=KBsgQP-%*4Y5uY~;rVQG-I31w;~g3a$-H(19dbnu#asPakchWD>my1f|7f`#s5
zfY9^U*K2b5+i^)RO^<6u;RKkA=y|lkB??gmWR#v2QYgcixRdpxhd~jhiJ-GM!woZ`
zCal!!*+%?=IBA%`h(3bf@vS+6UoC`RDCRtU%e%>~xeNO%Yv7~m-kdD#MNEI*83$YA
zGT!&}o<dqI-nWj(oF3?BhUH5e*c$d&fVL<*>sm$w02?C#{xwY*pkG$pYaI;rsF&bw
zCaGO{p)T@fj};p-qTE&uBCg?gn8&`8q@_Cv*pM7y2-0f8Ti&ja0kaJdm@jKQtw4SU
zZ6RCAAw-2)p``)O5x=rNF=f$4_-K!@l=k|i2`EH?5!HYM<s9v{kVPRSIU5Ia5Of9n
z%PRaC2U?Q7GHa)59ywXMZnYNkT0~08^-1T<zXYuz3Zczejy~S-(vpy|QBke-=!W0o
zXK2|ay$4FlcmFo~oGjBC_ky0BUd%=H+Jb3<=PluBhV<cS&LsTB)6|96glF8)w!E5%
zSN(}Khc;mcK$GxSHtH>gsOpSE2>=aXpeg_wP2K;XY3wv8>Hy2dk!aHvrDx5}{0|yk
z0sdSqg?{A=?%YlWUi9nB;4ZNSPsDXBC3sYY`~^QtXZGp<mLi2aJ(5nXIQ&+T=sqH6
z)xl!kToj<ZM#6sG?qwrUT%u`^wp)zdEsz!DzGW0{A8>3Q>H>j!an)0}t-mVCaEg`0
zz@#dorOeF{>Y2BEAxYm9qP&g;nk-<7G^FRAXUXS{z`+>|2?`;Dfg1*utdBM)_fAzW
zHjv>^yNLuof~-1(bO9P`Y2qc2&c7(`I+3)gxRkMg9Dwg}f`GWt+}&tDnAEPXGYKqe
zQkH;gn9m&Z*&($K6qVKr4RvkKktn8E;ORZ9T;G`TGs)47WBjeTbq%?Ry2yyM*9x<@
zvFYBAb2PZQjgKjc!IlrxU1BwVmeXC_X_tRrD1>URst;9@O6sFG%{Gf|K$+#(TG7bN
zFkj#`xt@(PU$8%3vKy>mx1PxutT}kMi!HMnuVF{&3@JVz7_Y^E!F44VuU!BNpwgKc
z*ZAA%VKkL;V&IlC@2Rc?nA7pq#4;Aj0vM5}ZHHq|h)4C|(!WBtQPU+xAp{#Z>94VL
zpoZ5BL3&(!Ld*O&U?lXP6v=Ub;qW>^1UGqbuv;~SZFog|0%eCnpP*Ubqmp#~Yq6qX
z3^6#KDVJ|WEJmu)Mri@!J6;-l+fPDq?@0;B(GIhXCMQJiay&Zv3F!%h88md4kuLnr
zgE_`vwiM9$cKF&Xfl~5v@Nj|79s96?any!tr>G;iPhCG?<~SpD&>Pr+T=@L7g>(+(
zVrp*FzokT0aWX;4DPZm;-N9~nCh3TrT>p)ETx3bLifhSofpTr^Z>_Qe>whxPtiG0p
zCJ>zHN&V3Tbi9q2rX`rNpwk6z@^FD|Nw)ibI$cB=e)l0m^9p`G@?i>2cmQ6P54ZjI
zW|3RHPbTnlXTcEdHp%!~fc7|#qFKy}cVKU7O+D~E&Z%7g^Qd=~J2vNFt!i&=PghaK
zh8H{bp9cI`ERl~Y-mj%=3sNrEPTdMR_OS*hyv-8Qv4++8rd5Aq#uie2kcHTTar(jp
z?1fp4LmY?}Lc#@pX~E_=M^P``@Mmy0{I8g420{w7_{3VnQvv2cd^JA6syQ$s5Aa9g
zPXH)^1=e-;E&zLSrW-nn)v6VocSk&r3*`i4Y2Uaq5fl=e5J?OcTI)Gs7R~~t6QD9F
zf>};J{0nvO4;Btq>HfP#Rxwl*TlyFn>yP*}2c!nDg6$;G1*rRBt_ABbTzD$5-ll&9
zYL4tkj2)I7TlEE=Ko~b-#u^SXswQbQ>EBR2xcE*(ZTEEa4~&C=F}!5*5F&Sd+(UXx
zqX4Esq2LGg;IPqcWP=iZL2N^(S04ml`urdtAU!dFIFWV<d(#ZF(WAd8Yw4_{K$es4
z-%2yzf}{1$2gOc4e?w{TsfEISiuZCA;r%^KXSm(EsAT<J><jEdY3I;>DZ*OXZ-l%2
zz1ih;+X3n(qDT$2Y>it|ot6P9q<1G^ACqCad@D7m<zre*q<;*=o}Pj)RQUP0IdpMq
zpT>fndU;+(iftuJF<VQnpQNMH<JX>-kDrt-d<>t8^Biyy+~qygid`r!g;8a*LRWd9
z%LsPSTIUN%0UHuk0UOB0bugCZ8%#D}%kphXDJ94Gt_YT0&WHKWIG)cqf>(6fSLF4V
zT;f|Ku`I^x|B+GyK+5$oXpLuwSkpSpDO*nm^iEfO$`#0=R;Z5%=Bs*`$!Pu=uZZ+#
zhf6^Mqt6kejdF!hUhi;Bi{Lwg0sLxc5wCsogdetqKuSPq8H{?3CaE=dLniPhf+#Jr
zKUZ3`A?vU+uOaCWO+js)dlIAv2Ua#;=Lk&u%=z$sc9DVesUNBK%f8Sr$P{;?Kgf-u
z;MLhgmriGDBMlT&0C9Wj-d2e@N_Dimq%ox07{vffd}Ix4wNsp>9<r#alDLLG23cI>
zAqvuMq(%n>I5I;A>mEE_Ozu#c7*ywlO*dHNH6v~oMXt|kIDfOa*DRBa3Ulvuk-pN~
z&W<xtXB_rIe{v()I>Yj8h57>HE)#rs*Wq!+n!{pMvZjhUU0c4N-;&r6kfWcKBL0Ad
zeQ82Kh)a|w2-Bm#m=W>#j<o;B5E({%@JLSHy3mia-d0K!-oqU8&vg0^dNbI{#wZ`*
zR1xP$7IcYjjp*ug(YAiNHXKRhI6Xwi2vHjruYQz}`{w%ZxV&j2`|ivUB7nc5hsbCx
z!fn7R4gxl*_@7bj&W9L50IT|>3D>xbAcKXl|LPFMHEYc^4j^Y}GvSWCeWC#u*91J|
z1q)uk{BBS|f=tZT&tV#0XbZrjQ*X*Nqh}8z>;bH4d`-XE@Rn)qL_ZrF$$~vPysU9F
zQ=sIUnS;@yS7ie6uyFwUR(kZuuxMDh0(;E)P@&)=qEZ#5;FC}P!JG0xz^51v0SZ9*
zHtbBSH!_c{WPR)Ib_G=(Y`et+{ix`%97P;0?#xBAZ9GE(rH!F>9UcL<9j*wL4pa(s
zd5-Z?LZ|>F940;ibvG1G^h)liXrJMjp#j=`gW(&xoDn;wvi|X~iBKm#Yyv&5(7o^C
zxA|tJUwGv}0b*dN3;{y*E4pk5Y7%sYOSU6~r@n1mRgf1X0H}jlc`Ut<^_z@4GkuvU
z&6vu7r@XRC13r*9)C0)T4lD=ZOo;-xGN=_c6z(7W5+kd@&ky$l44f~z%clTw$0%gT
z9wiKnL*a2r$8Y_%g8WPis_~*8UUk-hrH<Tp8aea)KIgHwGBz~4ykTq@-_#4Pf50SR
zgHBZ516g=5`oJ)VH<eoF6G=jQlvP4||B*1ne8a{D3`U`C3P3_dcZ3iC2^C-eBVqn+
z^v46a!7Z2G7KuE|(C&XEw0}Mr+AV`-di{eCR0j)jGbns4Y;GeG0zWbb7ZmotYZyGB
zU>tVy-!T>9#zXHkyzU?hP~q*rxZN7x)gNb?MpaOoHQ7#CDz#@c1I-*&3G5lW3(8h^
zn(_V0EYB_`3i+v~0NFEI3De&yUn+^gf)NfRYXXvB-VLUA&Bv^C0TDPk-X%Q1?m^{*
zLG&-$YbNfLUhSHTFFy6-VQT+H@{a~heuR(<?3a(?x$#%6D8YYOmOkXx&t-HWa9NR{
zc53;r4|3;N%2aq{+iU9MW<w~9Xg1^U|MZJM$sDpN#Qoo9iLl%T(NH*RnW66{2I+^2
z!#3*hBgX_k{<{F%=MR?j+=0g$`0_73)mh5{)NoS-c=N5KfY6R16RGIm2M&IA4&^nw
zwtCLgcH#2xHglFSv9gaIFQ>ofK7FUoV!hD=8~@-|Gd%}fKm*HO?rwj9F>G|LfCSj^
znBXLoi<Ewg%Bhm~Hexln@8TMP*h5Afar%yxdq1E22#(q_%UMI~G5D%h^aZo6=DnBG
z2A}Vvalho<PbsqYAH+DT=Z_XoA>R`M6Z?(c&7a&z>EenaAUrT5c^sUc_>Vu7pK*)l
z8Xsnjjt^<qrh2}cV7;ALVtIg_RT&*-v>M?Kj4#;)m{$DHAO?JH@!rtf9*Ah(Ar5zF
zZ{AqMw(zCtSNBnpRi@;x*H`zFY@m4cNp9iZRwz~;&;%Bv!0RKfx9;bOY~K>E2ubdf
zU!G`)P2VUD_qw5>nG0h$V`(mJGDI;fv|#C+s;UrV`oYwsa9Hhhy<8<UcbK%#W^hk(
zpjF-Sz;+@7{<g5mn&Lgof$qN~dTqq9EDwlP1A)GrBpQSEO&O5}uGu!z{!JnJ>G*2k
z4_!-B=M2OpRyGlNUin<d|2buq2qgu!%7_{oy5|O|j}@)_SFOkVC*k~b3uVBy-~z8=
zHo=lpDOTk~(&c~O?64|wHy`^8e<teBBMIHLK&oSleO23e4ty<0{arSC%IP@6s-4C+
zN=U=1R~Nfhkq^i`#=5{X@TUT_#lw+1BZOC3l6!#0I}^b))g8w@b>mxrdYq59d|z0D
z{-&hs9VxeALaV9o1L$$V2vP0Ypa)b$zZo39GirbY5+*}HK?f-uT5p4GY^?+yV*;nz
zC(?$hPlEL)=Sy4fdt#_ayLOcWZHtl=&S7!JqZkLtXfnQl3XgdplOt$~PfigWLVgos
z5USpuHQ2)#*0Y?Pw}Vf?(F3?5%-PA$o=-5=&o<;9)8O8^FPMS16)1moJRTsz5fRyG
zjj!399?j%+13!%~C?bi*ab`LQbiH+)Mmpjddz%gq?20+us()wMy>Wf8xxiz(%|cAG
zV-V1Bon=%X>(9B%Jvqe<g%EW9Lr0Evf0C;JH||c<uuG<Ri#>+l{tPjBt6P<cu;<$7
z7{2+@ASU|@(ImHMBTDJ2W$-UI1-u_OMUL?zH$@K#1^)JC|Hk(j)7fNXx-;4nt?}Y|
zD__<?v9c|<X~+Kz1MEnOp49Cg2wBgCZzpV~&ctwB^~RtDO<3J2tY?t^Q%e*q-I;+?
zmw*LM3T$Ps&xM}r8$ikuUxYkOWR31;dd-==H0iDRM$BmG@2es2@O#uiY1aO=G=%(M
zY6K)`rTvXD^4w4&r}iW)m&84YJnnV3v)y)ZdjFUh`rK9(gbdXC?}U>UYyuP@>zZ{i
zo+OTkpgM~=GLbt`_cmI=fESI7y9?5C{;eO*K?^}SGjweKf7vuCg2l)Vfs&(;=BR~=
z`Ff{nx2?1Nrdjf0$m;I$r#-+a_q)4Ta&R#;tZb!p_7)Yv{7~_c9>4_&c=ALCCAP>;
zM!&`9bE7k2ATpW3C2U*spzT~EeL}h&BBKPM)ax5bK=8ZCQSqw^G`7oGV7ieH4!k8V
zV-46<lkJoizXN5Mgn~SUi9uiVV{fAFJynTj(k7*dkdJCBUIQ$vhGk9r0FQxSqJ5Pz
zUGW8W?7u~{+5Mr@Pcwj9XUtz^ZLh)TwSt(l=DSt@IK{llq28I1c=H9#gu^s01kBfy
zY2(Eg_z4cyN*;fj;AUd*gB46g5X*)z=QC_d<#crE?*=te_m*m$elbFO!}QVI$#S9-
zXURL*Nm`127V5QpN+H|hc%!!~+_v}C>M2|(qwc>4_7mdD<f^CN>poQZ=ii-0xnr6@
zj!lCQGcb<PdU-Ab7X=E|`spv>aiZi5gb*rC#i7+RP)htU_Y~-P=P7ynr7An~-%C2F
z8!CU(#bmqVIf%1YW)y7O|A^+~?^iet%_tbPL)(2C9(*{5W}QcdW>KB1b8MLmfpHkO
zOGS*0J30-?*|s~Jjl*+Vo&BT5wQU69o=SJDj8IFnbXAsL0WiI?2S{0-ej-_UN{-u#
z<47mK{G!F?3E1-tP}~h_^gZpGttE^2P_Z4=e6YMP@dTj!cr2*8ofR0fGWB;Q3#=Ry
z`#|xK7cf`~HtsG2{~!-Q3|;<}2^oVJT$X^m&s>QnVJ~SQ4Uns)BHd_|+ht7~2@Szq
z`tKs#5_4uE5i*d;QSom=`%h|gG*OZ-H@Ogj1G>-f-Ts_-iL(V|x(wkN&$LL&$r=l?
zH=++k8EnT7Mbau!^AUHrXcz#IxemzJcP3Ar`iqR*=K)TSMM9s$7b<{~A;RTm>*@}B
zFO+2hW2O#f_^DmOa@(srQt(t@j_5EAQYm1c^q*4=85Ugi&(IXCp@`=4eo;}nlcc)W
ztY5S`JbvtUh=Xp2zgEn>7D5Z^LqcKYBF9&S2@?83wY<qm2mRs=2Pd+>r}e?%kUIj1
zIhlA#K}Gr<kvbgs!<_UdGwETUsPYW%Dzs+lVfPu^=nhjuwi=N>DB9?%jWnU`#0+Vl
zom0Vo)O@k0gaI}}8>8{+H>a_tWCRjm)ux1PHSN#F>0tq@X4On*B1)6W%)E?J1Ke^+
z5n3HmYwGR=OcCmt7*UX$g|%XB<StilbgDwAhZMDW>udHP%vb96wtOv?iFtk};uZdc
zX{_g7gspu19()j=5&#LkpVmT>1ZM-E^%))Jfe6VfKlyXRIF1$0DTXkHco$48)`UG=
zo~9I!)n84sKu336CH;mO`%h#yZ#$gDHyCVjp&*u6nm^e?Pt2!GA`sZ08w56;M7q3W
zXDA|p_)$nNoQo8s)Quo@+%LblKWIY3S@vm94Gsa{Pl&*)63=19z{>vl^b}4tXNkbL
zGD;j`D#$6(U)@(k);{@VlR|#7<o@?DRM~MEhcsO{C>rnz>kwEFTpc#+ohEPi;+t_i
zADrTc9}+3W2#ya~z?wKB2AR0IBqid?Rs!NHgZp7#SN1P=YOX^@MlQSC#l5(`V*&4i
z1b1e0+Xx~py>R!Dj(JrH(fyLC=Hh3NPJ=WcZkpC`v9aJCvii0ugKT9taO{3jNeF(P
zEn#1=nEZ@TKkhIl>QlHodup#OXB5kjKy6W`54}x;R5l$AJxy@7mtL7<ALr0|?oWO|
z6PEAhYqvjmj*kSgB6^)vjl!vT33uwgiD3dChp!tuZaT{HY;Rlr>c?vMbz2~nuVgrM
z*Q-tGy&bkr3Qr_$&xb3ygb!R34&4hU&B%6$JYT?9LLDUs85%tIyXpcxC8XW7p}KoZ
znmp&UT0Dj2`s<4cHbdRmG7{4D!l_x>JdQG9G7`3D8ZtL}MJ1$sqK(lBMY$Gn<>s7@
zCiKqqq?@ozj%<n1crjb!4S)s|xUA0*7ptvLtlFG7%>O3K>=+k27s3f=MXLL{hfqK1
z2>w=xahFeBA=<MPYydUq5$4x(U+;2aG3|6jh&#x-Y?53rMAX()ib{Z1W5REOkcJwa
zMzh41pYqq|3d;`g$Qstq)rUv0hwByj6Pt`8{+5Mz(lJ?)4f59>1w$0Oq=kbS2yBxS
z&93pEBJge_znu(^KseHc)+tY=TIeA*qAf+l^3c(|>(}cI)ePDbF$HE7Z)w=dh#YlS
zevTsA_)56g2+{vL8&9L?WQaWODh_;mEmhvmd}tVqsUi4R{FNw(G7`$tmk&0a%^r!E
z#A6f``t7NoTeRm67d_jM!xPq%T>PNbVGfhTO0<lY@(#(F*IxGr`R32K0<Gxx5!Uy^
z@a@AAi~wIK;r7SC_Q@I3=V&CB?|**%b-gttYv5Mdb^_qnL-UMZ0e(HS58&6u;RLSq
z{IJ3L5};Z+8%baP^Xu);AV{A@WMDs361S_-yKYy#^3{l;GYb$)^<hO3Hta6O(Jkw9
zaOZ?0k8F7`y^@MQRKDJb4d01^KHIRbVkpC+Ub|lcBdoypFLIT_^M!(+r1n=U2?d~8
zc!z3iLu#hn9~Qwb=(8Bh1UgngEgGlSu$*QI-Grdecu<AZDT;2wH<DETD1Qxc;V>0n
zfjp7I%?w)l897FASVi;6e+nQRh?{Ir#q4aK^rL{&+y%c9t!%~YtKsaOK`!=tkB}X(
zwqW*m;F}YUVpXA{1}x$8`<7TR-A6HY?3i2GqvYA7Wt|~F^@s|<o;iJPLXafyeV_xJ
z3vf|cLX@Q4?nXZ4FbKJ5E9xqtbmbdXtf<|m7@XKgl3=~`qDl0UOiU8khW<{{-N0=w
zo5_!cFCr)%od#bx3dRL->M7bHIpdD?oDMd9zh-@`j&C4(e~p=cTYmgX;R4@dykM%N
z<N8pHSA7RD1b+|{9i$0{c{qwG<l@LobyA_apF|I<ew&2hHv?^D%7f!TPQD<!OCC*O
z7BD|~X1uv6Yw;_A9!KXNZr~u*IN+i=^zsE%CTVo~5;)2Gk{y(Bo&>vn)nEAVIL$6Z
z9%ujOVoyv!0WNk{3VIY^texa-X8|sDhWkHb&30k}<e1uUibsy4AKR$y+=$VcT5u)N
zbQ*1aIyJOoI7i*F`H%5!XBOMp(QCHzlKa}FL2fO?*Y89s2PO1SVOV?bXw4>(efCU#
zuHO>1#0+i+wMC}BBD&C;!|AI*iH;C+>On8>;UeY6yJ!D&z>OjLCZ(*cC7yslcpXwx
z@kf3C+1MeD6CwoS#z}Fv|7k-K+t3HABWD9RYhoU0tylk}$W6aNDUQZv3~E;}H}BO0
z{w0a>wzTFqt+oy+wD&!OmnmGuwZz}I%|wVgA;DfG#^f^yXML;I6I1vcD9KL#&Wh=`
zrzrK^55zs<ntskSn!6gXbNX0l4UMjDN*;x4*rfwx3@77zJ*<_N!!(p-x2&@?#e??#
zURrBR`8le)`LB83(r4fg1jn<&_S{>K=CYBjJWDc+H1q;T2%w)&q#%|p;~9+jL>mNy
zNL1ZuZl7r!WXnR}Tcq_JouCp@zY{3sFxjtBDPObjI}^!#eVDCfBcc&31zBU+f%J;>
zV81~e5izn<?D@x)@bqv4)8O>{-zlKLrsF*rGc5B^J5!nQ6JyJZmERk&Wca*nQjzq&
zFtS!OFoxCkpjR+qt!RxL!o2=$5g1TrPKhX^QvpTXyW?$^nIZN?k1}KZ*#tUIVs+}h
zANpP&bzd{U3Ij(5<jAfYAP?*IRkEgxqBWm1@xaYmuH=9?J#iIYqvP2)aTUAsC6fXA
zQXOYKcmzbvAsQ&8-OIj-x<&E}Y}d%Y!RymJ-EShq1h<iQl~m-c9P=ku8W>Hr?7+Z(
zFl-pIqDuAaGR9M!-49@lK*3cM{`S4v9!^NM>`1j9zAnZVDj7L(*2+JBgxc#zC!z~v
zPW{x7YTt+a?Pnfn+4kO}(G*Wz4y=7}uQ$LDH|{kGt-A^Q4r8=HMkxeo!<D{lP7Y?o
zn%v%O#y)VMwIham%q}XO*0qzhB3=GBaW-9_139HzxeNo|!f>1B-v`#f1-VKao&rS{
zIdETF|AH+L%nyrHB_Q%;KO1NbMA&$m@N%J9P7eZ<md3CxbH`1jLqB!~C^HPa<p!xV
zk`MaOdH0z_;DjooHXA2XPSV0yzz<Ue+53j3Ex-`<sz2p(xJN?g{Zz$u2GTjkk1Nkd
z?Sn?3cC-NF=IMQMv+of)#V~2;H9@sBy4vy8fu~}h5DawXXlf{(iHBeqPajBu-FME`
z$l&M3a}|ORH9x#35V^p#mGx9$XCX_Q4>Bg<6aZ&%_56LRiW3uFkHyXNth3Nyc}dgz
zZgQ&OqJ6qXa;z>khLQZmcB;`yUP#9-G3MwzT|z1`wld$KE-{923GYh>WF0W<YXW4g
z*{Vkbq$UH@@9idj476qmwDx2GB(aswRqw!1f0u^=2}_$hjn&EWW<D}tDFBDy%7=xv
zXTa};^U~BiQ!bBnp|#e`uZ4vAJnSHxl*izr>Rp~ayl;$B68P=T*WS<i!)JqPt>v}j
z>R(~^Yj1NM<`iVE7BUYC7?BHoE_xt2zN=^L*VfjuiiDSGi+}90PcQ<a(&`HFJ}?og
zZhNE>z-vfgm&Vop*u@@%i`pk>`oER<b7ctadf7kD<PF3jGqgj@SIyiN(!Rnt=fa+D
z6dU%{=d*4;gwEDdH4VbV3H2Z$U;C~=X^$(SZL&qcq)D+>qL|E3Y|Tvlp(9ubEZ|Fl
zE1#_s5VZkqE_@v=&c{1SQa^HR0QnIk^g8({`RVJa(zo3leg3&oHfUMWrcE%B`nENm
zle;=xNm{;JyS~1x=AkANMzM-igr1LW&C2iz{{VYgc$T`(2K5Ic|Gk4;lm11TA_c??
z$pwVq%SCwD@}Nys401w*TR3>xzXqFgJ{}$h91tPzpaotXR`JUZqZ-!}YfuZWW7v%W
zCllUO(%>h4y399B73zxU*%G_Za2a+L5(A|D+J#Vun?`m5rrz4Czp+O)#?Q{!U|mno
zV4dw)9ek>^xd*%6nxF4?o0h*RxCX|8lE0}{`dU?x=>s8AE9|eV#emJ|9Qvsh_3)gl
zx&GN|6%%mR*1|gts*jtsQ&+5ciJNsJz+->PXk*EDyld0fzgG;*h-MCRW5NYJzKu$a
zl_bTV@Hd?=4S<&#9<n$evSNF_->%2vZni&tOs(qOtjT7XaT1L;gL;gMrlKmY(`rGj
zR^eg6p*$@oXrDD;oq?%7&DP98WwBCKGc!<*JfcUfiRiA`vx=IQ?u4ZL4P6(?;6sRu
zKy=X2_tCI}l;{sZ;uSKPn5z<~)U)s9qpg(vifMpV(BIMErtyxEjv==m41~ZbCGsFa
z$FEE2C!x9z3O)%On1PYG!W3C=7Y5-(`ozu55_eepU~&WkCvS5M;VAx&bCU&CK~ztH
zxaYql@ss{R)d;z8gbE=V@*fn!<HGQ#p<So!aEPA{9HBW$cqt#8c4VWsx<oHE)ecU*
zGCzO)z!jM?D>Il2cvD?yq_(kxpwChWTCTyc&<scwb4IgR$Dw$}k)2|RL)Z+7l{>4q
z5g$u6y`U8xLomxX78`wQDKN&g$GblQ_p<*rw^nSev+q1o7H|0t-ER!34I1}{n}R<L
zOa!i-f4!;?%&MwoBWdKz)GSuG-v}-eq9+bjF9`h}q{zKO+SL{EmVJ0!t&VAMMNd~V
z@DCE)z13EyZ`j$mal$~xfos>V9UkXLn~>K}WJQLh--9dCK8hs@{_%%Q*XT@F&@_iZ
z<?&8)F=aAa;^c3pOoQhUFdkRD{cF(22BEYG{dtMawn5CP4yw-0xB1{05d9#`i_}mm
z8gxKT1~$;`5}^c7*nxs7C~-oW1wA~{S}~`l?3RhHJbOgLF0A$=d=<hnq%8TQB*hmV
z=T3;rPWZ$1G{NFN)xw=HY$buV1KFbdoTXazOi1JTF;*fm*~&W(LW1$l{_wA$Xi$nz
zu<gS%S#J8#i{2+7<meRYn_wjPCY6JbxS$DUCqT0R_=Sr9gI_dLVQ#SogXlLf2>^bg
zMF9NgM2p!l&#uJM%AR&v$R(!h?=Z+EL)hWJ6M#MbJ*(|U_Pwz=2Q4&>B#)ZPt9!#_
z#O48&I=8c@Cw6cmOKbQb1T_A07ISyug)W^nGC)aZ*OW}8{hWVrwOs@4GndDf|9<Dx
z(8NBpfP_h*wA@P$sV<AR)%cRHGxaC`bPv%PjtU4&*)3=lu8eo$DYjW1!n1*{9$%wg
zpoexfjW1jioEVL4)+yIeOGF4275sfddo4nvjR_xH|C<rWnrcXN0y3+RIH`a(C93T7
zVLk}!3#JFSOt9Z2ltA20A|qOMn&$P+5|^cx1)Ll`R5XNm0mDczEMxLwZ<Hy2Jp$Cp
zz*iN{LV7c6!2ftD%DD<0Ld8H386O;?IW(e&U!;&4=FW9bK-tqa>n`s<Z0_=kuwUnt
z0)DFL)l``-mGijmVZ3`G#Qw7dT8_`z19?R?z<!F6Df!<?;9FSE-q@ECav350gdr^&
zLPhcX_%L6|%LkloiIa-)0zqXtP~g?7(@M3j5Ys|stfpkn$S;y1TlR6P&Y<WYs2HQh
zvY{xi@+N;p+s0t1R7kg1xo<x$rlCVk?n^ia*Cd4-{khqVR(|C~A(F+<`v-iaHx4Nw
z{OR7TY2}8;LxQ#WMrD%H&EtKpFhQgP(r0V^Wirr@K2Pn>(17d_ydW|T70<FGG{$Di
zUhF+i#|2YF&)1%ajF9my3STcE`6c1C{1l=hl<V6~+!eZ|^!IWsU9Rz*IkLDO0Wmwf
z=^MRO7+jtWmWF#$#W9W}6czs{1Xa%1S2g>80F5|SE&u>3ud*u&095`zKzZcZwB5ED
z(k-ONY*=NR>9qBUWu19JDR>wR3S9<7+w#%$UiUM>G4YUcPYC{c>pVM)$sFdg8aa2f
zha<zdKJA}lTyj++Ot!{KO1{^|`y=@vKT@rd`C_WK5!%)5=x_UUw|DBY_$Srg4mkBg
zMP?^*T={@$7@q_|?k&}=9lS=-K3k~!TzObB2M7mF#1-5)5>|?gl!I5ZxC2$;^((8O
zJ6ftk>ensA-(AO&xJL_W6!B^Jj#GcWA*x<seg=MBNAhL5sexKn1kJ0c)Z?S0N#h!<
z+oU01IfTrS_cm=Zs7qFf;s@W-D8Y6bSdv!I=X<696=&n0p!l|q(UHb|ud7VFZ*Nhf
zek?LiZOAw#ERd`k&K}rP^;2`EO&PW)gEX)T8s4c#cnN_UM1Tl3fBub9$2cJt;ta~)
zKS-0^J?6!Jp9&egAfE@<e&9+RiB1QF^`{r4t##RL8Is=}M!VZ6Zg?*T$(6HUdTuZu
z))U<0vMYyQNd+oIx)4Y$If?jl7x+vW62}=>SY=3%p)REKuT*f-%{>rXE`rh|PJwQ?
zpBQxE(y0Tq&hx(=ixUE=0BNi<cC7yU@K!gpFD4&d_uXe_IE@yms_|E>!fiwOZ7JNn
zS6QEvmYZx^!bKgR*`Od1$#r*){%mb9CjxVV#aK=VCxR1jCwai$NOuB|Er9!E>BFT8
zd|I<V8?ZN~JO0}n(;aI8c3nhs)H&@l@h6SeJ|XcZ6L8}X#s0jj;2wIA*1MrWw9oD%
z_^xvQ%&iGI8C*LH$!+GauXxu{nv*ONz7ZTik)12eWBqqU5rP+7iG}c?;6x=LgMsk3
zjJnG2JBwB!t3ma-$l=GxT#ExeY7sRy6Ff?#_Z~^hV9FyU4kD#a6@!)bVgjlYPZzKu
z&VIw6<zI8;Ly>*{g*TDx>GF5&s-5k|0`_kMCd-H>V%J0!g1i@j$?(2}f`anHx1YER
zxtPKa)+3MO$Hj%|bpf@pb(4lT06v~VcYHYuLryQs5zfJ%;EN?pIA^X-;XES`Z2y1S
zILn|ons1FS?rvE;Xn>I27k9`)fZ!5bgF71_i+do1-~<Tn&O&fDxI+lOcwljY1rH8)
z-}>LWAMU-~AI{VBn|ZpXrfRzD)ST%viI;WShfo=^bTuyJg>O1r4f+Kacen{&<4YaN
zr73M(>yTNeBc1+QZc5X~@fGcR+o;4Fdf;_&7%owW)n@xu@s)#?YaiAheAo%31ep){
z1*&6G@f#(Mn=HGr<~44jAeeEGj9YS{Tos&u%mZ68pNSBgGA9)BZX$#NQ*+8ZtS%B6
z4Y&_m_Mwj^->!(ucVeT8R-~!rx~LDiy8})y$=ma|XQjLn|8f#VhVngGI7tyot{!B;
z2%y=D?TtO6X_j@g;}gd-a~9$Cj`b_-0yg8@OASi_vt5YMk;p!4;I2Y!<4cohxZqgn
zyM2A4tlBOhy98m@I}$2?y{vbEO7KGnYpK_f2z$av-31L>LhKDOew{W5JS1$L;2q$j
z)PB2jkT3ZZ_PvB3{kX$j<{8$VlHGM#H<?)0pEA1~u@19Y8A*~6-agd{m34l_G~He0
znD<s5=Wi~lCY&atF0_+iVtn9^>$szc<&-H6S%30!`apFWH-M0^+jzi+aKa}L^eVlr
zq4PuhHZCo^x*K$VjwK#(b=6UCo!G2Of3Y0|XTC2>;1XcJPGCe%(t~;Lz4GfB_E7c^
z`$LMvuJBY3pq7P~5xJa?82EerS_8JoY`*+r=)8x6=*~@hGz{mDm5!<$q#{s}MKQ|e
zB^M?bQz*pvcfIDK*ioqeS_ls-JpAcifkOHOK1I@B(@s&@$fkE~2cz6Wh;rJ+AL5r%
zk+{>>dA7G9sZ5N_G!6@Y^K8rHiz-iIZw8L*zGVB!hb(wK7)1OmY3cw@xR`TlH=A_X
z;kckTwq174>A&`|#%N`jUFdW~8kL%Xd?q=yH5B~LKOrOZIL1wO4d{ss!iHDI!~V{n
z;ryfreox?pj?;skU6?F!!_4~mipUi*iJ!6su72jmNG!(`!vFodaPThY;0Vx8&%u{0
zNVELnQ;`v;U9W@I)h@)5C+aI#dT1<=kOavx;r~|~{HZ-$%jisQsjyKAdzN2$0LtLC
z%8egBS`%c7MFFxdr+L~mj}m!NmF4>QO0J$Y*6)57;@0dG^#OvEi)O9g2|pFFrJ%iB
z)#;Hz?A_=gp>L3SF3(ugaIfN8nS^-dQM!%bM5ZW)s7^zWCFD(4(qSl!6=aW3RS|=b
z=8uVeMTJZVH}7~8_<W3b?S_n%S~^=DtIbM0D9z92w+!@kB<oN}b3{j;%)04>%oI9T
z{+%FgA(~`y>x)JKDa`dY7PEYbt*AONFw((=wA^_!5~;owY+K}Jyw3pH+eT`j>mqav
zSl^@HWID~M!|gIfZgHN&sc$`}Z=jX6h+^O^eJx`9xl6T?rKj`2c93O5Z+Fa^lmINS
z1K&(g9<Q$Nj}g1qC|v$G+ey<I0U(atPbegW>V-Fe2B4eWcsuQvg=&6!HOu2jf3y&~
zj|Il*(k*nmlS&+NrVR<-Fq5?`7?=K-m9*hU^5Z!vMh3`zQQu7k|2ws+P&Zb2EV7G0
zH;^c}Z1%)HN&0-|j*j9vw0!3w+34J&R+Ex2S$Dl&)1xPlZiSEe<bvM=kBsKy)iI`T
z_{T`ufS6#zJYEq``o^f2<oOgA_=sbs=~sJeE!WF9XB_Rea&g0?x0CN$m$Th*uxmU!
z^lSiB)`6Cj6v7^gq)GTZ9qF!QhMzK&^-<TKh^|E}J3szRduKu;aB`RW{>P?}N}W|&
z?22=}BKsv^eqgKaCv_uqkY;>>k0IFP{wiGBo2^JVJKz*^LKoX?1IAbM_QIhKQ9m7n
zNSAX;exC!g=_BF-V!!Ic(Oh80&HG4Bj5F`;ADEJZlcv;V9*#E@U1>#!30|^SXpzqS
z0k-_$J?yLNP4PTtRpQsKAon@Be{87YDTDiGdf)Nuc9k6gyV!Dx$CigtRR^k0lUGWs
z%uIw+Cy*gp`Ddin1sG5tJjEt}1>MM4m_|Q0-myD+WwLC>4|BC+p~=h)x6DMm{HA+t
z0SwEYy@_O<7msK8zKj{h&pIC!hZ$xzvT4qO-FndNIRag9WNMvhIhcxZm3~3Q;*9=l
zJw^wY77{bij6d*mQHMMhx0PZ-=WfuWAGtpJYsGjV9>B9(n@Ru+SqvzhF6sAeAT3%?
zuUyYpbf*fW2iwPmYZe;IYV>;*_D)-=baEy}+Dg?jeB#UlCRV6$Ob}gMGkbD9(Nq>^
zgF=F!TV)XQ+)kFy+a^z0%s<w3-rn3KDF=-QtRu{3f$v#WU-+r+A<7eQ-331H?eveM
zzlrj<vI!Ygq#2NQeIr*X6jkV%f75WTG*Wc|pYn!J(WDU@FSsK261odFRYb_q#~!Z=
zBdq3m1Lw*betvOG>9{S_3*(7se1zyISq`52A!bfZ_)%5H^XgLO_@7h&7y{Mc3_8&I
z--1N><%fQvE%U{-j&bm3VuUacug<_5nw9JK0-9qrTN!MGNj4k>&C)GBuC2_Z!D0tE
z$hW-js%syUr63NlLssZlr+&I5Kl3mw-Ffga<stUqb;GUtTu6_dk28E~M}=rd1m>Ho
z{SoIF%$%2ef>Eb*wS2VFNRg>Jj6113*i-az>HRm%knb4EGN~Dr<xvtL0qzCgGui^l
z`SMR*TtyN?aMiK83h`m*zwfad7+L<zt#yun|6~$rK6Jbnum2hhosZZ$tkFV|=Q_MS
z(h>zf6x4R+p4bJ~q@Qqc*%vexZoeC-?7az^t=#VZbo1u^43sPTsN<OOfzh|(F|vAx
z;6So138BkmSkq9jEHCSnf;+ilIr_|7r}0TLi$Bs8=%n`3!+#Ui`VeT<XPw09$``$+
zCC;U?noR1+i1PlrvzD;NCmiz=QFvI^q#}^QA?SCV)0F=4NM;@${moTRH2_>fvF8jE
zwsjgc1evATF<gT@+(55+yo_^m6^mD1&#Kxr(4&mu+{5*qk}pvp0$-ip+=QZSq1OTo
zV~^NUjEd{X@J_Z#ySUF(0iQ^AK^&=Z*x8B#6^=x|S7LC4p5BNF&NzvtNAT~5oy9xY
z-u+TJA@spQq<?TdeH6^0`3H+u${YFlr<#-P8zV1~SJQDz%e6_}jRjs%xITd>{J<0n
z7h^EhU$fzD(XTwGpLb9BLF2&;&LTuo?R>3V87}&Lw>|0-ZJK+qN*B~|d$Q3g8vGGO
zb1}L<vKdZhxP5oOmC47^ZmJI<POEm}PO3(p2ILfomc0YQ{RtwM$09=N|Hxh>g)qQN
zQQbA0FFw9;DmIhem0Klw<mQzO<P50&WyxU1Ogv#pTFN@q@%wC$<+wxh2$8$y$W5I@
z_OLCX(}<M=EJmgm?E3Rk;rOZ}7~SIW+N%>3S+=nV=|w2z*uI5?*iG+F%Pk6M=W<cq
zNaclBuEJp^OjPG}9ow#ciQPc(#Gf;k{C)wM0l3vRMC8ejNe$Cxshzw*VPmd7O)UAl
zKAM9>_g>pkWGJ5Ki6T>EYPi$+*2llBo;KItoQ8b%JVEc<bDR|-|5TNiW%PZ>dSWRJ
zUBb89k`z;ZLlZ@*NQc==XArnrGYQlo(JuNJdR)ru#w7D3>?oaC$)N3;=^(3RQIIV#
zetg17E7VWN&#*}(YgNv%M^k~%#DS-hoHKvI42Jkr{%y#~u8F_(M8C&v&<QIRCa^;$
zq5@NwSv6Z`+ZE)+^J)RoD190?H8FWk5ZxB=>MdKE2PCj5`e&trW_ePv3JB3YmZ(05
zzkoN6*v?r3md6ZyRTlMw_A{H*C+*s)qOSb~-tcq2Lz*JF_)Qu%^w<S*!UEurZS_Sz
zpP-J6oQ-Vo=+};6C+MVDJ?o7^3Ii>nA<4i9-i>$*g6x*~o05AQu^`Bfpv72RNj{a@
zyMLfKxhI22v58hPB}(ga&Q|Hm0P46Jq9M}xL~><Y^QV*V!zSp6i#8C@GQJ%NZOB5W
zeW8=W8P|IzthnM`0!_{F^pNRe*xJ<5Dm>{&iMlkc@=MG;!Xa0o=o<A3jBpbb<zDsn
z#19Sg`Gb98do>t{_Z6=r|IEoP6)dqKyYna^Q*wlDxBd5H$26`MwWrA?mtSGLdprF8
zmU6lt9ixQ@eV07nYnIp#hNVb}?7l4)R<Nx()5H77M*~v@8$D!)(rYOqWBKW`s$4<V
zl(DYP?yEw$(8($Pg;<paQJEQ!h0>p573WTwzp@Kj6OlNJ2bxeg-b<4h;E&>tiAma&
z86Ga-D`{84!s-BSxDb19!tz{iKHgfI*&l=0MCF+$TT#nRgG;SggmL(b=3I5GFGs%W
z@18wxCIjP-G;L-J*~AP8G=2Jku3m3Ps*S5XQK#0wMP;lp*3WDHbN2E!=K?tMc*#<-
z=I!Do@yd=Q0wqr>^)P!eu`N=qO-0sz^l9d1cUolmnwdn|@`RGk;b!nIZlrJbP+3`|
zjK_H-_^u#2n<4WH(6+I~l(b7{{9Ic_T>3&|lKjj+jOcimSU&TJeY%xF>)A3MOx-qk
zF=6feF(>L9Tn2Dnj(|$obv-P|Opl%y4ki8QH)WC;vv09W&jC`HcBQ{fEzYerYk3}^
z{({JnbYZq(bY0Pre?GZ*&VX)L0fuQ1)^8T6WRt4<>q;T&Z85gT!^vG>WK9-lB%R-~
z%30#bG1BB~)!A9|83iRg28b+@V!B-9%Tk-&wGr?%V)EvEZKRjhq@wOk`MS`pZB;Ds
z&#4~WJYfedU6kD#X6;{q(D*PG+f&)4BaDB#$9SjLcm3sxGOFxZ%7-S1UQL0`1>#A*
z5-Zv$4GdHB>VGwknbQxg$DSXSH#GVAisty+97|+f+f#$6Z7Qz_FxUO!F6(*QRRbbQ
zvadz(<rG8M-45ze6}<2NT~gsYH@5Fd*v;5yy5Y5^k%2`2ApSuQOJ6P1dbzS^gYH-Z
zKWw}Y=Bop_6>Lk6<h{N$X0c4b!?a7GVb8Ky3Av-}_ptNnN-vVi=|qT|-D{?j-z?^W
z0)z=IVtWh<k7u6!UujL0TKE639C(c)?cT>Zpm!kGlgZnHi8)I0*yV^}l>O#h%+gm2
zZiucK?9=#+u7O<7fKn%AL{wOb+Wi&gN4&jtt|uJf8i+8ctTs0V6QjG)K#h`+&9yDH
zFkgD_x_xr)*O1B{>T}}LMB~+T6-x;m^6zyuRUUF-+Zp+GtR2`A^?hP$>gBaw8nMO6
z8!xh$=Ee}@Os1JW&{$^>DW}l>wnpZGRGG#<pA0Y{5aTmL6#MR4Zv_`P7?{B=dv=aJ
znwqEnx<89YcXMmKz=qqPX_lE^)6+(I_JbnC8~nm69g~*3ahfd!kHd<CfM0}7A}8<J
zaskdT@mm$@y8d0BVYN0Hrk{Mg&A@FzEsIZhTp?q+AzvcKrz!G%y&FKRz=b&=k-4=)
zg?ecP6L&}d(EI(D#uc<wnUY2dmw(DD4yPqesDoA`SbWy-%&$V}{*_mhL90|jI1vm!
zJ(g`yEQ=wMHUx&~F+t)zrTMC6PvBdVU)>~m(jyE3R+}Pw#5sE*^<U?#&OS?q+Xv=D
zaY0$#ME1}m!X+t^u=90&vGQPPjlEIOM$w9CWwM{AFZabs1(A!k#r*4KA3e}UVMkS|
zZ>nn33?G%ojIPMaHK%}}?Do}PQ~F5PahgC{Q;y1_Lz5<v`$9$^tv@rz2Pp{{m;Uwu
zwV+EUgU46Z(uz3j82e$QKTftgN2KFrA^Kw?`ySvy{SxeB?CEIdl1~3dNh#;+nn?S{
z>&wSP2F5rAjMM0(psw$wa742P5NxLrSK`_4h7?8#?W2U^$H!4Y(^3oVZ<VE>98OrJ
zdJ@x`_%eQts^gT@D^E}V$zz|g<0+c-H)e=3^W+dxi}KHvy>U`?PZ>J~6+C<Z$))PN
zHdC{TzTY9V!mmkKv$-VY@^7R~^qtczR8!=p|J|&=`+SeAh;`3RtV_W&{;Le<3$X`f
z$us`|MPF!n9lw+Qq~=#~OBjb$bj+`=S(>GIe6WJNd13s~lW?j(f>R|SVxAVjv_2MQ
zKO|^yy|k0k@3>}1k!3_>gm%PL*ipPn)0+8+pzf@qmkHLie_}p<;s33n569wgeZ(X7
z?)ejP2O04{M#NW$Yo9x#4GUBDw4gyErfmf#if0Rz?TZ(`)L@j6QuQsq=~9Mcql~_<
z2UK=pb?I|97}F;R(bz)+7bxsd8)Z)#&A_>=6^T(lZyzo=jo0dAW6g5|3^8&4kR0*;
zM&{DT-G*O@XUcz!Y5Sk2d7m3jrc4Z%YOUX#zQ+coP&-p0oVfoAvO|f}sekVS++GHe
znXRdCaoHrH>u+yq7;SO{1Sj9rrDo+Kfh`Z!6EY^Pj56-yMy@0Fgk`q8Nx&@{rLtV`
z^>nw4<@*Vn0zDpIG68K)(HLV0uSCF*71^cFY^pPM*6(Tlo-%H+M7JH8n-8_VDz{Pm
z+dBbbJ&MBcG`eTXH=u3_jAR?7M;7=r{-tD<i!cTeY>J%Z4JW2n$+};94j$hR{oMm5
z1_FU1Y18NI!*4bun>zXpqdAjDRgmlyJ?RfOjR>{Y&=H|ZwGHr#BG2bkLum(Gs>0S!
zM;EifPd+ac7#G)H#^A~TyMiD~QeSuk@h_u-6R$I3VA3DGr!wOIZu)p<7w~9m$Jf!A
z%lG(nFWmfT6P8qY>c2(mr-02=sfu}HsLQMJ%rI|hcviom;56s5rML+2XP!4vsYOxD
zH6@NTGS`@M%0BNwF*tYBTVz=3(q_$kL0BihXqSA-bYik6Au*6#JtE3ZULHoZt2IH4
z?|^$=FR*D%C5E$}PIzb|FF_?rz6<EZCeP)!C*Tm5z~AQvqo%3E?Xwt@;n@}@tlbbg
zK8qZ<U5-ooJ)|qB7GN^qfK|b>+HvBF_&XWIIOF<r+}yAJuP#;f3-6%J^g9uQwdV9O
zcR}x<OM&ZUlL%D1SJ0)$j<;+w>R#_^Sre_igUAG~r41uc;a)*x9y^!dWK^%-m9!dK
zc?ZR#k#Pj7&?_h&jl_~s8)&3~R^CCHXk-+DO7;rU^w??E9@iJ!<8x%ZAWkXFksa6l
zQZ>_1^<0=QSh_M1?jWo`)$naiDCcahk$&NazBQ*S5rf8tcyJ&ZLea40KM+B`pkiRn
z3I7jlM?)VpZ2K3c&9n=t5kA{>z(~E-7v6Vpku~3T$Xcno_v$Y^S)6yZt84A@%U*FI
zY#nV|SRS$Q4lR~wU!aCvp4y>rb{R*1_uNi*etA4|Ib01!XP7sgss8qo)g4AAxL{`K
zs^KmYvHZ(myAaL9s7pmNd;Vyz95CCXP1D8xwTVBoyW~LI#P#itmVEP1YR%9dpB1DP
zqp%msDse=5+WSU3HD<V_6q{~Uo0XqIB}Vvm4d$WrBO^|R=`RTQxVuf*O0`LgKwh<?
z{Zo3$GSda$_i-WSe3GL?DNcA*dSsOs;ZD68tvZ+%6$nDb*;?z%&e`nu=R!Zg)RHa5
zzeFS%>oC-}d;eLBMJEPl?cXV1RS?(<oA)T3HTeJBW54Iyt9*|rA609`wis~ZIng4O
zFBibR-#yEHV9`>=z@)~a1^@u~fN#20rf#5+ia9y}KpO@Cpu_*PqR@Y(wTJCnFIzoF
z1zS5uH%Bi=cefW#p6+h{+r;a6G|Af#0HBc*2SD*Z763p|DDe{j!1b-8+Z$U~s0-Ta
Vzc0tZ{r4<PbpL>kSzrGh{TH_#90dRX

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index af3ae618b7c..a99a711a5d3 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** - Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 16, **Hunting Queries:** 12\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** - Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 18, **Hunting Queries:** 13\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -397,6 +397,34 @@
                 }
               }
             ]
+          },
+          {
+            "name": "analytic17",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Posture integration disabled or removed",
+            "elements": [
+              {
+                "name": "analytic17-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A device-posture integration (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) was disabled or removed from the tailnet. Posture integrations enforce device compliance (OS up-to-date, EDR running, etc.) before allowing tailnet access; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise (posture integrations feature)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic18",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: New posture integration added",
+            "elements": [
+              {
+                "name": "analytic18-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A new device-posture integration was added to the tailnet. Posture integrations connect Tailscale to MDM/EDR systems (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) for device compliance enforcement. Adding a new integration is legitimate during setup or vendor changes; an unexpected addition could indicate an attacker establishing a control plane or bypassing existing compliance gates. Requires Tailscale Premium or Enterprise."
+                }
+              }
+            ]
           }
         ]
       },
@@ -589,6 +617,20 @@
                 }
               }
             ]
+          },
+          {
+            "name": "huntingquery13",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Current posture integration inventory",
+            "elements": [
+              {
+                "name": "huntingquery13-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Lists the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_PostureIntegrations_CL Parser or Table)"
+                }
+              }
+            ]
           }
         ]
       }
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 958ab697645..38b2e19bd0e 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -188,6 +188,20 @@
       "analyticRuleTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')))]",
       "_analyticRulecontentProductId16": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d','-', '1.0.0')))]"
     },
+    "analyticRuleObject17": {
+      "analyticRuleVersion17": "1.0.0",
+      "_analyticRulecontentId17": "a1b2c3d4-5678-9012-34ab-cdef12345030",
+      "analyticRuleId17": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a1b2c3d4-5678-9012-34ab-cdef12345030')]",
+      "analyticRuleTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a1b2c3d4-5678-9012-34ab-cdef12345030')))]",
+      "_analyticRulecontentProductId17": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a1b2c3d4-5678-9012-34ab-cdef12345030','-', '1.0.0')))]"
+    },
+    "analyticRuleObject18": {
+      "analyticRuleVersion18": "1.0.0",
+      "_analyticRulecontentId18": "b2c3d4e5-6789-0123-45ab-cdef12345031",
+      "analyticRuleId18": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b2c3d4e5-6789-0123-45ab-cdef12345031')]",
+      "analyticRuleTemplateSpecName18": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b2c3d4e5-6789-0123-45ab-cdef12345031')))]",
+      "_analyticRulecontentProductId18": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b2c3d4e5-6789-0123-45ab-cdef12345031','-', '1.0.0')))]"
+    },
     "huntingQueryObject1": {
       "huntingQueryVersion1": "1.0.0",
       "_huntingQuerycontentId1": "a91f4d3c-1b7e-4f2a-9c1d-0e3b5f7c8d9a",
@@ -248,6 +262,11 @@
       "_huntingQuerycontentId12": "b28cbdd2-8cef-be9b-a38e-7faceedfdbec",
       "huntingQueryTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('b28cbdd2-8cef-be9b-a38e-7faceedfdbec')))]"
     },
+    "huntingQueryObject13": {
+      "huntingQueryVersion13": "1.0.0",
+      "_huntingQuerycontentId13": "c3d4e5f6-7890-1234-56ab-cdef12345032",
+      "huntingQueryTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('c3d4e5f6-7890-1234-56ab-cdef12345032')))]"
+    },
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "TailscaleStandardOperationsWorkbook",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
@@ -1420,6 +1439,53 @@
                 },
                 "retentionInDays": 90
               }
+            },
+            {
+              "name": "Tailscale_PostureIntegrations_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_PostureIntegrations_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "IntegrationId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Provider",
+                      "type": "string"
+                    },
+                    {
+                      "name": "CloudId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "ClientId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "TenantId_Provider",
+                      "type": "string"
+                    },
+                    {
+                      "name": "ConfigOverwrites",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Status",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
             }
           ]
         },
@@ -2168,17 +2234,62 @@
                   "title": "Tailscale Premium (CCF)",
                   "publisher": "Custom",
                   "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-                  "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration`) **and network flow logs** (`/logging/network`) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Premium and Enterprise tier tailnets.** For Personal (Free) and Standard tailnets, install **Tailscale Standard (CCF)** instead.",
+                  "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Premium and Enterprise** tier tailnets. Polls every endpoint the Standard connector polls, **plus** Premium-only network flow logs and posture-integration inventory. Eleven endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events\n- `/logging/network` - **Premium** network flow logs (per-node traffic with src/dst/protocol/bytes)\n- `/devices` - device inventory\n- `/users` - user inventory\n- `/keys?all=true` - auth keys + API tokens + OAuth clients\n- `/webhooks` - webhook configuration\n- `/dns/nameservers` - DNS resolver snapshot\n- `/dns/preferences` - MagicDNS toggle state\n- `/dns/searchpaths` - DNS search paths\n- `/settings` - tailnet settings flags\n- `/posture/integrations` - **Premium** MDM/EDR integration inventory (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.)\n\n**OAuth scopes required:** `logs:configuration:read`, `logs:network:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`).\n\n**If your tailnet is Personal (Free) or Standard tier, install `Tailscale Standard (CCF)` instead - this Premium connector's network and posture pollers will return 403 on lower tiers.**",
                   "graphQueries": [
                     {
-                      "metricName": "Configuration audit events",
+                      "metricName": "Audit",
                       "legend": "Tailscale_Audit_CL",
                       "baseQuery": "Tailscale_Audit_CL"
                     },
                     {
-                      "metricName": "Network flow events",
+                      "metricName": "Devices",
+                      "legend": "Tailscale_Devices_CL",
+                      "baseQuery": "Tailscale_Devices_CL"
+                    },
+                    {
+                      "metricName": "Users",
+                      "legend": "Tailscale_Users_CL",
+                      "baseQuery": "Tailscale_Users_CL"
+                    },
+                    {
+                      "metricName": "Keys",
+                      "legend": "Tailscale_Keys_CL",
+                      "baseQuery": "Tailscale_Keys_CL"
+                    },
+                    {
+                      "metricName": "Webhooks",
+                      "legend": "Tailscale_Webhooks_CL",
+                      "baseQuery": "Tailscale_Webhooks_CL"
+                    },
+                    {
+                      "metricName": "DnsNameservers",
+                      "legend": "Tailscale_DnsNameservers_CL",
+                      "baseQuery": "Tailscale_DnsNameservers_CL"
+                    },
+                    {
+                      "metricName": "DnsPreferences",
+                      "legend": "Tailscale_DnsPreferences_CL",
+                      "baseQuery": "Tailscale_DnsPreferences_CL"
+                    },
+                    {
+                      "metricName": "DnsSearchPaths",
+                      "legend": "Tailscale_DnsSearchPaths_CL",
+                      "baseQuery": "Tailscale_DnsSearchPaths_CL"
+                    },
+                    {
+                      "metricName": "Settings",
+                      "legend": "Tailscale_Settings_CL",
+                      "baseQuery": "Tailscale_Settings_CL"
+                    },
+                    {
+                      "metricName": "Network",
                       "legend": "Tailscale_Network_CL",
                       "baseQuery": "Tailscale_Network_CL"
+                    },
+                    {
+                      "metricName": "PostureIntegrations",
+                      "legend": "Tailscale_PostureIntegrations_CL",
+                      "baseQuery": "Tailscale_PostureIntegrations_CL"
                     }
                   ],
                   "dataTypes": [
@@ -2186,27 +2297,67 @@
                       "name": "Tailscale_Audit_CL",
                       "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
                     },
+                    {
+                      "name": "Tailscale_Devices_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Devices_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_Users_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Users_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_Keys_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Keys_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_Webhooks_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Webhooks_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_DnsNameservers_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsNameservers_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_DnsPreferences_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsPreferences_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_DnsSearchPaths_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsSearchPaths_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_Settings_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Settings_CL')]"
+                    },
                     {
                       "name": "Tailscale_Network_CL",
                       "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Network_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_PostureIntegrations_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_PostureIntegrations_CL')]"
                     }
                   ],
                   "sampleQueries": [
                     {
-                      "description": "Recent Tailscale configuration audit events",
-                      "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
+                      "description": "Recent network flows",
+                      "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
                     },
                     {
-                      "description": "Recent Tailscale network flows",
-                      "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
+                      "description": "Top exit-node egress destinations",
+                      "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), ExitDst = tostring(t.dst)\n| summarize TotalBytes = sum(Bytes) by ExitDst\n| top 25 by TotalBytes"
+                    },
+                    {
+                      "description": "Currently configured posture integrations",
+                      "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| project IntegrationId, Provider, ClientId, Status"
                     },
                     {
-                      "description": "Top talkers (by bytes) on the tailnet",
-                      "query": "Tailscale_Network_CL\n| mv-expand t = VirtualTraffic\n| extend src = tostring(t.src), dst = tostring(t.dst), txBytes = tolong(t.txBytes), rxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(txBytes + rxBytes) by src, dst\n| top 25 by TotalBytes"
+                      "description": "Device inventory by OS",
+                      "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Devices = count() by Os"
                     },
                     {
-                      "description": "Exit-node traffic (data leaving the tailnet via an exit node)",
-                      "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| project TimeGenerated, NodeId, SrcNode, ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)"
+                      "description": "Recent audit events",
+                      "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
                     }
                   ],
                   "connectivityCriteria": [
@@ -2236,7 +2387,7 @@
                   "instructionSteps": [
                     {
                       "title": "Connect Tailscale (Premium)",
-                      "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** and **Network Logs - Read** scopes. Find your tailnet name on the Keys page.",
+                      "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with these **Read** scopes: Logs > Configuration, Logs > Network (Premium), General > DNS, General > Users, Devices > Core, Keys > Auth Keys, Keys > Webhooks, Settings > Feature Settings (or tick `all:read`). Find your tailnet name on the Keys page.",
                       "instructions": [
                         {
                           "type": "Textbox",
@@ -2357,452 +2508,1763 @@
                       }
                     ]
                   },
-                  "Custom-Tailscale_Network_CL": {
+                  "Custom-Tailscale_Devices_CL": {
                     "columns": [
                       {
-                        "name": "nodeId",
+                        "name": "id",
                         "type": "string"
                       },
                       {
-                        "name": "logged",
+                        "name": "name",
+                        "type": "string"
+                      },
+                      {
+                        "name": "hostname",
+                        "type": "string"
+                      },
+                      {
+                        "name": "user",
+                        "type": "string"
+                      },
+                      {
+                        "name": "os",
+                        "type": "string"
+                      },
+                      {
+                        "name": "clientVersion",
+                        "type": "string"
+                      },
+                      {
+                        "name": "updateAvailable",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "authorized",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "isExternal",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "created",
                         "type": "datetime"
                       },
                       {
-                        "name": "start",
+                        "name": "lastSeen",
                         "type": "datetime"
                       },
                       {
-                        "name": "end",
+                        "name": "expires",
                         "type": "datetime"
                       },
                       {
-                        "name": "srcNode",
-                        "type": "dynamic"
+                        "name": "keyExpiryDisabled",
+                        "type": "boolean"
                       },
                       {
-                        "name": "dstNodes",
+                        "name": "blocksIncomingConnections",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "addresses",
                         "type": "dynamic"
                       },
                       {
-                        "name": "virtualTraffic",
+                        "name": "tags",
                         "type": "dynamic"
                       },
                       {
-                        "name": "subnetTraffic",
+                        "name": "enabledRoutes",
                         "type": "dynamic"
                       },
                       {
-                        "name": "exitTraffic",
+                        "name": "advertisedRoutes",
                         "type": "dynamic"
                       },
                       {
-                        "name": "physicalTraffic",
+                        "name": "clientConnectivity",
                         "type": "dynamic"
+                      },
+                      {
+                        "name": "machineKey",
+                        "type": "string"
+                      },
+                      {
+                        "name": "nodeKey",
+                        "type": "string"
                       }
                     ]
-                  }
-                },
-                "destinations": {
-                  "logAnalytics": [
-                    {
-                      "workspaceResourceId": "[variables('workspaceResourceId')]",
-                      "name": "sentinelWorkspace"
-                    }
-                  ]
-                },
-                "dataFlows": [
-                  {
-                    "streams": [
-                      "Custom-Tailscale_Audit_CL"
-                    ],
-                    "destinations": [
-                      "sentinelWorkspace"
-                    ],
-                    "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
-                    "outputStream": "Custom-Tailscale_Audit_CL"
                   },
-                  {
-                    "streams": [
-                      "Custom-Tailscale_Network_CL"
-                    ],
-                    "destinations": [
-                      "sentinelWorkspace"
-                    ],
-                    "transformKql": "source | extend TimeGenerated = logged | extend NodeId = nodeId | extend FlowStart = start | extend FlowEnd = end | extend SrcNode = srcNode | extend DstNodes = dstNodes | extend VirtualTraffic = virtualTraffic | extend SubnetTraffic = subnetTraffic | extend ExitTraffic = exitTraffic | extend PhysicalTraffic = physicalTraffic | project TimeGenerated, NodeId, FlowStart, FlowEnd, SrcNode, DstNodes, VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic",
-                    "outputStream": "Custom-Tailscale_Network_CL"
-                  }
-                ]
-              }
-            },
-            {
-              "name": "Tailscale_Audit_CL",
-              "apiVersion": "2022-10-01",
-              "type": "Microsoft.OperationalInsights/workspaces/tables",
-              "location": "[parameters('workspace-location')]",
-              "kind": null,
-              "properties": {
-                "schema": {
-                  "name": "Tailscale_Audit_CL",
-                  "columns": [
-                    {
-                      "name": "TimeGenerated",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "EventTime",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "EventGroupID",
-                      "type": "string"
-                    },
-                    {
-                      "name": "Actor",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "Action",
-                      "type": "string"
-                    },
-                    {
-                      "name": "Target",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "Origin",
-                      "type": "dynamic"
+                  "Custom-Tailscale_Users_CL": {
+                    "columns": [
+                      {
+                        "name": "id",
+                        "type": "string"
+                      },
+                      {
+                        "name": "displayName",
+                        "type": "string"
+                      },
+                      {
+                        "name": "loginName",
+                        "type": "string"
+                      },
+                      {
+                        "name": "tailnetId",
+                        "type": "string"
+                      },
+                      {
+                        "name": "type",
+                        "type": "string"
+                      },
+                      {
+                        "name": "role",
+                        "type": "string"
+                      },
+                      {
+                        "name": "status",
+                        "type": "string"
+                      },
+                      {
+                        "name": "deviceCount",
+                        "type": "int"
+                      },
+                      {
+                        "name": "created",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "lastSeen",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "currentlyConnected",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "profilePicUrl",
+                        "type": "string"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_Keys_CL": {
+                    "columns": [
+                      {
+                        "name": "id",
+                        "type": "string"
+                      },
+                      {
+                        "name": "description",
+                        "type": "string"
+                      },
+                      {
+                        "name": "userId",
+                        "type": "string"
+                      },
+                      {
+                        "name": "created",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "expires",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "revoked",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "capabilities",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "keyType",
+                        "type": "string"
+                      },
+                      {
+                        "name": "expirySeconds",
+                        "type": "int"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_Webhooks_CL": {
+                    "columns": [
+                      {
+                        "name": "endpointId",
+                        "type": "string"
+                      },
+                      {
+                        "name": "endpointUrl",
+                        "type": "string"
+                      },
+                      {
+                        "name": "providerType",
+                        "type": "string"
+                      },
+                      {
+                        "name": "creatorLoginName",
+                        "type": "string"
+                      },
+                      {
+                        "name": "created",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "lastModified",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "subscriptions",
+                        "type": "dynamic"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_DnsNameservers_CL": {
+                    "columns": [
+                      {
+                        "name": "dns",
+                        "type": "dynamic"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_Settings_CL": {
+                    "columns": [
+                      {
+                        "name": "devicesApprovalOn",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "devicesAutoUpdatesOn",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "devicesKeyDurationDays",
+                        "type": "int"
+                      },
+                      {
+                        "name": "usersApprovalOn",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "usersRoleAllowedToJoinExternalTailnets",
+                        "type": "string"
+                      },
+                      {
+                        "name": "networkFlowLoggingOn",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "regionalRoutingOn",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "postureIdentityCollectionOn",
+                        "type": "boolean"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_DnsPreferences_CL": {
+                    "columns": [
+                      {
+                        "name": "magicDNS",
+                        "type": "boolean"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_DnsSearchPaths_CL": {
+                    "columns": [
+                      {
+                        "name": "searchPaths",
+                        "type": "dynamic"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_Network_CL": {
+                    "columns": [
+                      {
+                        "name": "nodeId",
+                        "type": "string"
+                      },
+                      {
+                        "name": "logged",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "start",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "end",
+                        "type": "datetime"
+                      },
+                      {
+                        "name": "srcNode",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "dstNodes",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "virtualTraffic",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "subnetTraffic",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "exitTraffic",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "physicalTraffic",
+                        "type": "dynamic"
+                      }
+                    ]
+                  },
+                  "Custom-Tailscale_PostureIntegrations_CL": {
+                    "columns": [
+                      {
+                        "name": "id",
+                        "type": "string"
+                      },
+                      {
+                        "name": "provider",
+                        "type": "string"
+                      },
+                      {
+                        "name": "cloudId",
+                        "type": "string"
+                      },
+                      {
+                        "name": "clientId",
+                        "type": "string"
+                      },
+                      {
+                        "name": "tenantId",
+                        "type": "string"
+                      },
+                      {
+                        "name": "configOverwrites",
+                        "type": "dynamic"
+                      },
+                      {
+                        "name": "status",
+                        "type": "dynamic"
+                      }
+                    ]
+                  }
+                },
+                "destinations": {
+                  "logAnalytics": [
+                    {
+                      "workspaceResourceId": "[variables('workspaceResourceId')]",
+                      "name": "sentinelWorkspace"
+                    }
+                  ]
+                },
+                "dataFlows": [
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Audit_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
+                    "outputStream": "Custom-Tailscale_Audit_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Devices_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend DeviceId = id | extend DeviceName = name | extend Hostname = hostname | extend User = user | extend Os = os | extend ClientVersion = clientVersion | extend UpdateAvailable = updateAvailable | extend Authorized = authorized | extend IsExternal = isExternal | extend Created = created | extend LastSeen = lastSeen | extend Expires = expires | extend KeyExpiryDisabled = keyExpiryDisabled | extend BlocksIncomingConnections = blocksIncomingConnections | extend Addresses = addresses | extend Tags = tags | extend EnabledRoutes = enabledRoutes | extend AdvertisedRoutes = advertisedRoutes | extend ClientConnectivity = clientConnectivity | extend MachineKey = machineKey | extend NodeKey = nodeKey | project TimeGenerated, DeviceId, DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, Created, LastSeen, Expires, KeyExpiryDisabled, BlocksIncomingConnections, Addresses, Tags, EnabledRoutes, AdvertisedRoutes, ClientConnectivity, MachineKey, NodeKey",
+                    "outputStream": "Custom-Tailscale_Devices_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Users_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend UserId = id | extend DisplayName = displayName | extend LoginName = loginName | extend TailnetId = tailnetId | extend UserType = type | extend Role = role | extend Status = status | extend DeviceCount = deviceCount | extend Created = created | extend LastSeen = lastSeen | extend CurrentlyConnected = currentlyConnected | extend ProfilePicUrl = profilePicUrl | project TimeGenerated, UserId, DisplayName, LoginName, TailnetId, UserType, Role, Status, DeviceCount, Created, LastSeen, CurrentlyConnected, ProfilePicUrl",
+                    "outputStream": "Custom-Tailscale_Users_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Keys_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend KeyId = id | extend Description = description | extend UserId = userId | extend Created = created | extend Expires = expires | extend Revoked = revoked | extend Capabilities = capabilities | extend KeyType = keyType | extend ExpirySeconds = expirySeconds | project TimeGenerated, KeyId, Description, UserId, Created, Expires, Revoked, Capabilities, KeyType, ExpirySeconds",
+                    "outputStream": "Custom-Tailscale_Keys_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Webhooks_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend EndpointId = endpointId | extend EndpointUrl = endpointUrl | extend ProviderType = providerType | extend CreatorLoginName = creatorLoginName | extend Created = created | extend LastModified = lastModified | extend Subscriptions = subscriptions | project TimeGenerated, EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions",
+                    "outputStream": "Custom-Tailscale_Webhooks_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_DnsNameservers_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend DnsServers = dns | project TimeGenerated, DnsServers",
+                    "outputStream": "Custom-Tailscale_DnsNameservers_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Settings_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend DevicesApprovalOn = devicesApprovalOn | extend DevicesAutoUpdatesOn = devicesAutoUpdatesOn | extend DevicesKeyDurationDays = devicesKeyDurationDays | extend UsersApprovalOn = usersApprovalOn | extend UsersRoleAllowedToJoinExternalTailnets = usersRoleAllowedToJoinExternalTailnets | extend NetworkFlowLoggingOn = networkFlowLoggingOn | extend RegionalRoutingOn = regionalRoutingOn | extend PostureIdentityCollectionOn = postureIdentityCollectionOn | project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn",
+                    "outputStream": "Custom-Tailscale_Settings_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_DnsPreferences_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend MagicDNS = magicDNS | project TimeGenerated, MagicDNS",
+                    "outputStream": "Custom-Tailscale_DnsPreferences_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_DnsSearchPaths_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend SearchPaths = searchPaths | project TimeGenerated, SearchPaths",
+                    "outputStream": "Custom-Tailscale_DnsSearchPaths_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_Network_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = logged | extend NodeId = nodeId | extend FlowStart = start | extend FlowEnd = end | extend SrcNode = srcNode | extend DstNodes = dstNodes | extend VirtualTraffic = virtualTraffic | extend SubnetTraffic = subnetTraffic | extend ExitTraffic = exitTraffic | extend PhysicalTraffic = physicalTraffic | project TimeGenerated, NodeId, FlowStart, FlowEnd, SrcNode, DstNodes, VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic",
+                    "outputStream": "Custom-Tailscale_Network_CL"
+                  },
+                  {
+                    "streams": [
+                      "Custom-Tailscale_PostureIntegrations_CL"
+                    ],
+                    "destinations": [
+                      "sentinelWorkspace"
+                    ],
+                    "transformKql": "source | extend TimeGenerated = now() | extend IntegrationId = id | extend Provider = provider | extend CloudId = cloudId | extend ClientId = clientId | extend TenantId_Provider = tenantId | extend ConfigOverwrites = configOverwrites | extend Status = status | project TimeGenerated, IntegrationId, Provider, CloudId, ClientId, TenantId_Provider, ConfigOverwrites, Status",
+                    "outputStream": "Custom-Tailscale_PostureIntegrations_CL"
+                  }
+                ]
+              }
+            },
+            {
+              "name": "Tailscale_Audit_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Audit_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "EventTime",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "EventGroupID",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Actor",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Action",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Target",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Origin",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "New",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Old",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_Devices_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Devices_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "DeviceId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DeviceName",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Hostname",
+                      "type": "string"
+                    },
+                    {
+                      "name": "User",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Os",
+                      "type": "string"
+                    },
+                    {
+                      "name": "ClientVersion",
+                      "type": "string"
+                    },
+                    {
+                      "name": "UpdateAvailable",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "Authorized",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "IsExternal",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "Created",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "LastSeen",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "Expires",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "KeyExpiryDisabled",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "BlocksIncomingConnections",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "Addresses",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Tags",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "EnabledRoutes",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "AdvertisedRoutes",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "ClientConnectivity",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "MachineKey",
+                      "type": "string"
+                    },
+                    {
+                      "name": "NodeKey",
+                      "type": "string"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_Users_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Users_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "UserId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DisplayName",
+                      "type": "string"
+                    },
+                    {
+                      "name": "LoginName",
+                      "type": "string"
+                    },
+                    {
+                      "name": "TailnetId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "UserType",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Role",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Status",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DeviceCount",
+                      "type": "int"
+                    },
+                    {
+                      "name": "Created",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "LastSeen",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "CurrentlyConnected",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "ProfilePicUrl",
+                      "type": "string"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_Keys_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Keys_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "KeyId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Description",
+                      "type": "string"
+                    },
+                    {
+                      "name": "UserId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Created",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "Expires",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "Revoked",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "Capabilities",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "KeyType",
+                      "type": "string"
+                    },
+                    {
+                      "name": "ExpirySeconds",
+                      "type": "int"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_Webhooks_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Webhooks_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
                     },
                     {
-                      "name": "New",
+                      "name": "EndpointId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "EndpointUrl",
+                      "type": "string"
+                    },
+                    {
+                      "name": "ProviderType",
+                      "type": "string"
+                    },
+                    {
+                      "name": "CreatorLoginName",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Created",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "LastModified",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "Subscriptions",
                       "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_DnsNameservers_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_DnsNameservers_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
                     },
                     {
-                      "name": "Old",
+                      "name": "DnsServers",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_Settings_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Settings_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "DevicesApprovalOn",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "DevicesAutoUpdatesOn",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "DevicesKeyDurationDays",
+                      "type": "int"
+                    },
+                    {
+                      "name": "UsersApprovalOn",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "UsersRoleAllowedToJoinExternalTailnets",
+                      "type": "string"
+                    },
+                    {
+                      "name": "NetworkFlowLoggingOn",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "RegionalRoutingOn",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "PostureIdentityCollectionOn",
+                      "type": "boolean"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_DnsPreferences_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_DnsPreferences_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "MagicDNS",
+                      "type": "boolean"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_DnsSearchPaths_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_DnsSearchPaths_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "SearchPaths",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_Network_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Network_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "NodeId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "FlowStart",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "FlowEnd",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "SrcNode",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "DstNodes",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "VirtualTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "SubnetTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "ExitTraffic",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "PhysicalTraffic",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
+            },
+            {
+              "name": "Tailscale_PostureIntegrations_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_PostureIntegrations_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "IntegrationId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Provider",
+                      "type": "string"
+                    },
+                    {
+                      "name": "CloudId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "ClientId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "TenantId_Provider",
+                      "type": "string"
+                    },
+                    {
+                      "name": "ConfigOverwrites",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "Status",
                       "type": "dynamic"
                     }
                   ]
                 },
-                "retentionInDays": 90
+                "retentionInDays": 90
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition2'),'-', variables('dataConnectorCCPVersion'))))]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "version": "[variables('dataConnectorCCPVersion')]"
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]",
+      "apiVersion": "2022-09-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
+      "location": "[parameters('workspace-location')]",
+      "kind": "Customizable",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "Tailscale Premium (CCF)",
+          "publisher": "Custom",
+          "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
+          "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Premium and Enterprise** tier tailnets. Polls every endpoint the Standard connector polls, **plus** Premium-only network flow logs and posture-integration inventory. Eleven endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events\n- `/logging/network` - **Premium** network flow logs (per-node traffic with src/dst/protocol/bytes)\n- `/devices` - device inventory\n- `/users` - user inventory\n- `/keys?all=true` - auth keys + API tokens + OAuth clients\n- `/webhooks` - webhook configuration\n- `/dns/nameservers` - DNS resolver snapshot\n- `/dns/preferences` - MagicDNS toggle state\n- `/dns/searchpaths` - DNS search paths\n- `/settings` - tailnet settings flags\n- `/posture/integrations` - **Premium** MDM/EDR integration inventory (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.)\n\n**OAuth scopes required:** `logs:configuration:read`, `logs:network:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`).\n\n**If your tailnet is Personal (Free) or Standard tier, install `Tailscale Standard (CCF)` instead - this Premium connector's network and posture pollers will return 403 on lower tiers.**",
+          "graphQueries": [
+            {
+              "metricName": "Audit",
+              "legend": "Tailscale_Audit_CL",
+              "baseQuery": "Tailscale_Audit_CL"
+            },
+            {
+              "metricName": "Devices",
+              "legend": "Tailscale_Devices_CL",
+              "baseQuery": "Tailscale_Devices_CL"
+            },
+            {
+              "metricName": "Users",
+              "legend": "Tailscale_Users_CL",
+              "baseQuery": "Tailscale_Users_CL"
+            },
+            {
+              "metricName": "Keys",
+              "legend": "Tailscale_Keys_CL",
+              "baseQuery": "Tailscale_Keys_CL"
+            },
+            {
+              "metricName": "Webhooks",
+              "legend": "Tailscale_Webhooks_CL",
+              "baseQuery": "Tailscale_Webhooks_CL"
+            },
+            {
+              "metricName": "DnsNameservers",
+              "legend": "Tailscale_DnsNameservers_CL",
+              "baseQuery": "Tailscale_DnsNameservers_CL"
+            },
+            {
+              "metricName": "DnsPreferences",
+              "legend": "Tailscale_DnsPreferences_CL",
+              "baseQuery": "Tailscale_DnsPreferences_CL"
+            },
+            {
+              "metricName": "DnsSearchPaths",
+              "legend": "Tailscale_DnsSearchPaths_CL",
+              "baseQuery": "Tailscale_DnsSearchPaths_CL"
+            },
+            {
+              "metricName": "Settings",
+              "legend": "Tailscale_Settings_CL",
+              "baseQuery": "Tailscale_Settings_CL"
+            },
+            {
+              "metricName": "Network",
+              "legend": "Tailscale_Network_CL",
+              "baseQuery": "Tailscale_Network_CL"
+            },
+            {
+              "metricName": "PostureIntegrations",
+              "legend": "Tailscale_PostureIntegrations_CL",
+              "baseQuery": "Tailscale_PostureIntegrations_CL"
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "Tailscale_Audit_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
+            },
+            {
+              "name": "Tailscale_Devices_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Devices_CL')]"
+            },
+            {
+              "name": "Tailscale_Users_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Users_CL')]"
+            },
+            {
+              "name": "Tailscale_Keys_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Keys_CL')]"
+            },
+            {
+              "name": "Tailscale_Webhooks_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Webhooks_CL')]"
+            },
+            {
+              "name": "Tailscale_DnsNameservers_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsNameservers_CL')]"
+            },
+            {
+              "name": "Tailscale_DnsPreferences_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsPreferences_CL')]"
+            },
+            {
+              "name": "Tailscale_DnsSearchPaths_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsSearchPaths_CL')]"
+            },
+            {
+              "name": "Tailscale_Settings_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Settings_CL')]"
+            },
+            {
+              "name": "Tailscale_Network_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Network_CL')]"
+            },
+            {
+              "name": "Tailscale_PostureIntegrations_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_PostureIntegrations_CL')]"
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Recent network flows",
+              "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
+            },
+            {
+              "description": "Top exit-node egress destinations",
+              "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), ExitDst = tostring(t.dst)\n| summarize TotalBytes = sum(Bytes) by ExitDst\n| top 25 by TotalBytes"
+            },
+            {
+              "description": "Currently configured posture integrations",
+              "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| project IntegrationId, Provider, ClientId, Status"
+            },
+            {
+              "description": "Device inventory by OS",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Devices = count() by Os"
+            },
+            {
+              "description": "Recent audit events",
+              "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
+            }
+          ],
+          "connectivityCriteria": [
+            {
+              "type": "HasDataConnectors"
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": true
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "Read/Write on the workspace",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "write": true,
+                  "read": true,
+                  "delete": true
+                }
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "title": "Connect Tailscale (Premium)",
+              "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with these **Read** scopes: Logs > Configuration, Logs > Network (Premium), General > DNS, General > Users, Devices > Core, Keys > Auth Keys, Keys > Webhooks, Settings > Feature Settings (or tick `all:read`). Find your tailnet name on the Keys page.",
+              "instructions": [
+                {
+                  "type": "Textbox",
+                  "parameters": {
+                    "label": "Tailscale tailnet",
+                    "placeholder": "tail-XXXX.ts.net",
+                    "type": "text",
+                    "name": "tailnetName"
+                  }
+                },
+                {
+                  "type": "Textbox",
+                  "parameters": {
+                    "label": "OAuth Client ID",
+                    "placeholder": "k...",
+                    "type": "text",
+                    "name": "clientId"
+                  }
+                },
+                {
+                  "type": "Textbox",
+                  "parameters": {
+                    "label": "OAuth Client Secret",
+                    "placeholder": "tskey-client-...",
+                    "type": "password",
+                    "name": "clientSecret"
+                  }
+                },
+                {
+                  "type": "ConnectionToggleButton",
+                  "parameters": {
+                    "connectLabel": "Connect",
+                    "disconnectLabel": "Disconnect"
+                  }
+                }
+              ]
+            }
+          ],
+          "id": "TailscalePremiumCCF"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]",
+      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "properties": {
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]",
+        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorCCPVersion')]",
+        "source": {
+          "sourceId": "[variables('_solutionId')]",
+          "name": "[variables('_solutionName')]",
+          "kind": "Solution"
+        },
+        "author": {
+          "name": "noodlemctwoodle"
+        },
+        "support": {
+          "name": "Community",
+          "tier": "Community",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
+        },
+        "dependencies": {
+          "criteria": [
+            {
+              "version": "[variables('dataConnectorCCPVersion')]",
+              "contentId": "[variables('_dataConnectorContentIdConnections2')]",
+              "kind": "ResourcesDataConnector"
+            }
+          ]
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections2'), variables('dataConnectorCCPVersion'))]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "contentId": "[variables('_dataConnectorContentIdConnections2')]",
+        "displayName": "Tailscale Premium (CCF)",
+        "contentKind": "ResourcesDataConnector",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorCCPVersion')]",
+          "parameters": {
+            "guidValue": {
+              "defaultValue": "[[newGuid()]",
+              "type": "securestring"
+            },
+            "innerWorkspace": {
+              "defaultValue": "[parameters('workspace')]",
+              "type": "securestring"
+            },
+            "connectorDefinitionName": {
+              "defaultValue": "Tailscale Premium (CCF)",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "workspace": {
+              "defaultValue": "[parameters('workspace')]",
+              "type": "securestring"
+            },
+            "dcrConfig": {
+              "defaultValue": {
+                "dataCollectionEndpoint": "data collection Endpoint",
+                "dataCollectionRuleImmutableId": "data collection rule immutableId"
+              },
+              "type": "object"
+            },
+            "tailnetName": {
+              "defaultValue": "tailnetName",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "clientId": {
+              "defaultValue": "clientId",
+              "type": "securestring",
+              "minLength": 1
+            },
+            "clientSecret": {
+              "defaultValue": "clientSecret",
+              "type": "securestring",
+              "minLength": 1
+            }
+          },
+          "variables": {
+            "_dataConnectorContentIdConnections2": "[variables('_dataConnectorContentIdConnections2')]"
+          },
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections2')))]",
+              "apiVersion": "2022-01-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections2'))]",
+                "contentId": "[variables('_dataConnectorContentIdConnections2')]",
+                "kind": "ResourcesDataConnector",
+                "version": "[variables('dataConnectorCCPVersion')]",
+                "source": {
+                  "sourceId": "[variables('_solutionId')]",
+                  "name": "[variables('_solutionName')]",
+                  "kind": "Solution"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumConfigAuditPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_Audit_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Audit_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/configuration')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 5,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  },
+                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+                  "startTimeAttributeName": "start",
+                  "endTimeAttributeName": "end"
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.logs"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumNetworkPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_Network_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Network_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/network')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 5,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  },
+                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
+                  "startTimeAttributeName": "start",
+                  "endTimeAttributeName": "end"
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.logs"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumDevicesPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_Devices_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Devices_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/devices')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.devices"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumUsersPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_Users_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Users_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/users')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.users"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumKeysPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_Keys_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Keys_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/keys?all=true')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.keys"
+                  ]
+                },
+                "isActive": true
               }
             },
             {
-              "name": "Tailscale_Network_CL",
-              "apiVersion": "2022-10-01",
-              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumWebhooksPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
               "location": "[parameters('workspace-location')]",
-              "kind": null,
+              "kind": "RestApiPoller",
               "properties": {
-                "schema": {
-                  "name": "Tailscale_Network_CL",
-                  "columns": [
-                    {
-                      "name": "TimeGenerated",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "NodeId",
-                      "type": "string"
-                    },
-                    {
-                      "name": "FlowStart",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "FlowEnd",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "SrcNode",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "DstNodes",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "VirtualTraffic",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "SubnetTraffic",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "ExitTraffic",
-                      "type": "dynamic"
-                    },
-                    {
-                      "name": "PhysicalTraffic",
-                      "type": "dynamic"
-                    }
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_Webhooks_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_Webhooks_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
+                },
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/webhooks')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$.webhooks"
                   ]
                 },
-                "retentionInDays": 90
+                "isActive": true
               }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition2'),'-', variables('dataConnectorCCPVersion'))))]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "version": "[variables('dataConnectorCCPVersion')]"
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]",
-      "apiVersion": "2022-09-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions",
-      "location": "[parameters('workspace-location')]",
-      "kind": "Customizable",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "Tailscale Premium (CCF)",
-          "publisher": "Custom",
-          "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-          "descriptionMarkdown": "Polls Tailscale **configuration audit** logs (`/logging/configuration`) **and network flow logs** (`/logging/network`) into Sentinel using OAuth2 client credentials. **Use this connector for Tailscale Premium and Enterprise tier tailnets.** For Personal (Free) and Standard tailnets, install **Tailscale Standard (CCF)** instead.",
-          "graphQueries": [
-            {
-              "metricName": "Configuration audit events",
-              "legend": "Tailscale_Audit_CL",
-              "baseQuery": "Tailscale_Audit_CL"
-            },
-            {
-              "metricName": "Network flow events",
-              "legend": "Tailscale_Network_CL",
-              "baseQuery": "Tailscale_Network_CL"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "Tailscale_Audit_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Audit_CL')]"
-            },
-            {
-              "name": "Tailscale_Network_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Network_CL')]"
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Recent Tailscale configuration audit events",
-              "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
-            },
-            {
-              "description": "Recent Tailscale network flows",
-              "query": "Tailscale_Network_CL\n| sort by TimeGenerated desc\n| take 100"
-            },
-            {
-              "description": "Top talkers (by bytes) on the tailnet",
-              "query": "Tailscale_Network_CL\n| mv-expand t = VirtualTraffic\n| extend src = tostring(t.src), dst = tostring(t.dst), txBytes = tolong(t.txBytes), rxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(txBytes + rxBytes) by src, dst\n| top 25 by TotalBytes"
             },
             {
-              "description": "Exit-node traffic (data leaving the tailnet via an exit node)",
-              "query": "Tailscale_Network_CL\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| project TimeGenerated, NodeId, SrcNode, ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)"
-            }
-          ],
-          "connectivityCriteria": [
-            {
-              "type": "HasDataConnectors"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": true
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "Read/Write on the workspace",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "write": true,
-                  "read": true,
-                  "delete": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "title": "Connect Tailscale (Premium)",
-              "description": "Generate an OAuth client at https://login.tailscale.com/admin/settings/oauth with the **Audit Logs - Read** and **Network Logs - Read** scopes. Find your tailnet name on the Keys page.",
-              "instructions": [
-                {
-                  "type": "Textbox",
-                  "parameters": {
-                    "label": "Tailscale tailnet",
-                    "placeholder": "tail-XXXX.ts.net",
-                    "type": "text",
-                    "name": "tailnetName"
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumDnsNameserversPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_DnsNameservers_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_DnsNameservers_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
                   }
                 },
-                {
-                  "type": "Textbox",
-                  "parameters": {
-                    "label": "OAuth Client ID",
-                    "placeholder": "k...",
-                    "type": "text",
-                    "name": "clientId"
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/dns/nameservers')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
                   }
                 },
-                {
-                  "type": "Textbox",
-                  "parameters": {
-                    "label": "OAuth Client Secret",
-                    "placeholder": "tskey-client-...",
-                    "type": "password",
-                    "name": "clientSecret"
+                "response": {
+                  "eventsJsonPaths": [
+                    "$"
+                  ]
+                },
+                "isActive": true
+              }
+            },
+            {
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumDnsPreferencesPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
+              "properties": {
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_DnsPreferences_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_DnsPreferences_CL"
+                },
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
                   }
                 },
-                {
-                  "type": "ConnectionToggleButton",
-                  "parameters": {
-                    "connectLabel": "Connect",
-                    "disconnectLabel": "Disconnect"
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/dns/preferences')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
                   }
-                }
-              ]
-            }
-          ],
-          "id": "TailscalePremiumCCF"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]",
-      "apiVersion": "2022-01-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]",
-        "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorCCPVersion')]",
-        "source": {
-          "sourceId": "[variables('_solutionId')]",
-          "name": "[variables('_solutionName')]",
-          "kind": "Solution"
-        },
-        "author": {
-          "name": "noodlemctwoodle"
-        },
-        "support": {
-          "name": "Community",
-          "tier": "Community",
-          "link": "https://github.com/Azure/Azure-Sentinel/issues"
-        },
-        "dependencies": {
-          "criteria": [
-            {
-              "version": "[variables('dataConnectorCCPVersion')]",
-              "contentId": "[variables('_dataConnectorContentIdConnections2')]",
-              "kind": "ResourcesDataConnector"
-            }
-          ]
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections2'), variables('dataConnectorCCPVersion'))]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "contentId": "[variables('_dataConnectorContentIdConnections2')]",
-        "displayName": "Tailscale Premium (CCF)",
-        "contentKind": "ResourcesDataConnector",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorCCPVersion')]",
-          "parameters": {
-            "guidValue": {
-              "defaultValue": "[[newGuid()]",
-              "type": "securestring"
-            },
-            "innerWorkspace": {
-              "defaultValue": "[parameters('workspace')]",
-              "type": "securestring"
-            },
-            "connectorDefinitionName": {
-              "defaultValue": "Tailscale Premium (CCF)",
-              "type": "securestring",
-              "minLength": 1
-            },
-            "workspace": {
-              "defaultValue": "[parameters('workspace')]",
-              "type": "securestring"
-            },
-            "dcrConfig": {
-              "defaultValue": {
-                "dataCollectionEndpoint": "data collection Endpoint",
-                "dataCollectionRuleImmutableId": "data collection rule immutableId"
-              },
-              "type": "object"
-            },
-            "tailnetName": {
-              "defaultValue": "tailnetName",
-              "type": "securestring",
-              "minLength": 1
-            },
-            "clientId": {
-              "defaultValue": "clientId",
-              "type": "securestring",
-              "minLength": 1
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$"
+                  ]
+                },
+                "isActive": true
+              }
             },
-            "clientSecret": {
-              "defaultValue": "clientSecret",
-              "type": "securestring",
-              "minLength": 1
-            }
-          },
-          "variables": {
-            "_dataConnectorContentIdConnections2": "[variables('_dataConnectorContentIdConnections2')]"
-          },
-          "resources": [
             {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections2')))]",
-              "apiVersion": "2022-01-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumDnsSearchPathsPoller', parameters('guidValue'))]",
+              "apiVersion": "2023-02-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "RestApiPoller",
               "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections2'))]",
-                "contentId": "[variables('_dataConnectorContentIdConnections2')]",
-                "kind": "ResourcesDataConnector",
-                "version": "[variables('dataConnectorCCPVersion')]",
-                "source": {
-                  "sourceId": "[variables('_solutionId')]",
-                  "name": "[variables('_solutionName')]",
-                  "kind": "Solution"
+                "connectorDefinitionName": "TailscalePremiumCCF",
+                "dataType": "Tailscale_DnsSearchPaths_CL",
+                "dcrConfig": {
+                  "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
+                  "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
+                  "streamName": "Custom-Tailscale_DnsSearchPaths_CL"
                 },
-                "author": {
-                  "name": "noodlemctwoodle"
+                "auth": {
+                  "type": "OAuth2",
+                  "ClientId": "[[parameters('clientId')]",
+                  "ClientSecret": "[[parameters('clientSecret')]",
+                  "GrantType": "client_credentials",
+                  "TokenEndpoint": "https://api.tailscale.com/api/v2/oauth/token",
+                  "TokenEndpointHeaders": {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                  }
                 },
-                "support": {
-                  "name": "Community",
-                  "tier": "Community",
-                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
-                }
+                "request": {
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/dns/searchpaths')]",
+                  "httpMethod": "GET",
+                  "queryWindowInMin": 60,
+                  "rateLimitQps": 1,
+                  "retryCount": 3,
+                  "timeoutInSeconds": 60,
+                  "headers": {
+                    "Accept": "application/json"
+                  }
+                },
+                "response": {
+                  "eventsJsonPaths": [
+                    "$"
+                  ]
+                },
+                "isActive": true
               }
             },
             {
-              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumConfigPoller', parameters('guidValue'))]",
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumSettingsPoller', parameters('guidValue'))]",
               "apiVersion": "2023-02-01-preview",
               "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
               "location": "[parameters('workspace-location')]",
               "kind": "RestApiPoller",
               "properties": {
                 "connectorDefinitionName": "TailscalePremiumCCF",
-                "dataType": "Tailscale_Audit_CL",
+                "dataType": "Tailscale_Settings_CL",
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-                  "streamName": "Custom-Tailscale_Audit_CL"
+                  "streamName": "Custom-Tailscale_Settings_CL"
                 },
                 "auth": {
                   "type": "OAuth2",
@@ -2815,12 +4277,9 @@
                   }
                 },
                 "request": {
-                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/configuration')]",
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/settings')]",
                   "httpMethod": "GET",
-                  "queryWindowInMin": 5,
-                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-                  "startTimeAttributeName": "start",
-                  "endTimeAttributeName": "end",
+                  "queryWindowInMin": 60,
                   "rateLimitQps": 1,
                   "retryCount": 3,
                   "timeoutInSeconds": 60,
@@ -2830,25 +4289,25 @@
                 },
                 "response": {
                   "eventsJsonPaths": [
-                    "$.logs"
+                    "$"
                   ]
                 },
                 "isActive": true
               }
             },
             {
-              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumNetworkPoller', parameters('guidValue'))]",
+              "name": "[[concat(parameters('innerWorkspace'),'/Microsoft.SecurityInsights/', 'TailscalePremiumPostureIntegrationsPoller', parameters('guidValue'))]",
               "apiVersion": "2023-02-01-preview",
               "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
               "location": "[parameters('workspace-location')]",
               "kind": "RestApiPoller",
               "properties": {
                 "connectorDefinitionName": "TailscalePremiumCCF",
-                "dataType": "Tailscale_Network_CL",
+                "dataType": "Tailscale_PostureIntegrations_CL",
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-                  "streamName": "Custom-Tailscale_Network_CL"
+                  "streamName": "Custom-Tailscale_PostureIntegrations_CL"
                 },
                 "auth": {
                   "type": "OAuth2",
@@ -2861,12 +4320,9 @@
                   }
                 },
                 "request": {
-                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/logging/network')]",
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/posture/integrations')]",
                   "httpMethod": "GET",
-                  "queryWindowInMin": 5,
-                  "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-                  "startTimeAttributeName": "start",
-                  "endTimeAttributeName": "end",
+                  "queryWindowInMin": 60,
                   "rateLimitQps": 1,
                   "retryCount": 3,
                   "timeoutInSeconds": 60,
@@ -2876,7 +4332,7 @@
                 },
                 "response": {
                   "eventsJsonPaths": [
-                    "$.logs"
+                    "$.integrations"
                   ]
                 },
                 "isActive": true
@@ -2946,24 +4402,24 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "identifier": "FullName",
                         "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -3059,24 +4515,24 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "identifier": "FullName",
                         "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -3171,24 +4627,24 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "identifier": "FullName",
                         "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -3284,33 +4740,33 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "identifier": "FullName",
                         "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "identifier": "HostName",
                         "columnName": "NodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -3406,24 +4862,24 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "identifier": "FullName",
                         "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -3518,33 +4974,33 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "identifier": "HostName",
                         "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "identifier": "FullName",
                         "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -3641,33 +5097,33 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "identifier": "HostName",
                         "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "identifier": "FullName",
                         "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -3764,24 +5220,24 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "identifier": "FullName",
                         "columnName": "LoginName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -3878,24 +5334,24 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "identifier": "FullName",
                         "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -3992,24 +5448,24 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "identifier": "FullName",
                         "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -4104,24 +5560,24 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "identifier": "FullName",
                         "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -4218,33 +5674,33 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "identifier": "HostName",
                         "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "identifier": "Address",
                         "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -4332,55 +5788,294 @@
                   }
                 ],
                 "tactics": [
-                  "Exfiltration",
-                  "Collection"
+                  "Exfiltration",
+                  "Collection"
+                ],
+                "techniques": [
+                  "T1041",
+                  "T1020"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Host",
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "IP",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "Src"
+                      }
+                    ]
+                  }
+                ],
+                "incidentConfiguration": {
+                  "groupingConfiguration": {
+                    "enabled": true,
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject13').analyticRuleId13,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 13",
+                "parentId": "[variables('analyticRuleObject13').analyticRuleId13]",
+                "contentId": "[variables('analyticRuleObject13')._analyticRulecontentId13]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject13').analyticRuleVersion13]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject13')._analyticRulecontentId13]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
+        "contentProductId": "[variables('analyticRuleObject13')._analyticRulecontentProductId13]",
+        "id": "[variables('analyticRuleObject13')._analyticRulecontentProductId13]",
+        "version": "[variables('analyticRuleObject13').analyticRuleVersion13]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject14').analyticRuleTemplateSpecName14]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject14').analyticRuleVersion14]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Network flow beaconing detected",
+                "enabled": false,
+                "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P2D",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "TailscalePremiumCCF",
+                    "dataTypes": [
+                      "Tailscale_Network_CL"
+                    ]
+                  }
+                ],
+                "tactics": [
+                  "CommandAndControl",
+                  "Exfiltration"
+                ],
+                "techniques": [
+                  "T1071",
+                  "T1095",
+                  "T1029"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "IP",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "Src"
+                      }
+                    ]
+                  }
+                ],
+                "incidentConfiguration": {
+                  "groupingConfiguration": {
+                    "enabled": true,
+                    "lookbackDuration": "1d",
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject14').analyticRuleId14,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 14",
+                "parentId": "[variables('analyticRuleObject14').analyticRuleId14]",
+                "contentId": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject14').analyticRuleVersion14]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: Network flow beaconing detected",
+        "contentProductId": "[variables('analyticRuleObject14')._analyticRulecontentProductId14]",
+        "id": "[variables('analyticRuleObject14')._analyticRulecontentProductId14]",
+        "version": "[variables('analyticRuleObject14').analyticRuleVersion14]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject15').analyticRuleTemplateSpecName15]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject15').analyticRuleVersion15]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Mass fan-out from single node",
+                "enabled": false,
+                "query": "let dstThreshold = 25;\nTailscale_Network_CL\n| where TimeGenerated > ago(15m)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst)\n| summarize UniqueDestinations = dcount(Dst), SrcNodeName = take_any(tostring(SrcNode.name)), TopDestinations = make_set(Dst, 25) by NodeId, Src\n| where UniqueDestinations >= dstThreshold\n| order by UniqueDestinations desc\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "TailscalePremiumCCF",
+                    "dataTypes": [
+                      "Tailscale_Network_CL"
+                    ]
+                  }
+                ],
+                "tactics": [
+                  "Discovery",
+                  "LateralMovement"
                 ],
                 "techniques": [
-                  "T1041",
-                  "T1020"
+                  "T1018",
+                  "T1021",
+                  "T1046"
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "identifier": "HostName",
                         "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "identifier": "Address",
                         "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject13').analyticRuleId13,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject15').analyticRuleId15,'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 13",
-                "parentId": "[variables('analyticRuleObject13').analyticRuleId13]",
-                "contentId": "[variables('analyticRuleObject13')._analyticRulecontentId13]",
+                "description": "Tailscale (CCF) Analytics Rule 15",
+                "parentId": "[variables('analyticRuleObject15').analyticRuleId15]",
+                "contentId": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
                 "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject13').analyticRuleVersion13]",
+                "version": "[variables('analyticRuleObject15').analyticRuleVersion15]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -4403,44 +6098,44 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject13')._analyticRulecontentId13]",
+        "contentId": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
-        "contentProductId": "[variables('analyticRuleObject13')._analyticRulecontentProductId13]",
-        "id": "[variables('analyticRuleObject13')._analyticRulecontentProductId13]",
-        "version": "[variables('analyticRuleObject13').analyticRuleVersion13]"
+        "displayName": "Tailscale Premium: Mass fan-out from single node",
+        "contentProductId": "[variables('analyticRuleObject15')._analyticRulecontentProductId15]",
+        "id": "[variables('analyticRuleObject15')._analyticRulecontentProductId15]",
+        "version": "[variables('analyticRuleObject15').analyticRuleVersion15]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject14').analyticRuleTemplateSpecName14]",
+      "name": "[variables('analyticRuleObject16').analyticRuleTemplateSpecName16]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject14').analyticRuleVersion14]",
+          "contentVersion": "[variables('analyticRuleObject16').analyticRuleVersion16]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
+              "name": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
               "apiVersion": "2023-02-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Network flow beaconing detected",
+                "description": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Subnet router throughput anomaly",
                 "enabled": false,
-                "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n",
+                "query": "let baselineDays = 7d;\nlet recent = 1h;\nlet multiplier = 3.0;\nlet recentTraffic =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), SrcNodeName = tostring(SrcNode.name)\n    | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName;\nlet baseline =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baselineDays + recent) .. ago(recent))\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize TotalBaselineBytes = sum(Bytes) by NodeId\n    | extend BaselineHourlyBytes = TotalBaselineBytes / 168.0;\nrecentTraffic\n| join kind=inner baseline on NodeId\n| where RecentBytes > BaselineHourlyBytes * multiplier\n| extend Multiplier = round(RecentBytes / BaselineHourlyBytes, 1), RecentMB = round(RecentBytes / 1024.0 / 1024.0, 2), BaselineHourlyMB = round(BaselineHourlyBytes / 1024.0 / 1024.0, 2)\n| project NodeId, SrcNodeName, RecentMB, BaselineHourlyMB, Multiplier\n| order by Multiplier desc\n",
                 "queryFrequency": "PT1H",
-                "queryPeriod": "P2D",
-                "severity": "Medium",
+                "queryPeriod": "P8D",
+                "severity": "Low",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -4455,47 +6150,46 @@
                   }
                 ],
                 "tactics": [
-                  "CommandAndControl",
-                  "Exfiltration"
+                  "Exfiltration",
+                  "CommandAndControl"
                 ],
                 "techniques": [
-                  "T1071",
-                  "T1095",
-                  "T1029"
+                  "T1572",
+                  "T1041"
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject14').analyticRuleId14,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject16').analyticRuleId16,'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 14",
-                "parentId": "[variables('analyticRuleObject14').analyticRuleId14]",
-                "contentId": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
+                "description": "Tailscale (CCF) Analytics Rule 16",
+                "parentId": "[variables('analyticRuleObject16').analyticRuleId16]",
+                "contentId": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
                 "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject14').analyticRuleVersion14]",
+                "version": "[variables('analyticRuleObject16').analyticRuleVersion16]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -4518,41 +6212,41 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
+        "contentId": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Network flow beaconing detected",
-        "contentProductId": "[variables('analyticRuleObject14')._analyticRulecontentProductId14]",
-        "id": "[variables('analyticRuleObject14')._analyticRulecontentProductId14]",
-        "version": "[variables('analyticRuleObject14').analyticRuleVersion14]"
+        "displayName": "Tailscale Premium: Subnet router throughput anomaly",
+        "contentProductId": "[variables('analyticRuleObject16')._analyticRulecontentProductId16]",
+        "id": "[variables('analyticRuleObject16')._analyticRulecontentProductId16]",
+        "version": "[variables('analyticRuleObject16').analyticRuleVersion16]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject15').analyticRuleTemplateSpecName15]",
+      "name": "[variables('analyticRuleObject17').analyticRuleTemplateSpecName17]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumPostureIntegrationDisabled_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject15').analyticRuleVersion15]",
+          "contentVersion": "[variables('analyticRuleObject17').analyticRuleVersion17]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
+              "name": "[variables('analyticRuleObject17')._analyticRulecontentId17]",
               "apiVersion": "2023-02-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Mass fan-out from single node",
+                "description": "A device-posture integration (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) was disabled or removed from the tailnet. Posture integrations enforce device compliance (OS up-to-date, EDR running, etc.) before allowing tailnet access; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise (posture integrations feature).",
+                "displayName": "Tailscale Premium: Posture integration disabled or removed",
                 "enabled": false,
-                "query": "let dstThreshold = 25;\nTailscale_Network_CL\n| where TimeGenerated > ago(15m)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst)\n| summarize UniqueDestinations = dcount(Dst), SrcNodeName = take_any(tostring(SrcNode.name)), TopDestinations = make_set(Dst, 25) by NodeId, Src\n| where UniqueDestinations >= dstThreshold\n| order by UniqueDestinations desc\n",
+                "query": "Tailscale_Audit_CL\n| where Action in (\"DELETE\", \"UPDATE\")\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Action, Provider, Target, Old, New, Origin\n",
                 "queryFrequency": "PT15M",
                 "queryPeriod": "PT15M",
                 "severity": "High",
@@ -4565,61 +6259,51 @@
                   {
                     "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
-                      "Tailscale_Network_CL"
+                      "Tailscale_Audit_CL"
                     ]
                   }
                 ],
                 "tactics": [
-                  "Discovery",
-                  "LateralMovement"
+                  "DefenseEvasion",
+                  "Persistence"
                 ],
                 "techniques": [
-                  "T1018",
-                  "T1021",
-                  "T1046"
+                  "T1562",
+                  "T1556"
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
-                      }
-                    ],
-                    "entityType": "Host"
-                  },
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "lookbackDuration": "5h",
-                    "reopenClosedIncident": false,
+                    "enabled": true,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject15').analyticRuleId15,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject17').analyticRuleId17,'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 15",
-                "parentId": "[variables('analyticRuleObject15').analyticRuleId15]",
-                "contentId": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
+                "description": "Tailscale (CCF) Analytics Rule 17",
+                "parentId": "[variables('analyticRuleObject17').analyticRuleId17]",
+                "contentId": "[variables('analyticRuleObject17')._analyticRulecontentId17]",
                 "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject15').analyticRuleVersion15]",
+                "version": "[variables('analyticRuleObject17').analyticRuleVersion17]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -4642,44 +6326,44 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
+        "contentId": "[variables('analyticRuleObject17')._analyticRulecontentId17]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Mass fan-out from single node",
-        "contentProductId": "[variables('analyticRuleObject15')._analyticRulecontentProductId15]",
-        "id": "[variables('analyticRuleObject15')._analyticRulecontentProductId15]",
-        "version": "[variables('analyticRuleObject15').analyticRuleVersion15]"
+        "displayName": "Tailscale Premium: Posture integration disabled or removed",
+        "contentProductId": "[variables('analyticRuleObject17')._analyticRulecontentProductId17]",
+        "id": "[variables('analyticRuleObject17')._analyticRulecontentProductId17]",
+        "version": "[variables('analyticRuleObject17').analyticRuleVersion17]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleObject16').analyticRuleTemplateSpecName16]",
+      "name": "[variables('analyticRuleObject18').analyticRuleTemplateSpecName18]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumNewPostureIntegration_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleObject16').analyticRuleVersion16]",
+          "contentVersion": "[variables('analyticRuleObject18').analyticRuleVersion18]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
+              "name": "[variables('analyticRuleObject18')._analyticRulecontentId18]",
               "apiVersion": "2023-02-01-preview",
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Subnet router throughput anomaly",
+                "description": "A new device-posture integration was added to the tailnet. Posture integrations connect Tailscale to MDM/EDR systems (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) for device compliance enforcement. Adding a new integration is legitimate during setup or vendor changes; an unexpected addition could indicate an attacker establishing a control plane or bypassing existing compliance gates. Requires Tailscale Premium or Enterprise.",
+                "displayName": "Tailscale Premium: New posture integration added",
                 "enabled": false,
-                "query": "let baselineDays = 7d;\nlet recent = 1h;\nlet multiplier = 3.0;\nlet recentTraffic =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), SrcNodeName = tostring(SrcNode.name)\n    | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName;\nlet baseline =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baselineDays + recent) .. ago(recent))\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize TotalBaselineBytes = sum(Bytes) by NodeId\n    | extend BaselineHourlyBytes = TotalBaselineBytes / 168.0;\nrecentTraffic\n| join kind=inner baseline on NodeId\n| where RecentBytes > BaselineHourlyBytes * multiplier\n| extend Multiplier = round(RecentBytes / BaselineHourlyBytes, 1), RecentMB = round(RecentBytes / 1024.0 / 1024.0, 2), BaselineHourlyMB = round(BaselineHourlyBytes / 1024.0 / 1024.0, 2)\n| project NodeId, SrcNodeName, RecentMB, BaselineHourlyMB, Multiplier\n| order by Multiplier desc\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "P8D",
-                "severity": "Low",
+                "query": "Tailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Provider, Target, New, Origin\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -4689,51 +6373,49 @@
                   {
                     "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
-                      "Tailscale_Network_CL"
+                      "Tailscale_Audit_CL"
                     ]
                   }
                 ],
                 "tactics": [
-                  "Exfiltration",
-                  "CommandAndControl"
+                  "Persistence"
                 ],
                 "techniques": [
-                  "T1572",
-                  "T1041"
+                  "T1098"
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
+                    "enabled": true,
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject16').analyticRuleId16,'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject18').analyticRuleId18,'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Analytics Rule 16",
-                "parentId": "[variables('analyticRuleObject16').analyticRuleId16]",
-                "contentId": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
+                "description": "Tailscale (CCF) Analytics Rule 18",
+                "parentId": "[variables('analyticRuleObject18').analyticRuleId18]",
+                "contentId": "[variables('analyticRuleObject18')._analyticRulecontentId18]",
                 "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleObject16').analyticRuleVersion16]",
+                "version": "[variables('analyticRuleObject18').analyticRuleVersion18]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -4756,12 +6438,12 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
+        "contentId": "[variables('analyticRuleObject18')._analyticRulecontentId18]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Subnet router throughput anomaly",
-        "contentProductId": "[variables('analyticRuleObject16')._analyticRulecontentProductId16]",
-        "id": "[variables('analyticRuleObject16')._analyticRulecontentProductId16]",
-        "version": "[variables('analyticRuleObject16').analyticRuleVersion16]"
+        "displayName": "Tailscale Premium: New posture integration added",
+        "contentProductId": "[variables('analyticRuleObject18')._analyticRulecontentProductId18]",
+        "id": "[variables('analyticRuleObject18')._analyticRulecontentProductId18]",
+        "version": "[variables('analyticRuleObject18').analyticRuleVersion18]"
       }
     },
     {
@@ -5760,6 +7442,89 @@
         "version": "1.0.0"
       }
     },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject13').huntingQueryTemplateSpecName13]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePremiumPostureInventory_HuntingQueries Hunting Query with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject13').huntingQueryVersion13]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_13",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale Premium: Current posture integration inventory",
+                "category": "Hunting Queries",
+                "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| project IntegrationId, Provider, ClientId, TenantId_Provider, Status, ConfigOverwrites\n| order by Provider asc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Lists the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "DefenseEvasion"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1562"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject13')._huntingQuerycontentId13),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 13",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject13')._huntingQuerycontentId13)]",
+                "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject13').huntingQueryVersion13]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale Premium: Current posture integration inventory",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject13')._huntingQuerycontentId13,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject13')._huntingQuerycontentId13,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -5873,7 +7638,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Premium)\\n\\nFull security and operational view across the **Tailscale Premium (CCF)** data connector — covers configuration audit (`Tailscale_Audit_CL`) **and** network flow (`Tailscale_Network_CL`) telemetry.\\n\\nFor Personal (Free) / Standard tier tailnets, use the **Tailscale Operations (Standard)** workbook instead.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"network\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows (Premium)\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\" and tostring(Target.property) == \\\"ACL\\\"), CredentialsCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\"))\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\"\\n| where tostring(Target.type) == \\\"TAILNET\\\"\\n| where tostring(Target.property) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| extend Type = tostring(Target.type)\\n| extend Description = tostring(New.description)\\n| extend Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, Type, ActorLogin, TargetId = tostring(Target.id), Description, Reusable, Ephemeral\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Credential lifecycle (auth keys, API tokens, OAuth clients)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Network Flows (Premium)\\n\\nThese visualisations require the `Tailscale Premium (CCF)` data connector. If no data is shown, install the Premium connector or confirm your tailnet is on the Premium or Enterprise tier.\"},\"name\":\"network-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Messages = count(), UniqueNodes = dcount(NodeId)\",\"size\":4,\"title\":\"Network flow summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\"},\"customWidth\":\"100\",\"name\":\"network-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Src = tostring(t.src), Dst = tostring(t.dst), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\\n| summarize TotalBytes = sum(TxBytes + RxBytes) by Src, Dst\\n| top 20 by TotalBytes\\n| render barchart\",\"size\":0,\"title\":\"Top 20 talkers (virtual traffic, bytes)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-top-talkers\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(ExitTraffic) > 0\\n| mv-expand t = ExitTraffic\\n| extend ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst\\n| top 50 by TotalBytes\",\"size\":0,\"title\":\"Exit-node traffic\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-exit-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(SubnetTraffic) > 0\\n| mv-expand t = SubnetTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\\n| top 25 by TotalBytes\",\"size\":0,\"title\":\"Subnet router throughput by source node\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-subnet-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\\n| render timechart\",\"size\":0,\"title\":\"Virtual-traffic bytes over time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-bytes-timechart\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"network-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"}],\"fromTemplateId\":\"sentinel-TailscalePremiumOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Premium)\\n\\nFull security and operational view across the **Tailscale Premium (CCF)** data connector — covers configuration audit (`Tailscale_Audit_CL`) **and** network flow (`Tailscale_Network_CL`) telemetry.\\n\\nFor Personal (Free) / Standard tier tailnets, use the **Tailscale Operations (Standard)** workbook instead.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"network\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows (Premium)\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"},{\"id\":\"posture\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Posture\",\"subTarget\":\"posture\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\" and tostring(Target.property) == \\\"ACL\\\"), CredentialsCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\"))\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\"\\n| where tostring(Target.type) == \\\"TAILNET\\\"\\n| where tostring(Target.property) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| extend Type = tostring(Target.type)\\n| extend Description = tostring(New.description)\\n| extend Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, Type, ActorLogin, TargetId = tostring(Target.id), Description, Reusable, Ephemeral\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Credential lifecycle (auth keys, API tokens, OAuth clients)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Network Flows (Premium)\\n\\nThese visualisations require the `Tailscale Premium (CCF)` data connector. If no data is shown, install the Premium connector or confirm your tailnet is on the Premium or Enterprise tier.\"},\"name\":\"network-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Messages = count(), UniqueNodes = dcount(NodeId)\",\"size\":4,\"title\":\"Network flow summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\"},\"customWidth\":\"100\",\"name\":\"network-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Src = tostring(t.src), Dst = tostring(t.dst), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\\n| summarize TotalBytes = sum(TxBytes + RxBytes) by Src, Dst\\n| top 20 by TotalBytes\\n| render barchart\",\"size\":0,\"title\":\"Top 20 talkers (virtual traffic, bytes)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-top-talkers\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(ExitTraffic) > 0\\n| mv-expand t = ExitTraffic\\n| extend ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst\\n| top 50 by TotalBytes\",\"size\":0,\"title\":\"Exit-node traffic\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-exit-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(SubnetTraffic) > 0\\n| mv-expand t = SubnetTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\\n| top 25 by TotalBytes\",\"size\":0,\"title\":\"Subnet router throughput by source node\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-subnet-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\\n| render timechart\",\"size\":0,\"title\":\"Virtual-traffic bytes over time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-bytes-timechart\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"network-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Device Posture Integrations\\n\\nMDM/EDR integrations connected to the tailnet. Requires Tailscale Premium or Enterprise.\"},\"name\":\"posture-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| project Provider, IntegrationId, ClientId, TenantId_Provider, Status\\n| order by Provider asc\",\"size\":0,\"title\":\"Current posture integrations\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"posture-current\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| summarize Count = count() by Provider\\n| render piechart\",\"size\":0,\"title\":\"Integrations by provider\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"posture-by-provider\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action in (\\\"CREATE\\\", \\\"UPDATE\\\", \\\"DELETE\\\")\\n| where tostring(Target.type) startswith \\\"POSTURE\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Provider = tostring(Target.name), Old, New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Posture integration change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"posture-changes\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"posture\"},\"name\":\"posture-group\"}],\"fromTemplateId\":\"sentinel-TailscalePremiumOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -5946,7 +7711,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "Tailscale (CCF)",
         "publisherDisplayName": "Community",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.</p>\n<p><strong>Data connectors in this solution (install one based on your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> - Configuration audit logs (<code>/logging/configuration</code>). Use on <strong>Personal (Free) and Standard</strong> tailnets. Included in this release.</li>\n<li><strong>Tailscale Premium (CCF)</strong> - Configuration audit + network flow logs (<code>/logging/configuration</code> + <code>/logging/network</code>). Use on <strong>Premium and Enterprise</strong> tailnets. <em>Planned for a future release.</em></li>\n</ul>\n<p><strong>Underlying technology:</strong> Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.</p>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the <strong>Audit Logs - Read</strong> scope (Standard connector). For the Premium connector also tick <strong>Network Logs - Read</strong>.</li>\n<li>Copy the client ID and client secret (secret shown once)</li>\n<li>Note your tailnet name from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 16, <strong>Hunting Queries:</strong> 12</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.</p>\n<p><strong>Data connectors in this solution (install one based on your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> - Configuration audit logs (<code>/logging/configuration</code>). Use on <strong>Personal (Free) and Standard</strong> tailnets. Included in this release.</li>\n<li><strong>Tailscale Premium (CCF)</strong> - Configuration audit + network flow logs (<code>/logging/configuration</code> + <code>/logging/network</code>). Use on <strong>Premium and Enterprise</strong> tailnets. <em>Planned for a future release.</em></li>\n</ul>\n<p><strong>Underlying technology:</strong> Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.</p>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the <strong>Audit Logs - Read</strong> scope (Standard connector). For the Premium connector also tick <strong>Network Logs - Read</strong>.</li>\n<li>Copy the client ID and client secret (secret shown once)</li>\n<li>Note your tailnet name from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 18, <strong>Hunting Queries:</strong> 13</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -6059,6 +7824,16 @@
               "contentId": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
               "version": "[variables('analyticRuleObject16').analyticRuleVersion16]"
             },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject17')._analyticRulecontentId17]",
+              "version": "[variables('analyticRuleObject17').analyticRuleVersion17]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject18')._analyticRulecontentId18]",
+              "version": "[variables('analyticRuleObject18').analyticRuleVersion18]"
+            },
             {
               "kind": "HuntingQuery",
               "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
@@ -6119,6 +7894,11 @@
               "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
               "version": "[variables('huntingQueryObject12').huntingQueryVersion12]"
             },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
+              "version": "[variables('huntingQueryObject13').huntingQueryVersion13]"
+            },
             {
               "kind": "Workbook",
               "contentId": "[variables('_workbookContentId1')]",
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json
index 74a7eb999d8..0a22234f28d 100644
--- a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
@@ -92,6 +92,14 @@
             "linkLabel": "Security Signals",
             "subTarget": "signals",
             "style": "link"
+          },
+          {
+            "id": "posture",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Posture",
+            "subTarget": "posture",
+            "style": "link"
           }
         ]
       },
@@ -389,6 +397,67 @@
         "value": "signals"
       },
       "name": "signals-group"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "## Device Posture Integrations\n\nMDM/EDR integrations connected to the tailnet. Requires Tailscale Premium or Enterprise."
+            },
+            "name": "posture-header"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| project Provider, IntegrationId, ClientId, TenantId_Provider, Status\n| order by Provider asc",
+              "size": 0,
+              "title": "Current posture integrations",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "100",
+            "name": "posture-current"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| summarize Count = count() by Provider\n| render piechart",
+              "size": 0,
+              "title": "Integrations by provider",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "50",
+            "name": "posture-by-provider"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action in (\"CREATE\", \"UPDATE\", \"DELETE\")\n| where tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, Provider = tostring(Target.name), Old, New\n| order by TimeGenerated desc",
+              "size": 0,
+              "title": "Posture integration change history",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "customWidth": "50",
+            "name": "posture-changes"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "posture"
+      },
+      "name": "posture-group"
     }
   ],
   "fallbackResourceIds": [],

From d47c4a51226c6151ee021e5c3baae78207151af5 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 10:55:33 +0100
Subject: [PATCH 08/27] Tailscale (CCF): merge 3 DNS tables into single
 Tailscale_Dns_CL

Tailscale's admin UI presents nameservers, MagicDNS, search domains and
split-DNS as one coherent DNS settings block. Surfacing them as three
separate Sentinel tables forced consumers to mentally re-assemble what
Tailscale presents as one thing.

Merged Tailscale_DnsNameservers_CL + Tailscale_DnsPreferences_CL +
Tailscale_DnsSearchPaths_CL into a single Tailscale_Dns_CL table with
a ConfigType discriminator column. Uses Sentinel CCP's multi-stream-in
+ single-stream-out DCR pattern: three pollers each post to their own
input stream, the DCR transforms route all three to outputStream
Custom-Tailscale_Dns_CL.

New schema:
  Tailscale_Dns_CL
    TimeGenerated  datetime
    ConfigType     string    "nameservers" | "preferences" | "searchpaths"
    Nameservers    dynamic   populated when ConfigType = "nameservers"
    MagicDNS       boolean   populated when ConfigType = "preferences"
    SearchPaths    dynamic   populated when ConfigType = "searchpaths"

Query pattern:
  Tailscale_Dns_CL
  | summarize arg_max(TimeGenerated, *) by ConfigType
  | project ConfigType, Nameservers, MagicDNS, SearchPaths

Applied to BOTH connectors:
  - Standard tables: 9 -> 7
  - Premium tables: 11 -> 9
  - Both DCRs: 3 DNS input streams -> 1 merged output table

Files touched:
  - Tailscale_PollerConfig.json + TailscalePremium_PollerConfig.json
    (dataType updated to Tailscale_Dns_CL for the 3 DNS pollers)
  - Tailscale_DCR.json + TailscalePremium_DCR.json (3 dataFlow transforms
    repointed to Custom-Tailscale_Dns_CL, transformKql now sets ConfigType)
  - Tailscale_tables.json + TailscalePremium_tables.json (3 old tables
    removed, Tailscale_Dns_CL added)
  - Tailscale_ConnectorDefinition.json + TailscalePremium_ConnectorDefinition.json
    (3 dataTypes/graphQueries collapsed to 1, descriptionMarkdown updated)
  - .script/tests/KqlvalidationsTests/CustomTables/: removed 3 schemas,
    added Tailscale_Dns_CL.json
  - Sample queries updated to reflect the merged table

No analytic rules, hunting queries, or workbook panels referenced the
3 old tables directly (DNS change detection runs from Tailscale_Audit_CL
already), so the merge is transparent to security content.

Tested: schemas validate, ASCII clean, both connectors rebuild via
createSolutionV3 successfully, redeployed to test workspace.
---
 .../Tailscale_DnsNameservers_CL.json          |   7 -
 .../Tailscale_DnsPreferences_CL.json          |   7 -
 ...rchPaths_CL.json => Tailscale_Dns_CL.json} |   5 +-
 .../Tailscale_ConnectorDefinition.json        |  34 +-
 .../TailscaleAuditLogs_ccf/Tailscale_DCR.json |  12 +-
 .../Tailscale_PollerConfig.json               |   6 +-
 .../Tailscale_tables.json                     |  50 +-
 .../TailscalePremium_ConnectorDefinition.json |  42 +-
 .../TailscalePremium_DCR.json                 |  12 +-
 .../TailscalePremium_PollerConfig.json        |   6 +-
 .../TailscalePremium_tables.json              |  96 +--
 Solutions/Tailscale (CCF)/Package/3.0.3.zip   | Bin 47641 -> 47524 bytes
 .../Tailscale (CCF)/Package/mainTemplate.json | 754 ++++++++----------
 13 files changed, 404 insertions(+), 627 deletions(-)
 delete mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsNameservers_CL.json
 delete mode 100644 .script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsPreferences_CL.json
 rename .script/tests/KqlvalidationsTests/CustomTables/{Tailscale_DnsSearchPaths_CL.json => Tailscale_Dns_CL.json} (55%)

diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsNameservers_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsNameservers_CL.json
deleted file mode 100644
index 5d12e1bfb53..00000000000
--- a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsNameservers_CL.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{ "Name": "Tailscale_DnsNameservers_CL",
-"Properties":[
-  { "Name": "TenantId", "Type": "string" },
-  { "Name": "SourceSystem", "Type": "string" },
-  { "Name": "TimeGenerated", "Type": "datetime" },
-  { "Name": "DnsServers", "Type": "dynamic" }
-]}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsPreferences_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsPreferences_CL.json
deleted file mode 100644
index 009c486f5d0..00000000000
--- a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsPreferences_CL.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{ "Name": "Tailscale_DnsPreferences_CL",
-"Properties":[
-  { "Name": "TenantId", "Type": "string" },
-  { "Name": "SourceSystem", "Type": "string" },
-  { "Name": "TimeGenerated", "Type": "datetime" },
-  { "Name": "MagicDNS", "Type": "bool" }
-]}
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsSearchPaths_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Dns_CL.json
similarity index 55%
rename from .script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsSearchPaths_CL.json
rename to .script/tests/KqlvalidationsTests/CustomTables/Tailscale_Dns_CL.json
index 002a4e73cca..99d9b50465f 100644
--- a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_DnsSearchPaths_CL.json
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Dns_CL.json
@@ -1,7 +1,10 @@
-{ "Name": "Tailscale_DnsSearchPaths_CL",
+{ "Name": "Tailscale_Dns_CL",
 "Properties":[
   { "Name": "TenantId", "Type": "string" },
   { "Name": "SourceSystem", "Type": "string" },
   { "Name": "TimeGenerated", "Type": "datetime" },
+  { "Name": "ConfigType", "Type": "string" },
+  { "Name": "Nameservers", "Type": "dynamic" },
+  { "Name": "MagicDNS", "Type": "bool" },
   { "Name": "SearchPaths", "Type": "dynamic" }
 ]}
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json
index 86372669012..76799937700 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json	
@@ -8,7 +8,7 @@
       "title": "Tailscale Standard (CCF)",
       "publisher": "Custom",
       "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-      "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Personal (Free) and Standard** tier tailnets. Polls nine endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events (includes ACL, DNS, tag/group, settings changes)\n- `/devices` - device inventory (hostname, OS, IPs, tags, lastSeen, expiry)\n- `/users` - user inventory (role, status, deviceCount, connection state)\n- `/keys?all=true` - auth keys, API tokens, and OAuth client metadata\n- `/webhooks` - webhook configuration\n- `/dns/nameservers` - DNS resolver snapshot\n- `/dns/preferences` - MagicDNS toggle state\n- `/dns/searchpaths` - DNS search paths\n- `/settings` - tailnet settings flags (device approval, key duration, etc.)\n\nSplit-DNS state (per-domain DNS overrides) is captured via the audit log rather than a separate snapshot table - every change is recorded with the full before/after document and actor attribution, which is richer than a periodic snapshot.\n\n**OAuth scopes required on the Tailscale client:** `logs:configuration:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`). For Premium and Enterprise tailnets that also need network flow logs and posture integrations, install **Tailscale Premium (CCF)** instead.",
+      "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Personal (Free) and Standard** tier tailnets. Polls nine endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events (includes ACL, DNS, tag/group, settings changes)\n- `/devices` - device inventory (hostname, OS, IPs, tags, lastSeen, expiry)\n- `/users` - user inventory (role, status, deviceCount, connection state)\n- `/keys?all=true` - auth keys, API tokens, and OAuth client metadata\n- `/webhooks` - webhook configuration\n- `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` - DNS state (merged into single `Tailscale_Dns_CL` table with `ConfigType` discriminator)\n- `/settings` - tailnet settings flags (device approval, key duration, etc.)\n\nSplit-DNS state (per-domain DNS overrides) is captured via the audit log rather than a separate snapshot table - every change is recorded with the full before/after document and actor attribution, which is richer than a periodic snapshot.\n\n**OAuth scopes required on the Tailscale client:** `logs:configuration:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`). For Premium and Enterprise tailnets that also need network flow logs and posture integrations, install **Tailscale Premium (CCF)** instead.",
       "graphQueries": [
         {
           "metricName": "Audit events",
@@ -35,25 +35,15 @@
           "legend": "Tailscale_Webhooks_CL",
           "baseQuery": "Tailscale_Webhooks_CL"
         },
-        {
-          "metricName": "DNS nameservers",
-          "legend": "Tailscale_DnsNameservers_CL",
-          "baseQuery": "Tailscale_DnsNameservers_CL"
-        },
         {
           "metricName": "Tailnet settings",
           "legend": "Tailscale_Settings_CL",
           "baseQuery": "Tailscale_Settings_CL"
         },
         {
-          "metricName": "DNS preferences",
-          "legend": "Tailscale_DnsPreferences_CL",
-          "baseQuery": "Tailscale_DnsPreferences_CL"
-        },
-        {
-          "metricName": "DNS search paths",
-          "legend": "Tailscale_DnsSearchPaths_CL",
-          "baseQuery": "Tailscale_DnsSearchPaths_CL"
+          "metricName": "DNS config snapshots",
+          "legend": "Tailscale_Dns_CL",
+          "baseQuery": "Tailscale_Dns_CL"
         }
       ],
       "dataTypes": [
@@ -77,21 +67,13 @@
           "name": "Tailscale_Webhooks_CL",
           "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Webhooks_CL')]"
         },
-        {
-          "name": "Tailscale_DnsNameservers_CL",
-          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsNameservers_CL')]"
-        },
         {
           "name": "Tailscale_Settings_CL",
           "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Settings_CL')]"
         },
         {
-          "name": "Tailscale_DnsPreferences_CL",
-          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsPreferences_CL')]"
-        },
-        {
-          "name": "Tailscale_DnsSearchPaths_CL",
-          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsSearchPaths_CL')]"
+          "name": "Tailscale_Dns_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Dns_CL')]"
         }
       ],
       "sampleQueries": [
@@ -114,6 +96,10 @@
         {
           "description": "Tailnet device-approval status",
           "query": "Tailscale_Settings_CL\n| sort by TimeGenerated desc\n| take 1\n| project DevicesApprovalOn, DevicesAutoUpdatesOn, UsersApprovalOn"
+        },
+        {
+          "description": "Current DNS state (all DNS config in one query)",
+          "query": "Tailscale_Dns_CL\n| summarize arg_max(TimeGenerated, *) by ConfigType\n| project ConfigType, Nameservers, MagicDNS, SearchPaths"
         }
       ],
       "connectivityCriteria": [
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json
index 9d64929fff7..b6621319669 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json	
@@ -381,8 +381,8 @@
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "source | extend TimeGenerated = now() | extend DnsServers = dns | project TimeGenerated, DnsServers",
-        "outputStream": "Custom-Tailscale_DnsNameservers_CL"
+        "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'nameservers' | extend Nameservers = dns | project TimeGenerated, ConfigType, Nameservers",
+        "outputStream": "Custom-Tailscale_Dns_CL"
       },
       {
         "streams": [
@@ -401,8 +401,8 @@
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "source | extend TimeGenerated = now() | extend MagicDNS = magicDNS | project TimeGenerated, MagicDNS",
-        "outputStream": "Custom-Tailscale_DnsPreferences_CL"
+        "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'preferences' | extend MagicDNS = magicDNS | project TimeGenerated, ConfigType, MagicDNS",
+        "outputStream": "Custom-Tailscale_Dns_CL"
       },
       {
         "streams": [
@@ -411,8 +411,8 @@
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "source | extend TimeGenerated = now() | extend SearchPaths = searchPaths | project TimeGenerated, SearchPaths",
-        "outputStream": "Custom-Tailscale_DnsSearchPaths_CL"
+        "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'searchpaths' | extend SearchPaths = searchPaths | project TimeGenerated, ConfigType, SearchPaths",
+        "outputStream": "Custom-Tailscale_Dns_CL"
       }
     ]
   }
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json
index 9cad1df327e..396a8df8e56 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json	
@@ -219,7 +219,7 @@
     "kind": "RestApiPoller",
     "properties": {
       "connectorDefinitionName": "TailscaleCCF",
-      "dataType": "Tailscale_DnsNameservers_CL",
+      "dataType": "Tailscale_Dns_CL",
       "dcrConfig": {
         "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
         "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
@@ -303,7 +303,7 @@
     "kind": "RestApiPoller",
     "properties": {
       "connectorDefinitionName": "TailscaleCCF",
-      "dataType": "Tailscale_DnsPreferences_CL",
+      "dataType": "Tailscale_Dns_CL",
       "dcrConfig": {
         "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
         "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
@@ -345,7 +345,7 @@
     "kind": "RestApiPoller",
     "properties": {
       "connectorDefinitionName": "TailscaleCCF",
-      "dataType": "Tailscale_DnsSearchPaths_CL",
+      "dataType": "Tailscale_Dns_CL",
       "dcrConfig": {
         "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
         "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json
index b18a2b3db3e..2c8bec5dfcd 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json	
@@ -312,27 +312,6 @@
       "retentionInDays": 90
     }
   },
-  {
-    "name": "Tailscale_DnsNameservers_CL",
-    "apiVersion": "2022-10-01",
-    "type": "Microsoft.OperationalInsights/workspaces/tables",
-    "properties": {
-      "schema": {
-        "name": "Tailscale_DnsNameservers_CL",
-        "columns": [
-          {
-            "name": "TimeGenerated",
-            "type": "datetime"
-          },
-          {
-            "name": "DnsServers",
-            "type": "dynamic"
-          }
-        ]
-      },
-      "retentionInDays": 90
-    }
-  },
   {
     "name": "Tailscale_Settings_CL",
     "apiVersion": "2022-10-01",
@@ -383,37 +362,28 @@
     }
   },
   {
-    "name": "Tailscale_DnsPreferences_CL",
+    "name": "Tailscale_Dns_CL",
     "apiVersion": "2022-10-01",
     "type": "Microsoft.OperationalInsights/workspaces/tables",
     "properties": {
       "schema": {
-        "name": "Tailscale_DnsPreferences_CL",
+        "name": "Tailscale_Dns_CL",
         "columns": [
           {
             "name": "TimeGenerated",
             "type": "datetime"
           },
+          {
+            "name": "ConfigType",
+            "type": "string"
+          },
+          {
+            "name": "Nameservers",
+            "type": "dynamic"
+          },
           {
             "name": "MagicDNS",
             "type": "boolean"
-          }
-        ]
-      },
-      "retentionInDays": 90
-    }
-  },
-  {
-    "name": "Tailscale_DnsSearchPaths_CL",
-    "apiVersion": "2022-10-01",
-    "type": "Microsoft.OperationalInsights/workspaces/tables",
-    "properties": {
-      "schema": {
-        "name": "Tailscale_DnsSearchPaths_CL",
-        "columns": [
-          {
-            "name": "TimeGenerated",
-            "type": "datetime"
           },
           {
             "name": "SearchPaths",
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json
index 6dc66f732fa..d738878d352 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json	
@@ -8,7 +8,7 @@
       "title": "Tailscale Premium (CCF)",
       "publisher": "Custom",
       "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-      "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Premium and Enterprise** tier tailnets. Polls every endpoint the Standard connector polls, **plus** Premium-only network flow logs and posture-integration inventory. Eleven endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events\n- `/logging/network` - **Premium** network flow logs (per-node traffic with src/dst/protocol/bytes)\n- `/devices` - device inventory\n- `/users` - user inventory\n- `/keys?all=true` - auth keys + API tokens + OAuth clients\n- `/webhooks` - webhook configuration\n- `/dns/nameservers` - DNS resolver snapshot\n- `/dns/preferences` - MagicDNS toggle state\n- `/dns/searchpaths` - DNS search paths\n- `/settings` - tailnet settings flags\n- `/posture/integrations` - **Premium** MDM/EDR integration inventory (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.)\n\n**OAuth scopes required:** `logs:configuration:read`, `logs:network:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`).\n\n**If your tailnet is Personal (Free) or Standard tier, install `Tailscale Standard (CCF)` instead - this Premium connector's network and posture pollers will return 403 on lower tiers.**",
+      "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Premium and Enterprise** tier tailnets. Polls every endpoint the Standard connector polls, **plus** Premium-only network flow logs and posture-integration inventory. Eleven endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events\n- `/logging/network` - **Premium** network flow logs (per-node traffic with src/dst/protocol/bytes)\n- `/devices` - device inventory\n- `/users` - user inventory\n- `/keys?all=true` - auth keys + API tokens + OAuth clients\n- `/webhooks` - webhook configuration\n- `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` - DNS state (merged into single `Tailscale_Dns_CL` table with `ConfigType` discriminator)\n- `/settings` - tailnet settings flags\n- `/posture/integrations` - **Premium** MDM/EDR integration inventory (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.)\n\n**OAuth scopes required:** `logs:configuration:read`, `logs:network:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`).\n\n**If your tailnet is Personal (Free) or Standard tier, install `Tailscale Standard (CCF)` instead - this Premium connector's network and posture pollers will return 403 on lower tiers.**",
       "graphQueries": [
         {
           "metricName": "Audit",
@@ -35,21 +35,6 @@
           "legend": "Tailscale_Webhooks_CL",
           "baseQuery": "Tailscale_Webhooks_CL"
         },
-        {
-          "metricName": "DnsNameservers",
-          "legend": "Tailscale_DnsNameservers_CL",
-          "baseQuery": "Tailscale_DnsNameservers_CL"
-        },
-        {
-          "metricName": "DnsPreferences",
-          "legend": "Tailscale_DnsPreferences_CL",
-          "baseQuery": "Tailscale_DnsPreferences_CL"
-        },
-        {
-          "metricName": "DnsSearchPaths",
-          "legend": "Tailscale_DnsSearchPaths_CL",
-          "baseQuery": "Tailscale_DnsSearchPaths_CL"
-        },
         {
           "metricName": "Settings",
           "legend": "Tailscale_Settings_CL",
@@ -64,6 +49,11 @@
           "metricName": "PostureIntegrations",
           "legend": "Tailscale_PostureIntegrations_CL",
           "baseQuery": "Tailscale_PostureIntegrations_CL"
+        },
+        {
+          "metricName": "DNS config snapshots",
+          "legend": "Tailscale_Dns_CL",
+          "baseQuery": "Tailscale_Dns_CL"
         }
       ],
       "dataTypes": [
@@ -87,18 +77,6 @@
           "name": "Tailscale_Webhooks_CL",
           "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Webhooks_CL')]"
         },
-        {
-          "name": "Tailscale_DnsNameservers_CL",
-          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsNameservers_CL')]"
-        },
-        {
-          "name": "Tailscale_DnsPreferences_CL",
-          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsPreferences_CL')]"
-        },
-        {
-          "name": "Tailscale_DnsSearchPaths_CL",
-          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsSearchPaths_CL')]"
-        },
         {
           "name": "Tailscale_Settings_CL",
           "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Settings_CL')]"
@@ -110,6 +88,10 @@
         {
           "name": "Tailscale_PostureIntegrations_CL",
           "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_PostureIntegrations_CL')]"
+        },
+        {
+          "name": "Tailscale_Dns_CL",
+          "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Dns_CL')]"
         }
       ],
       "sampleQueries": [
@@ -132,6 +114,10 @@
         {
           "description": "Recent audit events",
           "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
+        },
+        {
+          "description": "Current DNS state (all DNS config in one query)",
+          "query": "Tailscale_Dns_CL\n| summarize arg_max(TimeGenerated, *) by ConfigType\n| project ConfigType, Nameservers, MagicDNS, SearchPaths"
         }
       ],
       "connectivityCriteria": [
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json
index 8df8cb5fb6f..b43c740c06d 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json	
@@ -457,8 +457,8 @@
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "source | extend TimeGenerated = now() | extend DnsServers = dns | project TimeGenerated, DnsServers",
-        "outputStream": "Custom-Tailscale_DnsNameservers_CL"
+        "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'nameservers' | extend Nameservers = dns | project TimeGenerated, ConfigType, Nameservers",
+        "outputStream": "Custom-Tailscale_Dns_CL"
       },
       {
         "streams": [
@@ -477,8 +477,8 @@
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "source | extend TimeGenerated = now() | extend MagicDNS = magicDNS | project TimeGenerated, MagicDNS",
-        "outputStream": "Custom-Tailscale_DnsPreferences_CL"
+        "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'preferences' | extend MagicDNS = magicDNS | project TimeGenerated, ConfigType, MagicDNS",
+        "outputStream": "Custom-Tailscale_Dns_CL"
       },
       {
         "streams": [
@@ -487,8 +487,8 @@
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "source | extend TimeGenerated = now() | extend SearchPaths = searchPaths | project TimeGenerated, SearchPaths",
-        "outputStream": "Custom-Tailscale_DnsSearchPaths_CL"
+        "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'searchpaths' | extend SearchPaths = searchPaths | project TimeGenerated, ConfigType, SearchPaths",
+        "outputStream": "Custom-Tailscale_Dns_CL"
       },
       {
         "streams": [
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json
index c139d7f5179..c69a0f1dfc8 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json	
@@ -264,7 +264,7 @@
     "kind": "RestApiPoller",
     "properties": {
       "connectorDefinitionName": "TailscalePremiumCCF",
-      "dataType": "Tailscale_DnsNameservers_CL",
+      "dataType": "Tailscale_Dns_CL",
       "dcrConfig": {
         "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
         "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
@@ -306,7 +306,7 @@
     "kind": "RestApiPoller",
     "properties": {
       "connectorDefinitionName": "TailscalePremiumCCF",
-      "dataType": "Tailscale_DnsPreferences_CL",
+      "dataType": "Tailscale_Dns_CL",
       "dcrConfig": {
         "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
         "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
@@ -348,7 +348,7 @@
     "kind": "RestApiPoller",
     "properties": {
       "connectorDefinitionName": "TailscalePremiumCCF",
-      "dataType": "Tailscale_DnsSearchPaths_CL",
+      "dataType": "Tailscale_Dns_CL",
       "dcrConfig": {
         "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
         "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json
index c17baffa2b7..340ec80b347 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json	
@@ -312,27 +312,6 @@
       "retentionInDays": 90
     }
   },
-  {
-    "name": "Tailscale_DnsNameservers_CL",
-    "apiVersion": "2022-10-01",
-    "type": "Microsoft.OperationalInsights/workspaces/tables",
-    "properties": {
-      "schema": {
-        "name": "Tailscale_DnsNameservers_CL",
-        "columns": [
-          {
-            "name": "TimeGenerated",
-            "type": "datetime"
-          },
-          {
-            "name": "DnsServers",
-            "type": "dynamic"
-          }
-        ]
-      },
-      "retentionInDays": 90
-    }
-  },
   {
     "name": "Tailscale_Settings_CL",
     "apiVersion": "2022-10-01",
@@ -382,48 +361,6 @@
       "retentionInDays": 90
     }
   },
-  {
-    "name": "Tailscale_DnsPreferences_CL",
-    "apiVersion": "2022-10-01",
-    "type": "Microsoft.OperationalInsights/workspaces/tables",
-    "properties": {
-      "schema": {
-        "name": "Tailscale_DnsPreferences_CL",
-        "columns": [
-          {
-            "name": "TimeGenerated",
-            "type": "datetime"
-          },
-          {
-            "name": "MagicDNS",
-            "type": "boolean"
-          }
-        ]
-      },
-      "retentionInDays": 90
-    }
-  },
-  {
-    "name": "Tailscale_DnsSearchPaths_CL",
-    "apiVersion": "2022-10-01",
-    "type": "Microsoft.OperationalInsights/workspaces/tables",
-    "properties": {
-      "schema": {
-        "name": "Tailscale_DnsSearchPaths_CL",
-        "columns": [
-          {
-            "name": "TimeGenerated",
-            "type": "datetime"
-          },
-          {
-            "name": "SearchPaths",
-            "type": "dynamic"
-          }
-        ]
-      },
-      "retentionInDays": 90
-    }
-  },
   {
     "name": "Tailscale_Network_CL",
     "apiVersion": "2022-10-01",
@@ -521,5 +458,38 @@
       },
       "retentionInDays": 90
     }
+  },
+  {
+    "name": "Tailscale_Dns_CL",
+    "apiVersion": "2022-10-01",
+    "type": "Microsoft.OperationalInsights/workspaces/tables",
+    "properties": {
+      "schema": {
+        "name": "Tailscale_Dns_CL",
+        "columns": [
+          {
+            "name": "TimeGenerated",
+            "type": "datetime"
+          },
+          {
+            "name": "ConfigType",
+            "type": "string"
+          },
+          {
+            "name": "Nameservers",
+            "type": "dynamic"
+          },
+          {
+            "name": "MagicDNS",
+            "type": "boolean"
+          },
+          {
+            "name": "SearchPaths",
+            "type": "dynamic"
+          }
+        ]
+      },
+      "retentionInDays": 90
+    }
   }
 ]
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.3.zip b/Solutions/Tailscale (CCF)/Package/3.0.3.zip
index f9b5f2c7eb27f35c46d0de0339a954e36200a6e2..95ea306735ef45d26e88ab0afbce09d4c64a6e85 100644
GIT binary patch
delta 41072
zcmZ^~V{m3c+qN6qwr$&-Bok+nOl;e}qls<Xwr$(CZD-HC&+~q@zg@MvYW-Um&aPUu
zy3am3^#P>d9t2K71{4ep2nYxYs9d!cZWbG%T(v@LAAI=<DjNvMK{fsy8yB!XGI#U*
ziLT5ikDlDv`y%37ywV&(99q8;vt#wcr8%ya4Fk09U=iGKiu?PsGAo=dj@%Q@MU2a&
zoTH8{`6?^xD)sLJ`1GGy`+gf@$KGiaZE(Q{6aBU`4enkg(1X-863WoS6$~U;<=F6h
zIl5M%ZHGLR?$lb{WFDPy0Sqft$v}wWLK?jfxn_R<rWJk<ItLqo{vyhf*M@9c-K^>X
zeBAqjtqcG^d{^rtiI~9$_copj3lBTXro%<(4G^e<FYN*G+~<xIS_T6<<D-RCDQ-V1
zU@EV3*2vCC)W4cIUSbA*^?TqNAR_({;uE}@c7cbJ6|+UsfE^MA0ZhL8N#e^m!ObWg
zM{udyb-IMO<Tq2C?$026^|*{!e4Zk2!}AApJZ{*v)V9*Mzi66MM>d;{a`N$@?Nm5#
z0R0hQmMOu67$F`Yqkz$38|aFz;iQ7>rH2V2%(*tr3%@&T#9cFK-G?|_F8Dz3EZR*Q
z_~?q9G4(ImhXhNX0noryLB9z&bZP=Z;FXeud?fQNEwo6_NaNieqEbq(TR~MnF0jPW
zeamj137;7A8AUAPFHdLKWqY|#ABuN*AP_i~1X0471H!qKNp$am@lXg8$44l8pnB+h
zQ^3$(2Ph!;Dw7Q)R@IZYmpM7Vv-}#uECu9RHwpvJO;<4;05`t%@2Qr#hLG#~zBmFn
z+NjYv9PE6{uJ6EYWO73I2K~NoWKhAYTx4!d0gwmG`y9QmK>Hn9jO#)eY<;s{WJ*3O
z%IR5zgt+g$L4pnDHMvcVwXL#~C>q=Pe9VL%7Q7*8(c<uKRmW}3?Z!kihB4uV2d^=1
z5rf_h_SkyEfPt)5Zke-FDW=hUB7U-wdE_z%tX$Y=I5Vyn`xmjbBLq*hXRAD_bXz5&
zQ0%58)nA1w+~T%NO|<LmzlD5kQ?b(=cr6-Ny;x_-s_#s}HitYujQI_Y)l0n5?iCl}
z=j)AaDiFz*Z6wi#UB+)qo$+6IV@vLqWqu@<D9(>P0Dgn6acU0}OYC?|9*GkiZO4JX
z-sKrf*vkFL=0Ou$l|@n~7S983HS<FrwG^XC!6TDCH=d`eP8JFNLPeP>!iDiZ26FdS
zCLVq8=-EQ0qS<z;ja>UplT?um=F-tZ?{rmah@cIFj#5)`U2-?KEmdanhzrybKO=ZL
zhe{Lm3xMr$h0h*(d@aV}#%r)^g*6XvdRPCIqlOwlb+Aaf+W02A+Q>uMex(2Qqe@$#
zt^$+3s<I2NYR~}xmAPTm{W=J%x2h~`aau&^TEeqUz28T9JQP1CWyRC;z0;%8HYw7_
zx!bFzIeh#beuI&aP3Mx6#-v-Zv?~l(X+1Vh81PGo`7U_?iXSI}lmu^m05&Jfh+szK
zoM&@bnhD&`>eS%}92PWxX)7!E$m874t3jPKPxja!bh7ml2Yrr{Ge2ZDfVSfXz!cRW
z3njqyG#D!lZ8Q0a5Z1^cWgB8OGk--s(E!2PiX)P5?eZ9MMClrUbC0$!Vs~gR9%<{u
zbpXni5F;$yF$q%+rSol*&f)XbIG%7J10QfZy?@@hHNQD+EuQM6yOx9BRuQ1Qb!gIO
zxi%`KrMp_Px-}O~wpSeJRL_;*yqmP@$9=N&c1pWH=hUig@%AhRs8v7Vw5U$*Z?1tH
zR7pIqb!gH`Us(|6PPaFj61h76OLEQ%aBHsmo5iSG=TZ%k#?#m^`y#QNy<Ump(K}yj
zwOsW_z5xeLdm`UfrC_G3bKCOKriXAxd2pb>^-}n;Hhsd;(dH1`mbKYE1MTYewzqhh
zx7ODAzI3at3htqV^>vO_%$IO=?f2Ot!`1PvjUjMH`D`c0HAmQ<Ha*#cd-E*-&h78a
zwYt07LR?>&|I4yI_$%LJX}o<=qjO`$vr$)|WJhO}Ns3U1ohEUUZ)?+&=laa4da~W~
zzcbRV#&>Oz%f@-#mDbx{-Qb>_$X3>w_M0-21xRJfvk{<BbwS}bp?%%u@!!B|m_2R&
zzr~+_-FB1%{>*K3v<n8fJ~#f0w3NtXd-FWh=&V)q`5Q`otr{=1bm!*!ecDkz|F`ig
z%z<`~A1C)$K7V8Xg?cgtxFY^5da)Q8)GDcSNE`goxz-D^1c$R}d4DCWXbJI8=<^PC
z1-8?_DR-r<N1&v6D@LuL3a;zU22>NeI3{;={GqJEWqVr|%q~G|w43QOhyo28V^!xq
z*<lleoaWO>-}j0{zr5ZL&>38zU&i&U9(#vO+;nJ6@~uy!^>v4pZ{(V|(#;MC=P{V?
zH$Xt}fiShw;F_H7tw&f@2bM)J5s%cam$vxyaK}{hJWNyM9EY!4X6){J2Xunw8(hU%
zRE<V7--uyX%ytVvVmi+h1rOrkeZa}BHQ1$P2bkhF)`FzrO@uj6+2?CrE=D+PTE*Py
ze4{fAD=gVDKr-$$$QA><5g5)|WD&!;xn8g{n$36rb<SgF2+qcxf_|v*^rRGDfhYR=
z`q1G9WNO3dZTWa74`CDVP?Hi6klkCFjv;sNcvE4>sVWp7@Y;(TFz1$-W^{-(78E<)
z8_wlEfAUuzEU(9W-#>W>rnWr)k+=OHdE5y{J{EC_hE&fJS_nElujz8%Z+Kb@z!?M>
zj&?V!Tz>O?<~|5n&S1kZW)4iWVXmGZ1qxUnE`ahw4gT8wio<mh3_F<O`Tvm*SNtFO
zQ@j6_Kk&curHpRMm&P6?P^P>*|H|0=uZ;cwsxZ&MkYnX~;R$TdS_+PF+mBesI6F3P
zreAOvUB`IQYu4qolyGl;4of)yq+uY$YBy;Gh*)$=d?(i05>N#}HD-!j@o0UsQh%^9
z&E#1*Ll~E@B^Z-?zW<tIIyY&xxOg6iS2|Cu{Y`$j>9e^)`hEo5%g;Zi3Y%Af0HKjk
zIhkW6n_gE@a9g&tO$x76l?u5-sKz<QuXLVV-lE@iMu@a=jqQ<8i7xgVAFhE)Gh28S
z(8gi>TgtIoPUrFY?U1Lp^Nx1I_ngC7tLpJ-L;#|src`p(LpWivS17zL5<9`#OgSl$
z%(;GcyTAG_T9w9`e~bg>Kh-zWg;)8l$LiufAy)gVJ>Fko2c<=$>pZ~~RUtv?$GXyl
zSJl=M4%6#9zsk3|>|?rpOD|3p0Z+daEkWV`cJucmtb6|_w^tS@O5+~C(WTrYVUtlB
z$4oCrd^G?&fq$lmj#dgMQefoOA%B~7?7fp;iGwy$r`4w8%n)v_Tk?U*QvuDGooQyB
zTE)Z~o#xFGT(v=WyC1Ssr?4X!zTQi(<1BgfDofEO<-KK@b%KD|i4y>um}gW80pqcd
z*@~QQNIBGO(5S|5h1Gtj#vh+h+ZsLoc}82`A&KA-WR8U8E_;U2ggGxH9NkvWVYn(l
zy1H<<UVGLx%Q|V{zD@M$5RLaR*3u+DR{gd@G;q;BVyV<z^O^EL=^Kg1pG-%J7`Ee>
zWh4dXz$X5%nxD@ARLt7{T#m9SjO0{B+$Na%gu;l$ipCMU8*x=~kt~{Gv(qg0JltR)
zKh<%mL!##|l3`h>Aig#t<xiDx(tk)(>{uwIT7i`Bme-}FRCI^rVCHY-%Z50txP#VH
z^>~i<DBkJE{V1(oT-8d$4wVd+Di1fBD?^A^%_fdlHD#s-Kzcx2)u%SRS*14cq)W|<
z#eEjWdVxiCeVXAJkE}@HQI3_h6q4RSZ{+C#6n$qKMIR_d-AH`&JuMnKLI}OdTjGg+
zIgu4)+{2Zk5LauIF1c}S-OZ4?CPeJTk!0*C7sp6Pw1S*e+8!-O?thSzn$z?eE`Lpc
zafLCabA7S^Mq{{&09Ru9Jv!e~SD<@Boc2upkyh9o-eyH$EOfc%#h!7;wf5okOL7Fq
zgTf}?Q8PFmS21qDzeJ?!o@ZI;>8+2#xUl9CseXLsMh?f{QXfiFAeSip*>gQ(;*wja
zT66&Yi9bpQ&6h+N!~<W>;{3I+E1M{WYG3dj|B@5}cuW0Yqb5DbmJSz}Ta$#${YjER
zZ(nveCY&@7YQZObL+%?Xd{4>iUQiNpwhhx{9ptlvZ~_`*S*J1ur}7%s{}#%jT`XTY
zVIYKxv(m;Yb18VSy3kFb183nPyxyqgvJ?R7^#gK+g!e1+@%*#rtDE3yRHxJFwo3Vv
z$4C1b;N68784NRcEub2K`g~PkvNU0zzeK=!72#*U+{I1Mm=1|})RR-`x-5Kc^rF|{
z?Rej)nLE_}+@$zvXoVm!yQKO4w0GzIKAvce`}E}<-c_Zm)g(dx)<*nQ>C@@)?JGza
zh?!jZUZ1YK=JD+O@;GMoWU(ZCezao28ST0b*i2eH&5F|G{QJLus-5+GKV4=mRyOa3
zy~@$`daSjVJKw)QBiv1%zW%IEZhsg*j(To<`kMOKXyGShv#M8J6)bnAIk@liws#bK
zb9kJ!?)<cyX{%J>O@6dEKXBT>UbfUFSZg=sv_5HGBUr{Y-BkU&I0|2EH4i>cMt`~j
z%=e#`Y*uh;P!6jeA1SZo4(Bh8n!9cB5oB}z*1VY*!$Fkx{;JyIdA+l9F`QjmkNQ3=
zySKA{{p#i8E;2=Y^xnTrhq38`Xmb`@N4%^;ZxU=K<Vk*n+@cH+e*m}Mgt*xJ#cQ^$
zt{?2cHQhGWEV%Y;%9*s-#clmVop%!vpucWjepzD2q2cts9PV0OJ=vV}_*fv)zRB1Q
zmwa`q9xOMM(x2ih>a~9jL_m8HK?|dOVe`JrbunUp%;tNX`e3o`RhGHgQ1R4n{#V(g
z?E9|r3PJzM%@?;dSw}@RB(N)l6^f2P(Ozbce3auJe);-2f#&5EeS`Lo?|4JN(%NOj
z`Tpxm`=Z(W8^eu;*u1N?tQ#GAmPfUxhG2K#m+tvY{yKN<6>yfzeajs8D~K1<8%x!X
zt?A(1vP@Xf@UE`YPVajlmdO%tEZMme(L&Ml#3iZsua4i{x^TAJ8fRJwhJ||>c->3d
z(hO1`uIro6;I~Q;n=KpP?3%*>D&g7nm3H<`<oPaHSEh#%cDjb^khnlnA`a}B9^Cqo
zQ%z0GfqQ*$Uyd!eKr51qlvsp~H4$KP0vM)7e3X~<lfFi4Lhc3PkdYrvAv`0_P$;y4
z{oNVe87yyIhV4n>_^_($-WGqnN^kKK75BjVa-~4Uu86{+)^eisgDGwSv-bBDfpR>_
z<Y;=9!N!DC!caa;CT}AxLs8-%vRm;|S0%z;X6b??XF{G;oD#UpRfIhtRe@8CG9}Kt
z^%$Qh{!Sptfn4NbSHTOo;X@+XZWYvS3b=P#=?O7}J46pMdHF@SJi^dSD8ON>t|Vz~
z<c8nh`s)HP9Wg@jF>>I5-gOk7F0<U8PV&ENb2dT2Alo3>P*fu9uPjbhl1|H-Z6Vk_
zZYfb=@ZoJ>G4H)iU>NdSo0C|9+YnH+xN9$e{(X;-0L!H_spB}%C=Q5$`jF5P)RvLr
zC}Y$I{=F<)%Bb&3_a}Vt8YWRv9IgCouh2z&#8FoxCA}eFXS*GMhd+$NOb%(U)UD8y
zwbiScC>$<9Umof@IS~pAxCglyh@mIy%Na_YU;?^b@BnQ(gOv#u$`$@Cp9Km4m4yS#
z4J(j<c@}?=P73IleZ4UzIKXn}!t#O$@0jQopYNf1Q;0|%qU&MEe=|oa8mkI2RTt}O
z#ze5edV$n?nUojMLWqQzT7}%V6dXw#<V@8kyfaI%u9~!$z(Bx`MiexVUnLa@6=L1v
zW*P1nWZNPN^7)ObBm~V;u2qhjUO%<Fgz;w6o&-qQi4l#~LzU3|nJC)-_~Rk2*6RT_
z<pGz;{6T_6ZzBv<@EIC{1Q0JeCYS>so1BZuQzZNI0e>C9@!ilGxz$2|Vj?F|piD`$
zHIp9$B{_nVBkfyr*-p2N;P3;;6KbJ(6FDMhng&6ekO$I*Jc%heN!<Y7YTe9|mLmEh
zivGO0$>=Wg(kj=&-OUZ&l!DC=K=obMgjT^ZqBb^BNE8~44xGG-yG?@>e$y$>x2`^E
zJ6ZpsQ4<c(ljP+_XFVr>>UGR_>?<xan&Vd7Yy2E0Dpb)1(a08B6GWjdd8bOq3zHEF
zk%CVdy5GIy#TJA?|7{DM;)StiDj;T5IZTwlqzxjnnShajSSzD=&Ky$eoJ@?%lWbso
zXZE_oC&$61tT5(=``ZyUvOf-Xi8&hSbxw>c`X&efPPJkxh!P-V(F|2B_+G{7JAwXP
z_5t~c`?{;=%l{^%kc==g3$$(9)33Sb`x%vzZda~fXUJ4TZxlgkKOeg%)5mb-5&ANT
zaU#<v=h7jzVFL3)o=fqjO=6;f0+3pv_GUyDrJwC4gG=m6rv9B_P!Pt7&uERlx8FNM
z5xoWAE@0UJPO6DsSQGw;??!wXf91T>W)$jVmW}}y4!%K;dYiQ=tV^+%&7FngN4!a4
zo2qeqAlh<4)PJ9lwx0T9R)LOHHoIdu{l>xkMBdN{ov@RrL7{@}!Qgft>ROXUO^h@|
z?sS!`5Pw-Y=%)#tDV~(CT!V+)9oV*Vmn;I{EkXv;U=o}ZM=g~(%7IeZeF&ko1B!|P
zE~<i8y&(0igEPwKhh?p9Ax=>Ubhcqw_*0b%dcQrILOR9jtF#Sm?I{X(P2s@Ly>M~@
zmC8i~j2{C})zFG2JwgwX4QFhQg?cpH8j=fTqs`64P5NO7+}o-grt`<|-5hG*W|tmd
zn9#DKL>_7Y4EA@idW|$>CK1eS9KuRDJrE?HsB^oHayD?Zf?{D9jx&+xJz7zXspsuo
z))kv{%!?C|P5>VwdHZ1@`3BL^@6)G$FuJqL`_p<Op99`^Z55~jx=0nJrwB&jTcm{@
zkEEvXJ8x9oQgjc#1W}21{TI<Lv;#2!kHFzHSzh=mfymPGUH#zB6y*W+3Sxo$8CVxx
z&+(WQuBicJn7dl09vH1sd<i|XZQ`v$TLY(*k*$QWECL9hx$Tv{zNxlUd5Vl9RAYiZ
zWpMQM`g`e!w}!!!m>0PXZsZ1;ws(YG{O8chTsGr^QlAnGokCvdJ~<xI>9R4P9mBZ^
zbd}@&xbMi9XSQ}SYFw`Jz&%)gW(mV?XDNv*o+~ipSl~_eN7u<rkgIL}_6xJlM?7`d
zkMNo>0%|{)AVN3=x2Ua=PIM?ad#eXrkN#-<J++G-Kb+<<DbRzgW<EHqbq;^EJ1lU>
z5ob6MN#q6Q*%kPFWx1?<t)FxNh+ZU3viA%k{-xJ_KI;lp5-bY$>CSAHP71B9q68z}
zB7)j@0XdNQQg0zf4vvvVOW0h9#xb?OW8JU2Qc>Fg&37eDQPl<v+~_BVY-uc~wc|48
zwC{%(#9bzsMdpOm$NJ@^7ls!|Z>yMDDr4GO^1#iJsq1%A#CV3lAvd5zaG*=jf#0zU
z8Hosk1;*avu*&i`hdVxm-#ML)!T`?W&#1@~TMWORWTId9WFC({qz}Db-$Tc>()b2_
zop!q?Ea+c(*@MO%gp;UiQOiFb4#Qf#;+-?&U6T(p=)8@OTu})O7@w9IKa@nW;vbbE
zOdYI}9OU);ym_yegjE1HS5ge$dB_4>?p>P>Cloa**RDp5<x@=+9(<Rca<Wpu?zPmS
z2u6A!v{uXG{bC~fEmh|6e#j9k0Xp+OTzG9dOy!qFyjXz<7jvw$Ae=&x1{}^di<+bu
z@KyZ;>neEt&d6WicjSJ&qXS#HU4$sQh{!(aAzTt$UJy$@4d4JHWVqLcS8zvfSBw6*
z=7K=!HH#yrMLH=?@we-OS4Da1i^Rl?MCAlw=^twx#h73~T6^RPBTKW7HT(Uqaf01(
zQX*b7877peq}5tkC6A!dJH61%RySH11_sEODr4AL(5)EE{f+&-3!4{cqA5m@E;`^r
z^X5e)+)Hx>S<Qf|aqayxkUI>%kYby567`qNePf}%4B^HRW|tdZ92tM$BZ*ums2Wq*
z&6rOpkrsl+5@jYNxgm>}VUeA+BN8IFyj~}fAJhyI<LJr@bS?}v0N6i5TQO7^Fm@u0
z7$D1xO#mC{xbOl4$N>Cvg8TV)YDokbCjR9{XqTkCx)s1vhyYT(o=^$EgAi%D*QM7N
zi@-1bBu`EC4(8Xa9TR5k>2RqaNQ5Sfi4Ms=>REpSb(*$kljX)6{jeS6LT!S#$?W|q
z8~@&W8fa5TA>sxo9TwOglf>&ukcCjHfnM(s{)N$}DF}jEu<T%Op`I_qN=p&KYi0zj
z4s+X)zb`=jA&>tq9k43n!cHfj>&tW<xz~$S{8Z^5{O3`D3QXDC2>=Dg`XLIKcnGN;
zItLQT+?d~3L~+-*!`g6MB7ps)@v`T1(&}vy4{PCdcVSvGe!yRfSv7{1+}k%PC{7z=
zO2U#gYO_S@dS!jPz;qMC8`F=hS&Qqd$pX>+WdKM`&<$=4WV0&zR{3l*%PrOE)w(-1
z@QTy8u!G{l$REfml24UXxy2hBC^^sMkDeT5)qrf$j(;-0t$ERBoO^?fEe*#YrHrc9
z%GBs$V$P<-UO3;9p%8kD)9p<MW!(?jy$3pVWf4GD(~`SM*x?!9-l;3mo;Df4VzXm@
zSphU{A~UyNc_#DRwfxjFrC(tpHVEmg-JHcnlvC$g<uhQGH>hb5gme=VYD|J=NbBW#
z`k@JDB%^?aY46s5I6msv(*OR`JXecOM}Xez5aS;4S613ppAV2eRk6FoS`|8ZeAc!x
z*BwQqEu7IIwiJ5m*)DE;67P@UX6x*|jdXxGKAs*@fV<hT&H_a7ytx<a;5wV9Z@qae
zLD$9=8+GEcED^sa;5%5GX)izUD{{pdi4~n}H)L4PFWEkJ{^Zw}>8=-z%t*Fkt|125
z!w)dnU%H|{em@Zq7}TVElktdb#Ik(ZO?lzWBJWK_-UcIJ=aL@8#40U8L};yx+1~*C
zRWbsgIB%(d80~#m1ux1NgNw=97=>-g%>;wzmp7QOf_lmKDTv;+e#TQHV2;$(@BRET
zqC0QNkDPp|hw})CLSmn<)}IIewUd1^&$~+y5*71+79m(ylPbxl>M-#eiE-$0A2alY
z8%c)Zme+>v)EVNkXlp>3)B!r+6!{wv0@FaEM&HBsh1@@I2?7-97A7$IB5*<lgHrj^
z3>z{CvWOTat-JUWFoP^sFVz_y);;AoEi6g3>?}#__mBq+BQ_ltQL_X4(n8f!ensIc
zve!K4G>01a7~_$MqqQhcinBW~ULwMKmoFqq<x-{)i0*2qH!+^=K%QW9tV9BEh&NiL
zX3kLRP*vh8D`1kBx|1?lC=LZ?JVdmhCSW39C`-VDf5{@N4g6h55*Ql`Mk^)4uQ4Hq
z={%0nFrUBuwPBDXIVTOfx?&54FI@3(qDJRYFpFj+|4{MMV%NOaq{&O}0p>~f1?F3f
zP|q+bN*%8D<&gXyT}YCoL`4IDT?6XntNi+Cbh?_s6%<54p(}yTuwZE51m+<0nn{bv
z^(jL$D#L8A4+67yo5!bxs!&QcLINHZa+6IAPN7Imp6mV4kio&6#7|v3WdGHAOcs92
zQF|3iw;QpzuN$wNN~mZ#=|>$N82zD+Zj$d7hN}|All$wjIP6c#-X0f#WwD$OC&62?
z+wmACANIyG(2Ea1(iQEL<=dU$o5bEnsR$AxDep&Z)pCK&#QO3)%@4a*UTF1+`I$o1
zb6Dxnm5MYr`<pa*^mh8-K_LqGkWW$f^bFPAfx=1pfpy9FEEc1rVc_}$-X;+6@iAJT
zN))YtQZMAkTZl-;RY(TFiZ=Pe#%p<izZp1Phs}VnPmyp6TuSWVJ|7bx^MM`H$00ow
z^Y;1}+n~01FfD?5X&v?^$uMu|`?W2LriMt8h!eVeDqWi2*P`(zYET*rM(;e5Ov7{E
zA=|{%o?}3r!AE9T)E}`tmPg?nF_^@8>RS6XB4`Za%yM`RC+Z83NLjn+O@-2>)tMl}
z!{Vi+1|2Uzdnz<n7u1lONU0PQ`c*Kst<zDaFjq=lCIaznj6r`}Qb=bsn604vlYp!1
zrC06lh&rHJ0XQjZjFBEgp<kHM57sBuS?p!NOz<_;rq1B&LY2+%YXS;r80CSU@dZ)L
zC7X9iK7qsAqJ$nWi6+d7cxr08sPLQNd*=7_{!MKue;(<82yhDer{wtSNi9-MzY_dI
zG4~I?+-q|+-lQ;2L39Qvdml7yh2u<WMen4Drvx*BG=9Og(g9MW83YnqhvgAbCxzcN
zWvOv)R)tmsvTc|JHV5u@%qWZk0SrX|_bct6*ERYKMaPbS?i3$X0dR0+ZC0iDEX}k0
zWbArUHhN6o6~lZYpaDN2MF)8T8O)}!EPGSu(M@@-J+uMv)-6Ht$???Kq@;E{WAodv
zQ=VO|Ukg_<oOyE&y(vzlv`{fCu9aBE+?%>`&G*M0!ef(K9cu*qadwPmjsuw<Fl#vG
z0}~oFK=svte8yEQ4qAz&xn~n)Qc$`^*CeK<n5<S-)7T~7Q~MedT@)Sb9|Viv1+F&2
zGIsdMJIOV7F$C%5e}=taqxsr8bDSX^nHZ!YrlV||oCY<~?!e1^{jEj%6g!!~3s9S_
zTGy?2<8|TgPd7kkG`{&v3yVE0s?oN+!fbIabz<%S%1S=ytcdI&3-stfk2K<b9txC1
zn=(s7XX1%@dNZvA_aq-GD$N&(Iw|suKl3+X=U`DWF<|QCjW*+`Fwi!UJjd%Z3$Ogq
z#1J}RslYP}CQ+qrTaD6M%#{;zuaR@_*@!)+%H%fq)XiJDH<{~4pZw9Zyao%2klF8X
zuI@Gg_$FfET2(@6-qk1K6^(yrG@x@||IDDxbrK1K=?IGd*46WK!q#J?f^i4hS)jHV
zzQz{%@&~&KB^0_AAN>|A!3<ov@@UyEmJk-w3gQn28|<_5kcSQ0+4HziHq<w~&3Me+
z2<8H=Z2{4wpCQb}WgmU<e<<*`P&`x0LPv83WDdhm_92|7#=9tXx`qbiKHGvv1Ff@W
zZ6n(r%<kbGId?*2N5;L7m%|pGHWG8#)QbBYgE(EzHTEaSN6_V+fUzfha_XueZ^z&L
zRy8TMbZ6f+EKA$v@jd%<oR$kbf#?js%xqVKyrWqcyNCcb%a|)+T;HIh!&sR<#N#Oh
z$QAvD9wj#%hoAjn<E{D#2C4o6*+yV1Ua41>osPGVgx$$a?0u$SX0OH;lCU;9HW?mb
zlb)VhkUl{W1H=_>mHe}i8dP<?%1Uj)-*q)06?T0)E|FUj8X@kUJdMyHgyk34i~*$%
zjTQ>&gBerQ5_EKNtw><SqRe5A)+#+BfZstf@%{O}TE~b>6hH~A1t(31P0*efON)&>
z@<)K|%I2ujSZ{-yE}JSjq4aP<LkN_&HOkMfDJqm7)tW8cmIIZ=+8XQ0>P#1v5rX`8
zj|;sT9oG#pzFzpni|bPLGwA!b#|owA<J@4o+~fI+bLaD`02=`fTKBs;v)o2Ipg!$4
z>u{uo=SB-F#E|y;k=ud|0bdGeK+~2sWM}+t!0prI<g(2loa?Q1iO1+#?iVpl+spOv
z@#jlMwI=J8_vgP>tB?IEPUFdW&`a~%<Jl+Zmlu+bR@2qAjhy-U=JM_`ZT)KbZ^+7Y
z!}7o9m)5SDs>Pl>Hk%92k!!;efa}X*-RTUu!cT^l0H52%;UVtI=;?AmpsqmobGOdb
z9Ah@`*7Djr@4e&xlh;hmq=xZ##Zqa^^z+l;<mbuwqGa>qQ@`+elhUQuQh8<kyuGPb
zwYR(3b=GD>?zV-emTiW!=3{+2qv~-HewME4O1nH_alT9amRTmAW@frPKtGruT7$B9
z*ZtnjYs<*GmzCC%kLvNY-Q)aVyni)PT+^2KE4h5CfAH`f^8O$ti~n!m&9*cxuQ(@5
z$ku`l?W!wZ8$KsmON4IOa2T_g4bHeVu4<P#-iCkh$9DP7X|})2wzD_YRo{;qi1ja>
z1Ou&$E1UBBR?TKVbs4t+on0K;8cWOZFqbaf7c5$B#fJDi*oFv(APBdS-Jot2HLO)s
zPPOfq!TU9&!<q9yS*CO4-uI<0F7tJ3h{b=EadKV;%j<i>8TP*)H^ko5brFDVVAn{w
zy{3e@f(UX?g}PSQRC`)Awl~kX5P!-?{kCjot%^S0zgEqcJ#Po}SR%`AH?r^6s<@qX
zUYUP>pu7PpMWbzw2ihRr)+YC*j}KsPdQZk%NZbVpgUVeP;OO7pik_b)K}Xo~pY++J
z@(~jeD%CV7FW>J?K7E)wye&%|6{8Zv934J1T&Y{hZnv#nw=oA~u$}fDzLyJZ6#cE6
zYh5kdNQ=bNuk-*Xv6g!;4^cVl(cl9VpeSyJ3$FYPjn2Y+glt@EZu`h}p-j<c(@vX9
z7%)_~Mj>7RT<w;oOVVH-vM{p?(lerEVx(~RhO=GWDP1{i@9o-Gzo)2Pm5Lj&m#8tS
zTM+$_twGec7qbAKApEoe$>GU*6rNM9B%;TmC~&`G=@9^?0R8_lTSFjWtnVeo@Xe+l
zhs;DNG^um%$5AY_Un<1A(Zm-SLxHyQm@!UJ(+oz{6M~4&08(JDjHSCDGQP1bxl>)J
zvkUat@85{)Pl`K#z|sQYXpwC3>QuBE6n3^yM$CZO1cO%)Nwy(zVu1QJ{5V-r2(o7U
z0d8`03JSfqt_eUL+cJBZDCW!_#b7%Ds>Bl{pm^4BA*RTvij;P-^7!KvC!TLDkGuv+
z)NFaZ>~92w3O>O`a6yugNYOKoVCV-q!jk^+dwv(|G3v&DT~v%NlK<O7bugRHsqp0`
z(^++bOyPlpevWb@U<ZVDhn675ZudSJ<?)6o+R1`duU7rx!_xva)is3FKR{J?gaCU*
zAb4B0Awr@9)%7s!wV5f9gj;3}9kmbUc+a)YCpc{<Snd7vbsKStv;*pg+8=XN+$Fj(
zi@p?*Hgl4Vv|Pga|94UWLZi;=*S7;l6^<>9f4bJI4hbo^4rWMK0%tLm4`=N7Q96z2
z2tPq6J|TYMbjHGAHSY~fd;9y1Y#+qjA)57r4?vy$iGn`$=rUYC%I0XE#a$M~B*31r
z>j`l>0~^5gSfGrp04@WATJH+S6ZwhFh52ah3PyTTA4W1nUt?(m(4iwfdjW2;ZfHc0
zmvk9Uy4KXJfa^VSQA*JuAkYCog$_T%0pvJw0`LlhHYx~d{ptEmWa#>yX?Tzc_0@p%
zA{=QZjMwG-M?3pTDCWVOH3n+%^zQ5SCLkHcBiJcxUYnmCg(j!aSO{~hlKL8E1DKz)
zbP+;QQ}K=h6t>U+GoW^7nGtwIj-*%9kY=2P<PShuXLK2$b~YQw+{Y@%N@fSG$BC@l
z8Dk;x=`|V@$w6E_Imzr|t9-j=`nzBh-O&R?e@QXq41kE29-dXjcljORgY7|Z0C13*
zDxJmkKkt+b!Hi>B#>~4;bkM6Q;w4DNU*O6C_~sb4h8!Tw$g2f((dut4l@tDj0raX8
z+DvwmD1hnPtAgA@2A3d!$?TX($ZMHt)#4~#77ZzyZdQ$yILZB7%dyg>cP4$C{o%Z=
zJJlU~?E!oisSLcFOZoy+%x~7LlxmBoq!*Thh@EbZ%fJD4%V7?+j<0H=3>&L1&7zXm
z+n4odZ2+i{HnT)!O6>iS8x{dtT~s<DE0-E;5ht$X31gj709Mk2m-DASq0&)r!nU1~
z_9iMi2ACokUNvGcz#WEVHZ9TGbQ7tmq7NtUPg+c;qu!7KmeA`gyPtPDq8t^jfg4Bc
z`5^c9-#y{<imynze4h#fHFtedVXknBV?)d@uuQ-eU&euY<OI#BCTn=gXxJba$IzI^
zFRW{<t~AG$RL2QJ&{*l{3>A5MnrI^lNZD5_s@d1Ho%bC@KFy!w^^>kE@)^dKuHo)G
z>LJQN3(_t%6e$--mlUV%62zCVye9l&dZZuZra8+&1Gox=1#1PGOKFmBEKwuJMsom~
z{#bwv!Ss}4QTpy!u0Mr;yz{7cPa{5ut3W@|56fQ*N+zNpMC=3D7aGNj`l_|5g$1)0
z1~BO2ibss35~TBz@ITe(yV3_J6k)q3989FXzIa_fdNmIJO!RqS$K(!;k@ECmOyFt4
zP*S=}n~gxjjS=Z54FR_y_~!yzK!?1~tRMk(lh*zC7kZ9DnIjwR`z)5t4e@Va*4Dt1
zR@Ts(N5o`tkF&NSC}Kl8Tb+?U`$yj|l&BH03r6VteM%;Mh!9kKlC}qHIAEbnoZmrP
zc8<m$Vc0aK_T}nSiaR9Z{l2x<q;BMs)m%bVhDc2MO2cA?oDp)8Zf&l;Cvg76O+Ns0
zT`2_PR%*jPhZ0C&DAcAqr(JR)_$eJ;(klx*1C4JKrvkYkxT7>IMR9Qt)*AoR_|6@c
z{~eb-+gVDoB6z-BBh;jvKp-F-$AH;e;PIR1H({fFR{v@?MH_|$wpp9zX3F2Y$boyT
zwZ>m6Ds5yz#nU=p^w`PVS;p{X@POLuXszjm{0tyt>V@!q6<6)?y3uncD2F{`b7bWT
z<0&#(@pt!-zE#b#A*lyx)P3Ee*WX8s0JFKWRjaPh_xI^&yFaLn@mV3%@_nyf2PWL3
zmkeuCa#^oaF1ok|>hrLYl1aSqLhn?ne)Nu_3{aX!Lv0LX=i~{Z?|&i5Y=FoI-*Hzl
zlHj-uYk#d{76+=VbaO9QJKyB4a_K~9_7io2Xx?R3*%Si5pdNVr2rGA1Fic<#i(@BS
zU>)cGfne*>Z~Av<9{oEw(ysK7cutW{EqCNt4(nwzHDBn|Qvb&c)zl*ROX2Q*GwOz^
z1o19Bi|(0%ngQa7?SJlJ#jE{Zg1gMzRmR#i|A2L*8f-3QPGS{kHO;IuUQ8I3M=}6e
zX26C^Ewu}St4ySQ{E6L0lo)d^#^4w58eh;@wEwy-|Ezg50ZnY6g5U))r?o}4GxcCj
zToqQfV)E4-)&J;U1XSUma_$=x&~)+nd^#^t3UnnFCj*$v+Xv*s+Qla9*)~D0^kM)H
zXIsM=goV<7O>UQ}x*&4(U#A$EwHs1VzOQuMY99mQ@)UqRhvN^X8;p<A(3S2Ht%A+b
zzyqG_%^>gI*RlaTMh_eXM-oY5VOK1`ys;IyvZaj=IL>%`gA%y-P!3og#5-8=mJq%A
zth;k<B!C#iC9zUq=cy1w@MS&5448+L)tG6vj)`!z-!VohB;1_iT!Jifc^yoC5hti&
zU5O@*cgzh^mP}Boq=cA!r$Zex6d^Rmb3?6KV=eql`trr07IQOLgpDtA+>~`BW<VH;
zpTY{E_-!0U+(UngMUyQfA`fl~elE_KMyvR>&HzRZd-3E1{@6BwtByu)b);X0#_9|d
zX}%MDux<suM`MSL#;W%%89yD7=MT*{>$!X06<<sec1td=l*_j-X0*C4Z}-bv@_5P%
z&bmAuX*))D*L3;>{?M?LpJ#q0VV0qwz%0eloLZ?5VGK^$M%YLt*0HdV48NWzO>Wh!
zVgSfMQT!R6>x=A3K#U4bm^btZP4AYF*T`~A3ZnDR$_hS@K);M&KhK875r?m|wJ}{D
zjYVKhu5bG+C_8dGh9u|(l~V8tZRI;Z>Se=Dl;j#Mxd<#tga3&(U<e}HiZh8`HhDn8
zQqS|9wmzWA^_F<iXX(Yt*9Q`3z{{I8r~$ydawxSTI>aHEd*FVJx!U;k`uc*<4q7yO
z!0SI*S}ZOColL&t#??TboyhxqIBTW?AwTMHvO2)570>qt75l1;B&a68Lo7Q5*{YWz
zg;EO*qF5G{R>uiKy7?w|wAi<C8)&mm*5ZOK*vWrsf@xSKmtAVumY+0VM0ADo`uF^M
z{uJJk|BuA*{%y;KO|oqL`_<;Ip54j2?)?$=6G({{T~(lXufR(3h4cV3Yk7~ezZD}o
zUJNTwPH(V&(6%C5gdgXT`yzrOy<{?C2rdM@Bn1(-m}jCD$@Jc|VLwqn(PXOLs|O6}
zo9Obb<FfO{;8W){&qgR6W6i?aw+)~_v93`vI4$>!nJe?~<&!U(JoG00H@#%mse{p2
zVdA2{k%4fWYdg}Hstk&%c_Z1YpA3q9tp{{?4Bnr1rQ7>5H)b(L&2d)B)x;=35s#0w
z$3tR}y!p$8%<E0_+;zpAboaN==afM~MZ^33;+2)JPLoZrCOPfm*Uw*`J|KX*L=$=Q
zrwMhAn`Whpzi-!m3k_yL%{43COsn<QuV^r8bdST9)8c>sbpCkII;Z8&p1W_|-Py4%
zJpWyoSoQ7KrUSvEUHW=lesqY{Y4r=R_aZ%$p4bN{f)V8Gypdimp58}=>zsR`jr^u#
z^P!>olD-wx9Q>|(?1bZNoC7>etIW&8X0|Imqn-(H+VOl;qVbnEC_M-&%#POt(871m
z-H2bFFz)@7q2>Sn`S|y+QE)g)NB<--PnY`5H1|ZA`cn1Hr|>#_?pfOFEwM}Y^gUa5
zoAz(TXIk%XtB20GDwo3R@AXG-7qRu0#YSR8oi|UOjya>)jFU9Q7eLX)%T%6&X;+Ut
zOUlwe%YYa>D}^D3!HksgMg^LkCcW_S&cl3@HPZPh@E`LXCxfwMBiazR4pg3wZy(Od
zX=}!a5TM$yG5K?E64_D)<tpxv(yyS3ChgU#67b__G>WsTJtBFA_Of!fk!gAY2Mf1{
zJrYV3UDKbm)D+)<^E_gC=(FEWfs?}yfi`@T0fcqqDsjSew%w!6%n!gLkAas*lsw*y
zScUUx{Iv^L{aLb~mdJ>)!fDzwF7%jVK%WSwK$=Fw-Ss}5ge%{WsX5PQh2gH5XUn(e
z9@qEYW_&7CKF_rV87;1+?DZy5xQ$OO_NH(V?N5`pC7XNzHzr63>&|ur56XVXzbH|9
z^(GAaR%dhM8KI%$O=#2BS~F(y^}24A)q2hIwdRBK=UyGV#q2Wtt?lFa;ydKWD^W*_
z)n@i)#@teSb$_**NxfP<f(GZXYP);K`c+ef+_Te0Tj@1!V|3)!x_oyQcc%2awjJc>
zUU_t+qXr=$TkRXF+so$~(792lE8yBu-T3T!bUbwVnxmiIIQI3sQkgjW`Z7HIeKxr~
z+UEQ+IAF=TaILjMO_Q>Cf2u|2{cdK9zujE4d-17di|f4U%#>5NVoH{mue+kgHJd<A
z^3tSpmWR8EhcmkmfuEpJPOks{==P;!bj{yXb;%8&aCYzdxHOs^T#p;xwB_=_sFoT0
z*WExo8fE79EV;(D-Bz)?XP>DgUGp(>t*rTM{hVp75WEq<rpseAJLk~5u38g*AA;dc
z=yzZG)%7{sCD>kD@ib{J+P8M<1GO%vX)XDuem3vDTc^X*+q$c<qM8zY?b2t}xW!3+
zn8yjgGK4n-hPQ_cfV@%HH`P)+F>qZ+9M+eN;w=W|n=Vj$KT^KDC^Bv&lsh-&w6$47
z%<g-_8VY)zHYeRR_U4CbVbzPjxnoAZ2J>;qK)qJq)OlX9aJ9|76nV?Wt6#D))gqi8
z-ma8LUvl+ZCQ0kEwCpo1y;<<woPT>IfA|Jy1QTpdg*qeNG^7tFPK{#j1k5Jei{JSO
zz^PqoVQD-(%3fclL&lg(T=tvANf6TDYg9MLtvw%4zI__Fy)P*p=i$+!A0NClUMV?9
z?RBqTbuoq{vz!baepPcX4RMVd;(9h0@$OL@Z1&EOF4s(Sk=iHyKtoE0>uK|Qs|p4*
zH5Ih=M}^8|`nrimzZqG=3U}zHip*?F=)FD?w>EN0h@}Ln%MDQRixfD`B8?@@EG^9-
zd{)wzDveheM#qYRsKe%TT}B}V9vf;SY7^dZCY7Qhg)>U;fi13|EI@dQFVr&LuZM|`
z{;xwY8bS2>55*EEQFg7%1Nb78i8ZXQjRAQW{^+RNPXhxdxOy(_RW^9bsx^EAuE+#g
zw!6&S;v)K@xE2$m@gJJ!ZgB_3xBwF97kx9_lb}WGQ%pP7oxK%@W#%ROP^kBW`8arl
zEuqYcXG2D!__XLw9^gGRV(=(dzs~tZj(O|rhQW;N41)Q(P;2Gi1t^w%-bSvsa4hqV
zu7?0f#@tNhgP!g5Jc1n-;37GZp*oJame?A~<WR4eN$Qgd@+V!!KTVyEN+yh2nC<fu
zJjk55UZij~1Zv13@x(+fG?q$9Q)%$!qs|43sSu<~&Z%pN$WG&@>UFo0pTIZ4|L~>>
z(9RZ>A!BOd^wVu_0=#gA;uWx@U;YD`5a?V|un4pI8ps5oeIj&Vrg+%2qQw}oImNqu
zHM@YD#cavs2P(O49kVG_J}FA+luGIv%9g<%MTQ$fOO4bvH;#TZzKwpAE=c}E=HmVS
zA#*iOJFyEu%*rA$eCTm?KGQPocbVvZ36;iZTB7M9HUM!Y)6Hm;QWAv}I)Aux(lLiF
zh}`2Gk3tA+?Y|p!k|>nv?X9)3q^hLg;AKLQz1vQSrbxE+3Rq7o6t{(#bXN>3?t0v=
z-$WQ-K8umY^cKAWd;LZn*B?Do+(T>JH%QDl$NfeYSQDo$Kf|G4ovhUP%3keKQLZd`
zC|+x;vj9<$V%sT*ksmV@^R*+9_qR@D2a9{JNU1&mPaYO!Mpi+5;!_2FLXr8-rD9UH
z#Xs+-P|ht8nTUjnr_3i*zmk0?!Ix3!ja!)rO|aqlAjUIHl88HalMQx*y&w@kEjd%v
z;sg-}<ISmz@tKd_RC`!%k;l|=?2l)wIG#XjasU7_h+Nl!h?_T5xxHPX58cG?8~~{x
z9$bwiA(X%Gl_aQFH!vdKsJGC>WMH)7f;|oB!v3%u3MamIJK4ovRdUF-6@CZVh0(Cg
zfOV094vIzIHn~AjVQF$;=G-$1^McZ*OrOH3XDHSg)jc^emTRZj$I-7-nLc*h2xE%~
z1HcVms$cTcT+eVot}H>Pn%YIl#_l4KTny8P>~Biu=lTxwyX1S@gLWNX55t5UFn@tv
z+85~DO=)9h(e%E8a|GnpV&G;~lyTB7M1Dv;{q(NA%+RHiG&eB)>Hd9N4w;r#dk^^l
z2F_5Myln;WF!-yn10N`pR3LofLNG6*DF6|L2Yir{Qy|E)3%(`k3c}TDx$J}G#}w+d
zbVV#GVH&Jf7Pu4X3dg5jydtlOFlSGb)fyrsZr<dUdQ;EIHG*Pe?+_(TcS5aM5Wzum
z!*J|v;y@A2q8aycicxqN8F7uNcX~<~dBfn3+y$#t1>2L>7#Pmi+(3pvNg-&dXTTQ9
z%BjB{_re~m)F9V7ZvOpv>krgw@na&$>H%tGHDuXbQX^l(69`(5F1(394~o;&M<SXw
zOfVSy{+o;Sz%_R?o(lF+{R%4?u;NvmM_7w55yFQzFV@i1u{P2rk@OZBP7J+Xgsszp
zza*h8**o)lTTW+v-O#41%L*u`c>x(tZ(b~JF9^!G&n57u{EnN6`eglD+vZ2lp2Qh3
zEcgKIpQ};q|ICAov?4bdnQnUOi2o2%B4n19o??gpA*Sk=$)6{R-${FqrcAM{xSV|Z
z<GK1h%{hGY8b?IRl#}tP&6ATT<uP#<Fn>w-MqzD!B>i4rS)c}(qNIz_A7M=F9eg|k
zEbs9%=-r7O1G?a#+A*1~6B43~3|MF=uW<KDEW+GmLS?DjkX%qqTcIF-ycw=liDy2b
z!~L}mPAU?%<#r(}df9KG*VaIEHr7xiqk>Q1<m&!1nhJPqNe7y>bK$#;#0V*oKA^}|
zUq%wKN(CgjQiuRK*<HIg&H)AA<CDmZ@BlmX;+F1Q&W{mhpFsrNQu}l+V=>zjLyBlD
zeMZt_jB~vZ`npVc8{?MyV2?Gsd*bBexe@Of$Lr#W8fd~rYVuWya><JV<-8sz3&NT3
zNO*_KHIXXe%DctC!)3?TQY9G+oT$|#A@N=E&_KTF36Lt_=$MT4512Z;O=S4LfT_dB
zR!muI`&U~zmuK72mWfm4tbjMsi+9px)?-{?U<2ZOr0uoSwj|^DWql+v8xekcg#niT
z!%I0*{=a!CTJ1Ex1r!>DDk4T&)X(`Ugpv2;&_|y$K;4p;D~uB(`US(eQm-!<7E#uA
zCm^KrB~5nMHS~@_lF!(#j-j7n*JE~|F}!14M7||Fc@~N=qk|XQ;iSP9#blDBb37gU
z@3q%NxiLSupL%~TJ={}%nBgt6TeC3vBYVzRt|11CF2kBMZaP5*%=mqJP-yII7AZ~?
zO;viV1IF`uomULg!wg%F2ETQaq9Xn}1O0TU<`^U&C`9%V9j|Z|pJtjPBv^Om_pnDE
z&KCXBNRbicZH`#hNd@V17B~MODb9;T+IAiu;=kL97YvyWQ4DOsHUbwfu7bPcW%kur
zK?--WzjV~Vp(3wbh`you-E=B0Dl$JwbD|aiHFbAwSMO}gCCvDz12`*h0J(G8<&UVw
zP*4zL<U3XOR$3ixp)C&^u8cP5aJ}7O;c;KE<B~yWq>0)9$OUy2xX}_w@EPKsEOuwl
zCsL?gkA*zBULh{*@I69UKg;xR-<?p5h0z+(+V53|K{WR8OxTNU5#kn?&m1?ZohB(j
zEmDh5?WbdVj20O>FP5mn$nXaj<35Bp#D5tnVEAqFSx5s6IH*VYYtTLJ6$UJ%eo{L&
z?T0ZKtu_WJxtlsdD9BbqCEK^xvuL3GqzHN7xLfE){WY}7D*knLo6jV}7SJ>GF_-$2
zSF5xgu_A80am_cd6&jp>oD|?6D8*Is{{f};{}+@h&}4KQJV}EEF_;a1I#C)N*QqNP
zZiE33<hDmc4C3myMdzcd2o@o}(Q4O&3bfU(oe!|ybbnBW7b23lun6t2;(|NnW<ayp
z4WG|Fekzq^D7hW2&(39tPd?FUp;6|81i*5Bqg4uJg^svUwEvFYXl));?(Y%3Qbdrn
z8ngkj8BO`4%9tR9?HXY`b3=KyEDkIC=yMe(kGUVeU=S?YQ;S9Z#O6JQmmhYlKp~-h
zec^5;mo>{%bD7p4A09l2=o!1D8}d`T0V{O^r%OxUKtP_Qq!uXYCy>vY2Ok)<Kj6}_
zcxTctkP>b~{(@=@z(DjVH$=HtG!C7G!fg49tA&wuy&8cPaFlNuZ-~3Mm#Y2TDTD8>
zwS;aj1j~_ehbv`k<?1xF?~EbG5v@Lvi$!-e4NPF4+%d?455B)bYRw!&FRWM)r^uit
zhcHmMWhx!6l2>&&*QZv+E+~3f3J6U7&49ndRdk{a6-ej<aXtp*DZIOcTI|N-CNaz|
z)w={Uj|dc&7fIo|04rh@?n@62x*yCRJhH<qPWU;jZv_)%<i`J0T06t6(ZDthUG`WP
zd9N4|Y5-5wgqtQ#+j6qxP)j*6&^svFE4rPrjU4@FmP(`NoRFJQ&df{)51?$2aHthk
zt9`!G`^1$qM4IO!h8ecko`34ek1bxb^%$nM{86Tb=XXfG+)-B&01C&u%h%u-@Z8gx
zZ|?6r_9y=Wc&bR;<HezUzCcBX)30OW@m=s@h?|fcZ7@+LsFP=JwqeIu>wwK8@%#6N
zU>y0ubjb|!xR*oV3VQB<C18ZHcdK6%4x?QJbocy4^kFwc+frCEWZO1W&}jq;pEx)o
zp^iiEV2vUSRHM*9SG*-u64)&ibmB{2SeJ{BeAXM<<L{k)?u@RZpk5|825e5?)nkLS
zpZ1MHL79onJCugMhw-hghO&*_c$@-DQhnfETuVT{#j>|TaY;^~Mgij_w~}^mqLO@v
zKmWp7$5Ve{E!js0(19MAk0@Lj9X?+dW!t?{<V_ggzqHmrSj*P?Kd@GG5D?BSnl}%s
z4etq*6e5AK$UUe>%J?4j+k@vCI3B)mSmr`Imzi-^Fb9uF>()99bO9;50+ENRQQ#nn
zL7yP=P1!JW4j|^Gk}cB-!i2v-rw~HTc`;Ig>z1W#CQ8eE7CG$G0$qR5TMPUCu2>72
ze6_W}&W_q(6=i=Kh3DCLM(Y0|?5(2Wh}vy!+=E+ig1ZKHcMk-22pZg>aCdhnxH|+V
zxVyVsaF^5h_CEXUG5(AHqDJ>cRgdns*Sl)<T+f`{<5<LAorD=pOEU(^?T+i3_@&DC
zGS7NTQ>bijEBP9>5fcR$PHvQmLK3o*N}AqKy%a7FnxaQ0UMU8<epY<F4*DFp4Wtxo
zPK92h46;7siHs)s_U)DqoBw)^;J*nj>(T!rxER4MvEIW3x|fl7M7Hwry7qcBNE;Xc
zDH_OwK6pFYu55b#42<m1ss6pulHQ;bn$Tz=Wa=)*eTZT}nu0q*eh?l3LkTqoXP=bM
zPllDU5|bL~uN)0C5QY$8&pTUffB%0Wu7ks;*2BHOCYd0JE0Ywre6WkMnDs$rE*(-8
z8=kn;oN!Fy3X`+MtzEeML=g*-<xh~LR++{zA>~W7&*21?1kTn2+>_h8m>2OeA2>h*
z&R`X&m=A>-lMSJ|WVg&_V5U-><B8orExz>3^vnYC)QxKY`NKe(Nao7Mn6R5Oe4OXz
zKkT00IWtc+<1TZQcw}BNs#Z;jU8(z))zuSq8IvRE?m|$JdE<nalqe9pl^Acpm;PjK
zw>87rje-1~$quhSuYDR#OJgRvitZ)$k%2nIA~F#J{`HE^vAAS9Ck^7_kjS-mKTNkc
zAFB#@w#{!jiTE`q^;<zh#y#TC{0uR=Y!vwq8o_F{=`==-x}arfEZObC985Msv)}62
zUuhI6n|@1oMchet7NC_R(CC}vLSU-=sh$%K-}p7)TkVEEe@BfpFd;qC%}NvGZGpEC
zlZ?S;c8a2eMT1j;Q%##_y%1g&3s0OXF3V>L&>(7FQO#i{2$(bZTqZT_k8IJY`4$yl
z%SJ%YVUh|G<BW~eJ|}z<bp0i}lE17T=K1`GSZG7ve-fWF*IoE}wv_B%10ln1l9`$*
zdj~7PZqfg%zgMKddz@Xqh$Qv#x1=SgKgbGR7=^FuV^DE_(b&-YyNsZ-oDd+2GCdMT
zf#pntqEvy`t2w`Ow83`FZEYFSK^G;KF+Np|TQcbR0;*A`WZnC~G%DS{lMK8V@ZBoG
zoUJ|TW3VT2=r=q@hf=RJ&MV}dVS~6t+xa*07P@Wch2kD(B7N}=MSAiq@rRdhiPq*w
z&|lA&p)yrS`%%SOr-?@Qo~=2KC9WTg05ZtKLzxK#q~F@pNJxBS-@Ups?UJ!cmq5mb
z3*YWedwCc)_3yUh<g;vV1dh5X`O#|F6Rxr|ju}4I=+i^Pg-T#%L2wHW=brRXV_6cA
zZx)PBibtMWuOUS{<8Q$TBAL8&Saa^?GDn*f1^g6y)n=11F1)vJP+hQ}hW{!O0r>$V
z{@=zE=kDlCZ+?KNCucJL;P5!N+7uO*H`&P&BM;aFOBVi|mp``|mppW#N9o&{cNbLx
z9%(GRkv9(Dq2A935JCi>aVQ=NcU26_&p!KACa=8(mYWId#GVps&Hc{&9PQpZs(cy9
zP;wghVx!#7v|ckh3T-?y-9jQ{1pGY!-2j|oEY~M;ZeVB}7<Fx84pxcw(J!EFqFYwY
zg|*3|x>sbO4P3_BDDeBtpl9@+H>@omyNm9TeK`Ky^4+EGhkS?p1v{EeC~e(H>aO;Y
z@W6?n<$tP!=MGPYay;9m<u=xQIaIKUsO4HiM=d_QwJbc9QsovQ(rJLD1k}h&>6p^W
zfgeM0>R-5MudUDqKRMZkTT}ws^)sq}uPgo^tEPJGj{`#0@|T!Es9K%wKUB@~?H{W4
zZQviOCiDbC)#f62={lHm^in0-aSCxLs~WIOa)#O@HR!3^>>pFid1cqJ=|c%TG%yi)
zq%){C-T{YUc6*$9YSB%yol`53+stoS4(nz`#|N`cs!|XBn1o%d>XE78Ri#)#zgq}2
zmi#>>TAue;a`yPU{o54v1nA*H`=bW)b@D)ABuqFE9qn06MyDx`Y(I<e4`-v&O}vCX
zSndBbd{@;~-ngBuM|%a+c+dC9X<^ktMRS@(p$9b0EqTsgf6ItK-F~MD;{IFH;YNWf
z8BH@(#m3gQe(l|FzPGJig=Oy2l6^?+>oa^JV&P#E8l`O=xA|nE+wOGEypKT^L47SL
z?{Ynk^R54(kUlnP`B+O&{xP-8tOYsOW4qPthwpt*Tkt6^*Am<%!}5?N>`X<XQbC=j
z786jNvLJ7q#h*Ks_Yt@kKOX-7$D!5I;)%(eo9rKmi#3mr%gx9iq)3BhiZ{tp3M7G-
z+h{b=S@yJ_^^66b{~R94EP#R?md21r=N3ylf%pOPXB5dA1rmK4h*R+3i^BS1VgZbd
z2)EX06M5`K(?0w?Tufv&it0)LV}zkdMv9rwR<R22X1pb}cV$!j+1ujyT|l{tTBXd9
zA=fW!F72q73=$9dKN&l0q%#Y_hLgYEzg`(h#Y0;!Is{eqg*f>#)a`C+c5R@XeViKR
zoXyMP{N<Ui-d()gIDDCMD^YsA0F3`|+5ereG#e-2v^=-poxsI)J<r%xZg;;lKt@{e
za3#D|2u2xL<>b_F$FltG`4fL$aNuAI!=|J0ClljlbC=F?li}aZ=A+Z+Kc-f5`PKM4
zn<tCq4=9f}!fy7<ZG!FGMU}4lA^O#0X4Phd4YtvhE;nw?>o%HM7soBms=y|vB{6<S
zbB+(cBTv$O`xf%^9}Qys!v+C?>UT7sr`L@Sk5<_(uM0PQtG|E8CZkqwg!?$GlHTgI
zibVuAS8+HW3YavA*B4e%U@KQ;8XYyOn-mlVv+O(W_wzbDU1o!Q%FpdP>=$h2Cv7{w
zXJxp!`Dhyc72wZ|UK#f&a0VQ#ooxkz2tD{LvoeDZ$9J#X6B?l>D=MyX=MMj#R3<Q?
zm~&#=beuoxSMi{Lq<G@71Y?hTrA^L_&eE*|t6Xi#hPSB;EyEYbmpn&JV9T5JyO{pe
zf=%~^ZezfG6qXBh$W2AL*Gqvn;9{(Ko-rF7*f{%!+LYC_5{+P90Ej;T9c~ZLD_&Nb
z`iis-t8aCqb|6Ev^N~p;cO*PlKj%C0R&DP@Oa9cKizedezGwnh1xUAS>FWFO;+19j
zQA@$hg-P3uwFY8=pmUbUPk(b}C3;7nJy7k;yD7K#jcGUFU-!7EHfq~CE^6m5Hbho~
zZUwo`D%U4k1hQkg0PQG_%D)iR;_Tjw3xR_w+oca}#dkNdM<0#I{B2nnr$k#8oH2A+
z2~6Fv1x&l)dv9L2RV%H`4M(RL8>^fsB(sq#A=Bhh0%|-BdKOs?e<w5UUjAI(R~Ai(
zbF0%%3}0ET7wyIO1I_E+`lw8%Q&FRD`U!2~!vj+T8<oe=Kq|UTTR@&<RoLz<ufNe(
zY>+Z7wG{=5keXUZR<la|(|{7nd0V2`)TAU7Mpa+@--ciGdiP!G6@E~56O@6Y+*ul^
zDSp72%Kosj`VsODx-iRhv38JEjP+#o0&Yj@xxxx<yhYA<moOhWFw>#qii4+-ltO2&
zHl_p!&<PRZ<2t&zWIALjj_mv^q$6|kotIA~%g*P&2{t&~f%>th;cy6^67*>^D>}%d
zDAKDD)N^#`FAKY&FpH@54uiLl-(R4rwpVyN?1ezK;V?MsPf<66xZ--g;(5W7^s3)a
zcK;Wfh9E4$B=vK<0Hj(2;)u`}4E9@t+<|eZejiXiWZUEjcm0m>ln^3=o67mW0j4ll
z8LrKvEcAUWt)TCnsBba3QQ%i3Jk<ZAVHZcCY@)Fh+JPkO=F?5m-I(oZa41_ReqnC?
zM^+G&Miu83^32f$mF^$qg2{0`3kr^~_?wySC6-nZ3~+4h3U>wi3`V<)YX0t>BBi)(
zw^D^0{><Pr4S$RQ>rd6o7eA2~d)-Z#R^!_CUm7-s1I><X_Wu*HAGw}_dC3K?hXhIQ
zLf!vyWRMYrlmmw#j0|d}UeTYpAjQ8P`O_lVwCsTVG}Bh{&u)fk{9z1xItAc$jS83g
zNnRxl5W=q-H1lS1l9QUfCtUsK%N>uiyaRdl$fo^DVi-dY`zXO}eqX^Yi&f#senMrV
z5F-@qZmO)2*70X(>8k$%mC+5hIQ1)5J8n+%p+K_?4wEv1gsmrZh2vTZ)dRUq!*a+O
zl?&1x2@LSGqNDl7fPzvj2n6=;dWHxV<5LRfs)*XIXma%;L6X*zT(y}ENiN|Cee7l;
zIDS@0xP*UT=7%d5M;P^EVbWjmQev%U;K#jTIz1Fh&El~Xc--ntBXVoye0Ink9Xnwo
zw!2pFCGu7MslNx7mf>wGAXJo4MwF|%?&k<L9`z<joZCAng)(8$3FvSe9EfXYql`q(
z>hXs<E3P``F2Wb^7RR3GghL}-|CfbY!)P4VLtXAMkdUi&WdJ<bG(1=(m8zSm&<cX=
zMA8V=LvjpmLXfnI9h64)@$Cuane)1@2Tat98C&D&hwoob^g)J<Q;G(G<vgQU9f|%S
z3SnZ`R<Oq#=YAkQH-(T9>|O`Dj(kcSK=k!0Gt)%BmB~TuHYgj>M2Gp$vvgK1bO`$t
zL|=W4uMF@hXBRl6$^bnP6}R1C84oc^Fvs);B#jHTPe%7Y<vP>k=r8b#A@JSdJ<4kl
zQR!#qNFJDXj|SI@SbNflmuQ@S!zr?+2a4@DDK-H0EE+b4b`!wgMoA>RbaVNbAx}Wp
zvZ0hI$vOSA1mX{jtEq!v;5qG{q_Rx6WZDM-l2mM7PowVO3S3iw=e;Gy8(!B<KW{d|
zUVq2|L<%p5HPq@aVry2*0s38-rDRYXf`MqmGX5wwuJ<}=83*oL!L?$(Gp0Nxt3aGv
zc@=<X)9@pk|7$|1(LV?ASD7CXdFggofgY?@e-hcTSb2l&syq<BK0-*c2;2=Ey{aJI
zx!JJ8wy~Bt)`kBF-+zG1G6=xp2k^{{?#o@&85;Kd?_lM<d!ozE(JPcjHbj@wK9^*8
zkg+jg3^XYwK{~3K4wO#Cf39UWZOiMgvIhLE@+GgVrx_LBHw^{1kMq_U4h)k>!(o-^
zmV59fKi7lu@Dgry3t~B9xJe1VFnfH&vrYY%hgSh90olQdXdB-BOUjh=WD`;f&+%{O
zm_gCtf&_$gxOI>s4W2``wDyD)05%}STqeO_%0UjM0tx0{WUfVMrj@NJqm>OX{ZdlK
zG`*-WVrT7u?ZM<bZ<n@4Z@e6(*Qnn6+vPY&Y~80f#0akkV^UJ96-K}Z#YRVEg5TSa
z$+E7xBdTB;nAM+#*!zE(HdxuYWn`1n)nMMGo_~Jcw1MbRWQQeTDLZ*D|E4Bi&ZegR
z>26Y<0F2_zKsi)c2!P^Ay@JoEMK%=DtYA|pu~cyR7yHP?aQf|*6C`q+k0=uKf84#8
zaQOBs*Z<tTFd%oYk}qC!*euv>Fpt?aHP}LT{GukTsCC@AG%H<S+IdL&aE6LZ&+AF+
z!}3ODt(7uzL_M@yOpTb{NGZ)A$zX!L%@5-Mo%W_!93`O5%h}nvk??U<wM;q`G8T^8
zbgxrbsQcF&6OTgtXXH4+P-`#R%Ovy>dF({WmGk?1aymYLCDzSlMRCwt&h7bZe>2`b
zZC7(4cLnw3edtb(e*|7BS)_w2)^o9uKI1oX00~uYCN|3-hXc78wT7G!>P-4#%S^Fq
zc9wV3bTYu<9U+u5YEDFrGvnuu?Z*w7j)eGm;h^ovu8V;FjOIjPdxQ%mVJsMAVEsB@
z2(J1=FKMbxF?d6a5&se^=iW>WC|~bXq)tzSyJ3?)?~bN_($U`=;i~?38XH0Gp#|G?
zp;NVd&FCyaLDER(qs68+H~EU~+R53}O^OC{1RwCY>s}%RN5{4(D@yI@sI%BG+zlsj
zM%oT9NPw)%G-Oq9j0}^Ppg>UrqX(}lusYWoH0h9JF}=leR{LlF3X-e4<|CzOcNqEZ
zP3h};30S%bTr_<&i+jh9@u>|mfgrT(fiC6{6|W3DWA5FA_C=Zu4f(WJC{jwh^Z1^r
z;O~I2s>zQ^ol^6WDd^I`wNY$zu2ey3Ei1jL$Cu;xw@hx*#P|`vNul&ne9qSyX|2%m
zeA=d#k4i@tLt#}gY~HdggL`q9<)^>1=20q!zNKVo<P6;JoNWoX@HFpcp1y?Eap3m;
zHb^Sr(*HxWb^R}*4fqez7XKflt$(uN&;LT&fd3EDCKPT<0Kpko;Tckjb@v~nZQ&o%
z_UQf(X_JNNF#sWLt<ni7^Zy~*mU<ADJ{9-!d2r0JePX(4Q^qF$OesAv#)_Bh#GUjI
z9*gE3z6L1QS9lMr3j}jme1ai$9N0IaT2IAUfl@A#TaikU{oD-u>+G0a`5X^#w*Xt8
z=TPhy)Ti$JIzc$vTKUCb`oZ2yrz3}`x;Wfy%u>9Svp5819K2Sp)IR(2%gUy1+SYMU
zbRR#<OvI9dl_aIxfVSNSizo{>y6jTR*hZVloEz{AL;q9qJu&NP*YyaG_s+uggU$8g
znfK8`-u&+o)yl+1o7Kf7PSb1*s<hR)1rMb@x!G|49^N<OzE%N4Skv+^E{`Y=W1%VO
z+tcWLjxc7nY2~BwLDHY=8n~F5Zvu8n_it16FAu8c*ea*E5yi2E#3w`C2cBI95bh_T
zO7nr>1<vOB)4ieav<U5WAC+&8Z8snfw_hP$*OPv>v!;1^{|H&;o`%a0wQ(5A@ZVqk
ze(7W!gfE#nNT+FL0pm71l_6O|b%@nh<Ck!VI}zt+xXf0%Ewv?eeu)llQnTg<qHT^E
z`{w(+XTJ(068^$*6cdraC+Q^n?ru;0@^Sz!)>0%3ls|hhj^>$T4BE+GKdOo!m<qq@
zRQiRma})1f+fz#SC&NLN^H`23z$3Yw@}{{OI}T#B*(7YOn7-cLH)QBWatnF?iaw6k
zQpoV1vohfg-tx_y2LB|0#HQo@1rK^7mFk&StdXFRo5U8kfgla-5cT|99ZTxh$H8Dg
zI9S+Ysb?UOd*tacKzkAYAOkTfYH-)Sb)7N8>|wpVuV-uOq3a+F<qTTsi3^Tz1+ld>
z>3qP!_`C{jaI6C2!GQhqG;v#WPW#C2g~wm-#qBCncfan1cUSz2{3?DPK8(AV9xR4I
z{3A^UrNEeROZ)5JI8>^Te$~lTrTfyrMv~~GHiOdlqIrlSU+C}_wmPl!ie$=TWOdnu
zu%fWbeO(6m?1veXk+<Xd851LmcpMQZ5DSL^V&T|9EF1=!z6HE&d?r@!WEbVrG=e_T
zG!QglzUZco_u+2!x)w@C=Pj7`w;s}=XH#aiUWU%*1G14HF|%dnZc<~h9vpbCp1QS@
zcPTo`Y0jTSoNS!A!SE1ZYoK_ooZ|y=Xg7jN<5Uoq)pKt*-yWEiKCo8wf>*y=ydG9w
z6$drySiHek=HS!ey{o6^eABXcCoXw1JqSpe0Xk*$qe1UvN6_AjVrWz5P4MSkPKJPM
z(bMeVBYdac@ki1-fc-3(1RPj4BDpn<`hH-a187v=wJko9?g5q+{q57Fdwq)!^Mbde
zz+}4fu9<geD}W;YL*}Kr;Ui-D9YG)TDDxtSe_mZ!rT6bDCY6^_ay+_@kKcFi4Scb5
z`+|9|j`fUvn=<F1&)xU|Io~<f)bJ0B(=Y6t9MWu6d7IP*?yM+D^eQ1J)xo(FwHe^l
z5&e5{puU`5MyETwHFCK%MFgCSxf~JKs|+c?V>Y*O>@Dm2C`y)O)5j;|kcazbWs%6L
zU5w%IY7dZgUFxv07s6p;z+F@R-1~FE_&-)V&tJ6@*-A%KfQZAeV_1Z`1HOTCeL(Wf
z!2u8zJz+Q{!`YA~{hPZtNw!zF&V+p=b{>@Piq*LF+Oq(Ji>V;c{%3OprUG(8lPG5W
zZrtXs^6VOvOlr`({;jRpeU`uI8eS5y82K}yenX8R>ZbX~`rVRB2opI{jL`e#&p{*R
znooV(WKXM-m)hi**a3l1gI^5xS0<DC0SgYg@NfiJGZW|Z_^iF@QV~k33#h|?NvLyA
z@wI+4Ilh~7i^>~em^(3Rq!MA+kyb{*94t6pvl)#+vhtzEd$DMs{3KEV9MBKPp}Y9w
zCdnm9BNdX7S=osF4UUt#$Q5k*!RaYS&}tusD>vA>7Ktt3ey{=?rZuVtavTgWtyeic
zpj77-BP29{&edeVfE^$j$c?cPB=h6ZH=uMaW*vIfM`pVD$^LJFS~Fo!=;Rdmu4U!J
z$A6Li-k8jY(ZaVqDS_jO4d3LK#pxG_4^)Dx(D~-`ykFgj{%m#r`l$M_-h7~W+A#ZO
zWy5A00&j-F<JiF_<s2Qo1E?=+hxSV?)0)=d{l)GqorhwcNTg+8D}eZ#v?Dqh#2r9F
zQZzPen+(drWg9IZ5+%*iHiOUdOiVh7oz~aPpcBCUxg;>avXrai<cfd3mXFh4;Pnx!
zJweqS32s#(FNcTBDjU?7C+U^CLiHuG{m0#U<W4c$XZp($Q?wW>WguD5^qj%?d$ng2
z+c1fxQ#JpNX!J>=Xksn6UrnAcT)ofvKQ>}($nw*WG`|t0dbInC|FLGCZVb~~erdeT
ztu(IBwJS+Y%7WBcYzM~h3M0j}Xao_2weR}`xY0SpUMsQhqE__wmpbNdvx&(iD${$J
zNUNrS$@7+WZSJK>fQ9+&V&VSw8GOj!9v>ydAT;Nv+)LupL1fv}ye3AlRY(A6?;Fvd
zAlty1n#^3k@WdTsg`+%2)zBf<Q7SK1G+itDQ-IAa@i^}s3vR<&HqL0!m^Y_}2!pb?
zbuioD;`JJ8Xw_^5{kw-3LW@1ahdI$Zk$p(N#Y&Z;9CSPZFx+2;WM`nGIv6g`GT20T
zmn3UWb9)_Yf{6dn6cVNVEtjK;I0eI}^Cq~c&@@Akcg;UxL);VXdvP!F#(+=FHi}I;
zGtrpdO7qzI%=1M5#k>9KFc&P%D1Z6}%ek3Fp%_fNyKoMZ?ixnQ>j=7l@Oy>7Ys9*x
zMNv$K)Lt?TU`I~&Yk>CfRhWq^E7`&>iG?v}Xp}vgahAU2F)d4BB#W~ar;Bd9>5Cvj
zaY-1trPGx>qfo`$Yw*emlBkWdX^C!P-hFRlDa(aw1_9?JOclI#(1%%{b^4u{c+jq1
zzF|{3-Kc747jB<5Cr54m?!odz>^LM8hM%VKzS@!mK>S%@tj%)9hd2q%8ENsRo5OXD
z?<UTVa8EUZ%a30I1Pd)J5}jekhREYR!}Y;E!<S!pnJptiw?u(n$_#1)J+emgU{Mi=
zs`r&={c;4sHAdS!YxbgH#;9f>f584GG9`N!_XUp3!Wx^uc|6I+$rRt4qiGsrhALW7
z;V(0gP*J3LKO3YefghFhl<-kGmP2=QIP&_$eq-(dzRp@MIQFXPo&LlId0U(=c&PQA
z>CbCva~@h{)xQ(Xp$11@TYb|yz;22cF8-noOz<J)Q<gd6^B!6|fQy_Ra=I*-;qqG1
z86W0HX4&c4$qvvx%(730g(H-Ah|!rdXaFX~sDR-`aSgLbv&k4zMsh>E4VjA<Oeqa&
zlZ|Vj2rR4tKt{RKN{wdEx7g(O(w#H+O+K|G5@|`r15&INlCG5)9g^>R57<c@??W=l
z3Wyu6ZdL8Q!*EM?xS?oCW>uUOZ%uj!?Wtc$m3`wiX{bcHHkpqhzx883mdSP#1T=S@
z+~i^U`&`-(;)oA!WaJ_A!%1lW@MHbW^f*vZ*h;#)>sown!yKi3%&ej>zih6n06ox+
zp3KshAB%gAR=hEfmbLA=2bz8bl}JndP-~3oPhDAa7<%P@&a(uSsIKi_iAGNnqYlW<
zO5N=w<>wBXiYJ!$AjE*h$)AdqlQqQ)8uxSJ%c_chEw)-HL8&onH(|#fZg2tb`Zl`q
zj=3cz%p0-|RSS-PToA5sOmwl#R0O+;*u28sg$NO+yQy4=4T%k5<2><5QfVk!ntcfa
z$HARrGwFt$hd7=gSLXtUyLIH<M-610gL>eS;tsV)!?brhi|v5f&43}vIE&=(28rpj
zCmyugQBz>uzu|_6O@pADdgiXC^{t9EDlhb{z{GkPKli~hyXvUo85!bad?Tt@<qpCz
ztqlr3M1Tat!p4IV66wxS0S8NMFYnB2RG(&RI7rm~tfdjWz*kOfJzZl=#EVKvcd5hc
zS?=PoS?ofBYwQQWERT$kw5tVJmkRMn!<Q%)xmFR=N61XwkC=7TX?|#|R?KSWC2M{d
za-2TTS}%Og6`VKYU&OYc;jrqcEdAkZTCcZULB^%daSA<l2E9~qxb#b~H#jRqa!$<K
z7XLmI)UAncuN-FsNcb+srhR&epW36m1*5G{Y$Gz&=dOTiT_)Vx??)eh2F}?3b0_Q+
zGj<`<$Oa8dmVq<Q+h|{+&n*Vw9Y0tGw^Y6iL{C;O#w}jLRWz+lFRrnK$#=sbtAfj|
zBDcAS{={#*!o7n7&3Fq`LynLz4)AxqV1}!%AAsj!=NgwS<@3h_4eHPRhIxkJc(3#0
zrc*a-;30alWnFJIYfe4Wfdnm{`Il4>*tvRq=}HKfq8*V<&feSuIJt0mqF7imeTHsQ
zm>fFE1(eTbl+qVT(NwKMW44n=QC28^lS$GBx-`lBWoe!ZgQHeR#_tL(pX%4fsM8O(
z=&{XtlvTYoQ?;K;Is{&3oAoCXBUWbXBiN?+fGW(ry(T<WdA+s$%1c<tlPjQR3;nfS
zeLaSSXoyspxk0luJ*Gqj^t&#^M2L8)!@z;9QQd-OvNG(rB}wWo$WtU+SO-RGAZr|#
zFGkQ)I7;$3roUi1;aoYgwK<_xUAkUy;b(0VHxGHcYKs7O<OqiOtC_;LdSNo4E8kKL
z_>E_pDBAv<vYc2Bqy@hM+Z{f`ud)X@qm6%_45WDLgyy>R^L_5B=Q<d<U50CMc9(`#
zr&=4^*`qt!aR(J>p7RNK7mtrLx$dotRkEyxYh|MelMD8iK%)VI>t2WInmg1*J*t=9
z#S!B?Qxm(Uq*8EtBSWO&K_*`pb6NlppP$xWJ~|tWg`{b<*FF4%ake)#3m=8{fCqoC
zcOa8p@>ou~G?@2ZuafOUHRRjd6PXu<60qDY238_GykaOwzD$J;je{GF#n16Y$9EUO
z$lgiUU>;t9GI$bh#<@eGq~N?3&w6Hy_ZRI=7~JOR4Dt^LNAL=i%OSFQNwF4SivhBs
z$uEp8gugWOXCji#3D?l%c7`M$?aLThog$&p6LSQ3X?tg3$L}-kN?7H65~g*yvWp<n
zpLdj@v4pMfQ5X|sBAyoqL^Udq)EFms7lW5pNx!SX+`hGDYb$5>tZ?wmuS4Rkf1fz|
z%t)ZY(`oawEE^-~D7#Z+MNWVPIEa-W^j@im^~fqACLR*#-i%GmnTcz0o~Iio1*h<a
z)AmAn&m}cGInw<)R9{w?x|jKVUb56OAf9CGkoJi&RfA$v?CU)TnLbGyXC!w$<a)=l
zukEvOQS;87P}_8-HtQU}>tlVt#j3t!&gULJpY5{2c`ObzdOM0a#yl5VV9r*HVor}|
zPJt+LqOzk%_`Ks!u8YhxPS8p#vfLy@qd9NMiH>ZEuE==}0q7C~GaRtS8-m6|gJn%D
z`1+;M@j6E{&2FuxcY03%VRVB@)1{XFh3mT9Znv3`vRYT4^(r{c#R2XlaA3$YO3qWz
zkyKIbb)MB`#*E*I7@ZryL*pV->Pd&MD}Arn&LKLUBDHbM5H0z-T+Dhok7UhzP$>p(
zZ~b`@M~usf`njqi0iVnhC5x{e!aByMfKVyJIki7Mp~dw`vETIzFy)tr&J(ZBC`)g!
zAE_i-w5nnzKZ7qER*2s}bAx++J6&Y&J6}3j;!?Q7>(5i79K{4cRMTb&I3EP<S!C-N
zefmv8*Gx(l%-~wm;5U2By_P06C2F(FP2HBpdB?}o)|@t*@HTFcW}2*}Pq!D!F0jt6
zbi{!*2BSQZ`3G5<H+ka=v5+BNXnWOoT^R=7PkYkV**HUqoC|_^7NHBku~pRID_4W2
zhKl5M3AhdwWn3x%_cU3&^=^VzE@phSHTgOPa4=jPSp262GoJK?6qR1eUqY?ipYtBw
zbu60GkAG?}J_Z%_lTbvc7%9mhsSwdpz%Yp!#qzmiYrn`Q;GQv2vPglt5<Ng?aN0Z$
zcPtp(sj8?yHxV~*pPB*&)RsHsFzzjV1pWaP&w-l2*&#N;-dLS4h0Pl@EUYRNENszM
zE_DxhCSjFsM%MD#RTQkJTr^MC6s~o(vbtStYakWvd$<X7r@;m<S~wElqFH*dcHwC&
zqzJrQ@4cmHjG#ltT{kh}**1*zlo`?T7aQBvwc~kA>CG>P%?M>0zJt5fmcFm^Y)9w=
z-VUh%&X<koQ@DjI;a&bjvQVB@gw0`tU`tgdVd~=>y{>yHn;bM+igP~Zn3komSm;o&
zY_KyPbmwDOQK6$L8g4W}dib(VIVJ?dqFxzH--o_2l(4T3N4~Bc9}dla)ye{zM(4$h
z+wFfj-nFJ1_+`bwzPT}igYRYS9oP8h7o_C^Du%zn@6}7opuDlEhdzZdu2VULb~!}_
z6S;Og(PCl{HdKfg!d&rCo`U`9P}xTc&!$A*LXLF#M!E=p!@i1C_7T!Y-S?<_7cEG>
z@^zI4Neff0J{`{yQM==Zu&`BGZtm^<waOo;o;@uW>T!cSLBz!;Qv`&2lsYKr)6dat
zK;{Jn0+X^^Sg$?;f+EOgTNzN4cNy?U$qm$l;@hnX+LQjh=Dho$9>mnkzXbIl0u!hQ
zeS00VCl9-~G@aq=xrU;8{`H_k(>w0#E+*1@ZU2_I;U)gkP$th#xmC~c7K8ESUI}PY
z?YYNec^n+u=T*Ma2<Z7q#^B@+ygaTP?|%|HKKdR?dkM);ak5A0HR5fOJxE$}5bOSR
zG{|0I3&yEBJ?+;=>ekn<z3sU3Y`Kebbzs)KXJJQjFyV0BA#!N$e%uC~F=J$h8e3`-
zg9y;`d)W$_L5C70UpEiCrY9hiVY9`(eX`yt%O6g@u{yPq4R3BNuFkoa0QJO9%ni$%
za7kvzmdsFmi!fa@Juh_54k95luqd1{nMTXhT!@rSt7MAa8^@4|F8s2npcSbuVu!))
z=i}!l`IU-O4{O;co94CX7`zXmOPW|lYX8C2rD*Q$H+cy~n2tvz+f@wYRhAz|59PDQ
zm(xV+@~#unD4Rq%`a0R`fP#ls%z2!Gy@$Ia;OK1c;|X}U7tHKCEf7&YnrRnvadf+T
zWZYl$*iRpD@*XT5#Pb*NISprzg+wz%e0GPYoWA;W1Gd)F_e?Z^JKr^ayJ!vOXTj<i
zs$y88!WN?0n}b(WPPq|8fv}Tf#5_mf=H=RiTJm`^DbR}$?g{Z82oWHnYGf8eM!5ML
z>gD>A5Y7GgYlq3+fG7nSKpM&CzQ@xnz!((==tRa9V|pt~WS>&s(?@zWk=0Bzn(R@K
zp^PfCUPG9<fJgETvbZ4&WPgicj)-Y}a+{z>{64af6T^wG3g%v~jDFqAH^v2#uEvZq
zpf@}`D4C;Rf!wwTNR8BP9GAP*om9sqbzu~mx7%2f>AUpO2wO9nK%^3DC%Z@qgwbFi
zAnBOvd+uPf)qkVn7GBAgW$-HQU5#a#vJp>fT*T*`SdH^~@rS=ox_6^OKGNqIj^?a(
z3xayNemq?sU%tzksKPN{;%rMo-i~S859R8Jw$-mI?zbTa`bxV&Bm-XsPz-jerb0*=
zRhO2eR$ROQ#VfW*QOYRo{HP>dCaa<we-f{jQuv%EeYcbc%kd^_JTH&IHx6E|D%(X}
zHQ`R=fo;Hls;PFU{pA#0Gi0AS&Y85n9gdi4R`IuE_sJMupgTEjZw}e4NOGNqZ$-vz
ztaH8Cf;cH)1>He_Cf4OSTGN)sQXaW|PiyGR=J}+c_BP*r5_<;`ncN9W)U|HQ2_ABa
zhOvN{M>3ak;VZL2>V57!uXcp|D%;Or8KKDYNYy5plDEKNvS#Lu;4{-<uktA{6>-Of
zM@p{5CWfS?7*<r+ccw{}8XWtAB9$|VS+r<oFPa?~b_SaXbt({O!JvzNvI%;nVs=+9
zO_(jw0z0x<*o{Xqu=w#3{}|2WWogw;mn&K&YFT4>c>#ydv$d~=8g2Y9xynBz3sda7
zH{s*U=@pQf0|wdECh+3m;_c$@(8L9avfwE<?V^h><m8>J&73#M|IQqHwbWNeSsRHG
zrvhvpMeQ2~e#?rogOx_Jmjo(eEmES#WXt%|EOEliWhp;>$WZFC9>+^F4HYJs<1ei;
z#Yl7Fn9Nud>8DB`^4{~IBxGL=mEJI<ISm)~IV8%p#V+fDC1g9jXTnNw7CY>k`QT=8
z&WbG5Xn+-H&l)(D2TqIk9MQ#mY7u-S3I<+yUwZb7tZM6t2$DBhGi*)eSdDKxWH{DG
z^ae1#0bi}3zyGPi%q6GiUpc=<wj`zlh*Tt-=D@jLc)*HLSeW{TGPW?>y3D4PaV={U
z3>fE`E17=8fY&4ykjhbdn)GVa9oJ?*|FK*7M%pL2^4aha?&6j<2aZDb0$vjXtR1LT
z!-iBO8}XNVfyEJB*jDoR+O#vxW8A|LfKwEBNpLNRqZdBWL-V<f<8S1UZ$#>}N|p|t
z6vda2DKRFh*vqlFF?<gl=DJdEvxKU10lzQJC3`#L!cBs4KeBo$m7>ba>PY;eC5Oph
z)O%AnE$)pq=AOAO&|g%(Ia4xi(iQ_Ffh4KS{<ibJk$<`f_!gYpzEP)Nsa^U~j&SM?
zLe1AP{#GaohgS%S+^h?%P$Pw=|CoY3u<>q1wvsB6@gWj!&}#YFp8Ea0TNdk@wC&*7
zYFDqbt6M6#J9RG>sRiTVUbi$}TSJA{E#wk5gXiWxREVZKs!3Vlm8?ST%g!-i^oHrE
zM}!=M;(-*{Id+%BR7y4Yr3mknc~cU1dU3zPy!<gwsrzRKq_fUy!35Foodj01M-vP)
z)(tKvQJ0cQ4YcB({FCuuiAF)@m~=;9+qjNJ*hN$5^>G(N6^qc#1>4q=JpwT)1AlnQ
z%~F1Ac1gFQ&SAzrS%${^$@u*Qh+0hRaE@j`bmg0z;yTnQ+B(>WvvqkX+A@3c&)DlB
zM(!NNSZlz>Tq{iSG3=2SpuFVs&-m;fInj){mgt{RLr}E!D|We~W{Z+(C`~ePHl5bl
zVjpLJZyXe_a*h@1&{Q1e&?Kv@(378uIA#5IFv^jeq8-DNKl;0wesFmLNHrXo@=S8b
zJU{!!uY9LLKIk{K%0bq9Iu}h(IvneOBF4jo*j+l-4gK{}z*(w(nnWLvD86EOU|$jC
zqZrpBj)cl?F>Y0K_Q!~5@K%&U!>Q<ohcohhQ2Nn}#8@a!9ef6r%X-fD*vHd)M@WtE
zsyNF(^)ZM+`MD>9a1mb#;7yeJ#NRw>(}dm=QTDq$C8<W-`Lr~dP6PrnmMbue#My#<
z$W!dk^9N|Hd5j8Ja?O)lePBEkDxRY@D~g_fhDe~BOk&*Fie3{-fH?L?+LinjTPRaC
z_!DL(eytZvwI-gFYZ@Kv5tZfh8f#sbN9^$0)l3Uts6dV9NhHTC04*vF|A`~r_DexX
zz6cS8hZiYnZ&&E4pQ(bUNhd^ds7kjI0<K=HFDWIr6hBvv@47~@!Emoax<XCcyk%lM
z^j&o#eIm$mUKi_Llt@qiMN^7Me4Dz7Z`j{GF-Nj4R{c4M0`W<qbdpRnH4gR2OLka<
zMiXvSSq2*+Z5>($z;=iacNariRV@NveG*4<XJasN_k{iuoMizzRQi=_LbuH&c&qxd
zHfR#4`#eW?g0do)O_AC)X!Mqb^;Z5(5j#OlO)umkS$65Mthos!NDDH23pX|=c~Kz`
za4<x$QGz}swi>#nq|tw;^GFC+akdKdJcZGHH5trg%YaUe@c~$qhporMrb+1Z*lx$)
zhf0_6DDK$}QoN~gBw(n*0e{5MoE<Ls{QpRy9FUmhTZ;+ZM%#wT1;o?xB*b}jXKlzp
zA*Yy0DBsa{>|l~u!A1Ysi*10giUD_3qYBs~ts(DD(Pu%y+?QYO7cSUHl_fy??Y=A$
z2JhpmVgPj5@uLoHWt1v4&!Z&qzDH`rKv;g@ppEU$9efzDY)S}{^T{EH_4y33B%riZ
zpM*C5tZ}hZo=0WMHd@~@QWE?f3E)=6F=zBKOa9Or6VvV0;!>XyJ2Cohp}V4*>d%Q3
zZmc{^PRtxhUh|~T&12r7`o~v>e5IROGIbbjISPodxSW7*ktPj+S}(HBKO&z-oM(=3
zyB@Euiq*0sE%;q#a`yb`RBebfPw%gf5MZ4?8T`;_M~(YHf)}1GOQ$XpUw}@OM}hLr
zv2tbZcoCSNdAn2KTkWTkMZHODfyaP1d2z&SY>UlsVUd+QldZB+pM607vMiDl)4qJ2
z8v~rupwLnf78Mpa`P@N}6Ar7gWFn+c9WQAr&BXm1JA_ZjW0PdZsc7n;u_G->bNp}Y
z@cd`&@R&)G-@tLZ{2C#1xklu^Hq#m!xkm^jXrBcgMX?12q=Oo?{WvFHH~ZSjwr6H?
zbjH6sWR3@H?;WyBo=@4bg|zvA3%g;oll)h3dJL_0p_ggjUdams1f)Pi&RT7JyTKHC
z_N<mGh6wIL*{t+aSyUq@9Z5TIhO%EMXT_mMO0WWkb`!B<1srbG$G#*cfx(!HRh%X8
z+;u(M$-IU9`!C_WzNlB!=rm1OsAoN)$-Yd+M9VX^=rzhkBP@}qwdm6TYz3d8cAha)
zfiVKA*Y_`!13%6u%vEc7-58(5GeLh(S?gkn+$d^9V_8KG@nntZ>xzQ0{D~yWAk{Fb
z!6hLWNm;cp@!*Jgp^!y1Fmcckk34bPPgd;h3=PZQl;aJ~BTs#|`hv_>454s#Jir<%
z>r<8M0*ivEMP=-BwaFs|&=<q6rbYJ~GdPFurDxgP9SLw14$c8p{<BY~@%9b#>*ts~
zp3V5}6eK}<$>B>xP}8!$YEC}ipuVn`)_8LY_Dp72ke;s4kvw|N!oBNBUm{XIa{8<q
zUa#E6aky1&o}zfWpS3_*#%!?8ZH}f|44`@?DFIBL-im5(UxfkhOlVvwe|Hm%hL4;h
zDdG2~K?XZ5%o_lzY#rI2u!K_NBKrI}d7@b4d9Jp*$>2qj`qP#QxsiULK!lSQ5|<<D
z<u5fVPSN*nbmYVq$Uy@*Aww{aAE>KE>R6EYs@g3h)A1H_xe%<pRjLu4m1f_O;C8_O
zE;dTgh>)0q&B6mGC2phM*lKnZ{U4MIlB_!AaNi=nflmn@rK$3uC+un?d1+tgji*T>
z8}>x-m-M_l4t6MgV&&HpIcpW`57e<uG(+@aAsXJnD`#~q2^X^q7wJ<mn4AEG^c_d>
zZ$yshCsYj;F35GNQ$78;<M+fQmm9W;V1GciqaPfw=i33GCH)MRxD9h7K!#SA2j!F1
zP5hfdRKWWyRZ^Wl^UaFPD55oS*>h4bS%q60rsDT`F*Avk26S_eSp>Nt711iFKX`!V
ze2KLjwpl}uBiBAps%4S=b~I2g`=oLEcYLJF%zh||eTP~OuBkoe;JPF7u@*{NgJxn{
zS|%ZKkqMZP&VJsWYv;3{*zn)UY?xu9pBRRP%9hMzBa57VO5Vv-$;3!5z&ylcZAZjB
z+ympjk#f5Kg`j_bE$j5J<7Vy=$a!97K}V5Tu|e2G5?%N4cq^Hv;<uAT#I?XqQ~L>@
z0d}^5&2r4cGxO@dVP#!k?4$n>xrfXLTT<o%f;9YCLkAyu0k%o6GK8m`dK8Dzw}k2x
zU2Pn&D2j%~v8oHE$U@xAVO)+Cq;BwK@fefdb+(0r#JEo)=g4k;2=~mJBvh2VcL?tJ
z5NE7*D}G}A#*hzaXJSI0q-KHkU-hJfQ)iuf&J)YvB#4{2op~ayecDOiYbe+89@k2N
z`1)C^ou`#AVjb<{Z6tR2P3Ho6Yciu1KZ^ST9}7qP>j*=jgP=xHX#*a5&qO~2{l=tY
zIb@3YEba9T5>nBo(`<?2B$*Ruc>SF|dz__fNF>grTCCUPmQefK4|e`B9Yff|C7cP6
z`gvo!dwaHXc7JADAalXdsh>sE_p?tGP^1=Yg?7!XL#7jj{>`v%qvPG)`sU;90{FOl
z-V-klHXm*>{^jsJZP$}vB`u|bX52P(kV2oiGtN!Gv5gTGx?)E8t<}8E+F<oZ%C3kL
z>0tLcNoy+Mn1;>+=UqbILfGY7K5J<_DBp=OKf7!%W6*Pr=97TT79k(Iz+kcsZ~=bW
zWndnI*%e%BzDD<`=I^H$f)(2Kz^eRkalwP<EEdsoR`?R}b9GX@Er$08jz;eVx=WYM
zQWhUZPnv;yjVB<ylm(hD3|%{SXKuPLKF5^tY@)lQ)bP?v!ngmME_yFsK~AdFhj%r;
zj+`9#L(s|$>jI1UZ-B+vOD<rt0nPST_8ufBZ?awp4E@(~tmTEoGYB+4U~Sum@XL#A
zbmy0vvP5R`W$|0p7=!5?$5$8YH-mkRh>Nu*Ne-GOo#uk%q;>`+s$$nzhgTY?XCTfh
z^<MkwqxTdF2L8PubEMB*@;<pueT0%g?(FkHnx-RR#~GC4srm_M$9<A8K)CAW>kTZl
z$w1_yz(5#>0cGv|P*sY6G2I}=GANN+LP1`@=C4OKu#SUFnIt6H2`l^rPk=nB*n?)8
zqmx7W=wr3!ndw@M=bVE4D7%!Ukd*^%!YM$M*nszu)X-KqPf@8Ct4<ZeUQ?t`R4MR1
zR=pUsnAOVq+i(N$HFyjp{F-R~cM|fb^2~{dnQPw0wK*@-L|+NYubsVs*GQh9zk({P
zP6tX}1myNMfZjOe#S7gcTRlS2If^{Sa3x?nI~FAVy4AFNP*^%oKurVaXF-dig~c%~
z20R^LL|GhTP~IjBp9=Jfb0i7|4|Z)UYxS)nJ$DH=fr_<VGYVYThb7#H@qJYj7g^8P
zhZjDRD=PoKR!Zh3CZr#i2vt+R?2(XaEKlB(WfmN<MA#*PXJH05JR3(Uy9xA`{71Iu
zX_TMxy$Pzj;|CHUwEBz$IKQe1Y$T*HvRC@<!1&4>&FKfqMT%K~(-Rd6u&`RsQYCgc
z4UhXFfWT`FE(Z^b{$jDuOjnw4c-U-aU1rXQjYk{4{a7^LQ6z-U&^W|a!J(-|#)MSk
z@6h)m+N}g~z0s+5iMdDIAlK{R;-r!3Ylt!faON(Q&lTHoE1eF=Tb{a){iQUN{@j!=
zk)DN!&Qe)F^T<kb-vXx4Ybx1HNO4Dnw~WR7fC}VB;SuALTUWl|<`M>}s1h3(r;f9L
zvjCT8u@V(6P+FUR;5Ei^yny%I&o4w(rFY_QKVTU?*Nj<Ix<yZOpBb}zmMDm2I%1Ri
z=gy8m2uq-tnYdAW#Ve2)sIo}(m8kzoXuNs*SjFVs<?vH48d*Q-ut4GJ+`y66QA>FL
z1`saSaaR;mKR_K4t~gi^1L=Hv->%C*I$t%dff1F(w}Ib2!DLcA4Kq2oaG?!p^Dgu2
z5=GBd_f^kT9}ljNqOcDTpRkLYOK*ncqNT^f%j6Dh6u$Yp${*1`q81s}FRC*byAQ(Z
zfd^X2``J~Z_hLbBM=LT`>14P{P<d}U0vq&!ve8^1dH2W9&%KQcFujC1I<chD<}-fa
zy6omwFIliK8`jPEkn+oy{AObP=QNSyYT!uLo8~Iuzxf5aTKL+tZX0YDKnj|d155FM
ze&GHDJ)@#;ym&)JIF4Uezot(2U6~~n1d3_RZ$!NHUxMh(SpAkUQoLz(WxU-aK!oyD
zG%|)a8l=v&<MM{FKEyT;%55<enm3$PnNkuQ&zfDMEz&(BY@;`A=wLP<BZVV`WN)OD
z09eq9V`wkc6B*(RGa_HL)t&xraTR;`&cr<bl*F_wSwlhT(WysZJh<2g+e3=c5WgkB
z+KQJrXRQ0_+-qBPl?V-=z`_?n!3DKZ>|8D-x^D;Oe4g$<>h;p+F@wgD%D@P3z7n(V
zO({-iMKiVP2aKJK>^uuvScDmBPvXZ*fxlBk2hCQ$fW9#v^_g1GH%3TjkRY3k2ed;O
zh=bSsTxSd<LL1TA6|24C9PNpRRHR}bSk*o-FneI+c*)KP@IH01LS>exmwc-@N4#Jr
zwe8-!Z9j_@bwH)gJJvRjF0y4uVSP&drN&I$<*axdN+2@E0Ry({BgNn9-VB}u(Htk8
z>m(z&*#?*)v2W4yIJ7H9@<-Yi0bqFIiUGVM!QUu6)q`Ry860+bQNxgj`af~4H5^H8
zQ!lcO+__f_(4Y_!Qqp#X9#`&o8ayW(c|}Ar7tan;i}sxtHg$ik(bP#hH!Y|~WHfQ;
zR>jo|q;VF!-8*sN={)p{`K*s%%L3W~Rl7mpK_vTxP-jug=qeN@8(Ym7X&b(R6Vtc#
zgWz@U$6WfQ{`K2^A;hoyt|t*%u0hx>A;_<cMY2=x(UCfvWX#hv3Uo1dEvIwCu03s?
zQBAK#M>4+$m8Y$#y&*PHh6$L%tNkOi0#o9?;7O3}A*=O3+A{%r4r*obNj28q2For7
z3DYT`0R}@&_|aa6#F`4<unsQzj5n}ay)$bO$SOA8jApIs*sOCoLvvmVUOGAVv6MH^
zhNIchG}X&EYyF-tNEf%iPflB&SYc+v9pCed3hlmnwJtLr@02h;;s15AWQ#mstFy5i
z-L?7d@Nv2fFjRcHr^64!a0)U>dp78*n|?Y5#BOA5dsdvsy>2fvp7$s`%RHaK-5#x%
z%pnhyd2cMR`IOVdEykb>mCMt<^6<#H$RGu$#dKO@24i6vl$C_4mLN&ok>CgkSjhdU
zP>6;Ur#H>QE&4SfMFF9<&x?sU)@?)S2;whTsL^ry?K{95MWa|D9(445L>MWLeB(%g
z!drql=7J_Wvaf8%0?frQQG)*cm)V9;2`5|Fs-fwFZDRq5&z>{p<Tem=`nuS8TLM_r
z1pS9*sA<D-XCXQ~<ZLzH@5md7zKvN2m6?v8t2A0i{a98wAOg%S8m!H~HCU_c;}n@<
zT<ak-WZ1x#Ix<*jO8+Z(1E}D-zJR6X!L(t=(NZ9cwmA>S&qh5`!qqI1K^IVKU=s2M
z?Z%QRPRo9*exv!HxhCek>J!oIZYoz5`H_(?uSxqActa(^JXORBT`G6DuQ*b;N5>0G
zc@M37jNWgxd`CJ6J_D=J>`H-xkjnGm8K_y*v&88BPp&+2o<xWM)&%{=xov0t(UEQv
z*9C@B6-jYwRgwoO`}d^R9R&C{J?MF&YMIV3TJBnRcHMlwvMbI2bah3w;o3VmZ>m)1
z^XK?5Tp&EfnJ}>yLRB2AOw7t45A;_;5<G4~m;eP4EffiAQok9hfoHoPS*5~l9iEvq
zFCnnC+jeY!C1eT2&W0i#g~AQnXm?!1t*nWFdXL@Oc*l^efEJ4#(c&eZ%Qm+R8WGaI
z_N%A2CKc6OEf*3hJsu2o04(3yvwKxP`6#D86y%s>DnFgDbkWE>k8t7oSmou#49Uzz
z8OcoH2opja<z5FtDEq2_?4g!OA^Mk~eQHt_a12lTP<CJ!#<L@ICU8O9JfHnv^_5pL
zL=x|1^3`fOlUkf6eUMr?J?iCXxDT8}j7vI9e>F67$kD`Rz<vErh(lm{a~pNJ!w3IM
zK_C^%QXWQnr}xUn^Cq3Y4P~sXdszPihN0Y-z@}F;saB24G_70h+0~;AjDCBxe2-lV
z2~*ua0?<M%l~Fi~ZEB6$UNfqoo>I-X+Bu^o5s&ka9}d55QR=K9CqyFEv&qtFQ~30^
z+n`&FA7x1?I6NMbM_iQBn=vV@_{bP@l|%KG5{^%>VcL^7dRXaCML1J+qb~7HP;*ka
zSkaehJl5QfvGLQ58QiIjGTbRpQAT|K6$J)hU+t7S)MCwz2M1N<vl2K)JC}GqJpRtz
zjv$7XZPwG|?|F})S91X2W0~nm(Xg}Zw_y&?n7``Q>Njc`<bSt6^PivJ&#FJY_9$1t
zoCu~K!XOY%_W8^u4nqT&RxFtkhEEN2x1uwl7i&_q-oo!-$u7M(HR>#~X)Dmout3yA
zV*HfF+?Q{lyq}6PwvzN}W?aQwR?J=AJar6RVg?fZJ2(BoZpU5$s-yVfxO+HnGWcOW
zvw7*7jpOfL%n<N*xT!HT`~;@42QKZ6O|txm!9nUDSE+?-q>A3O%Vam**ikm0(m1yu
z@Su;-@#CnD_{AiIMhFl;%_c6y)&Zn!c9<U89((a<IA7kvcxnXU-XuK}c|~Zc6uWf(
zPgP$T6-N`aOVHpD2<{LdI9c4C4Z+=myT3Rr151EFaCdiETtl!RA-D%Ni@OsD5D0KL
z-@V_D`>T6;y5^j&Q{DaaQ#I8ob%h-z#^;j54#|Q!T3k3s9r>-Bl|UIxb2PfVDEVPr
z?euY0WahD2WaghrqyMQ?T>ws|vS;j7oJ@k$sHoOIJ5v{coOPRLI>>#k1F>c!msKJX
zTGf69tXHf62M!6Mul#(T*kD}TC+xi2r+#;|v4Vt3{*;@fB)pYTNu<HKB15=vM621u
z#W~?a=~M)|+!fcALz(Pfbzb*VcNov4`<Vu>`>ywTDM@fMw<eS+s#GoLCR9+UcX?gv
zAzAX3yJ-^}=%CTHW(b|`h3e`(fgdfH0Q)Nq-{?9(+~O5lQOUABtxC{lUc&g_=bY-k
zXw(5J*RQ|i2{xvBD{X)w;mjMJWgU;HZ!+9I>)A0lZB@B)ju>2^Gn`pEWMsysB<M^f
z?We0IF0r}bxU6($_FE?c2RgfL;%g0wPtp{U8Oc$PHRVbHsc=N(*@q=OTaX!`kTgsJ
z5{m*1PK*{hb*&M^XQ8b=FMtU#7<1{K-!!8HC?nYc63xr;&qE$;*qPFfFwYD2lpJuV
z(7=QZeO@2JAw$0sc#l!V?ZfpO>fUDcDdRZW&}}5DK1cJ=zGo={f)Q|dsa{a2{ao>t
zCyIVr660SF$=M1rn{Uq;tKAs(4CFEvVt~$+vo5-0e=!Bu#pfr`Cr*__^^&1i^G#Dg
zNgfs#4vU;d{VGbj^8A+)hp2=7D6H-ZNMChA%dgl3o<nZCIxz=k8f02pTJgo`CPp*t
z^`8htcw$`8t6fv(@qoktu(%=Bu7u&s-CQK{;on0dpKwuo_|1{&yKy6{NhI<CcDXF9
zc;iJcX>S*C1JoS`eU$Pq^^aaMO(p0g?v1<%Ad8Twmk?TiTu+uX>mvJH{1^Xd<W*Fj
zx<hPRyQ;V}4Euy75d8Gvr;LBzO46%7(IgDF7E$!d@MmbNGhsx9VJ4;IdaqZ4zKn>S
zN6OE(K>Ol#`EtbjR<6UH4`1ho0Na{j)s@0LSsySJV{!aYZC+L=EAN-Svn|c*%8?<C
zIcGb4Td>kjcjDU_-%WwqM@<M-jRdPLMl6NhCdv)-nxN7QybpkRUts!evlbg1MApZV
zV)S}w)WB(zWoP??%T(NezY?fEE%M;z*Jkjc46qO7;`gH~w(k9CB==kjwBn+T+@UPF
zbrX=iCl{Kz!)^7+8D*=SV-*PaQ9$o4tPlR;<~v*+^mS9ttAbg_c#y&mg;f?F-xqx{
z{XfSZl9L^=QB^Am(BX-oHViN0d8=55Yk#-$be?yj9I7&79j!;UMwwh}#+us*9d+Q(
z-`_&;H%&2J)9EU`Tz&&dJTUbYk0q}>zru@yf8h4*36?)f*y}?L=-u`jqy<W6ayhNA
z^8cJw2bD9bU2XU1=X$#7@zlJ!uDyrf^$m`_>lSKPg{UWzK`>(bznKAV?m7e}Z$0&L
zJ&~LLPVB$U-#*uMr0zd%QR`7kq^~cx5s9|g?YT~Y%2so9FS$z?C@l9M+>#NZ)*-TK
z)_U^|O1WJp-d%S6)ue5jmfBaWOmt=SO}I-o{ooMmS`!2E<)FO8{;F)EqK#2bLd*kE
z)w)K}JU^|S8Z=UE=Lhg6pMz8_Yuz31E^FL9_GaiL(cSE=YYHLea>(;vp$7f(4e9(@
zr~p+xU1?<^;cm|P?6}2@16A<cQo$(W?TBBkT8Y0&>9WJgJoQEbhohx!sW{7L{CP~g
zf{@Pr<7_d)to>R^rWc2W%AHr0%w6M`eUdcnh%6EA;bAdvu=u(O!SCIUxf&;(bso%C
z^cUJkpgR${WQ?TeGT3}5PDn1nVW(Sp3An~m4QnCjs>DUJm19)^uWYHi`$o2ToBLj)
zS-Dk5v;}Ui2+2nrEKE1i7TSIex_`xOLT?-y^zq6yxVcflJpEUh`3t@r(<jBG<-wmB
zXcKk_mc!t8F8Wr@$k`>tY2!tXHR(l9xcDhm&1J^N&i2yaSa7y!SHO6Y%h9O61voy&
z$|!8QF`K3f`rKEW)kyvZ^JfmG-9#&z9bbbpyWB5JhZIKt(i@r!CZeps&_Fs`1bqBp
z^pQ2yK)wk_RD1PglV!r+N=zv{>OGIjJ4UOnZ+PD09@8>+&ma~z(6=tM3bu7-bqR}f
z#D?t*6kp?(!V35(#_tZtd?+?w1_MsAgJjEaB|=VXI6(ZvDABIu!Yc_LcgR%qkt&wy
z<ME%$S~a6@n{=YDj<F0j4YWqgwTcbj%W&a0(C*Rda>&DVTKSUH&Z$548ctcu>B^>@
zB>6J%R1lI>LmMUWhldBSsYtQvf~x|JNGYM>34H8<V%eC6LtVG#PAQClH}HybKn8Pl
z7a7#`t&;)Z8o^cawq|YCBU!0q&s9LXTJg<(Rb|4gy)-T*FOZ>pn9a%TLvqy1SCx}`
zpA1ICe%8rze|xB+O`cxD;uE2Ix(P<$?IjCZ|Ch4jQMdf_=gXit7noq&M5~IB0bkC2
z)=WIE6CPVp(-HiYcU`PxBEWyVDp2HHM_Ys&)lR8_A_8^SA*50FSVHAMsTPZX&#l1j
zr!n_TqDo&HP7!pVS>W{PG!y>_uwtyw#KMekha^PzIGb!I(g+-$tA?OcApJvKUL>Z|
zWe&yIODV>0@niWGKA%T@rv-*<qS~^bn4kf<D}U+7*`HqBGa?B=08Dc&AD?wL0MS$K
zhJ?3<f2xl3zaTxrBoDvau>Jcrv^sObGLu<M_JivDtJ(-_47E}o)`c_mEbasR@J;j?
z%QNnO@R?-2dor*h=2;rJB}^-xFNL{@nyu8|zDvqNaGWVW__Bs`n>^tGVILp+t2(*y
zNVryqG0HOW<>fMP-lOk~H!O()-|yrSRFv!}`Jn8O7S|i+`*%54oY7H@S1N$;inPc%
z)jdrhjx5gJ&pVS}*t%3Gf7dohNy0WcOh>`=JoU5)>z)V-L%Hu>GT1Qk2tdC+l$6so
z-T6$^=Tbo2A4HJWGx8Dsij5ng(7*>h@Ti#LT2s2F3R41p<-o~&yf(TBIdb30QR@gk
z%5EjlGiU_6<Ku?~d9#B@t{IK-ihguf<MnND?=QdT+5I#LRT`rA+vu%Jcm*|MMu&fw
z;%G~cvM}M4Z}?{#&^)AR5FN*k5azi@Tf9T3PA^et_-7hK$K6;{f?G`~RK9hc$Nx;j
z)E5Y%%0TdRy7Ze~e}CyQDCXC<)O{4U%9Dzi{PB{~`czHcs5y!}2Ra6AV&fp<qO9hR
z-+N#<MIpred%3R}ImZ!fJsH}sr1DZ&q%W_L`dgz%9xRz8XUnfd#Vt#IV+rC7dX5u}
zYDpQmMwfN7?b%W-h@x|TYwTZr)XXr=s{kZE%PrYlT+j|Qsq`R~q@Qrh%Zz8}vL;S`
z9z~!?FL0h|UtTv@=Y`CHygPruhuY-ExZqHYalwPaul2SkKLjBr{)N?wg@t-w<|}NA
z-BmWU?KTsq?^)I@)I*Dn?Gz=x!;->+-J#NkLQF4}sD$vAs!?J!jW<(u2+g^cH5M2)
zuPN1VRw!s|79NC;m1w{@OEmsz5t5D6;{IIhJr{C<6{y^irk9jz{L|vT&MNJ7wpPVk
z{I11$$J3ZPNgrrNtJ#eu9`_K1)@V8zE)`dmwbm34C-b)gpU=H?A4p?MEuNBDXgHrK
zHu9sDy<?P5DIa><K~RdCqX>j)G`uH)9P&FyqG>cQihv{ZH;P`b*{x9|$);VH(#IO2
ziWjeotX=-Dz+?8od~DzT*mrP~G^UkCQ(($s1=bsFw|;-!9$!Bh?M<I4@3Lx}r!``?
zqMVVRqtZJ>W*zlw?Xtjilm4(VKg>zUdHT%p3+m@lnW+geJ=d;_sn38#T`&Chz-?<b
z4bN-YX_1;p*f$()sRP-@`_%o_(!c#er#X;ZHS2R+!6TBq(ZSJq5`TLVHc`01>E}0z
z$RnvW{-NsDLiFOLFX?axs`S~K@}CIFsGz%>voswLzKLnQx*N2w@-?KIZuKwR-+Q-L
z@32~vC|i&Ww4Q{!3hWB`_DUZI%v;%P-<g9`OQ~lwxItGan72M3O512_WY0Y`!w4Pn
zvTG}r-NY~?XuRDY+_r8GX(wG>eo2*(U9MZr%hIRN+FYO41MT%t%l~+m8IBJe_zq5Y
z$yibJ<Or3dqy%;JEe}uv%%dEAE_^Kvu_v0=X=g7fZSeV&ftNpKzudh1?$yvf7Yg(u
zZ*Hcz>j^h`>V^~H{T%H7b<GB*CzVS7dYwPX5Kz+DoZ@M3|2fT*jbqZ#?Y=HN)+8t{
zuhygvk#MLNxAt^*e+Ja8x;__e(!0m+bj5WMx0!0MenyR40*{J#5w3Ux?&16;x3`N-
z{2}A!!Xujh0WRq|l0bi6lwpFhVtPxR3SQLcpeCxuN4}AZkf>!LU&>W&#J5_L6#|`_
z>D>#fNMT-woMr#BoUEF2xKh&(+>$qPfo5iAZ(8k0O<<SnpkKWL@k?Lwwbi$Nr>Io*
zvJ8=dOyk^Re{Kzd*2MLDdWVNo4j+Gjoz$q__G9fy0}@O0kzcE@fC%{<BO10_8v0Uz
zZD#*t8i<0jwFSdF=sPME^_>W4!Abbqr*llZ=E=U}&0|Q$=BG`(`1t{EfeYHH7z#gH
zn8~41rBZ_Mp^$=26yg~T36iSS1z+>guSV>xm-zdGPf!1^>u4>%pZBjrL}wMOUfx+3
z3fQ|RO!4wexq;{xgEF)-*D0!jcCD&pl7tQ2!Zwi$ibd%f1-2#oxp#xKP0{YRA@^es
z_4ZE~y)}n<274E{Yv)-hpDvr<aRrtYWAazt)$k^5YbWfbq(Z_EGqh&j@dclVd=TAy
zntq2G;@}D)3>oV6GF18EXkZ|=e!B2S1+cBC$9yl~#+Lv)!k<<psbGkO%=i_AC@~g3
z?miM2i1#F(u220;=Ab{vYDyB*@&04}U7^3LJd>p*rD(CbbUErzC>lQKg5htsvW5NJ
zfsRJDbuquA>i%V@@4=@wQdb|<>9N56f&+;>kVV7i_Yguyc^uOu9t+tw6OiPiR3M3y
zJRY}OCSItdC5=*CQpJ;8B;Bpp`hY!b`O=kWR`uB5L;Z(~%u-i_VBjMRF>!3<XNVhf
zF}r7e7$~WefV_gcs<H{)Knm~cT|jpnpL1(octo{qkwODG>VKRt^Ye;xys9qtpHcnm
z8i<at&1e1+vk%{fme=~bCiT{0J%HXl_2q?i%tOVKuT6em8>uSu&T*I1c8tGQE5vC!
z@LYB_RwddC;!2s=?fUWC(lHYXyd2Aw&V0Q*O9`FG&ent|?Sv9!G!JQgwJ+B&5qP0{
zp)XE44>E$=ZzUNC&yXbBxR&kx?Y5(sF2`?jZ}Zt%=>{=Hom0Cg6%62J90RYVt~R-a
zY_IZ66N|pTp42jEa-FsQ<a=yv7@NV@6C-^#E^3FG5I(oqG<_$seZISuaa`rbaA%n8
zyo+mypF9<GCnjP*b4}TxEdB=%*G-jr-D!sg-zd1F#wpk2wceJ+imPq~71=!d)ZaM<
zF&yPh)F$jZW+YjvkoI8{y$Ha-D-FNPFK(KR-W+>Gqh1(z!~0)7Nnc|NWMB-w7rP;l
z%9ATjo63PbNHuSlPdZp)8rrkR{vu~y0#jRMnzrm3{EOfsI47Fr_mT|ko2$0wsWrRF
z>J(F{tU<Y)wgyh>!{!Z7rNQl=7$IrL`+SCi>broibd;&DrPl10j}?Glq=>~6;<jxL
z0$f@9R%JoG4@>hVjXc?ZxX4S5|H$&}Qxof2$BD5WHD~ZgzbI%0iNrnQ$-X!7otTzY
z^s27g7JqqF5@l<=yYxCWu9RoG{|0+7aGgU$Q(kllmA3A!QBI+D_}N@FpUSp4ERT{S
z(uI~VN(lX76Q+Zks^A2KX~+L?g1ZGd%k)1)EM{N}f;B<A$Q9O+jIod?y{=yz)<<z|
zTS}5vlxLB>h0YBs7tnG#>c#B>6;%}!?}pz=4!xdxIs-5%pS~+akqo<N4rmPe2Az_-
zmB3t6i+SjR3O**?Z;a_9{(Qh;Y4DHM(S5L1j{<r6hx<zVlmV`PGJ2~=)KT+NUr!xw
zcuAqCeJPC7&Y#mcBYMd%O>7!USi!y$jH7o3vy>mDUw)bP@YXDH?umpr#N-Rg_ln&C
zOF7R6ze`o&g%BoZ-CdApM}eB>geH=PvLIlNbj%JB^Kq;`&sKdo%cUOYn4?GC>fE3H
zQ=~^ijn@Xtg%^-i2gSZ>##>J&VH{B5_X+{Lk}S#X@xJPOaVuLMwl&<@;aMCV%~-~H
z0gI(9d)t}avd9_tE=GVStE-k(4Xmxd(Alaz7pE|*k`c^j1eOA3X$qiAR;V)^Y797j
z^%v<}3|3qA58MpH)y>~p{Qr;<RdF0GD|5VQfe;(SW&q=MXslm|ms7Q#PgN7sV3(ll
zZg4#d{6(aS&0HAtKQSmqM#--gjxe(2&^aDf_WRmT_FJ+>XqX&TiP|F>o-Ws(GQ4G|
zSr9Z#h!@aqK!f(^;ojdbXG-a@_(?x{ILuPkb4a4d${BJ&QIl9V*k}e<|9Geik2+^}
zrjRZKj4(>{9nrO@WK)%h+~=Rm@v0Az>F~NxY|ogMjl6U02{~~QjQ!=P^Jq0zfv_wi
z9Sb&dl+(^mOl4&$!yf(4rt-f}yw0a-|JvUEZ^Qpr9i;{_jzW{zZ97kpiJcyKaJad{
zra#cI0zg4hukG{bN1<K*qwaS!24*|ZzU9@b$ov|H8U_f9f!xym{xiu_+)tnS)&i^L
zy+|Kf%7n5@rKXf7KDuN-x%^7QPP8bWZhp69g((p(JynM-vp<_!S{I5wAs`<f?@u5G
zQkGVY<rVh}U53+3CotH(_}OIE&A3pel4hE)23%cD2((d2;3X-C2TP-84WcGSVl9!;
znU>7|(UPkn{<t!_TjE5@q*sF?H_!yLf)FYvh}RyV!b0$>>?`+XX1+}1<{!J~Kdfsf
z6yu08#icgdNmvmGbma0^zZoI@lL)Y5l<+@yp-yPVb;hT{q#T;gIGUzxfNNpkV<FtU
zfN5KThGtDadBQ3^h9nD?BBr;7@#G?@Zkmm@-z{P!Z3rqd1ni2D**zAEyi$r5&<+;P
z8Tb<QMMG0JXT~VynnPytEp2Q*fxKe)y{p2N^xo%!V;W~Q2-C~#bgcr|K55c2_&DGH
znj|X=2z1Oh&#uVWJ@}t0kNNt|0VxoEPh1DKQ<9x8sAkwUe{)<A-^peMI(#3W81Obt
zQ!jKcOovj7d5?hFQN5j=%!UcNjpxaH*7Q}uZfpN|TBat;S$686GRb+`heX<1mUsIe
znza*dit5~~7d!|ha7=L0;x|uZ7fOs%j0s=(;G+Kk3H0?We}t)~wZH0#Hvrb$+<M;^
za4VxyPr^NCQg;=?Onn~{j`UO*8g_7Po0YOTMzvcV<sNqD>%nfqeAadmw_UTisusNZ
zfnlRN80D?#ynNR3*P^+|Ur&#Qd@e9ap2t^+hEpDOmfb<$w)Rf!wG{q7?y+cE)x3kg
zhV-ZQSb(ejw{1zmyl!O)*}&3PN%?OHDJSEIyGqB2vl7-Uff2UDEXX{%y56p*7O1`?
ziz|UksV4T1Zr1rm9z?+|a!5TSUpO)ZzFR!iJ?Ed?a+cni^QcJR;(vO1zTcdfe{>a(
z((rf{@a{<w=AwkbOm{Rur`tFIbB3Ri_yv|ubn(y)XxS3N`W`HJ0AxRBfA76uI=Y7`
z;7Qsm4nZ6g8eCp_)_A&s7%xyi;3vza2_JrGVmbG>apBhbXnlKojNXL49Y#q;=frY|
zcI37Ne$VKCa7iW^lXgxP@I5phoKr>`CpCR1<AR|)Q21iA-?M<`_uF2$2r@qQj$~EF
z;#l+4VoT=UQx*z94Msh>1F*L0j0rylz%@9t@H7Ob-TbJPErTqu2X-UTR7GyU)8!w~
zY7$wC;wRY?aye*M_3;rO_;BZg6m^R&e)d&x&d!mdv^Kyt#)Q#^)R!zv)nuEF#8jd|
zffv)|>aVCm?znsKpIQTMn`$d-XFBSJxV^6&$9;pKE+N2a2buUv6T&<}T+-0E7)#oH
zV?re_m>ds>qWjH(A^P@w|5(Wq=BeW0_RoVKJwvq(j1q#^hXw5}`9^t}1IH~Z!5`_l
z>|r#2WL{_-1UGTkf5J$MpZwyu@HmdCY#`)AW4GZ^QhLN(`KfveQ(2bUr7Ay8X~wT_
z?D{zy?$H%MyW|_hY%Qun`GpNO<id(Bkfi_O5!G2-2(PWg>qD7RqrPIj4^xmE>PX_n
zGssR@TmKq_r^Cj|MYXFx6I~MX*hbjaj!B_zWRI;C^XKx56`{bfh^3tW^pD1|2rF$l
zXh7fZay8k?jq4$h{=>pg(co;;zD(qVQHqo05IY4D6$#vmjZCUY&WloD0cx%rFGj@)
zH#kudn=KicU;hr$#`EczEne!-fbV$w#pqIObe^Q0!bp}58e)<#xPEv>xc}fFmdUDK
zyljy$<oxMM^YC2>iswj3KIUOl{is&!PW+C4*rtZ64Gb2UbEn5r;an<gv67gR_(*q$
z5sU+fNd792%0^!B>8czqaCG#c=Lb|{9x*(FQIao@c`jMxx|H!6^t_k&iK*F^GUPW`
zdrCUwRxQ2<M&kROq)mC5dbRNRC|1RppS{|$7Io89@H8?6okDGMrlM=5_!b%<R&b1n
zS*<kfkX-svisIJ|XV73!66uEjSfhRHfHMFPO!(UQS;_JwYt~*q*J)ZF)5}+CN?=e?
z$<J@!BtDii6(2Z!8)u@$P?MF>nVuT>Ho~=zJ_sT{v0={R$5s%tpg_A=-r`b9{u<uU
zgL)~sVC1tn%AXG(O?!szg{`08Yh0(N&v|S9{MLNCQooP}dz7@py{BgWY+}rEW%n3Z
zcsI4!P32!>7638H`t8cCy`~=sG2yH~^R<JtlUJSj2142m%-8b9?@qb2*Yd9JPHVe+
zK4<+#n3eW?K0p=$kefG0pWDHZn^|P>>+aNk(GN(vJFQsq19pB(eycs}XZkG(u0QMl
zess^@+(VE2=*ZPwh-m;MC+--)SGF#qRc5vxn=ypsvAHyn!EJ3_oArCAob23NvT;vZ
z__kWa>O<-m##dbg$yZ!0haG*)A3|!fzHB)0v}_H;&K-8&Ng9BH<`zsHmLe!C76N|X
z!|bkyYdWVVaY5=emxnjz6UP$<{}my~?Q-?^7S4LJm#G_e<;3~MMe2ab%hP@V0xT-2
z?^-)ON#imMyE_3y;J~)s1q@=a<$|lNzVL{js3bh~uub0#aWa0md&^Q`pQDX9(KGO4
zYwi;589rDp*Y&esSU^nFy2TTE2DZIkK$!XX+`OsD*`m(PcUAGZL5e>76a8EMPxL|0
z;D+I!X!il|Pj+Vwk&v}85hgX;tX6e8lI9MgTE35^*=A<mYROZw-qFi%Xf<|mPiyTo
z{&TA0nQ+Cy+tQ01d3E<M+Vlas13hzx1mwu|0#?oR%UdS~HuCm9E_OnT_mYh?G&dI&
z3!J#7ck&YrR51SNVkDs}9)B^mZeJ8Y!*L6>%vx6^jEq^sUci*6W$vaLo{V)7)**e(
zMZReouN;UcVdGVi;n2+fLyP<TV|Fl;$8-0#%o(LSgCF{eMi%P$>^SbjcFP_R(W|l;
z$RGFKC-@VV=DTO8q-dllC@9ZSYV=d$I^_v!^lMGGFqW>L7oebc>8GrA3S#1PB0He`
EAK?d$6#xJL

delta 41160
zcmc%wRcsvF)&^>unVFdxVy2j5W@bvv%v5G($85*U%y!Jo%nUKb%nZkCudS{BmyUEU
zzrHB-#h62L%u<)sZ$Djd1D19RhM*_|4uJsz0s;dfrdEqEgNr1lR-x<TkG$ZM4FXbQ
zo_K<b5BzDFy?l7Xr2ADIF-C>rXyjMC+??8tkVfiH$i_E*YCA#Gv<pMPcLGnE>Gb}h
z!zj}^fQ^ebZr`hZ#@)oUQJMUE!P4d91UqQ)eMw!yG-?THW_8$s>V9W3=Ha_n6k<g@
zD{H3B>$bM34(rfsMu$rE8Ih{hgr$v}BqjPrCLr7@h^ydy8h3`j_T~LYCD<8#(GE)A
zQ=ld%2jbCpw>GE`kL;oT9y-^Y58y2TMZ{{^MWP525^+w|g-tz^*2@r6Gt%T}JcLZ6
z=$v={OI%-@gy@`zkF1MM53ex(*?rqYqXEh@@`+6VBR>^V?P-qChAPXKoi1VXi8MKw
zFMu5%7RQ%O)~_<rPR8bw=4U8p&vt5T{Z;3${w^sC&vRr=f3@K}?9$FnO`LR`uiQ!s
zxi{M>b!v}-0_zvq3HMgTDs%i#NCHukN`_fyAl5j07h8_Gn}<o80(~=Yn94NB=N1+$
zr<}{|r0x)O%8bjz-fE+#u>(qs_#n!s=>SIwh_}@A#Y%x5xKcP0Am?uw9l4lI0b1lH
zDkdVM(|ANSF?ko5BIf&h-@DnZxVcTI0PgQWTFp3lfUYRl@Q2A8`V0<x>adBlDf~N%
zsByj}<_ZK3XeuNMx*u7_k(ht+opd)1{>kpk^TELu&$mzqxgpx5HdFgIvS$$}BEaj^
z*VgiAx%+uMHzK--+!%GfFv4v0U|LwC-@ZiH8AmaL`<wzd6lUuFGL`@P`T;kwA;aih
z9%6woIZ=A7*r+S?PEq8ae3P}68fsn_&R!cEYg?7ZfJHYP1q@N<b)>vw6D9Cp_^AhH
zwwN%tIC}wV*Ty0YgS(uoEsiz0#(>PmxX#_4I!jM}jVDZ8J!%;<POeO3R4JdYptrY$
zQz&BuG%qY{#)Yx)F1s}&QyE>YBWdf(a+M9280b|;KGnBTo2~`dmkr%S{UjluBhJM@
z<`Y3a=*U%SL1GU9Rsp`_!DmhTvnB<H3O9rdOY))3s}wq~j(}eJvMp!xXP^S~Y^}%$
zWq`HP^@R=b=3*w`m*<Sq8yB_dH$=FcQwbOXGVub)+=lM30uC|=Sva($yRtIXCHgAi
z4~OufB7D+kED#SLcCmz0&+bhpnvl*B<CErkRR%3))YJA|-jvqj5MEYV)v)fmPIP_d
zv#b(xBmf-5jqI9Q-&4N77NA2PYtN^vJtYJXH}AE$aR=S|!e1GLj_!s@uJ4ZHPqhJc
z*Gg>Dr7yC?BaLH{$#-M}jdx2ujj1Q`*}7S}2)1Fnry=4FkL(6HZf^p5Bt~7KV^@SE
z*~?yDFM;1pO4O5#e7Zbqnj_0!82KxR8a7XxEstx|%DZ6k;F`(Rfsh&yxVSE|2rH!@
z2k1MR)XCs?5I24p+9`hpQ36<D#AGzk^SZwcSElpfey!4QY{k}bI8PEI%S)$<9xgO1
zt3oqyAoP|YL#L=9RMqD2v*@UcsdTyb<DahLpLWMDUC>eks=;d9D~EIUTv{emC;FK4
zgePxo1w!3UX4_Aa01CU~3GhPwjR9!O#znlch3_)Bs!4B)prn0^hQx_qHY<g)+{}Kb
z9Bg<>wbO?N@n0;C9qQ5kguAgN4|T(zZ6A|9N3^W`U01EHL$^|m#$Tf5hOF(i&;hP1
z<bLzLIvD@%%cc#3;YQMte!3gJS!J8@x8WPxKadq|Y&4h$8^Cv@3(i81lq3SqlfGwR
zo9eRD#16}j+{Lnj)@oHNuRA=8g?V+W=H$V)iQ=0o*@xNoHHL7v{kXWpjqgwG^ufwT
zn>PEGwle8%S|dB}=lIIRyT_X-OJ$;kn`KRSUeId62*^;CZ(Me+S1i$PI`G?i;pc@O
z&1zT|(xjwQZ9pY<_rE*oAlTeUJkV2jtcg647PV1#JBj|@*!b|h%Tuv0uq-cuwB2&S
zvdyBs?ZJ67>F?(-57N7OJQRB#Zq?qKNg|~z7o8(J8(jaK2;H5qs7-=8CP>+N$BIzN
zqHF%wqT@EZUz2TY8!|WN842zhNU$E8J}QD2fOM{Es@sE;yPLu11X7K;U!<&BG;F@;
zcr9?fKsO%S3c#6?N4q^_|97qLfA7M1%2b>3KL;2{uqhDt&$g#kwU3EB5}62QA1tBa
zr*SF%xoLrQ&QP?Udwkf2JVN--fp2JU?uf~~I|pFi<q(_~17o2Zs!2;$JK>&zVjtIs
z=#6z4(6kJ21d8+eeg`ChDh^1K0{Zm!or4ib4_7@oMW^Z+l^t9QZ-J|}jhkWJS_*o8
z9az6C9fmIqeg%&48YlMUfk1cpv2)U9MmX7TlH${ojPz8L)RiwvnJibF?>^_ODyCaD
zir<GUaJd8aK+gQUp0WZ*ng=7l17h;gf0~&8w@KoEn<)La2{fgx+DTxDvP~JI@&<lq
z&jQFOl>GiSWM<RIE%Q{58DaB?k&<7aLAOT+hWr2z_eFO!X55~k`h1{c4R(g<XZZn1
zQXsbd0o7a=KXi)A5mhK44vORpT5PM#jd{4;Zo;MhH6gGgkPE8tnu>Fz4D=@><>vy2
zYpR)l7P#J01^-hI`@@dyKlOe8sn=3MmUa>PPq~*R9W?Xyt6UM_fy8tIB99aaM(_$I
zzg=KYH`(JMX<y+-0bQTx?zWwU;TX7O+p!9mOSoo6JL~j=$?upxryOqA#q8|W&~*1O
zZxhJF74H&cx}glgeRE`?KNgnq4m9XcvT4e*FIxMY0*m_JDR8Jm{~f|XnS0;<ayYo{
z*XjjR?RVH_#@_6DTb-aWaXX#uzzri68=8fU9(-jRq>~oUoYS%eJPQOsyN_$M(-VbF
zENG2(zpC#j`)NP{44ig!(TPSUrHFx^XSq5tc~!OC#SGB2i66{~Sl}%^N6Hu_TG2p;
zAsSX{(nm8hV~NYNCJ(Jcv>2^R7|j^8k8SwYm`mgb=&F<=eKXOl{FD6r-TmvOea>gS
z(tqpOL+j)$MuED7WBtT-+;hZoxd7+|t`^88oAj1doYQz81VtmYn7WAs8u~zg3^N^`
zpEgn|$w?G)jU4NJcC)eSmU29!P11Q42vEvDH^y>Le|<628ZnAI-Qfy+a~7{%Ovpdg
zm-?C1^EIN*&XMLtBE4?&z}oKddrdV#0X<8j0MBSAtqi~w*Zo=W!t-<EpJ`!j!R+VL
z&r2G0Qu0rIwaWb=KAQ^+=brk1HkX>UL^R5(ZVCY}{4KOhuJ-x7RLvO8ARVlEMh+t|
zLmthmfPix33)bFL&!y_pFcc4+5b$QfnJ@FwR4Rua%`i$jJ*Qnr{v8VqE>4Id?pm)%
zZv|8)eHD)R-HKle#>Z+$zv#~19Z{#_!>%ZWS^m<(ThXOd?zLx_Qv&B7pHg6J;l&Dz
zu~(AOj4N}GD^*n0Ojv$F53W|J@qo!zfi&Ec6M_Fy@ccatQ)Hers-40`W-V4KheUFt
z9Z{=JNR-W`gAuph8No-YTbDb(2}#PoNe5W{B?}e|aU6l8U~z!m<wwjzftMf|GzUkf
z?1QS5Z;WUf+I(4yJ<!98!=^nEh#GTD+L>%TpN3S|TTKB*ghZDpyKVniRzP)d!c2BF
z;CyM0o`>UF?avSA-a)ZV^T;Ayu)O3cm_jA78*eoGOqSNb)K_qaJzQ|dPj%-v*#ih<
zOPw$$OPxH);!!6YF~{tY+c(@v{-F^WoczPB!5O8)Pewd6fqZ`mjibjW2CxMk?qa*L
z=kGtgnuiAPIVe9#isU-|f<+V`E?+uEWG1k4F^=bxE)td^lD{fdp^=Re0li)1nmd7V
zc+ZRfBHClJ^ezjr9LtQ)^QJr!gaefM7(M29>wid{6B>Wz5@zX(-s52KGG_zBRaad6
z`)k{yV%<2pF>%mCIBuoOr-3S&hcsDKG?!w<%Rnx&nlqRT3F;OcPT4E(&x*IVbnb{4
zm|95g<2OX8A*q%V`&QPX5W{2`qA_Gq!cdMcF7H2gCRoA`cE5d4Uo)cJu|ESAzR@Uv
zkv4<ltROFp8OF{YX0d)HAw?y(Z!|T7H>x4{^y!m4QLF0XogL3wlinKZ&@JdNhXI`#
zRLIk4;2pb7#$cRf_<$eP{EXQT^%lS_N5xC50%U$K;CE@-X$3UjV_ZzFgzG8a+0skx
zI{<E-*ztY;x<ccF(`${uyA^Ot3dI}vk!?8|?%}qnh<{wMa5SmyHmccrvPq!Ob`}Wj
zQZYTbGK`xkOZ4;M!nX6yN|om&hyG6J`|%_DS^JV5bG4vzm;TA`yo)WjqqT#5wI8dw
zb~>+H&&?;u$d6<GULFgrLR~zCS@m{_c1xCC)6+=2TtnK;KJ9B~ZViC`hx1~q#W{Vn
zLS@g(RM#*34(*5W)<EB@yW&Min@Of)pv9oeyQWL;Y_{6KbFq0al<!XF<lcCFc0t1C
zqkX14p84T<f8y=-<c_-j=KUdX(x!5=&2o{Cy10I`V&(C9dPAV=uSnP3dBqCvg<JX|
zmqFvE+)_tNS*=?(u{=<`;ab1I!?WngmAyeE@XJ+Rek1b!>NIa+HQ<N3x(Cd{!zKqG
zwE^*@-IrC5t@<wg2O_3wLH-izq1)Ho*6MaZqwlQwYcrAEOYYjz`gzK^=tbGn_T7l#
zj*qZTGm@9vhRbiR^tF7V%)__oW})8?hg|849XvL$nqF^P8&$vzVl#S3{X*_bm;SE~
z!qN+lvo)#c`xgT@T&B0VG=!|5Y0xGRNbeI~(3j@6cIxmm;umhjF&n>d++v|FGi9pJ
zCk_Xn<Rni7GdZX1HaDD!1=}`oqoS9(B=JF+Pfq;%vOqHYmhe^HWByPN@?6I(5Z=Z%
z+J0cIG8KM2v7P{@_unV9Sl`bZemAtjw;#;iR?x%7Vucj*9A$GdSLJ*(v)vv&$TxWT
z6|V_a-N|=?5zBT>S_VAK8MT}j^-ky7*+E@w33R6yeeunnoI85Zj^(t<N<4oPZ}aHF
z+3Z~CbyA8_!#O;9bU8OZN$3We*FF@{m?@_xbRGb?WL6+I=Sa_bqwL_P)K(MEFHKX3
zh<id<${qVK`N96$?+lL5i;I-C*3%%<gM5*3azTg-DgHV-!@2z;NJYPe3B2(2(tq2M
z2jW4XqK;rGfu}(U>xy!}jy;Z*<Pr1zF147S{<=n_JaMNQO<WQ|#*E^sc1+?3ttB=M
z#euP*79I`6tQ}%H&$gA3KwI%KynKZexeR2TlNg1;$E)S)_@(M7iD@jlwn?4`)$l``
zy@8d@1{$LU?srRB&Sc?)b^|@kEUYf7u_{VywxZP_zLSk{ZP7OAdYsvDL4Y+hUzOet
zVWZrVJ)Ivavf_9r`sO@i+R6v=$#c9(D@1ybGaU@DsXl#W2F-K8$a)Hw|1`krt>P?=
z03Ck$pwF(thU5PRrM*3+gy%?ybB{z~iGC83Z$H~+Ji>X)XH2@*jqYX2EBrTHJfxot
zs#p)(O4Xk(rqqJ>N)c9i4MJzsJRmE6tLXu*)=giSRYWnMUXI05l+cQEb=xF}I>*Sk
z0}KNYrW+~@2+Oy&14GvnE(@hQfhG~gM>keeLw9AWaJz}o#8M0Ifc=Y$!SA3OS#lI(
zoQ&FS!mu$P7o3G!a|MGB0}U$)Ash#8NmT}huFXEFGhHB#F&FTKS>-rNGecBkX~qvh
zF7k9cSCpY3Jp%rPfHMr|r+g6MP#$<wXaxlDq{C1a<d=#PnNFwXP0|GVr;;%i(Rv^g
z<>-Sr1xz|l!VKfr08uu9txYcR@6we}R9Ef>7<E8(8d;DT33HC@U1o6Woq2osqC5T_
zzsE+HUgDCU0w?TM525q{)aH@`0enf(B`=RybE!iiW9=x*g4A}-RE(E{z*vp}PRkB>
z>;+SGKv}d&q+Aq+axm=k3;E3xjM|_z5N;uQ7>0*5(_+)mTX$rrC#j<Y>LKPP8@jcM
zmgd@&sG&H~n}|vfHyt#Q^C+__RI^%>s{9>4*zAG3A)WI6;0!)YqCGkW`NmEC#_NT@
z1IrqBnMYoFpx-lI&d$hLzP*$#wSfeX*0*_K{T5ut1X?*&(;$RKTk=Bl^EE=|Ygi>7
zOLXMUb^JI{a70Nngly;KelZSN-l9ny?2_If#<5;*oF)@@AVM4VywAK?x|I<u_q|C%
zCr*M!`=ZG-{F2`6c5p*MZ=f6QywBeDfVL)DjFEU1OM*tlHRZeyMM5oBLcA>CeuBSG
z{^obEo-Id2J|0}y9HtrK1ChESgc|%cM38tuD71(p1cKtD><#)2f92dgit+iYVs^~P
z49=Eacb}KBA8v9<hCPp2r%6pBlj;1SLt^}tOfS=sXZYiO<T0fYHLpIIZEK#FRLPZZ
zN?6)Y1_LzL+|Cr9i@n0<x*`LBAb`@Co^mrK=ts%LeoS#ij=`q81gR!dQym)Mu`EIQ
zZAe|)qUOpyFHuql)VP!u)TjnlN(=m5YHRMp>=l2dXg{Y1L7XNaNAwX+kk`CfU1!{U
zXxh9j8Pa`RM=cFJ3O#k2$`H<^kQ1I1?+6q@EgQL}&?nm@5N>r9LfRcj;-ynf)1+!y
zxpu25Q9}vag8N-VUovrO`dZK)FzJ(cL7VCwt|#nMu_BX8I0p)%U4xIE7d}k{rwCEz
zehWkA4njZ*X+4i$u}lqOhCBRx5B;5vLyslYvEGw(zSUI;<R;eifb_iZys&BK_!)|L
zQ_fV|xMXGqRk>D_fR_ruS2TB`{fVMuWXGl&9G{Vmk3lB!&3&W_{D!?(@Bl>@2lFH8
zBsH7*D+2x|n*?lxfD0vND5=|gS|j5zO62Y?e3`ulPoHal=!h?!`y-MHA##a4VU8Oc
zh?RGX2v4{PBn^!2frV4pw)-Krl)QEZij}O5W^6)-2HB)k$~rVao#gu$<M!25%*LWQ
zTNNofz<1Z9=x(Ir&j??|xwn50)(=c!ynAUuzjlr-C>oWNtoUy!Sdz3UX!D0^MSe)c
z8@I_?Ynn;4#b{ZNj73<oyL-0}fXoeHroSc=UqQR$@E$5}%mw2BwTV4ZQfI}0x@4`b
zzk67wyD>DZhUf+`Us8J()|3`Wsy;M-iHz+g>l#NVzi%DT)Z_==-1IoILdqK|n!mLz
z%gc>jPEzef_;!%R04=nFc2pf(kta?^qPq<Zj`8b_%Q#z8*f?IIE7xsvNAog*Fj8rs
z)0rrQ0Nnx$D$0ehhu&d1l+Y9p&L5oJvc&xR@An?Qdg4eRe1Ig?Fq$I!`@j&dPiFlf
zZyiJ*1##*F?wr*mJbOOH8WutrkxSd3)bID89Y>m^<SK`ec=KiY1_lOpeD_UaF8=Z0
zW9sr+wO2cFwT-m-5~~ezYBc&FPaU{Ne}_w)l;a+o*Vg_rJVFF`(Thm>EX;S3MW|(N
zoawNYd)}4;SUK+yYxnaF^Ty=e!VG2@0a05%2a(r{E(CL$>pAv>ce+uC7tFC==^FoV
zD7<RK7O0M<bY+(u%pUO|n$~<!RyQ79EaNbZ(d(O9#F{@{y$A-c@0-2tyQS<iGp{#C
zcvUIXVCs_6zWtI--}+F2`r&Jx?CA3STtawN9H(m=*hsX^y_9J0k!rIg39&^QyG+V2
zaP6ySEG43$F6DrP?AL1xav=dlpRSRkM??pWHcBs(AB<o(Lw1x~J2y4fme*giapHGH
zTrQ-}gZx#BHsEZz9>UCKF^}5{-c-sRf-k%IQLX_|HG=LFy4oaT%_G(hZ`-dpd%#|E
zpU+4FL>dkkPcWyRw51`!Z=%tw&a10*tJYJj?2UCL-c$4B)@UFWDovn3)ru=G33v+2
zj#6$$UfU4*z~gfg<Sh>b%VO-RoDT_15m@ZcCTp+N!VqPnh(mv@BA~-}v8%~l)_rRX
zqb)j*VRx&?4Pog)I;DU*E!HX`V_odk%q&_03Xfar{Mw<5@5gOYkR#m?eR1PhQp{)_
z#}W98MiUJET9xPs39K#B@aqmqf-IDx@hHKKD9rn&;QdR>BmK6+q2^k}>Gqf!*Uciz
z_9r3l?MhL?Wcc<)Ks6{wgS#8X&bI0yU@1%2dkmqIhc^G}4aSSYr21PNL*UDxYFT>$
zV#HzEY$Wr79d2P}h8?C~F(SMDombM6S{5`o3C5pDU%2mhx?3pO4?bA<ayex)>Q-EG
zGDa&mSTUSr5g8k%7`z0_%fzj99J`Z?pSu_46NE{iOnxd9;m0_rA~9%o1ZGvdiF9A}
z8}aRJE3<tysfa2O7EI6@!OJgYf(a7`=+E8>{gx{0LdnIG;9zbxX^0VgEw^YrG&PY6
zMdJSYJTsu|xeE$T-NNK?41<V7&(EzVMYOYUV@$Q_W;^(6|90f99VcBFp;Qypd4~UK
zwmZ2*k8MVp(la|DWCkCHU1!=Jw^1Q}KE8Hcn!6o-_!UXgdfyhrb_Ah{H)X5<*c6YY
zA4VuyRY<Ci)c?}AB$eX*8z-|MnU8=VW&ozPctqs@RZTFo&TPJ6(qQml5Av_So=Typ
zwje_j-(}&u$l|;>Gx?2MQ%YNE33DRC&e*yP)z{Z&?U4*{j-B)MF_6FHX<3)_Ow`=u
z5cAhuEeuWTk+`f-h`JsEi!M&mz<lRZPeBMb(;sXO8BW>DZ*CXPPM+rjV+>i=STm{A
zteWcvVEp{229l82azC)#3mBp5C}AQrS;F?K5>1F2Z-QsZu;`3i8)^b4e`&Z&|At>f
z;;0iKcTu^y$-s8Qz3-3;#0QruwKEoH6YvI~^+cNOu~{qTexOo<=EF(u0lqY-Fk1%B
zSzv9Mx@S-!+p{t5_NA<5Q54Spb_n`$F$63_lH2{9?m}%t${VcuAoiFM-!@a+n+KBK
z)A+I@&~}Rrj#7i`1a?Vn`l?AsS-p^vK{dw#G(ys;c(zCT9&fxE)ay+AKx6?namitl
zIYli(7B&}5NFxMeC1US&;E^1<eHV26-AKbnz@4uB1@2be|6YaLXTmuv{6v@47OW22
zIK6-0-X9?Y8}W|XM5`~;)*32XoEzIYs00r{%wQ@3`*_TrZ1E!D73o!Bc^nRCBl6g3
z1D_1|MpH!C9wrvzPeU8OC2XQp&2G+hPnC+-DT5;$yB%tf^QX-c04?f?1)-W^0-3&~
z{zwed4UBnh+0TV#B+GOs)%XT85$o_l><r<cZG7>%Yd5#<G>t0lvH=_a)qMs8^7U{U
zFSiH#(g7Bf*p&+ugRDzbPEtTv6S-ESwg>UW;*p%d<FCfivoFRG45U0}?!c&%z2W$Y
zKw*_)Ko)&`s#t&-z@CRb;9iNgTOu9iK^LHa_6K(Y(Vfyqk-o>z!#|F0X2$PA2@O8A
zPqiYbL<2R*^Oh~6W1i6~cOquy)rq-YKdR)B4F54YhaBUY43<%#*Bs6&_JbgOetj-r
z!upEfFXn02CFc8;Q1>7KVeOG-&lvpyy<d!bOF;{ZA@m~%@Z)GHQDf?Uo%PEX){oh0
zdt5;(3CS9yAm8FDc%nCYqXZ4G-Cl^j{_;n$auzx@Zms@+-b8td3b30J)x2pzPwnq=
zQDzFG<K};a9x_d5#tv?Yw$LUu1s*wsk~+vOOL^jQDZH;^)QmW<i*tIWm8cu=-f;&5
z6dZgBa8J|-0K|ySx2;mA;2Frr4N1XNA;GN|w%9&{@ULTdS5!(6VUh~|2%Nh22*Zd<
zA5K#N+m^I*AFsqtknMMz&YiegKi}#l?BtMqC5k1Fa1_TAFX^>B$mAzmWUm0IItK3o
zNHWH2KA*soKg9e%lXFwt3(b`lN&p`fG6Z)L4NmNL;GF<T_Zdo)DY9ou05P@kCn?N{
zFIFrBC2{qSF-7N<zVwWa9ctp~N7SO~-yvHQn8?{IA(mqLL-YfaAc2-w$f$&5aN4K0
zOzK}ANaPyg3|LITGKJoZIeUVZNNp%x1qW`EAKSjN6c7{pXAVE6*Y~A_RiyKCJE3Yk
zMe6qY1DH;~*m6GlYpP9+-i|2Ae>4dOBE(6BTstx2`XULkh+Yk;3StCjlR;cdJtO>~
zOZ?bBBw9iV$$<;;EsU`(8C8Me&ThK-;R-NwKFWKdWfh?Cw{eW1@bg?PYpM_J5A6D*
z>;{WoERTjoIq2`vkDQ9O{y2D&BJ3qd@r7bI1VA2_$I;%y^-DqaApgW)LwYhmoSrI!
zy)gj6)VEnKbH=6aUZD+?q~}=(Df1r8<inE*Gm|h?<SRG%KKu+|SNkN>xre3hVMvzn
zSRA-K6Y9MOGX-AayAlLb$@ROClD+%4%rUuRe+ipf_iw$8Qs(UT!n!E(WT4~|ZqR%h
zfb@7`7K>I82qX+j(C)Jvvr4bspDkY)`3~X!CbVVWMAC-CD`z>3rl+*}$0nD@)V*5m
zI}={H&{;iD;%}R`8jgFpBtd-JmR66c8Fw{EJbR_Ii&IV{t8S8vrC6t5CGZgBq_l~q
z5Yc4B^m|>~k>L#453bOD-ekDRdsp`Q0i;RE{9U=JWSGN?BTT0Im^`->y)Jn_%rcWv
z?lI$cHV8Z*C7{uWkYpVokG8G;c47G5X;#_uv@@8@<US_SX^N^?Cl~e-okHbj+8f5`
z);6KHH)bS=+w4vIc1Q`|QS;|k`Vte}TdToKyqEc>e|e?{4Jxy3DM*kV=T91FGhnx`
z<GTexCzmo70$a11erWdS`deg@GtE&|f=rJF1-YZ$YkPzgYNt_6I?_OqDAt+&oLC$Z
ze5-E0-fVETqi{STcq@OP<Egfa)LvYhjN0s#W4wLr80Fl0VQpQ-RxHc~4eX2zmdlMs
zwK`aJ&3lUIXV-hjs^^YmTGX}*peY?KxL6Dc(qQK2a2N3t-MyHunWkLm?i^{LbG12<
z-<Yvhk%^*dHGwsc87VSICf<Ifa5C5)^WWR^e%G9bIwa(eoa8^o9d<iAadecR4*N(5
zyFcOk{t7VS28_*&7mfA~?oy74)*5^v$nyZRE~FC_;gn9e!W<bvDKiU~0UV~a7WKsD
z)MReH7<0*v9(O1pAanrC9uTr7-x?$NjO7@$H*JWuQVy}nDSV}l$>wiYA?TYm$%#84
zozF(+H&R8jY0wg2cN%cEZ1jVH*s7^KHYdby<*>vi3m9`Cs?3ZkE|`YCCFQ9h0a=L9
zTM5wxt|X+Akd2lZNq5JdfSI1!;tIGU;&ZG_6^@SWrG)ZHeHry~&wA@hL%Vt}=KSSh
z6SSq|-BxBCDF;nM%NV{`?&{3wnM}5AMn-r+#*`QuD0jHEhHODFR7I`cT2(OoCMEKB
zI%@!4{hm9*DK3@y{S`&@Crz(E7N38ay*S2F-sJcaI+4O36x4(UAZ1m!u}LROb1x<&
zAQWRsU(8(9iyBN9M7oBJUp*f+9Rc~9I58Ra)SNRejvI3F)VvO@$?<r)D4{^v&{uP7
z(ShU$&eb!wjCc+kn_VPl%h)hXKQzXijPwyqB=2uSn&f=<S@$Pznjc-DO(XjCjvkBU
zKt_iRQs;WxsA%*qP_MwT-`~z>SAyuWXzBc;lFzJS-Ni1Zc;mh&kXPOO(0UI+o(g&N
z#f@w0nWHSzXFBPbnBC<y&2{snIYoo`w?Vaw-ps=V->uEfbs78FbTi|--P_t-DD>-o
zcSrm2diGZ4?Bq)GNV8R=fVnwzR)$ICn&9TyJ)d?pz<aU|e0fM3EMDAxJ2aSz*01zB
zSQqYkd{#LL;QWDoC$wH|Ah^6$<@$GtS>QzHPhZw^p^F!*?O)6MCSdbuVK~L>?fSs?
z`R+M!#pB~e_^?U+LXYDlD{)TCZqeG?=ji;`mUHfwr`w`+)&t+fO-8l$MbU}A?!t20
z6ms#LZQIH*kV#<GkuhZ(OQi6b*q)2OxVz4Lx9MT0FXs<B_PR*VN~}gc<ia~^zgRJ-
z_Co%gm}oxH#PfZ6U1PJWeCJ*#M<=%VZTig0_Ce+$*KNW3^4YZJvNNYrC$yvOoOc6%
z;!Fv7^2YaQjd<hb24C)EGqVYzqT~I-cIhZ&4Ym(hIi7wqV4m8HnSV&XKP!-Ud8=+i
zNO}J&8zMhC9>@v?{c+F%?*65jt33E9@1YHO$W|e$O%mLFvQXpU!0FFxQN9bYe8wTy
zh3#+T?2U7T!NHTQ{Aj<FySwfkc|W=ClW1CC=nDN0fydA>((`BT4Zz!^%znJ4y107P
zA5;K1fSb17>N=$UjfLl8QjjEk-yFfMLI$?R^oI_v=dBm@szCRg4e^pEwShl!k--m+
zo|nHYx^5~)N7Kz*fe#l%hH@%+T?&U5w_cT!8I6-t5AS&!?FI;TTb4VmG=p?ePR_5q
zZnZ8_+g)pC08Mxb+R;JfOP7S142?a2tphZd@t7$$*u+p{;iC2xxj{fWj+64@q7S9#
z=33-dR>~N!ko3&_o4t0N;>a%A*pP;z$rP;BG|v>4o^Z022)`a3appm>AqKPr3H>j5
zJ#??hXF(kkknqi+i)jCfBZBNX(qr8qj41A=W}N@$-UBl0wu&xp5cnY(SmJ?c>a;~(
z5LJ_l>NR%~9!e6@)FCN`Xg<~O-CUHywk#*I9PU_mwL-jY_s3Dmr737TE0zvUx^Z}x
z2%<1lJe&fKGHfwaDToArJJgH3yGpa^_Ya|p6Umr;G;_2%4&igKVRxq$;TR7Y5<aBq
zS1_=p%XMLMSptOL0l?Du&$ePw_*WijQF+L|O;#{TaT-J=Jx1e<XTsVzo9%D`wyd06
z3hu>_SzlSrq4_Ua?j;a~9fo=6+|cMYUezdGhnN`T5R}|&5c!<*q~vo@#N^|I?sQ*K
z3mkRn!njB8saR$f#ERvU?!e=6qG4;x%6JCn4LdU2`s+%hPXReGn{T+FAyk+fN>Q1p
zJ5hxhcy%@GV4Oro;6|qCiY$b?=n$-Y`2WA*s&aTl(L8P~XJ}PbJ}7QF)=H0PsOC2g
zOg97*sK6u2+P)Z*8PGLH)oEw3Bvh*?I#Lp<{=6b-OyV$`Zg;CO6L1|?YKZ5Lp+dg|
z3!r8*Q0w$+WM>iUIX5HS2gfK>G}7=+67p^PW>=AwaktC#_3Q&I<`s$HZx`x1R)aCb
zlxTqe@YX<_C-HO$Y#8bndqm7@@3-#X=RT|J5*M=YdfKM48?5BBr8_8A#!4BF@bHQQ
z!kW!;rYLz4-RtHh87er!8ESj14XB7KXaIc}UQ?h8p^XjX9_j|Go{v>z5~=1!OjTxj
zFm?Wxp0NjhkWf8ie~r1a`0048Xt{cTf3kW1TIz6rQ7|KjAFE8M;&2=x<ebyWO`0s)
ze8qAIZFf=O932#sOsNLS@+~(xZ4Om24jmLtMj?yMo}p|<d?uK&F<h!KN(7&rBLMP!
zlSl@XjYCaR80+jaQe95in|{?nw1`U2ip|40eM=2W1Q(op;fFk(PkkH+Cro&r?Vofa
zm8Eu7Uw_!G3B^RR*uKf^nDw8EupnZ^lH_naHEc1aB2|qDVuAL-WT?yz6FDMO@`?Kh
zvcFnh(frUj6FS-&b{#T7Kt<8Y0Uq*MJGa6zBW<cQrk}k-Nz3=yjCYw}pL50_yR(_3
zlOZ~e>_KaaBT^~-Ctq|x_R{KpNKJ=6>q2ZD%H*5X0_}&8hKaPll7l2mrUs%Ue|2kb
zx{G<~BXD}4S$iytdHouqQiEA_=bs6`J*P7r0BZq7T~_&VUiTTGvcH+V0{<qc49TpJ
zyaCnr3=ytYjmG)t;EAEG(lxw)?N!ELWf9O>Fl&@El*1q#qjPs-@tYbhoch#-bu#=)
zVR(?##OhM)ZI9-oreUA5wA$y3r$a_K{oqc&D|5qJXo8q97s)jQEM1{0cXKxPMAVkp
zDF_d4U9hUe{S9ah%>WP!75~iEfqZ9BM*W!`1GCI;eYv>0-B%wjOaHCGGbrfu1BJ2b
zjaFnV^M}<+4d-vmh6>!uv@sJO@*$5p*@@OGUe4ZVK~UaQQ;)!49yj2RHnjC)Ii`hg
zxo*RlnT5B12h>xXPxH^7fLNOnT(uGk%_+q@ia+jC%FlSc3>4rq4o#i9`Q>G02ob`s
z+^I9$9;p{loz30D?0A~JeTEJd4ZU@m=ryEsSo`}15=wZP`z;v_e-|WJ)IFe*yd0^%
z@E{qjXmJdI?mBP0Fd|kW51$-Iu)ecgjM^8zYww9q9QerMeK-8mpz8|bupbv5G=A4X
zz|9VQzyD-Gqytd)^M{zRI6C?hesRnU_h|t?6q;Xl70XzQ;MwdsPQ`mC?THyd5({$K
zpfb0D=Qg&A)agbhwQG&`4XiKh?$i_3f8c$d;3I|et)uKQVAd3mtU;K#3<QOnddIIt
z_G2)AjoanAon&`}u1@vHplc>=<8+iQ(86I^bb+W2ngNLThQDBdh1mU@iGt$QJHbl)
zK#{GH$W#COs7dA3N5xj8nP=#TIR0Wvyw=@H72K7^%R|EOq<geH-A6KzVrP?Q5*#I)
z#f+u++tbI#r{ipS4R-;eABh2))+|V5oYc_i9UGUc2O_2W2U!LeIX@wM;lXnR`kAYj
z*Dp+fNSMZs%5^?FLRv$tc5h{@ld`@n^oLr2CA#&R%AE2(&5*Db++6@af{*Lq^P)@U
zPxm<G{=MJhtvR%ILWoL9t5<l`@AOhpz=-33oCaV%&$MRS1^@gq<>W4Ny{hzMA+_Fu
zm1~q=XmmsTMG3Ci&l`CNHpGYaA=s=`7_<RU(1kxO!51O@yqwg<RcI)}opI5d3j{t|
zyk{$r`X-Ru1zgz0bCS!!P0hlz@lQ~5tFDmyuAiwQgf~Dtxw{UxMuf85WGw}H-~^z2
zVV{c-rSW8!RaqF(bSOF{ZG~OSl9e5kvdXuK8LC260Ih=}lElq+v0U%{k!xl-j|;Sd
z7wHlSwP0Pn8+7byxx1CvwDrqFDN>>vm-H(h*zr};&hqsYv-HkAVjn0**_oIyeD`*q
zO0P9b(oM{+33JeWG37UssEgugP^#oWUz&yt51RLa0^?2<Qqq>$lzV*nTXja{B+^jK
z0^RAipsUMyb*|HoeRZk)>2^PouYeJQX$%lXYHPx{%N^_vVEh+nF5GqyRSQL@^J_IA
zIcreZ&b4M@Z5Zv>w#*q~7Qv{q$>mk7zb0^r<NF^$EX*@AbRTVl_kpel$1@G^TfB`Z
zvoC!~DFX~QqVtDwox}7tP`8%eU*|~X9+=d)64WU^e&g4mOZ~pZnkxjBN{mqGSyqR?
z#`R9agG#0?;c|!W_fon<QV>?ODw|klqKi677&4DTcs?5s7t^Wl>Sa)TLz9gs;);yZ
zBTJ}hQ3=HOK)>!%yVic%J1$@+Y8!u>({bO8)~b?6K}-tAKUAhQLF!J;l1r?S5;gYj
z9Y~qv>BJNUW9d3&7ajoIj%MQuaj<_O>6NiA8iXD$sls~Pe?v`$i&jL2<EBXJTshDb
z=kgTiT5}@r2$O4eE(yYJhixWi$G9P{4XTuRKcLJVoNG3;@VYKOognU#Oj$1fq35lz
z-ZplzQ=cxsIXBgq)$Wn9{)gGR`hpxSWmSuf%12688$DmTtUnoGx39jMCq1YITPh2~
z%vkNb&f>m9a~r!eV+@!XFtI?jFdXF@LO-6#e~iee%9muEqAepGgC{+V&d8rRIH~|7
z%=fq&I$N`Jsm)x5)qa@0gsaK@opfag7z)VQ6nL=Q^hv7Vpo_K-P+Eai62Qd~nj9lY
z7r~d)Q(aS{WUB>!KX5dLKiJ>WFAtPo>D9tSGDh9)#Zg=Nw47sq2d}N#fsM{iR5+T{
z+u$SKGFpP5Oy?)poZx5N6=|UZ8A=S7@6c*>GRTrIR<p;h_?;||FrYf}Cl)152(ngX
zAL7^akv9sQ36s<#6-@H%Wl8Y8gkgcsmQ=e>I`6M(n-p$<Jn?GoWzN@;_2Be27_W@y
z3`Y-cOpm^Ugqy#^<UM8j$eJ@lt!<;M?0#wzY3PsW+IuqRRL%a^eG}jK=~(E#P6`dO
zkaSH*CNT=HQp3>9IaU|nY>G$1r@kXic4oUHQp<wjYgSghVv{fkolx`YWZ6CbcYbvY
zHiz9z*yL)Um?cku6_HP^`X*CGXt`)d++8kGpy|GA%^ua^Y-T2`#0NqC2d%FVvnb_`
zFFU=<UT_&XF1EEg+(@QKf-5!VyE+|gd4salFD1&IrK^;jpaPinq%dZ>-6xa|TiU5i
zQw_HF;L*o<nG$+fA?lq(QJ(HC>CSp-`lt7(>nw3#QA_F}g??iNq{DUvsaaY*?=3ju
zz5xf3engOZ1)ZFvXG^-~v%2R!DnI~j$boX(pvvzD>WY4&H#WBVzr8EWCFpsCs1H>F
zVS2Zu7eA}DKBDUMgSzy>pHk=#25>rTm58Iyn$RAZRkshJKXk(1p7NhgY1%KF(SY}g
zS?NciLs*|L!M)PZ?zOz#Cs=P}*YnaxU5dHcnB;Dh=ZF11mbaddI<TJV7L-TXO4E@r
zLG-X)372Lz=c4|-8jha>KD~asrnks$Xq_5;1_S8Rrsyh7-`VZXMO$Ol^8m`{F|@bb
z3OxFm4@Yr8el;oSNCE9li)U^du%mp|Doi>8zRwU#8?>XneVpY9@$A`5AFuXD+CH-q
z0T!L#q#xykI#nD&%=KF}7}$P>HMv-%m6eA<#wvV5vif+ew6Xy0#)(l+mySBy(otS7
zk$-Ub2xg>LbB~Ucjo*SC(#SrC#+UmP=s;EOjR~<`OqfAR7`FlA$`Byrzo7vZGUeb&
z6&U4|mEoOQ_g)GX3lAs1qkkg#(>!`nk|x#1NiXFOu{Q=jh(i+|5zg&{o_cF;(G{}f
z=DXV_)=!gl7nF7QBfSIr_Qqykp~C**{A=-j7__Wu92NGw+(Z!D*Dg`sLA;gPiw1*>
zq2~|bkduEP7Vtlb^?w7gfd5IX{~L$}{7+*2-#{$je-i8e24VsKlUV;Z5DWOP#H!_l
zvLI<&{;f7qngYE-puoTe#_<vZVL=fu>dXdp0)>~3wYrM7i-b@2FP*VWtYm}$^%sv3
z_QLl^T@GoVT0}s##WR*de|v@PoEAr?(Gk|sLEmU>ZVLKVnI0l23gz$>`>W_iCRy0l
z(C=TVoD}XA%6+6jdht()){N$vQlxvhE))EJ2$w&_&*{S*gFyoc%(rDJ1lA{THKjdq
zig1?(vQVV5$A*<vX%J5nk%}^-G6)_lBBavY{qY7yGs#B6=_~>j*1N2pank#uC0JxL
zi0Gj?6)#B5FA$Fi$XBuP^wo+mFSv1l_)rRA|7qMMc_#3l_=o!Z$5(-Of<o9(mSY?E
zLIqC^7*(^k7){^n(;VlcM<i*tS_#aO-5OI*21!;}=}-pWJevzl<BRryUUV4gurFD=
zgm}lAfA+bjPJ`SBV~}+p3fi1JuVE>#F;^e`hWg;1!w~O6)D?&9b-^7I(|OgTAfM9N
zcu7US$(RAPQsfNznDb5JrEr7kIsuzTdj4W1WVd&a4PpdlUg)V#R%7@Wzv5N*ngrHY
zMTGpak;nsgD8E!*Dr7#rresF{*Ff>UGaE)<bmM&*D3JdcsN30cUu@L_ST(JL1ytex
zAgB<>N?Tj6Z!RG-)@Ab&DgAXulKueardCi*!}2>CsFgINFrC`BnP+lF*fC^v2(%XU
zc=iC!C$fEJ){`b7O3`v?9e0ws$DefwH8EDWC0bTreKj^Rdp#w>&Ft)KD47fY_mw@;
zG|;>b5u0<qzqW+T^_bz-(U@y<($5?PN}aQgqZ%?JWb3frt2op{9;hA1>JF5&W(bk`
zt~hS3TSq1)NQjS>RffZa+tXFYDis@a=gd!nCCU0_7Cg(;Bp&bX&);uhk%I#$Bb^gj
z(Xs~%2gT$V9U^M>qu<uG#w6r-!Inf65qJ_XC0Li7n6U@=xtfA=aCljmql~LUMVKNy
zhVB$3mAF5!MVVeg!~st2v?at}F^W?vP!T(Q^a4;>iVKv6PJc_;v*Pr15bA@Vhyu-|
z*++1wv(Sov5BY`mk*hKog)--{|6O+7M%hDGg6SYHi#^QVmIW0={QqN8C=h2tcz<3H
z-Q5)sSQ5}(*mqeE+z7_5@7%FchvXz8wb5LKfhC!KW`p|Aw|RdkcazI)8DTj#FVI*M
zXS<Sv^hz$wCiy(nthMHtk$N0!lNLskLv1hu_KoSwa~P4=Xdq<z)ul~z(0+Z2s<7NB
zq-F|;z^arm10^|IsTQih_?YGfHuFDMV$`ust-(k_{Gl$vIP(44*||LI*)v~UpT`~n
zt~$9f;XvF7MJVCyOU%rdY1_)C)ZAF3SuX0Zb(JALW0G`nYkW`FlK5uQVR0*7GA!Zc
zy35nH$=M^@%uSWzi!2lCye&n<i0F&5JzuZ`HE6<IMcBt-{ub3+EP1YJR7cs3FAa!4
z)>?m5bIw%v@I`i&*GR})n@_TKtasuAlTDU<8BwdCGU-T*;&V-Wo7*->-}4|P0H=Us
zMovNBr@|=lwMG)F3c(u%*>8r9NW_8|c!_(on3NFz<Pa+L0ZllxA{=~l^BI~{6fH5n
zB{?$ZgDS$k)Lmfru0wiAjqR19M{#B>qSzY2-_TD5;o|zr_ms#=dNV{MzkvdF=ZNaJ
z#yqJv3)J2%nlLuCh2Gb*<Q>n~HyEChSz2p(NVPOfoiOl2b?gLp!cEz5M4f%AL*Qki
zysN4g9^A&xDtb?8_|KFN;WD?PKUgSVJWxL)h0EG8`%P@yAmjAHS>~*OUy>OmjAuD1
zqq<7d3jEl!f~`L^5Cl;_ffeB26Jo;3y?LWEZXE|ctaD@Y$mX(=TkLG%!0AaV?4xf6
zcXT-;XP4F(t(N9UHxs^PY}rF0FAsb)f7$B!TfEO!{YoENV?`%kTySZ%m&m#YQrCm5
zlIVk<xX4laPGT*l3y<O&XOFxn7mas?FZ@rUVA1KOHF}d^FVRnB4p_mvJ6J^$M-b;Z
z*;hOwX7UE)Uq-l(xuk-;!(D^S&Dd>!LwO%T;Ku~6La7+Jm!J*8w@^euKfzUR6-e>J
z`qcJky1<8ltY7=bzHD7$vS)_RvSdcoetLIc-I(w*M`)TGA;des&7H)vwHqFAk#f91
z7=MYv<ve7|QcAD^XraVnpNAb~*<bwhoh#zvOK)5dE!C<&U(JMGI(fglhy9c2iz}9S
zg3r?^WwKAxGRnZ)L9V@2rsj4O4+}`H?3$bBv@T&Gu$y@dI2xby<^xV`w-U4#@)a6E
z?x>fWii--d@IjG`Y4cHZ$xhfm`&RuCV>%FUP;5!}WC8|59#SMpK4XM*>i2R<WxD;b
zEroe!i(8P`NbVMb4;lUZ*r=S#h75*XUVE{v*bPDk*8%bSn6dM^^OmUaK+xUYW;v>5
zI9s12-$ur>s!0_n>c6)4Xtr$=8(`9H?e{_Dxv<ghfr+l--w?8H2NnxfsN7Px{lVTD
z51&3=74ZKJtExX?)qBc+VHNRbX7Dep(h2>9RlN(YpQ<Xu^i@Wrzb#Q3fzn10+)8K_
zs}3f_d-XM-Re#Ew8)K7l=fE8_e<HzDMHk^$gV4xGNQb43h6Gjr;wWI>l0>O*aT`ti
zA5k^5JYXj0NRsYBBt@UnwCgEsDj$|-Vl*zFhVKOW-5Wbo6+O-P_?+9xF2e{HUAG6J
z%n)g!jxfAdy;hXut7Lj|O4-#Y*!3pchSUMoc<2D%ktP%cw>ZP3f6nB;pehV%hsGZX
zsi|T7Y{dzs7icJvh)(clLHoIT7~DO-ApZ4I4F1>~qoO;-wsj0cZ7d7^bW52OC#^|E
z5W}9hOczGBZT(%KElx3ElrRbwX3yk;o0&966pRIYZXT9188o_CCJ$MR5f{ZWdy}u9
ztwx`XBtm@KyVZIEE;FU-n>0hmkD$PHg_0zn&SwI{bs%Ad_AA@}o2=USM^@3bNJ=3s
zU#k*BTbTuZMHr;XmgOSIsvyv;@r35ndI|RX6W-@K{HM^=Z%`9gDbSmuK7m6*MGplf
zQhoIeo~&BO40*_%9uwuDUr7+>6`@Pzx~7ImI=GwdE`fBr(`8>CKyGq*2)L340V9pn
zpu4WyQ4CV}f?ZNbUyMFRpq!<vykB3~^;L_C38K?c3G14GVdGV$3B-d`W)Oa5LVItr
zoiQ5^?w32!zJ0&?In;LYxMsnJa@tRaA=&;KAkSOxHV?Pcs(o*6V4I?GeP`RAK_W~*
z?ibro$u-YU#{41|;GK<=n)w^@X*wO@?6pzthClNic3lyZCvIBTbl3WTm`|E1%odaZ
z8)*C7;vd)wGR-a)=}iI{cio}a@tC~R6tG!IHohG$J$ZWx+2(yado7R=Y<6RWbcG`M
z7?-g1lKTl{Dvo{!t?bZ3#ufYHjc=aC8FNm|-qwFj>%#^KfQX*mceL%D<^n#3t7LX~
z{#h*W6*LHO2CPxXr4iQH<QEYO)X1N8y4uTVtPj!{zjD8lj}?Lw4E^kY_cvc={#xx^
zv;WgpfOWJuu<%wk>8Ew2q78Ho&6>HRB;(KkFS58Y8%q-(OBhU~^8E~el2d5<jVeD)
zE-5%>CQsw$Cr~3@y~cepluEPYmzPnc-Q;&;$C%>PD~q5jh@r2T|M?4eEeoC*^X0YV
zWTeg)3g(#LJi9{Om>IdV|NLirlswP%5j!HFE&s|(09Kss!V_|}(M^phto!<>mA=$`
z4^l{$J>F_*kJt95(qeDA!w!vyU!nynap(Lw1#QwI5KYeH=JOi5!Tlfs`-D1|2bvYr
z&aHIGM&o$gCH*meK^*=s@uJ-25jl-e+~Y9)YILzf3KFT8>)&m?8Thdipl2m4Io!5|
z=6w`T%PRtv7BYJ57hhUV10#VIxv>9dkeFv16WQ<{8UA^<M`dS2Bc~azA-nglRndv8
zE^rv(fF9R@GDpFr0dKn8o{1%dJBD}QY{LG?09Kt#F1GM!RnsPl`8f39JZKk|Lr%dI
z2|?WR7n#rlHx6tv0LJ#yc$tSXbA5Gg9=^z_JsJT27kRx`f}|4lAa{KodRT;(4I~DY
z-JC)B+L!&RaJX&*O-Q=agPuOU2?_{|o4xM=&p2+Nl9F*(wD(LfL#YS3(J_i;53XSl
zz43T7+d`p>Fwp~^K>*lxAJLGX$evrt-x79~6ViJ+&K4sLJs^mj`3+8QD+!A*x4W9N
zLDNI9D$1jycpg)_#)-1O2Q%A@K1zuGs26JogJ()@w_P39LG?3tkK>4N03-(v;b5Xh
zpngFXL?GGz3%_~-N>`GO%)1|G!Xd|v=+s5#%V9(WJkuuhkCQv5zZb7RwWerw+xW&K
z>W0ps!ttPmCKEZ>BK;SBtt9^ozjQ&i>0kc<e)YJ{LEYjU?tg<ZgL5i3MP+eVh~@p*
zZ%;<be|Q0t=&0$bz+a6P1TVNea!qKFE|n$7*!Lus5iM)p*c=v6o+~=R8M-KGvehz8
zMV!s>@@{@Q22ZOh1C#fL@pPQAUq91u3w+Ocp5n*RKJ6E7K&|Jcl`ox_euT0UiKx`$
zp2uR3^`3%oAgLXfImat|6lC`9IyvKF`6Uv%&kN9{atN0Xf7ur6%>sCLK9~`OcA@zv
zbL`6H!Jx$c0>ia#ImM03a6LWz1u5)|TJ-TGbO7gmVlzCzSV!}6{(Uo@;5AA<HjX+q
zm3l{`?plmn!69w;1Hn{lxjcM;6!}AbYy0^TdMcYy0H*Kk%9$W3l^<nWHP4Vg{mF^j
z{x5)U*gEel^zg+H`T#*#^P%3Ig67FxKqn+`jA(Jaz*gwVZ?I$8dx7KCw#t2Zgh7@3
znpdCp018Vr5(qm&QJOYJ(yh&F?NrSRehnZ+-);xTsE4I$N3x)2#ilH3?%#q8Al(Rr
z*%KRF$|Up+Q|&3gBzgKw(YH(4;*T9MpaA*<ezUJ1;YJ1{z0Wf;5|h?GP`D(CZ8wMd
zY_GS6h9SGLrQS4fLgFxciMP0eYE(vlrv$1<5ri=j-lPdPUJ2@y!7~-s%#iK%tLCz;
zO$D}^N-R?UAF|Fly0WHQ_p$AygN|)<Y_ns#W7}D=ZQFJ_Mu#1BY+D^$H}CtMbM6`U
z{<B$oj<NQtRW<9W-!s>_4)1Ws7I@W+`c}Zfaw8q(^YPr)YBox$dyLli905qj94`g`
zAK0<)!+-z@zuXawSauePS3>XR$ZBGcZ>Z~eH!aF)BXkc~J>K0ks3M+M;_oHGJ{nM;
z&S7Qnw2faKJG<K9#KRnHpyPVdR38!u6%tdK)+xI8LDUHx4~KeKr0FF_u1xiti022t
zD0#<W!w62@73zNxy+;c`UE0T{U*s<YW6PC=rvVc1WA7MV$%c*c+b>Z~S_r}RzSUfu
zv`&IgQa=gD_O7itF6OTujKJ?oN)6>BW;?VKqh>SFJJt>PnPuRYtbVrZaq`zzM~&bd
zijAg>>t~<3rkzObxnY=YJ2Mh<F&+$?Hs1R1OGAETG^$N1T{k8+*q}!{GV^HS%fG0y
zM*w67SDkjLVI8L2%8DkvaO2%mqg=%y^hR@t&LPcF!^Du$W;!PS3vVMv4ot42rm$v_
ze25r`w%?*Q8-&ja`F*U<Ns~OwgCjh4{M64-x*3M9Atjm`RYT{Nd^>F^?yIuD4~Ft{
zDH#GpppV{a9o<*7*kYN>p(JJPEekmOA*B;{Qlq)hIUXI;spEoyuPk%Iy@RN|@K=Td
z?%J_0?cs$UHm-O1C%$3&`4-*klg!4~r|z7}bH(~|MVf8B>4TA*emV;)GSoxQPlzux
zPP>7bj<M!$=D{?5`ZZ;R$9*_y*6DzGtWg8J!C3te`d-UMl5qax)g>Z9#U4oK!LJp%
zL1DP39V|@Si5G8GFLJB<Li`Wo#ypz(zZkboIvP2U(E&XDzpk131vH^gKNxJKjs+Ms
zkAiC#svz{4`%=X^)X83jE!xM@L(zoxQ{e<3|7wRjey0d~wMrS<&I~r``|6Z?<?>iQ
zzWzsBDm36PO&fsWEyhCfAb(VuhOy0KUU~f8n)}D}Uv@c&<2BSV_7!qnSbA)XWgXNp
zR;po!?i5j^w$&DL0!Hjn*m@n730+!-vFEoie3S%~t{;lu04_K3OSn^j>ockm;~~qV
zRXSSz>3AizqPz6o_e)H<@YgT5wMGgU?Ny!s;&f2JvEDTACBs^3;nZ{L>zHs(C>E6s
z;_uO}#<f`<RI&V`zlHf<q`^qg7z^km9K+YR$ASeJScWR&La7}P)f(#4tdq!gX%iCT
zK?wE<ol{(}nR%LLSapKvDj(YXXvtB9I8tX4OiGHzZX!|9ddOT*Ej?`llC`ViV>iIs
zT}@5^+wpt_4A{{i`<<c-j@teniA6KT^fsuX`JmW(%LogQiqw?yb~q-1IaOJazR8e4
zyHRl^p16kc|52Q4Xim>S+o0Zt$<?Fizqyl^-)YXHpBemJv)0n1-G;M#bXo;(E_}9=
zABn@m(5kwDQY>?Aa(tO7T|F=*IR*}#RK-B#Nmen@E%HIFtQT9XwgcQo1JmJFHv^LS
zVs`M!4k85v22jW&?DGcY^JsKX2b;@SZ|;JIXE{ZK$j*yhzgM5DQDU_f=5G-XHe;jO
zj%|d4VEds}A;iv`2T}YgRGJPQ8N6ZBg&JB9+-JR0`<=$!c<@~!_JsLph6FG^iJ2Df
zc(Y|~D5{oQ^OrwItp}4VfOJ-7ZR_?&KE|>7G2A`t+eLKx@vWC**-DLJ%Ja^yv2~&^
z)l1!@Ows$kyd*2l?GUj!e^M*@Z<R}FRC34PiL0hne)sRgaOYXkS$(5>LLMJ~543y4
zlN*uSl|GD1VgzO<z25GxPeg!+)8-o5=XambZW}#4mlA^Kmcfr|pyU10uLu8Us(SXz
zO{Ve+*9*s!Yjq1W;(4BvQ<cl=aL2l@#Oa-aS$5_@_sruQUgyW_Y1?$A%TyN65w<>H
zsr%>Ptl&NL<!%i6Wp$q6?YY>@=hG0S+|y*sI7F{&Gj~7rr3>%Lu@=zZSX1cH16X)2
z0D+^mg_EvI(=I1R?$e2k=vw6U^_xtFTkVU<jOrWTQV-u7)zfw7^~g#*uZO2?=M|f8
z+S!T5)owS-=hM3uhkJ8f=0sBrD^>LFrY6au-+eB08=bE2wqL~yvmf|gPF*gxuTOpj
zdOFHZ5oNr5B7N*@z5u-Q=~W9+yU)bA?=k;vO$M@FE&|pDc9Y9#o!g>rsaIhe-$|dx
z2C~mfp%>s=XtAC-o8s5J__2PDw{Fj4$f-@x{&Bj$yc++kH`|>(XWsMSlDa)3kUjcG
zD&2!gd~0j7(+wo{;NG+uMfcYCVSDL3+~L6-WUB4<WW(Dw3)pmS`uoe`=JjA*?qR!e
zHM?)g{mrWh^|GOxkaG>T4%WSkdH;gb*C>nhLStR%L*w+`F8^HVIhUw$($;Pv3v>5E
zzEUQ$qt}XGZmK=u(%jHJBk<kgW(V#WpcRSry%6nyc5gr5)w<ZDz3jU^t)g%jAP70N
zr9mKgzBj#m2iC!>ETnfIj(MYfYwye(7r2f$^qVptBDc@A>3OjSHG&;tV)PFgS{Pto
z-8$Zo$*+{a);nE37R#(*O<a$SPSw~;Wy4w~t_Da*jh1d>@&u!}L@AATG+5c#=$o3!
z2k=avnE&y5{v%lLeK!i1mA&U^XLDH(A&XrYpUMLKvrzqy;zJ_nF`tAn<?^f{ZEWP6
z7dKYW3K}i(o@GT%BtA83VHBNAmkIDPb&EPT@i{+tj}rD(@lx)h)LWhwRQ5Ov6c|%j
zAHsK&R}+=#SOS;|8AO|5_{Py}mH(pO3J5%LY0u5YkO)++EE=1WL2ieFG*n^cBk=*k
zGFRzrREV{8MH^^mqG1(TA2TMWu&!g5e&b`2-3?>E0(C#g?$9Z^Q-ibJ|K%Qr6LJ)k
zOg1jmpZ+iV@YXQoK<~Dq441F+-)*G3N2eqTeBpn9Hhl>y#Qb0XAJB#yI^(<L0Q^I=
z)ftqKQJsrb<@73Mn6G*TFY(moO%ROdL6`}WZRF?2u<OO#jLV0aojvxtD75pGQs#aq
z(a(=YcIU0ii(UF|M-^Fhf>#v4pTQlx)z@7T`8m|#pd4UQMB5vO>QEo31V_)%3tiOJ
z2>RyJ62d-!X_3S<bit0dHSZ$=5!GqvMx>FiyGoH|q1xI<(3i7@KbVl{1Llb^-@{pR
zKN1?J^Nq9yfKiR%56G%30*zk)Db82(L71FS2ypTqcp9%y4$Y#Tn*SdTjpzM89NK-{
z3BvTa^P3Bp;ul@Cu@C~#6?Ze#hEJ$SgTz3t{Hx^>(t^t^sYWvJiYD9f-WP#V1qL3K
zC)X|cBs1QAt}y!Nqz{X5#EYf4J%(=QXNrGD^C#g5L8yfV-n+4}62XxFKU#P2C!RJ~
z=lO}J{n6Z-gMg=>4r^tNhn0uV1UUjyl=9=qdEkg1mJ<V+XiE&?qAbF(B85hEjz38>
zWZDEUz|e8B&FHdkLWAp4>4LCSFf|RS3deruJ^|k^{b4}KPgZVKB@UZ3<~D&Y9q=KJ
zW^GhP$AseB1E)ar%sJHMKGK9`hYQTv?@NI4%n4Qbd|yry;m@EmvF|tOe4+sQjU88x
zS+ET}3_nXVhJ)ImgdB|u%A{X03xA+NBA*)gGbS1qo3>H-1^<&<tD_{&h=d3Vwe~V-
zeHX<Lz6d+{^+vfz+&ek++++D6^da8DLuedEIl6O66n*t3zL(_S)D^IB$b+!#mx^lW
zF7*dmmjUG6S*nZdNGufIk54s<5!QKQ6YT3$(uGU_|J)(TBftJ0W8~W|A0t#IFTKI1
z$M-+9T14M<UHE+`h&2m)2>CYZi4!Q!k7G0$;jc%IpqFEoSTg<OZ7&|3O3CP7Vkx=f
zTL^-pnn8FCj5$$HjRM5)6;k*gQ?KlPWTpf{HEN`g9l>|^KMAZ<&qpAtBFuDi8Nzn*
zCQ?p+O=6573#CE2cNV1!s59AK2Hdi7GFVq&xHxV9mx^slIO2yz14`s^UDRq|5{xff
zVvDyD(s;hssGfPWxRpJ)=`q^<uZGR{kcnuf-JC5aKH(QE3w>H(u}WZf$pOte4OUpo
zC3J^X*rWe0)pWl*_=Kf}miDuMNS-=_ve6ww(b{73utXYwv|&~u{cHVQVXyeNq$v5d
zf&+A3>GxmCQX=B3eF(ZbQu&1DjgWsZExr_}x+~KKrdn}+sX7{*W!h~N@WvqyPFXVI
z^*kx9F_orbaQcEjOc!y3&AyG}7;+v)8b`lMf3E~37(^q;zS5VGifr>)UQax{QCz6Y
zke?<LW>VA_kirdbhOHl(gCa`x$X#IPT=o0m)ctFt^Tr|oyXw-0dIu$O3mO|LI<)xw
zlY-kt`o|P31aiZkw*6lmT;OVe4O1l&Pt*uK`6LYkYuQL7i<t;NUN};>y?fl9E;;v=
z_9OWeI@9yZ#oSfsEX0_Jn@=r1OMKjH_XjdycJK%E1WF((>=}f7!j72;m4igW5r)Tn
zj}!gH9(t0X{L>!1(2D8Q892|({;FI@keGc_KPzS?`maU!TT9EM;moH+7<_co-BiFg
zNCnldZ5(l{<|{H2!5b8`{dTT3`1xU`shpNQA(UBE4{-<>?~C0)H?n-!<I|em5s>Yc
zhS6y>EUD5Kokf)IHut?SR3eW6PS5OL?fP&OA8+!9`jzMgMkU60t-nX^nIEBhPH`Ql
zvKVv_c{u_>g%?f{XM2s@f3)j6FlqJw(yn<5GyInPF^P+#{*-Y+Sg(AL?22S=F}}$D
zxG4!JCC!@?b$2LO2W;)88v99M$Q?c2RaDwZBFLxo?&;H2`FJbQR5A@#b23tBB)E`%
zE0tlBQ6IBj_<yR`MG!K{BoyjqlaO*AFBV}Hb1{pYSNc*$uQDmQp6yVgg-~wYDy^#*
z0k$7E_=JO<u5<Z32XVUN^PE$Q?rziFL&iG>eoUM2?g56Gz~I~9vN)RH%fMY<Ogpj4
zubB3F2KZ4=$l^b~jR6a+VYvsSZx}n2Tpg5;!`K$AGewu(F?D0JuLmN@d^^Lsje~KL
zUQeNBp=&M?D5md_u?B=8Um+&On|4qlHW2>1NTj4~zbhsBtmDjzdFF1t)xhjtl|PZp
zkXbe!(0Zw9o{r}t{@0H>br^YzW$;}evqqX{u4TP$ngk(Fnququ2i46tutkhxz8z(p
zZHrfUC#s>=dS)zE{&ug4rB3OZQ3Z_w&Ke(<oFkNLT4O|;&+?W7?9M_Y#CHraAV>!a
zNec-NZttHq1>{&RViK)1aQ$9O28JIVZV5Y)fV+D+ob?1Swx+H53Bs9BT2qen9FlN<
zr14n^V-BU^1xW4C4u3o^hP{dX_G;uCf?60!!<pm=QH`k9`fn2M(dYjq;b8wI;hsj7
zIQ}mQ_vG~dl5kjLAAmTO{U-{CjW=8NF9}z-@ec_%^$!WBj>{SNNy0fz(-2hrOTsmh
zLe_mT?dSDjo>Ru8z2eY9BZH-oicJ^$&a+)aSCdUV__4>sM5*~wQ0?vLGJ_kdixt+Z
z?fQRFxZ{6NxGfywObWw}kb%dbNXBfy$y+%9!oYXgEFi*ewwPF^o{5*BU8S(92Vsh_
z9Bt+-9*hYSFCQPno`u$@a-u%M_9nu%`B2;wRonL1fP~Q<-d4br>OjH>_Dkw(wTy6d
zsa@}k>z=}Lx`1yeL%s489Af-Wr_{|pGxqGx!dxpJk5h)WU;0b(n-XLU&5b_*+2@3`
zCJJ#Em2kwv=PZIG3$e4MFEzwyv>d;DFnJxIC~VVD$F$%Jtwv^qzx9o~#Zb-_N?Zkh
z(^Xbz5-z2Rpo@*j>T!wj%`EJD$0bhQ{PTR^>X@C>OrqYFd`_vxUd;24Cmg=r)1SD)
zW3i(_t%|K5*4HFd{O*Ur>rY9*$sBH-%_ZDMLiP8+$;RRw#fJ8hJw%5)dp9kXVg1kg
z9DEY<YGiD!U)EpMxOnrgSZ`q0+bX@x_Ib`oszejbAS%<LC3VQuA-CLFrpv!^x&5u2
zJ#K>A2vuF23C~ZX@pvsKxoP<7S~1s)j+c!r>@!XdyNTA<k4M=2M;;ada6RP-S1(l_
zMsGhyGyB2f>j|tVFbs93c7GRPFC{3HF`Ty|=Lz{Au<hsbBb#GYdg{PE3cJ$4L0VeP
zEVF1!t4Nc&%+Oc6%UH}{*{sL9z-VfRq}eOz%__HX8BDy)3DZW)R&CY!_vPhncW?96
z&6yNrYp(B4OAY`Xw>_US?P_$fxUeqiKOo)TTS=DxAaP?i`1AaqNZdN5Oyqp)KS-RH
z$0rik@rlIMm{V^EGD-_=^K;Pd@0rk2rW<CcpGe8_Np(2E0JM<7s#?@k<Wy9zEd$c*
zn&lK%NNN?MS(g1i9_kgNV`_3Ne?4ne61nEd0Qw_@*J>4XHH+d5-a^ZMQb&3ra;a$)
zU*GJ#Hb{P=f)BX#shX=QviGr+$MR`KwQFDb4a!jaz@FqLvt+fIcidt=_~y2RJ4W?|
zM$qTlxLbQUSMnqMmOKS`@|J`fCr5r}9Gcha0p7|cw3{ia1JbJn^_}<q2rrzn4>$`(
zpx@>{u{DV~)s+DGlTvZ)(4OSI&)5kcxa2(}$@OT@jOs^`%+IwbuhTyVXs<pR1_9sK
zlVmg|peQ%H8vI?Y0_2kbgv`15A&`M$Q;gcF5xvzTh6)pWt4|HasE0Zt^;V|@k$~Y}
zwWfaAssy1?oJ?{#9wA7zcq|Q|YEXlb(}Lw&bJB`!4bp;fX(p;g2quukB}<{bt3~`1
z86rm$6{eW^GZ?K{o~)SQk7bQ=5Jqjt5oz|HXzxz_0_=>epGV05d4w-hRQF=sCCQ!o
zqc1G`KEm9?pJ?53fj-Odxioy*ESM5is}hVFoX{~GsKQ7Gy8H;xp@gJY<yc1`mG#P-
zA?!Grmp9)Wo=SLN%o}v)9iIe2;Tv|ghoIHzSgT=ggIf1G!=kE=D)Tj0Fiy#xl>VpN
ze;fHs)|HZ7?t^p!-**#e87DaG$eTgczHwEwE$U2P9up!cJ%w?ghpT_hY5Tf{Ii`k=
z*D&O2(}4vrXz=2_D8yUP1i^9C@jI1)dG<oe+}3w=w-NZ#ws&TrK&IKdB_mgu^OtG#
z8|pip#2<eycxd73Z79~{BFnjRNb)rx8iD|UgFt^59HcMdn;Zd~yt_<9WCL7SptRq7
zYv>f7szzu-IGKpgmBpVEBo5KibALKzIaQ&L!A=3GL5NAO5U+&3=aeO3#P1^n1-aou
zxTy2<;q8yvdK*{_9K<p4LM2C!4S}6)eoH?DOE4#f`35<562TN1KiJeCS`>4O*A@f`
zB+$p^=y(Z@Lum>IX~q$_v+A{Q7HonL%|D$dNnYRBZ&rv;MnT3v<t)>2nC_XNM5<O{
zaTfqSNY-{9OvR%QmQI!r@mbV*7%;wJwm;LT&sNoM$G1O$=S8i~C}U4te~#y+nXpF0
zvrbsDwMVP-$A+7?-Q&fc1)8JU=E&Wtx5kU}n@Nk>kHr<!KS<hXsz>8Zlf>BE+;CbZ
zcEl>ACR)F}*=w~Qv1*3=nOQ2F=Yrr=5HW#V4T^DG2vk}z61QeFuq3`l(Nj>2owh=?
zKfz*}<%H?)$xUt7Lpubk!#HqXlE&U`D>Joj6Ex;l1&UG{VVMel;hmx-x9<)peHH^j
z{Zeud8+$XU%{NBvn=xh(BgP)Bk%M6ZtG2Mg8q)ksnk5OPS18aBhA36Fh@{vL1+fD}
za5IcQH}CSuy7-Znvwx**4#S(qpS_1%wkVVvQ+|6bPq4lX$MKzU`&yTpGV&VNi7vIm
zAciJ+Lx^AH_bLx+bdI**v<eE{g7GWZ&d_fnE4xlX`Yf4>v}Cu`b#1en;H(q}$JOnN
zm*X4AkIAY?N_3_H>@Ui-HFYxhv~a5cW@*$x9GdRLF=ZFy0)&Y({xuo@g^sSmxD<9p
zep)-vJz`8Bcj7py6#f<4Mt(@Y-~E|KUwhooiv_w_$deI_7#NBrw$ksq-zHW;)og!R
zDOn|Ph#Q|#ky@JjtL|$oDi|gSaY>f{Ky?z1YO!4rJ-7Fs#cl+dZDsA*7r8Y9NTSix
zR}<&+bI`1z6ehZwk~(b$XNT!IX>)q8LHRIUFS%Q?5xoj#!>+#SH(!)>B;RGXt-tNw
zj((M*mXXKXWIm^mDw2%oD9FPeqkIre7AWeM7|B(+w5`{sFMoA(O5Z>`%rY2Q(kRXn
z7%8qwWI?P^`aOu^kv%kRk^zYg2sG|$cFa=T@3<9@s_jW^?|nlRi)QE^g`~3*=*e%%
zF)pjFMQDy>nbZ3O*Gxq!5_j*PmQ)OfFE_2zq8kZoadv(#nx|El*6cG6=tmp25T$8M
zJG^+C^&fx+g!fj}8_`%7Dj-mr>Z%^whgF2(MObJWWb)YNu1fYnHI&N(2okx(jsl>k
zry#EIBmFckHbI6E=V7X?X`1&e5Nku9p=P1&V8xfnZcY!!&~1GuI652p-*zWGE}C*x
zGmsae7CCKmy^7)SjEM}%5XTF!+uIwWYpe?yhd4ZiLk8+bj|og^t;nZ*+nL79E1Ow>
zn(<uP8?)aR$xn@OPpm+VpxfMYW4gep0xLk__pWkdMm*?AeW1{Wh-l|x@~)FE;KQkQ
zFa<e&2AL*M><Yv(xt17ieN$w#KBHUO1H-D%-CSB8VRq$E8=4fu<=O81+=Ey9Tk4Rr
ziz!ldk5`=)J@+|(Khio0Kn}vJC*ZPLTlP!0L@!<8?$rotECLhMj)-S|Z_#BVGHT&r
zhUx7{YtZjSrb|KL6_WlFrR?H!P6p%;=mmbzv^awFj%FKZqM;*9kr_OYIs*Qs<!0Rw
zi%JI;?NqHZu|HhVqJI3ejFoK_3FOtkLwB(GD%Y7XxH+}RnH@EfrlAq5PP`++Tsuc~
ziAhu-{YUv}vK%-(c!ki@)c^3Ru9c~;3Ya?n-O%1pRYO-9-lLu}FPt*}b7n*F%ao}m
z;)Oe*p{5+jTlwe5zh9N;DjhSaHctL+{%l`GR|%iC3}07eYRyJus2~@(YFD7Rl%rMm
z*^zVwdia{tjTLNa&dMVjN^>@phnZ9Z=6T9Y(dU7tO9-g9o|SgILqR>}0r%SJ_7z#(
z7UQrUl2e**i7QAgY1@fY;FjiL+#J)PFsm?MKB+Y5KH2i#E=cRIRWarM13E$_LM_uo
z8l^O{PzRPL%?KqbiC?0=V``QhB;>JAJz&^AYok1ke49W+j8cNEt|={0B|-!lzxMZL
zprr%q5KBU$-?ezU{@#9Qfqx}&9R=a{Ycs3pM}hbHQ*>>xE>GP_6-m#gLxljMqG65#
z0_y*O0T0r<rn`?=9i5St&tAOt`%gPdQ;DXSVPpv6-I5=ZW{k<nsCM)03-LU`Bn~{=
z$buTwaxvZy+SuaRbPEBZ_`F6VQMAg_-=^7shNns6flrn7Lb`T-%!)Thrpt{5$0@|0
zT+2p=CNZsu2`yWz-`cv%Rq7m8L@~(|o}jE=pd6=QtG5zMb+eb3ndVq6hS=7Qpfbx-
zcE4=*m+G`>zuXsCFX>vZ3h8*+Yu}oSA$tALnoJrL{$S)V9oCFjM{wA(Vl!=3TD-vl
zc4~*x-eNXT<4BFsW$RN34sdkB2bSvjPMa^-c_AyS505JUmWfgtfQOcYl-Phr%Py{n
z>+*_#2Ye2HZxEU#zXWUkslQ*fO3^=(E@xm#EJnFxPx;Z)b)#>IKaBnMaY)^iwX#~o
z11t5oJd5apn>S@2TEZoGu~2RjscHm}Pj6{x%7je*m7n(rdx3bEo=jYOmTsWuaYdt~
zAkHh#NH-X3@YR0y2J(rIh+hc%b%ne!rsU@g1M{b#k`e>#znHeAEAmeDX;x(&OUm7u
z7~1X^-anryZ2IykGgvB2F-!{H{8UOvT(uNt_i#vU<;6j$Q}__-m${s3KJf)`cR>kA
zM%y`PRawJnn#mH6P!KP{+YUvoO&4fRN1e=eoaUtX?t-6nvV?S?+@m}*Vcm0Nz5Jt#
z9wlfjvKsiLnI2rZ7ilc-ho9-EIV3{O-QX4_LLEF3qBh6NEji53E>hK_Bh+`J;LO!O
zSTY^&7-!=?7@JZdBj|2`%5ea|TEsdGB>o$Qrufk<_NMl*;&_(TLqE(gP(NFm=Vaz)
zf$!zU9FwhhE5_xTKRexMf3_@N%&k6FPd^;<+mOo@mbC*ShHo+48>t{$y^tz$y<fD$
zAcdUH@>HSep#<fePo`;%WTjNe<yM`A`-QnkP}&yfW`n6u9+~egj~Up}BkkK5(;ZdD
z1lS>7IA;L0-?JB-cm|vks1~~-1{^4aV3yw-?njXQ@8bjeAVUrZM#aM%?REU|X>_qU
zUC1cW<1IK(SbETp&0mV3GT9zu%71$c^ImrR1kYGY0zU=ky_Q@<-9hLy@mt_va@dKd
z#JoZ*%#Y+#xORFxAO?sc`LE)SjFGuO$BhI}=um#DC;3#~eXYUYEB+!h-^I39y#ayR
zV7%BP)$b8xA8Yd$l$PC(rQi3$7okUO`UTEUJ^8c^{SddtrcimEFK?QD47W6Y&A1=_
z(<6U}Upw${i#bQJ6OMvx<9TM$7;xfJ<m)Z?0s@dK`9?^*rU2#Y1tJjA&nPXAgs(y(
z<8#v;mT6|HCd{K;^%b#7^H5@<X;Z4V+2}nH-B*@7Hsala&UP?YrqJzPjiBpiKNhsF
zJio5HPtxO_<apg`?lhe<uA2?PtMef(hN)Vb^>{ZSo*rg~tW40s)2FWp+q@ycH&YTu
zO=fo$3!Qfj<^ita)7Zf)!AP=GV9jPcWhXlHb1mO_XhMTm$j8sn@?7H!@A2t)YDpBa
zyn;1d`{-me#ujo-E))!xUs6m`#~Nadd*Hqat&;9!Kn7fX8*iEw`7U4{)wwv*^x%Yj
ztum-jKPzrCllWJ}NP<*n5~kchj&nr?SlG+uKiML-RR&Up%h;!fNp9y6ta-MpML`{w
zS?IRHyxd1#Wap-%<GUEMd0CNKBzm@y$|gKTM=}bF+>R8eE{%Xc`S}UXWYsz;oV~wc
z`$ME#3&%5p1Om`tv4&=DVE^70%j}|58s{3EOOju5-WQ2Cd!xFm9^ck~V<elp-b*mw
zg4Aq-#|2QA9YdwRaAxNG%9euQo8ia_EXedQ-W)FUN_FR(-b6^%+$p<j4v6`_JDUw1
zY-=p9gHk-Mc?Q!wHp6oSP9+QOu-L4r=F)$Qv>)I}fNFAkJgH0ozW4r3oDZV1FJGn|
z%qw6Bv9~iw)QDtHAUEJ;R;-F7dhnM(q{zo|(@!9?H04SAKtJtCUr@o|fz~U@%Hux&
z(L=|gHDlRMTk2JqmU)CKFd64aMa{^79I95?D30GXhv!8m5$BAN;`6)b0<=Kk;c2sY
zobeD)=bC?8DRNZ}<OQYc<_zS)xTT5M$EoL1MZWb11O{lP)D>0tY;74tY;E<zA^ir>
z@Ouy5GurmX$z$z!myA8<j-jLb?(s|@q1$BKD|Tun)llqrdUoSSdd(Q7+17+~a}iO*
zw_sOm5q+K|b!Wf<y1LLWaYC7o=J3tsr%JWz%49z9*_$+FdZ2`ifU3w|?Tln9)7dDg
zZ;(6B_-+xp-;fuX#FmRQW>;b_!aPu-hi^Dn+U0wW+5sx00kh`umEWiVofsYkloxdA
zE@-Zp2mv%-q!dH+wT`Up8Lf*-G&zDs5o{xtML=|N<QMqL^6S`oh<Eh$Xo9(bi&XcE
z?QSim-0F=e#P{GsG!(%NiyS1{GG{h)HJaaS0~;shGzs#M7<(b149n=;Nj-pbbO^u6
zyEmqE7?Rc`iBjMXf>{^89ldhL5V0vV*zd^V9Tg}y1-ug+fhQl^Op{C=>Rr3Y<*pNM
zaHRBb6&`Z*PLWz&)<Qy76?wg$ULNH}0rrmcJV~ZM|Ky6DzOq0<zCe2ffPIN!4GfT|
z3>Vu@FQ<oFyr`q{-YGv><I(`|-~==fg3T~|6fyLUn(pYRyjzrOCg%(6Bl`;-H8Ax0
z#~DC_v3YZ+{QGWB&`cb@;{;-lHw5ilzcD`!Q{%iA4sMwkUVd2`$?|-qb=r!$OksBa
z@00l1Vr`#C^-4Xk&(4_Mne5@Jd3NlJ-^>-LQbjNFZBkibCP0PhMb@oATz3%n$R66q
zDPa%Zu0A0<3&=iZ;1%fN&a)ORE;)c$d+os<%R-&RArrBP?X`^y9lS_-JNrV)n>bf}
z|1S6Un6fg?maO^U<@Vc}N8G-DlTxm}S&!67mnSA7?j6MQ>Wk+WFJzZ%aO4n%r!W2e
zbh?Nkep5P^nE+aMkCFtXI~CZa{f%Tj-4`gcz7Z3?+qu$genE=^9(>T3FUML(kcA50
zzuD`~QRp5d((kvf8)geyzJm7+3%2LM@Y{^J(!pHVIeN034Vu}n<~S}f1cvzbaPvVC
zonNh6AD*#XonJi-?k}Gg&3RhK-lCVLetY<)j(ynrPzt1eJ827;Tq%U^ZksH}|FXr~
z747w~_0#+&Gt=JMNh*g0O*es(b-I2Rg_Kb~$k|)O8^kS6V>6Li{Lb#?$%@6Vm#vL!
zKw<QIu_;nxkN~^1x?Gn`3RM(96PS<HyW7ziEI1)$2K&T~a*ch4?87T>X%U8xao~jV
z^fyOrZvn7sH`(I?w8izp;!9(74kw3;nXh9bnXjV?7=Mqz6Ab1A$4|LJEVOBf+v0kt
zAdQX4q%D&(U4sp8aXq^0@fFbVV;$^5HqseVYXkfn*0P{`6Cvb##U5!_oNUyT{84;k
zqr(!pzBBmFwed+~o@TW>#}z%|YVR?HIb$nJ$$<BAWC?^LH8!<@?-}O`@e^4|6cdwu
zw$FJu_rSOsfe4r73j)t|Hk_TvkYFpO$%3ApMnbF1HGzHqwE9|MHd!8UOvba^`HG2l
zHnv-9_RVY&;O@}NGTb~;;|>xyi5X73<?i;8%28@1$DM>&c%}{yy}Lj#$d;-ol-RX4
z1<2=@6|4dX@~vbl=*wf!G?i?mn#t!=RJ4`e#)~}9{(xt`7uTPZz~&tI&8HXZW2j^E
zBJ;u5<=oL#+%%7@kers`V`-+cbc|g(u)GcMKvzvx3nfWZklb>y(3?<uL5{R@A!>f3
zZ(xAeq&?cdVtQWJ4w;|G(lkM6Rfnz21fIs+Do$#l)Fi5~4VqxQFCQn`*D>&GhGjJv
zgYdTn>p-!Z0-sk{E6V>6Jf})}Y8~b}Un(3E>WXTu#yMo(GCxW^3`?=282v^)btYr(
ztKkXQ%Hc<VM3P=bFod96Q((5EGYEkz9wo3!I0Y$UK2CYw(ktLRXvMtF?cMVz24duQ
zEkX0#q+;Q?{fhGmU@+W4k?ShYYy6Oyk>?HO^VZ|7kK$5|W6JQI8gd}1-RGnXgXS0g
zdwK{zhM!=WE-OzP8O;{WQYp<MSugFoQWctToj^qwq1z#qpVxN7{i7(+Dl^Df_>-c9
zVm3qx#Wm)aVcZ_eMAxo}Xn(9M0P$_bD~aW<<v&+gEXIoH6DMC+S&oflxqVvvyWXzT
zoSlRyvQ?jh)1B*$r*4>zabvT%_5W%2nfs+XQ#W=%Q1BhUav?|A%I^<N>@c;PmlRhS
z)`Ez)mh>H^1W%jv9nt0@m@_>R2EXvU2n~`ujc6hxjoGEkwK`IyGd}}*<e9enjJxF(
zJ$M{GRYvNL-_fx6|GHX8SQ60!gu)UnbD*3r+#qHk%#4L2nOo@YJqKHg7?yQ01`P9i
zjiAGPV7+QlAx!CO@v!>SB?_J=*zvP9aJc+Clae8^d3v?iu!eKR{MhVBb=oPviMK37
zHBl@+w!9^|F{EpU)K~y5Gm<6K$AT!79Fgadt>PIjPH~ZgnMoK#Dg_++`RV2W6<$}E
z=vzlH<Q$KHN0D5|0FLG<>p7QYbSlRiY2poh(--uJMe1dU3I|nHEV4hNRO#lMQcu_7
z6TUkUT13OTM*0;MlY9Hx`zq-u5a{B6s`28&A5#N|GmvWG#8?5PU|2TA?kgUOGAx(B
zZZxV-z0}yF+DO>RG`yf=0=NDi+WIxW@RZ66awSlzvHo_*^3(Z_$Y9<QcORTu?do;+
z^h$>GrhTp&%2IFdb;}F1DeAs-2SNwRWqWu9<zZ}zuTqu1l2)kD>>L}tCE4o{BE}+n
zB8Ya6-{mrvQw{?p#dwHjEy-LNr33Qwa-*H&od{eZXWg{|g(4c=yk@gUlk{`eO|B==
zM-rILG$vkrQ;8rN_5G|7n74SkInKm6`7$YtQC0(HO5u$}x+ida!qVu%Z2YDci51#B
za$l&~iL;pa!733_Jbjy+IJjN2vL@tx(Yq}ACTvs0l4JoJ$ZyXCYWA#8TgcFx`>?iJ
z@Nl*b(mi!sB{=BrgnbiHyyAyekl)no(UX6{*-EFc!^7J~1Y~)La#fcrrK&k7%1_J6
zXwK{TQ<-^XP?@bpI7(yf>-d?TwhA_ZcC9@x?dtCIm~c(HP9m^|Y*Z%gS|8S)eD*dH
zE~KChS6E=jx72md-ajPm`Rh!4BS_Y71e`Mehx*WrXsGAsMrXWSdxb*20pq!<yFSUS
za8D$!3R156?>v`nTT*>+S$<!k+!f&D!uo=nU<Tu|K~#paLk%<}TK%EL`~miL@HfDN
zPK?yOarhO~l{9?rkD2aCLNbh=%6__@S^?I4bt#}#g8+*lxC7%FFjqV+ctK9H@bTh&
zXd?1jzO6D_^`<a~{rSr^e#GWO7}*+cinLB4zItjoI0$gup;#SaDNNniO@w0d;9%Mk
z19A!b0&<#5ViJ;0lOMp{*O|64nceHJuY!N;zpad8eKuojn07|T<-@?frkdY{hedr4
z2GWpIxX$CB;5108{QBT<^y2)8iMd92IdlEi)k}Yj_RFWp*L~jNPh&J7neN|*qTJ?$
zU^H_0<3cL@!4yhOrr7HnNvwZP*^m4s>N^iIcvdv9?Am`?3#%Z}YEqfFrc!BANzxpk
zGFvMoLs?^EGh<9NCGDSMhT*sZCE+-(Rblx*P=8H9xTQ&SZBU~sg*>DT!t-!7j(y(A
zMX9qcv8SoD;@xrpUSH>afHd1aD}hClQiw%^_F9V3zMj#B_f>-FlGFV43fxH7rI^CO
z8yT7F<R>UJ(cKC>8ua)Hin_sFmn8?kq$_d^VEd9JgN`OC;YA3=_!M^tNWnM%!i5C`
zA>_~y#!!?v+#uD6x-~%hEt?b#6Sh&TO){HTM3X%V!=0yRM-CP$!&>;$Ge*xrI*vWa
z%+oncE5CWz&$A*?=o&=}Z6sA6l?Y>BZh1hca3f6yAGO<KSvVZl*N?@3&x{}D$6hA0
zdh0xLa>r|W6(Q8zJL5n&pinRKA%xZ)?F%Crg%mI08^)Z7{Im9i%5HOHrB6&%#N$e3
z0g)l(E-`hVD8z~^eZnw_l&yMPR5zjdGOI3pZm?{o{j<0Vq#X>#a9;on_g9vL-UA+_
z)2thLOmLcbOYlN`MG6V?Z`396Zt}f1@Z6#^;NvA2*+riDcqZ}QfcFjUt}r}<XqGx=
zv~CY^HXOI;(#1ORWvm>ljk7*{Xukt;K|ZIhTD?*N{@qr5(_VZ}wCn3~7Ee4CWyhmZ
z?_!)%Hs>adB_4go_}?QYGussUzZThA7O~0qRi#{`zTJNgcWt|Qk9HgOh15QaQ<4)b
zJS8VPV<b5jDGb`v06IBE#%4lN5^BfTDb5%?Oaie*#^M_JH_Zu1w8vq;4ao_L$N!>{
z6Eu=0cm(0|DDR{43<l$ivC^BEctHxstXl}j=+f>{X^vcBI=w@BZGv5;6o2X9n*EJq
zSF6-spV^c3*>|3!D2wO`@5=JfPNbi}H7J@~{qJSKBLp3x0cC?;#E$Uw6+ch^ukptN
za$B4OBD!bu8eav&rVR;8@wHUsh?W$HH~I*@`?s=)!(w$W^=3hZMkMi+c$tCkyGDBf
zzvwvz`1W7me)(;UQla6tV4|G$g{6Ge7x!)|HYOht$D|pi5+0BiC91m?wIL_)!X;1+
z*!r~%%Pel?2JmM_toJ#MGA1;=bl_W+9(?B!jVU;gCiy-t4(k5El)Mg-vn^_>Ay&QK
zL@cs~fm_VQEz4%nk3vl9AruJlg>Z@F#4NT9g`sg-;tzZ?9$*sdNUB7VZA-XEdgN{2
z)p*N^xS-X?@_J|b`0sN7f`HF`VB^#^&imib*FfbhJnO5`aQ~s<BP-#kOLxk)b_h}O
zFP2v&Q@3ygV4?Ay7XomjvEHPYzl=21`rUpH2lKwc7SLk`>pKeZL1FGCs?#Vq1C<Ne
z_0EJcO!&pX?KUO<U2jsBHDs$Y=-KP()ax_Bf;}12{0c6GLSz$g|A9_OJ+gUU4lW=0
zS^pzeuz6KvJkU~lWZgk?>&Tm?ES3-28omV(odKb7r@0r~Ym^)w_G5(xvy*mlW-US{
z+ZPP?wC@fC!GOvOg>t}ktzfBRcI8rzNs%pt!i-xs)}w!K$uMO88V22|zo;dRDohQY
zCU2lHsQovwE`XN!{aZLc+O$@1omQ2!AMkECm9>MKi@#}v@-qNQSK8Yd240UOAL?a_
z;6a#u<klTF+_^jqHh7I{0_)L;H({{3>i2j)jZz=AG@=Z#mut=+3>mw#D^r#C3}-Ql
zX4B{9=XiaMt&YOWzNod9?@kwjG5Z6Y^5UI&N?&nY<S~v&Qr^?neUhH;ABJ9;2LOHj
z38~_$uj8F94cB0+p%uQx+c30GIw6!*mNcxp%T;KHp0jXr!7L&*L4$aJ=6sp8FqUak
zpA+Xkcba9fL*G!(vf4Z5$BpT}ek13e^cROD3W(M9DaR*UQeQfunda^te5(Y*K`zKa
zu483^EYDQR$z|>DS&5%H-5}SXAJBUf=42Yg%&kv5S-+E2hOd^T{QHbSF-sX_Z=7^`
zIg`eFnU-OiI>UlmW|cPX=u9E;=uA6YeiSX6cBt=oqK#5gLG>ib@$-&JV>?-ISr(>I
zJ?hkx%TxNB%Bq0a4t^-_3{pAbylmWi(XEPL<_9!#yXr0Neb%NqX0{i}B_N6U_FD&z
zFsDFXsI*9i*U!-a&EbGc<PuFqjFR8W(Kbkd2<ACp9m(Av?ty9ZD<ui{9h_%B{u#?&
z6L@%-0@NAmnW&%_v0;z{yPjlB*rLgntF)@9IFTFmJvW4nZ--D{9fby>_g|Ii<zx11
za2wQujdcoL6i&lM69pyPV!%Z0=PYp+pkxx?KoA=g3^9g6*Z<IemiP_`r=v^QP-kD)
zi-0p^4n&2?JKtQA1ms6;Y?sLt4cB;>h~h@4&m+P|L>S??;d82xRSCuvi+G|O+icim
z<>+Ru=d9bPOs@|;RL&Yd+PI&D?@_jH#VF4inw0sq7I#Ef+I?%?1Zt=LPBGd|z3)Ch
z-oLKyuS41U931ivLEb~A%DCTh@}f=O8RsQpS4j}(xhI8oYPoH*G+7P0Z%NzXjPE@s
zYyC+)rKa^weWmv)4qjG`|6LT(-G=lt%(J4vj{jV73eQ_(i+}<z*LaNM!S60Nu~CAq
zCnVi$jrLI`z+W#k2?%R{a8!Kw`*$XqJBDW_%-W*qMP{pg(A=$aL1QU9eWl;_Q!?zJ
z%njd?t>azl>iK#$N%PiU*RkYq>|yW_C83&K8@!I?DzRTz*O9cWOLE5GOOhSxaiK6c
z`!bmB_D^!Qtp|F;pElHqOn1YO?xCMh>Tvd!;_x8!Peul8R1T~|Khb)Bju9|!UV9d3
z*HBo|1fe4%qqED6P&`n*m<T?6Z|#s}>9Ie*f_KwJAt6Vz+6O8velE#D#)cX&$1Rm@
z@uWFHFJ%V8VL~p~eaLdaF*;(q2)A>4M~E*+V)Jj|U?#*&C<w5A%3BAbW(f155TP>I
zuNLFSEWiLFjsCw$@!E0b3WU<#!nkl~NUj3|n#HE7z;U!OdiR~6!`y{6MTC(;4@<Yu
zOmcN{r7qtVem-zs=&_%)AU)EbO_oeffi-*~LZ+*3X<C^%IqRXXW)QEOmB3q?VT@HH
zqLZv_l<r}wW^i5cAk^a9l~O*mvS==zSLC9rW-tL<Q%~rDmYW^ksAmHjd48(NvVTX}
z7Tc(HqF&LzZ<P4BF6SGnCkOM)qBgKDnnBO-cWpn32NHQcUi5d=N`pw>C=<FaJ;QEq
zQL*Jqv3m;}LvV*<2il02E^ZsmZ<oB+s@d<Yq8;oycQcc{+B9K@`?{>7UJkCQS=t8q
zfRPs;)P_g&gkNn#Cf52mf3`4n^5u4Wag652-{`T5hB1WMB!K&4hHrQ_PL$4*Xzc}$
zjkkqF>ls0mr9+wYQAn!YNnQvgwKz6Iu_e6C5~rZ<Dy175QR>0+=<f^j#nLcn=npLU
z<~TLCXYuYVZK(Y03>q`Fq5le_1rtD1NAk}%Q|A^mm)TI2Ls2C4f}xnTEDURhyExJ|
zPYE&_RnT0rQ7!Qe_MM?rMR&?vZ>@CvYN|XqY>=CmxIi+(`Y%-A@4XlOl=5=Sgp<tE
zlyefgWg-XOk@!-<=R_eXem2>}@bUHdKV?HOrcMm7i+D@qfnmyPELW}y;$~pNuLj#E
z&Sy)W$U#+Ff)OIAP|}wK=VVvnjbd+%y}7$SkLbLPTqK378gt6T8R<bIgHMH$WReRW
zP2`V-iT~F^TsF4EZB0uy@#rYsSt`hA(@k!Q?&DEi{d?d2jZS=`Zkj2H?1a_61C@iO
zfZy1GYQfhzVO8VA-~BWuI?#dnHZ46957kd)r&2m?$wDicwKjJfCIPYfmJ$k##O9z`
z*QHglyt}fivitPoE&DY;(90hxa&dLeV~?MKh@G~ACB2nP6?TI?zi~?>DR@FpyE$rK
zm%<$qrG_1{znLzG7QUY#S4W3A)m5DGt@mMrE=VSp^K<9r&jw47RW*PZ#KYevD8iMa
z2o2@DoK;QWObFxNxNeKUW|DZpOiE&_U}#+eXJG!qp9r`0KQdaoro?mjZek=C`@0dH
z+rf7Suq3(?6IBn?N124dV4d0uSCTlY(0$#lM~?US_Uf-{UO_9L8euy)LIV!=#Szmy
zHf%3u>DU7y@PY=j=usv<h<YKSp&VS{zO)@u>0(^xMqPGp9OHexr%W7%&5cGO`3ID0
zE=L4|Ux-NR5y7GNrd{nL`F$>VMt-KP9eIVy(;~=~4bvw*mI+VrR=^1u4V@eQOPN?H
zB;_+R|A%1<)O8)zu`eE~%pg=zW^U5?n3K-pk6zccz%i+dRBTosf?DO8^v|W?K+71D
zj$&iR<d|khx2x*n>H39=qotzXjMBptdtLb49IIH0hnB}_#m1l4F9EG#;%YJ;unJb!
z0J79-i!B^$Z?fo6u=JR@Z*c5iO2js_s(oN!`oO^Pl9L(ebLwh^!W7LY@m57(e}Xz`
z*SmMyag-<Gj6#!ttZkN4Xv>D|_>@+n!bH^LqHqO6AUw_i2D0lL=2P#{3YrYo8gG&3
z93ipU4p2a_ZQ=78ty2mU4*gUDV4`>CwqhE#Ri<;4g+8lvu0s%t7J#!jfFpe);8o&`
zcoJ{pkDccvot`$VxQ<NQpy`HQ@Wvf#O+dwR=EgNM|Cv39^%IIihNiL0+Syg8O%mB1
z;TJq=@n1^5wg!31OP@<-bQpPpfB|!=`Of~ygm@^f6=%s*&%A-bX?3VV+k*SSQYKD3
zXaRP-W{OvApB}z)zw$RbP;9u#X;98Tad@c##1>7V;&hj&vd(m+$qJrH9xk`piMCtP
z+P?fhgf~7tV%Ah(5Sz$Cyi5_b0g+m;jK*SYxY2Q*-yw+xx^Ckm;#J8T>#ThYmR<iQ
z8m8g`&2{7b4WH6qN-|SDcBn}s(bt8@Y&r8@7gMtvwNuQ7#%$^{>*0pRnWSN`>5t?n
z+Yo+V$4xp`8RUQZ{^SM=>#F7#Q>a2*zBtq!M_z%<6OG2&=`_#Sa_$ywL6@qyho8F_
ztvzcWp7;9jR)KHQ;;*95j}Edvb^4=6ug*Zh6S<4Qc{_#w?PX^Abpr3aPc{fzF5=4%
zLGQDJ5(>kJ-*nQ(6flw66IGx8db=_j)41$&gJN106|}OLSQd#1Qx!B9^mRBojj4+>
zK8+Fe>A<7KS@fKUUj-O)U;ysV39_6i9d#(N0(_5gB7<);R3i4VkUNQcM)=4uc>O?P
zHzoUc-I!*TDa8`_mF1sDQg@sU)+j?If;A&Yy&I|2M|&Ya;Tgh2&R{?2w-C-+DOhme
z;~E4Bt4F{qicIJaD6GmH(S^c@^y=@;Rc$t^V+&y^=X-yz+)~8HT-C(JC{%qFwK#|`
z_Wv|2yT);=%Z$;{NB%an(1b<rfS3mw)(U@lPS?XCwoE!(Z&-E-bGPsW$DC_%t6>rF
z1n<UC$`_};w^k~B8q=SJjPtrocw0I+++|~p_n7^QB0*2`&xfG@w9u&L(%IJ9A5ei|
zu~MBq{2i`>syynt-6<yIb~EY)ZwZ-coHsi*wCc!b>tlo986@=;=|Y;$872XOSwmer
zGB5CXJ=Mhsy}*8B9whx~R$>f-sw~jQ!Txih`u+T>^5{!#0eb4tEcs+%hBqsf;hj4s
z0Z;57w=B*@I+P&FN9Bg9)4V9m44R7X<XYe|+`R#YMS;)*SLzA*!XRLV{yJcwEv;W1
zi{|6?)C%bwO3@L(+H9Yb1oH5JJvL!*USXZ@i>kF=0}L)?zbZ)Zo0+doNM%%M%(3Q>
zAg(paDj?y(jT+d!d=w=pmz<~&P&C<a^AOM;9ZwHgiHS73pGa^F`1{W^VWk^r)K4Me
zU7cF{J7fYSJ1PSt6KQ&=L^I+Z9KX(3ztCk@21{a*i0#**lm~@(af)UD4uM^Iq87rZ
z)vSscty;BlROfQU(q1W4$yIiPjLXZh#CH;QDb&ToS-yX8EbY>%&#MuY;r1zX5Y=M+
z3#~J{Q1!AX`{t;j5(TS2Nv<R>|5IDNM2UOBEV!)KJG(y(aHG={WED|-<fU}m*VJ!3
zFXbq7qp9lC7M(a$RS?)fGnNu&_CFiA>f)9%bp_uQU~9u0E8{Q*;iM^OXLg038qnOC
zg4~;3oJTt|I>7^l_~&l?5%<feJo1#;$Vl>p)7`JTql{K5A~u5j4?}BiHyDP06d9={
zGuAe1e!U59)f6MClxzw?FlThTX>VnNYHFo{Vk^InWXXf|U<?I7Ct4V1+O(j4;C}y{
zI{iMU&V6b$xh0fZ?2q(6j;G_mLG=Rdp1_Op<5c&)K=D(>b*Rr7Dzv=6oq9eM-_~v5
z5U1DJr5Rwe6^lP;nfD&}NT+h-PIzBfB1`;Os1do%CY_?tAuJ#o{WuxjOR{x@Y+x}A
zj%0=DkW{V<;{+5<rz@dxM{5^F)TGN)a0gaA!3ACg(TKoyqg$|V-%W$Tsl-0GAn-Dt
zIFaeHc=QuUZA$8(<Z`-T)VOhD5k(0G`G6f5OCw9*7S-FfE|@O48EBZ_5#_?je(rq@
z2k@d1Sx=8F#65!l&R6tfh)4Ad*hn0KkxW07{KZzxUIbW=AmEdC(eo(@p#(|-ok(ZM
z!XMj&C4|_&M`sxq&1vcWmSOqEny`&#$kfrn9W!leI?M@F(*EF@W>aa%?HFCx$D>@)
z$E3_qc@pEA4(d$(6>hpJe5^xH*^os=6S^--E_*h}HGSK4<7rp`i`Y7uX8zArF6+z$
ziB6y)3#edGwEN3#mk-y50l)n&J6&oIj_W@sypT0*3UO#Fk*K}inooSyk5FPF-dNj<
zOw{K$Buar<z634ej+>{46X4|H;Ohl=da#y)f2Jkh7D36WoWoXrx*=;A-(<r7on;(V
zejXzCU?Jjj)oo4_B#|HR*-|{{+r2bM3iSQ~T*7E^^(xPi9{usgx9$=b>2J@h=q(59
z$2;%84n*3X>M0w3r`a^v=pa+r<|74fp7Xb&86Pcige%6Z8}Fn|xc~l_nfN0869+%C
z1?NHARxQML?jM(Baf&-I6em>tAZvUKoOZ(XIO?&qOd4)mw}H@ep7_o&dzVTzBgtF{
zIJwW~sAkKsPZNwHX=qbkEf)RaWq8daCFn<Yq7Gk7-75%a=l?P?@H@M6%+uvI_$ll&
z!$eFI>DU^C!-6=r=!R3$KI1xp+|(JwVjM+x)S&dM{i1$i=D!*21L=7(D^FCeWG_a(
z4^l-#D)QLpJvWT>LlTs@!dCE5T_<%OkouW;!9wK9OHjmN1>@HDe_A@rs4Bj%kJBAe
z(p}PhX%InDknWW320<<(B_ePs36TbYODo+ac}WQYxzgPYmwK-M=QnTmT4(0-;>?=)
zt}}b@Ip0SL<zy|5SdCKq+=ma+#6O-LC!U}05?cp-ZV5DAunCqrd4E|)Y<!Vqm~-+i
zHaJ?MoM-`Oz;R!4Ajh}BP1OiZA~5iZ$!;yDFUvJjlGumX8C#<_3%k50>z@#9W+8=0
zaLesBG`qYn>#48u22hhx`%j5Bc>|Ws1lA?<Nq$oYjhR&%eUy>cQpjQCJLSa>vb?c-
z9?{Jn)M7`}+;dL2H}EYw8!1Qbo?ik&&B+#G&J!Qhe9#XAT~vs$kt_eE$>Jw@L|6oG
zRj^+$5iY)IFIAuay9fRiCQesSOokQkGplJDeYSzoQV+TgoGV7->G!pJt6_+i{w($4
zR5DZx_G8QTgT~eA1(H2`LGqvkCb7Pn9f0%CBvG=Wyj@dF9KwOdNL@)kVN8x)w~vlc
zyynTp<?z&g?WTUtZG669taFTiQQrb*rYWKyK|U9k1LLgPD$<dTAWYvcAu-zNHkEB-
zS}Oxw9Zmaynk(f8$OUQ@{F>e*#9~f=Phfi1oh2tv>+8h24iGv4H&(c4nWrv4B#ib^
zXon0sk=QPxW?;BWV{kSoru$)DVrbS=p8fj5_SRwXk86=RH6MwKzqPy8oytV^Ia?G4
zB-~VbS(Fh!ib|jp4q>N7e7<q&#Pa6v1;L2)B^#s=I2=Zt?oE4wNAyl1Sabd=s@7Mi
zq^j237n};<)1$Dua0aupqL@0)kMieSoK91Eh1C8Qml(&XMk)DuWPm1&`u9hX&=FZ`
zusMz6T@&}11X5dl`u}OG$XLS~vfe!ABx#G3R%(rmIpm2`i0R%-CQi{KDYC(!@(Vm%
zyILVk1rTkTLfQzE=lt>0R$|Zj7lCebJDj7Fmub{?Q+G`Kpqn&IX3u$ThE;_tqHtdI
zwECOUIbu@02jH_heXY$bo70>=<eqa4syq1^_n|*8cj&JFt<^80n>5`0%n-qmOT`TA
zHaya9Q)MMAr?%iHZQ*hmp2_JBSh31egW}+OYWi>>WPD!qQ)5(S{H#_x$$e=-T1A|-
zV%?v_h4(tU>9J!~->(v5#}-)G@`!>z<1@Z%(+FW)>;=MpWyegBx>ZC(H=%cI6#b>U
z2sUuXTTE5p3yYjaV8}z*hQd`b@-V2->bqFw>wNyQ`bMDYFjcZzOuq~hW+wZId8kt@
zF0E)LB_Mr^DkMJh!c5ktN~5Uf+{J00XyOOF9jpPHjZPbqRk{Rq%p21Pz^-)#a5FTk
z9t#HD-T;TNFo#+XQvZ&pUrpSeruM$6)#V5bTCO-gv2ItL|M}Fy(GUdmS+erEY8BdR
zYQWTs?H%PyQBvEF=&lC;U^<LuwI>QK{}mN<t)dr<2(w6GDMI-Gq6t?CURo1COM+s|
zU7c+IWw(5NE}q{;lWZ`Nbn21L=B)f_hl-H2(;WDmrts4*33oeVNCADE_<s$DgR@Dc
z74_v8lMAdEdrvWJn@*&U$*>|!tia7gift@<d>`lDy!#{ZUAW<%GCUj81w<o2*$gk`
zU;R|t{VaSiCt-Nuvl8!N(i^2vZT8R&|9KvDa$2vC-%uOY>R3~Uiw>ZsNGIHD!q1(m
z;{a!tkwVG=NgxxyBMMm=i|sp_xOgQpQC>*hY2U8Bw;j%|Y){_yjuVYF1#JD@_t+2T
zNw}hsVFYb_$X+hCt?)a0NlU>3T9Gf6nG+r_SJ-Isem6|j6?w#~T8KOnOqw%5U8~}z
zH7g!_iac}=HCX&b4z-ZE?P(KT%GBQE7U19AF7o)`JCymoS<Ss^*3IMaQ@b+gcV_>l
zY1(M&$Yv-<Q}6Tm6*k=faBE~$YAv?#2l!VGzsh=6zsY0J8ZL?oj`@B>FYYj19$H?R
zUW;rcY)+9j%agvq&`DN0kKsKR%Ii^Or!6l0pqC+nUTp`rkyl^#kl%U}rHYxW0FGeD
z*$@8>j;1`=gwomwrKuWWoZw9B`v2F4a_VO8C|7@$%zb-gQoa!wB1VmwWIi1v7INso
zzcQfTIG{C=ZYp(oCXh4S(%n}Rdivw8_kEf0*WPC;I~XLwI_Y+NGMsKK{z8?Zf$HXA
z$kGsJ9MQX@36H=tdh9L#F=@bnpj4@hFwRHm3tc{(jX5>2cn=-9#7$1{47E28IT>0)
zUyYHd=B8;4Rg|Leqrx;ndXit&o7zeoqR#d2oKBNpEJGM&k`3oi8z&+1Uwt`QD(CxD
zj>2-(w`sP_UTPM;Oqr*r-y9jmfNIK}A^j+GNEN!c3e1l`ALbL^J^|P)P%oXUt9xn(
zH%R8nA8~ZNQ;%Mt)Pln$4uXs^<P<7mwM<)LtZgu+R<v>@!g%Ig31}ugD@OOW!@pxw
zjIn=<htfReoeU5smV|g}(x6=(Cl*3zpVv`E+HaK!qeKVhIr4?@J<WbeLjf#CJvPXh
zVzesbG^7IhZhXYu4S?YXYtC7~21A<bik*3mI)PEjD%P4WJbu`Q#EmPZRR%-)sM~k6
zX}{=$g)6^wAo5L2hv)R$H}a+PeSujD5vf%85{Hb60OtYu`vGHBgH*nrG{c#)ZFA)2
zPe04*gjr8&$9p4p%~&Iv@amFJAhH*&ED(Q6K;<R_UB!xS0z|wOeR!L-j3#3=HUbMj
zdBjAo{04`J5a5NN*-!^BF~mHs>p2^^q7)0>n7%FBOA(w9P)bD2DqNkN5f1)Z?nU1I
zJQE&_ORum4iNgOWE3*!s=wj`-abtH*g<&bCzo}MyGT73rT?l>J--_}x5)%=O@ZZ}%
zr#T^^w97*$1VqO57Q#{7?S(1cqYL9o6tqFK=1?F_I#kxroQmwIBn`-)6cS(4_=GG_
z2xPosM|Z8@i0ik6{VEYFc>U*wcJ*Lmvg9CjvLxohDnm|l7_4^g+z(D0`~8bkBe%fE
z7@<GB&YvJh0k^59_RpNobJfh=teRWU<9uuK^?S5X9q`#&DUFZssi?8_cy|Yx!G}Wm
zy#PQKhl@^a<$+yO!Vv8fsV$azy21wz&Dazt`auj(ELyHtXaDUS=NJKYjzgt)B5q}Y
zqTct>4k4CaZkR7v;tk3E$DXwifr(sUYN*J0C%ZC^R%e2KT-o;ZItztj*{2SA?1E1J
z5Pt~9JAjG7$2r|knLgc#(IVJ``~GQq0{t)`5Za&?S~?JnRW@It(CK)Ax6h#{E54;)
zztb;&)KmZ9u~yO=ufc({{$r*>oXKM!3$x0*@np*CA&4`21>XO9bk{<{{ty(3*n(rd
z;<`ESEF58&BQR_C3EYCigI3DezsB_8Gwa%@05)+v$7c`VEURf>pVyBM?LIEWHuz_I
z+Z+UOnUf{lC!0(Cg(8oYx<*mq6BRKTs0p8^K>qeu*u6Ok^x?=n3TpwIv65B8$OO7@
zSM>m909=W%=cf&(oa)}RpX_MB)a&P~HShKUX*-RM))&(>|8mYT%bCYXZ`-y+j4(W0
z07r)g5^iId)Jn4S#2j$=bQ1A<?tEfatKv+q@>0L|GS!8S{wD#}#@?epmg#$laqI{M
zRVd~r+pj2weQFw~-UFe(O%|W*+!A@*pLs-(d68km{^Ty-)EvjqHC*{&?a+>9XJ<)E
z|EbK9_V(`g`Qu5yzPRAJzYcdf2-UB40q!1tF9DCP7akF@N#zTksut<6hLrsqLow^Z
zU`nv;IkG&WaPBVXKu*78TGXE~zqd){0vYwG-4ZChO58qa8boU}h*=T*LZiNnOS0M2
zw!~b;)B5VKE?hOsY!Q-Um_M4*7w2KQ4D#M+_jIU|aiUFNx1>rZ$@x7q!>;EFC^v6N
z5zDhaYOKA5?@@1vTFOH|BQ$h9gbHV_`v+xBWX{@cH*Q_u$UqNY#}&;MC6R}EJ@h(u
z3({!GUh~i_{LJ?WA3sq*1d=B}lq7qTbYP~>8%uceV)6wXi%k#uJNN^GTrM8t43Snt
z!XY|Y-AS2WAsijB+Jd-NqTlp@KdWvbvh$E%$u1g>N=F8H&9AR|`HXQP%I{c5Mn)+x
zFpzesS}VbGd^!Ej>18vts#?)izo)KoV2d){v9USk;;%iqtQWyd=buvj$(Yyc`d$3;
zCovU(WsFwUcyap2U?;tfmD>Y>tInKz%DbwvK+9}SfshnuE&j1_e)~y)heGV5!i*I-
z27@A4Cf9DCR=+cD*fM;@RfTzk<UZPxbUk`@=4#pKl!sFTDt@r5j=k6(Z1sKnd}cXz
zAbz9}b{8f(^;z#pzuZx6N$$5N+JG+*U7r0OA9O9^A32PD7v^R+MsCrOF05l`A@YiJ
zVMp85V0yndBoSTHVO0^h4r1&cE1nwY5FAjl{gpAXg?jMIXhFAbMo2+mj~ytE^&5NN
zbr^afTSUmU{>cv&KiT;(#j+&Moa>6}7)@v)F1K=IZs&w7FyD5k*pHW9-ug0xHd2&K
znjwn}L_1MW(4aiNRNvYx3;R%CLnQz{w6FRtaxs{w_4O0ChSvt5XlE>++rU0z>b^Dj
zVkS>pW)VNEnZiKeTF>u;z6JR~ul2E`$Kvx76d8t{(4xEjBWsI+X>rztqwid;G|geb
zI=3}<aIXR^7tXsE0rpX8Ke%;S$unWE#6c9FDjZfEVIz0^`6IUL%$j{ZTL~lN?mGnC
z4w{;!a@}v<N5kfU)zTG_sS-X0+_Jaj^myEwe=p}%h4(mudsu_ab|mGiC9&#EBKE%`
z4Umy(`|T&85u@9Bek;i`?9rA#`ikQ^Qt(CfCD|o+)f+T}-BuuGv7b&z`;Bh4vLy#z
zZF_qym_9XORH6I(DpW0J7pvg4jE^Q7QMrOtdv$e$Z=X#rfb!07%31ZT?E;Ds&z6&F
za<7HK+Tu_t4d#?bq0~%io^sG;F4l>T#8b*V%?U;YV!NN^&qz7F_^hAPLyv}dc(R{`
zZObR>@Nu6BUr903!4^2%+Q4H}S}DJxe5+Z%shhtc+$Xj2TDKimSn?&0)pU_V<znB4
zya{A;!oCU90N!RIT$zkEL0r67LZ2(Q9Z7PMs$MmBbu8;%@^l8;v=@vUwcQLYTt(jK
z&y3Tas^+~Kx&gr)IMYhD8$1&1G^$o>o&*@a)7L}VrL?DR7knA_S<&N>AB+O`_PSK)
zY^{SYeK>S>YXh)Kgt}h(0<fwWKkcL(7oHofsQYagAk25RM?R!1Ou2o0i}6O*i-N8!
zKg%@?GFw!ksSQm!nko}iUze`Rrsn$KMo%2gk8xixQXZwwQm@Sw?OAUz`<KSr3&_8)
zXCWkoQu{WZ+=|9N(Z+%OUZyv)jzb8~#tctt366UAq*3c-)+`{7dJbPX?>d&=sNUzC
ze%^TmuH<{;0QSOOTw4(D3g`L{hT9hwP*+-covnoS*Mo!i$M)riA<1}bHE&P!pa_*V
zBKEsu<%Rp{)P@bKhqC1CNGUG8U%M+lawwYZHSxl~cA$aJD1_vhn^73Gbn0%%p?@uU
zKP1Z~^Y9{4T3%^AzW#{qeu4HZHxoaatM6h77!`r*-^R4*n2h{f2?h0uDPHi>g=5B1
z6+0t#N-Ci}uEGX`KP1G8-7Vdxt6ny&_n&My2QW)pzuVEvvgQ5ah?1UzBV?$acy^l-
zOV=u4OO><h&jSPT4{%p|eb>_J7%@zAvLE5n?4PNt&k^J2nrgD!{gDY`9x^uAnpGbK
zK%_(57E(4XiGB|%_#t?fvA9aG%;%pEE!X%=p0o9jBg~%188{|6pPceB2^-9wCFnbC
zW640N1U_nDDP6PHA-9FeF<_NQjw98Ms>RqIQWRvTMuj^nRLc`6*{c;lsibtmBPly~
zEsW^$Uz>6u@%>mQr0|Od?S341w3<c*+!Nh=Ke}n)oIl83W?dbnz}<`E?_WMvk|v<{
zhOd6QHt(B7tdi*}m_cn@8?u*Ypbf;6I<tbIi4GJP(z7@{Gz!M7AH`iT@+nJvVxg2E
z>h($UZvz_69iazqVsWR=dJjIZ61a^$IV>bwjQKkU+ic{|%*2Y20%I~#*B5U9O;yX;
z#oGUd|9?zVwE{QhziZdyza*}At8&>lACPG!KJfeS@r6x9l5+sLd7T?LF%O_kp}n?P
znc^y4$g<m!0qeLyqQP|tuTgT<<Tvc|A_3lEMPTm>(a^VJPQLm{wu>N;i?ZF+s$)uZ
zWCVstL=Ipf98Gmh@E{Y&fs(JGm)w9xDmq0#D7`AVJwkUcDAcjPi0a@8+{uJzsCmKc
zPd{j<a~t@{hEDw!ubp$rpkhh*a1)9nqK3f~PgKPh<Q1RG4<R*;*Pe!e7!3-U@=Y<H
zB=hcZ&t5s5*Vt%MdR^G6e(UZ?P`Tni2`=aix&$KdWIu6l<A@3OXD0ombMlgO)Zc(`
zo#$U`<EhwE&4H*LDQ9V%sqDxVt*R6qyF64VL}~n5cNEg4yT(}HgtA43VM;woY!qq*
zK5bq3eykK`#RSDlEWQ%$MM7lNuUl)0QoqtwGQ71UB*s8@PDNMcVrb7|7Tu#fpjKAy
zkN^tvs1(zs-1IN{V!l!F+@BBrn2uBDJ+dQ#qT6}6Tm7By$t*ED^K;Gd7@evNY7u+A
zC2)M}#~pFYT&e1ytT3HhCb(`XwVw-V=FFhJsD3`!R;OOd-F4Ol%_>dujgA*BF{8s5
zrcm(t(3BK-W5aUh?HB5lH#1USv*kBEC<bh|#N>Xjq5K5y9ywLu&##~7mV09pU8hpt
zL?xg~PCMNHrmx#Y9aR1xC)+Ba2N)F(|IxJ?_+Q6J^>`X<Sp4Qelasn{fi}PN<G=+s
z>yx?Ds2@SBnyGfs1<|BX-%X>U8rlq@+7~xcdzc(`l(m-DctK&#eBJmXbBSOgfKyPQ
zC)nGftvfP&&3VkaKiC7>VJ&>%87s->B-<*G(I#$eB{)kNcYzrp+{Y?V_&nIVR?fvT
zAt7`2?7GxBb+@ostTQ3=ybx1PXMDeq!>>#@AvQCJesn#^PRP`Lq+~df_-LP1Se!Qi
zan>e8u)x0oUd`oT971?}Y2C2`es)Fq<wmRIHXncaEsfTNnA+mIr)=@T-Nd*l!hfgT
z2WlNbc358omuj}WV(9rc%wQgNyJCK~b2fXtJ$5T2gUEe+0Jcp7R9H|EaXL$!@ZQ!h
z^4UF{Y%-D`;$e*i#W%L)Cj+zHLqqBE4RRh9WF~J*NvesnTH{&4m_r&sZsV~|L1bfc
z3BfT=y_)jmF?tp8wc%Sf0-kP0nag$PYXrPM=?)(%ze0%9PgI=aM&~3ytYdu4O#=}>
zvTifj(-HE#HDM>4jKNws@K}51LTnOV+Ps27HY!Wrz*W%29jR8jCNj+0rykvCkmB*;
zBl>Q;48M+q$MO`#p0f||-t<S+BurefPivE8x}Ry@K1X*o&PvAbyHQMZZm7m`4`4yl
z&MUy}D&yg*hEETs@ij>(937|MOf2L}zX+b*>;6T`dDq77X}G&B&8gjWoa#Kl!c;<J
z#n1`z6VO%JvK%0!TU8=lDgSQt*tYR&ahHwUp=4%L@zh$<cVhy;{;dA(Y^b`8|Ea!|
z+?9jDtq3)pMf2R*N7iUsW%%>(mL`Oq7kNW>+V1>Yaxiw=K4jgFIlE)Pe3q6PrqjPI
zYeVFXyEUO?s&<WEaqz>&PMTZA*oEBH;M|n6VN2PIfSPf_NY07&PBt$KuV<j24S#@b
zTWC<rfm%fG#dI*>6Z*#Sc{?BSr^!aDw!c}mrjBy2^3tGABhU7HBikcg+Al9K%Om)U
zm40ob^(zrtkhu}){<Tpgm2Qf0bpHnFiq>k_6bq143=d!^Fp6yHGZ7GqzQLu1*cG=_
zY?b&h?Q}})Tr1^i-UCofNXBnw3RZmMniRaH8iN<_g$*i!E$5&b!=^tHh}1X<n$;Y0
z-ohj(LcG4CkGGF1rP5`Zg=A%<15C$VX&&+GQ&Mrz6HWwX2;N)S^V~4eD3G4}K!oVg
z9vk?3RBmZ&d?9`~n3!<+UHBi~C)6UUp{x&44lrTFu4F|@D)?Lz(pg0oFih5<azp#K
z24^R7>Z%o}m7CY0{W0!0p}2TNrMbFR(y~y1k##MVdk6pYx756bK?KCrMSldEAp1x{
zbOgE#jFvwHY3FubiX(2F8fw)Jn>iESZOA9ZBy+G9eVNd)v9n`P5+RxN6SZ?liVrVl
z%H!I0v{|=(>V>xY<zv8U(pUxt3$0*W*!7)v8q*LksbFjsc9XMHA$7E#F><gz{2n6;
zgJ;~Ta+bTCB2+*kL;z2pM;{V7K;GopQ9gY%3Y)AQoi9(%t_%`8H*7scH2CcOF)iw-
z+($GRS}q+dB0L0imk#z39@T9f(#;oelcEmkd1MFz2m0={wyJ^yYmwm;akw!X=$Ql{
z4()#jdTw06$19H>SdgLW=wW#8U831i#LL}xi55!{slTsmJ;3t(x=RW37xzu42oUWJ
zEu{a2G(>qUt?)ZS>h+u*UjuCTk3(f>?##%NlNjZK^H5yvZX2TAPz0!*F?VWY7a1!%
z+r2Uyy(2X8&8JTvktiQ4U-A_@1H>&xqXI01*D9o{Lzj^BTO=LyA8jN8oFVC}|7a^D
zZH%Nd{?TWL-J(R;G;-Y98yzPZVb4ckXH1FvZlmS+EQ!C${tQ=ogdO<=G*HjDSGKhL
zX`bObRvQ}w6}J2-uR7H7@W&5{udN*|Jp{(e%3Hsh!O<93_uWLwT3dH_4>t@OyTm1=
z|HSPcBH7!2?9J#u_7=%1{9}Xu#}0S4GWwRAp@8iizv{pfc$OSQPp_yk2UWECO{C-d
zhs$MbT<hola(nvLpTbjD8RiWvoq&IHIUNo(#(QUH6qGLuq#-9We0KQ5r_%i?(UFWw
z-53RVd*VoNIB6q4Lf<xwAK7E3%Z>EA{K)p~&Cv`^Yke`bwio&chNC(aS7?boErEaB
zwhOtmNCSLCyU2^`XER;GIaTmrk)^<lgLh4#={AX2Hj5vQXG6xMGQw!u(B8yai|`qq
yXWHnGZZsh@g2)uqW(qVVgA}S}MIt4G3UhE6@eDW@1*OI*#kpAw3us0`9{&eItU(a~

diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 38b2e19bd0e..87b14fd8adf 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -311,7 +311,7 @@
                   "title": "Tailscale Standard (CCF)",
                   "publisher": "Custom",
                   "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-                  "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Personal (Free) and Standard** tier tailnets. Polls nine endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events (includes ACL, DNS, tag/group, settings changes)\n- `/devices` - device inventory (hostname, OS, IPs, tags, lastSeen, expiry)\n- `/users` - user inventory (role, status, deviceCount, connection state)\n- `/keys?all=true` - auth keys, API tokens, and OAuth client metadata\n- `/webhooks` - webhook configuration\n- `/dns/nameservers` - DNS resolver snapshot\n- `/dns/preferences` - MagicDNS toggle state\n- `/dns/searchpaths` - DNS search paths\n- `/settings` - tailnet settings flags (device approval, key duration, etc.)\n\nSplit-DNS state (per-domain DNS overrides) is captured via the audit log rather than a separate snapshot table - every change is recorded with the full before/after document and actor attribution, which is richer than a periodic snapshot.\n\n**OAuth scopes required on the Tailscale client:** `logs:configuration:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`). For Premium and Enterprise tailnets that also need network flow logs and posture integrations, install **Tailscale Premium (CCF)** instead.",
+                  "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Personal (Free) and Standard** tier tailnets. Polls nine endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events (includes ACL, DNS, tag/group, settings changes)\n- `/devices` - device inventory (hostname, OS, IPs, tags, lastSeen, expiry)\n- `/users` - user inventory (role, status, deviceCount, connection state)\n- `/keys?all=true` - auth keys, API tokens, and OAuth client metadata\n- `/webhooks` - webhook configuration\n- `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` - DNS state (merged into single `Tailscale_Dns_CL` table with `ConfigType` discriminator)\n- `/settings` - tailnet settings flags (device approval, key duration, etc.)\n\nSplit-DNS state (per-domain DNS overrides) is captured via the audit log rather than a separate snapshot table - every change is recorded with the full before/after document and actor attribution, which is richer than a periodic snapshot.\n\n**OAuth scopes required on the Tailscale client:** `logs:configuration:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`). For Premium and Enterprise tailnets that also need network flow logs and posture integrations, install **Tailscale Premium (CCF)** instead.",
                   "graphQueries": [
                     {
                       "metricName": "Audit events",
@@ -338,25 +338,15 @@
                       "legend": "Tailscale_Webhooks_CL",
                       "baseQuery": "Tailscale_Webhooks_CL"
                     },
-                    {
-                      "metricName": "DNS nameservers",
-                      "legend": "Tailscale_DnsNameservers_CL",
-                      "baseQuery": "Tailscale_DnsNameservers_CL"
-                    },
                     {
                       "metricName": "Tailnet settings",
                       "legend": "Tailscale_Settings_CL",
                       "baseQuery": "Tailscale_Settings_CL"
                     },
                     {
-                      "metricName": "DNS preferences",
-                      "legend": "Tailscale_DnsPreferences_CL",
-                      "baseQuery": "Tailscale_DnsPreferences_CL"
-                    },
-                    {
-                      "metricName": "DNS search paths",
-                      "legend": "Tailscale_DnsSearchPaths_CL",
-                      "baseQuery": "Tailscale_DnsSearchPaths_CL"
+                      "metricName": "DNS config snapshots",
+                      "legend": "Tailscale_Dns_CL",
+                      "baseQuery": "Tailscale_Dns_CL"
                     }
                   ],
                   "dataTypes": [
@@ -380,21 +370,13 @@
                       "name": "Tailscale_Webhooks_CL",
                       "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Webhooks_CL')]"
                     },
-                    {
-                      "name": "Tailscale_DnsNameservers_CL",
-                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsNameservers_CL')]"
-                    },
                     {
                       "name": "Tailscale_Settings_CL",
                       "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Settings_CL')]"
                     },
                     {
-                      "name": "Tailscale_DnsPreferences_CL",
-                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsPreferences_CL')]"
-                    },
-                    {
-                      "name": "Tailscale_DnsSearchPaths_CL",
-                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsSearchPaths_CL')]"
+                      "name": "Tailscale_Dns_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Dns_CL')]"
                     }
                   ],
                   "sampleQueries": [
@@ -417,6 +399,10 @@
                     {
                       "description": "Tailnet device-approval status",
                       "query": "Tailscale_Settings_CL\n| sort by TimeGenerated desc\n| take 1\n| project DevicesApprovalOn, DevicesAutoUpdatesOn, UsersApprovalOn"
+                    },
+                    {
+                      "description": "Current DNS state (all DNS config in one query)",
+                      "query": "Tailscale_Dns_CL\n| summarize arg_max(TimeGenerated, *) by ConfigType\n| project ConfigType, Nameservers, MagicDNS, SearchPaths"
                     }
                   ],
                   "connectivityCriteria": [
@@ -906,8 +892,8 @@
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "source | extend TimeGenerated = now() | extend DnsServers = dns | project TimeGenerated, DnsServers",
-                    "outputStream": "Custom-Tailscale_DnsNameservers_CL"
+                    "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'nameservers' | extend Nameservers = dns | project TimeGenerated, ConfigType, Nameservers",
+                    "outputStream": "Custom-Tailscale_Dns_CL"
                   },
                   {
                     "streams": [
@@ -926,8 +912,8 @@
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "source | extend TimeGenerated = now() | extend MagicDNS = magicDNS | project TimeGenerated, MagicDNS",
-                    "outputStream": "Custom-Tailscale_DnsPreferences_CL"
+                    "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'preferences' | extend MagicDNS = magicDNS | project TimeGenerated, ConfigType, MagicDNS",
+                    "outputStream": "Custom-Tailscale_Dns_CL"
                   },
                   {
                     "streams": [
@@ -936,8 +922,8 @@
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "source | extend TimeGenerated = now() | extend SearchPaths = searchPaths | project TimeGenerated, SearchPaths",
-                    "outputStream": "Custom-Tailscale_DnsSearchPaths_CL"
+                    "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'searchpaths' | extend SearchPaths = searchPaths | project TimeGenerated, ConfigType, SearchPaths",
+                    "outputStream": "Custom-Tailscale_Dns_CL"
                   }
                 ]
               }
@@ -1265,29 +1251,6 @@
                 "retentionInDays": 90
               }
             },
-            {
-              "name": "Tailscale_DnsNameservers_CL",
-              "apiVersion": "2022-10-01",
-              "type": "Microsoft.OperationalInsights/workspaces/tables",
-              "location": "[parameters('workspace-location')]",
-              "kind": null,
-              "properties": {
-                "schema": {
-                  "name": "Tailscale_DnsNameservers_CL",
-                  "columns": [
-                    {
-                      "name": "TimeGenerated",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "DnsServers",
-                      "type": "dynamic"
-                    }
-                  ]
-                },
-                "retentionInDays": 90
-              }
-            },
             {
               "name": "Tailscale_Settings_CL",
               "apiVersion": "2022-10-01",
@@ -1340,41 +1303,30 @@
               }
             },
             {
-              "name": "Tailscale_DnsPreferences_CL",
+              "name": "Tailscale_Dns_CL",
               "apiVersion": "2022-10-01",
               "type": "Microsoft.OperationalInsights/workspaces/tables",
               "location": "[parameters('workspace-location')]",
               "kind": null,
               "properties": {
                 "schema": {
-                  "name": "Tailscale_DnsPreferences_CL",
+                  "name": "Tailscale_Dns_CL",
                   "columns": [
                     {
                       "name": "TimeGenerated",
                       "type": "datetime"
                     },
+                    {
+                      "name": "ConfigType",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Nameservers",
+                      "type": "dynamic"
+                    },
                     {
                       "name": "MagicDNS",
                       "type": "boolean"
-                    }
-                  ]
-                },
-                "retentionInDays": 90
-              }
-            },
-            {
-              "name": "Tailscale_DnsSearchPaths_CL",
-              "apiVersion": "2022-10-01",
-              "type": "Microsoft.OperationalInsights/workspaces/tables",
-              "location": "[parameters('workspace-location')]",
-              "kind": null,
-              "properties": {
-                "schema": {
-                  "name": "Tailscale_DnsSearchPaths_CL",
-                  "columns": [
-                    {
-                      "name": "TimeGenerated",
-                      "type": "datetime"
                     },
                     {
                       "name": "SearchPaths",
@@ -1509,7 +1461,7 @@
           "title": "Tailscale Standard (CCF)",
           "publisher": "Custom",
           "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-          "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Personal (Free) and Standard** tier tailnets. Polls nine endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events (includes ACL, DNS, tag/group, settings changes)\n- `/devices` - device inventory (hostname, OS, IPs, tags, lastSeen, expiry)\n- `/users` - user inventory (role, status, deviceCount, connection state)\n- `/keys?all=true` - auth keys, API tokens, and OAuth client metadata\n- `/webhooks` - webhook configuration\n- `/dns/nameservers` - DNS resolver snapshot\n- `/dns/preferences` - MagicDNS toggle state\n- `/dns/searchpaths` - DNS search paths\n- `/settings` - tailnet settings flags (device approval, key duration, etc.)\n\nSplit-DNS state (per-domain DNS overrides) is captured via the audit log rather than a separate snapshot table - every change is recorded with the full before/after document and actor attribution, which is richer than a periodic snapshot.\n\n**OAuth scopes required on the Tailscale client:** `logs:configuration:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`). For Premium and Enterprise tailnets that also need network flow logs and posture integrations, install **Tailscale Premium (CCF)** instead.",
+          "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Personal (Free) and Standard** tier tailnets. Polls nine endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events (includes ACL, DNS, tag/group, settings changes)\n- `/devices` - device inventory (hostname, OS, IPs, tags, lastSeen, expiry)\n- `/users` - user inventory (role, status, deviceCount, connection state)\n- `/keys?all=true` - auth keys, API tokens, and OAuth client metadata\n- `/webhooks` - webhook configuration\n- `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` - DNS state (merged into single `Tailscale_Dns_CL` table with `ConfigType` discriminator)\n- `/settings` - tailnet settings flags (device approval, key duration, etc.)\n\nSplit-DNS state (per-domain DNS overrides) is captured via the audit log rather than a separate snapshot table - every change is recorded with the full before/after document and actor attribution, which is richer than a periodic snapshot.\n\n**OAuth scopes required on the Tailscale client:** `logs:configuration:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`). For Premium and Enterprise tailnets that also need network flow logs and posture integrations, install **Tailscale Premium (CCF)** instead.",
           "graphQueries": [
             {
               "metricName": "Audit events",
@@ -1536,25 +1488,15 @@
               "legend": "Tailscale_Webhooks_CL",
               "baseQuery": "Tailscale_Webhooks_CL"
             },
-            {
-              "metricName": "DNS nameservers",
-              "legend": "Tailscale_DnsNameservers_CL",
-              "baseQuery": "Tailscale_DnsNameservers_CL"
-            },
             {
               "metricName": "Tailnet settings",
               "legend": "Tailscale_Settings_CL",
               "baseQuery": "Tailscale_Settings_CL"
             },
             {
-              "metricName": "DNS preferences",
-              "legend": "Tailscale_DnsPreferences_CL",
-              "baseQuery": "Tailscale_DnsPreferences_CL"
-            },
-            {
-              "metricName": "DNS search paths",
-              "legend": "Tailscale_DnsSearchPaths_CL",
-              "baseQuery": "Tailscale_DnsSearchPaths_CL"
+              "metricName": "DNS config snapshots",
+              "legend": "Tailscale_Dns_CL",
+              "baseQuery": "Tailscale_Dns_CL"
             }
           ],
           "dataTypes": [
@@ -1578,21 +1520,13 @@
               "name": "Tailscale_Webhooks_CL",
               "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Webhooks_CL')]"
             },
-            {
-              "name": "Tailscale_DnsNameservers_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsNameservers_CL')]"
-            },
             {
               "name": "Tailscale_Settings_CL",
               "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Settings_CL')]"
             },
             {
-              "name": "Tailscale_DnsPreferences_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsPreferences_CL')]"
-            },
-            {
-              "name": "Tailscale_DnsSearchPaths_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsSearchPaths_CL')]"
+              "name": "Tailscale_Dns_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Dns_CL')]"
             }
           ],
           "sampleQueries": [
@@ -1615,6 +1549,10 @@
             {
               "description": "Tailnet device-approval status",
               "query": "Tailscale_Settings_CL\n| sort by TimeGenerated desc\n| take 1\n| project DevicesApprovalOn, DevicesAutoUpdatesOn, UsersApprovalOn"
+            },
+            {
+              "description": "Current DNS state (all DNS config in one query)",
+              "query": "Tailscale_Dns_CL\n| summarize arg_max(TimeGenerated, *) by ConfigType\n| project ConfigType, Nameservers, MagicDNS, SearchPaths"
             }
           ],
           "connectivityCriteria": [
@@ -2030,7 +1968,7 @@
               "kind": "RestApiPoller",
               "properties": {
                 "connectorDefinitionName": "TailscaleCCF",
-                "dataType": "Tailscale_DnsNameservers_CL",
+                "dataType": "Tailscale_Dns_CL",
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
@@ -2116,7 +2054,7 @@
               "kind": "RestApiPoller",
               "properties": {
                 "connectorDefinitionName": "TailscaleCCF",
-                "dataType": "Tailscale_DnsPreferences_CL",
+                "dataType": "Tailscale_Dns_CL",
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
@@ -2159,7 +2097,7 @@
               "kind": "RestApiPoller",
               "properties": {
                 "connectorDefinitionName": "TailscaleCCF",
-                "dataType": "Tailscale_DnsSearchPaths_CL",
+                "dataType": "Tailscale_Dns_CL",
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
@@ -2234,7 +2172,7 @@
                   "title": "Tailscale Premium (CCF)",
                   "publisher": "Custom",
                   "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-                  "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Premium and Enterprise** tier tailnets. Polls every endpoint the Standard connector polls, **plus** Premium-only network flow logs and posture-integration inventory. Eleven endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events\n- `/logging/network` - **Premium** network flow logs (per-node traffic with src/dst/protocol/bytes)\n- `/devices` - device inventory\n- `/users` - user inventory\n- `/keys?all=true` - auth keys + API tokens + OAuth clients\n- `/webhooks` - webhook configuration\n- `/dns/nameservers` - DNS resolver snapshot\n- `/dns/preferences` - MagicDNS toggle state\n- `/dns/searchpaths` - DNS search paths\n- `/settings` - tailnet settings flags\n- `/posture/integrations` - **Premium** MDM/EDR integration inventory (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.)\n\n**OAuth scopes required:** `logs:configuration:read`, `logs:network:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`).\n\n**If your tailnet is Personal (Free) or Standard tier, install `Tailscale Standard (CCF)` instead - this Premium connector's network and posture pollers will return 403 on lower tiers.**",
+                  "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Premium and Enterprise** tier tailnets. Polls every endpoint the Standard connector polls, **plus** Premium-only network flow logs and posture-integration inventory. Eleven endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events\n- `/logging/network` - **Premium** network flow logs (per-node traffic with src/dst/protocol/bytes)\n- `/devices` - device inventory\n- `/users` - user inventory\n- `/keys?all=true` - auth keys + API tokens + OAuth clients\n- `/webhooks` - webhook configuration\n- `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` - DNS state (merged into single `Tailscale_Dns_CL` table with `ConfigType` discriminator)\n- `/settings` - tailnet settings flags\n- `/posture/integrations` - **Premium** MDM/EDR integration inventory (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.)\n\n**OAuth scopes required:** `logs:configuration:read`, `logs:network:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`).\n\n**If your tailnet is Personal (Free) or Standard tier, install `Tailscale Standard (CCF)` instead - this Premium connector's network and posture pollers will return 403 on lower tiers.**",
                   "graphQueries": [
                     {
                       "metricName": "Audit",
@@ -2261,21 +2199,6 @@
                       "legend": "Tailscale_Webhooks_CL",
                       "baseQuery": "Tailscale_Webhooks_CL"
                     },
-                    {
-                      "metricName": "DnsNameservers",
-                      "legend": "Tailscale_DnsNameservers_CL",
-                      "baseQuery": "Tailscale_DnsNameservers_CL"
-                    },
-                    {
-                      "metricName": "DnsPreferences",
-                      "legend": "Tailscale_DnsPreferences_CL",
-                      "baseQuery": "Tailscale_DnsPreferences_CL"
-                    },
-                    {
-                      "metricName": "DnsSearchPaths",
-                      "legend": "Tailscale_DnsSearchPaths_CL",
-                      "baseQuery": "Tailscale_DnsSearchPaths_CL"
-                    },
                     {
                       "metricName": "Settings",
                       "legend": "Tailscale_Settings_CL",
@@ -2290,6 +2213,11 @@
                       "metricName": "PostureIntegrations",
                       "legend": "Tailscale_PostureIntegrations_CL",
                       "baseQuery": "Tailscale_PostureIntegrations_CL"
+                    },
+                    {
+                      "metricName": "DNS config snapshots",
+                      "legend": "Tailscale_Dns_CL",
+                      "baseQuery": "Tailscale_Dns_CL"
                     }
                   ],
                   "dataTypes": [
@@ -2313,18 +2241,6 @@
                       "name": "Tailscale_Webhooks_CL",
                       "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Webhooks_CL')]"
                     },
-                    {
-                      "name": "Tailscale_DnsNameservers_CL",
-                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsNameservers_CL')]"
-                    },
-                    {
-                      "name": "Tailscale_DnsPreferences_CL",
-                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsPreferences_CL')]"
-                    },
-                    {
-                      "name": "Tailscale_DnsSearchPaths_CL",
-                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsSearchPaths_CL')]"
-                    },
                     {
                       "name": "Tailscale_Settings_CL",
                       "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Settings_CL')]"
@@ -2336,6 +2252,10 @@
                     {
                       "name": "Tailscale_PostureIntegrations_CL",
                       "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_PostureIntegrations_CL')]"
+                    },
+                    {
+                      "name": "Tailscale_Dns_CL",
+                      "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Dns_CL')]"
                     }
                   ],
                   "sampleQueries": [
@@ -2358,6 +2278,10 @@
                     {
                       "description": "Recent audit events",
                       "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
+                    },
+                    {
+                      "description": "Current DNS state (all DNS config in one query)",
+                      "query": "Tailscale_Dns_CL\n| summarize arg_max(TimeGenerated, *) by ConfigType\n| project ConfigType, Nameservers, MagicDNS, SearchPaths"
                     }
                   ],
                   "connectivityCriteria": [
@@ -2923,8 +2847,8 @@
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "source | extend TimeGenerated = now() | extend DnsServers = dns | project TimeGenerated, DnsServers",
-                    "outputStream": "Custom-Tailscale_DnsNameservers_CL"
+                    "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'nameservers' | extend Nameservers = dns | project TimeGenerated, ConfigType, Nameservers",
+                    "outputStream": "Custom-Tailscale_Dns_CL"
                   },
                   {
                     "streams": [
@@ -2943,8 +2867,8 @@
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "source | extend TimeGenerated = now() | extend MagicDNS = magicDNS | project TimeGenerated, MagicDNS",
-                    "outputStream": "Custom-Tailscale_DnsPreferences_CL"
+                    "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'preferences' | extend MagicDNS = magicDNS | project TimeGenerated, ConfigType, MagicDNS",
+                    "outputStream": "Custom-Tailscale_Dns_CL"
                   },
                   {
                     "streams": [
@@ -2953,8 +2877,8 @@
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "source | extend TimeGenerated = now() | extend SearchPaths = searchPaths | project TimeGenerated, SearchPaths",
-                    "outputStream": "Custom-Tailscale_DnsSearchPaths_CL"
+                    "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'searchpaths' | extend SearchPaths = searchPaths | project TimeGenerated, ConfigType, SearchPaths",
+                    "outputStream": "Custom-Tailscale_Dns_CL"
                   },
                   {
                     "streams": [
@@ -3302,29 +3226,6 @@
                 "retentionInDays": 90
               }
             },
-            {
-              "name": "Tailscale_DnsNameservers_CL",
-              "apiVersion": "2022-10-01",
-              "type": "Microsoft.OperationalInsights/workspaces/tables",
-              "location": "[parameters('workspace-location')]",
-              "kind": null,
-              "properties": {
-                "schema": {
-                  "name": "Tailscale_DnsNameservers_CL",
-                  "columns": [
-                    {
-                      "name": "TimeGenerated",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "DnsServers",
-                      "type": "dynamic"
-                    }
-                  ]
-                },
-                "retentionInDays": 90
-              }
-            },
             {
               "name": "Tailscale_Settings_CL",
               "apiVersion": "2022-10-01",
@@ -3376,52 +3277,6 @@
                 "retentionInDays": 90
               }
             },
-            {
-              "name": "Tailscale_DnsPreferences_CL",
-              "apiVersion": "2022-10-01",
-              "type": "Microsoft.OperationalInsights/workspaces/tables",
-              "location": "[parameters('workspace-location')]",
-              "kind": null,
-              "properties": {
-                "schema": {
-                  "name": "Tailscale_DnsPreferences_CL",
-                  "columns": [
-                    {
-                      "name": "TimeGenerated",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "MagicDNS",
-                      "type": "boolean"
-                    }
-                  ]
-                },
-                "retentionInDays": 90
-              }
-            },
-            {
-              "name": "Tailscale_DnsSearchPaths_CL",
-              "apiVersion": "2022-10-01",
-              "type": "Microsoft.OperationalInsights/workspaces/tables",
-              "location": "[parameters('workspace-location')]",
-              "kind": null,
-              "properties": {
-                "schema": {
-                  "name": "Tailscale_DnsSearchPaths_CL",
-                  "columns": [
-                    {
-                      "name": "TimeGenerated",
-                      "type": "datetime"
-                    },
-                    {
-                      "name": "SearchPaths",
-                      "type": "dynamic"
-                    }
-                  ]
-                },
-                "retentionInDays": 90
-              }
-            },
             {
               "name": "Tailscale_Network_CL",
               "apiVersion": "2022-10-01",
@@ -3523,6 +3378,41 @@
                 },
                 "retentionInDays": 90
               }
+            },
+            {
+              "name": "Tailscale_Dns_CL",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/tables",
+              "location": "[parameters('workspace-location')]",
+              "kind": null,
+              "properties": {
+                "schema": {
+                  "name": "Tailscale_Dns_CL",
+                  "columns": [
+                    {
+                      "name": "TimeGenerated",
+                      "type": "datetime"
+                    },
+                    {
+                      "name": "ConfigType",
+                      "type": "string"
+                    },
+                    {
+                      "name": "Nameservers",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "MagicDNS",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "SearchPaths",
+                      "type": "dynamic"
+                    }
+                  ]
+                },
+                "retentionInDays": 90
+              }
             }
           ]
         },
@@ -3546,7 +3436,7 @@
           "title": "Tailscale Premium (CCF)",
           "publisher": "Custom",
           "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
-          "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Premium and Enterprise** tier tailnets. Polls every endpoint the Standard connector polls, **plus** Premium-only network flow logs and posture-integration inventory. Eleven endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events\n- `/logging/network` - **Premium** network flow logs (per-node traffic with src/dst/protocol/bytes)\n- `/devices` - device inventory\n- `/users` - user inventory\n- `/keys?all=true` - auth keys + API tokens + OAuth clients\n- `/webhooks` - webhook configuration\n- `/dns/nameservers` - DNS resolver snapshot\n- `/dns/preferences` - MagicDNS toggle state\n- `/dns/searchpaths` - DNS search paths\n- `/settings` - tailnet settings flags\n- `/posture/integrations` - **Premium** MDM/EDR integration inventory (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.)\n\n**OAuth scopes required:** `logs:configuration:read`, `logs:network:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`).\n\n**If your tailnet is Personal (Free) or Standard tier, install `Tailscale Standard (CCF)` instead - this Premium connector's network and posture pollers will return 403 on lower tiers.**",
+          "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Premium and Enterprise** tier tailnets. Polls every endpoint the Standard connector polls, **plus** Premium-only network flow logs and posture-integration inventory. Eleven endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events\n- `/logging/network` - **Premium** network flow logs (per-node traffic with src/dst/protocol/bytes)\n- `/devices` - device inventory\n- `/users` - user inventory\n- `/keys?all=true` - auth keys + API tokens + OAuth clients\n- `/webhooks` - webhook configuration\n- `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` - DNS state (merged into single `Tailscale_Dns_CL` table with `ConfigType` discriminator)\n- `/settings` - tailnet settings flags\n- `/posture/integrations` - **Premium** MDM/EDR integration inventory (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.)\n\n**OAuth scopes required:** `logs:configuration:read`, `logs:network:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`).\n\n**If your tailnet is Personal (Free) or Standard tier, install `Tailscale Standard (CCF)` instead - this Premium connector's network and posture pollers will return 403 on lower tiers.**",
           "graphQueries": [
             {
               "metricName": "Audit",
@@ -3573,21 +3463,6 @@
               "legend": "Tailscale_Webhooks_CL",
               "baseQuery": "Tailscale_Webhooks_CL"
             },
-            {
-              "metricName": "DnsNameservers",
-              "legend": "Tailscale_DnsNameservers_CL",
-              "baseQuery": "Tailscale_DnsNameservers_CL"
-            },
-            {
-              "metricName": "DnsPreferences",
-              "legend": "Tailscale_DnsPreferences_CL",
-              "baseQuery": "Tailscale_DnsPreferences_CL"
-            },
-            {
-              "metricName": "DnsSearchPaths",
-              "legend": "Tailscale_DnsSearchPaths_CL",
-              "baseQuery": "Tailscale_DnsSearchPaths_CL"
-            },
             {
               "metricName": "Settings",
               "legend": "Tailscale_Settings_CL",
@@ -3602,6 +3477,11 @@
               "metricName": "PostureIntegrations",
               "legend": "Tailscale_PostureIntegrations_CL",
               "baseQuery": "Tailscale_PostureIntegrations_CL"
+            },
+            {
+              "metricName": "DNS config snapshots",
+              "legend": "Tailscale_Dns_CL",
+              "baseQuery": "Tailscale_Dns_CL"
             }
           ],
           "dataTypes": [
@@ -3625,18 +3505,6 @@
               "name": "Tailscale_Webhooks_CL",
               "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Webhooks_CL')]"
             },
-            {
-              "name": "Tailscale_DnsNameservers_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsNameservers_CL')]"
-            },
-            {
-              "name": "Tailscale_DnsPreferences_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsPreferences_CL')]"
-            },
-            {
-              "name": "Tailscale_DnsSearchPaths_CL",
-              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_DnsSearchPaths_CL')]"
-            },
             {
               "name": "Tailscale_Settings_CL",
               "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Settings_CL')]"
@@ -3648,6 +3516,10 @@
             {
               "name": "Tailscale_PostureIntegrations_CL",
               "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_PostureIntegrations_CL')]"
+            },
+            {
+              "name": "Tailscale_Dns_CL",
+              "lastDataReceivedQuery": "[format('{0} | summarize Time=max(TimeGenerated)', 'Tailscale_Dns_CL')]"
             }
           ],
           "sampleQueries": [
@@ -3670,6 +3542,10 @@
             {
               "description": "Recent audit events",
               "query": "Tailscale_Audit_CL\n| sort by TimeGenerated desc\n| take 100"
+            },
+            {
+              "description": "Current DNS state (all DNS config in one query)",
+              "query": "Tailscale_Dns_CL\n| summarize arg_max(TimeGenerated, *) by ConfigType\n| project ConfigType, Nameservers, MagicDNS, SearchPaths"
             }
           ],
           "connectivityCriteria": [
@@ -4131,7 +4007,7 @@
               "kind": "RestApiPoller",
               "properties": {
                 "connectorDefinitionName": "TailscalePremiumCCF",
-                "dataType": "Tailscale_DnsNameservers_CL",
+                "dataType": "Tailscale_Dns_CL",
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
@@ -4174,7 +4050,7 @@
               "kind": "RestApiPoller",
               "properties": {
                 "connectorDefinitionName": "TailscalePremiumCCF",
-                "dataType": "Tailscale_DnsPreferences_CL",
+                "dataType": "Tailscale_Dns_CL",
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
@@ -4217,7 +4093,7 @@
               "kind": "RestApiPoller",
               "properties": {
                 "connectorDefinitionName": "TailscalePremiumCCF",
-                "dataType": "Tailscale_DnsSearchPaths_CL",
+                "dataType": "Tailscale_Dns_CL",
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
@@ -4402,24 +4278,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -4515,24 +4391,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -4627,24 +4503,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -4740,33 +4616,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "NodeName"
+                        "columnName": "NodeName",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -4862,24 +4738,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -4974,33 +4850,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5097,33 +4973,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5220,24 +5096,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "LoginName"
+                        "columnName": "LoginName",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5334,24 +5210,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5448,24 +5324,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5560,24 +5436,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5674,33 +5550,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -5797,33 +5673,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -5921,24 +5797,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -6036,33 +5912,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -6159,24 +6035,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -6273,24 +6149,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -6385,24 +6261,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },

From 630a82daa16d080c86f174138040db27970d0afc Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 11:20:44 +0100
Subject: [PATCH 09/27] Tailscale (CCF): redesign workbooks to match UniFi
 visual style

Replaces both Standard and Premium workbooks with comprehensive, full-
coverage operations dashboards matching the visual style established by
the Tailscale UniFi Site Manager (CCF) workbook:

- HTML-styled header bar with Tailscale SVG logo + title + subtitle
- Section dividers with accent left-border and uppercase labels
- Tile rows with computed metrics (toreal conversion for tiles formatter)
- Conditional-visibility groups gated on selectedTab parameter
- Time-range parameter pills

Standard workbook (TailscaleStandardOperations.json) - 8 tabs:
  - Overview      Tiles (devices/users/keys/audit/changes), activity
                  timechart, top actors, target-type pie
  - Devices       7-metric tiles (total/authorised/external/expiry-
                  disabled/update-available/subnet-routers/stale), OS
                  pie, version bars, tag pie, full inventory table with
                  red-bright heatmap for stale + days-to-expiry,
                  subnet-router list
  - Users         6-metric tiles (active/suspended/connected/zero-
                  devices/elevated), role + status pies, full inventory
                  table with days-since-seen
  - Credentials   6-metric tiles (active/auth/api/oauth/no-expiry/
                  expiring-7d), credentials-by-type pie, expiry-bucket
                  histogram, full table with heatmap, lifecycle audit
  - DNS & Tailnet 3-row Tailscale_Dns_CL snapshot, current Settings
                  flags table, DNS/ACL/MagicDNS/Settings audit change
                  history
  - Webhooks      Inventory table + audit change history
  - Audit         Events-per-hour timechart, actor/action/target
                  heatmap, recent-100 events
  - Signals       Alert summary, severity pie, recent Tailscale alerts

Premium workbook (TailscalePremiumOperations.json) - 10 tabs:
  All 8 Standard tabs + 2 Premium-only:
  - Network Flows Network bytes tiles, top src->dst pairs, exit-node
                  egress, subnet router throughput, bytes-over-time
                  timechart
  - Posture       Posture integration inventory, by-provider pie,
                  posture identity collection state from Settings,
                  audit change history

All 30 KQL queries in the Standard workbook were validated against live
data in the test Sentinel workspace before commit (30/30 pass). Premium
workbook reuses Standard's queries plus the Network/Posture tabs.

Tailscale SVG logo embedded inline in the workbook header with the
accent fill (#3b82f6 for Standard, #a855f7 for Premium) to visually
differentiate the two while sharing the brand mark.

Footer credits both connectors and points users to the alternate
connector if they're on the wrong tier.

Replaces the previous minimal 3-tab / 4-tab workbooks. All queries are
ASCII-clean and pass JSON validation. Same workbook keys/template IDs
preserved so WorkbooksMetadata.json entries remain valid without change.
---
 Solutions/Tailscale (CCF)/Package/3.0.3.zip   | Bin 47524 -> 57061 bytes
 .../Tailscale (CCF)/Package/mainTemplate.json | 412 ++++----
 .../Workbooks/TailscalePremiumOperations.json | 991 +++++++++++++++---
 .../TailscaleStandardOperations.json          | 796 ++++++++++++--
 4 files changed, 1788 insertions(+), 411 deletions(-)

diff --git a/Solutions/Tailscale (CCF)/Package/3.0.3.zip b/Solutions/Tailscale (CCF)/Package/3.0.3.zip
index 95ea306735ef45d26e88ab0afbce09d4c64a6e85..58d208b80b1d58152f587687c18b91061211220a 100644
GIT binary patch
delta 41814
zcmcH9Q*a>fx-RfInP_4=nb;HC#sm}Fw$-t1n=`R7v2EKnCeF!!t-W`hI#p-g?Yr)(
z_q+P4x}SP~PvI@temgk)4{2}+G!PIF7!Yrb8u)4KuihHvTCj$E!;*a<Am3P_6V9*|
z!6#Jc>I8ADK*2Bh&+4jiMPUK{B#em6`WQr^G!YKX9p%xa0NOCrc{l$pX%O6i19_Jl
z2?gZ&PIRkP__r?nDQKcaqq0ow(i`-UdsORIxg3qOeqVByYG>2r6=12Z43PbUHFxIU
zXxVaB4h{Vni&!n{^2&X>_~Q2l@SY{KdmQg*mpnVawr;$55#oGB4_DswF2|y{SXUn}
zPumr%;I&!92H&mpcI2^O|4K0CC#ZQ@8L%;Y)$R6jaA4Ua6y<tpUGO}(gy)rC(e!ZM
zzyI=(LbJ+t_V$9|t=-vd6{T_KEc{wGME(E)7+X`RS;tl-rb!E;5Ym9r*Rgl}B*NJC
z%yDb1N#9I2eQMCd?2dMEpf*{MJ_|S$I}DWnIb7(N-)H#}BPdnY3Q^DJR}YXW{`jjv
zDT<!ri<E%F7<JgY@5=0hMqRss!uUknH|Z5Rq!A-1R?!9#*h)pmL1>VYzhH=@bV@G_
zusPB9kL*p~bh~F-*%jv|UbEF6kmH1W!z?!>AigOIvm@9>fcsHB=|cwPH)n&a13YNk
zf~3*B|9txT%zo3`4dQv{mrIWyTL9Xz=^N722l|4~#J;W4Yc!~*r#XZrzf(-wpAx9O
zc8_wMK{u5Wn04kB);x}OB`qX-*CsLs)RVo(S1Ud1kOXVw1Cm(O-V92$9Q_jLrd&EJ
z)O~{id9noUjuOVr;I#ULWeow36ae8>%B}5Qn~txCVImQ@KjJnG-hIKklrht8x=;bO
z2f-GTd8Yp1k>H<mf}V%8q?Js#X*C)~<$~_P?0aj2GiftRRLX9e2ANXkJFP2V0rgUk
zS4oH{Qu=6(A&-1jGXlH`g)4$qyhM+a#OI51%|1hriwr49y`E2c1i50$m>_a#&oQ#<
z76=|OxQsS#`I0z@G4_y{Cx(fRy)a`Q%;}m|DV+9q=!4D#Ch<&DkfILMm4{%g4cR>p
zhtlb3WM+E-FfJn8A7+kJiLsgh1RwUu3?unij3crz@>;8do`cxqAeg^n30gZW_}^Ki
z(CuE$0ZRLtA}N%9FqmKh<4xko=}1J!5hPQ&>@b8J>h_(cZ*yVeHQ(k2Fj!MXU*gqu
z8M>aImAy&nCS6&u*m-e~Vs@V9qwf&hLf!&<hZ4GbT~k+@#jSBb8tOm+HB^}jGGAHr
z-1i_mOAZk|=?~F_nuXv#+#iI6E{(qhdQkU-IC%DE7;^mAs00@l9%_d6C&`W|)(}di
zFTgvfyACEyv8>D?qaAfpOu#8MBFbsFoYU^r+v-^qb<KY0Dr19k893c)nphhum1Ig<
zp){mwGDalaZhlmZyXt8J4?->^PS~;Aq$>V#mf@+9HAVcorA2{7Xll74sDsiR0y9;k
zE_5eW(6!bFlR@L4&iRHJ_$gT$!?%bzxfOI<T@`fp<n}O}liqh3v0l@82$vgTo!5qc
z9x0U2;xP2lc@@FX;rX$0ukhOAJZX?Jcb1OW?}7=r`>K}wz*%j8qy(rTUR!r8#zt$1
zsy!xH#Mo0Th-i{h!~7atv64)l!Io4tcz@zXi3d(WkMi3=_Z2k?5k{GtY)^h;5838F
zvQ)z^GQ0*9-kA`^N-w@TR#vf=ix@%(7D-i=m6eU)fM!8!A0<c)YeD%M4D3*<Rk|Xn
z?aDzVLpJEs6Z{^){bi0TE#a|gb@hq%5yIawY>HWzrGX)AdwlZZoen#N(|g462N3EF
z?0Fn`krD~e8lmmnjc6~{THSELgDtAB<%Y7Jq~YOCZ_<MKF$n%Tki0vIOB{K+`HPy;
z!r~qddfWq~&1>AaTEM65`_n2JP^df|kD@z1k)Lu=T+#!hoa)abW0&MSeL81Vx{pPH
zJQSxT@DqDWwENjTfiEr_6#=DN>j_%#qNHASH(qV~Q?hzx8<#^Cs#(_R_iihHGt=Y2
zZVZ%y@rJq}RF*1JLc#(E?6qgf!AY@dpxcYz>^Pj-^;A}6T^V8Umx@gDA#Hqd`mIjZ
zel>~F;%EUOyp3fX!KWmzAN$f^uJK{*!ruI39Rwt=Y{>SJf1cpW-^}2KNU(0qZ{ZG}
zFXn>3*-Cy%s-GXz|D_&p6MnZTd0UXJxI{z4NmD`@kQiHUEyn-@(%dIa8COwosy`TV
z`wj5<mJs-;%rP#<EUweSqi_mM&>etku(Z{}(ccG<(3d8D=RtL#GYGZ}2`Fn@rV3^p
zMm+li3tuuTBkE9IB*|;5ozgZi54lI@h9tl4B3gaLJvizc$QfV}XLz;+%9;!TJ{Bc(
zjHEZ2-b(y}9B9XDp-`enlo>gH6%*9eFfJ-^B@%EP7^|oinM_k$s(z-W2fzghY{XJx
zz}nT-GL?e?gf8<by-FzSDY;E3^*O!AmNr=My<742sIlJk#lvVJa7Ih&_T&I_vh&*X
zfXS;mRJ)*fX!`MD^|3$o6~*(NTr+e&DH$*1ZVau}0dh<do+CzIg#Fv2D2WeZU%cdN
zG_JHqmS9^M`}JI?R*#-XAAder#n4YU#wehV(Y_4;5g^UZmuK$y$`$S}LW8O?;J58(
z9_oK^Y5qaz1Tk%;c$vRbb-U&`g*@WCt{_3wZsrR%T}MJn`v}HI4}0~i?MrU#V+Bjr
z9fUq_p-vH$>iuk}7{@j9uc_!)$|>aVENV3UetbNv+nW-tFW;715<}O>)Lo?DOVFy4
z(4wgUsxhT_uXyZxbAvAFrvQy`=*W-=>TlxU9TbwZ`YL5G`bK2kQt>}xFzRMS*J~lq
z?~a=In^O1V>Su)59&iQ4k!X0I(IW`VSs<5Dd1(?f+%&4w=yFio{ogP<dUB4yt;VL2
zBZx6N{}^?E9Z5hWNzs72_<psc?#!m;%|IOlrl$J#MoW8wJY*uH1rRAa9rwXX0LgFe
zROIwB0)jj`i6NF?)JYKPg#yUP@81i%$f%3R>SMB#XUPX@DfZ_$Ciwqm8Zm8<FYv~F
z%dGKuwRE7qCAFyFWHgSuiX;5pV}&MfA26aoQUB{*xdur|3s1b*BS}1<_VUQ}LQCHX
z0QHH9jX9L>`x`fbdX<7QRV(&LCIxbRM8z0{kirXY0`>9UVk+p>kXZ4NPlyWH{O9Kc
zJE{;Tm*pNa=X+Wv!3a}sCdCPjwl|6VM4()l&p@jT?+jQ{@?%zKchpr(4!=7a>K?L`
z0S2XA$(<iWNg~AV^ca5tcuEIoHix$-;5SQzI2#&0)f&%ks=XZ2XDi4lV_2A38WW?N
z#w{B4K86O$|F>B_@OzX>^GRFS&WT{5BIz}kHkGq7mZ~%$LCYGSTZH(eC~BJBG>l<_
zsZ1M`5MngulzOe9K35oBvvfoLM!!J#R3eirSL~Ig4>JX$l)=k^x^3AXkroIJ7#@-t
z>!l_3bg&?tijRh2*WE*xhR;2%MyR4oaj}a29NOv_%l}5ukQh|{h-wi&3_gg-|0uP=
zV|;~9-8G~1RMZb<!EyA>uA8AQ8YTzpoPvK=R%I+_J=|n02OD%t&A($G^22ZF!g269
zY^GQqp`j>^#O#3h?W`P!dUT%<;5v23<6~<OcM4Ra1gXpaFykcT#Q<|r`{nn}0v$$i
z$9rxusCa!)(gR665t9#h^5^@vUz73E*(l@Ub%)~INp28eD}qL%7dY;rh}3W@tV$>`
z6^Y{ol7Ic@qIka2i|zEAPW9h0OtwcH<Fk$R-+5hN&f4~r<PzmuidoD!0@B`h%!V$3
z#rt4Lo>piOz8pxDQWwL9$2}^`-!IDPTVB41XZkl2ExweLx^sS?nQ=%dprzAc(x%A#
z9lqjyET*hMkCk9!1PO}rQi)zbTk<k`?DC$;F42+}p}JZij&cEM9o?)XFQ`cxm8vcc
zsrTS~_YJq#q<=``dBe)W2=Fa>m_Ql8nECE{Ks$rO$cwmeCf)NJVYuKq=Wc?|>`Ub?
z$}5Tr!Hl6}!&R#7cAR(<X8na8;(+Mz*7Egua-~~@P=_A+k7`*7j$fF?zD_&Ibgpf5
zUN;f?d|93#8mBpj<#)>R=Se#m^4GEj>u`!bQX^Fc2YF(?twmtDIzSQSkFO^Xg`UGJ
zYVD<pXz*N%hB|>c;U~%MGjO-ZLFV<If*$%iJwk#HVda`A{r>s52Da{vb#vOW{zG}L
zphdX}_3lE)bSW~Z?AGDTcf2G{+2kUV>hob4&@^=HCEO-#%Q~_C5mn7-WcemKz1kgZ
zy^&^dqv#TKm+0-G4M5`$Q5s^FPNa09R!p+cuG13AQ#jgKdhjzyQR1&4nOyznkG$YR
zy0IX9*WgF(lusYf_x?z$+F$>^%u&LGj#eMW=Bi=IU7B|zX=%lHThLn3X4mm0z93N$
zVW{f;hI}S<Dj>(!jm=j6K_{g>Qs<vvdE1<)zNF9VI79#IFFjz-c=ukhg{<c}aLc_D
z#iNng`=@eot4;x>)5tlGrJb#BfUa@qQp>keyVWK2CM-@AEh{&;_TwOeddE|dZ*=6$
ziLQ#=OXlZyE$AQZS6bg$e4p|vx4EDY*}%M{*=kq(h@QXAm0Be)jGh)b&#IYzrF1&t
zCvGvaY9YoMu9yUVWp9DNeF!Y>R+OU4+&d-&tS}d_QxwYM!_r-ZL&Yg_tGBo#Pg^^F
zPjE_D21fxgjXRGoV=?ZsSWP+)*SMnhWOUSj(X3@Yr0f=S=n%OTMpP(<h1NLhlMa$L
z2qZulnC9BPW>E=^ZSW|=OQdPr&lA5Wb@=dkpO1hyJ-P(Qd?N(IzV#ZavN(Jr1#6iK
z>02NF(*PgI9kP$QAJ5#7sSanRN3qC+G_k-`W11gjayxD!R9u13n=SihxznFZ2DenX
z9}Wr4R|swuhyOA0eD9<8q5Jj4s7j~RZL!P;zq9f$-)6{waL|q`A<aOTr>n|$%Y$YG
z%NShOfv#r2auY9RWjp}dQEzIY?KIbw*^6<bqvdI(;>Yf~=W6LY6B~4n*=dEhr~OmM
z+x|!+g6BtvsO};Iy=DQ1_c{{rTeoV1e`^wYyWjZq{p=vIal;$mr=2;YJ>7Y#m9ueW
ze0SZY$=JEIWOqT<d$ZKr>Tbj5`F`wJdF9fd`v?=z^|s2KeSZA&EdIEE>-llIPycq)
zvg=*Z-ua!M-DVORVYU3{!=yzP?30(R?%G;RhnBaKrY%2Sy$#L$gmL={7bm{!!2L=}
z$iv05Ebenf<KX>(decw-wkHE;o0aV+<DmAJJ3B55_S2|^;hOoDCp4F%>r!V2oNV@(
z!9!VK0fVQmb|648r}KA{TnA6)x?25x<1Wy0!lR|t0Wiu(A1@1gZ@Rq{`)5@7+2Bt<
z2)9`Voll;JOc=lU{T<dr_7>D^0`+vAM_gf7S<1tksH?m=k9l}ojxuhrmBU3@kozmV
z<g#MHO`REqvHo$tvwmuMTVd?YTQ+6$ca$FJE%M}A$V*^4U?kr{+I-~p9falH4Hv>}
zTlL{U<aSu&MA&jCZ(m{0u`p$)`~7C8!QbZYIP3F>);P$>_6Lx|{laj1D%h0;nh}^1
zQ|3l-m9U%XHhA*TI;hg-31^Kt^RbuO;KIH8?8f(Q!@5%60rv-E`c7LDl|VYEWaAXb
zUYKOa`&i_<J93dL_w+4U=c#m(>i{8)?1-d^|9h+7Y;o8#m0xA+VY|uWEA!ogP%MGv
z`N#2;N0IYP2fyvYC1&qxQ!*FkzFHXv#bA|lO1w16$GXd3Z^1u_g6#Bv0ofCbZ%Zz?
zo=wHv1{(Fph`|Ic<k9k%FyZ%V0#?ibksrI5_oA?-CT8EQU_e0>I{|S9%x&m{%%Zh*
zo-c}g@X+6;=^)EhK8I4_{Llfud_)I)u$m=--vsabultG9fAKR2%`UNI`eEe*FH0j)
z7?6UGw0ZJkV%SOzm+~aNoYr_~@)9PDzbM+CsUf-j3iR5Z^^deXQ|sH@;|+5Ia;Mk;
zkvYEyE!#*oquL}Cu1?y#g`i1|J81>ww|JN<IvhhkzC5brNKtc`{Pz@**pGOeiB1Tt
zFx-<fZe-c@_?nN8YHLDB9f@4Yp=z+}0b=QXQ8>s8I=@H^fm_GWH=-NwT+lC!<>+qT
zNw>GZ(1jk7AwZ(z0pee}UfRik4XQYd0#_*zJ~Q+lTIR0l0be%^CS+$Y%%`~;EB}s?
z7|l*nlQbbx9Ib-OYtVgHi2*$~Cy;9xZTTO9h&WDU98?5D9SC7R+4`#Ww`ml?NQjkk
zRfWhH8`=G;=tI~LMqrzTcamgXeam`d?Jh$P6%rmZLZ6YI@U7&@TMMuN$VHK>^mC1&
z-fmXA2UZs(F+M+5Q-Rpatvuiy3ap#?s)!xq3`*9c&yF`C70=bIj&OzTB(CE$4u9=y
zXo$=r3^ZdTV<itJIwDxi!xDXApxEMEvq_YKFsOk9&q?}RsP7U~WK$!D>0>ZA+0+L=
zF=V1v$UT9))dW|FrsfgQcCPWR?=OtV>o1Gt&GZuyVUcuNdf;Z7L2t&kt8f~3*w>y$
z?sbg<EA&+sk?O;jO-mp$SLY}-w(^j>(fZxo5x3o**J(Qr6ahL?qC`&MPoB6p$}mo@
zlyCKU+YoVIqMxI}ri(bEKi_XkgEg==v4eh;{AfbGRWVIXCU+yi)#|CEp??I)%7!AS
zY=3+EJ|x!7Yx3&Qseoxn!D49qxrStj*{ZRR#H%VF^%~g)5@dj*q(`gqoGf*Xo7R9?
z_D6{*{3s|J1I>ijR_&OYBUlFD$qzkuCPRD+I$}a4gUgHMc=@#No0>MP&j+(F3(5;p
zvN1da%FMp=?&S-(C}{|N-71^t;RHDx@XmIWbEXdx%l6dayd5u#e60WS+t|T86dc||
zT{v+ZH5vm$PVeSL0$%7c6ubM0q7QnYd*Hc~`a|$T%!dO@FVv(z|A7GE>P>9N*Tk_s
zaDjqbdCYV))V7)IXqO%n1n2<KM7gW&h3v|vSxSazJ+cKrW95_Fr2Tb{9YL{V(EX%)
z1dbh%zb`)3)GZ7LbE_6UyD`>>J-{j~XF3vE2AsncSE79k>;8S)f5m;O#LV5`K)1u^
z@~^U632>oFdKw^xEQWcGtx0R#HV{U#O$e@D*DqpgKng1&6aI!nd#1igKJY8BkquM{
zI}+{J5XTi@kv_7vmxx_Pu1?laG8HT-<qJCos=*<>%mqF0+UQvecKHZ{t>>_$*RRHt
zT0(?cp}y?0fS^B0T~4e~`em6L+JrV3G?7pnb*brTE3lS0*c7!zC-e3kM)D&PfwKOI
zOlChm{=20*4o)DaIGnoZ)bT{GWc2({d3*<JU1%Cmt|p^rSYECgbRE6@n=>SfbC8D(
zsqAh@@*b_^M#98tDseIxC9CR7$5(>>y8e2eRj-h@KJ`YIrc~(YAPz`@3L|Js|6#;w
zoA?e(w3&`-!v$dowjNyvC=Y9iKcM%5zhqmDE8GJqc0;}7$lpqs@mlt-&v;B*u`BVY
z%}6)^^^`SetyO);!|(9^^(vxt#%yFDio%)QmChRYCg>UJQaI!E#Xl6#jNh3JSeU)%
zx&m3x+y2=lU5(P3ChuK#It~(+|I`_x9ZLblwkYSxC$;Jxt0}T`h%X5Y&g{yCM=>$S
z%RME+dJf^%TPvAxAzEEyTkA$-gPsc;Yv%^&>s+L{%jBmPFzosklB<mggh<p0-^j@X
zjn4MhSC80j-eUmfZY)Vzm1$C1WAax$-yX+1vC0a;SQy7!+am;a)q$$iym*|Z@E{aO
z`dS`%tW`FD)tT3D@I5XlP*ief85Wn`Bd5R;Pt3>(A}oUlvh#@JnlTsWF(VnOd_7%<
z`?VJ<=#eEyl90}2saA0{D8hZ2P{Y{W(gwEr8o^3!O&B;z?T*&g))mCpbE<i=KG4vB
zOlAjgA|gG<cT9Z3YIvZEP=t+-^ic|R|3F9*_1wkNGaj8lkdhBo^B@7wk_eD<UTmPv
z_=6ZgM4^+6!PKvDATy&}pA$lv*<NIkDN@D4^lqG<WBh&-LSB(Revr}J`SA*)%Avr0
z9F}@RmN_YIlbo=2k)O4<mv(9Ow}CjAwcXCisAU$UKE?ojiJ5)RzuMTQ{8Xq`M~Jh2
zlQ!?3s&CTq!V~to?hng%JZ{oM^Y7DzPPj7FqqBH?Nh6t$<~c%~WGfeCCudW);3|v}
zJP8RqmfrxxxDKcbG9|v%xt5?wha~gqEv~bg{{3s=Bjopwo1)KE@IM<OA2wfdY?MK=
zXeRe0<MF8tY`!4m?14_k5Jj&H97E3C1kVL3O%>U+R|sNqyYu+&*fiLZp(%|P#mU4x
zIK?k5a(gHosr-@}mR#8%Z%&=Y6PZXPV*6dDM8NpIEZBui4#v)}(s1ho;FLp)!3?&G
zTD$?#jKgen1IXdCPK4c(BWod}<9cUr1;Lc0dN=X(#kWGXdtDwNDo$P6*?i5iF#hZN
z{WV%LxRE>9p*H3mchmWuf(jOL3gD4^m(et-R3~Qr=yFLFQ(!bB3~?dqta^JY5f-x*
z1}tohBnyw|QL9mhTc;B>q^lGLiFK^%r~QaR@-V@onOaPc@Yqo4D`>!;^kfrpejG+}
zsMsMq^ppw2WFtJu^p5_Kh=Y_2riyp0i@YTzr5k}m9SY^kJJK{)p&=B`sD}!O<-D=)
zPOuq+v-U4lB)85SEs9(PM}2TgFC|Ba0<IMz7_uBmX#An{6qX4gl9uu;g_8}n+_;=t
z29_ic<wukeydNacQ{ket2*$Selpakq^^(?(#@m*&v5rNpS{p9A`FCZTKT`8j@xs1Y
zX`9&UFkA3=!zDLS03#c(*Pc#M?a%d^<7u9*Z@jPd#dUx0P_0dEH(38Z!mXZ)1EGZt
z4=nfz3@CL*1`ct*YW5>}BOV<>pU%6ouy=}zUFshvGCk7T_D^a9^%UJ`>DFLmp0?a1
zIC&3Jnx8E13imlp&4);ij@_Fl)TSrY>fY0G73QX%4_sWb@QxWBIe)Lp|FV#C_1Qw^
ziG|otNgb`TA&^N>a1Ts~9FYtC1uS=o2=b6mCH|h)%3G14C;9&SwyH(;Pf&sGF#Vqa
z_Fht2BC5u^UG;M3ZTgfED8<TcV%eO8ug4SGNjWi>)!ceGvK^#LnI0NsiFWE>(ILVa
zH|i~px&%>T##f27A=$Ecy{yB#F-U3rkk^j)5Ck)OUa@ckX=KP5L`X#^r2v&DDdSAV
zrI8NZ7{2^bqpZJW%JuB(tc?rP!O2}3S24E*r#0+OWt=V&Pu2$GqLP^t4?)c6xyv$3
z+vNs6B2-An2diziK7;Sb;Et3U+F5}2aHR;|_c~ZDilGO^Zcxqwa2zizlSh2fUMx4m
zY}Iq5c?YK_-)8+O2P3d}VW3`hnEZzJorevc8Ga`7OLA2SV?MtVKEJE>ptjZKOJ#4?
z&<&V$#oHyD7L}%_Qz`ZdVZf|<^ycKPT0Bf=+PuSF8ohY2mWDc=1UUwodlTIDriEk=
zbwx56znvrry$XXqa(scEDz%ReIz#Z0v8DR~S=-F@r1GG=WK74*l>rq(jyDzId&M31
z@A{cb{vVxnSX4CU?_LeuxVb46tJ^BWQVsk{^VvDRUPa4F>Ac^Q5neT^TvW`9mVjIX
zd5B|8s>j3MTk2L7m=&A*LGww`Krxq(N9BD|w*2wanw{NM!iJ<8ph@NNdE^Ml%}>#X
zR>kot+KyP6*6mA6R`GaGJNfhypJ@E{o+%p9PQ|-Pq3IIEm5RGJsZGqH%cRFU8t=}T
zzx<sYs#qRHm#WY2%SWEyw9lnBKblTo&O#gQe_IL@{JHz<<W@9H!a2=aa3#BZoh7<I
z;pLZO#8?40$tny8!}2g`6KPM0>1>suSSYhepYGq!w3_0ao_z^Ie4`*sp)FqzHv85D
zs>05_gJEm4F{OhCRbkeWk=B<%x{yq^_6@G+7reT4TdlSN+yo(&%$#<=V78XaPu1(#
z98I3RxvQgoQ8}`XiBuIunfFCe;cS$-x+9p3n0=Uaw{&PBexsB!vH-OWp9EXOBk<VM
zFRSD7PR}}wQYEaO24(9Zycy4nBm^V@EN!{x8uW>v&-gQ-jYH9Z>6-_C^~YCc!OMgl
zedD@S=^|LbHV;Xw&F2RXn%!!l8jM!w(tC@x1buusek3vFo}o`>ihTedcxv|P3IzA4
zZ}4UO5jYbZRN!;TU(jnjD@^#%ZDfvgdJkhrdhHZ43b*C2fdOk@%h=z%?!|rWr3Xqt
zh93i;8Lh)j7PHTBntVo?)<B(UjoZ}kyx3&zNM`YX>U}zIFe`KfFng>5FDGGEJY}Y8
zy<0?=+V}6EA-{Wzcdiu~1;DMel%QuSF#i}hjYERg9Eo~5mF*ZaEYIg^1cCKra)d(*
zXKpva5@0L{=OMXOYBNIgG*vDgcQ;<}JeNTcA(6T?i0H841>fOe!Zuv>A5S^H%#mZx
zJ?<?7lRr|1rJWeGlBlu+f--<`6{1NIBc6oya`B6`)txf^E#kkFA*784>>y1>V?w_%
zM+zgk2bj$sQSVRlgNi-)U585|t|cvMdWpBxB2hfk`HZ6#`W-1z3o2b7c-SZ=&G468
zWLHZ1dv`+GB~BScis>~XWlRusD;b$`D6r=MH4tfX5PoZ30)MpbhZd!)gHN@Cx}b1D
z+vmrO^`Y2BwV&OGkPl03ctxOxoBV4f7Abf;-7s8(V1GSU`La<I%|m}0&XEg=EB6#t
z$ll1!wR_D4N0A{;d+-Au<L@CzOtbWcL0YuG{aIWi)=+XTrQ$GU3JnGHj^gF_B2j8U
zVbQ^Sn`SXRC+|kNXN)!l(GE}Pjvk`tD}R8qv2S~>-D#K-4?a)9ZhE1fWzaD+i0HIf
z0{00daieHgvcKPTZ?>?}Rce0B`z|9Jq%iXzf|oh9BP=?N^h1bwkL7_U$^nrYD700C
z@qBbGC(D*4RFj>poxH6)+lkB2!5%XJjc)5cCKHo_g@qxSifP1wesHPM`Ap9f@5e5(
z0(U-~==J*aU3+#UiPEJ<|8Gm5pY+jPH;I-y>T}(o!C7_$D=pogTN~3X-CX-U3J)Nr
zvn0G;E$ilr)KwV*Iv3Axgf6?8F(~0XBj0*;@UP7@u9)c^aN0*cXfFtdQEp5D<)c(%
zK2D*t@E<#@dntOC+r&^2+IfCg&acGJb`zBixukuUO?`x1MuE|>!eUbDxQq_gsQsW7
ziZxXvYkdVEfBHa80JSMhM0rUkUH=WKDIdg=suq1l_yFkvS%HU^RB|OPx>$WvWBA8m
zwFP@|+>C2e>}*7QVvAzkfOUM}S69x_EVsQd1U|95I@vpn9B>p`k{QMcx3kvb^O|3#
zW8;hE7Pe_`I2-{zWpg6S!<w%N%E-GzsNkovSMfD<fZrhXaT@7g2xQu04UJEH++84J
z<|FXcQJqIL$49=+w}4clCcy&}x?=2hN=%$`(NmMy&#4d!R%9|f5~x-ak$FS~ukyeH
zhYj15nw2!wTM$0^X<_$Mb=@owm7xIkd?*P6KX0i@1zBZnFo}r)7)kmOpCt_ookEgK
z$MjB{=co&ng~p>Qb*mw{T^irR6PplXFHW@s3qv>pl?_=ag=j+s{E)u(_3NsCRdit4
z@{I38F-ZzX()fW=4v>AhH)G<~o}<&8l9M;Pag0#!vQ``#sO&w0QT!>|X)sMXIWG7h
zGC5L+G0|vcGI}UdwFL&EyDfhQI$<(}42C)X`0Z;4Y@YR#uoN~Up`5SM)4kF0a^{st
zAUV0N7&^VOyr2_=gTPZ34JOB%H1)8$6_?zPR9}C$Ka^j$zW~bdOy)%b`fjFDev-;+
zk*jGwQFSHz^<gz<lANsklass@0L5;kv-}=>w;Jy|D`!&6Xa52(wN~PBi1$>FExe>z
zuzwXn<0tS-EtHC$XGXDI>XLEU^^V)MlCc$}Q+#OfmSX2c;_%C(^cORAQZJNmzHWDD
zsXf7?*`VJOxPZ5{I-+R$o&{h!CJan#gPPvvOCDZJhJ6~|hm73UepHzW)cd4LzPJe`
zp%M{(L+xS@)*7?(lgn2Gn?T_8b+~R<Z$GnSwzTm7wIRDMkAG-rJ?bACYIOR)Xh>q~
ze`v@K__U!2I{7m$^a{IqSJeKWx-3OvJI<|&Bbv08$?vgh7G#3bPwqwG6HYDhbYt|T
zYOoY<g{jAkyA8FalJ3kk`?Am4<@`7JQ36>qPh7o7xv|tfMTm-bY^+dT{RyR&;`)p(
za*9yNl2m8Xv(-NJnW;>gfbTDf7QJ@2pLs?=or-dh%wrd=#*Tut`cOE3UUBLjr{{G*
zRUw@!lx`jvEpL*p25oLJ%+ph|o=Wt5j@4t!ckLOB@kXh&S%!Czn|Bnijb_ksxcD47
z{F+Y1r9jVMLHBF4Dy+aZjB?~X!@KL4KvZ-tA<3#=edLrbb~_nF`%MPqp<XemaYXL`
zI?Yj`5)$S9T!z-f0R&C|-F8d~qE!sXMiI=WA}nWPK)C)vT5CQbRVe|ldU4%ZEyWnm
zu?JwYoF)O1%=~8<q0xZvM@(YsA~Lu5j(piH`L!(1z!eN;maWw3j5P(_j3FjYaw5&W
zMR*)f$YqHUw;^Sz`6T&PA}nz*(MS~VphmuES|`aK--(Hf&B3qgprW_+X<vF<*xfte
z2Z43<Fx_%ytB%kR4^fuPU3EPUmgH&K$A_t>t!U1LwRRnv@!6|)h6$l!a^yi^j5H$E
z$(Eaj#CjJjI7jl1d7eU>vpf8>=(ZQ^%1AqF>SehT+)6?p^w{TA!~m<OPd%`jCr<Rp
zYbN0X+#umAW0YGI7gp+0Wr!zSK$hViGbu;*MYJb|AM1LEq0e%sDo1?AFoxpIz(sXI
zkwy5!a#z>;>Cwn#{mc|NfwNgvB#@n<X37={{1jMC<4G8+hP?|4EmpW4f31(H{Db{5
zyRlL2XnzVTL2ZgP+lWv80)n-5KK(0t;M2c6*)c!;%TxLEU;Y*6cx>UxviU%nV#i?S
z*tgCHw}N91v7kc@QfIh8w~WO`6Z<gp*F>oon!dsHs*bAouxyZ)zwcAP)E>?x4E`-(
ze>xSWP_zzbhNRWpC34>9dki~*#0l1Qrdk8E1*xQ<CILkM4yS%iv>V9ZzW&xiJJd@0
zuo4u_PYzA1I}0jIV<nDCGL~<*nMv6mDW*k_2TESEW`F$?bK)`oq`H?P_xqHAl%|}+
z&INEOoa)xHsZ=pzKn6@ej$m$=<m;@d9|t|%^{}k86SXti7gZ3wh%E578VF8D^>*^C
zs-HCK2?BdlZTV_bk}Evd4=K{cVQs0R*v|yWy1J<Ohvg@Ur))H`>^a35pSD$a^q5p*
z(5LJqTS2+kzu(-0vG%=Zo?-Ew>=G1X&im#@Ur>O|h6iIGwg@@erv>R~{oD&#vokZp
zoo1aQ$7YUf7j7mYjHb9h{UrRRI43)53%dCR6PSPLOWO7i&CT%98|G4)H9tK3i9(V)
zC`C2q9&+AK<HzA3Bj}QqHhrFaNy<n1b<?4OqptU!M;!D{S_M;T)>7DN%^>1+g5q?g
z$TEZ~2TNTfj^Cm-!M3B6q=UlPuY62y@y4QOP?@#Y8D##S^bB6lFvqGj*wroOYdb6k
zsBp)c6b0fWjn8<vx7XWzW@ylVXJ{)Gt57kA)4E?299=#9Q}=E(7LZDBYkRqkV@Km(
zj+H`$B7RO2DOym_urrXfTHBb!+c0;^fNjy%YBOJ#!K?i{U2hnFHKDfxq*V^^zHvy%
zrJKbM5sxTi3Pfb7(P^WQ-T`Ke(M~hF=H*Dl(n>0bBT4HwQ>3oSEdYOKaU!ziYZinZ
z6J?E&Tlqtxh7yEJ-q*0U40jLIfvnz}FbB~%#VkuugtNj45ljN?DLY@b^l|o#FL8}*
z@Sbe<RbiOI@w9qv$uv&*|6kk!{<CiVuj3Z*pLOeh9k+o0tXu!<xCQ)Y-TGh0E#N=v
z*8e(g{Y$rSh5xNvQvbJZ&HtlY|ASkK75W&nd_)^l1$@gZLZIKW$Fg^93*Z(Ty(PvD
zq6*CZQZ|z#`Huf1yb@*k#EEoy6%~2-&zhQw&dJ(?1fxj9rM7LPp`^!km7*-W%u!LU
zp<GA~Blp0->d{<qqMgFvzhUfpD|fQDGqW?3`MCq!o~q37{7S;P=V_apx}Xm(kXR3E
zlKGH=2KFddN+hGA0zQ{LxQ|A-UK%Y_E#_00gvUnkXTR#5qc#UyUfvCWUbDMXkW{m>
zOb{BPxr1T^;qcYT=$FMb8J&IbTdj)wVWI$(5MMsO&OtFgqJx-pXw6N1euRfeVnPt_
zsE<*B36yiFlalE$F!+FY*v)%8*#_0N*C%!*s+yr2JPF<L`?Epy1svthebL%e8m#^D
zoXy7PB|aA0Q})2SQ3-@Z@&}7UBQ;OoL+pEPk3!&o$ric6KUrNuF@t4WQCJ$1kFhp>
zDQtK2xIs3q#aVHSfqp}I#^*jjFusNr4oRH4tdu1tGp&CV{q%f1m~5C^39b;K5pY+d
zo{i(=T=pe4BH5v$PzHBIy11^T4G5q0m7U!^+>6-9A<~b)Insme1&n7zT9;I;9N`!}
zRI|y1YI!0+FL#e!()b<Jx|ty3zI}>`Sa#LbYV~#YfKB|@ytpBIqzH6AUn^1e*9?gI
z>j6@uPmZ8v6&OoIa()F_ZR{bp|I)biJ`s*&1qQAqoFQZ*s%W|%V^T))BbC;F41&~R
zb%<2(h_h6ujCfIS3x1CY<n_FwqENYkhv&~b5=snkiT|EylM3M{h0tPdx()LkKCsWf
z?=+p5P+u41Eyj_0%$P&AhhnYwjwlm@iWYj{kC*wa;P9WuJH4^a@*Hq|my^<`t$-I3
zkFEWUqftNl@4qL#x`w$yJwW8zz2m@*Y#x%HK$7HsdHBjXLr;LRus?iw`N9&C@^X|s
zIqdraX_(gTe3akiJnxAXc&#V>bSNS(GKGFQQejXIxn50mx`1nku@WAsGi{@~Z0%X#
zLSrRU;YjIcgLKALeu*q43==%UXCmeJ2yC9=SW^2?-RD2r9Qq0k4u9RPrnUc1ms$d^
z$*MAC>e(nHT+jg<nKT8$du<<VYjP3!)2RTLW{@RE^r3hG%r`oao3eCc$tfCddXRuJ
zYEwxp%732BN6aK)`n2gme6;85$+T+QbOS}+YTPpSy0U(sc=2GZh<JW2T*`a21`FU2
z?6Hf_>-<P-M0y^5V!zR55NNlj4gtG^)ZI2iJy)T=MG%FZspK{~=51yTQA0ZV3Vc%(
zAN%@nl<o$hKiRu$%VuA`<socOurAV>2aATgmNfi^)c8A=P?QRk(D>bvkw`EYYS9JX
zl5`32V)?i1o#pEU>ZKcXEGl6-oYuusHL_KPPxWvqc3mW{o+jIQNC3jLi7l<B-kozu
z>5AT6%m{zjf&xq0(4)vsMXN>qG?4H9FegJ2&U?DrH%FOA7i`h<6X|5Q99?NfdFTwS
zr{#odZVL{t|8Wkt;8vP$Znt3??`R}<VwgIgDtVLC$sa-G?$tasY`JPhy<sXIZh?^H
z9+LZ4qja?pmFHJ|Q<Geqlc=#jGFYp8KM}_yldwyKq)qx}5|4vX+G@X4h5?@pCfdgH
z1bjBCOF}*wEaYb}CBeTKjK_3rg?L4F#x+W4h36p9F0||DO?pD03L%U=myd%<hHK~_
z2-^$O5~AQ;W!5?=yzSv3_=+7Z_X%N6x}Of_6|MJ=gMnd@c9-HbBreB-NFac~BxjpD
zr<%K)P?@`TqzVC|3W+Us;nPER1Q1GB^_S!|l5;%_bz1H5ogWkUKsACVaT}Q%c5L2&
z#W#m5q_OhMSZkPBhXE(~u&<m+$Sx?R^f1szTrk1!+lY9y3Z~q#6}Gq+de9l*CnBae
z-1OW-`q0GPtk+*wR=_rvR#3#jLyq9(GJQ~)1@T}K_cVc;o6v1~V#L%aA8>`@ccY9M
z$~FqinSfaY4v}XBCbTV157NJiL{@#~qn|p)j}xj}BMfS>MlJ_Fg?o}ZTmYg5F0EsV
z4__nNNHJUvZ`w#`L2fHW1$q1XaKqHIX`oV+lXe1Qi?;{GovNf5F91(|pdl{`!Qp&G
zNJrrKW*(TIpLf}^l`kVFMid~~ON@Jg0tL-@=se<(G~p0=C#t<J>r$1XWLN)@ZuZ%%
zPAI>E5gPU~<wsAV58FPjO97+@jH6A}11yBkUPu?e-&0ZusKegx2wePEui8J;*FmEX
zZ8Yt>q|&qxLB3sW<}Z7c_L;uN6!YkzCmMh#okbB&Vcn`DtnF<w#ts|3A%UQcDrWV`
zOVX4x;evi8%}D?Z9%;hm7SBL!9WF$#F$-#nFZ^C_bS+l8H@T&z5^mVz%l?#4UEo3q
z6943vhfgiLF`2OQ%`O=iNtkJ8>!z1?j8vg^+$r(4-H$bEv;SQuJgKYGO?$Hya|q;t
z5tol?F(BlfjsJJoI^>M}^`EXaQB_niH&&n=S5g;_+c%jfE2TpWzR{n>q5-GXgBU4;
zU$;Pd-*uCtDY)nU3eP(gfSJV;bJTJS?A_<H3VX&pqKUcTeDvT+U0Yj3?nlaB=#*IL
zuo~Z>2Bvm3NJ9zZ8bHd%0eKA$McGusn1v_~44M*KdhcZB74Cw&mnAQM9S;J3NKr%c
zft%CYu3bq}m=jlq|61C4Z<^>2gp>tUJ1ceZU&h2XI_#9sVU-F3Esi#duityzJd!gY
zD}2m22X(0yh3fm#$Rt5U-tfo{lxQsTZoPIG#^;?!=VhK5z6`i#0Uwf5LZEkq@+kbX
z7#Wr-665^U_{9onugimZ_(PYL!25CR^lEH6t~wZ1t3Aw`NbLoFvC5p~oP8*!rmYjv
z(Dq@Fub~V*HblU9p!6ZRET1xJ5!4)~AvBF1dnWAd(ejT;mOo>sV(PI*sbrkrN6pk`
z_LVnigv9Qs9K^?KfroFJPgpC3tXP3#*eMZNPKG*Ws3J+s=A_#6#%lzrwI#D64VGq+
zF&bXSnW$+fEFcjh??k12Y}&ZBcyPV5d84c&Vg_!Cg%)OY;?!MQW_vq&h=Ub9O)Fr(
z_t<PVDjxbI7z{=$@YA-iZM)wF;rsU_X!UoQJx}8mc8_tZfj{_9N-hU6n|YRJb0zC<
zlWQ%fms=&QS?vWmX55~ql`XxxOLF`|WEBl1$EjX%sozi&ER~}W4xa<@6Dz`(w)xk-
zlj>Lmi%VaPVW+kjSJF#kkQ)!p>~wXFeT@!DoHg|6&gfK}tQR_@MN<bs=OsMAK3&D8
zS>i`649C&f1lA@h6G&-H=xv-|B!7+{PkiO^hmNm&JpkMnjI+#9XkzT*b(ixLSaDM+
zZx$fZ9jw!73^Inl8Jjr2vo?h_5x9W;H>QO$G}ak*ePY@`{wJo5{DWy}|HibW%j%5i
z|H3q1GG&MV!nEN}OauO<X)XVwY4Yf4DW96w0QE0T8y)=AG))qu@{>|3?r)4spP050
zHU9r%8p!>BW13=B+&Pv%xPurp%Om5M-F=uD+9!-1U4FvY+`+$LOe|CQ)5Qk#7Pbg+
zp|GKVV|{2`r31>t-LE#<wyC!CENlcZgZnORR_W`mmx#~-!kZuI6nxc~0{go}S7r=*
z#VU=sqfrfQV*fzgTEMiC2yn#Zb3q-`cG~_|JESdn9}-OSWz)JjqV?hEN@k89O0^!(
zHrKR40GW^NcmMFMPNob3M2ALpVKRlgDkAV{YJQ)lhCvBQ`=c)_Zhpq7fko1_S|eSC
zRyL5~(!%`aPYSuxg?v>qIjVHRA0(11+Xfc>Bo*ld!e$oa>!jprvSD@N*H_DU!iuYY
zq&L+gFPA9OqU)TdfypS2+L^zo&wSiOn6H}Vo}Wr~4&*kP`k|_}zCWFKunByi1L*{n
z!<A@nw<>q;+bt>{K0=eG!Ht0c4eKOz#oX&x<=Zgd6&mLcuX$ehIUuMpWt&X}=fmCd
z)m)!WRRa(@Jsb!R2581Vr&&I}&b>0<c1s=e>lQH#9(4*`=WukO?AaE*=QKS}%I37q
zydFEgLg-fAeMo)q!@cE5IX38NK=G^^cL5O(ouR1Z74;udFP&KDRaf^?FIDv)b<^)s
zLZe9!y5=AL4V@^%K+&7(%16H$5LBhQ^7)bz^`NS#`Z*}|f?4)vj1rZ!0c>~x8U#a0
zH#tAvThvpw>p1Plz<|uC$oic<TZ+$aOk9yZNt9!9O;{B}!2t?YR*7{AGmZ{iHRv-p
z^hE<)?4b{cjwNSs#83}N1}DE^PU12RQ{^%af79-T&AuN0U{`gU=IZPzG!fi@H4mOY
zu}=rnzH^cG&JyENC5NfibK=rLq|eQZf$R^l!H%KnTk`tzF(A=V3Zb{5SJ22Va$kl`
z)7W0*fnFuWwbYO?w}qD>87}R`rZP|?KYR(^G`ecPg?LJ#WH}Ia)H1GuWNnpz&F1Iv
zeDehEI4EMI<%wF&+x}9cydR++cAQd}-<t;>I=2XLFm4p{S&d_{UZf}%LMA7^hbNTh
zvQ?APXnd;c1?V`Awd*ncoT<;Ytk0lv-=~Vd>~^0Od5^BqRb0xPT@W^9M>@vVt`!{P
z&)Ou5Nf}jVVBS5=^z+&eSJ7^x?oCp=H7!*nt2{S{iP)rpi8C8mlsili-Z9UZr$MP=
z?<$7=k=Z?B9`}#PSw1dYb4T^OZkw^9xhb#<PnXCS128xD!1`7uZA&XA80S<}gI7ec
zEf};iaCZ3`hV5^yw$iH&A8pyjiq++nl{qfH;h6kxspScJj9?mbF+`=|vdKP&U*-{D
zL{4Q@kqffEi`(ui|4n}WR{>jL(2n=3mE+*}cS7tXLB57C)Fnfaix55U^KKhZ_oc$T
z7{<ul9H9DS!Zf-4hwmzfO}4ez7F{<?hOy6^lRe2;)ht3)x!vDp=LODlIT|`BOIiy&
z_DQ#6&ZwFg#`pn~X~$KqWii#pX;VX7USjW^$Gtnm@537D#{Al;#`V)`Y5b}O@(NzY
z?^<d6IY#d?47r*n_aSNgzvaIJCcf{=w})DAr$A9E|2-Q^{(RDtqw#y>*5@fq#yU*B
z_qmlf-kznj5WzVSXB)%AOj&w?(6`rti4}N5Q)}Zht;8DC2{@Z!w|$@V15O16{e~2?
z{qp_rGqfFsu{Sgfv7_Y3H2v9lm0Ih*=t&}0$ezaY=pRR0AZNCHB0QMiNTLr{*z5=&
zfrQpyUr>|cKsBXoeJNe_zWo(8@P($q65w?>+&~d|8L~fQb(L!N0h3p<>3~>NJTPyi
zY?|2|ek3E1Y_JH4Y)lf&E`N>-<clTO9!9;Su*^iP8uoQtl2awV>GjenliZR<7Aa~j
z*~wCxTpRxKr?%t$uZC`lfjVT)Y?86FF`#bTubMocWPC4~Jb#zpZoJ@=YW#Ekny05W
z9rRg=?zbb|!RPe+sz{j1zvfu|4UN^cyT){Ujh#otZjm46c$y2yEgV;s4y_zO^G^?(
zN)}9)lul_pPx8;oO8&CgX(fC*@vo;oCtjXF!H=rO%3{tR%F0-m-!xQDTL1&@phvjc
zO4#pZgnBX9eEmGR(LrWgsBJOTG1UP>ya-5Ri70EDU5GsgzFZO$=zCm7xNm;e7ClCK
zmBoLI8H-wb^a4kQ94lh`D(p9vnvX99_X>tsq-hzY#?761lPbi_K=gDV_F`&#z*hB6
z9*?RTW`C>vtzrcs(NBro1_x5PE2$7_s%s{wzb>3-_C(Y!3H3S#f%?M2A%GDPZ^@T|
zfQ+sG+?>+*eT1#yI8p&$K_hIL{S&RxY>6obA0`3atum|qCwKd$5;sz0jX;2vv2m>S
zFTut;HLiBYH$ri;BP%`<$>Y{qb$K+6<?^HpRkqVI&Aepw4}G@N=h=iiw>seEqwa6z
zXw<G+>(Pe~Y^3RAp|a=*ne(KKsa4AP*^N>0xnWDIp-Wp2czkXjo9M4EBXZ8JE@!5k
zF)rDAeP9A8g%aAd>K!!(T;k-QcH51<_Z7GZNMh4gV48611l{jW{^WWgc+W80$X^s%
zx#Q3yDL%1>N*#4ASeu?b@d9v!!5DSn+R^k@Wn_<0@N~Z^xn-c>5jnpeUPP_tskEgU
zs)%Qj-Qd}y%ZeW4aQcwj5x?5}mgAGW3yMz^>^y%Gt`(>>-X-JYJMfsi_5)=e*7K+G
z?VOI<WP@V^UmJ0h91#P!vg6z5A7wK6ExaiI(X-M_V<yv>(e?Z0FMr@}dhL(#z`-o2
z1w;4!w4jtc#%_wH;vT5%?wg|MNpn0~eX#R=)o*Ook5>4bk9mBIZhrKG4;7}5pF*0M
z(G*MJjWGAFG^L%j?HK(ucx^p3>^(KNic@9l8`#n78}NhlMBYkxo^;1Y3U+7ng^JS_
zL58XvE<)l#hPL{qwxGbEPprs0h)7$x_-CoF0r{LYV+~Bn^C{HD^h^GF8Pd5m@yg(s
z(;Zw|mRC-*Zz8;Z7tjmi;&U7pJ`?U41>;hZm~hDTZh>^x+xMP^E8kgQ7AYu3IyM;6
zWkbXQRoXqYLa|9YC(0I#gw>ISkwKgyv;}L_M(gCaE@1T?Sp^6tp@6CA6XPbM)|%PE
z+s%6NJz{aHhD=_ghb;fP7010Zj)Xv@0i|XQPA=!=F!{YhpXIvx^7|{^1P|JdnTQZt
zRCUZ5)tQ0sT!49C$f?0*CShS#Kw}@#RfjFY&4I2z{IdDcCT-8tmu>wYrywfSpd&CL
zy&0U3KLz>cLEV7;itH8h3?|zQ{D@=F2pcg|je#N`q$j1x-`8mc_jg%t{xT@*s5=Ge
zglmf@rPBhhgOjCjTekj*guB@7u#XhepkSol5}ID%*SW-|CudnGO=VZ)7?2bPZ`;Ky
zdZ92c>VlmLDAY%p)M-_c=V1BVM18vWQ|IMSM;MsD^U(o*(83Ix+{3RY+0PdRd*-JX
zJSGF**?FVg`;;_H`2jQBM^i|PDhP{H(GIP0CrFFVZ$G#hu(DRNviw%E#s$v7X4oMc
z7Ew|OAm?;sf1p>W<hnpwP&g^)K47>!U<jN$i=0F2EgR!YrXQ6@8CNauVYn@i4%W6w
zSD)Dg8QTJwqkJ;E)bPc{^7*5BILObzOy{pCXy`>re{q=3ZKy~monPk-R))xgG5E+3
zScI0N^`I64^Km|ujDg^x9#pH=Y`C(8eB|gIwQ*l-)BGemfy^iw#-h+?Hz9GsIRWsp
zr&vgLM9N2kH*`%sw$p^rdpzR;VL(8MKMES3n;NJQnBg%BLr~)sRAWAFY|&IgoAAx2
z40SvXg3u(znBfSXx0k4fDP+E<dPoyxeL)iWStGUtP)g{a4S)OIg=?@+z#_6Vgl}iL
zWpIbLK`S(cYPk!Yd*ran0e^iqK>E&zGjG5qZ8f2LdW1T|r}ZLGA4YX8kaQzZi&~nc
zU<(xFbnD?DxlU(jJ5$ixwy`*P(@5bw+nwKrf$qIm`JIw(K|vGPlbng$aDn*cOiR#0
zJjthYy}6^Hlj&VQPTmWC%$GOc@50_zF@7{KeN-``F1=u^G3n^gqVda7S_?D0uO#d-
zl(RrVvMA$#EBu<lQpO2bEMppq$SQGhH3e`2E=+I&K5uaztNdFuU-*C?E0#dLhB-WS
zl%SA!5z|u7#76dj9{$=kXm~*FJDIH0q6%L5=QXOWjH=?@B~v1LB<<*FhJ!b+=|T~3
zUJtF~%0Hy)I_KxtFX<Fi=BkeLIN}4Mt^QQswz<<w;d{DB!4R6_P@xP1kwtnCfqBWJ
zjTQoIAs&q8-l*XvGU65S;#2oZer3-1ju^Qrj#3?Hp6oY8gQ1)hePVro&z!(7eU^}X
z-xknlH&A)OtaBswG9X+^?e6no3gWo&%3PN+Py!2JG@HmoKr=+lz?4D$f}A}g*A)@U
zg9wF4s-x~eCwIL_LnujbB{><u0ardVkD#@td<1PO=M0OUXWx0qrA=NR{|{4N6%<$3
zM2ihBg9ex2?h@SHA-KD{1sfRLH9&9;1b26L*WeP|-MM^!)xC9JrcTY7^Ro8r?mla+
z-c5dgcG9tV0%gyvhA#YtSWX1O{@}`OE0<wfe(g`;4DS7Y16Ds6(J7vQE(`E*81RN6
zkRI#+6f76RTL?6E%;y}wXWfJ&eE`qlB^eZAIQeOvwTlJj)YHb{xqWP+&cfC?K5@S@
za)T=Wi5RCz1*&q*mp7QrH&xKEq|hOjS~2sfVD|I<d!k3ckOU=OKIzjTwsx>di2RJL
zg8(Qs%K$>AuuF5Dj&88AI+aU#8+`bJdVMlPwgH8Xh#^&!_5z4lo$1N+Iu*H>h=@vu
zCApW3r>Bg<+qR<zXaPNA&xsr}x&*L>b)XT(>bg|4poi4%tv5v2O&nywfT-~rr7i&1
zFuWrk>{J!6ii(b16*}xiYVC#IkRb}P|4*Gfa*sI8xG7i&*<uqi_CS&-#u?$DLUkvp
z-szD3bWDs=4~P@O9;7sbPWFF~tXG!md%O%~meB^LtFT6^)DO}eZ2O{ugl2>Z#h`M)
z;yDq*%n<<QCwhx$562H08#-l&!Sa2nbHf_<vBSXH@oYm5L-H77F_EP1JMvp0Ax`<z
zO|D^2{%o&35HQy4SX~RscuQn0`SIlrmbW*_3K8AmTyNZ}4`_({qX)Pir)LY3>jwOb
z1$obn*#Sg06_01X<2S>gh941(1Fbs1EhcNfLWAQVgP|})m&|sXsl0?}evNqHkdWE=
zFd6a5;XkhqT#@x#DQ)7wSz3lvp(=G{XX!E0F)rTA&+`ZptRXXXW*e*%=Ad|Wa0WF{
zV^0daq*b86XFKd{qrfngX8HW;=Ca)D%$>$-Nkt<1%a!mqpTZ>2Q5wFR2!w@mp%trg
zrCSM-8H`W+T^~}9Bln%Isap0~ErOTwfl*Q=^COv3Odp!qu_^_sp-?X*Uh`_2J2Ff#
zhuYm1_zibFRe0}A5s;v%GAD6`NM6Nq9m8_nKJ0Gu;2E0mz}+{DB)y46ZYYQ4gB9(|
ziLO<zW4wngnLVvyyr;Xo0@CdsUIGS@1jMD@kz40?aS3)>B<UKNGn0@kHBdsdRDOql
zTKqcxh!vWg2wXG>Nt&t>R8cc<t3s!>d}G?*d8+J^EPo}E5MySk8M-tVTEQ50wN8c}
zN3++3p)d@lB}c|>wle7OwExOI79tlp&eF~GLKW7OXDr<GZImH@0|cYpo<+8)CQI`i
z8dmueaG1lFm_=mpjEH_(*XKwblr$!krRNZ9jMh&>)J=l2TC9D`>*ptV?plS%rU$PT
zrGre2(}e_aB3j7%C!MQ~PE}t|mvkAyO`mK5TlMp!Ts%ZwQ`$X5{pN$N@L46{_*)(v
z(;Hu3sXLyRH-wfxNc!!!(_Q-YbOFR-*=T<LI$~`l=}B-bV(rH0`G#b4(m#v~=<efL
zVhZ~`-W@^70$pSCDu~*}RFOq*fVLx2?S5{m((b9JBVPHUoX5}lH3LemiqyIby(L2w
ztt_Js2uZ0q;8%aR*d*vM0$M5tTrvqSe1Iuo3l4t7a7nEQ$dl0UD}i;EKX61y+v}F5
z=5J`I0$VSTS|C%Z6q3w?7Lg%}jB5GDB7TiMxJbCiicc695{G!7#gVWFHKv);(?*5~
zBmTEEcOBdV``)l6eSH^1Qt{_LP;3K0bV!9d?8OFhrp>`CywPTvC_U;!@?t$o13r6a
z*}0}!4Pt3QE-UG#Z+e&jB`Vs<>Sx}q3&$`JzW@~S>(2Gw&B(uzm6?%!T(9v9Z4`ER
zeu#VmQ&#XdpYx~QfM`p^n`|?DL8ER2-Hu;eh4rOnWNXgfVV#RX{A9oN0c=&uX9Feo
z8r#Q+NtG<t8tuJ>^zz>9^1RHe-Ru6IY4x3CRQlqex52bqZ<DEAqgndM%uo0~e|z)^
zf6{;OLs4}|zx%@DRxl65+}-sYx)ZD;qWJ)f>T8grx#(EDKLr#C>A`ciSKY+(i@i32
zECAOxJaF}EN{w}aS&~fI#dniA$!`Qx?r#f5b7B0RlmPN=n*P{bo$=?ip__1V3%LYP
zfGY)tlOoxHdEyUD6DZH`1XGFXK`1ajGUo2ZSZD|kjh~f##z@A<7JX@m*)Ryb@eIrA
z5>=NyMX>iS><$f{d<ez5P!*yL?>kqZH2GSPbU$1%rb&yifT8Y+UDhwNjH@t2RWHT0
zHVDB{aF8hn0{>EaUX2{Pq8y6bhzK1h9X41JoFzPfDfD%l!i`ph6P=yln}HKr=vsXz
z&ITd(3vrQeBnl*n-o{T9^h3K8`S}Ldn)U?2QU2{$XF-a4yo+O5mChe>cK{g{V}Sk@
z;MWM~Tc?_Y_jghSI_xjN@N3d~vs_-A>FHAX@?O@M+A2Hz1?&>YQ<8mQe@0>ucR<)Y
z_U#yQ?Lw~)v(e9ji&GV%w@g8#fx0J}%^YJ&F_ZsZEh;}bC4J55??7Ybci600+k9u&
z&;UgE0>+t<_s>K+=GD5wZw^kS9^197flbuf-<dk#NOJw9S`?TxBx^7s=TaP*hy2>x
zNFe~5(dpQg3vFcBsh{-Ql>~H@K4W7wf(F35vzHQJo`X=g30W`0p7m=a8UXVk603Ew
zIHDVd%Vzp|>M>)`o7u|3R~VWpj2brF(y7@<ej_7-Qu@VkcWYv4>Snb{nVNM?R*J<<
zPwVhkqEoHht*H5jT4YB178>~C9E*D}G&1AsF}KEAc^CqJ?2d&5za*$$m)3!9K;g60
zX<qsK%V{~+F~#2izsJ_7pO}<ajcPZ|R5&$g=8jr3sr}=i|2~=W{hMJ=?VT_FFNhAk
zkmX`jgw0ywV(r?#!lDPdJDv%b%IuS8`q^FKWBWK#e4S(J3`r~SI#8Y0?u)SUFJ}mg
zE%H-x{kiETL#^pYc`pz?IvFv!K2cy&cgM+Uj~{eROvt#kG<o{>@&Fi^Z{1<?)}j=8
z(k03i>j(j(%dJ_8_=h&f(6pCAf#-p5LYQ1L$epKf+qgavk~SEyu_p=CD(#n(aNr6G
zayrSlxHT>g76=S#BWf#s4wSe4T$8Jh&l+@q^nKQ?^hf!dk^=}=p(eHaY%KR4BV<GZ
zR~*u3`&lKX1xp<Akfk$~P6o^E+XvfXN_mA|0yaHmBxasUU{JXD75$&5s8yOxULTGs
zwBDvY*q1t;8WWnTJmVm$Q0er%<YA>2yiMtdOC_w}tzV{-drA;dC0NKm!P|JWxNPY`
zqCHRWubt(Lwm2Xi39g>kpLyTYLuBiet#RlkdK0OCS{P$ah#Fu4RO~#{0ouu+aErX~
z=NL|;6PZ781=?EZWWY0x{~m~+R<XuutZi#5(bmHJ;}ss6*P>1^t!Fq;?eH0>9jk-~
zrgeUsSbe7pWh}$>CtF7JT_Pb)3O~BssP)eKUfWh^4tk(lK&o(A{9Lp$6=vUiuuuAO
z@NQ;GAOOK+L`OwBR1Ga`e2Baq8ZIvTo<yjids|5zb_ne%`0H4PYPbq>KB-E8w*8Jo
zT8?JxJ$v6d+2z#2aM5@O%xH@kiCD6))y=T5MLW3&r0_1}SjkuX!}%`gxCF9Okwy3i
zbjSrh5Rx1PUos6tn*3g@KIoAGF^s(>uimF|i$`~wvp<oSS6K4&jMc+Wa3uFfxB$ZP
z5VJIV=yk0_elce~+#m8C<_jI#8d6kcNG+uxAQs!{Slac{E1YB2+qefB^!&S$xXhu+
z)EnPOKi4y{h_PFM@3la>>r=o(d)(<=z#S?v=$g1TY^dDvlI5JlXZ$^0l)T0QH4(@7
z(}w$seiGt1B-T$tm4!1;+=oL5Bpn(=k62?h{sm)mL38=-g@_uOH-P{;BDOF=sU++B
zTs5~8@CiUfiUaw3P@TF(TRD-ccENTN3LjxWBDt|Bx8(rZWMKxfcl**Jx@&2#cEl$S
zL>RdwP!c-pB4PHA<6HX<_5MhozufL)RJ$j}cSY7G`JQ6d3dO&bU^i>=x(PpCnw5-I
zjR)MJpN++{_wDkYi4HBZ#hXk^aCe>+Xr&xPRU&gLfUeJr5LH&`khVFudaijlES0XB
z-=+eAPtF`f^kD4#b=f%;YhDaqI)x#ShQ|XACsCOg1)7RWeabPp&I$duMSC~;%rk77
zZ-2*<3D0ClYRoBzxaE&5Pji$Cn#$L$QtjxiJ33^~B-=8x4qD%zGpW;<vrpO*#)S2M
zgCM403Q(+sTyxXd)<iULl}8-&D?XPNKcU~<gr&iLhaB$3h9yQg!WbavP8$uP*%Wlj
z5uNW9Bs3<q6sPDX7O$!iMrSjP#d;9o(Xi&YA>Gno=@BD-LF@zPt}tK#I<ezVMMhJ)
z1tmr6nO!KWMPj_7WJ1HKRs0|hWCkMv_lZ;%NRen67W250FUEq{XIG|2%(Yezj&>D9
zV{&H@D}<Z}_<?u6SP&Q4d+8toF(O&5AVjvmKcqt4Xb?-D+~V<Oqsc`@t~iM>N^iTd
z#ov~Jch2J$Q4-TtnFJuD^JNLMsKfdV`mo%wz>~$v8xHjiMC{NH4VKqY-MrpQBy*v7
zKaa5OChq>rsFF?GK0_r2UqWP%M1o$uuJI#wXwGNp`KY_HuG@d9`4e<U0^Vv$1)rVW
zp}+o@-wk~L@cx!~;LSh4S4Q&3pg%`RhiqwV^<>Du`)17WiJp6Ked?N!k3D5Q((7Ri
zDN8nK4=!3NyQq|N&Y)7H!NDc4iyseOgChRyZuamx$q^u!-|K>izK2xMEsV@*fAh0=
z@r^fOH^KW4;sjfgAdb|RuMyf5*QNpEfu!lG&?r>rj3WSL7e8PS8Dt2|bYFlMWFvOU
zGOiEDR$z)*F>H4H3YsscfbPF~-1vUzPG;|kdia_YNImN6sT;;P>9rnekyp51-y$&#
zLRc&{bRph$e|;NdZ{_J4@H&<_?{}36M-A9EM?^IGsJSt?1VL(NGn1(?rLr1Vu*jBC
zcBW04Ighl~x|BxhxkOg{E;3?&iJ!;fBRPFC-n&W{m%@p$c(2PJt?J>pwQwE)FWx6?
z9MyatATqQP{e?*lo+>GcqE)&<=-LfL_xh|f`<^gwxVfh=&_TM_cpvo_Y7<VvR~0e%
zXN4vZL2iVT3beqO-^`J&aZ0D2=0Ztj`)(RJzY@(Pj~_GyKf0iMTy({mCR9iNrun>?
zu>h*Th^N2kui>QBYWuVUcZ@#PKr1ZiDj%pb;r-+-Rz8ON<LP;vIT?DK`CpnnD2IdR
zkL9(LV3DlX{o_jKuK1Z{C;!W``Mj1Wqz7d9S(6~ue{z<7F_Wz^4j~O4P%(<0za)!w
zt=$^SXIkKCU^>3tk+bb(@p{m<ed#iHS8OuNkU6>dUh3NV?^R&wPP1^bW+clN-M!Zn
zDvFx25vug<3o#$!GuZE?suHaDW_64S@I&DL@|B-52^<?C<_qz!n{ubWi5f^LEh1&?
z<cJ2!pYEVMWWQ$!hr-@8p3I}f(2n749m0BLTW*Aok(M6pA$p7mxDy>j*fq(Pjtswm
z0eVDw2Ah*S=$-1qEKI^#@v0OEhotc#@_y?S-&XeuzI4p!hYZ2IZ{Ny3stBG$)WylW
zg)R;`^6<sLM93!NiR?mZiyQcea970oCC>-KHd)P5<)Uzrbo=`G0#txYmqrvx*!$H(
zKwV0mB~4<kI<J%_<O;R8k-)rN7*$)?Tlr|A@*!5KGg~i9?}GNw`=TjoSL~5d;#lUE
zS`!${ZUbRiB355?(h+sjv*4IY&0TD%Neyb}Z|4;dYTJO;6M~m3oq-QSH)r7ggZdqW
z;r0eJ>Z|IR4hi0oAvm?}3mRgnbpO*E(#$eEFhCuWU(BJZ@yvLiF(4b2p$2pm7dgmA
zA<I9<b|Y>TTdE=yG+^E$x=8*4?aBVGG%`YDQEZ$S?E@)A$#bY}7NzW2jCJhL<as{t
zY{g1lo0YeoQ=HvI{5R`59q}}qUOf=BK6^l4?NcKU!`5@&eSRKl<cWSq5VU?0Ar}Yj
zQAJZ4=|NxJ2GxeiOIPhf-{uo#^ze*vB*t=auIkm=Cb-}6ndrBjsvvI88T;COu=hL6
z$6un?rusG<@y^eGp0ZdUb;vfiX-;mt>VqVlnv~AJh-?H%n66SWxL&)QY8!!=Faihw
zhpSgjegWx6(UNBJo`3?eq94e5qJIburyC*12JNu+9NN@9lB<gY48O|eAHhtn^X;q#
zn8Z~JQQSiFe3SRP_Up}u>UC-<N2gEo_BakgZxdZh1ft^`&$-gVkHhy>2ab@Zd*P1f
z_oR7(X?f_rUatcjqw?0^oEkw|&`cmFaJY|pJ;kz%moHYP$cj`dHS(jsZSw>F#@oEI
zCw4#=R9lqFffQtIgMXE18GU{Fm#XPw#EK2%ipeMrr=m?Fo%K~<1yjDiX}!0A^?~#B
zF*c>bj6;Zqrj`3A)2`uY?&-*>^KNs!BgS&Pp~}<JBq;em;B1*eC<Vj{#^h)pBtSfg
zi;V?>>$z{?t)eAOA<7^RF?<yGtCfk5{Ux_~ebIzR%o=Skf$-aF>@SYRmH|><7}+B)
z!Uafq>Ln$tZrA+n%5*dr_6x2i4K*B=%_$Awxb0XRZr2Nj_Yl$Y&T<w-a5l*sGry0z
zy!3)YOSTCACii!Pa5Wg)H+RC3p;5_3%eu5I=qDu0ns&AroM|G3>Uf?<$|NrLW_{~y
z#lqV4Q=cL2Hmx+|%J#oDP`^TaEp2<(i`7KUve>D(k-Ec`9&e|Ik=S)BqW0{!94NZ|
zLu<U!O#DCcl&SPzUq#_=lS%bYvvmJS1w{-eO1x8w@exou`6T@cvSw4heDN_biDGq(
zqE(Xjkpbz#WMqh@e`XO-VggH=gGL$9M|A&tEf9py>(qb6D7h<u6BADG74BKNc{5R1
z_3Clx59O8)^^vF+6WnMd*{Atx8JaQ9Zq6|zxTBX?f^KICIqlgBrWMUD2KZ0?FBrWU
zi}E>%Mi@lyOWhePI;chva#&RRE<LEVU#r4zzVfYIZ2vx&A()3mS{f0|Q~*ef#>veK
z!8HiMpU9J(t*}mkj?w7iwV1p;t*CnJbRic~45@nF%~M=C$?e2)^#)H?!Rb^i+=~v&
z8bH~SYM^yQL~78tm-d!@mObq@NCbRw8b41z+tGm{ks|cY{lcP!IxEYx_7#=wYMZnd
zk|3WU|L{Enqn;f!+x(c><MPrqm5pJsuq3rh#jp`@PzgMjkNtY$G9UdVqA-ss0=%U<
z=~|<3b6-K#m%sy^x`G*w+f4@eR72-aB6xa(4c@XH7kGYoNS|JP7tNqGy*juu{>NR8
z6qIhSMu3zY<0my4zN`nX8KDZOxp<MK3eXHIHk?wd#QBNS$BW5{8rLZ}y~7;xPtlH>
z7b=-SVhrmZc$vz8^JUi?u`5D24};-?UeR#(qGgG&pUrZ3d`Z0@MtaypcB43GP0tLX
zvR?1U?eal@Q`Vq`I@Sz&A?H73>=<f2L{I}0qsI`S&QD%N`do}VGMoesgNnvw$Vk}-
zQTy@hLu|i$I7-4&$P;r^@g(Dq+MWfmYDx5R^g$J_TNKgY8Qj{Bkq0?mXR%YicxTRB
z4vJWav)^u!0*;~l@P&|6%g&1!{_N}D2vgjxG?_#nChvyhGrLju_0DCSYW$UGuRwNH
z(=`W?v3NyIUZ$3ZX;<op%lVUzk+F<cKHP`PHk#s}idpRUL#@w!9BXfE>KGf#7>{Cr
z1JP*IZ@>m|Kkd*V3Q^ty17WKHvD^qz?K%`VPoC^!OXzI(I<aH)6hciWdveCOYjl0<
z(D*`30LSM^h>h`kW<4$Em)h}jFlZLCIrAMy`w-&Jgq-8*xWDNMsY5d|4j~!wez(On
z+VT*>r4b#1#es?^+GfdTniihm7hH1e)#=(3JDCxr<*xSD8m0?h82v!5iVl9SicKS!
z*MlhU&5tAPIX(h4J^~VEt^O*yPep`g=FYit2oNGjw8z^Oal$zC(4A4$4SGs34z`8O
zk|#*+RYXM7L*N?2uM==QJS~$ecm)qtw*$BL{TUK%jkM=jf^pgB!dtmSX6$;$+jmAx
ze!<d~uJk+mvFzj@>Oz!>z7e)o^VDznD5$wVetGk7SBKMl=~A@r@A>A549Sr;V2(w)
z9~oxR!y#Th!@8<LhSwUn2@>v7*^w96A5)?h>ECD>pSHtLK+hyWzv`hi2n04Dx67l<
zXmN=yg)s%^p1WVHS!w)A{BE=|204~q#QnZM*<HJ@7HA&D+eNF@n0vM!U|zOPE>VW9
zr4eY3K!mN;7!uR*O{=jL;;Oc~4gmd_SW_3~ae{4PSwXq1UDi9<2(sYkijg!NwqrrK
z>UgkVt$PJyVi&pJr?A#7M)iyvaTe&Zi6vJYNU;;mNkQT7ZYC%U{k2Vtt-uyIzicWq
zbnMK0eHdIcG8~R3u2Gh5v_rcO8CQ(^(rVbsby+FLW{&QUB$u7=B1wZNyqz=>9xW5z
zF*{4aq+&Q=B@f#>3sOn)xjiBkqQzs8XL@eWV_8%|tc)admW}SI*4o30SIT5%wax8Y
z21fZ%|8A%e+WiSpn*NN7JWgsyb=B8>qoqob`c(*iXjzV76xfdRdj>8vN`;@w3W`%K
zM?1|p4))J4ZLBp6!;qdF5%b4M3P2J*5GP5MlL8fCJCH|75(I;7Z$w-+CW+fy421~y
z)Pi7UaZP?L@b{ZERgcN2%8tM&YaKNQ<6Op1>lGx?F`XjM*Tu={+C{az|Dmq)AL_ZE
zsFQx8uA`CnAL=^)p$?d<Rh`*3&of1WJ*6x#MLS!h7a#g7H(lfLxsQ;D_+Xuf<6=Ll
zh4&^~)s+7mrT7>9SufMHhKA9;_KPAn3)<KS1vM;aoQ=$0MS7x2b*myH{-@nmi2&aE
z^S!QQi#-r81FFcP?CugImThd-FysS_hP))<Djm_$e=xA})aeiX>8QIp%>ut}5i3_V
z7e!ZKe~==lf&EdeU~Vb{td&3|xvr(T<WmYwa(_b;-`H@CQT~8Y&-l{#WKaLoL(_Y5
zYU?{;Ov{(QClu46<7hEJ;4qM*F9}U_B`RP;kpg4mrAT``)J*9s0%3F&()&|5iIng*
zk@dZ!)UB*T2faeA_PmKd)`;%)GK{qldq;2!;!)Vxi@?Sr`y8VFKv0Gaq^U3@!NfL=
zO)mNADiZ@x5?@Xk79i?zhZGe4eWl~&E057e&-o7wnm=qU-ZG@BZMSr58+hUK{&YZV
zl>=@-0#1Dg0noa^C&j7(DuE72n^ypp&{$o=4VR$NZq&sfZryX(VJ3c*x9%MhuKFqK
z&;J1yF|O*))NSp(fcjA^9dXn~t3G`^IyR1YYRB!k^0bQ?%AHzo5K!iA17Ef$t|*py
zPXc9(7AeSNnC^<RHQOjWdl+j@NS~rMjm)vhr8sHSbIJx98S=_g9`*I;VN;feu-!7*
zpi$|2#Ee4<bIJL8exKAN+vAnfG^+J7Q!Iav#wvo9Wz(Qo1OejAvA3^at{1qbwYSPn
zQ5aw~tZ|{Z)J^jDf)r+g#nrfXn6lmaYnRi53%H$ko+5_wo9Z}!rKQoH?v~=oYqwoC
zjK-I+QFsU9Di_~g|6Rd@o&Q0HZ1suEK)`><AX_!~Bv>`{2GAkX<Q4P=d?M3iDP6xM
z`dWLL0|1dfBwpqG7ZY}b)+ryAntDNvIAwI1(bY<J@lczUA}anppH>H6pRp~ahk*bg
zJM5c~XHN{+8j+!0BO%|ha=^P&xdbBqz#(SdG+KO0C!RP@y6UatmbFwdmKSzSOPN0M
zK1(sX1BF{=Y&e(+I*ukEQsO;0_^O{u49}MuRAbZ2JcMX9YUxYivh_5QNsf~^64#Cw
z6(dfLfzcLd;!o{z)q^O`L$M_|c;?hBrnALUinlc#YECu|62&lHl6oK~OyI)+Gvlx1
z#5<j;;$jJ>4kNGkow5$Y$Fpr(#9FV}gulegIAKLKx*bTu0OF70xFBAF=0RTJ`Z<yy
z{^7Z*R4XAW&)<UwtYcJvykXc?!?A<!F)iQ9>_X@=t?<-m89VkoJVP<va}cR@=ARUt
z^8xl3u+%zdh?F`NPWgz`vWF#3`HXg-Uh({Yo(HJ_Oh(-1RAfwndfh4@)iGmWgg3T)
zJ!6^`L~5^TjzRn-4@B@mg%syhm4FIJMaRVvkM+0%w?CZG?(WeJ!h^7MVzDt?I$V+|
z27=5R>-JD4>5(W0#R2w<p;DDY>=Y~-@)iYMrVkgcNFKD=r^MHd-{6YYTbz^d@*2hN
z!mKH9%Recf3#6QxnD>MxDHR(i1ZbH1!fAX9D88gS6s|<=G^j&B$i%1Sks<|MTA?kY
z@dgNe^p?F%c9M4Skw0AV{ehf3Cgs5XT{svdiU7^fa>gs>qjwC4?nB-5$->_eH{t~s
zQ!s{uLt?NRyVv>(xe}j7xUL*$$Fb|l-c_IIlyuuRGM-1+N0#Mpb3_tUBd~+|Zm!hD
z>18c=YcVfPg8B_H=r66Y6d6G{!0h32ihs=7zrmR-xOKh!neAVY2@YL>U%?gV_;8IU
z!dUc1@C>u<P&&G&tFO=p#6vh!!veL?wur?9|Mo5CrUQKdtt2gr@XmBJQj{xD>di@H
zukfNAy<8lJP{G5+kXZ)GB4t?!)E6*hYhDcf%(n1+zz;<7P(}7QxkJ#u;Wzq52RvHk
z2nlbLp>E<|XG9kMX`M9u9${Z$8H5UdnEB%5Z&2N<QQN~@;l14FIg&V&%u+-0te&A3
z+MTMi93XuPQbnRVj+QKz7k`W<C9*cL_VuRk9gHRy&foGE5ckWCCO;LW{k7h~4Z?jr
zr7a)r_ye$r?@0WCSR3dLk!<Q6W4O*xBzqOi&n(L3QM}9U0>W9|gKBeJ7G&x=6_>DX
z=rFIZ`w*R0q)55-2_=}GRux*o0%NWKC09dW+^da9d3i};#(NkWqDme4y#1sZ9(y5Y
z&v<IcfA_okb^mR>VmFAi7jo+kEOq0Wl!k#GHB$G&6w}bYJp^GQ%?=P?h^(6nqf0*~
z5lE_?>W3^l>m~ePg@k}3qxdCH+E5}QhIB19OY^e)8wh;=iku(N;q+EAn7c$HEtr9i
z=<gwB?BE$N_ylp|4$$}eFo)f@f>SQW0T^@(Vq6V%(=$iO1zSf<88|VQBkguSLsX)O
zMkO$ZPsF@Snu6>T4~d`EgUFQjZ!B43+~=)^ldk6LjQ?jup~FSDUWa5sSoDCWXoQaA
zLBA*G<~9h-aij>c{9X43j;6=N>1h!&QpMN^JS&`1mhM)Gp8@AS@$3M1SDqI1YGe*!
z$&O3o57>z7cEo?Wu2Cc6dSb-3d2Dq-M@`Y*x8p^Esy&eaxJIL=)IGk}j%xb=fuWnU
zsCtqFCydtQ-1I3;c9-@o;%-fy&2MXuKOgQh4$H6mMV65DTV^>sdhrZ_lgrFMqo4Wu
z@LrTc*qM%BfAj2u8$E;AD?N5`Dl~XZL)fX@)OmJsxb8pi+>2MFh6pp^Zlp#F3;q`!
z0zvZ)l)%Eu@3?y@tixqSE+HMOO{aN$O{d}tKR#C-Sv3`{e}ZeXQuy;`Z?IQ&M-W96
z@>uD*^C_GJ;p+<Bu@<rgBNU1|@iK^&zu~);EbRNfun^u&M&C=V|FEV=umB!ObjI5^
z2WUY+NI+^r34~R9bBq<y8v`gpKnG6?lpGrBceKiU2(h#K;-T=>k>vjgV&&{AEF$(X
z+R#)*Im~Vz5pS!ihvS)f@Xw?gKd?-4cqx#{_z7{>N1SwE3F<Ckbb-3DD-$j6%IKBd
zsB$(4(&4;c9~}nc8HU9nBm-D;x$Z_hjWa#Jc+IhH3#Si=&QnIP<)MSb$@$&hwvTcD
zPF~d}UBtU4vFrS!x#aIf{+$EMXbY*cc<x4DfBG-i{1jEiH)g3JYug+^eHRN+H}JNJ
z#iqOb>>ynCojKxDx#cP|s{7n$T&tt|8^lhHjb4|v@wFl3&xtj)VV<X)`R31T_3~BI
zwTuPk)SK(@^7sA)UecfqCZpe}YaxYzhu@IwZv&7P)z#mBi>CL^N@9jflRV#Q3!Ak=
zpo;OgU4;upOLFFF2AH|uMo2Y{eYIAN_{V~e<=?5S1NoIon##y@5C>(RWLMWkOr~El
zOvGGLce&sfJB%+<A}g{el7FvB{0luXw^78B_8%0o#`#Sy#_=qW{YS)>MWCC4PiOpU
zfD-z@aQyPG!>2!nIuvBU1M4lg2^UP7U9+$m*p-o4s>4N)ox7C-(W7Y>w3hNEu+Gpc
z%xuUAMTlCp>&8geE{eut3)&7!2&UvCurVXX2Aydjh6&{DXU}Sy(61S=UIVbFZOdYq
z4@}|HFgR>m_G&pGlbmh6X~BYBJTW&{rn*SvzXB?}2q>q2b-Y97J4g!^nN!Jb*U8+U
zlgQkWUb<LSn@aA8$lU2S6eZfQRW-@nKkHr9rk@iX0)-BMmc0;T*Qmiu2~$_J^JUxq
z{b=*$Oci5S-NF6;#INq?ZJJLhsSQ3$#RV=gWj#akFdFnFY?^XRcaj={r+2=O3?|bF
znm`$nWnraNsNxGu6BW$ne+rZUpNAjBZwRm1hUKXw^dBOkPEPIkA;GawQ<88c#hkh0
z&p@NsfBLJVjPN3wMiG)hEEtkDTfrk;1OAtbD^qq4X;u3|=#+U;0uLAB`5)1~ak(tK
z!h%o46QGuhUY`xAd+%;<IJ6&VD}APm++Mg3aRL?~>0CP7eNyWLfJm_9Bl#lIW^7ov
z(0Ils5himlG}K=Iim{{JlJln$1yfbG>CBdk*}@usD2@LV{8u|TxkK9lt%O3stZb<h
z!0}9&*rgCbQe;nSb^a8f<?a?wp`9>BbrGU%3Ti)xtX3HN`HMDkAWP%5zrA+F(V7sH
z@Sq5;$4QFwhq_G;th8=JoGn71;CeX9HFLCx|7(|ZK!kUdCJqDs$`(3gk0#a}M*2DH
zVh>e{UjWH8E}$dSGafs2hzZ8XLmcQHCK&shOe8QU7MWGN8@I=O86Vx}nDvwsfInjh
z4NBsgULtM&cckaCnC5%w^B44rY+rj(I*#rYPK~9#fmJ&|I!={32f@>h!mb-wbz*L5
ztT^z-^=f-d4}T93sg`Uhu{uQsb7muh^_M?l$d)B4F5toXDzBdsDbNnk^BMhsry5)j
z_oT~Vh}q1@srnq%%=oE(PD2LdOsjgJ&@nE0J&&>GQwd>_e%?E>MPK0L1{2LHLkqTy
z?YTlw?KQGvBft|dN_-_=ZPmNPlk~9L4(-ssMKTo1wxTieWl0{FVPWq_kZCjf4R~8C
zT8aK}*mb2PFPDDD^wB-3Gdc;1L_{Za`-uqQLM-*if-HoZ-m8RoDM13y46_+19+D^Q
zph6AFBIDW(tB=;T?T(!b%s_|~1H8Kmj_rnu3wBxeUZm&7RpS5hf+Lc9@*CYy!6x$p
zij;~l&v9t;UMZFtJ!>XBS|WeD`=O<QG@!8@SE(B^MxNHi8kz`T3Up55=oYpzF-wE_
z9!)AmvSmArs!#1bIIPZ9GdKq-oH@kBe!c}y7h61qG`H~G{&_Mxoa=pej22|H@sm27
zi+o`Cq*4XHAF6#)FoO2xu8yBGy&gi}dOyzuhJMahDTebr9Vk$|WMzkUILIwRmQ**E
z%b-Mwt#;g<R^%0%$r)(wB8I0mkhyxJjC0~gP)^on7uJVltGCi6r1S;l0;^ZBE+Z~%
z-GaqTsz@&nOBd;3Dlqb_JH|TezwR=zw+I^4z&nW7@Cao_7DSsLNAEgHu*1w=WD!hY
zxq01kri#gm9E8nT)q}j8BlEXX9*13tOePrO!g2LY99>>;;wBOP2`#4D*TUVcjSF+T
ze{$qj8e3d=t1T--zVe`lcW0uT=g%&!B_B%>@!X$&9eE-f%K~4VVm`kEJq>Z{hA#PB
zyo|cHn^!(;9N<4*b6<S@ea!K7w=geRV<z3U4)KlY{P;~n>g>oqzwxiP;XsFh;XtcJ
z(_ecqQClCr))D=*rv_Aaqg)#Ey_WI@7*!=Ozx$xTNjBFy03GCIXjg;N3Hhr-Q7-7i
zKb#6SSVBKY^P_pA00t`g^W0<1`M8&#)_E)FD0_y76&fQM8gn#1k`mdMbe0Z(wjWzn
z)M`q$O$imfJ-!XaZT>tFz@Ok3^v7Jfp&{T4^)|SIoKHRpc8ri(^4Sfh2OQ<?Pm+A{
zSVDVviC<s}6y!mP*@gz)HQF(8jXq(x5pYXOOIHqF7hZcWaHlO|hUR5=0?QK#mwhm+
zjVEZE4^*28p|_~7U1(HdBH!7=^Nn5&a(tyYF7*iB+7zSx=Yl<i{0cqA+%Epkg!>g2
z^>kT@=Zak?B`33@hE-ODD(`e`r2BqAi2rfJYJETRIST^qdT+dd9Mc8*j;c#Hhq9Hl
zzw@kYTwH8!ZgQVz#E=r6_hp{WwUN=ob7vWXFUm_oIp!Bp9!ZK_!3F5GD{YQh9tA;e
z1*?ZT6CMQ-9P`#(&!scAZja25mJs)meqL}zoQ2%p;XeaNlmiC;`5XyF#|B8znr+%t
zPhEWR?fL_Hz<&l`sNHkF{Ca0MQa|)lRA^gZ!JvCaz<#S$YIHYUN9z?T-_(DPLZ6w(
zXXI*iE-Q0iwelnw?0cSgH}0DPQG%!h4nCqe3m-CK-c1_}|CSY%jT{ohaLodlD`!Fs
z_jbqqW9|${=ooC;7Uotk>>GGvaAp~PrZPUmFg}9%ZR&;yK=Ui~Z^zJI&Pz8L&iOBY
zDs@Y(2w}jvLJ6t<dGWm7U<vT+$$5z0?YOY|3l|qKl!F*es8w3Z`8Vkz8llLua?fEv
zxhd`isVkqGdQ(U%@JsN;N5^KbLfwN1%M49gJGc05E;Ygkyjdw9_+0Ney%NroZVArE
zUj_|?QT79hL_a?M`VlopO!WAaEv4mQ2A0?C+luy%dntU3YNQzrkQ=IYNtevnQ{+@7
zgp$M30L>Xj%b7qJ6aKqRF~X)=DJrufft3*e6KWID(hBUigRlahthQwcthFtYY2WH3
zlT>)-_OywGZ<I;nV?BtKf2zD)xN~IpEW8E9$5oF^c|p8iKh!oZQt1z=^AYta>!xq0
z`eYeME$Av%EpRYM+2WN~O7O?&2WWBn(|*0j=1NMba^j&-xt~@t@E@SMTIQS9=ye{7
z$V^vlAibf>BRP)B1FD}io8A$Ezn5FvH~iCL#J2S-Z<OwGOt0|hTD7rHJvMFhu!025
zG`?CuPWaU=T<9w5F4QwA|2_NDygs|&AGQ2@{oFI%NpqcQqO0dv@*_eqBv(zCe-%Pb
zhWmNB)(*3*Rif2q%+6E2yg|1#h|kXiy>0cxy;1I2rIj41B<23(x+s5}%h{XgC$68q
zJ$hNyeSONGV~?(w4Es9Et^JhL(G>{L8}%-#U~;x0%ezbIgv06)W=x5G#|ms|o6XcY
zUg?INt$p3mp`zL*(*lTUA08qU3Vgv{g`>QF*63~DwxG@zJENkzd|t9#6E53IG<$rk
zGc}!graFQ5ng`rMva+mwzwTJMxcAmkQkyWSs%S(OQ+x3?RAXGTYvQ#pu>1xxYYQHV
zC&qVL&JA#bq`|`c@Y!$PA{2Dh!i_?W(t7_e#g(TXiC_)x!uS!l%#`Fkb{Y5+z(W=#
z(mC)@p^mX@qAKY-x2@QF0e8_t8kVO10GWvq$h+xJf~ufr`+(i?hgPzzzzU^8|ATa$
zM`!GUQwO?|68(wz4?oxk7`q8lqQ=C~NlQHS3(;3b?U}GX49t_>cD8Txq>EKAzh<N3
zN-tcUoRoG&$WHv${)=PsTRmF*cg6+@4C<MQnWe<}tPg471QIKAXv&S_KUsgSii2q2
z5$<hzv8!Wo-c!An{K!=fb?mNpU2mSfl@i9X`_g%)Pa@~pJq$#;rn!7Tu%G=WErk`j
zhj;}Zm4?n!(ehKB@xKn2xqLo}WUV2b+i`cB|DSYws>E@Rxl#i=j4-T<Y&2N>wvC3a
z;<Y~cX!<9U1b}L>ZMUoldthKn@Zxus+yH7_l%o=NM1u>e^c;{<Qw9EixAbDEy9em;
z%*@H<sW@qD;lz*cb@vEey|bDB$=BtFi-%h;J#%(YuRe%N_yr@KX)ry`rOiL9M$JsA
zM;g7zBB7lTP*ZomrSysnGh~md=zv}hqqiKQUVpx+&FY`sn(YPGRqN%nCrOMRiT&OW
zP9}WkCe$X^$iSQ`?HlRMKkN=fkOIMGf|2N>RwX(s6Zm;7y@4X*Fm(kAdhYpK-WPDb
zA+g{W!(|A=iw@6fsgbzxA9vghn+?ycD~<xdWIq(k)@F{#e#UdJo*AadQf2j!{L&En
zK8{A0-YHkYMxhiZLJg|*RO;?oME-{fUr86hQ9)~O<+$*Q={bF)TA?kkC8$jpTd~Wa
z{%Nouf171=qJLApZqA{JD4uNNI6uVbc{vgspTe|AlhzGJ5iPxMU5~XEy!(nh)JHab
z%Zc0CNr)RPVDEK_dz<C{=liEVs)Zw7r=!!<xznm-t2abj;+6uYtLQce?zbEQrn%Nq
zHf5kd-jvvy(2d<grgmOOgLJ7YVyzKMtYiy}UM;7MYnJTK{!sfojbEO?A?LQE_7}k%
zR#tJCVscwx@R=B2IYZKR<JJHj(#knKLuZaW(hIc(J>|>8gqfI%Pm~aFh;tsGR0Aed
z!$kt*p!-#Ef}3ym9Dz;LTftP*5{L~JR%XBex~_84kfH6pp>O8mpq(1k(d7^^c~!9(
z+Y&!{c}qSgXe5RZ+S3V)VPgg1?Y_GPW)|ed^WPu#q(CMNWNkB&JTkg?WXKYuy&*kd
zG#HAs7xoGPSw1`YH93>;YeGIc-nG)vh-dg&M2Dq_zo>jnM&iP*L1DO9=qt0C$F<*1
zXq{;)l$f?V264nIh}jI*U*Ca8tdUe2$4mFeH7Fy%^kbXILx86J8jBy}DU&eR)H{(9
zYwYCPHTwwJCpBMfUeMo({5xJ0l1=<H`L$;rMt~9KX6ma;=Br}%YgL*gw5acG0-(dz
z=H7+`#Bfc%-#a_+FUgfXV|Ije-G;4meQOnAd?!D~de=k`@*-|?QsMrk|KkZog04_U
zr)p`nkw0-m++}u9)-ypb3u=2W)54R0xfgtMCOruhFzZK_<<g^j*;}-(TCiJHT%y5Z
zNuT(_g|`MU(25r-_)&waUsESGLRb_oY7pSK>o4c1&1?}nD_pJVHM|EV0~EWHvO3x5
z1x)R-T{#hfNHeCa)(X2Ja>>GVk5ywY^|p=mjcvmJ&c|IkrRhO!D|lS*Hs)A8lk@9&
z8hXeq9oi~b7JUQFsj~FJX?zLPc3xO?u5uLW%EE*@8(`;k@{6k0J<!`TAeh>q9Y#AR
zo73|BR&hYkjM&^yey{KcrZ8Z}3`M=uz35S{oH%a>l;r+i^hh^y1m`9r(gn)_-quV*
z)fYJcI*ad*$QmTd9BI~eXt4Py?*n)mr~ZJicf>sos5Kw-9p1#4Az>r?qApYK29!ym
z`}FvH_!OBcSb-^Bn-;Ln=h>^e{u3w>Z%8+qMn8utnPDxXyV$D|NbIJt{J65q&p-{@
z*9&VPlk~2|laPh|MOBr7%^OYc&lE<06Y$&d=Yz#R3yYgfizRyVp5z5p2}bOf#`MCm
z0=jb^D%NZgY6HAx_+Gtpxg18?Khm^q^1sYFtpVog5kK_DCn6oV8B8fQ-riu5X34w|
zGfX3GINFr&i_B|-kN(~3>9X_LLp{f>)AC|~Zcd>D!fq>7UHMUyBJ8JB%GK!18EW_(
z^8Hj_CM;IZ1+sO>Yq<61Qk)ci4oWs}<EMmCrXv#5qY}MF$!Lxzhmf_$iQsV)GO*rr
z;HXI!W92hC9r}{bMv9pHxl3-wcmu-+?@Yud(m1k8ekk`whRX^jNhax*aBs=$kW#{d
z5XL+2tY3vFkP+RCDUSojx}gzJ7jmtfE|TIGjLRlM+YDb*r{<<hM&_PN3%?vk^Si+L
z)G2Q-{87FsmYN`{D>7ZHRKDR<zDcpheLKtiaRax`yJYD<|IfxLt`=DusZFSD$tzD^
z_V6`|isBZhsgkq0MRAkWeRVlOWWiJs1Q1fnnJ~K)E;&&QtH2|Q+Ip9ryGrpwh&~w=
zrhRmu>?vILR|;}}&&0VM1X}y1v+F7`g_9Itxnd3G%m$2Hnrm%E`lhNPp8Fuhj~B#W
z`V7?xQ~iQ-WMx9ATEv`IXfr>yKRs0y{=zg2*!gk&8)K3rtf<gnk=B&foc7NgsG(mg
zz0q3xc{k#)W_K-J&^ZyI<@BYohH)o7aS>{hcO^u?_L7~t8$=fENrCaofsgR?RwJD$
zS@7eaOCr%%KL6w+Dk{)xhgj#+=Y?qUyXbnWzoX~$Ng)~JEN4+R92^2O)U$Gpm70NO
zF@j>G++ssd79r5K-RiHnoNlTQ5~oF?qDF?7B?Pi3M*<ksJ&=N*80BBINuzPce)}n2
zTN2}ILy1I@z6+B)MZCFs>R0WUV9rD!g~BqFMxGQf)ukkDC(7=FVA()RGrFz6yNr`y
zY26U&aDFL_RvpdK=BBe_kCuj7G)>rNKt{N_Wy$gK$<&=|U2C_l`N}zgR`m5lkp}(j
zSLRqVVyzoIpaFIuMcjuh%TXkG84XroLfHpfg9Ac_rMwK|+_F?5?P1p76cFlHiEC9G
zFqGGL697n`4nR+}vH?guD;MH@IjZ}5p|ck9<$aV{4tMvobWdP78!KOvPrYd$r_71C
z+0&1&*>EXW`Q#x(AioL(Yt*5j*v{slO0(y5D_+M?_g4Ps(&Dal{<k?#0r%x=-AZI$
z5(S|vI8<7}jIjg8QFR(U+X$Al`9~SkO#fsa=Fu%9tg>Pp$wbM?Re9O--?$&P)D?3x
zPMcnR**E+!fnSg}<!-WJZ<ylVAnw#lsM*7svu)}b+s^nKmfW2|r+EAFSymQkptk3`
z{jm{{Yl2Mp#0uO&`S{GzTv8o9)wSR>NXUZl+xyQ(;82dT#wBdrSms{<rCwY1wv<Z(
zyUS+$*P(;LzSDs7#5*UCu=|<hm-RF93@?hW&c4yzQ@LU%TTNMtOXr7K8%$TL$Q1w@
zhjYJ>e}c2-QhVp1z-hVMAG%IM+mzo|i|Oe9r0cZ(yKS;>II8lg+g@Q<IUUub@GB?P
zDo+j;jskaX=h=R0QCR(RHTqjt6ytO)w5(3i<Eht*;?8}14fXs4d)F!yp0SS@P@ZT8
z!4WmK$4;%GyBrygJhgM*1zm1trxCv{*5NNni_vdswAtE&_<|LE4Wl36qTJa$X&8BB
zLt4(aVN@B6FV>Vu6bb^W{OJVVL@kC)T6)fs=tbEVR-lzrh`kM*lupaGx}cWgh;9br
zRRLMf<dvTS!v`lWsy+z5fq5jJ5yawz6StGu(p!E5pKn<w_Tg)3Tx^n^hW77`CiVF>
zy8O6PnZprOwm31dQ@Rkj@3heB%HCn~IbqKDS060Q)Z*WY`_+H8*6IU(SXGmHt@$qG
z>^Y?`bdCJ(LjPRaD|ubMt6jMN%{m|(bebWJm3{hb(%W7@Q1hxSc@1HUrSWn1dcHdi
zj$o?Yb0Pbxk28!W1C%#^do+`&iwGVN^Pw|W;rY1(%FUkLP3jvfFl0up^8aa&9P)3^
z5sq3@v)B@poE<LGoUmEWkTT$>I^ALkUDpM7mQE0+;sZOY=G$yprR<zG<IW^oQJME(
z2YoS5Fu;5zzCA_1edx?n4DZkd{uveS&YahUb6#I>UpL6}_dOkBHo{Q}>I=rRIhWhB
zmW=-g2*=xwuMQ?t&&#AcX!&@JhY8YA#NruexpKGHFzC;(ZYsCbaJx+FT-;d7eA|-|
zvBsJ62EK_*g*#onx0N!e(i(X#o<WHdxd(9<eWSbY8ioU<i?eny{Bdo4y(c|6O8!rG
zudic>kToAanY-voZ=bT;M!xDq8&o!MX6PhofzCQR$1r&mEL5G4$C%6N9$B$jJxPg}
z=2|aBON~v-OgrYaR+TVJ31Y`oSWuQwYu1lA-Suq`BwrLNl#C|j7xz>~$qIK}sF`p^
zeo2UJHPjmD7m8)JldQ3$^>;+tIGky%NqBdiLQ*%>sJTLL9lfyLS2G`qk%J3Zv&-E}
zL3oW8O>F|#9!=AffottD24}Mhn6)m}-hegN=eNnSRjN^0`1wB012(%ldCkt9qC{)T
zOGc5_-)A;xk>3k!(}A+YP6hMnu`Bb=o~hij2_}_WyuaH2oF~Q=ADOo4p&*dLa`h4;
z6aYq8ud&q)L<Z6ebiL@ysTI#W;Tfx<Kz?FGI4@z6Jkd0AWMj(fX_w;o`c^(!^#zwX
z(8F>_avu=|R%|BCW%u>--`l)w`C=p7?F37m@9TcGj{6Fz3`V7ejsv^|)L@D??eM5b
z{*AKzI0q+N#2fTB_Dj(IGXUE*{EaVqqGWulMN&lQ8pR{X2{`te^nW}Ou1Wl%2SUs7
z7}qE(z-w!-rTAlx#Kbt;_MNM^v~+37Dev{DxR&rr=q>m?f=RZn7;P;)*Kv7B3`3O8
zJwdD^X0UP!db-9(o#>2Rx-TOSpIx_%d-{M>{0kXg+Z^lPumzD`nM2j#X4G%%!83@F
zl02e<WLy|z;qkkG2MF(*>M%@)bWp(8odnj1ZoBn6>tF%2k&ehNEKkJGNom|JeTOiR
zbtaEjd|I5rJ&%#m)J`ir|3*S-afKiI)sj+nw|V21hz&(PqIAgF2Fqt@BB^fQ-ruKV
zB-QGS0lROGSLy3QnezNgCY%duHC78kaNCS)lt-OMfc<yex$xkZcA3WfZIF4;)NY(D
zNa;yz1BHE`(C1<%dt*9M_R`+XMl7LgZF@R|QqlGzk;s+S<L{rh%6A_XB%Ih`7I@2P
zQGPa`784;h(8qA&b)24Yqgh^qnJ@lGv&n^<ztV+La7y%foJ_Di;r2Jt9uaMrj*#Cd
z6D;ZqVILX6FyMuWrGUHcP|yIPFOpP)+0AI*O=V@f9Ca-^`*!fCXJpA6Q?}w=7MNeY
z06)viL47RdTQX0B`{HSvcZUJXzK`gR8^XGe5Vtq{nGDyQ@W;oy)Y|12Ha@Lt3sXd)
z?m<MsHew``UyD}LZQF1Z4cVQd*7P**_%2`;a|%1LvTqeayGV$U<RCbzfS|8M#4!u{
zh$fv&FA-H<HZN5yRKmN_YhXw&!GJR4P;xLaCJz5(lb$FVEIWRJ^X^)3&?$4*jmcLh
zX&@6VeahGoE*e72P)Tm)vNxQ!n5`8Fkk2J@s0=4g<qbL#rnm)Wd$5Dt2))f}bou@x
z;BbDA1mgM8fafx(8+1Rs9C^MHM^a1cHzSyB#L_^&4>MBAun+O7_p8bqa|t{4b70h3
zt6&)sa}VWsdAMLr+gN9Ji`I5%LZ=WszlR)?mB<eK5l3xOVY3sSWk=o)L1w|^_X%gI
zMI3Q9_+GXh(^?nyPMtY7-d`}r_2p*;M*P{&4jlC745#PVk)R)yAfy3A)V{thC9&R*
z?{GV~E1tAj7_B-|cGjyYccGgoE7Ipg*+gG3twS8dMZa8hNP%d*gg{2vj=@;n{E0s{
zK53BNDT|ctnl0TM0p_DO=wV*o=XQKD1WSgz-&;o)H|&j%l9yrmt*Sx~RLiXcV%J5!
zIfD{~YMoB25ugWcE_6*;3j-ZY0~}4=*0CZw6E4_OVrul&;Gq26E$C$%y*s&Yn(K9Q
zxVq(UuV=8MCv<inJB`e}-Pt-(C1YR4F^>e>kMX5?NcOO)G}PPGxLT|cF-&IysP-l{
zIWkHY=~}ISbB}`s`%%!S`oS`6dt}QuP)v+iibMt9V?a@6$IetTQ*X$wt1n1uzaU1A
z+`DkbmWw^k)=Qyp6-6kQ_FBOkjLp<T?2`|e^=gg3X1~1&9BGWi@PIHCy>fssMRHp0
z5?W^9J$#(a9iZLh?{=u6<-1+l(JZc-Woi<)R~ggs;62u>0@%=`*eu^yqIGVLjw#L2
zP6a9h7EqAO75B2l#U?v4-$n#T$C}-2F>Xu$>i^VsRzY=a?YhR@gF}Ge?(V_e0?gp<
z9$Y)PLvXi{KyY^r4ik5miA(U{vRP}_{`a{$b#Bh>sIE~pF1oAhdER$?QXdgH!$%CK
z$Dhi)bS7J_T;M;l)|sa}w~3!J9w_x(?6uYnH>L~Sc;SHYLgWnQd`gQZ(v;w)w5aQM
zO*I8%H0U)7BKdymlv4-FsG+x~P@b%DlDAXe!e(j+Q=^Pfql!<_|I_FJ%!%hnTs58_
z5)V<r<J6rGsL|D$)4jjZ;yKbz%0$AjLd&7z+CS4k9ZM@|A=oI};8nDcqT2>T>la&<
zWUh10;h*x%k(~<IHreRBuh=+C#0bC9eo%mspy6kcWfs_FIly|GznLWwlKQ4Im`&7B
z&|bEECh$?WNWLu{*K^+iXW`bA$2k2pvWq6njhd@fN~mLT))cQ2P7Mm{^_eomS;^Tg
z^Q|&fJ6f`KDIJ{4{x1yZ?Xgf5W(o+rZ<^s<=Yn2e92a{*I|bPfMC`V$j_rgq^6GsI
z|CEaP+pqFT?1jivSPOt3*2ug6_64eQbb=fY%1JhKqSHc1K%J#5)lE+70JEj6((?x~
zdHF3t{1o_~Sj6w*{XmEGZqF;X%ZP)2+izdveE&4gSZH;{i{#aoI`?&KY;<*XIj!=M
zeB@sZ7g#Fxl+?y@6z+oC&{0RX`Bg!3E~c^%Crf2s=eZ&HM+WgwrfI4n^N-9sn_n~b
z*II=O2j@oT6M*<ay$t#KM;r9RSTa+ZO+?&$mwUqp%q9W^Emdx_|9FD`Uzz~;fAj?Z
zH%*|3*BMr$zg1=%d$Z#^4@Xl*1}R;gjz7p}A3q2U&DD(!8upc}_s5N)`#=<E?JhfM
z@Ev`0_3(4w7|s{~f(-;IqkN}(8?J_GXh>Al8Xy%0(N6c0<eBV7p&eZ$*ZnPe5i-OT
zq#BQmLUiDW!`AE+@$uWsSWX~SkPh?k=slk&)CgZ*RV9$sa`8jfBSbmC6jmv{%|fSj
z&Q>6`^2oBPs&Tow;szb8>Dy=Rq31y!M_VaQlS?OIf&U8t6<9bbr-}3=r5V-83*VgT
zn{z;<RFq3}vp4Bw#bya4Km2NR@0e?Nd_On89JYKUXfQXcD>BEfXRvn2uWQuQsMz2v
z!$u)EoYD}o*J#op^qgDN$P)gm!edawrECNAm}+*L=|ixR^WtH%hm830u0MAdzAsu1
zq9}Lv?o$(x)lpRXS03bGQjOu7nOeF;d#JNU+x)>k&5Z%g7<%rWUOd|ROxI)P;HGAo
z^Rac=*7kFMPHu%@(W!B77>}c)cS$z-B*4kjiTQJ%Af_wZc6z?;*>OTmS@EotrPsdH
z|Lr|Z{m4D&X1``*yYf@eqn(+8-~B~L!hNtd!txsMEuEuHU7mgjvlY}<<?&@%J@nAU
zI3!&8sS9T>j#X0-;r4qtO=G>zx9AW{kEel5T`$w|ZBw&fB0(-~8$5!oYpblglt+@#
zV~}hel{&{`e*-S9;wqjwZPf*>x)lyh)U3V}553H}V}~@$Q~6$)27<bGCJSvL&c!o!
z+hl-EX$LD>qlKqtof+SpM;$x{OrJfm-g+Vja}+`i`UL4=q`NBiMVA$ZRY0!x062cn
z8uvp?7}-q)e1LO8l$N2)pT^h#E1`f!N@NN3D6RV0bIgjIAonCRcj=nVZ9N5-+>dhk
zYTtIS-<*eV@R()G?Y!I{`dx$ciP)O8+zSAX7}a-=7TR*Vd*;59RnCti4MaIM#eP;-
zr?D{q>I6=r^)<xbck?oy7-?UoQFT9EVx^p5zOWUej}xo=QlZbEm2#9KUF9u)8pHjh
zPWne$;bpQiQB2tX60xpK$iFznwb1+1Kb-n9;u<P~`I2zYF#caqZKGpQ_N)QCUo%_i
zqjT}%Yx!%{60A@%=sQv4Bf><!eZj)ATxJXtOb~+lv=@Zz=~7&3L()-s|2^BSj))6}
zeImlLq5kwC?!;zMh2^+`RmlD)5s3#baqLX*z6}d`a=^^&i6eMX8ImNsDaSOx_?g$N
z&7(#!4pr`RFBJy!klrU@&(<v<y)WV!h}v_sa+GGMHrNDF{{x3*qp(Kc%otXNr-uef
z=hJ%DXcFRA-q+bB3@ZLf4<wz3!{t@kX%-1|PB8YulUkIl*)vz+%m!a0VK72tnFQa#
z4G5?z1SqIrB+w7Tcq?o>PfY|pg`^WV4VDdd&`+QYyVjDn;S!FNCIRPiJHQ8dLwY?d
zYSebu5=!s$gI=K%A2qLC1~2MM0Rg1JYih+`)M?cJ$sjdIK4P3eG1Pn*<=#no3aQUY
z6#F(txZ6RppE;V4w*$OHoU{Mp;qh&V7sJ2Dc4d1Dk=Jo&3{Mm6crw-R5arW|)XmLS
z@R1^Hd8G^iwi)8Kjq6m;e?n{+S|iKfMe}t=GshpesN@NrL>+vfvaEL0R<aiu^Qc;4
z#%15Uh|WaI-PK9odLzAC0tIIA3GS}q#QvsDa`Hb?_W5PEg;M<TzIH6(k#V*d%c<kC
zU-11e?EN3s8z%oC`7i0sK?M4%l%J6>!-r|G*3Id}93LZ##Cm$&Z!JJ{9)qX#pv)^i
z7I?PtdjUF_E5AJ2QzyljwWINb+5imw4a$>woy6fZi>sZfwSvX(O5JK@nlQ`kf%L_B
z;kWlZ`PgV;6Z}8k^6lo{wTWrw8V@P<RaYf4`$JZb*^KmTD(0R6UjX;F!J+EVXt;=N
z`)uSauhyIqE2`qlQvtYif<CkL#bb$8d-yY@OHq6C(+UDn_G31;zGLGnyB#_$8AQp!
z(G)NQzrXy&@g&xiX2F*caAE#Yx-|3Pb9?UsNeM)apkqlByjV(1j7qKrC(G|;g;`r`
zaB);cx9Cj$2@ADeu>eXXe{WV(to;r5vry9n-$iQFv#})oz4Ya7V<|pfoL8B->w61S
zmH172retorq$}AU#+&A7FqlP3O42OT%^m!0#5-tEt4LTRskBjSE>bX~T6IPT_u?q`
zQ}j$F4@7FDGoVU(kq2`+@_#lxv0*NXQDHzm?#;i7m19DP{0Yo|f+$?0Qj+}Sdxz~p
z4c{w?%tXm}kLGoAb;dkP;!Ml(Eio9*a^r#fg&YR~zO@?19m<?i8Rr=ORuoz1edDry
z^J71Nynx8#t!tEWEs>KTd+K#M2NMb^mKe(;<MBMP#5_*D@TgimF5LUE&HwDMe;bF{
z>RvhV^b0(<`2zS7eZ%(vJgP1v+L9;l2|j2DVAZkmF8oO^0k4^nXo~D<o?l%rDIrL`
z<V?F4OFAvLhQ0}aLoda4xB+*IeB5^HePfLk-ZAZCZ<d4D57T$tX&M$}#Wmq?d=|Hc
zr#WW)s#?yI;pb*&6Vxzn27ewh=kU|dXcu{}hTN~~ynxUTJ6_LBD-gdQLB#%WmI6OO
znwt1fU-iwA&)p@BQ1O#p!^&G`eK5||?x9bfcBl4iWuP&_PC*yd?|A1cv`%oI0Q3v0
zNjp`-X7QBV&{@1RgqwIw=#?dL#|+2d)kq($@7?WWEz(aAR+mr;BHbyv<%HAsr)WJ+
zJ!x8IYJeXDH@CQX)sJ1#5h{2@OAlH8WC?xYuWQdd=`p2(j<KtWxEkbZdVwahaY3yf
z#i*0X@&t@Y-)G)Gu8Cq-lS4Q|607H8ld=J(ud4<NWzCCHZjhh?=xCGehhO0GUGwH2
ziT8PdqZ>9E9%aS5IM$tGk|}!8qqMsVZil#PV?YLqg_d$%_Ijh1HH6e)KXF`Tx?CvL
zFO`*V14rKjl(rS*Vg$OeCr+K8BI9#fG8;$U?z~d+4rCZ+M4<fg*QjWo#pEi6p~Qmt
zF@hVuW9E)X;>1%Y3G*7;9q(F2b<y)<AT76XA5Et2#{^Man*r&E@}V|-&#lm|OEAs=
zKhVbLjaf?<dN7AESJBeXn2mU9uz_*9z(a4(qa37+?b9fsgdfeP=$s_+A-s@ov9Wc$
z4g$S9Z_;A79mZ>N5<P0k6sGb+*a-$bA#+IA2YLP9x&@kex*`f)=AwWbWlm>5)X3pQ
zA(6XCuDh1eBZt$U+1l7jN1H!QU^FiP35JcZGi^^qnOTeM5&Eb^P1O>^MP%-9F>cA<
zw(1zN$TgZFI5kT4;_>%*EG_AEk1`1>s}6HqC!?^cn9d5MwBw)u`Vy>RmR7uDm`bk)
z`IpJES@o2Pr70z6uNC-n?*@224$+cD%8`;&opT*b3f{5QlsC@&x$%hH04%Lp#9ds^
zn3!)9ScUXM11YX?z%4of|KYKX++(wXD~-$73mr@6Cpz{X7OaV)+E|LeWhL^ZKW>~)
zHoP?gP>8XbNhMK4OtgoUBLmIMJCi*rqe#|Ee(o+&qzzHExb~%CHT#}ZD#aM6h8L2^
zDB9h)`gAtc<4FPedQ$xj_TJX;*dcncc0UU6Mje~%1oYO4FZ?;y$(iSeR}1P7=<)Vi
z!{5n$3hi(e^XHC*>3k@;e!CL$ee^CulWHZ>n5Gq`xQ@?(_ivG!s-RaCeKC(w0!alt
zYRHO&*GkoI=Yt2yU;gr8_V>Yobzamx!vhHUvfnh*-#_dFLa0J`SAFzN6lA*^d3gz1
zYXnhy4s)$7I{FQ|Q>2x;o{mMJie`HeX4l1o>jsY*+oUG&!t}4GM|#7Ymf4nF8B0;E
zTP=I<qkxfJF9Y|TQe_BMurMY^STur*=Ew$X9A=eDde6JbF;gPh<PJgMXCIFqDFU4@
zEm#Sxs5{{RHBwP+fM4y8C8-`rfk;X%eYS#&n(E=j@Ye2B6+t+tOMz{q=gVbNa8g;>
zOr4m5Y9Gbwkdrn(7$VAWuv!<mv=Qtv7Tfzv1on_YbhQrji+}V$kbq{!W+^o?C&#Do
zjwYA>$(x2$1Y;k!1Wvp93w8!P^)-QBn1j=bE$cYoP+b(_23bk!4lR$!K+h4?PTc4U
zC0iM1j$|OnB|N8S6y%Fj?AH61(Fxyp+<d-ZY)e~>yhcMwvhPkGW)^v{>~pCGK5S~W
z+(!pXUK~vr;;D@x2iFWy9>VuNOp7Gw6MXhhnFH0>HoAZ(bGhIcD-i+F``v}BD>f#$
zz83)0`BeFJa^LrqHrkrQr)7S=UP<rl+TART&N)-CXp=D2NZaaS+qsZSAcaWmb|ij#
z(E<&n>^r-&o4;b<7nE2P_)sQ`#YJ5&FpE^$%1#$$QkzqV#P`i?b&GKY_qMnDT7$-6
zNF?AzOuJB@ZT)YZKJ~m`nGv1HXfL|>){O=1sX7uu=ONc@H_x{||D17QL22(MpZ_j%
z{hUS=&3VqHkQ)kFDl$`_HJay)`n)r<%;vKBTOe!69#HLUo4Onq1;4-?MxaSb9O?sl
z7SFrtoZ1H$SI1RI=LsGu&mfvDFVTV8^z<<g!>gNAR#=ct&_gIPx)c%Ku}oEqLpH!E
zat2D}#m|AREoVn!(UFTF=C1EH4U}0L<c&Q-fuIo?mUnY}X@*8Me$NMGFFOm@H92XT
zr{tzAlQoPZADd(1`Lx1aKdZ`nAW#D~kRA((;yEFEd`_LI&*m$~;*W%7D`3!{Rq#~9
z$(Og-opqeCbzDonfNuLm!I<RMAqNz)q^yf`77ed#2%}6uGOlVdSekQdp_He|@Z(9?
z&)uuT+zNXPUUstB4Y;2e>r?wGw^C=02%Q$=*x&J>OBb@IW5_1i)a!P0^Hk(FK4v<Q
zOnf1*WbLqcWdC%~a@sfB35jgfV;v#$Dxy|27J2&u@;T?VoA?HFGN%^XnE_463?LGl
ztkiixAZ<Xl6#>6ED9M#kK4Zb7PN0u4UoK+7elNY!3RkK3uLOa$L-FpS5W2y)olDlQ
zi9bE@5}){=#6RO!<j>(DkJ40B&U?mG7zLWWqZ6Z)>_nc|I#<wg6<q(EQf3bB!_L@R
zz`NjhYLy2MxTrRl9RHKZ1tdLL%fILc6q7mk@Tw}Id(qPbH|7R3nR&<!2K1Wdx33!u
z(wPc^B^?y-y3hD4^Bc4L4SbQ?ObfPM+OzWnE&A9FHOr49S8e!W$<|ZoE@4j+@&etR
zdS14%>a->Ld~^>ys%9EMqrdKXCl<^fD{LJz$(rT0hW(@(Sf=g%0=X$IHuinqZr+q9
z$|>2;CDk*+_dY$Zm23?{1=tu=DC0-vNB#GkM@`@)&c~#fiYR(tS04}e%Rz8&+00el
z+F}8<XP~#44zxo*KI23`r}X6s^JfoCPV_(NGT?!=J=Rd<kG=)$A3DlHA_uQAJ7J|a
zIjxKh<^J%#R|aYrfKAUfp-{VH&f!k(tG1;%mSU@pEhYIF5ElUw(iYj>Hybx^dy`b-
zY?{M2xA8j+y<=@S+$v!2ehYL#Xe1=<mmuVG<Ce6%csMmc>o3+>c!K&c8L?>{LuZ#`
zgHYozc+j!M;wH~5PWl-Ij*qdcJ*+&NIPH^APUqZ=;To?xp#3Gr$4eY>Da%?1DICus
zC&M|)3E7ms-|;5@Gf!&~vfe!+p<vTPs-qC|&E@!MQp{q{iuq+xtD<Nwtl-M7tz36P
zzsw?)Nqu)8gVD!byjeq#)4t9Ptj@&O&oh&;mf@3^t(=^*CO-4oa#`2h*eV2+uJS@C
zuL2aFaMnJyz>hfWUM?ghMJ}XddxzNiY{y&m8ARc%67Xo68gUWfUL5XG(7%R5t3dL^
z@?8}|WhYH1O<b$F1+$qR<a_d$s&qT-iUnSy>1npM&E)ekeYEy>-Ff>x%OdY7wK?OD
zb$l}7EECrDjtWmF*-)uyI`k}DOG|zH(FsQK0u+GoElO%LPeGZ6!orEac>xlyQk!mq
z5&wjzWw0-X(xtZ0l-n7kJ5PS?z)MEizSf;xco989c3;oa%cK>Q=vi{lz!R^<7}%Yr
z8aE~v-~O!)4Z%~PVcY&pAVHu*N+)`V-}sFpf;Ip$7Y+pXl&}n}#_Q*K*-jf>#9ny;
zhv)F;UB7rJ%|?%6zFSLdoSk8=S#$G{XtS@s;<L3p_YU{Dvc#?BMe!8B2p~CaG0NR4
zv$5X}rpr*T?km^ABeRkC5eMi$`i_ua=Av8-Z1~3CT!(3E2Au_cB8ht1#Rz9DSJU-P
zW4=?YQGb(8e>b9atDU97KJo|SLjsooFy3Rr{iAGS3b2Dxhlf}}vppj>fahC$rT0Zl
z`+4e_BeFV{N?4XYq=TR&xxhw}3r%Zg>y`FHAa2AJkFh|tNe#?Kk2=ee@8x-W8PnNx
zq<x<-cfn;2rEOPq@hAUc3e1^bGIY5lb6?CbXjB}6c^)ebs|aH5bFl~wByQJ%iC8iT
zUkz%}{8!+W%JJ^)ry`kcDZLxB8a8;Ma&Yu{8U@{l@9FE0ff*3J1AITZqzV@6qOUD$
zIUK>=UdzW32HSilyme$0#TZ5+b0+#EL9N=SGComp3T?FPT(WnmnUnvgx41g^*ITeC
z|LZNr4hezP8^~`)db-BV!1YPuWyC&}I7nbw<nK~IJYkbBjpBQ=CtObjOS-@SoM<=F
z`Cg!4Cl$sMMYRZL<9FYi?Qqhf8f!jP_Vg&+t6*~n{43}H{!vgz<S~j^{w1xWLEc;(
z2!fNUEtR*pZDF+8Uhcdiw?Pg^)^>znPjM0Ih65~p0O>c!bgiphppS$0OZU8}?NDpY
z;Y^4wICNTwj4EsdbCiPEb?0x?*~wJ>`7-f5->PIN{lW`fp{DS%kgbg^G^^KASeNvZ
zwqzA#g9@s~dK<7$FPoP=^)1FkTy$i8w-=M!#k%ixTF~v)p!S7~oca(|#@ZUGKg*N7
zB|t=mTFJ9<mAEbzQa;;!<Bdg~zA`nnKX)L1=Z>rnuL|TD$w!|t0raIz?w(FT6?($d
zMkDvK`ckdIxV5ksqTo)*h;v`^d`MdVT<RC{lBo1#=r#+5KHjZ6M*2G_4|346#`vGx
z6YeTfJ2Buk=rRn&zNGn2G<$XNJmt|P0DmRbidoe<fc+QIJ2Vmx&naE`^fyPOAM|8M
z>%E=xr#W5eg-sE*O&IyDyE@EL7wnc-i>6QBn#LSFyV!cp=arq5u69LFUh7#($`e1S
za1;(v!Q(9Vyw7&rH~FiB!^QF3D6qgC^7+Fp`E9?^K@ZjD5*ZHSX+Ct644eQo5ON>l
zr$FlhL)$uy<Vz+Tcza>!_v!*%9xlJ~-(SBzZ@dx&-M8(CeuDDvv&O~Q-}Kon<U&D?
zq#5*bJ`CXGel@XvHMx$96MYSz+UTN=@jAeEh;cyBxHzqrCBMBWMhgX@-4ksSamqv6
z+~M;LxQXE-Z>vn|i8bHeCj@i=w~^1GcX{XV)p`-t$92C0FI*X-kU^8?0bYYwh0Ah7
z?ZkNMsb8(_SIuc)3Mq&jv5XTt!XX^etc(28nmv9RM7!ht5j136nke5XYNodO8I&2K
z7SKrzTo^AYei*+Se8}``r+o;9$*XQ=;58<yGbUCb&-GfYDh8|iSseWax^lDpm@B?P
zvD>TuIM&9qJl3&^q2eH~=%&rX;isi)^k21NJ4Q#cMTHy4Yp3`C&l_s{mQ&|<dj|+V
z+rxC{f7-Y#;;l&vM7m$L^IN@Lojx^JE3)XgZ$YxuEpR=sN@k*2W;ko7h_<j++*$wb
z2vBdU5|G{ao7U}yC2&~)=i1BuoG-ZXzeV$w-0+?eY@wY7cu{L)0yg1$Gy39Cw9nL`
zKK`H&{Q!x^^ha19M+l3hQoN_qt{KXslTDSS2peTPh{oc!1+rRkv&r`6&9SP61BJ}-
z^VQX=xiYk$U)fGid{#mV*!?z)Om;2H>VFWzP*3CA*z!1Nuq_(`R+)qr47w=l60=&m
zua7&Jq~W=ekmi{dTglDML5}P+0wCt5O0^~ASz0LJC{&+mveQyaek`Q-h}U8{#t@pK
z?AkF(_Cu7fou1#E=aFuG<cBsU&awo@OCPQ3+r4QH(4YGVf9xDZau4(=zrotwB1`3r
zSKeZ4E3+UKQ@$$z>_a2NitnJ)WiTA}L(Cz{kHwOB3g{mtz$+_j=WmjTAZcs`)n9R-
zmh|l~yCps(XQqKQF)Y926sM5Fc9k8X{(bZ~brNFhw@unY{6sad71H&hZvoyf8eLlR
zu;F7Epli$Nbd>HjtX^@bVZFVL@`%L+t7OQfIYeb*S}p+6jg^aqLv%|MJ}Xe5Z==}2
zlFJ9>`L-%o`u5@Bwv*+;WZxZZR<9LGH&5Ym&v+3|P|%6leKXcOmCstW<GC^l-y`6|
z+)4E-tP8#vu-Pj9K-zE-HCBamY!%;A#Dai5*c*zC{)~yb?Of%_eX`Npo_MH=9|5R`
z^v6R>oV5VC)W_(9Y990OuNC>Q_><7bgDaOcsEcM7*SbQ@Kd+9^;q2MlIUyGwjr-JD
zh$bD<`e&q^^fh#Y&(>*tsq&lGrn|3Zp~;^eIu|4Sw!WquZugmtH1D5{%Zi<h?R^dq
zCL^6+FAWqBaEiDL6K(%6N|JabL+`ZHOY*xNTi^^J+<pIe9%r)7A>b5qIUw53F-nqj
zMN97l>CNhHM;35;o5L*H&M=ylc%`DY9*KDdx0mznN=1FW1oI4cFDLQp5{iH{Fb#r)
zHH<yUbsNDfmJ&M5?32^)QqbR#oQj6VF=NLP7tM0|v(el*BE!(hMc>(lt)B)~a`ZYg
zdiy&N?OVc1L}*&HU_eS>xT@$q+>OQ6aRX_-gBTtuB7~(M{v{ZMC%n}#=49{lD@B;`
zXm;++d;g8Ryq6iZZ{05n9wxk@$w!yMDU9TMGln-22I^+mY%_M$@wddSYA8pkSRomg
z_q80P_}%Y6Z4b~_N>YaP!ZdU6I0iukcZ~S~=C4_5+eL5d520`C3_PcB{q95U&Yz*u
zgwIse^%0L@-*!|PwvhRHjE1-mi;Tt)`<1jsR`=e9Nl8DUjA_@md&uxX0U_+$FkWh{
zh_N|a?Azgnic6W@>SGnjor-Ula&jjxKev7t>Zm(C?5l_laIWsI`qE+Js7bI>29zgs
zF!oR=g?$v>Sv@tS3_~VsC_KDdJ6tw)A7t0-T6u3VyQrK`)$jkDo}$G^X7(rO#-ib1
zHiJlPJWT0qcC9d{XSR}~Ebba8s$92)qwN)(s_)9-uPaae*x{hPA~Qb#UIH(PsVPFk
z;KJfUK|vuw`RkVJ4;V#k<q|<bB~i8ry!GkI^-;`3hvoaAplEmylWbeK5fs<oo`w1^
D&fQUj

delta 32210
zcmaIcQ*dTM+c)~ywr$<f#KvS|PHfxO9ou#$ww+9Db7I>zcb@0{zFlwagWV@<9dxhi
z)wQa6UH$tXbb=S&fgvbJgF|3|fPlb&RH)V=%;F+fs8(w4K`uSQ<br@WszN26<0^rh
zR&X>3<5`1(KM_AR)Z&Z70du7y#pPBdpz~zNvKSr855|O32Er}*gs&<6qJ{6Mc|8hC
z!%ny0nr%XSw~>y)<E-jcrVvzKBKlv$Idn?ot0oME(D9br*`zN7&sP?@sdN!6U4_@0
zv|Sei!M%S$FO%_pW<Q*L^n7*`J&x*jI^R?)fAIL~T={e%M~A`<s$2=EMxj4lR+=tO
zI20@rab8CGJ1li^6E$T*BOmtssd8HqzA}E+|Lfy)*QAv<)bZ4;_+ey?Brv<E_4c@X
z>+?3AY=i&!=@Z#it*71mlkv5k^s`}v>Jb81-;7boF`_m$QA83RiwT;#g1<$F5_#Pz
z&$p&NX*b#Mu2~zYFTu-=$#zEh*y~i_)K^k&JjboL+w?I^Qlz2-rkN|WDu_l~`bLwK
zA0aIiCW)9fbhmTMiz^6+sbL43=8d&$CLm^9HB3^lr~@Xlk%X0nTqmt~#u8TMl1d81
z=Sej*xix>;=9A;#QdSsq$JcN|kM2)^Uu20zd6^UAioFhjq**o-L<<zMY=Nl}e5>a4
zo51`ke~13Sf7#LZ<9`)WNJSc%1=+Ie>DSuz`-n-)w68FzH)5`3G>)Qnn2+C;?qj<2
z41b=)I+pH}bNwr}ZVLBInMd`iLuLxpL<34L)A|5VMHy$iDG-voQfW1^3=1RJ2mv;j
zyL-JeRI!`fg{<qKDYdZ+tHSSz-N?`5FPyhJ0HID6sW?#K&}+<?*IC=5`ZNdGyjcW(
z<m)u{samIdl1*1+gSQDOo2g*)N=%&c*=?igR}Pj(%El(xr0rx)DivH$CU@XjxLa)w
zEh)+nrSoN~LgGc$puZMuws=Z`axDRBcToHCZK?=wF)D~Av*4sSdYSa$9~hOL`!ITY
zkeE2o;%Y?Ib8^3W1mgmJc($5W(lmu27h9%<;OcbnyRFeQ@+meyr7c(+FHwXmDo1|q
zh2vwGbS@H5!Z<{l#x@M85k??bE`o^#4*KD6TUZ{9tqwOcH~G5}Xm6Wxgl@3^n+43k
z^$w#^QtPr3Ww;?IglKI270QtL&roiYFgEJxfe`s*-J3PE(}BZfG)tpMyor3D(aIWZ
zeIK9luK1KAUc9JGBE&F>n|DizSE#@JzI_J!quV>YGB)c49Eg6aD<Hs1*kV<*o?<wK
zFOk+C1Z1^EU-_fzR-(IzrN~OWYrjc$U>!*bh#XH+<%KVkNUW^h)c0@A(C*PMp%y5g
zK=m;7osQTLnj67}xoe~wKryPs7csNjCtfRcH1Wy+?4^M6C=f!H_7}#6=DITFDGH8o
z%?ZY|!O@qiuf;>&S|*?uDKBa}!pJo$eecK*ahajzxm>`4QlAnWgF=4z9wh<E$&yJ2
zmP<4E3dh}1-=QDRY~5tcxLnn~N2vVFB9{I3VhUFxS5VfGz^m-9uH%^yH@kwZXBOS}
zMB0d7k+l&-wEl1*#0U!RF`FZum@sk<*7x|H{jr3*YUe%vcrCy&N$~xg7Cr==HI4wa
zTO3H}5f=n73DgCa*=586Wx1R^Z5alrUKA~gw=5F=#g{!kn@V&t94e3L&Ro_`D(%hU
zBxBxUqPj!@Ik5RMA0Yq-$4HYEd>&NOnA&$+^Y5-w)G@^HTh35awS|B*mf?^si|4d)
zTEd?8d-sOA1!hB7W=}}IuU%YtV|j!1wuzai12R@q2d)pz+`dwx#<K(txJv~Gx&$5h
zow`s_NU&Jp96S%Itu#112%-GX7;F^=@E&AhqL1yc{CiSKe&11eKKzn8@P2s<AJ@*{
z8}xJD>7KA;eBu2OGVUmxLR*Jk@qT|0(dM1#lAY+53OvYS@G&`bLnkr>JT3v=l|*t9
zAC#fY9IaCv<qi6Lc&`?PRjw~3nZEK-1-LxAHXM(sYE`b>jGHQ^nkzl|F1+MqB|$yv
zXho5X^}*<^m&W_WMD|*%EfW1vqm~18=Y6>d+I5*LE{b_^f{@PV*k-{vg`y2PTx|bo
zkz*lN1N({AR0#TAP(QzJDgAjz2R8G%h|%<rQGGMRxPESWLoNC?LK>qYyfnT*I{CO+
z_9wIy21%`29y0%9kmMA9y()ZBl&3vUPR>eJP7;>-waQU~4FRIPOPMsXIQvk$*Z-0r
z*qtCL;!T%jN}Wz#qn%Uw03N&D3(I1Ct(|3P2t>tJ8N<ziZNp;eZ|d(|*f_@!O*4je
z)rAb1w<sp#UYsk;X{jF9**gWh#o`MqvF#vJf6m@B5$eklZW>{6z4pVC4gfv;ndb~s
zYbLu9_W>i)O4L-U%#0#8WcfTSvb}mpM&h2|>n!q%mg(m>rt$)VD^o2HK3Hfojs^?P
zzM-C_5)3GKUJeK?p=bvP+fkYehR!doGvkExQtnZaylKlM(jsAx)HdwOd>S*HwH8EA
zJ~tqE2F9TLn6ELIhy1;rdpys(LlhPhcaISzSYMki!Kdmtp@9Mzdf3Abf96J!rn=#^
zWjJwxx+vZpP$qYT4Lm{p3WIATQ)BF5|3vK{xB!BIM7u`_j6Mq-)4-us$(Z9phd>vT
z!ew-qd;n)q#Tq0#BO|(}oTh~(XqH?gNd52gLE*%vBcf`z;h$S+dMYld{6uzJ=A7ry
zgC62Mlkv3w$&=&l42+kG@ZJ^(Nzk~KD+FP>+3Qb?=Q>g*86PQ;IVKvf(6VGH{Z&=s
zDhC!a%S+x$nl6-tg8~kaEoq6EiI~ch2oRrhDC&YVipYZE<00rJMff!*<gi`Fu^Q(K
zwm#PlQzYi3;8&LIAP9vk?~m0OJPT(rjOFhuWh{3rdQF?X<?i7g^`7Cr#EA8cVq(-0
z>YfiM?=XcV$Vyc-acjZ7{ghuGj89gwxPT!cR8)FDF_{*O44okyg<i7hvAI5^=|-hl
z91OtVc5m|ew9ysHC`QO2Bf_q8Ng=5eX({u3?i;f>SW@_DONJai+m0wAZ#e2M!x?s>
z{_W`{DyI`GT21=XMh3;ct7DoLxJTft#PH<(ekh3uPTSq(V*OXahnM6d(d~2uR{(^+
z_6qXm1Cn*cI_LOxC;6rP=%ZEy3zLxdr?qZ9$7N=FewyZo->oRJ{=oi7qv<)Qa_mY+
z8JpE0PaVCP-oICf0X^VT)H^vv_i&_gmbzzKG&zmODs3FNdPlSk0=~bGHl&lpDxft8
z`STVbQ*aeg;KZ7K;u5spBVG@jtO4P(pd8YEItMK#|K&a#6QJ;gA2YxsKM?creji(>
zwY)bghIwuq_94r%XzcsFC5xekOqPrnzH}m0R?yd~`6_By77xMbGLlNibN5%anYrVS
zA#D~Pg;8;T)Y4c!l}prM3g?Mi-RFp)378A(!5M<6-_Nww^WJnAJ$l^<3IZSwFEuUr
zcp=7Pk%hXTrrbnYm7vh?!l^CYzvT*ZWwhlYP){aUj5no4490`G3d%A>TwTw-YPW~9
zfi()CDLG>RMl6MXVSqopZ@P=v^MJYFOS)~n;pe$3yV2(a49GCrJtN>5S<E$;cTqlx
z!^g6eaS}tA4f({(?4N=L(-&|?V|wqpu8cpQd_V*=4f8`{{N=a~rM6!Q@xFxn7hm3$
zg&J>41g9V-6O4l|hK|BfHm#yhO4MVLxj+WL;A+_bIm!$Y8NK7uh^VuIMs0a|g1dE*
zHIZyPcA@RQhdm1#Kp>E*80c}SBXd=2z*KzX)Sc#wE&vIMs>7y~m;=;0El9;}AZKU9
z_FFb8AORWh7gBVTCz8f)9?Nksa~a)`=i0>>fNa|o6rUVVk55VIATY7Gi8$fe(f++~
zDb1Nb=h&O(Oim9Ix9nDhW5T_mC)aX!^jCOnQv2^J5r2X`z}#sd+Y@dT&thOglMbYz
zrU0;l!$JRZaqh`fnH&ht(BziF+#HwF#%313=y&2!YpRE)Yx9ff-&diVt+2E`Vd{2j
z?QI-UW<~I@H+(E#d*>e)XeVYSDX8ffyJqJ>EsR^p3cmmwkv_#vX2?SH7VEY(o1H{G
zgu9b<@EOf7KC_|{Ps<vNE$;|BybIm9TV*9*Og7{nU<-_xAP+z~aeq$*YLX4<#i3L2
z<b3^^HljPScNLYE^JLvLd4Np82K*d6IyM$uy}a>80u2_%28!2sLw3<+0EQS+Cp-;g
zcHtztlwF%~MyrK#Qr;D6-W@xs=Ty1eI-j~l8}|lF!{}oGhPL-$5ee##JG{%=4MJ0~
zNbPE&44;}~@k(G*Fr6lB-b?Td##|?fFodq4xQ3p-zca2rfCkP3WP5?ucK8Zc=raJ~
zI-FSON__N7uoOFJ`O>p>tK_G!kah@vD8yi&y{9~U$o8)1xw4Ug(M{Gv-g+n(Xk9Cq
z7UK+Y9{!Kf=Yadd087PFr5sEQm+WE0$v&jB^h8(1PB&n9VBV7*WGu)UTh11$-Tv$@
z!J$hhRBm*_Gi3#Q(Mc02hi#p>?-7{u#avT=l6(|H{xQUlqz_I#71XW7TMbpy5-X1%
zJ4WRhJ3M};!ABW+pcBY0h)XQ?wW!-#_3{6ZAZ7u1KTR4Mb#(z%nL|8YLV2QJu%nbl
z<A}4rY<+;L4-nAm&(Q5ecH&j~<++&z3n{pr+@wCI3g!-K>|sf(qhphiVYZo>>4ljS
zL~$Tok=Cg)MYQ0mYt`0j3juB`f$8vTTM5bB60k@Kca#~#j$y37xn>Nhb?LOx$nVXW
zV-{g!OX@^|D*s6z{Lx-vMCNytNPc^|tI;*)5(NUOLA4R27;uR?^5f}oQAdIWC@yUe
zt4#FQxfyb4Qj^LKCNzb>dD~+A?VDr5`O$6IGwnFgS#4}^9<5LH&;d}C8a=LzY7AW0
zq=fpB=g)47HBaDgU!Kd<UJrAF9dZw6&n}%$F9PgDbQs-l>MU~W9Ss>8Y{Su-UhA!F
zP(whSw?p>@TOz(R@WAFx9q7))oxq#N$;l<#V7#l%wVw~Mb==QlT6Py}k>gJn0JUbD
z<+rEr8qU{Y1+VG&EabW6_2Kjb{L>pnSG)Og+E&iuY-4F>iN0Z_LIb)g)2L#DZ_~z2
zOSQy{$97}kDSCDI=ha1t-gK5+(Fap&pfB*|-|!H3RqS*HFi20J`>9*^at@HoyScRb
z#(U?q_vk%SJE>{%Rk>IeH~sWDIQelr{!gOi;jv%%tXb(od$FP_ao)j9yT-@E{3>Uo
zF>lM#OWQ8XMeCs<6QFujOqipmy4)d;TvFiLuxXx6pp~5|ZxBipt4Uq5<8kNiy$Lk7
z>1Ct0;-h(Z>F_+;AMam@7T2=l{Y<Tx>K{CKgTC8O%i;f?cZ(fe>kHoTBC3sGV~6VU
z=eqB)_9C%+E&|ppcB2b^t()4#A0MM&!m%B`GrFx$^R3(sb=9}SMpA<dXTczwlB(u{
zz7_M?4?VzUXBWqo=HgN!+=XlRIgnMmy~K!+2iFM62n^{ax*OcRvX-ry#<{NJB6P2o
zd^md^B*$#7!so8c)pfpp6}ja5%{VzPLgfv-5RCfYjvC{y>$`{`)^Tek-Cxoo+`t66
zr^4MTZEL)&n>t!%TuDFVV>GN<*s5cX_O4V5WY0Q!tWagQnttrmskonZ0xvB--qBux
zRid%BM+5E9?yHk~Qb+sn*S*K%tz;g8#32=~ObCpxuf<P~li(xl1&;>ok_E`gNL6Z@
z)E94erXRj6e|@aVoD^e{Bb*%HHQi|2C~mfF+_ta>q;Z}19KV(dZ50D-TI$@a+R2N>
zGcWaz<E?g|?_>U`$3hNJ0m0GSjTYSa8=G8&`H0!MR^9hd>%*C2&8M9=7O~)HZj8gc
zf%rPD%@^dMJQNY;=j5j(OQa}~h>fQ^dQ*CGxISBTFaD1)y(*R0V$U&SG&f)dVVi^K
zug~UzJRyV`0}{iN4QM<k+9@OtLoty4B~l~U0*oWALowp-vYUxvKxjCdI|(sD^XZ2n
zb5SZS+Pu4QG)tZ5O7U(C@qd7Dkga?ctYh>H!%_955Ry}%B*Y7#Z0B9tFTOQzstbK~
zff4uZ3wiBPaXT0yBM5;W#g3p}MY~a9dlPNM9F$!!bQzg!3mPvDq+ipYlMRh1XC}a1
zZcag=_r@&=<nNX=a5o#xg2l50VmnZkbb<_=zy=}A3>96G+CE;MaGdJc>$UZP*D!^a
zJ-_$ID-p4RZ>TXshy*lB?92lM=KddHiGaji|MRstbrVqpe5@`qN)j|yNKZ;JFe5MY
z=Tk@X`9GC@ycD`C&d_N*2(V8v?nFPryTeP7<F|Srjq`aU)D`VzA!=5tgZT)w!OirH
zpbhrX)t#UqUXX}hmuyK;7{K*Bje2co3MCMh*uqC0LOI^@Yzl}@I*3+!Km6QBoTKeQ
z`eF9QoD_FRuFYdFM5N4}WuvVYaT34i@PVT)>Q^@dhm}sPO~GAj)d$2>T>CTR%R#f)
z$_F#{{AiuV48$K`R3A_>c%AVGI4!#a(>?+IBU}4%x5(!GkOMHM!7;EWo?S+3hq)Xr
zv-nG**hIK9_B~<Frw{}9o(t6Rm7wJiFl$|r1R^rHT-XmbZV=?h4H0BRjI~zAx<Cff
z(`V3To5m*0L<!g7lq)T*N`&4+SEV#fA|hQNO!)8<0#J?<FOZ-pWWAD@K7gU$RGOjh
ziH--A*gy?LKgx-2!emV@V6?NJjA|ajMRTB*K>x0OcLJJeJn9E^?Mus(lhEW81}pI&
z>y*C6*+7=396hA4^mKy5K!r_=86dd*X?7F=i4*zdG_*Nq5#>Ed&M89{xV`QA5%-bG
zk&^j-+fg#xR@PXUd}ggCRcZ)V&!5yEVk>+*<_0?uRNb)yB=<3Cs98V}Z+!ym%CCxB
z;(NRO&_K`-b5#b*tN$E4Q6QOfEJ>UD)Qb*!H%C2(NCya9I)Yvw!Pim>0|C6+Am?oX
zHj;lLKe0ewRKi;*j*|tj{d!eUTPYBd1h840vWa=EvaMU4#LHu$MKjH7P?9IPpXxZ4
zyYx?`ZgSsUw)CdD<F7nHPotGVm-5J;;Y#?;Ta?o62$b|A{vhLKTHrHrK-_Rxz^oCf
zS}McGt4pz}<oEXFJlGgk0;SBY(3z8af8|9)f!7q5O~}fn$6F?dD|x}$q!mJx_7MCD
zZb+(f(x0&Fpr*f$iH!rL3Pn_n8VvM+W1Y=NwlUj4X|C+U%MZ?o>vYl|GQ<&jnf>AK
zlZh-xgKy~05q~zwz4cxEO)vY2WXkucFwt^1q!i@|r#Uso{f5ZC1oCC=t4B}JooKN|
zrj14nLU0U?dH%+^!s*IzT26PGFanR4ip^4ycc6<k{s}GnVofvqlCk}^t;nY(Gu|-i
zwk)4zV&xX;v8^7a46-2QT1%C7j&ebD((#k@0-o2DUre9;ozm>jQpf<l0&(GLq1IxC
zgga}@$dU0Jkgh*o8b~xf<y4%xGnN-X6_DsM>eJIi$l)f?Px8y^_kxnCC>Y6)0o-%V
zl79xOb?HTgv*(6znBt0u0P>&Y^Ad<M>hoQh15}Fe-4l+clAoWvZtuOC2f-74-nemj
zLu2GTeOMC&T5#0V9#ZBbun1!$1}Q_J?MMN6z*g`fpHpk-df=o@KjFE)lTh}^ddD8C
zRZC;yD};>=sD!l*tkxkZMZ&|Zod}xPknUz@wC~>G*E2PGRQ!T5CV!ujX&*8a4WESF
z{wf|sI5X#0$fmuM$$JDYU716LI*sBs*?7NSoejA=<zx+)P_+>Xvw_mEm=R}`oP>M3
zTkkPK0BQ5DIbc^B(YUqRu*^^r861_`bmz3|pD2E6$LGwdLa!i`YsIM`E-3C8O)F7+
z{QcFY;99@AgNpBV(X*AKBr8JT$2CGr&Itkr#&HCky#XD+etH!)-eU`>VOO+eN@Ab2
zZE2y_*g*~2Wves!R8eWC2q~G?{ba;V<<2odEJv&ZUd3upFBD{fn9wdn?y0!xjMtBz
zF~d0SnpmJJSDH*w$cn#tg!Qdxl@CeYOQG-S6~Aa40)Xao<tx@*;csu#vG&2}O^G>S
zwDNr~-utH9qZdr8l5#mOQ?7dWhU)Y15)vuAh(d2Ps{V{lqD(MahePd56lau4qHmLE
znz<stcfO;p5){F4X}114ryLG+S*ey@hz`EV9p$o#@Z3k*B+>kfobo9oenEZ6h7mUI
zoKU!+T2`k{_Mm#sVHep<ged(1qWaA1{+*eJfWI6Wm-;9?CnzUY+j6W24YJu<&kSnm
z-zQ1^L|WQJf<Z((UjV%bl@Q*AC(&IqaPtHpse{ZePNJH|BEm)Xjxx@U#XGzc&0tFz
zOA4Dnn^|_f$-ksgc@#siB_>>i^fLPhgsNov2N~RUlH|BEF(&`Om&C%R;=PwG`6sQz
z30P7?6(nz{Iqgk~?WubU(&~uvWz)}=nEr==VvtHll{3GPz~=Lhr<3`gWgwSg3DR@G
z{5@a+ynTGqu3a<qaxWI>aIOu4VMI9N=j2wIsw*;A|5ci?d4~}V_1kjSjm{A;AzuOH
zV>oety3yn?15@b^**eq$12XW@!5sSbZ8aCjV|>q1c=$6#EaH+ClsCQ-U$(629?ykf
zckm}ZA&euAC+Rj$q7_uH0o%@8J6RkMc~Ptk)MYBn2y#gukOg;tyb?Ff{&yl0LnF>O
zjf|UfoJ){(F8?pHf7CI0L|3wD(=AJ*q!lwvIyo^m-^tM58LBWklewWb?XgyVW&`<>
zaLc(F9O9<uId1BDGIJ2D<PTwmaKd&DWA35g646wvsObIcLYaRvX0a;%Z8IalgI)qT
zfnd94NY&Bk&A*u!;qkfy#aeGf?`)evZ?U)$qw(r}izbhUlm$ccE&3i_w<YJ3#N850
z%N6n+|FYWLmbUukt$4iT1!r9!4|SYkyK6grgMMjR$<MRAkg-TpQDK+iX-zFRgaJa+
zwvg7-Np&qPB_gjT%2M03s+pvLFjT?AbA8c0NysswN%Ka&;hEh(<u!AhQbHI4a&kh?
zqA)L_ew^jP;)x?x+1Z*cjm9Ifr8cyG6qX-4A3+oKf=ep+hPUyZ9rm*0CQERQmYxTd
zW+2L73>bmQw&6`;mQU`Ju{Q90WvmToalIy=_gQ(f@%4cv81nMw3~FKnFCELQNe=Lc
z=I*&);x5;Jzq~vnb$}Po?(+srmX(N$z@}1eyK^<t<|gw#9n6}mK*^6f9<L0rXeaW0
z!o<HQqX??WZ<ESSLAU8=Nut%kf+?2AWYlwlk#D@p9scWEzX`HkqiA)-73}1{FvT{i
zmdh<OYA;BcFDALfdx7i)&YvJU@dy7L-n(gCw@sC8c)Q%#(YHT-)4MyweFQ7@W~dGl
z?-f{1J(n6_VXNqI39trW62!6b{OJuf2-#9(kMid{^!SIQ$S9GD9EK0YC_zQSE#{SM
zO*XwdZPZWFPcoUV|KbTp{wlh3<Fw?mKKR&q#j_sH0H|G9{j%)`Cf7Gfgl6P@vT$V|
zJb&=TQifk=YA{OVoH!bf6(#=*Fg6rUaO*(%RFy_kwP>Pv@s~z(sPlx4j3Wr{P`bG*
zcV`g;XpOT`uO!C+i+OydJnxf3<Sm}hrC+XF=B_H|q`JR^KBf!{D;wYL{#{!8={DPj
zYEjbv`;__Z<qLMpnQSU=@i?K*aowVH{@uIoOK30$X0Ao)dRncwVObNP**y+lK~MN4
z<MMv5eMZlpJ9pQ%v%Q_TDX9*u!r-rHRJs>bm>sVTq(|(YyB5DV2JFg6)AN7HJbbH)
z;Bbtt!EtiF9__1H-mx<6h3czs(N*N!la%*sa+lu8Tdv*~JwoT)6TQ!u^?heTwQJGU
z*V==RtJqrWza~;--B&N3zjMa%S;rZQ&&B7@Q~8c&T|M%wX^a0U<AJ1*IcZFBOy=Z(
zYZcfZbeTmDx1JUoY|$={K_a1_=n2wTi?*VT32Pt~nS>6JoSb&%0Hi?G#`Q^=-APm{
zX|&6PV5Q$7mCZUU)uoU}u^3dR)w?9}OdaJF?jzHTM2?p3_q$}&XnJNc^t4o8XZfV^
zu%{Z%L6gIdLAHF8fk5K=ag_vN2D|Rj7M6R^k%yp*Luwu$08Y_-27lecWq*$BhZQPv
zyl{rjj4LDd7{~|G35b^QaCd`mC-L$Zbo!sC)1pYX?9-*2Gta9#A9Fqx8sDcn!>m>}
zvmXtnG5Af7tqx`gQ5}zyH>DeV?#$3oHk}<vp49!&dl#9RH8dM=KQ=pCqECs9oUX&0
zH&<J*Q?J(as;$>*pRTm-T|Rc}e^|~gA>K5sNf*HZw?s%=T|fS~(`+|O)}gfe)_pj2
z#A#Dt^5Tdpj10eX0rsGLpqTlWnqXa1KoPenXQ2(T5MUnUufTV?mzi)-`pNCtb?(RD
zwA+~^<*w_AVW8WHmF!+$PGdp#QljKR6K-H13|28FtNGV{*nXrKwSu3jkGVD+zgTB%
zixqPN^~bedA(rXzAa<F5z8r^Ga+MnD_Z||S8-JLAA*qGR4(=7{`#~+Y79$mE0o(_V
zGvL7tXCohvl?KOk>nntt;2?vz9WanXxccod`4}ogMM$r;JM>|K>~!kp18p`u?v)XR
zNPeDMhX1wZLO9`O!m!+loX<OYER$s_y%}u)=H@XarXK6I(kb&n!*hONR0-vTkGNBH
zXvD6!wG1lv_lRC9B1u>e+Je}QrUk14k|c56qD*G4sZW>0;bk9uFB9ak_YxNjLq&V)
za3~+yeZ~k1B90WOe(GGEdsxfm%<|M;WHic0h7KZo#V_iG$>=oVq)*^=X&V>{$g`FL
z>p)UuKzvs{`5<TmE}TlXC;fw{5!U6;X~uv|Bp-4^)VsywusLWfRxkM4SUFcKQ8<Bz
z1y+eh_`AF5I!~R_gdW<9m<~el99g&cl6KZ^&O>`HSaKY(>Jxc5442cOL=LHc2U!Ur
z_m;_RSmGFk6$=v-nbhQv28uS#q#{*-`PBz=eQMP|1Vs<Zg3>jZ2)DV4k9A;zh<%~X
z#z4G;cNWo0+<Dx84*!tsU4)xQ28qazrgB?=7qO1?V}u0X3*`?T*=7+Z{unl}h6^!v
z=YK4#n_<yxWS@pDf2fbXQ;Z5XM5JlP&k(0?JzjLIqn;S(9Te>q-OAcRjSZd!(rEUa
z5px6N%*}NPlns*(v}5XY&X#*0x&921=evqwN9=YKoOto$iWhG_M5ryjmunOFAJ8uS
ztuGA(N8sJzYjg^H>gg=72yht-E;t9BDi-&AcI=ohRMF-1|GWP1CU`!?O-zX~m@FOA
z$+J7#xNV}n&+eK0rLiuUK)F8+ES+H)_jU|g#>^YA8Ugff_KPB5b%=oPoIQ))?_}v%
z2}^`+*@X)_kH8R;hDIgTbLj7{QbmAk78&Y^w}wlAx`%^Ld>RPraq&^k`oMb93%_w^
zbsdKEG9xhIa)PcL8D_{hGzo=dC$nr*8)*y^+E@?enz-{g2bHG#BD%T(OToUxayP^A
z$&O)0$H{Ia>|aGC_zq;gG3sdQ8>3_&9Ki>Aq~BxkrFHrIT$Sy1%TPDq{Qi$d+4=mB
zM#YAJ;N4*O@SxlB9>Yi?6PbwIfqSNn@6x{Bd#yqe5DG_RFLZF3o8*LY@QAc+uED_;
zlK)U3@l-Vi1`U!K_6f3Fmk+c2iF>YM&vu3~<uBANf>Lw&7yXm#hP8YqM%!W*HR8h(
z(_qj?8~5(EL>rcJrLEB3p4M;$ZEqTl=gDM7ve&7Iy(SqWhK_auoZAD(Es3n!?>f(V
zTSKUPe>>$Cx(Ndr2S#QbKq&#<MJ>r-pjrl#2T9orluA&D#cG%r->8SYxDTQdY)OM$
zrwX<{=ZT6T`ThHz9*h5Wo#6inmG$`l2o)2^HRflyK+g&SkH~gDUiW^l8fhaV@E0xk
zVLz-rU3U%xe<pfP*v!EGcxhkoDQ#Gc5E4zd(*alsP?C~6Qg#>?4qX8y7W;sd59lw&
zN>znHgK#B7%N!0D>A*W*<M8-@k?Qd1rR`|{$~fyAsj^6MDu%nMN?4zi7Baw<v0#bY
z%m^ob-e7Q+x_1ayoXTUuvkV4HXqKy;5K_Ix_#RDR{>0vXf_ZWO6!RuN;R6NIf-+hK
z$>&3$#O8o0FWaxM>6<D6OLD!i24=;VUjeTyihko-gM*BuN#t&9Oo@BBqbGUp0iz!I
zU334a=RBm2la9?Q$5m>mu&Q)Evb%euuVZrsJzNPYv+kVnl9L4Dwv!U{`7&P2?6>DQ
zd(e^80rq$Uc^$K;nrd??)%0(1&x|yo7Ewv)u<tkYP9>$Yx#?iQ%OfJUx`S|?l6=hS
zSKIv7)5zk5Uw`G)q&y-A|IHDjNk>zd(+bw8%%(G`)d#OYVoL86=3=lBn*LSA`avsC
z)%;hoJMuxIs{pk$kyg(P2Mj}Lux3FxVzYS2uf`qi-vbT8(3Ip@4=Zi3j|JXhYzjJ?
z=^3&DCM|X)b`4z;(0VbVJPwvPO<bDKk``X$hI#=bQNRq~d!5{PFt$yv;#X91D;){B
zfI%uqj6E?{_nL?(=vFMfn!lnN?)5rIEVQW?Fpbao$3ysbzKr})4KCAunwbWWvx^yM
zzZCEzz&lFdGu}R5M1tnzck(jCAd;Lndf~h31VsE5DjV7Wu-gza+Zhh5D9bZ(d?ic2
zC{5t~X2Jggb+`j#M@x!y*j0gLf=^lPo*eRD0rj|Ziq2zDI<?N#G$SuMY>!e1XIro8
z1oUY<+8vMK(XV$}msN_c@L?RHo%}ml3!V0hLUGS?k^Th7B3)UQgrn<^Bx^GS$R8Ig
z5Lrs311Mr`z*(a4{a0&_lb^RwhUDN!M^aO82!FL^5fJ#u)xCSN>{GBvm%qa>mwr86
z4zf`0s_M3r6!UB!1Wr1s`7tV3Q*P38PMN;eXtN`ug$f|1!7z)C7hVhy6WKq(KP;G>
z<&V8I-$RRbCqF{qM6!74F&8|{q>i^J3-~GbYfPtOfv&vwFc96)h@)5XMEQYZ0lz1c
z79QwL?##bc$Az3fBqH9uE>(%;LwdT@&=We*l7&C_ZSX$xnuk8@IAbU4;j&u5Go6Ju
z>dp}~%;yyjOo#v%oARk}PsyO-9M``pW&I<l!c<s0?u=M-;cpghj7QtJ;&l*X=~>X5
zjbaA?xKTSk4rw$u+e#v2cy;)_0XWB6ZcOFgLD4!g>Da^`t`QxeT|(N#w62*6YmrCy
ztV%=byH2!I;`f_E&gs5xT3bH%6g?vOatz+{J)|9ks)H9pkLM6dS~rn;sC*?pal&Z^
zoN42Ez|te1%y(<LPqbW*6s*B(y4BLth>vaqSA=I$tKB0-y7Vy>YGr?Eo6yOCo<MNw
zUAk(muhNCQINL^8Q~`4u=9I5)EB}|p-3DNPTU`D!;M?Nrb^b$fmLLD2xZgwnp*W$J
zZ;D%p<fZRq&ecu(*@0b%O;z29X`DOKE}_Oi)9&z`YQ`(QfyDp}Bk)wifaj6Sq~82=
z9A$UFZlDp}BHul;61mU%o$a_`T6A(a@2vdmDFB18n^iR`Euy*%Gx%>Sf!cC_*U#41
zgVo%9{+@t#d0hbpn6QE9;e72p_P$vFHdtpzHo)*K)rrln2>)n4I>Xpo*pt;^uu)xE
zM{)Chz5(?eMC}up@0r`ms*Qr`JdezvVP?s5@%~pz1ma$uHkkXWw$q&wMIwfFq?(Pb
zedE?=z-)g<s~XeHwKeC6#?N>3RK&v5CM;UZI)3ZLSf|7Jg82ZQJd);CLe}+m68rbS
zQz1iK^2&*(uIzJKxoIoXAJ3gOQ**z^;P#L+9Ij=UYsMAeh$Zw~Ws*Wcy@n>BCUsHP
zD4YM!Ox{<}e!^tLf1&OF$Jy%W@WiApj1LaQ#abpOW#(iLQzb#N#G9q51d>53Y}A_R
zEqgo8dnbY~>_*433Lv0ICDCQkxW&>>!OXuiJw?)nK|mtJp?En@zGzG`V~epd;kJ4$
zBG3I8x~Hq7r6g9v=<Y-iCMe1jgxG&MN>&j)O!uS?Zfx>)eXUOF0*ci%O65+BfBdr-
z(vSPd!SRr0em1<AvXRa$h8Rp2fBv{J{FMM{z2q2N-5=`g$5_9&rO~~KeExN2kbC}5
z8vBapUrnNqv@US#bgAMA`T0)R-C?C&u!Fm(%1tj+uV%uu#+0zpHm1t;&b?*BMkD+3
zq}4@vi_?-Azq2LRm*0se`LSag>2*+z82_kIK%nLm)%WFn^UJeMy4(BGUC-+3YGOKi
z?M}F#!z%fsL9;|eU~3JV^Qi!!M!d1Oh74V`Ce`GmQ3Gt2lN-)<=zKiL>-2J+5Am(I
zaOiYcwD~t}+ohhJ>FVyQVQ?kDpB1w@=~>|7XzgMv5KQRFXPKQ9ax}Sj<B`||IbB(K
z^Jn4c>a;2mfNaKzWz%`_tXIv0{9SqwPb3<7J}PW+Zg!PzA6os<l4$&xxzsdxb9&2j
z(g1GzumaV^^kx=qdNy^M0w1F>U1>t^Dl5F-3VeXBMj98H^C3Y^^B*Y9+0CmlaApPK
zPry$1r`J_)D-At)y2iDS`f>Y{oEVp5<0$SZSgrxiPo(X-zNyyynZe6u;+Xyz0yjBu
z_Z-QZ$H|h_71?o1!K}q;+s*YxVu9cbmMFxlT;TlAzVTO26nnECs+|KPx=q;keJ<+F
zy7tb?x__6OB5T3-g50K68&j<UIkDYZ(HvD*U^U|GK1+*1!%914PwgcSchbjSO-TIh
z+306P+ZLR$^x27k9_RwVUc~-~H%|3x8*}6FS?1;%Co;)=)N1G~MYMnlPou6ycH`A_
zCh*~H@cOZ;XiA)0m2PVE#%iNzKVbmavf-nL0x+409{<owY!@FLni<-xI*Ca`vuO{^
zlc)~go97KM{DFm%iSTPXT5;=PW-&#@Ds8Y4IgInZRKB@cK`5NMq2zh(xUb2E7_Gr$
zk7ku0t{N6X-$~{?{rk%`hcS^hx3V%11%7^y%r;r78)g+_Jzcwm+5PoeX@xr3Dr2-q
zn2!{c<=A<{!P7)asl8AaTN<bxD#XWie0L2v0+d8`T?uJRovQQlDP`OH{vSqz!5M0p
zco~fV<0(a(HMOD#KaM878AG{1gCtwr3xirhX>c6A2UmZCsNPxS?Q{?VeuG*#j5T8P
z-7t>0uAg{b$TWkp`sv>P5;8bp5x_6IodUht8*zBZOGbz7VeX)K6#p*>U-BIaxQ79!
z1S&9*;Vs4dzd%5^n-tg9aW>ikre?5u7s^NMpJ>n<5*`{CFzlCwI_rS0l4#^DRJKC<
za-Z0ivn^8KUhK{+D1@yuzc9DnGwU~vQOA3SzH&4}WCTRJVsPBf8?6XfTxI2Wi=|hF
zaBS`gcL(_n$9RZp{Oy||rM&O3Qid7DW%QkeJwb;Kpzh;Kn97U0?IBFBb!(?QMr=m>
zh3-hZE1e@MO~KsE>95z){LJ+d!b>4=J0eK>5at2=4|0J=5>gEveH$0VYJ+?LaY1T8
z0}|pA`K<Ji>?~kA#jb~O7Jn4ofnM%?of?PcMOG;tD1=`<Z0ZAWmiaaRNVvxF)z~%}
zZ~5?@!6cvcFO6jiJL;zbwfTDkvm#cFEsco6Mkz)p*wb89E2$m8*xKDd29enVvNTg1
z2h@sR(0D4)D2KtIiX>s{4O`{7{e|L*RIX+@;)22j?tuUT^s=I-{mqDsTq77Xu;&#j
zSb|R_{6|UDc2$F`4*{ICj^w7@bVOnqTj*;q3(g5wF7X=niJ2d!L>zA1p9P?|>aD<9
z!^n?w2RJ(tO3UW46nNh5N+)t}<9v1e100_?Wh1t~mGdL=Q?}FF2T9NLF%b|dN-QV(
zqrBno1Tq=@AxQkEZ}=DTltq^|xBj8HRu1x5)VwZ#n2Y?H)1M{S0^X9iQ|$;yxLZQL
z`<e|QHN#10PgR-cAVRLT)gjOjlZX(dH0mBep%obUse~blr^E!zlptv}I}*p@7x4EB
z@+;?Ue=mrrH#3&ni@DzwC)zM$<{4$9z)GHBoc7Ow5lUfVw>FUHJC}ikKdFRFAdlLR
z^%OJWKzKjza#Ibod#POb9{ut$4K%3#-es_AqJcT2!u#o|{a}PmJ-@^zRRl5+QFGfL
zmGclIhj7epg44Rv_-6Ky$i)Gfvy6|gfW?eKpN^l=-b?Tbc3ES2AU?fnT&rRo$z$H4
z@d1rzNE)8Vwv(h-5U--)3#fO2{Owdk!pnEp&zZ6W^sSo;SrVMHcBNp0P;MrUf<YH_
z`x1&$Jre0(1PH(4@_L(ehF4*l1HB$C(LeCI?*@2t;PwYX55ZD-Ijn&YYsJLYtd>Iz
zdr-?MvTr;3qKzx~<5)O88>HnNI3ESK^7$?pvQ(@B@$MDXcs7mZIs88o!wmlu4gVo!
z9+{V6j~V32YBiX|j>*a!Y+vmO_v0B%f<@qA==fa;{=wab9lD*h)TutgJmTO9CR;xc
zlOKp@YWP^;s>;~79{_xSmi6h4DZfCgR2bV7T~5a>&GaN^1E3Ez%O`_7DVYqF%_QK~
zv75B#4OCkPSmjIHSkE%ae{LBF?wsUpFdiBtlSV)*(6993P2)DWhPfu*>lDOs#B!4o
zkTH9HC9uu>Pc~Z)ArZ;Zif9McgDiDMa=IBImFMIybL=osG^8LAE(2y`={udBOTN7R
zf)EHY^ozOtC!+}m1&9(jNI;R9CZVZjj)s(G4xm^;5yRxN(vY3C6S^0J@1jG}8m;Mi
zoI$N-|Ek+*nAo~scZ3O67s|M_PBWZ<4}y)J+8DpDF^gqGc~?}<Bq)0z9lr1XdK<L#
z!U_<{_-rkNce(dJN$vEZm~kY>W#M1;vfcsB&3>HC%>%PNq&$J>C0ju<D9~V(FRGP%
zhON?J;HCvzLP=$UE5+<%m!lc?+s@!f@xG!6kpGQsW5D1$tls`7whi?i+g9+yYYCqR
zxewtny`=$J>`7SCfEKlmzmR05?@u?q2+bJHRFdj_KW%$j*{rIwQbdYufOL<o71JFn
zqa7w0PIRy_Hwx75XpX~HX!mw;acLraUQ;fY3<HmY;WpXt5*F$y{s8dECEy~(3x-*H
z(_JT{jmcsqQLSD)K2p&01t_p?tt4iPkpSbomYNtc{~`sFQ2)uoVi|Nil$ld$%nhZ<
zVkoi9602cn`83HOcl?A4ql#V-QQ^$A+qM0=BiH^Zeo;7VJGSR4pf{&6RoD^fN<|n4
z0v^<`!5507`qW37W>W&%7;DJC%*wexS8HNhc_vb?E5hBl#gO+vJ234O-~)Hl@RvHB
zjo{Cb1>0<)bB%26_&h;D@>tfh#g-N~#j5T4>G{lEsv2`7-*cj#I3-YyvKC4gR#{+e
zp)GjYG1+2vo9Dc4@ZbiVtEcuWwP<e?>ET1+$3`hghA~VGLkx>Yr}^Z}Cb>W`YR*tM
zbEuMcCY}-ZUSh`*ZKj%R`a1+EmHkCR?@Wlgu(Gjvm3Eog*bHP@(E2zQ8dsX2q^6bb
z%=6pH=SLPdX;Q+N|1?l2V;rCJeNIv{tRkPTx%I2ciN!!z83c>BJX`-!9BSp|YThhb
z$-u9SJe`7(`;)Uh5eJs`)6~n4&^jK}A;1PfDMIr96|?UDub3tLSIh>c8wdZFm;wKn
zm;wKX%!DFr3BWkxE4@O?FdzO)W{dwJvuBV0keM`8ul_fgwMix-|NF0)E%(ALBbM~>
zd2%eUAp-8&6|pFAsU)W+Sn*Pvxs#tF;!u4e))gBneMVIULO3iCp-7#E4h*R`(y&({
z6pLh5f2B&}wm=u3pRg+eFYxg83b6Eej>L)~5PS0L1!3swWS2r1hWoCaj~%1y<8g8@
z%J5dt<KdXG@!Gi3`W-5+tD1Z0+9osID)?FEB9|SlB&ghnwCulFL|M4eq?cPKHrtIC
z++U#>>?A&uvS0Sxj`4UOEZn}>+%8{vpDkp~u8yf!r#9QIF0ZkH&GWG+l2#WMJXCrV
zrlSM<c)yMM+XM`tO)AJ-pOK#?!csGKX3_YZpiFJkE5;LoC2{K;xtN*n0{2J{?$h+H
z4{H|Ks%E(1#j%9Mr$ar4UR{Ua9;YG7@<SFmTN=*xM<UWAwKjZ}emk|_edp`_3+cOG
z^m1G@%rXYX$g}o=YOdxglTcI<e}DKFYiAxtESow?rfXz><NR(_Xtq#2e9g_|H4OZ2
z<i$A-vz1P3U1`04lB4^td9y>&b|<w1vjg7q;)0)vS1=qUL?p1u+9`f}J2S=Jj+g7H
z5(SF5-b~|pX6VEAvbWF5;)f=}@7h)Vq3qnm`?n5Mk^?C~7>EiU%P~1v1lKd(bT=cX
zVf1#J#O+m+_xs1jOr0ohA)n%ylNe38%zy<eW8RQ$zpPnML;(agZ67i`$jvnBS6;Cu
zf+lVfTbxFMbkrl1i{JGuX+NHaLxe+wJ(qijlDNlSo&&X(@DDTLqoarS9NIRRGEJX0
zI{JIJXP&x&hvCTQkP0tcFnp`<ZDq+9Lykrl)u_W0m0(Z$?6|YU?J>C>V|$mLS3XNS
z)g~VPJ&T`i_?P+B{5*W<53#+NjKlcH8jK1-v6Ge#w|}vzmBIaMQmD%gBsY^qpS2hj
z)QkRs75PC%w6fJ}W>lt7ogk@7Cx#b=Umxf&%H}))=ZwcbPX5gq8(Jh_i$Hu^8~V4k
zv42||I;x%ptaL&aX5Vx-)ypiL9>Odzc*<<aT@~-k!|HuKjGW#_Fz>1X+_85{YOO(v
z-sTIui61_zb?#wWZK(nDwPxntUe>kfIJYH#8h*NI?hf5kfUS}8y=sB)o6hb86(*^{
zEP*u(A9uf>m=(S-S9L?y)GgkRs%}bxo3t%HV5@TR>G3{QGje}xT6_|hzL*>aCV!_U
zr1WCGXR<5k;7vKQCG{a__mG<@;8yf9fAkF7rF-&~{0YQ*6-+*~Y(j8v9{2mgx&We5
zt7}<&B|idLR`qtyk{|UfzRU_fl7mv{`7XNWJ|V4ulnGx_Z#9iyk+Yw0df!*6H$nW1
zn!;+`{|o~ty^T}g(RY6RefVtTi=#gf%zJlgVCrw+c9;MIo@nIh!~#C@%MxtvC2@Rj
z-AHOv7k{0{b)t{1GEv@&MiPNp`+ZJ<8eV|yw-Ng-X~yi3)id{)PE9XUn><QISv3z$
zU$k~;aW7A^FrQy8KHk5Ajs!U1BZumT<=V--B`qIDmB0McKo7AB4IClEfe#?a(RZOC
zH`6OT^*~<*a#Z9h8#u-}{mP3I&CrZN479l?p5$F%!D(F2!5$Bu@ZnSwVN?{i4q+Q!
zx?M*JtDdi9`1JIKYjt4!G9&sVatIx;Sgn?qflMG69Vkbz*Vk4aj*w*;ZYF$4mNuik
zzl}47$A4-Ljn?}8hohP}72UV%E~Kc?BvX)gJs@!tDDH)-UebrOIpkZrgKU$*Of;dp
z+A^^*_c}Fj`RQ;r$^}h3&Y!W#a$#ywC<fKxA)E`)Sw~NOA43xm{;Ujei`=lZD2mPe
zwVy(3PeEQhM0fNq3?R==v9M2OVG14@XOCf;XJ~y+&z2j@=B&f+rk`vk6ND=%4X3bl
zzL8}D3RQl*hpe6=h}yWAl<FkqJ@z$~v0N%=5^zpKRl{lpf0_1MXFQ0B2k+_T8#HIo
zk1L0D<Mdl|a@6JT9j;8pO@c$9`)e2-s4V{^#+93Bx194OPDXV>Si0-sa9iiQi}xqo
zSI*?}=l{9y3$wUHbdD7lDvS3D(+~3sTXE?PG+lv*Y>obYlqtj}T2!sZ;gUQyb>BPB
z#`PGSTdbB@_WWhzoMG)y{*c36RBFyV&KnH5g*6s`%Ve^RvkATrNAoQD9CeJm+!b?T
zWs%0?e6Yq({OIJD#ILG}T>87CvG*7DJ2Owv4b}?5iFXa3j2AZW`;rX7BTaR{;CmUc
zB@eZ#`aeC*Acn`@+x*fyLGDTxFRxICruY!@smh)3d5^3eK}F7wI9(S_ad@rhjgIo8
zvh8*4rHAOB=GmviBj74J#pul#)r?C}fCiT(wag+d#uEscDUAs><gVUOWwa>GHf}*8
z(9rroa;n`n8dL|qrDp%Pp4^4svcR;`D1>DtPjIm|aQZf4G;lukUXasx-lr6jRf!nh
znl|OW2Xyxg$2-c_6ju3p@wVj8Z}7YMRsNgTxUmZ1*7#p6#l1iKiByiepvIoFyDZc|
zziT^OJn`Y3lq{HD1PR?BKju}I=b@b3cJjkR_tI-S#yH(`Ry9M#bxVC^HISi#e*AQv
zq2ff`YrOJ<dAz)R&m+j>$M+g(svc=h00!&JTf)(*zWdXUTYfK5efxiwX#6xO`jGs*
z%)?$ncHywOWNKv}Ol)b|PQGfowq#N5aY1}VS^mmmyOru2YE|ySPdwdW0zdU^bYz|W
zl$J7YN;g(7It{wQ-2kzTbudkp1bc|sydyk>2;paYs9lK-hz+3Qz3@oVXenD;{0M_4
zL0#gq=to>eI9|cm7J^25v}HZU^`%^bdts8}k2Fccwf4G7?B}-vM<n7cQq=X6GUiV`
z>9nF}Kzjbdj1ZdyLpJv=+|24(m8ex+>REw^^)cc0Lo>T+E8F538enJsCaPTH4#qaA
z3l2Gg0|&vx!h;YJ>B&_B1xf3u=*nwSon>o0Owz*DR0~<;tDv!-tu-RzMWLd<*5>u9
zaP{0OaV5bq@`qX(8zbpZ3A8Q~;*o?cl`nFuCT56~nt2>E?X1`MQd_H>PrPyO1g^P#
z0lkj8*12q{Uca7bQS1&H|1pjxcwd|}pSfE<#Z0$u=&ofisAf5mpe8UE{|W}VP)#UX
z4ds%zC$h=iUw8tg5ROO^3r}Il)JYDPK_j_@@ZE}5Ad?VH(=0S%JAD>qh2S@yCT*lo
zm&jj{<oS+8w}CUM%e5jltWVHn0FSmAu*`TAm3=hQv|dU(1>WXc^rn*{SLYid*=G2v
zG4}VH@swqC*AJ?$p}|jYfVJCb?;WZeu`EO*q{7UN8f6)=rApsFl%d8##LJ!fj%-b;
z7PQk<;U}%hzaE0UL~?|+p?(czPvY>!3VI1gOPs_G6wD@GC`PrlB(|wa0viMu?dqDj
zc_=!RTLrkI#?Z~)P33+!2$KW5^DR~W;+Z6gcD$ypBvk;@L*9WqoxY>*(ucX@O@lA`
zzj*6~7P|HFeIIHTI+?g#N9(ZnmPeIm+L}7pV>&x<hUI8q^9gvDPL4IW9<581vaLqz
zq+<wE3ig*FC(gmR9<`}&f!txPs?mK6u1@F|SsGZirB#Bno0%ewPg40h7_$Q6|7P`8
zj?ahVz-ikYbdC_w&-Z8MVWUx>@L(Tx52bQSpDRe0hx0xglyZEjNBsJFqw=DW16O*)
zKuU#2R}BOyR;aNcv2kKB`8mk6{r2Dt9h`Oa|G~;pg-pZDxpc~v0t+tc@T}*yd5h`p
z!eO?~=8()Coj@y*uSdumB*a>`8NnNy{lnQp`OCuWk`Qc8xkjdUG9~!v-X_TF<p~X6
zm?J^UI=Tuw|DJ1AK`S1R05)LCFM~<#9;m|N2-`lR(Wl5oye<!kYL&og&`%#Ohp(-Y
z|JH!G|8C3CQq1Z7-tu_<ZGhu#s81c^G7+fpblKRI=b$Ga=X8mz$_TI=#>o!*tX9T(
zW|tBZj|lW^#U<s=#kacrqaP&&rSyT(@<#srLuz_@tn*`}p}anAKTG|eM44q^0?EV?
z-3wEi8s(PQk4Fx2J(70LDDDREjm{N6+gGEamfZ)T_Sq~gR^S4^+jGN!#hRW(E^aTM
z?@syfKTHl(27Af{raV`=1zSzZ1zny6Iijeks?H+ei_XD6u2Qqu!K-aZGSgs9X1t}R
z+R~*uA{Vs;-y`%*u|b;d2%3)cS2QqT8<xi>>zzzBdNi9q8N7gS<C_2t*E)tbuG<Rx
zy%xg%r>w6Is-p|O#NFM4ySuwXa0%}2?hJ0hCAb9$?(PnO;2PZBC1`+s`F4L>wY7gt
z&AfSYU)A*V={fIo-@eqf21e|_O+==rE8J<=$WOmGML!WYGG&dwi|h__mO}2IF!%`2
zc_~!-v)~)b->Y`=Nls?S9Ne-c%D7fa*{>Io>;(?1CBa?n@t1KWdEIGWYN}EQDg01#
z1v??^69S8fRkA%YhO$!HypENJyvTu>;6e=kWG!X|M&pB66^W8HHOtSy9HCfrG2zhM
z9p1(LY>7+IV)<y9XYsB;2!EMs91BD(eXg*_VfemHp1vt^7b!z48ASw>S6Nf={0ZNB
zrsRx-!yX@PM<&l7LH>@`%=whJN#jh5Z@NYd`%#?28+<Cq+}IN^s^dAsD5?VAHpxGU
znh->F)=V~3U<x|9khRYPNhZ?ymqd$fqL+YMyM!?pZ<CI;n#^q(xIPVaQU=`fbm{iH
zIeMj}+0FL!-x+|L>GII#KL}<&8;L5byjH$O+4;N_KKba|v}T<+=`BBnmkg0oeN{76
zkw;P^p{Igjku*&d^vu(HRY<`*XQ5`31)&lnRDX2VDhY1_hyZu5DH$qA#S1&2rGf$B
za+eaur)`iZB(&-!Oy~RvhiHGIA&AQ14H_0!9SRn<WV?X2A3TS+#vnU)<@_cN)=x2>
zKX(StzE)MsIk7#AhW<Uq9J<GNQvf{%NpRURD?+dMtQ}Gu-h1G|Rw6;fHTzHBC&cp|
z82cGZk`;2m!EtT<WD!eli~Oh+p+Y-obg$Mn=<g!OF~&%MYX&a)X8al4(v8@jP%1?f
ze>=j~m~n)yI*S<X$(>>EgRDb7Iz82eAZtR~@90G6D6l-RbAAku6Icn+;~6?WbP-1Q
ziXKH41e1~hd90wv!3or8F4yBAFYXW5*5F!IVI5Q8qLg{3^NRajceY7LK@v>Un;9H@
zKX?D6F64VrW`UZ?5AX-A@(QQ`9NM4A(aak(u2H@2aS<e5-Ouz`n8Zz0QpGSg{M2V)
z!`*5JNHKZT7~3eZo|<IK@OPYRNEIKEgS3NB27ls3C|9}G=#X@=G#axA+z|D;t;NLb
zDhdjK`-fY#VW|FnT~FFc<3bU{<!1{7ga_0HDCjf%c#fP)Dg+i)@8|&|1O#PJ0daL`
zN#S+qu!=VbgHk)~N_x{F16BeDAPiy|e!m7`5P=1R!Jq-Ryy>I9Z5<EzM&6%s{r@oN
z+VYO~cMl8cy?$t0%H*2x_s<;u-AX&4|74rV?0UZp6jl2l2-u!RCk_NuZ?r@EohX>x
zLtdX&PY#epPmaGt(O*LfQJwBn`;P~h=Z%up9VYs4{R($c+J<qj&C2}ok+IFiHPDH-
z$WgGo&;VvHa2|cE2onR>7paKu6U=AalQ2PXq`j>nJ&FLmxSyw_6MiIJ#<c|;_0CQ~
zeuK@E3JA=7qpo~B)ns>Xrx@GXTwYu7DQo=X&f2uH1(#-dV#^98xD3-v*Z<1k;VK?E
z2aC#+kYl<+%Zo_evPPjCuz3QR>M5jv2I6%Fh~38b_$MzdpI58SeC-vU9a`7p69_&;
zujvw*X+uWWe#i6eynU8dhUo^LkQ~=AQP$Y3j~^@N&8}xjHa>ez#iMSK<QwVdZ7BKb
zCR`*bx%m3H0d5{HfqsCmPtn|g`w|KDlcioMFL$4hZ}!7wzsu|)kHF#Y!(^cnLHDt|
ziO6`SulPRj)U!9pcVO%NgD)f_c#FN0_sjNR!8Yt}QEDb-Y8;U|1Ni_!NhS4WI2FQf
zzA5Vhk+;8B3tAcebXu4{G2AoaL!>YXO*5+`3c?+Jl)sk~F}lwQSGW28hy)b{Ko%?L
zv(Miu%p8{l=*K3NVg;y5=bh0$Fvj|~P}EH|o9|Omp#D;2zlE^$1dkOQW%EW6&eKd_
z{hHAJ>^;SZ_+@-4KLOw&R0s2ERK>U*5S-wJ$kJd%9Wfjm8<ojdvO(!smL0F(JgM|<
zIIT@e>%}a#>U6NBF!CIr6SHSFhsgM(_svsQIGPR<0ZHG=$Zr>iqfwKFPi!?$fyuvg
zU@eht#z88xd6|%BYAwnCH3a@P?ZKM{<=BXSES{&<I~?lu_6ay!nOymkKUITk^_!<7
z4P_^x;~<K+JKoW#p>)WBa<IG)lm->70!qQoG}MTx;~Fy4G)haCpadkBsmht<Jf2kK
zDiqWVl24O0(u-d*<^KFGgynuyFkAeLDL4sUsjkpVTQlWD;)`P}bf%+mq(^>+p%ZyP
zo8&>(*a`QEW*$)Pa_c*tAPDoJq#wwqm>2)npdD0|J)h{&D7hp>W(VC(gf7|Z_p7cW
zldUp#=YihDgTwDxN#kv??=<lbMC`X7Sd!iiM;`FVGjz-)#6r@A^vfXmO|pOsk424R
zl)nl?Le*cD`JZSyWYP<lxXsrs0}uk|x?R+e!!i(eJ^2Ay#WIHk(za4q39+EL76n>x
zoJ*<<o-|g8lDYkO&M^<LxhVG{;WkW$_-BXkzcj2qs^uy3Wx8O;4oiE<sKz$dugOpG
zEdI83oeTvMH4?UUw%3<%g#6nF8ffum|0dstMCM{iehDCcdOf=Va`M3-dpm?*T|EOl
zeOz03AwiY%eu}f6285#S0R?)jh0{Xstcf?j2P>%SV^NdTwvXcuOu{sC<D6mT&|PGJ
zszjUg_z8syp-fxcm`Vj|<PUjj1NM_-IhLQrDOQBP*H{wdcyP_<Y)XtW<c<U$1W{A+
zZhn^EF=e`s6%V?mDt08U7=WeZxxeSYO7oPu?g5s8c)2|D;!AbfU`2ZK#_pA2vr_%X
z3<=0>B2Od{uL7_A2PJm(jU+_hw%D^BEfm?!?z`o=H^vP|Ff{=#`<E}nHCP3dj6$my
zw<xxs7yuGAnU)1`-dBFGQdBmU!JpaNnBKjXv#NNubxOv}i>%cw)(PNsX+>m;)PCjz
z+CaleecsEk^QtD<pv)@1$rIe=J$*hLmBA&v4klP<y#@}XGR1g^>?<s;#L|w6FIUU%
zEWcSlcPMU2*fr6u46b3!R6iYl2lrL%&!Ddvvue5e46;<@ku#DkG>O*}NfU&=`m7D*
z0hTE>7sA2ht!4YWlVU9*N!Gao)GBe66+i=NaJ<YI<*U{}I*-kRnfAg9?<K~onx+Re
z%NBj<co=C0Yl!1wQ0#Cok>HZMw<c}YjmC8l^*E2=DAZyDbC*&{47^f!>{dfql?E9!
z<Hro_p+i7Bik)nUd?1NflWv<+XU3QJJ_YPsvW~+OyFJ66-agrgzKs1uq&CdQ2f&~_
zSx;L{z&r99Hk<$MAxf04FRn#Z=`Tf<2KnxZ=^K`tAqh$XsxMMl&%~d6mU5a=@)81M
ztClprtkNN+#m^`F<v#eXNasDZA}JDIdWh`ikEfXC?3+AK<E~}Wn&_qcgr<|hQcc6H
zuo#ZHI(SdSIVI8=jqsMEluIzIM1YR<Z@ytz)M3{Ciu2T(t)5wSwE3(!rz_A{PRw6U
z<CZhKJ>r=Vy#%Lcc#pJ8whs^B96eu4wk@ASviJKxq4fO1TyMg`S}#ruH0l2=OnogF
zl8x^ZJJpJ{o*I%}M^v)?BXOm>Zkw9rXQoW*d=|Zj%>nMg{v>GL*adc!YYR{s?b@QC
zs?`5I2XV&!?eG_OLAqW7|My>At&F29QyC^BGk$5VITz=eLaKkXDMy26*0?DK&KBYs
z$;J|0Q6>3#5&Oy~`k=Y4g*{{&XGx6!>CzjvN6u9VL8?jJPq9#WZD#Gt9wC@tn*x+&
z(Q&K#;NeVz9#yOdkeG|5Xd{4gr~>v2!KXp~_CLh52!EC5g=RiRF{$zUvx%1pRRmIH
zk%d}+IkaH(f34`MOi!zm@;EF1#vl#>naCTKOX^|6`O{Bw_~iq{HBZn0Ti!)VyARCA
zV&x08R%M9`e25f==``le?f7-c6o``$q&=A*iN*3YqfRh$$?F5y>UBUe8Sg9x_7fT#
z{yKX@uW#bm`psOMV3cs3-)SuOJhX%yJTiBdBY9EecX1LbUw<;Pf!?UIU<)Nb^B#zA
zQEGiE2zZ8xL1ff?vO>K1K^xko#$y9YSxR*si?*rB(0^)E8B;;^`3;FaC8>;z<T|n>
zQaiLQf@2{*srfPuiCVx*I2GcvQu#E6PDT>ivA@EYIGqmMFI9OQgv<?Sc^uc|7#~Tb
zHT4qkwPz_L9}XsSA3tdFh+G@crZ%Kf7qw$0El@L<yGfTqJLvaoH#|3X#R92Qo6hj}
znBnTb5V0H1((+0vp6i^I$X<{_inJszxOC@mS{N7k2nRy~z{ZILk~(S|l#|6@%@&dp
zui<VN8TyG~1nDqYDpd4nPmaKvKW;xAwM;{2CHA>>9jRO=qx$4E$qHm7k%FO#g$_%i
zd$?W-h78N19+Fyqx0e*Xk9Uk#3{9rzPf7Cc%iWZRLP@ujR{g`+y^BR^2NyrQpV$Op
zmjLdiK@++UkkwK4r5mxKVjX;584@en%upag@A6p@kA@EnQZw#$7DD^Eon5Zdx`>)4
z@E)t30Ac%qi$1ZpaQI=&wk0h>DX54NJs9|tEd{l$_B5*1sm{|`brFpv&vawkR7IpK
z7Qm}XV$B|8m9f^HkTe+3<<**zJT?7dW3Z~85yFE6#F(j$QGQ~LrL22a>f^WSRv!+M
zr(Er$mB|=GUy1u_b3Fy$CPx+twNYaK{g`qVagp___w8hDO`@(dSy5Mo`S}a-nZ{4D
zLc^;-QNTWHI^wa}nHKMnlprQgfk8_=xd?-#kP7vkd-cZ3?K13p&i!stP;IbUF6|b*
z4FMAYFnxK<YUYT;bZL|OZ7xr3wK4CI@^wW#KcREwwjkk*4wasYxTLtqJ@5|%CGnU#
zTMj}x&B<>amAND>kn0dXqfAUwoMfPDfm}yUhVJB_>+t{QI{cP0ly`7^o<GJZJZ};C
zZY_0xjz1uT5p~XkwvxmmW3o|g`XK=K)c@{4@0;Vfr6Pk_SGWAhh~tB6UfIhTN1mvj
z;HC2z`sw$-;Eb5MouaR^K?5?E#t2AZCOq|egwCVsjGVb`H%wpoiWPFR&J@s0-SuUh
z!I>(4pq`gT9jm|!n>bG;P84x_*PaBCnukSTDcA6n!Sglr?|c&|7CLy183+Q<ZfG&+
zTCma1`=h=Ev6zvp%++Jmsg{hh#iG??%)(X)n&=gpu@sphp!t6xryjAsn6gr@7w~3&
zmdf!2M(aIoQJN)8>1=B#A)f8Ag1k^MSCC2Lj5AEqnmkh?kW|%+QxA_>mx|dW!cs@w
z2q;r`f)ym+&e5?$EV$p`d<y}sz1m9(M@fX@`N>dws9fY4uO&7m37hJ~ms;~Ds=)*y
z4PAyVtcZNU*ZvhNA0)s_EFvFddHld0vz<HEzxWCJ{9DO8=}01sGGo_>Ak4D=)tP>|
zL;Jf?UKhY4(m$PTLw2^xK>Fl25BF{;ca2E>#1pt?a=ZE`iQBto3phg!@HuaTv`yG#
zU)cJUVKai}pQZw^_ys6yym5&I<Ur%ehWMCcHhttD%Zk0Xj50avV%-5y6&oln#AVdt
zm+==b-=<2%Ul!{7T8v+1Xpy(oC{2yRgulA`Bk{VSUH{Oa;gNXn!$3)GgB&%66Ey+z
zwMJVj(ZYr#RM%@82WFFP778HP1!~m4_EcMbL4w-_zgljVrV}T%0Go$DE%W{rfTQ6|
zHS|HfB*U&>38(p06MRPGI8&V;BV|ty$zSiba57T{#iakMP+9-G+i156GP{tW_<6hJ
zP?)}BswJX78_C!%K_$CeS&XD}jQF6M@$?j^&A>^V&}Qto5s*^zvv^6dM~mip_>Yhu
z7Nz2t!&lBn6lccK5f{N-XqjN+-+U$oUu9p+JRen0*R}}nM$v!(E}FE45Z1d@`Co|k
zpDJF`A}Ff7JFt|$EJ|8RuQp*=`OYIKhO0@`Kn)WBI*VoYia3@{{cgMm{28_-E<5o+
zqr$WH{ng}nFJS5NGmUeXRuQhHGym|mJNBs_N=}<@YF17@C3cx*N-pnZXQ5NjWok2I
zH>YWig>h;O7Aj9Bhl3(^_W9dxj#>`pw<4?~EcQ-BtfPG}zB^g>haU(=54Q^L{}4C#
zfI!LrIuF`PBukB>r_vbuPA1zabd)tuQxVt0dMp5!slX9Vj*+cOtfO<Q+N<b_UUHZC
zVG^In#RyyK0ueeP?4O4pg`tjVf8~kKcnqnI;_r#IsCqlNVNsP$N)y$WEKo%GSfhE}
zs>r<IE0Qs%0~#EQM?c{`i(jC42O~VNZjsVZ3;aRw`3`Z;?z|c-Ib;U;h<+|9>PKc7
z=E4OS%8F&od-PwVR=`PrYUT6bkF^i%Bzv!;-XM5dFHdfqx7&SQC70~(oa`WV{@!vS
zT(~a(tIE1`Fzl&#Jfwj*5;`2}7aD!&<G{JZhe+^*Tq3u8si3Wkk#R}}`fR2nNs<g}
z>YPA`JHGFEmbP^2T!zg?T|pUbh|6ftu*C#`u#ZPP7b@#?=eT!&zI*;~?pP#$$=zd=
zOETy*sIE*a(hlvF(}2Pt0o}#4;h-PT+5Q$7;0Xl!_&t1D9&J6^V!q-II_or)W+yAB
zfo9$@ah1iG`(sv+g6o(dA$r4#+NImN!`@^!EbCmtgLJs}lBPS8aze-8i~BBZWFrQ6
zYJO)gPX^6gW&WO5v7bHaw@!yFEWb@G$SFMf&EXRKtk>8o0joEn+-jZSNh2iKFcLee
z<B?tU@$!<Nz(ewD|9SE2SEsdUsg48zYh3MtOAOCmhu^t^nEjc?K6QS8*za6WxG?eR
z*_*rTyTnhZ;NQaVOs^AQl!5OAg$n?B;PNkMvP8z?yM|zQe!kBUh?-$vVzXX_+DyC_
zm~TRJTq!(&<m4^(OW~jYn~t@;lKO>%!UOh>W2De$@y)*P<rZwQIfA)Dc6DZ8`X|Y?
zrADn_TwjwC?Mc6d&yvmZLh{ghfO^8<)Y->W8*61F&Z`XE1{-1Y7mEO4SC<rSj0L{~
zPVY0GprlcH1_P018Av&CM-};Nob-~ArHv78`UD5UiXE~Md8sfFCSgEL1gzCnzQR~+
zl3^Q{$^J$~S;7%&L@~Bcf=r(#Cf$uLMusOsnO5#cx5(GeCwmICTldTHswMD9M|o2C
zovW0a4{gpPOp@9}@R0^IbrdgBRU0O1(Ijxzl^Bs!3x7$}Dh07w-Q26DJHaO3k(3`(
zt^ck;`K3B{DsJgjxOr<Oz%n&hhWcZ7KlE=bztfNKD!a3hvR7fn{Y_vXNp<<spv2LT
zSYm;ykU2&L*vU%-iND@;Z68#&9#c@W0LFRvvP5xdLYpx^&<#eC%RK=VV7`Q0WLTOn
zT{L>Q=U82DWEbnVN4!<FzGq2=2mAON?{V@#-P}{bFY)nJ(ENrbWU!r@wS@)A`Wm5T
z=7$RsQl0JT`#1R|H*9fE8Q?{XiG#qwjmCKjqwV_>$IC3L)8~N{^}WeM=}3AbW+L1l
zwL}ima+rCmz~CP+!3sAk#*s?#Qa0f1RE-KOy56r`g%eKO_u(gz|2kYg0XF01@}Q-G
z9P!wg<=lq+LLdjf9(?DC#CJFGNCp$LNJk~tmNt2FGVQCMUrOk=Qz#98&2&mHJmH0V
z-Hw%}jnCdfR2YM^_M+lf?If-CxT0+P89WV@(@}@;0o1Rte#M9$vbj!$6y*hPp)(kD
z)g0zzc)!H9%_M`XP@2WY%}(#V1S49@m}KM19AMnL&qL2cJzpft)O119&_lv*F;9|(
z0~VafNovafNWEFZGU3-v*i?JR&+?s{ar%`hN#?lWP=*xDk3)z_qgtAKQ*jX#NsrXn
zqy|Yh0#3wcTlY^jECIc)PKNO)MrlVyN;enAZuD-tVh49(mHIx)l3IsoKgFsJH=;p0
zpP}Y$1xV+sr8hREvC$mq3XGtT<!_qH$AgP%%3SnZ+>kDLsd=b*srh*HdXj*Bgh0kA
zZ7sk1sTeOe8B?Kn=%Az-;`RBM@d>TOq;XjbU^4R=g*5~Zv-=$ET#Ye+4ZRbu%v__N
z?IleUu;sSN7^V=<3zB!Oo$v>mmtY2n^Ys(S;;rU_!3{XA>|S$WVK(hs2_ZkPTnkxB
z4qed2PHKQ7*>72?fp-ZB_qGXk=H53sE`by@e^<8B5u>n!DMn`Hpk%40su<kh-XR@8
zzwb|lEe!;!MO_yn!Nv~}j8^O++XPvG%!UeqKGLtMH}NQ#0qBtWvu-P!W=0S@{HXV(
zQ0M`0b`>gVaQy4e&5lS9%&^S?^iiXEg3MHI5HbU?vch2Dt8P&PG|v=>bF7GhwRV4u
z?n`SpV|J$&g=VB@6)2jD%8$={!;--P$q$albkm<gwg7uOLF$5;0rG|aj`|u2Iw6rw
z5P~OKv*d+hdi>xn%*7(Zf9myb{0Zac@#?Uz0fJ?gUs}@L&r9a&wGNqknmPHGbg_xE
zHJ+tTeus6XON?5sk%OKXzt&tm=!p?C7@M*vjZ)_zFChkfwyyVpF}~9}1F#|LF6hAQ
zJE4rF!0Vhgn8QfW$94B4>u-2|^(R9r({PTg=^YwdJ~DH^=4FQloO#-zv3_Qhd8@iW
zyksSF?AyQZJWrHxMWZb|(X)y#apXj0f6n-!!TPD!L-{0%NPL1D25c`-R;b;l6+8{1
zHA$|(U0!CZ1F%Hm+-Br=1v-^ug<@SwzzC$2Lj}eoG^zZw!V{~RT=xXfqEUVhA@i;`
z9n0>}E_00k@u?c2LnS7rrtgh9sowQ7e)(qV|23AibbgFhV(_B4rH`vlM?dqzqNov(
z+1#~H9nUa~&O_vW|J0Me=O{P<-w45x4U`wvxI^Gaq(DY!u&HPE0z{(~5^I@bV^(n!
z2Dhz={w`QAWL+EGzC9E}{CMbn7N_SOh20i~<YF#Sn0b$n)!(9EouyM^NchuswlL<^
z-_aA-^4IiOzH3x<)}A&1VheSQh&84*<g0F2dJ;K-G{ruOMn9wr3$X91QIVWhXCGj^
z;&~Vk_}SFi`)StM18N7j;TD*;hA52L4xh^1m`rrwe+{^%)>Q>Xck?o4zk$^op4*E<
z)^G@9x9Zj==3Xe8SP4)GFev&=q`!f3la|M`G_RBFjr&0$1>NQ0Tjt8tDk}%x<bH5m
zRNu{C`wFwk9%-{vp&zHe9Z?qR^*8t8d$-<QKh9PFrYhtIfPpX?(>>fg^ToKgVfOh%
z@=n3Af7N5s|Nc7rWuMBg!tVv#`^o;d7386+z?}__plYU+%><N*YGo!DKfj`<JW@nv
zLXSOG1U9yDMOl=38ItrLQe07C8^z%&rFcjwMvGj$k{?sDR1g{m0$5lReGb%apn?ZB
zS`6GFmu~Q8Kq8JE;!)oyP@I|iI4Fs%_?~EiwW!6Jf{Wusn6(rpP9$XLI?n_u<#ZcI
zJt}LoV<Hss#c$4v(gA|O$N;BsTNs;`Xz0iiEpsgCJW`*ZlB4d+AIc^Y%?bPP3X91L
zwPyP`>lLL#62Qu)$=*t{$sT0zlK%|Ol<fdp4!AMd=*a!EcoWFt20^wuhqET#$G^j1
z^sM-~oth2Fh}Uw(M?FC(!Xg$3-%F%Wo>ll*)1>>qVJYFF2AO1jFN3#+^4K&;z`XMY
zyr~*tk>=|vLk3?=kQ7pkZ}%%(Wk0=7f?=1&cQ*zIL1Vk9ylUa1$m)v-U=C^??L0Mp
z2-%BY(T@ZXdx~-M!m+3E_}Czg_Yza3hO{)JCe4?O^Gn*_T?F_yL+C}4TKS%6dcJxe
zPJ{1)6*oMg7+T62WA%UF0%$TkE?$zO@qn0g58~8%2z4p!3Q0TTLP$nDX?|}}EP#rH
z9*Pt#ZO9VM*sn8~qFU)5XdtkZ6Ceh*_c~5oZbWSp=cAC0qu|CI^tvyTR@cQrfaJ6{
z+clvmqQ~Y$w0TYDbu6fWMuc>!=kg2Cp`lr*=S4zeB!Hm}g%w<X@u?Z2{KaDg1vw#;
zA;cgiS2DiHFIK!UQGI<mM>=;|K{{7F&VrCcz28j~#knS|aHI=}7h{lzAJCGifn)l)
zL~-uH_;p9kg)Qk>edqjVebv=$@ze+T?;3SIX>IP)fk^E<zKx1>e24DhW@X(LKbl&(
z73mVQ;kdpK;}Tii-N#+;3c~+T63&3K{R|_wJ8<LRcb6s9fjUvqH)iw!!&DhW<S-zS
zR<FTpk=dv5;sy9tfHCg;s@&()MZ(eo!4|PxUg<cor9EzE-L#5!M*X|p?m0cFR8mOt
zSj>H!N>3FfF%p@fL#}>@67p4_ai63R>Ti{Zm}E$PDGBNT=CtV2V>7HZZuNU=I6;x7
zSwDgJF_qz}7?#>*gHLzit!XimCFHXN>;>HulV_WAc)-kN1>OwED&s-_tOCQi)+2kQ
z%U+NS4l)Y93OHsbuhe&V!rec+BAB|4xzE#Gi@xE1tpJ3N6_#gZlb(t$lYIV(5cTaf
zO<H-Be{V`FC;a#GTI9d|s#P$jA{j?82*lHafeWc)&;XVlTaL8Ja}&e8#9Y+nx-5Nw
z81N4E&2s>^PK!+;a}}BuHf}04dB$deT+{VpwW@-nEUT6kPq}~{Yfqq13)A2e6RFW3
zZ==yZw*g_A<K(fV2e<$V_%T7tMY+1olP~_P5b%HSG7{*7h%6EhJv*CQ6oe2X!nHnb
zGK$y9lmqBjDDL`j;vA4OdA1=4ppP*KlK`4yAxUY`aUw+I`P8Mv1~Lw3EMGm}{bY1p
z^0#RIIuW=x8NXBkae5l%Uj3Bng0>>vYoQVAWUg#gMufAryyo39prl4+Ec!=b^4rAc
z%lA3n+4l<G*?$&|{%27o&NUqQBVE_;$(SIE@~QrFGbPS|t1iO~Yw^KqfP*><6j#wO
zi52@LVX3I;5imFUeq1l0YflJx1YdV~)E<u2mtqn~Try!6g*KB(^VZpwrt=hxsx~^?
z+a-h*PlrQ^-!tA@mx%pUVsW~3s$rgTx>9CwI&|MI#`JGwQVAiCEdK2G7{tZhyRt3(
zmMlc&q~AcpaZ>M4ISfStU?^_BqIeO@qQDOlv5sw{H@OCtmQn7{D5A6&7LmDiW>@q@
zLkti&4Bkqh>`eETnFGT-8IQ~>>dw<YMVUOdvtkfh%5%hRpcy%?5avigH5|J_99Qyb
z>kcZ2=!RSqVj>w?a<(YeB$oT=56XgHMeu~ulOx|Ne@OeJu5CmBS7FOY790kEWYP#G
z2Y;mYh0bEThS>)CRZz1B1~AEALs5L>HA5!Ik)CWF5Y0mWFPZNDr9Gu}!!Xz1MQFgf
zR2imbxO00L0SD@y(+Ikp$%FAvh*OK{*Yxw~FOH*;wb?4CRz1t%0nk3DcS`wXYH(6i
zE?`<|No0SWh30@#9P^*xWEGC2N7~})i!tpfR~;nh-u#jdOK=w<9}Mz|N=3s|3k}mi
zQ7$Ya0;RZe?IzeanT75m>&TPiNZ78@fWC@^rrX#A=2IriYJO`9B2a4{Vu7XT1~LQq
z?e&d~(8M@DszZH>37<qCS%EJEhk{?Q4|6~yiR}nPl7LV?tF^~7eT4}f(<u;3I%EW~
zq<FqN;-@7<A0_J{59vG*OTs3fPEb!g8pZIz2^Xvt<lcVYP8Krg!0G({7x`?IDl%8e
zI<}=%Q9z^y{({n1_9JXv)H`=IiK>q;3EHuV52`E_9CC9u7_A^!uNYU8Zq=`Ql>a(H
zVy-C!=!@52%@*ieeF(KXrOOH2R|&2t<6+JWgOQ3w@PaVME|rlvE>^H8&h5w+MUT0r
zxs=OaZ6&$zY>)54gXkkf4N;7c{k#;u9Q>3hKEk30K{R0GQ{#RE<F!xyUHc@WHVzBA
z*IBu8jW}6suHU~z-VxL*48o&HLbj34U~M=ZkoCY{8b7<I={k-E>D0x|h>)W%V9SnO
zC^$yA+_Nu;%^ulfG-dPDoIbzvKe_X0$#y$>j#T&!?uxsXQmE?=;dy~ki><}?MPJPP
z_YVp4;(&il(NvJ*^ny#R1}Pn`nZM1Uze{E&*F8}jLWZoG*f~qNL_9Wq%W;&1&=*+$
z^D_{6S0BdV8%dd~{huV}8l_d|W!GG<f}4|nG+6Ee)*CFC?o>JCWq&K6DTGAtZbowT
z|Kzn!%4QWiT3(^9H8sA)6S8PH^q!7uX`j1SFIH`G6HX>`)Sz4a&G2D=Y2%!Fa?#9j
z0loYWV*jx%s~m^XYBwf6z-$a3lo!mY2hlBBE5^&RW<w}f@w*z1;GBPSOO%^X9nHK^
zmHlT3{(iMUSINVmUds$Ip(lR{-|8lNsD0L_p<(K+22#+MLlT0=n_`Jl<~rF4F>h$)
z+scItY{ZtILn1yO{07+b=&?R$ZaX2pWKKB6J`P_bIvL10qyVTeD}ivgLE8Nib>G-B
zAqZ+oipvsF53{f5CX8pT3H;}m^T)`ZM!l*&7kTRyuUKC!5bh+<+n87s3s80<FTfz>
z2eu!dXYr$E9#;vGW1JSqwBMIebWGg!2@%n5Wb!hNjPSe53T*44{5fo!ue4R)W`=2o
z!caToc;OXKh6a-0MB!P%Y(cVv^+A`+@&l}5a1%;L86u>GIJKng>YkF5XGDv;q2~jn
zsbfWWi|_6#w?z2K;!Fc^fkmg^D;1O8C*26YsCx(h#(GY}Z?`3e7_8a)A5uvxL+j~~
zla?Elr~V4|TBeO4aB(x3yW+x5xqd=j`kMOLe%8a%0=UyY=bCFc<kVeaw9)BrIzNX^
zFKBo)m?81&?5oPG$7P3E&xWy_Y=*RCt+S&QzcsN=A@eSNB)TC-%k&NMB_ZBen>ZPJ
zr%u(DXh7go+q~GNob)#3mky0IVwP7RGwt|^<UZj%Bl-d!VEh;&XHP6?QEgD2utb9X
zrIi$K5Qtk2&S%A&csc#$fwzn8Z!0#0v$7_Q%3!tzp#RoMv@E)DO<IdPB`=I3h$W9Y
ze=e)~tn+i1gpcYRR(n@lb<|Mx`xhfoM&vr;BVrADi8b|R)}+tZgi*a;rp?4P#8NJj
zJV}{LQ86n*>V=R;Mh4&suwbkG%YAjQ@IwR=SOHpJ{w$a;!yQkCwkc$QI~D$bD9q*|
zsQl|^J1M|8iYV=FM%}21xmrz|BMEuG>X}7Vu1BG^JRvN>nJ#mh#X#YKdDhEXo}K!d
zEV~igsh;a3cPg)j`>lx5BV6%vS9SyGD4EO5EoIfYdS!hb+b_<(hAVEeS)N;)HTyMl
z7Klf*MWQKeI9sD~uZ|T;WINyFEVQd8E<}uM#a9O74RKOOB~o%;hM)(l;16G$U#)qa
zfjQEPEXMvajnW2bjL@gvi2mEhl&m%b7AC$mAR)TPPH#Vvi1YMXF%Sw5lu7Dv#nhiE
zvHlLfoT4j-9Lu`cc^x@U42)Dpwq$*f10g;+tA9UD(0)+8lKm48i5?{4Gp_~$G-bL1
zLYqUsRz!H;V4cC>hQ91r{2dIc$e1+Apx_q^Q(T~`3O9rPT+B?pc%_udbb=hZ3pHzU
z#q^IpV{Ug%`Ig3jr^z-2tH!gYP&5$I6nk5B2pe-vkmvc|RWj`3CcJG}#m54-70LBy
zJXPvsktT`QcPrODT6RbyLSSph?TlPfLTyE1GS+Evy>Xs@S8@c%Y(BFH`=H)q722gb
zrE$jL#94W{XRz^@6?5kuTKGu|S|kUnOX^>zUKYZ>qJ`9ey>=~Y@8~%DKs}raiEHQ|
zbfWdy=cD)gp``VUMy*lNFl_*mb*v#L&ZX0gThb2%!P2+cYd9XRI~}O>ISS&0>Rj()
zdkLRNmHnNNk%Rr*X=O(r$aIkkf45g4_3bbnuVC~Xew_-D9{%LD(_5WD6=FaEwKgtH
z-|{WeSdT%X?w@Of<bqrS?L2lAHP<QHSOJRgTajelKi5Dz?}D8Mxb_-S2t2FX&;R*`
zzNa5S`UZ2meZT(0IJWZ;zgORK*IC>qbLz&_Z)|+C%g+)zjgh$7A-_TzXz0-x@hjNk
zkKRZx!BAoT-W{t%%+vduO$GH!%VYEK_T|<S{;YS-tx3kr-t#Jwcg&R7Sq^aLfJ5+y
zFv0iTBFTK*cWDADxWLq}pLD$|&KgN)SR@m{bBcDC7S(+9%AB!;K2192X2g?rn4u@b
zMWRT3;=InV`cXYp?YhxFbGUHA3en(5wrE`eeZvgKrYhHy7r4PM&`oVhNlADtI#{zu
z>mU}?@|1zl2cG#9;;c$Ta|ssTW`bu-Yh7lJ$FG@+R)h*X5!4HArm<uw4nx{iQOAxL
zRu(JUN#?gS@(iv0DpFo!C{q4s#egi36_4j*Ul~CF%a?z_`c_n|{LhNV>YKz5S*oRS
z$Q?@yHkUEgLLMRM%?6JqNKC_cs$<`95D6H|%~Yom7$|<`dvx}agki-N8-FBI5;1^F
z)w2PRB?@E`DL;ng+E9uivZaER>x?i1PTA}tAe9@JcxA)2b_(gXEVuBI#L{l`KgE85
z5cs~$yLI=c6p6wE=Dl@4s_*16>6dC6QNBK<sjTK$tC`V5YkcigwEL$F3HwcpT-8y_
zRhjg>Z28_{9J9#Vt-E}O-A||WdBL{ab~9IiO*cg6nCSE*zotXS&2*=6b?@5KiR0c}
z8j|aZ?Ghmxk7p?4avSIz%SYFsiFfObdZRC{VrFMt{yRv~QAbe!5RkhFo-9~o@ba44
z$i=ME{jKQOgoc6bi8ay&A#$}P^BgV|>G$$@m8Q;ttfybA<QURdMi)>)viWz-+Z{OU
z)jX|GLCfO8;n+?>+&tv=>=ilpSui!<e=(FzEhd~xXX3aAgL(1@D{djK6uWj-2}ZTf
z&8jM0apZ><Byx9pbKHA8C7yDyzZEXRx!X2f5c`xuZ2oXv3$)gTn7A>oke;7dvz}ZY
z;!uNWila&k3v;P!nVf+67)IK7+yI`&U*IPjwu$HN@Xe7~Ww3wGbw6T{yVkYN2LZjH
zrGM~VdP4O+y4KK;)`$9UA82GhVF`a5e8`(3^(ks^OmVTY>P&N?p`ZHV_*xwrtLGP&
zTcuaMk#MRRxApPzdIeN(I>7NYXucx1J0RK%m`}G>fD?j3;8`Kdh6B=o6A;Q)^z^hu
z&K5Xf$TO<qX8$c)2<Xp^{E{Fe^{uH|9w~BcNCiSUigolRFmi?46Ms`}<7buLDvEmL
z%;Ak`1P_aK_KNpac4p=Ensmc&#3FWaUjqXJ_GU{gy_&mij@w?&_~q_AHKn~jDe~pL
zl*2e2`f*ON>wCi-TLM}=y}-yw%IW)WS=-M9a{aJJB7)1GA_mK0fpCdz9U_`1qEE#D
z&Fpbh8V4SJa}%_?-#7#T;R`RvqAkyZNBb|e$`7kH_V>W_-LJby@e2d)oHxYNF?e3Y
zHF~GgWzq>er`(d}ksIJdm>^MCL-v97(`NY5c9FNY?B(VEPBH;odHpPZt;5^PYicFz
zG(xPL5~f+0ryV&yE%~LZW^ChC0IjO!$(RW{8U-!9H+V}Tm69~eR`Uu&#0}9-Pl2z$
z-fFErpnEG%bG46d5Vx)~Q@-9cDlqz%e1~Bxd#Pke+E+_BN=Xd}Jxy1gRbchM;0@#3
z{g_dJ2()$xKn(<jdtJZCciU)d^KV}+KFeE_*1{NZI<h9zoFUIBVwRG|2F!Zp2TGF_
zydS=!XbbctUT#mXC)0nrhHXgVS9gCl9GC3x_>n=`lv21<QM?lQ90ZBXaYOpIOUBr0
z{zP3l%j`RwjpFfLkmt$Q7Ayx3#hG8e{rM+?xg5rIokjrws*MDKeiE~>82e;E@>yyU
z18zKGmuNh9QBxYefRMZkF7G$T?`9{o!7FzTXmg6^-p)$D?M0V6>bQL0Yc?j&b-cbH
z#@x&u8J_wIsV9Kea4IirfYKI58hr8Tiet5F&J7K(5G$0d!-a5Ts4=`Qy+$hUpk0sb
z-&Wpe3*H3>yangpeh#l}^><8ZZpAwH9x1IXZo`~PT?{sO4b~Hs<z6GMq#fvvS4hUG
zSTo<X*Ow<+aUlxpSsr?^S&&ema$^6=5y_xinZpm6%*s*;kUj`PNpBoh9klwPtjCF=
zaib-GwZNgXX0?~3!!wJSZ0=BU^ta0rZ{`PbgHwwKaIo6NK^}QcXfK^VfS7(xCw#xl
z#BFh(tDjgnPB*2h-QX~1_SN%T_e*R#Yfp^G)dZg<L_+BNQp3y(@Ba1SUix{tBk9YR
zWV=JeFUZN$elPsI+C&fdbut3aNQjP#gxj_UM94b+ZI!k;dUTq5#;Xn*r35$&w9|j*
zN%;|EfL(|N_!kP0S}K_qwhL7VjZ_@^lJ~t~E_(OZJ0#)a06U9YEoNVRQ^3HlwWHV_
z&Q#_c0pe78_#uJ?%RH>1BK@GABU+5?1wj}!`5EGp2iaSc8~^NR%0J7ZH9sBHR4&bE
z^){!;i^a5mh^r|hq`vJwGM8yTJ;!j1*u3VE0{Im$K7%CqsdU0ymMiCyw^$oX7w9ef
z^eBj8R?RY8nqkWediBg%&y2Xmy3b<F$Ast_W^w#9XN~D>(HQy79K3Ph%vrB`o|7|T
zQmz%%`vTbaMUfV|hs$)SamCCt{g3cNzT5P?DiVCl5X9ATI@twkp;z-2tn&K;HM#io
zK!iOpY9u$*+is0IVydKVuv+|Y+cif&JJJ5P@TGKkE?E_hLr{dZ!67R^`&QjAP}7I^
zU{Q>jR+wv?wFkw-@q<&<_N*7NgQKuK|NCL+i_kFL{Kpjlga0uu9f>(&uQH%K<mq>b
z>sVCdkoujO#4kT8>2>Fq*2Z%f0%e^y5UsB9W~LO$;o=?YDdJJ$@SNUTF{%WSn@Tr*
zy5lMg_PM(tPAzX<{R$16O$1#(2(^@U)gM9gs>VcO?9&Q%+MAp~#QX;)dZ1o6*m&vT
zfQh)vo7bHp&tf3CoyH-DOI!YDmq`_n3}uW$5n+=R$nRlOah;`zJ;$gNXOpc75H{QO
ze_QA65&X<z4r|XMq{I<R)rhp6j7c^i&*mBkxF(t4S|JUpcRQA>j97d*IAC5H8%tk7
zz^IAEFOh4{YFc85Q;6YY&g`h7{w%Aewb<UQHXkQBC!g-msv|25%n{{>ESo~i(tjpJ
z@T$G}#z<<qXZ6NJI#SX2v&s7zz(FggKU<NZXKxBX*N#n}u!N-UMqf!)g`2KGCxS16
z(%4}H_q|0^gr_L*tJwlotLW$?(@CB|XNg16zpWnkwO$-IWsVY&+bE*7Mv#8oZGEJ>
zixN_95Rq?SgmeMQ#Ak1>-d@?$((m6tw4z6XO~hP=1q)5>0&egs6RU@SdV@8ks8fx#
z$ZJ|VJdpw&=pro}C{+TnRB1G)1vqgQrC}U(7JIz?S^bhx1)HA03wy5ETO0Lv(_f_<
zCM8(E{0(fx)v^*(sVPg~$Hr;o|K}5n-DTRpb8`Q4;{Q1uBjg|(3rV820NO7=4P@S#
z5tx{QXTpf6f&8Ri3%KZa?nAb-E(IcOgM*O1mCf>qyh_qa(f~?r@#W)VaG^`YuV4GN
zd@CeevEC_5xU-6dr==&O?6W@XZ`0rtjepEEDlD7A2!@JGSHp`Q&!rYu2SH78N`%IH
zqwsUch$zOg2zUjptbGzm07xw{)*B4E$QDcF)ASRz?(Zi#TL=V^l4L^tMW8Z=AQB^B
zmvKn+ix!?$#VgUHR>uyDY_Z5SE5XDE8fr`fP-PMXs!kwk0+GtC%8q7dyC-w<&Ykk!
zw$&28Bk+;OrPf;tnxb&F<*-$-k77M10<_RYY;g9335|$$$OJI>!0=4^*$jT&nkqCh
z?1rQ3j0H+vql%XVYPlw9k}+i=x!jj{T;5bim3oVD;}{`xl+tug%kQ8T1WSdkDTRxW
zCyUpltchBDL8-g5zwpHy184J0%+0@YxW=%#mxoGg8s*5w)XyoSek-xmF!iDNszOZa
zVfT7Fg;V0=Ym;Y~1(c>Ap8R*rY`Fb+f))CTUM*`WEw+$fLAr0qex4uSPGi7vY80R7
zBbTP48FUn^j;~5_ghFVe)JltEP9Cz4<U(=PFequccYHo0TA67lHhof-WH;l1DPktZ
zvi};Ac@U}(Vb`eXKNNyulVGdLW|&CJofsz-6S^2?uLZmX_<Fkhc&|}RYo+Rm*WPk;
z>@~_~l7S$cT639AJ(LXA_k2${)08KzJ3zE(l+L0bQ){*ne>+^Lm38D{HM0zV>X<`R
zG-lEA4IVpy{?QD@!fGb*z?TD>>v=ZpaRY-17hlR3ihtH#@)9D~+&g*HRPg7#$GBlr
z<t2nJpdU!>F_x|H-nYP#WpOM?$Xebj`te6l*j6|ErOamXs)#z1bCl*ZGhhKqN%PP}
zm7}&OlQDr&x-#}zBlCJEH$c)dVpu6Kk0&B<?eP0_*SvRf)77{3>~|>?d+*D;>*L16
zytDgwu)6nqAB7L88hdGI3X-z{5{>%F8oRYiOi=!zc(Q|;WI)vdwWjaQm>G1Powxgu
zKMBd(H1Hwf8n=P&7v%q=_^SSLXJaB?>4Xg@hbVLeThC<vZ~fwv+1d8~{;yAZpIU41
zaY$?_Pa)47_hgO8yie|MgksXJaeT&u;$^c-u;PSgUPSGoWd;f`cKcoOiT=p-uJM9O
zX@M8aO;O`>l}qD2(N`C-kPz)L=Pn=Ey=q<5uRd$a44FvEoHLGIgfb?6#_$7&5s-?!
zkFqmA!XPUXsSD$$XcKbii8r;7H^NvE7yP6&z8kOil`_oDV}Ui-)$IJ@fgDy^HYxrr
z)^NrzAI;%=GxI}<iXiZXsR#L^+2^UDstl-_ZL1z;a=*8k@bn9@54>!{5m;^5Fia2-
z`l9<CR>Wy%Qa;xo7YPBci~Zya)c!*MucBp`OR3ZS^^@N{!&P-;f?N-$`K|VOI=LAG
z=S{2rQJ)yCYKWdiF_cgI8yIT8LZ`(~b=xeyPr%4%b9)e3?l>0}pHY;3t(b<95hDcb
z%k$!-XTAD<J;2c*p4}5Kd-_qB@yX+N)6@*xQ$ukkX<@uW*a>hWwG_FAl}OiXN!5Cg
z`#D04Cf<Mt90a%YZv`;7nVZ@xcJyaJ3BjD3^H^AtOID8_(KN%XuVAcl`~C`F&UVu}
zn}9_vv!Ey97=Ou8q4}X(8xYWcTJRN!md(=d%K#xpI!=t9|1wbu#qqn2UODD<VM>k9
zXNMh(F#*&a28fN_ru2-#zeB|Ftm+0!cj`p4FD(81Bq`?VA0oEFn9C=1F-g#jzg@ze
ze$%6iW>zfSH3@!USa%?L8<!42vO&fD<!oN@{<+EtU4d=Hypo_rR+e|(=@Tp<&#+w3
zWGXl>7)9~|?T^4Kbek`n1zP09K_-;*>@2M3cZl-B#>gymQJw_MwNRnMaylIcTrc_u
zd7}k>;2*};ly3n~pW}OKFg?dHTVz%UHw)m#U`wyOtUj-(5;jcx&w#4c@jma)mUgUu
ze+u#8&p+RY*(}p<6I%XV4Cd7ZtdS~{O7nKD{oW#eZ(Ab`fLYtRzA9RoqRu?ZW4uhu
zCC8@vEG^4XShW80r(o0%^6w|sKPSkEp+Ad>s?SUh{2XQ6h8p5Pzc8oBWrLUGH^zg!
zS=nQhP96-c>w&lvTGa7a8e_{_8%qO+cZJu=>(#B+)M9utgnKgFFViX@0^rB6+MIeS
z7p^9MnXDdy+AK~lbrE=18u$e0W&UwsQrpt<4bWq#z4EjSXvHnR^7IX8)i&J9op`xq
zRNKnEf4Qvc>gmk<vtdx&(|H2g`2;+&pLMp%20YGzcDFB=R!d$$(#vJ(vKMghN9bqO
zRX_P3A=%oi{_(R{wnm`m6X;h*?_UD-eFC!M&XHxz3W;SX%zn*&3CN|fZ@^izuyAP9
z>YcW=bZW{%yl7(GYvQjBtX-VgwCBQIbubyR@i2S~tjz4*v1M-B8;G4h?RpW?=J1<e
z)VE#^$1h#<`SV(1`7l!1J~M^Lp;UQy`e-<LKB?_ixPfb#qXir-UiD_J5Y`=v3$RY`
zR!`ks_H&}Z5(tm09`qzlh>{*2_@K%9wj3@(qsy8sI#_7&jC%12t)-r}Xc=r=Oq?D*
zQI=X|t8H9pYJ1T%cJTF#oUHuN@UmK5+?cF#j7N3xZJ}G-F!1nrWUtKLBh1NjkoR~5
z4SoAJ^zRSg-`F=z?MKpoW4rzvd$6^UkhwS+EIilvx%_f8&546x<u#UQpMqkqDOcL;
zKr^qdS=Zhvt+`$I`BL5`;hvtQsTXwT6<xQ)-v&rdG!3m2KzFX`vuU99qj_>*C-*37
zsXgTTQL>J*%I=a>zAfX-L0+P^JoK{$0G$LSb>6LO*1E(AiQpKNxvhvA5wiuq2qQsE
z(M2#a6>HC<jz!0ayQ?2B<BKF{?pm5|-AMaemFYSv%b(mC&Z#A1R{BNzx0aNSu@W*Z
zg42lQigN(peMwBfvs3TK+6SzP0yqQ~<o_(lUZp=`6t$Cw4+hpB1O|qiV!g@v|E<qn
PxycEG&<<L`9qfMrXW!1H

diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 87b14fd8adf..889baa5924c 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -4262,10 +4262,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4278,23 +4278,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -4376,10 +4376,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4391,23 +4391,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -4489,10 +4489,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4503,23 +4503,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -4601,10 +4601,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4616,32 +4616,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "NodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "NodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -4723,10 +4723,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4738,23 +4738,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -4836,10 +4836,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4850,32 +4850,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "lookbackDuration": "1d",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -4957,10 +4957,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4973,32 +4973,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "lookbackDuration": "1d",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -5080,10 +5080,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Users_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5096,23 +5096,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "LoginName",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "LoginName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "lookbackDuration": "1d",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -5194,10 +5194,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5210,23 +5210,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "lookbackDuration": "1d",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -5308,10 +5308,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5324,23 +5324,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "lookbackDuration": "1d",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -5422,10 +5422,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5436,23 +5436,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "lookbackDuration": "1d",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -5534,10 +5534,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -5550,32 +5550,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -5657,10 +5657,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -5673,32 +5673,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -5780,10 +5780,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -5797,23 +5797,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "lookbackDuration": "1d",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -5895,10 +5895,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -5912,32 +5912,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "lookbackDuration": "5h",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -6019,10 +6019,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6035,23 +6035,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "lookbackDuration": "1d",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -6133,10 +6133,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6149,23 +6149,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "lookbackDuration": "1d",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -6247,10 +6247,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6261,23 +6261,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
-                    "matchingMethod": "AllEntities",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "lookbackDuration": "1d",
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false
                   }
                 }
               }
@@ -7428,7 +7428,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Standard)\\n\\nSecurity and operational view across the **Tailscale Standard (CCF)** data connector. Surfaces configuration audit data (`Tailscale_Audit_CL`).\\n\\nFor network flow visibility, upgrade your tailnet to Premium / Enterprise and install **Tailscale Premium (CCF)** + use the **Tailscale Operations (Premium)** workbook.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\" and tostring(Target.property) == \\\"ACL\\\"), CredentialsCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\"))\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\"\\n| where tostring(Target.type) == \\\"TAILNET\\\"\\n| where tostring(Target.property) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| extend Type = tostring(Target.type)\\n| extend Description = tostring(New.description)\\n| extend Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, Type, ActorLogin, TargetId = tostring(Target.id), Description, Reusable, Ephemeral\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Credential lifecycle (auth keys, API tokens, OAuth clients)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"}],\"fromTemplateId\":\"sentinel-TailscaleStandardOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"97a71946-815e-4519-a889-a10d455eafd6\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\\\"><svg width=\\\"40\\\" height=\\\"40\\\" style=\\\"margin-right:14px;flex-shrink:0;fill:#3b82f6\\\" xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><path d=\\\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\\\"/><path d=\\\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\\\" opacity=\\\".2\\\"/><path d=\\\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\" opacity=\\\".2\\\"/></svg><div><div style=\\\"font-size:22px;font-weight:600;letter-spacing:-0.5px\\\">Tailscale Standard (CCF)</div><div style=\\\"font-size:13px;color:#94a3b8;margin-top:2px\\\">Comprehensive visibility into a Tailscale tailnet on Personal (Free) and Standard tiers. Audit events, device inventory, users, credentials, DNS and tailnet settings polled from the Tailscale API. Scope every panel with the time range below.</div></div></div>\"},\"name\":\"header\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"9505e7fb-6622-4014-8686-14f8432cf042\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"1a6c8fea-a005-4fc4-a09a-4e99bb459744\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Devices\",\"subTarget\":\"devices\",\"style\":\"link\"},{\"id\":\"9b499cf5-007a-4e78-a541-94edbd5963ed\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Users & Identity\",\"subTarget\":\"users\",\"style\":\"link\"},{\"id\":\"29accdba-1ce7-4b56-a054-fa69eced7886\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Credentials\",\"subTarget\":\"credentials\",\"style\":\"link\"},{\"id\":\"10a5ef86-e291-4ec9-804b-1d95a35b82a3\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"DNS & Tailnet\",\"subTarget\":\"dns\",\"style\":\"link\"},{\"id\":\"b75f9e0e-7135-4ec7-8d82-13505b3f1f31\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Webhooks\",\"subTarget\":\"webhooks\",\"style\":\"link\"},{\"id\":\"77485d43-6f26-4ad6-afce-e76e4710820f\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Audit Activity\",\"subTarget\":\"audit\",\"style\":\"link\"},{\"id\":\"99788080-b885-4220-9190-ca3546528cfe\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">At a glance</div>\"},\"name\":\"div-at-a-glance-a23e75\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union (Tailscale_Devices_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by DeviceId | summarize V=toreal(count())                              | extend Metric=\\\"Devices\\\",            Order=1),(Tailscale_Users_CL   | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by UserId   | summarize V=toreal(count())                              | extend Metric=\\\"Users\\\",              Order=2),(Tailscale_Keys_CL    | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by KeyId    | summarize V=toreal(countif(isnull(Revoked)))              | extend Metric=\\\"Active keys\\\",        Order=3),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange}                                                   | summarize V=toreal(count())                              | extend Metric=\\\"Audit events\\\",       Order=4),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange} | where tostring(Target.property) == \\\"ACL\\\" or tostring(Target.property) == \\\"DNS_SPLIT_DNS\\\" or tostring(Target.property) == \\\"DNS_NAMESERVERS\\\" or tostring(Target.property) == \\\"MAGICDNS_PREFERENCES\\\" | summarize V=toreal(count()) | extend Metric=\\\"DNS / ACL changes\\\", Order=5)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-97c91b94\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity over time</div>\"},\"name\":\"div-activity-over-time-cad2b2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events by action\",\"visualization\":\"timechart\"},\"name\":\"q-b6555f0f\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top actors</div>\"},\"name\":\"div-top-actors-8776bb\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Top 10 actors\",\"visualization\":\"table\"},\"name\":\"q-91e46bcd\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by TargetType = tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Activity by target type\",\"visualization\":\"table\"},\"name\":\"q-226763e3\",\"customWidth\":\"50\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"group-overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory snapshot</div>\"},\"name\":\"div-device-inventory-snapshot-9aebf5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nunion (base                                                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Total devices\\\",       Order=1),(base | where Authorized == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"Authorized\\\",          Order=2),(base | where IsExternal == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"External (shared)\\\",   Order=3),(base | where KeyExpiryDisabled == true                               | summarize V=toreal(count())                                      | extend Metric=\\\"Key expiry disabled\\\", Order=4),(base | where UpdateAvailable == true                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Update available\\\",    Order=5),(base | where array_length(AdvertisedRoutes) > 0                      | summarize V=toreal(count())                                      | extend Metric=\\\"Subnet routers\\\",      Order=6),(base | where LastSeen < ago(30d)                                     | summarize V=toreal(count())                                      | extend Metric=\\\"Stale (30+ days)\\\",    Order=7)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-2c8bcfb1\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-c08880\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by Os\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by OS\",\"visualization\":\"piechart\"},\"name\":\"q-8435df72\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by ClientVersion\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by client version\",\"visualization\":\"barchart\"},\"name\":\"q-95a9414c\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| mv-expand Tag = Tags to typeof(string)\\n| summarize Devices = dcount(DeviceId) by Tag = iff(isempty(Tag), \\\"(untagged)\\\", Tag)\\n| order by Devices desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by tag\",\"visualization\":\"piechart\"},\"name\":\"q-7e72903f\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory table</div>\"},\"name\":\"div-device-inventory-table-d1a89d\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| extend DaysToExpiry = iff(KeyExpiryDisabled == true, int(null), datetime_diff('day', Expires, now()))\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, LastSeen, DaysSinceSeen, DaysToExpiry, KeyExpiryDisabled, Tags, AdvertisedRoutes\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All devices (latest snapshot per device)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysSinceSeen\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":60}},{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":30}},{\"columnMatch\":\"UpdateAvailable\",\"formatter\":11},{\"columnMatch\":\"KeyExpiryDisabled\",\"formatter\":11}]}},\"name\":\"q-d7892cab\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routers and exit nodes</div>\"},\"name\":\"div-subnet-routers-and-exit-nodes-a6fbe2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\\n| project DeviceName, User, Os, AdvertisedRoutes, EnabledRoutes, Tags, LastSeen\\n| order by DeviceName asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices advertising routes (subnet routers / exit nodes)\",\"visualization\":\"table\"},\"name\":\"q-50b65ee3\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"devices\"},\"name\":\"group-devices\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Identity overview</div>\"},\"name\":\"div-identity-overview-9335d8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\\nunion (base                                | summarize V=toreal(count())                                | extend Metric=\\\"Users\\\",             Order=1),(base | where Status =~ \\\"active\\\"   | summarize V=toreal(count())                                | extend Metric=\\\"Active\\\",            Order=2),(base | where Status =~ \\\"suspended\\\" | summarize V=toreal(count())                               | extend Metric=\\\"Suspended\\\",         Order=3),(base | where CurrentlyConnected == true | summarize V=toreal(count())                           | extend Metric=\\\"Currently connected\\\", Order=4),(base | where DeviceCount == 0       | summarize V=toreal(count())                                | extend Metric=\\\"Zero devices\\\",      Order=5),(base | where Role in (\\\"owner\\\",\\\"admin\\\",\\\"network-admin\\\") | summarize V=toreal(count())          | extend Metric=\\\"Elevated\\\",          Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-fb41aa51\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-4b2298\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Role\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by role\",\"visualization\":\"piechart\"},\"name\":\"q-69fb1d2d\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Status\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by status\",\"visualization\":\"piechart\"},\"name\":\"q-d026cea9\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">User inventory table</div>\"},\"name\":\"div-user-inventory-table-79802d\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| project LoginName, DisplayName, Role, Status, UserType, DeviceCount, CurrentlyConnected, LastSeen, DaysSinceSeen, Created\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All users (latest snapshot per user)\",\"visualization\":\"table\"},\"name\":\"q-bd4b15af\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"users\"},\"name\":\"group-users\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory</div>\"},\"name\":\"div-credential-inventory-3dbcc1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId | where isnull(Revoked);\\nunion (base                                                  | summarize V=toreal(count())                  | extend Metric=\\\"Active credentials\\\",    Order=1),(base | where KeyType =~ \\\"auth\\\"                       | summarize V=toreal(count())                  | extend Metric=\\\"Auth keys\\\",             Order=2),(base | where KeyType in~ (\\\"apiAccessToken\\\",\\\"api_access_token\\\",\\\"apikey\\\") | summarize V=toreal(count()) | extend Metric=\\\"API tokens\\\",          Order=3),(base | where KeyType in~ (\\\"oauthClient\\\",\\\"oauth_client\\\")                  | summarize V=toreal(count()) | extend Metric=\\\"OAuth clients\\\",       Order=4),(base | where isnull(Expires)                          | summarize V=toreal(count())                  | extend Metric=\\\"No expiry\\\",             Order=5),(base | where isnotnull(Expires) and Expires < now()+7d | summarize V=toreal(count())                 | extend Metric=\\\"Expiring within 7 days\\\", Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-7f141013\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credentials by type</div>\"},\"name\":\"div-credentials-by-type-20d5b3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| summarize Count = count() by KeyType\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by type\",\"visualization\":\"piechart\"},\"name\":\"q-dfb3fbc4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked) and isnotnull(Expires)\\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\\n| extend Bucket = case(DaysToExpiry < 0, '0 expired', DaysToExpiry < 7, '1 within 7d', DaysToExpiry < 30, '2 within 30d', DaysToExpiry < 90, '3 within 90d', '4 over 90d')\\n| summarize Keys = count() by Bucket\\n| order by Bucket asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by expiry window\",\"visualization\":\"barchart\"},\"name\":\"q-09938e1d\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory table</div>\"},\"name\":\"div-credential-inventory-table-0ccb53\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| extend DaysToExpiry = iff(isnull(Expires), int(null), datetime_diff('day', Expires, now()))\\n| project KeyId, KeyType, Description, Created, Expires, DaysToExpiry, Revoked, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All credentials (latest snapshot per ID)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":90}}]}},\"name\":\"q-0660a92f\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit log: credential lifecycle</div>\"},\"name\":\"div-audit-log:-credential-lifecycl-25cd5f\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, TargetType = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Create / update / delete events on credentials\",\"visualization\":\"table\"},\"name\":\"q-667d6168\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"credentials\"},\"name\":\"group-credentials\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Current DNS state</div>\"},\"name\":\"div-current-dns-state-b054f9\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Dns_CL\\n| summarize arg_max(TimeGenerated, *) by ConfigType\\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastUpdated = TimeGenerated\\n| order by ConfigType asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"DNS configuration snapshot (latest per config type)\",\"visualization\":\"table\"},\"name\":\"q-b72ff334\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet settings snapshot</div>\"},\"name\":\"div-tailnet-settings-snapshot-a457cb\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| top 1 by TimeGenerated\\n| project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Current tailnet settings\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DevicesApprovalOn\",\"formatter\":11},{\"columnMatch\":\"DevicesAutoUpdatesOn\",\"formatter\":11},{\"columnMatch\":\"UsersApprovalOn\",\"formatter\":11},{\"columnMatch\":\"NetworkFlowLoggingOn\",\"formatter\":11},{\"columnMatch\":\"RegionalRoutingOn\",\"formatter\":11},{\"columnMatch\":\"PostureIdentityCollectionOn\",\"formatter\":11}]}},\"name\":\"q-99cf0545\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS / ACL / Settings change history</div>\"},\"name\":\"div-dns-/-acl-/-settings-change-hi-b18656\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\"\\n| extend Property = tostring(Target.property), ActorLogin = tostring(Actor.loginName)\\n| where Property in (\\\"ACL\\\", \\\"DNS_NAMESERVERS\\\", \\\"DNS_SPLIT_DNS\\\", \\\"DNS_SEARCHPATHS\\\", \\\"MAGICDNS_PREFERENCES\\\", \\\"SETTINGS\\\", \\\"TAILNET_SETTINGS\\\")\\n| project TimeGenerated, ActorLogin, Property, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Tailnet configuration changes\",\"visualization\":\"table\"},\"name\":\"q-47218d2a\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"dns\"},\"name\":\"group-dns\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook inventory</div>\"},\"name\":\"div-webhook-inventory-ca6406\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Webhooks_CL\\n| summarize arg_max(TimeGenerated, *) by EndpointId\\n| project EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All webhooks (latest snapshot per endpoint)\",\"visualization\":\"table\"},\"name\":\"q-d2585638\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook change history (from audit log)</div>\"},\"name\":\"div-webhook-change-history-(from-a-040d0e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"WEBHOOK\\\" or tostring(Target.property) =~ \\\"WEBHOOK\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Target, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Webhook create / update / delete events\",\"visualization\":\"table\"},\"name\":\"q-303ec591\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"webhooks\"},\"name\":\"group-webhooks\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit volume</div>\"},\"name\":\"div-audit-volume-2dac6c\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h)\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events per hour\",\"visualization\":\"timechart\"},\"name\":\"q-6831105c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor and action distribution</div>\"},\"name\":\"div-actor-and-action-distribution-e6ef51\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Actor / Action / Target heatmap\",\"visualization\":\"table\"},\"name\":\"q-2d0d578e\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent activity</div>\"},\"name\":\"div-recent-activity-a8f996\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type), Property = tostring(Target.property)\\n| project TimeGenerated, ActorLogin, Action, TargetType, Property, TargetId = tostring(Target.id), Origin\\n| order by TimeGenerated desc\\n| take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent 100 audit events\",\"visualization\":\"table\"},\"name\":\"q-03fb31a7\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"audit\"},\"name\":\"group-audit\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailscale-related alerts</div>\"},\"name\":\"div-tailscale-related-alerts-a0f1ca\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Alerts by rule\",\"visualization\":\"table\"},\"name\":\"q-ffba1ab4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Severity distribution\",\"visualization\":\"table\"},\"name\":\"q-bf9342b0\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent Tailscale alerts</div>\"},\"name\":\"div-recent-tailscale-alerts-45f843\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent Tailscale alerts\",\"visualization\":\"table\"},\"name\":\"q-dfb44602\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"group-signals\"},{\"type\":1,\"content\":{\"json\":\"---\\n\\n**Tailscale Standard (CCF)** | Polled from the Tailscale Site Manager API every 5 minutes (audit) / hourly (state). For Premium / Enterprise tier tailnets that need network flow logs and posture telemetry, install **Tailscale Premium (CCF)** instead.\"},\"name\":\"footer\"}],\"fromTemplateId\":\"sentinel-TailscaleStandardOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -7514,7 +7514,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# Tailscale Operations (Premium)\\n\\nFull security and operational view across the **Tailscale Premium (CCF)** data connector — covers configuration audit (`Tailscale_Audit_CL`) **and** network flow (`Tailscale_Network_CL`) telemetry.\\n\\nFor Personal (Free) / Standard tier tailnets, use the **Tailscale Operations (Standard)** workbook instead.\"},\"name\":\"header\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"timerange\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"overview\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"config\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity & Configuration\",\"subTarget\":\"config\",\"style\":\"link\"},{\"id\":\"network\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows (Premium)\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"signals\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"},{\"id\":\"posture\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Posture\",\"subTarget\":\"posture\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Overview\"},\"name\":\"overview-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\" and tostring(Target.property) == \\\"ACL\\\"), CredentialsCreated = countif(Action == \\\"CREATE\\\" and tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\"))\",\"size\":4,\"title\":\"Configuration audit summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"TotalEvents\",\"formatter\":12},\"showBorder\":true}},\"customWidth\":\"100\",\"name\":\"overview-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| render timechart\",\"size\":0,\"title\":\"Configuration activity over time, by action\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"overview-timeseries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"title\":\"Top 10 actors\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-top-actors\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"title\":\"Target type distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"overview-target-types\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"overview-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Identity & Configuration\"},\"name\":\"config-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"title\":\"Actor / Action / Target heatmap\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\"},\"customWidth\":\"100\",\"name\":\"config-heatmap\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\"\\n| where tostring(Target.type) == \\\"TAILNET\\\"\\n| where tostring(Target.property) == \\\"ACL\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"ACL policy change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-acl-history\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| extend Type = tostring(Target.type)\\n| extend Description = tostring(New.description)\\n| extend Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\\n| project TimeGenerated, Action, Type, ActorLogin, TargetId = tostring(Target.id), Description, Reusable, Ephemeral\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Credential lifecycle (auth keys, API tokens, OAuth clients)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"config-authkey-lifecycle\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"config\"},\"name\":\"config-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Network Flows (Premium)\\n\\nThese visualisations require the `Tailscale Premium (CCF)` data connector. If no data is shown, install the Premium connector or confirm your tailnet is on the Premium or Enterprise tier.\"},\"name\":\"network-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Messages = count(), UniqueNodes = dcount(NodeId)\",\"size\":4,\"title\":\"Network flow summary\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\"},\"customWidth\":\"100\",\"name\":\"network-tiles\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Src = tostring(t.src), Dst = tostring(t.dst), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\\n| summarize TotalBytes = sum(TxBytes + RxBytes) by Src, Dst\\n| top 20 by TotalBytes\\n| render barchart\",\"size\":0,\"title\":\"Top 20 talkers (virtual traffic, bytes)\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-top-talkers\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(ExitTraffic) > 0\\n| mv-expand t = ExitTraffic\\n| extend ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst\\n| top 50 by TotalBytes\",\"size\":0,\"title\":\"Exit-node traffic\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-exit-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(SubnetTraffic) > 0\\n| mv-expand t = SubnetTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\\n| top 25 by TotalBytes\",\"size\":0,\"title\":\"Subnet router throughput by source node\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"network-subnet-traffic\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\\n| render timechart\",\"size\":0,\"title\":\"Virtual-traffic bytes over time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"network-bytes-timechart\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"network-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Security Signals\\n\\nIncidents and alerts raised by Tailscale-related analytic rules.\"},\"name\":\"signals-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"title\":\"Tailscale alerts by rule\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-by-rule\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"title\":\"Severity distribution\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"signals-severity\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Recent Tailscale alerts\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"signals-recent\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"signals-group\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Device Posture Integrations\\n\\nMDM/EDR integrations connected to the tailnet. Requires Tailscale Premium or Enterprise.\"},\"name\":\"posture-header\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| project Provider, IntegrationId, ClientId, TenantId_Provider, Status\\n| order by Provider asc\",\"size\":0,\"title\":\"Current posture integrations\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"100\",\"name\":\"posture-current\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| summarize Count = count() by Provider\\n| render piechart\",\"size\":0,\"title\":\"Integrations by provider\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"posture-by-provider\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action in (\\\"CREATE\\\", \\\"UPDATE\\\", \\\"DELETE\\\")\\n| where tostring(Target.type) startswith \\\"POSTURE\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Provider = tostring(Target.name), Old, New\\n| order by TimeGenerated desc\",\"size\":0,\"title\":\"Posture integration change history\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"posture-changes\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"posture\"},\"name\":\"posture-group\"}],\"fromTemplateId\":\"sentinel-TailscalePremiumOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"5c59168c-014b-4a83-8a8f-73cc60997e6b\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\\\"><svg width=\\\"40\\\" height=\\\"40\\\" style=\\\"margin-right:14px;flex-shrink:0;fill:#a855f7\\\" xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><path d=\\\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\\\"/><path d=\\\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\\\" opacity=\\\".2\\\"/><path d=\\\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\" opacity=\\\".2\\\"/></svg><div><div style=\\\"font-size:22px;font-weight:600;letter-spacing:-0.5px\\\">Tailscale Premium (CCF)</div><div style=\\\"font-size:13px;color:#94a3b8;margin-top:2px\\\">Comprehensive visibility for Premium and Enterprise tier tailnets. All Standard telemetry plus network flow logs and posture-integration inventory. Scope every panel with the time range below.</div></div></div>\"},\"name\":\"header\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"c1c44fc1-1b89-45a5-92cb-8e2374d9a855\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"d1147d96-d052-47f7-b048-2b471f6f091c\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Devices\",\"subTarget\":\"devices\",\"style\":\"link\"},{\"id\":\"52c56980-5cfe-456c-a499-9cfd8317ad69\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Users & Identity\",\"subTarget\":\"users\",\"style\":\"link\"},{\"id\":\"9eb1d383-09e7-4aed-af3c-0dbe8c73dac6\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Credentials\",\"subTarget\":\"credentials\",\"style\":\"link\"},{\"id\":\"7cd3279a-4b91-430a-a68d-fb1fa2d74d9b\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"DNS & Tailnet\",\"subTarget\":\"dns\",\"style\":\"link\"},{\"id\":\"e5179782-bc17-42b3-9f8c-c2e0fbfd1f30\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Webhooks\",\"subTarget\":\"webhooks\",\"style\":\"link\"},{\"id\":\"6cce0298-c5ec-4092-bfc8-b84a6764fe62\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"8d8bbfed-b08e-401b-9f62-8eaa597261d3\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Posture\",\"subTarget\":\"posture\",\"style\":\"link\"},{\"id\":\"81d1910b-f903-4811-b762-cabeb7740c88\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Audit Activity\",\"subTarget\":\"audit\",\"style\":\"link\"},{\"id\":\"f685a8e3-878e-4cd6-b6d3-5340d57eb32b\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">At a glance</div>\"},\"name\":\"div-at-a-glance-75296e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union (Tailscale_Devices_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by DeviceId | summarize V=toreal(count())                              | extend Metric=\\\"Devices\\\",            Order=1),(Tailscale_Users_CL   | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by UserId   | summarize V=toreal(count())                              | extend Metric=\\\"Users\\\",              Order=2),(Tailscale_Keys_CL    | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by KeyId    | summarize V=toreal(countif(isnull(Revoked)))              | extend Metric=\\\"Active keys\\\",        Order=3),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange}                                                   | summarize V=toreal(count())                              | extend Metric=\\\"Audit events\\\",       Order=4),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange} | where tostring(Target.property) == \\\"ACL\\\" or tostring(Target.property) == \\\"DNS_SPLIT_DNS\\\" or tostring(Target.property) == \\\"DNS_NAMESERVERS\\\" or tostring(Target.property) == \\\"MAGICDNS_PREFERENCES\\\" | summarize V=toreal(count()) | extend Metric=\\\"DNS / ACL changes\\\", Order=5)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-b71f9f4a\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity over time</div>\"},\"name\":\"div-activity-over-time-bcc7c5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events by action\",\"visualization\":\"timechart\"},\"name\":\"q-8fc88ccb\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top actors</div>\"},\"name\":\"div-top-actors-bd287b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Top 10 actors\",\"visualization\":\"table\"},\"name\":\"q-93b0d742\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by TargetType = tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Activity by target type\",\"visualization\":\"table\"},\"name\":\"q-12fbe2ab\",\"customWidth\":\"50\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"group-overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory snapshot</div>\"},\"name\":\"div-device-inventory-snapshot-56b7ce\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nunion (base                                                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Total devices\\\",       Order=1),(base | where Authorized == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"Authorized\\\",          Order=2),(base | where IsExternal == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"External (shared)\\\",   Order=3),(base | where KeyExpiryDisabled == true                               | summarize V=toreal(count())                                      | extend Metric=\\\"Key expiry disabled\\\", Order=4),(base | where UpdateAvailable == true                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Update available\\\",    Order=5),(base | where array_length(AdvertisedRoutes) > 0                      | summarize V=toreal(count())                                      | extend Metric=\\\"Subnet routers\\\",      Order=6),(base | where LastSeen < ago(30d)                                     | summarize V=toreal(count())                                      | extend Metric=\\\"Stale (30+ days)\\\",    Order=7)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-b8b431c0\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-d18e9a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by Os\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by OS\",\"visualization\":\"piechart\"},\"name\":\"q-acf35833\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by ClientVersion\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by client version\",\"visualization\":\"barchart\"},\"name\":\"q-29ed4eb0\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| mv-expand Tag = Tags to typeof(string)\\n| summarize Devices = dcount(DeviceId) by Tag = iff(isempty(Tag), \\\"(untagged)\\\", Tag)\\n| order by Devices desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by tag\",\"visualization\":\"piechart\"},\"name\":\"q-71ed6d65\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory table</div>\"},\"name\":\"div-device-inventory-table-ba97ce\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| extend DaysToExpiry = iff(KeyExpiryDisabled == true, int(null), datetime_diff('day', Expires, now()))\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, LastSeen, DaysSinceSeen, DaysToExpiry, KeyExpiryDisabled, Tags, AdvertisedRoutes\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All devices (latest snapshot per device)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysSinceSeen\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":60}},{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":30}},{\"columnMatch\":\"UpdateAvailable\",\"formatter\":11},{\"columnMatch\":\"KeyExpiryDisabled\",\"formatter\":11}]}},\"name\":\"q-d0f59836\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routers and exit nodes</div>\"},\"name\":\"div-subnet-routers-and-exit-nodes-b80917\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\\n| project DeviceName, User, Os, AdvertisedRoutes, EnabledRoutes, Tags, LastSeen\\n| order by DeviceName asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices advertising routes (subnet routers / exit nodes)\",\"visualization\":\"table\"},\"name\":\"q-374f7fdc\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"devices\"},\"name\":\"group-devices\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Identity overview</div>\"},\"name\":\"div-identity-overview-2881ca\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\\nunion (base                                | summarize V=toreal(count())                                | extend Metric=\\\"Users\\\",             Order=1),(base | where Status =~ \\\"active\\\"   | summarize V=toreal(count())                                | extend Metric=\\\"Active\\\",            Order=2),(base | where Status =~ \\\"suspended\\\" | summarize V=toreal(count())                               | extend Metric=\\\"Suspended\\\",         Order=3),(base | where CurrentlyConnected == true | summarize V=toreal(count())                           | extend Metric=\\\"Currently connected\\\", Order=4),(base | where DeviceCount == 0       | summarize V=toreal(count())                                | extend Metric=\\\"Zero devices\\\",      Order=5),(base | where Role in (\\\"owner\\\",\\\"admin\\\",\\\"network-admin\\\") | summarize V=toreal(count())          | extend Metric=\\\"Elevated\\\",          Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-fd38a1c2\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-e6ff99\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Role\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by role\",\"visualization\":\"piechart\"},\"name\":\"q-776b4d9b\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Status\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by status\",\"visualization\":\"piechart\"},\"name\":\"q-13d1cabf\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">User inventory table</div>\"},\"name\":\"div-user-inventory-table-ddbb44\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| project LoginName, DisplayName, Role, Status, UserType, DeviceCount, CurrentlyConnected, LastSeen, DaysSinceSeen, Created\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All users (latest snapshot per user)\",\"visualization\":\"table\"},\"name\":\"q-5b6e7b3a\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"users\"},\"name\":\"group-users\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory</div>\"},\"name\":\"div-credential-inventory-30455a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId | where isnull(Revoked);\\nunion (base                                                  | summarize V=toreal(count())                  | extend Metric=\\\"Active credentials\\\",    Order=1),(base | where KeyType =~ \\\"auth\\\"                       | summarize V=toreal(count())                  | extend Metric=\\\"Auth keys\\\",             Order=2),(base | where KeyType in~ (\\\"apiAccessToken\\\",\\\"api_access_token\\\",\\\"apikey\\\") | summarize V=toreal(count()) | extend Metric=\\\"API tokens\\\",          Order=3),(base | where KeyType in~ (\\\"oauthClient\\\",\\\"oauth_client\\\")                  | summarize V=toreal(count()) | extend Metric=\\\"OAuth clients\\\",       Order=4),(base | where isnull(Expires)                          | summarize V=toreal(count())                  | extend Metric=\\\"No expiry\\\",             Order=5),(base | where isnotnull(Expires) and Expires < now()+7d | summarize V=toreal(count())                 | extend Metric=\\\"Expiring within 7 days\\\", Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-64bd4801\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credentials by type</div>\"},\"name\":\"div-credentials-by-type-00cf87\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| summarize Count = count() by KeyType\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by type\",\"visualization\":\"piechart\"},\"name\":\"q-32c060b4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked) and isnotnull(Expires)\\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\\n| extend Bucket = case(DaysToExpiry < 0, '0 expired', DaysToExpiry < 7, '1 within 7d', DaysToExpiry < 30, '2 within 30d', DaysToExpiry < 90, '3 within 90d', '4 over 90d')\\n| summarize Keys = count() by Bucket\\n| order by Bucket asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by expiry window\",\"visualization\":\"barchart\"},\"name\":\"q-43beab6b\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory table</div>\"},\"name\":\"div-credential-inventory-table-adc7f0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| extend DaysToExpiry = iff(isnull(Expires), int(null), datetime_diff('day', Expires, now()))\\n| project KeyId, KeyType, Description, Created, Expires, DaysToExpiry, Revoked, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All credentials (latest snapshot per ID)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":90}}]}},\"name\":\"q-4d271c05\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit log: credential lifecycle</div>\"},\"name\":\"div-audit-log:-credential-lifecycl-f6dfb7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, TargetType = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Create / update / delete events on credentials\",\"visualization\":\"table\"},\"name\":\"q-ecc5f778\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"credentials\"},\"name\":\"group-credentials\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Current DNS state</div>\"},\"name\":\"div-current-dns-state-400b06\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Dns_CL\\n| summarize arg_max(TimeGenerated, *) by ConfigType\\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastUpdated = TimeGenerated\\n| order by ConfigType asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"DNS configuration snapshot (latest per config type)\",\"visualization\":\"table\"},\"name\":\"q-12240394\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet settings snapshot</div>\"},\"name\":\"div-tailnet-settings-snapshot-b777cf\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| top 1 by TimeGenerated\\n| project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Current tailnet settings\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DevicesApprovalOn\",\"formatter\":11},{\"columnMatch\":\"DevicesAutoUpdatesOn\",\"formatter\":11},{\"columnMatch\":\"UsersApprovalOn\",\"formatter\":11},{\"columnMatch\":\"NetworkFlowLoggingOn\",\"formatter\":11},{\"columnMatch\":\"RegionalRoutingOn\",\"formatter\":11},{\"columnMatch\":\"PostureIdentityCollectionOn\",\"formatter\":11}]}},\"name\":\"q-69053c5e\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS / ACL / Settings change history</div>\"},\"name\":\"div-dns-/-acl-/-settings-change-hi-3efe2e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\"\\n| extend Property = tostring(Target.property), ActorLogin = tostring(Actor.loginName)\\n| where Property in (\\\"ACL\\\", \\\"DNS_NAMESERVERS\\\", \\\"DNS_SPLIT_DNS\\\", \\\"DNS_SEARCHPATHS\\\", \\\"MAGICDNS_PREFERENCES\\\", \\\"SETTINGS\\\", \\\"TAILNET_SETTINGS\\\")\\n| project TimeGenerated, ActorLogin, Property, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Tailnet configuration changes\",\"visualization\":\"table\"},\"name\":\"q-bf4dcbaf\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"dns\"},\"name\":\"group-dns\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook inventory</div>\"},\"name\":\"div-webhook-inventory-ac2dd4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Webhooks_CL\\n| summarize arg_max(TimeGenerated, *) by EndpointId\\n| project EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All webhooks (latest snapshot per endpoint)\",\"visualization\":\"table\"},\"name\":\"q-4f947b64\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook change history (from audit log)</div>\"},\"name\":\"div-webhook-change-history-(from-a-b5a420\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"WEBHOOK\\\" or tostring(Target.property) =~ \\\"WEBHOOK\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Target, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Webhook create / update / delete events\",\"visualization\":\"table\"},\"name\":\"q-cbd16912\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"webhooks\"},\"name\":\"group-webhooks\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Network flow summary</div>\"},\"name\":\"div-network-flow-summary-4f9133\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Network_CL | where TimeGenerated {TimeRange};\\nunion (base                                                          | summarize V=toreal(count())                                                                                                  | extend Metric=\\\"Messages\\\",         Order=1),(base                                                          | summarize V=toreal(dcount(NodeId))                                                                                          | extend Metric=\\\"Unique nodes\\\",     Order=2),(base | mv-expand t = VirtualTraffic                           | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\\\"Bytes total (B)\\\",  Order=3),(base | mv-expand t = ExitTraffic                              | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\\\"Exit egress (B)\\\",  Order=4),(base | mv-expand t = SubnetTraffic                            | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\\\"Subnet (B)\\\",       Order=5)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-6aeb3506\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top talkers</div>\"},\"name\":\"div-top-talkers-a1283e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by Src, Dst\\n| top 25 by TotalBytes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Top 25 src->dst pairs by bytes\",\"visualization\":\"barchart\"},\"name\":\"q-994f3cfe\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Exit-node usage</div>\"},\"name\":\"div-exit-node-usage-73c3f0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(ExitTraffic) > 0\\n| mv-expand t = ExitTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst = tostring(t.dst)\\n| top 25 by TotalBytes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Exit-node egress\",\"visualization\":\"table\"},\"name\":\"q-0a4f4625\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet router throughput</div>\"},\"name\":\"div-subnet-router-throughput-590dd2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(SubnetTraffic) > 0\\n| mv-expand t = SubnetTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\\n| top 15 by TotalBytes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Subnet routers by throughput\",\"visualization\":\"table\"},\"name\":\"q-b912a9e0\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Bytes over time</div>\"},\"name\":\"div-bytes-over-time-e5bc09\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\\n| render timechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Virtual traffic bytes per hour\",\"visualization\":\"table\"},\"name\":\"q-505f4fda\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"group-network\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Posture inventory</div>\"},\"name\":\"div-posture-inventory-09f2f0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| project Provider, IntegrationId, ClientId, TenantId_Provider, Status, ConfigOverwrites\\n| order by Provider asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Current posture integrations\",\"visualization\":\"table\"},\"name\":\"q-46b6e6de\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Integrations by provider</div>\"},\"name\":\"div-integrations-by-provider-539100\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| summarize Count = count() by Provider\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"By provider\",\"visualization\":\"piechart\"},\"name\":\"q-65328ab4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| top 1 by TimeGenerated\\n| project PostureIdentityCollectionOn\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Posture identity collection\",\"visualization\":\"table\"},\"name\":\"q-c5867d42\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Posture integration change history</div>\"},\"name\":\"div-posture-integration-change-his-dce848\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action in (\\\"CREATE\\\", \\\"UPDATE\\\", \\\"DELETE\\\")\\n| where tostring(Target.type) startswith \\\"POSTURE\\\" or tostring(Target.type) == \\\"POSTURE_INTEGRATION\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Provider = tostring(Target.name), Old, New\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit log: posture-integration changes\",\"visualization\":\"table\"},\"name\":\"q-6b24da73\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"posture\"},\"name\":\"group-posture\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit volume</div>\"},\"name\":\"div-audit-volume-73f015\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h)\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events per hour\",\"visualization\":\"timechart\"},\"name\":\"q-b71cf8c3\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor and action distribution</div>\"},\"name\":\"div-actor-and-action-distribution-2156c2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Actor / Action / Target heatmap\",\"visualization\":\"table\"},\"name\":\"q-2eddf283\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent activity</div>\"},\"name\":\"div-recent-activity-669c80\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type), Property = tostring(Target.property)\\n| project TimeGenerated, ActorLogin, Action, TargetType, Property, TargetId = tostring(Target.id), Origin\\n| order by TimeGenerated desc\\n| take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent 100 audit events\",\"visualization\":\"table\"},\"name\":\"q-49c1df44\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"audit\"},\"name\":\"group-audit\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailscale-related alerts</div>\"},\"name\":\"div-tailscale-related-alerts-871583\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Alerts by rule\",\"visualization\":\"table\"},\"name\":\"q-40e4f77b\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Severity distribution\",\"visualization\":\"table\"},\"name\":\"q-5fed33a4\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent Tailscale alerts</div>\"},\"name\":\"div-recent-tailscale-alerts-8e085b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent Tailscale alerts\",\"visualization\":\"table\"},\"name\":\"q-0bf0cedc\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"group-signals\"},{\"type\":1,\"content\":{\"json\":\"---\\n\\n**Tailscale Premium (CCF)** | All Standard telemetry plus network flow logs (`/logging/network`) and posture integrations (`/posture/integrations`) on Premium / Enterprise tier tailnets.\"},\"name\":\"footer\"}],\"fromTemplateId\":\"sentinel-TailscalePremiumOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json
index 0a22234f28d..617ba2e86f7 100644
--- a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
@@ -1,20 +1,13 @@
 {
   "version": "Notebook/1.0",
   "items": [
-    {
-      "type": 1,
-      "content": {
-        "json": "# Tailscale Operations (Premium)\n\nFull security and operational view across the **Tailscale Premium (CCF)** data connector \u2014 covers configuration audit (`Tailscale_Audit_CL`) **and** network flow (`Tailscale_Network_CL`) telemetry.\n\nFor Personal (Free) / Standard tier tailnets, use the **Tailscale Operations (Standard)** workbook instead."
-      },
-      "name": "header"
-    },
     {
       "type": 9,
       "content": {
         "version": "KqlParameterItem/1.0",
         "parameters": [
           {
-            "id": "timerange",
+            "id": "5c59168c-014b-4a83-8a8f-73cc60997e6b",
             "version": "KqlParameterItem/1.0",
             "name": "TimeRange",
             "type": 4,
@@ -55,6 +48,13 @@
       },
       "name": "parameters"
     },
+    {
+      "type": 1,
+      "content": {
+        "json": "<div style=\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\"><svg width=\"40\" height=\"40\" style=\"margin-right:14px;flex-shrink:0;fill:#a855f7\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 512 512\"><path d=\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\" opacity=\".2\"/><path d=\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\"/><path d=\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\" opacity=\".2\"/><path d=\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\"/><path d=\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\" opacity=\".2\"/><path d=\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\"/><path d=\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\" opacity=\".2\"/></svg><div><div style=\"font-size:22px;font-weight:600;letter-spacing:-0.5px\">Tailscale Premium (CCF)</div><div style=\"font-size:13px;color:#94a3b8;margin-top:2px\">Comprehensive visibility for Premium and Enterprise tier tailnets. All Standard telemetry plus network flow logs and posture-integration inventory. Scope every panel with the time range below.</div></div></div>"
+      },
+      "name": "header"
+    },
     {
       "type": 11,
       "content": {
@@ -62,7 +62,7 @@
         "style": "tabs",
         "links": [
           {
-            "id": "overview",
+            "id": "c1c44fc1-1b89-45a5-92cb-8e2374d9a855",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
             "linkLabel": "Overview",
@@ -70,36 +70,76 @@
             "style": "link"
           },
           {
-            "id": "config",
+            "id": "d1147d96-d052-47f7-b048-2b471f6f091c",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Identity & Configuration",
-            "subTarget": "config",
+            "linkLabel": "Devices",
+            "subTarget": "devices",
             "style": "link"
           },
           {
-            "id": "network",
+            "id": "52c56980-5cfe-456c-a499-9cfd8317ad69",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Network Flows (Premium)",
-            "subTarget": "network",
+            "linkLabel": "Users & Identity",
+            "subTarget": "users",
             "style": "link"
           },
           {
-            "id": "signals",
+            "id": "9eb1d383-09e7-4aed-af3c-0dbe8c73dac6",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Security Signals",
-            "subTarget": "signals",
+            "linkLabel": "Credentials",
+            "subTarget": "credentials",
+            "style": "link"
+          },
+          {
+            "id": "7cd3279a-4b91-430a-a68d-fb1fa2d74d9b",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "DNS & Tailnet",
+            "subTarget": "dns",
+            "style": "link"
+          },
+          {
+            "id": "e5179782-bc17-42b3-9f8c-c2e0fbfd1f30",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Webhooks",
+            "subTarget": "webhooks",
+            "style": "link"
+          },
+          {
+            "id": "6cce0298-c5ec-4092-bfc8-b84a6764fe62",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Network Flows",
+            "subTarget": "network",
             "style": "link"
           },
           {
-            "id": "posture",
+            "id": "8d8bbfed-b08e-401b-9f62-8eaa597261d3",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
             "linkLabel": "Posture",
             "subTarget": "posture",
             "style": "link"
+          },
+          {
+            "id": "81d1910b-f903-4811-b762-cabeb7740c88",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Audit Activity",
+            "subTarget": "audit",
+            "style": "link"
+          },
+          {
+            "id": "f685a8e3-878e-4cd6-b6d3-5340d57eb32b",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Security Signals",
+            "subTarget": "signals",
+            "style": "link"
           }
         ]
       },
@@ -114,43 +154,62 @@
           {
             "type": 1,
             "content": {
-              "json": "## Overview"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">At a glance</div>"
             },
-            "name": "overview-header"
+            "name": "div-at-a-glance-75296e"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \"UPDATE\" and tostring(Target.type) == \"TAILNET\" and tostring(Target.property) == \"ACL\"), CredentialsCreated = countif(Action == \"CREATE\" and tostring(Target.type) in (\"AUTH_KEY\", \"API_KEY\", \"OAUTH_CLIENT\"))",
-              "size": 4,
-              "title": "Configuration audit summary",
+              "query": "union (Tailscale_Devices_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by DeviceId | summarize V=toreal(count())                              | extend Metric=\"Devices\",            Order=1),(Tailscale_Users_CL   | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by UserId   | summarize V=toreal(count())                              | extend Metric=\"Users\",              Order=2),(Tailscale_Keys_CL    | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by KeyId    | summarize V=toreal(countif(isnull(Revoked)))              | extend Metric=\"Active keys\",        Order=3),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange}                                                   | summarize V=toreal(count())                              | extend Metric=\"Audit events\",       Order=4),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange} | where tostring(Target.property) == \"ACL\" or tostring(Target.property) == \"DNS_SPLIT_DNS\" or tostring(Target.property) == \"DNS_NAMESERVERS\" or tostring(Target.property) == \"MAGICDNS_PREFERENCES\" | summarize V=toreal(count()) | extend Metric=\"DNS / ACL changes\", Order=5)\n| order by Order asc | project Metric, Value=V",
+              "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "visualization": "tiles",
               "tileSettings": {
                 "titleContent": {
-                  "columnMatch": "TotalEvents",
-                  "formatter": 12
+                  "columnMatch": "Metric",
+                  "formatter": 1
                 },
-                "showBorder": true
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  }
+                },
+                "showBorder": false
               }
             },
-            "customWidth": "100",
-            "name": "overview-tiles"
+            "name": "q-b71f9f4a"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Activity over time</div>"
+            },
+            "name": "div-activity-over-time-bcc7c5"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\n| render timechart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action",
               "size": 0,
-              "title": "Configuration activity over time, by action",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Audit events by action",
+              "visualization": "timechart"
+            },
+            "name": "q-8fc88ccb"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Top actors</div>"
             },
-            "customWidth": "100",
-            "name": "overview-timeseries"
+            "name": "div-top-actors-bd287b"
           },
           {
             "type": 3,
@@ -158,25 +217,27 @@
               "version": "KqlItem/1.0",
               "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize EventCount = count() by ActorLogin\n| top 10 by EventCount\n| render barchart",
               "size": 0,
-              "title": "Top 10 actors",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Top 10 actors",
+              "visualization": "table"
             },
-            "customWidth": "50",
-            "name": "overview-top-actors"
+            "name": "q-93b0d742",
+            "customWidth": "50"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by tostring(Target.type)\n| top 10 by EventCount\n| render piechart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by TargetType = tostring(Target.type)\n| top 10 by EventCount\n| render piechart",
               "size": 0,
-              "title": "Target type distribution",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Activity by target type",
+              "visualization": "table"
             },
-            "customWidth": "50",
-            "name": "overview-target-types"
+            "name": "q-12fbe2ab",
+            "customWidth": "50"
           }
         ]
       },
@@ -185,7 +246,7 @@
         "comparison": "isEqualTo",
         "value": "overview"
       },
-      "name": "overview-group"
+      "name": "group-overview"
     },
     {
       "type": 12,
@@ -196,58 +257,266 @@
           {
             "type": 1,
             "content": {
-              "json": "## Identity & Configuration"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Device inventory snapshot</div>"
             },
-            "name": "config-header"
+            "name": "div-device-inventory-snapshot-56b7ce"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\n| summarize EventCount = count() by ActorLogin, Action, TargetType\n| order by EventCount desc",
+              "query": "let base = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\nunion (base                                                                 | summarize V=toreal(count())                                      | extend Metric=\"Total devices\",       Order=1),(base | where Authorized == true                                      | summarize V=toreal(count())                                      | extend Metric=\"Authorized\",          Order=2),(base | where IsExternal == true                                      | summarize V=toreal(count())                                      | extend Metric=\"External (shared)\",   Order=3),(base | where KeyExpiryDisabled == true                               | summarize V=toreal(count())                                      | extend Metric=\"Key expiry disabled\", Order=4),(base | where UpdateAvailable == true                                 | summarize V=toreal(count())                                      | extend Metric=\"Update available\",    Order=5),(base | where array_length(AdvertisedRoutes) > 0                      | summarize V=toreal(count())                                      | extend Metric=\"Subnet routers\",      Order=6),(base | where LastSeen < ago(30d)                                     | summarize V=toreal(count())                                      | extend Metric=\"Stale (30+ days)\",    Order=7)\n| order by Order asc | project Metric, Value=V",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "tiles",
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  }
+                },
+                "showBorder": false
+              }
+            },
+            "name": "q-b8b431c0"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
+            },
+            "name": "div-distribution-d18e9a"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Count = count() by Os\n| order by Count desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Devices by OS",
+              "visualization": "piechart"
+            },
+            "name": "q-acf35833",
+            "customWidth": "33"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Count = count() by ClientVersion\n| order by Count desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Devices by client version",
+              "visualization": "barchart"
+            },
+            "name": "q-29ed4eb0",
+            "customWidth": "33"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| mv-expand Tag = Tags to typeof(string)\n| summarize Devices = dcount(DeviceId) by Tag = iff(isempty(Tag), \"(untagged)\", Tag)\n| order by Devices desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Devices by tag",
+              "visualization": "piechart"
+            },
+            "name": "q-71ed6d65",
+            "customWidth": "33"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Device inventory table</div>"
+            },
+            "name": "div-device-inventory-table-ba97ce"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| extend DaysToExpiry = iff(KeyExpiryDisabled == true, int(null), datetime_diff('day', Expires, now()))\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, LastSeen, DaysSinceSeen, DaysToExpiry, KeyExpiryDisabled, Tags, AdvertisedRoutes\n| order by LastSeen desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "All devices (latest snapshot per device)",
+              "visualization": "table",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "DaysSinceSeen",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "redBright",
+                      "min": 0,
+                      "max": 60
+                    }
+                  },
+                  {
+                    "columnMatch": "DaysToExpiry",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "redBright",
+                      "min": 0,
+                      "max": 30
+                    }
+                  },
+                  {
+                    "columnMatch": "UpdateAvailable",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "KeyExpiryDisabled",
+                    "formatter": 11
+                  }
+                ]
+              }
+            },
+            "name": "q-d0f59836"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Subnet routers and exit nodes</div>"
+            },
+            "name": "div-subnet-routers-and-exit-nodes-b80917"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\n| project DeviceName, User, Os, AdvertisedRoutes, EnabledRoutes, Tags, LastSeen\n| order by DeviceName asc",
               "size": 0,
-              "title": "Actor / Action / Target heatmap",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Devices advertising routes (subnet routers / exit nodes)",
               "visualization": "table"
             },
-            "customWidth": "100",
-            "name": "config-heatmap"
+            "name": "q-374f7fdc"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "devices"
+      },
+      "name": "group-devices"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Identity overview</div>"
+            },
+            "name": "div-identity-overview-2881ca"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "let base = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\nunion (base                                | summarize V=toreal(count())                                | extend Metric=\"Users\",             Order=1),(base | where Status =~ \"active\"   | summarize V=toreal(count())                                | extend Metric=\"Active\",            Order=2),(base | where Status =~ \"suspended\" | summarize V=toreal(count())                               | extend Metric=\"Suspended\",         Order=3),(base | where CurrentlyConnected == true | summarize V=toreal(count())                           | extend Metric=\"Currently connected\", Order=4),(base | where DeviceCount == 0       | summarize V=toreal(count())                                | extend Metric=\"Zero devices\",      Order=5),(base | where Role in (\"owner\",\"admin\",\"network-admin\") | summarize V=toreal(count())          | extend Metric=\"Elevated\",          Order=6)\n| order by Order asc | project Metric, Value=V",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "tiles",
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  }
+                },
+                "showBorder": false
+              }
+            },
+            "name": "q-fd38a1c2"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
+            },
+            "name": "div-distribution-e6ff99"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Users = count() by Role\n| order by Users desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Users by role",
+              "visualization": "piechart"
+            },
+            "name": "q-776b4d9b",
+            "customWidth": "50"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\n| order by TimeGenerated desc",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Users = count() by Status\n| order by Users desc",
               "size": 0,
-              "title": "ACL policy change history",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Users by status",
+              "visualization": "piechart"
+            },
+            "name": "q-13d1cabf",
+            "customWidth": "50"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">User inventory table</div>"
             },
-            "customWidth": "100",
-            "name": "config-acl-history"
+            "name": "div-user-inventory-table-ddbb44"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"AUTH_KEY\", \"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Type = tostring(Target.type)\n| extend Description = tostring(New.description)\n| extend Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\n| project TimeGenerated, Action, Type, ActorLogin, TargetId = tostring(Target.id), Description, Reusable, Ephemeral\n| order by TimeGenerated desc",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| project LoginName, DisplayName, Role, Status, UserType, DeviceCount, CurrentlyConnected, LastSeen, DaysSinceSeen, Created\n| order by LastSeen desc",
               "size": 0,
-              "title": "Credential lifecycle (auth keys, API tokens, OAuth clients)",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "All users (latest snapshot per user)",
+              "visualization": "table"
             },
-            "customWidth": "100",
-            "name": "config-authkey-lifecycle"
+            "name": "q-5b6e7b3a"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "config"
+        "value": "users"
       },
-      "name": "config-group"
+      "name": "group-users"
     },
     {
       "type": 12,
@@ -258,84 +527,132 @@
           {
             "type": 1,
             "content": {
-              "json": "## Network Flows (Premium)\n\nThese visualisations require the `Tailscale Premium (CCF)` data connector. If no data is shown, install the Premium connector or confirm your tailnet is on the Premium or Enterprise tier."
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credential inventory</div>"
             },
-            "name": "network-header"
+            "name": "div-credential-inventory-30455a"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| summarize Messages = count(), UniqueNodes = dcount(NodeId)",
-              "size": 4,
-              "title": "Network flow summary",
+              "query": "let base = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId | where isnull(Revoked);\nunion (base                                                  | summarize V=toreal(count())                  | extend Metric=\"Active credentials\",    Order=1),(base | where KeyType =~ \"auth\"                       | summarize V=toreal(count())                  | extend Metric=\"Auth keys\",             Order=2),(base | where KeyType in~ (\"apiAccessToken\",\"api_access_token\",\"apikey\") | summarize V=toreal(count()) | extend Metric=\"API tokens\",          Order=3),(base | where KeyType in~ (\"oauthClient\",\"oauth_client\")                  | summarize V=toreal(count()) | extend Metric=\"OAuth clients\",       Order=4),(base | where isnull(Expires)                          | summarize V=toreal(count())                  | extend Metric=\"No expiry\",             Order=5),(base | where isnotnull(Expires) and Expires < now()+7d | summarize V=toreal(count())                 | extend Metric=\"Expiring within 7 days\", Order=6)\n| order by Order asc | project Metric, Value=V",
+              "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "visualization": "tiles"
+              "visualization": "tiles",
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  }
+                },
+                "showBorder": false
+              }
+            },
+            "name": "q-64bd4801"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credentials by type</div>"
             },
-            "customWidth": "100",
-            "name": "network-tiles"
+            "name": "div-credentials-by-type-00cf87"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(TxBytes + RxBytes) by Src, Dst\n| top 20 by TotalBytes\n| render barchart",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked)\n| summarize Count = count() by KeyType",
               "size": 0,
-              "title": "Top 20 talkers (virtual traffic, bytes)",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Credentials by type",
+              "visualization": "piechart"
             },
-            "customWidth": "100",
-            "name": "network-top-talkers"
+            "name": "q-32c060b4",
+            "customWidth": "50"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| extend ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst\n| top 50 by TotalBytes",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked) and isnotnull(Expires)\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\n| extend Bucket = case(DaysToExpiry < 0, '0 expired', DaysToExpiry < 7, '1 within 7d', DaysToExpiry < 30, '2 within 30d', DaysToExpiry < 90, '3 within 90d', '4 over 90d')\n| summarize Keys = count() by Bucket\n| order by Bucket asc",
               "size": 0,
-              "title": "Exit-node traffic",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Credentials by expiry window",
+              "visualization": "barchart"
             },
-            "customWidth": "50",
-            "name": "network-exit-traffic"
+            "name": "q-43beab6b",
+            "customWidth": "50"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credential inventory table</div>"
+            },
+            "name": "div-credential-inventory-table-adc7f0"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| where array_length(SubnetTraffic) > 0\n| mv-expand t = SubnetTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\n| top 25 by TotalBytes",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| extend DaysToExpiry = iff(isnull(Expires), int(null), datetime_diff('day', Expires, now()))\n| project KeyId, KeyType, Description, Created, Expires, DaysToExpiry, Revoked, Capabilities\n| order by Created desc",
               "size": 0,
-              "title": "Subnet router throughput by source node",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "All credentials (latest snapshot per ID)",
+              "visualization": "table",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "DaysToExpiry",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "redBright",
+                      "min": 0,
+                      "max": 90
+                    }
+                  }
+                ]
+              }
+            },
+            "name": "q-4d271c05"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Audit log: credential lifecycle</div>"
             },
-            "customWidth": "50",
-            "name": "network-subnet-traffic"
+            "name": "div-audit-log:-credential-lifecycl-f6dfb7"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| mv-expand t = VirtualTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\n| render timechart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"AUTH_KEY\", \"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, TargetType = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\n| order by TimeGenerated desc",
               "size": 0,
-              "title": "Virtual-traffic bytes over time",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Create / update / delete events on credentials",
+              "visualization": "table"
             },
-            "customWidth": "100",
-            "name": "network-bytes-timechart"
+            "name": "q-ecc5f778"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "network"
+        "value": "credentials"
       },
-      "name": "network-group"
+      "name": "group-credentials"
     },
     {
       "type": 12,
@@ -346,57 +663,99 @@
           {
             "type": 1,
             "content": {
-              "json": "## Security Signals\n\nIncidents and alerts raised by Tailscale-related analytic rules."
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Current DNS state</div>"
             },
-            "name": "signals-header"
+            "name": "div-current-dns-state-400b06"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertName, AlertSeverity\n| order by Count desc",
+              "query": "Tailscale_Dns_CL\n| summarize arg_max(TimeGenerated, *) by ConfigType\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastUpdated = TimeGenerated\n| order by ConfigType asc",
               "size": 0,
-              "title": "Tailscale alerts by rule",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "DNS configuration snapshot (latest per config type)",
+              "visualization": "table"
+            },
+            "name": "q-12240394"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailnet settings snapshot</div>"
             },
-            "customWidth": "50",
-            "name": "signals-by-rule"
+            "name": "div-tailnet-settings-snapshot-b777cf"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertSeverity\n| render piechart",
+              "query": "Tailscale_Settings_CL\n| top 1 by TimeGenerated\n| project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn",
               "size": 0,
-              "title": "Severity distribution",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Current tailnet settings",
+              "visualization": "table",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "DevicesApprovalOn",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "DevicesAutoUpdatesOn",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "UsersApprovalOn",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "NetworkFlowLoggingOn",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "RegionalRoutingOn",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "PostureIdentityCollectionOn",
+                    "formatter": 11
+                  }
+                ]
+              }
+            },
+            "name": "q-69053c5e"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">DNS / ACL / Settings change history</div>"
             },
-            "customWidth": "50",
-            "name": "signals-severity"
+            "name": "div-dns-/-acl-/-settings-change-hi-3efe2e"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action == \"UPDATE\" and tostring(Target.type) == \"TAILNET\"\n| extend Property = tostring(Target.property), ActorLogin = tostring(Actor.loginName)\n| where Property in (\"ACL\", \"DNS_NAMESERVERS\", \"DNS_SPLIT_DNS\", \"DNS_SEARCHPATHS\", \"MAGICDNS_PREFERENCES\", \"SETTINGS\", \"TAILNET_SETTINGS\")\n| project TimeGenerated, ActorLogin, Property, Old, New, Origin\n| order by TimeGenerated desc",
               "size": 0,
-              "title": "Recent Tailscale alerts",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Tailnet configuration changes",
+              "visualization": "table"
             },
-            "customWidth": "100",
-            "name": "signals-recent"
+            "name": "q-bf4dcbaf"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "signals"
+        "value": "dns"
       },
-      "name": "signals-group"
+      "name": "group-dns"
     },
     {
       "type": 12,
@@ -407,57 +766,421 @@
           {
             "type": 1,
             "content": {
-              "json": "## Device Posture Integrations\n\nMDM/EDR integrations connected to the tailnet. Requires Tailscale Premium or Enterprise."
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Webhook inventory</div>"
             },
-            "name": "posture-header"
+            "name": "div-webhook-inventory-ac2dd4"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| project Provider, IntegrationId, ClientId, TenantId_Provider, Status\n| order by Provider asc",
+              "query": "Tailscale_Webhooks_CL\n| summarize arg_max(TimeGenerated, *) by EndpointId\n| project EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions",
               "size": 0,
-              "title": "Current posture integrations",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "All webhooks (latest snapshot per endpoint)",
+              "visualization": "table"
             },
-            "customWidth": "100",
-            "name": "posture-current"
+            "name": "q-4f947b64"
           },
           {
-            "type": 3,
+            "type": 1,
             "content": {
-              "version": "KqlItem/1.0",
-              "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| summarize Count = count() by Provider\n| render piechart",
-              "size": 0,
-              "title": "Integrations by provider",
-              "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Webhook change history (from audit log)</div>"
             },
-            "customWidth": "50",
-            "name": "posture-by-provider"
+            "name": "div-webhook-change-history-(from-a-b5a420"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action in (\"CREATE\", \"UPDATE\", \"DELETE\")\n| where tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, Provider = tostring(Target.name), Old, New\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"WEBHOOK\" or tostring(Target.property) =~ \"WEBHOOK\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, Target, Old, New, Origin\n| order by TimeGenerated desc",
               "size": 0,
-              "title": "Posture integration change history",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Webhook create / update / delete events",
+              "visualization": "table"
             },
-            "customWidth": "50",
-            "name": "posture-changes"
+            "name": "q-cbd16912"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "posture"
+        "value": "webhooks"
+      },
+      "name": "group-webhooks"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Network flow summary</div>"
+            },
+            "name": "div-network-flow-summary-4f9133"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "let base = Tailscale_Network_CL | where TimeGenerated {TimeRange};\nunion (base                                                          | summarize V=toreal(count())                                                                                                  | extend Metric=\"Messages\",         Order=1),(base                                                          | summarize V=toreal(dcount(NodeId))                                                                                          | extend Metric=\"Unique nodes\",     Order=2),(base | mv-expand t = VirtualTraffic                           | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\"Bytes total (B)\",  Order=3),(base | mv-expand t = ExitTraffic                              | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\"Exit egress (B)\",  Order=4),(base | mv-expand t = SubnetTraffic                            | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\"Subnet (B)\",       Order=5)\n| order by Order asc | project Metric, Value=V",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "tiles",
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  }
+                },
+                "showBorder": false
+              }
+            },
+            "name": "q-6aeb3506"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Top talkers</div>"
+            },
+            "name": "div-top-talkers-a1283e"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes) by Src, Dst\n| top 25 by TotalBytes",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Top 25 src->dst pairs by bytes",
+              "visualization": "barchart"
+            },
+            "name": "q-994f3cfe"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Exit-node usage</div>"
+            },
+            "name": "div-exit-node-usage-73c3f0"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst = tostring(t.dst)\n| top 25 by TotalBytes",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Exit-node egress",
+              "visualization": "table"
+            },
+            "name": "q-0a4f4625"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Subnet router throughput</div>"
+            },
+            "name": "div-subnet-router-throughput-590dd2"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| where array_length(SubnetTraffic) > 0\n| mv-expand t = SubnetTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\n| top 15 by TotalBytes",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Subnet routers by throughput",
+              "visualization": "table"
+            },
+            "name": "q-b912a9e0"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Bytes over time</div>"
+            },
+            "name": "div-bytes-over-time-e5bc09"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| mv-expand t = VirtualTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\n| render timechart",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Virtual traffic bytes per hour",
+              "visualization": "table"
+            },
+            "name": "q-505f4fda"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "network"
+      },
+      "name": "group-network"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Posture inventory</div>"
+            },
+            "name": "div-posture-inventory-09f2f0"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| project Provider, IntegrationId, ClientId, TenantId_Provider, Status, ConfigOverwrites\n| order by Provider asc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Current posture integrations",
+              "visualization": "table"
+            },
+            "name": "q-46b6e6de"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Integrations by provider</div>"
+            },
+            "name": "div-integrations-by-provider-539100"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| summarize Count = count() by Provider\n| order by Count desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "By provider",
+              "visualization": "piechart"
+            },
+            "name": "q-65328ab4",
+            "customWidth": "50"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Settings_CL\n| top 1 by TimeGenerated\n| project PostureIdentityCollectionOn",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Posture identity collection",
+              "visualization": "table"
+            },
+            "name": "q-c5867d42",
+            "customWidth": "50"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Posture integration change history</div>"
+            },
+            "name": "div-posture-integration-change-his-dce848"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action in (\"CREATE\", \"UPDATE\", \"DELETE\")\n| where tostring(Target.type) startswith \"POSTURE\" or tostring(Target.type) == \"POSTURE_INTEGRATION\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, Provider = tostring(Target.name), Old, New\n| order by TimeGenerated desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Audit log: posture-integration changes",
+              "visualization": "table"
+            },
+            "name": "q-6b24da73"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "posture"
+      },
+      "name": "group-posture"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Audit volume</div>"
+            },
+            "name": "div-audit-volume-73f015"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h)",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Audit events per hour",
+              "visualization": "timechart"
+            },
+            "name": "q-b71cf8c3"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Actor and action distribution</div>"
+            },
+            "name": "div-actor-and-action-distribution-2156c2"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\n| summarize EventCount = count() by ActorLogin, Action, TargetType\n| order by EventCount desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Actor / Action / Target heatmap",
+              "visualization": "table"
+            },
+            "name": "q-2eddf283"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Recent activity</div>"
+            },
+            "name": "div-recent-activity-669c80"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type), Property = tostring(Target.property)\n| project TimeGenerated, ActorLogin, Action, TargetType, Property, TargetId = tostring(Target.id), Origin\n| order by TimeGenerated desc\n| take 100",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Recent 100 audit events",
+              "visualization": "table"
+            },
+            "name": "q-49c1df44"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "audit"
+      },
+      "name": "group-audit"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailscale-related alerts</div>"
+            },
+            "name": "div-tailscale-related-alerts-871583"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertName, AlertSeverity\n| order by Count desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Alerts by rule",
+              "visualization": "table"
+            },
+            "name": "q-40e4f77b",
+            "customWidth": "50"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertSeverity\n| render piechart",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Severity distribution",
+              "visualization": "table"
+            },
+            "name": "q-5fed33a4",
+            "customWidth": "50"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Recent Tailscale alerts</div>"
+            },
+            "name": "div-recent-tailscale-alerts-8e085b"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\n| order by TimeGenerated desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Recent Tailscale alerts",
+              "visualization": "table"
+            },
+            "name": "q-0bf0cedc"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "signals"
+      },
+      "name": "group-signals"
+    },
+    {
+      "type": 1,
+      "content": {
+        "json": "---\n\n**Tailscale Premium (CCF)** | All Standard telemetry plus network flow logs (`/logging/network`) and posture integrations (`/posture/integrations`) on Premium / Enterprise tier tailnets."
       },
-      "name": "posture-group"
+      "name": "footer"
     }
   ],
   "fallbackResourceIds": [],
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json
index 33094db969f..a29a884ee06 100644
--- a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
@@ -1,20 +1,13 @@
 {
   "version": "Notebook/1.0",
   "items": [
-    {
-      "type": 1,
-      "content": {
-        "json": "# Tailscale Operations (Standard)\n\nSecurity and operational view across the **Tailscale Standard (CCF)** data connector. Surfaces configuration audit data (`Tailscale_Audit_CL`).\n\nFor network flow visibility, upgrade your tailnet to Premium / Enterprise and install **Tailscale Premium (CCF)** + use the **Tailscale Operations (Premium)** workbook."
-      },
-      "name": "header"
-    },
     {
       "type": 9,
       "content": {
         "version": "KqlParameterItem/1.0",
         "parameters": [
           {
-            "id": "timerange",
+            "id": "97a71946-815e-4519-a889-a10d455eafd6",
             "version": "KqlParameterItem/1.0",
             "name": "TimeRange",
             "type": 4,
@@ -55,6 +48,13 @@
       },
       "name": "parameters"
     },
+    {
+      "type": 1,
+      "content": {
+        "json": "<div style=\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\"><svg width=\"40\" height=\"40\" style=\"margin-right:14px;flex-shrink:0;fill:#3b82f6\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 512 512\"><path d=\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\" opacity=\".2\"/><path d=\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\"/><path d=\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\" opacity=\".2\"/><path d=\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\"/><path d=\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\" opacity=\".2\"/><path d=\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\"/><path d=\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\" opacity=\".2\"/></svg><div><div style=\"font-size:22px;font-weight:600;letter-spacing:-0.5px\">Tailscale Standard (CCF)</div><div style=\"font-size:13px;color:#94a3b8;margin-top:2px\">Comprehensive visibility into a Tailscale tailnet on Personal (Free) and Standard tiers. Audit events, device inventory, users, credentials, DNS and tailnet settings polled from the Tailscale API. Scope every panel with the time range below.</div></div></div>"
+      },
+      "name": "header"
+    },
     {
       "type": 11,
       "content": {
@@ -62,7 +62,7 @@
         "style": "tabs",
         "links": [
           {
-            "id": "overview",
+            "id": "9505e7fb-6622-4014-8686-14f8432cf042",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
             "linkLabel": "Overview",
@@ -70,15 +70,55 @@
             "style": "link"
           },
           {
-            "id": "config",
+            "id": "1a6c8fea-a005-4fc4-a09a-4e99bb459744",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Devices",
+            "subTarget": "devices",
+            "style": "link"
+          },
+          {
+            "id": "9b499cf5-007a-4e78-a541-94edbd5963ed",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Users & Identity",
+            "subTarget": "users",
+            "style": "link"
+          },
+          {
+            "id": "29accdba-1ce7-4b56-a054-fa69eced7886",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Credentials",
+            "subTarget": "credentials",
+            "style": "link"
+          },
+          {
+            "id": "10a5ef86-e291-4ec9-804b-1d95a35b82a3",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "DNS & Tailnet",
+            "subTarget": "dns",
+            "style": "link"
+          },
+          {
+            "id": "b75f9e0e-7135-4ec7-8d82-13505b3f1f31",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Webhooks",
+            "subTarget": "webhooks",
+            "style": "link"
+          },
+          {
+            "id": "77485d43-6f26-4ad6-afce-e76e4710820f",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Identity & Configuration",
-            "subTarget": "config",
+            "linkLabel": "Audit Activity",
+            "subTarget": "audit",
             "style": "link"
           },
           {
-            "id": "signals",
+            "id": "99788080-b885-4220-9190-ca3546528cfe",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
             "linkLabel": "Security Signals",
@@ -98,43 +138,62 @@
           {
             "type": 1,
             "content": {
-              "json": "## Overview"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">At a glance</div>"
             },
-            "name": "overview-header"
+            "name": "div-at-a-glance-a23e75"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize TotalEvents = count(), UniqueActors = dcount(tostring(Actor.loginName)), ACLChanges = countif(Action == \"UPDATE\" and tostring(Target.type) == \"TAILNET\" and tostring(Target.property) == \"ACL\"), CredentialsCreated = countif(Action == \"CREATE\" and tostring(Target.type) in (\"AUTH_KEY\", \"API_KEY\", \"OAUTH_CLIENT\"))",
-              "size": 4,
-              "title": "Configuration audit summary",
+              "query": "union (Tailscale_Devices_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by DeviceId | summarize V=toreal(count())                              | extend Metric=\"Devices\",            Order=1),(Tailscale_Users_CL   | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by UserId   | summarize V=toreal(count())                              | extend Metric=\"Users\",              Order=2),(Tailscale_Keys_CL    | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by KeyId    | summarize V=toreal(countif(isnull(Revoked)))              | extend Metric=\"Active keys\",        Order=3),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange}                                                   | summarize V=toreal(count())                              | extend Metric=\"Audit events\",       Order=4),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange} | where tostring(Target.property) == \"ACL\" or tostring(Target.property) == \"DNS_SPLIT_DNS\" or tostring(Target.property) == \"DNS_NAMESERVERS\" or tostring(Target.property) == \"MAGICDNS_PREFERENCES\" | summarize V=toreal(count()) | extend Metric=\"DNS / ACL changes\", Order=5)\n| order by Order asc | project Metric, Value=V",
+              "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "visualization": "tiles",
               "tileSettings": {
                 "titleContent": {
-                  "columnMatch": "TotalEvents",
-                  "formatter": 12
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  }
                 },
-                "showBorder": true
+                "showBorder": false
               }
             },
-            "customWidth": "100",
-            "name": "overview-tiles"
+            "name": "q-97c91b94"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Activity over time</div>"
+            },
+            "name": "div-activity-over-time-cad2b2"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\n| render timechart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action",
               "size": 0,
-              "title": "Configuration activity over time, by action",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Audit events by action",
+              "visualization": "timechart"
+            },
+            "name": "q-b6555f0f"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Top actors</div>"
             },
-            "customWidth": "100",
-            "name": "overview-timeseries"
+            "name": "div-top-actors-8776bb"
           },
           {
             "type": 3,
@@ -142,25 +201,27 @@
               "version": "KqlItem/1.0",
               "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize EventCount = count() by ActorLogin\n| top 10 by EventCount\n| render barchart",
               "size": 0,
-              "title": "Top 10 actors",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Top 10 actors",
+              "visualization": "table"
             },
-            "customWidth": "50",
-            "name": "overview-top-actors"
+            "name": "q-91e46bcd",
+            "customWidth": "50"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by tostring(Target.type)\n| top 10 by EventCount\n| render piechart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by TargetType = tostring(Target.type)\n| top 10 by EventCount\n| render piechart",
               "size": 0,
-              "title": "Target type distribution",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Activity by target type",
+              "visualization": "table"
             },
-            "customWidth": "50",
-            "name": "overview-target-types"
+            "name": "q-226763e3",
+            "customWidth": "50"
           }
         ]
       },
@@ -169,7 +230,7 @@
         "comparison": "isEqualTo",
         "value": "overview"
       },
-      "name": "overview-group"
+      "name": "group-overview"
     },
     {
       "type": 12,
@@ -180,58 +241,505 @@
           {
             "type": 1,
             "content": {
-              "json": "## Identity & Configuration"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Device inventory snapshot</div>"
             },
-            "name": "config-header"
+            "name": "div-device-inventory-snapshot-9aebf5"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\n| summarize EventCount = count() by ActorLogin, Action, TargetType\n| order by EventCount desc",
+              "query": "let base = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\nunion (base                                                                 | summarize V=toreal(count())                                      | extend Metric=\"Total devices\",       Order=1),(base | where Authorized == true                                      | summarize V=toreal(count())                                      | extend Metric=\"Authorized\",          Order=2),(base | where IsExternal == true                                      | summarize V=toreal(count())                                      | extend Metric=\"External (shared)\",   Order=3),(base | where KeyExpiryDisabled == true                               | summarize V=toreal(count())                                      | extend Metric=\"Key expiry disabled\", Order=4),(base | where UpdateAvailable == true                                 | summarize V=toreal(count())                                      | extend Metric=\"Update available\",    Order=5),(base | where array_length(AdvertisedRoutes) > 0                      | summarize V=toreal(count())                                      | extend Metric=\"Subnet routers\",      Order=6),(base | where LastSeen < ago(30d)                                     | summarize V=toreal(count())                                      | extend Metric=\"Stale (30+ days)\",    Order=7)\n| order by Order asc | project Metric, Value=V",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "tiles",
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  }
+                },
+                "showBorder": false
+              }
+            },
+            "name": "q-2c8bcfb1"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
+            },
+            "name": "div-distribution-c08880"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Count = count() by Os\n| order by Count desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Devices by OS",
+              "visualization": "piechart"
+            },
+            "name": "q-8435df72",
+            "customWidth": "33"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Count = count() by ClientVersion\n| order by Count desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Devices by client version",
+              "visualization": "barchart"
+            },
+            "name": "q-95a9414c",
+            "customWidth": "33"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| mv-expand Tag = Tags to typeof(string)\n| summarize Devices = dcount(DeviceId) by Tag = iff(isempty(Tag), \"(untagged)\", Tag)\n| order by Devices desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Devices by tag",
+              "visualization": "piechart"
+            },
+            "name": "q-7e72903f",
+            "customWidth": "33"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Device inventory table</div>"
+            },
+            "name": "div-device-inventory-table-d1a89d"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| extend DaysToExpiry = iff(KeyExpiryDisabled == true, int(null), datetime_diff('day', Expires, now()))\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, LastSeen, DaysSinceSeen, DaysToExpiry, KeyExpiryDisabled, Tags, AdvertisedRoutes\n| order by LastSeen desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "All devices (latest snapshot per device)",
+              "visualization": "table",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "DaysSinceSeen",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "redBright",
+                      "min": 0,
+                      "max": 60
+                    }
+                  },
+                  {
+                    "columnMatch": "DaysToExpiry",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "redBright",
+                      "min": 0,
+                      "max": 30
+                    }
+                  },
+                  {
+                    "columnMatch": "UpdateAvailable",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "KeyExpiryDisabled",
+                    "formatter": 11
+                  }
+                ]
+              }
+            },
+            "name": "q-d7892cab"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Subnet routers and exit nodes</div>"
+            },
+            "name": "div-subnet-routers-and-exit-nodes-a6fbe2"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\n| project DeviceName, User, Os, AdvertisedRoutes, EnabledRoutes, Tags, LastSeen\n| order by DeviceName asc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Devices advertising routes (subnet routers / exit nodes)",
+              "visualization": "table"
+            },
+            "name": "q-50b65ee3"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "devices"
+      },
+      "name": "group-devices"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Identity overview</div>"
+            },
+            "name": "div-identity-overview-9335d8"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "let base = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\nunion (base                                | summarize V=toreal(count())                                | extend Metric=\"Users\",             Order=1),(base | where Status =~ \"active\"   | summarize V=toreal(count())                                | extend Metric=\"Active\",            Order=2),(base | where Status =~ \"suspended\" | summarize V=toreal(count())                               | extend Metric=\"Suspended\",         Order=3),(base | where CurrentlyConnected == true | summarize V=toreal(count())                           | extend Metric=\"Currently connected\", Order=4),(base | where DeviceCount == 0       | summarize V=toreal(count())                                | extend Metric=\"Zero devices\",      Order=5),(base | where Role in (\"owner\",\"admin\",\"network-admin\") | summarize V=toreal(count())          | extend Metric=\"Elevated\",          Order=6)\n| order by Order asc | project Metric, Value=V",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "tiles",
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  }
+                },
+                "showBorder": false
+              }
+            },
+            "name": "q-fb41aa51"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
+            },
+            "name": "div-distribution-4b2298"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Users = count() by Role\n| order by Users desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Users by role",
+              "visualization": "piechart"
+            },
+            "name": "q-69fb1d2d",
+            "customWidth": "50"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Users = count() by Status\n| order by Users desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Users by status",
+              "visualization": "piechart"
+            },
+            "name": "q-d026cea9",
+            "customWidth": "50"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">User inventory table</div>"
+            },
+            "name": "div-user-inventory-table-79802d"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| project LoginName, DisplayName, Role, Status, UserType, DeviceCount, CurrentlyConnected, LastSeen, DaysSinceSeen, Created\n| order by LastSeen desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "All users (latest snapshot per user)",
+              "visualization": "table"
+            },
+            "name": "q-bd4b15af"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "users"
+      },
+      "name": "group-users"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credential inventory</div>"
+            },
+            "name": "div-credential-inventory-3dbcc1"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "let base = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId | where isnull(Revoked);\nunion (base                                                  | summarize V=toreal(count())                  | extend Metric=\"Active credentials\",    Order=1),(base | where KeyType =~ \"auth\"                       | summarize V=toreal(count())                  | extend Metric=\"Auth keys\",             Order=2),(base | where KeyType in~ (\"apiAccessToken\",\"api_access_token\",\"apikey\") | summarize V=toreal(count()) | extend Metric=\"API tokens\",          Order=3),(base | where KeyType in~ (\"oauthClient\",\"oauth_client\")                  | summarize V=toreal(count()) | extend Metric=\"OAuth clients\",       Order=4),(base | where isnull(Expires)                          | summarize V=toreal(count())                  | extend Metric=\"No expiry\",             Order=5),(base | where isnotnull(Expires) and Expires < now()+7d | summarize V=toreal(count())                 | extend Metric=\"Expiring within 7 days\", Order=6)\n| order by Order asc | project Metric, Value=V",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "tiles",
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  }
+                },
+                "showBorder": false
+              }
+            },
+            "name": "q-7f141013"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credentials by type</div>"
+            },
+            "name": "div-credentials-by-type-20d5b3"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked)\n| summarize Count = count() by KeyType",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Credentials by type",
+              "visualization": "piechart"
+            },
+            "name": "q-dfb3fbc4",
+            "customWidth": "50"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked) and isnotnull(Expires)\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\n| extend Bucket = case(DaysToExpiry < 0, '0 expired', DaysToExpiry < 7, '1 within 7d', DaysToExpiry < 30, '2 within 30d', DaysToExpiry < 90, '3 within 90d', '4 over 90d')\n| summarize Keys = count() by Bucket\n| order by Bucket asc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Credentials by expiry window",
+              "visualization": "barchart"
+            },
+            "name": "q-09938e1d",
+            "customWidth": "50"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credential inventory table</div>"
+            },
+            "name": "div-credential-inventory-table-0ccb53"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| extend DaysToExpiry = iff(isnull(Expires), int(null), datetime_diff('day', Expires, now()))\n| project KeyId, KeyType, Description, Created, Expires, DaysToExpiry, Revoked, Capabilities\n| order by Created desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "All credentials (latest snapshot per ID)",
+              "visualization": "table",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "DaysToExpiry",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "redBright",
+                      "min": 0,
+                      "max": 90
+                    }
+                  }
+                ]
+              }
+            },
+            "name": "q-0660a92f"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Audit log: credential lifecycle</div>"
+            },
+            "name": "div-audit-log:-credential-lifecycl-25cd5f"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"AUTH_KEY\", \"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, TargetType = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Create / update / delete events on credentials",
+              "visualization": "table"
+            },
+            "name": "q-667d6168"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "credentials"
+      },
+      "name": "group-credentials"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Current DNS state</div>"
+            },
+            "name": "div-current-dns-state-b054f9"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Dns_CL\n| summarize arg_max(TimeGenerated, *) by ConfigType\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastUpdated = TimeGenerated\n| order by ConfigType asc",
               "size": 0,
-              "title": "Actor / Action / Target heatmap",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "DNS configuration snapshot (latest per config type)",
               "visualization": "table"
             },
-            "customWidth": "100",
-            "name": "config-heatmap"
+            "name": "q-b72ff334"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailnet settings snapshot</div>"
+            },
+            "name": "div-tailnet-settings-snapshot-a457cb"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, OldPolicy = Old, NewPolicy = New\n| order by TimeGenerated desc",
+              "query": "Tailscale_Settings_CL\n| top 1 by TimeGenerated\n| project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn",
               "size": 0,
-              "title": "ACL policy change history",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Current tailnet settings",
+              "visualization": "table",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "DevicesApprovalOn",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "DevicesAutoUpdatesOn",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "UsersApprovalOn",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "NetworkFlowLoggingOn",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "RegionalRoutingOn",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "PostureIdentityCollectionOn",
+                    "formatter": 11
+                  }
+                ]
+              }
+            },
+            "name": "q-99cf0545"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">DNS / ACL / Settings change history</div>"
             },
-            "customWidth": "100",
-            "name": "config-acl-history"
+            "name": "div-dns-/-acl-/-settings-change-hi-b18656"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"AUTH_KEY\", \"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Type = tostring(Target.type)\n| extend Description = tostring(New.description)\n| extend Reusable = tostring(New.reusable), Ephemeral = tostring(New.ephemeral)\n| project TimeGenerated, Action, Type, ActorLogin, TargetId = tostring(Target.id), Description, Reusable, Ephemeral\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action == \"UPDATE\" and tostring(Target.type) == \"TAILNET\"\n| extend Property = tostring(Target.property), ActorLogin = tostring(Actor.loginName)\n| where Property in (\"ACL\", \"DNS_NAMESERVERS\", \"DNS_SPLIT_DNS\", \"DNS_SEARCHPATHS\", \"MAGICDNS_PREFERENCES\", \"SETTINGS\", \"TAILNET_SETTINGS\")\n| project TimeGenerated, ActorLogin, Property, Old, New, Origin\n| order by TimeGenerated desc",
               "size": 0,
-              "title": "Credential lifecycle (auth keys, API tokens, OAuth clients)",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Tailnet configuration changes",
+              "visualization": "table"
             },
-            "customWidth": "100",
-            "name": "config-authkey-lifecycle"
+            "name": "q-47218d2a"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "config"
+        "value": "dns"
       },
-      "name": "config-group"
+      "name": "group-dns"
     },
     {
       "type": 12,
@@ -242,9 +750,139 @@
           {
             "type": 1,
             "content": {
-              "json": "## Security Signals\n\nIncidents and alerts raised by Tailscale-related analytic rules."
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Webhook inventory</div>"
             },
-            "name": "signals-header"
+            "name": "div-webhook-inventory-ca6406"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Webhooks_CL\n| summarize arg_max(TimeGenerated, *) by EndpointId\n| project EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "All webhooks (latest snapshot per endpoint)",
+              "visualization": "table"
+            },
+            "name": "q-d2585638"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Webhook change history (from audit log)</div>"
+            },
+            "name": "div-webhook-change-history-(from-a-040d0e"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"WEBHOOK\" or tostring(Target.property) =~ \"WEBHOOK\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, Target, Old, New, Origin\n| order by TimeGenerated desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Webhook create / update / delete events",
+              "visualization": "table"
+            },
+            "name": "q-303ec591"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "webhooks"
+      },
+      "name": "group-webhooks"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Audit volume</div>"
+            },
+            "name": "div-audit-volume-2dac6c"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h)",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Audit events per hour",
+              "visualization": "timechart"
+            },
+            "name": "q-6831105c"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Actor and action distribution</div>"
+            },
+            "name": "div-actor-and-action-distribution-e6ef51"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\n| summarize EventCount = count() by ActorLogin, Action, TargetType\n| order by EventCount desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Actor / Action / Target heatmap",
+              "visualization": "table"
+            },
+            "name": "q-2d0d578e"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Recent activity</div>"
+            },
+            "name": "div-recent-activity-a8f996"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type), Property = tostring(Target.property)\n| project TimeGenerated, ActorLogin, Action, TargetType, Property, TargetId = tostring(Target.id), Origin\n| order by TimeGenerated desc\n| take 100",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Recent 100 audit events",
+              "visualization": "table"
+            },
+            "name": "q-03fb31a7"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "audit"
+      },
+      "name": "group-audit"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailscale-related alerts</div>"
+            },
+            "name": "div-tailscale-related-alerts-a0f1ca"
           },
           {
             "type": 3,
@@ -252,12 +890,13 @@
               "version": "KqlItem/1.0",
               "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertName, AlertSeverity\n| order by Count desc",
               "size": 0,
-              "title": "Tailscale alerts by rule",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Alerts by rule",
+              "visualization": "table"
             },
-            "customWidth": "50",
-            "name": "signals-by-rule"
+            "name": "q-ffba1ab4",
+            "customWidth": "50"
           },
           {
             "type": 3,
@@ -265,12 +904,20 @@
               "version": "KqlItem/1.0",
               "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertSeverity\n| render piechart",
               "size": 0,
-              "title": "Severity distribution",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Severity distribution",
+              "visualization": "table"
             },
-            "customWidth": "50",
-            "name": "signals-severity"
+            "name": "q-bf9342b0",
+            "customWidth": "50"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Recent Tailscale alerts</div>"
+            },
+            "name": "div-recent-tailscale-alerts-45f843"
           },
           {
             "type": 3,
@@ -278,12 +925,12 @@
               "version": "KqlItem/1.0",
               "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\n| order by TimeGenerated desc",
               "size": 0,
-              "title": "Recent Tailscale alerts",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces"
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "title": "Recent Tailscale alerts",
+              "visualization": "table"
             },
-            "customWidth": "100",
-            "name": "signals-recent"
+            "name": "q-dfb44602"
           }
         ]
       },
@@ -292,7 +939,14 @@
         "comparison": "isEqualTo",
         "value": "signals"
       },
-      "name": "signals-group"
+      "name": "group-signals"
+    },
+    {
+      "type": 1,
+      "content": {
+        "json": "---\n\n**Tailscale Standard (CCF)** | Polled from the Tailscale Site Manager API every 5 minutes (audit) / hourly (state). For Premium / Enterprise tier tailnets that need network flow logs and posture telemetry, install **Tailscale Premium (CCF)** instead."
+      },
+      "name": "footer"
     }
   ],
   "fallbackResourceIds": [],

From 808e03264b8b08f0ace5dcc987e85eadb011e408 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 11:27:44 +0100
Subject: [PATCH 10/27] Tailscale (CCF): switch /devices poller to ?fields=all
 (expose routes)

The default Tailscale /devices endpoint returns a minimal schema that
excludes the per-device route information (advertisedRoutes,
enabledRoutes), connectivity details, distro and SSH-enabled flags. The
Subnet Routers and Exit Nodes workbook panel was empty because every
device's AdvertisedRoutes/EnabledRoutes was null.

Switching the poller to /devices?fields=all returns the full schema and
unblocks exit-node and subnet-router visibility.

Confirmed against live tailnet:
  apple-tv:        advertisedRoutes=[0.0.0.0/0, ::/0]   enabled=[]
                   -> configured as exit node, not yet approved
  stl-exit-vh01:   advertisedRoutes=[0.0.0.0/0, ::/0]   enabled=[0.0.0.0/0, ::/0]
                   -> active exit node
  strasbourg-exit: advertisedRoutes=[0.0.0.0/0, ::/0]   enabled=[0.0.0.0/0, ::/0]
                   -> active exit node
  chsunr01:        advertisedRoutes=[10.0.10.0/26, 10.0.50.0/27]
                   enabled=[0.0.0.0/0, 10.0.10.0/26, 10.0.50.0/27, ::/0]
                   -> subnet router + exit node

New columns on Tailscale_Devices_CL (now 29 columns):
  Distro             string   Linux distribution (ubuntu, alpine, etc.)
  SshEnabled         boolean  Tailscale SSH active on the device
  ConnectedToControl boolean  Has recently connected to the control plane
                              (lastSeen is null when this is true)
  TailnetLockKey     string   Public half of the tailnet-lock key
  TailnetLockError   string   Error code if tailnet-lock validation failed

Applied to both connectors (Standard + Premium). Both DCRs updated with
the new streamDeclaration columns and transformKql mapping. Both rebuild
cleanly, redeployed to test workspace successfully.

Workbook "Subnet Routers and Exit Nodes" panel will populate with the
4 advertising devices on next 60-min poll cycle.
---
 .../CustomTables/Tailscale_Devices_CL.json    | 148 ++++++--
 .../TailscaleAuditLogs_ccf/Tailscale_DCR.json |  22 +-
 .../Tailscale_PollerConfig.json               |   2 +-
 .../Tailscale_tables.json                     |  20 ++
 .../TailscalePremium_DCR.json                 |  22 +-
 .../TailscalePremium_PollerConfig.json        |   2 +-
 .../TailscalePremium_tables.json              |  20 ++
 Solutions/Tailscale (CCF)/Package/3.0.3.zip   | Bin 57061 -> 57388 bytes
 .../Tailscale (CCF)/Package/mainTemplate.json | 340 +++++++++++-------
 9 files changed, 415 insertions(+), 161 deletions(-)

diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Devices_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Devices_CL.json
index b03537339d0..f3a11a7bb79 100644
--- a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Devices_CL.json
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Devices_CL.json
@@ -1,27 +1,121 @@
-{ "Name": "Tailscale_Devices_CL",
-"Properties":[
-  { "Name": "TenantId", "Type": "string" },
-  { "Name": "SourceSystem", "Type": "string" },
-  { "Name": "TimeGenerated", "Type": "datetime" },
-  { "Name": "DeviceId", "Type": "string" },
-  { "Name": "DeviceName", "Type": "string" },
-  { "Name": "Hostname", "Type": "string" },
-  { "Name": "User", "Type": "string" },
-  { "Name": "Os", "Type": "string" },
-  { "Name": "ClientVersion", "Type": "string" },
-  { "Name": "UpdateAvailable", "Type": "bool" },
-  { "Name": "Authorized", "Type": "bool" },
-  { "Name": "IsExternal", "Type": "bool" },
-  { "Name": "Created", "Type": "datetime" },
-  { "Name": "LastSeen", "Type": "datetime" },
-  { "Name": "Expires", "Type": "datetime" },
-  { "Name": "KeyExpiryDisabled", "Type": "bool" },
-  { "Name": "BlocksIncomingConnections", "Type": "bool" },
-  { "Name": "Addresses", "Type": "dynamic" },
-  { "Name": "Tags", "Type": "dynamic" },
-  { "Name": "EnabledRoutes", "Type": "dynamic" },
-  { "Name": "AdvertisedRoutes", "Type": "dynamic" },
-  { "Name": "ClientConnectivity", "Type": "dynamic" },
-  { "Name": "MachineKey", "Type": "string" },
-  { "Name": "NodeKey", "Type": "string" }
-]}
+{
+  "Name": "Tailscale_Devices_CL",
+  "Properties": [
+    {
+      "Name": "TenantId",
+      "Type": "string"
+    },
+    {
+      "Name": "SourceSystem",
+      "Type": "string"
+    },
+    {
+      "Name": "TimeGenerated",
+      "Type": "datetime"
+    },
+    {
+      "Name": "DeviceId",
+      "Type": "string"
+    },
+    {
+      "Name": "DeviceName",
+      "Type": "string"
+    },
+    {
+      "Name": "Hostname",
+      "Type": "string"
+    },
+    {
+      "Name": "User",
+      "Type": "string"
+    },
+    {
+      "Name": "Os",
+      "Type": "string"
+    },
+    {
+      "Name": "ClientVersion",
+      "Type": "string"
+    },
+    {
+      "Name": "UpdateAvailable",
+      "Type": "bool"
+    },
+    {
+      "Name": "Authorized",
+      "Type": "bool"
+    },
+    {
+      "Name": "IsExternal",
+      "Type": "bool"
+    },
+    {
+      "Name": "Created",
+      "Type": "datetime"
+    },
+    {
+      "Name": "LastSeen",
+      "Type": "datetime"
+    },
+    {
+      "Name": "Expires",
+      "Type": "datetime"
+    },
+    {
+      "Name": "KeyExpiryDisabled",
+      "Type": "bool"
+    },
+    {
+      "Name": "BlocksIncomingConnections",
+      "Type": "bool"
+    },
+    {
+      "Name": "Addresses",
+      "Type": "dynamic"
+    },
+    {
+      "Name": "Tags",
+      "Type": "dynamic"
+    },
+    {
+      "Name": "EnabledRoutes",
+      "Type": "dynamic"
+    },
+    {
+      "Name": "AdvertisedRoutes",
+      "Type": "dynamic"
+    },
+    {
+      "Name": "ClientConnectivity",
+      "Type": "dynamic"
+    },
+    {
+      "Name": "MachineKey",
+      "Type": "string"
+    },
+    {
+      "Name": "NodeKey",
+      "Type": "string"
+    },
+    {
+      "Name": "Distro",
+      "Type": "string"
+    },
+    {
+      "Name": "SshEnabled",
+      "Type": "bool"
+    },
+    {
+      "Name": "ConnectedToControl",
+      "Type": "bool"
+    },
+    {
+      "Name": "TailnetLockKey",
+      "Type": "string"
+    },
+    {
+      "Name": "TailnetLockError",
+      "Type": "string"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json
index b6621319669..204b891b03c 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json	
@@ -127,6 +127,26 @@
           {
             "name": "nodeKey",
             "type": "string"
+          },
+          {
+            "name": "distro",
+            "type": "string"
+          },
+          {
+            "name": "sshEnabled",
+            "type": "boolean"
+          },
+          {
+            "name": "connectedToControl",
+            "type": "boolean"
+          },
+          {
+            "name": "tailnetLockKey",
+            "type": "string"
+          },
+          {
+            "name": "tailnetLockError",
+            "type": "string"
           }
         ]
       },
@@ -341,7 +361,7 @@
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "source | extend TimeGenerated = now() | extend DeviceId = id | extend DeviceName = name | extend Hostname = hostname | extend User = user | extend Os = os | extend ClientVersion = clientVersion | extend UpdateAvailable = updateAvailable | extend Authorized = authorized | extend IsExternal = isExternal | extend Created = created | extend LastSeen = lastSeen | extend Expires = expires | extend KeyExpiryDisabled = keyExpiryDisabled | extend BlocksIncomingConnections = blocksIncomingConnections | extend Addresses = addresses | extend Tags = tags | extend EnabledRoutes = enabledRoutes | extend AdvertisedRoutes = advertisedRoutes | extend ClientConnectivity = clientConnectivity | extend MachineKey = machineKey | extend NodeKey = nodeKey | project TimeGenerated, DeviceId, DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, Created, LastSeen, Expires, KeyExpiryDisabled, BlocksIncomingConnections, Addresses, Tags, EnabledRoutes, AdvertisedRoutes, ClientConnectivity, MachineKey, NodeKey",
+        "transformKql": "source | extend TimeGenerated = now() | extend DeviceId = id | extend DeviceName = name | extend Hostname = hostname | extend User = user | extend Os = os | extend Distro = distro | extend ClientVersion = clientVersion | extend UpdateAvailable = updateAvailable | extend Authorized = authorized | extend IsExternal = isExternal | extend Created = created | extend LastSeen = lastSeen | extend Expires = expires | extend KeyExpiryDisabled = keyExpiryDisabled | extend BlocksIncomingConnections = blocksIncomingConnections | extend SshEnabled = sshEnabled | extend ConnectedToControl = connectedToControl | extend Addresses = addresses | extend Tags = tags | extend EnabledRoutes = enabledRoutes | extend AdvertisedRoutes = advertisedRoutes | extend ClientConnectivity = clientConnectivity | extend MachineKey = machineKey | extend NodeKey = nodeKey | extend TailnetLockKey = tailnetLockKey | extend TailnetLockError = tailnetLockError | project TimeGenerated, DeviceId, DeviceName, Hostname, User, Os, Distro, ClientVersion, UpdateAvailable, Authorized, IsExternal, Created, LastSeen, Expires, KeyExpiryDisabled, BlocksIncomingConnections, SshEnabled, ConnectedToControl, Addresses, Tags, EnabledRoutes, AdvertisedRoutes, ClientConnectivity, MachineKey, NodeKey, TailnetLockKey, TailnetLockError",
         "outputStream": "Custom-Tailscale_Devices_CL"
       },
       {
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json
index 396a8df8e56..5fe64cd3ac1 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_PollerConfig.json	
@@ -68,7 +68,7 @@
         }
       },
       "request": {
-        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/devices')]",
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/devices?fields=all')]",
         "httpMethod": "GET",
         "queryWindowInMin": 60,
         "rateLimitQps": 1,
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json
index 2c8bec5dfcd..cc66f067d17 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json	
@@ -143,6 +143,26 @@
           {
             "name": "NodeKey",
             "type": "string"
+          },
+          {
+            "name": "Distro",
+            "type": "string"
+          },
+          {
+            "name": "SshEnabled",
+            "type": "boolean"
+          },
+          {
+            "name": "ConnectedToControl",
+            "type": "boolean"
+          },
+          {
+            "name": "TailnetLockKey",
+            "type": "string"
+          },
+          {
+            "name": "TailnetLockError",
+            "type": "string"
           }
         ]
       },
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json
index b43c740c06d..efc87a67749 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json	
@@ -127,6 +127,26 @@
           {
             "name": "nodeKey",
             "type": "string"
+          },
+          {
+            "name": "distro",
+            "type": "string"
+          },
+          {
+            "name": "sshEnabled",
+            "type": "boolean"
+          },
+          {
+            "name": "connectedToControl",
+            "type": "boolean"
+          },
+          {
+            "name": "tailnetLockKey",
+            "type": "string"
+          },
+          {
+            "name": "tailnetLockError",
+            "type": "string"
           }
         ]
       },
@@ -417,7 +437,7 @@
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "source | extend TimeGenerated = now() | extend DeviceId = id | extend DeviceName = name | extend Hostname = hostname | extend User = user | extend Os = os | extend ClientVersion = clientVersion | extend UpdateAvailable = updateAvailable | extend Authorized = authorized | extend IsExternal = isExternal | extend Created = created | extend LastSeen = lastSeen | extend Expires = expires | extend KeyExpiryDisabled = keyExpiryDisabled | extend BlocksIncomingConnections = blocksIncomingConnections | extend Addresses = addresses | extend Tags = tags | extend EnabledRoutes = enabledRoutes | extend AdvertisedRoutes = advertisedRoutes | extend ClientConnectivity = clientConnectivity | extend MachineKey = machineKey | extend NodeKey = nodeKey | project TimeGenerated, DeviceId, DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, Created, LastSeen, Expires, KeyExpiryDisabled, BlocksIncomingConnections, Addresses, Tags, EnabledRoutes, AdvertisedRoutes, ClientConnectivity, MachineKey, NodeKey",
+        "transformKql": "source | extend TimeGenerated = now() | extend DeviceId = id | extend DeviceName = name | extend Hostname = hostname | extend User = user | extend Os = os | extend Distro = distro | extend ClientVersion = clientVersion | extend UpdateAvailable = updateAvailable | extend Authorized = authorized | extend IsExternal = isExternal | extend Created = created | extend LastSeen = lastSeen | extend Expires = expires | extend KeyExpiryDisabled = keyExpiryDisabled | extend BlocksIncomingConnections = blocksIncomingConnections | extend SshEnabled = sshEnabled | extend ConnectedToControl = connectedToControl | extend Addresses = addresses | extend Tags = tags | extend EnabledRoutes = enabledRoutes | extend AdvertisedRoutes = advertisedRoutes | extend ClientConnectivity = clientConnectivity | extend MachineKey = machineKey | extend NodeKey = nodeKey | extend TailnetLockKey = tailnetLockKey | extend TailnetLockError = tailnetLockError | project TimeGenerated, DeviceId, DeviceName, Hostname, User, Os, Distro, ClientVersion, UpdateAvailable, Authorized, IsExternal, Created, LastSeen, Expires, KeyExpiryDisabled, BlocksIncomingConnections, SshEnabled, ConnectedToControl, Addresses, Tags, EnabledRoutes, AdvertisedRoutes, ClientConnectivity, MachineKey, NodeKey, TailnetLockKey, TailnetLockError",
         "outputStream": "Custom-Tailscale_Devices_CL"
       },
       {
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json
index c69a0f1dfc8..0c5fa871db8 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json	
@@ -113,7 +113,7 @@
         }
       },
       "request": {
-        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/devices')]",
+        "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/devices?fields=all')]",
         "httpMethod": "GET",
         "queryWindowInMin": 60,
         "rateLimitQps": 1,
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json
index 340ec80b347..24b04a9d5d1 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json	
@@ -143,6 +143,26 @@
           {
             "name": "NodeKey",
             "type": "string"
+          },
+          {
+            "name": "Distro",
+            "type": "string"
+          },
+          {
+            "name": "SshEnabled",
+            "type": "boolean"
+          },
+          {
+            "name": "ConnectedToControl",
+            "type": "boolean"
+          },
+          {
+            "name": "TailnetLockKey",
+            "type": "string"
+          },
+          {
+            "name": "TailnetLockError",
+            "type": "string"
           }
         ]
       },
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.3.zip b/Solutions/Tailscale (CCF)/Package/3.0.3.zip
index 58d208b80b1d58152f587687c18b91061211220a..328fe7b89b3cc46d0829555a59cef821d7dbcebb 100644
GIT binary patch
delta 50461
zcmb@tWl-N-ySI(ILveSfNO5-x6fN%V?iSn~iWG`VasLCw-QC^Y-Qn$Z-}m0{^E}`7
z%>Iy>WL9RK=gLeb`5ig3*9KYM35ldA3kih<1_lNPCaztBG=+yEu3fH!=GO@y-v<V^
zC6aW4M**}dd`fNTdKC39UMz;Aj;LFV-?Wi-YfP-+NP#sODnsngbbf!)7QnHjl)cAw
z5a%9OW2)syJ<rNIPyf3CZ-JA`ACLY1NLR~bS_DvCgF>rITlS!^#V%|-44TFMhg>NT
zvO8`26W`qMxk$4zi@KY;99!)geDX=+)?hz4u+)C9d+<^5BgePL6=E9-K$|G8gj_qd
zQ{NPN_mqaP*#>+5SYUx8s}Jol*z{7Ibkv=p7NfwegH;P?;0_-5p>;Z1HWb!{h0e2{
zbr+cJo4rT2!K`<5x;Aq@!wG)x@ggupMU@fe7doGCLq?Jpw@1@Lq^5uvdkK&tl664>
zCY2AOxz#>v@QJrfX(!z}TEGGZd?pR=x8WC|St9FRcHGO0t0}s#74^ye+V#5x#6<88
z^SpNcqS<LwvxtzpXhs;A(9HOT8&Zn|DM6bs(7mXW5A0JCPfnYmAkFh8k*6<o9X(l=
zP1LL%_7u12q{oloUDWlFf#4z=1C{Q;PF%IfFvj481%FOIm=Z~PZ+>I1xbFl}?Y8*<
zZ7G;)2=HMD;Q69!W!Nc%Razo2OBV|vFR(gP*SsfaMC0l7rei!M3hl-}{??Hc1eXLe
z1Mj8G8KmK4-L!1OVju4R^V;6t{PaLr@LlJ|ad?lJNJnU-Jw7Nbb8SKgk%$ji%z~P|
zobnLn4_uzT)Y&+LJxt^VcMV5|JWe7dG~J2cTtXpE42xdDI)IFha%!`I)SQHqx(See
zGE}hja`dq|g(Y|&Eb0nfp6}o1{32`N8+O%ebXammY9)yEWwSZ!Wc@THKp0hoIVJIc
zVw)BFVXEKMp9s@?f1kgkn5GM$j0?PtC!LV|{oD(u>tQ0@vlZ7vGtJq!nBQcMDY4{}
z1R*n8-B4djUpP$XRR_{tsvLs2_8u9XOkPncqoJ`c`nmi4JvwJaBd()d>XZ<%A<jrJ
z(#y#UG#Yc4ySscAzP)J2BiH~F(196253~iVM&N&`kjws(^A>T!-3tfkT<q?Wqu$sL
z1^ReSvE_5gPZy&=E4pDqsYxeTh%jpzh+pF;AW*|bOnWVH44)KE=6(bR*Byn5Za@p`
zZKz7KwGdZ7U_}md>DuJGr9@JlPz4aN*dhM%K2D=Z6%B!6JmD*Cy>(A4)qH~iJEy!=
z_;Z^aY5ZL>%Uf1{`-u-oKw6L0;3nvI=}CVr7do8lB}MSO6Lzb3S9Ggj9<20C6O6Y`
zjbl8Kh_WtY39_!ykn%&aby{zsmaHx-HM*-qn{1iNVxF(wm~}FOrKP@KU-zrhJIOH3
z*I#2HIX&CH_Je#FfsIjriHTgYS1qmD4xM!?Fj4%Z82w7cDjEmCB!$Bba9%<Drb&mb
zpZxRfp$0=vgjD+vAv&a_sDjn`D40_lN2+&C>b{;lC5G%wIePP@4m-y*23IE+C9BBn
zoJffhc-p+|$)dJ7YIu;_kO-#juA2Gx{5FKnZtW?t2=}J(w3wY#4Uum*cCIKFY7L&L
zsgzZvcaZs7>wU0*S@ZN^#-3Nt;g6WNesHokNqdqc{`CsMEO*yG3;SzUBCTa%!GafR
zQ3twA$=LgA%Y^F{mN(1{%?o85rTy)ic4;OZat>9>>jD<1KORsV?l$Mj+F&Zb-*`0M
zLpiDEd)uy8e4=u1h@U)ITV{`M;iY97ZMoxV)n3@wRjbtps_x5Rf3(%sDBKUv{nVsO
zdTv*$JpIm4pu|cLv-XwvVxDB8g?G*R#;%QYeNId?+x?{PrV{%r;*Fg#$^~b=XX=mB
zi;H&hIYH)&JIBIRuF@E%e2}{$r}Rh8!Xj{Ih4b*YlPjp!vZ*%C3(m-GT_(y~&&Dex
z4|UkW5Kngqdz7RQ5?TWOi({9nu@-OWt4d;w=hhZ={tK(z`p*~bKYNk}Nr?Yzyb57k
zSK#ji58tm^%R;8RTU&&}lE6txfxm|{e+!)B^tO0OAKsk%{b$_!bC^5ozq*`@32m0r
z+hYiOZCmcbEXU*c=kf;S%_C|3bAA`Q2K!;o--73A`$XSVZxv`Xlu%3oA$_6KeP&Nj
z#5f%;i`yzdP>IfJD<`B60v79sd9~AIm!%_0mUk-%=zPLwSl$?bZHuhYuH?Gc`|*HE
z-?C@L1aAIC9qb01*xE5|qeBoD$F;X8tPg_l6={62-a#uf=zyrU2I42-Xe54%*^k-h
zyKCmk`{6J7b}0lVRr-D*58kkneXCS+I!So;TM29$`G7A9^Kp(mY7{j0BVJ~`<yJj6
z>;#_`U<}Q{llEy(aa*!^xeRab&l2fg+dG3!Y;O6M4vJsk4Ck-+JD#TBJDdWH*qfW?
z4(mlBGuwpx7o9PmCU*_glEs!*WaVp}kWAZBN4gXo_KRlz)$QSby8X8HpKe?J)h+5e
zZgPLwEG5H$B4_m9`6GcOu9$xcROfRs{Zrt;;l3#7Uj;7ztAOQsF|{U7sMEyg-X;w<
zFmt4z9TdguKht9bj^YPH<DkXOG~RU+yQu*#k76cqWfzx?g%Gr1*Pv5I<CfXrquq;{
z*?n|dHPIzO)N^E50|qM;<jl>KiG8r?3F`=y`%}Z#<q>|xz<VuiaB52kX5S!wg)(>K
zeLHb>PzrPO(qQcDn%Ly{hFHu)$Pc$wS$s!ExlXwQ3VHUNw?%BwxduTCE}kun{Zv{%
zYa`$D>WCbH?XT3VjMu7~0!&XcU?a&yZHwbuP=bJ>kZc$jt>lXFT$}G1wdE%E9bW-_
zvo%Kbm^Z&>5vw*f&a#5ml_~;nlMQ~-redijE0N^6F5#%!2A<>!OO=!#9C~xl-UTAV
zUv9u&ca9~SrL5kZK5>nzzd;7R2#CeiHU!d^1qEQ6o;cHLFBCB{Sf0-fmA&hA=+HE&
z`-KoVtQEzMG^`UZ4S;>(yrb1-39kisaV?ZUtYNjtw!^iF1$Laz-jCnkr@j_eN-atL
zr@FT@ZA-DdrdsU=>EA(nAs|=7@=(dGigftcAV*?J-I?~~Yeub)GiU*rTj4^v#`*k1
zKw!9?-pV#7;BPYz2a0a`f0s+y1mCG--JU;h_dTxmMM4G=8L6HY_<Nt#!Y(J9Qpw~`
z!Sd+a-Fi!Ub~H*2n-xwmEX1h$MvFW@gcF;hM&^~nz<BY647XN@N&r=zk@qLwk2wov
z$q&_rDX7uvZ){6z?8C^;BoAJpOBA8!X1U7A<#WO!aeth-j1W(IAJxk5OT&<j8(&M!
z6WKT)9GmrhO;a9#L6M2i$Pg4&GHc!UM)<UcO781sj4S4p8Gn5E)YiDXiZq!n2nzJi
z6N2>c7Vc%9zLO9Hr}^S~${%BcNM`<-|Ay0K=^bflc2Aql?C4PHr+>2pwJp(41lz`H
zfpi!IyxAYDS=Xa1N&&P^(rlD*NX4I|3Z5DBB@6M>h}Hq}Zar++lN_V^pD<!E$7CJY
zMzeSiW+D1RP&&x;N%96?e7>t;&fH~_ANDmp7+~fRx~+HeBV6jSIVAg}Q7Ru>y9%b7
zNp4RWP9LkVS$+?bDVvCwDZ5Eah7^E(c#_ld1<7gsnkcX&A9|mb76g;p@cSIgW^&3A
zt77_nbs8Obg0fSp?x5{FTqb)?BIEzmQ7yo(rPmwRj<G5ePtS{?Jnku}8WFEvp=!-f
zXz#h3p#8PqQ3n0nRgH=?Rlg|s?L61bNx$QJVgkpH%^GXK41%yPRX)=%-9(&lM#w!+
z$)M_k(jD9}Cxbg}OA>^XA;7^7ftNB_J|i%6v)BZ5VO!J0-E5QA0a6w*{O;nd{`9$&
zOD`7bDJh(Y5`@u5uvi7}gZ)WIkI7C{NpPwqqE~#bxP<Zz)(xv@DpG8+5OI59x!-z9
z<$ejddZ<uMsS+N2P_|R$`B4kWkH9@C6!xinTZV<rl_Sq&axC2&7D?%iu;LfJr1Fmu
zxhV$tJac}BA8){c1mNE~iKe|t7hFm*@qS-_3cJG;aQr3Mz!n8AZ((pU&e-r#ZLR_c
zx8ly827;`cPs?FpALCJKB-~!LPZnBo-#P?NliIwFwsni2U9bPFzxd$bKYWVZ@GZxc
zf4DC<n;(_QpU>j3i^+9dX%{4JR6sc&%M}5%FJMHfc>Zv$w>Q5pS19hRd9VC_XJrk`
zwm7Nqb#{Def7=@dA$xyRO6V`JFl+B%`>vq@W%^a?8#@!QTYaV{=cmufpmkp&-!?V{
zuP-M#uD&)63bF1hYbkR_S>Lo4?tJs_Yo@$kjuzO9RV+IY?Q->f?rI#roh02HlWYO0
z6Bln)sV%o72eA(g_wVzst4%y4oHli8OG0I?^t(5|d>wtc-kt8IY}?)(CjXSE@}=Hc
zm3i_W$sISaJe;l7op9c2+bSH#)Y+B!xxMur>ooS<j39VF9KE}&3YKtbjTx6YztNpe
z?l_it;%8+ODvT>=XkU&F<3D`$eXj)8t^AsWT0j;jwgVqdbIl!1K7c)E+|iP+?}o=q
zQJ{hz<Qi|@*^Ao(!b<ka!>^HNfs3Rr^5;O19mM^4DN%h@MYR}Drn&Ck3dvbZo%M*7
zel{m%`LFY^>a+SeH&t!|ravDieJu-+Hx;J7wrUoQFQ%zm(*nN^Cx_A;a4`XgaQj!H
zPUDbYG7`B_YqlFCVMILVnJ}09sd{H83JrB9DRb>Y71_ES&2}3A!U`rX!Mad!OmOO*
zE6e7%zkK(|fNCq|<B;RGR%2K1HRH0iwg3>~5#Tkd)$&Wmw-y&@#JAPjfYyt$c&@B~
zk1Om}xo}lDIY^!SuqN_y;REDPP&O^I3DtSWSUO>MSdt=l-+XW@mzzJ=AD*17uW&t(
z&O|SVU2((+s`A$BS$<h@KcKm5Dc(9Gko^_qRIZwtw6pL>euygK!>;9}om6i)hamN(
z!|Vi?iq?z3o2!V=Z26&=D3+hiKjfZCDbWF{ms$+N0~4Fa*ZL&TLl7tjo9riui<b{3
zVxJDs)~3zr6$38<i9rAax=o-niZEU%bi5&KCD>*Z5u*@?$JCot70C^En}yon#$8q|
z3Kj7zU)uB8zP1W;b6ENhGMS)@5X`ckPErc;3i2@InjO>zL)e^EpF&c>b)ojlk>Ej|
zYV>aG3Z(C*;P-}so&btGl==fN%z9RbH!y4mDi=RZ(F(-uhQm~}0?a1LUOF--uDo?|
z4(#V%WBIP2<@kf;g5Xy$*j#-KqF+t9n8{!i=s9V=G<hWiY*!zsEB8v9Ay7YqUFhM~
zQzow@5TVbJ9bYl>pPpEK*loUMf(>0hw5GEjA$R&gGKC*dA_LH$2mx5My9jqg+T`Ar
z1gYm<3KT`@_8a*7=q@-|$a$+e=OJ(@0<mq)Uh!FYon4iITKH#T$BD+G9e|JLB^E*>
zEteG;=8#X{$d!iTnkXGB%~6_&uqi7ikdWh0+CiB=-j_gIa2c&9RI2*0*9|^ASS~;h
zKB04Q9jg6LFmQ@$3cZScHC%+4ffpL=Ez2MGvv(sn8X1NdI#){0MV3_-qtkQDjcIqw
z04!6W6Q$b`1!JR&0@#Fs=wiDp<U&7%k@xC#5Ey*zb_nBq$+gWVK58Le>U#6{7<7q2
z0}0ybu$GIVqd>&nFM?{Zie0XL=Yp}46T8Y=i3{66V)bilXR`bB5TPG_WXD5%jn_2I
z`IaOk%ngX^h3Xxqak5Ui+pN6K>~nhUcuA-6;3a(f<?lfeCrVC8X6;W8-VM5_)!`c?
z13x8G+;AKC94J`E?c{q%xcEb(TSv<%!nN8qzoH_Izm^YFzOkG*<PNF}Dc#$e0vngJ
z=zmvyA6ZteUMAJ2V^0mF6jX!KF|+q66K3pw5CpDljK6gJ%G_HB)P>?(9x6%GWT`>b
z!~I2_U79F^BObAEPZF4{><Vw;3t{;oT#$1fq!>xh3{FP<#Q>irbmYS1npD-KjmqF!
zGd#NwEun!pFj~tU9?n%o%Yn6*S)wA0v}j&8)aFnp^2bonUeL|wrOi=cx*c1SF?kLY
zS!O_EfM0l57ITZdn*ck<Ap1=k38G|;y!HLGWgU%8{k80x<ko&StcUFWP(VbNmr_d1
zrx6_0J_7Qd&&aO3BJ?P>tMi`Hm_H^X7E2$)&2d4t*S=l&?_TW=)i$SkCky<SsS6C&
znZ!rg?r%rl5x7<n?^K4rZ`<UCwy`L_X97zemSt!ps8XDsm*ZqVwos~reGBGMwzFS-
zJN3sq5-z;JkL48uk>GfPs~l$I+!%fo<1Jv})8rn26VLSHxy2IquAHOWWNVg;g`mYW
zK!|<8_c_(vDC%zy25|;pv?`AT(^E`9+Y4Nw%(GKLbvFf%zhUqidRsegs)?E>>;Z>Z
zj8eTUxy+!~!pT@mD1Yox1;i=w<3wm$i0|A2+X#gI6ej*9)<K_M;Bputmn<f_M;Ywk
zsId%xX~VhZT4Q&<y0dMC-yr48x{I!?qxG~z=qR9k;pG*jMv)c{Gl4{~We&k`it3~h
z)5Px&esUx;q7BqmN0FO=`_K?}I0usR)D1WN@WEMqJVtP-m_e#Cc^Y6{lliB7!K^>0
z3`Ov^83);Gwp0q$UqQjVH9Vl;<;6UhItzWalM`qSeUdW!g1x5{m?X?NnBII3#|8>t
z$aO=Zt<TpMmzPXMoaagzFv4dxVDnHa4Dbdj(7yq)ReTim#c5#5q`U$B3J9HrE%|ju
zAAbqejD~{Rd^=K1>i#vpp~08Y>4_cQE2#zCbx5~U9eQ!~2`PxFqSJBwWZDNz!aBiK
zqL{f(&^k3m@)!~MIEvm_SSs4iZ=~GT<~W%>LOu`M8PUwq>HVdn;R&UDL~rn0Ff$~Z
zSLfHyPV(qUtf1Qi#D?VRWB>v&*<#xR9#;C<b*WO~*O@SA?6tX?r{J55P2End3WMkR
z7G`||G+|Q%)i@;z*+FxhA7&y8Z~fNV$|09uG|q=fB>6OXd7jkQoWLzuNUW@UE+>2F
zKovrQx6t)V<FLn1d=5GNF;3H9%?C`Vko};T%^&=dUEoecL7hrau7DheW6xo7(g8OP
zW|YY1ZtNjJ8tFLKckT)NlVG?|nRVw2Gr20d)J8n2rPvaw(}K99P8Tzh$*34)HV0d>
z*&MZ}<Kts1zRSihrLxfwXxh%h!!bGj(L+UeU#^R6&!4yP;<G1&+mnPV_5*u6me$A3
zyQI)EWrI_m@=APVkN|r}w+H*dg3%)tJ^yEl(--3fb{qn5a3ivOv|{!1KPje33x;S-
z<1@&S8u?j6HRx|+6ljka1y-E->Zk>(<Eb4a&7*}wDoD~e?<1}Ai5)7&O^i4u=@@)9
z!wUM98iQP#3p}3gn&U&$>Sm5yTj=*jz*{#9)h>^wkeNf#0ANP<fK{~Gcw<K-4sB1e
zcg=#o6_j+a!W3qQAbaO0rPgw6Gg3M*(|$0Uj1`ZQ!L}<5LtWkN*2XVK$q{?<lM@fW
zD^1|=%UM`{!U^=vvY=yF&t!nE7q!+V%x|U9qVX6n>)yOB($gCGK2{x^tq&G`jHV>H
zQ=;P+va36^Eub+X+<14)+~5pWTR1C_jD)Mhpz>neM&mjqSy4uN45H{K)lrf3#}@^`
zW4e&G+Qd4iP&R3JnU($9KrnyV)?kb!-ao`{KHU1(IO=RN;R+!$ryS0^KSnSc{5H|~
zZ7_OZCi?KGu^mMUGq=*?t<l+a_z1^W$HqSg%eWaFd<P7;f0@!J8Z*fsd!GDR{Zh$H
zYTp&)u@7Ph4B6n(gP|P7Q;j0Tghef>p~N+?!}=Nq<~=`(yc9<oe4-S^3k|ttQXUF0
zLRH!dLPN!Iq<w>@>+7><Hj4b&Hx7N@s0g=<9AT6TMssUK=J00pa*#sWEKTqBd9mi4
zRj4h)aTmw|n{n37Ffga1kFt$B6ktV!34Shi2fre;!9fb&Lg$WP_A;faQv8Gr>x`c6
zoB2%9*+ho9PsL`bOj0C2b-G-qyVGya6UtW*TX@PIl{HaxgubyrSiQ&OyGd-&MT!>2
zIxNMd3OS4giO6YhNOK~D>CnW>uSBSW0Ampz0}i+jUYICfMoxW+g6%Hw+idRZ-h2sC
z5d<RD1~O$LmR!5a51J*aP<wfv)2&yr#_13ki?fQ&Khhw_RO~tPUx-<}%Su9%=&{iD
zT~+yU1KG8qQ4vpa72(XDQ$BE&1Xrq_2IS(n3xZHcXNT@YHEhqakWhlWeO54Q&=_?V
z;sE|e1zRVP7=^4iB-ixTjfd{<>D$LzO-r>F(ARR}{p>Z}9=r2xbXoW?#8*+M4jekC
z{db{qn}T0!<c6ypbw!_rXMl1)U#r{_JtDp95|2}G#Zw13?kvd&fp6Jt3hmoG$q`Bm
zeBQ(vN#^w^HZ9a=Guwt&J$eOq+2Tcl4FIksZ@bf;{Zn_ZPnL;d4;EuO*wIJ{v^~mb
zbVkhtWWmNz0bQlpm#gR;#gUE8S_|h1vtC>dhupVC&>E|T!$!+&!a(abzFSu)Jo?Ld
z%vtP&hvHcG&^~&UXJ?Phl(WAS6ogIsrWT=`k-~6sfDL@)HaW^jvkwmsmit6D9l(@~
zcr{WSQnlLtkvpt1Gq#3G>T}E(r?=9OM|l|4@<&Q<@=89n{FS?eoLykXc-m>;{W0ay
zICHx0cMv3!(Pz}NRWQg+Mu8}MGY=VaR0mF`>7LY;U(|)yf8YzGo-aPCqa1ybCp*wv
z`b~-gy$P=tMK0Nxo$%X+KNvHMOab^Oc6yi5z!l;M(#B(JxRBBH9x){Bn->YGa6YgB
zlJRsFW?s=%I<EIgGGmuuLN>MGW&Z^03|f>w36T@%ThzqRn^Y*DUwSHkJ9~W1d%?I>
z3%qyc_8mhGQo_|?vxBH*>E%e@zJ$kf)AO0ljy5H7Z>_-tQo4RlqUV`Ce*tX%<RH98
z2)1F`RUE>}pe{U8AU=5Y8v6`nLOaIl=v)5c;mM&0w?;;t3KJKmg^NvoBzj16$qz<R
zvESyweB$nIjR3@<wGuAK;z{4pdwP*!z+yZi1&92<AJRs8RgSvgErv^Jkt4i!6ca5^
zq6eFQZHtQR7{B2XlcHU~VFD`s@S2@-D6n4KXmP(aYgRX@s<0U6eU)O*vAiu0r$B7?
zCrA@TnWI1qPkgN4_~nvfBv7DNxG3Rj8tFlO#a22Qs}nPc9{CoF)ja6yzsSF(fS^`-
z0o%iJMP5egJSvU7SLGy8o*7ptKFGmyFuQ5#gCP&CBs&(9$Oicpp$<r;)He^+%`lo&
z7Q{@!f?+VdRHie-A)cs6-i3b5A~c9d;tfSRkU>$GLBXsqjuqK{U@T61!Z!!a>VwA9
zi8`MT=DGQC^|Us6nK^Wr#5;@(8O{bsZSxOq%Z-_&P-utry0B36w-j!{ZLki*L%>zV
zshu;x9EV7hy%L_-z<|u*DyfsGq!LU|3!`UK)h$s0Rw*e`rR0rfjL@0vAyk=NWw})g
z1QB$ZdW?K!nRtmv>VyIcu~@l$<*%YIo0dG*MvUId<4Aq)&J!}&MUGbRxI_q_)#3no
z1yet*sxPo+j8THum}Y4)+jMq{Ja-{#bJ_IRMv+lTOR81Z$$;uT(cAbhhG^!_3-s%&
z*N8{K>7Nkq$`D%faM|MUq{RHtX4PA@=AEmLZ$b}@;r3y5cb2!trC_Oz!%Fs|v{D0=
zI@AL~Ni$+R=s#}6eGAJJcFFQ4>82($QcH@xbEYvmZXTY|->+_HCd>l)MP)`IpwE*9
z<2REN4fxZZ4giPEX<Kj=*aQ{_{N4n$DReD$W&H|<mx4zo+Az)NWXz_!Ee7Y}-&5Hc
zdpifj4<+HfQwZw5T;FvBlD=C}>J>8-ev{v^Izo*ol*Fi?^)xR%T+NqS>V6H3oN{??
zjn`CS*JFtKIU7N&y<V`<_e}B8i99<LUF9r?fS*uQ2Md_fLo|4>raBlr{3=3XOj2G<
zH8XrO;9)ffy@P#E;EnXTDis|H|NR>QFFQkXwKqSdHvSVJD$nYB|GW*WFXLN+)Gi9G
z;YHt3uOS?B*bc?~Xu58BL;>lxM^iS8u+pGCg|za8CX`~Nrn&V|H$KyF%R#rDl~jzM
zMJvlJr3z?%N4UY<`OTOLyjLFhJWZbRPgz>!f{h|>7Vd@JDZ(u_*T6j2`A85?J(O!R
z%l2iE#Nz~W3;kgEeKQ{2sUs`tEh)@AmPK-^zk?nw1K*|8oO(#c`<uU}G(CaOq0oj{
z?hj6Z-R_VRD+Y_;7;_Qe8K@_BQEkXvbl}{P<_BQv!9%0#vM>J33Of%<#k&bAXTtGc
zJjf>n>kSZAa#A3c#Q_axIs3W~ttm8LWA#Eezl%wXjWl;nr?e27rZYty@oxEjpFNl5
zqFr|CN^|32fQw&jslYX*<3C2wA{<BY0?oD?AN1wT=KICh?Lj2o7BUWh&cmCPLybIW
zH3Z^xmef}6`ambm!QLVnuIDCdX&hMu<8~!rqj6YQ6efyFyQ$wA`)<db;&JlB4+=K*
z+Fh;O!v8!yJg5`w!rlp;G3iZ0NDoN7QI+!-z+PEx)hu>X#M!Y}taTBtM<sUMh@mp;
zUSWs$bkXM+5EM3XE2Tk9!_zhC+{86eC<910N2{_^S|9x8g~jWH8g%V_SR0JXZKQj}
zCJBsY#8$nrI`m-2b6F5~Ip4|$Q_ExKqEsZha-4NfBp&5U7NFF;3|ZSgN4c>`v&iY@
z&<zSExLOx$D7xh9Gf%js{K-&7<GE!P|Kw8JBAq<4muPvsudWo@4lCX;8+^!9#tS%N
znicM0yP%F!uOKQrT>U5u6rWwS-WqZ5NXHy>ZHBOX7ih$(na3`*pbEyu5oMQt2!ulS
z$o*vM8vs3R>fe?_y9@5GQrtw;VGj0$h|wu8<o|coAAlkYT+P~@Lx)04pnnsRHwt`Y
z$kuHvHd0rg!M4iIQ2#d1iC8nLBLHFK2o2K85fbLIO1y$Tl7XJfn=RyLpgs0VC-@mc
zG+!qRDRH+>g%Y~n@rfV8X2QcywzWnos--jc<jbQ?axaUfF0Fi3OtoVW(={JXj&*7!
zQIU_43AzN$Z%yj<r@Y9=tmKJWHa^{vGI$b|Iiv+}RTlmQBxD1>-_}jB0YFd;*hYLz
zxf^MR1pF8JjKaHXFUvKK`6WmMqGttZW;|`Xa7m|=x>9*UgDsLnuhvfufhB&S)>t-y
zlJ-9f6o?R*&Ld$Gl=(EDcFFTr_RXk|iZHz?!N$o~s8lS6{pUaoE1w!RZSM{CyYCxK
zOvjZ1gLZu)_QMGC<UXO)F9H#%2&uhr0{C)yuH8MB<!EHqcgj4p>TV+xajVKy#J$^P
zICy$98!})xK^U^3VU-rUUnQZi^By8vdOfZ2aNSWxXojgwt$6CNCp*7Y8k4rx8XHZB
z6a4-1&56loYm0SnbBr2}6O_nk(2~M{P5A$!T;PAsa{pIRF7Q8Rx&Nyu7x<sE-2YXS
z3;fSn?*A&v1^(wO_kR`T0{_i&sa>NmUfW{Y2xf@bnY^}9q=@m*28tV@`n(uPIq?!Z
zGjiHbaw{qjx1VylrvA-xJwu_3PCy_<;RqTP&c~I*?gm>Do>?-bU|W)ZNN&QC1j>ig
zyVLODOY9hGy*pBoQ3y@9yQ*Xa4xAVVPnPwF6anymQ(UMLD>p{CU^UV9OG}Y{Fh1-n
zE>8t=L8kgK5_H!bfrX45<aF4Q;Bgk&->zGA*l)_od%2Vl<5B$@o0=Apdos%Sfs9yG
z2`+gBMX9tyKK%YDKL0PXC6q$@AigfusaM=wM;ipDAUK4=G$_f1Q1BDMdb9$#*s+PT
zCIdabO)DyPUAZUwPj1L=|H61;_bP@84pt*OrGX^0MT#&-$5f(mNKhaep+59}Zo1<$
zN}=N@>H_nPL#6Eyb3*IM7YmO&@(M(7n#`f-lDQJTx0M#JCksVJ)K9=bgHMNO!ypf+
zX@duRTzP6O71cV4(5r0zh{+NCH=Grp4U>a1@MfE0>Z8R)>#_z}lcB;wZk~d>p-Bn`
zd@&b}zt~I=a)1mlz<Zp|fO89?7BFhcl97w$t6xI3CAgE`xEn+{hwT+BvJMu*mBdxg
zqDFxYkn*;{Q5M|+{{mCaYDFs?4TMYSCgG!_t@vNfV;>-GI7mS~f6x^8C!SQV??jAg
z9ynMd`Zns02+27N=1Nt==d%<I=WcmXdJSm^K10hrBd2kAQQ&>H>x;;Kfr3ov7$Vyv
znG8h?N1sI`!o<+>9RQ69+1llERfaM1vlVQ`qaV$}hjU&3Rv_1eRE0+a0lqjq!D(#q
z?8htTxRR6RpCm?24HgDlHAH8xAZ=DGtQn}|PGgxi8bKO(fn#R{pBwo3@qOST1|E=r
zaZdao!otwiauS9>#vU`-zdV<o7hT#=9n3(^iJsA9<y+uTTMs$)43w)HR12ZOO)Uo#
z4703OBWd+h<AbyC*tkv|fSY5J(p^6l#QKn>j}o4qE`c4SxQ;am>9GGRnvm3)U6>KZ
zf~%0~7A)(CF%#0kj_?}#K=nY`VmIXAN8MuPaCmBFwH9@1D0gR0>KE}P@~s5JEhy@a
zxL(rRlr;2AK(y70(5C$3zd3H`p%r7~?G)OEEhUNt=K}E8$oeDJ=L3rN$dC;bJimtD
zoWL=V4b*dcgsMJ308s@nKYK$AntyGj5~;d<g2Ele3Xts<KDwbZtGqEbuSi06uav&K
zaxlR>`;=G9b09bmvw}0KL-(H4asD#$#C5I9BHSiJ4-V!6rN31Vd!|Mo6(fcqhki?D
z%x>G$7YdNBQ^y#z^nA6oBEyiC3H{2Uu~^qGAM+jF))u0Ojhk6D!4rNKs@!pTPW8`R
z^lk}b?S`>M4<(f_^gb9<W}%HPn6clAfM$R@QZpb%vuMz#!Jjrjidmt#<Tj6NI6_}e
zru7?ssRhi8F%&$R1QqUd#m7N(39Y9tLWgBs!~+N}0QzCDmVK~_oMeX58yJz1yEF4c
z%E=F14z@T3tW2I|Hhy|Wrk88T85ozBtA||0Zk6$b{em9g=R_;H9h4EkE>4j#!<|Z=
z2*qH!hVmidk35L7^aMSjyhPO5oY}FWnjkqM_-hTJ%tIv+<*iZrF3=W`84Z+&!Px|N
z>;g!)%i$hk$3dzYZX;SZa0)1xPnmKr3Z~pnLpw_n<1XwvJgSr84z<k9h)tlL{c&?#
zD9egStzjE!u!2zTAl;L4-cfqa#$=A4x}!OHw8O8ay%r|VzXRZ{=iQSQDXq3rJ;xb`
zHh_azA&s)Xc_fVml5JYUQ(S5>Fx^;oOYN3Y0UntrKm?C+bedZ@h!poJjL%@Tc-)P2
zWtDSv3xzXmHe$4mkGalGmajx%avs~EcRr=slvvcrnB<L`QpDtR?;jFt_Z|nZb>Yg$
zt4&cbhA<?Zi{SxWks%n+%(eVTxGS82>eH{0kh{Dv;F#2||6;B#P+dl9Y`j4R!Ayzu
zEJXusD|4(#tcBr$Lvzj-wM4YW6A^^(W(-HfhIoa^>}0VbvHA1MgZ(ggO&~OE#Xml-
zuC5J4k1On@GU1SDuso)_Fv7x}`>!m#f(Cf+dP3ngfRE(m59;Buu_Wr{vHN=t27Z4<
zA8OEOcI4O8-pkvikq)vXwt>2Gkp}epx0;i5uVl;|#t<*Z)!RyIO-@fD7?E$Sj7&z6
z4WsD=B^E-cO5EPEa~6_S9IWrADcPp)*J0EZKmWdGZNI<YQ0Q!lpB2y;4JSFUk~DjM
zb81mI11M=Gd=6TwVm_B2h2&F=?7`;vVwH8KG?U>3GdUaU;w0W-4ClU?!B<R>`eiw9
z7>8%?6{c@3HcMwjP#3Nk1nLqWT$ZTr_bR+#4U<i|DSS5%%Oa@`)Z9%coDhQ+)ktsF
z!xvr3*!fc=A1e9T40TEVam!-YOGJ-==G+077dVQ4v)=s1wo@nni{Oz_Jslev#xRbF
zIqpI%?(!p*MZ#+AUlg_uoMR}Qo7yq@sEpA%^nU!3HTshKJ%lHDdu0}P1TTBFZhW!U
zYIs))jy1qK6-jDTm0K)ye)xx15t1+YkN6XD=76B5q=JT`ou`es2kre)crqhZ6dxF1
zT4$YdbNtqltTM86(d@l3w&xC09$aJZ_dGZ<tnJdvMO|@>GWco)Wom)Mz=t@_COKW-
zh7D>>5EDeK&<buZ7N+)VMu$qpDX~N72J6tE8;#<(`x@V~mhlhS$iGSkNnD~(T}ryO
zn)H}ZHBpfg7Si%SF45qHHSm5Ef3*U{|0K}Fp!+idbt+zK$5A*xZ9VH4jzeJULON)8
zNCQ5QrpFG4l7W~y|0%$yy67u%iL)dj1FnCY1NG#NxtQS0B^!&fiAbVh<nAit&g-Cb
z)O9x$Tb=^#v)a#v;eko&imlHku|7JN1q3&u8KkAjG6V-sbUXK*!2%i7r7~iGvCr(b
z>_O&WWDdB7>OHIomD}NR{2ne2F{*AQD`#TQ4BL0HYym~+eNl>3SVZn8to9{r4Jt0L
zC_7NG<TD-T+VaC@_7(LiFsLXO*NXvSzTslQ`$F6SJ+hJ{WM=<<De$LX&v(9Jf3&UT
zo!C!pX36`x1XRa$@zeX2X5|D%D!icKo-rvziWLy&5x`Duda}MP*yAy`93($H@@yK{
zoEq1xdr!|%nw@;!cXRtic=Xwwr)))`)asl2Kkz&mYA-cy<i?J8G*QVjI4OGgTX^YG
zr??1z(PVPjluoW!qK>$k+JU}vh6kclN20DrjD4t-hOn}Y`9Ph<Nw+TZ599)!9*UoW
zGyuueuN8VBk_|)mPL7{GQq?>+_0qIkwNQj{lAL>WP6w6z#Bn2=bebpv8Qh`PiD4vU
zYyiUc!7)64-p~^%PPDTOIj0Ee*EuDXdr5-=?Tw*Utu(%@N!tu4$keNul^HuX*8St#
zblxI9J04qv?aBmwH2z=fpBGdtT-eg(h7r!(mN;52)`?KUlG>%o0Wo|ZT+>G)i5^@J
z%q;aYv^gi2r}!qrNhcGCM6r7HA?j=XcYaPJHiYR+_>`)F&v`;lL_+Sm1G+XFFO@yN
z2CpGxE8ZqJb?CIc9e(2-lLXCZ#%@g9Xe7dQq|Z6+rZY>K>1b&(Nf%*LdNv|%ZCJ^4
z(^sTW3OUG-Gpl{*1KAiWw{g|BEQSJ!`QGZweoD41k|(ANKKm>!$`2E&YZHUX?aKFb
zrrEwiB<~ff0%i5ecS4GDbq;h4XYW1@d;~eE6)RhTLth(&ROYg>qkIaNRDKGumm|Mw
z)48cx7A^ugMhd+r+H{WxWt*C56*v_eduww)Vu2!FKey#O;769i(bMXn!=-)UiDu!C
z%8!6Qdi@-_B~J%s`+K-;Hs3c~e5l^XzHSMrgk)z}dK8|_NZr7P>RG=2=m)Uzg+7r0
zg^$@4+rZMZo@ADm<+FL|k-5Z_ZpjOsYc_!x(R&5fKRw?HDNc>R1v4ObOkYZz9kOf}
z$TA3g$lU?2R#F|Ev3iDwKl1eHp3QR)RhG`wp8X0hqNX3d{(k<^u7C8Bt-ry5)HeOV
z;QL{7+m_huR(SETa_8&ju+lWwfF5W3?9Dqp?UIlwoS{Tne5yE+=VV@ktH@S4A9C<B
zmkc^9jX9pjf`SF+`~M&7*<)PqgGIyM0n9{M>@7R7`otBmvJ4`hD6U3}WEPYlwawKr
zxosviH(8AHM2YX;L(Bj1$$vxRpyE>>SBjD=u(XtxO%6^laX49d+=^1tI2oABG0;(e
zoIp@agkNa7RF8!@1>0GS1(DQ_s9uXQ+II{!vfdI8-i4p-)9`w;;F`|=6snm8&U>=t
z-vZ!b21&=5Em~3#P5u4CT*8@ZcQ&*-){)OXLJB6m@22}&zTKVdy0$$$F>{<VV0FA`
zu>L$h(;O>LPm-(<uw2C#+X4Cd^4nz-u4ae@f!2`&^_*SoTYa718nko!TOL44Z^lL_
zLR0hFFZ<iqzAqy`Yzgk)b)(vWN_`zrKhyIcvUjx(y|#{lY}D?kk@>ZyJ38C87v5(t
z)2v&od6ARnMXPMW3s4JF*^I!i`pT0R$ur~phx?f-^KZq|emJY59goMxJDKw|2XjK*
zEZG|``Yi58sS`vO)@N@OPtA_bf;Nk06}5ociR$11-^=#1-Rs_Q{)!jyvX$eiQsTyZ
zGN*RqGMzqat$)7KV!mK|*tncEOJKgH_ICOlHP>txc98n%{(R=`sL5B^zW(Qc+QGBR
zV(!3>+6@Q45KmTSb~R`-{l}N{AJ4D4ZF8?qfSc{q{7US{Ua2$S`1HPRLp)RW^4xxP
zFAtsF3iHQReC6S+@)HOUYP|UCcX_YV1WDXN+pa;Ku6^gT(APE$bK;)(Gu$Y&>~6mB
zSBMg{mDb=}Lp5BnEIa${z^Uc(u@L261-q|3^1NI=Y4<R~+*9byJC&Qny7ifQ6K&&>
z&wl`cFDX(Kr)8yG2!+pSl?Qp#leukqA=}D)fvL<F&=P9#b6)$>{(%Le`OMi0d?SEo
zIXThm`~{v7oElf+L35e3lj$*VeE(-at;HMC7H9h7Hm$*pFX`EYHR-~b1o$~m)Hx%_
zQ|a<k-ygMKpZe3#%hP9_24_QysfC5MM*DM-BD@CF9ZP)Q-!2wy(^jC1afM@dg`O3z
z6keP?jS_B}fhyOGL|KfFHMa*}k=A4pF6IYdtcJ56o@8aQg>{W}0{i5j?A^)slF|!L
zp(Jd>26X~++(Nv(oOp}^@KN*r{S7CE|2V0F2`U#b<rD!30`?Zd_!rip&<*j8j?nYv
z;1i}LC}_1swY4euZW}=bUzu8B1w>Hb4Ve6&L41;EC2_6-PQKE68b#lP8QW<ioWI-W
zs}P)iQW|KNb7jD$3Ilim9@AT28uql^f2H+^g0-PY2;ScqQ-GN@1LR@MUy&%*8UxFt
zX`>isBKF9;KlTW=+6_Ucr@`GT$^S8<6%)M#4qu^oXCGRl8uAed^(Zcaph6K&3NIUw
z7{FobJ&nH<lfR|AOj=;c$@-hM#f8&u%ii=bE|Qa)4}Tf81*!e0@BP1Js4UJkKnfTw
z9V@vP_(u9lBy!Fdhf)#*xqz9RWG6hCFgiuIk=q`_6i{T4PZSdKdaD7-IQuoTFO@uG
zWw9ebd@p<GewwyWAFTBajW<4RwxLAkE3FoPKJ}5<H~P3S3QI<&T+9ig41<nlvO{DL
z@?aqSj$XEyEahhqSAc#a=#e|Zr2v(!=4@*o`x%ANEe)3>Yb>c!fgCtcd!zoFi%M#d
z${+*1a*daJRWT~;?3@d<-c0DfALsu?Ce=g21or%*8fKT$R{m*pWP|w#PnsPErUp;r
zk;3=$YzQ!uMe*7Rvzib2nx$}9)KR2M&uO){RU(Hxzx7H)oYYr{g2MBAZyFmxwS{GW
z#imU$Y5w+wK~REO2H<KKCl3*a?{qW1&1~-0!-d!zh+F-~utI`qQOYOn+vzWo9i9P=
z7BFIRogJgJ(dcj<f>g~dGLkstD5(ZqX7+C1v3^RS`?;Mf|3iYP+ys(k6He@AM?vDa
z;8v|xT=KdL`w2<2ebfB`3QD3<95D;f!m~}V*&hcX;#`!}8X#(mf?fcMsPGu0x_MJ8
zuaFT3yN5A9Aj}|rW|S@1{Xm)V_1~-_NP_CAN6}_nl<p*)b)gX=B?48ke>%J++^wO8
z#2@;Nf)%cf$}D&x+W`X=cKf6B750tbY0Dv8z)JzG*G&k2y9L=}^XVMY$d1}4Ixkjb
zD2G_Ee+FneI$WVL#BpyEf89UXq%x%8(<8TY{&bV5i225h&dwy?MtPdto*JH;a;%3D
z`gKFLS5YdR1-`54glfC-_g8(4$|VCv6=SR*b7vI2Wm(97+faJCHTh0q>OtHh-IrX(
zzj{|Eu8W5L4<!l%?m4(>lP1^=_{WJ_#-i4B4;~~!ZfZ!>AinZF<N-rmIsJ5@Q{NA{
zjUFt3s?ff~_^{u9M1=fjmGV!7pV%i_&Q_+R7W6bz2$$ewjLQU`ptQp;xL>Ex5p-5u
z%VP}qnvAPBr>d^_6j~W-B!3EW;56}*9ZFW)K6g>)yNw3g`P(kllb~<`;u&obHUU!`
zM7dT$F$$`FbjFStUh!7bS>pZb7#XFi`Fo<qiA?l~!JS!mwpR2hlh_m?%5|oqZ3zdW
zYOA|p7=O@+!Ko<Myk!lF5xe&kqgW_E?bz4{j<ev9%eP|d`V+Qd6pQOfaD>FhgU99)
zlpj7hea4xV5-8Syvu*AIXf<x(+|(yvI)}?nMf!M9#0;Iuu$tF33{-d6VSe=NG*T6a
z|Dns}1pS^m)d_qObjk+GV=?BfykvuhBBUU<m0Fuh6SMd)9Hx(MrZ%^<<!o2;IZd8N
zUDZPqkeq#s(>E?c97Km*UQIun^39{!OZz%l{oG<=dIJ@F9xl`e1fiP|6Ur;j(0`0%
z%S>jhnper5rzt#01&;li_`K+F2o^@;So`pAYbr#wn3+#`nwd!<i<#p$OKCJX5$m5P
zraDkfiOM)7XN1-$Q(E89)5XX9J|DOCwdg*KFCLm3i@_8f9nny)iR!miu3n`%q^lH+
z3}qLxQ_68CbX=79+ktxBDBdFm-2HgoDNVYLU)`u0LEuSSDhfanx2d@OZ)55>TtgO$
z1MHK(al7`Hf}Ls8O_<lb!wp$#>hz%Q<X_8aw3?1&?yuz}S@zd*Qpx*2EvJS5$8w6-
z`D;17<vZ2TXuphRH8;yfn+y91-aUTBY50kV@nPo8mkmuK;^66fE&-@$>%42nue}kl
z(K$aS<K(=<y}U2pjrK_j`)dr+_BOixsWe^Mb;X5>$WV+U#Hx`KNHV5)&X6L#T$P!#
zk*p$?F3Ds8gq#Xxlftw_`?@~uno<=4t8?I<A8a-23cB-Jr{4n33j^0ob?I>v!6191
zS{~x6arEoxUYV8F_ki#Lq;K=4i&Q!+KmWKTxN9GxyI-;W<2bp~h@t$tm+vlLDsuN^
z4}zF#n6~7J4}dSP)@4D(gpc{}SnVbM@=vVpY6U5*Zhdw!=*Wt|_Gq-ksw;8MU%#)l
z_zdT5qvD9P(E9i>GM(TU_UxBtN<JnUtPepMn*eZS2Q-k_AbKK%`mDYNHtYRbs>Tqf
z*eN}Skj(gNHr3<XWckd_Abal(SH^ym9{T#Fy$|CeUZOv)GK`1>rR25GRo-nk&XRbD
zA(h6_b2gTm)rL|2oyXajK2K^FlxR)<Z=q>rygFK@(!k8Tx?sGPXsCwMQJ9ombe$ex
zaqlZb9MqmbmSX2JL}z^Ew!n+uBy8Y@4&-sXjK`M^B*VMQ0po>QtTVHl@Pi`LiPM^;
z!-b<UR(dribFjUkBlReNcI7=)JOw~HtP*2J2M{mXv`~->sF7h1b{SZR0Vg;sLXC(+
z63R6}tPmkSqj5KEc9Z7+(V76f$xB^~HX5@of5nemX40&nvp{fGeh8@<iK_C>!jr^Z
zD3+H1hxiusJG1Pnceu}XgS%Ly=^Q1fGes6|XG@iiJB@@rM9KropbUu#^BE`_wlQ$+
z^=X<;wW<G-n|ee({oisEzuv#)CRfrmz^jWva)FT;F6lYo02?vr0`=R|E1edRGc}dj
z0`y7N0d|`pTJf=YrK1XWF>Q6GS60@WF$#x5+fp<$WZP*)5k69-qHx-c(v<<+xXmYi
z#_}*xvP+#dfprWCo(Fg)H?Pls)yw5FaJXJhJ=?Ps<S;UO{_qfktv`Od&AwJi0HT%8
z^{M&qk=?xsoXTOWxP|Vq6bXiSb8@z<h)?|#jpy=Lv!5@+H-i21w~V+dxlFp1A+UxE
zqWP%V7T+lDPE-)(@ARG$75a=({f)xJI<Gjso;p4!^W1)#$d!x!v%Yk*n8}~-YOwOf
zG8-E;isYWW;)9ayuB30!1@y9q0ASvDCW^!u)|fyzumtR&OaFCc`Tp8Xl>C3KQzNP0
z@6O;y?rfHk1X}X^6w@o$TuqGSyLEW1Fk?~+)B~Ko&Kxc0-l@FTX^jlq3)nW72V6(%
zi|3Eg1L;heHpDe)6#SW30<a$9NWs`6lb`<EaU%aA?%M3+M9U213#n)oV2m=QVz)aH
zec;h6Q1MSY9f1vmOI(PO+T62isKYEGA~a@k_sw*%^H$0rfYj3bz!b4;IhqUg(2TU9
z@ab`Jg-&_IVFc)xO{q{iR6kSZcl8$cC&f;w$lhccIIyg6lk`c_&HEd*<Z9LjM%k_4
zcz4SY>hNRno6G=DOjjC@sd><??+G_E@W^9`abIoPGG%o^)<k^&{M+myT%UeOuH$pS
z<4eMnKRC)4d3F3#|0<dSR$$-D2;0@c-;gFV%*}3+u8D<9wtBpYHdUZ=sa_gY-_HGK
z^6&|Dd@2U;5hn3<Ge0=bBYeogR*D~iur)d=Q?lw>C<^d)t_^<0`^0O8=N*gIvYg_9
z?5VWq?GfH(q~1Y#N)ChzX4ai(9Kv0BYhHz+;N?^7#@8s%!$j+>h&z&kR7XK@TvxPU
zEROz5B-rKQJt`P$sX2`p_1Qf~)^@nj-J6MynDM@3MMGHX3WL=*Y`U)|j3-SyF=LN)
zNM+%%Xuy}5s;+aC@0$v@N57huf@9-bcd-DdVj-7a6{@~W=qo(kzmC;Ya~_2>1Jqx~
z3iA$x0_7_A8tW~yUJ&qa$x7Ebz!UQ$9HBn%ghn{<Q3?rDh#kVBSLOCd?(rsvf>PHz
zIelE=+%Pe!_;BXph!6P?&PlRxy-!KwrV=2`p-A>7BKxaZdESaP%{@v*ZzUHqMHTbh
zu~C<{T7z-KWPNfpsmZCiq@fNwPDT}%c~$%Q?Rlh*Sh-61G|#I}ia*H%@4JQ6`u-tY
zU*$oh&aU02P1Yq1G{f9m>Q<^p!uR;6ed?%d^=5Ll@qt7(XxXVuh8lP^(F3%Fm@$9|
z@9z6(g0h!gax$KxavD*h5vv`ugbvb`H(q{ixPy!t;~u-AjA6Ah49gEAH}Elor$S1W
z&WBwv+00qi;KgjGrms$EIRdUo7#-$M5)%vDb%pP>uH&bf;zEu6;HyP<@~0AGbE3Bl
z*r4eUumaoL%q-XPy+K%>B?b?%PIcfB)7Rga-X*wGTOB>!h5&LqQK;aS+}RwO`-gtq
zJdP6X@n5+LbA}}!0jG3^k{2Q(?{)mg=gfCGKWXy1%f!r_DXc*9L<=fODm*o<Na|4c
zBEodZkdTtBlWiVAYy2nfNLDhtip|@q^R+wMkOqXLA6fL=j{b~FI-iZzSO9=Gk{7o+
zgl3lS5lNs*_>uGdt~fFzZM&O?Wv<L6ImuV5!}$OqAMw&V*oPk=Z;z`l^6yCYPx;bK
zqXZESs}O)^({zgWnTus*LI80aOvJ_)|1FKabFX6iEER1y;eaT0=xSp3RxxvXmtRT$
z=os@zirVGtE&IG_X%LQVQx5PxzHuV;I53gT&o|E1>B$@O^(%?A!&jNl#G|jy+zv+|
ze>(ko9B$<8!<R$23WoHsg&)4kuh_{wjFQ9f`yZD-npI{GC&soPo#R>-uY2`O{-a;H
zj;Q=wzal)?{xAJ1c|^PPQ0IdEKl;_OX|yKrZ~rP;1?NBh)y4tBfBY+il5O>4QVDw%
z<4$${h+{7-n3f9;Q-k#6?sg8u6WEamp1M2O-;v2&%Tel|zKVKDd>_nY8r`NQZb%L(
zf5fzkw0vm65qeyObbxxK52{iGPsti)VZv6ddwuoM`OG4Jt-$%Z3RHczWH8sJI={sQ
zz&ru?b70kfA9_fkICfE=&Zhg<ZceL5q&iZ!Gx9v#HS6=ERChKKQEowyrV%FAi`SKW
z{IxbKrnsHPs5II~<R_PDA%tY7V|iwC=fEFE&zA!#uplYI3*}&Yx)8z@k-pD2Cf-wV
zSgNR5jCGoBOPFQ}K=j{-^QqkKr7Yh1E{rxS$!{sWQShi=&R4~=mT8aF#Ks=MjniC(
zu18(T*he*7=t8h^?LQ4EC$?VxKd#;~D9&Jc<Hg-Q5ZomMcXtR*g1ZL~4gp@=HMm=F
zcMI+kTo!kCcetB#&i~e}yB~IItKO~Jn(mpNdHUBq9}tm0AX)A8(DM|Cg_4I(6A2{@
z-!9rL<?o#rp`K-Cp9wHF-rGsCH{NG>p+jCvYiq~a)7GB`nRq_`>-X_z=qb%(3)pY<
z+VlJ&NnFB|ah_YSFZwnq&=uFI04B^Lt}1qSACwVNEaJd~*&jqwFkz-l04B`ZlyL)j
z?w1+<5oQOg{|K{LyMKh4-y!CZ0VLrs18PAD_(WQD&hRh2a*IrbHs-Nsuq8x?Kfgxy
zMZ9K)9~wMq;?D4=e2qAK1Xey5t_QAbi%Kj+4pq8E-FJ^hKE{EPkws2$H8CKzhMMVG
zXo-`Nbj&8gE*o~viZZ}%?yrkJlef3K5_&YM7wunVBdSOH(K%wt`%p^JfSF*XatIa@
z>sc5-pDAd<MKq#!F>We($?arKKf!Z0Ca^<S<k#Ar<OeAZ%IsrN;4*{zB(Cn-s;vX$
zDwyo>*|KhYH5NI3z{zCoGp_IBCKV8f!Vvy)r7gwU9<Z(<8t(4u;74khnMOS5;}hFC
z2lpuYs<ckaU<vu#DeMr;nC%e9&-Iwp1WA*u>QA-?=!G%J!A(pkRXg|V;9S9$`TE-?
zY+30UA<595cRBtAgtzdFSjUQ-oK&n|uQL*}JezC^9`Mw>>MZa56AZlQYjZq`;|z^U
zAc~WPk!J(=5UKTRxzwxX@n8eSgVyjjxeN5EbPj|1Z+iYwY3(d7{k3Gz67%ij#-dXS
zaWw+VT1R(QqC1mqY&w&}XA~tYNnZ*}+PWn_JdwmciD3hI`{hRo#|DfFO(})xqF@&A
z-~o5QxbLg8Z7tnSzuDg&ycH)lS*C?Is`CQ8S??=08&MG|yA8bEw4ykA;}(pARZbsF
zoz9H(JjT`L6uVifZRF|rFvf}gw4?CWRaSnLA@pW#)vxDj8X#l}e>?M7>SK9@qRea!
z*-!{}#sZ*vBXb153T8`23U<+DPYQe*$qeG9XG^y3PbC#P;zi0asBKkF(<d_8hSS+`
z6Vh5>*5j9d>>Hv8e^I%{@V=JBy%eNJHZ^l?P13*?DlGj_30<u3UipDA$2+%jlMfD!
z3(8BJt9Ho`MTUB|*d}Ry^tixfM$-bF&iO!?yhYZu&RCq|mrnLK+bsy>caeqdieg;(
zTXx-iL&m@Zh4`Bi@!bAWOAPvk_(UaUidI`Y^Ivv+w`x!uOtpG!mnA5gwr#a~D#&Z*
z@$yDwtYOa6|AEB5sHvlkB(7c!Q8s-IgRf~WOu$Td$%JuWrK>S@FTP9AR)Zn@4<i<z
zX@n0<JA`s6Dz4ekNGvVUoh;6hVtfv!(&}>kq;bIKB@+Uo;D4*QJzkxBTPL|2)^B&d
ztW<mD^Uyo@?m&)uM(RHoQjaYB`BR<UdhfT2wGv^|z+|(n0cp%KE&To7WKM-!K+eL)
zRU-R!UEox``0}jX_Un5}O0QD=?R-Z|v)4NC=4iGY+zu?{RUP9eSNw?RunX;+tI{|>
zzuXVF*s67LbM=<fIq!(>&`+gpPji`U6>40f9c(+b8$EJXqOCXv_uO~}9kjpR9H-8d
z)UU%fO@8ip0`U~x4tw0jT#WADzb%aFJ?%OTK5PF3tbOcOGSG<{waQMi=lF219>;->
z<_;pD<>{bt&4<Tw^=oP7sAt2RK&CUz?Najd-PxiG(Njeu?d^b8(>LL^H)EH|<;_R4
zp!R2HfX^;_mZ)N{X0GK8$MxW{c}@UzLMfVdpSJvyySZ7^&jKMp!=AHqC0kFY{<d)&
zXgOLj(Cz5tP9MBE>F5A!@oL?)Re+xz@zkAnn|09X#Od?6*=yGQupy?ms17&ePq#U=
zr3H0R?#J=E%B$0uyVb=8vxX`qBCL7EdvTEKk`+HgMik!a`|Z~1vESo-Z3h=){qk$=
zr~|m@+4;a!o+lEKr;qy$ZKI}V{CD1D|5@XCOmFl@H$`aotS?n}w?#{fF2JbOdiMN8
z<+^Uuxp2@aVkGK$_KZ}|=u<1cgGCq3=B^3D8sf_i5A9k_Yx`Nv+}WDQa?p*ipn1jW
z_-`St$WEOou8MQ0DoGCSh55ii)y<Oo)}q_%F9+`pXo9Vog)Z<H^-9r<nS1yf0hh_L
zl2<-LC>p1_1ll*ZF6XD|KY`fqQm4J{X;P#N#M)K$X{T-1@lUHW7k5zw<C47U4CBL>
z)~kg(zxsftRc`}~&t{WRqpt?>t&+oN(*tW!hta86f<HniV^Bi3XLS6HIq@*kQDiq1
zl-F-3=aar#r|fDX{0HgzF9}xn_&*ZNk;XHg?imUR4uFAz;-k5fPi+{xokSQ(nw*~>
zLVK<FRKhn}X`*C0WH;Ni%G$?ytF=JU>Y6$*z%N0J;J4=)Z|iI&-Z)Tf@?V&YzUu#A
zGPFL~g6M``N?N4-kn`e5tj`$15Uv7{zq8Bfasn7IZ5tceeAfstt5BviRLG2DqJi%$
zz67QGg`{0ev<|2XYljL@TlQCq5;-oG8Nvf}S5Qn0d|u|VFRG;WLw)bUHp|j}_*ir>
z^tWWI;W0k{^lF@D?mj=#eT;btm^_?^sGxYdS?mefGz0`<Kzf+(qMd4uezPFoO>Wl6
z64&^PIES1+S8!i|Wy60fc>!=KZx)x3m-JX{4_Lfjs{}$&z6MK&V93ng!t8o&j=~Tl
zW=UKTA1#BhERndDR6s*YF=lOxYrM8T5~=0ETx;7#oq;}s(H;s~FJqJB)HiL`Y6zG_
zpL|r}Z^EFv1&l~!_myS3H=`9m{Hqu@aLaJND_U?a6(@43u?UvafvzeY9j}ak)wiS`
zJK3?GeF7^>V(WhWXxQ6M2beZcr;D`RF;ic<wL*fA;|{2|3lH!eM!7eV4x)C#nsI4;
z&ahDuUT8|jgmX|AOzJxD`Dm!vUZQQ&fu)r_nT99Jt>Cx=ky&Z{zH6g+U#>OxKpTpM
zhyu9KRII#cQp06H9Yn?4jkmI{h3T(g=nGj-zoSm&GXH9s!~hjEOfi(eTG$vRfEAb(
zaFj^sNDMPBLIT~jzP2PM_ieN{zdIz>-Rt~f-=>!e;j7h<0zYz0su39#-ex*(CdTjT
z&%ST8ytsI588n;NXGWeF<Keo=&?fqC9sN0``Z}I0dj|8sgdYok;-c|Iw>P`sg`@q=
zu1IpKnHB5CP9}sPgvDCN5F{Hn(WJ4j9PKwj5sOyneTcO52xC@}pqMz4j5@Ct$F8x6
zw|0Vr4@K>s7{^(S`yy4?^B$t)b1gW?I6M6AJLoGS8pfaCJk_K91BrQBmIfe$&BB9K
zHK{f@expMJlt<FW7@l9o5XObc$9d7X=HI_PqCat8^=@K_|KY>if3^%g=fWENlzvQI
zFSMF#9IGn@Gea#(>h=h8v40#&E&7??3ku|fJM>Eg|5Xrjhn;iuSB}P$7Zi$lX$G}X
z&VRTtRjDsxWdHcFg>MR9dZ^o;i(-p~@nX!;R)Ch$@xk6Wh5CDuaN_WF8kSIODiqoe
zPtVy}$hn;v0Ok5E)NJ~1M^6!h3*2a~DZ7GNkn(S`(^kqPyI>usP*^`&6^g{+EyEc2
zK1zh2Bw1c{VJ5HvsQn(!*ssA1$~NvgG;WljO0f=-0vIox5+VHnNJO^a=Eh@9qHb4*
zK|tR&&tTgv%Y9I7hQr&E*`dXx_kS|B`54>($=Lr>u^0ZS*i*s`?{wPIQ>GN#*kMga
zrBhN7dy8u9VRU!p_G)VRfsF*Eh#I2Bv~|T}GU*g`1ql14gUSJ)9dNeQ{>j!2$}tO4
z$T^Gwk+fx@g_=M|>LenU=G66|5si7LmBpOc7iLXhau)xjc!{|iso+E~Ff-M!wS=23
zg3ZY0`719At&4R=+UL|<1+_vVIi@*m2ZbBDtj|lk!|(hjv;u<lZT$jc+!B`%R@D5O
z+q{wUXj68-I;?S~dDv(J#bKn*4IJS-Z6*GY-*$%?Er|kle<=k-zwTi1oh~MAs?uiS
z<6XKBIXJ6|V&^`$?l5mS!KCwN8)0-2AWF>@7mNkNh*&|0RNsu1_R5bseUTl#?gwvC
z^Tsm2MM@Rklco4ucys?N@byXEKT3Rgbvt_qumvG6Qg@H~Mslb##s!2Jn(qeMh^Hj6
z7ygv<8UjiptK)f`ME?&jbEua1SLfSd+uTcRgI0o_`TeB%ge-(O5C(edU#;(-ng;4<
zIJBt`89c8vrv5w_bi+-?yO_OtVjo$EUg7fOUx&F0R2sGBf5R6MIfUL28Pjz+-AJ7k
zh=4+8lGZ1Qd^j*VjYFVjn`JZLa=2%|u*OS6R>LLz8RsJ~im*|N*ZMGSBRng=mY|BX
zr!mn!dS@4<7vZRx@u}-)Aa#<Oq5>}*Z&su=B@vP7#*&!6$l=u-_~p7`KT#ZiYDLQG
z@h#1gdwF@L`~pI3_~oZCZX$Eo=3!kjAWmZzZJ`xl_1`+)TRK`1Eu`D6KB#y>Ya(DO
zQvbX0%P5od&I>Mv0%1u|u@J8Zw%c<y=_VV46|JDF8c9>c<F9cinpJNri)nI177?EH
zzfOThE}uX8FS-(nJk!kwd~y<JM%CFHXl154rcMxl{)?rZE&3ur3mU`_9!=-%h4hT$
z!d8&GUxH~97-!Wk84Jt4Yflu<I~@Qj#?b@;57@e)0O70<q`+!6r*@9OTJAv?g>;lC
z!!eTD^o!o9p<DkyT#Em6?&*?G^IeQa0~YCg+!tDvY@Y~GdPsD1N!Gz-htGf(U)G88
zI{LSnD5M-&sg0p6f|-Sgd6ZMZEfa#xA1}yGbp1^wtV!%bEk84BJmwOHV*m_es0HQ^
z(KeyD9RFW_?B}8w6#O-<to2`HLO^(}Gn<_@P*s)p;)9Hn$9Av*pDgl^Z(sZI?mJzW
zX#}QleEXxVXj6bVQP;QU6RrHO1ja`)G_qf!-^0$Rq{PBI7fFoabxdV442c2~j8!9m
zYq!$GRp{|^et_n~;u*}yuux-__rfC}D@*75wym;dF>mbj7pdeCzOk1h++X;arylyz
z`*cE>n9YYs)rs;8nIt!wU%JeEd+%(xXA~dWrSWkT8Vv8t3)Kd}%on(BL#NH@7TI|8
zxvwSUF5{qXBoL}akAM%?EIaDw>sA#!st+`><6~@uNq{qN;(d55rg!*?N?p14u)0t%
z*LSd7>@=`zOuL$bzXYRFAipG&{N+OveBsF=hsr4-;dVZr0pGqvAq;9)Uac?!Lyf{h
zFw<bqh5LbHRBaqV7G4SA(up4u3qD~Bk7n18vWtqwE{2xBI?iQ+oYP7*yYtcV7m-aH
zZ{oqmp3+oF)jv`@U51M<A5b;dqF-3~uS3o!IbDzH&fYA}R&L!c>e9y7rj!~o+g%n`
zHiZ`zg~g~U8Y~V|yy8-*vE!}3MxpLMCB%QQqXeWAW=wu`r+2DO)Qjyi;b=kN3X<;e
z9xwAUf`qYuhZAbAuZ&m5Q!?%`+qpc;e*1ekjxOLI@~iS?5Aaws%hbYRjB)s7u$ZgD
zNt8l&HII|#Xq(1ptn};4$k@?~wH>y-;0etC0c98lV4%!b>$oRM5)70j`~%7W_WuH9
zjO#|+#GL;H${=Kmcm4;I#XJ2ED0BLMfwF7{w$I30`&Ov`0m_nNz(84}1eqonD07uF
zto{d-5vBkCfij5O{{zZYtKv=x{GlDCLO32+MjUR%!YpyX<k-PEm>iqk`!6{rmGO@p
z8!%kkASHtP0DEWzPo%a-x4(^Ur)QsH&&<J<Do?ZP+Gdls>UNG6(i`t(Psz5!=X1so
z({|i`uNTsmv<nNR^PFwl9MO8WaUnk|45v~5(LTqbK?GBXtE_+cT0dh9C4S1D3izZD
z`1#!G`_-Rh8ul}#sw5h<FY$jcC@$<9IE)h2zr>R^b6{R3zEvrO**-~w8k4K}hP9Yp
zUPj|dE1vr;Up0yW*L;hDm+Ypi2~?q4)mODrVSX-rFgxZ0X2%|YoGlAh9F5ku$0JWJ
zk$2oQ61%ZVoY!mh8;`hFbx$8TV8TMGB@kfboM5P!eL??v9R^xrbb0rh6GWK>f*O<K
zxYY^YJ*;1}Fqt*90lDM-;HY4L@h|vkj(7Cg7dFHmxkF)tg3p5oonn{V#0FvaO{(t`
zI<NcY(|X_EZsL6Wt2CZ~g7@s8Hzl(_+Ml4aPT4j(C7%uYTISW4fCAvvAo5P*!L#61
zW9fa-5}<C{m3ywL2fCLG5RW>i-xyEdjq5vm78p;#UnZoU8MVqaz(0G9n0;f*9*{d1
zwr>|^q~4KxRHA=hff)lsaCcw`Zt306%78{+`|vrj<Fo3z#qTQJlDGYeCr&5KDs@P;
zGT)CQ6?iaZu%ep)GE|(eyR?GHAMK9<%l+N16e>3{TJ)wC@ZmaoM3)jQokaoPl<<dT
zzhS}lj*ll&Gq~X)=YJB9H~6O;sKSIJ!q6vhU-h^rE9cj0X@9Oto)-iw21@@`40gWv
zOER{gR<|x*j(Rvnz{%~iSelV6jZv*Z#f?&LGHdArgl0ol%ZaDq+76e^$HJ0|^su-m
zhCi{Cq30p@nF<Eap7t7_)LlJzDd1Q(&ls*}@=~)^OM>!))IuU-K5K(mLeJTE&pd5P
zdhxM>rO6T>noL*;K*5_AaWAKo51$;7BSgjgO)#q+PxnXmIkIsjC4->Zu>}6ge7)Kz
zC!fIv+`^rrZMR^LyoNy{he}=cN5^!ql1P{EXBhbz$OFD9xe8-N>xX}rdkSd!SRIE5
zhz;s7vXMg-;C4KR$Cgb_C|T(-c2f)c9qox+v>a`bleR5)T9QIS#6K#FH);l_iaukj
zBL}QVf&9#UYqhjoot(;v^P<tJp(e|d!k|q6bd$-!#_YH+nV(tW+tfbTzkLo#e&i-Z
z50%C!chZF?CeH1gR}{)3aZ`HN{*sKSoAqpwA0Ze4v)nbFF47a#IUoI5d)-I)^=d&I
z@wLI#=cVNNY<XDgxPIo<+Lqle1koIu&#9e#$TK>6OMOuXVMJz;!K{_=9IvBf4u)l%
zK9b=Rdp;Cr;uhsZ5N`k(SAqPZT@sGSBKwyT5^?fu9dpFYp9zUav6u1DPBZ}fm!SMO
zFbK1xfH|dC|753lIn#oI=RR8-I@mz>rJ(jMiM4!zctf5olyKEg+Dk^G-8Gbriwr}Q
z1Hov%ig?}F3i_i~1tf2Y^jO~rtGxjWzi9pOWq|?5x7sKn#9pO0G?=?-LSB+uHwvxg
z0*O+~DRE!a$#q_lay?&xduZT7dz4jI0uK%}_W0rX_n3YdtD*JFN_1OWV!-Q1=-x9s
zTcs*eU#67$OG}vGhyH<tg+$jdlU~ENt&AyC$mhMA_;q}1e>T25$<{3HTw4qCY&9!_
zN@6t1023yQS`VrSN|HhTSyqC{l`Q<xpfT^J-4=3X=^_@j=Q9O#B5t6x`8&$h5NR1J
z$ao*;DwLmMJnZzT&jxYwdKasVt<R4&CmNT?INJ6ZhX8sWn>Uf5u!>ftM*PNtCW<{Z
z{n!fj4@!EsNgdNCYVqZ*u&pefcfERiKNp6R4cq@V7e?Ifekt%CUHMdTE`NGP+L#qN
z6IaXe`;d6XE=fubpsLfsx#?#c6m%S}V%o&snP6~#uGjfgA@8WhyUMnoVcIvVxtk$;
zKwUJ$hFbY+umHm&bzsUY4K~}yyy)6#U*V)^J<(hzjx<nhRsxIj=|(}wPxJW^wPB7o
zc<E?F`T1+`67oXfz;AFP3ol15X9W=J3pbJZOgSwB!^e9p0JUyTS1U{GrJumOttJeY
zI6LDs5+oqPf|<gpt{7x{6Svt{UPg0zukt}<&_NL0#%Yk&LWr$8z{?7owwg9{C93Ob
zDPR@qs#;c@)QCV-*l12~jOk}CMAHv1$HotSO)!);NsqTPl4>ai7DW15n`b|c%bk`o
zziFe)OU&{J0leD<_#6X5T{48=47#n88Ij(iRCbhYz3fxp<?!Jr^Ir`d6FyI-NmEiL
zW^cNw!im$2*ZYx48haB_L3op&>YjSXvgZa<h1o@b@<*rKpj*|kY)>M>siTpX7B)c2
zp?oY`iKQ;P>!qaO`KNCUJ9<EI*ip~GIBdEX6#3mXK*VqD6q(tOSaV$xndzYKAWp-0
zKf^H*7LHWbF2QK=NyD@V128%(s%8-bXTMR>lj?ujQo4G<mC$1}+PX!G!NVH@lr&o{
zbeKN`78?DYyRv7$DWnufqJX?S#U)yx8C!@jp#?O%A&%m7?t{seq@&x4Thw}PvE9=g
zuc@1XBsQg)B1gv8O!>4+nbL3krhh6>uAJv$sBZi?4&}1kh4r?bImpDfjQI6}hR`EC
z3TXU3OJXE$Wre#b3OW_hUW`0Fty_ERg`44eDQYCmC7N+EwAYr8TY8vjt!i3Mt+81P
zkJXl*xsw=b{e^g~Ntz47yZ%yBeq@^`QN}n59F5cxcGuLF3w4kAK#d+nM(shLlz2Eu
zE6n0G7BPc%utO`e*R!;<O_VCCPD+%_lmy%J{kGF!(wmh3(iR?XVxl|&4KAF2{qpj9
z+&@pXYER%U)At#~x_nEKeTDcrc0s=f>B1xdoelC1^bRDJIJ5LMEKJx~gL1_H7w?Dy
zj+JB!<jV)>Hfq>3&`zAYp91LTaN#JwN@ZCGQQ1X3XZ0um=oF-qg<8gbDpsOp$0atL
zV$cxR6l6dGE*=O@ZBQDh$kcCW1u7sh5Zg>qNV`^kD0~kM60}tJsJ7e3@nMKKeYZGY
zZ6X@1@Y;O8#v#}@l{=y_`_<aE)DR6UyA}w3GkdOE$>gLx+l7=>HkOY=5?xgPHNrP>
zCAf4?wY~)5j!PfL^=Tbstx6dW(fnh%>+N*8#NwB#5k!tyfhdF+(nFOz1cdonEAQlz
zIv2Dy^2nTsHEKOxZXQ{l(Sm>jxxD(uPsNU6S1<cTMKV08Am4IT=vpPDAvtt_xX3`D
zwO!OdCXwiOY}<T_i(M{Z9o~8|>v3Y<WZ2>&xHYZENApbaCll6VRf_3&!};{E!n`@c
zx=PmL&}i_7p@oL8Rx-v6sjm_KEu~eS8euQ<qA6_o$*l=!m6O1=X`s5Sr@GTfZoB!;
zuyJT`#PzW6I)EP!`IR_eaS<q>W1vyr(1EFI3wjZlx#Wg62O8}WGbq*2b3oVF<^)Uy
z#wW_r`qJvXZoW&7;s#C&RA`VW9~+@WmYLJsojQX$Hesg`uiAN6lw!|eBTW$xuOW;=
zJQ4B@SpzD9P(lpdgv8ma#qab2D|{d5)-s1K3fb4wml6_Snv9ZZiGc8XUYH0oe&WlD
zj!!A+gT?JUZ>J}ttmrB~onLMVm}1g#VOtVa3x{LSJ-+PE(BGW`u@{&xZrw%MyY3>-
zp+<U9g$YbOCFVm^OVVmy;+6D>ge~nOWgf<r<re9w+S#_*aD%bQkfn=ul(1Pvqdxs%
zc@IKr9Ly!3Ra4rsY=LiLN2cG`R86kGle#QyJXs1C(nej<>iqfzO*r^mpqjU>x}uDD
zd}P4IUioH5yz?F*I4&M<HTK?a{FWZr$dfu=jrkSf_TIX<v$0(<q4LKG?xzJF*Zc$=
zXJgl<U=uge5R?7bH_eZ23C=fEJa^`*C6)~XHP#>b^YRC37(u`y?gj|`*AS_%CH^g)
zRh|yv)IaOVpWad~wR48LR!P;DiPguX93J4;@^oY``X)pQOn46>xVj#Og@@tZ<6)lY
zlhaN(zx*Ww!N<L_b7#GYOyLArN~Of0`>l#tA}9yMHGDaPo|UEv#vrKtfUiTAF1CSW
zy2Rw{w<u=A4q&PWQ;c3m4M{E2vguB5eB91_3_VzBs)kHj;estk--y%MV#2s3(}vTu
zg{D!|bsS{xFye5kK4yFQI4-cWZ7Al2BVQdc#(QGyJKOHzJ7`v8KaRdNE~;aU;l9oo
z@aHj^Ox*S36L*w@kC^)jr>Acs4TM?X>*X!h3qvkx8UXR<N?mEJ`EP8~r|7;LUrFwK
zc4iZ`1>}{MZH|YrDf1Ua0Z~50GlU;1y|-tC3bR(^Z`;zd@E6=-BQY2L`kpWGmZW}h
zLcc$C1iMehvb$W0A}uGlW0(13U%xr1*|JCkzB1(+&|gwJOBKv6V4Xtc@l*7zew;kD
zg*({8F9Y&%JJDpg*PL|VT$FU5Wv}XQn@HHVgVISt1h#l9>I{VHQD3er{Fkh<u5lUl
z0+txHD@9MG=(`X4PHa(U&jitC$H`x7a$M>C4rN77|H6EmvO=|5$Z?gBMzzwYu49B~
z7!6%Q@2ZX9!{VG`j515MsfE(Nd#X8kBV=kbFaZ|lj2Gd5=mt&cy2(0h{)HA>XD!Us
z^UpIj-ffqZZ!;JgVkZXbQn;pvQ-aXLpre!<DO3D7bBnv*6Be_D*e+0x8%@MZ8w~ve
zSk&1KmrE?EKVn!=ZvUmvW6qii!>^yDoBA{1FYpt`E9Na2l_lLpw#zemdMZ~quZ3tZ
z01Y5c)Fk^(Qribpo<Wwua>&)9qqgzcH?IrX>F^PT2peyjCvdJtsT$!on;X4rswC$#
zhQv2k8jv@gOcwqyHD^~$-w3f~Xm#B3{(RTt0q-BJpd9J>0d$e6cw3Y8!3gV+=551i
zgheJ+Ucfd_N#@ag7ix;Hun+Rv2=s7tjw>M59_9lR@Lgm@(!Oynv-;2XnJ(8TGOL5_
z#8Fzf*ym1<#t2`c6aGG=Y9i1jgu9&_WewJjuom>ag=|8sZ-1}wXuw;#){io2&OHN@
zw*uDpDi&<e<K8Npe%5CkVFfx{g}?7hbvvKSIpKIYW(lEHO6Lh?2?N0L&ro<KtvLW#
z69&9(bHMTb7FIV=miy?971eFd;%nLPpT|O@wM~?}$14?0l;PameYbLog;lU$r^5q&
zDX4c%>vwJ$R!jY0DaM8WMvu1P2yF81fXJK91r|+Q=fKmm{|?UuHb4w7>+peS8h4ET
zQg~9vY~v>yre$*&(|S5ZBpDXa_<6$XdERx1V5_E!*iNpH?{bQH+IFyJwPq~tM$g%C
zSoD@=<MJdKN9^qn3NqsMYD-@XnSQSmJ?oy~CCMSCC32?pI#soJP#L}?fx^k9L`VO4
z2H8g#P&2vE6^Kd<I|r&6+He6i<<qM(90s4foNOqmCe-<7OnLI7ud`tQ(#C7?rMD@w
zu0TW7fI*cj$iiJdY4+h#`ea#yzmpqwN&h#6FS9_RKg81b)?t^ZR!(ZQno2(T$zN;P
zP*~gzGVZT@w`Y?=&(xkA*R~UYW{7Gj^k1*Yd9u|(8&cmDCq)Yx&n&qvSEGh&G!MI3
zbH}lq=l2>??i8QV&P!4t^~WbPq+S7}-+8&_6_WY-4S6CuWpu^)?SH;<iZ-`2X3DXf
z-V9=9uNUU!2-B(J%pUSMDPM%9&nmlvBPA04dU5VWqUu~2FNhFF$o(Tu7C2JoUZ_sb
z$BS&H%eH_cB~n%H1vpY7Re>WVL{M_V1Sv!S{w=kYu`(gtX8^p|o}AqFZuD}pJX8mF
zm-%-~JH+ui9&%5>eApE1-B|oa%Rqy-tP|KB5_H1<FF*zu45%N3u5Rz<&tUpa*FX%*
zZxk7S0Z%lB-BqmhCi0rS$cNg)Za(P?sKVs)G1Hfn3wE~JPf2s^5>++dp{h@R@lz3|
zI+By3u|*F7YV%Om_el>2J0JZ=LUnTu(**E1sp*;w)vvLi?Lo~(HzHc*6Q9%UW9OTx
zb5kwaAfK{HwfS7_wRcFAEYKcF0|TgB*q9*KoyhFu9$w9niMO;^LJ+u{xXkN~5bz>D
z+DD$zG_pb}FI_8yLp<w*>LUcRk`JZvqfLkHKAI*2gSOm)CgV(Rkllm6&X9;56?H$D
z5Z7Xm%-J&fX%UvQ5JBU=g5NxSoFQ13wwoTi7qvD=1LCWS29wL=A{yE;IHMJ%7xJ&G
zXp<MDizxN0OsnsTds0nEY8oKBXIun2g1aQ6*lBS=dkHJMIDFJ@!(#A-vRJk%Sk+zJ
zeefFq8d8KC(_ryKW;q~Q7@Ja99n_5X<y)GKQT$C2;?eK1CIU&LH?<^`1{i_0RVG*~
z(H25-02Sd8IXa{xgSLS!^drh1GTD_~Rq)Wd(d-Q&Wz5k$frkr$hx!g5Ylu$oP)JPg
zkdq9+B&9Eh^Aju5iyc$5UfX1cQ;K9t#bgJ-Jvl*QxxzBOfWElQ^N~<M`LexDonG#n
z*zV({`)wX#r&N`4Cs8ux2R#ZswNQCGA+3SFcb>W9RJ-Kwj9dQf2#dBiyqYU?oG4<Y
zLA2iFRm(4AgN34SEW#`bn6X~Cg^?_V8+jg&<6N?}TFjcNzn@9C7P)!<prS&z{#7vt
zFmDIGY@eb$W~qryaSJp?afrN6$DQ0<Oml}CW|MgFlMoxcxO!c>qx__j`cC?0naZq?
zzi@f1=9uj9H+ECEOMBM%qWU2dT63RbPGzn+RUz)^WeKV~I_H?Mq%!WPSUKwJf{e@m
z-h^3I+o^843IJ=(hBTNg5(sr*U-ezHx%Ice4VCY0VQsNxQ*gQU5MN$?a5>}R>bE`~
zt<RT25arA#qO($kl<8e_1w<8riS3X>+IsL>Wt^sZxTb$aKPLw-p0BZMR^XkK_BsBH
zH*C-z>tNRd*bQ9*Z=nc?$Gk%yPPNqGKHBxCR2v53Y<g@c{4gZ4q@c(LXi!^wAFvK(
zj&Jg1-iCYf;p67GILhM@gLw|$*i=ywY82uu2vAtNqw9QkvV@pmk))PMdJw7|gabUb
zAzUrHKDC&9ag6ijkZMg8Y)+@3^=K4(W@PbLvdPVF)`6JhH?@Jk!_f>7LZ4j8oZ)p1
zT*u83&x$bJAZ%<fgeKksc2g+QD|qK8e$lye$QlLDH9-OZ|HJh#x#7k>{$O^@=V&GL
z7}6NOke95vNx=z7vQ|!9%9NUYeP)y)_fnQ~+0sq#VAkrnbSug@br<$P{_+vBvxgXq
zzWQU4J<ig0!nsPE%1YKl!uV*pg_N7{By0Ir6~#usw%0qB@3(P4iZjV=%)sx_FhQjN
zS$jIia98jH1HUQxtmIpNt?EJ2w9CDDArMql_D9WK89FaYF>V^!LqyKc`%P)1N@>7K
zWj~u*O%!!X9lk}MpKi>u4_^`l?%qc#Si`0>)jX|HaaG{fUCJ-4qi}h5Iccb}V4->0
zXf<}1$9M?Dh?oM6IEXy76p;HL9rdMBxyfl947e^S<TycM)ybynZi<&F5Qaod=GCbg
zl2~4nsM(Q^pL-fJVNlnMO}eM0L1)d6m`0|HLa3%lhTQohR2bg_e`16^Y&c7y5EbuR
zGiFw>C)%*TC@UgOq<SBBOKUkeM4D%r5Fv9kd>{E<62uJf$VhJcPRdkc7rURp^<_VD
zQ5TaNn^TTno^{2hbA8$TYgG4>Zcohy;bG&dQUJ?O(PCJ_n;m<Us3d+Cdz>^`+&KHH
z(hg@gy=hiA4hCC&lG-4)<Ry7VN9(r+>@-$E4-}LN$)gljF`D))cN$iigG9g$V?3M!
zq7}q*2(Jv#ffu9GC7y=$<N>*8wb{O1Gtw>ib5=rlV8ZLthIi!NLUTBl0Q)q*<g_r~
zo15DC5Eg{kDY`!sY^iHNmIKveNqb-lNMw$f3V5#w6!<4gk8VrXz~yP~ZA~O|#D7Uu
z#fDD)Shi!OAJ6{{rC@)rF>%tQ`tbRVeF^?<H!TY2b3UW^HpTae`iY#pLd#|LngUg%
zLfu`g!GB|F?mPY#ajV&DPpzaEGsBPnoF3I>%;XTvQY;ik3|waU)U4!q<9J}Q*tL#^
zALj=Sx;T)T`TNCh)N#321uSUQTh&*}EnC!AI7SfP$R6yJe&h?P{)m@;&Bx{5W$`Og
zSpjT92SZ)0`xPph!w!mZxf4&$q#5l-pm@<$b}g+Nn6*8=DgN_0D|?Z|8U3P>?+c|F
z;oo=-x@&K3NDd&{b)P^5c$e#SBt?4Fy;xt)6^?!^_3H}G+;aaO^qXBq6P@MWQKCVe
zL|GOpb_Ox~=CG-uk9E<4Bun#h?1k%cfXk8#4hk^=sZs$*T0j0}&h|DuV<O~3r))Tm
z3Qb5v1V`VP)agJf2l8Ao*#kw0uLA>rz2?P|o$zJ+-VvSAPu^1_!|*Q57OsmxVH~RL
z>vc9E0uft5Zfn>!)PyRmo?bhplU)!pAN?|OTvTvwpaa7D-=E!g_W~ZQXG+X#fV*`Y
z;S>{E|K$bIQ&^;Ur*&k3yB^m7I461pfk~qkd<I!6=b9I`*`x&ZN-A7N*l_Gz6~BN`
zn9VYY>wRv~MwdHFEz&^yAx>BPD6f8Hb@5&}1r!zIU}FklGxHY}xj=w?0)FD7cian1
zb*Of?G9!V0tUq}H?+|VVdiVJ#P^?)uIb4UhR|ReX!8Dr|q+O?MjaTbp{Z}j~EvTFh
zDGzkVfh?=?MxGWVa70?6MMqm86lHEC9w<_;V~uC^S4={>LaW%+O`}+gF6^s-ME|6I
z8LDNn25W+CJ=WbF+*g!L7lvTP3gcqU{tNc*;Qghuhfo;#ko&AT<V^onAW_rRUbTIa
z-uyJRvh%}jkHuhHew+f&xa9}UShA#Y+(%OZx9SNmffpTz3j#Xe3DW})pkU|miL}7^
zFrFb6>4^y&1~q1dMceiAM>Uc3gDbipz)Z_!#!RI=PSQq@w<De&LO9(^jEDq5h^8rr
zJ0(VY_Q^dm(g?j)syPM$C|=Xj%=;}K*5^MAb2sZcIFaYTqre63K8y3Q2ue?!?jhg%
zchDM%+VXBZN?OQdys!65#)BbU_N)R*LedqPi^RjOEhDvhALIz+amjvwSg`j8wYRkQ
zjf%SL!!sk_rS~AZOWPCBJ6Q=x>K+nD>UoIzzWdiG{GWYq(<<q5!0jUTK2}h`*gGJ^
z=pAHoCr!bDWo<5Og&7Q{%t>qXo6UJ7UW{hHi=JZIbYns~%72XQ%EC&L&AIf0%4QdK
zV9UWyWtEx4<h(+3nXw|g+ryyf%<=A{=;BB@qGCr@ot0?y+)kH<&TU56YNV>a@sfz7
zS&{~k8Yo?QQ)+Pmo}UxMH(TN7ly#Y7$|Gq)G+z1yJV57tJZ~8*{BaDl*<OVkYANcp
zb{b+<#u77sy_Y_N(!Z7ctk2h8R<r)8U&Jrlsd>nLf_EGcygUy-mxiYJo%n^JO10w9
z-7GD-{40v;<{bxdrnD8`RWVRsn4i)0!jTq@+Kn`2S8-Sja1vt@Hx%ZBLrrd>iBsqf
zxm@(PwzovlpI`Yl`H2pV+&Mc3m1>U8*3{Dda?$oF(-R=Ubog_vwy94b^|0GJng*g(
zW7n+1r)8%s!w&aGYj`ebm(({%0qlC_oYyfw<8g<O-#xxGFEp)Jv#$G)VY;+ZPBT=@
zwbhJ2uOSiug5Z7C^q$bGQ|Nno3DlDwOgKj=5w8=G8$xIta^yXkAN!ALsc^{fP<9^d
z0(&)8EKCS#;}mh*I*`L8Sc_Po!O$32$x0ZmVn}<|5sXWwQuGahDb1QL{jjhSkxQfL
z1VZs+p|PSoes6|XNy5{&#EORe9o1!N8tK0+QaKqw4AjPIoxGD;u{ff&vY0ma@el^O
zBpPS-otk)>qr?!s{xo^6BD${ltWuT=xoO=a#ev3nRHsMN356;-Uj<q?`GN69Yu&8?
zYD1G))Mlq9O6Q$=D0mC%6GY&neh0m1@sq&kK90cWUzEQX4GU5V*tDnn72#@)(m8NJ
z$p=`Wbb`m8Jh-!@{2c?PvklMYJW2XuluH}Y;3qVKk3F&fdKu<RIOfa$1cDDs8$Yiv
zO}Ws~bnU}4`+vgS{)FZKR0Fe4RlLr)cMhJ!)XLeXP)RcW55<u4?{4nhqCTrl3JBT>
z;Q&nGD)W`@0S$Bu>R@_$UM5YNA+P|m?tka~8?_obZP**Lp9$-cRb)>DL!l%{iv2m*
z6pC(<dB`o+mjZIK*O!Nci#iEJz(2d~m-I^!Re-$ixW&<{k!HqN1PlG4<A8I9B2XL7
zA+w8lqDg?<2tFJ3lC)rtF4P^jCqwHS#8U{nQy{*xi%-Pi3gSts2{!2|G|>A67pLn@
zZNGg3x>m?QtW=lAM685GE}gnVbKLYtcWdpB(r|glaJd=P>QrwTtMCf+yDOF}cZEF4
zGVmYNQrX3~KjV+6HdeH5lQ~5NX)9K2I}aeI)5GKshhgdUEoJXG10%0b=wYw%%7FJ5
zJBBmZI2&v3s!tc*v3<1IfM50Wts{kzZ0Z1(%QYQyWFc-V(r%$H;;{BxO2UDS9DWi(
zKoP<Sr{;0N<(!UCo%O56%X-@!V2c&Yc-*IwidDWmf&8d%@dENMJeDkVvPzCDwyPK~
zQO=A{d=foc&EhM%mvK=9n_qoD0U9PtDzlE9fO4r~j<<o2HZLDg-~U?M#`twV0m6|a
zZ|bn(TgT0awetwr{?<RC2{YgLq7*yl55AU9@!r$HwDbOeX4}i;tEF$l?zC`G>@-ZL
zo?lP@x_=Y#__OfXUMADzm(DWTRpdDgo|2pm?Cis5fd;A@*tWfO8^p}!?iFgRr!8JC
z3HNXsSYphGW{45M?@M2e^*EVaY#^HV`S?fJ4sY>EixUD2ScX5n8KU6&er*Nk5c&tR
zYFl_h%xw8~oeONp<DdlWfk(DD9L$9)vJ;$hgi)b05Qr1ODkEyriv~Umh1HG9*~{7Q
zrR4%)bA3Jx7K!$RXN`D92Qd?u3q|ZuS`m5Xw3&(uOF$fO!0^F$C5?E;KFXk*PIVm_
zEEFuVk@@vuDvW>xTy>DZ&X1!ND0$*p98G7za$UF?SDHr<$)A$$8hZuBYY2HLTCmW(
z#LM^Q>E+?oK$%;XX)qCkw&6yhs`Oj9CD0*56q!dHJMWX;X-0MwGtkb{A;jA*@OItb
zy*s>kIEMyoJY^XuN5O&6=}b0NT#B)BkKuh4eQpQ1sBmJI43%`y1cHCq(lBI1AdA;F
zKm1m{!I2sX@9g)f)BJAagtZkVb1=qAE-{-4zRdNfO<O~+G^%?@P|`iP|GJ>>yPBg{
z#Nzi9#_g<L6+|>oxDt$`GhDIN)wB6bJ~Wg)iAGMK{`q?4$4KrfYgI}2*@_q^=u?ME
zz-pNpMJ!??yz4zFqU*lOyJdA-M)M7a;eBvksbv#fn{_o<K89-ppU`mqS9htWLk!nm
z8!ntX1@`nBr{s86h`Rp3AG4f`MtNvNdSw4<GXp&f_O1r_6DMhU+GCxO;5a>iPXrh%
zr@w%<Z?W8lQy>n+(TqPNKk>R0p}J57ZcY!DnMM9Oi$b#%Ec;L8PP4&fiInJox0jHk
z12#CnRvW)htMp_*`-IUU?y>W@*@sy}g$s6{rA)?b?69~EzeY;J25#1BQ3i9nje+1P
zorAz?6a`0DtBG1{JZ7*Fbi6c&6HAI@04s2gqUP{bVrLD`KH^6$`i6}P6f@x9AIhK5
zL<Mqm_r%E%T@1k=M0xPBZ@y<+dtFg>BlhitYr9t2r-iId+{}?Gv##f3*2|v*3$s&4
zQoM0+l{d@cW$-Z)W!J?3hqj*Lk_TbEr?{+Iy-xldr#A7FO8y*pmn)aQYftl82!P2a
zDG!Q=-(@|jjZ*Jf&?k}-Ozo8-c^4*Q3t#iLZ2YB^Om;+=TZxqWX7kKJfVowh{(k%U
zvUoX=;*!?5?!p!0@RpHzMe#F4%(#v@&N`NpM76#A)#O3JD=0Csqnt^4Td$*Bw{BFf
z84cV?LAPvKI&PSnM0{B|K@{&E1JD^~Gi&iS5*7dIfM!brGk~G~w|#xfH&PIdoJIra
zC{|C2Qa=ss*6LBl0gQg!<ZF~|3^zQQe-RJ)qnF-FVzX{I6<TIa(IEW-K~cJVrW&n*
zmRYz}aV`B9Lq@)R6jrj=xnQuV&#WK&P|c)g`iJ00V^|QX&FoOHPS~J*FJQ<x#qpYw
znnAZA#{p7FiT_18&X|g#!R`OGC=DZ?YIT&ZRZ8H23HjV=SbDU7Y6R*lIkZd`I&5s;
zC)d3dKj2Kqq3`mORIebOeCR19@>6WvdY*{t=0ivc^@euxWKgv(S^}>4#|gG-Xzi@u
z3Z0wScS!s=!=VQ3hDQO22Y^sDt7wAScO)r8HJn2wD0GF3iU+K#4@$PD0&LN)Jio}3
zTI_I?G+oj5eOm-&7|F-sv9JPijxGJD@_8*SnS(X*rM?uaY|YmX`AVf55UW{uKFucs
z1}%z0(Lq&vGr5X~$2qNdPM*Qz$<P&Y4eeO9a?E~Mp>yK)d0=g@3MjoS1&f1KrG_RJ
zQ>FgiuP_ucLYCCg1TvwsbcFmRWgG?QSMZ0uJLjYz^tcsdCe4)};`J(;ncoy#!IaG8
z<_?aRvQg~@*+{_OHSH#>lT2K9XtIn(xWE}Jj7kQKvyF@6mVMB`mIK@UsvB~TnMOu&
zil*iHhrk(qR0KB%-~sn9$WscA>7eunm$%&tMyUC+dLfjV$-1n$giTd9=ogJ|?)kG6
zjc+nMt$|X^XN^R>-c}4wG_+2k$*s@9yU_~#JTM7NQlnIN7#GPLc=%hMSe;=axll~!
zjL`<$&tukT#)rtiEv)5?p|FOG<=2W{$8>)~R5t7WxB(^m0uGsh=3jB95Px&-g0JzQ
z6~MF-tO0!@8oOha6l%FXB_p#VkV(nu%JLUIMKs++KGDINC#R9n$KUH@%Hrc*l7-i}
z?<SP2mLeGZom;g}8Ce+n`q`uNH~aG7_#jm!T*6ZyR?ce1c+ECbEVLg-7YzTHc8`6b
zPDt-G+UazQJ+Qun_95N`)SWRZh|J9OQ3f{al#}mHb&9p(0<X#zm3Sr#nOJA;aWKz>
zacK>WuW=DqrCvMVgp&^sJdsUsZB7RBO&CoB7GQlV2x=Bkd<E-u>@gs$t023UI3d(=
zAzaP1Vm$*LJEO&;qdIjyGPPYu^!IuGoZ!)P^dxP12C@j@`RkZIU=>cCreq&FS+xaD
zV>V~J5fWIEqKZ*+TpocqACX;@Lt_vVknXlqT>|kfNgW$8Ay_IcK<I=T{FC$uM5(X|
z(HC1|PsrqkkQQ4(7OR+!b%BgQIV!q@Jt_=^fu82rxvP2{X>GA#Xt80KFe@CF{=F($
z**V8WKmo}<&QpE%;fsl`J#Pp6niubQ6AC5M2WK`r7ED)F_YE4ux_Z{-(ctlpC5|Cx
zca%|NOuMr|iWbjc)_d<zR(AAaTPz$V^RY3;45p;-v3bF=Ov|v8%;6m#)eJim9jFoF
zA5Q4Q%X>Nx7Djt%nwQ>f6`|3_7u67Qx|x`v0d!V$f%=O*A^)i8#m1{)(A^5&QzDl2
z8H<4r-!;_TxOuR7oniFG3qmNe;w4sKvDt>1P3S-^<`T1WH@r)gw>5mkQbIZ0s6M*p
zJoBH+rY5+ghHPY}e<t%c`)4xE#zjHZdhGx+PED}M0?huIEWj)s8KVlBUxyX&t@^<K
z)3Rxe%ynKXAk)R_q?~QL#)IWi3@<-5<~+kKBGnB4-;}X9|G<9yhj0u<oxPPDSz^)C
zhi!({g(8RbE%W!GW>esyX34=1_)h&d$JgD5PEuRcyC9|m@`y_ln$zx%*#6-ux%)56
zFl#QNdrUp{cEf6p3s;hmbY6f!dMrKo8cof#K<cz~f+%XgYWLY+f?$heCg2bxF+J7h
zvdpU>Rfd235gyrHt+|5}tCYdUYMmP}i4pOWcA%lAZ6gt)G_8#QWsJ;*=7;yh4^367
zbc+Az5lkZ(f3EksrGq0>1gI_HIK7j#Qoy<KnpCZgRSb>bZUYfB;9;BzE?yf0FJ5(#
z7VmP?k4K3HX4lq`BydE6pr;553I4GK(bU`#+L6?TnCeTH@wCy7;0SA-1;;0~<%aKz
zjAEmFL2fVO^OLpXPPt}feD9j|Hj>NBqN7}GqT%Y+_2p8d6ns|o<^EB6e&4ln4=!3K
zYjC0O(xz%cT#r%n0FzbD1I;F>!BVloXpxVO0hD+J@2_bI|L;0Qa@;}aE?;i4;|ad?
z3C;$;A(6CusZ{l6t^1#z%wEiDf`Fd42hU;f*-5yXPXEtz*av8V4eKEao!34Jn+9Av
zL>iH5%0D@j%bcO10(c)XQX9=Ug;LxvMa3%J;OR5~km|^MIDi2sFV^YK;p>syRX><K
z`5|#K*JN;++D=>!_z+n=@Kp?c@6#AD^<EG+I)cKc(sylx09N&b(jm1(1Y{;W2;`(V
z84`?r1KA=ZNDKt{A@W$mwu<V+c`^SADFx%+6s7%0`zNk;QMUSe5w$-e9M!}jz!@HY
z<1h=rgt%!L88-o!nyT7eP3BEPwt%eA;LA!D6Se1#RX<7Ysz8K?Kp90%7XT&H_VlRV
zRcf>Djrozq-soNcIpJ%%ZaWP|iH<w&nH{Rckq~}ped%=!Y@B+1J2A%hx}Qmw4RCQ*
z81&%XS{wri6ayc}^~bQ2S>k*DLA$xcVJ^4>NI<BnJ!;-;8D>HFX~jW_o0o9iYkymR
zLanvpS9zv}`$+m*ebhpnBLzBx@=AEW+S8Yai|tD)5Z`VW6^peTnJkyfe)LQ;S<@OS
zYdYCu#JZswE`>BI-K=hDe<M?FdD26s0V7NjXpq_&haDP?v0L0Ih$>fHpttq3THY3*
zFQ=<l>#3pweGA3uhm(^nmnlak8D;32`LI)Fo2xdFxJaalQa%lWw<+$D7=}&H`+&IT
z+NCFO7-&{AhbV2|(|64tB57}7&Bn$W4;nOEO|Ns^v~D0*v6Z<&V$IRt+-+#$L@B=4
zC73K77si9up1N~o$@zOG368$drK~^>IQl|^qpyaAO#PPFOY228F6DjNW%fVs+!B7}
zd{F8f02m^^?M~2usA**U&KGj%+BU#zIN#5S4W;)vUtt^E>!2s}t)ID~gENN0UZV+6
z0MGm{1j7CU?A*!wIIPYOuskVhH>4ZirT1~%aami+^bqz~irDR_oN;1+&_HH^5Sctk
z`o}Ps0qiuCf{V<dQp8RY#vI=4%djE8eJQ7CO&J<)2RtS&EYwh?F+8Nl%%OgGMhv5D
z-)DlR-c7XcS!TnnA>P<YK`if=vc9(Xs|pSxc46opmZok}FC_{_$`E=K$j<O}gJhH<
zBf9atg+I#3&%~2_^EK;%0v&#`p#XWH9u`FU`>of+rj27mG|Q(&q>a1<nO7i2i%WKq
zJS9#HWr91K_t?Oe@$0t4an3KFP3opj&Wz%BU7o3b<4XH)TpjZMRw{$XmA3Rp9(Y)3
z!NV#{LaPn9`RK7sh5P;d%Q7Y2b_-{e*G-sWsoX2^ty==1Y{nsJxyg8tCLt3z7cBK~
zJq0JOsqeEe^SjGLBSAe$F^bZLgXHNpwh^I$mc}y>7<sg!F<G2p>r;mZp3ZN#J6BH!
z&Np2Uih1C)pFbwfk~ANQ0d)Bkj}w{K6Mf5Q2M;*uR|+59n~I2&N7bCw*0?X`QcTd$
zRVr`a%>ck(;ON7i(v}5OEf`A)lyxJHV;~4DLEZ)2ZBBGvS#{QZrdrSZ)pntm2RVL3
z#(`V-yE{M(5xU%TSt0liG<yqm$GqsOCZ@p;GR4TkX&^(|<NCD><%IsF9`mnKYuLNY
zn64tx*5}l!tLBEX%oZZSF9hjfZ|rnzD#pDV7vS}udMZ32E&2xL&l1@se&2;I;e%5E
zY#^<yI@WbEhni^8xq_AviQ?Mjz^9wVYs~He7zM$ZMzU~R78tzm`cM_0TovB@*h5Sr
zigwUavsgoBq8zX5TI{>qp;i@aO#FFp6Y_uAK+1ueT==*Pr5R!q)<cTz%=jvfm*mXJ
z2gL(T0;F~Va9hcofuBNwAWZS1)IsVSN8@)?BJN0>;y#M@CpE*Eu{$(&VR;RltR)jn
z=p@o<0X89I6??4fmUu4zhe*BaE>83o^us!cj8!{yRjxa$lxy7Xi~uom+iK1frwd({
z{eLd9rweuw!|}gouV5G1D>oVkyT~3;{?AADm}oEBnTMSE$vVu3u5(vC17i0bP<MFC
z$tOz5CY-Y6Pakg*Rx&+lcn9zJ8)HV9`BhkJme$ypc)h4CX|cX|#%#j<N9YgQke~^i
zY9tpWW+DiUMniyfa)>z1OZz5Wbsq+40Fo~KK;zn%z|)AVsUz$)@TKMy2)W}`#+?|T
zM>G`q5Q$_jHpCD`;%zM2>Ml-E42H&GuzdcXy51=|lc;UijjfJtc5K^L$F^;B-q=n$
zcG9u&#<p$SPRCgJzqOb4UVDrhqvk;!Rh`Vbu6y23!-rvPwk(lO3Ox&>1jx=v7<tl<
zBFx582O&Qx+#;e(bg;hMH~pPDEFc~m_5-fxtc8ha?=+Bc;_`8p4bQNPCV%`b7t1gf
zi0p<NaO`<O1`0svxFhWjCQ5z20C;-zwJ{-l2c6bNII&*>S0+vbtt;J7H-vL>nGR-s
zKdFoBBDAXxO!=N{(>M@qm%qzn$m^~^(jaVjAyC)5L@Pns1F~@#rzbfQ`&jo^{ltg<
z{D|7w=$)szb?9}UGovQop_V!qn(@VV48MK2a4uV!XyzySXEx%36RYJ{02rgVLi3E~
zg&o$LcM<d-JjUmp0)t#>4FE%6GJ8xi6nJ^!z7N#j^O_J}Lkt(Zx06xoKdivfiuHir
zp|!Iouzw%(d6Rcl_dd$A$@r;P9;v+_T?1o*k0~S3U$q<Ef82+o;r3a_wI2y=4q~-;
z-^Z+4;xdV0m2h3)GJ(W<1JrSuxD_m&ix6udT-!(x6RlNoh6|OC;lik>StHaNBizkp
z>KPv&@%x-G(DN#@wtjzgs4`0AfnmEYyMXxAt!UU=Lmy~qOq`U(mctcfIId?^nzJ-y
z^C~bzHNq7DJD(a2+aHL}6rpbNqvqhJzaR08oglo@zD%}{!?lRd0CaRPeThK)yxVum
zJoyKcJK2lbp&nyn%azowkLX7dfi4>k)Pu|asmNm7C~wS5E0}D0N*~5UrWk5{RAI7D
z;n9VN27V&@UZ_Mp3j~LO7q*jUrSuIU@byCtq?ow70C`h_X=?`)wZTwH6=Aycn8@K-
ze)#_|gee6~>Nzt;-`n$B2vFclv1*35Q7coj1zP$K19`XbMb~-s-F=a{Ik^k}An^~A
zOc=g;&D101nQiKKOMGv6wTG@yUY0%8R&n)HTvQxjnRGV4hDFS2b+(Z#fu|J8jXM42
z?6%+A-hT5xwpVBV4Rd?F=OSb3u_rb|V}x6E&EbHQvhx|1CW-N%664?g7DVpR@2{ua
z7NcP?=0*rA{FNTK`B??{grU*6TnJm(-xzb0ge{NLDE|>p(2F-ur%MzMd^ud98j#V9
z6SO${REarMilu%_rRPHtEAH?#;&lHQ933_#K;*Zeq5#Dsfcj&lXB1b=h;l<OHN<rH
z{r+L2NLCGQTOegSMrHU>jiWy7_WL$g9}QsaF{RX!Q{h`<p3#+KOM8C?PUJLitS5_U
zZdAqmXl-tN{R3R7bX2>@5@A5RA!tT4|25>R$ZaBm7>+mMmr$oj{ii4K5)&^z)ddN!
zeAL;8l8FP=ZYCc8=rHPKcy9s)=mQ^ROb4j9^4F*w?usH{YjEfUnKUE;-{SaAn&C`A
zUb6D&Gl?}Hu+UNnw_C_i<@@XDNLD4ZX#_8n4YCBc@fRul<|wi^`yz^2sIvYoE43Ng
ztU7BSv#=<oCng!QpjO{nA$rCUFRPEk(QJ)iz|Qfs6Wb|ntDqA$X~oW=!OZc*+6xGU
zHb)3cs5^fXKWPl)RWe@fv<X)5af8uo>_~cn0Fg}NT?z9?16qLn1S#hE^ES_u<54Jj
zQ}tg`szG%f(h$y{N)7gd4=3Sx02+FDJVNngz(uYx4oU`oEIACMpV47m-Ci7~4PTb+
z>?MFn1)NImlm0QNdCIT2eb|@%3-CYm6zr?w=x>maSpnzK-?ax_@Yh~MtLHz?3HT29
zO_Ad?w|9(I1Rv8r5<t|nSl^VR=wL|M{+FIwdcO+i0ww%GOf`YzW4D&F_$)-?nf(%w
z1e!e(EgTqInxI&kDIv9*`R~#He;BEtX@QrwEI^C!MoMr>PF(n`*qd_VAJf&7P9__K
zWquH#Q!6Q}cwNhWWNw-U$6Ge`aBh+hm5BEJsH7l>_n6RfiymxQ#1DDSC#!BlhvN7(
z*X&dRoZD~+h(J=7&|y2|-z{Opm~f89ao=Zx;Z5TFJ71gQF;a&aAPn6_P@0Arkd6d|
za{wVo?95_4*u8EmX(%pNOc(4>xU<`Q*}xf%>Gs`IU6!RZ-y7($T)$wBRS&Zx7``Fa
zNCXR{Rbv$Mq;V?{{H@^hs@`SiRjoAD+gkW9>wet8-{L5h>U2M?*Mkh3EP@O*9=~Q$
zF3OjhA$skp{k~l{3^3I2J6-_;Oq|ps06@Gc_1^#4t*?N3RNJpdzFN^4Fk3%&Ty>8b
zSC1ag@j(}>M8h(k^!eQT2&}&h)KNB`?6gth;O>uG4_pT`L-r!oWZSpN8hta`0_D}c
zQ8W?7v8y<VqCkV9vcBu+CD};#?scRaDxq*aS-IGVpP_JKes7C42$c>%CZX?t23({(
zdvr~9SfhccYQC$9m1o8?%`%$CgK~u(S0%ZaXWqG@?{mAfyQy*n(&57+qPX2gEA)WH
zJ&(3cHfmIJW^;46BL)gB%Y%1i958J|3dwN^ZO3+95)$bVx8;GRM~e05oIBeHgV<>?
z=lFx;rmLFHWAZ!{6Yoh_`3KC507jVL%CUuF1$vg_PuJCN0u#zyjbo0b3uou8A5Jmy
z6)*SToqT*wRNq!-O8$HR*j^jU|Iz0w;%zmEwX?teDpdSI@O>LSsz&<#)2H9htaQE{
z^!H-vd=T&BnKIRL+Lafl?2HN=S$W;xVG2Z~S{vi-Xdcm7gMpTA0vH-yfb{MMMU*2S
zyi&3@tB@WNOQW?8zJxC^R;?G^4%*i83B=pLhR}|(nOQu%wz!CD>$sn>c&MJa^Y0ep
z9~<E!PJVn?k~rfFI78cTm@q}#I=q@vCp$MblwrxiQ%Fa>rcXQX5RhAlP6;MD1De=K
zKbYGFwhkWYk@Qf<x>Hl_0CUj)<|c$V)o_mZ9n^O?aMoJWC4J>QKD{vRUMsRYE3#D?
ziD$;D*HnldE@BZ|h8Cx`48FVuQ+B@>N^Nk>6N^*&#Q}@}k15e|1u&Kv+(;{os#VGg
zri=Y9o{NWrfHex|k_sd<K5PWD%Ae*X>l7<2K9vD6U0}a0C_roh?fx&uagc`uCny-y
zaJ~XJ#}FA%*a1(2=r+4}@!ThF=+D>fmd0Y53+$f%rYi_!h=p)$E4TCfR%(91U*=d6
zzlmJB!fm;(Y4>KPW&K@xUCY~1Q#?iQoNE*Pq&a-M-tPWl(7T*5+`YNYT#Xf7U146h
zPejfm)f4xX<!f65q)X_IMj^BNyePG=z2s!&9|RgUMo6nPjKgzrRNN+6ZIepueJ(Dl
zwctI{g>3)^V)@<8fZ9(z_OZ`I7AtIa9vz%%n`Dq>{LcU)x6r_`HY|uOSH<j2vNLXA
z#Ahk0-O5t_rlR2NI&)jYq+wszyz-6#8_7)mK~h>W&EqftNc*N_tav$bB?zX>lKl+y
zX(;h+v>jf3GtnWkRF6~Z%;jM)Q`<FNU*GI(Z@1ZO(#a9r3gKS;+iaqaV$UP!^Hf<H
zh`yl4{!CQj5*h@{vfA#@X<rfct7`iU@6x^^27SS%IkcX`^4~M#vjxOsq^KwKUyLFk
zRQMl%A|-!7=ppp2U^G&kB#r5|b=~y!k#BbulJ;5Twdy118_pN2@vl-*1^MRrIntk@
zKQQ_W6y4RTE}(abmaYZ92E#3BtB~+EYZoWms@&e_FO5FTziM}ny9)#hbM67fa4KP!
zOE+a}j2DY*i$#b{>R2@4SQ;l|jCW4v-Nk2yFc|89rcInu+X#1_PIYLS(24P*-+@QI
z#tp0cF@mQT7=Hf(;63IYjywpT$EbD+FLEKE8~8Zm%RZ3nORRdjcBXlUZXdlP?`BDM
zZmGb@pi_R*R$X1>Fy}u{VQf}mpFPfBjn$N1u6{`NyYK<NyLXW6&x7IuBcQfy713gX
zat5dXXz^wCux(9cRqIF_WwuxsFKFKJN|XDoCt1(Q!yeBUXmh5ibqk$wz!}i-(J9m#
zRcXs)V{*~JmLKt*TQ{)n@Wx>>bot!(-Y{f6k?SBC!lf##3eSY9ZjOF)B4quUKb}*%
zg;+08B}cw(JJ=Ukt{$!1o~H*rvvmZ3wd4p8Y?$<%j^=VYBDeLYYwb$@EEb*U4s_`S
z2f4@KQGZFTt;pfjxu(R*SyGwzE|2qM)Or}#buGh)h9G8<J$%0w9;IT4QGB3dz<c42
z;&GT<is*HAyhf7>$p?B(hU<ze!G&LWQnoYlB<$6g8e;M16%KfmAr7sK#+9ao<j@!Z
zWt@No|IE9D_ril`QRVl*64E5enp~Hb@V(MCLRjeHAB?}q$&b)1SMI;OR!EBN-NQOL
zHq<JLUNkf}PXuQpP+XnEE$|HKPuEcJLd#6F*rg1vPBwF*|JX|c9UY_)j31$c^qY!^
zhIm=R&IbJSx__Z>P%Pz9q1ly=5f~!?4g=<9%@*<9o!Tpq**2;@%d%o;04!HKBBzIt
z`_(1d*B(_Q%HbOt>w0-@jK~uKloglNbBpUK)=i7nWuNe~R3J<TD88xQO@U{A-K-}W
z*}#p4#+;2_bH$+)Vbi(m1O)>%s0?E@S$2yXXc7PE{Or-!^QWU)L2PPp@g-<LQ1!+v
zn>b;)s5pmX`}(O{Q-D!|H7qg-KigidFw!ZQ(g@Y((}Ghkx9?f)j5+~k{`;53cII>e
znh63x{Em>>j`APoE;t^%qX=e@Z<J5AChESiij1%7u0r26w2yAQs9gCQj6#G^w$0Ux
z2?1xDsI(nz;?k+KjO;0gAf-J3Kl|Sk?qA5|ME?zFmbjg(m-)^YTM1uq)x@rvTKF;0
z7Va1VCiGGMYWX+yp@3*JeTgCM%!l?<9IKjMRh2N#q#^DwchGw40ie_#d7Hqyc6{4?
z?hooa0z2Eh0Uds3Rd&C1WWHR(5)xg|Ov^(+g2yH&>NBvHQjm|crrI4)WV*_#iS}l#
zD)SJXtue#+%WOJt5sfveu_-Wz**f(V<55ob-vzu@c&yrL1EXm#53s-jxL8}p>yb4C
z+4|2ue09Q|y~ZXw7u8i1^Azc>x=B^f1mAOBn)b_JFewEcCQ)yn|D3PG!YE>7Kb`e1
zrN<jf{^rCC9pCTJIkOwkb@9J*lwajbr@hVlv$ul|!&sTiZ|*n8Nus5`eopT%&wI}g
zH)$IB{LroKpRU2~XqIi*HUeXtM`~jV3H*>`;^>*;cR=!iskM*oXB?Q=b^NSKlu8KQ
zmC#>}kAj-aemQHgp3vQMo{omlNIxPmJ_r1h@vi`!_}FObnP}7H{iA&aCp`hMl2BQJ
zw6sy{;=pQ5el8Pl6yXVkhC+E=H?V8#V_x47g^u>zRS<*A3$2y>1D~^w*LJ=OJW(|w
zcS4x4t`Jr|U0m@!OrN$rODu6S>Yt*@t3AcVHh;2i#__{0<Jj@T{zN<-GS@cZPygo6
zOwa|0oE6d3(XuK%Cci~qCJ(S@H|XWT4I50a`>Gnt)e@PS?_Jk#ox8VVj-Xt-&5AJn
zwuQ)1gvYYknKbP67Wf1G;itHq>yr?<zYAjddKP2HiGv-?Z^wOu{g6E=R>9%MUrPsr
z8Pj6#((gvJ+ybYnR7MA>rW??C6EPl3!gLHUm9^)^13OYy8~BBJ3C{4_45wL!hkp}A
zX*LUL>wz(^-?*lI%ti6>HGOv(8N26z2PG9Xuf26Pdh#M(+BPC2WEipt#AHCE#Yn~a
zimht-x=Fg-^D0dfIY8G|VcFrw_q@a>FctsF#3*5ZS?~cB%;1%W=WCSa;r(EV8F2(a
zQ?aEfihq``mMENJ|7aY`Sony^-}pNCu(Z-p{H6G?v=eo9M{sz$5Soigu#tT7yqnvz
zF$`=do2R-jei33_3heq30TIz;G8{0a-Vx+hVr)n+p<viOH0(4!+81VS95GS}GL?he
znSGz|%ZO|&VLvgspv*+}e*J-P(a3iIqp8z>h;xE`K)x*xtfJT_Ry{~J!@2>nDoQfC
zC$H8WAUnY1tCt=~K;3bR&iCUb3qM%YyMO|H>>TG#b(92YLZ{ZOaG>MnC|(4VMa=fk
zcTx$OpB~~~k<2;kT|ec$CJl;AME3y=-g{YnVp8Dq*8%iI$lt2>aJi1WS->3D!IMqn
z!OJY_B=$+@-->IE8@~G8f@;?GyFEOaf_Pi%px!)dFY>Mk)1sJ|E7Eix?!HkR`D+gS
zV94Y3#4Hl;k#HOg+ZN5o(aL$@l1=uit`u6s#`PLomKOMqT4I3ky)jdph(%Z+cjS+d
zN|5cr{@68U{Ym`607J&xG{7jN37o>YP=N(|3rOyuS>NuOBxUYwt#kmWkSI#?LNWes
z>%e~TzyeB4E8fm6R~tlM=EFglo#6Zfw5P7S!K1VR-cLK5LT<pa3R6Ec2UdWV)9SBV
zL(8s?Y&59LL3o~ey`Wm1W0eDaG)4ibk$+dj^O~OAcIJ334=n>^j{y062=ahgQ}AD1
z@-$zvm4x|wN%Eh6Z+?!RLc2=;$BFEwrXlHxSfDtOk0$-CB>!&X{p&;j_m!9)-qAK!
z71nGp;$bST`f7dS6<PrT;UElamoc*<UkEC6)%?{RUr$?<n9iqL9&vAu-=p?3;~eeY
z;;5$Qr=pz(!W8;8fVC#!+IITjH%C_GS@#;lv$Z)hy}|k7hPA8>P0il*DsAT~5du57
z(EQVw&%85hgI8?BIYzzVnDuBuO0=G8?A)O;&J$g>C1V_#1A?xnALY~E@swW$QY7us
z>83y{*uNRDUV0;wclMlgCgfY6A5idfB%W}YCXu*ool5R#fN@jA`SFX^>Vl^>hzFu|
zRadd2Rc`Otfp+c5TQ)h$Mt;eBg|hg%;H#E|M`=Rfx}M98t98uCR&5czk@TOTLdSm8
zlrYE)I6_*a%dbpnjfvzCk`6^-98P>XrpE<!Rf%Kt0(!@jcjcnPpn-@blRdZxcv6(e
z2CnFWju7k*fGF%Z+0R!we0lr7TmGz80m&DVOg@M6&w%jj!;?O^1yHOUa8!J2A?52S
z3W17#^-Nfg?i<F`lKh0il1X{#=|vpw1I$PB>b?q%!lUW93>|OD!4{puBMPPa*lMeO
z>#2^zpz4W#=|pbnxEqCZkaK-kir4J=mYJwLUj<08fX>0H3J8v6Jnc4XYaNzS@3FF-
z<I|{g1VWgm3)i&BB~}<hdp3gWh}51IdxYdbgJV>=H6kQ*&0|I@VL@C{L`4_#^HIp#
zLN349foD~GCY&w=cwL#TzeQPZTX5v}GgR+ex1{mXN4=SGvV9fKU~Ts9u1!%@c5o+s
zkld1dfVi!NzL)vh<dtzAbGi^Z3imbzrW9ZqUg)bUsrLz&#vB!ckx0(NZ=XhbV`*ud
z5C^@v5PrLx2J#*NNwkL;>N{T=%*#iaR2FoS*>Sg8qOVlJ<!5G8fTuYTHdOuts&Vn)
z-OfbU(8Y^e{BI{w%*>JCR*10P)p~TSOyuHGz&}H!R%=?)2>$k?Ha`W;(YmR^WXL2m
zC<sWTa2lCGFwCFr7=6Bw^L}TrWJ3j328r+KVG<caGo;~yGm7s6pLGUH6<ph5uI54c
zpi$+<?WNO|hl!5T^!ME$>D>-x1Zv9Lb<(1wuCNW5S`(2qrxB_`OIR$)f7k~v&eSqN
z0TC{Z6BOCmMOGe_2U=}gzOs(1c6y;ML!FHmR;PBdoIL9RVCA`JL%&ng@8DDu<q^aZ
z7XdkVoWYZ<#YG9$7gR-3CqaGFC}8QOtTk^ap*+Uh+>mQC{+KD2wA|vMN<{>iIQ67N
zJR2ccpJNQN*!vIV2mDgG=mi=&znaZ40TqsfEe(3}?X)&Zr3hh{pvs)!wOdqFTiBeV
z7|vYY1=yimzm<JkS9s`L?0k#lvEN7=R^jrKsPSEbL&-Cwbi84={$ukHglZeq^$H@Y
zM5!X?If;b0xxHBmt4kWHaer>7R%IvaEB1<B68KErqd>%RZplvg;7_!3J%R%klJfNv
zxr6_iR@tQKows&=&rO|XvN)4s^|?7eWL!3g{mP7z6R}kg<T5cs>dwK>)n`d~3ix~@
z*&n&7X$fKa3~mhI^wc~Wn4mGroJ1Ft!Q`g!s1iGPj&@BWoUyAXoVuD}$Z+Xy*E2;8
zgCLKN+ij(BEk*EKKmRwGvxWz-MeCNI%?R2v-&)qZLep~>yCQ_?gve;d@W9ts;n4fp
zkXT>s%DYr+T_N9mF&S#nVA_y*KzeHe+iU!H09u>;0Wr>Q|HPG?Bq#O~9~#X_eN;Xo
zz@(@v*^LwqZ>#+8;VE@e9BG?Na4JfR&kd<uG=153Iep5aefR!|Lh34DWYR{IHe7Ss
zS(6N@%Aa?$OW6%3`=$%~3K{d<^i)aPEg8;bGYF?hvu`RLPcQ?T(BOmZ_5ofCKjILo
zS+N>MUd;koNXvWYJKxC6*!gv5%jr6SB`QPVIu_F+z`M1n;lKynWM1eZHUYl(_Gt0J
zxg5bYOo@i)Od@?WRD}St;k=AFlAn@v&l*_k%ict`I_$JLS)(%5$20ro&lx5kiZPa}
z!rYMXQ22CC-P^8HYX+4uJd|5_SWhD(V<vQeUXQIf9&DzK-?rTiq`0}woImP^V)u&&
zG5tKOIhKS@9hTc2Ex0=#<0`l~>>XX6H=%4Jr$}}Aampg;7aj;OlsVi_5}%Yn#YDcO
z!4Tg~z6<iEBqSoz#s75nb9|BA6Ia$$_;h#m_40ClJsv<~hFKov#EUXB$|ZL_O6$3}
z7HT&SGg{F1e?TX^I;H)EZQeK`UN*nH5Ky*T<z3hUnM3{VMUT&qc#PhA$yw|CqwWgr
zq$a?J;IH)(w!}Jsk%okz{b-_rB;UYVbU5zs$x}^NKaf?nXEcNgiZ8rsDrTSb2Gg|I
zA;(IG<DEU@{D-YbbHqq!I@H~+CTW|x0wGJ&Ro=Rdg>Cuv{+XfyhEkAOeJ=^anr=H)
z!8uq3W5X*;%AZ){p9f|e1nT<8pU&_1j20FK95CS@*S0SJJJ5W_r;QlQS?h=Tg(X{B
zJ7d?dGY-Wau5{@s=I?D;?x12>cq`<oWA;)ARw6qZ9{+yR(3)Qg_PV34LPx6s&w#tb
zjJn$2Oq@%PCV>EMR;?sSny~oT^XwK)atlnvfMppUw*<nvdOt@-K9ncQ^47V!miq_4
zQ*egaA@xZB=t|Lb=t_Te9<n?PQn9D{*{^xI!HY-egAe<Bc(7Kl!j83&%pr@zy$3i?
zL&UI7&Sv?d7?jd5o2jJQNglnI&{Ub?KRuifWs&t&{M70(<<uh7UOh1?Ryy7~gCBNV
z)Z&q?S?8t?#a*%j*~M{}&Z|`Z*l94l1IX&+!z1c|crQpC+7#;@8BN8swQCS<hN$17
z1ekAO|CNZ9B^g)RjK7h>)wA*;Xd=7KB^!~2m;FjFv}7@Esd(&|QR4;J=%mD|RSK3l
zJw~OsE%@@Q4n@U>E<m<q(FC&Fdaz~3IoqXoxC%$IO4S(Y>=mH9F!na_=#9+1XQcSe
zLY4sh4a}lr;)LBgOa<S4^E7+;Qu<5iJLgYn);MbDl&x2@WM%g@DKk}54l8I|ls<1n
zmA}E0pU{`camebtq`S}z=fxiLEy<s@k^C+3?^7b6CoBBr5$-reyL3uH=~e7HCk@Ai
z|1p^8mwji%pA*eArn+HS_I;L+kZAbCfK(K;2o$jq=MG+wPOp`I98P&5P^Xb(2t%NK
zJ6lg|P+})sH@Z9A7>X^BrQgzvu)+BGlUI}ddFvrj&cbn(Yj-r123x3QAfYg&f0qY-
znb1J^D+(8lWw3IN9LC($!NbEAI;nMwrQ`If*>UoUaKb#+t~TQ?LbLJCfbR<maFyt)
z;lcOYBhpIfU2ltAXZEIk@c8!aPdnKM$$2P_b8I$$V<9lP1JxHVJ5A}Jrg^2=C}Msn
z%yL*aJloya&+;>8IWPd6<?$V|5hZp)p?KwKVS9VN>YY_Jjb6)=9yeE=t$Kx9Yiqup
zHJ_reT@}?34caq8$x#VY*dgBvAV15drM&xPE)ZboHqLIyUu(q7x7;I4w$?Ga`!bU(
zFo3oSm+mNb2ra$viK0;QE-ZpnEF3h2&ueKqgfEko_S5E3v|)7u=bnJXX)XBbf<A^&
zgcml`D(?&M#cKNuuXRzQ*+3FPWMtx%YZnGt7j4sca`{Xq(@5AY;zUagc*m{h6Er8c
z6&=T^65NMJg(HKO@DECs;>Rs-Cm-;w@gOs}U3oMxmh%tAX@vy0{SBdkgCGgPPfF*R
zWwR1|6^F@2JinBV1ifkiI35(+L76sCRi{f$q9H`Xja63QuKV}6m@=m#K<a*Q5T`+g
zUw9;m4x``#+86U%wujUmu$WwT`SoMAbxIKA;kL8(+B@eozU;?F9np4D@q^c!XK3#N
zLoS+F1xqgYjf+|9nVY5t7Y7!nlSzA}dke%eQv=`Yz!k$Q*s*ad9_8&v!f~yRvjRM9
zEQ%r-uk;-}meZ2W&#qqXGnGXI4^ul~a`0(JQUP*W*8NO&`QwIkz%lgsn!rQxeCv0R
z?tQB7YAY|zq@7cV?wE=1d3b~B-N5U6PLp2d9Cv=E+kl+ydcoFBI|<%scF=sGFDc?S
zQn<r@HvhwN*3&q&`lm!V=tMvHbi2TN#@p%w3m>YlP3tjaCjdk%EG(CkjC?N|a^ZmQ
z<G0t4`ZmmGyawkiU^*Lz!~Q1Cmu9QPC}DsmxBYV9jV%*~7Mzu_5|;74qH6On;-@i(
z#06n0F%S`2T%i}bcCq#>)wsINWQZB4`L?=_n5<#8^7&$y`<BDasji$#pGGm~=edX~
z*-Mm2D_2?SSi*NyOe2LL4vw49>^pBeE<<%)jI+(;@`}O%;LG>{{@sv?)Em3+WJTg}
zhF#^XNv;;hD(!t#oVGq?kUj<>6<hNbqckMIj7P*lkcW)=vxSnA;=yQ;pF7K`D>pB@
zU=n@$^jf(Y&VFDu({bP}m^iH^I7BB{oHD%HXqO(T_sEt?V+VcRo=ZG^o)Y~n5t;xn
zm%&2fC9{zS2-z(%p&|lEda#QV-2JJyNlf3T&(nQIbf0}Qi8Ko1y={)+5Vih**}_mj
zcO`Z!y%4*k>xN5()Z-!IL^)8A4TWu{J*du_62o^W<BeOzlpQ8iG;R$*DH|ITQeQYs
zOdxKH2nOm${~VHX7XQiSa>N$%M{EYh+P_)FKO64|5QKH;C*%@2EGANB3QC>!yyeT6
zJ{e?gBVEqOm~QWQV#yt*umBPgl@4yDvTF`zhfcji>dz+G%b^Qin-liyZ~Ri4`fSGJ
zY#sx4&p)Wp%2EQos~uq-!kqw$r}fZT)zE%{QzuJ@!WuE+U%~Uv1Bt3z0Z6m(cTe16
zmaS{602A0CW5b(V4c=l+m~H<F;hMr8z_vJ=RVsBXe;<-b-QPaHzuJ~hV&JP-)+MSp
z#q&#WTLTAlO-svAkTu>iB`1HD2<{YVcI+T52~=5X|4TC5bXKGAD)a__|CSK*hp!;|
zq=;S#8V?hG4`HbC@s~yu{0pm$vJCJ=A4A*xZYy+XD;YXN`(xP;oN7c9oYjG8Fo!~W
z%#Q7&GpCaKNbp5X>T{!GftMj+qeN;=JsoJ?%;Y~TG~=DxBD&36Z+fjf`&e+IseqH*
z*t)vf+|)a--n@IiWtbRc=p<+ebliVgZMP7|D9WoY@BQM+X2q9_AKm(W?xw?EWc{HI
z*tYc0u`9~cZ)Z<#60R5q^a_%xDQo|qlHfm%U_&4K7k_Wy?}|Zz?#%lSAdh7kZI|Ne
z_Jzg!bhvUp5;yy%f^1YNw!|-lD1lYArh1}afM)mGI~G|%RU?nBYri_@IdJK+xiRct
z=0|^M?pNezwD%O?EB&Vw0Z^yE#Jamy!$u>CV?kT5h*)1YpSF8sIQ=7|Jc#6%=Ayer
zUOmOy>4P>w5jG2B<`ZnjeZ-`B9Oq|IgU0hBG{c5`clx&14sEV~Ts;64pHBVRdd)ke
zrn0fE;jIx?Mw@>?tu=&5S=cCR4j!Jr3E#7UU%v78iM$0sAl={6O?Jkv2vKhHRC8bw
zY*GV0Ktmp(Kr*%E5MEy$hjQIsXlPFz+e@@*X5_|vVueV%m%%A`gf&1>5%vz}q#A9w
z-6ld<>OGSioC=~rGqLR6;S@w}%lAJte+Z3e^_%8LATk*prI?jUl$hX@SDppsZ=CK`
z^DQ9g0SHm5Hm}n}xiVV7{&2;@{7Em=4@qfd*L#JD)At+Xaaw6-O&APE<6cHv?1PZR
zdCl*_h7)coE6?uYz8Ec@TRc$MJ{xbF!x_ogI;~KjRtYUvreEyC;SW2Z)>y*LXwR6v
zM1+pqV5cMXXyX?h%HCBX#7*J0toUvF7`iw&0YF1~r-I`jcL~Qz7+8)MAaAn<LfdKK
zBzA4|8WNZ{A!;$Zu`s>bIf|C1JcwcU;FmWj`>W4xaZUi2h>Tkck=0t~)oY`Dz*T{+
zi+vfeHo7(c55i~fg8!R}72Td=J*W28|0$H@CVDweAn!0PYGXJODuFKBEVpP)3s_Vk
z;L$%q!RP&|%x|;67Ml$PUp+w;y`mPCU!pf5J`X~=`sYIs_0VWth6##?B4#^6rssIq
zl>Ds%s&xjE-OPjzVhhghX3nhc{0%n<9-DHkffavs#eR?EYh|&XTdB*tmHuqAMf?NY
zz$q=SeDcY#HOxNw@RMYQ3bM930_3pKDftNS{&4TKfob**VjzqM@}2Y>;+ZQh`Izfm
z0eN?bg&u(Fw<!ol%4~3Uo+(msl|FajU;J)d_xFt)`hF~ug&;<3?zJ|RH$m{GboVUI
z-4%#Fi_fc(<S<?|>a*JYg1>km&rMhs4hI8~9cW&>phyBl6cQ!BNxLT$AanR|i#B16
zIl;q-n^U5Re;<}j{c$1|Y$7zEq(M(F;n|p`Ml7q)Xw|}^u=>we&7QQZxBk(wtEb^~
zWXBp>&e=wTo>-37{$f`y5x{(3JKd23Z;>`q|K5KC$LYC{X-$^&MYLJr^X7e&=%LFR
zu}Wbm=14F5bZ>5iYz~|lP(Nmp=EE<dj1xK5X7mtqW#i_GtcR96xT|-(lsky@GlcLO
zd>k7g+BSOlsnL?L69*yZxaKDF-h5*)d#tSt@%6RBc~0J9;--g>Op|S|?T}z~zcyQD
z&4&N97Q@1JMa7a$0XersMS!{=Se^C}3(Ov%QtV0Kh*qn$9|B$ijIju?;%h@C@ih~g
zDFIi%Cg&nBU%w6}H<vadjSYE+Yp7r9L(y}-clBt|XsZfK5&}oHexw_E=r1kn^KVdI
zZ40q9|G~m1VzG;`!4(kwvWz`QaO_mFiMuMrl8#EZ{xE0*R7_J|>USp2Ea76pm?LPo
zp;3N64kQQIS^)g|tQX==>QXsLha<&3N*vk2RHR?<5qBc#fq6we?a4nAq2mNv27%xq
zoH>D1q`65!j#7$^!Enyf#{aY4iHpgh7bzYUtxrx=e^l|ij`XFl2*<?vI<%FN^+56^
z7w})rUu%)AtHZgG@BXd-l_A&4n6NyBzk36)Yu|y*BnE6*RSfYW1vxfKn>PI-W>+PM
zH)1!^zOyGaGrkS=Nci`If9k{~Oz#K3=|J?D`QSk4;uX@`r7kEqVR!lHj#f?x&L?~Z
zRt_4^12#=2xC$O>gD4znRmT8##@5(@AJn6Hs^`Q(AhUSD@PNUzwIirN)Oc`zQ=A+?
zpwK7@3>;hX6q&ovC1O~f5WSn(1DuagGF8YkDd)ZR(jwy%ByRj_yh~;xXZ75k?f6<7
zPCxtJMH=GhMZk@(Qs%SD^_aZgFV=RM_+m*bel*qW{$O@9f2CZmN2x*y%-a-9SwRr_
z`aVh$9NRC)NlL`xm(0B>4ejW_gX}3l-$FHpAz}KF`;U@(melq8$ywLsdm$M12(tUM
zfq>TMtR+f?qR^UZ*D)23_grJiWnhgt=6vyLWXjT<1b3v|;29G1<<{F_r&Vh@PI6Eb
zF&I{_@jp}#++=ZjObKphx}tgkrBLgyL#Mr%0QhjKY&y4#dWt{PDkBUgl<9T=+=6_H
z|AlD9);UxO;Gn`FPl3Egv_S<DV~WWIn*%H~soRB{*P6e_*?<{CRBWNsvWIBh6^r<a
z{iY(a0Q9qDI2>7Q+@Es-qicprYI)1LO%kRKnsX_&MKb%!Ek>~8{b2Hg)IGgfp%E%+
zH1MLHxq&S9T$+X#fU>IM=qVcb^ZvYh$%GVSR4VPb2-+FOaNFc55wQVjYHUIoO+w{a
zi=KvDfW`k0qK%JWlc_xZZpN~3Td`){y~6sW&?P!Jv2szJb8(YEYCUY#a6#Aa#AOHg
zEo`u?gID6Ny>%L=N=`~o1L{N7j-QZ_+gO$@{1(it9ltu!rQq8IJC{B4?PN~gqfpB5
z!)c->|M_@dI6o~wsVQ<}yz~8LP6AB;95-ILmfESZ*V^0tZ-f@>5>?JRqiyT7qZ0DN
zGMtTX60M9SZf`{tbzd=Y1y@(%*h>@DgNEj~s~Kz*9gxmt0K+o+{`cNV+EYzI==zL*
zZh2j2vVj)A%VpsHM4moN5K%Vb_Zp{EGhTZO6}GI-scX9;bwOCH3&rm}RLTSC?Pke!
z(v;*z_2(rDaHt|gzZ8gP#^BpnslZ%lG?H#XjEH-~`iu8wnM7pi#!Y|=Gs^S@ct3Hn
zzR3HPCV((&bvcc{8>ybre#96pohfyPNy#&1&-lKVt(6err-q$4d7Z_w?(#G&E%%aF
za(&NHpMPEtD6@E(W{-$jvq)Nv;hG}9(SRn~rEH?${frdah{(px|AoyOnf#w@c6oMk
zN@x^7KI5Ak_Oto_gtHifwNPpmGXvb(M~PDkbB(;}cXWCVT@)=BK!$$qeSP&uTbs~1
z)f^6oRn;lj{jPC2uMnD1N+{CNGr{Q?yuKqG)j28lM>G}k2jN`{7-qpDd4U<lQpS8_
z>wzv8xW;@?db(M4=SYNnfD|tsi>bJPYYRN%`yag&rlC`{QJ;7L8nGH+sr@9K`YxZN
zMSHP_#!_DG{1WVv_{l0RvljhUWv{$*2!3pi;rxjXV<a@XPMBGBOk5+ZiGeAH4vA~x
z$UWsuycn95EMspbxofyZ8Yqmc^sX41PM88}iGzT@v-5+ggr1@WK#%=b7o!fZn_N{5
zuFTU13pin5&+U*;gjXDzEXJ^(zc<T*EK68zj_p4=*=xb(WjDVIoFh2`D|2MO&iBLD
z@mqjPf^_)gDYQl9#O`v^{=6*Zoxlv>OSr5qO4YeWHaUAoa+I{>fFT{W;zfl;+1WkJ
zeKzZD^O7`)i=5a9;EOOVpD${5qhpM%SFug>|HiQ`aNxox6e%tZ&$0coW5u#&>MB>%
zk<}07z%|$LEnCk=I*xW}22{Zm6xm)$-#l@V?VA;j?@BOK+#fCYqHz5GR~|b;_CI+n
z;2X%6^eeMh6*h+9@NfI9!I93;7wl;R1sVfk`sl;h_h#U{ySF(jBby~W4G^B7qulCU
zsjGNoLRznS5$1jw9Z$p%O@hbO_+@y$hS0?hI0vm$X#^LSH$dmn@jK#Q$EKxj0la{C
zJV#L^e^F6y?MON<|2HNJ_z#pt-8B^jpAnV%Iq@GT`(I2pUJFIhxomoBr1%Qn>mF#e
zIYDQyP49rjS=G)qpQ*0fOt{2t`w%MAZ09=qc4*`DYfulpdP?qW!<dXUb*!C*1K*4D
z$ho7MukMheE?naO!(?Gk%)6q=#sK<+S-$-I<^{4U&fHiD3@!&@)G)=r1O&7eY{`vo
zXL3}O(G_R}OD*<pZ+i!K8IPe;yUF#@Lk<rdB!^Q|sY(C}d_RI5vwa)tG%+8gMJ!@r
zCq9uHZQQXXE+M59cXxBTL_&-t#&wfjD@<^CfWWhuJxtGno8u<O2evHLA^_@2&zQI=
zrc_?{%8Xotbww*vv#>Pm=?c3=4x-i%RXiR)I`MA6KLX(QSOirDKIR=^TQ_@rtbk@>
z*5CJX>-D=ev$}DHXl?Rh924j9$it|!P0n{p!?^CR-q!@<qPzb=vi*0RWh11gp8H2@
z{6F-tG=HZrrq)$@I7zAk^jRQ&Rzm~0KVMQC8W`~)20lH2??C^VRG%w}C`)#4Eo&Rx
zwz9|2a^NHymjXeO3j&qFlEv-3W8u8%PgcJx45H!uacuMyaig6RYw-YQ=NJXZ5InP$
zQo0T^$k{`}dxM<OO->OKWyhgX7L&i)c46YRd8*UFO2UdO*Sg&R?d8w6EXU!;mT6ha
z8Yez-rr?*!NAMk10U+Hv^|}F1E(h53?S>PXCFGMJqh@jdk@CX?)-)k6rq_oVeWAa&
zfZaPj6rpZ?y8P4A^A^&Q$D{ZomXxIF1)5Ci>pIODV_agLaGZfYK-@pBrQ)KS2X=Uz
zIb~4H!J{Fg`N<W4(-MugP$OqaJT{`a2z6QRH1^!Ft+}S@21RZblHfod5}YUg8=MZ)
zGTzU2E{}#}Dt>nm3ZE<puNGv<2)xH#O#TM`AL8Sv)N+wqI^B=O6<qh>Zu#G$pQeF1
zXzLqlzv4=%jh?vh-7A4cohBhYPS~EXle-1#EkOk!@+`Cfs;6~{c4yTg=!=4^Qn`q8
zaeTY78>mDU`D(v=DZVI+q471&9q%zPHj2ku&yBzUhd}lsf`h9&i|ydsf?bV#71Z`X
zUiFfaP7~g~UkhyLa=s1%ITJ^{=AiQjErA;ZKa0ycNA%L#9xyNaf90pPp_#lzTCCZp
zQ~T_sqtXWeoX^Vh%Xdk<h9BR3wJH^thwRZJbnS{N@WyWb>Eh;|;HKrmF{G=~BzW2J
zW{O6G!UcOyn#Z1cQ*LcAVzmjKY7>laSf2z^r+OeIXL)LnjVksd2aC@_Y3n8Q@Z~S6
zg{G*#U~sWHIe!;tWad={aw@YI?jx$Ts<g>rC*b%2^iZ+-YtCD2v7dr7+j2Hhzowc~
z`+kNUHlKk~+1?K<_=l;mSsp&L^LI*mAMs*>C!He}yHFN4a4nb@fISn0VI0`|l>V$S
z(x`OhLrT4ODT#jO&WWtg8R@jw!P~L(A{Fc*e1X(_lDH5=V73txOP&|;fbQ&SHIkTo
z^6HWRtUIW>%s=<Ulv7Sfn$8mkP3?%MXNF2-eU~2eZT%Ws$%W&c+^-pazdq7#N5eG~
z%-gA)D$n`vT^0=Wg3_zy;q}W@C8@)JF0K|nZr;sU0vT5<O^y_d8FkD2I~6)r)SPVY
z@hjote15(2w3h9yVkQ#HX$(r#YipxD8o)=8gYb`*DV#K{#5X%xWdl37=gTXF-L*D_
zdd7+O>L;~+T<mKuRn+~(2}m%J79R#vTs<P4Gzx4BX&%oi*IFa_%g6fNbOTSnXL-IM
z*^=;S7fHoj`v?x8cVnIOHsUpPd!PUt30K;lRvD{2S+SK>kVi)dLpW$SxNLwSG+;1Q
zBlk~Izq4}<CmYmQ<~rq^M65D0@=5#yr8ZWdk*JOZW!4^EAht|h_J7wKed?c}p;OuU
z`5Bl|ogGbY<YXLA95|h2*NKY9{!{L)7if;A%s<@2i7J_##?-&{hS!WnyH?7F&=M=@
z&_;96AZVkmx<n|C+;qkdt3p7IMBk~5DTB4-o}lDG3W)r4%mTBqCscr!5mZ26RaJcK
z;<cdFt3MX2TiFY$Oh0!2Mxuz`One(isw#%|fNk@w`OcZop3Yurl==`4kb*&m`3bHS
zQyEI{gPs1P0A2yKdu*VG7wX-MrgHP1#2E5kb81eu89m6BQ-i2!*dCyaT{h4z&rw1*
zuA$+W|GpdMi9Pk3rRi98fs5~b<9!$Ufe}KXq!6T?@=+cgB}`6whjC^iUG;#H;19lo
zobo=voq&+hM5E)Kh|q;yF#`7Q;Qi*o{g;(Ua7}!&o+jUaD)p#qdtpR_wXMuTd++$n
zLq9(}YDJzpPbt!;06X=L#*yEDJnIy(`2RF~_vv(bd_mtCt>s408+ek4(`Gw2H|q%G
zj=aZjircsQD4KnkGP!}hb#G{OM+e=WpNP7Ur`1=UuUF{v{?F|l(m>)}vna*>Ct455
zSJ5R^l8xu@<K2>WG+q?X3|!3lBL)t24*hU{V~}S9yHW5C0R!(d@BB58;LxTQFYuNm
z_-Wa4b=PIx-6c9N7R5|DPBYqU0#%l}buRTC6dt0BM4Q=(Aeme}vcV!NJ_#~78B6H$
zNf;QP4o7HG0WG@VDd2dR{Vs_3Yz3XE_&Lb(r=olbRq<gGzx?9GE|GU#$B4)e3~|{`
zChCGD%qQ{(01;(%=7MaQlUdB$Kfns*Po}o!PDmP)!Uv!qzODhGhyaqPk39-J)aM`W
zc~7hEX{`pj`Qi@4M9KxX&lr(9!n?!qhcC2`Ia#o@y^vjI_9!lqP$x1W9)Sa>g_H>O
z6v;B#8MW^=KmieAb%d-O!XGIaGwik^Pm=Js@mA+@fUx_Mn(ljJQu>(V8XDS^$x-x;
z$G+Y%8Y<vU*P4p<nB;&$?0bMsc(1jeSilY^7IDE!GeloiRT}pYgg_t6%~1eP7uloU
zG%EoMdm!)Qz7LC>$(DVN5fjGfG4$-(#4-50qh_@?!4ig_(4hRr3PS}!^#D5^eVjnu
za8y?hz)R~2DD4Y4;Jzr&oEHgX97q~LYJKk$fB%;e>EPJa_KUrrOiL%8qW?ZB9C>tX
z;@Mn&{>Ap_rMC@;+<EGHwbo18-B4S{Nqw|(g@``Rjf(sUYQgoUK^W0*x?Jq4aAHot
zjFt&3<$MnumT*4ad7#df0*`L?#k;=9?>_1P7zhCGI7OmG2q{-L|LrbsOc$r@ChTaB
z^D~}&h>k?Y*cd<w2euLr`fWw$gd1R?{JDR4I{ef4+I1J!(H3!aHBsvnG<+b-`~?$5
zens4RA=IJRP*cl-&m6+OYv$L~v_YjTE;kmw$$~Zj+<hLSc?NMOQvXnyxb&Fds=>Db
zd<Vz_?=lc<X}T|6wpovdexB7sHi)eu*J$sBzlu7CL||aprwwleiK4!M<^6CQU)}*$
zy53dy^2QEBCT`qX5GD7Mj(%coDkK$xMU`da*I__kAJMWjm`BDPXRqpd*z%D0k^VNC
zZT-_B|Ai_?K>aj-F|WvW!|(A9d-K`}$aNnyIN2cCS-nDozse(oqlC~R41NjrmEo!5
zqimZ4;YH#Lc-qz9c(d|&JRSS6dOZDl>;7VdxNjcSD+hUnEsRjC{HTbDo9dw=PsZ=>
z{o6h}^DeFWS%ip$EchjjccqUa!S@gjET#l6^YmCL%yqvlK@UkqcuC)boRdZZSUp2E
z7rSzz!}cr8;4Qbiyd?NF-A8<cJm=m(*6P62Ue@;p+&0j_!KTjGdU=+N7p_H)bYvYU
zV+L5-ZY0V;NC>lS5ci1rAcvSl+SWS3S%Te1m?i7rk)?RbCDDWj4v0Y?Q?V6O>vB4}
zhLnwbeeF%z4cp<t^gnsQ^>OL}$o>V~;W#2f;L+h4GG;+^t`{ho4bh5W>Wzw6=XpK(
zi$)f7vI3jrdNcV)=9Gx|(E%R?Qd-H@a`?4teb)%cNv-}~svKkETw~>qa9b8mTXu8P
z$tq@N7Ab3e8Q_(m;C2P0>p3_;KX1<B>@+h{PGhsnw4`<5A&9`m<6;p2cm{D!x?DiL
zXcoE2k1k?)Ud+%zvxLiZA(~^lC}C?Wj?VM+Ixd`&$VJ64&z{koHt7nE?=wF2$l_$_
z>7rdLlG%AZSet6xtZm_x6NOl$Gtu?S(1HEgxVik?Ft2-+GU`()4ziw%4Kso7m?dew
z(1ly1{z<=Fx@b&AEkOYw@R(P9sl==lS9=gQYTV$L!`r~8+DyWT=B-ysW&QQbs!ZS8
zGa;#dYIOP(Q^KE+e2!(e%=@eHcOU9wkT>ZfXeGu8Q0sTGd!Nzo^m=X+b&znEhRmbc
z@Uu1T+%7`if2Ga^!vYa2(sL{cKD}4A^L16gbqi!`$5WT2@JChvro~^=Ft!)#s8S1)
zJ~*fOcm1oy%%}o^W#ns;gbBc3DLD4|@Rus{u95T!v{^TiQg~pO`ocXkZP|b!CQqK9
z{A54NpKOfE`^GSjoy-ivlk2C8*CkIH1qF%jHQYKRs?Xc+S%0x%Y(}}|6Y?}e$CC=(
z8b9lrFH9&RA6#ny%1K4PuF)&5>aPlNcq$}+U~#XPeUg9bs6!V)3KQKDwbK_}{^MZj
z?OPXUJ=J5RK7_vu$L#n=lXdN>cfI9pS^&AqvT3&%jHd7h{kFL)h1xp62rW#VR-%+|
ztjbj^@{S;v=OWYF{&`*1f@AgTZNX^zhHmP!yX|r-xZ^q>;LG?5vmn!EOR{N7&;*R$
zz*AlzZL>#gC2^!ZiG*|=e7yzwZlHA--s(2GTgn~}qQPt!dKwMPd%5qCuj3gth&Oq}
z;v_F*?^`v#HJP9`de`24nTV6roqZPk`Vfb&T){6vnjhl-`n&!$zG)kG*u1}Mv{?m}
z27MeOwKWn3;Oz4%-02`o^f>6}?emiC^%^F>UJ3JvzK;#MSCHC@K)!}J&i=j<J5-6b
zXr_1(r+CS{ECf1Ovpg`fJQVJxetRBsUGs5W2Oj7>-!M3Ci96~G6hRKp$T}gwjxr-m
z`wE-Bl+nqUhb(JlVQO#4S_vCQb9XH5HLmRGTf+muOeS{!VU|E*J*nuTV4EP-v~tn6
zwWOW}_F%hsZVp=Q4t6GEK@6q!+b}9bF<$-cB4!%G*9SOh`#Uj0LIp4%En730gwb-o
zuYkR*a!=F=ZA{kG3Ek9QsVl-Cl<Z27+ei7~AV=*;<U2`zuNnSp9V@aQE4_i)$xMg|
z=p_gn%8qZL=P~A^3*?23;iYiWdFb`jgz&({^^n*Dp7`C?!d%g@U1bf}&ED@B{n*&~
zxC$JwGy1*ry%u*&XD)J+fIkj`iKdA$ay)>a8&lL#-uv0oHrE9md-1o1m?;!r*T`xe
zT=H>F69rq;uWF2R8)(Hk)V_Fs(U1U`akOnwb@(^&+DB~fa;9N``J9M(XjBzO+#QF^
zR8ER3F~8+Fx4%JPT%eEEVI|3X^JZ%q#ERc<|1nQMUAVm|2Bl(qz@Tt{?-{)azgF_{
zSUGj^wqH3sp>XW8pqkdkezcJAGQPAp?G2u!9AtTRt?&n7aV}xe$bcY^qpKVB<?{$y
wNfs0g9UL751Ox^|OeaZeOB6{=r&1TiuLm}M5CmjbIH`P#9V&7A`vH*u2Ha(rNB{r;

delta 50114
zcmZ6yV{l->)`lA=6B`rTwrwXfvCWB%9ZhVT6HRQ}wr$(KbI$p0-Kx8*_OGs5z24rn
zt9!lc>GE#ygAQ<bC0TF?bPx~_7!V(=8u%F;L?5kk9av+55$S#q5OVf}GaOQYPZ1-f
zq32n|uXwpBlsK$zId<Dd%C#xJh7A+Ec7FlVc#`|;qar(kEuP#9-c^iiQjNZrE#)#h
z`!em{3w#7juYSD_vg2$wh}OH}Lx_Ian}>9*5Ewvfn+RnZ;0gv2tZ=ORKObKGplyRb
zkm=A_*<c=-b{$fxl!X$-g$7LC2Hmp0G--w3g3loOzkL#AE9yeGu546x1Mhc!5X=3b
z_g_`|$RZX9Aw3Oe!oou?@)_`v2K@vYkc+z@Ja>7+h1MaUF8Ju7mC9QWN?59EoYnHv
z5_K<TP8V1~pM9RVMo36fLVSXkQ?3Z`@?v(#T5yA+U=wftlK8UD@W8anQ6!g|eTQqP
zYe5sm$=)>LXSeIH)yE0S76N}@`@_0@b4?3<+q1SMbySnZ2qzy8`gXa?I>>JUX4w)f
zsA1xMG74B7w*JnTYECNX9(veN!rUwK{D|9w2HaJ%mOZG0r9bb8UPU|U{qLPo)8+vs
zd(aRW(=@P^-(CeAI{<AU6hS3f$XBw!+DeD?lr+KpK03AJss&u_{Ty2y!|(6)mEbvJ
z0i%d@!o|rnyL=D#$$jw-4-_KDq9AGnb6^CQDvADW2p%e7(%3L%H%vF3Un&IpOFsn^
zUqy<M#EM4B))FV@SGIqBxV3;n%X(qpnfVHq<F#MiTbgyAF#x@`=l5OUyDnNxE(bf`
zlG__-E17~2zEPjwD;Z443KyAsV<7ZC^Bzaf3&>u(4&#~-CR^`}H<^m>vT8;)AtCNt
zPq1LUWp!R-LrshP1gh4SAs;iLrxkB#dW<-Nd*xAUQ=2K#v~g@i;r>gkd*pymy#tQH
zP=9s{x9sVOG{7`cK*UcrJcsg^0Xq*a2Ht|}+2L7i^$^hu{mCYuD#K2NC=91DS?y=x
z4{mY0#YWmSc1<B)yEL41M_#Lj6>ruVvZ`Bih>bzdcT;|&BaIRt^gHGGgt<D?U*$+-
zOTQ%1hg`>QN?q`udE-iMmt>`qN|fhD?=`_!IdzAKC4g<ui9>OM!>xG8m)m?(2|ER;
z93FI`6?tS0V)1;)77Krr5o<A;R6H`7Gt)V$suYosPc+oYB3xLXBM=WCRpOC*&+bh$
zDw-|lny6Jxn&k2n2-o&zdgsehV?<q84AkoKtCHK<E$P2z54a%B3DbfnvuHHYKXE)S
z@!7+Ut^hF>cV43%8|*m*^V_=5Ty?ZSs{IAhm4;W*l?EQlwnM{LsY+de+Hx%V%8E|-
z$^j$%7v}mAkE>wpp31-B3sWLOR}x;W8hyU1V`2EYsmoqoZylZ$cF9q`E?wT$O%Y>n
z2<wc5Y<d@*G-h4OrJdopDr<4^!as$WZ&UhV_<`?{q$GH2{cyS2CIr(WXFMB2GE9*E
zHYbi!@Yvt@OIuhWhaYC;E(i3|z1ZWV=;Z4p_IsTsrln-pLAK)iA(Yjj3nd^8v=}Rl
z?XviZ5Ld~e<?G|LvwlWB(tyC(i6fD3?(i6MMC%(ta*wnv;IwNm9O~-DxBp#4inQ{;
zA_P(oWD4w(&kzdKIUaGLgYI!VeB^H3n_ita7f$pt+{z$tDhW_u+qLPl-5QkAGu*6M
z-J6Og+RFF!s%A^RznQfd#(%K%bjWx-<<_Wg@^&u-s#iUJZ&sVw+gJtLuatONZP%ui
zxwInAn`&z?CvtQ7Pmr^JK`Q?RG3f&IF4U1|yiARA&Xda6>r^Nnd<t|{%G9I^j5xlx
zCGl-m2xhstv@RWPcnY_dg#-y)Ek+#a(kC7sZVbY2+FIN((5`H4`H27Z(b+uPlWDR0
zfqNifdzEVw`zc&i^L4twaCvm|%NVr1Y^H<biX(him!9n2qv;0T{olg1c({StK_&bq
zq{8L7I(4p^X!H6%xozrvS5|p!oL8OcJqg2v1pn`N73{7q|GxlFKX2O0e$TGAw+RL&
zfD#b_C+%f(|0cM^>TmOuI=;K~{l9T9ra(8OdXJQ(^M$D37D>GW+K~5-)gG`#`0pFm
zcbCG-)=>XR=xH0L9LM=TOXEgche%2DT8vgs6;j)kQ$^_Nl+xb*o3av@?R7~orv$yh
ze!ABv8a#ZIRfGF@n@tdUicc>C*z=CUxVYL2)Eii)U&8gO8hwLK+Hh=0_Nz;$_49yJ
zY~UKd)Xxcw;4zx(GeSi4g)+C%;+mN1sY6`R0F_5H6OYoZld<~n^uSX0I!IUM97CvG
zV(jXD>i{n>x{SA~9EohY7Q-o@=@Nj(a+xj)8NkDPhgVpww@=RrG{<iMYQWO*#={+{
z913(U79t%tY+`TqzAzYulost7pc%L8<%<CyM26F5d87z#u4kOgCd-}wq|Re+49Uiw
zigBRy_^6Uljwh;lb>MgnHo5Nnx^%RikGOGPof;UJ(^Hy(sc`3XU2e>&CX^8P(t{f~
z>z<Tua)3P=95>bz!3B8C9siRD$Ll%Q`yY9T=5{>)lehIhdEAMIzE<%`##B$^I*5AR
zFBuA7uXsB1pqT`iPWIQVT>f*tmcEGDE)YYo7LH7`;ci~<f0VG_UCR!%_-ppc57tO9
z?O}`O{wp88_<!;zcm7X)e+}?|@}*6#%N9o;Bv2>4z5dDA{XZFd|0lyT6H|ee>zOC0
zEqgH})_pH>4fFKKvWb4)abyki*`P_E(^|r#=_x$%?1P4Z5WCH+MZ~H@;w!1fj({o{
zrXfq@l1Jx@mHM5HX*%D=1<JH+HPMvZ>+R<(z;tHTVs-vBhM;nmRHI3Lu;IJ0O!{^R
z+QZL3ss@)|jtHfdSTT`nBcD-Q{^#cJ;ua}_N@W`KHlaG_D8I^CN?EgE=P4ob`W236
zVg-hnCO&*Um3EHsN-Kw{rnFO)g5JZ^>j6(s$1Ux;-x-ICPUXYnumDs^b*bcvr*Pr|
z&?6L48-<f-YoVH)MCMXAv(;C18>2?!!avFZ`@h*YGK5$7ZAWY4KcH6nsyyFb;09zw
zV`{x1mDQlZ=|?-$g;&&96Av=#IzG!bI~`)X{7TPHlplX8TZ1F~OXlB?R{QoJxjphA
z(OP%-4X$OLi5rYE-z^Ms#aDnpoJ9WVB05^>?@<E7FOCIUtfOxo{3;x@QF<-E+E0z)
zXS*ctsl1fXP1%{I*QkG(*<#SVdO@ny>u>czcjy(ihal8>8?>LMj9g|b|4MypUSb_5
zV0Pw&OUgH?fP(d$&uT%*Fs2-AGHOugx4~{ZQ0GrbtZ9iE`#7boYnKENJ%cTgu|4EZ
zF&nYwgoI;S>o|;81V~rr57uf<J7-uYtUR`eJ{)84?nj#&6-TRHmx=n%`-ZJmnyNoi
z{~N!7c<j-9xQJmZo>^8>a28_xH>>5@^bd=+-xninO2fI8kvECvzG1Lpaia0W9wuBB
zTqFzTIP5eF-S^j+0Lo)6mj*OO!2%h!)eoeX2IPXt5>EPe8H#Nyr8FC`vYoQp^wjdM
z&|Iv7%>wyQ$7K)jI;w83k#6N%!+5FEs)ZGubeu5B5b3fAli9zB32HgS32Nrd)X<(#
zmvw3NuQqA*JQ>n+V(}k^ao!NoogWr>ro+q9c$A}mn+r*Afp6>i27t2POoQk>rKmfJ
zuc4P!eS0XO4|#I}(NAZxKbd#%rKrSJTBVEbT${Jkq;83kyYVEMyQ;;pGLbD{#}#&m
zOHq68<fN7~J;qC);}Bfoj2T=XEF-a8MZl$4LATzQ^d<PN5T^rEUz80FhmS=O1PfiB
zWwBTMQH?_cK)<L!a5Nxn_7y$--SaZm9rUM&bnVj&3q8H<VK^7|91@k(M_$xW!VUF-
z3<XMw%I{sbQzkBj`N{=Ha5?-Dx^H~Rguy%rWh^eA^E>iMVrUM3z7n33LtoS0*{DhP
z1(Pr%GV5ayMbgB$w0D1uB?Z!jp)I%vY|Db+1|BN90=H7iC<|Q}Hf!)7-T2ecL`x>6
znK&i47$Fa6wyg>|T4@7*6l~Ql=E<wTa$PAP-;O<h9?)pra$XJ%{Tz!}E$;fxd$#oE
z{{iryCv<q8?CKW3y1ch;zIhXVN5Tl-@+rrryxh>7C{NpysNny#jsw0|>Epy_#fd~P
z?k}tjTvY~cj$HS+za1W0H;F{KUD+1A4lUz(=T|g6UJM+(J*LpEah!j=VfyHHHQPjK
z-MfgsSNL{#e)$O!24SUCywzo>u6jPXJU@)uJX$RZpB*k+amKi<Z6q(8WJhar{@a!x
zYi7LOPL^1URV};VE_3z0A8H&F&i3w333pO}sjH8wl(ze^qv)rG$Ir?4^=5uTHk&%N
z6~QtWn*F;D9|tGFSI37L+l~+W>DG!LyeSV>XZz0UI7`<01gmZ4oVLeJs{~89<{N4s
z=Z6ssEtVliDHxBJbA2Zz8|9o@ltXGqhpNkYLj{W?mhPK;1Ua0V+SlWw-;rc|J}Wl?
zo|jvDSL2z*wdk*dzjyWyFP}Yp+(qU{4?cSr8L+=Pp;}$U){rhLF&YJ%2zgQ-pf@Q4
z#qS|)H=xcpe)3vuX&8n$a!s|4HVLjinR6yDbaLBDY4C0!8LnBDU6j~!XgPl^MYvT}
zO*ADxJp2)9+hA;iPq{qN2vHbJ?Mw9oM7{T}KnQ5hBWYoE&wst`aGei39I^QwrQKU?
zdH>DYs4su)v;3!QLjG+>b(x@V`TCRFmaM(J3L4Z6$_7<WplCO%TQS;c7r$)nj6nP1
zlD=M7>MOx`arGkdZ13f{ZNXyhmEl@TY|hPA-klC3+q23`ORy{GQ~zwbV2vB7xdhF2
zy=$K3egX4ldS$7U+MEj6`I`kN8qwK#(&2Ll!ZK0fgDpRMELtdfmb57S_Svr4r4Mhn
zrFE*4Xk56PiPyELE5jiD{_m4NLEfl9Z8Wccv1<=e3D2x8x3O=a%yr7UG2IWd)74*v
z#s`rSap1&u<JJwIXlrBj-x&gsejJ<bK{h1ksd0$wt0JJ}1h7mE_^8io$Gr`<gxvGQ
zp~F&*p*+JbFsQUaeO;MdnJllJ#%;;s_;6}#K32cIOK<R#ly@O}^Q6JWE{P&wR&%2b
zLnv-$9PY}46nIj|(G9FaObMxkVSJg)UWc0pqs8ClHxr~UON6~GG6VsVQz5TPP6^zl
zO2Tfi%AiR`*%FtXI?NB$0B5k2ATDyT%aD28h(VDY_i}1?CEQz`jKo;NZK8YG{DLA}
z9^r3HsG#91ZY1fg<i=lLhHC<_?Xf}$u?mnqYp6V(7J1zr<o}M)Y=VNpcER#tXhb-l
z*_^B-9oE%bLU6m>(xQMc<j@wVn9uG8C@lHSuj4p@n^17{_$%)K{yopoK<mX*>7#h?
zXb!0Uy3nu^wC3UBXj8O%{@rXl%IL2Ok4JpSY9>+A?>Yrn-eC*)NF#10Dh7j~F814=
z0kDqKxuiYPH$soLHZK;U@VErM`Dkn8M5ru~p5$U+#$IU8r>H=!U?PTnNIz``gN+$B
z>LvaSpA{;A#=?Q^jvYk6JcB<#Ck=AMzSa;M5@@}BZhcOKcSLl9&v#$7Aw;AB)p<V{
zu#qbrgIx)orjLC&Z6;W6J5TDfM9SMth>Vn0iPF0m5=9&ALe(q0Jwvdjmb{zDK){Yp
z6x?4>DIEn9Y72C`TSqtr+ck@VeSD#*2z_HI(<wvCsGHnb#C-kLmJFnB$BM=nph@V<
zC5iSuNZrTRc;CaN-s3V^-b=6;tcRlsK7E5C0TM(<1#=PNQu45Pisa?)@z*%M>RX~V
zn+Z_O6eRwrQW9-W7sSFy4u8*;@vFXQqgz6BlmhXBnFpFSP$F}uXb^P?d7xd%lbKSI
zHH`3W)-0@PDPqo}>Cc)PO>VO;Z1Su;+}#n(DcFnwsxMPpY7N`is>C!|VN^m|FortL
z&Ywh>J6<{NjWy|8>E<sD23S4Ou8uTji?Zi|M-oRtia$sGIOX?Szr_g4l(s_D3;5Rq
zWGYHe$^ex(Mv5PD!gr>qqrL+-7GHFl+D%lZ7rOo_@6chb7-5NuHi)2BYI-h0qm=wb
zV`SAc22l=YhJn%jncE(ZOdI>6+{7D>+Cz%(A>>%)#stK-g<<vtI|y(})l<G?Q2z73
zQ1pODT|1C8+RvXaNUxl?eLWyv_x`yI_^}0`oxqk~NK-%P8$L7Vj#{6|kb!~rFt*}u
z5$QlmknZ{e>P-gybV^XxxqDdi1p2kCi2Qw<*mynJXMDBls~$<PRz4t&P2<C;TFW&c
zg<;O4w@TAL6qqMZ(BULy+6+!-NLbns_)G~9UZ>pI?YHUqc^W4Yfd?S&(BeH5Y{-~0
z1AFNr1vs7r+su}khDXQ3?H2^Sk7-G(nQ${2v`jw=dWNzeY>m!kEv(U~dT1NuN?7i7
zt{2g+4ER+=h$3Z=*BSFD*0dwQn^1Wo=p>5`xJi7!xzrpm{&tlk1*tdiO^={ZNf{SL
zDd{~yQQro^BL<h##Vuc!1Tn=Kmhi$f1N0n3net%H)^$qYbXlPfyAqfsGtEH?JJD7j
zgRwW|_dOj;W@b=W9E8Alh;WrGoTw9HwIKv>MrWBQ#$%jNL{ZjT9Ss~Mo`=8!oQlyq
zV8Nf}kVAL+v<ImiY6@jg2f$#02~4+$BWEHJoko$(6|%z+a%ehso5<(GCThs%fk906
zRPncXO?}4h*Vi9Dr1Vp6Y}lOq-;rZ>UlyY85!^#Qg8GINdivZ_SDPhmzk@W?foh=1
zRgn3~W8{ARwzuXIGm!lfPpDZ8?#ERk{NvhKCe(|zFT%yQKg*aCuud(!xcFEzd@x0J
zOu3FwB6|tmNz;8eX^w4U2^sCA2c(#RQ)xw%)AG2aJ!rPov#ID?DCz&e0p&4rzSB0d
zHC8Rol(s=_NY!SFNVwbjs+e#y(0vqfC2_`y-62&Ah_en)jjSmY)GsLvDn!@F6+;`6
z<r12$8gr#TwSlg+J)HVI0qT-(oPnQ`r8RPgn3G#UzujFy??B-I!#(A54`jr8&*ULo
zZAx_A7`H!Ds-nkX8e;IPfMLK3V&`7tb;NnmB4_R{A9LOZ6Y};~E&GGB|4K@L8s@k2
zz-DT+g{azRhDD4$!-j|^DKXBk!Idb^<Qr;9)qoEmZj^fD7WOQ^8}eAypcG@0yUq3z
zH1(8kZkMMXah2mYqV&mx0E$%K{Pb*WVy%}jMG&l#swyih8^HnXg4TX2kQ(-a@^u*4
z;Z&P+6;iv^!%D_%(3cnZeco^LJZTBfO>1i}bk7h0PGQq5`fLr1VLKC3m!I@FDcnAz
zPD((i53uif=uJu_L}!A&dq1kXRBLm~0}r;Oxt<%!ewv1dJF`UxfcY~D|2>qxKaEQq
zeYt%?OKD;A2nRjs1=1F@Zr!ZlQw{>?RE;RrUQWg^oL(r-cqp$J#<(?KN5`)y`1<wE
ztMs1>gZL=Vis2{sm+20&dxPFwH!A{5wl@-VKE+AB?Qgx?4yNS|N;j{Dt<<w@H6Pqp
zpEA?q!ETLIgYkxeZV0vI%9N0>pg{-SISO!6>>B8fq7Qp6=MDq4wSPM|4E}PVc|PPX
zzwZM!r|W;4B<Q~Dgzz_(as{7}ynh|Yg1N<qb%^>1l64Z0ymO#9M7F=cmw#Bm4U=Hs
zTHe7OzFy7;liNvuOR8TOH~gy^|111{OZu)LTV<J+mYcR1pbAWkt+!QRgaK*pm!*oU
zC^$153b`W(e904no_}ynD6mNCweTsQK@;=@q8Tl3w{Q*glQ5Jdvhtxh(i;U^hXj_k
ztxyLujUb-4!@?KO$%#9b7fSQn>87*|E<o<nyCW-ZxQbU_^A3&q1#t&j#TlP(gR&<>
zfR9IsoFE$jQ|Yb5Zzw_b{8q}v21J>W3)eBfyBj9Ng|5W{Pl94qbRv^!i%K-lbqoNw
z-$I+QRG6^#B8-?|ON@=cuW#`Ye~h35@y`hE=Gv$w5n-A5mm0pgCg;~KKZXh**BJ<v
z0G@=%Q$4Ode%J*53CH>BYPYaIXY84<;!cK21;HW#Z5A^<l0CH3zIy6(U9U##^;h~K
zd+7O^L?5%6yA?M6-M4h`#`Z#_b#OXth+QU$m*Ze7p)@0do<sa|lMiz+MD-B)fu2GG
zKd9yABE*-hNH{&_*24fljr)B5+YDeu)|H)3G0%_bDr&a}x%janAmsOh5*381k23%R
z!TJt}0^|3gRfA_BB3bKm>kFtJhW6O&PKyL^zqOusosV05tP<d?yl>CVOUCy3OR*|P
z(NlVQCj`Z5W6eoevPXU`lDb{m-pn&y$MVMZp=j6O`f0O3b$uG8CF+N?1hLr^ef{`o
zwa6>g>(RMAG4hVrI=6@6!Yt^|E>cXB{BZ-|jrNzEW%0*MjIe4!H|i!lTHaJY8#2zm
z!o`(FV3JZsSLtMFbuuyMP~yy=ZOT#zy~gYJWPr2o1@GK}oVc+Fps4F8TqkbxjBRb#
zmgr8I^<%TyGe0jkZlEx?U3#VP+&0VUnA0ya5gUbe)NIV)ASq~Yt?(H!D;iZd3qk|#
zVnPkc-x$(+xE`gn;Z0<f(6Joc`wqrN{G0pU<Sg@a==22Wy$>+&kbY*TU-tTf7*Z8`
zNUT<3kSAnsnR4AyMA^Zc9N<V}q@C{ICM5Gp4K>;3?5<~s<Kr112YOf>>CHnG&slo2
z4y>_x`PEs*5p=F!vQZ~3$rJH=0bf9fF4Jy7&}Y=L3o<JP*-q$?fq#la+}!ccPxBpb
z8rk6-<ve3dvU@2AxS#r>Qksth1V+`VUt~NY>v1ff_LJV<XHa%0qi#YFaq>v_W8+j7
zp(1tG#2l^zeq;v1aNbaXFgp0H5V|g;^r@n5q~tcC*5~w{SpUL?@7s=dK#K)@7>Y*F
zL*Pu7H617bmSmUpnL)F6O{flG$<XwZrRtLanrq6}dxd7`d{Q!g$h{akn?sbCBs?d~
z{s@PUXK@l=#Qu2c_h?*M&n)4#QqG(CP@P@_&wjytu!`ZIa7<A^Ka)cnh!AOZz9LH}
z5>I%57%iICp#P4)WoW?Rl_l^+=nOGqqjHtMTXnbYG>tOqvY{+R)M4QVHd9AJO7{#V
zzyN#wx9wYQ>~jTM);)wF{~x_VDD{WAPzkOZmcP@{?^M$$;aN23h6DI`*mt+ZI^W1w
zS`tIo$uwPM;EU0#lF*}RsK-^~z2k8nERDKlUjntlp(8^gXvihOJ1GHaIzzQm7()}X
z9+`Nh7|gmk@r_!@i~Hjy!KT!MxcXU<f9|%hBr+}kD@Fu?B^%@l8b57<mb+GU8hs90
zN5BVGXK&6ixXt(sN(3=xSG!3k*s&Buk_;`ls~?g*O;<J@e+Jsn^mPCJSV`}1Pr1lw
zAw;S!rvtEJK$_fxngU>u6B6drOAN6Fqe+6${3C>d^2z$An~bKAtUe|?d5&VRmhxbp
zYf|tj(}a1GVv#?NJhR60-P)1nj?}7xo5?ipI*zcc*9KkDA#hZgvi|Sqj~ZlE9X!b*
z&m_sf+N)!?OC3XJP~Vu?m?Ophr?^S9>lD=KT8U>e8IYS}Y9`<}LJB{)8PwNji@C6O
zLt@2OJ|P-pbNkOpPBam29_xJ;?$5MLf>Gw&Ov+PQT^|y~$smO=-@#Tn{#mf3<mare
zo~Y}X96=8bw0#sABTOp$;(LFH;zWqOnQ_5D@RUx_Y%U)!|2ZPWxzOn8)_6{H-Ib7j
zJ7I1)<3E`tF)@IC8n1ZN=Quj3;8U|=5NniL^J!by?y2w}71A3XU22yf*y^%?6dikf
zZXx1}inw`p(+H*+)(^Vh2_Yuq&Z#$An)836YnE>*J{T4WUy9{&6^gvG3}L2WR5SRw
z&~~f`BGQ7ujgQDo4bl>OJJ}G<B*(&V>K>p=!slPsBGds486I}=pTpao<N4$S4T-<Y
zpV6$sN5F@$1fOL#`An}dXu4-rUkV4nthkQJ?RyyOqG58dFDM1)<kiM=Hp0!ub8tYn
zH3B*hAiw;FFP(;7!)A*V5gH29NGuMCKhDd)(~KPu@|=0#32-z>ItOV`fz;)HS#T5b
zV}iMA{PhPu*`UKH@A)sRhE#42i+dr7Cu8#APTN_@|4zlvWTQ?<)*VUmCb>g^tqPln
zUw-!pMWlgKV^>9usYskCkbVl7kK#jOkk}nCpB}hpoa%@;!RHtsxc9!qnzQRI&LzsX
zmav+2lJ&V~F?J0qIsilVvO$ON<3gsAxg0S*=~V+(STD;NTHd}%W(G79Exi?&cyP1M
z&N`+P(9!EL>r!Txg|GUYNc_-Zz)tvO0tt%xR*6wSSNt}1;`*7%Db<n|p}tliiFyfX
z8{Mp`D6CBym8vNVY4GTBPmbGXHZZL9x@lu&;#c@Mi8_cm%j$MWH~XE5A93+qwzmvn
zq~I0Exu2xB_*S`x`i`nbFl+48aGh$m6DQe(Rex!KI4C}{y>c^=T<IPm(rJL9R4p&X
z^%twi&v`eQ-mQ(^`!>Q*Aj=Cx>n!J}{QigHMbd7D;*EU42Aqno%xIO-VV;CvYav*!
zULlnd(ka9ruaQ-ajuI7gc%CI=y`Y@%)8r0d7Vhrkw`IMTu&3c}uZZwtSh+UpKtMjO
zk)20l-MnsWz;K=$Xkl(by@$vNeTp0!r)@aPJwJ(aHig)f=0aEoG%Y=6F|QfNie79$
zL{&37S-zQGpKfPcU!+Cc7=~2c6-GyBL!**7Eiqdca=J(>7FlTbSuxca99=8}_&FpX
zPK*SS$un^A%nv@S9}6OI1Ag2=_3{P%5P-a<i}dt1PX!Y?R(%wktAVX>W!ZzQqZ8v}
zMQ1~oT_=$EhD=F>scujP`AX_sK!KwloBczHUPgDcE+D`1t~pP0*^u99mf`Ocg9Fq3
zXT>&(f!E+2?`{;IR%Ty&<<fSYGHMrK;*!VK!O=fR-#C1w<5#KM>Y92R7AKCLl^b09
zbr?aj>!l(vHhS(%Uq#_9_mfozTB+k&hn3CmC9m?o&1^7lS&rIOf1+3N`4XGt#j&$O
zmpKh{Br4})LE;t@n-=2lBNbDBv$sLuzJ!+cDoQZq9-I;aS6K=;DgP+q!vge|;ZSiZ
zyqYZ@C^NQBtO?EuE8wUg=5ZJCrEI3%R%=NY;ab-WUQAAgZ`!piM^rt+j-6t6qKL{x
zu+UoP{j$Ghje-ae24{G7ZrId9V;ek6@e*m<4)P=~OB}y^KNlk4&5y6h{33+I$oq`d
z*&NA9!CIz6`Zp%p8{i{(Lx2OcgLsyPOiefo1Ii_4<jF<m8uR=pv%3j1k)jHOzHIpq
z>)nA|GPvc+gK$V_fj{6jarj@8uMfTkU;0RICRKW^?n|Y<_+6Dx0$U-2qW|n+LfXMF
zFE=$->%(Sc>lj?O!R}`3Exef3i9l#4gXzV#vs^b8Z>G)8mY3BEC17vEYpvvynFBh<
z;;h2Q%i*Q-<6yKA!RxD2Tz`p?LAwCcX9F21)34eT+@6Bo88AKjJU>iq-1Ncs?O@61
zNOzfT<!)U4*EDr)GIeP!-dmLS*(&j|x!?4CeHcIav3eE2dyJ*;W0N`e`rQ61`FwEa
z^>uc@@NwI+=Tp(q1+WTo{+fbDSS$beIAxUu`{He<zrG&RspI3UZ6}CV|BH5E(zIih
zha2B*@L@G2<neMv9{07Pap+-Cv+1W`+l!IQuhpFw)88F$_x3zioM%ysBQ*;xFX*nv
zHzh8P-?KSmhK}SHG5P9h2Ln}dy2_dqI{7j;H0mE3_kfmDK0rsO6JSz|K3Ng<*>Zm?
z3dpGP|AjyEDB5QI`(o-MWYYA*|7pYk#Yb4X3DnDN0dbX6Z8;Bbvaa&>BIfa9CCaqH
zP5~EnQQ=8+*>%;5mnJg`bK~n_cjL_ZuENxZzjXT7(-=cvp%>3$UIOzW6U8?2)-$i)
z5G?OrxCmC;nzAn!BCq2*H^R0DMaL><j+Hqlec6Y-mSCHQ)12=!dgBliM?0W^`;GDJ
zOt?D>G$SY_rqrGCI$<x<edzSDbx5tv3(gj6_G>@2!IgLK)m<Rry8<DgQ10bdyunxL
ztk4NU7}*&~8~=1?*lcywJDp!;=V`aa=O@Q%MJSQL_NsI;?OEtD+bL+bc!kxs)|AYH
zb)ZqoMLAUEk`gbA`nBQu<RjdkD9p+51pI3fkuSUAdNmdC8fn#^AO;h(P(&+U!Gu3(
z2-&a@`EyG6EQ$WdR|W2b0}G-!35YXb?m{2smTYbF{7@Bxho72eep{~zIF^X!hYkwl
zBRb-P)hr8@5quuJA0*B^;b#z9Tw%)%z$yk^l|-U4A_pJq^5w<EaFiG?=Sh1zuk+F7
zB}|%rQ?WbOKz9Ed<h?T&5NUm`(Z99NALgDr%>jtb`#<W~MFJcqwMnQvU37Vizo)eB
zWtD$?#KT<Ee>e6Q$fHh<6t{%Q|4b2!{fhrS*#&_ehI@L>iz2@fU-R`<ZA%ELCzUHb
zTn%<JNGv-b4hMNj?;nXNbmtWML3Hbr3;K<z9K)TJbZ6%qedrMx0we|=Ao;EPt%Gcn
zIu5hIO$J230t4u!W9gn5^mE5#MsWeddYP}W3Fs`2(e5HOOB4C8TY3X};3hR_;O-1^
z1EZ^`B#ijonT(5?V7L<@>?cQmwc!q}3K$8oYOcBn8B-&te-%Rr2f`?9v*>P;yqjNX
zU#$IA=#g^5b4KVZ@(aF=B1LNfHsq4nb^3+Ya9<C*t^FgrE3$-uKfAe5?A3N2Z~+C@
z!*X57iFpns@7Zt9pOA{@W>H7D%5fUkc@~GijuaXqw*&*t6v<S{hlPO%7W25w@Fz%O
zX};MkN?8=tNQ&<?eLmE087i`=k<0u!n3rt&OOO~cQ77bqKrw-kmJ84kip<qJPK~WR
z;%&73v~<GlaNu{|i33G|j+81^5Ngkp^g$i@Klk$=`;_SKq`c)S$rK<^MrE`P)+TW{
zfSMmoXs{-st<CIV;%4*G*)TAQZ1aoqcj>{-&cnZ^v-i~Xk#hm_u(H+g#A^-7FpEuN
zKZ$o$KH3e6D<l9i$W`2{(|AFay3R{y#3HX$EDk>g%E3rG>AhV$uHgih0eA^Q&!5W?
z-+_*rQOn`-V>?~F9QdWCjTj2R9LR(6gA{L$41=<8?tXgvxvFZ3AZ?dU_Hu(94f<p|
zDY!8FmdN(f<G!0HjeM^ER%YsG843>XsVSN`ffkL4sQ?(<zDdE0T!rHFyioQ-5B3bc
zcF}wZe@XaqVH<>+4dg!(AY6Y)?E0BGbp$O^^8Oe%9}Bf>COh6^zybj}L9|itYx^L(
zvuT%;AzF{^Kw}k?++_pwPMkoo<uLqZdxcJ%P*|5<YU&n8f_c^dyt*^hhdsh7uVgwA
zS_fXh6#<p#UnBZY9|!NaFO^uin_L+7_&fns_N#%ev`H_6#E?ZWudy|0jXOr7$aV?A
z)f<L|91X}}g=C`S-|5aZw<rex1~qbks^UbV{~hMKwn`se-%rFTrO+g6D4q_Mmhpof
z2i4+|UEzTqd~fus1-p8N!7*@LHW<+0OD!fss{k}tTo(}x$7srlwMxFN@Isr>1%oCM
z>Y^<-y=({75(k^3wdiHuUBF0xMIunuzmUlt#K*H*YkvP8#4QP@DL#EN*(V*nFkBwr
z$zB(lR<0puU|e3V{`)3+r;Ix!i+hNV1G)5mSo#6I_*Tlyc{*__7&WWvTPG61K;1w+
z-x}Z@^3ku^=-QMD9sQdNQmDcN+B#qaapqTir#1R)XSMO7C<I5Zz9W>UtyDYcgYaMZ
zR?`ZPAj-W^Zv~2vVivrX{hM<>^H!WnJQ@oUF3ps6Xq`1frz2MQfO<7?dQ%QE5EaqP
zo=O)jd^3y;O_}c#3`I)H=%$}6Mr<rT^W8>4>=$kSF)FXe=**M%uezLu2+M!!4bzRM
zfZ|w{^W~G;^o-XO+B?P<2L)$#=fb0!S>olM5n;cE@EWWaPr4GVt#hpRAaX#@hmCje
zGSs=s@|G%2FJjvFFD6%;5{Qs!CK!m}fSFPxc!}WvP2s;$AsK4<;IY>@0@P>U!@>7?
zpg_?mT;$kX`;MK1ioLKRCyB6)BFHWxPHM(oUB*r1sPhdRAJ*S&phuUTNdBRgGOdyt
zP=p6^p~kU$B@G<)HNus;+Awfbx}B}9t*eOd7t{-6{h*<NnJkXrL_`KopIG>W)$l+S
zp%@1sK>93$c5o;njdtPc<rR-XAWS8IrhTX=UMOqi{(63}74ML?r@5HBiv0FD{2<3a
z`b{ZWq=QSrWvPKKqa87jh*B>ZlX*bvP;T}|eNG5fW=Ek_rdSml^QUQgj_K!Z2t`Hu
z#9>Br*Vj9YI+rr<Nm%MFS>}}FujGXF%ls^0e?RTY=Ba@=n7zZ^*`#F-q&~(7W0{3>
zKcM;_zIP^4t0%%;zeSh#K;1v(bm;|qQ`gSMipP6o$vX4L8CR})Yz|K#X*BcMGDn1)
zZ1uAA^nCgbT#YG$FJaH4L<okKbxBr~%F9V-seYszM&g{f?VBJTqAugGb-@WDR9*sr
z7}p7PNv0~WHsA7l$}!1uW}D}{X5ipP^cdyy>$dP;@8Lg|q%Vgb1rF*ESv0dplIg_s
zCXT>wl<dJSrVthHjPJ(WdkJ2P)Y@wDY3~rk6!sVKJ+W!9#lzEDEh<xqd2lM<S`_wC
zxl#qCwXAuvzdoG1OeZsuNhA)s&53}C19`AZxg5;hza`<ehrk(^4x<HZH;rTiq6L@5
z*d~x8V4DcLtw7d7M$hxf*$RRsP5o)+<%e&BV*kD}NK}-%yu0<DWo7#0$NC;E9o)zp
z>{uIffxG4MNl6V0ISuehf68f_RcaEme|5X2N+>f~5QexCbya=56pKpOi2_!?Or-xD
zGoV$YjkL}rYROh94-xCx)X(@6h2&v@MKiaUA>(nNF;viky%@+RepmW0DvR*gTPhTj
zjqoDZH`Xo{2Pqv)9q&{Zc}Gf0KMIF794e4^tZk`AODLLA4;2{8ee2MZ@M|2-HlRd>
z!ZvfPFmeqX?a?{CgaRQ7xKWN^%yJ^34S+IGULk}?TF$c;O*YnX=W%WsT$Vyq9Q}dd
z^C*Rp3KykAFut>|`fR3ckhFe0(YBI}eIjnt+Hln)xF_HIm714|7e;QQYi6g%V#VhJ
zm)t}NjBdW)csWOPyw+<^q<Oi0@W0m=)ji##*_zvJvOhh;t({3ihW=@IWJ^GkVg{tR
z`43Z?U##!{9B`Xk4wD?8cr;IH%uH(3eWv9q&riP|y1HiJoiI6Zm#r!OwNh~N-A3Vy
zg*Zq_9jp6AAeW%*5tI-)su22jrCUsxk77EpY(^(<RgQs#wd}5{MZW!af&K_X`ygi@
zDIF1YW8I!+xyuei$|#gd<qolYP6B{*GO3%C6LVF~Yw%sZlXN-LQ;RIoUK1=jL^R`8
zv&BiDAWFjYI*~3UTOO~EePk~NIZY7q#_0iqV0Pa-7H%+&3?+jIx$v}v+KZHFw&Kb}
zkA56q@wibwz&hn-Zf)+DEA!#$eHu>@uNAi~>~3Y8J~Cg{CexCtg)<*P%oyy2>k3=j
z)h0e7RDzr|2>|}x8{6y|U%U_7-8ftQ0(rsF`Ngl<aN5xXEMBx;eT3qc?vsxLo&|n3
z^ILLNF;l*vGrpjk?vSp{)>~y?*6=NuY{kbFhYq#2mvafuDPiE8X7tw7okl!NSK5N(
zej0;hk&c!oy%Yr|nMV`c&X$#QFHJ=<nV`Ki34<D=A%GHJV6RT&tB1iDd~9m%aY)uS
zdo%T8NKrbbbM~4VA;*WB@U!Bcx2%5lN>Hh*4x5_x;?ui<7dJPhVr@rlM5aMdbs;;)
z&%1C%HJzU|8R1=<+EvZ6a2d!oQiM3srhYyu+t#$Hz^d3f_`Q%64HWVCdR9IpWh<V%
ztlQgP19pXHnuSS~U;eFnP%OHoFGppE2iP4pKY`t6ndywAUZ4n8kh9}jW~q2;4-LL!
z_L(;7i;m5ghU!!1Mo@d;tM;J-p0i>0e(J}ZB3xFR$`jhD0H;0Azcf7mrEv`8=BF4!
ztAF<`+=*D7(eF=7R`dK!JN?(G^Nq&u=$!^=#k*AQr$lCoRaPtRKV-JB3a^r$?`eIy
zW}gJRI@Pf~3$N5)KUa>u$aODdw!WIq-p)fC9m=dl3EJ<UoZSmYNVsR%3$Eo?ZnDG=
zCcXW0OqeR*rr1SAVfmPKiFBtW^tMY;t$uLGo*g{QwwixGJOB0@@q>~qg|2)f*n%8r
z0#)PW-Nm%~wK=Va2UTIwl9AS*LAsbswoVRL_!nN&wyjoI8E%r0T5eu<KsZ~+^{4tx
zY>qbH{`~dvfVcu#=VYpyirnXtxM()&eBCijM$7@shI=}+ph-$8S)j(IZ-SliF?j6R
zx3vjH=T|)@nPPS?qtcBK{*2cp5&{w+kgYBELW?00^c8;=v~f5ZF#qrrto}k`5x!cG
z#k%5IsM=e4*gSfhb}vzSzce1;a=4nbGMm8Tw7PKEo5aR;yU5s6Zu7V{K!jiQbi=<_
z2u2!Q<K)zD!?0@ivcp{v96a1cv+ZcGV`SKB>e5+hG`!ksIzD?HFtwh~ufhd(?H<k+
z-k{%Kh}xTNHgYyHXBXS5`l{5;>eTBHwK)HkYaZ=umyP8LPtNPDrB}EOF;Saqie1^<
zSu$_B_Rt@@Wie4sT7)_3Uoc(XzE?oUdZE66TYFW*liT6Z;KfU>VMfE~r)GsJan996
zM8?}pN?FXWvx|_xMccyFmU2K{o3eOsvRUu#c6yV)%~G^$;jwv>>#XtAoKwGiQl6Ku
ztGwDRhd@E{!mMM4hr5x7Gp84kpP)fOq3`bS=DB@jHNaeL(Ov2E&h24wBqgK{H==RV
z^_@{YD<op<3F&Zzncu7A3fFGyhy5M<bOq_EuZ3Gh^+(IcbW6G5wE%!am(OT%#$j+(
zxhniN2+Nz;=dt*+^JAt{u&t*2al%rxclE><W=%ocR`Pe<O#WM!Ub~l%ZD&Jy6(z>%
zh3|@Kv$Nt5k2A|4-XH|tE-nCltzl@cqkL@SwuUrhC>hOL49Yk4NB!+k_2Rt9w1H6J
z%$(Ei*D6v@?<4kL@Dng)NxJi|?1pJ(HAuL=WyZLI@O8{YyVBUuds?<~v&*{>dCkGA
zTl{6NLpU|GRUwhF=;psflHO@;-D_NWJ@2(K_xeJ9|D_c|urV3tf^=P<F_bhpg0&qu
zlj0zL>ni}SexZY{b^joLb&&xbYbkNjXAv(!NQ19cRj;u6bOcPiei*sGEvg*l<I!Rq
z?LRkMsyIsTcCB4@GKQwG91k9RR&g&5a*Y}Pw~F4SHrnW!CS9r??<93dmO@9)fbVYg
zf2|B@Z2Z&O7agXM<>xLM^J-!ZC)}=|CNjMxVes-m+|s})A(k4fq0mpoFY?EE26;4j
zdU0_Y@uPwsC{-D&G>(ZA1=E1b?YxLa4mvW{Mbag_<xDO`LylmS*@akGJD!K~5}&VO
zyju$wAKB5L)K|dq*&2x?dif8?Bu=90R-5mK_*blcWpxz9(^#s#b}t<QlHl^Gv`5wG
zHM_?66|_7HY{~v2Ym<xUlj2HDj3!`kj=R|d6!RPa5$F?rHQtq=MekKkKhmGM5r<>u
zC3{z@^MZZfe}F5Y%uZlKL8kby>PqS7JuqSLEY`Tn{Yj2>^Z%=r<)5}t>a3jp`oz>h
z0g|!TlLg?X+uaWk2Y+ypoypLgM%_y6jAe7Fmn|d>Nd@_nFA^RnPevrQ6GyBp_V@|z
zWslv?Q#tE{v=oqeVx#68N~L9}wD=0pW<$h&5M)TsYG{ebPvNH-bhVHlBQzpN`OpOF
z=7`Gvx7gNiYJBDj!~4UMaq%At2$9Y;6`L@-H$hB^1fcx!K~YMlQc_$0cM0M_WT-x@
z)I@z_{ZOjmb>zKtUh+RoS%Uw6kg{s$?YMamW>t|`K8*NU-znL)+bj(K#0pb%9nlPt
zU*am}8!=|3Buc4t0q|#}qmG?Wc}KaPg-|%Uwr&t4(Wp~fo2#SAmB}F?ON1i3Hysj<
zQEY2KIh>abs{4Fwh8w00cO7o0CJ`ot??RL*y;YCEZl4Lq)qD3O_uwk`H8S(}qdpTW
z?D3OkxrlEs&Ndo+e_!m=P%o`{C|+u+vZJBJwo;Lz-lr+%YKEikZk);X7j|Ee(|iFh
z9u`$bRzZB?6D58^k-3h=Vp6t+-)|={F3piZ780TI3G*@4&lJB2$R$*I(-tN|GaLjy
zsIg45Wa4(-6r-IGZ)l_sYtB^lctOO01WPJYeCESfwQiOhlu?cE4o5SU9FO4Dxd0hd
zo?Cz9^(&gf?vBvAe$rPiKq`m_UoA-p6X16#3GUqmio`eKBQ!n{6r()vKm$I%H{=eW
za^m~6k)7{Wri5<U;J1^Vn+(bJ+ZGw=p<3l{ksB2imj0uKW}i@*=T$ajdzDVS!mv-N
z?#PL;-8#hH4}YG>_Ojzfnp#B~UGt^+r##Mf|Bn_@S3fUV-&r71h-G@0*Q8{As%y8r
z{r`}mT!;XH9opw_dBA^|A<>N9KWB(2EybWsYN%tRok;x928J1(yIEn2$La16hEsie
zb{w+JEe@WFfef5szw)<~Aj1(ZNB4bU%+f&ci3=gTO(uybJQ0FboP)rYT=A_*mk}>l
z%H;2@-zU+oWXj{v2-D$ovLT&GmpMKR5|nw(ggLt#ZB~(>0o?qFO^wFx<10kvhMqx6
zny$nei(rENl=`8#o233Cngt8)rBsuMa5Ca*bDxaVaPs;Asl0icG$p&^mRMNMm%Jc`
zAW5Nb(odVH%O?T$-1EC|(gR#;xCM7(EmCMz;zvZ#RsGZ`>L~Jgq$YmG$56DMop|HF
z@0F*h4@I<p0Zg!%`~e#ab)eO^G+s&$(S1tGnQ-EjoQK#8&ym6h*Uz@!sN;Ugltj^6
zWjZtTcoViv3I3G)X3gGF(9?V}<L8b(RrU7|<rHtG^Q$+D`!k{{?o$cE3BS`uk|9~2
z&X(ojlNWJjEDJt>BexRG{vV_$Grh=NR<?_tI@0k3NKq8N6d|*=_7Xd|HAlTiyR2Ix
ze;O}-BklPwQ^e)$*O$Q6=Vi&^m)|ff@>ewlpV~4dnNkt!`#jc93BPFUjrU~DwdHwg
zbJPqm`a{g|-Tn6`!1@k9liq{aDX<eBrVWefDlswI#E6B4@)CEq#46lfHcXzn71<Tl
zyafjaTI$t!wNgCm9s}M<DC@X9aZ6zby1a)y!S#nCkilgtW>;cN5rb{WNP2{MW)MnW
zo2B^6wD~T?bJhNiI3;Cv*k{`5s(8Hm8{q;q`HDoD<oO@f{BCC}!s&=81jmb2kxJo;
z+l7CR>$aWsj}&Z3q878nq&LX}BgMwYGyx~46znO#ckk1iBnGRjaq0K9iwkc|Z?K+&
zhZZbA-qzv8PQmrbZlrnqL^V6`RrLIgbcyu{7ZlWpxBz);^`te~G-1gQne3Mczk^ag
z%Y$5W)Uh3=f439m&pR^D2Pv5Y@0YhQTHSQMc~lz2N+L#Dw2!$;#NoG;um|7M+C^_S
zSZ79zbA~gO9zO_dqU@~>AhhE-U4F+c?3MwL<TJIeW$0tr@to;zh-hCEQEZM#nSmk9
zZ0E&sJg&DxHJjk*7|X!<cjq!mVbmX9&fxcjr$?%k1>O?7Eelfsir2LDDpH8(5}aAX
zhBI{FwEu@Eh1T{)k@9%aWQFJ2SbmSovT;VZar5E8mws||B=7uFA03({CdoT0kwYZ#
zKlVra|7CwXU99?KkfS2YTAi?MlmBGQT3!EnQC8$UPoiz(;UOlcU3kWnZ5PGF5o{%J
z_2&9>d$h#95+_LEK~|-c-G89Ws}O2vY<WAChKq*6Ptug6gO;|lx?^y<=^Ab-=LpHl
z8%XYwejydz5C#s0f^w?{c(l;!=?ZOn{^H7P{T5-cGbB9b2XRy~@C|vqCJ=gF0~LOx
z1R8RhxI3HO#p{t2X2)|rU!g~c3nyZi5YFE^Bf@Vx40C>@TD0bC#c=?gJt7P4+%6AU
zr_EQ158Zz4j|PlR*YanJt`tLjIDRBC)xNQBW{N|g0C;Nl*(wAtFy<G06@LuQ3<nkT
zTKoihgJ**UAG(9WmCoR43dx|GLPqJnf)o_Ej#SF|;r$@#=O8;+3^MW@^vYx#Znl(t
z@x94+jCmc@h0e51^WK|7-kxL*ulj)A2h0Wo0n7orz}s1r9q$KowZR>tYwag1Xh>OK
z(e8~3lMuL#jw<vlP=VEM<U9chT5~M!<y^XJ%DA$StMwbKH<K$IS~PQ~36=nJQ8W+P
zy;7G6qPMAX`J|`ulJB(?iU^t1wLwge126a<4-2;8df;T*>200@YyNqEWlAY!MAn&6
zCy6>c@OK6fu0}K^X2O@SQ7(D8zP4LxxJ~>-6++r*#0k;_n2d{*VU7NY<Q-(Oct(3T
z%l}>EDd;v*9C0IURntejtr3apl`dc!tvujFg;r4M_Q=OUIc0&r>?*%nJkYlr(jj%m
zC|1Ov6)9(ipkMhv=tl!YmI6f3mY*O1z2~t-_4@E1-UxL`>56_Jh!yKgxrgR3cL1Rn
zmfG-+05HH!J=sV^3g68%jMN}F+>BSgZ5BrJF`R{S<wD{ryhQ!sY~<zHyWxSO%#frz
zRD#ERIs%DlmfbW;iw<x&k88vpPR^xL8KFv{rG(y9xneC8r%_&VwA`UxO3%r={n0y4
zmx5@Ir+Uu-(TgM)=wj;Ek!ybzrpkxUSFo4<2QaYyeF6<4J|mI9dkRV1DBhhM;D6JX
zEoyR|njiDI$HW0C%F<5oHm`AvO|O-H1hL?`GWbF@C{_c7zJ@T7kD=pi-Li~kw!6KX
zx1DD<c@;X;Yk^L`{ScFhMajm-7){MQ>c}v(T<LOd;Dx8Ohoa1z4<~-JF>~LM9Z8~k
z1$YjWS^NHEi0-~kwARy{?*R?YvL{$=>G9g$oMG$XIp|e>1Tmi@;rDLYuvDR`$`I1K
zeElGF-OG$Y4c{Fl@6*G-vCz6^VQ~E3G5SS!NjQRfYyRUn)l`66<UCwymwi9Q;A)2$
zDnd8U|Jvo9_|<;0vLTnW|Ej5<kjEq_8i*B@kkQ0ta<oMo0Ig7|sUlhLF92!p2Q>pU
zrm+werJeNyHf5%L5sRx@44L2qWe4Sj9$Qi=RCVZM4b4sApGPzn9VBrxZp?AA5%Gzw
ziu40F@c(w_9MADOh(h2KduWn<!YBa8p~abD+;F?=ExzyhrFy^ou-(J99E?XI0O;vo
zr}BL4`P!gN{JVt8{%ZRbNU4K@Myby;$p1x<%zJI2{~fG)3gj$&g^-*y`NVU472Es@
zNTq5LJh7lF#_y&jB&n9Xw2A$l|3JZtO@&8RYlz7`qk&g>;(^14ZOP0@n;R^Op8mA5
z|Ea!V5roEA0DCc<go&TGT%`t}sI3nrF*5?ANlNiqvarx8B+2y5pLBUn`cPTueCjfH
zTGBfu@x6Sp2_X)W)Vr`SgriW|kbh(le^CQUvNwMI-SzJ(j%?dr@%^Y~N#V#^N~q;z
z-ySTOd3ERMwWk#nEpDA6G`nq8h6gMAj$u@Oigy{!kWNhqKZ;F_{=oz$8*R+Sj>M|A
z!9etP6z@SN&8AVnuoj-lkvd`XY+poWaF_@c{8V2aOiorZuf>8WDD)*T7=9=UJ3}}M
zy=2j1aec_rjA+{MC@7`+1-Q3UA?<wo5zlN{C}ikvF5@r#LnCr6%{Qv9_@F+l=3JVa
zU2tlOpAw+li*!-khwlM2_&?dXlUn|P>UgQOQqRNuX9gVM#m&M4YY19DfxjA|)C_#H
zDjhOcOe=2pyl$0Dtsq^J!$WtJyKhoQ-=1Z^S!j}aqmui%|3B27Wl$a8*5+|19NaCq
zySr;3NN{(D;0c7r-Q6vCaCdhI4#C|Wf(MzC|9$Vw+?lUaZ`FJ`)u(Frm$i5AwfkAW
zXY~zMYH#pZHY7&^|I2C}Su}I+0x%sD2Bo)7&+LGhN7Rz>IgRK|Q3-7TQ*i?GHmOoL
zZbD5QD3%m4)i3(WRbzE_eDRFx5C}X!kJRlL?PV6vmK6M-V3Je!*S}!WTGU@KsnPX+
z1CwMoWB$!0If1#P2qxuIe(VaTc@NBiPllX@(%WvWs-wD$mC3KMS~iqo3Xfk3!zWx@
zfOw{H<`OL=nwNsqBi5aU+7h`h>@|BIp7hH_u8E^WvlJis`#`y|^ge~}RByPs;JgPC
zN-AZHS>2UX;gaR(P8DXWed;q)*>nNlGT9cR4$n_{W_23sL5dIEj5^yY3fjZrB6&rr
zH+)`K0aXP|nsA1BP>e!JhB}P7MF@|NK(moX^n8xpLkoxg49?F+`PEsLSBUFZ4Da=3
z$e+mZIZDJeU8;+LUcq8tuCS``0^4xP(RWR6u3`c)vH8X2s>=GQY2BT+GsyOuOsGS>
zV^ZVDUa=Vt3)Dcgdvh6j6Z<d>12<bS#qaE5c-IRNHdK-L8Uw<O_tRSQN$E;R03q$7
zy3<;kalxanfWuOnEJQMU`v_{IiSWmm#MEEt0y5jmrL)vm9|Q+45pc5{<xghpX_#hA
zaS4(W8E$RD;{-!4ip>N}X-ljpsW%gm$b-p7qwch*e_7Va@x*uG65{iUXgX^cZGyQg
zqfPvtZRq{Lx_X2jC94$|c$m8=z?QwcuGiU?IxYL?AoZjb%dMc+sZ%#Td*#M7Ayit4
zItYrDL9#m8cEgn1=$w<_P}wEVOMGK?TZ9qY@tj8;w7sfbnmZw&CjQ2Ze?~_RaC!OE
zujI*)JqTIJ`T*A;Vs)Hyo1%hBL%Ix^gmc(Z!Xq~I$o`0q#PB1-uhQ7StU#)I1Xzh=
zDcT79r7b4;3+15P!{c^(EON;>GX+`nbXF4tu|3>O+d@N}f~0FciD1{TdrqUrg}m*r
z_coQkzc=nQKBgb-Ph%&hPqXS60cNj)^$o!6RrDa3z4GG01+!OP>L>rOS8*;!HeQ??
zceE)^ELJZ4Yr@FDGJ!SBf&o25o#_J85*{~0?A^@0g<2mxbA!ia9bM5u=@6qxKbXJL
zx;vFM`G>#CY41{*!q7XI8CKBxBAfF%-)q_#Btx=hFx48MFGeR1H~G%L({(@>>l*fl
zufM(cHoclLk}OU0qjS^B_JRi6c(IF`qV3D?%%tqEDS&0+!@ipLtku1LVop46d+L`G
z^Z}nzh?0~uq`3fol@r5SZjCB-9N2&f*iqcA;(UWu?W3T_n_kZ44zdo`&xI9ae<T-#
zT1~{Jqx!l8SG12Cjl_1R+VZug<dy}m?ot$r!rD@$@SjM~4Gl5#56X`dPq-OA@Z=O_
zfWfMQL*OB)#-v}}^+N^i?!aDiFU~4Q?>x(|SIP@WoVjn;*T!O^ln#P8dq{=o(LODp
z!?iPSbltAZj4uppyg3eYlsm{X31JLH1L?=%*F`zmQJe71*SPb4`jfW&Lvu5Hj7Ip?
zW~~nnK4HAi9g?RT{}OUGz~IO0tSIK5l{S5rd;w4hQ=n})SMb*L-3rP;-Y96`%Fo(L
z*sYpGJWtS^EQ1@K(B<H1OU8-V)FwD~mb~wzG50GUSNe5r(>tWj)#nB=|5xjUu4kF!
z(i`gTk@j^Qk=781wI~cENcuVR^-D*+16c8e{FmZur(qW=?R-*KM#J0PD>8NK$pF~E
zs=ci4<~EKW{zN=d3lWd_G)<;zL&Lzs^1jvH!6M#)y-N{lld)Ex{i+m2>t9;%x;dH!
zvmKzIu}?(BE31@l6+cWqs*Wofk)_3?k3n%`#TxB8vtwNjB3Dq;csH7~_Sb}~-U5hp
z6(yqEK4-x=vC-C;d6wTL>Humm?s;foZ5dy_Vh(2YU57bK#i?f5LZY4)Oi1FA;7>XE
za;N{~$v}*2<VNx0zO4$wm566FYD;EtCH{XwRssKkR{i&rRlt9sRsa2D74RQu)qg)(
zW$+(p)&Fl~6`{nx$SV2&ovfPw53)+N0x-sz75-}`6khskR?QyI-gf+s{HyVs?D&4v
zcdL8aW@?b{&%X?zY-v7uB2!*PMIP~!uCA(Evi=as7-*!#v5g{>;;61tigSlOD#|02
zALKlGI|vqqgA<)phW-U*U2W!0{@d#c{h6-R^z2gBt@m+DfFAhXj~qyDgg424K*NA^
zm@6-tQBi@C%M;wsAW^S?6{-~j#+xL@M~P?AjLtBdgKaNv1|hF_zR<j{=Hi?nHN^s}
z#6bkYb&AHNF->NtZz6UpGJd!iv@nR^9XKe)M`{R{39GrO-;eYFBrOi}iun)~m_R#+
zIVqQpfItk$5QSa8{za{}yuqkdqNWwL$)os<h(Fk$8gQ7K@Y4bhAyOn*1|HNrop5GB
z2>dDNaQS+TZeB~U>=^_9g7HKwu#akfg(MM@ICW9^ft=E^{y_>1f)XKQBm9=-4-p@Q
z_Au*RKT6K!S>z`BFkBeQ^5q><T=(KSjL+Kg_RcQhdF;b5#arMU#s2@)hI9TJM6D);
z5q%;JkS6#!^<pGh@Oh-Ve03AFKcWIgxw|}a=C6?U%_JGO9aC)NA67i<R-R|~xn;`c
zWlVV@CE@dhTgkG~GGOYj1}V(IpbR6I=y)Q??HOXFv6uQYV&mrPL^#L}3i|(2j>lmr
zY*vOT#18pN3`)s=iEX0nvOzqbRa6wHHwX&0zk)DgfD7W+Oovn$KY7#^Ys)PJ4wS%t
z|NfJ7a#CYMh?f`_`f+pK54|+2eK%y8ICPBggYDkdzr{w{8*hxpyUKH*jopt+9ybI2
zSbW{wTR$B0W9IlV>D@gd0QnU{spDH5w3)+Q(j!EYQrTBuB{%p9NKT%+H*a4gQVJp7
z;z#E_Umy+F{);dzhmzMV*@BS$q@Mvz<awrenF}2b?Xbt?RF^xnei#?&p*GtVru*iu
z4Iw;UG97`uaW+I(Y$al332B(vAu$^T?^|H=4DX`Wo93R#;l?l;JT%HxkCxsZ*h9J@
zOVngnnKJcc77{MzjE_!{0`qNk4{CGr7djZB0^FM+7G1E1<3({_m>{l8)6M0k7``z>
z1eDTS%Hh%ey|Ny)l0)d%XNK_6pRcFXt8Ft3lzgf2%-rqH`f=<nh_@{1g;ubb_h1hd
zz$@146rb1imevS*8hhlq)@Kpz_)H%Hbpva-WrcaBLH`?73TdWN!0bq<nJYvKbchB}
zsmhF_-Tg0R_;dN@SBcLgYm!}gNLYlcNh2?y#vieyQgo1{=C3ZSWMaW^|Cc80Ngw-<
zCVakFjc%9WQ$13GUl&Peq{|Ji{Gm=;I5O%Q-MEF6EF0a#jEaOUsBoqYKS*v@wA$29
z1NmR><`mzD3!SX=&(Y>F1>5v~0v(T(W2?=m51(T7wj9&VZ6Xs5Jj{VbU<IbRorY<m
z!_nM{5&C?(<P8c}e^iZ|XY16krK)A^hN*bu1yasiSb?%eg=%p+FEnFIi(H4}sPT41
zycOY3@5bel@QcM2Ec#~>kAgAUY7r~L05G8?)h74|fQ_WZAz(l&<Wn#$$v=RWpyl{7
z`SOPuk0|kF!Tms|(C)(*g$dCr)G(f0VO};x{^7rf)^3=dIE~N>yWVlZ?_NO?H2i2K
zFrwvZ2u8HLqmBL|T2OctJtYJUiA%8%vZxRU$=TL!sn%aC=&ZkVriuenDv2$1;nTx6
zBrs~1^%vANa&x^bb$T7~U2hY_KsBltc^joCer(>L4VCjHXuLc#)*fNjdC*lk42>@d
z9jy8?BfuZ>BLu&0y(3~&u@s1{a3nl8g3o|Hmb4@gU=|oQh9~dgx<XuDhFV`-#*l#y
zIYd#)^uc5oBSJ{r)dgy<L${d8-=#+RK&uqJnq|z;w$a$m1k9rHN<N{oVQun#rMOom
zv+K7Wb38;9AqX|Bk$|*WrB;HTB0NqV`3|84tzckDj8Y@jNHbE7V%bP)L+vO}2mAZS
z!Mdea(_p0(AL9hhrcf`&7rNpiq5vZ0!G^qlNy!GHN7wVfzqDlKQfl&dqVIPT<Nm-w
zLT21`9rDUq@Jhat)n1i$Ys%B|Xn#z%0y|0*$}bVbN4zaXu#=d>wvOsj0EI#GXiMz?
zn}2D^x3n~(+DNzCqUZnRC-u+tb=K*}8cXAlQ=9f7$#<&FEc=YnG1LE$VjVsF$N-R~
zbE+b%tl4#jwY^NnIN@VAB#^Yx#jHGf%USXzoHH+{xr#!efF|636PakOA%_?>X2DGf
zhu<2Ft;Q<!CAZX6B9DAU+?(>L3tT7$iA*BifuXKziwP&+?Bbu22{RqsJ<Q53ks9<a
z+r{4;_hPNuKL4nbm^3u#VZ7dqIRNsY$jis|SWxp$fBxHI8gfeg{MTYiRuxqwfCp~V
zkkn1!Nu~H`r*?oNJoc$bD&VAg2q$F-Z4;vJ6|6JUfOTexdDrhyR`KM#wY-D7xA|NW
zUNH|?(w+owy+ra?_BN4wk;>-=#dZc<=GT~ksof2KyA+zheux9|8k`HW=_GIqFq~O*
zWjBppDXlBMi0xby|G9VB5Bw-k4=)UD&Fr{(sX${*UKw7txc%BRF%Ss*0aEL<#NB@h
z7vJolOF4&2J_xcX+AO|)_hI8u$%L}tA>$0vy;=&cAF+{5mX5mNfd?qoSrXcO?lg_h
zJB!ZCJT?8>A`y6#lNX1)Ayvi@nZ?Pl)sX!uQcYZ>g7v&Klt(;#VGFz-#ZIrprW0yI
z(Y1a?Se2|jCoa;Mvz_}KimU7BN;bT85aesB$czsY@H0^1fck^5I%Xl<9G@vXgAq?A
z((l8ikCUA3<0sPEv1X~1d>ms|S~Gj<>kQ)3H+0T2KWl+ID&0rC<pM6ez;XPPh%8rA
z11n6)Bz9{GeP;7jlGNJbS;+=ltH>A~@1so2Gz?CNh|yQFl74P|!dfEazS+Dnu2E?d
zPt^h&t2!C_Zau5rZKHQX6}?T%P(OCL9oH-F`ej*6#wv)@Ht`*MUWQNxc4Zljci6p7
z;#GEz2&?(qi67P6_hUBlY)|Kk*Ip)9TTU)Ei@CBozUNp8c%4+X^cgNHiHK8HG!!4D
zddH<wVJ6tBN1+}(1ty3&QUD=|v!*^h8C|NA_2LJNSlSTSLZtinCoA|2iz1i>;RHGx
zs}q$86bu&34sL(sKK(qJKoj(bkFR{*2fi$rXIWz~#5lzpF6F6k5vI~!FTkWb+ov;_
zWQ<UmTe!V)HH9^ixI_J$@Cs#VtTXKf6JCS)V8UzkFX08G{fqEQx~R^G{x8DImr~vN
zzX-39e-mCU|C8`i#!gEC6J8B){}5hdLtw&7_dTc_On3=Uu`YrMul1;(|0m%Ear<w=
zOSLNQ49_3hSsI@6fpy&JRy@oK3yg9dUVu@qx&42kT+*3;QLaIwg-udIIDEJxV|YTf
zecFQ^GzWdhR7Yk`ZjzXxJ@+=d^fix*cklrT1x^$Mhx|V0^f7HG9ryYnZOMDEP`ZCM
z?3*K6?+z2ToN%BNQ4=1WC;`R~fh-p`*4OPR)N1F-Rms$t3JL9?_m_?hoW@BS3JIjm
zoak3c$<>r2+T_pAw(+DDmjj>|%|mbZD9ggDoTkCaDBjwcd(0<c0W#cYU288eG<62#
zHd^{&YPP;U9)IN)eZx*CsT`@qdikw!^JS|=<ExMOq-AhpAi%&i3D8%}J)^1r4)a}R
zaC`Hf7ebi>f*Mn{xHSmgzSurn8#8I@0OBVHgW<sd!_P_j3eGpQxo7s@J@Q8)hJ`Fc
zhh5@VIlP@1yN-pgIZaQKA9C7eo{wCfVGOHo-sImzkY94-T^e-Y1Xs+vfrz`VP|Wg*
z`ZxJMU3h0zm$&kNfU5epy6IPW@v)>kL+dyHhAxZ|pzuX=`E9@o2&&Rt2LH*4y3<tE
z1P_$|gIoGyjuDl#4y=C#bV!Diu5&)VwrHnpZOEV1$ul&(LC<%NH`dSGGkh~F=$stZ
zZc%-i)V;N(CNrpjqSk=qOVnjT&_MR@#f5o)av7cO<_R?LdNxJ`oJqPLlGdpXD<NVv
zwQ}z+8Tu&8lw>o;C*)9u`(|a4DX5>1;|k~wQgr>bVih1@VIo{pJMIpgGv`U0*VP*s
zuvB;z)l6i6Je&f=okv{4A~c){joj)2l7H{-M@3H<Ps#Jtr^&VR^(HCw>erfaj>gV|
z`*UJ90GrP}3qZJ}DiZx-&mC_rTsicFHc8Cd?N9sLiqmUwYe}QtwNI_ZUuK00uMuUC
zi{IfB8`f7FgElNj*KQY8Ls%$LVnkmr9fwR<t5N&5C>~d2E_ErfZ~_8hhTa?PEl(!(
zTXQpnha<sTn7O6LXYEdxic`~^!yNqWWI6W;#Mk)E<oIsP{Zd&E!`hBnC6^AviL^Bd
z=4Qj~n$2hkQuq*Rx*LlQ?yN&Dj0>i9hHvAK8f6w`OjOB6XB8s$*13;sBbRX)ho+}o
zn9$JRcyoj8YEU==?uN>7;98=pp?^Y{*QuWDQ)>uF5)&K2=4vxx!Vi)R=Em5IQ26l!
zhDOvL#q7h+hVNK@J94&ClZaJMd?t2v4SdzH^$`?0&wg!4X2xt5+?tfe^}<1H^vmM$
z3nT<8z)|RY@p;;-YQT81J$rsoyI*VC*FLGAeX+IYa0o%Pz~p!7;E;8Tj^5T-(hcpG
zU7`oS6J6kRmd?YlP9)MZaeRm3O4=rqm<-|zAR{XrpLIwEH#6lJ`%WT3o}+7lnB|q2
zbR0XK(B%qtX)6Tv<;i%bF4Me^Y_qyui`*{ez-PQHF-MQFRY?{xKVvf0s`85B7$LK9
ztrFUnh(2zRNUVYMtIiWcsPj4dTl3!>wm}`16EdOJi2m}&KQk(_etXxE28{g26&k;f
za!IZUt77@Sk3pAJY@fnTV1Qf=`6K{;-hdo?-~#~|*zyHO4EI80@QIk_BrY+qRW1>T
zH0_)_>=}s+byv6PuFRgmlOYe<3ljO0`*gDHxfSYfFS0IH@><$GB`)qq`dt4p`S4MC
zsB?JwH+B8lc%q9uYF|U2n3+@Lo+7ud`De*HW{nh&5>wXP79o~o<g`Bym4Q0>;fpAi
z(N%ju3;C2v@lqhtm~C9e`_&Z^Zii1t^UV{4KOx^m+8%4wyzDJDD*KTd;m4_kfeY9~
z*aDKk{!g<QuzQEo{ufP=I65`?EefeJzoVACPUB-;9~1A9em$<A8~y2~{V6=*>r@fq
zPS0uKx3N{GiVMZlbJC{lNSD~!)$d2d;CTV0<;|)yaBm)G282G3R55O0?oQHsHZ4{p
zYdkfFNjjuK$*`N)lsiw5-muSDr@?9B@2G~hEAAY!|MZW@Svo3M{etOr)iz_taQ)pW
zJY6<l8h2wCs(*RXv7};xbxuPwcv%YHhD9%fU`M!N<nwR4&Gc&12S@JlB5h@Lb>4G;
ziooJWORZqgLj>EnyD26EzeDyJ%95ZcD|#xIhEkCIP25(0`48%|dlh_@Atxa;JC~uK
z9HjV*V!{n!n2V<1j#ftB&UzdmzbqEy#jr-^=2Ra~SSELT^j+a~$hMc>Wa>f4F!y<J
z{rrBsY8JJs-08mAZGrDhiGc~umeGa?;F<J1;)|+@VT~WOn08swTawmnoVGM26e9n&
z{jhuUj$=e8-CRUJ)x3UMD@{amUs=W5{8cYaB**MkktJ8x;x;5r<cBf`VB!0!{`)`=
z`J^ya<d&N=e?IBa#r!pL6MPdcYaOo9>)i5-Q14<|h}fK@n}g{=<_Bic(3fXmaAFz7
z)Y9JkR4=gxa{}36#B<LleV<Q7#ke8GYOj1R{1j`OW&8yTNBS^1GR=54UZd8&KYEgk
z3%0lMEc)Z&Cd8>@zoZ~8)%)m!Wo{?ZhlJKLM9ic(NL_hHUs?|%s(T3&Uw8&QQ6cAp
zbqvWr;D&5m9`emTP|9i!oiM)u)qU$$+NPO}kq1f=xdxk%$i^hG?DD6$K;c+w{SnLy
z8r#fwRU^Khi%Od0*L~gwrE;4J=#qua#oJkGldB_$?X{h+_d13tCfcw$vq|P|=Gx{1
zn#uD?=C^Xm^Ede&<_kWl=AYKC1bb`KA)nNkez-90g9p#ANQP;E#{o&^T>hr!+WOt&
z2EOKQqtd_8@8$%Xzf;?|tf(E>IYZ{395fX#ST3raFnAs3pOzNib2{lIfSG}^$9`8K
z!9cOMs>aG9zK`naco$SUnkOwL0znVRwUtO5rKCnN_`(B%xzRyZo0x4e)iKop!$PQ_
z@kESO-R^h2`@a0L69D!uzZv0+pS?}5nNej?yE$uNYp+q@=&(ygY=6b)4YlT@3$fkr
z!<-6?tnxpt-Gq`Vq^%%~3}AL+YI~tpjE)};s~Tp1XxvwELA*CkiQIxt6{w^`t*Ne=
zphsIc%j}J)T@>$g34-)RLPmumBi~dmg@71e`?N8o^WzX-#|0RzK&fDmu+9F2)o8WI
z7DJ4XfbChC)$vK7<3ddU6j>u0U}tU~t6wJ8c%#MN;qpQ%LwRT?{9f*;wN_ghOJ}J(
z>0Fchq*OOAS^LeH`{ZfXZUH}6WZpvP7mhU@w{1s7sg;{~oxxH$1+ND83GDbO>|*)B
zVv$I1a8`)SoFwqgf$;9{T1<R-<~|)nA#^u2?=wh5ZHxLQ5^am-5Rs`dcU7g&f>)z;
z_%<+j%K1;e>y$Kgr_jtU1_5k?r#v^&z9jg~M&TV+Y(tx>?+2qND}KfOx<n{%T%G>4
z$`<ya8}6MNq~glER(A<U!iFonTZHRX&;re{3p5<yjCk7%Vf^Q<?!Iy?YDcT}@XZG)
z(sHsuU22rlZBo(FF6Hd>+N|izw58S5y{#8IKDVD+stj>d$<4$4)RHg8J$ttwN))3&
zR-aM3v&Mv9h8ogotI_wif)EuXJ#7c2i>yu3^XlqPZ4^TEgdl*9sM0DBhaE`+u2a%!
zW3B?h`pi6u=Pn31WA6Ohy5BTed16$&zFZgoW}y+3Ji8kCg;_0F=}0$R5zqEvU2vBv
zD|(36^-XD8=5m87$0vCQl9(*mZT>i1FHr4gx1y`>;6w82M~rzSuTSc~=M1za8(bQM
z+sLDo$XKA&U0%SawaMg{@WT8DuSzSOnM`wl)q`WB%>QP3wcUJhe-_e)rRR29OkNph
zCq-9v7xKf-i>lOdb3Au_u-k3b4}8tHR+Q_vd19O%5$ydp4Ys#W;<}m9G>hSl2)7;#
zC0(^0I0FnsZM`)-y*0m8r%Kn>@uSz)QHGewzNry;F&!PMIGxTHs7~7inQHR7i^~K7
zrjEvzj*vq>v68P4l5OQOU=vmY`WaWoDwLYnW2n0&V*Xkw=**scd1&1A201OuJEz$<
z5yih7=tFS#ISLD(3HORZa4$|wIN*P^0iE{szoro?cYU{t6qBYH9}4MqAmfB9=^0+8
z*`Sz{;tmGkb!OpYkf(@mBAK-@y7~cYqIMkU8o}>r5Gwkm1t{tDW;Tg-vL1a8IbEw^
zlUJEx%h5LD1h#*IP|0-QwCtg&mAsuNIXaCwuc|LNo{1&|v9_%w#j&EQV@~N#O?>A9
ztOG+%Og1t}3$g+l`^hdl9Z|3M4gFD;tPeLBdmj<Ej6a@0XwXBBB82p1@I3&Z#6;#H
zJ@+cIm#s6{95aX`jvyl(q%Cy@3w=P3YLh>%(!Sr`WO@24Vyt0qe@`b}{dHV2E&4n(
zS%SRj=$}ZsgWrMlKr;;qMe$8m*BkmOm)!FBGz+7t^pY9}mS+EDt7zFM6ycAySeFV0
z{b443T9w=xRK5UNzajC|SveeVh=cnhA6o>nAj2W|0PQ&Y>HPby^~t%Q#UKZdQ1q96
zH62S4z>4s}64s^)#^yw-Q?J|=)~1W<qW}wD)^b*s-*VPZ(KDzS9@vIo7^x(%a|Rzi
zVpnM7y2IMgxT@#g;ke)7h@QDgp1~U}nG?&UAC^a%S1s-0crJ|%)wU@B)u#?Y=8m{y
z!iqceC`Coe`C~=|=ug3HXU`Z|*o8^=1Z-yxbQF_r&+{hB!;}&@!j!0-;!Dv+a0`L?
z1aE5QK=5!crd?|`a_K@odi1u|PhWe>{3IvQ%qT_H!q6vAaT&2WQRvdgSlBP`Xdg&k
zuyu{NPZC0JiOj!C0HSJuNEAG=0DX<<jG$Q<surJ^7W+|Si>?~hgl|4=sLN3hj4lPv
z3~%uKXW43m0`^<FyEG}TKOo6ZHPVX!t*imo2o*;+p~)Tzr{v-=v6Jnl$qmsuqxcl2
z?GAkIq4Nqa%GK#0#Vaepya~60-Gt%EA?A#*-XGEWFuE(zq-#;27PBNv#qoPij}ZaL
zV>(0MjfUB=jnnxXgFL~L)7kGZ$lcc}zY~g0ICzrJ?@whM_#ymqrezsn9+gwNU%p^q
zQyN`8Ox}vU&6hXd?jZfHVts31d#hr_T>OKx%4T4|h$W&#YcIj_x}31fQqBnn%c)KP
ztx`6Fr%n*?tCVdRh{!5-_pl@gIJY1O0MFt)UO82?aQL7R7oKRnjx`E>l$f|oA=_f_
z#CrCi5%KC4WOzXBE9D2*Um8T^;Azxa9@8YcNv3`GHEG*OHypZo)ew$^?`n9BQ28#^
z&@Df|e$n82Wv=FEuM06C)#^`2wIz^Vg3{Yf0fpKWhY1Im2BJ&$zMGdjTyG)47Z=27
z?u!~(q$FRKDLVO5DWc97-x;G+#am(kFPQzJYBHRYVoYxA@0AmX*l!CfOtpZ;xQ;0V
zWuF_dn*rlq;&hvj@I6j|sMKRI10(P|f^HL~BxHu96_h%}J;dn~dR-x@GK6@DoHph*
zd~)|61sF9zmOshW1o_fu<^i(SQkbMo<Ba8(*C~e}wSvX-1I69hNyo+sls$_Yx+pG*
zf*6GT!IkS~F5{HqYH7hV-rar!R=+=zQ!F8U7VQ0@?+b=ddY}VHxLg8%-p|-EpKJJz
zZ3CX{-hUQ9!Jq)c>6_MByM$j(JzWgG>)Xb=8Mr#Y@sa11iKlW;%s5rXPnCPFyuoa)
zse+a@nI5UkibX&L6YMN_WI)7_2I4Ot_34pXJJ_YflA`M%V3nKYV1p*H%W|ELeq&>G
zek|i}@Dd2<^~w<2f-P`F3aX;A7ed17OiyIcsmQ%VLQ*~~$-QJcJ!KNzvK>7@^X(aX
zisuBTbqV1N>qeNW>r&7H?o+xqUy$H7a8QJOBgSi#yI{G85ghU1Cad^WRCMgB(BUpp
zYA^JL3{g>hl63MY++#FjCgC9Di%rNm{7561rbPn^)SYB{r-J&^F)_;AAx?;TkW&ph
zIrbjdt}NAe`5Av$MjDu|z!|O3+{<#Z?~4P%L}o;B#pSRI=fsH9N3bwS=q=(soL^{d
z=s!9Pmha1)8`iju9s1RdXB%=FQbZX`h$VF2Qrw7$a4DW{a1VP3W_#`eplGvWbuB34
zO|jL)hd;M){JjZQNazmddgE4oAVa(_J)pH1JzJPuSI{yR<Q)%Y2MEPfGM3|3&<wz!
zK^PH^S#f}0NYs9Y_K$%Kgu)R2Wwz5y?I}W=HsXmxN^a-HY$TvS@U${;Mc!|vynzF6
zX&F@Y4s3MF(qp1$TDVi3;}s@cMPcsDHdrIdLG|q53TU9go)G$zT7im??XbOt3d3BM
z<(1aWZMoZ-JB8npf=s;39k-lMX#)5;$|7_VW8qwAMXOxtRswQ^v8hG%LG?HapXi&a
z<)75T_^Ixhq*XHC5~(Egp-CL8lA#(3^nzkFucmmyLxgi^+-yO7c;hLeyJt$UahfW#
zQddY6Rjk)htk><sZZ`KG!EyIIeZ$DI8(0*E3RqrPk=|VBTJ<`{yV%m%Q-F%`uI}QJ
zZujsnPynfKOv){Vb$%DOaHmCru8}zlDe12UDu|ZKPY90-@5djof)nFG3kE?6lU2eh
zY6h-V=yaAZ%=_Dqm0i;1&%{y^EUYy{m*yf%7{e~siO}O{_PQ{XhJkbxD0t0Q1|1&u
z?|H_86vD?@ySe{Rhcx9Givmr2qm23MFxu@|<Qr=8v`@hyl}WINIRf!n#0F1D=%;mk
zjx+%YV<K644$;PF{j|j0q^K*!+Bf{)zDb|ERN=GhA!tSDppf8nAw!&q7x0&+bJx+U
z>g(x}Eh4(=lh0$Tf`7^-gVZ%;-GbDAztI;wsl*-g<-s$*2=tY?0r;L@A++>mUy7V=
z)32w#LoECl&Cg#$s;wkD35-UnT^~JPmyS%>!?=L%KAs_=wBP057MA|5YiwQxQM-^L
zw(u2J+Yz~TKQ~2r=hVXyzkET#J*j@xfJ&<(rS3xSmm#WFmQe?Uw9G8%y$^hJ0(1x=
z9W^5!xs)dXtSM0o4nPn#Tv99ML1g%z&^pTpG$Nwyc|%*X931?Cy%$6ylqpjNN$yUE
z#27(Nz4+TAc9kQrP_)NNKok!Whh(4Ck*McgR5O)_jT|#ZY>_Na9sE7V?yx08eHTPR
zG59%9YJ-L7kO_9!jrQY8okjTYLYHNt{GboXkM$r63+_3@0dP;T8AQ`LFQuEl=wZSt
zQ`1dUKk;u~IEDa%LQp8r+t<6lNA^aRrbqViJjXAzQ8^F<A@T`L+5Gvu&L4YyBQ24B
zXPXfS8+9Y<cBF9^)R+ArU;X?E?sG99NM585%U<>IY@p;$W9t|xp_0{FqrJC)LGdex
zB0tMY_nMDKDp21^POUHbGMIYv)nszVXoev?6C8f<*duWG6aI!Din>Gg)f)k?f@L7;
z_O|EHjc^SK%?sA3z6K?do1XP6xLPPBJ9zH;tQ&uRvD-$N1<TEc?_d3#Tx0#+EJ5za
z#V3<lX+FY9x0iXN*$_bwDp-mw+WzPro$;sCA>enYq=iD9uL~uHlM?xXdHfel6DW^Q
zgp={=0jMxua^`NuSZIh4jo_1f#z@A<CPP_}*)V|Kc!p(l`A(N3S-AH$<Q5HqVhGi`
zKoz15{}Z>LEX8VoY(IQ4rb&yakfH99T~?Y|##IQCs;AOw8-(zve}E|`qTsLeycz`#
zB|rhybwrFl9WGGXKTC7~Q{?>?r7N8n7di(apMeuv@M?W0&N>m#ACf}va8yWAz4ati
z^h3L3#kmHTn)W#1QNgX}&%%^<_!r0WDxF^xZeitEjbZh#VADnbzD_l%ub;?1&|~9*
zLa)i{&2sr|rl!gm%6r+OYOCxB=CMm4PXW?>Q6DA}9^a5T?3*!^+WB5D7Nex^7pE%3
zFPXx~19gwI8#%^Q5+;9NEh@ost-j{eCy+7AD_mBzZT@GMU|%GJ?@ZGpui!j7=GnR=
zXzrgvGqz({0~fEgzdd=tnc$M9TIiQBByaFj!MQj*59PVHkx~dQqtme~7uv`W=+sXr
zav?oRpSH0YL4(D=wU-fMnT1fd30nJsJ@c)Rc)*_*iA1f7)e+q=R6f(&LyrZ6!OT`3
zp~BGY!>D1y4ZWI;G#@!JlyVy5?Tv}0sjJlrRZ7-1c^MWD1D(UNRHs_GYhm*jweXDg
zO*H?Db1a_0;P8z1$2=OV<spcIK=ihSl%RCIE}aAYzz6VAr+Epy<g`B5F~|M}eTuG8
zKQSq<8r5!^u5fD5%pJ96R@>ub_%xCHiO;a7_STyq4WdIYXtDSm;zlh=v36}=LE%09
zE$>g~%IuRThM67FWBV8~0-a-;3~4L>HIO>L9j@rdw9gP0n-r%M`m<9_fT7mZgQ6z^
zIyni2KCxdycgM*}&o}6rsGxCcS&H;e<-Ra5eBB|6*5Z_UvLzoW*ARV27hAKG2o7zI
zq3JF~{LcMeL@>FhQ94iIxA45eq-`+ZqEF&zRN5~m;QcEoDd?qRVph31Ss^fJjA*R%
zIZ<Ewb4{+^z-Q0_vey|`pzKTei?RdWhnke`v$5PejGz%IJV{8ettXYJ7A#4~L)Oj|
zdO0jtzBl%T<nju=IBW*0aLhavzkpE5D~8g?h!xrmelN}{wBDv&xIc9|H72xGdBy?M
z!LsRjiNne*_#3iem&#ayn`x#KyUGv|C0Hm){#*ETc<ku`;ysTDz;kCglP!*p6nD>a
zQr@TZAo;qF);RP(d*f-6EQ~RKiW^|Ts@Qp?!)hl2p%!_ePf=XRCvv4R-?g>S$w6lt
ze{YDLQnAKqtZi#5(bmE&^$ZQqYf&eh(lZ>Wb^veGj#Z)qQ#wT^R-fpDnSS8;kS`*6
z{~{$x2tB%7ul)+-eX4CMFu$jtN3L*Q08iQv6&CM1f3Nh#z@5xwKUhSQ5girTU^TRm
z@ga(KX!w}yJ5rJF-CN4)a6@QUf$zsMR6|u*^2t<uwe7d1Qgbw0?>PF-$uB48hYQDp
zU`AUcNF@@zt$q)STC`J$L5l7`j+MM8IGpQ(j)@~b6<Yuh?$IIV1&|de1rli)Qx$ik
z^??UUq!5mlyn3(3O<vt8uKsv_eo^VuGdA~c!Xvp~LWK|)hgf70g0E{G@{76Z;Y%sD
zSuS+wYRKMwgw#?F0AaD8j-_7zdWLt*dKq^|gPwa;mXtd*nS2o#>F0hT5i@r6^}ZHL
zcX{-^Z;t^^Z+&mykzAA1h76TEUb3E(dX2xvic{2Byo<*%1{37Z=qEvrLlXU@)LA%l
zBz-tUAhMxB^srSn<1`qX3))M*Kg2Z9{BeZPVbKL~$|YH!W~+H*K##D*WH^vTgX%Ob
z+8^VoYv*k@pa>8Lq!Jqob6XCeP3ET|d$%qvBD;WJyR{=;c|_sAgi3;EoTbe6IQiPQ
zY4%6@d=z#bBHBGLJ}I$1D)tn!RVXc2`ny_7*8Tj(PrH<{qH&Kml+;)}bJwou5%174
zQ@p|a3;x!l0<DabxJqnR1-1)(5v0l{8`L)ITF*V_ilx$3Q)DXS_xPEUn86=Ae@%W?
z#Twwp;HUpEq~U&#!$tf<f)Y)|xjy-rLg$2mZ^7P`A@dBImT!41k?2f*q{f_Th)40r
z@-#>JdsF$ERf-*hbw`K%nRHub)<Ns*QzlI+OZG`y+?c3-5dbj>^BvVn#3eVCeN{{Y
z@8gJLeg$}H3F7+QOjsN2w<+NN*sw;4h5^Q~!ftetv>U=sIpTA@!bHYomXehHB$8D%
zqUh|V(OCClyc*V=zsWW=SbHQ${vh@F=Pof~z;<HCo{EhocMD64*RwcNRf|P=M#u$+
z(x`lcIFK6*hrNrZwm=R?%dnWklm25YjD2=xdc;y|b?<0bK|H2#2C+oMbwJ>E>kVK*
zTx9R26G{-vYXu;&FMp8<cBMrsd324%pNXUp7rWvj#wfe##+H0p1l@ifw}_CMs>&n;
zkk1#T%pwl!*BL@`$NWwfCVq3OuOndxziF^OkLu?2ULu=|#C~%R*=pkHzl<o^!0R(q
zX7naP0i@#e>UE7Du!D1^RE!^Vmw+|h{!7iITT=hcrWF6Pvs?7%zxmzJ3l_o065oHL
z6!gqQ@eojYlyJzN%3e>7Qq(tXMnL@3gXdM(gmUa5@19-{V@Or9L3eP`QrSiQG3N{_
zS=K+W1a9H&-g8jQhr`t#K_@W`fGJuNM)E$ShHhbENnOs*;wLcPfZOl~_U|PLH>EjK
z{=5&<ro1-w9rq(kSA|BUK4%(%{pkD+6hICc1T)p=>j~M2oxF(W#kuL1Y*q}H9lM0)
z%_XF}SC1Fl58cV~^=CaoO){h&P4(n&rWo1P9vZP{_%yz741*w6OATF!mz^}eL5^15
zt^v<usq=mpxzKmMTjoeefYDpcZ-Yxn?Q9luHRcpH;|f;!A5@*GlV+bsT5Fxl!u6cP
zD~bw@IR3=WVF{3)J{s>{rAx}-L|MGn<&ReNaNbya9`Ikdi(5ac0XJS8T8hMFRzsjp
zNT6($Z4kM31?ZojlxJS!<_tG>KMZt`?Ka*;EJJO;OL?mz1twK!0w6?%5iaU^ru=5k
zbd6Jb^;BmnYTH-S@VTW(W<`R4A%xL+-Q&V5u2hjah8NAJjf{Dq0wb2;qQ8cVN~;Zw
zvUiL=)IfjurTg(fof$ugzxd-Ze5r@WappwuapvDNdr%IKAQ;VWDa8uTvZXHcZc5-R
zJMlNm=JQ*k0%Ql|1X&ZRdkU7{q9$6S9D*7;prVvK(xi)Ztz8?-r&|zcVLJG3DcE<j
z_}%H+aJ$Uil$y*k<W4R=mASO;Jq!K1)hw8(8OgFmckA_lilCutgerT%B@sY+^8fay
zs?uNS#p)On_8X!g?t4M11pnwT32%tKZmRA6CK?cxEFdOh?Bs}+Kh;5X$Z^LQ3WdF4
zJdsC*p&iBFI)wGizSsyIB`Z7FL;Mitdn-POxMPwn8y<QA19A`d2s9_X*E`jPnV*2S
z;#c`D8k8!4#Lw3$xuxzIc<GqY4;h4c*S?v3R1r9Vq>Gbx16>?+<nE1uiI`2!8{UQ7
z7Blb`2Dm9<r6~$vo2+E1a#K1>yS@j%0DZ@!PbCf~>V5Anq%Nb*nkqG0omWO1boH*d
zk<h$d^qsco*N;c@mG{xgo!NR>dKYwuUoV;>b|fB{q>kloXf#3595xV^B@*?8Cmj*L
zd*&TeXn2Y(HEDo$!FGNjk+yYcJrM+jvT1}6bikZZu=L$04A&QsQD0ThR8Ziy9O0>T
zU%(J+rCVulP&4cBzyM89ele%2#uL+B#(;c8h8oCGQtTibl|26(+m)nM;#U=sumQ^^
z@kJsov<Jtl^2i9WMX_;Sq!*+N74M<8S;R+=Vyt6_CXe&E&sJ<SwOM&<ImOvcB+FUX
z=>XDcHiNp~+ROn%wO5TI413Rc_xX9Skq7!MVZho+m_iJ+dlhY2xI0628&n%6KYg_q
zLz`EG(ft#~kp%0-xvFPtoA7=IIMHu8RYCkdXX<PB!rt#NAO91%I@!1Gh<|>bbjoUd
z)FI#8ra7_Yq7O(pH7TFtimm%fnXXVX0xs9ir`kr$7`}wChbvc2-+a@LBBjj~Jz&2}
z6n;U`6E7t^oN9y|8??jPb!by}PpmHXHGD6he*`nJCa}HYYZ6l}LU{wt%cuD5`de>4
zRIgJ@IXXk?SNG!p^fvL;cn~^)@vI9S!Z<=-wciLux+mUveov~0KOHaq`|CAWM<60^
z72c^)3z`{l@(=Y=ucuse_VmWe6kC!>p+R}@v2DH=Tz{GS=z;Cq1=SXzav%d)+u&0r
z{)3@D9k*)g7^z|%rD7t2)2VQSSZ8eoRKc9@V_N@J$ok;()G;>IhiQi(4NWUIu+pyK
zXzt<2rSocYy)D6dyspaI(j+Y10sM`eEeq;*k`KldXm6w-e5s4|dBW>izR*_jlBS@K
zfV%_%D#F#$&$s<wu5<e0aSxa^+MYt8H`my>j>VR~GPq0};TNGoWW4p#QdT#sK6XEJ
zH0SrfUriWlI4qh|8Nl<{u{zwWeIMRMLd!eLSrEh7plHneH0u1P*FU%f*d$s`?C-|Y
zU~1pk4n=`}M?U(aOUr`cr}U4e?M=qdwBaIkyiX%Pq%L=7yz6WwLfZ9Ho*?ZutTYsU
z?7wfId4_mj*7m9wt@$p?V!PtE%q^bmcsm1()Q)Q*jYq%bK;ca(o$*pL$v@&LbJ<>B
zMZr#!Np+H0y3fQ1B@8Ek3jdUHd?cM>f?)|ovngM(_!yKxxiUuCD$W1Eh<sr(GDO=y
zy#QNc0!NmEM&;W_d{?yU2N3W(^<Obb?+D>Ug%ZApfBM+G5ihEG^)OUQwW&jMB(B8_
zKN?OBCJh&%nPTi_9fJZpdP$_{w|}9eK3T!EqS-}(_SBdC(VGD*s;2~6Q3`LG&Oq@&
zHNv37!rE8aL9P8-6+!bQzIKWIyIjUVUQ$_EB!A}bu<?;Nxp_f&20;Wr^Q31gtdpUm
zG`jdLCT>nEsvbI>DMXZls-AZ8l$K6%JF#58`cG8B>r~9&i4V&gK-rRMpml_WYcRBz
z_5J{#dfIJ}2?c-{jil2P8IV}G7{lj&QSkzurA0dXipqAi4Y~_yz-!1Sbl1SBXB*8n
zKWgT<ylhoveOMwSLG4m0WW+z91cBSjel31cfZ-BJl-Cpy!BU-UwNbRW?|T)l-+@lu
z_i4_X4Mv0%!_QzLcxs&;!Ll6>bbfirkY0To$*488G6*b<m%1sCrQ53!A}2<DlbHxz
z)bp<yq4ur0_#;p4s~J*kIH^>LlZ4a9kID5erc-!on<Z#Z$&QB~Dv?oY4C@YbnZk&J
zyYm&PD@-&GgYkkv$#CbQ<rh&uyXElsFZF&H*<lm;_2Ph4Ju`^Pdc7|<iwC|=S%Vhp
zSkveQTzkMr>?j&Nqy}at_aWH2Z;C3i=Mp^Op``E_)U?h+MjyS9v>)EzNB6shqQ?CS
zdSr<xo?!Y?+cPgwEsb7|KB&TdgDM_4jaU0Na<9PuS>p6t>}RfAPReMAvm)1UA;(}r
zgaSzF#m@^EJ{)U&M9FSen#|(&6Su>$nceU9_0Hu0ry3t+x+}Y?shWfEX#Bz^PgBdo
z)GPJF#rz4!@MtD0FP_6i8%;@Y#Vq>Mp%(Z#j<z>8b&QT?ibXZRfoL@9H(-ajn{wz7
zhbV7>fw0wpSZsu-b{X=Uqe%3!CHidl{BzsrF^Gm<{^X2l$LRXTq45t1A-sSG5jIBA
z^ja#Alcsk36gUIfocW5QeF$-DLcw`;+~4$w+@TpBgP4ePx6|ShX?Y0Y+=vdr>OjpK
zY4gi#iVlG=4L&jY>U8yygWL$xaz}e}71LQDgkd08MTekQ#ir4p-<>$`<r`<}Q*79~
z*f2<#)%vT*J{2+A>D$khL$E=@#Jl`mVJA$$(0zACRrh1EaiA?+mLg$duM!fP9wPS`
zL7kA};pq>B@6Y~2)$O3IeILenTO;jR)<8Ut+0a&Qv1z;B@%HTzlQcNGvZemd-&nWv
z4|O4ah`$iER`b@cdwo!Id%%5hcT<Pg{L`gm-QUCKfda{yI$(}PwjUm1(ZeZOJ<YZP
zXprN#`fZ4Iscb6>?T;zbi1n|xj8EBNd_d16MZfByGw=g7ptLKZPHS<C{|aFa%sqFz
zShdnfi~nS_GzK}AUdZ#hKha&gujXeS!QVxv)tGy>=4<|AjY8@Nww8vUIU+H(R%1|9
z2cK4BE5uc8bsa49LwrqLi2Dh)iDd;9u&Di`ccRfkkUL7+aM+F&@v7tAg01e^9}~OK
z?Jk+EZXu#)+=%PDF1tix#eob5@vICK!Olk9hoNQL)aVLqq4Ue8ABK*dna}rw3r2>+
zkt8)AWgG3#?t;dZVsKjxTe&YQ71+(ueUKHh<Nip~B8hG#jD$wYg?7x$P%^6+0s~fx
zaJ@4s30^lxWFmC<tcuJ}?Rl&VDoB;#M4#m&d#bf|v0{}o+1PAz`xZeFUNl7wH6lAn
z5M}94cqrp!cGOpW-M_U|DO28yAPg-kFph%Sk&C9`gCkS~sjZ;6ByzM<jbq?S)3mWx
zF${xxa>UFZCMaPO2tYUqs$7)s0K_dnUS(+*Y<nY;A7j#Zy~R*S@Q*EsW){~J*FwvD
zveZ2$qbl1%qil6FoJ_MBN!Clq;$u369?uICQ?(0fdH+OR=Wo<=!BHmzM_orF?{Cy~
z{ze^kwpMj|%RJ8%8Sa$oyD8e)0)ynxvcgo2JNP+5CKiALJ`cx4YbU-o*{UZ0dzTVi
z@L{`5)fyT`d*3gP(kyIaBNEUsuW>dqa~1CKPNrKG1?g|?wn_~4r9a>EO1{_~>C(4~
zJi_iaPHNG{W)(xx*J#L78otsI9sLU<8*iQdP-#cq)oGUh^Crp1%I3nz3hXyBlvIBo
zR4V}Hccrhja!IaBSuVxohbD#PVDOim@r+SR{okDlqzcHN{;h|m_vF;pcfy#KFMf(E
zrboxoVuZk9q(J{A^0O=c12z;HC^}Y#tjAr=l%c{8M)yN{e=--bGX4gN{?`a~E9>Av
z&tR+FuOx4)#CLib##%_dBY59qQQ0{P{fz;!eNJ&7P=*bpsVF4j&n;S;T#C~bW=4=S
zfx<^PSaJ7T<bcpmOC5jS^BS%9oPWWfEoE={Do3W;c0<3qjvqSbLl3f6IpBef!>R8e
z1X(wDC0jK>#nFT4^1egGHCET~z{hE{8+9>CTK61wm`NVxt$hs&RRx#z=So3^Oe=uy
zblv9epMF$JM;x`$Dlm7XW8;XgcHEAqNVkyju~X{>0?NE?0C(%>73CuTiJzR&0wuW|
z^KEgqW*enP4^zzv*<-|pkvTSn3>U3>&X0jc#=P?62Yo#Txa7qlY}ZV7=ywb~62?IV
zxfFsuMJF|h_W0$rjcUCtl#8Dtu?hh=d3FuT1=tvK?5!)9>v`@e?ad#jsElwL)_73d
z>L&TS0UxFVCDnMgnX_H{YZuc4zw><FeheGRZ>r-;OHHLa-6_LY)NZ?M7>zAqr~K-N
z_p$iqdU**SZte>`iWN9A1HOMFgJRX-6=&7Z>r0P9oA<rf7aW-;OWFEOK>WG(G6$C8
zKK?4_@1C$NvPSiw+|&y+;{2e`jI36+i-p>#6jSl(0izE5USpfe_XEBncG$mzo;)z%
zYQ%<ij6}T0%3)uf%B7G91`aXvrqE)OJMkrX(^YRAH?3ugu{^PBT7KxG?6VegI8eG~
zMu++{L&wnOLrT2{23`UE)DrmKG&MH8EZ}c0k6L<DI&VIXWK!V7kHoa&M?^_dU|_WQ
znfTB+U-ckK@=|UJ51u(SOXzI!mf>$s1)GzP1L7FQzhv$yh~fk={8<Q=a$=oMRq?Py
zQ-)F2`cBz~5n|alETXMfZ9@OV$~j?0G`b#0!@$NK#c)IX377)_&rtmwX~E&ysuU{`
zYLBA91GX{h(yuTas-f6{cbJwhKkS0&Gp+E|XP7#6-93Ua-Exp<bmksEe9nipzks9B
zIYXk-sc_0iqLDu=amr`10~;gq_dE_#U@@8Snp03Ph3a*yK-9-feqmp+73-N&tsqi*
zO>+!lFL@yX4=Ml|uE{DP@Tzlm#AiG1!0QiXvb%k-gK#G*`?=5<DjO=z90fuC73=0u
zF5!VV2h{-%*HF32A$k%H4P}#(KGTaEPb?4G3|!*tCTMU$>n+ZS`|}*Z;mo2bbR#&S
zm<yts{yFCXO<E=~Pynl8?hUWO=UaS9e<)h{uG63n5fR8Fpy8DvyR<@EMC11rdF%c0
zGSNxaB|ve1B~S`EaZJXET~sg_AdU#l*mA}%;iY#BkM2d&1Xkg1NgDA3iz%5x{ez;g
z8oO8f3b^ARN4T#XXU4JX$zN3;>6LZc)-#?)I7Su~Z*s)qRKu_X`hH)jOESn?@YiBq
zngsM4VgL-6)>ukRIH2s|a>_jx?IQn7R=m1i!OV7C6v9In(0l(1bOQLs6HzP%BLv2o
zb|@X))0JoF1Ck+}$zh>dXj`OW!o7XV*(pCS*jCb(1%%J^v@%pnQ0mPI<j)A=oW0zf
zhfsmT#gJJBAH{xTA<|sHkgs|&_OsX`2!P&@D1cxkju?f*z2O&zMhASlk6}_@QHQ!o
z($0u2d{R4U1>Hm5!!e2!d@=LJ$zP|wQ=_qmxx)W*m*+_OnRJE*l6U3oU4h-HI_m*4
zxFA(1uH$IQYI#v=G$EC>fwiwUb?0C-F@OG&KaaFuZZrX|DDAKI4z3gJ>nU$~X~!P;
zivivvu?G@uw@BoZuNcF1hGN+({(>yx?C!-o9L@mF;x1I1<DxKg*QunGbwh`FechY*
zloDm~jaM+?)Rd~o5|%&a5=eR_2*$12h>V|~3}(ECsUf1wQQ+%0S;mK6$eA<V8j7NR
zmv7z6tydfd;r1e~-F{`R+!L}e(4$7`o&ctVhW5=NCi2VxA%@tRxhT5qLjs|++Nplf
z;%B|MFKmzy@Z^+fiewEXViL&L5;L@a7K=cj*Y_y-z8y|4C4;%YXk~>n2#|c-C5#<B
zd<P#Pe!Icye|s~B+qZ)MSd0T}&@GH{HPp?(5}^=i9X4s;#8QsD)BOZdi7Flu#{z`@
zjCz$ewU0j}c~TD`SKj|^$rj}{XEmH~HCJc+4~RmKhi<(F$%?q(jzHN69m9)$N5R8m
z;Fse_8DLpd_u?PPfQi%7B4MP8vF>+PF!@ooTP1edKlhP$8?>|ZIImYDcL+y*To!x4
zPExlmndGucgM{aS5#8p#*##W|Ow!%8<A+y!Aj9Grjh@o<cwalJ?ZXNU{Z5UjCyjH$
zXidybpVZ`VZr>#7*3{YHTYX5n{~xuzRZti~8>NlAy9IZ5cXxMpclQB;ySoMp?gWS6
z1PJc#?iPIczOCBb|LWhHy_@Qp>Z+-!?&&(udEfJxb6kBpD6)iL&_2u2-H&U8@^_gj
zE%t?P0QXfXjE(X1t&Dpwq}A&?Tdn6FR*fdNSr{9oyE^wC7U$#Fok#JSj4)wFoXw0_
zVL<Rd+e7et3k6C^tp?71I?HI4v1?fO+OP8>zF+6!3O-+79YHk%d2o_*t5*2yW`C%6
zefM|r7=-c44VQCh34*s3+EZ-=O9n7R55i@Dg}+6^S{CZ#P*@1}E@$AiF>q8%Bvb&G
zC^qMv#}Ql*GAt+~=_iPFS6iI*w|9B~h!W7n)lLl$4>(z4ItJO@d-YTxb^6~xteQ=Q
zS;Qeu2b{9BfXUr6>U~Z1cp|q5=7m_(2g9_0mmGnFp8#iL%vl!-zv&u64@ED2WwQN4
z8MU?#NzN8lI+B<4pW|>M{iryIWDrXs=fjwnNv;>R_Z-WPaQ2WWFi#Q1T7)W2#_#^V
zbBeS2_ogxBD$y;4P4|HMn!g{RtN@C^4pevX(w(mP{Gia{97)ALZmA`2#{!b-As(b@
z=zR-=Rd4ylQMgHiDe8;da#k5PeXTRjwLgcOgwCz4-q($ZjbUUj$qkJWUgsP?EM8cf
z<?E&!8Hz2awl-h@`NzOwZ|O}&<FbtPuoB3pGElbnAyCWudW|yC?EYCv^hjx<mwO#y
z^DYo1G5*e*NTFCsjzX;<bC3HdsbAxyHmXqv%y<}qJ<7VEq?FQ>#%9A<i1S2ydahzJ
zgOU*<7Lt0)#aV0+{_x2x2%_+T{icbpbc9^SQA;`%h$OAR{1zv}M4rQE)V5`?yMkX&
z;#!ar>Omx4HR<TN&q%j|OvuniJ5JISqgL-MR1Risbe`&HDQM4L?NIEW%qtoz`JYfO
z;44h52(YDa+Kn3~@VBmtCSnUZj!Lj*WMfcqV<v_@nE?GH!p@6VJ#{!~4wUy0)OqK!
z82S@q<TM0;#k%dFR$yANqdzTJyoW31?#9>@jj$@9!V8OdzN+gRHs4KLqR5m%a=$_1
z@sdK~0sq>|qWbIS!#5HSx=lriPE1uT5|6L*uIjI}$!>uXN67a5FcY_!;cE#qH{{D@
zyTQX)i{)Gu6F0r#!~ejqzSte=FO<{?lc(YeoeZRJ<VYUJVn<9<jO+cS0^#nTA0UCq
zbq2>*24!AY=@6>HhWJGZvGpGUCBWwy08$3xJ=?N8m4fOcBI@kig%=hY4>lzU{j;2-
zaN-5U`0c=8?GFQth?a4b<acH?N!#tvvEHG;>&2BR`=`vhLm^a(q8NdvEAbznvHl5#
z%mA;j;4|T5`&GZ+rqrWvpD#4B5Aw=@*&>%W&QpSbB_Lf$Yj;R&lLRReD*2CW5q>K^
zB2s7~XX_g}Q$IM^{@{v<ll_v*7m0$XYua*QEkti;Nj#Rudk$UI2~F+RaYX(}u3%oZ
z)C0->LXh065Jgn#Kx2LR9Hi~xo=C2f1dLN&h3S}eU4qstjHhMML=WX@z72LYt~l8c
z07*}ZA<bAR34vhusll~2op7_IsFR#eCxzxtmWiwOc}L%HZ!*OpLP%M|M;wsF+9HU*
z@+|j}r1%Bk%@TsT!@UwQGe#I8j6KCsJR$_+%Sc3mzsDo6i1*=qb^gOc^*d!b2RI<{
zW{kj7IH#A0+YV0jT^BR`ul-hmHw1^qtI7#f??@^PolT6!A>s+jj5!eQE<`rH;JPyl
zD-*?`cg{Dvdpej$NRfKU_Mg`0NFf~g2q6Z`pK&D15;a#aAqFaMUx*aN9`g6s?uT-&
z$@%n1yc_|S&xDX+z+TUUml5C$j2MzJuIY!5bJFR1j<=ml2#XBzK9DT>qx{`uq+X+M
z$CR<VRQTR_i{R7>=>_?R@J77ex_^l~<!P@A+_7t$Xe69<MRN>$NgjuOVc+MwSsUA3
z$c}cb65a8r+e&*;A>FRoKaZ52*c31#5#8{e=WnoAVi`UQvLI^uZxZ5_0Dcnp43l{x
zD0jqBjT*dV&aFGf0F7Jc0~==uJpp_i%EL`)d>>dssOyIBA{`fw5<m7UmPp}Q8LE+j
zZSEBqF(pBf)5zANQalrC-b`ey#E+f6r}h@&pw?;}r9RL&c^X$6@NbZ2C@v}NeZtnJ
z=9v&0vBXkD+jgT!22{Soz^FQB!|+_m%rOq;%YDdnx#e?MTRY!<#k2YGT>pnttRRDJ
zfYk9^^b`G;lq#rkto9|r2s&7}IUxt=K83&ce?_x^zx+@shxR%jDptH^VS{lzDlA2i
zR5y{!p+JnUciNj)<Q1DK7;5V!grPB%xp}8ZaOQ_qPSs%(HUMP>nyvK+DEtdi>Q^wX
zqps}SL&Z$%h_8<;7wI5s(28uj$9tMd_ZZpQ1q~Zu9K{>Bg>s{dV=Yc&_naiyAZD-f
z@Fy|cz3(|P#AHQ|BIc}{0dJS+AKU5wM%})dPSPht;ux4ZxxQj0{DnObTFh{0gnn3`
z5a#mu(#Wkfw>fcvwf2<}fBB~mmv473U-gVjepVvlg=qoZMIxKa0@%)RUt_@Y2!~$y
zlHb+qACE4J+NaGUynnY`SEOa9?4)}oMX8!I*>+8E?~IqH@0wB<Ck{VaSAC6!x($tn
zIxK&!I)r@d9Kh2)p_}&71nX;+%Vc`gR^ALjQVIUicT@~G%NE)Mp?VwHH(>REW_2sd
zeg6!Mq=X8UF!-+Z*|u2>0ham|KZ8D>@S0{*w1SGbZ**LvIhLb2N9~i6%(kSvbez_8
zYF*Q)CD}P8RQmq!eI#Kk?Mwh~l3y?oed&%GpD*0k@CI}~^(@pWN@~e(FO&}Qr0DQ3
z(U*=Tw2uoUV?z`x$S3C;8TK{k#3i))Mc_n1FD)(IIC@`s@4rHyw~HBBR6PhRPbOUt
zK&-W%A#XiVZY71^Bfa$^Q;Labutokbelslamtw!x$A9lsj18O%^%M#y@e*^tTAhgu
zC@=lpYb{<VcAJu#%7PS8TNkdp+r63X{|O>q;f?`xd|dcleBblkd<C4c1qM#)E4N1S
zm2@<?S2nM%wzjsoE_33D2`&e6&*wTx=wP_=j6$xee}=QqFCzXUDt8MhMr~Z_bjtHA
z{_bA9cC0(;SscYaZ^QXgIb-MkkLjNk$YXSXH*_gS372nVS`d+P(C~rZiBN2OkQ9yi
zmTf&Sb%pKUTk(YV5^|;X$n~1_!Dg&}9H6MsxxkD@`vQyk-l){-VYY$XFI2r{@DYPL
zGmpo>+2K-E<*{b%g+Dy-GWlULFa=NmlmbVeu^c5&IdLCmEk>(VrB!3c_;H-GC``38
zVMhCV6M=CLhD5aVww()eD`*Zaym45w^l3l_!wUq%zd_rk5qw~Nh3@?n9Q(3zi~f@T
zI!&ohYDEYQ+6_!dwc^$5c9S_M;CI1O>|Xbk^(u5i&`1GXEP-}qCC6&YRV-|&SM9#z
zkn*pDSNPr^TvS^^+QHbNSD)Qm{R&M_BFr<?nO$7sdxcc6V=(5Gd?A<mr`fg8UbMgx
zv|peMGFp`n7?D9@;_W}A0x{9kbJq0srx_?-bDkBQU5`qbIMrx#Y7{Q8#w9%x6EBf-
zl`sl+D??-#2yGX9VRRS`+j7_~wMrx=MSN>xNOZ6*I4kRrfL+)Xm{hfGBa}wFQkkyp
z9ui4~7cMW`c$ik1Og@&Qc=_kr`vu^^iOs9zJ~5$wY|0zt<Myesb&=9wM4j*3fU;ip
zrmA0_q11w&V%-8ey_6kpb*%({f<cfrM<5O9BPM4`dYv;jxys|Tl40Nw<;^nRv}V7{
zNK|gNY76llZ4uFFOc9FuS)17dL5N1RjYG?UHUp+zKy|BhuTyr7XYZP=Lk4ha*6L{u
zI@9`Q2|5|jv~Z=TsJGC}sJwbn(Y7(W5E!#uwsGl|?X0yyIobRBRPr-QF|1Hcn12mK
zPKN7cxzQfIszai~cHG`ey}CuO@;hIEDQf51nMbSKi%JI>{Ll2qv)j@iJDe`Q-_mdb
z3>;9a>K>cZD^5Lo<8mCDthRx}^o&0%An#OrNP?;PM$8|sm6MKZC+KlM4Z2sLDm!hb
zE^#Y2?d=?zPL37Twip)x%0n2CaIlaowmK~3jf+-aht36czW5mxz2(cF%MFpT9p7e8
zPj#oJb1zgUao>tiw&AU<8b5BkSFRp?b(Pd64eM%J5yaG9eT~!@*6o2`ybi@yJm#ID
zBZ-7~&dY^C?x55d=%0RvZQBHbZrV68NHN+UpJq7nRAW&rp}lB63CoNrzT?-yX^`9`
zF(N%fPc`ajd#0+A{&PEu{a4Ue?Zgq8>QA7#Xu-T&fka3O`gTv4-4!&FRmIkbH3px=
z8{E3%R~)+FwG^n&gcSgPh#yM)mJ$^@nr>$Dc|e$fGScr!o8#aj=^Yn`PA}Sc_3B$z
zTF&f}wZDI*-C*;RdAhRL|MD~=Cu%UXNT5;8OwKGN&*yzg3nvj-TYyt+o>t^l+?0Q(
zhJk&w?Z>Q-$NI?dUJ4*nIo7qm-E+Hp@l{G1&mYL<o<577XY&LMMS7<>{h+?;Pufdr
z^p0_hJ!_3zrefu%dJ?mampT2ugk<dztosQM+y7H^d#=Uuh`Uh>aU7#x6WMIBEVGLR
zuj92j`}}nvlL86WZr5d16Y)gPnB>jxCb@~CeN~M_*c}^ET&M2{pOGQ(zunS60pen%
zhv&Zwb7$A*@|5v~vjD!gy%SXRo;Lnxe^(z@PxpR0ru^^y1^}n<D_S<=aCU-gXJB4~
znz_<%Y1C57q%H=?hNj1Dr8fkK5eFniN7QNv{pB$A=F2S|mcaaud~fL9MsMeRNkY_U
z%#Xp4RDusK0v$5V9Q3Kmfw6wz$8ldUtQ1sk2s~ZPnnX`+5<j<<FN(+nL{qVXzQ>Pk
z-z#YUu=tQyqh%1It8TA)sj-9!p9ij%t(KRL6(<3d)Br@QjyCq_L5553-!qKSmCEX2
zKPtl<2H0C&`={IpT7}Y`2{b7;GN}4y;rO2>{Uu!?Pl`MGYbS(P%r5DGR<#m4UaL-F
zOvPTq=I7x-ydCC0lY?98O>>UFz9o`up8g0kep!wVNla&4q|WRMK@_cg?AVC65qu!U
z92p>)zURQ{=pn!f6>#vr#<|b)sL=T0quN;FO}e_jdUiXM?DR)ye!8cJ(AM-Bh7MYd
zpk%r=QvAw61ikxdXG%K`Jc4HQ+{Wrr)x_Jt{<M}YHh#03HfdOLxTv7=d!D#HgGMOq
zLK-ZEIIgW@H$&&LMB_6xxp4ud>BDJ2am=jd@Cu(f@yssK5%iL;ju2*KEI(6%#Ud<t
z0#gl|RE-n~k^>)9#R_e^-*-a!MYSDDIV}O#VrgxT5=7fuO&m4??Cg*5Scva7sQy_F
z6O&gJi?jO~ATMvl=L`-{A4YRNi8gAYAiOj1(89!wuy|Sa=|GIah=!nJPE<rfn}`7V
z(|CVGA0;*fjJO}_1{Og+KlLp&mw+_s2P*EZ(#e=t<V94sl}Mndd|XcQ!k%GCq*(YH
zley<@z;1YxSq7LGpyPo?81*#-6=>kdE!IjbjpeQ9a|`4InSJhj^Aw=&y2ao}d(I^Y
zHS<lTz!*Q{xn&z8`I6@AEs6(w5XuroL0QGmQ{R5iLkKWH+)a_X=DsQBztv?*f{Xg!
zCqZ`G**@A50ra<IhyAnjfs&m0Gv+7ox1E@}xA)djCJ%u8ILpH?I&Z>GXBDn21D|I^
z3EC1}-MXc<R{rEoao5>lS+6AhJg}YpTuU!}rv8w-3+cZo0_KAVvYh&~ultKObqn@u
zic8cO%-NIJoVe?dhT4fj#Xb!<1`SPOV+5s<qJ}|Edx3IJI!u=Fv%>XS-lO{=B#`AE
z#4OIX`a!_d9_x+sH{zTr>-Ca8kV2A3y;IfrYyBM)0~6cG)%k>L=S+RD9R<(Zz19Nj
z7czc*FC$NxrDHn<t5P0dPL+88S`#~1$7NyBrOrvHHxC{9Vu+2`IUuH9??`{&5Pxcu
zW)%67WKP?kr{)O14X$mF>`|ctq9ka>98tZ;qZIfjS4~*7o8s|N`j2+(1lnCjq!)@k
zWJfC#$w1@?#YOyZOx7@2=0vNpTaz_F`4E!3b*dudc30f<h)V0p!0}y-2^1=NAm%#b
zVMv)6d_bSik57@Yh6N?PcgqsW<uZRwFK`ku>K*=0%Q$VMmI=x#wwJ9giO7BmBY-o%
z`T_u2bZ!^cO|yF!&%zcC7gbe;w(hiizkXr(SV3h@X-}31mX>$9mP>RNzf%`fB^WSY
zTeC~Xi)k;pDOvJ~s0?x2VEXkh<q8;RDx_&T<+IFtY#=SNqkIe|CZip>=*`GC-`}C&
zXGy%_a?GM_**ldVOD!5hPYxdS_1O3vz<`&84H{mwyK^vsi2GVqH-4m)D2FMPYBgF5
z`UXD79|5Ybla_0j0{OaR4P5$j>COsi!;)<~c<B)o*>Hq(NZ;OKWV9wy!$`UkL~ywX
z=vf}wvD75XF@7*OAN!NdMvItMJfyavy@$Yr?oP%hQ#-Lpek%7zN6HGONT%rh<N~(k
zb%`mUVJCVXY~F;(5#ZcSC{BaM`@mt577DGMuTl~hOsXcsJB{8lrsk%9j?KMPmSCU8
z^1DL&H7V~bR4Ct-OHF=jDm7cLRleg;zDu{kdB4c@xr5%|U9t+CKd^O9Xhe{P?-c4>
z@-8xvJ${R!B)`Y{Rm)M|uDHeGu?8$Bi7c2YLJBDrOqyQ{|2$KSsKNafv;84Eca!c7
z8+-OgnC73y-`^!0flA*!K60_{hf!?&v)S~N7$b?wZ`?433uc4Ht}V2;qx~~f;V%8)
z6DNujul+`vgekM2omd!Q>lV?c6*?_W9nQ~Hg|Qh&A$NUl%h3K3MU<8pF46#IG!`@!
zb1j3~*{wD@FMCnP4SVa^f-cFh?dPwp4Gg>4$%|lHyenY>cGqlFeE><U7dhG+J09%w
zdxLbYWU<dtuSBxH{ExHGn3!PiT|(V2pBLO$a>woVVE6CyXN6S2Mb5HnG&Bri<oC)g
zMn(>@<rt!|a=R@ZNt8h6P6rUExSVZfAWj2MNreC-OMt?b8VyOW?g=0I%pm`&LmZ1U
zUKXHuYek5s111tf{2@&A9QE$zWl*<kiarws9}Y!d8GTmF*p!~KlPr4(K(PW#GkP6m
zy(TG8H14oXSXl~x>P}{93bWZT|5S!s{+e{i0gZBV&y(ZjlWDrtz6EqT*8Sz2R}2io
z;fDhpR_0i8;%!<y!6EGdMVzNRt3UAaGMX$XNmZY$Esn4`R`N0obIVdCG{<?vQz&3r
zKi%p&QNnpmwjd$1r-M*4tZgABUX)94u}_*vuXNYLus{AV$>HpsSMCdp=41TO;#2>1
zh*jlG*ya_$*JiX-s0^Gv<p}(!gEH<`Q0!uLRHfc`z87zzZ+fr(=i2U}eYx6Jq=55E
z+O!f~ltND677{M4V9wAD;iNi^nr{q6+~!loI5YUS2>s-q0ZLghfoSsQ*-drT%W8s;
z9aYWTjPsWFK>i&+L@+kOmfT%F)E#5OJII6jPb#*EwtU-WhECvuzh%k8<sA1=KF`_`
z8R&d@I2<1X+>&G>Cs&}4swZZa=2DvIC~pO)0U=8Qo{zLvl#v2u&1<NH@!VBN3jNOf
z9Vyo&HrK60(vhQ*f%Blt<OgTZh{u`K*NqFZ9B*<`7ysD4sY0={?O%C{OP9xan~XPW
z2sMz@j+X&p2Y}$Lh1C9K@U&c^kDl|$4u!^AIW1j9wr=Oa{V#`>lRCeqofZ0(^FR9J
z0oBCX)v2MvF(ExWMRs2-3S)4t!C>2(e1f)}hQ&E{BI8z3++~2TrI{ap|5k<EEB+rE
zm>05PXjFsUsdGp89(#@xcjKIfpzGc2G#u$-6W)@v7(lnJ*=gs%7pmxQ6#E1n<H71h
z&A=-g)_%DIp-OLZwXQ^@P#jbjNGtFzYB^%s{`(?@PLyq71zb6u(AUse>AY&Y7i=lv
z+ucy2DrBAuS?w2K_~gJrG5}y&n8p$r0A^>bgx%cs{^~oJA689bpZ-=R<)-<W$OrG#
z882_KK=o;lGP_gN;^gFR<wEqK^FoIkTet03GPg<A02IX3;%d#~+JT*o`cMEy-CzBV
zAFgC<1(mO~t^6KB2d-VUysjE*S01Z*M<m0}GsN+-&tFA)I}5OC-i<%s!dT;}{XD#1
z9?nCf7#sIpNk|Q_Mv-Mu<SpL+naeaqg${}N0kjq>+-bXo`LlZ|1LMU;Oh|QsX@;p`
z2m4OYR9af)RzPZgq)1!RRyBS4P=M-myA^m-FZ4w=euRo2)U29+n^m2%OXiFRqijuW
z(UU#+)ja+X(~bDf6y46T3wJq;V{b@WOr!@>Q7_hIbF)L!F!$<5Hri~IlM)y<+KUAz
z;Qpd56ZnbcYtPpNk*n`*+V_3=be)?K)Jeqh1#7u>uixl<MOGiBdq$*vu1z6MJjD;Y
zvoW#OnadWw$y|j8J^lBUDzM51c~0(Oi8Hw;aaRN52MtZ5p~}Ts`#AoD&Vl~3-vvs6
z&kt{J<8Yu2pJ`0Jbj0`1`JH2=y0M0}Knq8XZi@CrPtQ0yw}PdrGr~AiRntEfOcpQV
zZ;W#t*P@jsW>se0^V(}lXlD5F<0{OEOGphHCmbFIc1M!03N=c`f8`hVRsN8a?731g
zVvS`<h;6qt8XA;{<#rLRvmp<5N837HXs=87_MU@MwKS-?fpDI@vOLx^9gC5L0L3i%
z)gG0&t(Lz!1#UfmO;ZG~cgYxD%qpNay4v_cuDiXw|E*f1{38o9KfrOsYTqQU)w5fg
zY(sI)AktBGVT&BCQEZouB1`C8Jf9uEGVkJ*!6lnyTD#4g)m3qsoKSvZ)~SyOOAN)?
zPY7EKImU8}sctATlwGXnO;=5&2wZr<Fx15ah<(F)jgaJyrIsTZSKi3H7RNKN_RDK7
zzAgYCm4lc2j4HNfHEpYUY@XNX^tR)RkMgh=taN#7%IcW#7f>0F$qb)>^cGNqDBrTj
zr6fA|!|HPxl4_Y~*xx!RL33ajV%M^oSo%!C@ZJco2;2Jy7r!9r)cbGXKj1{TA=yVC
zxxjNmv#J=kv#XK3!UCR=VYX9)v%Io$Y00_h?WDYs;6~^@^dpK<wy7L>J+jbgc|;6N
zl-46jtUGSFb_#sD!B73$1)KChP7xlPUKQ8$5wSQn32x^c%WA}eNWaXn>S!Ah&qnAB
zT(l&&s2~X^8cAg09^?~<FK|~Mf$o?cM7o>A64htF@n91wfIQY6-HYJ`_mx=9<vMT-
z0or8x?}ksCBlP#b=vXS}74Czva2g!pe}if%>3ci82}^`VBA+q3WURy0v((X)_wOGc
z({Yk&O(u|g?@l+_8$!AA{7a@B3u+D43qsI44C@ppJtvTdA2@T7p}=dGOzV#wi|<o=
z33h<ev)Cpg+aZD9)lB~8bhPZXgS)L*Qt$fCbQp!A-Bt28HyY2?iuc+NKNWba_)%sU
zt7%bwR=;*rAy(jXwDmSY-=x*NsKwkLZ>-Jq$~{o&N+~ow_A)^x)PZ1!NA$Od4n%iY
z8R8_fx<bTfPAEjk0x-E0^w1YR1m_Pg)nb14XW*{3wo8tx5tVHx^p98c&v(Xr#fQ8Q
ze)(d&Ja0$!@i?AT?iP>5^G@GxL*_$2(Oq}g4L>0+UziIS&N<=F&kw2fYiw3N?RrZy
zIHA5_IKfUrc+;#!>*>xNX!4f)9#I=Q>JL2E5M~Q<d$B5>8bD|d9xj>;nlk7+X(?gc
zf&rXq&(dpDowx049W$lyUhH}ZD5qdh6+$>!2q8Ka|KDHwqR3Eecu6jM>!IJznR@R`
zNu8xp7-{Iz$4_vOVdF-A7UnMdLi>u@Sreh~xkisvVI`=%gGWP@w?pg<cas^Tc3S^g
ze*6qNp5G?|c>(?za$kS%dmLSkzFbKlYNQF65zIGcZlODb7^|c|1bNfXs`Eu(!i@h4
z>0R#-top|En_{9mQm~<Oyr-{SdnY`pM+k=BQ;yMEWEbXyy)mVv%^BCKyJ#0bxA?Ed
zq>I!dmN+X+KkKepqbpmF?wmVs7KBN2^+mBUfBuUjI~{OIe}0J>?NbZD55XY~4D>3A
z^?zzW@8Ya@(d40Z=t|k!tffDMZy~NoUw+H~hK+6$<|r<Tebp@m(0B_0#+Xi_7=8T7
zKAT@MNdJ^&`cA{P-kku`$vgNcFYiki9to@!eNox=$<-ZO>p#ish#wuQLQj;-9YbQb
zrTzuO5<rPskMmm8lMW}U7L=u-F1jI>mR`qrDXl3d)Hxv)>RRacABEfC%eMLtay(ia
zO>;PU)$eZ?P=C&7?LT*0nfm+kbz^>xV^5%;2zH&~N&P0;$E4I$?^5Gzw}C@5n+c-a
zpWI^4sa&M(uqor32oW4aM5Y`Jkzw5@S-t~fWB@P}zZGl5#h9PEP|8fbBe<=-!mDM0
zjGcJ&VvR4CdtPi*g5N8OP%Q0tglsajQH`+ueL`<mYt5SFc^5d*9E;-y&=tK4P#{X>
zw7Vp<%|rI_u(ozl?EjW^fsHIb?9u$m<7`-_B65F|F`Ee8XSpec3Qvj8^MCuc!NuM^
zr3L)yQJ^$r{_c9iwJdS9#fHGQ83pLtu$eC=Y#ZE&i$JqR{4t#U`&Q+xGu?jY0x81S
zWS;5VDSSzLEZ=`~*wHlBn#uR*jW&)MDs8afTUj=hArCR5LEd~|s?H;+O08NH#Z{_P
zO&%<%jM$Y%dcMI*)J6UTo~_DH4)=!~UKp66{+}g13;1rT?=Q(Ga1rq;&d214%59lG
ziIkX*l+%(?V2q&B@EG>*6d-33@)}S!3O1NE?F5Ln-$C`uttzrNSr@P_ITi>nd2D~#
z=zOc$x=Kchc+`B61rw#<W{{%iIbb+O=_UtqL_^cRa0b1JG91Fkp6?VE{0=^lxN_Fa
z{_iTnn)D29s6lGkguYdMy-pr}GTxf_Q`D(NcC$HKax5n`w|%igvTk2P$}X*&bv59F
z2C*v+q{d7Zit`IIp!Y244aT!E7j+R6mO!I+?sV@ZT@lqEAqAw>EItLvq%ar5&Y&y-
z{wROY|0gd{TA<=(c~M9KY^Vfh`CytXrN|!h(ue6SrR3j9gk)rPc(KwTOHuI96a2MK
zsNLV!o>rkp9=e`B<NYpL=PWdO69ftxE1d_sx3+qFd!5#~@I|=SBY0NIy~H$89Qk`8
zwscewZGP6^UkfQ7K}eCAH+gOGUPwZpNdB5>$-a<8xA{3|f3HytEFE7PT~7%wHA@n0
zir65Y#1WcOY(rxdx;z`cApgRK(okYI`{D%uuP_1df5{2{|1p6aW>0v7{!W!`+~dCA
zA_PSh;cn&nY{GFN^WWpJuzcOPkTE~8<^YUXDiYjaYY(YugCB?!>%fWj;3V3l7I?6h
z0^AR(ukdSlLqpuMjzID7UCm5yF^=gzILe7-BHiDDH=(0!Axa6baJa{gXiRNRks^s7
zlX<~pAv*M96VF^;Ab+?D>S}?U_L~wZ&rpRxQ*imrP79rm1zVo<+EdHAy4KaUnn%QO
zb-zJtPd!hfc*<H~3Lu|K)B@|LR*{9HLWV$pN`_H`4FBV$zB$XTxS~RZZtga<l+Zl3
z7|G98kM4z**KZ4ptKqAsyao&Nx&jN#dIlRO+`3;GpK>kEl1#+BV`(j+hpi?peDC>X
ztqc)AYdl9(U8=UUUenE<vVF1F@;*Fm4q>4`(1-F5AO~ZlcL6!+D|EGAIo)NI4>DQ~
zCiO^e+3A%llqWhHlx-yT8SXR)#-Iz&)WR{=SGt~a$BzxGtgjubwzk?sdHFTGWtYYS
z;T(>RJ{7r$(*P?+4|3@dc5H91?N?IpyW^Cyg4|Ul!+?Edz}GrW7hxZ9x8Ja_T`T4F
z?4l>;_V~~d1w2L?BQ5X!Di<izS7%?sZFx17IQ$saPds&zPH@&rbs_A9Q5uRO-G7f|
zsBSj-m7SpIakLPs=w&;8O=|X2AjG9}i-WggW1aDU^i&LVayM5;vB~i)z<^DoypCf*
zQ)x+~X^ll4K4<XUQ!jhr%pt?_Qf2_G1-l8|WT`V0a4w&-+at88>}Eu0weV7JGUHnC
zY=T4r8??vM+e~JmkA`YMoFX`h@=!v(>9s<#3e49W9#1&5#vq9eCw#1d40KM4)-aU3
zXpIZB;tOmgg%wqa)@Yu;My|;V@kl}NkZ9Q6)01_{7m+ShPTWWRVjle8CoS8b7Nsw!
z4-7JasknxX{2K^7c)vqRP|Ll(x#wC&X@8asEz-#u=BuVA)uqKxr|}d@KSQh|cW>jV
zKV7R7N*<RhjHFZaH?~65@j^|mHTv8+X{Tutbw0wEvFvXu1Q!yrAJetTLi_=@&`ni*
z0p)3K#Xf5P(W!4E??EEzZ*dL{6aFhy12#GaRqv|bHq4d=sa(9d+8?aizspvP_)RtV
z3eXYl-7qk$RvCkR#}0*mI}CyKaw)I0!SAkp{*mk6gv$oTJQZo#(tP<6e{Qp^$Z*!e
z$Y)=Qi|>hn7dJO>WWzv|8aOw9?l``zu$v;aEloE}tIcWF>DeF`4==4fK!!v=3h1fv
zdv)w&4o1EM(T9#!juJHW2HRTX{}G3!qEY@pn9;0_&5n)`EN1j?P$VU+eQUBy8j-um
z3?^8Fz~EHeZxaZ1PBQk!6kir=I5bye%^kmoL81jkG5P)vVwgusHc(a(DT#Uv%tv<5
zd1fl)Ei@DF*GSb!H}w?Um|G(O(20Tbr!wVQdLJN>F{IW*A&2jBt048cJ|5sZ_f_^j
zpz$WZ<>7%DxhI$VNuELezdT4SVy{T&AT$jm6YTqGZ=ub3$wG;fI0xPMN7)le1^d89
z<Tdk84i3MT1R<<vR5zwC6L}MR*4Qlez878dK5ij}K-0o}4HrNFwd0*OYMUi&+qy~i
zei3Rz(-BpT9>diWL!WT$qFBIt9(_zgW?Ap3DR0j+=~=fzkHNfs6O)aQf1s1O^QH9e
z@DzPzBzw3C;{}-hl9nk+JK~nw<4f}|2<l$JBxG$jmR7-FzTx_h*!%z0dc$R2#NvVf
zNWFQ`Lv;%8Fvt;O6eyeKR6>rgQC|)E20WfDw5U8sE}ONo@3<Hsnf^ZWP=Vd~7f@b0
z$$e~`{!MBOMAF|PJzvyG9?P(}+n?DeTK*y5r(C5Dw#pn#U0x9J^vqF+iXb$_UGn8`
zH}`2w&M;SfNwcrJtB^bzwR+8^r3RQ3&AkF$J+?ePR6r3hpgWJ4h!{StStHk!gjZ(*
zF{pTb=bOtXlj{z#<|<dB4;N=;d7|wnZJzul|E?W$>$GR#rhbnh2E+dC`hezzr!K*O
zCCTGLUsAa;_u~8X?6R8{3?E6wkimPilAIi!+BlvnbC?ruZLP}2QWw*%GXq?Nhgq*#
zREquHt|#7ji14>iRv-TtrP|EIkn(Wr$KJ_Mezv@*IQMVx%TQI}KkJp2z2}lCZ-0_t
znx{%*79}P|u}ZaY{LqSd+@f5Qw2WVCBiB|YYeu&2j5t1krZ7a@Ka)BfrJ6|tFXm13
zoz;<B+w|OqzARRe2L5cI@D7NRrh|$qT~ynZy@w~oFXci<bs>iw5QC*7rF};5e!RP)
zpT~EmWJpZ@4q>_V!u~;o1_jwskLCelPO5-*2KgiitMjdO)xPa@2!LIJ=J3%qO1l@$
zOOm?uzFYtc(<&F8EFk3YI=4hVOTY1~TRtm3EZO6JcQ|^ANAB>bodVu|jxTI~_~9mE
zc><nwH=>=X)6du>syrx7jGRjsnHA$3X87s?hw9gN_bc*H;vadl9_3<As~urq0N})1
zt_xz=!=ezQ%lgPzb&YdU^UR0gIF4lYAA5$X1z~wZ#Fsvc(ZJCb`}eM1+KZ-iyXP0k
z7)BO%0W9m-TWO4o4B*|8AGFEIS7OKMm2IWP?T;OKG?pXF4G^R!zckk+I&yiqWZ=lD
z*|n^FdDchb-RxclWhnO>uhxcJBkg2$;r-9{gFtn@7w~|7z?*cDC2g0_NRM76NbIuX
zP4ay*B=4J{8GIV)BMhQHO*g`nYN7P<r9o3&B3e#4{dkMf16cJWDCx<$kudVh+t&S=
z<s3o2|IyHcl{sHQTzYWpUnDpqmDMqJGZ9wa4azK1r#CKY)FYm7GFhDhGa1z8yl_hv
zx|<$F8x>u@7Mhj{H2qvRSgLAU7I)tbDFTf#*?ajpUVUKRR+9W&5InJEljT`eet>4(
zGbxs)7c)V504%wmU?@*!!C7c1H05r#YFO_Q7#t=4Rh+HnOZQJ_<k~{h_teVR32`yf
zdbGz&Uz{Q2a#}I_3%l2IC+`zXGe!$V>iS?*w#Z;|7fVxNf%h884%t2T4_EZuOD6^S
z9@PW$UQub;OC*?*-FT29TUR7W5W{9z;-z}D6U%ES4CuWbM;qqur1e2=qzXG;Kw7A2
zAEM2LzBJfEx?JL*w&zd?Q9$)=6_v+|;gWMs5haNzrdn?8_}jD#da!8HZnqcCX>uMj
zVM!ORSi<iFhM1H+s_P58`QLI21mR3MII8Sr9(U5bo*|GwCpX2o9s>Cu8b+@yP8aiy
zakY+s&Bd>A1aBBHCY+v(LjeVP4Z>H@(+XuJOC%S8g_Gs@l>pniv)yI3i7eik3BnK0
zhqK9yl+Q!b6qKAM<i9#u#dYOWR$B7=0fnC*-&M^r%J&V^sr7dMtI0B1^;ZgI$fxFR
z6a}y!1bV%WQW8c<6A+PIvmH<K{$psUZUyEp9zCPBEUg)YUEHqd=%11p`SinriSN<I
z+jRo}mmb^7J~_|3*1CGX)V*?ju4C_M!I&(li6Zw~O0-ZyWb1mm<*On94iBY`Knza6
zL~~3bD%i}tC)JBI8h^8*^k9WJW0b7jZ7>6+&F`92KGr}fq8MLN&hF6-@a_54j458I
zCqC3-?_&*#8mbp(S5kyI;rPprM{g7FCV*v=h<<Twy{P$^8uPFt0$o}ytlLc}fISYZ
z=cVHQt0m^Qm;<O^O0_VP>Q>0YI=;s~zXclVLO$X2g*+#)#bhzbch^L{*Xn*dAHRtG
z43G)8fBqia<W1f`HVjoL1th9xetS9MgXhD%8>Ie4On9JLP>`gtfgOG5u+Y)2qu-)C
zLr|;h<yfXw(`GL~@3wq=-{LuEoAPUXY4&IIE45)>`+WO>q@|$7lZL&|Y2cp&Zv&70
zN`+mN@BGLt;W1Dy>VLKv<B{tWGyBn}CrxpsQoDKi-+ev%#j$l<+X0j$M)>^*a+tEl
zK>x;)74iPvB7w9<>ReeDWu=pwv7LjNI_wCoURkC;{jRsazNb`G%{2+hDh(2^k2+~$
zjqeK59IrP8uWWtyoQxazDFA*#Be>qA^^<$zm=~L3&SoV&DlgBs_#Z_+^_vd`fdJAG
zMg@dsy(?-KB>6qIUO3?3v}Vir*P*^F)O~j?r7x^HG7B+JP&0X}H;i!YFMSjZc0SHE
zaVsxZyj-7NVpb1i>sj0NlCdpiJ?sVrDgKcMb+}p7@v85w^7zTG4$C9Naj~1zDML)<
zN!afVqogO0123}zN&48@0ci_b4YsW=<J0+U5VW<>fZ+4N(j9QeL<ceWq1E$N8#I07
zcS#vz&Eng>xY#VOcXjV!mO<s5&0DsOlWwGGb+hMO%*K<3EA;dyVQ<+20j}x?v$K1E
zT(B!#oFZfxoyGF9uJ<^Dc*fd(FKJ4rQ>f^V?OYX$zp@^kU;SD`{(|9)LJFAn!oS-F
zJUOZLe_NXqoXP^a%5D<-P!7LZ0D%_3Hte-6cD$F)xiG+W^${)pki37-z>Q(OW|Pei
z+g&L$Q<*nfWR2F|pIc>e+5XLwvtkb@^>ohM{uLbm06U395EDJo2lOo74^&t+k8keI
z>R_&uJk#E_D0aLBhZ{39Cp``C9@81YwQNFO!e9}_aWR22$+~ujTvmZAt#nSTJkZ8!
zW*7z?=}0{G=04M4$(0e#xKp@Y1YE=FJ{H$DP<Z2STp;#R^ANq$)20RT?h2AQV`wsQ
zc_v<OYwXSQN}R_$4dVt9lcCWZ=Y+5C>2uAwT-7MtQQ%BPH2U+hUdm{NG8PB(j&rt-
z8>u&-oj(C$+7$P0>0*YoO<~ruv9&FJxT)Q&yGA62w){pAg;_$Z1bpUekNR-;;(mjV
z{TyZk_BYz*^ugMl^tn?Ur{#ENbPhy`V&+UFsT7-L-9C1Xn!?uCYzO=)S8PkhZi`oD
zwd3~7!TFxus8&73KZM?8<Z{LWUppX|b3vDhUm(y!pI&Zf_6wFq3*ROueG%Zv7?$dQ
z!YU6*aif*VTJmh-8N?}+j$E=o%&fJ-kRNyu#kO`RKUn5NG)UaPWeiF#^}<Yk<9-v?
z#;7S=z=WNksHt7_imfpUHbbWpA{Fa_UDUXi)o|n8)K051A0I@`+F8Q9VR`G286S30
zY6B|H{%gtgVyt%64=g8i?&nmJNA#wq_}-cy_{+>wdL(ebw6JT_n3u|wcU;Ut7PIe)
zySA`3C&0iDw$rp|&!sE3fY)M>=|sKyENb0`D~@n8jp`QsJgFeq!>Rvc52Z;{bkJA#
z*t2e~MQh^cGw0Nj`D=}>V>V%%jK-KhAl||-Yxj_!)^1}z=;Q7~dajU``(9B$$N%ix
z|5?k_!dHZfL<aZwwEA@DdHeL&cna%lN^DIuwV#`>r^oHc_(0X%UDL*L5xG~ekC_gr
z!w?qj)DWx0?K!=+Co(JIMW*EV@Wvry7_5k25i?15RcO@6J#r7Y#5Svyv7z(@!1+x9
zXrS5l>f{TvJ7XQ|VZZBKSzsu)>fVu;iPd7mhJo23{Fi9s?qhF~Zk$VT^2IiOha+}x
zj73-l9zO4A-QXDUN%$x6`98X*tS+C-3{wUO^%S4Ozf4DNTgOt_<=H?rIE);3?=ZN_
z&<hi2!$EM-_I8C==i+6k@#XaZ3v-4WoGO~GvA*8I&?`CCIxrEK4tZJ5(N3_Y)I*Ms
zh1wh)Ww3hB&^WxmUeX=;=pS$YUZ%t@_ph1XmUYMp=7aOD9oS0uB@Ia~lbJO44bm8i
z9AM5HYB?S0Jc8>?1!>Ps$5}>9-*&LF&YSoy=1S+>v!g0vle)?9!F}=o#9k2AzP2Ut
zr~_;;@^Wl2srC+W&AE<GDs#~MIThm*8OnHNIEV2Vry>6(92!Mp=a%SoP_;c2JrwaB
z<`(p3db>YTUF$OKP-~Vrjb>+=I=54=tMn1N(EAFG`d0<Mk!rFgoay*x#akwA9G(_m
zPBX!iQFQBBxK&pA1^|fIe+mL+BX&s1&AfOeTZ)UP9tr|QKgGA*c_aU0o|Z(t8O;>m
zK~U(Tk?1-9xeqB8ZTs1Db>ofux_j_>omnLzD^Jake>Fb!S&oF-W2*XSa+CPqvY}B(
zG6YoH(j<H+Dws^%mxQg~Z~_R!TIT%0<NXy3!|Mt91>Uy6tkF%}o%hK#<aO^)4pOs;
z)7T%@qFYy2$Q#z|9Qc~do1a)r?e7C)gKiA*8wJrE<sUpSPCK;HPYO)TPa~O<<m*QY
zjgYWR`2Ki-`mcU}h;H-YZict~5+3ivHPu6|Le%i1-wu!>7^{_a{W9qP$u+1bUU)rh
z#pu>Mi-(H<+~2WwgIC5eUz46+rCQT~eYhq}=o*T>Iq6|czw$dhS0T;!nRk|``ZzLv
zDeBN}?26PP8!<Knjk%pqN|IoV$U6>Wo_do8u&sU-h84ft>#i!gtJx^~L4Nk4+dNX+
z-k5T=fO2Bwxu23$`S=U2W=Ir@4&OOmYYpqLW1sT@6dVK5r_HH2LQy|ea>2q+;FHYp
z-`Alcm1!lj54j%v`&8}7#QQ89qA%B5P|5I|7PSN95RsT73gfb$En_tV_P@h+kv}xH
zg>;ykuyAs*w7BMU)G53gjc-+4g2Kd_2)X%$=;_(h|0lP&JN_@XU{F9|1irw<<O$CD
z<L+--YO2=l;LT~gRp>#*_}$>DsNa=<aMCtc2Jw$JFNppchD@Ge2*Ey>>%(B)9x|ji
z;(7tr)*pV4dl3X>4c1&r%$d;`ci+t&u<k$uxhJ%`qt4)j3U4VL4GI?GwRX|cHN^{-
z_biOIyQ-bnq_>D52s=-)fM(*GFn6>S5-t6<*xpU$8^pg_N0o=(<aY3l<`5>hH!M2s
zxJETLym|5=%({z@D$ImR0bJRbUSFkTa6|k{y<w)1QoB1_I|x>vmEbO!=bfpFum&|`
zt<5&$z5`6&_T*1UQ}HoT&3)c<?l+r$_ZcBicO#lNlF}-pWLX;<06_r5o4qA2A$%>z
z)?M<ZP-yjh+oKN(dFI;8%+bQJ%s&rU6-XtZz(^+MiVmQzr1S7{3aQcKCpY@@ETu2r
z@g1WP{6=uRXZMfuVCrIM#?V5#D^W#sW-4f>h3p{b&Och}e;}SjTJNfVFP_fX>j><G
zfTxh#a5(#lwu=~MpuT*O^z;_;PP_xTu45SW0oo@l3KP>QQ{nPAOO!w8bZE!3owM44
zuEf%|0Mj;@%+9|i<VqLR_D_pnYCh`5EF1@@dd}CiJ)~}SWpCb_Ir0iqrDSNbC-CEc
z8J;=c?bsg+*GI<66WHOvfq$^qFHb~ILq^B_WZNr*Xwa910BE!%1P^HFbEv;8r3)Bk
z$1IE=A%F1GjiLXi3vhd~`pNx#|M|Z4i5>FXxi6>&5-@0ufp)a*dr-^<2OC8(;_ZAA
z$jbg{V*P1yA0IFH88NffOCIZejOq~U0Hu0!SuaKObW@HHriJi~yNAmv18VaRi)+|j
z2n%*kaavCZXnT523haK0dJp?oa1B|n7g>MS^gH;*jV2maYuY@}d*rToReH1w4^t&Q
z$l8A0oC2(v7}pWSIJrAwmqmhcnOj1=-(MB?;O|f*1tFU{+z;Z0nVlgT1)At3L;?dB
z+FRlhWAu@iZ2vCGm+xQ&^=&kq#<)$!c(O$K-ph66z_^mX#p&<f{2YJ!nnVz0d!>>y
zO-#!(9h+D(7NVLy$^tZQO0w2~bt|SbL>OCmh~a`RViHKsFxxMmI=4GI!2fO!)>o*u
zbz8>SkP-~@ylUsa{<J=OX|7ym(f!;GW2sx@c5IbON3lwC)kPd*VJ)}6`NI()-&4XS
zd<-xJnhwH~*etF!R|8l-FcN+X7Oc2qzC+o9It_EeH%JC<Lk?sO#=~h|sep)-P=}H1
z#vlhkZT^J{k0X<NCev&fEufN0mm&_IU^<RLVYdZxIxunx4;Rf*>c)ck%&`hpl<V2D
zG~Yj&F3)|}LW`LFw~R~<EUTJJaKOlCv21Js4hL1HRYR+6919v<I2F-(4c*VzePn`&
ze6iiOxprHz?d=hk+zf0W_OVW>J@j3IFX=Q)pKiLxQbT4kbl{ZJVl~zfl(_2NF<Ocw
z+RskUf5Gciw>gTWla942$??`#qyFh|mPPC0IWhn>PmahFamIh7@u197A?uT~+}a8-
z3sE%Xx*PYUkYvPi(CIZ83oj9Ji1uf&#G3(zCa^K9s=By;iALhLc4#%<vA|ah?$f&`
zzoceojH@GAy5^Oq5rFqroxnf5dR{v5F%8+K>_DrL4ex~Ze&}0_AC*n4Y<Svm(F{{{
z=JhyA3>en0IW#anJw<!QVT>zgNoN2K(b>qBOA@WM%f+KqD^tE}AX<qNsKAN~iNa!M
zof~!6*jVTJYH_OHJ}RU48mYS%f3;VF0IOEWx!H3Y3c8}UM&sXnN!cHfkl`K#`Zd-?
zt_DoDawRZZE`r8NyWKnG&%|+Bz#;e}@zzk*RMTF*!t@d0#8ZC)NKHu~{0TsPHoC&v
zNF**2b6n419uZVi2#z%kdN#6l+W^08c5|=G*H(IWiU?uP+{L<k<Jo#do&#;tEunu!
zz)IafHS%tq!IdtveQ$d3X%?2M?a;Fv>Aw?{cCt5U@~7?S>aUd0`Q)K?AU`3&;$~$q
z506viZMa|;$pn7#og}r>{s4ggy9<@)3g_V4>vg=zCJT>K?Cr2%7s~{G${i)O)9ye{
zUl%No(^rJJU>D6qPV$|i@@5qB6~tj);+>+(W(D#U#$jIa-7N?<L2$+{49XblG}}`o
zy--@%7`<=akW0}}cWOEU0?V8oLwpRwWofIqab%XElZ(Ey3)2t<xEL^TpB=OJBgU_S
z5f{g_Y{`HC+i+dZXRHr}t^0Ae?cc89sT@>z=E(#02qeyvsxd3`pnoOQoM)T!K*6^}
zqUr&9_`yy8Xh^V#mS4WQ#7^P(KiZIdaFO7*!{^&jqt6nPcj`eL#pC!SUA{H45McFv
zQ`;M+t`#E<9{_7(;cx^(c6s-Wx#@#)l=sTM#$Up|#%VY%A%;9gyPUN_GWf3)RrI0H
zz`tfx9J7!NIzxay0*6JQi3=iVm(qQ<p_A87s-ipa>l-zEk%bCR9K%d+6fibtiu-!G
z(eg@q_vSb`BB%1FmAw4vTkVb?eBDi#CxbOHfzI`Pb*|ljjiWmDepPi+H*G($e7Fez
z{`#dUX*eulOYzCSjgwVlj}d0Q-nDNQ^UDf_WJ3Y(nQ0nagk~2Zj}|S*^I5n;f5YXk
z<~NG-`sZs|s^af~vf52s2+9H8ndaU+?xyN=k!}agHOa-{@s;rvA!RvGFbr@E5D*X;
okO19k{b8e&k}V;m|6IbE369AOf`CwPq}*(AK*?=>Jp}SU0QFkdMgRZ+

diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 889baa5924c..3ff7dd53a90 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -638,6 +638,26 @@
                       {
                         "name": "nodeKey",
                         "type": "string"
+                      },
+                      {
+                        "name": "distro",
+                        "type": "string"
+                      },
+                      {
+                        "name": "sshEnabled",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "connectedToControl",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "tailnetLockKey",
+                        "type": "string"
+                      },
+                      {
+                        "name": "tailnetLockError",
+                        "type": "string"
                       }
                     ]
                   },
@@ -852,7 +872,7 @@
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "source | extend TimeGenerated = now() | extend DeviceId = id | extend DeviceName = name | extend Hostname = hostname | extend User = user | extend Os = os | extend ClientVersion = clientVersion | extend UpdateAvailable = updateAvailable | extend Authorized = authorized | extend IsExternal = isExternal | extend Created = created | extend LastSeen = lastSeen | extend Expires = expires | extend KeyExpiryDisabled = keyExpiryDisabled | extend BlocksIncomingConnections = blocksIncomingConnections | extend Addresses = addresses | extend Tags = tags | extend EnabledRoutes = enabledRoutes | extend AdvertisedRoutes = advertisedRoutes | extend ClientConnectivity = clientConnectivity | extend MachineKey = machineKey | extend NodeKey = nodeKey | project TimeGenerated, DeviceId, DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, Created, LastSeen, Expires, KeyExpiryDisabled, BlocksIncomingConnections, Addresses, Tags, EnabledRoutes, AdvertisedRoutes, ClientConnectivity, MachineKey, NodeKey",
+                    "transformKql": "source | extend TimeGenerated = now() | extend DeviceId = id | extend DeviceName = name | extend Hostname = hostname | extend User = user | extend Os = os | extend Distro = distro | extend ClientVersion = clientVersion | extend UpdateAvailable = updateAvailable | extend Authorized = authorized | extend IsExternal = isExternal | extend Created = created | extend LastSeen = lastSeen | extend Expires = expires | extend KeyExpiryDisabled = keyExpiryDisabled | extend BlocksIncomingConnections = blocksIncomingConnections | extend SshEnabled = sshEnabled | extend ConnectedToControl = connectedToControl | extend Addresses = addresses | extend Tags = tags | extend EnabledRoutes = enabledRoutes | extend AdvertisedRoutes = advertisedRoutes | extend ClientConnectivity = clientConnectivity | extend MachineKey = machineKey | extend NodeKey = nodeKey | extend TailnetLockKey = tailnetLockKey | extend TailnetLockError = tailnetLockError | project TimeGenerated, DeviceId, DeviceName, Hostname, User, Os, Distro, ClientVersion, UpdateAvailable, Authorized, IsExternal, Created, LastSeen, Expires, KeyExpiryDisabled, BlocksIncomingConnections, SshEnabled, ConnectedToControl, Addresses, Tags, EnabledRoutes, AdvertisedRoutes, ClientConnectivity, MachineKey, NodeKey, TailnetLockKey, TailnetLockError",
                     "outputStream": "Custom-Tailscale_Devices_CL"
                   },
                   {
@@ -1076,6 +1096,26 @@
                     {
                       "name": "NodeKey",
                       "type": "string"
+                    },
+                    {
+                      "name": "Distro",
+                      "type": "string"
+                    },
+                    {
+                      "name": "SshEnabled",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "ConnectedToControl",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "TailnetLockKey",
+                      "type": "string"
+                    },
+                    {
+                      "name": "TailnetLockError",
+                      "type": "string"
                     }
                   ]
                 },
@@ -1813,7 +1853,7 @@
                   }
                 },
                 "request": {
-                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/devices')]",
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/devices?fields=all')]",
                   "httpMethod": "GET",
                   "queryWindowInMin": 60,
                   "rateLimitQps": 1,
@@ -2517,6 +2557,26 @@
                       {
                         "name": "nodeKey",
                         "type": "string"
+                      },
+                      {
+                        "name": "distro",
+                        "type": "string"
+                      },
+                      {
+                        "name": "sshEnabled",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "connectedToControl",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "tailnetLockKey",
+                        "type": "string"
+                      },
+                      {
+                        "name": "tailnetLockError",
+                        "type": "string"
                       }
                     ]
                   },
@@ -2807,7 +2867,7 @@
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "source | extend TimeGenerated = now() | extend DeviceId = id | extend DeviceName = name | extend Hostname = hostname | extend User = user | extend Os = os | extend ClientVersion = clientVersion | extend UpdateAvailable = updateAvailable | extend Authorized = authorized | extend IsExternal = isExternal | extend Created = created | extend LastSeen = lastSeen | extend Expires = expires | extend KeyExpiryDisabled = keyExpiryDisabled | extend BlocksIncomingConnections = blocksIncomingConnections | extend Addresses = addresses | extend Tags = tags | extend EnabledRoutes = enabledRoutes | extend AdvertisedRoutes = advertisedRoutes | extend ClientConnectivity = clientConnectivity | extend MachineKey = machineKey | extend NodeKey = nodeKey | project TimeGenerated, DeviceId, DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, Created, LastSeen, Expires, KeyExpiryDisabled, BlocksIncomingConnections, Addresses, Tags, EnabledRoutes, AdvertisedRoutes, ClientConnectivity, MachineKey, NodeKey",
+                    "transformKql": "source | extend TimeGenerated = now() | extend DeviceId = id | extend DeviceName = name | extend Hostname = hostname | extend User = user | extend Os = os | extend Distro = distro | extend ClientVersion = clientVersion | extend UpdateAvailable = updateAvailable | extend Authorized = authorized | extend IsExternal = isExternal | extend Created = created | extend LastSeen = lastSeen | extend Expires = expires | extend KeyExpiryDisabled = keyExpiryDisabled | extend BlocksIncomingConnections = blocksIncomingConnections | extend SshEnabled = sshEnabled | extend ConnectedToControl = connectedToControl | extend Addresses = addresses | extend Tags = tags | extend EnabledRoutes = enabledRoutes | extend AdvertisedRoutes = advertisedRoutes | extend ClientConnectivity = clientConnectivity | extend MachineKey = machineKey | extend NodeKey = nodeKey | extend TailnetLockKey = tailnetLockKey | extend TailnetLockError = tailnetLockError | project TimeGenerated, DeviceId, DeviceName, Hostname, User, Os, Distro, ClientVersion, UpdateAvailable, Authorized, IsExternal, Created, LastSeen, Expires, KeyExpiryDisabled, BlocksIncomingConnections, SshEnabled, ConnectedToControl, Addresses, Tags, EnabledRoutes, AdvertisedRoutes, ClientConnectivity, MachineKey, NodeKey, TailnetLockKey, TailnetLockError",
                     "outputStream": "Custom-Tailscale_Devices_CL"
                   },
                   {
@@ -3051,6 +3111,26 @@
                     {
                       "name": "NodeKey",
                       "type": "string"
+                    },
+                    {
+                      "name": "Distro",
+                      "type": "string"
+                    },
+                    {
+                      "name": "SshEnabled",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "ConnectedToControl",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "TailnetLockKey",
+                      "type": "string"
+                    },
+                    {
+                      "name": "TailnetLockError",
+                      "type": "string"
                     }
                   ]
                 },
@@ -3852,7 +3932,7 @@
                   }
                 },
                 "request": {
-                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/devices')]",
+                  "apiEndpoint": "[[concat('https://api.tailscale.com/api/v2/tailnet/', parameters('tailnetName'), '/devices?fields=all')]",
                   "httpMethod": "GET",
                   "queryWindowInMin": 60,
                   "rateLimitQps": 1,
@@ -4262,10 +4342,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4288,14 +4368,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "5h",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -4376,10 +4456,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4401,14 +4481,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "5h",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -4489,10 +4569,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4513,14 +4593,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "5h",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -4601,10 +4681,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4635,14 +4715,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "5h",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -4723,10 +4803,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4748,14 +4828,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "5h",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -4836,10 +4916,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4869,14 +4949,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "1d",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -4957,10 +5037,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4992,14 +5072,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "1d",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5080,10 +5160,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Users_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5106,14 +5186,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "1d",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5194,10 +5274,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5220,14 +5300,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "1d",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5308,10 +5388,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5334,14 +5414,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "1d",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5422,10 +5502,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5446,14 +5526,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "1d",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5534,10 +5614,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5569,14 +5649,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "5h",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5657,10 +5737,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5692,14 +5772,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "5h",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5780,10 +5860,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5807,14 +5887,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "1d",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5895,10 +5975,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5931,14 +6011,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "5h",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -6019,10 +6099,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6045,14 +6125,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "1d",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -6133,10 +6213,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6159,14 +6239,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "1d",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -6247,10 +6327,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6271,14 +6351,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
                     "lookbackDuration": "1d",
+                    "enabled": true,
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false
-                  }
+                    "groupByEntities": []
+                  },
+                  "createIncident": true
                 }
               }
             },

From 147721bbe6c02fcd9ed1b16a57d486ea9eb4c2ac Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 11:31:03 +0100
Subject: [PATCH 11/27] Tailscale (CCF): fix Settings panel - readable values +
 tier-correct columns

Two issues with the "Current tailnet settings" panel in the Tailscale
Standard workbook:

1. Boolean columns rendered EMPTY for `false` values because the
   workbook used Sentinel's boolean-checkbox formatter (formatter 11),
   which leaves the cell blank when the underlying value is false or
   null. Visually indistinguishable from "no data".

2. Standard tier displayed Premium-only setting flags
   (`NetworkFlowLoggingOn`, `PostureIdentityCollectionOn`) that are
   never meaningful on Standard - they come back as null or always-
   false from the API on that tier. Showing them implied to the user
   that data was missing when in fact the feature simply doesn't apply.

Fix: rewrote both workbooks' Settings panels with explicit
iff()/case() expressions returning "On" / "Off" strings, removed the
boolean formatter, and tier-scoped the projection:

  Standard workbook surfaces:
    - Snapshot at
    - Device approval required
    - Device auto-updates
    - Device key duration (days)
    - User approval required
    - Users allowed to join external tailnets
    - Regional routing

  Premium workbook surfaces all of the above plus:
    - Network flow logging
    - Posture identity collection

Both presented as plain-text "On" / "Off" / number / role-name so
every cell reads cleanly and there's no ambiguity between "off" and
"missing data". Underlying table schema is unchanged - the Premium-
only columns are still ingested when the connector deploys (they're
just always null on Standard), so a tenant upgrading Standard ->
Premium gets the data automatically once they reconnect.
---
 Solutions/Tailscale (CCF)/Package/3.0.3.zip   | Bin 57388 -> 57505 bytes
 .../Tailscale (CCF)/Package/mainTemplate.json | 280 +++++++++---------
 .../Workbooks/TailscalePremiumOperations.json |  32 +-
 .../TailscaleStandardOperations.json          |  32 +-
 4 files changed, 144 insertions(+), 200 deletions(-)

diff --git a/Solutions/Tailscale (CCF)/Package/3.0.3.zip b/Solutions/Tailscale (CCF)/Package/3.0.3.zip
index 328fe7b89b3cc46d0829555a59cef821d7dbcebb..9f5c403bcf7953439f06c3aacb456ab489554181 100644
GIT binary patch
delta 25203
zcmYgXQ*dTou#Iiowr$%J+Y{T#7u&Wuv2EMQ7jt4K6HGG6&3_+m-IuegPM@k%wRZRF
z-m81p41gC6g2SuGgF|3|fPlb&tTw_g;Ucc;)#&$wxIsaVfq-l^U*O8?0TP>&k~DKa
zt|9DVInlTjEZpYUxbFX0tmu<<Kh|8UNe$bAa)|&=2YNj~AGVPPY#GO$P<3#O*-x#m
zQrLVc#{z5bUHNZrG?AWN5fHk&TLpUqK$?t~#!66e4zcmo4Yf8Y;}Juyqg}_sA+K_l
zl>>}wV24|WP0WR2%cPVt05wP!Ew?ck!j58FmVaF76kH{qnKUyzE6rFyIs}>1;j`Wy
zrd`Dg<CRRf=yy<^mF(83E#;q5m?aL043(8kwmZ7M*d6H*osAJH%|@Zp&9>s{PBfYf
zUdkil@PB}DL3x*%&1N@V&L@=5xVHv7TV9V_=;+FYw~eBY3Oavw1FV_BE;WFITR>#4
zk0eF(v5+_U_w-IZ-My^M9br2`+zN7wpEAq*<vR><sWO)BG-oju@xI5&Mmj^(69qr+
zo`1IM>Si66yL4I1@lHloHBRvY7UY#GEb#Ox6XZ!B*y2j2IpBr<%_yCo&gB4=`{`%f
z$b?}kDx)ZDp3Zap0AP*JkN7s#t_ZEGX+_Uf2(8$4igB_9o5!!mc4yfQf4>~LX3BMx
zH8gl`DDf<-JDUW;USn8iJj~GP`Gk14a2ve?jmcPSYjWYX&d7(ObhH#VZ%f#U;}3j@
zfG6?FbAIN=&~GbLO2*14o%lh2TA{lkk4;j-g@#yy1BQNe12T1<#Xud7zW>G!<_IeV
zWO%%+h$(03pX2Ij8rnHp(>ZP7uWrGqiK=w=a~YFowvP1=Oyb~*$=^De;_7OO6T;uJ
zPI-ztN?F#Mp|Jg#|L<v%p(Ji>>SOYvW~ShrNb_Vq?afv6(aHyOhpk$8=0nFn_l+I=
zX*^pPTUVPIF#1u|UW8g(H&a0WXazAo_3;M5{ti1+pxfOKjl=)Q5}94eWOt?CFiDMK
zD%{`L%ry?w(Zl60m;%C{LUNloxd<yh=2liVY|6K|thq>fz};h?1i-<QyNOfHH2jpM
z-{3MGw@S<gGuiSOr*U%vdFD1H%a1`r9e1_I??C<l$QrDMMomow&Q@?sr1Cc;ccZcn
zgkT~R5_P&e!W8=-cf@4#Q|b!`RnT%91>4d-a`@A=FYQg1;wF^pwu+B!O_3;T{gV+R
zmPx5Qj(S<<RFVc~qabQq{t@}nkf~*Z_NoS<N_$h~b-Kdt=>t|@Q~%YwwqB;KIe6-3
zp<|!}&}8?~*3r~TUxj3>K9}^JuKC9@{j2N9JJ5pj8zfy#Y~2~=(WYPRQE0Vw4Au10
zHs2UE{rwLkhH7@MY~+TDlR-jGRXt#SmvM?RNmoFCuZ@4aU~6Afg;1K{pQm`Jcw02P
zT`|sr%(@6^mb0(bwN(!2=xDg3UWrQ^L4cNB1qwiP?S~1~AMh*I;fhS?l|~dqKhqb~
zXH*ZA&JxhzEVW=?c%UedKn;4bGgv>uu0*&&Q85!?W;L}Pp<F`?Csqa5yACtCgY(80
zj{Bcrq#s6>WfY`T6=ZE)Mbjz_BFIck;D@TFwlTf}A@RRf51-YG&sHcAimPN+KLCj9
zIA<9t)^nlG@4>D-_17wfwuL(}6Oh886e!TwudCimmm{8Zroa6KU`HG5>Az&MN^i1$
z$6hz(8RXBj_%mp^&oF6uiJ+wd%Vju4H#9x1#sktHtxsi@7(jZWQzdfJ9cwb@l4L>j
zI~a}qFFojJ_WRjDK{7ipPeg3>HUJ3Lj5J!{wVVsOq0zyS;RcTbVJtd9x4dt~oA<pI
z{6X3{m|#tEh!aAzB=mxAxdHcQ&rr0-X*tNKiCSiBoR$V=Yh^5#H8gIf9&O<|o<tEk
zr-`51GhL~XPZXJdEQ_nGTgPf_XZVUs#%kz+8<@sxlp{~j#z4t`k=bXdV}J&EE*(&M
z-+wqBo`~T)wX9daSgss1mw4&~GZ`Nmn+*8wKlbBC#Q@{R9v-yO(NUPMSc6v%q{8!V
zAG3iQ1=o6DrxPpSG|wNQxKQ#{IQ*$4>q)D3goSO}3+vnLQQ{!r5w#!-Z8224+m1z!
zUO{fbevU{l=*PaG<T_%11pp$zBBCK0?HOZR(qU3y-uwc>RiZz(2|bBWv?n!N&-u(t
zITt16pgr*SWcZ;!(xB;vlC)p7BmBt;s||BJfdAcPMtp^c5FiLOePk&q>QI*Y^WjK*
zcj?V7+W-BQ!Vluh;O^XtmuNxAR9mZrmNLfa7j9<M^CHGxqODx86u_bW!6rYG{&K^z
ze9daBVvzONBG9I7OD5>_yvfM9n5J(YBToJz2IHj8N-r&uPba&51?aaay~Eidw3%=&
zYxXgjUV0ojb{|lcde(u#tufT~H)A%o8lVIH_GOyzSeS$N2&m8eqAFrkDrdKYz!dxU
z5AVXt-Dd0Z3fqRD8!*-=e+bl}JsY`lKpejjLK>eV{nyCjL3@5C>vT0+s<vnoXSUAc
zAt4=Srq$3)KhQ`_kt7VV$aJB)BGJxKY|u0bm$`W<-QsJDa%~uAtrccX%(}eDZ0_tQ
z+zd*K>z)4|k9u{rgpP?$f5S)y>=jeWKYz^;Z9pb_w{j5Zg_2*y2!WAKsq=dVG}4FJ
z%k@P47>x1;bX0L=Vh#nQFVv^LqVbieUD!r>fG!fE9y%bMJ#&G(J;tmqMi+oC#c?l8
zL%S>Mzso+f{Anj*H>)lmKZpllEt{RUifj!a+N!)mhHU=Q(ddF|HG;3q!;Dp$*<BO4
z-aQhzCRiedx5+@u%!gRnRZzhM)UFkJAlgW~trU7d@^^!&bjMcy17YZ{Bv(c6UDEcL
zq@v%qs3)GjsUK{5=S(+XO!r3_|A8~>o&kZqD?su@XtudQNkd1axvMwQ@*Wl|uzb%Q
z^OHO;R_8U5X9327KNwdVJsR&rIqTm!Irw~o13y=(E<6<vj2S0*TVAv#U<lNii)}ZT
z?BWnN&r1|O4sG_GVWL@j@a3!?2-2*R0a0^GLrD0SJiFUj;A}xP3NrbGR9<0V3U&xK
z#UZ7e6Y>*`2Cj!CBVW0J)r2%oT$}J6B1VMHHN!MRN23{8R0Gp2cqbzG*gHvI4g5o<
zW;-Yx2EWta0Wmire>mp{0LI7M{sRO<aD(gFzo)|^k{^jGE^!tu<#C<rZ)j?Q786RX
znH+&inLy$djE&Vw&Y3hzCe(<*lcnAc>~sznqTM=7ak!9Sr=KZE=U25=H%!N1pLh*O
zcMu_R;AuGr8olUe3a1kwT>=(XTi~Nv;H*Cjv)xC-?344v2=DO=0LLDb=eWyw^!rWh
zemQh$ZRMk0Q2ujB*DO(7yp|QE%qC8>menf<FQf+OZTj3^&Uz-S^lkfV#tBt6vPiv%
zV+REuscHM)SCMCxoKTooR~H;m7ETe+G)U2Z(K#2HYk6ok%pn=B|Ii~r*<wJ4=sK&U
z9fFJm!OxS9BLO=7PbZ0*tCchq7~0w^>2WZc?i9xN66=hWqWa~@)4oYjqVRyK$<HyG
zC0GX7C-8W!w?%3eIS%I8L7R0kBJC^FPB`u{&L+L|vM@;ry_yp^-fW}>^Y+NbKoRSC
ziY6TFg*aa}k{L4UTPj`1=tkt9GJu3xXNY0K(KwF&2EgKX4R%5?J_>)GFiU|^420W9
z3N+w0ZhKnB6**&}r6dh7hVAK>U<s>KSEZ&4d?^`wN$PaEU*W>*H@a?^zsqE(x<5()
zw%2=nTEn&U%1DA3c+o+Ew&aa22Zc0=u$xpAONj$>){{}-#Ro(kD%~!2iu|ADpR7-|
z^1m980A(7`*>5<tqFo6aLLi-|xpRq60%?KQLpG;`58IWq$C;upU-rTdEdSC0M|*5X
zx&#>E-WW2H;<LIjQoS~kL2a6<D$>3i(b**1w9H1bD6D^vBIg~|RTqdcXyJB6`Q{?I
zS5&+Z!<biVi|#H8?`kyMO_AE5!jOre!@iRSK%1r~wdD_m%B!VXopo#YkS&csaY^{l
ze_2E1fb#bv^uWHPe^fS3YWU!PNrT__AIqx~B7#tj$=xsGJ5+u1c>TY#><2?%`6hQ)
zzrGnK=9+P6e^~4}@0)Rg2AR$1-9~Qi9~RGHM9#GX&8hCx8!2_IG149!qHebmwE?bD
zej885dE{Q8%hR5gYyk?dxVRfw(-*kK>p%`rpvNR3TAV^>A~H0t^f9e%P^+)JpPLJk
zsD(tG3X399Og37o9!vFG)ITk|Z5E$GhUQc3S#BBI?c{}-<{glK^T>>Z-Q0{W2^H)S
zAIL+Z$$Yr!fw#OU+>{>y&0$FQ41i4W&>TH{_Dz-%Y^iu|DNppROc0vuH!8`%e~c2$
z5W|@$=Cg#*=OYh(P2)#xIr*$sSYLtrW*|j@5PNGIJn0a((va-9bBE}m_VW;SR<hy%
zL1Df?oa_6okNvBfyWfM8>&r*eKgvco4I}ZSD@raG-_}#6FH4qD>$TXleE}K=Gpq@~
z&A|P0J|ZLW{o=8#6gWFqxf>U_yyR~4BJgF3s5Tl{?S1@1a3|=nQT}u@jSr=@eiC&V
z1$Cg9eoPsiVq1gk-(?7QwG+MAVwNvj`EXq@qFaY_u+~ETxWx7Q1!7EOe_mx93lv_Q
z8Elc`o!y*>iOb4!PANmPV}Rb^L^IiX6z?{kl#m~RRQ`8lvp%R515=ETbD{={SMkW}
zSsx<fzZYXGt-z!Vln~;;1nfWLHm2Hm#LVA;U32y4=;&7y6p2<E9%((pP^`R(4DG$i
z^(xQX!v#8LO3Zf#`dzd4rZ2Gdr#&+5R*l0$fRG=-$fJZYh#&_5g*)&uz#%E}@FSCL
zC@?7I<Tw8o#iV5?hIG=6FVKAN_>PMM;fzZ<OL7IDIj)`k*jEWwa_<hvwFL4{Ub<;{
zSbmQr*x%>w+RM%Fe(Qepi1jK7r_BGg#G;EM&Tzb5dD7s7Q#{-i)K)cSaQM&@$v7`Y
zL;A;&C70x{M_YJY2>#$Y+tMznU$&*$X_ZMAcvW@(J$AuTT0`T&Osi5P!p;G6Z(?z>
z>zQsk3Vifi13Lk}nJs^16!;SUN}DbH9?7p5Eak@FmF(uEGB8_0CH!6{Z|Xo&3@HIZ
z5V4x;hhsM0EM0abX?G3WAX2uM1J<=rCDmXh^ZsnDr^`kqZh-L@52uT)V=siE2j8*s
z)?meSZGT6!oVDl;ukuSrC_s+TekVOG4lJ}#8^f0I+PFZzGzpttG(;|XQlKjmFLTLE
z4hnh)bB-5k8J-;}P@b)tzrsraqyZ6&9jGuz2HRI0t~~aEZL*~l4CUC^Xnam?=ehk6
z$<kz30L2E`kfUmW7RfOr7%AcB#77>ExboPVHn)}~*M=KFLmhTH!`t^~zl4E@M~Z#E
zF%B|&ljC>GiWoLQX|c12H3bk>L%;+4aNaKmZ3Tt3IqA2Tr}2bhPTAc_!v=DSdBhHY
z^v5C}BjsOG(pnw&l}9o}ky=e)pDyXH)hZ3vi0WPH-!O}qSAC7c*WIQ(k($J*RFo-}
z`RvsGi%Lg6b(`R_{yOt2>eDTPlG*W-0gjE?O3iIMdFSOkjI=sT?s_Tb6wD9NyPf<)
zDc{mVs_#9acbGB(Q!eS)KuJKoUW*3g=sKe>s?s~qZR{jyZl^-J5EV}?uGtv0Jp9US
ziqjlg-3_Fx=v7KvuKU4@S?$snY;n0EumI}Q`P3-Sc-U_xsMKv7L7BdrvvSlD)9LfQ
zBQgo#Rqceqm5vhy3V4OMZT>3f4F({h7Ue{lLCOs=8j_-W0hXdi>IXk1LcIX78s1<^
zV4iKZKAwytTv$t|LWtJ7jbLaf#~{S)Ww5gQVq#&*3wa=wv2i(XHDOGrOo?D$=x0R0
zFLoUa#{KEKQ{_hVpQV<4RvSp(SflW_J=8!sj$+fN*NGoRL7<5|VEm$&#WZKoP?#}a
zFZWZk(D&=*>a(WT{Tl%+<4ORC_WF=bcnqr3K5Vb6uxlv96EzgC!r=~PjbxcK(>IGs
zM%r3^SvpNP3~I3wFlbcRA+4yBdB<S8%d5pEA(-!)`HBheExM>CJRC6_r+5TmR3cz%
z=Cvdh=1U?UIiL40*&D1eYHM(jCQA<qq_~`GB0Udr@Lq;$qh(Qw6*^$X=%-w*P9-ON
zt7Xv|gZbrJb{HHdypAe{MC0{OtmNVkaSnLz6=B_G6(u=;yxE~}m>}!+HHMY!u*mrD
zm*26Z(yW43<rNuS)T@cVz*KKavt><rb&Xhw!*{8Hkf%GU(inYU6^uCFx^s^Tn~8KQ
zSdGmG*-hVgwOi^_1W=#ZWH$h?UxdxadrFh%IOQ&~HIRrh=+Hk*dfgZoym`I0@9(p!
zd>%<3>wHAb?7y<+tD5t;!m(aRVo<=bRLkaqJU+_(2rvf<LVR}S0#iE^MR<L$Oe2$#
z?TKt;kUc4AK&*L;X@5w-=XJF2v$BN?PT(B~krnz_nM5Tc0VvVnsnCJyTZF<fLkAoi
zD%*nUPPuSyh()P!&q-K5z6$mk%52s|V#;98_pXN_MSg1BtSY)wAuFf{8SS;H+NjVp
z&@~nL$Z)vN77A~+pCRpY0p;Bhpf+FB#Ut&FW?y-wruaM1Dmd5V8QakEOvHEjFG;;b
zjk|;5yW-DxypewpiNgPxC2SB!Ey&bl{i~G3(OrW9jQAX6AE4Yvs8&F>N;g1CLrkzb
zi-7scX;TG_F+mDh-MFN@#3aFf-s>)_LihWCr=-LlgFQ>6c*mIo5LJo8?6`~|{!Mk>
zbKj;LNYF`CtctQi7$E3-w&hn8J!@97e&7x75e(P&V(x;37o`0YdEOuj-}9#kFOdFM
z!usK2da!K#iXVMkyn{Df&-(G5VutI@J+&ea9O*8FAqH>jAh)`IqkjAspzFIJ!FzfU
z`!6;S{iYBAj&*<mn!cB7IM?g0pFq}Z2>5!AsnvbH=s&|jC3%KHZrF>L=r`Z*IE7uY
z>JFq#CK0j;{PRU<=#*&mVvin-Rdz@m^s_xi0K02a#9{dUq};k9iVDa%*k0&Q{1f~t
z(9*?7f;C1W03neVMMB-CXmO^GGz&zo4gP_UqEH6pi3LCsAE6jU$u)-b$E&ccR2^J-
z;>xFvprCfL1t)O?ypP#uwgsjr9aNvXVfv9#Sq3<0CHf&<#S2Gf7{+3yi5d8LFhg(v
zX^^*P%I68@djcGhejm6~gM@7OTJdIn4Xl~ZNTkb{%v7O^U9yZ~PG{HAZ>Y1&{Y93N
zTfEeQVF$1zPR=&H4Cxh!6);RWoA|Xj6QHT_Hk$K3M^=-$yh)_y3*MHle#w(}KV%6v
zXzfxgf!+8_&AU_J(*G%L`bDu~w3nO{?JG*LwK;7I??+5=KPf>{<JOxiqpeonD6u0D
z4PWvztWK<xR!giYU6_iJFJ~!?a%`VA*adOT=O@7LPx}0o?ic3Qi^CtI9Ejs7K4*<`
zh|A|kvA%U&;kLr_U#q;+X*L<L+`r}~<^GZUaZt`%_ATY3{-)<@*D26%dY;=riT$SM
zi(K8jZ+5PB{bpy(U#@Z>yvU1ZPiu5WKEFBnEbwbXTYEv{lmK~B6-KshbZck1z8Jx~
zfZPsH+(#wCjZ_1Xy=J}&qlQ_u%Ui`?u75{A1egDCm(H<H*4m?Zk9mT{P*b*n*?eH<
z>!SS)Hh8RW3su@SzCnZazbC*a6Oc>^j*pbo2l+ifc?jgRLZOrqi|F&TiU-^4BRymH
zK!^mx+%=giq(sB1rRo~S_+SIJfyYHE1Il+9U!wy5h)uyB`DMvON7{O$ctm@KS`d5M
zUEx7+&PiDdrGP7kXY!-*33Z8l>U)LWIbM!{g`s;8+{T~RhR(s^Llr%dSA?B==%b;*
z=9BWk^uu>2jDEqoD`A`~@c%Yj&R6H6n2bG>KtN_J!I{b;jAj@j^AOaKPG!&Z1}xvn
z{7^+WBAij=m+=lFXb5~NT(Z@_Cis>_`ULtmlNMIz>QAMi@Ay%xsFw=##dzilA#;mh
z7t`xJ=H{g``V9$;3UUpJzTOV^AC9k{Y@nU|=b0;|z^|ZF8}BOlG@=&%fCnP>`<UUQ
zMN8W^R4_sl4R>&%W6q6+k?QFC0n})G;K(gT_e}eBYFZk2Veh3V+)gr4$S#z`toj7o
zb~X==uEBN>l)O2exR1V43HD4q@J^;WPMtJ@L-IxGLc4s!R6N_e-7Dh3LwJ+y5wGKU
z$4`u3PCJiQj6D%O){Q-R8~EwbgA^JB8@j(_8u-8cCS>RLNLdAFH#f!)z;~?$Gzi)G
zuC;*w)mkW5Ow36_5RW(YVHNMcS#SR%je}i~6G80=Z)BU9Zqu3f)NRJ$-CNunB8;ns
zktN?0r<cOaVXLms@O_7j?b_fT(3r7uS?!bKKfvYzeKZh<{US%{y=M@ca(KK%+8wM|
zq_lL_I|#WQG3atwZ2*^LN#a$TVoE&P3BjGbge*(JV5hIVKDx>ktjBn000ebJr~Hi-
z104xM#w;FdPp8?K5Ka;O2;x0z5$GCWPOv~63j%(oKyg;cAOl{kw^e3v2^rZ7mzQ2_
zia&@|44Tth2)e{}Q4i%{`tWkeKEjkx50B-*i|=r6#{JD{IH2ni<bxBKm%t|sn^=ng
z&8cfpvg&PAxp;wB%M_z&C5hLu<cM5LB!E^sSMs@N?aur2^yk6_BBkP@L!9QiwfncS
zq^Z@^O&^!upVjk<66@1|r9_lEUOCOB3v1+SkMqYI3E%tUD{z9wr+v$gvVci+g;UJn
zTgTdX{>ef%0&dYXl(Ll~3lJu0%e9ztc^?W6uiPitRDg*kt;zQ79|gtrB@k1n`}9ky
zW5KW8gbis9Eu#4xIy{rE*Bnf-eVk1XNAm9Gau)>l4Hlzn%}UrLyn;$-wC|J=)D!S2
zj_REzWRoUl`eeXIho8$OI7UrJQ!iDFg_a%p@QlDU-~%g@5Zlob0DIwsn#Di=va<84
z4y0K(l(0}!O6O{^;nq1oR4H+iQpt8@sJg{@-RWTMt|lj>$CRW&R*FF-3J}8$MCx75
zbWVS5x9>+D>BWZoGGwA`Nn<^cdiF~Ol@8q_tIH3xG8Ms_bP~|ehx2e*7(=%R$mRqL
zQ(s|v&?KYwTMn#11JD=zjm?5-DwZ%}2g+%d3LuEG_x0{6kJ<A#rzDxn9>{S`vo59X
zLoH67kTSPITF?&tNJv>>y5g~9*s?>yPfWcyZCXO{C><1I5Ug9?R$1N4D;)jbUeYd)
zkF;NHga|KE`;dOwvQ}7~`SC9N(%7OWtv*Jh3DOpPqN3BSWw`%^S08;=dH)NJ%LA*H
z4!EvN5_}w@c^DZKDic@Sn9?PuzM1A(wllfsv5_*Dh7I^udUc#oeh*qY*6P7N&%yP8
zqA2Ns5B=nX(ZYoBbb9@>?P_P{%#-zg(+zphME{>G)AE8a^s^o+l%MA#+R{#t930DS
zl_y7t+W|(R*`8iKsHyRmf}N~w-PleRePH3mpB#N)IwYmOVmzZ-F2=+l5)V4Uh}ilb
zd)Q^X96(3_CWlpGf#wVIDvuWf?<^R#CsC*Zn*M@0UVra@!U^5@1i94ANy!QdYtBk_
zyBuK2qz0m;U&rHfB`?yUB$h%GeFm|V?NS*Xj-C(Gny-D8j%fLwNmj7^=7EC3jX<HG
zVyrw^_zcl>2l>nhdx?ThRuBJZgr%H^e_a|<4R|+>Bhx02HCtL(e?*m1pZLt^F<Q#H
zHaj&#(*l?CH-%krP&x%VV@(8!;28%KS~4DRFV_y6{EYB8-)?ubkBFUQy)vHroeznP
zk5mda|BOfITXmMH=@qly79Rg|J}kcW;=^pQ5!2ognsDnXnnt&Fu@R3j=B#qD5svHm
z2=Hxc8oUG>(2NDzLJbgY)^fuHwyuL1U*myP!-4QOGsp;vbsCM6j*smzBBdL66`Pv&
z_F54z@b)Hb`76hT<msd%z%HM8%*;RWwi<|?!{{pk5D{7upo&nlz1**|Kf?HEM#drJ
zAm8t2_=ezHka@RYKycRCub|_q3C}P9p>Z={a?)PTmjA*~8UoqxhnjC-I(3H9#1?3n
z5D#cD)x`vxqZW3F@MaArB%mioV89%*y#^0x=9L%zEUP8B!ufB`yM40OwG-@tJN6Nr
z>V>1GBk<vJXTtE)3OJ!R=xk<QTZmg3+2fgG3xxj;gW-NLOVSq{&U_ad$;^TlUEzX-
z!(z8Q!BoPU=8#bxrbxdIM#Yxg6VS$du-XeBEkY2YiLM#yKU<$3rs~-Ia#sRJn%hu^
zDI8>A0!L<57Hlrcv;zZpDE0u;5-)c^r!d=6n_3TvLqSs(n28XLcPUw}?<w7+DBaG0
z_a0GOiAzRM<Tb2m3qjuSuF_H72eaT}>aXhAYwO0bm|b)a8k9p|F^~hn78Hkn$KSM;
zs>DDbhCp3lD1Z+1c4e)J#?`7RK$eqb-lLp8MaM)0M#cpUW)uLT-S|O4_h`I58-lzT
z51!d^v#4dc1`C5s0rbQlF?B{`gbA|}-h2o~w@8EKaL6GUGuWxZ!1=m>KI{g%El(o|
z=ovkr;5-=RDwS3}ti%PDVOX~wcv9CqB-wusBwG5P14(RN<x}d`ik9L@e8;$G>3<F+
zT8hXFtOvlW>azOO<Er{tx9^e^ujqx){IQX!GWDhRxggw|w*%Zeu$EnAf2(ow*Meqp
zy;>o(VLs?n*wvS!g?9X3WFKAvux(1bEU+`#Xfnx)JDo=yOcS-9;xkk-pNHJqI$;y4
z;BcH7HjRw(G}V*=r|WP*l+VtvgrhTo!*X{j+5l47GnD_tbcTC9IC{A2)H`}u4@@%2
z#vnB`dbG>n@g}%CH>fuoy|Wcpi)Sb-@M?}{P<%QTRhPkXYpLK)LMLoxJ`)`~_o2lc
zmivzxlf|u#>{x{vif3n?my;TUS6zD<4Scj-F@#DjFYjx6MDPniY^auBj|roJnk~JA
z-wm{8-=yy*SD+07&3BV4kPZl3#YL;_K<Q`tuo|7{wfs0O+VKf_RR$n_F4x}|Oqu?8
zYliiRf>qmp=cJip;!$O7oZDr8T?TOOBkPU&6@BKt8d@*ha{!U|*vbZo<69|$rC9$;
z&^-B<jyOtzBAsCT!}r=;<b^bpRJgGLU<dQgoX6sSBSKDA^etp3TZ_mAkOkd`Qi;?0
zQ8(EP)sMqj&sq7Ax$Ji?=8|J2Pa@_*#>7d0AEGyhi3L!*+z-M@0IBzd#;%<@#Ivn*
znr=+?LM=#V0Dfr3TaupW1c`cwA<TFiIj8^|bsP+lj0v!v!7J7Ym_)X9^LW6|ZJWsV
zM9O^{Ec^2{B$x-1Wnz2KXXvW0JDe>hM6bjOBc=sInHw>rd9!pyH4hleQk3DxS*y9f
zT3c|dJd1plrAA(p*N%wP7sA*||BGwXf4JsaH`Awn!y09i`yZ@P->@c(N3HGU8DT55
znC=_0D?BYY^onKztQ(-H@K#t<f3PgVFoj7o2~vM1LBq`ZCfMW~_<nQNWUtkT^_>k0
zd0WHpZ>baLJVB+mMMg%N4deg`J(FE1u~IzrbmQwH$^!^?_6YG23bF*IR63nx8bgFV
zC&iDigV=J+5x^7#$lWwCD@__ST?8FDS%QVpz}B7CU3UUh2<fC48|aqx8m2%6!n8!+
zColFdTQgDTZJdJHA;1zm0{<2Izdm{zUL!w;9e1m{VE4&$4CoMsmJg+Jc&X5s1g6<_
zPc9JUbQuopQf@iOo!LO=APl7xV@V8dOS$M7-<U*k6~D=H-#bQSP5%`CpnUv6)b7#B
z?pb05YsL;(1VBkr$=Tr$<R?^6=q9NxC*=of;ZuAD<K)YO0~{Ix?<gkaOh1z?=_Vd}
zY3XN%C;4|f!i0Q<$bgxJRaTo=5{+Qt17x%Eg{`A?lfq6XPImXH+oa3vCr(|e4gp**
zj2&8q-BI=mC>6mj8p(_zQT(_=$n(<Zc48r1B9Q<;yoE_#%$Dpbr-$^@;ka>;kEZYj
z$oqO0(=(38j!;9TtA5j?@FcJ_?NTiO+*Q)XuE|NndGwIFFN5j8gLt;|m=)=TqN$MQ
zk`zioqb*U#3F!-|KUQG#*0t!=m?5HTA6cfW3QZ|u8<Z<jKKzOP>f88GF8$^%(oE+@
zuMwa{cQ}`G26s_)I2Y6IYJ52NH$>k$q<0<8$U1_zP>Y@;$^$`NkU#|Iu@2_3_f1Nb
zU_pLzxB5KADKKFC*?Gf)`nzSf<txP>Q4et~VJZtS?g0IR_?99|%98|Z(qb>80u2vU
zTmmjOK(KAvU1_<xc<FCCfc>0g6COp#N(qR+23uQ0F1S~-doS`w(im-amIK34fhrlw
zL1~gJkuK0qWZF%HxyXmW2nyY^6V5a{T^difh?$8&1>t!hoivB2f@HkFPb5x;Iv=MB
z3%vV3X$-0t%J69esB+hQ4e#3R&oK*?=_q&h@OcWES#m9&C$-N@^e!_1AO^4RnP5H`
zrxfDf&1+yn0KWw9;Ceum>LcM||C@kkn+M^!PyvPD%~2p6{nM^klb#oMUJ$=r5qyg?
zI2Tp6h987#a1$wLr0o`ke!#)lYHZrIIj;0>#;eUJ$=PCrjK}lNP3}XlA<qpL4weUQ
zi4TQ?7@ELTK(Je%j_c7LFfZ+o`=B3gmR?Zl67>#2bfh%oy#BOp(D0gTHm*|$!q2S|
z2wFZ9fHp(@#bsr<ATN;6Dbo#lZ`G#=Yt!M!Nj`ml1L9XUTRR+Q<n7oWH77Su;HIcv
zCjUd#HuoO$Aa+=6(z=5)*ZEbS=jhj*FqW16;<Ja-*sR0$cT2zuP~$xIE!bGq7@K{Y
zYLr%d3}B9<5Bz6gj>WtGK%vU~&;b|yB^M{E87pe&(=30r-D8EkQ)WSJL#4IlJ4Uj4
z9Q4{T+s=scu$03}N@RCSGD$Yvgx5~+E(!__ppztg9IW|KSTqIxULRgT7gnA;u!nY*
zG4hdq*VjV)P=*aKrj9}mpZ&yX11$&^8<>_!1n0=#gJ_8gPzZ<;+{DpVKtOz7YA;w6
z8X5PTl?v_=ETz+}D3cJTC~cgB*hO&1v_!;73+P<ffb?*LD`NK#0y_)Q{vDKHV1v3B
zapz?0mJzzF2Fwhy0tNzIW*p``#*>{O+qBi>MZ}I_2ipPg;pU=LU@Tw=psn8ry)ft9
z+S8eeQ1G8n@T%C9Q=w8Qh<8Ab@f<U2z47VzThdc1tCpprQ=U*<1z}{}HPDutt;==m
zjZ4vKAR*ZoUOk=O@U)B41tX|s_4}9hgq_9Z7U(QjFGaM6EwCnhmW<B^Sd%<!K<K2Y
zE8t}yvjLbw^`F(=80LS*T4Zx4)Gc4L))}?lxbGzloZPL)NSJ(woLLF(RxusywH;9K
zcMrs6u*<4SJZWfIL?BywXYxly!DSBgCuXiAJd6*K1wX?i(Lwh=T)bYA(JdbF!9j%U
z*Qa5GMn$JUZ(ucxfx1w>N9-)8FfJJ`WUHmWS_C{ng7ra8;z;#@3Y)M}ywel48%J^L
zR7s23HTK)<XYy}-q7Tl3RYgCzkhY^1kWHa-YD*?=Jf{2RB*VmXx3Yepb+!7JuyQc#
zqVv=z%0T;$+6H5%GH+?E6e>ZT!8e%Mo?*+-w3~KJ!5>`aOvE{L9Ofa$q>2&ol81Zz
zSOH(!xwu0fjwY(Hl3a*)(SLxRjUkrLwb+HY4CVt{CrqPE!<~ixQseO9XX*NuWfayg
z3g;9U4Yrq+oN6!8iF~cv;VSJBD^>I1E45c&B}rXBY8_##w(dOWHfxi*@T$HG_M|R3
zE>Cxv9VnMc`r#AJxP$7k6Qb?L_Q=_vmw*P|+OZS5v6BEQ;N3v%0SlXle?Lr~rW3Rr
zL$_z#!q0l7qL_3~wgQlS7+2_b6sMtQ1rf*rjS3fl?)amF8%$qoLd$}$hfOz#0_a^S
zT~Prw`9tpO{=OIQJ#3y={P(De$WPI%2NdJi-}YNmwJ@R?W>Hdt!YEQU`=OKlqkw?B
zwT*eVm(2PTVN}Y#IKuCt7tt@;PUJ$CO=+f1<n(RN1HoHzUqRE}kcgg$s{_<ad;x^_
zaiV5nv_d*tOJSQNNYPNKSMoLZb%cmW;hF3`LR9Jja<Jpj4U>AsttPx~jNtXG?p%a3
z2}=YtH;Fhuu^kSvsok1(=+t7WCBQ2Fo&cWT^W@&i2;yNIMaz?)L@d>2LUIkowA5{w
zj#<YIXhYmIW)^MqD52KJNKezo?Fi3j?lwQ_Qns?tU(f}0sIIYVIT^)R>#k1acSv9M
zu$A)5o~wySX$le)j3ib82j8<{L5N0`Ky+V$gL54mUx=&K{;--30S{7;W&nC{rJ#p1
z%M0uSgIi@3DcBfH-SAjwrfY;rJ?lc`=f!zTSf9@>qVj2S<JfVC@PFFAb&9{1W&D7d
zK*@yDNg^YZ30G$>)WCsa<_4Z0V@6&WFD7#LT|HL~DNqYy&}Ou_xJ?j7)0Ydz!{Un=
zaj?$DUmoQu{4m10J>1w90K@g&BsZqt*k1h}s=*X6!e#2VF*f34df$)lmDF$RMar;W
z@30%~xayP^9pQ5(UF$hz-esoQV(P%8T-)x3vPfb7=wR$%RC!LM4whu^8_Vh;J|S!v
zhWz5-N?mM=?$c&7aVn;o$0r!dtHMSYH}%sMi-@0{LxeRz!yc{&T)tXlV!Wa(vBl0i
zL;+5>W~#YBS;9t*Bul$sVbTAILE#3vdhPP@TD8$COS9&)x9f3RkWUOXE`X?F&!0gs
z+(j1DY$^Eu_F2v{Gg~Ktaoge8ua-r6GyoY11%J9e+uFTfge?A+zN%z6t~#08u^<-G
zF^^z*3X^yxx$KJo;*M}+4yjN$FmbU6C56$T$7kSvh*^F1kjyw)a@1>H`5btHwNeF!
zsDD?O`cT^2BZOKD5dC#GzNAZ(t9AF#{<a(l%D3p1D0BYBSX3=hPP4nYSg2^?zS0Wk
ztHoQ;isKXPFsmnW4^BAG_iTn>EMqCg)AP|^+6U>TdY-KWuw(p_jD6n<N*qeV*fnZ`
z8E*!Wtl|V;`As5T-8O160__5tGY%$n;2)>dpge;JLG(its<ZG11xH%<6}6^0(1L0`
zf*xxyjt1j&+|@a?Q6bOdqt-Y`<Zo|lNLVNmQop5(jO^K!F_FSE(wwr&{tgN@Z<}On
z*Z~S^iTsr!z+vxjfwJhs*L#D?Uxj%V!A(8QWcSe$(jlcNFUNai-0hTDi?qIf^UbN%
z^#T$?cSBtd?l^9z5p=y{^X=|kxDLqHv-!r7S~tY#+WJVkJdn}PdrJC)8Z=7^akM3R
z%`W8!&a<--p@+|d$TeE$@{b5MB7|@@P0Z%yYc#tofZ*DIlu=M$Ga5*n!GK@mc<=*~
zTO=F?q!96|E0`j9?7+Kebn6}B1i=#@+{cRn2P+xF1zykJ@l_;BltKiqHAfZUE3IE)
z9?Bev{zV>qkdA!zwfl++b85E!_9}P3D%_$Cf9{Zer9S*ixZV3otn;vLaC&{6wHq(8
zyTZBf224V$B-N4iQ4$$kE0EV6k49wo`c)cS`zg<<xQMcBj!;x>{DvgRS$&;saYQ9|
z{<^rJ+eRd2h}Z^<#0z>@wCM^5?hxDy&o%tqym=iq_DH}eecu1_U%`c=yEH`cT1LLO
zB2t}iRD8OnTMV}+-2C^1-b+}*zlA_`#ZL(N36MkwBa{=0lFc#&*mXA{Qwmk)ZTyoa
zkt;{v^KcZRA!gii7W(kjBevE|_|aRy$7J#2!2G?T-P6-^z00;;0MG;N+9d5bUPH3&
z7VvzdqY6n|S#5JCtaOS1jc(rLx#zQ^iCm@IzskM2qlr&jx$b~yVZU&3Z*(^gbA=gk
z2SAdem$64gp$8Q%1VNleJ_O(p5+$fj^sSl}>`lJ~=n=N8VD431IX<(0T8&hyMC4{W
zRFp|-Adu6AOBP)H(%nEF60X_v|BOLh)YK*9>N2U$ao4+i*4rHZJNs!eJP(irNC}>P
zDPWc&ZPgyAw;BPfTdQU9ZEBg+P?+l$0BJ_YM>7G6tAi+XH8$PsDjR6mZa%e0Y6w{w
zv+oeIZzGn?<M@E34f>A@aO|7%y_s8qyENqi=?!66Buj4x67~1n<B)RD_h8{$obmSs
z_0$9;&;(&z9Nq>EouBSjFR`$ro^@vqqbltM&zb>}_VYKwc=<<f#Gn4aL3{r@fGW%4
zK#u={#8Dyj{Un6>FTG#~dz;HPa8J4|NZ-#;A_|R1FD5=}q2Kp}Lhqp*8x{=iw<U~j
z11?R?BbORzcx5<~i6jmX=JniuLpQ;|A~bpHxgMe+n1(~HKueTgE3xQ(;~Ipy1uY8`
zca{)+znK>hx<^o(P-!X#`UkAm0djdfy9V;Hx`%r+RlKA?ihz?5eLl7n&$9Y9-;^%$
z(Fngl_kc0*yNuop_cW$+y{_%cpV`~0EAawnh(1l5jZk@QmfCXCX6}fGJXc^NzwYHx
zS(zJ&TK%H_vBEAz1Ux;^uSE^-2DPEZ^D7<eD{DNe)sy`#>cfE(ZH@LF0}PO9k3}z~
z@ux2)HL{JkL?A?T?VcmO=P9*n5I44pyGC-QIBG5ktnd#PnYdd>o`aYD3ySR~{6XXq
zS(US6Qjh4lO84^<Q<M9zvKtvh9>L)Tl(u{q*GRa@g|;T*QU<?IJGEKaRubbjK3YiT
zzrjK+#`B2#_?aTUMx%9ROaP>36zAEb1pY6V2pn<mLN_-Z&Ip6;n+tHnc6vj)3i79d
zSpE(bAMe4A%c`|^16vskvX@m4?8=*IaM!{~o9=42KW$~Y_N}_VzQmqjK@fN$_R0)v
z3%mAi5xOiZ7+)A_sXZGuQW`B#vYvcPm$lM@%C%S3W^q4)Q1)G|tpH7*e|veakfEkT
zlKu=9(tC0!CPiGRBq46!c=#CD8*7*94vEVk$MM)Dig$rvJVbqwyX!k474R{%{D_dG
z`TE*;IcYu{!5KD6>XBB+k?oay9T)@4O&lfJJB(0bh;nA7rR=M6qCR*DLDo+cSNQb~
zqZB2QXB%)g&gbA3kqp?>q^Mm^Nljm}4^Y_V;k&%$l!LFM1nopNCmP&&tROyV#=S>W
zkp0^?#6$zVf5PE0phEG|!F8>N3(c19jf-n*zjRw}RoV-sEK9hnfOkr;2|4i#b&D)2
z<?QdBt?0!ZK%#KMv!yWz&GFBO!s@HN@SR_9UbqvaU2)o%<SxK{PiB7$D(B;FyQgb2
zDcNG)Sn;Y_k#>>Y!%(zeB~36yQ+Y;VX${V2tkU2@3&_s6+RSWD%BN{D-<Jq^35?F)
z&>Swm*>=XmK3?l4wPfE~?Wto8kXu01DdnH&UQ=?9bKX~^uKfUDD(k9|$auuP)I8qh
zhf$IxSj|o7fdMWJI0j2HRGnVartLrfHvRv(GSw>G3h2Ff>2d6SLL)oF+pWO@Wu&5q
zx6%94qnM-RVKYPTKLp1&f0t1=<qOYEYu;!)bF^srC7&^3F;wlaCbyDN_-$VRM^+>}
z4z5m3Vhw0cCirTLn*giPS8p5sL&6WaBfww~A&&%&<|{h5noGx?ld*!fy^=sR5;c5G
zF*r080j?8VT@8Z+_C}ZP(|+u^C<H6}OgxwKDr`@6-t8SG-~CO1CAeSf<KPey<(~TK
z>fW)*9?q}74UZx!&y2a}hf6eQ?Z9PB>24Z2aaG*tDJU*ZgX-f@qZ1xGK+OS94M3rX
zIU%U*x7W?(M(i<~8nt4SK~_*x#rF5b0*box+-tBOJfA+hCpl<l!T(6u(E%xc4BNL_
zMZ&%6W3YnH&B*WkbUU=c9iiaY9;*b-UVOVgw_`L2kfBAEwH&{Np#hSspVL9(g|~K8
zx~)~0K^CG7)+6pY_;v3cV?Q#3<p376m4|RwVaoa*2tmBmdM;ZVC@cxT$jY0niJi{r
zr#pTuou7vXMxSupl><Ntv3z%a<oh<Q&m;5)41iFr2X&-^?99el+F3>@n94IS2r!XA
z;*etvA*QIgR{ZP@s8`$^bsZn^fjKsH?Fxu#xV!7YP6V?{*GB-;$0JE^A_0t)j{`zF
z1c|6Qf|*P!IVH(MK#q^6@zlKVlmb#!r6h>x!(t71MkF|o8^Q%fB-(!k;cFYyDwsH8
zi6Bveh9zie)eW#{cPIS2MFl&c8%&gZM#U>8m_!MLlM0xC9Hf~5CsRNv7#KL#nM|0R
zBtc`vOCtLUCE63WQ@-kfc>s``;%%qa;69T{5vUylNMnxPv#y!r?cfkBmSw%j9{Lj@
zU)?u8!Lou2O9!?llfNzz2;Pw$8m~nT;wtu|CQgq@2$s+pi&PBf6AR>!oQ-#b8SyDk
z!nh+a;1WqqtB(^-_|ATkW&-e%j*efNjsc?_IH-rk1=<VUZKe*-_kapAVPhr+``^;$
zhmdjUeI)%xC6x0C>DFT++zbZ({lTY6h}iCV8)?{kDrjNm;<yM<Kc>m=6)DK=?cA^@
zS0+)F=B$0%@5vZ=_R^0L7R9AzDvgIno0Ki{kod0ae*S6I2QAqNut*s+*bjqzgU`ke
zS;XYy$Cy!#r7?$mWdaa+ti<2joX{Xa_(qK@FyW{>=|ZCkRu4kHGBBYdtqZZe#fB@w
zA%Nfoca(AchMA`%;-)MQx1QMnNf=+GMA<E+7PfoODi<C&YI<){{=2F2QxAXktvfv!
zSE!*AW+r;NJQ`a3@%MEui#4<1Lee!}=nh{7*-N%pBR%PQcL+ei?BI7xmi_+H5n2L}
zI}9xmLMjDO<&CTCgSpWsG+LSKEn}#fqJnsV687KWB1pKADW4l`p6Eytg>rgRvVuZ?
z>P>6vMMw+7K%>7BWhy5162EX)m!s<?F%K$BBC%m;zg=B87%q-w&iR(J+fT%xhO2*E
zoRRV`+k<~?>y!aA1zG)I)dH;stUT&|^F301&4MW}8%|BXzHGYptFuO1{A#sas~Ky{
zdZGd5^-q=nmK6jL#Xb64#p&6Z6W+Nxt%+dTYRVX0HV;K!xeRHG?Pj;)UIC>ZR;Pov
ztnCaYJ+&yZuq!sp<c)I5R2!;ecT(=@?wy9%B(L`ud<K9_#6GQEJgv>blh}qlLkgz?
zbMt9e^zJ3v0>Dmr5jD%|^o$qn)`oL@nI&uCnIMd>Ol%CT>qu&o+8gNLIXk#q#YyHn
zoZJ>l`2#Ou2vJ^}2+NwztA?lLi<!!RRUIq*P6*Os+o@pysII4oo2MSxHc<2^os^D@
zMy;C=MGshDjufGpJ7kG|z%qS8resK{JY#p}=uGngpDTq_Ya$-JN>e`iBJIm4fu~o2
z*7rh^ajFEB?B&mRtwGYWr`rBE)UTf(E)}28#Z4)wWp$jW2h8b&t2d0x78bT~I48tB
za)`^$5SiugDo3p5eN0F0Vq3QgSh28iN@&86fd_O8_pW;t*~^`M#PCr(VYSzx0refN
z&wo|fPZnO#Rs<JRFk7;Dk*qW=o6zablX!J3y7f>Sf*p0Ss=x*0$+P?f@TeH)^_N2a
zvyS8tn9ZuC#vVyHeC0(uQg$9Ne`RBEqV>*5cDeDTPn;1ixbq#45uwV0b`)ZQt)GHD
z>jG>nt}?Z?(H6pE9~0aQ_^895Di5ofGGAskVl<@!&-n(mH_IJxE|#OtijMSU3pzq!
zy_a6D7uzB!DQhwN+-0$!TL$NoLB7IRc2Q;T9*xP4Un<C)i4@ZFzBFYYNTb@`nVFyt
zv;2*5LYL$tv#_Q^*x&J*PuE4CM-g@G$N=akXarDJ(`x#5LYY+SA)>#3)kac0Uu9qZ
z<u#!k=Sxt-Qc%J{!Qde&r@@5RuDsHOdBjwBucD5{i7EG&eXt_J`w1o*L-Hvie2@M<
z9-vcy=!d?Tg%}RS@GJVdSg1K&eu%Pl<_paHv#-oUL(+eo3NdPdaz@vjmA<c>S_uHE
zV>F?nxrWhPtz{2IF}KK;;pUNCzSEd&b?)=XIB3!Cjys3@veZ;j*3P(dW(N&d8K8vo
zVqiH%uOQ3CiXyA|<?XPI!Zn|nEcL6gAd#%dAgq8Cf=$)R@P!n?eWcG7uB8Z+kzrBO
zB^sefhM$4WT+)MoI}H1Cib)>l=qY8fJs9wrnEAq!>FIn0T}dt8OW_K0IjOtO(!J*D
zYj8TAZ!))%Wcj?mK5bOjPw>T!ofQhq4R9KpA_x%V73wu7y9NLEB0iRMVB`#M@&Wr3
z-0`kqCMrvPh%1LSAeF&I?nXCi;vV;$MX+$oTrhX1NRZ<+z|(hv0tr?Ihj`dk{S2Uj
z`_Z<3nIqWB4WtUlDdvP8o$aY_+@|ijirf}N@qy)Vq`%?mDYfg;u%xswIQOVAS=G#O
z*vLVgx16-(o|HTsM++X6i$ZRZIm0K~8e2S<5fdQX;zgnws!7g410R?1r@fTG;OhAy
zKfSC<MJ(xd3d2n5^s+CRiKC|$u?$#esNM+}Ps(FzPRdyi*F<T||J@)(pbP5R<zI4v
z!gt`$x=qZmHn~)kx(%VF#RO8)e;Ys48XU4C+%&Bh9Sz%$ClG?602J+$2_L)|=rsbq
z6GehqIa~=h`JM!8_*?39&;G_b4WfPwiDBa8LKf(|KO4K=NrZ%J{!s|!8VInQji%~P
z98L0qZ$IhaTMozeO!!&GeM``;GZ25YgNp9A^?9+u)cx8}31RAeht%9u_(N!al)3lo
z!HzrDm}Jc`cnO}(GB;>LdFzI!nAHzd>Y$CEso2GK9nCq={3t&oMu~%ip=|5C&*%g_
zLTFq3KxqCLgRTw2wW^2OY#5OAVyZcEIfbsbwkle`<%`<{)!!dcME>9XgAM^pU0EzX
zVJ#F?3ua`czI-C~H!@no+!&`+-i!|#wK5H%NbMCn3aI<n95vNS1zO<;%ftKo!O;We
zQ|OF-3PX(1xnoD^@r(@W3V@OTYKT*wUvuLX#<Q%LRXlBxx(hTN3xGe?{TWOm_YOj7
z&vi(<&;m!UqP_}TeOS*O*BO3W^7T<S*c)$-mTbY%IGPM>iJC+g{Dn_$wT2ZT%1AAi
z*JC!zN_?$%B|M&3e(~1GKf>NBoiat92Z0bpFHf&Q5{4dzYfoUg&F<BfW1ZYC!~vZP
zaT)a3tX#saHh00)2CyUAzCMQ|)IYvj&_`DYCC?oqe%I9Lp)9cuscB^S$AW>La8zSr
zx`V%_hv?(?>#5P)T%R3E>tCadhb=LBqnl2A#^O~Jv#Qz+&CQWBq*eR;0q3!#Tr-}x
zCZU)DH9Z&j=xX<0sD?6Y3U*Ji>v$;dI$$Ql&b;?00p~oxUVy0Hk2D9%mc7-#5GOO{
zibQe*hfH-ZEv5(QIul@q^w&O;J|k0n)xCGt8#!n5a?mq#>T_kt9TNC@s~gR-d+?1B
zf}+IPC<F@kH7ix+S<xHU$P@27V%QL9XHt{(@Z53pQ=_~ncLR7xzK#w#GWet_$Xbrn
zCOPhK*NDt%3IO*&M;J9s3q4<z8oVE>p(+o7_+?9NPi@ifTRp1L0#3Z^lV^(l8Gd~3
z1Y5tGltEZoP(31vYbK17YDpg9*fbed2htkyS-y5bTlBHs!}%CQkP#b*Rnkw>in>S-
zk~q4SMEGo^4~3-@1+daT*(18lN1Ol`-bKRhpKEOlgn(*ofExS-HoJS(n@@QQ1}S0{
zyc4f4s4eiunveMRrk~e&Fh+&9;c(lCB<+b|u&sMnqTCxN<G*5fCD8sUZ3tp<oC-?v
zy;JZ}xRXW#A^Y<@CFR97Z;Pmh{u6y&v|Fx?+$IJigTb(e2;yk8&aXT0ztnup3eG}J
z;K6++*nos6<hMD=;zy?JO{N62@f%gemT?k9t026YwwevG0zu-ucXONh3TtFd=>Pg&
zq>OwNhUie}G@1J#ouQdBBd}uWM?0Wrvu5aX0(di^f>i%g*<D3d6|e0AM-h<jT(ltF
z-7O$3-5t{1FlEu*EV@)cO1eW@QbLf<wdn38b=YzC`Suv!&6!v8c3#Xe=KQ_S^Zv22
zQV<+Rogm2bZt8Wq8<1XADN^vbjtvRhFU#w>wI_rChqWA&lsyb~5QFF&fD<WI4kGCO
z+g;Gec4KjiWf#z}lrG8C&VJPs7d*cNTI#W?ZpLtFyJ0h`4?wBUvIJF@1kw^!-4p-n
z4r!-bnW0cy%dsHC0TKm<b$B}*&;0I#VaE!<$lv!7xt2SKiyDUSO;EeyRh1df@7S)L
z^fnu6K}VVBwKJ+?E8A3n9~+4vwdF5UN%W1MhgLB`Y7Y-$D<cxz;R`9@bH!&L<+ft-
zQek490{8~pZ36T!_}xB1UL$c>;ARnJ&k?Ak5)wYTY~x2UHX9+%A%ckdJTS?5i^p@w
z^H)k5Kx$SjR=v3C?I~rQAl1?i78;b9LMht>3SMqYEP7StbiQ_A$&ue<Fi>70m%m7a
zD&rk?QC^ri&*W406E6RKIP0};<w8<#Vohzwuckg)l|ep(OYeJJdV@sMq837eU`+jd
zDjvM1B3Rs9!5I>2_{Ib652^Q16wFy;JPWMpfMgjT$3hOSw~~Dg3*Z+`;$R8%h&NzL
zT%wI}K1b;rd2})$>EnTNWa#0IgfAEFO5eqwG{RAsRm@OWgk_qhs$*wR<JX3?#3%|O
z_}1*}p)xow5_rbwldI(#9;cx(pS9y1AnRFufsGIp$Z^=7Z!2tN|H|iZ=;ljjz^Zt@
zIp^8P&a0{Nu^ohaBmHWBiaEm7p#hcUdG-nl_8z`5)<kijwmr7%N2}g(gkm576*|nw
zoskB=>7V(jnsVPOmwS~R<Kmjorp4Dsp>K%e{No}v3VZmuHDRMN19#kp_p~)(ckX!}
zFZR%O*VnWQFe0Pw7wJuy`<~vks@-;<E0Dhl;Q#6&EpQN(HQyxHx#1(jpCW=%Di4<>
z>!QF}8x#SkCQpP;AlQ}n@i>T?k&5{~LAQK2_1~<0>2BxTf1&$7A=F`EOSrsK=qE)l
z8}|D<bRJjLg?rER-MP3xgvW7toeTb<L#>ZCT2tI-Df;FkKduh4jfoz<$+oUx`zXG4
zzhm6I7`v1s2rDKRjBQq7KFcv+<TVtBXkL3=-wXm6zmL>BTr7#-h<P|y7PA|2Dt&o4
zEvHWaOVI0P>S;WOf5%iblSpEad1+nXB?}qps;eqIUFO@DG>*Q!Z;+K!GRVOcLtE3*
z$G^D@U^NQml(s3CV=7$Dd23lCuM`r#-^HsBigSV5bFe0>!_caSRZx$rTNomFCT{Q>
zG#h}dO`(T3`#L@Gf&usmz6Ch1@F6v>&p*pArubMp259DUkDzF|7E73=j2??&7N+Ng
zTWSWHZ|T&cK@FU_o`=w_limE1GMTOq*UH=;9Y|^D-97C7Px%(}8>;tCpU0C7B)~r5
z_(&8A6wD$TBBS4Xt)(CnLzu5xf2WxD9-#rPETufSLx%ekmQ4fGwL?5A&eXEyb=*mW
zUaeMiQO>kQRm7iTxKfOg(Z+LyR4nOndBJ4s9|+8LB7{cdP{}59H@TA4nTsXR-gXI4
zso7i<E*PZjk1Cab$b}6iitza)H!QX#*)?0TBtb}MEw8D^HEJ;bAXGk&37Ed{m1qME
zHXgiX=*X^}Av7%Z@(>Z<$qW=<v*Cv(^UJi28a03N#id;q+}DH~4dk`ZG@nA5OKD%;
zXQMY`m*V2QO{~b9G=Gjj2<>_i+@7@C(Ne^HvP`V$(?ck$G5togC^jW|9lp3n(6QIh
z2o~THQmVRYl<KL-pJwv^>J@pfi3Z5>Av7c~k<LGl1>^-4bfYLr&3d6=-y}-e!wBpQ
znPUlyA<A}c!zwC-)VIO!@r$XepKck`7}|(mtzL$bRj6qdV=f8LsNT!E&=6&lD$n}}
zqt$2TabC%vD=MS?sr||79yXaN2sQaH(-)!iY}YCHhv@_VK>euy9rb<xKT%&nJ8ceU
zRq7+sx2hKw^y?@Dh30Und+cUnWNoz?vo-tLUnj7@?kX&U{g@NYYk@n`CmxH`%!&jc
zmar?k$z+3trRw-l+zFhbgYBm6ydkfpPEvZ=E3L+cvU(W$c2WGYgr`7RvZ0NBmwy_$
z<k*vy)h1-SBK$|iTjZ(FO3UX+92FR;P6E`HZY*&fMFw_OzC1RE*i~i_L1}2#kJ8dt
za175s(OWBx{nT`i<GCUDVErFMzv0b*C&F77aZ{(8w_aP(iH8UW_x;G3oF1dxTAycX
zF|>8Adeo0S-E=AKBiON{=8k>FXvkHJLf(_h_t%eUe3u?w&Snn^ljrER$P+wV$x`6!
zkIp@awl^m##&}RS#RxB4)S6XYBfqxN+_QHtb-8-}ipQ{0Il0uXuw{~&Ez7V6Hb4b3
zo@tZznB&IdyVntja>ryu$s#NHG+Ps{jM$i?<PEdp`~iLTAGay5pQ3vM)rI<FUDq5G
zsPK&WmO`5<F%(UY&1$gf7b7Y&g-J;s_*-bSl>BLROtEGc)Ws_7PCzz>2iUdCQ<3G%
zA6fJUJ42WZ+w9H9!}zLoJG4{*`CW-DvbFH(QS?D$HNL&_2XmlsxUJ|KmQd0RE8^p{
zl6e#J)v(0AG2Q+f76pgL>x4XDPJM+3qu8!5#L+XF#wV@l?Lh`t(v=j-&EL)hIe&vj
ztpYUFhlR7_a|PnuKsMMjm>&>vSsRl+?<FZ~6K(L%7NsWfi43YL%{~I`nIv{f6|u%Q
zbM@8g?aO7fr>q^y8ekKW+SZ+GGggQPvL`npF<c~CN<24T%%^@|EJW8F7|XQGf;`VY
zHNd2(ke4_E>Q;G{+?!Wkpu8w<Zj5QRdL3J=Vb@nL>u<G^Dt}M)tuL#fwDIgbRfr7f
z_2=49W6N+VBWlYmNb((E>@;67_)Eu%`R8b8%pBQc(X`(Os?>Mv9A*K&O2cZ%ul2Fq
zxw(p&0|sZtMA@ZGqVHp)p|3|#S<8<|f4SGz*?JQo@yB819qq>)5-1H*ZOWpJii?1}
z{w2@T7u*tOy@&xi(AoS`t)2WM+Ve58@7E9aw>+RfBVqLmK$(fgWi|?3OH?0K_>>7A
zDOsCWM8wXo$-*0L2RkorXWo;2Wn#!XN`6X&WNpg6<pbQ95p}IO%+D^KrWKz9cC&9;
zu}*}WA6dQCnJ#^)^ajn$tPr`nO63Cf#?4Mef$+6lfi3o9tvMB^$v>v)sm{Vx;V9dr
z&z*rkY$rb{fuT9AX_EuR$ST3A-VEu_ZvMBT>9JMwbA<J4Q%$LPP*lO`h+4F{@%bj>
z!{V)%bt9)yh%70i&|i7w`odGvPX!&VOWB4R7>+x)g!HC!Nxk@TuVKk9TWNF-efS=F
z61d0gXllzxdqJV1#*YI8P<1?YU(cq2{a3x(;EjLgkQkPNG=$%|s-Jy&%@g<Mt`a%~
zwZe%8YsEA0Vrbvf{!EPe=o-*rGatM8J6_anBv~b-$Wa(oP4<x(kKTnFNlG!qhpFHV
zc4ClgtP={Fizt$stT+S8MpC{VDj{89e^(;$A1t?_o-h9}QVMGNx3V=6(8PkII_-0L
zMIK-fx{8S}ZSylRh4(4!bl#zX(4#(4f)M_~gTtOhqRuE|YMK~&<In&_Dx^p3oY9H*
zAxGY@OZ{p8P13$Zn7Yrtw*k5$JJP?2c|v>e#y@vz2dkad|7R3wx{7f$X2l9c!&2)@
zWYJ*l)E-SPbe?-+UJg+=k6o@0{2HJ6>1;S731kiYqCI#!(}y204#(NgGKY~Y(H6Kq
z$v!7BUx>$!hV?ZjDvN(MPko6<A}@rNDmTmqWO^vR+Ex_u60LmySmn7x_rW8<@elRk
zoPLrs<m)nYYNcqt+_O`?Lj9$`Rfd|X1op{AtUMw~aP;2fbF%v@?|%r>i=S#25AIl?
ziE2F%eL0a>eY~WK$NVYe-t6WcmP(Hrk6ingwMgu_QO>h8uCmB}Yj4BFW(pk4F54?P
zFn!<rz^<iP+tw%5eiQ8HV&H6p3|ps-`XN`N*V&(kY^@O+u8}~F{;d)_t!NSO%k{Nf
zf4Qm1phVH`s7N0}P&b;XXp<9RXBTZFZ9?o`-?4;=KGifH7zXY!mufpofR7ZGC7<Je
zwd1H&9)aE1-H7O{amQDcoB^ou8y6qo{r{IIr>XwMlMxXy4Qh4#BwB>Ke7aS*3!sb!
zde(2#z68#Cz2`NOnp|kEoTcW)1U4hRIIE?FaUd)rk^uV(rq3QDy?;4(?=`-_Li?lV
zEH}|E(P`0(>v3@1@X#V6@iOGKE=f-hch>a339Ks{Py_ULxML=8-bbp<0HL;;mtF`~
zJ#lykem?AH`V>uz$}M-{0O}tUA^*kYv`eGBWEp2a@Ne>P-S6+l3#j;-$F317BCdnK
z&%-o4rt6<kN3o?Zw0i6+i^?mDY#HD{n(jSTJK;02%fS<VqLpPvu^6%Nc*v)0UlwbW
zn$=WA0wmN-$E+lwYeH-y6!uG6n3aYgm7#!5de%QzC6Y|OQ|vuoO1>TBO^g~$CPpaq
z&4?y5Uoa+!(Q!S}MOXD$d*(;dyZsv{m6M|{!l_foOogc+VY;wam({Cpf;u~AMcaEf
zMC3&iSAX}yXKK>sOM^l^+iPP3z_ktOfNJwy7_I-VpzbsSySa4!Wl%r^n}wpHL%54E
zx0&SPx~<};Cux$CD7srePTcc5&16CBx1$q41syy|cIknb81ZaOoD)NOkG}sT0oIch
z6u)qBKz+9v!OEYE>Vb-d7;ekN&QGPBdeBqoKC2^(7vMea^^jYWVwoq;gzm@=V7x{n
z$I(oSL1NYNW(k9%l|1~$e-|e=(?tj8!H(w*VeQ9!LVV~~JEXd^?u@xmk+tO~A*&(b
zZ;JgpX26aL`OW==o&*n|SUJQ<Q+_#q<5%YHkUUU%o1HI+WEDgsqpz=l;h^4#rjq;F
zntkt(PNm(F{@3)?wjp@b`G7lDi|5$d`d5<;qZsVtMTQtGm-D!NEKN5v#nFN~rSkD&
zxrN3tpNl?T%Tj_yPP!dULMEy;haWB}QPdUYJsTCYLtrO^XrNbI1tlPrPWINb`WbWR
zohmXO4^ZJ<P%>mNCp;irS(QPou*}64_OmippVuuN+|TojWeHD@QQrH*N3S4TPusMq
zI5{)e6M9*F-x-EVA<EF8!l%d350=EGP!kBFNKayl+;i}o8(-(*t5q@d5bLN&=%#&1
z=B=B8WbZ9WevWkH$a-@>XPZv9#J~L!_zyt35+Z{ql~{Ld&L|=wX)2JB$}h_r1jc*X
zPK|pRoeQUj`i|bIMs&ffG#TK;Tglk4u8mqJ^1K8(URqb72m=5ARUnh)|EEBzMt-(8
zkpGCy<KK1DKqy;iC_4Z&ItJMx;f5JvIrJA1UIur&=n=ZapLUTPV-p=%?Ww<a23N2U
zf0|nJk>4=r={crafU(I9gqdRIOOdf0Qk&A@nR~6TavTO>%ZBg>TvIKGc}SIu*H^A=
zyT@MqNQL*vLCA7YDA#;Fx2~Okz6{S2R}U4EthbR%HT}7%&=C$8dKl$>?2Bz5YM9RP
zNmybv8#+6VLhW(_t{fr8fqGhC&UYdX`RPbi=Px*d_Z}d&?dGo#Yp?OrOp>^^Fvfxx
zy@zn)H_$oJnpe*Jnbmlt)`y1Y`juXb+^2UNtQAJxf^4n%s4sZhv*eCqxQi%G%(aTk
z;8n(-`$LGWyaNCxn*|W_O4Ahm2}FOei0nrFCxjdB8_V{`i1}oA-WA%J>2=<A-k-75
zPfO-UT89e}=v9Yw=TlJ_QSz`cOP0XFsf+=BuIE>mnZq)QZo5Wdzs7Li7yr!u057!F
zs860B+zNj$S0wiJUZE&@Xb6QkvOAZ`=rP4tgWw>wn*yLPHObF?6grc|==C}uAFMN(
zXF$ypDhX2^rYJi+<m6vM#~JPg$^11T8f0hdQ}?W}Bol6G+TYwHYH2>*Y3#q^&DDf5
z%>VFw_k~44a%6r|x!zv0gVS7EvG(A(9h{H(jYtzD9Ly@$4O~$)<>}jKu_tr!$~byC
zyAjj$QUg&z7s^X@8{eml5^G4>R5AsWiINk~@TMBwrFDkLy#M;2P@wB??5mj)s`s6D
zep67{^WEBB6vH(p)(gs-h16F1xXEjpa91-|qX0sWa7cYU2S|3|QMc*7X>t}4aQrUT
zj*rg3-hr&`+jT^F(>T81gnX(827~FG?b(d$XCTdP>{sXJmf)pKXm1@O2Dxz+<6qTk
z`ier=&kYpm17nrcRx6f|qxD;N?-;G9CiLuWluav+YN8}P_p@+-UDUh0gUW+NAP4`L
zjq1j4IDsFl?$sRM^A-t&z`^JEJjnV^X=mm+0-rD9{HkjGITMd=eEKFPAHKO@IYj%t
z8>qA<sBtZiFX*$2P>N{Td!$@j>iIj-_4D!NUQ}F=^xg+RMD77rB*4FWHhS<qiVV*u
z{Xy6E+E<9EC3E-4Stsu%pB)k6Hg}h<k0(n?TCrGY%%@6Pa05~TRZM*PQptH9|0M~h
zq0HqI=_}0XL=`e#`hHUGj`>fPR<4Ldgn)=6!hAv*>O@Ibk2on)O#^!>{c~)v@A$U)
z+dnpSsOMYc+!gHO64J*pMfN4k@>lv);s|1W7Ag`l`i<tJPH?4Y1A_)H+37k{!9N+N
z;qNoKbw<eu60S;qxSp7Gp^Pp?9&d5JLpD;=|6SToNt9^Fd8)!$+Yq{J{CJqd37GKS
zGi$xK&~+W!zijYv%*{j_hyX{Qj1Q$Qh|aU3<&f(pwaX0fHWIg@YeH6wgEE;fKloTU
zHk>IhvEjF2FB=!rtE(FGY4M5Doy;qK;)uNxTAz2KO-4xY^pYX%%2(RLH%7d;7^TPO
zqn~bdvh|4Kk_^H5zA(mR{Hs6b4uEaaFdA1_W*Npu;?TeT6_SE~VowMEcq?Uv->6f;
zQdi8-&^9tT&D{Mm5?Rk#axf4-P5bn1xs7K>5wq@l2x^~b-*=@=i(4-W2xjOv*Sm#!
z!_77L^@qysntPp<{V<ixOfuJi804zl;O5dBg<pX~7H009J)RT&o<u_@%77Mv?RE`#
z*$G=4#&;N#zB;zy9(*iHATgw=G1uAp$H@V)gY9Pf{N03Ic-3B0gipAlqY#^?&*VW4
zsAMm&V8@~1dB`jfkG))G-y0~)kIB7@VUpJR(XQXm*Nyd1<!ju-x0)HzNB^-W=juk0
zq8HbQXq2aw`|yR`^FOg$w7^|zT2%~VK#;q?-~CQ(=xFM5T5`Tf)+fZ;QvZchI1w|)
z05|;xdv^UHr4`xYOk+ay-H{U-KKR<moc64m=xzS=-YpS9$bo2_A5H686T#K&cKX`!
zF~MWq0o`4%=efTrUuDQy!VCwO$+!_UHG9X7^xx^L7qR+t?iujV=Tw?J=iF~+4$uWW
zoFQ+mAG6bQ6)sA3bGescXIUW+%DL=3O{inomB9yxGUcZW&+uAgXYl(D8Sa8fJ_*)z
zpn0nY`d#S@39&NV_{&%pcC<RtIzdUUP8o3(U5dTjX!skvY<iixXrhV;mKH)SX3Jt|
z9br^vyUV0x<sWN50TYJpYTOncE~!&Ff7#)lCP$8tQSle@MEK^Bw>@b1rH)8hx=AQO
zjXBl}*j8e1EXIOF^vESgt*x!f`YtO;llk{Q(&bjmZWnvgJ$lGGqfTBfD^R?ND5cLN
zE}>_fUqsu}dw5LUrt{^}gk*CR@y2nDu`&Hd`X~Hr7s&x*-XIs`>Mn*Z`h+$+>q<+*
z&0+$N?@120)|0cQGt(Sx>jbA2%4VIGKMEigFfl4x9nM4;Yp16Y*H3SJgbx9SL<1%7
zJC>|GM(P5+kcda9f}<igmKihy#O31q`hJa51xr53u6qij)i_wJ$-Z#=nfB`O<uk6y
zIlqlSk&6eO7Vv9Dulq-zHbRUp(lXTzMAwwWp9<cFVWKN8gbv8uXSryCUxMN|W%W{?
zS)cWnrOoa$>$7<NoAuEdN=Q5eYK%93Y5)TQ6TM&ih<`j44~8joRq&vKNgryO1)4&K
zja*1qJx>f<px0P7JVX3~-T>`f?mti;2&tg{FV!cadsh9AxBpUof95a{@E_Gj|Bvby
zJ*z(3EqblSKUM#Kp#G2lM*W!3|A+c)t;FSzyQ^uh=KEim&=Oee#omuiHUK4d*_CCd
z08fFW$pDP3hJ3z;B;R4Z5cjAPdV0wJb;Xy~kOn)xY&l)_XvI|+W{fJ7iHs@iaafp4
z>cQw{VPCnhVpE^Rvn?WR)_}SKui^E7eMHxL_u}E{j>^2x^ruC)?{LJc;4q5ape72N
zV`5#qsiiadG&|AY@J$`{TY$^T?=hy6!M69kYlur0s6V&(McapsJnCA<3e-?X)UW5Y
zZ&{zRs}gZm2oXz5<-=eio|rk44^v=dt3~0N4bi_3*e1%*wzGRa>w!9<Ebx+vpq>z{
zpJ-Xv@Vyc|YJNCb!WENCZ#<C^=YIR8EWurdBt|nK&rs$Md6E~aqJa94Pk+~eUx`e~
zJJ+G$K()c(v88byj1pS-J+(m&Jn$10)~NRPzP4WMvX*Gjl67NWdP~Gt*c8LH?-a2h
z$LI=w^hu&<q_LNWfx>CHFWv$T#Iz-<+eGsWb3zwVZsSYmfd0Y7HyHPfMn8*mt@5LA
z!MLb|-k<9tfxHQ05kL>>L&SfLJV3tG8Db$MzuB|4fnobJ^2ROma3O61b*1u+jl~Sn
zRfOs3yuvYgE+q{A<EOI>m#sYP-J9H-(IK73cTpNY`{>%+#qYE47JhS!;u$%#?jUsn
zuk~x)jz*~!IGdl}gPbY+vxAq#?)i_k9Vt3%x{qnP0#hq_qyWG3X=WhPHkEmDKLs6x
zBI@SjHK9(#o06Kh9b?~{GVbWgqZCPN4Q;^l{N$!WNK`+L`^rsYS|1Wf87eG~Y)?$o
zO;SVHV9i0t0o%)Za>h+&847nB+Dhaa!24>>+Tvc!i_8F51zJ-C-ePAs+44U~pU-#b
ztVJ?K<nb^RaMz<-cq(4{=&ohP)tLIGX>)xgP|jvf`RuHNC+8qRg`r;!D$6R|oYK5!
z3jT%&3(gMu8;#txlOXZJ<Y}W+?2K60=e2LsT|Zc)EE0?=m4QOTMWdLi%9<Em&HEz(
zQEfe_g;?UgLEz34_Q-p8`Sh^%M9lqa9?Gtb@DMfy^fSyo&JN1kuH)mqPuN(W?zFRe
zl+k>Y0g+P%KVmzz_(+kQO}<&o&c^t%xniCeyx3Rpfxv_tY8&(Pv^n84<OF)%cjJfF
zE3hKBi3sCaCwtAW=NZ!JI&(cCSM)Q6t&+7hWwt5=x`K{{U3^5kWKgoM!k_V#M#7)&
z@m@{?K)I%WS5DLwmglrED<h4m(Pag9c-wwy?SNH~dC&MB=Yr_kJVk0N>RRc23Cm;1
z(L|0<z-l>#=J=X`-gsOz@{!G&>?g9!Z6ZVxk7KTt5>{M~-0QC}_;1TJASJ11X$<Vm
z6ahYq2{IB*_loyijjC4aUK8bb&&7bHr?TM##6-gMF%C*9!ys-yD|(rIArT8fdBNpr
z%!E%R(M*-%KS(%TRe$>}>CDU}K5wpz&XR*O=YvGH?dJIpdLcIywFs4Eh3xLQ#PpRX
z{x^F4wGGam8(y`8pUl<t({w6)t;vd$TK{Bu&4l#}xo1^RbqqO{fY#>&yz3w_GJO?*
zeUHQ1SPOAq{=gEP7PFq!M5-<P&;jXMC!We>rwz0198y)ki|uAeE%sv=Pd<lL?c%DZ
zjhtrTE-6;-%g6`bWM%Pd#_FR<&dG#RN}BY6{jY)7?pGGITjPGx9B6LxM<>io12WjQ
zLRkm7_iXxo7?VK>xmm8dogRU~5fx5Air1BNxv}qyqM(V9?Cfx7nDq!W&c8}B^V<qt
zqAbB59pfM&pM8C(Y)(*u42$9@<J!RCM6U35W#>taJXfoyCPOhiA^c-jeGpz}CheuY
zvL20hwggn<3~Et%@b?lGPcevjs|<%FzO35<78?iCCs;G2=|?g&VYw9kA<YbM>4jsJ
ztxcbw9*@qEn@~1}+O8jD9FMHsK>z9lFzKiwQz^%iMB+dFwInKu48p7ZrEOnIu$Agx
zYRa5E?{MuvNIZOI@*u4EZIy{&<?C^AMitzHoQQNO=8^6`MK=J70T$l`wX=QMyVCIs
z3l|7-Uuic{A0dX~viW)us`>yO)jlp_+$mtk497nfJ*X9mF{h1h=wo~xYGY(72<f%*
zFT9+i2{uI74G*=K1@8S8$gq8$*bN;KZ#Ktv;7*qK?#nW8lS|yPbk7Cpwqap=N74mE
zjo-9w&X@}{t}MGTNS*_K-I@Xq(M)Q5*$qS*zIu40yc8gri1QWxm5>Wq@!;qf_QNN*
zLQ}|uDCGn6^xjH+2C+Oz=&a)_-4K7><sdT)-xqYt<UNL~-Q;y2j&JJ)i%?R|t(Jdk
z^;!J{#WeCo%oRADSYq(IWA6ycZ9d8KkvzvT@<kCm`5|(W1f^&@#d2FM@>#_l7IEL8
z*ywn3(qWn6bJ!~~=r;tc`Z3U*^oRR^FH}1&R25ghp`Q@!<oWNw#0*?7a|z@VlgP!M
z#)xGzaz=`+GJw2+k3|D{X+*CEGanq-RAbqWzcf*E4j!7ixEZ**F$^GuaM?U%$IcYT
zihN^#9mjR|$2gbBWLeQq$}Dc7`+BqCc2jj9{iWsD;}vl!5{VD+!3>AQGPnX+)4RpB
z4;wQ{V9q=P$-*T#76}~L*eq;7ErB6G?FPCW_0@YNa2mhF;0E#>e!g!$0r^O7^6$o<
z)x19bA#j}3?=*?KWsbXC<g$z#y;O)j*hky)X062%uUYCQHd4-YsLPFk&N(!n7&~^|
z|HP-1&iT23j19!Dt9FjYQC9Jg2~x?LDSy1|cw?HR<GdJyr@K0vektZ^#SrxTP*x{s
zN{f_&b*Y2kA0+37+C=aMl~keC_+#6GvFGXegLdbX*a3QKi}vhyan@5lrjZ9}RjEgU
zV{;w3N%VI|t2N`TVgs_GZ+&MHY&LI(e<M2xM=bm;71P#uC*B^d{6!D8#5t_G#WnY#
zem=!9Xxe5Q?lxy*UpgapiC5wstMByX(ROiPUMys|Op*6*Gd{gceZ#qZcg6K2+1gqV
ja6_f8^x`D};=j+3NG({C{qHj*Qcu_Tkx|wWp0ED{v0Lm9

delta 25037
zcmYhhV{|6n6ZRY1wmGqFTNB&H#J*$Onb@A#6WdPi*fu7{o9BPdde8aN-D`D!=v7tw
zx@!Mw7xaNw_kzPK%Yj2+fPjF&fQZ+_&*LJB>sITb`1isl41s{`HlE?i=>nMfM4HZT
zOAOi78)5}v2b4aMARg!Oc!(N2$h6l>#4D}l!~zg!w|RuC^#k~yz;ARWSoFlPpn#Jv
zxNpUi29YdAw(lEpot>${9|Yh7R}S_{wZsAR8BMoV5Mj?l!znAN?vbVgMxA@vb7r7#
zM-R!{*tS8eypIwcxm*SImH>-9H5;5igh=GUru3E#UKG*fL?e8QEI6|px!4n-lYXs-
z?WD?5Wz1@CR|?4ZT$OFs2zR5zRV+Z0V~o29KC<b^%hy3W*xCC-v?|uYK$iSCOnj3#
z`!@_6@MUzKRGiXUYL$Ai2TQ70w#=+^8_2&1S$(FB^bC|@>wA%Vxd84j{U+={w;vZf
z_7~9jpQEL)`+e^veiIuEHP`Z&SHvy3F$;+e?8T>q3l3?LvJ{QF7!O0NBLdE2we-8_
z2QxoB-<ot8YUG{Ocs5y&v&{w<wGOj|PAJP3SP}mujg+8xWe(4o|Ax%-w<x=JIaatR
z+fKF6O(YIcTNFp*cm+Ht2nK4sy&yI(@r13NjVr(X3|oU=DIG3WvUm1%=5$p6vb=NQ
zTP##l|M)@hgofC-q^F%L`aXnX(ODmfNtl;?83W`OW=756&`=Due@NUNtgfQEd{V(x
z8F3OowsRSwwiINo3-+}^r>>)p*of_YT?^g>yQ`BCBR0kn5ds)5=}*%86o9n;@^x;(
z4Qz!Vw@Z8Zw;-XGVQ7hOpuKzb>%7`!Ek|7kVOe~UTaahJ1e<+WuvZ!{OJc^}#T;LM
zRWdKuzDeeF@OJE!!6K=dea8RQENxEG)cjK~Qz&(w?*2F?P4j3bHWX`?q49NKGH+=l
zQ;1C%Q2pXk5DNIGI+^E<k2iNV{@%_CkaVh^%u`}+%<FxxXnykvsAoeCE{{CxAD)KH
z@&zM(yvOIWb&1JoPOZPMh{<s>a1x`Uds<+hiHw4)>Jq23WY9D#Ljf3HmDMqea+&ob
zWTiDF*^|5bLRHYBwAg#Zh(bdf0m!NL+G$XK@vpQ5z5#mk7S$Cp%3~0KzTRTu?cj9n
z_^9CgT74jAiMmf=Bx_P}o#pLn{r}KCe>>k(wxzKuEtEOaedNghzLl<2=QI0TgK+1%
z6i@LG$bKrD>nWta@5)Xhwr9+zA3BO0?Nve*$RvT1x|bW}p(x-|Mtw8>`nqlFrypgG
z>8q%jwggBu=lIdpP(5wsWv;!cWi_|OYAZC^P<iD^WTZU>@=>3*6pD2(S6_W*UnpKh
zH*q%JfY(>wP%YRu=?^w>7882}eo^7&B&D#3)l$X?JV1~5lee9#lV_?_Q+rXNWUeI8
zRTQ}Y8zQS!d5XI9d>0kr70~R)F%?)?*zd_S*8$L(!Ca>uG)!<)&ye{5@tM4#Jpy&3
z7YEM+`i1y~5Q<+}1sIj4>}-L#qi}{Via7rvSs`6NLAFyvrvi83IAjQ>UBZMS|0$Vk
z8%p62`<C0U06-=qmMGOW2~@EWsXDK);}8W0xhEq5q+ntJq0~mC05v%V%^iRmP!!ls
zGXMf{@5V0$>xfVRD-EwYhhq%?AJLazme-rD_#-vGyI=PhILBtPXH@1%9i3~<aqI3S
z0_x^(jT<=})K`a~GRh|MiEtvT8cE~4Gj{@OPZZm0AfA}Ck(><MKwDMvWRSLB>%E_s
z>lKzss>UGsq9r0AqHxc(@*p4<R~<aFYXA*Sa2@#ZC1G2{Cai)&l0xGZekW3SjU6Aw
z?s9iu$5llVEXmM-YE|$CCAd*pWWq8-{*Eq@p!ih$;)KrS3^#`Yyhg0;a+dSd!r92x
zRXmGLF9M4ku~$=;b5*kWWTWM*$kM_kyv9E)=Miz=HzP~U0PS>?1>yi>?0@7ofI>CA
z0mfA`$m)xKroc@O9QW4Yx~l%V9%I@4wnw9u(UEcY)4}^-J}meT!r;}_5}F@W8auiW
zjh&(I{0p~S;1+-uN7!s~HROEYJ-P)BeTm71a-4yb#(+n_nzNXp%L)Y&C;~wXnD9E|
zZ%>z=(C%HxdDy!yo(-jhYseTg0PN{Kh;g_#Opy^wa7`#exRHmT7+am#qkc$Dz%$KO
z&ge}k+jiDkN(w})aXK}A)DsUxv^gK)ZA~{rM%GAq7x(Ao#RLnoijV92KOFk_EKJDu
zRMpb4cw{fR;|1EsOF+U6>bpl@S>B<i@LPnjer#z9eSd|;D8-tTny=U&04*$Dd)IiC
zm&u=M%dAYDJo`MTk%V;6%2fw)$lS6C|DnjjXF)Y~#tJ6YjLuwpb<s03>n&B&duw91
zm7P~Bp;GGDTWZ~;ByhZuw-VLDebo(R*z+?(PPRXv=7a}d(E`(A$u^T;T_&GdAuZgQ
z({-pnVg5bYmiM%DDW?4S1-QUuSmAarO2Ke7ac>PX^&k#6Jx=)4BIrzUeW2iev{0?E
zY96k)CEzP88m^}Uu43*0k&{M=1FW$B(byE~;?4b+Jo(Fi<ZE3V5$?5;O;w^z@foKl
z*bUs>d8+{_G5j-rBQWmnr;$;Sm`_-!7Y3x%Gp_GbBtYoI4>m5C+)v>-j9@Ft<Z9nX
zz^w?}dWt7{RS^39r<0mJvv|k{eSsnEEv2hu$>IvyC0HRJ+2AI@?4>=_$q{x{5oQmP
zG}o4kE|i;+-kZ!_)4x_Cw*Am7qHz8_o|;BO!6wA_`<kFNo7{U$I{n}^I-Nfvmy)!7
zCxaLEh>KSONQ={?ANBd}w1KBG!k1GJ0QET=M4Od-cX2618_l{#I*{gxh&ANihG<?i
zjybwm^K`ogFoVa}`ioCI`c6aB)g_Zv=wEuFb9x>!PP<d!qT4K`Ir>3`CMJhn67rpf
zqoZtufW{2Y`LT>p<Vf&X<reacK#qd)zOR(kJVDkQg!2|tvC3wnpkQVVHly_lfE6VH
ziY58}6m216?p!2x(=5&0-<cqO9}M64&oD&hEH{~6@3{H70-?fo{E=WJ!c;91Yodlh
zi0W*TZ01wWc3rg{rhvj;c$d=`2z+#`dG3&<dZjv;Vpb1Y_e=?nHxzMo7Al}0jdU*d
z7$rw<{NOmDRYYCl`tfq_%L&h4fOcrU)bcR0@LaOJ>GnvpZFt+h(LBs5Jqr)OzEDZ}
z#q$tsj<<9WRDB$LEH2+&vMbUbBG_7ZL&C9TDW~qQ^+K<EEQ!s@e(D4@RKi=2S4(sN
z{srG4Tpd2}7R1v*mb@PAKu8<>$x<dIAz)}gXd?JCOZ!)q6vvUF>1PQG;H#Dy9r$vz
z$!d_xgdwCrW3MpvwbppRRLud!!@h_Iu2Q*-vxpbmTEQ|Jl|yX-u*D1h+-Ha4DHhT&
zRhA|2LyPURU=FZq{@+&-aXO~TebavwO_iZMJOlRf%Y{_XKjx!?lN2<1=M8%HjOrwR
zF_&XPtJ5OwI0JTh4gf&X)@%M%Q}?CsVjX(Ka)S&O#mYT>#-GQWq`eiIl{Vk;K|-}^
zi=^MqB8wqGYhjx4eOq=P#o4RxC3KK2<-MI_oVOpT->jcZe9(7w9uxUTwR3xsjv@N_
z7Xco2f3tlsp2T3lg_h;W=$7ad)e1gGYMY`?EVK$+0!QKE79id|G@VUC00C?x6}$sd
zh@$6%wSgP0AZ9RpxI&@u%FD_`5Nm;5Goi|pp8Z^mgxmQjzx6X?)Z=fC9X70W2U>c{
zr!79;N?ojL^7U{*t{D`Q1u*ib27#<i@16FFXy<3vsi_o^UQF4_L_lKhkZ}Fv{dYAh
z_(ti?es4bm0BD7)R)SCY#w?R;j@S_gY`7>|N_*$Z_PQH4-y?ZBELu2E=D&T_6LV$w
zPxRapXZ~V9f*at6D=sXssF5f#Xf71it)eL}>iYYWL!_;}B}bOc>|q2oZ@aWGUx-E(
zWAT*RMfoNoYf;(r+cw~^x62D|QdO5Cd4PBrf}R8zfZT82D7aCbUrrX@&5~*V_6@k&
zf}3yOfUEuX4Uo|Elo?`>VC;XCHYUn=P)y&-b8+!+U}u1X`MEBvuPUfd$|;e@`IKu0
z0(VznU}sgG`Ue%(x^75cc<2S+e{K<MIIM9JvAKU(w165gUk@@Szf)!+_r1=39B!g*
z16oPzk7Ax1PWyPJZoo>@uP4pkGj7;e8yM1-*u-n=t-<OpllUm`GM!0@kyztK)t13*
zpVFRB4hVwABlHT4e)D5-P|~y-Y22f~IRe{^AB43nW|)3ECM>s67Gzp>g1+Vv>+rfe
z>KqU$St7j<hXhl&vC@NXyO21@K7Uxi0|@uDnZseYS~)G6jA5{12pnUss9IP+mDlbS
zqCnnsBMe}|SV%{I^C8Vg9=@2RkJxhwm`>Awg7%FBxProV*EIg3huw;YvtZ30qJ~+|
zg#}J0g?)PayMnN+?YF-4t!nR11Si*)jigt}MmKk%aKtG}trXqYQm3y-m603N0?g_j
z%lk7;iRzm{`xe~zyTf`VV%exMfk!DDhZww+9%G`=r7~#tDrj}RT!YX%NN~{}^dsfZ
zIn@A>(u9oCy3jT(IrZOm#>o$5uxG`StvC|KpK56c%@F)soAi)2BJFsj07RG<__*-y
zZ0cs#2m*v7c#=DZ+OW}W<HZL&0D1h`GLDxUj+e#(FH5-Yz-V~<z^IEffL_u-7Q+WE
z#+MCMt4YW7fJ2gKPQ~;9^Wp-I`3}wG2K?r>&|h2uL2iGaGOIcuwaedEPkkBWpi-6m
zAXOsc7cBxUrC@az9<`x?U!jHbT$e;~_CLP7Xv@w|tol1-j95aY5u|~1z^0WP$w;XP
z6tfVs0&0RUW@!ww(N3Y)%QUA<gEpg<YVjKp=PDP^UqnRkjwuxj)PKWr`<DnWxoV<w
zT>LGu?80C3i5Cwy^IQ=|c|^W^M1+R#?!LF42tE{&*2JGynT!fWE4Sxr&gouL3A=i|
zI*TSZb<a8ATE}EdDobsd#0rUL?`vRvarx(X6@L=X%9Ue(u1LH6zZW5v<eHFJFtVa#
z{?JoEoa{=*LsXire20o+OJL{6BeV6t#0*!WfAPb`6OjT+!7`3C&Qb2)?}v-Yd2Qr7
zk~Z~0sk&r8ePM8F{tU$~-5I&AO498bJA%Y4F9*))AWCXNO6I+p+02ynNS=PiU0?1j
zvW?y1gd9G_DA+<~(bvCjQE=8^Hr~pwY$E_T{d!$ARhiL{eC@Pb`l{o-_~V7mS}<U_
zsmVZ(37iciGr35qoD4Z{$z(ZzqIKzJ8Xk(b86ZaZ^cHoQ*%D~J5{P**FHHR{IS`0j
zCZ>J!QoyUW7gS@jRY62EI3up2aS9ac5FeDt=N(r`1pM-2Te_SYwp2T|cV$JmnM@wP
z^FAqUC#M*TTvL2__GasG>xxiDZfS}AfLZA}^m5M&sKLA!PRepp6ASW*+pFG$EKa%I
zDdR?;WWDfB0Gaw6F9YQ(DQS(i+u}VLqHv9dr)YD~&fJnU_8wt}`A2_)gfHWdU;k@>
zHKfgDVaziu6~+zS7J1cdWO)*~A#&NY&&FPshfjLh;Tidc#2z#-xi<MNsWmz@Hma@K
zH8$ACVLwTp9h80*38?-`mij2d<T_*yEK}LAix>e!xZ4gX)U-vOlw)$GUR+7hIgEqx
zAgdf&*)}ukc&RJ?ml+#J;nW3#vT^H`%Iqk09>czde|AJCAYFQ|z!I$6?M9+9{kj1(
zxod^9Uu#2p0t^4Ribnz$*O5dPxek=55N8qA1<PH5i~;$qYRHql)If>K!hA=e#{Aog
z8vr|*D8FPSKPYt|-#SNECzc65{HaSG6nl*pC@hR~Kz!zW2!#`AfvC)hBFN9-;VIu`
z(R3GV>A){oSLBPY%$P{58}pU>GGHXTD%*CWT{wUAUZ}?wx*a8+3X8YzLFH^Oh%`Z9
zPQIH8#she8)X>+P=iyQCv+Y8KMg8Np9Y83<lsagAMdT6^F4<)pp8v7mJs8S`7KVS;
zcmw-~425g`JL_UvipC!bOghLY^a7Q@;0TD_D)IYcE|C_uM=NdO5XVstckEc-A!QA*
z0Vo9o6_YR%G9hz|cNN(X0O<_$41r(bJ49WCPM<OzjzK~YX$j9LW;Sx)^+dT=BVcx{
z5%#E-y=0kw@pq_Bqp~elgPZM?Xz1_IY8tpg;3GS{jLIkJ?@<0T;u>ul>Jq_N3uCbm
z;U-;MESo7&aj6>Zax)Lja&4N(pZwxOvj$a&R_U57DfUfhkB?A45pvvqgelgTlxq#$
zu=Rx<uU$PyK*)zb<u1YJ1Z}2jxdR+kyJl%EE;Il1;Qs5k9O*1dRN$Vr!qrM3Nvp<u
zG2{2BoAKp;*LAwVp#i+2dSL;`*tq>;EHQAWvqfXPQ6VG2CT-BDd*A=6rV``2BL@N)
zsX5IVDU_#)I&lgQ#InNi<_8F2;Xv?^v}7^oM5(VBJY!;vksBo2;$h0Sv;kU$#bS|z
zL1Pe)i|!*cg-+ZGoERQ67zAZt`eHQCMSjJhTSRK>hsg-P!)KEN{NA&ljcD=~6%bO=
z?nvCkpAYTnC^ZH_$3f34j)O(R{BYGie}C=NH0GUN83(L=h0@&GUjV;IDu9wtpcs;G
zqm)m5NfXe2kNwPQrK&w{5(J(S1o%z-g2Ro!fToX9WbA0R7D6_tVQC!w#PtSk7Tn_R
z#*5Y>m#B7qsG!dB1PQ&lXlXL}w}D`JY(h@S=h2Dqiq?ehKWbHLPCd<&Lt_rW+$EB2
zW6c1$Dx_wOFJvd0)3H5Xtrujfq`WmqQKTm(I~|Sx_z|01MPqk+v=Dk8H6p&P#y=Ft
zU*i#c)zSyY|0xm2|3CG-nTQNk3f^_3Ns4y2Md%s6`BqPao^SOe4eP0>{z8H1>BO?T
zPLsNs;M9RN^Z|$QcO(qju0nl}LVceD{69MZ+_fE_`&%<kWF$SusGK1msDD0?d<^vv
z+Z5&7bVt|UX{S`qy97&<4tg#JUH<a$>=W_dY*m2KNr?hLlx{NK>77u4w<C^ZWfkU7
z{We;G*baL1D@LpX|2^i1Iz*55!XkVmjG|BxD#`X1W(G#H$~fwg5I_bx3m6FCCgP+_
z1LE*4?gyqNDI)TdHlDXT`?gRmm<XdGKX;#SERcohKsn{~GS0N}lNv+kLEaLV9MMF0
zV)kcitAo6Tv$=#|ySn*DpKicjWSXKAUxE+FVPf=tsvURjfHw#lidO1TnTl30%Vtq_
zYfYQ|>g#CuRT(Ak93{J;3aHEUleUSfL4LerzVlQlB(M7ZLv58qY{x6U=sFWc+fM0A
zM4*mh&A#g}d=@Q4(O4v!{@_~Pfh%DA;}tpbBUu^XC+G0v3Nq2omaCTG#xG%z8a=RX
z{+~0Mu}tPLn%g}MV@xS#2i#$)9_*OTXGY42oh)`5PH-8_IEU6bpyYN*SFq9cL-T#R
za|vLNmOyttsFI0Ry*>l~Vqp0W3@SaBsC2POk12PknXXXINltwgIor(TEqju7Q~XZ9
z#&HTbM6P5`BPkB~TFnwqGcR>vk;d`QhEBSl$0;DrM1^ywHR|0D<F>Bj-}$%o0msYv
z<c(GASw8t$J;wuhqJik*`325;l*8LV+lk&|>899YltsC`o%QqhA^OFq^xRQ8$23WI
zo#Za&8Ujm6)(&#<nTfxd;sLVrXxk1pr>$>;676-5hf~}$iVBhtHM$LCJWy`1-gcTq
zHX#Jb?|Pa5vfEE=*75=e1@gz=fou^u3T7Pz*Kpcr^E!I~G#+Z6e3$MGI_P<53i|L1
zYa#~f${ooC#x=}@;1v+a0b`RLJL^jYor}QYLE-A_8u;FR1GBrm90>_WeZjp&xS$K0
zgUN{?dMc#|zi`<`L4n3E=7i#p?M@v1g?^SzGoR@`K2j=BW+$D5I~R#Vq$A0a!p4W8
z9U^hzT^<LZv1Gn4-A$}4#EId{$Z}7(1LH9QJryZgX<Osr{q*+r@@*zBsLC;%iAUP;
zAX8N;7HSW1$`*m=7DF#&(7(*ii)93Kad!*ybn$=Q5A_|6t)4C+?Y!n1D#t<rk!ehK
zRou$a3eKSe6#f4Vb5dZ$uNf)nBJqd)vZwly9Ssi<YiN5eR(`;c9FOW5@^93#Hg-YV
zi<Lf^WFZw_%n6zH^|9-09*{!x3=d6v0=8@l1bnGE`$n%?XVC5E4yeE)c|%p8oLymx
zZf;&J=kOvS9ErDZG`-z#{2DLVWT~y_yV?-t05Wu|1aDTElO@2mK)XK?!@3`<d|B0X
zX14(z*o~gT3M;Kzp*n5rzL^PBC*A5MX3*v#<$So&)<^S=YY+dCe#@LJ_Xd9NU+8n@
zYmrzl%^0t|q)v0-o4~+ka1dddmbW9?6%mHZ^LM9(vT>Qzsh+@PGzVmdoyh)6<b&0#
z2-b_p|8RM-&L}+PDgw@0vK};7FwY8=D-5X6{ccD=Cx-1Xk~Ukc=T-W%!Tlp?V2{|i
zJscx#!J-8Et}<rhcMh06#y(;sAVYQ=w8_J`JSKtA<gTILyG}Cp-VRf>gk;n(WAJ1t
zb{FOhiC~s%1U09h;s;w$j?upwkaz4<z!(8eK@of@trS3KPj8HDk=1bQ5rk)dM?l*X
z>(<AHvIk*64^-#9$}u%)L+Wn6WR-0bFQb0Z(l>#bJCo!|g!=QaE>;B{FJ5(D4q(^O
zS6uVLYw{M8QESpITH??loKq=U`tFNliw+&Bm;@n;h^j-Ap$}Qk8e%p2R}Ana1u_RD
ziN1tLSfjT5tXh(k(n-$n3jV+qz<t`ivE!ibHDrAy4=2k2o=|kBS<T!1j77wLIw9Fp
zK@6j4Om%JV1;hv-ky2>_y2~{(Vl^&9`n3C%F#yKD9*Q)pcE*}tEab$(|LSLT5ZP@T
z%|%pMkTpxagOF9OU#Z4vBIT6s)!a)>p-9VjO+ZQvxR#8x4w?_4pQ@Sm&;Jr2Fo6Uj
z+AWTT=|+wK90!c(=GZ?nGP7xRWZ8i#8OcfH({z~#np{CY%YLIIQ*2JqbV%|))5Ble
zj7d!l&5eWoBn6kwMTSfmWN<&)2n1Z|It|`3NDc^K$wyq0!@nkUZWjux?mmZCQ10lY
z&xY3NA*Eo75zMgGf$QWJEA;H5Kf>{0j71o-8Jz_KU{3_=SVU6Ptl=b$)G$t!z>pPg
zYM#;VaFy&Y`B~%KxsyoK+8r>IwA_)71KI_o=}4!c(a?hP&#eL}ig>K77{fG+B<0Fg
z_LiGQ10=Hy3DqpUUzgJXhV6=iaiO(G3k8a&=lLC2F5Y3&>EJc8&0S~>vW$Uf5ldo@
zg@sE1yxPj!%J2PqZKaW^<y>Wu-v<Plw4fDb9FBCvA`Kp2MHPDq@*VW)z`->!5IJ!J
zo?dI?mspdER*t%YdkWXx?Ct@Eud;E&4#{}%)Rs;w+C>hgCpbxV3slI04a%P%C|5f-
z=k3S9;XNnTr%ey|esj(2@(eAjYuu0p14I~rhto6W6wq4|ivFbX7pI@Y21<m*x<)CO
zx#_lyg}7a9A25k3py2vVk}4n_n%Yn)o=GzmYoG&#0|}`|aCVO=>@ZG&j~gO|UUGus
z5#=VG9SeKU8?7f&xB!g)nl8?8|83G1$>bEi*wR+k1PpD|M1HI6V^Xge<WHO4uLmF?
zJ-{g^#NsE$9BeVip)w{SH9xA2Ks}HFfAWz<La_b*l7z$oM>-?FH#bP+64q=N{z4aR
znUqT00Q;ziK9`qkO$J)?sSi)0P7-INxS;l!Jf<|^gUPF>m~DMzdW7N+RLbihTK;DC
zbp1Yk0(c;MF9hGDPQPQRZur1F(&ap$-En&j2{+jk*q1#a0ME!tAPt#&$-(=mI>%CT
zgH>yfNVt#-PpG@}GE!(tx3-1E+p>zO(xg*l%E62Ey#`G&?Jh=&OzF&mS0DpwaOzhO
z0tA|L9Z^7RYe9S0I6yQoLEJ606TCy5d*a06VtaH6=sR!3hX%cUX1KMSy@>&>Z@GBT
ze2w(DXr*(P8F{BJHk~2!sBPJwcsN$Xh@#}|w`V|(7kD@2h<Ml(xX1lWw-9VAV&@iA
z5avIYKx8~kzFArr{7lG{xSPGnS9nq*P|Lkg%S}}0#t^#Dd=)*sew81kA>J0~1)KWp
zzdI8mkrE<NAvV}=g9cP`^YQ`bWhF$%7_Uuvr|+hEjy&DaTfRKgtqA1wxUQ@Y%&6|F
zo;y@VjZG};6JgWcYwV+po(L20s18>nWbNKzEKhzBENsZ-_GlRN7L${7+4O1F358)Y
z^y`r1j8WZQbw3Vfx)Gzra4%@1s{4CRRwf3h+Sb186~U3FSJhzh`{<z<!I4>z`5U7%
z?7#qm8J@QyqJKP~X*7YV<I7P16exMo9#8fFuk_xgk@Q*I)Y$^lk#$N3F<Ag^Ox^HL
zQRpLvNkYn_P%dN`g<U0U9m8N2jg!hzwNw~*dMpt5v_xqllw(7gGB{8a80b;b1f$NH
zy3}RSpc+X9lYtDS;~2+R&MpzwrY2#vzrq0aI>K<k6&7F17&ATWu2oFp3{+;OYF{0R
z9}&q4yh3vT3rT$JktbTyEUCK!J{AmlEG11am|*AYi$QOt-L@Yp0kfm=6F+>)&n&$z
zDwGOcPs}R^MDa60?1-ky`*_GijixR_6zfKxG^=K)L>m;^Z}&_50R+ZFCvyHZ>H#o{
zTMwOdS%{w&Y<dSrs5&ARE>@wIL|xXLRCxFbHGT|r4y82MD*lwGZ+?oQ{bzt!igBhu
zV_5wMI<VpLJ^E(<mIBCo*h|4|D@!87>2@5q&_>d_g~*ac@)EsmWR6KDg-ElgS2@%|
zUr?R)oMT7_kp>*0bj4r;N22Q!GX{iG6o~N;bX?ZS+tXIlG^zF1QUKK>FovLHWvZpC
z;fW@G^e*5YRM{7(&7`j4Yavw61EKB8d&S2fvkGxxkKB9p`A<X4>z81q9Qz0F*}^3p
zEp1s@S(1Sx=9^iK?z^_lq$>8(4{$8`2D^vNtsDsDPkK1BmD564;5u`U?f~ZesVj+Z
zqzPWhlK(A<;NOy{X(`>bC;HxTlZQ$E^!qk1-2EJJPw0c=S*d3j@FQCNaE1y<NhKY4
zy^>GUx%0iScztGel)jb%gzPZyLtl~id<sNH7L0^^CsM!w+{;NYcta=X1+!0yXg#=)
z+!<;Q#5>kf#~7ZNEbUbQeV8NWGByVaSB&_G5JvuR=|WK2mq>_V^xp_2H#wt~usuX{
z`8;{Ik)wgfk}h#t(o|edSoEA|h!IMYSa2^nqeIYiD8_jKZ#b<3yGYi#=3^b<e&}hT
z%wM-M0ruFN3Qocfk;vUvW*(C76$-}6Ao^tRuF#DmB;>;5ddWP1(qC1iS7K=aMOsZI
zx_l&~!SaA6NFZ_X=YXkQC;N^_u7A65Cuuu84}ZKir_3s8MxrRf3|Ah{xuHGX&wcUp
z{3QQf%GMr^?D8)??z#WsO8sA4oeHP^D1V2Qy7E`ycUY;v!zx5Xtpo7z*JqxK3iO#`
zo)hc*2W1Q>?8D2jQXUXj?-M6)!ysyZ$bOb0BH_OlsPuBb{09D%Pr0Z?eN`ec!2Yy&
zMJb~Z(kwgs=!g(2lLZizLTZutT#m@?xziJG*Ux_kcdsX|54|9Yh2OX|2o+;ZikHX`
zyn2q?g~a!jwtb?T`x};4LdOkc!eSIswB>fT90Nq%%5j=|E9D*gen8(~7(iZ9R|VIu
zm`L(h^}$Y~!0@kuJ_bMT&h*^b^fWS2Z096(-sl&CPM?vmW0n^81&hLhSDURXggpWm
z|A9R+uDYv<YVrZiP;xPvN#Kq+lh(mpkmZ_Cr<6J(zoaMi6!G_%GHdVJnyYf!@de~?
zvH+2vY&5JYCIdS+zWkJPQ7OOU9w7d%k=$Yr-ss^yy97gqP|Ikb-KVpwiKJaCXd4qL
zZru(uJgnZM_6<WQ2rRUaL}4;RU|Ac0)iAg#d<L?Gn?{!%AZ6yVgfGN8-#4~9_H}`6
zD%hC@abu<wCE0<>Zj7P$dkX$GLdR<Y6$KnD1Sn2d<S)sGCb#kvJMcs8rE`QZL;ylj
z#mX{AC?A|nz7X-bVlc`F$+}+EjN&IBk=TUfH8FD6Oi{tpi0AoP1>sd3(eB%mIfI^K
z^zVB)klT?@8$q%+9gtNyA8j)3G5fNEMM>@JI5J#r^q7zTE0H6;?-DVZp1S$~eAmcP
zwej?KjT}|~S0hLC)Hhv>qb@@v-4>(w|A|t<u@m9}Pc`XGCCQ9Sp8Vy@L&`>uHx<vw
zBVSAW1S6jcOa0mw+ZvBAr4==roOk>#)c;Uh=#Ds5$XpAl2q8UAL>v+fsEbqdW#Mmi
zsoJMVP(z?pB`%fwU<!b{1zt;6$ah$-{xbZLM;UWwm=@MZ7&ivaQFQc2ERmmyNQb8w
zS-B6IG6b4`<A+gPjvTRW8UrhnB*@NaI7KpQF;-K#qp-g;UNLbN23UXIo54;!b_+f`
z&I6w3oTaH)-%JbB<mKZWJHAmjZNbD_9=1_j3$hzt;IZcgIVb>t@b`|aCxkft`NGqq
zzk?Z}8hK}Jlndu22sn8nWK->iwjq*-$9yp7`$<z;AE{GwV8;Jsm%)i>w*uoVNl||V
zk^y1M2Z6TUEmjTE8JL61G&9AS)X%oR>Mt>ziW<GM(YHW*>)7W$Z%#w8LnD1IJnKu~
z6mk1-;amZnYy}7q|1%$T!Hv`QFC3@5Lidc}gB{Uda1ja^Iws(o27?5)2ZA9mn?EKS
z3BEk>+y@!#c}+^JAw~$@+si5s99H3K$9X{S(Ahf>I=qkjyeYV9cpv54{{Ep~8Ktuy
zQww8BfF&zAP_r8|aNLip>GoOAy&u)m8qDV4zK>P2%ndM&Ws`JW<Ti!Gf2-#<bt_yx
z7bVd|xVDufAzrKDiV&_G$AeK-w?SwyLAaaG(l<Fi67V@;WZ+X_YyZwVR0S3C;D~*<
zePBZRRt)T|kq@*C7H-;7+aVAcj{8}S_ACS0q6Q36od^iv;8&+*PlfnQ6YilnY7KcR
z`AA^u0)X(z_%ho)j?^JOV_<+8NCpw)-@a4jD?FIq$z9A1_nMek0n@ubVjf8ayKOnq
z4le&Mq>go?y0Iv)Vz%uqf0ziJW~}p3gULCC#}FnS{DJIyp&I=x7!nR%)Jc(@)<2BE
zKL9nDX6o+J!j~38S2vWT1BOPX1k(-BXQqH>MGZhTf+?TUcV>#YcMz}?q$H4L(~9Vz
zQK4cFvI-b!;oBk*Tjw=!_eJL6;wef+5*Q(!G<x-#Z9vL5-!$lvoG?Jv8NNb!S@Bd~
z#WP5AQFVl6*4_LX5w)Px-A1x%Ii*x-(jBniu={Qw2P{(UuFe7)=lA-~MaKaeaVNIJ
z<3wBatr2Mz=d-NMk`q59C%)$lAo7p?C7$wIOh%<x8=+|MSNh-<XI0>nM#dBJq3q!$
zu@)$aTOOy;0i&Lv7jK@wE>S!P<ne@SLB@WcpvOC;OU|QFE)Q5KKOc%(^F(BjWCq0I
z>ar^XqP`I^B`7{2RI0VUaXg@u3FU@CdYJhR@fkLnbk*>-4N~s!n5+PrN%V*Pe*ebm
zqalm~mb7|GI(&QVGloiBdEbwq$=ueB^%QZfjha~0_SW{-)D~d1lln!rC?nzxVJo7=
z&tYFB9#c`o2>en1#Cj!~)ZU~^Ec}FY7bN`3F=rntW==Hw*#v^4!)U<E$lfGMiw}IX
z34McgfM)ebcQhe;qhlAylo2WT7U%bf9(Nk@l8x7ZS-katm5x%R(^8hYAV6PNswS~R
zGi0%1h&7}`pjgq5v)IA>i#T?%#>P)hdNZt5ZO$QfaY<TVTq<@^y`jBI?2I!(&H$IQ
z)ds<kgY#)8u1msBQ5O(CWzE5<$-?>cjijM15W*Ad&)+0Ynu7S0O;)>XLlk}7VDy{*
zCci*{NM-N=!voM;EWv(&l=7y&E%4@g6p7u`{D*}b)z%@6-~y=CVL$kB6ORX>p+_bn
zl}-j-<eTE5WZ}nC!a)X@9M?4*Bw#uS<k-(%0-068spUTz0FS|~)BdHMBfcE}7ZAg~
zDvkMpgw6>%kNMRdbi-eJ5wD)3o)hvP2$&(qYi;is1BD(lJ`zFHwb|ZOqUmAC*#AF3
zy!?I@!3|1;N<uw}<YT{<w)8Aa>Y4Krm<*aT8Y2=ESDvU;o+T;0n)UB7Ky^_Z(BZwG
zB^5j)`0|$BCbE$hl9n4EF(>|}l9Xz;deX&gi?AX9((<dFj7_4xZ9gh6LzD9@2WKQN
z*@s$G=YC8|2*i6_c%@ArwjvT$f$Pb-$H=iXVa+usoe=jn0s<n4j5Tb;9@(!goCFKb
z$t0edUjW`TKA`KhH32hygb~6B;4X^NJi>@{Bq)*_ip0Sp-iy=c2FyTlxnjQHfWn*G
z=Fe%F)tu?vJ=J4f&hWi~9?$a+;av4FKZ4;OW{X0wL|QdLu}Ge<1|irA$*k#HabDHV
zP`j;z|FRjt3-Xgdsn($XVY41=)NC1Sr1|(YhjLN5+zQd>K;!>CZGve5gc*I4Y?zj$
zDSbkSH|4(j)ZK<Es7Lkv2IMQC?x6Ylxznn9?1V<lM6M5pcr`k<$&}CM-bYZwWst6l
z$yArEGAGYK{Cdzjm^rc+nHKxLZT8rk@fIkb-i?x}7_NQQNi-!o6t&IW-#*ffOz%D?
z`r$H4*Aw8yM#3!RFP3*eN1S1pOdv8T!@%=J+OtRZ)L$EP5H+oLb@9rq1m-y=vjkA?
z@Z*|f7mKVrSB!lgmrge|&LDaMctjMp+Ze@Ou=wY(j;SWiKU_IHobHH0!Yc~k-M<f*
zw;_e)xrMjmx-W@{^+`JNK{KPo2XfDyZAC!rwOMil!0|HG%oeZ!ybq-$dy>`xfwQBd
z%y5-B!f}GVD+#CT8aF|S6|N?+$1+883pNj@m<39gd+@(}d`{HfR%gpnKLG5nO_l!`
z3Y74-8pS&~UVj!Tp%Q-I#*Y3V`Tg)2@Ha1Cs08&}DqjfZdpuL2e$Ke^;*y(Hg(I)5
zFBzdkM5?nj*^UA5ip?1gw)GIg(CW$Teo#g`@xv>p=&%XvBe6Ew=n_c!l3>?)(eI#d
zt(-u-4Q>eUsF<54!0Skes<lt}n@EJ|TR8i*nV@b&i2m~D$CkpKSi~LPhQop>-qz*Q
zl0MnFv84)637JMZ>N9)Vd53`9Lj09zsynEKgM`Y`F}MXdcw|7*M;q@+Pq&|k{x?4<
z%%zTdB;csA!->1ro+;%k@A2t{dG}hC(^ZwD#zZnZ{%1{<#PK2yv2A#1ddu+3Ybb5^
z`$4$_u61&0+MqO$3E(j;R;dWa8jBZYjajowRmFU<-_3jRa1gjg>0DNYWX_L+U|#*h
zqHLWK$O`bO4vg&v^RuJ`vFi+YF^PvfBs@XEq=EAlyg7#W4TTf<G=yQhi=V)A;)d~j
z-DzbauC>VF`ERC*P?kg(*RFay-yc}}6aF&SisVi7(iLvYbxo%)D<ivP`E@OSM_uU@
zqieoH?34EJ?RvZCi&6h_)@b+UHfuFbY!%3|cn?TI&L`8C@Rj55Sj&{u8;eHf@Oe@0
zTzkpQE;tA>YKoLmZJdDT=B&C+w%#U_-1}TwQg6e5qz~T!48{q#o44pZ^*Y2o6I%k=
z?LGc-Wo(i|RtP);h~2`1#yhYfwp^8RHp$O;S|UHo(d>cC1)EAjbL%V}jZ;Sb-3ux^
zh5&Zb*@A=Qj1=0(krui)WfP^#$txi+71o^R7N5p4-zK|})i+aJVk?b!^{zZ#MsxLD
zv-S1OuFg)|&1T(Pp{-D!)sj|I4HO4nA)lw}@*s>wb&hA^GMBJmSk~1}$1aDe@Sio?
zXZV*6Rk0Y0wyj|eoL2vynVu~n9;3uOp$SSbi(8-~QUi#U1HulWZ-ruz;-zTKwr%QX
zu8)#4266$7{9FkYAIJ@5*1g?3Gkn9hkKR#tbEG@B)ZpaMX+P*{t}b#}3ZADiH*0Xt
z9v800Ys)WJKcog+_yO1P14s_%!SO+nP+N9N=&`}M-(#DE3J2JZ=8Bqiq>TzY?28w4
z?*!$k{q~dW=adnT=L__Cv-JAKuK1Q&(222Wv|50gj8%#Wg;-D<YC_l64Qwa8Nw_S1
z0nfcR40&(VI>>L4a#c3PXCgH>C;xd-@_{VW=d>PSwhJ_=QOW#lurIJYeLA;2PY(tb
zn@9j#*-?m5@^dD-%ju~6R%-X!mBLvZ2Js!}@(V6<ui>M?vU*3c<Ee9PnYFW&3g2Bm
z*9l<EW(3c5?YA*4VeAq|#C{z-O4Trv#NgjS@5MXH#}Nu?;@7!}S}kfMALun%?kny@
z7Xg(ixvr>_@K+NWh@~G_xZu%7xOB3bS6Y%%!{aCugscQ--er6j9=uDceuK+MQ>1J1
z-P$7e%GU_tVN0o)CCDj{(5zSPKfQpYr49i1@Gi~`^{V0*O|8unp}9yDSLX;zd?SX_
zH5B}?3R7(kX~V0N&D@w&2dNe(M`;9;N9bUK=3?SuKGyKFL4W<8pBNjI%lXvk_T}S*
zCJ2Xt^K<4)1n$2&tB~0@{&-eo$ISv*uXaRF4<Yyel<8c1)R3w~Y-q0Q=XWq6PX+?0
zsxJS`FRiE9G%wjye8SIBgD@YU_@;X|2c7x%u$}zQY1wFO%H8O*P#R7XF`K_mR5VnF
z`fZ{v$6<K`EgCRWkTdpr{&Z9)ghK-^u?!vjXJd|Cf~ZnVg43yU{nV{F&^XZs7MWCl
zeXmXg=@d+Pl=|~&@mC*@?^)ff1|b%p;Qh;TJ8Py8-4p>JaYw{rPxTLL7aSknNfayC
zH`*sh3vJ&-Rn}K+SF!&Z+D9)zOuq6BMln)2$M)*Ql#r`KOvaurY57z}R_>Hjh{}N=
z=id`v3FJyrzy>sH{La<OLf4C(q%XKyQg>|~{5WVEPb?ub#+bk#g*T1iz!-CYf#k4G
z)<fqhu61pnnrb*#@-R=hJ7|N=V2kt~MTg+KPD00h9xBZpp}k%HpsoOm8i)TnGJl>?
z8L1v<menC3(PNVf?YX6oN{FAU_K$n9*(#eB`kRfK>_beB<}A}s^O^i5bhhNC=Ac{_
zoAg)AM|rt_7x3B<aq6p$OlExm-j+hkmZiE1K9B5S$o78@5v!B#9JRJFd1$U;Sf@yL
zf11_wO$j^~Waz#OhmzAUV3PFr1<v{ZS{g@=?q{;yrS*DaE8LuzV-WZsI%oBCU;O`J
z#m~y+)4taIx!WPf5$vp$H}{+4WU+Ez|6lJf&wI}gHyN4$0|Dsv&QI46cXX=`99zNh
z%_H@3#Y6!}atVwqiMtkx!RfV+?Ppw=xOIZ;YLsdSJz&_+rbi(y7XRF}I8W%Fc~2)J
zXe87q%+JAq6oM-*0vvRWEcBVmfwBI=liomBDX8oqI=bj}iIzWD0^FwFC?b;xjYSH2
zZeZ6o$9%qkP{qHUd8;6XmlxW=f&-tkzptJA7x-f8#O_2e<K3Zb`g(X0dssdldsf&I
z<}^RVR91USOKnrLZzc%BFXK4~!c!xk4q57&2xj~QvJ&+~&x&d5>DZJXQ{JL3QwBM5
z8ujzxMhs`xebr3l>xj)P_O2VY&fPn)Mp3Ta=0uqRes&PKO7PgWJ5xq|-h!#nAO1=!
zc|M6z`@0}kuV=CLT(~$P0`@#NI1f2f;#Hh(0(JB-Sg~ymE(31FD{XLU$`$mG>Ux1)
zH<1%@q|C==at?g>U`HzIgFmq@!5RI`aa(111vXKX=dz);9+>h6OlmvFU6dYQGj~^z
zae5B`yeR2t`JL@^F;f=_GIo)np(BvRAf|(&ZN{oLSL`(_*Ud7Wo>v)K$bouxiYtz&
zSVXx`V5$LANzoz!a^QoiSRufN=WCSKk^K<KSqX&ZQY$l*fNWoFF*v1xv3S<;h*8s$
zgnIb!jPfvo<%IBz6Acb0aCrJq+KVZ$(E<uU{>|;#I3^C1?Nj}ifGCL`B~HVrpr}|1
zIWCxT-zaiB2@a%}a0u)kI!*>Z-3tp3t~i+_x#~gQ?7mOLWn>Pvh`+dea8?q>fWcsd
zSkya{*{}a$-9&}J0y|z<CGk(}29O@cbwd(0loSk4KJ7a|PN3;mA43Zv&EH!LegNuA
zHbID(cOfOl_&M&K+88O)q;8#g(cs^kqXbb<R&l%3_c=Xi0S1VBC35HNcZ0O|+6*Xi
zQN0Irc<&XB$tl6lp9j#Bp(Qo%5%PcY=jO2wo@|>AUgprIa8ANXs;)I}_#1W$|FCu5
z?cvK7CfLyg_vPDoQFKR|701S2kpVJ!dHTn26|OlALLiUVld?&@M<Z}C?b@^+$Ep`Z
z$~HM_y3^>4n$~OWSli(L){y{2?oF6GL@mREc%o24t3kGh2IAIO45kQ%0*#n%GsYlI
z;S|q>3oSX?K=Ovn`*+u*sPg9OWCB5j#ZX!oO9^({2lq<{7g1u{@po>yI{*;<Sq}%{
z_CgB}(4KnkhL19a_&@Azi+BJls>}n>oY;ZdzgB<V8d-J!%|VB{9D?U<&=0QDJytz1
zKxYz^9{qPkvY_S3V{d`q_Ruy+{-{s@K@m7-2L7{Kf%Z$Tny6qeS>dzf=EvA6w5!bj
z1`oUG8A$q~mMFg{#*#~_0Tk#9OeH=HC9fn5@J@DlYOv-*kq^`Hf3DUyUZE8s5Dvnz
zcbT%P3WTA;RxMuL3G{WuNa%ff6cG331w86Lf1jh@TOQT+{!p^lM3~0dW~)uSwwpQd
z<IJu;>se!bwy|JgFg#z{u#vN+t=+p`rR!QHM&JM!UU(Y!S#V}+1bD?Yo?|u`joXYB
zrp4&1#myh8;6BmkSTV(;J0j?L`cplXOr-rRlqT(r$uw)RhAsIG>!m+Bb?3lEZ%VQC
z`2ht#PwEMmWg3OY-lgo0K4FHqFmciTr|_u*;(>Tw%~kwpmB%}7uv2I1mR+8zNkFPV
zu_B>9<f<+4QHH2x9iZ=W<7yK-x>Z-qU@Vh5T;w!>mKF~A8;*z$>GCT}MsqSHl=QEX
z2rd@^J@ezDhMMFtMj?aK$-7GNVenw&vgsb&13Vc@R3mpx;onf44>8yY@*l7A1PTr%
zTLEm=fhiYK%sz(;&wz;Q!;^lvMNsTqa5MrNVU_D?O2MiD4L}yGN6!sYdRakYQQ4G&
z%*+xl&jHq>#h?Bv&7z~3_}{wTQbTRJMMsp%_i=x$2W+PQ9tQuJ{Fh1WmWj7fL=QRN
zf2DNIVPKVo#`{%>1lu)KQw71fg0ItIW24Jj?mb?yb9@?|i9iI?eBqiAwaf-X<iJjN
z9hu(S=75kAWC%D$lV2l7!q7TqvKA4-BSTbju{a-tye;DPj~jeeBVfkuMu69o-6|>0
ze%pehxSyqd-?}ABkU8qhikIuJat7;gaCdEvuCa$Z>4)Tz;*Z~2?0;FPO94*sTF{5m
zQ@VF3GN-jv;D^1sl6jwSYtB<M8jI#W`1v$3n8?W3h5{V*=R*bTZyG6j0i-b=;%M*u
z889y&71G(z$>zsB>Pf!Rg_oaM(Se>8#5hm|4`?Q(Lw7rq-NP3zZV7(B#IUkPL)sz2
z`&Jt;u(Oa$$Nm{9x7*N>MGABtb@(f4jnz*Vr9dX5LqR|yMbOF)fnojV#O(KlT<|}G
zB_A%dHUuQSXNF7u7M>-G5SmqbAN;I0T(08Y7I(D>E&z?LH0dm#sXk0{l3}>-0m<xf
ztRPfZ*{+unBXfmq#L}LOsy&TV6JEw<O-bb#x;RtM0*!QOnxxFhDYo{gKG5#i@|AO1
zwbu`G8SZMjus*ey<KkTp1gp$LANEVnyn|CqQs71qPg(-x;&X*ev6U7l+FVc<OP>Vy
z&!B*1mb2Bqp@i|8Z1X^_%?4nlS<&%GgeeyjV&OKB5%VTDw#ERq<R*OxCOf$w!55PY
z43c<4{+ZR-X6T={cm26Honf{-lV<a|IX`4tF^v1lik26(QxxJhHAm{nCCD>iO?(Rc
zd?Vc-y{T;rW&R9l3gq(CIvSj$HO`vC5R%2>q4cN`KX{ID%^;e!Zy=h!nq~a$($lGL
zh87M%5fi`LPU{LNNAO=i|2LJphHr=7qcHb7c+X;MMe7P(-(CEQ2&N0-cPpj`fq^Qg
z{*T6_hCi-+%XKzY3auAYVU~?%jadg|x2CXtCMAQ=Ius9x@%H;Ct`wxXahC+p=*Ajj
z3Xy@P#oZ}xWN`Rfl_iI#G|BN~9WEj1C~ZDBWb!c#6$7UL+q5Nzp8Zk9^wrTRTQRx_
ztr=%6a-^C7zRhkGH<+B8Zk#J*taGzdWgWK^IG4>}++wZ%=}df~-_S&cAMCde@Y)2C
zhfu9be_#~UEs=$_y?4G3L$NS*ecjn{xlUq>$x^zG$F>RbZEb2g^0#cVEOwKaw!HWC
zYV*Un9KkgLro|$1r;t7xYeIA2yi7P#o|5&>8rd2u-bA<l+Usz!MQ3SDWDO{sGfq8}
zVy@JLyCLDD@avwscU-5}4yj;zsI>92okm5)PU`)*9tS!dY-UW{cH9l7xw*}rKN^JL
z3`hhs|2V8YmV!<nk>4FFygMG}F1$GG8(Ud0rRtynP^P<}p0Y~$M+6zk9_}YgOi7|)
zAz#vBO6;cG1$$Ew5fkeXd^-C(y~yoJsAwsEy1V*%c{#rx52CZctc-EtN1GexQMevu
z^j=&GcUpuSFB$|qU=UrM(*4A-XquF$SXfyMtk|vbE^33!rFr*aAP_)2#^}4`s&huI
zzd}C&)CT$xme?%gNUk%{k`i_vO*WDi7}|)9#Fv~r)pifGu*vm~g;GQDN7PKm?vveM
znUy-`TI+JYbNoI>wG(ZP91Y8ay4%$v>(EdnVr{<4U$?citK8l{Q!>O<4mNM-BV}CE
z>!dC`2diRgd}U2bjWhXiV7@`9VSxPU{C>{_u(UMfgo*gLwtKM$Ens@uh{c+-d1zQ%
zwxhE*aScD?RNCRrl$mDvZin)Qlqw?HAy1uhmP4_VIMDG0_M3;-{L^sOo%9s{wj1&e
zx;xHlsF!5nUV1bO2J*0JCri<WC&ZoSv}sXTVj%{u$ojY?64f{OJ2CO2JW*A)&)2sB
z?jQV5!5Qa<HKss;#n)lLfj{}k3NT2eo*HLA7vzU79-$9D917sU+P#YYu7zd|TORH`
zz<C-WhIetbDip_}l!x0+C)Z8!>c51g%a*40azRu?HPi^uXv9|1h|+lV#;RKDdg~5-
z*l*EDM73w1n?00v%L(R`#$P(GQU~AwGGO=yku@krMl}+=AaUu^Y<6U|lrq+?L39|S
z{lo~d-opPoKPN{zp}d)JBaNqT?L*j1ew#-=DhDt3m04uPYSLEq_;*&F4`8dC7N=e<
zRPpOEI<sTZS3qqzIw5QkvMrl7h{Mi<JtyATKJ%}uNEDlNt+DQ2A%+W6Uo$U2e{}x+
zcbfkkWLbcrc}#4)h}&N?p?BYWtv>#=fii}!g;Ux!&RTjEo7HSNxxG!QEVZ=5D!Ml1
z&l@q7Z>r)i{3UuEy1F3cE<DS1vBz>tn%Xg1uqE+*2pRMQC{P*cj$6D-uN<6N!=Zc9
zcwF?q@f^lw{~5{WWGk(i9w0p1q2CG;5}kk~9R)oSMSRrxFCR#k7jOWVOF<a)*Juia
zQHw(-dv9EDQWsnghCAFiid_rqfRz_fqsj9ppBBgS)<crKrPC_+?pPQtj&R#xVo}<_
zE-(BFk)g;}G#)zZQ1v_ojD@SChld?>a{CtR-_xsBr>QHVNsBo9I>7I{NUf$jL;f$Q
zt0Y%V4}L$7C~M(&{VfXJxtoTe<J-5?PVx`Z^DtcJxEz6|qL!4uXukM48OjH>t-w~}
z$c5o>s}a439Cs6ctIyn(pg?fe$9Kpkl(<R7QsC3#_V&X6Y3r`vs*bii04v=f2kCAE
zLApV@K|pDcLw7gGm+l7X20=>t(0%CcI&>oq(lOpU_nDbHGtaYsSbxIa@7n9LDjqr2
zQ{QV_yeH1l;QF<|uf00m!kI@`(4vlO2to!t!aq5D!WXm8vs9Yo(pKGgF%$7ObRFh4
z6s`iZ3(a?m(JZwNZrn{Ii9kV%XlV|TJIHb~&p67(k7D9jMPh+tq=FVEeWdc4sqd_>
zC2AK(h%U*f9G8Mlj^0O;iwmM=SmwR}FPt{F=-Nk>TD4Tc6kub|9NSRD>L}~F{bS&k
zM!t@`L)?*>@sYSjNYsqhMq-$#LUaoq7mWs4+AlCkR+zZ7g%;{l=}z<YeBt`5k)mG+
zQ4=D(%{K&1A`BS>VQLnSOzVZ9lURH%%IUc@Eab(%SCU@Ib)509>KZI5iA>}m;uuwB
z{^~#1v&mCxBGhi%+p(H7qy@V&cqo9f^Xu;DZwj5%ZnH_%$1iUto5n<6U7fd8oqA;-
z#Fe~(Ra2}b7F~Hhc!YG#u;zdy%Q$l2&zw!04qdf0`FIF;9gSPc-5L?*Khz4{Lr+-m
z;r5K0Na)X>;`gd_os`j0V{lYx1m!N!2^{CF-?ew~AF9n_xSQCD(ZY|jQHuby%$!>p
z+)8`3X?w`Omqf0LrkkvhBOk}QPgZkNjazs>vFv>iy6uNCJbv}0jfvOKnBvdNaD^(`
zEa$JDwNQ}^W(7_c_)uf6VTIXmWeH!+XWk4WYdlMby&mbI9d8kNOn+FM;Sj?0v2NN!
z{M$^_4h_xWrJ>!7LY&zadin-<_Gzr4JjZGBPL5|0@z|ZE`Y^2)gX5u0IW5P~2d)eh
zW_V7va#Xg<vWk_R@OMT$(nsVeln_j0DdjHYs@bZ;6r*3w#(nG%t%t>B%p^_Ih37ll
zoQG_FUJcch_o;MKz8<r<GF=o2%!=hd9g2l^i<o3Fq~M9;8+@j1hUEc<(;}j^56<^E
zJVNPj;OXTQu)1Ql94)Eb4+$%rv}nJ?a>{w_7NstaeN7uekd3K)i2l?k!cIcLLzat;
z`>v6mm+lJOE6kti*q)P{l|PC%esHSVfMy3>%y57{1W~3o1_kQ|NzsS>0&l#>>e{to
z&|Jq`w&RmZo2JKmNI(Y2fT?s2Do=S>ZtzB-F#`o4<IXKbcJaN&Iw5WAeXiaurrYF$
zaRfM2@Vp_KN5bj}W%aExo(rYx&m+lWmJYNOM127YUYu<;g%H#R=IvjZW0IuyC4#Yw
z_zL~xDn?EII3+_vA2nun65=VF!-F6OQSbU>ouuAzIqz~sf0qO%P^|nK)cmqYb^{4^
zd_Ouz^h=7Dn7n38y<PPYN*fI{vz9AmV@tDh*tg&hRi1ej9GM1hskUJTXN$+UPVL7f
z)5W6)UzHvD`A6Jbs>Wpc=wvP{Vdo#Dkn*2o`X}pRy5#HrbT`W(lj<QoA_tBZ_63!a
zl%Ip9ouCQotNvKPB>Ke-zobRe(xNeHppoHOj;3Id7Rs96h*)JoC$J_3vP@x&5$?t^
zuKv;O`$Na#MiPFJz^YjNtY~@;Z56uBQa?A3gjne%U%dZ)j_g8(Y26mVf=r#G>K}rB
z*7gfWP`NAU?`wckIBWsaJ6YmH)Tp1lg+sT(+fNQ8`U5~!#hC|u@P<Gu=y3MU#eIjM
z?-o6fu{x0Gq%KOW84~C^E2f*pj6v}!-Um0a+m(d_U7m`I9;+$k0NSvUA-q#yDmb=E
zah|(ee_ww1G~>urh9(1BJvmuf(f|Ex<>K+2b!3pWjjT4nVe4+O#a!xbVeYTet{1*6
zPEy6VL16XUZ&zL6LaQf@H4ArL+rnIf7Ve~av9f-kOO)n|s?J{l|K9)(Ga&pd+!gSx
ztXHHX<MIh2U{S){uClmxWd1lFrkaPv&%L6o5c!i(`ZGqP$l{m!8j2u5tK;F3fF{49
zPQb>cM}zk_WbU}3F7!_Z@YEBM^AhnK<u&$__D+@zqT5q!)lsEst(nL(qoZF)X`q+K
z+%eFf_LN>4NcCB3*3CS(hHmNLN{6hFkb^Db1~vUMeAFzK_qniE^L7@Q6{ggYw&uCc
zoZ}Z;1K^UfXxv&Yc?DON*EQEZ)S=4j2t&U#1yiVsfitJj(S_>)Qjc0;rMhqXO6DSI
zeip6@6SjqziYo_N&{4QiO>}=vC5(KTl*S!&0}UejWxJ1kn;L|k67>@UXJ#V{6gpk3
zjzI&Q{wgY{7exENK>aP&;bO9n8T{}J2(?-XC71RGuM}5({;BAFAd1DmiXM*n0lb@R
z`ct~tn5eY;5D3hJ9c=y*n!(T~$EjF3O_ktFZ-o2K7lZOWt-v5Sxrtl<9wpYmw^zV%
zp@lQPHw?r-51Q>pkRiIyYbQh#t1l_dYUe*1ESj3#R$e<CZk{3<NMAiD(->C^DOG(x
z+f5`Ky3eRNN1Wc0K6#9Z90B8Ip>}T;mgvjc_(V>e4Def&eY3d^nVlK|VLdXS2@gAm
z5yV61<3wnitsuy@+C&NMur5O~vwBQzc2|xM_qGlaKa;N{2|GzkYgPR;CRce!AafK(
zO$FFrnx-|XqP*eNAuhAs>8RFvmH(o1?soJaDFjh1*;Z3u9(tZXCb~)-50fd`4@+1Z
z0s|q^cnS@QvsTQrYGeWiyEvqRFXeg7=7f@yA@Ga)xDqFf5=wLLjVXTzVx9c)CX2kP
zvns)VO@bq7GeD#7a8aN1m*9WtLX%ugKW@k5A6`rxT3+}W!pN@cv#lUyKlCKO4diKO
za{ji|P;&kGuGt3jI|N4bv$XuiJKe@G3)p}1m0?E;w6fgI=3@EeEh6~Ft<4&x!7GrJ
zJPsnX-(yH(rZVSkrh5VrT&Mha1<^Q9#sI5wq1k#Q%f^;_Uxd8~yYgLL*6|qla>x|C
z0&}@lS(l#$qMNW>ayWIAVS3NrE=JIzcrs~B>hy?y7C`)M%rUdm8-Q)kbmxgg1^A0A
zC&>IIZV#l4{+(6k_$BsucQ8M%biMEvDwoFfNDSOah<|adzJC0z5mTjPW&wE7+`Qn|
z_m|2|IR!6+-8~l%!|{mLB~bPutX5w#TYGD^J%<7?+tNvM;31i1jxf0NgAqC27JOJz
zpuUr6P<}pp9Hh8vx5BJY?u*_9^s^2&rv_-I;3;c{j8naZ#Z`$ShMK`w(I?ifF4+2@
zoZb!ny}6uTtariWr|`ps7*RG+{Wo<MY;8ms*?W~|8JA|T-mIbK63qMiGN&me^O3Vo
zAsQ{N&E_4l#jUC=`6X-NgQ~aYHVbMNT*}xv#cCpqJ&<3iPce`zD1!>n8P5~-rOK`k
za%@CEMi5sOB15Vb-#`zXd>)+&$G?Bs9$lG(MHm?h_E$3A)r8<>|Gm|NqCktvbJ8Na
zRld|PeZ0HI<>?0`&*qsJroSAUd$unbGm9EjhR~zH)`^A2&7hF5p;jd0@afzS1q5aI
zFy^UoVeG^aCMkwL00M|ZB7NU%%Rsprg$+25q#QM5vlDj)iaI~>WCbx$zo3U-h^GbQ
z7IwBIy-Prj6>02+zz6eY2QX0QBnCRjs?-IcImsFQSLOrX2m3CpI9yP-qJ+VqitOUM
zyMjU@W2e)QCVI|onY$c7+~bIQDWYkyKPTeRuZf@@_)ejnK4Nize(}Jqa{)Jz;J<2F
z)+dM+=ujtTQvaEfTb(Qp%njDLu%k9LIuCJ=|MNz8Y~MLl|BbK-G-}AK7aB5qg0*z4
z_ZptOqjYdxJ3E-@89kjK8zgW=$dm!EMuJ-_fks`?3gu5<9oqIqx;9Jk7}*YBm-6q2
zejT^Mb9gNhIULkeAFC)*08WI1CzLtBPShKG4_rFSA?)6XxC)iaKUcWy(bo9J*vwNN
z&1uICrkGxCPp;%Glqz<9D*FWIWdf(FEQ)=487Tu#=$q{*D{lT-{?derc@TP~aA07r
z9?cp*e$D^=lSZcO>Er%k`|)D|9N_@A+xS-z?dM4goHCV<OX}@=3<6$Lb;ZX4m1g+U
zMZjW2^4yd(e}rQ1Ar|uS>cdW(Wm6haQeY${96^`SA6$3hB&qlK()>;=g*76dLabhP
z95<u=(Zd+BSX_^4=)N<m4X_&1r`Zzc=h6K)cuFqwsFR@~g(4n61b3MO^QDJWlJZxe
z984)|1uLgo--fv$>3s}bA>)9;4ydDSmQ<z3L|g&DJ4`|&QXnLLHzhK-WccYz?z~>T
zw28geRB~0J{FZ7X7<IS@PN|o%vnw+sTrHIeUBV+LfWwYY%kZeAq9|&N3H^6Z?xjq8
zGBz%QPHZ^y1Y4L*(wMj;RF095TwaS@b<(`EHU}{OZ}9~FjXdMRx#Y|D{^nqqyDnI9
zZk!N2)9F!c?^`;nPdU3vV>RtGX*%N>v=MUyzB4e6W%zR9rH3}76q!-E@tTk?dpB6v
z%^dUQzB8s)4liwZvgj?MZSx*^w(|RrkvJu!VN8*uf4sepoNi{2zNqlOeH8k}4kW&g
z2lncYTz=ZBb645f{txjaIL1}9N^f30Xe~#4vIyf68U>Yb#BMG~;BKiTED-BS?|EwB
zx-&8DwKu>G;-&F@Md28H{Bh|h=kZ1P<LROB)cmsUXe~2oyEF81U+I0OD5gUAw<TWL
z29lOW20{hh1D6&RMj$^l#+mNhCNBN9+**UoGIerNoyP4P9XwJYrf)LBEnCoejBG#-
zGKi`}^lkX1Va?HFgM0$ET-^%b%#JgD1m8oMWFY={qD7v$IG-xqfmOq1H(&%x`;fB!
z;gd)5rqN{=R}(qLJ55_D+G_K8z4>ueX8t+Pq?*p%Zok~l*8saziB_k$X@hubrQwo_
zFc_-Eb*zvedO0Br8W4w_{Xf(RHvV_&oSz&W`#4BD;gb{kuHoOQ^KEYx(wDLcD8J5b
z!kF?@ouI}Ai@tq3UE>jiwTFMpK;!z8jdjSBdNz;!qWT!>R{OA`XE4(sJreccq3C!t
zN%t<1`jjm9HAs#2N^HX%g<Z5zNn}FhCtDu26|~(MtuF8NdzMKJrwEKZSwR*K6Dbjw
zM2*pCz&qSC7NqdD-`CHJV@81^v?|-?kD|h<Xv4g#?-9|iBAKNbwr|_x&i(K?;2bX(
zHhO?;UOuuhpSU%xKz|`J0lbKnR7a{iRVpN9t;-Bj7jLtsp_bjLai}`Eg}O~<KCB#5
zC-Tu!f_*T?mGUG^&vcCl^~=^M{$-oMf8k~$8oby(U9xlSZA_2CP?3VEhS~{Z#ILJT
z$db$Os*T4r3r~w2E3RlVjzX7=Pp*{s+Svln-`EXY;x~<?5@^EzuWk;|{7>C1?os8g
zD5wi15?=FOLZhB|pT7y{Kt$>SP`clTa&Jzcd3CJumPa&5dwj*XL5_5-abc_wkPmJ;
z>B5-$4Bi`wrWl2ft@KUzxDRHDfjR{)GiU}CmDVEXvIsknp2no6tOA}85`o=Fsvo$x
z=eAU>$NyV6aW_mP;3p(x-;MkWH~~+iIBgsir;_opfua+1&r68q$_R^{&U<?--ij8k
z=?o3M2J$(6o2wA{23wcGhaGFj&%OG1zs3{~VMa8ZDMKwBJfxnyyH2gYgsOLVs>7uJ
zk8q;yo3%&L3>lDT`Une~<twN;@e{<eI&X(Eq7;1wL`1Y_Y-qvf6WMC2c*;zoKg~DK
z&%1gz*!GZ9I%o~>f_Jv<W%^T67>WU9p*MjJSw6MZTKLy;;^r}^BhOfM)^3E-$B42j
z8ynf};=y3)VZ9`mGGk%^2;?w&6W=5MY_HzoiYrsS5O<+-NXi6XHn(G8Lb2AWtm#98
zm>lYtg9UE$Y)tJp>LdcbEK(i7A2LXmHm*9W5c|5AjjJ6gfqw%f=eJA6<(iGkNxfJ@
zP_vRG&&cmM?0($IdZ&v|{lsqfUZ-Tk5*z;n&Yp|5k^$;OtVw(T;oUD}fdBa}rM8xh
z1OfW&4ta$5O{93ANJm<5dudx)6E~M!hm=A_L43+&iOv`dU+2uvryUBWP2O?(p1h^#
z&l@JhOO^t!?^{XvJ2^!wBL<V0F8pL^HAS4<A;0{ZJ-EUvPNnM5_mji;hmLKiR8_9}
zc+e*?m4#Ei4xM@6`61Jx|GIHpfxgmFi1tI!-RL#^I;RMPWtnmLt3VD9-1s@nk;Ve?
zMwCq}$)7^?YJ^~%ToB*$$@G1JpOlF0BPkNOUQL?P&CTs9)|~sb)HQ*ujL8v5KIMLy
z>5wfpp;|2Vs{tV87u#5N)FFV{Kg^!oD{1duo8EBaLevOEfo3WdEhvWuv}TcxOC5)9
zTi3Lfv|N#BO@rg@X@i4urM|(l;9JD`+Dzp#QH{lI^dgbc1d>#}nghdkx=AXXq5r|W
z9+aIgbWLM<GrK_S*59G@P2$-kARDv{`|>&VCnNZVkJPOk0&X)7?sO#dKpox4*JupP
zf2G91%y0uNOSd?w_aPtUXZ}<S|1CvoTXKe!z@hZZ_fl3U(!6hYiFe&=2#$;Hy2=9<
z;BOzmT}ZZla$&v}be_MVnWu)^5+JBiT-;_X*!_8i3s2F<UL<>Dx6ADH^mbzajO<-e
zN!x&aYV#HTanI+xlxC3eLxlN~T^ghJdK&I~f2TvBG_Q1n%CrCa(MP*nWxmf26s~7m
zSVl5*_D7F6XP-DV2aPpNohjbaRxm>%>NQ%B$EaD%ffxNMjE$iA<ADy@FwAN{fHB1#
zD=E`MlV(t*2Rle=5=lotzEdb~_De{z#@$;!E=Q-o6Y3ec<pI2^+yz^hUz*gK6$#^s
zeD!ewf}YCXjW&cgK^e{2E4VLX4JqC4LU$StUo+TTLTCI!)wnEnu3CiKWW06-@!=DH
zV-`8n7uE93nB~LWl7+tAw)6h^t`e+S?jnSha_L+gb<3X}QIkE;W~WQCZtF=c+DU$g
zsC6TKB#OaqEh(8aE$)uo*4_k`9=-8wmtM99)SahqJEKeKM`TQ<DFesWrP4A&q%;4H
z7k96I9$Lsj6CB;D?0-Dn)oB3{8;a(xmyeZZ|L4#+YmKPfVrf{-JVS9xKhVzCD8w(g
z5<@2MLZHQy{B}aaBJV<tMIARgi+}h;tSC=d|95KR+G^1UDvR;A^th*1;7z8dK)_z?
zP2(6*DnY`7t%B-TTeREb6XlJiX5|{Tk;h**UwViMPx;hww`NBW;lvxgSxt!bDRfim
z2+idLJStqOz)Hv0H5+MPJ$!GKg!&YU!^WLuRC4UXc_3bO)pBc?r;IHDB3x8_ship*
zoJurBmX?9;t--8eufyOK{0)(NQvl7J?}<H5PL;e|NJAOR^i$F?s@T~3aaZ&@1l?c>
zU32=(O_BgY`Rc6yYz=g4JiiVZ%gW13$B%4lt$(1U;kn@<YAZQSP}%bvb89*RIhe4&
zaSNj;|KK?EkJf<agl3C&^3%sTPU=2bLtyXgIz0{P5CO&U^f#6T+0sDwfxHQ;mCUB7
z%y#lCrSa$)b|ViYe@`%ye?Ub=T+HmLsO7yM0jF!p9j<&2VGk@pTz?|2`BjSgTOFuP
z!@1e|q4%cl=FdotJ^=_Ft33M+S`)r1lKvC-`=@+#<<}iU&`v?5M^C2ml}jok#7nKQ
zDTM~SKpS37iu!&#RYITy+M>i$%rdO0>5%uh5$ZuW_Kl-{Pkn|@=n?j~fqcb=pj=$=
zs)hbq2@fY!QEr`WVkAv{o1W}DslB4=7T`uk&StFH`ba_U%&iiR`lI)9W&85QQaq?K
zE=gZY=%1NDj8$DI5<xnarXgJyLS`Y)PwrLXH*E)WX=Cd(fP+y4yF2_cT@2|TO`k0m
zJprHBk8D<o19-IpiIl06Z7VC)WQx09!)HY;Yu$7W-XAjfAzjrEpz7W24v%L{J;Z}w
zCm#1Fc+-BjEv<48$_>*<m7W`BcbR*MIdv-7t)RDsj4hKV-7PC0d)~lT`)d0hv>(yf
zlK~w#Bs<VYVB%4@5)mHR<me9Ff{HXXOR@U2q@$x)_s+cNgRbL*4wp!Ug<iFDO)H(d
z#4N>1R>G?czD|W8@dfXAd7|_=Jf+09Z=daVL9+ghdhp5cB=|kfn510!Z7HPL*h&Wy
zLh%)Gq0*my<0Ox<H(Z7&XtxcCx%Nk@1EtMI@}S`*K((1DSH@^2``R100;T=2)v0}|
zy2LOj^3}^J5P}I%MLuoPk>K9Gam&3~bW3ges+T8a-%p{Me}4NmLRV~~KW^ua`8qoj
zmAMPC-P8`pIRa^4KG;0~id#UBQA3v`pOs$qXblk&r_{j6%qD-6oIb&ABYq=;P8?_X
zTQT$!*stukG@^bVy;sS^oIE;+2fOa>8e(FAthX<z=?uw0m17?Lt;4#kd?o$Yc?l@<
z7a9<{D=Jd?`w&FBQO<V#1=?w@^~X8MIJg4@ueZE86pdHyvcVtT4(=gOE{*KLKRRgr
z@*<mi>-(`+3AVsmM)nKJ&GJ50q`E({z0*^h;RGV*18nmjm1azf2e3gC2e6tRyQLog
zq(|60v^Rg|?xE4vjic*HT<stOs(BfA7fvwohWT-^pI@8vJ!q1L_n6EVxhU_Ok+Fj^
zAU}B@1Nx<%_SUZ$b7bM88hl7jkMcTpTfd4xE_lVG#L4LwSN?3w!^Vq}H{#cIhK1So
zpCkq%qOHFoi3K!~k^8PjWruww!1;c8b+hxm?!NsZw6!_><Yc7EF|dCdP+)&SiKIQD
zY&!bbs#057#X-s*%)MdiTVD@jP?b^~3R~d-K_MHrLrk}?+$c1j)JBfoNBAm9t^a-?
z4!B6iuwm*rc3$J$>w9-tgIFuMgk7n#8Fnw>6deBctzBwAEKmaX4lehN>+t+Kq}=7=
zSC?Q+KVkyx+?*n*hkEcCAXrgOEP#tF$s(<Oi+sAv%u#C=5xbYQsON4YK;=vQ4LsTO
zy;bQ2SCNeIX8LGah3ib%{So!-zAeYC_v=24YJKqpgnp7sjz*85O&)X?<RdRoEkxfu
z^-2&+$p2=;0QO+%etj_XWO;q?^3d_ZhH%+1s9*Z(9<?A`rTnQ3h>jiWWS~tV?dkf_
zGCA=mr~X`siG?ltB1dv!fFmt*6$UAyhcEGPUnt0NJ1@oyPQkcK+eDm_!?L_ZYAABy
z#Y62;o*<cTalVW9t-lO^3ck%bL#)z8sXDId@;|R-LPJfNu<`UL9xhml7--GhR>k+X
zuz@AWBS?#J!6-WcNpI|6;|QB7M>Gq#%W%^qT@spP55+{LumGqe@*V?M5u+ZjgG+G9
zz{|_#m~Fo;2};k6Ct5eJKFuHh3nB+h1QHfvL$*wWw&na!rhUwk`1*t5R=J)xei9M+
zZJdyL#jXtDfvHav!g#<_zN~hVl_F`?Quiqac4CvCr#cTXG|V?t>VURt?zn0@HJ+qq
zdT5@!)SV7r{u<ske{eaQ2;%F-Ta=Y*O3iCzdYqcL4B2@la&$dg2suRfO+BB_IBOcQ
zB8(?)@w<q%m1&On!;wU`$*i=EjTD~1&Hb=gasnR%>oj+IL+YptJgN8a*focvg@?0F
zm3T(mX>S#fV$`5x?wB2kS*SbG{@Ku;`_`zT^tWMd$0B{?^QTzE8X7MAc%eOx#N`5K
ze({<cgHpM|A+;~@$|Bdfzm7k#e~PWzjvX|r_01Nn6;f}YVgq^U|75Uw`D|HY;N=mY
zSTi;_et<9SM@~D%u~FjnQunPJ_d3vvdiHhs+kJ>O@U6(L8~iP;hTmA@RhV;a#_nX;
z;gU{HJGtPWpHBJxBH;^iQylT$T_-lv)fJFsb8IVz1LwrBYfgOgA10w(cUF-<&5gU!
z9H$=*PG&PA^F`*dPpRTZfFH7G+|yxq6=v-NX(OOXSMi_dkamrkOLpcGs3E>UuCLN)
z56AZ`;BEP3U8wtdMmqWa>CMsooClM#vUJB1aWxjh^LdNVSWGAvIHz<(iK%aIRJlX*
zU3J5eF<r!!OQmXJ;pbDlvXh#V{A__TnKuOd%O%gW&$=4Og@|Gl=M*jP3y=TsaCCJq
zi!>eRvoY?VUxeYe{$a{I_0T_E^)ksvT;y1>1!jXl%HQ$M8`_f@t^C2DPz`43pF%?w
zE|L)!WH|yy8D4g`%j)Jli!To|;PEq-vFDEF<JF+n(>x!xdz2aZW*e#%6S8_p6pTc5
zhPv4fvx&-qc|QWtrT6|E;sXP<8lLObxmhUe^@31fh8|$(w5Qu9?J^0tR;u1ThA0V`
z$=b54d#E?Yt@En7crliusy=+q|NJC{UcNwDj5XaS{PJV@Wq8FVcBf%$1H4j!l#09;
zExS4p%G>Q(u-;0O;J)1>*zGCP<=Ibrx)ACfbr}<QsVuu1j(v)-m-Y7~w5n6AGK~ph
zjtSCunv1k@X1e2Nx+`Cdee>AkI|YRJP6M{}Z_ijAR;3&aL<$l6ClnkpPzTvD#(l(0
z?n+qX&4TB(Gx2p`3YKDqQT(lQn{^AD23F{B#v>bl@QV=%Zq)Q}2#v8SoA};0H>Mm0
zbP_sytn^xL^tL4tAoQj7ShFcdvYq^Br~J@IY5+Lu_&Ks6BKfoL&Rcyj4h5Kb9~a>6
z7Wqf2Kf*>Ut3RGqooJ|_Zx?S!)7nM)5@AQKOXoSt{H<C4QOAgH#mK?%+t|tRyU0TO
zvf>)w3m6Hp1PG!=3(`62UUhkBA-EG0yGw6E_I=N*P)=C5PBNjklb4&|H?Z}mlK`kK
z_}lv5TFN1fz0g$}9oP#*iDHTdJ8Yv*4XNm=ZoX@5o@z&qIr>pa`5}Z<4{W&%FLOPm
zg+nOeTQNkv2C?MqYni<~s*Rs;uxV7c|1)ymO=;(RsQDHDHUWPJToFpy5sUqyl$uz2
zdevcS3r1#?Zvbkwlo338u(1f_B<-<#nkHi`SX+@qQnT4+l~=yJ^oW{8Un;)4E+0F3
z*edTIQQq^OQBQ5=-kpiR8=jjT_kvGU4YW8sRsN1KI~6|*{z{h1)829Syo>xv;WZo{
c{J*v{B;u`0{`+=@MALO1q=dD<%Nt((2SV$zF8}}l

diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 3ff7dd53a90..a8e6efd0851 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -4342,10 +4342,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4361,19 +4361,19 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -4456,10 +4456,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4474,19 +4474,19 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -4569,10 +4569,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4586,19 +4586,19 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -4681,10 +4681,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4699,8 +4699,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   },
@@ -4708,19 +4708,19 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "NodeName"
+                        "columnName": "NodeName",
+                        "identifier": "HostName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -4803,10 +4803,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4821,19 +4821,19 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -4916,10 +4916,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4933,8 +4933,8 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
                     ]
                   },
@@ -4942,19 +4942,19 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -5037,10 +5037,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5056,8 +5056,8 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
                     ]
                   },
@@ -5065,19 +5065,19 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -5160,10 +5160,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Users_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5179,19 +5179,19 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "LoginName"
+                        "columnName": "LoginName",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -5274,10 +5274,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5293,19 +5293,19 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -5388,10 +5388,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5407,19 +5407,19 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -5502,10 +5502,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5519,19 +5519,19 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -5614,10 +5614,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -5633,8 +5633,8 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
                     ]
                   },
@@ -5642,19 +5642,19 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -5737,10 +5737,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -5756,8 +5756,8 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
                     ]
                   },
@@ -5765,19 +5765,19 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -5860,10 +5860,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -5880,19 +5880,19 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -5975,10 +5975,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -5995,8 +5995,8 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
                     ]
                   },
@@ -6004,19 +6004,19 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -6099,10 +6099,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6118,19 +6118,19 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -6213,10 +6213,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6232,19 +6232,19 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -6327,10 +6327,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6344,19 +6344,19 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
-                    "enabled": true,
                     "reopenClosedIncident": false,
+                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   },
                   "createIncident": true
                 }
@@ -7508,7 +7508,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"97a71946-815e-4519-a889-a10d455eafd6\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\\\"><svg width=\\\"40\\\" height=\\\"40\\\" style=\\\"margin-right:14px;flex-shrink:0;fill:#3b82f6\\\" xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><path d=\\\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\\\"/><path d=\\\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\\\" opacity=\\\".2\\\"/><path d=\\\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\" opacity=\\\".2\\\"/></svg><div><div style=\\\"font-size:22px;font-weight:600;letter-spacing:-0.5px\\\">Tailscale Standard (CCF)</div><div style=\\\"font-size:13px;color:#94a3b8;margin-top:2px\\\">Comprehensive visibility into a Tailscale tailnet on Personal (Free) and Standard tiers. Audit events, device inventory, users, credentials, DNS and tailnet settings polled from the Tailscale API. Scope every panel with the time range below.</div></div></div>\"},\"name\":\"header\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"9505e7fb-6622-4014-8686-14f8432cf042\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"1a6c8fea-a005-4fc4-a09a-4e99bb459744\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Devices\",\"subTarget\":\"devices\",\"style\":\"link\"},{\"id\":\"9b499cf5-007a-4e78-a541-94edbd5963ed\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Users & Identity\",\"subTarget\":\"users\",\"style\":\"link\"},{\"id\":\"29accdba-1ce7-4b56-a054-fa69eced7886\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Credentials\",\"subTarget\":\"credentials\",\"style\":\"link\"},{\"id\":\"10a5ef86-e291-4ec9-804b-1d95a35b82a3\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"DNS & Tailnet\",\"subTarget\":\"dns\",\"style\":\"link\"},{\"id\":\"b75f9e0e-7135-4ec7-8d82-13505b3f1f31\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Webhooks\",\"subTarget\":\"webhooks\",\"style\":\"link\"},{\"id\":\"77485d43-6f26-4ad6-afce-e76e4710820f\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Audit Activity\",\"subTarget\":\"audit\",\"style\":\"link\"},{\"id\":\"99788080-b885-4220-9190-ca3546528cfe\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">At a glance</div>\"},\"name\":\"div-at-a-glance-a23e75\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union (Tailscale_Devices_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by DeviceId | summarize V=toreal(count())                              | extend Metric=\\\"Devices\\\",            Order=1),(Tailscale_Users_CL   | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by UserId   | summarize V=toreal(count())                              | extend Metric=\\\"Users\\\",              Order=2),(Tailscale_Keys_CL    | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by KeyId    | summarize V=toreal(countif(isnull(Revoked)))              | extend Metric=\\\"Active keys\\\",        Order=3),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange}                                                   | summarize V=toreal(count())                              | extend Metric=\\\"Audit events\\\",       Order=4),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange} | where tostring(Target.property) == \\\"ACL\\\" or tostring(Target.property) == \\\"DNS_SPLIT_DNS\\\" or tostring(Target.property) == \\\"DNS_NAMESERVERS\\\" or tostring(Target.property) == \\\"MAGICDNS_PREFERENCES\\\" | summarize V=toreal(count()) | extend Metric=\\\"DNS / ACL changes\\\", Order=5)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-97c91b94\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity over time</div>\"},\"name\":\"div-activity-over-time-cad2b2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events by action\",\"visualization\":\"timechart\"},\"name\":\"q-b6555f0f\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top actors</div>\"},\"name\":\"div-top-actors-8776bb\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Top 10 actors\",\"visualization\":\"table\"},\"name\":\"q-91e46bcd\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by TargetType = tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Activity by target type\",\"visualization\":\"table\"},\"name\":\"q-226763e3\",\"customWidth\":\"50\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"group-overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory snapshot</div>\"},\"name\":\"div-device-inventory-snapshot-9aebf5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nunion (base                                                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Total devices\\\",       Order=1),(base | where Authorized == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"Authorized\\\",          Order=2),(base | where IsExternal == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"External (shared)\\\",   Order=3),(base | where KeyExpiryDisabled == true                               | summarize V=toreal(count())                                      | extend Metric=\\\"Key expiry disabled\\\", Order=4),(base | where UpdateAvailable == true                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Update available\\\",    Order=5),(base | where array_length(AdvertisedRoutes) > 0                      | summarize V=toreal(count())                                      | extend Metric=\\\"Subnet routers\\\",      Order=6),(base | where LastSeen < ago(30d)                                     | summarize V=toreal(count())                                      | extend Metric=\\\"Stale (30+ days)\\\",    Order=7)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-2c8bcfb1\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-c08880\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by Os\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by OS\",\"visualization\":\"piechart\"},\"name\":\"q-8435df72\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by ClientVersion\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by client version\",\"visualization\":\"barchart\"},\"name\":\"q-95a9414c\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| mv-expand Tag = Tags to typeof(string)\\n| summarize Devices = dcount(DeviceId) by Tag = iff(isempty(Tag), \\\"(untagged)\\\", Tag)\\n| order by Devices desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by tag\",\"visualization\":\"piechart\"},\"name\":\"q-7e72903f\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory table</div>\"},\"name\":\"div-device-inventory-table-d1a89d\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| extend DaysToExpiry = iff(KeyExpiryDisabled == true, int(null), datetime_diff('day', Expires, now()))\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, LastSeen, DaysSinceSeen, DaysToExpiry, KeyExpiryDisabled, Tags, AdvertisedRoutes\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All devices (latest snapshot per device)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysSinceSeen\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":60}},{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":30}},{\"columnMatch\":\"UpdateAvailable\",\"formatter\":11},{\"columnMatch\":\"KeyExpiryDisabled\",\"formatter\":11}]}},\"name\":\"q-d7892cab\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routers and exit nodes</div>\"},\"name\":\"div-subnet-routers-and-exit-nodes-a6fbe2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\\n| project DeviceName, User, Os, AdvertisedRoutes, EnabledRoutes, Tags, LastSeen\\n| order by DeviceName asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices advertising routes (subnet routers / exit nodes)\",\"visualization\":\"table\"},\"name\":\"q-50b65ee3\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"devices\"},\"name\":\"group-devices\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Identity overview</div>\"},\"name\":\"div-identity-overview-9335d8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\\nunion (base                                | summarize V=toreal(count())                                | extend Metric=\\\"Users\\\",             Order=1),(base | where Status =~ \\\"active\\\"   | summarize V=toreal(count())                                | extend Metric=\\\"Active\\\",            Order=2),(base | where Status =~ \\\"suspended\\\" | summarize V=toreal(count())                               | extend Metric=\\\"Suspended\\\",         Order=3),(base | where CurrentlyConnected == true | summarize V=toreal(count())                           | extend Metric=\\\"Currently connected\\\", Order=4),(base | where DeviceCount == 0       | summarize V=toreal(count())                                | extend Metric=\\\"Zero devices\\\",      Order=5),(base | where Role in (\\\"owner\\\",\\\"admin\\\",\\\"network-admin\\\") | summarize V=toreal(count())          | extend Metric=\\\"Elevated\\\",          Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-fb41aa51\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-4b2298\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Role\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by role\",\"visualization\":\"piechart\"},\"name\":\"q-69fb1d2d\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Status\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by status\",\"visualization\":\"piechart\"},\"name\":\"q-d026cea9\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">User inventory table</div>\"},\"name\":\"div-user-inventory-table-79802d\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| project LoginName, DisplayName, Role, Status, UserType, DeviceCount, CurrentlyConnected, LastSeen, DaysSinceSeen, Created\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All users (latest snapshot per user)\",\"visualization\":\"table\"},\"name\":\"q-bd4b15af\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"users\"},\"name\":\"group-users\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory</div>\"},\"name\":\"div-credential-inventory-3dbcc1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId | where isnull(Revoked);\\nunion (base                                                  | summarize V=toreal(count())                  | extend Metric=\\\"Active credentials\\\",    Order=1),(base | where KeyType =~ \\\"auth\\\"                       | summarize V=toreal(count())                  | extend Metric=\\\"Auth keys\\\",             Order=2),(base | where KeyType in~ (\\\"apiAccessToken\\\",\\\"api_access_token\\\",\\\"apikey\\\") | summarize V=toreal(count()) | extend Metric=\\\"API tokens\\\",          Order=3),(base | where KeyType in~ (\\\"oauthClient\\\",\\\"oauth_client\\\")                  | summarize V=toreal(count()) | extend Metric=\\\"OAuth clients\\\",       Order=4),(base | where isnull(Expires)                          | summarize V=toreal(count())                  | extend Metric=\\\"No expiry\\\",             Order=5),(base | where isnotnull(Expires) and Expires < now()+7d | summarize V=toreal(count())                 | extend Metric=\\\"Expiring within 7 days\\\", Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-7f141013\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credentials by type</div>\"},\"name\":\"div-credentials-by-type-20d5b3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| summarize Count = count() by KeyType\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by type\",\"visualization\":\"piechart\"},\"name\":\"q-dfb3fbc4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked) and isnotnull(Expires)\\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\\n| extend Bucket = case(DaysToExpiry < 0, '0 expired', DaysToExpiry < 7, '1 within 7d', DaysToExpiry < 30, '2 within 30d', DaysToExpiry < 90, '3 within 90d', '4 over 90d')\\n| summarize Keys = count() by Bucket\\n| order by Bucket asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by expiry window\",\"visualization\":\"barchart\"},\"name\":\"q-09938e1d\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory table</div>\"},\"name\":\"div-credential-inventory-table-0ccb53\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| extend DaysToExpiry = iff(isnull(Expires), int(null), datetime_diff('day', Expires, now()))\\n| project KeyId, KeyType, Description, Created, Expires, DaysToExpiry, Revoked, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All credentials (latest snapshot per ID)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":90}}]}},\"name\":\"q-0660a92f\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit log: credential lifecycle</div>\"},\"name\":\"div-audit-log:-credential-lifecycl-25cd5f\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, TargetType = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Create / update / delete events on credentials\",\"visualization\":\"table\"},\"name\":\"q-667d6168\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"credentials\"},\"name\":\"group-credentials\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Current DNS state</div>\"},\"name\":\"div-current-dns-state-b054f9\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Dns_CL\\n| summarize arg_max(TimeGenerated, *) by ConfigType\\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastUpdated = TimeGenerated\\n| order by ConfigType asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"DNS configuration snapshot (latest per config type)\",\"visualization\":\"table\"},\"name\":\"q-b72ff334\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet settings snapshot</div>\"},\"name\":\"div-tailnet-settings-snapshot-a457cb\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| top 1 by TimeGenerated\\n| project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Current tailnet settings\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DevicesApprovalOn\",\"formatter\":11},{\"columnMatch\":\"DevicesAutoUpdatesOn\",\"formatter\":11},{\"columnMatch\":\"UsersApprovalOn\",\"formatter\":11},{\"columnMatch\":\"NetworkFlowLoggingOn\",\"formatter\":11},{\"columnMatch\":\"RegionalRoutingOn\",\"formatter\":11},{\"columnMatch\":\"PostureIdentityCollectionOn\",\"formatter\":11}]}},\"name\":\"q-99cf0545\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS / ACL / Settings change history</div>\"},\"name\":\"div-dns-/-acl-/-settings-change-hi-b18656\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\"\\n| extend Property = tostring(Target.property), ActorLogin = tostring(Actor.loginName)\\n| where Property in (\\\"ACL\\\", \\\"DNS_NAMESERVERS\\\", \\\"DNS_SPLIT_DNS\\\", \\\"DNS_SEARCHPATHS\\\", \\\"MAGICDNS_PREFERENCES\\\", \\\"SETTINGS\\\", \\\"TAILNET_SETTINGS\\\")\\n| project TimeGenerated, ActorLogin, Property, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Tailnet configuration changes\",\"visualization\":\"table\"},\"name\":\"q-47218d2a\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"dns\"},\"name\":\"group-dns\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook inventory</div>\"},\"name\":\"div-webhook-inventory-ca6406\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Webhooks_CL\\n| summarize arg_max(TimeGenerated, *) by EndpointId\\n| project EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All webhooks (latest snapshot per endpoint)\",\"visualization\":\"table\"},\"name\":\"q-d2585638\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook change history (from audit log)</div>\"},\"name\":\"div-webhook-change-history-(from-a-040d0e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"WEBHOOK\\\" or tostring(Target.property) =~ \\\"WEBHOOK\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Target, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Webhook create / update / delete events\",\"visualization\":\"table\"},\"name\":\"q-303ec591\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"webhooks\"},\"name\":\"group-webhooks\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit volume</div>\"},\"name\":\"div-audit-volume-2dac6c\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h)\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events per hour\",\"visualization\":\"timechart\"},\"name\":\"q-6831105c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor and action distribution</div>\"},\"name\":\"div-actor-and-action-distribution-e6ef51\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Actor / Action / Target heatmap\",\"visualization\":\"table\"},\"name\":\"q-2d0d578e\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent activity</div>\"},\"name\":\"div-recent-activity-a8f996\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type), Property = tostring(Target.property)\\n| project TimeGenerated, ActorLogin, Action, TargetType, Property, TargetId = tostring(Target.id), Origin\\n| order by TimeGenerated desc\\n| take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent 100 audit events\",\"visualization\":\"table\"},\"name\":\"q-03fb31a7\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"audit\"},\"name\":\"group-audit\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailscale-related alerts</div>\"},\"name\":\"div-tailscale-related-alerts-a0f1ca\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Alerts by rule\",\"visualization\":\"table\"},\"name\":\"q-ffba1ab4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Severity distribution\",\"visualization\":\"table\"},\"name\":\"q-bf9342b0\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent Tailscale alerts</div>\"},\"name\":\"div-recent-tailscale-alerts-45f843\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent Tailscale alerts\",\"visualization\":\"table\"},\"name\":\"q-dfb44602\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"group-signals\"},{\"type\":1,\"content\":{\"json\":\"---\\n\\n**Tailscale Standard (CCF)** | Polled from the Tailscale Site Manager API every 5 minutes (audit) / hourly (state). For Premium / Enterprise tier tailnets that need network flow logs and posture telemetry, install **Tailscale Premium (CCF)** instead.\"},\"name\":\"footer\"}],\"fromTemplateId\":\"sentinel-TailscaleStandardOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"97a71946-815e-4519-a889-a10d455eafd6\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\\\"><svg width=\\\"40\\\" height=\\\"40\\\" style=\\\"margin-right:14px;flex-shrink:0;fill:#3b82f6\\\" xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><path d=\\\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\\\"/><path d=\\\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\\\" opacity=\\\".2\\\"/><path d=\\\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\" opacity=\\\".2\\\"/></svg><div><div style=\\\"font-size:22px;font-weight:600;letter-spacing:-0.5px\\\">Tailscale Standard (CCF)</div><div style=\\\"font-size:13px;color:#94a3b8;margin-top:2px\\\">Comprehensive visibility into a Tailscale tailnet on Personal (Free) and Standard tiers. Audit events, device inventory, users, credentials, DNS and tailnet settings polled from the Tailscale API. Scope every panel with the time range below.</div></div></div>\"},\"name\":\"header\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"9505e7fb-6622-4014-8686-14f8432cf042\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"1a6c8fea-a005-4fc4-a09a-4e99bb459744\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Devices\",\"subTarget\":\"devices\",\"style\":\"link\"},{\"id\":\"9b499cf5-007a-4e78-a541-94edbd5963ed\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Users & Identity\",\"subTarget\":\"users\",\"style\":\"link\"},{\"id\":\"29accdba-1ce7-4b56-a054-fa69eced7886\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Credentials\",\"subTarget\":\"credentials\",\"style\":\"link\"},{\"id\":\"10a5ef86-e291-4ec9-804b-1d95a35b82a3\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"DNS & Tailnet\",\"subTarget\":\"dns\",\"style\":\"link\"},{\"id\":\"b75f9e0e-7135-4ec7-8d82-13505b3f1f31\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Webhooks\",\"subTarget\":\"webhooks\",\"style\":\"link\"},{\"id\":\"77485d43-6f26-4ad6-afce-e76e4710820f\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Audit Activity\",\"subTarget\":\"audit\",\"style\":\"link\"},{\"id\":\"99788080-b885-4220-9190-ca3546528cfe\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">At a glance</div>\"},\"name\":\"div-at-a-glance-a23e75\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union (Tailscale_Devices_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by DeviceId | summarize V=toreal(count())                              | extend Metric=\\\"Devices\\\",            Order=1),(Tailscale_Users_CL   | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by UserId   | summarize V=toreal(count())                              | extend Metric=\\\"Users\\\",              Order=2),(Tailscale_Keys_CL    | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by KeyId    | summarize V=toreal(countif(isnull(Revoked)))              | extend Metric=\\\"Active keys\\\",        Order=3),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange}                                                   | summarize V=toreal(count())                              | extend Metric=\\\"Audit events\\\",       Order=4),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange} | where tostring(Target.property) == \\\"ACL\\\" or tostring(Target.property) == \\\"DNS_SPLIT_DNS\\\" or tostring(Target.property) == \\\"DNS_NAMESERVERS\\\" or tostring(Target.property) == \\\"MAGICDNS_PREFERENCES\\\" | summarize V=toreal(count()) | extend Metric=\\\"DNS / ACL changes\\\", Order=5)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-97c91b94\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity over time</div>\"},\"name\":\"div-activity-over-time-cad2b2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events by action\",\"visualization\":\"timechart\"},\"name\":\"q-b6555f0f\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top actors</div>\"},\"name\":\"div-top-actors-8776bb\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Top 10 actors\",\"visualization\":\"table\"},\"name\":\"q-91e46bcd\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by TargetType = tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Activity by target type\",\"visualization\":\"table\"},\"name\":\"q-226763e3\",\"customWidth\":\"50\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"group-overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory snapshot</div>\"},\"name\":\"div-device-inventory-snapshot-9aebf5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nunion (base                                                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Total devices\\\",       Order=1),(base | where Authorized == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"Authorized\\\",          Order=2),(base | where IsExternal == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"External (shared)\\\",   Order=3),(base | where KeyExpiryDisabled == true                               | summarize V=toreal(count())                                      | extend Metric=\\\"Key expiry disabled\\\", Order=4),(base | where UpdateAvailable == true                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Update available\\\",    Order=5),(base | where array_length(AdvertisedRoutes) > 0                      | summarize V=toreal(count())                                      | extend Metric=\\\"Subnet routers\\\",      Order=6),(base | where LastSeen < ago(30d)                                     | summarize V=toreal(count())                                      | extend Metric=\\\"Stale (30+ days)\\\",    Order=7)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-2c8bcfb1\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-c08880\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by Os\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by OS\",\"visualization\":\"piechart\"},\"name\":\"q-8435df72\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by ClientVersion\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by client version\",\"visualization\":\"barchart\"},\"name\":\"q-95a9414c\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| mv-expand Tag = Tags to typeof(string)\\n| summarize Devices = dcount(DeviceId) by Tag = iff(isempty(Tag), \\\"(untagged)\\\", Tag)\\n| order by Devices desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by tag\",\"visualization\":\"piechart\"},\"name\":\"q-7e72903f\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory table</div>\"},\"name\":\"div-device-inventory-table-d1a89d\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| extend DaysToExpiry = iff(KeyExpiryDisabled == true, int(null), datetime_diff('day', Expires, now()))\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, LastSeen, DaysSinceSeen, DaysToExpiry, KeyExpiryDisabled, Tags, AdvertisedRoutes\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All devices (latest snapshot per device)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysSinceSeen\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":60}},{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":30}},{\"columnMatch\":\"UpdateAvailable\",\"formatter\":11},{\"columnMatch\":\"KeyExpiryDisabled\",\"formatter\":11}]}},\"name\":\"q-d7892cab\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routers and exit nodes</div>\"},\"name\":\"div-subnet-routers-and-exit-nodes-a6fbe2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\\n| project DeviceName, User, Os, AdvertisedRoutes, EnabledRoutes, Tags, LastSeen\\n| order by DeviceName asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices advertising routes (subnet routers / exit nodes)\",\"visualization\":\"table\"},\"name\":\"q-50b65ee3\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"devices\"},\"name\":\"group-devices\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Identity overview</div>\"},\"name\":\"div-identity-overview-9335d8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\\nunion (base                                | summarize V=toreal(count())                                | extend Metric=\\\"Users\\\",             Order=1),(base | where Status =~ \\\"active\\\"   | summarize V=toreal(count())                                | extend Metric=\\\"Active\\\",            Order=2),(base | where Status =~ \\\"suspended\\\" | summarize V=toreal(count())                               | extend Metric=\\\"Suspended\\\",         Order=3),(base | where CurrentlyConnected == true | summarize V=toreal(count())                           | extend Metric=\\\"Currently connected\\\", Order=4),(base | where DeviceCount == 0       | summarize V=toreal(count())                                | extend Metric=\\\"Zero devices\\\",      Order=5),(base | where Role in (\\\"owner\\\",\\\"admin\\\",\\\"network-admin\\\") | summarize V=toreal(count())          | extend Metric=\\\"Elevated\\\",          Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-fb41aa51\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-4b2298\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Role\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by role\",\"visualization\":\"piechart\"},\"name\":\"q-69fb1d2d\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Status\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by status\",\"visualization\":\"piechart\"},\"name\":\"q-d026cea9\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">User inventory table</div>\"},\"name\":\"div-user-inventory-table-79802d\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| project LoginName, DisplayName, Role, Status, UserType, DeviceCount, CurrentlyConnected, LastSeen, DaysSinceSeen, Created\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All users (latest snapshot per user)\",\"visualization\":\"table\"},\"name\":\"q-bd4b15af\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"users\"},\"name\":\"group-users\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory</div>\"},\"name\":\"div-credential-inventory-3dbcc1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId | where isnull(Revoked);\\nunion (base                                                  | summarize V=toreal(count())                  | extend Metric=\\\"Active credentials\\\",    Order=1),(base | where KeyType =~ \\\"auth\\\"                       | summarize V=toreal(count())                  | extend Metric=\\\"Auth keys\\\",             Order=2),(base | where KeyType in~ (\\\"apiAccessToken\\\",\\\"api_access_token\\\",\\\"apikey\\\") | summarize V=toreal(count()) | extend Metric=\\\"API tokens\\\",          Order=3),(base | where KeyType in~ (\\\"oauthClient\\\",\\\"oauth_client\\\")                  | summarize V=toreal(count()) | extend Metric=\\\"OAuth clients\\\",       Order=4),(base | where isnull(Expires)                          | summarize V=toreal(count())                  | extend Metric=\\\"No expiry\\\",             Order=5),(base | where isnotnull(Expires) and Expires < now()+7d | summarize V=toreal(count())                 | extend Metric=\\\"Expiring within 7 days\\\", Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-7f141013\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credentials by type</div>\"},\"name\":\"div-credentials-by-type-20d5b3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| summarize Count = count() by KeyType\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by type\",\"visualization\":\"piechart\"},\"name\":\"q-dfb3fbc4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked) and isnotnull(Expires)\\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\\n| extend Bucket = case(DaysToExpiry < 0, '0 expired', DaysToExpiry < 7, '1 within 7d', DaysToExpiry < 30, '2 within 30d', DaysToExpiry < 90, '3 within 90d', '4 over 90d')\\n| summarize Keys = count() by Bucket\\n| order by Bucket asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by expiry window\",\"visualization\":\"barchart\"},\"name\":\"q-09938e1d\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory table</div>\"},\"name\":\"div-credential-inventory-table-0ccb53\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| extend DaysToExpiry = iff(isnull(Expires), int(null), datetime_diff('day', Expires, now()))\\n| project KeyId, KeyType, Description, Created, Expires, DaysToExpiry, Revoked, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All credentials (latest snapshot per ID)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":90}}]}},\"name\":\"q-0660a92f\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit log: credential lifecycle</div>\"},\"name\":\"div-audit-log:-credential-lifecycl-25cd5f\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, TargetType = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Create / update / delete events on credentials\",\"visualization\":\"table\"},\"name\":\"q-667d6168\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"credentials\"},\"name\":\"group-credentials\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Current DNS state</div>\"},\"name\":\"div-current-dns-state-b054f9\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Dns_CL\\n| summarize arg_max(TimeGenerated, *) by ConfigType\\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastUpdated = TimeGenerated\\n| order by ConfigType asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"DNS configuration snapshot (latest per config type)\",\"visualization\":\"table\"},\"name\":\"q-b72ff334\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet settings snapshot</div>\"},\"name\":\"div-tailnet-settings-snapshot-a457cb\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| top 1 by TimeGenerated\\n| project\\n    ['Snapshot at'] = TimeGenerated,\\n    ['Device approval required'] = iff(DevicesApprovalOn == true, 'On', 'Off'),\\n    ['Device auto-updates'] = iff(DevicesAutoUpdatesOn == true, 'On', 'Off'),\\n    ['Device key duration (days)'] = DevicesKeyDurationDays,\\n    ['User approval required'] = iff(UsersApprovalOn == true, 'On', 'Off'),\\n    ['Users allowed to join external tailnets'] = UsersRoleAllowedToJoinExternalTailnets,\\n    ['Regional routing'] = iff(RegionalRoutingOn == true, 'On', 'Off')\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Current tailnet settings\",\"visualization\":\"table\"},\"name\":\"q-99cf0545\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS / ACL / Settings change history</div>\"},\"name\":\"div-dns-/-acl-/-settings-change-hi-b18656\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\"\\n| extend Property = tostring(Target.property), ActorLogin = tostring(Actor.loginName)\\n| where Property in (\\\"ACL\\\", \\\"DNS_NAMESERVERS\\\", \\\"DNS_SPLIT_DNS\\\", \\\"DNS_SEARCHPATHS\\\", \\\"MAGICDNS_PREFERENCES\\\", \\\"SETTINGS\\\", \\\"TAILNET_SETTINGS\\\")\\n| project TimeGenerated, ActorLogin, Property, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Tailnet configuration changes\",\"visualization\":\"table\"},\"name\":\"q-47218d2a\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"dns\"},\"name\":\"group-dns\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook inventory</div>\"},\"name\":\"div-webhook-inventory-ca6406\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Webhooks_CL\\n| summarize arg_max(TimeGenerated, *) by EndpointId\\n| project EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All webhooks (latest snapshot per endpoint)\",\"visualization\":\"table\"},\"name\":\"q-d2585638\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook change history (from audit log)</div>\"},\"name\":\"div-webhook-change-history-(from-a-040d0e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"WEBHOOK\\\" or tostring(Target.property) =~ \\\"WEBHOOK\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Target, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Webhook create / update / delete events\",\"visualization\":\"table\"},\"name\":\"q-303ec591\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"webhooks\"},\"name\":\"group-webhooks\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit volume</div>\"},\"name\":\"div-audit-volume-2dac6c\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h)\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events per hour\",\"visualization\":\"timechart\"},\"name\":\"q-6831105c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor and action distribution</div>\"},\"name\":\"div-actor-and-action-distribution-e6ef51\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Actor / Action / Target heatmap\",\"visualization\":\"table\"},\"name\":\"q-2d0d578e\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent activity</div>\"},\"name\":\"div-recent-activity-a8f996\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type), Property = tostring(Target.property)\\n| project TimeGenerated, ActorLogin, Action, TargetType, Property, TargetId = tostring(Target.id), Origin\\n| order by TimeGenerated desc\\n| take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent 100 audit events\",\"visualization\":\"table\"},\"name\":\"q-03fb31a7\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"audit\"},\"name\":\"group-audit\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailscale-related alerts</div>\"},\"name\":\"div-tailscale-related-alerts-a0f1ca\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Alerts by rule\",\"visualization\":\"table\"},\"name\":\"q-ffba1ab4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Severity distribution\",\"visualization\":\"table\"},\"name\":\"q-bf9342b0\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent Tailscale alerts</div>\"},\"name\":\"div-recent-tailscale-alerts-45f843\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent Tailscale alerts\",\"visualization\":\"table\"},\"name\":\"q-dfb44602\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"group-signals\"},{\"type\":1,\"content\":{\"json\":\"---\\n\\n**Tailscale Standard (CCF)** | Polled from the Tailscale Site Manager API every 5 minutes (audit) / hourly (state). For Premium / Enterprise tier tailnets that need network flow logs and posture telemetry, install **Tailscale Premium (CCF)** instead.\"},\"name\":\"footer\"}],\"fromTemplateId\":\"sentinel-TailscaleStandardOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -7594,7 +7594,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"5c59168c-014b-4a83-8a8f-73cc60997e6b\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\\\"><svg width=\\\"40\\\" height=\\\"40\\\" style=\\\"margin-right:14px;flex-shrink:0;fill:#a855f7\\\" xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><path d=\\\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\\\"/><path d=\\\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\\\" opacity=\\\".2\\\"/><path d=\\\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\" opacity=\\\".2\\\"/></svg><div><div style=\\\"font-size:22px;font-weight:600;letter-spacing:-0.5px\\\">Tailscale Premium (CCF)</div><div style=\\\"font-size:13px;color:#94a3b8;margin-top:2px\\\">Comprehensive visibility for Premium and Enterprise tier tailnets. All Standard telemetry plus network flow logs and posture-integration inventory. Scope every panel with the time range below.</div></div></div>\"},\"name\":\"header\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"c1c44fc1-1b89-45a5-92cb-8e2374d9a855\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"d1147d96-d052-47f7-b048-2b471f6f091c\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Devices\",\"subTarget\":\"devices\",\"style\":\"link\"},{\"id\":\"52c56980-5cfe-456c-a499-9cfd8317ad69\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Users & Identity\",\"subTarget\":\"users\",\"style\":\"link\"},{\"id\":\"9eb1d383-09e7-4aed-af3c-0dbe8c73dac6\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Credentials\",\"subTarget\":\"credentials\",\"style\":\"link\"},{\"id\":\"7cd3279a-4b91-430a-a68d-fb1fa2d74d9b\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"DNS & Tailnet\",\"subTarget\":\"dns\",\"style\":\"link\"},{\"id\":\"e5179782-bc17-42b3-9f8c-c2e0fbfd1f30\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Webhooks\",\"subTarget\":\"webhooks\",\"style\":\"link\"},{\"id\":\"6cce0298-c5ec-4092-bfc8-b84a6764fe62\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"8d8bbfed-b08e-401b-9f62-8eaa597261d3\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Posture\",\"subTarget\":\"posture\",\"style\":\"link\"},{\"id\":\"81d1910b-f903-4811-b762-cabeb7740c88\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Audit Activity\",\"subTarget\":\"audit\",\"style\":\"link\"},{\"id\":\"f685a8e3-878e-4cd6-b6d3-5340d57eb32b\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">At a glance</div>\"},\"name\":\"div-at-a-glance-75296e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union (Tailscale_Devices_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by DeviceId | summarize V=toreal(count())                              | extend Metric=\\\"Devices\\\",            Order=1),(Tailscale_Users_CL   | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by UserId   | summarize V=toreal(count())                              | extend Metric=\\\"Users\\\",              Order=2),(Tailscale_Keys_CL    | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by KeyId    | summarize V=toreal(countif(isnull(Revoked)))              | extend Metric=\\\"Active keys\\\",        Order=3),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange}                                                   | summarize V=toreal(count())                              | extend Metric=\\\"Audit events\\\",       Order=4),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange} | where tostring(Target.property) == \\\"ACL\\\" or tostring(Target.property) == \\\"DNS_SPLIT_DNS\\\" or tostring(Target.property) == \\\"DNS_NAMESERVERS\\\" or tostring(Target.property) == \\\"MAGICDNS_PREFERENCES\\\" | summarize V=toreal(count()) | extend Metric=\\\"DNS / ACL changes\\\", Order=5)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-b71f9f4a\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity over time</div>\"},\"name\":\"div-activity-over-time-bcc7c5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events by action\",\"visualization\":\"timechart\"},\"name\":\"q-8fc88ccb\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top actors</div>\"},\"name\":\"div-top-actors-bd287b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Top 10 actors\",\"visualization\":\"table\"},\"name\":\"q-93b0d742\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by TargetType = tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Activity by target type\",\"visualization\":\"table\"},\"name\":\"q-12fbe2ab\",\"customWidth\":\"50\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"group-overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory snapshot</div>\"},\"name\":\"div-device-inventory-snapshot-56b7ce\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nunion (base                                                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Total devices\\\",       Order=1),(base | where Authorized == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"Authorized\\\",          Order=2),(base | where IsExternal == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"External (shared)\\\",   Order=3),(base | where KeyExpiryDisabled == true                               | summarize V=toreal(count())                                      | extend Metric=\\\"Key expiry disabled\\\", Order=4),(base | where UpdateAvailable == true                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Update available\\\",    Order=5),(base | where array_length(AdvertisedRoutes) > 0                      | summarize V=toreal(count())                                      | extend Metric=\\\"Subnet routers\\\",      Order=6),(base | where LastSeen < ago(30d)                                     | summarize V=toreal(count())                                      | extend Metric=\\\"Stale (30+ days)\\\",    Order=7)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-b8b431c0\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-d18e9a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by Os\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by OS\",\"visualization\":\"piechart\"},\"name\":\"q-acf35833\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by ClientVersion\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by client version\",\"visualization\":\"barchart\"},\"name\":\"q-29ed4eb0\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| mv-expand Tag = Tags to typeof(string)\\n| summarize Devices = dcount(DeviceId) by Tag = iff(isempty(Tag), \\\"(untagged)\\\", Tag)\\n| order by Devices desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by tag\",\"visualization\":\"piechart\"},\"name\":\"q-71ed6d65\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory table</div>\"},\"name\":\"div-device-inventory-table-ba97ce\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| extend DaysToExpiry = iff(KeyExpiryDisabled == true, int(null), datetime_diff('day', Expires, now()))\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, LastSeen, DaysSinceSeen, DaysToExpiry, KeyExpiryDisabled, Tags, AdvertisedRoutes\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All devices (latest snapshot per device)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysSinceSeen\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":60}},{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":30}},{\"columnMatch\":\"UpdateAvailable\",\"formatter\":11},{\"columnMatch\":\"KeyExpiryDisabled\",\"formatter\":11}]}},\"name\":\"q-d0f59836\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routers and exit nodes</div>\"},\"name\":\"div-subnet-routers-and-exit-nodes-b80917\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\\n| project DeviceName, User, Os, AdvertisedRoutes, EnabledRoutes, Tags, LastSeen\\n| order by DeviceName asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices advertising routes (subnet routers / exit nodes)\",\"visualization\":\"table\"},\"name\":\"q-374f7fdc\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"devices\"},\"name\":\"group-devices\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Identity overview</div>\"},\"name\":\"div-identity-overview-2881ca\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\\nunion (base                                | summarize V=toreal(count())                                | extend Metric=\\\"Users\\\",             Order=1),(base | where Status =~ \\\"active\\\"   | summarize V=toreal(count())                                | extend Metric=\\\"Active\\\",            Order=2),(base | where Status =~ \\\"suspended\\\" | summarize V=toreal(count())                               | extend Metric=\\\"Suspended\\\",         Order=3),(base | where CurrentlyConnected == true | summarize V=toreal(count())                           | extend Metric=\\\"Currently connected\\\", Order=4),(base | where DeviceCount == 0       | summarize V=toreal(count())                                | extend Metric=\\\"Zero devices\\\",      Order=5),(base | where Role in (\\\"owner\\\",\\\"admin\\\",\\\"network-admin\\\") | summarize V=toreal(count())          | extend Metric=\\\"Elevated\\\",          Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-fd38a1c2\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-e6ff99\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Role\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by role\",\"visualization\":\"piechart\"},\"name\":\"q-776b4d9b\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Status\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by status\",\"visualization\":\"piechart\"},\"name\":\"q-13d1cabf\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">User inventory table</div>\"},\"name\":\"div-user-inventory-table-ddbb44\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| project LoginName, DisplayName, Role, Status, UserType, DeviceCount, CurrentlyConnected, LastSeen, DaysSinceSeen, Created\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All users (latest snapshot per user)\",\"visualization\":\"table\"},\"name\":\"q-5b6e7b3a\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"users\"},\"name\":\"group-users\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory</div>\"},\"name\":\"div-credential-inventory-30455a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId | where isnull(Revoked);\\nunion (base                                                  | summarize V=toreal(count())                  | extend Metric=\\\"Active credentials\\\",    Order=1),(base | where KeyType =~ \\\"auth\\\"                       | summarize V=toreal(count())                  | extend Metric=\\\"Auth keys\\\",             Order=2),(base | where KeyType in~ (\\\"apiAccessToken\\\",\\\"api_access_token\\\",\\\"apikey\\\") | summarize V=toreal(count()) | extend Metric=\\\"API tokens\\\",          Order=3),(base | where KeyType in~ (\\\"oauthClient\\\",\\\"oauth_client\\\")                  | summarize V=toreal(count()) | extend Metric=\\\"OAuth clients\\\",       Order=4),(base | where isnull(Expires)                          | summarize V=toreal(count())                  | extend Metric=\\\"No expiry\\\",             Order=5),(base | where isnotnull(Expires) and Expires < now()+7d | summarize V=toreal(count())                 | extend Metric=\\\"Expiring within 7 days\\\", Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-64bd4801\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credentials by type</div>\"},\"name\":\"div-credentials-by-type-00cf87\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| summarize Count = count() by KeyType\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by type\",\"visualization\":\"piechart\"},\"name\":\"q-32c060b4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked) and isnotnull(Expires)\\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\\n| extend Bucket = case(DaysToExpiry < 0, '0 expired', DaysToExpiry < 7, '1 within 7d', DaysToExpiry < 30, '2 within 30d', DaysToExpiry < 90, '3 within 90d', '4 over 90d')\\n| summarize Keys = count() by Bucket\\n| order by Bucket asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by expiry window\",\"visualization\":\"barchart\"},\"name\":\"q-43beab6b\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory table</div>\"},\"name\":\"div-credential-inventory-table-adc7f0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| extend DaysToExpiry = iff(isnull(Expires), int(null), datetime_diff('day', Expires, now()))\\n| project KeyId, KeyType, Description, Created, Expires, DaysToExpiry, Revoked, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All credentials (latest snapshot per ID)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":90}}]}},\"name\":\"q-4d271c05\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit log: credential lifecycle</div>\"},\"name\":\"div-audit-log:-credential-lifecycl-f6dfb7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, TargetType = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Create / update / delete events on credentials\",\"visualization\":\"table\"},\"name\":\"q-ecc5f778\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"credentials\"},\"name\":\"group-credentials\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Current DNS state</div>\"},\"name\":\"div-current-dns-state-400b06\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Dns_CL\\n| summarize arg_max(TimeGenerated, *) by ConfigType\\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastUpdated = TimeGenerated\\n| order by ConfigType asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"DNS configuration snapshot (latest per config type)\",\"visualization\":\"table\"},\"name\":\"q-12240394\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet settings snapshot</div>\"},\"name\":\"div-tailnet-settings-snapshot-b777cf\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| top 1 by TimeGenerated\\n| project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Current tailnet settings\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DevicesApprovalOn\",\"formatter\":11},{\"columnMatch\":\"DevicesAutoUpdatesOn\",\"formatter\":11},{\"columnMatch\":\"UsersApprovalOn\",\"formatter\":11},{\"columnMatch\":\"NetworkFlowLoggingOn\",\"formatter\":11},{\"columnMatch\":\"RegionalRoutingOn\",\"formatter\":11},{\"columnMatch\":\"PostureIdentityCollectionOn\",\"formatter\":11}]}},\"name\":\"q-69053c5e\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS / ACL / Settings change history</div>\"},\"name\":\"div-dns-/-acl-/-settings-change-hi-3efe2e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\"\\n| extend Property = tostring(Target.property), ActorLogin = tostring(Actor.loginName)\\n| where Property in (\\\"ACL\\\", \\\"DNS_NAMESERVERS\\\", \\\"DNS_SPLIT_DNS\\\", \\\"DNS_SEARCHPATHS\\\", \\\"MAGICDNS_PREFERENCES\\\", \\\"SETTINGS\\\", \\\"TAILNET_SETTINGS\\\")\\n| project TimeGenerated, ActorLogin, Property, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Tailnet configuration changes\",\"visualization\":\"table\"},\"name\":\"q-bf4dcbaf\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"dns\"},\"name\":\"group-dns\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook inventory</div>\"},\"name\":\"div-webhook-inventory-ac2dd4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Webhooks_CL\\n| summarize arg_max(TimeGenerated, *) by EndpointId\\n| project EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All webhooks (latest snapshot per endpoint)\",\"visualization\":\"table\"},\"name\":\"q-4f947b64\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook change history (from audit log)</div>\"},\"name\":\"div-webhook-change-history-(from-a-b5a420\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"WEBHOOK\\\" or tostring(Target.property) =~ \\\"WEBHOOK\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Target, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Webhook create / update / delete events\",\"visualization\":\"table\"},\"name\":\"q-cbd16912\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"webhooks\"},\"name\":\"group-webhooks\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Network flow summary</div>\"},\"name\":\"div-network-flow-summary-4f9133\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Network_CL | where TimeGenerated {TimeRange};\\nunion (base                                                          | summarize V=toreal(count())                                                                                                  | extend Metric=\\\"Messages\\\",         Order=1),(base                                                          | summarize V=toreal(dcount(NodeId))                                                                                          | extend Metric=\\\"Unique nodes\\\",     Order=2),(base | mv-expand t = VirtualTraffic                           | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\\\"Bytes total (B)\\\",  Order=3),(base | mv-expand t = ExitTraffic                              | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\\\"Exit egress (B)\\\",  Order=4),(base | mv-expand t = SubnetTraffic                            | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\\\"Subnet (B)\\\",       Order=5)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-6aeb3506\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top talkers</div>\"},\"name\":\"div-top-talkers-a1283e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by Src, Dst\\n| top 25 by TotalBytes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Top 25 src->dst pairs by bytes\",\"visualization\":\"barchart\"},\"name\":\"q-994f3cfe\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Exit-node usage</div>\"},\"name\":\"div-exit-node-usage-73c3f0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(ExitTraffic) > 0\\n| mv-expand t = ExitTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst = tostring(t.dst)\\n| top 25 by TotalBytes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Exit-node egress\",\"visualization\":\"table\"},\"name\":\"q-0a4f4625\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet router throughput</div>\"},\"name\":\"div-subnet-router-throughput-590dd2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(SubnetTraffic) > 0\\n| mv-expand t = SubnetTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\\n| top 15 by TotalBytes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Subnet routers by throughput\",\"visualization\":\"table\"},\"name\":\"q-b912a9e0\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Bytes over time</div>\"},\"name\":\"div-bytes-over-time-e5bc09\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\\n| render timechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Virtual traffic bytes per hour\",\"visualization\":\"table\"},\"name\":\"q-505f4fda\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"group-network\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Posture inventory</div>\"},\"name\":\"div-posture-inventory-09f2f0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| project Provider, IntegrationId, ClientId, TenantId_Provider, Status, ConfigOverwrites\\n| order by Provider asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Current posture integrations\",\"visualization\":\"table\"},\"name\":\"q-46b6e6de\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Integrations by provider</div>\"},\"name\":\"div-integrations-by-provider-539100\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| summarize Count = count() by Provider\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"By provider\",\"visualization\":\"piechart\"},\"name\":\"q-65328ab4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| top 1 by TimeGenerated\\n| project PostureIdentityCollectionOn\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Posture identity collection\",\"visualization\":\"table\"},\"name\":\"q-c5867d42\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Posture integration change history</div>\"},\"name\":\"div-posture-integration-change-his-dce848\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action in (\\\"CREATE\\\", \\\"UPDATE\\\", \\\"DELETE\\\")\\n| where tostring(Target.type) startswith \\\"POSTURE\\\" or tostring(Target.type) == \\\"POSTURE_INTEGRATION\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Provider = tostring(Target.name), Old, New\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit log: posture-integration changes\",\"visualization\":\"table\"},\"name\":\"q-6b24da73\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"posture\"},\"name\":\"group-posture\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit volume</div>\"},\"name\":\"div-audit-volume-73f015\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h)\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events per hour\",\"visualization\":\"timechart\"},\"name\":\"q-b71cf8c3\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor and action distribution</div>\"},\"name\":\"div-actor-and-action-distribution-2156c2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Actor / Action / Target heatmap\",\"visualization\":\"table\"},\"name\":\"q-2eddf283\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent activity</div>\"},\"name\":\"div-recent-activity-669c80\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type), Property = tostring(Target.property)\\n| project TimeGenerated, ActorLogin, Action, TargetType, Property, TargetId = tostring(Target.id), Origin\\n| order by TimeGenerated desc\\n| take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent 100 audit events\",\"visualization\":\"table\"},\"name\":\"q-49c1df44\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"audit\"},\"name\":\"group-audit\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailscale-related alerts</div>\"},\"name\":\"div-tailscale-related-alerts-871583\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Alerts by rule\",\"visualization\":\"table\"},\"name\":\"q-40e4f77b\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Severity distribution\",\"visualization\":\"table\"},\"name\":\"q-5fed33a4\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent Tailscale alerts</div>\"},\"name\":\"div-recent-tailscale-alerts-8e085b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent Tailscale alerts\",\"visualization\":\"table\"},\"name\":\"q-0bf0cedc\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"group-signals\"},{\"type\":1,\"content\":{\"json\":\"---\\n\\n**Tailscale Premium (CCF)** | All Standard telemetry plus network flow logs (`/logging/network`) and posture integrations (`/posture/integrations`) on Premium / Enterprise tier tailnets.\"},\"name\":\"footer\"}],\"fromTemplateId\":\"sentinel-TailscalePremiumOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"5c59168c-014b-4a83-8a8f-73cc60997e6b\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\\\"><svg width=\\\"40\\\" height=\\\"40\\\" style=\\\"margin-right:14px;flex-shrink:0;fill:#a855f7\\\" xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><path d=\\\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\\\"/><path d=\\\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\\\" opacity=\\\".2\\\"/><path d=\\\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\" opacity=\\\".2\\\"/></svg><div><div style=\\\"font-size:22px;font-weight:600;letter-spacing:-0.5px\\\">Tailscale Premium (CCF)</div><div style=\\\"font-size:13px;color:#94a3b8;margin-top:2px\\\">Comprehensive visibility for Premium and Enterprise tier tailnets. All Standard telemetry plus network flow logs and posture-integration inventory. Scope every panel with the time range below.</div></div></div>\"},\"name\":\"header\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"c1c44fc1-1b89-45a5-92cb-8e2374d9a855\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"d1147d96-d052-47f7-b048-2b471f6f091c\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Devices\",\"subTarget\":\"devices\",\"style\":\"link\"},{\"id\":\"52c56980-5cfe-456c-a499-9cfd8317ad69\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Users & Identity\",\"subTarget\":\"users\",\"style\":\"link\"},{\"id\":\"9eb1d383-09e7-4aed-af3c-0dbe8c73dac6\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Credentials\",\"subTarget\":\"credentials\",\"style\":\"link\"},{\"id\":\"7cd3279a-4b91-430a-a68d-fb1fa2d74d9b\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"DNS & Tailnet\",\"subTarget\":\"dns\",\"style\":\"link\"},{\"id\":\"e5179782-bc17-42b3-9f8c-c2e0fbfd1f30\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Webhooks\",\"subTarget\":\"webhooks\",\"style\":\"link\"},{\"id\":\"6cce0298-c5ec-4092-bfc8-b84a6764fe62\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"8d8bbfed-b08e-401b-9f62-8eaa597261d3\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Posture\",\"subTarget\":\"posture\",\"style\":\"link\"},{\"id\":\"81d1910b-f903-4811-b762-cabeb7740c88\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Audit Activity\",\"subTarget\":\"audit\",\"style\":\"link\"},{\"id\":\"f685a8e3-878e-4cd6-b6d3-5340d57eb32b\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">At a glance</div>\"},\"name\":\"div-at-a-glance-75296e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union (Tailscale_Devices_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by DeviceId | summarize V=toreal(count())                              | extend Metric=\\\"Devices\\\",            Order=1),(Tailscale_Users_CL   | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by UserId   | summarize V=toreal(count())                              | extend Metric=\\\"Users\\\",              Order=2),(Tailscale_Keys_CL    | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by KeyId    | summarize V=toreal(countif(isnull(Revoked)))              | extend Metric=\\\"Active keys\\\",        Order=3),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange}                                                   | summarize V=toreal(count())                              | extend Metric=\\\"Audit events\\\",       Order=4),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange} | where tostring(Target.property) == \\\"ACL\\\" or tostring(Target.property) == \\\"DNS_SPLIT_DNS\\\" or tostring(Target.property) == \\\"DNS_NAMESERVERS\\\" or tostring(Target.property) == \\\"MAGICDNS_PREFERENCES\\\" | summarize V=toreal(count()) | extend Metric=\\\"DNS / ACL changes\\\", Order=5)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-b71f9f4a\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity over time</div>\"},\"name\":\"div-activity-over-time-bcc7c5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events by action\",\"visualization\":\"timechart\"},\"name\":\"q-8fc88ccb\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top actors</div>\"},\"name\":\"div-top-actors-bd287b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Top 10 actors\",\"visualization\":\"table\"},\"name\":\"q-93b0d742\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by TargetType = tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Activity by target type\",\"visualization\":\"table\"},\"name\":\"q-12fbe2ab\",\"customWidth\":\"50\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"group-overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory snapshot</div>\"},\"name\":\"div-device-inventory-snapshot-56b7ce\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nunion (base                                                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Total devices\\\",       Order=1),(base | where Authorized == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"Authorized\\\",          Order=2),(base | where IsExternal == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"External (shared)\\\",   Order=3),(base | where KeyExpiryDisabled == true                               | summarize V=toreal(count())                                      | extend Metric=\\\"Key expiry disabled\\\", Order=4),(base | where UpdateAvailable == true                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Update available\\\",    Order=5),(base | where array_length(AdvertisedRoutes) > 0                      | summarize V=toreal(count())                                      | extend Metric=\\\"Subnet routers\\\",      Order=6),(base | where LastSeen < ago(30d)                                     | summarize V=toreal(count())                                      | extend Metric=\\\"Stale (30+ days)\\\",    Order=7)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-b8b431c0\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-d18e9a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by Os\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by OS\",\"visualization\":\"piechart\"},\"name\":\"q-acf35833\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by ClientVersion\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by client version\",\"visualization\":\"barchart\"},\"name\":\"q-29ed4eb0\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| mv-expand Tag = Tags to typeof(string)\\n| summarize Devices = dcount(DeviceId) by Tag = iff(isempty(Tag), \\\"(untagged)\\\", Tag)\\n| order by Devices desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by tag\",\"visualization\":\"piechart\"},\"name\":\"q-71ed6d65\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory table</div>\"},\"name\":\"div-device-inventory-table-ba97ce\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| extend DaysToExpiry = iff(KeyExpiryDisabled == true, int(null), datetime_diff('day', Expires, now()))\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, LastSeen, DaysSinceSeen, DaysToExpiry, KeyExpiryDisabled, Tags, AdvertisedRoutes\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All devices (latest snapshot per device)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysSinceSeen\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":60}},{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":30}},{\"columnMatch\":\"UpdateAvailable\",\"formatter\":11},{\"columnMatch\":\"KeyExpiryDisabled\",\"formatter\":11}]}},\"name\":\"q-d0f59836\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routers and exit nodes</div>\"},\"name\":\"div-subnet-routers-and-exit-nodes-b80917\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\\n| project DeviceName, User, Os, AdvertisedRoutes, EnabledRoutes, Tags, LastSeen\\n| order by DeviceName asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices advertising routes (subnet routers / exit nodes)\",\"visualization\":\"table\"},\"name\":\"q-374f7fdc\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"devices\"},\"name\":\"group-devices\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Identity overview</div>\"},\"name\":\"div-identity-overview-2881ca\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\\nunion (base                                | summarize V=toreal(count())                                | extend Metric=\\\"Users\\\",             Order=1),(base | where Status =~ \\\"active\\\"   | summarize V=toreal(count())                                | extend Metric=\\\"Active\\\",            Order=2),(base | where Status =~ \\\"suspended\\\" | summarize V=toreal(count())                               | extend Metric=\\\"Suspended\\\",         Order=3),(base | where CurrentlyConnected == true | summarize V=toreal(count())                           | extend Metric=\\\"Currently connected\\\", Order=4),(base | where DeviceCount == 0       | summarize V=toreal(count())                                | extend Metric=\\\"Zero devices\\\",      Order=5),(base | where Role in (\\\"owner\\\",\\\"admin\\\",\\\"network-admin\\\") | summarize V=toreal(count())          | extend Metric=\\\"Elevated\\\",          Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-fd38a1c2\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-e6ff99\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Role\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by role\",\"visualization\":\"piechart\"},\"name\":\"q-776b4d9b\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Status\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by status\",\"visualization\":\"piechart\"},\"name\":\"q-13d1cabf\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">User inventory table</div>\"},\"name\":\"div-user-inventory-table-ddbb44\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| project LoginName, DisplayName, Role, Status, UserType, DeviceCount, CurrentlyConnected, LastSeen, DaysSinceSeen, Created\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All users (latest snapshot per user)\",\"visualization\":\"table\"},\"name\":\"q-5b6e7b3a\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"users\"},\"name\":\"group-users\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory</div>\"},\"name\":\"div-credential-inventory-30455a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId | where isnull(Revoked);\\nunion (base                                                  | summarize V=toreal(count())                  | extend Metric=\\\"Active credentials\\\",    Order=1),(base | where KeyType =~ \\\"auth\\\"                       | summarize V=toreal(count())                  | extend Metric=\\\"Auth keys\\\",             Order=2),(base | where KeyType in~ (\\\"apiAccessToken\\\",\\\"api_access_token\\\",\\\"apikey\\\") | summarize V=toreal(count()) | extend Metric=\\\"API tokens\\\",          Order=3),(base | where KeyType in~ (\\\"oauthClient\\\",\\\"oauth_client\\\")                  | summarize V=toreal(count()) | extend Metric=\\\"OAuth clients\\\",       Order=4),(base | where isnull(Expires)                          | summarize V=toreal(count())                  | extend Metric=\\\"No expiry\\\",             Order=5),(base | where isnotnull(Expires) and Expires < now()+7d | summarize V=toreal(count())                 | extend Metric=\\\"Expiring within 7 days\\\", Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-64bd4801\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credentials by type</div>\"},\"name\":\"div-credentials-by-type-00cf87\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| summarize Count = count() by KeyType\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by type\",\"visualization\":\"piechart\"},\"name\":\"q-32c060b4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked) and isnotnull(Expires)\\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\\n| extend Bucket = case(DaysToExpiry < 0, '0 expired', DaysToExpiry < 7, '1 within 7d', DaysToExpiry < 30, '2 within 30d', DaysToExpiry < 90, '3 within 90d', '4 over 90d')\\n| summarize Keys = count() by Bucket\\n| order by Bucket asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by expiry window\",\"visualization\":\"barchart\"},\"name\":\"q-43beab6b\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory table</div>\"},\"name\":\"div-credential-inventory-table-adc7f0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| extend DaysToExpiry = iff(isnull(Expires), int(null), datetime_diff('day', Expires, now()))\\n| project KeyId, KeyType, Description, Created, Expires, DaysToExpiry, Revoked, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All credentials (latest snapshot per ID)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":90}}]}},\"name\":\"q-4d271c05\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit log: credential lifecycle</div>\"},\"name\":\"div-audit-log:-credential-lifecycl-f6dfb7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, TargetType = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Create / update / delete events on credentials\",\"visualization\":\"table\"},\"name\":\"q-ecc5f778\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"credentials\"},\"name\":\"group-credentials\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Current DNS state</div>\"},\"name\":\"div-current-dns-state-400b06\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Dns_CL\\n| summarize arg_max(TimeGenerated, *) by ConfigType\\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastUpdated = TimeGenerated\\n| order by ConfigType asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"DNS configuration snapshot (latest per config type)\",\"visualization\":\"table\"},\"name\":\"q-12240394\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet settings snapshot</div>\"},\"name\":\"div-tailnet-settings-snapshot-b777cf\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| top 1 by TimeGenerated\\n| project\\n    ['Snapshot at'] = TimeGenerated,\\n    ['Device approval required'] = iff(DevicesApprovalOn == true, 'On', 'Off'),\\n    ['Device auto-updates'] = iff(DevicesAutoUpdatesOn == true, 'On', 'Off'),\\n    ['Device key duration (days)'] = DevicesKeyDurationDays,\\n    ['User approval required'] = iff(UsersApprovalOn == true, 'On', 'Off'),\\n    ['Users allowed to join external tailnets'] = UsersRoleAllowedToJoinExternalTailnets,\\n    ['Regional routing'] = iff(RegionalRoutingOn == true, 'On', 'Off'),\\n    ['Network flow logging'] = iff(NetworkFlowLoggingOn == true, 'On', 'Off'),\\n    ['Posture identity collection'] = iff(PostureIdentityCollectionOn == true, 'On', 'Off')\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Current tailnet settings\",\"visualization\":\"table\"},\"name\":\"q-69053c5e\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS / ACL / Settings change history</div>\"},\"name\":\"div-dns-/-acl-/-settings-change-hi-3efe2e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\"\\n| extend Property = tostring(Target.property), ActorLogin = tostring(Actor.loginName)\\n| where Property in (\\\"ACL\\\", \\\"DNS_NAMESERVERS\\\", \\\"DNS_SPLIT_DNS\\\", \\\"DNS_SEARCHPATHS\\\", \\\"MAGICDNS_PREFERENCES\\\", \\\"SETTINGS\\\", \\\"TAILNET_SETTINGS\\\")\\n| project TimeGenerated, ActorLogin, Property, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Tailnet configuration changes\",\"visualization\":\"table\"},\"name\":\"q-bf4dcbaf\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"dns\"},\"name\":\"group-dns\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook inventory</div>\"},\"name\":\"div-webhook-inventory-ac2dd4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Webhooks_CL\\n| summarize arg_max(TimeGenerated, *) by EndpointId\\n| project EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All webhooks (latest snapshot per endpoint)\",\"visualization\":\"table\"},\"name\":\"q-4f947b64\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook change history (from audit log)</div>\"},\"name\":\"div-webhook-change-history-(from-a-b5a420\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"WEBHOOK\\\" or tostring(Target.property) =~ \\\"WEBHOOK\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Target, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Webhook create / update / delete events\",\"visualization\":\"table\"},\"name\":\"q-cbd16912\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"webhooks\"},\"name\":\"group-webhooks\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Network flow summary</div>\"},\"name\":\"div-network-flow-summary-4f9133\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Network_CL | where TimeGenerated {TimeRange};\\nunion (base                                                          | summarize V=toreal(count())                                                                                                  | extend Metric=\\\"Messages\\\",         Order=1),(base                                                          | summarize V=toreal(dcount(NodeId))                                                                                          | extend Metric=\\\"Unique nodes\\\",     Order=2),(base | mv-expand t = VirtualTraffic                           | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\\\"Bytes total (B)\\\",  Order=3),(base | mv-expand t = ExitTraffic                              | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\\\"Exit egress (B)\\\",  Order=4),(base | mv-expand t = SubnetTraffic                            | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\\\"Subnet (B)\\\",       Order=5)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-6aeb3506\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top talkers</div>\"},\"name\":\"div-top-talkers-a1283e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by Src, Dst\\n| top 25 by TotalBytes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Top 25 src->dst pairs by bytes\",\"visualization\":\"barchart\"},\"name\":\"q-994f3cfe\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Exit-node usage</div>\"},\"name\":\"div-exit-node-usage-73c3f0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(ExitTraffic) > 0\\n| mv-expand t = ExitTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst = tostring(t.dst)\\n| top 25 by TotalBytes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Exit-node egress\",\"visualization\":\"table\"},\"name\":\"q-0a4f4625\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet router throughput</div>\"},\"name\":\"div-subnet-router-throughput-590dd2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(SubnetTraffic) > 0\\n| mv-expand t = SubnetTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\\n| top 15 by TotalBytes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Subnet routers by throughput\",\"visualization\":\"table\"},\"name\":\"q-b912a9e0\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Bytes over time</div>\"},\"name\":\"div-bytes-over-time-e5bc09\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\\n| render timechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Virtual traffic bytes per hour\",\"visualization\":\"table\"},\"name\":\"q-505f4fda\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"group-network\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Posture inventory</div>\"},\"name\":\"div-posture-inventory-09f2f0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| project Provider, IntegrationId, ClientId, TenantId_Provider, Status, ConfigOverwrites\\n| order by Provider asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Current posture integrations\",\"visualization\":\"table\"},\"name\":\"q-46b6e6de\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Integrations by provider</div>\"},\"name\":\"div-integrations-by-provider-539100\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| summarize Count = count() by Provider\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"By provider\",\"visualization\":\"piechart\"},\"name\":\"q-65328ab4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| top 1 by TimeGenerated\\n| project PostureIdentityCollectionOn\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Posture identity collection\",\"visualization\":\"table\"},\"name\":\"q-c5867d42\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Posture integration change history</div>\"},\"name\":\"div-posture-integration-change-his-dce848\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action in (\\\"CREATE\\\", \\\"UPDATE\\\", \\\"DELETE\\\")\\n| where tostring(Target.type) startswith \\\"POSTURE\\\" or tostring(Target.type) == \\\"POSTURE_INTEGRATION\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Provider = tostring(Target.name), Old, New\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit log: posture-integration changes\",\"visualization\":\"table\"},\"name\":\"q-6b24da73\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"posture\"},\"name\":\"group-posture\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit volume</div>\"},\"name\":\"div-audit-volume-73f015\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h)\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events per hour\",\"visualization\":\"timechart\"},\"name\":\"q-b71cf8c3\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor and action distribution</div>\"},\"name\":\"div-actor-and-action-distribution-2156c2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Actor / Action / Target heatmap\",\"visualization\":\"table\"},\"name\":\"q-2eddf283\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent activity</div>\"},\"name\":\"div-recent-activity-669c80\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type), Property = tostring(Target.property)\\n| project TimeGenerated, ActorLogin, Action, TargetType, Property, TargetId = tostring(Target.id), Origin\\n| order by TimeGenerated desc\\n| take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent 100 audit events\",\"visualization\":\"table\"},\"name\":\"q-49c1df44\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"audit\"},\"name\":\"group-audit\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailscale-related alerts</div>\"},\"name\":\"div-tailscale-related-alerts-871583\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Alerts by rule\",\"visualization\":\"table\"},\"name\":\"q-40e4f77b\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Severity distribution\",\"visualization\":\"table\"},\"name\":\"q-5fed33a4\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent Tailscale alerts</div>\"},\"name\":\"div-recent-tailscale-alerts-8e085b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent Tailscale alerts\",\"visualization\":\"table\"},\"name\":\"q-0bf0cedc\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"group-signals\"},{\"type\":1,\"content\":{\"json\":\"---\\n\\n**Tailscale Premium (CCF)** | All Standard telemetry plus network flow logs (`/logging/network`) and posture integrations (`/posture/integrations`) on Premium / Enterprise tier tailnets.\"},\"name\":\"footer\"}],\"fromTemplateId\":\"sentinel-TailscalePremiumOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json
index 617ba2e86f7..be0dc76cd08 100644
--- a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
@@ -691,40 +691,12 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Settings_CL\n| top 1 by TimeGenerated\n| project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn",
+              "query": "Tailscale_Settings_CL\n| top 1 by TimeGenerated\n| project\n    ['Snapshot at'] = TimeGenerated,\n    ['Device approval required'] = iff(DevicesApprovalOn == true, 'On', 'Off'),\n    ['Device auto-updates'] = iff(DevicesAutoUpdatesOn == true, 'On', 'Off'),\n    ['Device key duration (days)'] = DevicesKeyDurationDays,\n    ['User approval required'] = iff(UsersApprovalOn == true, 'On', 'Off'),\n    ['Users allowed to join external tailnets'] = UsersRoleAllowedToJoinExternalTailnets,\n    ['Regional routing'] = iff(RegionalRoutingOn == true, 'On', 'Off'),\n    ['Network flow logging'] = iff(NetworkFlowLoggingOn == true, 'On', 'Off'),\n    ['Posture identity collection'] = iff(PostureIdentityCollectionOn == true, 'On', 'Off')",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "title": "Current tailnet settings",
-              "visualization": "table",
-              "gridSettings": {
-                "formatters": [
-                  {
-                    "columnMatch": "DevicesApprovalOn",
-                    "formatter": 11
-                  },
-                  {
-                    "columnMatch": "DevicesAutoUpdatesOn",
-                    "formatter": 11
-                  },
-                  {
-                    "columnMatch": "UsersApprovalOn",
-                    "formatter": 11
-                  },
-                  {
-                    "columnMatch": "NetworkFlowLoggingOn",
-                    "formatter": 11
-                  },
-                  {
-                    "columnMatch": "RegionalRoutingOn",
-                    "formatter": 11
-                  },
-                  {
-                    "columnMatch": "PostureIdentityCollectionOn",
-                    "formatter": 11
-                  }
-                ]
-              }
+              "visualization": "table"
             },
             "name": "q-69053c5e"
           },
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json
index a29a884ee06..4604d91f4f9 100644
--- a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
@@ -675,40 +675,12 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Settings_CL\n| top 1 by TimeGenerated\n| project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn",
+              "query": "Tailscale_Settings_CL\n| top 1 by TimeGenerated\n| project\n    ['Snapshot at'] = TimeGenerated,\n    ['Device approval required'] = iff(DevicesApprovalOn == true, 'On', 'Off'),\n    ['Device auto-updates'] = iff(DevicesAutoUpdatesOn == true, 'On', 'Off'),\n    ['Device key duration (days)'] = DevicesKeyDurationDays,\n    ['User approval required'] = iff(UsersApprovalOn == true, 'On', 'Off'),\n    ['Users allowed to join external tailnets'] = UsersRoleAllowedToJoinExternalTailnets,\n    ['Regional routing'] = iff(RegionalRoutingOn == true, 'On', 'Off')",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "title": "Current tailnet settings",
-              "visualization": "table",
-              "gridSettings": {
-                "formatters": [
-                  {
-                    "columnMatch": "DevicesApprovalOn",
-                    "formatter": 11
-                  },
-                  {
-                    "columnMatch": "DevicesAutoUpdatesOn",
-                    "formatter": 11
-                  },
-                  {
-                    "columnMatch": "UsersApprovalOn",
-                    "formatter": 11
-                  },
-                  {
-                    "columnMatch": "NetworkFlowLoggingOn",
-                    "formatter": 11
-                  },
-                  {
-                    "columnMatch": "RegionalRoutingOn",
-                    "formatter": 11
-                  },
-                  {
-                    "columnMatch": "PostureIdentityCollectionOn",
-                    "formatter": 11
-                  }
-                ]
-              }
+              "visualization": "table"
             },
             "name": "q-99cf0545"
           },

From d6e72e32b5971145b0078181132964779caaa512 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 12:13:43 +0100
Subject: [PATCH 12/27] Tailscale (CCF): add 4 analytic rules + 4 hunts on new
 device fields

With /devices?fields=all now populating advertisedRoutes, enabledRoutes,
sshEnabled, connectedToControl, tailnetLockKey, tailnetLockError,
distro and clientConnectivity, this revision adds 8 new security
content items that surface signal from those fields. All apply to the
Standard tier connector.

New analytic rules (4):

  TailscaleTailnetLockValidationFailed     High / T1556, T1078
    Fires when TailnetLockError on any device is non-empty.
    Tailnet lock cryptographically prevents node-key injection; any
    validation error is a direct signal of an attempted compromise
    or a misconfigured signer.

  TailscaleDeviceSshNewlyEnabled           Medium / T1021, T1098
    Fires when SshEnabled transitions false -> true vs the prior 24h
    baseline. Tailscale SSH grants shell access to a device over the
    tailnet using Tailscale identity; new SSH-on events are legitimate
    but rare and worth reviewing.

  TailscaleUnauthorizedDeviceConnected     High / T1078, T1098
    Fires when Authorized=false AND ConnectedToControl=true.
    Device is talking to the control plane but admin hasn't approved
    it. With device-approval enabled, this is the approval queue;
    persistence indicates a misconfig or node-key injection attempt.

  TailscaleExternalDeviceAdded             Medium / T1078
    Fires when a new IsExternal=true device appears vs the prior 24h
    baseline. External (shared-in) devices expand the trust boundary -
    confirm against a documented sharing arrangement.

New hunting queries (4):

  TailscaleDevicesWithSshEnabled
    Inventory of devices currently exposing Tailscale SSH. Compare
    against the SSH ACL block to verify only intended targets are
    reachable.

  TailscaleExternalDeviceInventory
    Inventory of currently-active external (shared-in) devices.
    Compliance attestation - every entry should map to a documented
    collaboration.

  TailscaleOutdatedClients
    Devices reporting UpdateAvailable=true. Useful for fleet upgrade
    planning, especially before enabling ACL features that require
    minimum client versions. (Returns 9 devices on test tailnet.)

  TailscaleSubnetRouteExposure
    Lists devices advertising non-exit subnet routes (i.e. bridging
    non-tailnet networks into the tailnet). Excludes pure exit-node
    routes (0.0.0.0/0, ::/0) so only true subnet exposure surfaces.

All 8 queries validated against live data in the test workspace via
Invoke-AzOperationalInsightsQuery before commit (8/8 pass).

Total solution surface now:

  Standard:  15 analytic rules + 12 hunting queries + 1 workbook
  Premium:    7 analytic rules +  5 hunting queries + 1 workbook
  Shared:     2 data connectors, 11 custom tables
---
 .../TailscaleDeviceSshNewlyEnabled.yaml       |   55 +
 .../TailscaleExternalDeviceAdded.yaml         |   53 +
 .../TailscaleTailnetLockValidationFailed.yaml |   45 +
 .../TailscaleUnauthorizedDeviceConnected.yaml |   45 +
 .../Data/Solution_Tailscale.json              |    8 +
 .../TailscaleDevicesWithSshEnabled.yaml       |   25 +
 .../TailscaleExternalDeviceInventory.yaml     |   28 +
 .../TailscaleOutdatedClients.yaml             |   24 +
 .../TailscaleSubnetRouteExposure.yaml         |   29 +
 Solutions/Tailscale (CCF)/Package/3.0.3.zip   |  Bin 57505 -> 62244 bytes
 .../Package/createUiDefinition.json           |  158 +-
 .../Tailscale (CCF)/Package/mainTemplate.json | 2032 ++++++++++++-----
 12 files changed, 1918 insertions(+), 584 deletions(-)
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceSshNewlyEnabled.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExternalDeviceAdded.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleTailnetLockValidationFailed.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDevicesWithSshEnabled.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExternalDeviceInventory.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOutdatedClients.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSubnetRouteExposure.yaml

diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceSshNewlyEnabled.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceSshNewlyEnabled.yaml
new file mode 100644
index 00000000000..b34cad6a1fa
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceSshNewlyEnabled.yaml	
@@ -0,0 +1,55 @@
+id: f0a1b2c3-4567-8901-23de-f12345670041
+name: "Tailscale: Device Tailscale SSH newly enabled"
+description: |
+  Tailscale SSH was enabled on a device that previously did not have it. Tailscale SSH provides authenticated shell access to the device over the tailnet, using the existing Tailscale identity rather than SSH keys. Legitimate during initial admin setup; an unexpected enable broadens the attack surface for any device that can reach this node. Verify the change was intentional and that the SSH ACL covers it appropriately.
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Devices_CL
+queryFrequency: 1h
+queryPeriod: 2d
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - Persistence
+  - LateralMovement
+relevantTechniques:
+  - T1021
+  - T1098
+query: |
+  let recent =
+      Tailscale_Devices_CL
+      | where TimeGenerated > ago(1h)
+      | summarize arg_max(TimeGenerated, *) by DeviceId
+      | where SshEnabled == true
+      | project DeviceId, DeviceName, Hostname, User, Os, ClientVersion, LastSeen;
+  let prior =
+      Tailscale_Devices_CL
+      | where TimeGenerated between (ago(2d) .. ago(1h))
+      | summarize arg_max(TimeGenerated, *) by DeviceId
+      | where SshEnabled == true
+      | distinct DeviceId;
+  recent
+  | join kind=leftanti prior on DeviceId
+  | project TimeGenerated = now(), DeviceName, Hostname, User, Os, ClientVersion, LastSeen
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: Hostname
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: User
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExternalDeviceAdded.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExternalDeviceAdded.yaml
new file mode 100644
index 00000000000..39a1e7ab8af
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExternalDeviceAdded.yaml	
@@ -0,0 +1,53 @@
+id: b2c3d4e5-6789-0123-4567-890123450043
+name: "Tailscale: External (shared-in) device added"
+description: |
+  A device from a different tailnet has been shared into yours (IsExternal=true) and is not present in the prior 24-hour baseline. Tailnet sharing legitimately lets external collaborators access specific tagged resources, but every shared-in device expands the trust boundary - confirm the share matches a documented agreement and that the device is restricted to the intended ACL scope.
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Devices_CL
+queryFrequency: 1h
+queryPeriod: 2d
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - InitialAccess
+relevantTechniques:
+  - T1078
+query: |
+  let recent =
+      Tailscale_Devices_CL
+      | where TimeGenerated > ago(1h)
+      | summarize arg_max(TimeGenerated, *) by DeviceId
+      | where IsExternal == true
+      | project DeviceId, DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags;
+  let prior =
+      Tailscale_Devices_CL
+      | where TimeGenerated between (ago(2d) .. ago(1h))
+      | summarize arg_max(TimeGenerated, *) by DeviceId
+      | where IsExternal == true
+      | distinct DeviceId;
+  recent
+  | join kind=leftanti prior on DeviceId
+  | project TimeGenerated = now(), DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: Hostname
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: User
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleTailnetLockValidationFailed.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleTailnetLockValidationFailed.yaml
new file mode 100644
index 00000000000..c99c9dba86d
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleTailnetLockValidationFailed.yaml	
@@ -0,0 +1,45 @@
+id: e9f0a1b2-3456-7890-12cd-ef1234560040
+name: "Tailscale: Tailnet lock validation failed"
+description: |
+  A device has a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires that all new node-keys be co-signed by trusted signers - any error here is the only direct signal of a node-key injection attempt or a misconfigured signer. Investigate the failing device and which signer (or absence thereof) caused the failure.
+severity: High
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Devices_CL
+queryFrequency: 1h
+queryPeriod: 1h
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - DefenseEvasion
+  - InitialAccess
+relevantTechniques:
+  - T1556
+  - T1078
+query: |
+  Tailscale_Devices_CL
+  | where TimeGenerated > ago(1h)
+  | summarize arg_max(TimeGenerated, *) by DeviceId
+  | where isnotempty(TailnetLockError)
+  | project TimeGenerated, DeviceName, Hostname, User, Os, ClientVersion, TailnetLockError, TailnetLockKey, LastSeen, Authorized
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: Hostname
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: User
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml
new file mode 100644
index 00000000000..9727041b6fc
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml	
@@ -0,0 +1,45 @@
+id: a1b2c3d4-5678-9012-3456-789012340042
+name: "Tailscale: Unauthorized device connected to control plane"
+description: |
+  A device is actively connected to the Tailscale control plane (ConnectedToControl=true) but has not been authorized by an admin (Authorized=false). With device approval enabled, this is the queue of devices waiting for approval - any persistent or unexpected entry should be reviewed before being admitted. Without device approval enabled, this state should be transient (auto-approve); persistence indicates a misconfig or a node-key injection attempt.
+severity: High
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Devices_CL
+queryFrequency: 1h
+queryPeriod: 1h
+triggerOperator: GreaterThan
+triggerThreshold: 0
+tactics:
+  - InitialAccess
+  - Persistence
+relevantTechniques:
+  - T1078
+  - T1098
+query: |
+  Tailscale_Devices_CL
+  | where TimeGenerated > ago(1h)
+  | summarize arg_max(TimeGenerated, *) by DeviceId
+  | where Authorized == false and ConnectedToControl == true
+  | project TimeGenerated, DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, MachineKey, NodeKey
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: Hostname
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: User
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: 1d
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
index 710f26cf29e..1ce1e4254e5 100644
--- a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -23,6 +23,10 @@
     "Analytic Rules/TailscaleSplitDnsModified.yaml",
     "Analytic Rules/TailscaleDnsNameserversModified.yaml",
     "Analytic Rules/TailscaleMagicDnsDisabled.yaml",
+    "Analytic Rules/TailscaleTailnetLockValidationFailed.yaml",
+    "Analytic Rules/TailscaleDeviceSshNewlyEnabled.yaml",
+    "Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml",
+    "Analytic Rules/TailscaleExternalDeviceAdded.yaml",
     "Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml",
     "Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml",
     "Analytic Rules/TailscalePremiumBeaconingDetected.yaml",
@@ -40,6 +44,10 @@
     "Hunting Queries/TailscaleAuthKeysNoExpiry.yaml",
     "Hunting Queries/TailscaleOrphanedUsers.yaml",
     "Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml",
+    "Hunting Queries/TailscaleDevicesWithSshEnabled.yaml",
+    "Hunting Queries/TailscaleExternalDeviceInventory.yaml",
+    "Hunting Queries/TailscaleOutdatedClients.yaml",
+    "Hunting Queries/TailscaleSubnetRouteExposure.yaml",
     "Hunting Queries/TailscalePremiumNewNodePairs.yaml",
     "Hunting Queries/TailscalePremiumTopTalkers.yaml",
     "Hunting Queries/TailscalePremiumExitNodeUsage.yaml",
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDevicesWithSshEnabled.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDevicesWithSshEnabled.yaml
new file mode 100644
index 00000000000..a84947a623d
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDevicesWithSshEnabled.yaml	
@@ -0,0 +1,25 @@
+id: c3d4e5f6-7890-1234-5678-901234560044
+name: "Tailscale: Devices with Tailscale SSH enabled"
+description: |
+  Inventory of devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity (no SSH keys needed) and is governed by the SSH ACL block in the policy file. Cross-reference this list with the SSH ACL to confirm only the intended devices are reachable as SSH targets.
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Devices_CL
+tactics:
+  - LateralMovement
+  - Persistence
+relevantTechniques:
+  - T1021
+query: |
+  Tailscale_Devices_CL
+  | summarize arg_max(TimeGenerated, *) by DeviceId
+  | where SshEnabled == true
+  | project DeviceName, Hostname, User, Os, Distro, ClientVersion, LastSeen, Tags
+  | order by DeviceName asc
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: Hostname
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExternalDeviceInventory.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExternalDeviceInventory.yaml
new file mode 100644
index 00000000000..6c0978535a0
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExternalDeviceInventory.yaml	
@@ -0,0 +1,28 @@
+id: d4e5f6a7-8901-2345-6789-012345670045
+name: "Tailscale: External (shared-in) device inventory"
+description: |
+  Inventory of external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. Confirm each entry maps to a documented collaboration and that the corresponding ACL restricts the device to the intended resources.
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Devices_CL
+tactics:
+  - InitialAccess
+relevantTechniques:
+  - T1078
+query: |
+  Tailscale_Devices_CL
+  | summarize arg_max(TimeGenerated, *) by DeviceId
+  | where IsExternal == true
+  | project DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags
+  | order by Created desc
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: Hostname
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: User
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOutdatedClients.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOutdatedClients.yaml
new file mode 100644
index 00000000000..edc1b13e09d
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOutdatedClients.yaml	
@@ -0,0 +1,24 @@
+id: e5f6a7b8-9012-3456-7890-123456780046
+name: "Tailscale: Devices with outdated client version"
+description: |
+  Lists tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security and feature updates regularly; a device showing UpdateAvailable lacks the most recent improvements. Use this list to plan a fleet update, especially before enabling new ACL features that require minimum client versions.
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Devices_CL
+tactics:
+  - DefenseEvasion
+relevantTechniques:
+  - T1562
+query: |
+  Tailscale_Devices_CL
+  | summarize arg_max(TimeGenerated, *) by DeviceId
+  | where UpdateAvailable == true
+  | project DeviceName, Hostname, User, Os, Distro, ClientVersion, LastSeen, Tags
+  | order by ClientVersion asc, LastSeen desc
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: Hostname
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSubnetRouteExposure.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSubnetRouteExposure.yaml
new file mode 100644
index 00000000000..63366999109
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSubnetRouteExposure.yaml	
@@ -0,0 +1,29 @@
+id: f6a7b8c9-0123-4567-8901-234567890047
+name: "Tailscale: Subnet router CIDR exposure inventory"
+description: |
+  Lists every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it.
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Devices_CL
+tactics:
+  - LateralMovement
+relevantTechniques:
+  - T1021
+  - T1018
+query: |
+  let exitRoutes = dynamic(["0.0.0.0/0", "::/0"]);
+  Tailscale_Devices_CL
+  | summarize arg_max(TimeGenerated, *) by DeviceId
+  | where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0
+  | extend SubnetAdvertised = set_difference(AdvertisedRoutes, exitRoutes)
+  | extend SubnetEnabled = set_difference(EnabledRoutes, exitRoutes)
+  | where array_length(SubnetAdvertised) > 0 or array_length(SubnetEnabled) > 0
+  | project DeviceName, Hostname, User, Os, SubnetAdvertised, SubnetEnabled, Tags, LastSeen
+  | order by DeviceName asc
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: Hostname
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.3.zip b/Solutions/Tailscale (CCF)/Package/3.0.3.zip
index 9f5c403bcf7953439f06c3aacb456ab489554181..628f2f8712998698cc1718847ce90b1f44b3f7b3 100644
GIT binary patch
delta 59275
zcmZ^}V{{-<(={5~w(UtWv29PBOl)UjbZpzs#I|kQ_QZDP&hxzAd)NBzTK8|Cv(MgD
z)zz!3>g4x<7afD+D9M6DV1R&tz<`t+R_glw8BE$B0s)cFjK?7cKArG66aES+&J}kg
zNd*@P*wmoEXE9dU*n88D2*^tR8F!`Jl}ilz4lV~0Wnsqr<C)>v;+aBY3&e~C!*m2+
z<yWUhS%j@qSf3>DT!Rn%MKCz|Y0EL7a<Lhho$j36)zWh<h?^`DPMcD?DfOX(Phi@P
zu(S3VIJb9dp^4iGBysHsexo7qeLf^rC`wSU`tGTXt>F7JW?QrB%hX(`CIdDZ+v4<x
zqN!Qq5;`Z(aegA`M?<Pb<zht6W#>4c14}OR%i?01|K;5r1cWzT9i7|u3$d2`68R3>
z@Gjen1vPj`_``^ya&kTQ&YXLFa&$a6^(&L1#6bRO_eTRGATcSadS>?6+HApEMPQ3)
z3s=+k7jO?5mku8CrL7cg0Ln|&uX5qFR^>3b>Qfgqcv({0GWp$`oSzjQpO%m&l@!dY
zU!PZM7U`Q>o~vBl?d_3suxS_q`e5-K@HP<)3nE2kiZl9gsMkrPOtWd=-h#SY+Dk1N
zpZ$j4cK&_=#O{6XE3at!-9myKUE|$XL&a~V`aK-xC<kCO{RU%Xf`U9RAEy(Ei6gnh
zK25~>efBuX9=XTh?D_Y&ctI)*22nS6B4=%2mbTdnV!C0<me02Cj#;foC7%O6rL$b5
zn9SL(lG<U3ctS2N_u~~_90gk0Gbs8Tkrvc@83Tm?;#tcE=NuHCOh_v)$r46Y!z=<M
z5<J6PI;5@)=uC_?Coi7%q*Wj{fgoV?`sw9`9E=`kS<K?Rt{FGZT;gHOEQi}Df&(AP
zZ2<|dmw9OWgH-MB_VzaY_n@w>r+YSPH6}Tvu7B!3yZCYXVcFzuA!3>S=<?7!EQ(y0
ze2M^yB`WgI4G-zLZ{#o2WL+-y*W7p&$uxP-t0YgtrJWvQ+eEY7w7*;-6xGxhxsRs;
zqNpS0?l5xk8BF!M%|m|riEyqQgHZ+N^qBYGKsNpi-f_`D-Ii_uiU=~sr6RLmulbpS
zRMPIl;nNnYIaV2rW{9`l=p<Dc(h$C7(&_=HX8|v6kl|UU1n`Y1DJRJIM2S)d;<x*T
zOj`_ba3;ZGM<MBbSrRD0kjfoec^M~Ap-@0|aWWDk@y8y_^r70V?|D$^r=P(bciC^)
zLQGG(rBc~5GUnp-*qJM9Pt(82Jb3=tD<o<-Gcz-a=@66K+uw*6X|pF$^z%qOYtw;h
z6i-B4j-YMgK4aUL)LWK}YatBvz{EAki%TE;m@c-f)8zK=0qA;+?m;Z6)X1+w13e68
zP=pWtxvmoZ5)}yVHH(+1k%BYgdy~T9Xog0=#*Di^@R=CYj3S5|jj>y6KZ6=F2Y!nN
z6oOt{e&$ULX`V+uB^pyk1SjHlmcj!9@?85fJ!Rppzi)`Y<DK<zb;<_z@QE8@BvH%_
zYOdHp_UXl!R?Zb_UJd|#OUihCUsuGOtlTSFxl7KorOiYobWKZ5AiPjj)$$=T(cMXH
zD+kPp&?MhcbAFt9tO?l4C43$?jnUV<XVc`+$l@(up}(%mm{>elyj=Mx=Q#qMTPw)R
zxc-V4Z{~`RYGxlKW7Hjqe9!H#?=@rUm^|ne&1GWLPJ4s%CnmCEe3H#--SOP<;siz@
z&Ox+1an;2;B8tKg?e()4!aQ{*JSM)<^dpcG6P8Cs2e@BLr|sG~Z6x=Hb2^scW^Pyh
zY%Z+h=4ZKvlgo6GL2;VqgE2tkDsB710ddAFb%SGMM6QKme*Vr}9c?VVM?o@M`{{?&
z`M&P_q1&`Hqr8c*1Z5QVC6$%~+a8D|qdq{|2_p-w&#TG6;+$3@YOZ}`1G})xT*AO2
zUnBJ0r9t2P-18Hau||;Vv`0abBtB-jDla^pD%16(CU%;ay;T*K^8i>e)i&*aR6)9U
zlw>8opi=v*gL^bnkT75nE6Bye#e+lS&CSQPdD*kw=2;MUK4bT_5pyY)TC83eDxrb=
zs9TJTZ4?E`-<1GXE@Hy9AbzD6#U_A(0^8PeaOhlEk(Jc1iv@}CYgro;7MDWJKrjlS
zl1+rpT%#W5cqg(z;tg;*F{Lffq3+8u581X$-F15}l=bum*=rNvd&&4kxz^Ks@=%sj
z2)h$)vP~@XVM96g_zr$59ZDIi3Ts@4ZDIa=UGw4Fv)=Y>W$p&@fb-W1q@%_as>aow
zs-ox9rDf+D#hJw1lBI_XAz{mENZ~H5q-sT2Ml*EDD+oe*av2EImll%!!{uY98%8iw
zd|=smF5G<f+4j5KT3V?lXK`<KPp73)xY{(t+57xU<@Cbn6+6SjE4}f<;2}V2TNz6t
zH8cnhY>Kw7akRB-S_h{O_=Crqui2veoJ6b)6>Ac_wNbkO6GM$O<zjaZQh=(cZiZAk
znD#+qwsciF5(y0A<}9;f(~++rb=J+kDI9*qs3fmMR8jJLM2B)Q6t#10o|4Yvt9$1p
z++lVw%EdJYwv69@*0=QsE=v6N&($?|RpYofi%i-2YjJ)VS{KTG!-CYwepO?=xnCHY
ztH{H2?qW0Vahe+^8}pSb>&u(!-F(5&Ia99fD%l<~pA6XB@(Um$|3XL@-+eBK^Y|t1
zYIG4S1!vfF(4cC0-Y)1>`eR@F!?VgxkGl<dp?oUKPE%o(-id6w$ow6{Dcw*R6&O&H
z@{OpnilZB}-v~4K4R6oE%BhbEb&UzS4118*e4EJ?kNC~4<6zQ-7*VGt*irAYF}?sN
zMO(ULDh{AvZ@BeL*4-T3vE$2%ubeOAT-*wy=wA_&U02cpUfot4)|O~%a-Qhy-bbeY
z^0Ut#b^frn8O?5VGLGg6hYE@IlnWREk0TIufk#PCOr2+ha`1M7TazoL?U&OonKIfX
z&wL-5$@N>nF3pQWpTyGg2VZU?=qgdJ%%W3Xr39L_e@9gO_5DPipPUP^q)MZ+rb<r^
z*&GpKonzflH2Ql@LR=cL?z(_nMRU!q=Z`)FiN~9#>5osBO}?lu=LphFq-wEtngP+C
ziL0k*{^RnkC)QP9RM(=wkA5l`$4fu7t@e+6&xEe#Klia=XK>qY>7E`t9CY?BW-&5U
zhyY6M4_(K=<N$j!U{29Nil4VNthfd>Iv0<6ZPqyEnzpojb~huK6+3<*nJ(yF9gRLz
zt92BcMgI4jIBVsSSy*N_XyzV~cck;UXy7R8xQu6Xi9Bc5Ng3nMSR;#+2Eri+gg-3|
z9!xg6t_W`-2zy~S@K}acK~74z{ND>0Ab~o497mW`i^D;4%HSDOI=m1^@=Olw{V%&-
z-B#!s7t#jEVp$Z=5$X~j8W$#Nr>(&{#)^D?Ggids3X?W5RL8nP47J3GF^CY7AHSpX
zCkJlF%8r!ck|F6d7(jN^#Xt{4G@&I9>zhd|zM4g~IK}Z=IE3*g`LSD9qZ(VA<N-_4
z{rNDc-=(8@6l7tt&AqgQrO6IRn0tCook_T0bcK-t%h_TeVE&M73rR_J#qqbcM+cx{
z^ia%?kO5hK^PG~nEu6x*vD-4xHpr15XwivL`m7{$<I>fcDt7jfD*f@!njuKvDwCr)
z&ls@KQBvaAa9WIeGxPlV$fxX3`T=W*K9wgd7o7A_kp|AfG3jrf+Qz&Y*xW@Xav{mq
zqX;EXm&aX;t)Ffj!orHdrY;0RN|OXck3!>X(~YG6vgXmdtMQjPZ{vfeKG__UWYw4&
zDK6V74$U&UBDvo&MA-u?`3`j$Zahg}eONul<S$!^n?+HkG34ZkuV0|ttUz^ks1B?{
zq>NdCU!_p~A2>QRO9_92Pzvrqxzyyj;zoDl#>W!**=5lgU5f2nTS~-R>($ndxX55V
zX6a8$oqgJIaArAI#w4;#R9tp?NqlSt5y?FrY*#-@#rsvTBFbWjw#GxxV{-RF!4q=^
zNR4_4Gh70+c(f_^kS^qA4gfv2A}-~^JZ9Li4x~aFJpqH9Ogz}x-WwjO84YgXo(pHs
zj6ez%?k+=7j%KzAeIb*4xC5VJ_y-RKB3V^B)wM4HJFIb5Jx{0EoKP!OupJJVWqRqL
zCe}RT8&MJZ1x>+J%+n*pR4_z)vq5s{g<J<}R<S=fM{gq~{ZaJjC}09VCvb<VI&mqm
zSl+Z$AUz<FqtVAb#}goBVseE@V$LV0DVf@vH)=-E8*W325Mh9`I1V?|IKWIs-v?b`
zA2r&u2@wyN&-u+kf?>IjF*Pq3`mFoq(6gUY-Y~a_@2auXTjTSbh`*Ch@=K|L81_xp
zvfim+aZy&ub-RQg0XT>k1DZ}B_NOi8#5q~-+50Bse{E6D76sWXo=}EQkHaE95XQCR
z(rm+aVs<_56^asJpOPR!*|@V2agQPUx#RWnK>2+|CB4rsXWLjX{u+SltH;R2R_qN;
z%^hiE=1nw|$JxEyY%~<V{52CH_-QLRXjr4=z_~bQ7uhXl3{bS;VP+Us%gQ(|U<Z9e
zP(B_EuprdqHWZ{zNEmf4V0Ee*ASo`TLyKC6c)IaNC3;3f<ny?qXIb?!vT%Gk^2^bw
z-OL{2B<t9Hoo%Q@?Z4qCke386ZB#?@UB{0OZpYcvQC5fig6J=9z(*@j=yaXTe14X6
zAfqe)9BqpW1;D-P%%G0h(x-Y2e#_f|GRG&p3zV&5NXY#ufLW4!-%gr#QE!+gafMSB
zIf){;7ud$3CM2>MjCp;EqNioR14FS73r0e2o)+!E`W;LZX=FJ@B)w@`bdUx5ex3h4
z25oRJ)H&Ulr*h^=69=Es$+v{s3oos7TlHsc$*)x8bb#C{5-TU7Y_dJ-9ai;40*!hK
zOM=;As;H~@L8^g)Oiu&9p6}75UQ7l<24*I>9;{k+K>(3;Vc8M)M*&s=?R?YA<!7yr
zfYkD+FP?i8oA6V6o6Jg<d|h6HoRVz-O#~!&ct{*>ikKiIYnbySTBs63U?t`<bd>;{
z<mw%yHGsL4u0S_s@!{rBdl|cH*uh|Q0#-6Vme2_n(X?3J+(ct^7#m)l$q}(hiNhmt
z#a4BH>~2QBR(S95B39_IW&mnHcKC*SYBAxsi#y?1yc8#8hl&l9H$+MfTd;-27)@S<
z?z~P}V1QizFvChN6f^#ws8#P=c$E?&6RFfH1}ycP7{woOAC6AqkS>V!Ga4%N8kk$j
zZes&RG>){3U~y*9x`m8gxWka&+71s>B>DYwZuUP$Nig4`f|6kghL7rt8xa+_yMwI)
znCE!7qvve3S@3@`I(zvX03iH$);94D6By6J{AZ$6R!-#y*Ja7Q(YM1@h!VaDV37^>
z!08K(*C-FL^-)(GrS0aQ^>jBuj!902$^ts#hloxLsYEb2NEuK>;BB6!20NrluDpp5
zSuk~9qAO7?S3U;?8`tdkZ9SEJwvYWm%ATqlug{WxTa+)M!;l?qyP%@tU7%<|EC$RW
zl#yF4XQ5Nu(nxswMC+Gpur6T?-YW<laJviB4dfmhH1F>$u(3Ob2+VV6&Ua?{lt*D8
zMGj5X%}d-x@6eKg+a5C8l5vpS`;^k2+91&%WUN_joJq2B8VPkZSnxcj<nii&bSa&N
zytW}N)gzap)XXfyS+W{+f5UYcTaLlDeX4ic^#1ar4}B+p@z)KcS>o=XjTpTIObn&*
zF(+rfFH7-IrUkQLCveB%l6);zltjR(FrsqMrXvZWVk}Jm(mNCg6e6X~D6xP0Ccy!E
zufj9Ez3@;<a=69T7}MHLxP+U}AR6Rpa*HIo-VF3)<E*T_;MB@D<!MB$&`)I=cSKWI
z5_c7gk$#7)V>4tSR*7S^v&*Rg^!&HhSWALm82f-(6k)NQke6VOq3b|NUnODx;B9pL
z7Frg~8`H2Jx*eVTDGe#x-P5PIgqF?w;y4JzFe>8cX+#jbBUOexAxV!Y2Q)P!vf&I=
za1J^V9YZQ=R&eUy7@;wc{mUo*T_sBdhJhw~-r~LV@mny)dg#Z#@gQ0NPLWJckV>n~
z@F8&_NK$_q-h)R%42KnEs_=P~93@r-3)o^@`@R4f=LjXf6sP1OH*J}^!*_Sb*d<N2
zTpPxNNm-)^R|&bWeVY0tGJ}jpJ+*H(i*BcXuUM!TMMOVi+jl*eNr>u|7<ix*XLc9=
zPF?@;gX+XsBikkZ{rSEK%t_*%horP7n<pn)7X;}1!R_2jRl469yLD0dbt_Jf1|)Yb
zKBypX_<=CU5ftstbcHc(E}^N|&dUUECo4#OW*$U!WFAJT8vd4A^TuM)-%~+mwy*cv
zYca!G(+11(MjHRjuz7K@BUBT~FdHi3#Q_`K9^UH%<@=n#94Q6`UVHO3Fo?*%!EJC=
zBR*E0&Q>yexdh-DD>uQpMBhAcY96)3in}UnkaN`}yRE|F*q7}<!CGQHbmwVVszwwT
zK8;&|O@Ap{yiLf@KeU|n4@>=+7dRA7hO%ynYEHWHmE(`ikgCxvu!@;>szyXmI2Td!
zh!hp2a=V@goarF}-g5<U@0jGpO-bo#L`;od)>PEENBUuBphKa5-lV7uKJwjCb4d+V
ztv^60#3T@|K$Rw%>Z=ZtQhruAmXTcXt1N8LM%&#K`zfR>irgTJ?EbV(=*7+FMzxY6
z!la)jS+{s!mfQYmtEJr_@(fDEx|0SXjX|_!DU{iiAh<#ZL|E3kfFWHY$d*}!Mpp_{
zl$B{T0Q0OS<nC=*h7~aTR&4oU5zs<Ej3h9U+IDfK11O($Go3890<?wk^ujGmfBwtq
zTA8%On(RZ`7gGe`TOtASd_IH5si_ZPi@&D^iH(4(yazQ*v8*z~vMydjanbXw3a)i5
z#E~uoA8!;8Jvo+hN|p8ffEDxc#?)yPPVdApOW>usmwVH5<0kr->)5{iWcV(o18j6C
zTkelLuv8oTveJ*B$*Z8G@C!J`JBZUs4kfz3KJ#(&-!EZHriJ7pLVvLJi2EMeNR9rP
zVPU$7?Z*$zJd8eBuP34!5<ui7WIJwzg_?Lw^&_was+wm*Swog0emsBaCH?E|$(Mda
z6ZE1VSp|c?WHM3U;@E=6g>vP`h0b^hs&E&kKsgva@CiCg=#%haiAzXGU0~itNr<FI
zzY#qDtn0It9hHEr<ie8~{<XVtID(a+1NE4bEv$!_{ks{5%TE&dr(ap1z}+>HzdBQh
zkrv7!;D^k&_3UiutGr6J<pc2l-KOHgcwKdkJhqTk*})rlT17T&#w;;546tF@CfOmh
zUEWI@prhLqB6+f~PIrYu(VuY~gzMa<{CN6aL|jj4`D}-%NGz~LEz<&jUfakyH1tqd
z!H~ux9Z7YdCzZ-*TmCL0kiZr<2$NcRhh^FZWF=y>UF*T&p73hZcm-^Wox`jfnSVWQ
z$)ULsR0JKFSS3oyFAKfhgSS3H@tRC}=N{$yWF95kvZiQ%yVl*P-zP-&)jWu}DiWx_
z!ZdV3F?-&w#{6xDKfQm)+~%lWr3-T9v=eNtquG0XZdlh?m}@{DS=;~UnlIICTZbwH
z9360=UDp*98%*kBXAm7Od$Mbq%Wo(fnG>D$NqddY1&ep!${Zx3({twChBS8Pz1W~j
zlXT@u0j^t&f><mJY8zuHVas7M_SiTfjog#wqf*!s84!FjVz=W(>e*bWLfisU2CW-<
zFvG=i3OFfnwEm?(=<gL3h?t)%F24T+zD6}*Kir+*X37NXNQWF0sEmOHDs35Td{7Y;
zR<<I)dM(?<w=oY{jx}_uBG~YUM!F3&?%*dSX#i34s>aa44kkN4uSh3|uD;JiI^zg-
zsH63b<^#$(0<&=`SH)Crcgq3fyC|Ln4}yF0?>tM|rM=e)_4%-U-*GW^)xbocH$Q5#
zSdO=Fopyk*KOmp|8ol5%8iX)co+_)fo|AH|1>zUqQOIot&)6O%<LG-A&xDo2!`Zr4
z`D57QvvEH;n(n~$59Sj5W+^Zo_wpZ1SOX&xDtQ;X6JF5J1EOz&-fq70)HAz?du(ZI
zCb)%@vSU0uQUOwnCu6VrS<-qyEvy;+6lc1h38QiwUTMsDJ{i8R5K<SFbJY?V0dk>T
z$>H7LS41uv^X9h241o^rH|Ax<_YDzpPvx;}ztcl}%WaOzT{)?8a*0_AO_4I^d+UJD
zp=B`3#O%h7nCP>UQnb>z=Gmr>9Wx|jW_T4;0!X_D2u@J^d0Gb_jxK7z|9-AZa($h2
zhjRF(`}dzSLc};f`&82A`xVyOk|_JFl0i&24(Q-#KawZtq5vJ}pOtmElIE}*YRIxj
zO8V5b{PK}K0Xvt&+BgK~eph794(EQ)<`Br?h-$n=qxJ2Tw1zMe>+m>l5nAoOGd%70
zK|e>nQ|8ae%@>bx>Kp6<SA&aAUt(vad^mbTC{C>JWdTY@-PWk`(S=<PeumXyTV~5*
zU;a|fQy}=3(hE<R#@vOiIzjB#G8C@Adt5m4$57d=6+B2>vkaMg!xOI79e>$o;&DuQ
zzDRcCAAD~Yj%TTvUE2Ie_vC6JaV!{5quq-P^4_56wF;p;T7~`q?nndYL?Sc4$FpoP
zw%ERPb(BF7`?~_dg@rWQg0I`3I3}ErFC@^M5F%;~`UVR*_(BQM@<LSQyzXY@=_ING
z7?`NoC?-6S^9vi?o~*brO)LaQ$RZmgTh9>p=?)MJ$NHr2m>DYCbU{Zi7yZv*#vw3W
z5N+6$6K|`Wt%e*x^Ez{}=q$$7-YDM)0I~JcAlnVA+XM7n9&wRnn*z$dQEdPWQgH}7
zv?ly}T0rv@KE9>zg6o2mr^PRw*_vF%W(XK>|1YdY9%DD`1xo5Eb)HCj^d<RsP(Ydn
zn#_kSc=j#!^HjKmbx&)LHm5(Y?xwee8J<)Q-%9qAL1YKuQ$Ry9D$lCQPT$>E8D`|*
zm$JFoT5wFEJ*i@F*+$A5kVXM*raI)hHP8u~R=t(BsZP78(}xltCNh6;pvA9*P!HC3
z?-5)U@s>dv)X4lrq6zLoFTSEJyP-9j!ayr7C*+-|HuK6eC-GXVt=)z=;nK*Bl|V0Y
zMx3vE3bzYvVvkpsMqkoyEe-~VOn$Tfllhxnj)7N^PH9B9m55$o-Qng(YG%c)w?^`*
z_lU5!G_?kaW0_}(L+Nc`tFYNcGt~zkq5t7ZO6`l3cfwTTgNKGkZj@T9f9GbOWUr?C
z=ejEW4EDDE0<(aCz_7?WmY+!7)Ka?;-E-$3cw12*znnQk=7n+j(-E2jpk>_(xID{k
zDyj)$gcX`89WH{Xse(Cl|D_!=ayeluzOqtoDdqX%)aih$Pb2b^Zqj-jTJRec&t|LH
zd=t5IPg@0_Zc_&+5zoh|kuDVO+?Sp>uY)(Oi7@r#_qw{(Kzk8K>6YmfNCcJH$b_g{
zR;p&8f-eZ!ifD0|HPJ{o*td@Nc~Vp(MIRw}v~=bKA%78qQ_K!z{47?s=hNn%QhU^r
zW34o#R!Ak1ZyzM?9Fkic=O(Vw=B(KJesIh(%c21jAvi#VPHXuH?Yp;?O;fzLC$>Lu
zcen??GqGg+!BLVK(>$h;ouV0zCd0Fnuz>-D+m|I*6YN>c_CLYC5aBjidUbf43g?d7
zHxwKr#Wl9r9yygDRtInQh5g+SG??ymv;Ui?_?g}1At6Wfdx0p?R*4F>q^@F6K*Odn
zSuOJ&ad&|#rYKD2oB|byQH`|61>x8H5!7v+ia{Lg(s}@At5bP-LuesDS>4%W$>0R2
z!k<>;2Nz|zRvMAD@HQ(Vk=B0S5?RqZ9La;^6_3YyNXs1mE`E*RD%dXn740Cvb9>ov
zPaj)V9sM)8ucv-QA@rO~Bv7sC98V5j&v0a_Y%Id$;K2>6?n9jkmb^PtO9b_DIsNE~
zD*dRlOFGW`=r*AEv6wvu4=Ti{RNes?Ny!6a4r*^r;ib{cBg{8+$Di+ip<+Pg{w?~o
zh$lea5m#uXTd+TXfj)hG|2fHqkqZB_3)k)`iZ2mlpV>t@weDUW8$CB=4gksfOf(7S
z%`^!=N+AXvu7gFnN$CYKchQ0?K-x&+RnazW%Sj*uz4Q_6#*WY^ZTi&9RuTbJ=P?N_
z_kW2nW9<C<B<74an+O<?(obDu24B0QY1^^coX8X=0j|H-EP(tTc1GlcP9tVl{nA;f
z?1eU`=O9Ff`II<F<hH_)Xz|zW9y>h6*)Avn{EaigZ!psNK&KZ(=bZ5$aOvklulI_I
zQNE8?A3dg^TS9xDY^JZZHWQ$*D@37lqqAPkDbYXh5)7MW6(7rPt|`6n$B!h&ptTkY
z`A21YS}{o@%1_%K>%=B;zoK4a=J4TMY9`bxnITG1ay*i(YorSwSIbsjV|m-3G+_Gb
z4>k}?FACMd`Au68FxkRnU{2)Jb~=-oa7wup@13p^9oiqGK=;#OLm^<TvBX4)+ug9G
zPA2+?XG?eCGhrgmv$)igXmlMPo}O)EBfEf?|BLj?qD63@-WUoc=X@Zr=B(Efqdi~r
zjN3=1Wh>}flJy#y#24!x2Ke4y{cq-SE8ip7n`^DS`U3yvfbw%k&h6hI;u(525lPmU
z_R|z&W%jzqPSdQUp_b((R{u?mjZUzBU$5q~Y}W4UZLKEvllcE0nagh8F3K)|fFwY|
zBwpY$frXJK65x@6n^kZm3gZ<3b2i;;y6=$re`~iTRtH4UP-bG^8}z_M(dY1kmIKDZ
zgzkNJl}FGB!5bI3$zw1PmXYS{9+oM52-f?ESCO=;1o`(n^3CH~a`0m~I9g1x0eZ&b
zTP()c5J^d}tfm<Jyjf~9*vEbl?x3_mG5<)3)o0YFkRy^-VbELfhfg`+mvT2jYrbs?
zubq;w{P=aPIbOB&<n;!O4^<eCuTU*)Re^!f>~r1u)(g2!Ts_1cFCKE~H=#vIs@qe>
zZ^}E)p_MOd-y-Nhe(YTfUi_5!8MOR+V<F!<BLIH>OmV;kfxxB`pujSQ!gl;E)_sV~
zO(8&+8n5Vw>Zb+r4VLB(2$x52*Jd7ys;^_}sj;{F;)k}xT=C9wYLkUtnW<+!+$A-C
zW?K;%L29N3{qD_9gc6&_@ttqQ?H#n8LP3boXu$7{0!DI;i^9D*F!Yf0fMe(t<e)&8
zc|!<`y?@S|M8$ViHB+B}82`O5M6lknHov*4u1$UlO?$_XuMWo(u;LBNKo&=IuRdw#
z>@X#n6^)B5K70*xj~eo6bi_3n8O&+pR{V1&%`#R<!cQ^UfLbo_O$3_=ci!RU;3m9r
zit&l&YE4X;W2Z<6jm?I!s$8bbDPp_QR-@Uv-tS|Zm5u$#b<wKf)vR1v|7ZrLJ^Jxw
z!gFxCPU)TIxUiHOC^4Vd)FhUv-io1#xlB1wwMKd2jW4}hk(Ej=RbCi>&;noQ)Egm{
z*!7$`7AHF1Nq~I4D=?L?SCGo(!4O)LN6{n|FMw>b@JAi97NbieppZE?U7)E+6$$-9
zN1OhQ59fmo;^Cu8I(FgNyRAw?xAUtmdR>byr7{)5wX>BG_;pog9HR?|iB?;AU3xda
zBVBIxh!4`5I4gKIuSys51J~n<@q75mwHT{AuhE_j&H|$OUBg$N26`aP;S%^-)0^m8
zQ#(n=vEiFgwVptIB{pMqRX0NQkP+eQx5hD#>kOQ}>hg%C84;mt39oj|0bkXLaKgN_
zRWGmiF3&1^ASK$@rN_IrC34~&ag&*tUH_7k&a6kdtUCf<Wg|X8_=nK9yVOA#emprc
zGJ=gk_`DnwqFIr1o~;oX7D#`aGbb?w99aIcHa76l$9dhWA^i-m@9|O$@(mJ){mxUf
zQnH&MJ8^>$${Ntc5|9Sk%vHwr+599(>y*&)jqy6!z>nxBIuLk!ab(KvJsx9@n4d<F
z+*2J(+?_g0$9nn+o#o5OQC1$<#A!z|h4v}uh=m#)Px#P55BOa^a(C`6Z|>VmXZo3L
z6_B^pL}+iFI*d7PO-kBnZr0B3Ex)HaDi8H*=1cM3&DsnTK3V&^WIUep>NK`_dzS(=
zYM$^~0rjbat#$NKz38hZj~4Z$%_R|$TsP|(p{qZ6jV#y8CpUI_nQmHRzFq4zL~2jt
z!vbsc8rEjTa(~_>+Uhl`;v|M_*j?#8I&}cP>p#D0raB%2+%=G4eYUHxXF9ZL7$-ZT
zxjQ#zkM-2+dwSj@)ZSY=S4NVZc1k(Mqt~~Efi;rPKz-xCOBH&XGY4D4=r`38&+DBV
zG!br1akD2|!)&{Hgh^P(TV33p9VP$lF|o(ih|bVrzE-z>bTYnP@_o$<@G>2s@Nr)%
zRdc;}ce}prtXSycxW2+1?C_L2y}#1`_aJz_zw_M+>AHLVpOE>|Co8jT_Hhs;k85D*
zOSr8*6N1&P>;2FFL3Y!Hxjp`eTx00I8cPQL{_2Zhdu!!C$Vyz7`P1uU>&IdJ*MG?3
zP91qLt%-xJ&yo9Tg@3v`exh9eA<duZc>iB$AHg>Nf34Tx#5*SPNUkBcd$xjBtTmfG
z{TDW5AVQnX;y(cB8H1_3z<)A3bkg0pl;;Gq4aB*VK0m!bYco3zj~Mx!w({nBzFx(O
zOM?Tku;2-l)N=a9g`rD^xZSUA*TGJ#D=h$G;s?56ySD9BuOHijr57m`O%Pd2x}cLf
z?v+D^zJK2cbQe)GiLl@uZrHet7y2z7k(6`XMu*`noLJ~(klrvmH!7%>xkI$Dl&*fz
zJ$fVg1~_wMe?4-ymIiY0GhprRnmf$@4qn(N;JYr3#+*GgP)`!ITts7=qA&$Lu8=9t
z>4|Vp<R>KuEG1+g^-QNhOOs{zSG<RH+zFu1A8Ka$#0lHa{tb(u1p`$%8MClXc0ESy
zD*dRS8wv<y&={90#<LEF6FjR?qg!sIWP>FBt9b5z6?^?xagN)|{|L6a$oQdhzB19#
zx=z0m)vje1*X8?)xqVHDg9$jNsyWBTc)-Utid*~-Z}0!%Md$h-UP*`l<=v#w@cLe;
z%ZXpqxdH@Fd`tSCHPNT&09UfmBLI!<f>07V1V-?IFum94pq&+XLO56lmO(HX;Y8!*
zRVJ+-lVADl#Qg$0z5nZN<z%-2>ENMO6YvYn?X%3nQiycE={(?47fKA&QbsDirTacM
z{w)cSJT)+PS4^P<@IhkwBc*^G3CZ<>n>A*+*Z7hh>0$0v>33WO{~y<0l~8GMhd9kl
zcDdd{m^<-&p6_(f{E_<)f=Qn*kd6C)Z21r3KR!(7NE{rKWqcL`0$XY!thLMkOYq<A
z|4YCHJ=68CK{myy&c0xl5XAN@_W!q)Jv0!Sbdax3AZRetWRpi-aHid*GDUWqXBfKU
zvt5gAyrWB_NcUR9@wIpL`vj)S`S-V)D4%<wZ(^mF0EW|v+s#bl%|fqGWc?C%Qk9iz
z3Vg^Xon@L!gYNgI_amsX$MMz5ggd()yNh_Ad%xWrBGU>;Wp!w9#_{E2rRLxATI%!e
zKhCe?p=eho!CR?SILG-_&QmK|4ZHskqikN|dL~t2ifIudG}7qgimtVDm}*Ho*C^;e
zKEECD0DWC|^qYRxCoa0xk58ilP^GnHl53vANlShI^h9$f*;=TkBvZIF%<T-+-04Np
zx$uv3z!g*?L1`y#Ws0ux+m6>Kd_t`a)OfzX!Vk%a#@2iNA939oqH7xKNv4#y`hS1e
z?{JO&>{WYupm{GZZSsfu5B#4PAHa6p>EM<A$|(&nG;ArCT>C62`tK@#n&=w%e-8H^
z+lm#6@cBb7$tBP2rL?#%1P<PnEn>Q@o?p<T@h|laxDvkVI@}Hmi)pQZC~)89Hz9CH
z{y)=OVT`rt#{bs48qZOTL3jORimPeufGB786t!6);n?<j4&ybTdtq(S^xr0l^{U`H
z5C@@R6`)vptKi9)hvrn-Z99ZvqlPoHy^_X~{jIi>iSv!WuybdF+_Yi-H2HkELSVS|
z^a@q}4^|WPg7ANjG+h%YSzE+3)PK4WuF;^qHXL9e#;JKTt?w{T!ao+cdPHcDM9?Fb
zSAJ(D#CRwLc<qf-E|Jsa_0%y|^dD;tFH(L!%Bc(=3ot!b)J)zHai8M;7B)EiUZ%6S
zEeHJ{yEd{+-~X7ZriPA}Ug7gERHi&5&NDxc3fDwgzZZR!$0CYM3Pg2MxkRq#p5^69
zZh7E0+6dO${JAqg(uy1^iq>)_zctQk{k76Ti@^$%(i_X2q<0m9DId<8NEzTx^TvdI
zYDrWnd}rb9Gz;otKq_G!H|%4_u~JihZ9*}AYvrW>u%_CzQrfTqtJrI3$VjXHiy_Q8
z(gjVtHEMW*I9UjCO$jbJ7Aj3v+^v4%Y-vVeKuA?3K$)oSlGgZ!klx4>E6qLY?2tQC
zv}6uU6fM2VWl$wtFh?JPJ3L%MAJC{S%N=n2P#<E<Mitt{qQnnF%c>+S5X9|QeMMhq
zD}0pvIHm6^hAb;6bU*U;5le>oT#{)TUI0y&Bx)-*AxOnIBOu}pRx@J2=mmV(dhD{y
zNz%terS%)0%&B^neKUhr{G}xZzkNDW<3R#XZ;DRXDA4WUiL^E*6SZriY~=AGuv2&C
zaeT4S_%?N}cU;U0PWNs>%cIVcgYcyZ;{jc<DVCO&4NAj-X}&_je`0O;(x+odHCV&N
zaOp65R73k53tX#G@QwaRnMv=~eXwg<Y9^Q6mmt}fQ)G-AKjsd$h%Lt-mRRDF{#66C
z`HqTw9MGaD`q$7(w5thBq_awg$svA%t>Ul)?TOG45v5<z1{-Fl&{uKW;BCKUk0ynZ
zYq%<NEf!qf7RMQ&*z^6XcpDbK26E&-L2r$e8sOKfk66ihkZwo`jUq2zT9#|vMBf3g
zRcf!t`JoPl$MZv%uIE=K_A7dfo_9d=o5JQsLxvU`b+oqEeCzj+VcYjN_f0#Z%}mk2
z=554)?XlBs_xIyB>lTq{w`<$Nw~;{t--4=^r>UW%_or0)4UUV?4lEzNo>rS^od*}u
z51miX$1fs40EU@K$IX1Dr1A0U{Pa9|?P94iaQU%r$&To{xr4D{fj_&k`aCgLP6b#V
zJ1b%<Tj}0xahs{$n6+=>FXNnUuX<a1#IA7OLYiTwzt}2yUvTWuvTsy~shWN)sTGYK
zsY+b9>Ga^^wy$sAO;7%QmHhUh*X43|^mVcRPafgli619l`*)vR9!_#ISLg4;8=RP%
z-iW`>!<w%*^yqB>yB#;C^XE=QC?N6_e!U%bwWGpyw!66>>Bu3+CD|Tmyq>ORtnl$!
zkE?ZUC+=@vP~TAAvuQm2s=>b2N1kj+d3-Dq>DXfKKuEnh6AM)s4jM@F6ZJm01|g!q
zkfVdsyRduz;<^}hJYn}cX?w8x36y8+wNyTRT7F)<O}V^(sjlYquHJlc1GW^Ml{H?V
zZcsL8`U1cAvwIa|oc9SUHqME3F0T+9^`!nT7%#71%Kb?kdg)lQSa@T)(H2{9vz2#e
zz|8Ti@zNIT3HthZK3llKU3UeN<9gpZ&;1JK&GN-sCbc~ix>ueJFB;k1ebwdTjLbS!
z>Vu=Wa4K3XdY-&2{eIP{1@w5~ZFko#w$Y5p3~_V&R&6BdCcOL$(lz{kF+#gz+h6PE
z80CceraCv{cH`eZnO6>n@t_Qi_TdQ->?9nx3B8%MleRiK*n{_mkbWH7?m;$W7isZG
zo9iN=ltgeWO@wGK8>jtEw#3|vq+z3SJYhVeE-+~HK?6NmJz1=8K(}#6iZ~&>`i75H
zuy@%lVY2c*WPiRixR@PjB<*@$jA1C%?VRI%Wsm|-DkX-2b*QNzgD{*Bi`m;Kj=>1o
z7uEF`Mav?IK;slKs!JaKN@iZP|2cH6AASD)1e%rJOQm>E5J~nPC8+{zd<W_yRYBb>
zHIX$O(P9YS3Kiuc0L=ySnQ&Tq7NVd879|!y@su6*+irC5ub|C_q(3&A1=@TYnY)h2
z2sR@|E9c;?Y}E0|$jwwOts@x4!u74$a1kfSJ7ObAP9i&on!^X7&?5CVW1bS)wFJ=_
zdMuX^>FYH0DjO6z0fJ@)b+#-L*E$Z`3>j5{!Y)}ZPm263@EqpVoz3;ta=hk-(c6y@
zZOJ0E^NLo%iyMDETGSgQ`e(QI5d!ltPgpV_ao_)9WA$z>1c!q!K%BZ+R*1p`?m;FD
zV)%*bW{J`ymw|paCQO4vZ*`J|VpC_|W0B&E$|Q>Yh6aY;s6Zz|D?w!1y4ji(85(@|
z0@M{H#yRf|Kq7ht=R|=?@n`M|H{i6GCl5InKGq81ZCpdP#ebCAc^pN$f*ut8Z5>qm
zXm}7|NEqRO;@&vYoLtORTq%hN8HRdWYOO*JW`xhOy}qBdhkq3&^!INNhEl*}HMonB
z^D_6pS7FC?<qjF0!08m#rvEgu%*mpaC|sX4CDs=dNc07#ir$ujiqdi1KN08?I<$9^
zdWCKzy%Tv78EFg;?>62z&gE#C!(S2YpBxMO^#@`Q-va~f7ETLX4Hl)@C-vw}90}F{
z+5fGXHw5)TYbgF)^rW|X5bby#P4*(v7T?x(=rDe(&h&FRMeeI3n^BDsITp&nOoZ(z
z^p4pYknOVy^e&#%g-dwRM0H5-x~&4MgV}i>Y=~a^Smv9kf$V^BZA?`C)}U`h+{wa2
z?OiTIrH4YPzX8Cg$ShIjJ;D}!g2xB6Ba6_Mw?YJ^E&5q@;xP3jjs+^kKc@JNnUnfr
ziHa?I!mwIxQIagmTlNj1bYL_Q1*B=a;nwE^&a~=O$SKIv115oN;Kflb@!vV;xER_D
z2=77SndO5bVeB>i0(_pxzrhrx#NNC$TziU+X1&&o1G7Ex#7Lp5h0hQ!XK@6Gw_8wr
zos>wc*I{k2En~lVp};p1qi)&lcvQTlSBLbNQF~s&e56;$Vp794bU}M47R7pG2jyge
zeP&qR;%iEyQp&f~p#1q~R?0}#C^bj3gW@U?Z$5&x!#-Z<p)_zQ(3INP#dYD2#2)0A
ziC4}$J!YXUSeZCb;m{k*n728*;yd<(43R=yPomv#wpoTJr^20=M14=`$?Li>bDH!l
zYK46xIghqh7qS-C=rn!wO>(8Ice*#gGWxXvzp4mHl<esyb3WCEP9%5>8c!sHWQhSc
znJ=tM-4S!Js~kB<qk*q>7?nyYgAi(I{~4;rE(ifBxSSq-<*FozDekC*7nYg6qbN&0
z%=xBBDZE|-$Z=01tfV&|iGkux_G~lf;Ef&GN}_0VOiWxjINB`fnx9CfY<>{1Np>@)
zloImI&{sDMCt`Ow8GM1QUl0o=i?{gn2Tp6Qgb)JpHmgK<B;$_+8Z04}e?PHEhEZm}
zG?hZQ;P2#YUewModl>T-Y+@MmIhsrR7}irK-#kH=S4RHeTY7XC_Z6MZ`MF~-SGyM3
z_wrs)6G#vt5_JzP4)a?rfRttfh`kvGe?%KI`Sq<Adr<5ULt$*rdMsF%*TdXJ{{${h
zyJAYY2k63thU&f@smAeAj;^l@V6}auLwp8xfVzz7^=d$_ZoVP}GFJ5}N3!8#fJ7{l
zoku9>nfWX;F-9+9<1J$U81{?7+4@M)+E`trHAl-7V?4&1+&}zy2CVM^Le12!xNI0b
zD3b@jWP`&DGAd)6vl(nFT0>e$ESkB&TQsD&hx2;9NS+OUo6J{dLuaY%(^az((-QT&
z&H-u*Yj`dPYuPMmf&w;{k-t<FKYv*abhOObf8a2GjbVrviEE0-CJ8|fAVbmcN!lN7
z!$FjAal9dR?TsMa(!1^gLecm~MWB#O^?V388yo=|cQ}yHqb>+wlBkQ{<^~Z9RTUsI
z(YWhyAjoavFPsA&G*4phE9(@(4AKtypY4VpGMqdzl@l)0JO>rtxM1bXpFq1-S4qHE
zutX58l547~tDC_Aox=7(8j!m0C6${naHDB98Or4L>&Mm1IiRn=E5ac!>>`g=+zaQ%
z#w)`MOn`IvEbCA9Cg$)x#_6js#PlR?pK*94Ajk)}@H{pmClO*W!3YY;uU>FroS>>1
zAaTep!N;hR;7>Frf6J64xuKL=;tSX3k5l3P`Q>}ano6bkEn|vv;igze_DdmpuU<D!
z{PJ;-PSB^#h;#=q(K|WZGUcY0{h2<r6(qSD`S}RnlN5Ji@|o6`PLx@^shZ}rGu`2W
zg4yYlG|^)bgshNb-$Kw%%dqrLsC8N1z*s@Vpx|UJ12-BekLyGNj;?9gp-)7GhBx9O
zpNSA{FiG@~@iZ_u`WWD0%el43^2;DKCmgF4)C!}a%()QQ#;dbnf$_3YbwpSZfB8F+
z3UNh&?iKpxE9K2E_F_x6kK=KVtNGrC6<1;~Ix@wacHY5;pVCQ5sWz|P;8$iQ-A+3X
zP*25r${5z@t}Q7;(UMwjWa*>0yM(7Ik?BaT48$Ox$bRk1P{H1oIb>v;#dJD(6f7h2
z1%y%$*7gC;jv?XVx=OU>?o@}`g9s}~p=@pqYzT%4gsUEyI11+J5r>+xiJsf-Om5K?
z@S{36Bsp!D5e9p1F{z-i&QMEaBZGaSRt&IEY52kOq`f)cokgF>VfH*13l#c<xNs}>
zh~fRMGZjJm$Ps_5ipV&A)2>b{FspO+|J0#@xC_w`t5fnr_pC!{^{xAKmW|V;z~sfb
z(0oqI-JardQt~@%tCp{Az(^iymVC%bg9I1(T<Gv~M{0(L8oYtY62tDQPtYih2nlQp
zn-oy^L^arqgS|&f&r(W+VC4mD=#ZEo!Py6g{df-DSZUpdPBVtU4OIkhHjNB#KKp2M
z1;s0jr;7$J+6|WPHw#vv_X$2HzuUo`U_hp*&MY(llm5qLoSAbzv8i24Y6H@ka4`2g
zbVLY!=~V%t!H-Hb5NtjZKom{x<;sWgZ%KlAVQ7>;hn}RB&8~`2p?v^<_hq;y3|95I
zWX?tjM_b-7^^9*wyWIA**Iv1tqYLAvjaDO=2Nl^tx~3tY)A=@rA|iO~%Mdgd9+T^V
zrzn*Jaj_=V(Ml^5scprXpn8u$)2vzz67#DX-xCOpD;ETTV&NcBiDEkS&s&1=!P4_=
z{@AH8Hf`u;y~HQW+gijIL+1H6MKaY~?WioSL>V?>;809=il>h)K!gzpoG6&$&qOtz
z?G1i1-f$f;=<~T&ktDj0uwI44rxLs9;B4j<I1v60Pn{{ra14q}Ej|NEgbGt@8er|n
z63$PX3sp}^6A{V9aB_EasI<us{BBfY8f4DJ>UMhn3Z+w&=X4YFyD4kn^R!*zajoTt
zExq*vGKb=^e|axZ(hDk-kIKzFq&05V33gL{;gmcu{MiKw#F-T3<?IFFlAYPl#MPf)
z1J9C=e7HGsEs-wkv;#Yf|9Tg^Fd`tPe6Sy^{+3?0OC-tXiqaVsnI%zkCkS6+sU`9i
z1xMJh+bl^oTJ?q}LfY_rgAzFO;X8-AkJNi>7V3N)85x7(HXbebYZQl&G&Cx?p2Og9
zohl;Gu4vy`tTkK`)IA)0^2<<Tk(-Zl&Ii_$Uih6mtNS>lj|PDWmlJdi+bBcM@g)d>
zms#MC;&6Qo@Ahhx;DmwvDU34PCmx5M669CI7`p)|aqcPjD$Oh^Ja}oC+%X5}eu7}p
z1KGVP2v_pY*k$ag1}P3<2!Prbqzjw!@83Lq6r+ywJ>OhBNKi-ICjvAK_<=J*Mx21i
zzQK~=#ONXC<xnT$eTcz*IGZLRz|U@x;sAa=5w2XkOx8nPY4MSjlO3M7(mWL^;!l?>
z0YVo*?+&q=bNi9vZXAo{<}bQpeX~Xr{<FSaDMKIM@Bm8Z(2YrG1z^(Sm3ti=C5uo{
zYLN537stH)7g<wN*Y*?*bb;UHxYgjL`tH@Zc)cG=D-ML<(D<O;r1)BwLcWn`R%#rw
z=SPq8?Ut1d&=@=qxpBIz&6_CEhs)+a6dnA6fxPou^+mYfZ@AUUwXk?y+@wB#lq?)I
z*u#?6$Hu23!|XCMf%KwGg^PF)u1K3yxnf#y^^Iy9jm3bLwZL@vjh%#KZb?|AgnP;i
zVy7_HA6&CW)cSO~XygwTEaA(r$R%|mL6u9gM|rwyjIn%9vdQi!ku~}z?(zUNs4jvG
z11?c}K|DP!s%F?W^%dGlm8rodH$yH>YEs$Jq_z+^Z(EE%?9F&gI6t~AduAdsA3rJe
z)uq-{WqP7S6~E;sp6Efdj}M<6C-T))zOc?Ul<>7lqNp4*S(R^>ClD)09E6=()zNUS
zy6*Yx^6)rr^JKLweEzm-#TlE}&8G);ewcVKM<u#d$*D~}qJHwGx|%<7usmkzzRj1D
z#i^xpGdYg;EaUT4z0LFL1i0GHEpNp9Jt}tw9ACe-`M7_ZKR@~$TxP=Abtme|%K@G$
z`CC`1dLgpUzY0XDjr$GddP%!)-9Tb7U8yjGnOs|Z00P&;R%g84dtJ|_8o{OMY900W
zuSQ?j&*OHVzqB@r1~%@0vpCT7msh&{c)>YfnTb_z6?UmdxNl>YE?r`)T%V!VnTr0N
zeY3uFrFtAQ`q;8+wDiGtXDm4DXa=bGQs5N3R`{!Oe~SFAaXFp4%+hoNQS9*0J<IY2
z6~F<~)hMn{1{{{AgY(6I{(Ro<Zi7xYTNH>Yv3$s%&wrFTFY<BQuH4~AwBOPEqnl)0
zyq`tTvurEFB>myGvGojjs{*yvy7~8Cw=HS++V)~A?JCW3?l&)ihlvnD?lypiabD-Q
zY9a+@AMjQk+T6?(b`l6BiEqy*!hw2>i<MTr@t=}6M{aG`z7T$;+2>FxR1CG*M~v{0
zN6ZYH`(xsDg0}FQmqT!N`&(KBW)94bGA^Y)3Buf=do?4mt<p%XXyVIhtB1M>b@l{W
zQTbXO35quCYkvtOF8GD!Ah2`DAO6xf%K?Zj`akK~2XL4W6`}F;Fyt=>&uBl$DyM`d
zz;H3+8T*^()22{MTf)>UC5g?4CuHasP~6{w@Z9`=3tJ}w;SaCT3a2>{e=kuIN%+|h
z0;Bk_4=xKSFa&GJ?MY2{cM<q~ZfQ|r$dMgo089j64tJ9|oH@-#LqXFHuFXYoX#7Tz
zBQ7VF-77BO!jPGFeRi;X9j5hrHVq2=fnOl+18GbcAr^^L;P*K!-KcP23<UKM_*x4o
z>VHaD25)hh|EqvK8vQM-1?nc&S$~G~%>@VTit(1u3JpM4CT2zTyVMyIYr!Zq5Q3;#
zs}ANPK=5mTUKPf9g;>r4748m{{OU!72r%81wI^Fe%y<af^Q8L5eKl()*l4>*?z2M9
z+e(aroL-HJWQb#^>yg1l06}zFrzZs)4ZVm{JDm7MM*vh0c*at5m}d`EF+Oa$GX7=h
zBMl|$ql)TIqYDi=k3Xd}em%uzIpZ{#KaDo&ZN;Say+TJ2`=Sa>0)+6HNF<b)f5}N%
zJQ8kj{B3ND-fksozZs1S5tS%Xr6$=PEffehK~$m?T7A+xL@^o{nl82PFvbzi{ekf<
z)nAYN-UxtI9zm|PEv%|a<E!Uw_TE`HGKJx2N$g*|yRo<-r6Ag2`{3TNKyXUJb87Id
zgsDf!Wc*jCR-B5F1nYtNeH$yQjkD#2rFuq+Op`-j)Iz;*@|&8NZ^UV3u-pphJ>J=#
z0sYSFJZ1Fnz9rm(1oH5vmoGPonHiQAf{2Hz5Hir4?#AlmH#r4Thm*IJlrjtM{=2~e
zskhB>6gx{bTQ)x)J4a*M$eE5@->Kg!T^Da3Bv5}D#WXTVG9(y1?Lz=9a8}1i!r=?{
zw%oC{?(6@pP;m+>>S*RAMZH_%x$@R@ne!jdkTCDpSodw2VBcCNsQm<g`Z2<K0&9Ed
zy*c!&DG=?a*RUkHw6`e`UGpdC1}v%&Ot9d^GbL$l)3Mo23LKklWJ@Ch@$!utVdKYH
z@0$4k4}0$vU0K`xZN|1!v29oEidC^~8<iDTY}=JoQn77RY}>Z=<$2!k?e2e%9(~*g
zy-)VRzBk5L`(As^`Ma*UZS<L)iyjr;TP~OmHiq2WLGCC^AwVWkeS&8Q>$FShIgx0X
z#V3D8j@2Pz;{|wRum_wW(bbm*f1{_srJXV`oOtHsPy;CH>S0s=ZZ;{3?^7tER}EOI
zs~oAZ#s8`q@{P$uOh^R5Oa-rVNUm`OjeN3wFo9fW*?mXMG6=*pzA_*Tl&v!}UD4zU
zVkoN$vB;w|xd2P8#(`4w<s+`Lzv+fG6-Ah!bZX~@-a?Ik$Hh~$xKT>|OF>~iU&GE0
z;~b4u6At9gWc{4MFN-^(`eD6KV^(9t;vZFAqlY=b8&bKC?}mkcvnW(JO-6O6k*P(Q
zW+<j2fG1ryMENM-fiZzSb8T}&aF1@jw7h0SIE1r}0a71NP!3DUE7mIYT%q($v@co{
z8Fdi`7{)!UN4*M}g)ZehORnEX&Bmv^=1IHH`3pGg#t+s;WFDC{IhEvwZJOvhVLRCV
z9Lt(uhMCsFtWR8u1^I^P2-P~T>6)r)V@G4j-kK^bu9WyR5;`?>s|1cdUw%PZEj8Q2
zbd#wW-}y04092`YlGHNmLzxs-Ux!9lL9z`d_Z&%OqkVA#3uOJ4TIA>lCCq${?B3O+
zkOiCxH8k5c^%B@1m7=G4yX%;pCA%r-<o;pU4E@7kIKmgyHz4pV_bp&(apa%+a`lzy
z!z6$uKD|6&QUgx?u^S}#;4n%@JCGQ4e}7{V&#od;pGA~{!wv(U0#3)o6NkCM7NWB7
z3G?6Tl2Z0K)nYqj>If#Fzud$Hsv8E-Cb!g=jWKN~Gp00_Muki$J6Jd6RUF7h=Xo7d
zo96Ffm8LNl!4Jfj{8Jwng~;k)OG2OP@^pNBY{h%oX#PC`1)3Pi>F*GtpP%2@lfH{j
z7wc=gFUrzm<R+b5Vnzm)TwTW5nWdTsNZzBYO`0HP5@XobQEdt!N@*Hxt{Es`MRxjP
zyufxxO(moWcemYiq`OdKbNv+|Ak#xrs}I9EjZI2r%9k+T;Xe7dBU<}(-(!lVZ}QU!
zQF@&fXGVgjcmg2j&W(`eGW5>jK$Uj2R6LI8lUybn0Toy^h?O$<kSF<1c}H5mk97AI
z`?v&>ZX$-Cz&&uQn#>{UZT^TO;er3rgD-t$YZbW{sc^1oZllRzdQBFT+Ep(TLS{yr
zNg`^!C(W-CA`mA%<Vu>-)%_|ptu=G?dNKII;JhD%0<h3R3xHcP+M_v`Ki8qCi>unO
zeP|DEJ%<&8lskPt@e2uTIDLCqnvp04ITwqUna<w<^5Grg61VLeelB)nfez-_A{d2-
zF}#m$l&ZNQbN61PnwYerQ&YVxcHHY8d{Btzfjq}Z4(Di&jB?Nw?th|HGt_WUXFHQf
zyASn(z=zAwqwTk`DEcsrHB&G*QcbROW$Po3WA46)D9*1ayUe!<e#WwuxDY?bf@My^
zg#<KIibDPaY<1~zqaR+?lH^!=q+!$45DznpJJ}^W`kEAqdm4h_PEld}pc}K^Gqy;W
zcfetl6kzn2j`GZtLs9)(80FlY=;&?GlMTqB&lTpe2v}VeIm?@fPlC|Xz69o?@w(U!
zIYq+9{A66f!5iMPO#7WTL0AIjoEJ9|2$|^vw_yWc9*@^9&b6XK_J)yRcjkRL;emcG
zXhK~qX#}gC@|2Mh`6Xr}VDD_0sFn+OB-Ayo6gW|H-e1=RkOj+*PWj)yuPkM_j{*Ge
z31@d?V$)jQ$<f2uVVbNg&EMu0od&YSeR%p_-8RP&u9Q`HwS3Iw+eg=&Ts1|QY50<{
z>>!GL9Qg7x2_s}yUpc&{uQO}eO;B%d`E(A-Ee^^xKV&DVtt@^x^R~)IyQH>e&Ye-I
za{S^Iyo4c?4!D*X-Sgx^HXAPC>j9)BOsT}?Yz*>=Kb7sja~2hfwv^a$X>(5ttCZ_K
zQ<WyzdOI0gs93QWD@#}O^DPc3GN#}(3zwnA6T^}&2MvEG2Hh74n4>5+P;JKf7|^7f
z=s^by;^dynSDWc#26tFJq?1J_D5JO1cef-%M{@!mo4vqdESv;}Aa``)LjgIIP-WNI
z#CBAiqj`7MO04~8Dwh???k>~U+xxl<-N@#zKZ>J|qP68S0-CIMu^|+GagE+#e94lf
zOmJ$|<s3V2b^qDBm3IM*WtcC*=U!Jgp<zM380go~p$?9ggDt?;w10OH8b6GMB9g%M
zm7HRRS`Ru<<rS;P*A*bQ!vX5>)BJW(&Qxo{_+kWO5CbCv*v$j>PFNxjV{`^5bQc`4
zR~|Y}9H?sAx|FRyY7y1{&J*HWg**>#x+L#B-0&rn_t=}&<9im5#Nno>slmsWLQ1Wl
zi9BjENNE(!#qUBhO7-<0f1IcoWxS&{oKciZI=Ng(uQ2^S>$hmP2?i!!P1TRz(|*6;
zrcJB=6(~Bb{k$OFke;iRrc?a@SLKIKshK{XP;adT^;&8nU`#Fl{=%ku_S8J2p3Yyi
z#MZmqwIN;oxw!uw9MhXrZ$r9UP#<!l$EMxljq#$Q!sV51?y7dCqVm>9dg4GLB(O87
z!aPZ><sJIi3wOq)2-wf5OiwYstx<go+o8L%SA+XVqkUbK?WNPr5lB~HzLnmoWPh)n
zd@Ox@r0f5%!TcDRe_*|ym7Wn)krSi~KbKxpD1BMQIlgREzAc}Yp860HXCgzXV1JeF
z#jY>t3{7DCbNl%jZpsMWz<9la^VGwAiw<*w^A$`RwU1tsfDR_<4Z6Hz^=IFr3&8hB
z<>xzYRNlVTPCZEPFDG?;*e^URb=&T!ElBW1A6*=MlbI2B0<)Ef%d8RQkNBI_ZzMF_
zq=lVr9TI}!VbmhDpBvSN^POV0#3p%u<fO=Tf_;7o9gg5x;Txl7P%Gk;v>kZ4o!ceD
z`f9#X2RDKi;P1@E7S<@V$RO1ugQcp9TeIwD+M180!)K9N(h3*G*M9oDLWE4PadN11
zYYILtbI3o7<xgSiYbAUnA6bX_R5vHlU(}X74rJdUMwMas>b5t^je$vT;svsXjGV*M
zc7sGs>-Rq8R%CC^J7`jN(m?js+%ql4M9^n~X_AH^AR4fK^Wv)ez>XKWn3KW2_&Qga
zuyD72&^p;vsrY(s+|TW3KVfAymdS2)Cbct<^QH0ZWXG}9)4?7IaoLLt#*3=J`?KOZ
zsa%8OSZ{BPIwnGQehh0^U*^J2xmeM!uvw{kxX`+FecP_#u$x*yyt2PLnS1emeIjma
zvRTUlbaSTXTPq7H)y-<vYmu}T2Gv?U+g8pS%H<zirduj5@akit)>jldvw5<lUvwSd
z-?qzQqMWsIGSxp|I(>XEfcDiQeF68j%KC@K{eywArz*pY`oHg*e^f|vE>0s(TCY;d
zV(dPLa0JfF6)iWHt7}vJN*FKHdvV%W=Wn$GL_6p13)i_%8jj5u^vlOxdHFiatK4(W
z6$a1D+CSCZhOY}bJxKh7jq>unH~Uw+ZNtj}=4$gz>c=<kck{z3FSXVY4eM^NOzK%L
z5hD)|`@<~!t(6ye_8Z?FZa60YkS%xEyZ@<rYyPp(T)uH5fJ>jxWN|`ia8a=={IU!O
z@Fw<p&Z~C3O?B|LHk9ArS&H^7ANj(p$ZOk52G>sIzjW%gdGj-GXw5Gqz@52up0et+
z{6Z)Aii?h942E<S)d}uVUd2{Q?NZ%(_Oeq&HkdU7l6^2;_T#P8&26n_`Qg`H?FrYy
z*^7dqH<)qn%Ryb-WlhI9<SK5Jl*dyl5bh2p$TJ@1UT#<EZByUMHR(q3rVyiP-N;s|
zfVFd>Rv>rM+VyGPY}9jXRe$$5Za=qtdqsN&{)ood9rU$;dn}LbNFVINUv@u^6q0%h
z5`~nxF(NQLKes&GkMR$&7u*~2$rT_cA^lO;qB?86F?&0=^mrLiKFG(X!#vmp9_#H?
zoTRopSI#?_LQ_}|2ln18dFBVWw~X<;xr%xBmyFi7hRDD*%r@e=4awm`<w6YBgnlfD
zYHKU684im5k{4==ll)OrA545(IZAnGPgeE%9DA^wK};$uO3!bUNJFCBVgX_LnIKu4
z{CuBJ{$6UjP)#*N0$L8KxZySkz>wZmS4dVMm*S7i!iM%^Q#e)}+qzf<wv!$&rj*+C
z=kH!J9Wech?6@$2N_dU_OMOKeSI4WVBm}KWx@==>3ewI(s<-4Q7XXI*@G`r(#PVZe
zk>w3!Uf$oj>0aI*4FyPWCnd!c-Z^qvZ3BUK1IgJUd1G-bz=YeP-nps#G`;hKQwh*~
zOTq*oeXpM(XVE95(qUi{eCs!4wzHgAvD;P3-6wy?CwqM3i%1Rq>L1~AtidU~F;o2V
zSvJ@6%ykUH26d7R{WzE+adp`A3UHc6g!vlJ^L3ARwy~OG62qphpeinhaO7Uf``~t$
z?5_z&-4!A73&kz3+o-h`Ai_WeL-0-ZczKqb0)ruY3ie1;o;GHT%#xlVulOKZu4-cy
z<rZoM%0xKHv2r4h0u5&+qpMO|+b2`(t8&`ny@NIU4`?i2*+}FGGcB|n2tf%ZNOOWO
z6_WWWks0~=T?`w3+WB1ZRNHEqkIfU#WxfgDv6jAThRlHqw@<Rz0!Fl9YFv#x%71)W
zlW6azAg_EDO>(2S2ubMKJjgkOMiWtXm4aVCcMfZnkGVLpw>2&#xP{8lpKr(IFH`iY
z5O4|Nu{J+sHJ=xVZ}GoZ&Js75oka`xDQ!QkXlpM`&;7R&wl-P$Ry)>GHAv|%iP-FE
z?wG>Xx|IP57zrb2tX0kDW1W%-$Wq;p$6RF^m+OKcqgFVw$eKy?Wk!vZU&h7^hV&O`
zA*A4Lb(k5)6MX`$9zwTK{gXq;wyby&tK38}k|KHxdI)h#4~^zzY&WboJE-wUa}gx$
zE7m_aMc8zkh+-6fjx6?Hq9zdrL@T?(F6uZiOerT5!$%k<Pj!h_jar)F_Ov?FVEGQY
zUk(v9b?3*w8d7JECL}4P00+bPZFMP70)){v*PHDvMv{9-l~9fWL0k3%U&ESn_T&;e
zGXb)VJFwY|TnGx3TUh;W1(-86S_QT`8rha}m^j`q4%QUaeA_RR&LCI~OLXha7E#cB
zWH8=@**>+J=VMVbykA_JrCiY8LTD9jJhUm@$(TnV4q<30Hp!f!0G26h=EQt5jHZSY
z4ZLnQhe18teEl8wY!7v#sLaPnoz3f@T)ggvBj}9CWfu4r&<4{PU+z^D+k46yND06_
z=r<y#fYMV@q&V9x@mwK)SY#zRr)sIhNbmr;_IGkvfBut|+3)mu3=(ifW+OpfWD~*V
zO~c3(E+l+l(%)JhfaETD?4Xf6Ed6h^154`=S^A7(=^hL%AUqxv@?lNk7H|Y4;P|3k
z8dEoW28@L<Uh>r_%T9qxRfnjj71@Y>N$N|1;m-IWJ^LcmPVLoQB?IONv_A*!Wxj>E
zsEF9wDD4zF!|uNf{dlkbDy>m=#DGXC7X#H-;NhrB!SA`g1r*L46m<7CrY<*0+78{O
zom3!@;qE`nvvqF3Zv`bDJ&qXsbt@-XkA2>pW$)G2dbX7^OqA*Lfpfwp)zn@gqfHS^
z$jx!cX=iLU7FZ*K<#ZS5HR#O)$ItE?UYEH6#rPwRrJU7r`c0~}j?c4YGPk3I70RXW
zaKCYMd7xOH2S`{Xw_<5Dz@j?n{Ls$0*t8jjPs6)46<Tcf6aQ7{LXMuG#N)VuBB{#O
zr!8$GJr!J)z&#?)Ei_Fu<Hm4YSZR<ddMsvM^y&sDXn+XS_fG=r;b<*`&qJ8c#y$Kl
zHzedZsS$7AFU=Iv8N_YynYD^FJtyFbOUH!=QSx&G9KpRu8z`cn*#%rqOh`SdncMFn
z>z8DMkC?nRg#&WiiKy*)(P?}}LG6*5+U0?$4MT1M%}HD1M8}%FV?TBDq{-ZcC)zVu
zdW(I&n<tv!{UNMQkPic!N&6wh#K}3-RUfPqsI^!2c{}Ucm@i>uffI5XqoI3<`P-ju
zbH)aE@9#6Rd?v3?vpaOU|08%EIdNu6U*5jn2sl08h?Pp4`PBw;C%O1ASYgh{2?o|D
zB0<to|KHU0+iH;4Zf>aQaT-3})CM1z|AGAPeW}}H|HQvf*AHasE$p5p6yNc6g!R;v
zp9ggbVjq~$Pu^xtfj|A{7>9bai@Nhg0VJ@@LTydnA28lm92q?qXnVTR9;2VFj}YCS
zyZlmXY|qAELPu<-0#pHRPj}YcNy`oL(R5p{6fQPu6kWQkWN_TnF1VGuYv#B~?h5N=
z6AK9A``m>(qG*W<>{091Bcz{s;4gQwbzQA;1*vjbcy|pcfOw$rqH#vJanpYPhkkN&
zB=77)FFm>?7U?S*v14T06GHi$f%cFJ^X|?*_UPU5Xh;(A7hH8$Z02QpDXyZqO{trL
zY`aA|bvIWR5oxvGR}9G>Kj~S0UHDHQ9lq@`Ran=M0kSvW^qTp?Mhe_AQF;facXQad
zib=i1?C6>)0oLC7-mTI0GlY@UT{ts0D4ApWl{kEBbZ7`t(%nDTPU>wfer<QF4(!h8
zSlvA_fytn-<4O@K#Hr}e$fecfIPprzaJiy>{MP&Tr;;c=cO~Lk0saoGSp9-nU<;f%
zU;&a^iobf1`rpk*FjZ#h-59F?_+W$0XW=WwF53hnfW+a==;gqTr1=}I8?!`iY|N9R
z-T>k=f`M0sHTo$%_?Hfu{D(ez9F*gnb;v&FDqUvc5Xnu8mct~>CKuiK%uQ246eK6E
z{PokDxlaiXF)b5}JOTZ<w~i)V*So=b^^sxF;pc31;+fgh%@TWen5=VGa^o#*l`1<-
zpJC)RFoihhpxECPFs8jY{5%1HUxAbnJ}A=-f>_Oxi&Uu1^#7L9uKg#a{r>-$(wgS}
zlhOuuf2Op~0{<hW%`R&k)Xt|q5XkG7XF@h}+E()B0P$ZODEqTkv&Fm{1zn9oud@)t
z*Qj9YBpjuX{f6M0*7o|;qnfsTm9WN&&60uQz^-#Ta2F!0A?+uUmgqPr2Gt4_`u?!W
zD_y74zb^GS1ywwCfZ@)T2;-N}Vf~pv#YO_8jk|T~7#ayEu$HjUC(DAIQ#kN}(FB}1
z|Joe$528X?RXBy20~m?l<SD7PL*`+#QIBk&@N}@$u9qTl0{0876O8e;dD3+s+GPkl
zM^`Yftl>EyZ!%o$ZQOkZc1E$}Ib$?NQ3>V4v%&dDp+q7~58)`QsrF`s8X&~ur1OCm
z9UdNxl&KsV24&d&WEpt<=I9TEq+e)+md!4H#(nwjBq*FOxaD-<r;x$g3YptSo45oE
z<dE8QvVtJg;hgEK%1kiT3}A?u2$4kh_@se^m}fO;KlN#G;-?I@Rd%EX4@-+Y<(ZpO
zY%^nw3NWmNs@EpzwYtR{&m#B@DUkq1LO8;jqt67A{#9lQOz&gp=_n{<KUk8YL2tZ>
zaiu<*z(xVgijR0%)&-TZ<0i8sCRxd3pP=8vb*$23ATE&5nV%)%D|c5F`uJxme2B4{
zl0l(iu9G-IxM`zR_>-xTS5A7*6@5r1tn;Inl;ToJM2WA@q^W_75E4mmKwMG2K>aDF
zzn$lQhr*HklA*e`GHoGk)TjJ>eFoKK`Y3L3f?`DDORn@TL67a_kD@;#r%;`SG-#~B
zB`R$5xly!f&9s9uJTUxHxVughg0%Rla}H;C9cy6;NIZvW-eKf{!_Z&S;XLr$Y%Lwr
zUvHenC1cfK2=kHU5{|Sy0R>s4IU1tS_{Tr&S+^<X{Dpc&i{f`?F&>mxtiLCt+s39)
z!*wSxn}^oAmiV?5;M9J<F!eHBk(LqPjLBi`RXT~6XU0&N!X@YPs2ib|2aS_d;AQZ#
z9+#z(72U2<)3D_hGV_x68?EYuH{onQuu7PsZpDvk{59{1?=dJs0Q6}4Pr=f=uVtk4
z{4Rz;letTcVX6i99FlgKg}sk)$bBcSBeE+U&1Bw8PcoNy!hG$bz?<YwG8QA!%YqNp
z>1~SOLBFjW^6;N%jKm>3)u>;F_*Gsi+=51zPNIU@>x!Gy*dm0=yvI&QjAmhOe)r|q
z(ibx<DWHLnlkJS81$0W}6Aod>!>@VOdmNtGo=Cz*dt{sfBvfF+zvU<4B$;Sf(xl_8
zr#YE?!Ne-|s)#svwdAojqW4xFm#w~Yo*3R3CO3w~c?xD$ivi>mOwX%IIiStxBLtkN
zL{p=-Y3vjoUjx<Va%i!P!r>3vzE@5w$=?&ajc3tCGIm{{CX8|t0Btsc5A>nn5Y=~<
zx5mFgQX0b>^+l*9v)y$l2L%&mL><EuZp3~Rl_?YwrA^XIO=zT)BI(g@1w8Wtl|)-a
zg244D_Xfzp5j!o-58`ebif#|)n~ANiq7|@WpDDdf_RxZh0<yXa6GA=pd#NjJMWk9B
z8miQfUiE!>r2;`NAYx~N|J-N<-8)X4PUmjzyW<>#LTQ{wRz;#yW<*($AbIi^sYzu<
z`_g>p_6ZaC8+clY8OszFGx0HxKlE10^13#j3BK4TF+MqTid1YJ<194Ph2i?8ff(&_
zQK0%)<iAgpa85gB68%k;;a;Zc%Zccz_DAQ5a%q*<EtvFF0czMIOjQ!+2Ihzik6C4`
znr(#=n&Pz!z1K}=<Sx|BGK3BhNDVLA&N>aDvFn=~$L==vVZo(K=gywOKbf{kO*6)?
zpu2ArO&^Zn>Dc6gSznESqAFPT_`vIJ8a)=62@Vaip~1r)B3OXcB`6-rEKE-E^rW9l
z_^*AxEK0K>z(OYcN~bm{^+B!px0I_na|~83{HT{mfnbr)u}ucGqX@&v1{$+>G~rBK
zP+5`Rqh{1>$y6a#oYn4QwT3OOm&w#40neu2CzsHZ1)AP%ygx_zm*IAXN8}djy7Wfk
zd=a#YR^i~f*egEslT}C@-_Hwka(WZ$k~H{Vn~88FKnSt4{i7n~f_bfFOnPSyXOp{c
z%T4*>dMoDG;=1!SKg1}JrKNDkC!>fReRPHg&f0fFdSbmFmUD8QcG8dOT3F-I@iRFa
z`bqQ#MDm?87>t?eZ)0-Gjwp#iw)mIBiEBz9v5i_0LwZd6a}iaP?N$4-+;LvEe0L_?
zGhC%sfWzCj3c6U57=X0+=9_ejLhwCXV~&~;k<PR>wI)rt1-sC$@Ir|Njp^Q<wiq}v
zR+YUlP-ZATaPCa?MfbIaMAc;@ZC&SBhh}2imo(C61gTax5C#b)+sWU}cG01=N#ds(
zScq@Uak{4ug?HkYjYv;%Ci~6g&I8v`1L>LtI7~8FJrv>b{Af0iZ6(Eq_;&iC6Ip{H
zumH(`WG*S8Z?#eF?X7gIB#8Fx1S;jVf^CX373os}-S50!B{@D`cJ^$va;MYNo;&u{
zU6fJw%S4oC=Xa3(p9!z1tR>XfBi6Y6w@AMFkTly%-H^V1u2ydNFHgenYIwWQcY;51
zfRbFu*l~*Dl&b4kcUd*~n0_omPZw|D6C^i^-_*E#f`Z-CnD$CT*yUhw4NBo<uE8|K
zS#97W93P?DLH*1*<747~?k1eoypGpulD4&Fug3D%;FW!^iiQIA^CSYoiokO9-su&Q
zkI54~hL<(kwX`u1zG8dn2W=#J#n}{L16VWgwH6Nnw>`6%BLS!Anh#$iAjP@F2d-_*
zOIOMu<3un1+6Ys%MilmFFs2osLt&d9dJ7%H%Y|mw{#K~~{;;nZrQ1Or>BZ*nsN+PS
zs!Y`n=f`5FaKLLjObnA(>%1hirD!QW43AVng2pxZYbRP~OB9FhiR8L3Jc`@A0Zw+|
z6)rnQElLTIOy3kJEBLUjf72bi4W5dT2yR+QDYYx;8Zw2#w4@0qm$PwXx%ui*kbsSr
zC-wxm)9SaOg_7Z7nk=N@**ZSCW9=6X=~Q5v`#zQ&Q2Y4~AB$Le*#>=@GI1MECc3RI
zXUu!(WD(TYl4GK`W7w*F4~6uxK+@8YmY&>W>Tk0qq+GA9W-|-F`{0(46CCbEm`lW^
zAuDKB;v~g_8ci*x%9MFI<1GH%$-IxC-T1L^#Hnv~Kh*9Zpfw($TL|sN{}}wv+4=&h
zO(OOmv0AG<94bzkSF_m@b;{P6Ex~1`GzSgDJnk$$Ou@9vY9;9`Tno75^k#N8e9^99
zJ)rIucA6GT5JOTbZUNCc?Xx<H$H|inlqyUhls68B(M+##Qmi;l{zoN}<_qoTD2mM8
zy&(6C5Dug06|Mg@n@&23(yp*dF+P*Qe2$;2kVqGvc&r0&VL;_d`Jc4E?w>&cvY~bL
zN{h9ng2Z|VQqVPiXId4Lt_c);RR2HU^ZyaP=al$Ad=Jh4;Cssc2j5eu)k{Ap^52dm
zm^5G7*x-f)c7^RrEZbCu*b=rPGcgLvBulmV-*VH6pAw1<K@ANOZin`^QgfPa1m2{g
zZUr4@(Ige66D?R%^&{+@>m<iQFzgE%HU%npH5?KIFaNkOp|YN?k101PfQrP1JFz^i
zYdHZSj}o__kECg$hd(n!)ebE2n~69m!S^tW+WI8W+ksFI)6kA^FjQ|B*+9@f#kGGr
zlmh?P4kg$h(VbToi8yQnrKv48neCKk4^hhZ55pA!xVBg!l5eHZM`}K|bYD9x^19kd
zkY2feR#B1yC`DcN^qFFL*&g!KVnT<Hywdaj7Zg|WuuKH)D)~sFWhmNT@|Dm&ksm^_
zvZDX`D-U&7Tf9ag81nTOS8i{-Cb_J9UxS45E2yXs;PojFzg?2YUnp)2BnzojO-1)e
z_<GT=P@QGXB*aiB%uNn>^PQ$lUM#Xy(nJ6`xL*r{eBEu~NQ?^lnZA<z*cM_|NR^!C
z!BBQ+GDg3b=YnYOZUD8kW)yFmakdEi*Lpdb$0DNIaFFbiBz&SOBxFHuY?yR6sP651
z#P@>85c0m4x-`C3c9_rG@*?*dZlZaHT)jqYqVOW~B(>`g%XxtSr|6WTy+O9<1@0Eh
zFM^|C!w@?EW1M`pF$L0_49UNu{HK#i{%<EUW9ZJP6x66VsALCvu>q4aOr{F*!CfuL
z03F8w#1^g@Q!2|<Fuf>T$gl>6)ikoymMjJ$?;zK!C`1R^pDlI}<g&4`Azu0aXl3$#
zLOsl|U`by9r<w5{V>29>F!4t-aViL!Q~2BuDf!@FgkMsRLEfo^LA9g{dtIq1o%Sr$
zX$#4Okxwai&cvhgrVThg4jZz_ZL4@ccqUEF(zFn`J*k9{yV4q&{^5C`>Tq(WrBsn8
z)6Tni{Py?rH4qfHj0>R;==Ce`nQ!s|CMeSZ%SwQ-ujSVn&*VvvtDfRFSH^xY$ftkZ
zpvfeS2><M)0%AjG`HBWdKf|>AJPa&YZp5SBuF&T=oS=0ywtyRjQ0M5ts5?OQJ@7s1
z)q%SYr82tzN#M(NYgC`($i5fs9|iXk9P$*@ZWpP^L0tjR*Qc*WQj;S{IUx5skTv9!
zfH<H4@+3P}Lw=YfkOLB!Mr$sGL;XVl6sk6HDjp@Y)d%d+RdpubVfg%=hWt3De}^3U
zTu1d_XKRRZ*_*f@sox$Qrw<k_Bmv>=ZK6DQQh&TN?!pW7SWcOTKbPqdPBO!yQCZW5
zS~=Ej4OND#_YY5BKvx2F++P#NszLB=VbmagWQC5UzUqMPkZrz}FkewjYR)!>gjQ4=
zbrSs;WiWy8??jc|eh|2#IxDW_Q3kwC#+95?l~=q9Z9Aow@;(X6mNfun6Q$QDk8^gt
z`|-)+WE1|w<Lu+*d;H7eT;WSt|Fqze+Teh*#7{%-Apt9RVB!I9=Oq27-Pp%`M%?&G
z<Pg(3!Dijtj5w4gjKfEG@R@LbEzJ#^{P79oT=E3`3*;C?LKIldDw~Od5p#eLYj~N>
z85Zv~7ZvUSPexFf;!6ADv=U@9-YBx&wH+CKluGcOqt18I@9(_suic!d!Kd+?ra}^*
zf5I`;Ey`T$B+@`4JAymIPa&}TU1CuxvzZt_R~RMowU>ZfBY)hDSbKwWbqk5}=WN(G
zyPJ+%Y%h{X0O%F$@-o=^;xd{f_|HQG`AlDQR$+V?AaPgwll9qRBtc4z@&#8aemBXO
zre2}9o(`Nr<Q98IWWm_v@gjRrCbsFb9I-z{6#NpZUo8r1wMs4zK8bgnI$Qvv0WPCw
zP7qlo-tcR<9KpPS$coZlng;UbA0WrOaiBt+hkhJulfMUTgyvWACy=8s@LwQ@DVOK}
zM&zJ=5;;Et{ru!!^j$K^+3-J4b4!okH|Z!6GumkXPa?<Uy*+_eoER|judvqS^dx{1
zmKWk-FbdxrO)D(55JXnu)|8*)4%4$VdL5yc+<nDFk^52_Tw=$$(YN+~AlVcdzAP29
zmN<B3)KPeoDdnECoaXXLQKF2y-{2c+tik^@Xvl(^6bQdF7+H;#=}m5~u7Dr*g58_+
ztqqztM-iNWy=Up0xCYF|9sKkP$HWq*+c~=#W1J(^Xq~rz{jlGQwP<xLs}-Hl*XyRg
z-i$fO10yLP)nP)+I~{Y>ouL#Z!>RpwO8M%*?$l0P8TARRhRA=d@BiXKG5TnuasVYT
zqFVfK-!Woj$J@cr@PkQaFoEFsCC{ow36y;p24553_}Oa;NY87R^g$rwiv|pliXJ&R
z2Al?{+$-5QE7Mt@P(@@nmnnMV5UT^sh9<R|l_wJO6bjLtn6$rb8oZNR{_zyv`6PiJ
zK1m=&>HiG^tzODdS&~$Q|6bgFZyfIrqDlv=T2wlNxM5-)8V7RttrOuyWeJAKEr+iJ
zr?UEhZ{M!CRzyz?A`rsRZH!};Wv#C4-{tFTyt|%$43d+rWC`&s4c^yZeEndefrXp|
z_@rM)wQMRhNjN^b+)^c!F3pL4x)FC)zCHaC9k3U*vNM4#JRBf#Kp$>#Pt{VYR2n4F
zvuU65C;pj}1A%YsHB5|S!>IF>%knxeotC2z7{}$+0BzlpO&y#F@haXj)#LgbK;BC}
zoTe$!8_)RbS`U>qUm=dyD!HC%>F?kq<)1BPlkp~<(?Yx(kqqMBiBfn+PBc6BU5We|
zl)rUFjeTafWezfj5_3T{zTZO&Q#2ec$L?w15F+bVC~>0o&XB5#X7DS5?u(FNL&J01
z0hk?gSQ-?Ko)LESza*Y%8djI%V6(5VR)HZ!*_b{wPR5%?MqCcUPSBB+I6*V>_e+A7
z0r?;EYagRot?x*_YBNi`&!r8ujpymSuT-DIn?noh@97B=n9yoXjGUr=S8wU$)CAV3
zqVm4}^fv308N0NA&E^4TYaE?39quVa05rAmaZ;bUuR@)?=ovk3)Q{8D4l{#E;dAp3
zdil(M@R~!um<N1U5<SUSS#otU>0j;tV<%Ypn`iCGU-D9MI%(sTX`;29O~z;sRsNce
zm;JXHIJ)?Hx`;}JoU^zMTXW%P`FQ6(=hb|#Jn>TS!lRi-5ad<An;SxEJ>#mzcVJ0K
znujm{i0uY-t@+P&?KOehj8eg{J46N>a%_+^qfFP8g^7v)kNf%GovS7Uft0<;+A!lL
zO3%kq(wiD$--`Jzvh+-3rzh?daw8dt0967G(_au!t#?_Yt<}vtuxkxc%nrDM?fhqE
z*v3eTIi<!eJIOP}#CKnoqDi=k%>kEhfyf02>N%kj{#;vO??_4vlD0@;cu)+IW_>(j
z-bpqH`-tz=hOtVqgl<(VrqNCU@0;^?Ay4}v#tFkF%65$-#Y;aP&K<b<Zr>_Bx52$Z
zzY8FN#oUY7S(&z0uWGbf_pz{*b@AiKN!&_S>>N~FH?^*NZ@4yDYw8hK)dL?(A+06W
z$Vd}nZ^jPdBUeyfYVa6a#<g0Rd>8%0qe7cyds0@O@$P#l@1GB-S=I~D82FQ(N0uj3
zmK9001kO#HSXq+#c&f`J9JI5iIRakw>}gu*yTK^_opaMcs#*+kzMIoxed^Dh0-s+-
zBEuEEo?~+J>dPA@1>d^!Z`cKQ`g!k5QQ1k?!1`Z7uE!ziJB8Bs(?y+6B<J-L$+`Lv
z>Yp&8u5fv~nY**`d#7XPUrp7ec|Q1acth&?N#`VHPeeMwCgeFX;&mqNf6_teAJA65
zX%L1*w>g#5pKy?V-lGD3!m*<t(5U?K`HE*BLiJ4OOn+|Qq&KijFW9ElE53i+sJ*2(
zhpLzPm8uFM?Ww^B%mw6LLi&FbYAc{5)?+}*KHE0njiY`ZEXSy+1@HeH73e{lx-rxJ
z`&YznA#GTIq4~jIv?Sh$;Hl)iVJ5x>1VkFJeuw~!zj&U8Z89ZFOZ0zIfCZV8>`!%s
z>Obnpb=`J;(khh3+Uet7TeCQLkuy#mE3&N_n!W$fUc5sJJyR5`N&VShH*tn0kJY;z
z(qD-IaQ|vWpeKIL$<xN}Kb*CH(6zSVqk^Y8xF<bXPK_#*&h||8l!^{~+T%7jeGh3)
z?)(k2Tkx>GWU<n~>q<2af=#c(<G1&F)K{$L;C^C~?rIo~=6mNo=k$s2{QMq&T-a<g
za#~M^`Pic{-hQ4z&MPq24ilT)TdGa2JJ-Yj(%?sM_fVyANMoVVNy`11i`#wMEoJm=
z93GR%XeO=D3CKQ5aHn>Y{WF&PxKxbLYuOp2=EkTN`sM}za>SAST4$uUmjtPVM4P^M
zH1`d*ELhl%>{N(NXsMjOwV7ugNl6k~1Jpuoq|d+lC(EJn%EVC7ICkprT4^NLM@sL=
zE8f4+^E^*QV084PzV%qlufesM&iQFmu#|)Mr9-0$(r(VG8_HORoyz*1i2241h0fP{
zH4)%X7C;0Xcf8E=S!cPm0Do);&X~JxM9eGPp)@C^lvZiI;e~N&w2Nfbch-8i>eE36
z(v*r!&A#UrEBov=Gn=FI6(`cHjKzaddz;bB8B^~%kI?5i$J8hju)fn-JNFN6Bd!c`
zL*XSxoZA&-Y2OBTBwi3XjXXi5vKU0whe`Ds0%oNS?AM{lDlcMUF4%uMGE`n&7y}^*
z>*=>08U8AlmbaTCoVY@BCm`fYxNo8oO{-QC<VPaHh@l{gq~2K%ekRBul4{mM^2exb
z)lQ=;*t<3+g_u+TFDRaIR1l&HZdPrioX-zjj+CKuKI_)RsY@+C#K{dFhe};Pz6bD2
zKx>3WM+^&Uar6oIrEpX)jK#qEbv3%RH7W27AH4V6&Q_t4$d5j??#cop<gtGsv41l|
zg`@MUbpY%1tvFORSDvjoWul4|P6YuH8J-dS*BTxQ>sWI~6sn)>_4s&DD~E!q?j^>|
z2+jOV$?$0}b`?Qd`QeKQ=FydV%_Jzgz%R{)bc9Gy*YZUTC!3XDel&-#I?~^&6QM&O
zcJIioPEg*`BsF82$hO&S7pRH@jH5@5Rc#j9j|_JtFiWDkd#8Ju+}5iS5o{x<!o9a&
z-KX>*=1Z#r8>@+I9?3E&BcX3n?irjL>pIx#TY*I{R(Z+4)3L?wvaOn5XyQig0HsOn
z5&VZCiq4uKg;>F|&9fQ1`a0HOxjmN=4DNVT72_o5_uQ0B`4RReX~GndUDGd;DVA71
z&uLlX6Ioo<Ilk)Yw&K1h@=EAZvxhTWPY_0D2VApi2RK$`bfRY}xK>O$8DA0v>W3X~
zY!1__+8^yXM~gKTzJKRFr}$!41~k|31wTfxjJg@4(|xteK8sxB6Jkb9<xrCkw!Mwp
z>MJj!JbO^WRT^~QN49Yu9AhKGT@)6m4?|x>7dw|Q_;J>42kN<4m>0twnVVB}%xIR}
zuIRVIZI^8;vB}U4lVR%n=Hf^?T3L%&S?=)A<T}rDHcra`Wld^@&o$w31VBbrBQwVj
zm`ypa=qyR7H%yru<MDr%y^p)MSZu>u>E?nzSVt@hs#$^S&ZH-2(|4UTK_c^aS*BcV
zv%8;Zf@LvmfSKRB#?65U{7F%&;2kG>{@lL{BR4hD1al0`1pS{>tREggjLiw5l+fpb
zqq5*RpCCj|54has_W>MUYdYft6<pq}w#^V(wew$=+31*<YTjXL<60F%@+9v)s|tpO
zL3TqyxSR}@6e|*^j|j>t#5ODEIKfCrUGEaIea=dx+a49R;1B+SrDf^NO1QXHMYkcL
zPS9#jT%=GQRRN&0WR2&D!gVqD?n=(Tf=;L|+4uHk92iWqivfi_wP)V6%s#SGwX@i(
z2G*e&Rl)d4=;=Z_&+RvtsF^80gs`7yE|{c(^!rKa5FHr8-^0CW*Lm(nv$DJBPELTz
zJ6D=y)k_{-O|>n1Q_asi_2juhO|_Yb`((`*!(>(0!5fefE2zVm`to<+e!ZjB7GLJ_
z9T0$|yg3yEexsQxUr7Ju`IOsL*2(2L-Bbl@&pt))Ao2zpWjV!$Iew0u9~12$`r^|0
z;={>fU)e0vAiCgDK>Rn_n;LaZSUS;bT9zoKleOaJ!plRPzMIqs#p!}+>Q+zrKq!nQ
z@Y3h&rvAdBuL&wWx%9L$M^rfb&R0*L?e%W(6m884Sgi|lj>|3-uz4I+rdJeu=Z@l>
zcre9PxH<hg``)jQqMMYO_%bVcNi*ob7a6waY!(Bv7xXoVUqiq@ZraZoewJi5Qws@p
z0M3zMp1f0Kh1HNbx3rWRSMfKUKdMsbLG%GVt=wXEj}(B+M-*(490e+kSy*u(Tx!T6
z#LR>NIO$_xwIJ5x%iFDIetcjraM=rmLZn3Qf~PU*vVl~8Hs7U@U3jS+HT$sO7<ZvS
zSQC#Sh+~CbrFlSvoEOG~t+m$>>h=rEgsdU8Zc3<arb>*nxi=|C9&~uU%iP|XYi#u0
zBGLTIwLq7$z?KHk8)hmQA0p~in9a}glZ4WNa832mXH~Y7TeZWU)6*zT_Xgv6+<g0y
za(LS~x1MsYmGr;LbY{9NCyLSGnkmdRG6wUI4M#Bsi=KBd5r-INi;xlYhP1psA#1w5
zRjru4j1h)Fai*m2S+|W+UDDoV*vZqwA^aO=@2QJ=BCaw2B}LDv-MLTp@5c!LrA`gN
z9if9v1zYiS0iGSfj@;+eLAX-1Y|A^hp=WY|k2P(~&%aj@r0y&>jQ1gZmrWNX3w0u^
z_c_R;B8HSJRNw)&zFCI)3Y!f_tFH>zb)StDoY!Q6#ATN)MywzK=iFt#StX)2zyVLf
zvn|&mGq6?z|40ns?uVh>R>A$s(}g}DkPVMrZ+?(7-hJJq7oV^q(ZlZPozmzdkfl8F
z3=PlN4Q%wC4B{Z~rV``)p2NE$7qJRT+f9`{Vt5%((;q2URU3zQHWe6=-Fxo8ZUT@T
zafvhbX3;MB((citD2k9v3zejQ#2K7>wah|IQOaB}OmPxLOSvO1Pz}cMNeuu*Or@yy
zlS3O!_I<SLp>VVYx^E|D19P1fqVJtrJ5v3xbo=^4_5J-W5{R8*vm2F)osX3@?G@Z^
z{nd>-i$}VX!Aom+gXeaG)ofxL$;Q~r1ZP3U_6>ANMQZr1+lzVln1hUlCMjLjMD=6<
z#MF41l7?6#^Aw|o32egh7CLaY{w05{EYwX?>;*wiQn04~sdp4i*=et3oQ`twsDg@Z
zz-v{8e6f8sjZgIoTeM0+<i*^O?=3ljCfJs!mrVdc0(=KF7mCdKC;wxif-D>(Gd`Pi
z12Go#AZB0Pq^tiDId>{f@s`Q1mxM*Z84Dzq<s|`nlBdGsDxMNJeKWv-RE~T(L{N(z
z)Vj$4Uf$pz#`be9BGf){)aICbXksfvlJEGl0r?8+8p`ui3E|sX){Bcy;*W?Y;@|j*
z6nMh3?d-b@*$}8TWDA{AJx~6V)!HYZbWxzDBJEcX6tBy~g0rA);mS;-C8Gv*+L^-(
z;8<(a=7|H_(I>plD-}Q(*Wk$%zi05_Xs7uo3CCc2<(yQlR9_5{6w#*rx4#pI0s5`m
zal5I0aRNaM??~^tBxc9kwq(?`B;gu+nHsZ_saAn;#E}P3Pf=`@!X1|q+m_W%{)c)j
z`!+}}-Wi~4rzS~_+f+g=Qy^aNiVr>2ZfL*$0HFeG;TeR`WB^cEJQx)yvcgQErud>N
zWII-#d%vFN=4I?+cz+L7@4X^?hA`C_yd2Ca%j>_KVf)>*6mzyB*Ns{dvR(#fi9+a%
zRQpV_>a;C9Nc<MA_B22|nK^|(VC3^J8<yU}O;bi{6i7Sa)ScH1-?`k++1|s`+*;uO
zMpkD(pryG9x|0G5s;~X5w)wRzEy!W`Q4aX176xP7rD1}YuQOy&SxRd)3^4Wk3ME93
zR!|LDmujSb+zpYu2SL0p15_0o<m%Pi{4Uq0PTbzNTvmQd<-I=TJW^gieHHfQcagtx
zmjp!@29KbjYw(b<n@!t>8_RVxf`s{Sg%%yKSjkR)s%OAl>0pUVA*(yL>ty~HA_zUz
zNLW`w_~BZ<X7Vo{GHQ0B!U)>u8XDl{GtN!5;kiHO2V!y$uWCvUruyA8c#HvM_+m}7
z@TYot0hGJ9C~%RJL^izdG%*;wVrSItQoay@mc-{ZoG-uSW7q4N?0G_nux{T6P??~H
z-ZpebNSFaU{1uyBmBGe*D2J>d2_uT#PL05q8B)&BzU}Uu{=5$}wbf<Ke|KT(6A-{9
zd^T}TFuu2xvAxzbZD+Zpz&raGoHRgO5Grk~Xo<jD^ZiSpc|OZGdtRo|_jPutw=;IA
z&(moc3w0gATG)UA8v?P+A9kqEXCxL(<0LWzH6t@P7+Xj&iuk*8RP_1!8jgxpLukcy
zz3TV~^VCRCN!z*f{h+519nGA)jZ15E$oHw|uB^u8we4cM-Nf#2pT`gK2yQ>q)84a$
z^-?E8>Wf``+<`nS#U|{EidnX+`H~I7yM_TGm#IpY=Wgg>vaR;G1}gbmsE!VNi5@gS
z7}NO$^cvf8k|NUkf|*IIE#$<(Y_xluf0pc$^685}LN`p3WIK1BiBS~QUxNCBNX3m`
z0}MBz5lpDzAedeJe!7E_+RsM_C|}zW144<4A(Zqfse-GN4Jo9%UJSPe`*gTntZ?f)
z*W0=WVRGoh?$J{&m$>ZTOJtU_f06nDw5QU-Af~@OzmDb}T2PjJ*Rb$w7q5U4Muq@$
z5-pZ_$j0Ac(kw_bZ(iS_O;jYP8?~*28va^*0<!Ik=>(N;UJ5}E?bTWmdlF<iu!8XW
zqjFHmf4FrU_aohE!RHsVM}BVH!mNhY;;|_moR&2vWKv^FdkJhn-1Tb`#FiKU5RTux
ze8;$j_6!eLK#OL}B&NmC%e%x>r^V=igj2Zq%{bb<uJ~xci;+$8+(6wnX=hDE?Nh5;
zL0>Pjg$akeSEA?vOV$d3q2~a+!ysg<r&NUs8zSiaa|~;H2RC~;aC|fjFKd_|G3ial
z@!yv?3`MWfSv*=6h9j%T@6iC3M`rhD`Oi&gaCtHWm$ms-kEgW_jGDj}ehR{u_NQ2a
zPH^ce@4hG2r(?~cz@mG20Abg4f=R}9E=cJSDN>Fqaffio!665-g49Y?6I)6Qc1eOR
zmTe5HaZYeE)UWP9OJ*D#V0o>vZzI$KsWqlh-l?>MwdY@FF~Jm3Sq<zrEfKRVIQd)y
zfW`4_vuzFZ*Q}+}547XKB9&Ztj|xOzm4JhVjNQcXS00b1=345%65XB5)oU!xIT`~H
zxpgOLnIJFPLs~<y#yvw8b}M4$WDCZUJ@&0fU!3b6p#u~^Mf_p1i;Q`(f*#a)>{&e`
zcpX-<ofe~oMS&MDHvmjvxuA7ve2L}iZn*!~$jymrsp*E^5Wabe`bK4kZ%fm=ubU^u
zHKxlvq1mI+rxC{0<=G-XxY6yXbQY22VB<V|&W5I2^Wu?@K4Vf{!+kS#g?Iz9Ds1G5
zY#jM_<LY%|5d&;yHyLHGN3rM%jT095l28%ng(Z#AC)jUL0zh7RxYweT@Ep;K=sk&U
z{3UvJ%AB1>;lUX_AilP{a3#L}YwguPL?_W<Es?$Mq?_8?&T_rw7Re`iYm4id_h(Ta
z=gCalK-21<HH3eaSgz3|++ZWyx;P(EefTN~4N-f0eA*1+C}d54P7HFmA`&mmhR3Gt
z8xCwu7G`<^lMl4=9jh-U;~u}f!wT^~r?*7>DtkxMeA1R5Xed*`d#XW4f;G}!RRFy~
zpGia-R%bC4@%JCuPVycxxiab(h(lj<E)AQ&@W6wEYGI(Rz4h9m^yH1d;4#niDK;MY
z2KIa)Uz0F4qEFo2!T03j>-v87aAUv1c1pJ-J$NYz%(!^O>q#~;E&Vv=jNg(qU~ncO
zOzvd!bEPars{I_8E&aRJStfuW|0MjodSMIcTxve)9A;_7xBACQ(m7s=IhhPXjoXVT
zRcpt~TNsTjnzx3gmQ7y^sxGgY_7eI=k$KD-q`i_@SDJ!W1R|;v_qG_nxn>TSk#DMf
z%i?)OfUGGKh^F;PY`q%ENlk3MpB@r&{zki*#-F{&-x}`TaaCF)IUOph087<ZlXj4T
zw`OR<&b29O$e$Ug=*j3LR4(VOD#zMTY2S!`I|iP2b&5^Td<B>SfqZWl!Mf#;09Veu
zO{z6*$~mD>26>%cAtMo6Z_sXj{zEwY$Oc^z0Jh43slTlhnQRt2c{Prr8A0evoLwEX
zJKA<%=O4v)ILe6=IVUVtc#!t7fn<9*L#xRHfizxcfnN=L?vO5@$uU@M2#1z|D0Ew<
zlaXOguNPL~=9UZ`X?X|2>)X?=Afvp$Kk(-EKJwIfGct2?hU>w+VT`oqY6~(oR%+7?
zB=SEv84>S<_2pBB1;oVp8(hdGqQaN8;BFz+kZwo6dx#Y4@~~EZjsgFzOIuNq%Koa(
zauhD5F6$*jnYF&swd@PXYOTaenM-wYBrrCdEg>eXJB-kb{7H4`FBIjWrPTd<$mlOs
zxeN$ENmyGqSF7PmU^CPu@|;3;9nOCRaMpesxM(te@#P-<*!|M@PX$vg(y4fo<b0$y
z4ia(KhCN)Q{iNdY`<N+2CI{lwJpgJV`h;4@37edgeViXT^Y(933eJX8Pk;{@K0{tn
z-PxDMzDq2&4FYc$&T0fF?C5ecMcQr?v>QJ*REKNBl|yHUZ427Xzy61jI2Ap>AC@ks
zAE2$$NYV9|;e%l!CAGu|g=F6#8MadTTu&ic7?Ayl3X3=$B{g`ISgY}GC(gc-G(i<u
zu-1DxFw^)*C+KjyN50JCgz#u-sK7rtN2bB|+Qj+K=F(>cjxiKIr1Jho4;&|vu!toJ
zabelbv}h_3H@!(2$l1AKUhp~ue8t*Ea%CfU85>^nlg};6=;PIc3toHhc4r&%!z$vY
zej2L_)QDr`*9glyG#b1GrkQ%@jg!?R9XVnCapK+CgCD$Ru*$)K+VNou8QIKzz9e?U
ztY9q&rPVPNpJc1~4)NBEa(l~&;70O7cKGLW#6t3|Hu|j*UfmkXEh5(-P_r7Is}8}R
zSU`GM6nTyY^E|L}G`M*?uXVjf8$A<&rS&)H9?ZeZn?T-Pox7dgoxG{DV>>~{&7O%o
zz+;TKJ&Uc*=*PKuz^&W6Z1(Tx2+*Uc?bG99^*W~H3?AmIVo(N&>8N_A1ALl#Df|U0
zbg#kCJ$NBPOmr@=oUY?OKnQAtYP11X{1jYbh6Nv4zU%YH0g-jkW7L7hWt@OtOb7%J
z=7TH$vg>>~46>QAt74*OJKnvRq5;Mu1#dn6`gF?wsGP=oYB+!pD?h9KC}9{ablp>)
zaoNn3pUW;}zZD@?=9l0QqXhn%s)29#BjL4U+zIcAcmF3l@zd}TKxHJv=1}GHi_Ie@
zTl|L^Q}|b2)M*O+FmM&^OS{J1^Rj%?0V$uSD^@a6BBqych225|9MxY1a!^lj1&<(g
zmC+^5nnf~^rJ8jFviQQ)Aw#gWmbGyT1RLR`wgaxj)<&iRHI@%V{Ixaml^ED`;KpX>
z1A^UU`S<1zNZ4i+fW(B2B@>;OSyAH<b^f&Wcdv*@`lR*k=0k?*486tMGX;CppHMMV
z+9pz+_3QbIz8+j&5r~>W^o{?nRg9LlSNhywy?An{<X1Rr;@*GK^K^CGmFgyyDeJLw
zTMx@;bX{oI#5G$YHt@e_`GqS{KHOJo2Tl#+8hl=alL8z#S+6|&s&^^w7$AIQI32Eo
zr;uXDD1pS2Y+^ZtM|r`Ybx_yz|03%h<16oCcHya~wr$&XJGDJEr?%T&8&kJa+qP}n
zwr!n#KkxgTFX!vt`Taj+tz;#+t|Sb<JT9d*+J<YeEAovoxO9JbBH*{!u+9AF4Ip(@
zrC1<Ay)fQ5T}(e<WNHAF@e+D<TR`Y?-jN;J^Pm0RKDM6fnbP;{A%0#EF@-wA38>f`
z>7f%+wRp(}DC)j!1>A)5HiNLD-rgZ`2THo+u|BvO%hPW|>E97$@jfsA`uRI<Q2LSo
z%wDLa0CLI)EiQU-TQZ<m2WgmI=oK|n76}Ud4v__I!G3_UGY2J{Gs}G#%59A3Ofi=g
zYXOtqZ87XV#pP)S4I~;{(C8)&RLju)W@nClSJGt(kR$S>5POku{1fNA#Mh&zOR&Vx
z2jU{dQMIQF^r`ln#-LlrAbV@Sm%tp*(^XGiGac`1WuR~U-i&L|y}P87tON26vl9BB
zc;c)sXbs>2;hp)Wt3J8jEu#NDFE|;vN8*S3wl36lJ9-Br>{hnm%Y;)2J;x?i!WFyd
zyDea<C*rXM6Z*3K_1+Wc;}F+k`P^WR;Y@lY1s{GQp5WK=W-H!U8FP2ZU|enN7r6EY
z#*u1uKKwu|AvhsOG=@fe?EBlgs6+t_+=??+llw_x1r&LDZbwMlJBc{%x!ayYB$4_X
zZOYoiet6h>`%kADM$-kpIP)b>ZPhxlD*_ydKIUO((Z``J#|g|9m?2&zn}x*Oj$@=c
zA(X_N9qb}FnJIhuS>hjvaA;Ve@x9=NE$-li3&3x&+__?D1#fmhz>k7NAvf&J#W!ET
zC*>>+lg@IVeiT(=y5<p`85Cwyjr_P+cAh}o^Aq;1=Nkrt<fhln<Sa?VoR;@cDg)T&
zDGRB>gh_)aQ4`TX4A`P0oqp0>EI$?do!FN8jR3U`Ay!*?VT*=@YXq)kTj*DUhLnq!
z1eym_cK~SKPY3s?soZvT{u%lzCn{|VYNs{W8SaOrQ#{Y4sa(3uevMeU%GZbH8PAuG
z-n-t4dv7?4UG{TAPwqgvrFXpoz*laHU}bUHSHJ_JL6p3r%8r*aINA49p26ZY0iFJa
zc$2Mo@sAlyUy<q=4cWG^Kj;Q@)TwS$r<(3h`V$6BtC2zP+5d)z_AvVmm;FGmOKO2v
z7V7=`%}Zo-<gTUK-k^;t37X&&|MX6QN?wFN=tSovhKi||(kWC03jT5z@Yl~9i9Cci
z)8lF(;4G(x^?WKglp`qfYod|f7&(@fsGrCimV{6YR+l?dXvk^Ud~2efi<CX|^=5Bm
z#PvG-GRC9x?+`H+1{`vp3IcF6Z&_lF)6XqDZVDfvB?o@+S&DF4Bj4X<_bGX0xTln2
zQjaDgXCBVCn`Toh*$X*P0NqFgElR>L9J0(UY7q}Hp$5$|BL64}uS4uxqGsO&FNscn
z?5URQ4pYbOEk8V_&wk#p?c|hnrqBi4gJTH1Q@{77$h1$W4pmA)iDf<y8?DtF*as7X
z8(@iwp0d=rgma|vT!q&iGF!o_&fdpg5<zGhB?0yOCoTE5@(n{Xz)JxdUwVb#H_?Yk
zwRA)<dp`ZQ^56gt!<PE(Rz`k?6no*hNiuq*e^mAL{qzA=5#w;hpx!a^?1Fl6X^0?B
zff^v-o-_%?OhG!;A|ok3C@wod_sqyoUU8VuLDr*+CS5s0Fp6$Hg};C=dXlM&P+{xL
zqFN*kHGNG#THts9z~+R({2JX5In?^1P3@Q!OH#~RipKq}aZtedRdc%uMEIHuNhoFB
zD$%(IQ+sUDxN+~WfY)#YC<MHQK>TmEvyr5jYQ!Uornp)Ce2%tij2d_i>(^iv4<D9G
z9p92@icQp}D9@r-Q(9w-4wiQcOb0raD~3;xqiQsl0bX&Q8NOc?z^4;-ZeJ+%XFBo~
z_83&cyNLw7LJJKJGa^EaY%drJWY~;qlJ}Pf^%8gt1Z<wJ#a`k_=V9uVPr^<Q$=k-h
zfC7!W0TlRG+)xRdAv43mNW>^yd&g^qRMm0J&!Gz_XGD36oiFs*CZyrVq6GwYW!7nY
zEe<afz+hxa2W@dujkxJ~crvXh7}#H~pv)W>CAB-SJfl~^Yr72Vux@|YA~LJ*&ASio
zM$wHfgvMhk*)Gqj>pl4KTPt5+H)$ZkKCy<>9MN{N9pqYk-&j(M5xJxT2|LXVaX`K7
zo_fVgb+d1qb4No3VqWtFuM0+_^`N4*Xkau2Af4(dgoIeIVCzL)I_R6E%A5t!B#b<S
zI!~EN6(+>Iz~Gk!0t@F<ag_~hwmZ2c2G6TMxwd7Y7SgxczhLQl#XlI1)vEu3ZP;K>
zE2*pppNh3k>`Jx%^Ba>QwYq1vY_PZ}puhvuDq({K9++7!&~N0K<r0;;M@8gzs{?Rn
z7^{r_a~$*Qu!_uZOQl$lNfEgw=>5}CI90~n`>aRZZ!0K)8MEl;u8hi^Oe5KA|78Pb
z!TQ$ES)m-eY=x#bIknJ_(BuTT(>7<j*oeRx&<l`f-!I5}JUi$R4j-vgT+A2T&%5Vj
zQ*rh^6%_S8G+i41-bm}b^z7mR=b9NmZKLterun1L9o9%ZnMi~|dIBM3N=W`4^tA?}
zk{V+LYKC!<f|j|3-S+H3N#pcoCbBnX+$K=rG3-N#FR~s+sRUFJuV5q?&%wxh$<j-9
zn9T5jQ$pYD>Zd`4+&OFx2-%dyDocVZY&9zziT@6R)11~tL}Pg|85^_#+=?c~2qrA%
z`>lOP+8=2xG=23N-Rajs5uyZsQ#|c3;=lU6=f$|c!&pIKio@UTVK2cmKtA@5>-Ue1
z_ADz-IB1fv(PNM>7}DdhT97y}S2QF(!G-LggE`2av2OpXyWUBxdP)ZJM!L|Agvga`
zkP=Ag4!}++7TMg7(Kd<ze~kmKR4hw)q&kBoG{soFF6+mAN?UI7>u^j?-_Tjl4!E4J
z&=qjEQpR#~wgWAxq*KV%r4vY5e0vi3UU-*c1c!&^OU6bq2+_T1EM4*(am6AVE$Uhj
zhq;aG?@rbJcqx;2tnHJ1qR$SrzrN+{f}91?$VnESmSh<6Bg#nvJT>6j`#%5hK<ZfX
z)D>)N&nsE?ci_qmht!B9>-^yX%2ENPsZ5<yN={es;`k&+nKjE}vCuRe(STV@+9d=P
zcgT4nUcdCHQeFH$>){9HnRnWIwN^Xx1h#tZ*Aq!2ZvV$A-+uv?JLvSD*2!PI9ELN(
z9TSmq*akvGfZ{|P?*KX^pQ~+Nxh%c;RsGG$z~Tm5nyAEr646Y<AaR>GQU^{bVny*!
z&JwU}rWNy-iF^+CYGxtix}HF^=PFLMmhPI~-DKW;<K6cNk<h<NY(c()_tp?WGckLf
zVWG^ic%wa=D<xf2O6I7Z=B-ZGQmTYZ_dzznF`Y(?fFkh0&{0&&DD`ItbDFk!-BZT+
zhIh^jEA!hbS6Nx%$zX|`6>Nx|&3aV_m63jIj1{6v+czT71vKnAZ!USZKYK(X5_bVm
zC~euCym5ast0K~LiO(Lx-sn=z>YH=22dqC<JNtuyZP`2t3%|fK5vzDR!3yRV{{&Bb
z(}d_V13tu(&l>ui3|~$=2`_w}hHpZ3SU%`Zo6TMZn}XX7UvO<lO<U3XtFe5kBnNL~
zus6wBKIER?Vu@e+8*6+tGj{$<COs~1pnYX@MQ?O0#cyONUjF}jb4)|8)A9bO^;I_4
zRpMHt2Ha!HTiyirbpRvsnQ>?R@w4+HKp$mcSjo?yELGCd;1i&L33_*)Wg0M_7xYca
zbm<y)F2s)Ph}*==Y0B-wk{bhU4!ee!%h7Y^LGvVjQvYjc*pD9y#7<hyk-gqlYs^3X
zu!jQ+RB_-3KU>(PvP#fQ5r<oFe&I_lBw8|8RleBvlDj6{&pnXoltu}9ksMP$Kt3uE
z!F#6eV9@HNB>vI}cRL7mLeDj-qXBt?vO9`mcsYB)m~Xw*VO=*O;0}Rij8hEw)E(|b
zg0B<M6Cu&1F%lu>lun1}(u^^=g)gsjD2Y(Dk5KMc-bwe7wTS5Cd~#%k0m#*nlxwqo
zYNj1(xLvJA5*bVUkrX?JuVJJFyg9J!1qZ|Q-W&$`Gmu;=e7FEcyx$OOZ&6hMJ~4<i
z4lpEoOG@fm_D{LQgxF3&NfRl%(B*M7bjh4Dd%x|pdzEr0{?htujw4zP(4@}<53U(t
z%C|yVDg5zvOzB=t`l5ZiUOemOa2QDv7*P6$Qn7A#Xw_C0M%cdKtag?GIQunZrF2Yp
z`DVD>&gmjAvnijM04(C1WdsNrP@ZMT8Aj1HD<7+#WdKv1Och|Nqm-%g<A6^jKS3wI
zCQ5a%LKjVYY~cx%jc1J~I!67Ev-Hx5w+lB{XREz82SyT4Jr{$6em#%mIJQ~s*E7i?
zxAxb^e~+#5aq7hsODcc`l@#PtYBX2K@;g#q68<iZ=V-eEveo{hwIAmo-%4j^m)e{9
zASyZ)Oc5bQEQ9w5t^=HXr1W?zU8Bo<ljRP!5&i}gy~40dNNR%fpNpdccgA>+AruaB
ztlTCq7bWNtY`7?veoF8`5H~62hJ1L0!GptkUQF+=%W?FyX*9sLTF<e3U`DnN>DKS8
zpUBfot3T1?7n(M`7IdUC(b?gKUcHE6&s^~^enL}<mJsq`N)Wz%Lp#f7oRnnVmHe6H
z=8)ne;Ypb6kE9A=*+QTs4IyYJC?_4Wn5bB;DJ-MvbEkBgze6n+lAj^wFL|)!w40g|
z%+$}`?)dXJowFO@!_Vu#&8)zm`*nb`;qWGxihZ_Yb9ywn%&4*4?Zf-+>)_$@MYt_r
z#n|<Gs{^F!+LL>=MS(wiAC15)l#W<e5XAar6ki8Pk&h0nn!~0A?ovC}^o0f!?)Km=
zPI)%roSN1X<4Z#SkFWzg3Cy3rj7`uCc~`gxk>=6##XL8FTStF4CS?RjxBZXl)mQw%
zYQrOfXIgKXUB9eeX|c`D-wT_U1bewL`bSN=a4wSb!wkQk!~Ku<fUWzzSIhA2^Ijw?
zs27N?RyuuGK(`UHIoKrA?!Sp^s|Iu%7gYvsK%}buKey3$wZ}U*%w%UnpS2Xhdi`H&
z*5CO9aI~pC+@XVh&yeP!U-xc$@%hiejn+J9ux%@HV6*ZATR`m*2o2)9cEfmpMHUr}
zGCAIPKGCJg!0o&-ym~*q{#0bux6hV)?PB6F(Kg#*mfj?zEP|#>H=-RVx4C^0hIT^u
zh_^qQHow{IG>(Br^AgEq-oM`c+rMFm$oc>S_&I56NF2i3Jb3~qVUM<#>=ERUebzK+
zh$v6RhMUS4pC;E!hZE&tp4cxe-bX;kWy2h^41%D8)^iw(faIW1*9Ptyx~XC>wpzSB
zh3wtUan(7|o{i(8f$&1Rk|~$z23ohco0GTrqAy-ftF1eGM*qjfQwB`t?Q`~QDY=0M
z0E}$^xYTY=*;+h?@XBe~{wIb%rZjt|Ea6tVb;r5RC=jC5ytH?q?jWHHtSTHeiW)B@
zaKjzkeuvQKKaf5&ZAIzpIwt8OpVj?*WK16Zq#eTBpz!`?w{(egAo(VH!O%m9)7#z$
z9afw6lQef>mA_8)7%VZDt+RNTa|c||Sn4aK$l)Yo(r!D{qC5m%uV8IAeyW(b$_*<%
zA&QUe@dj*a?P9HC^02u>U|O&?!Nb*99=#>MSzo{eVO@W&uJ>$MG-y-WPocEr0r$Yp
zBHC5<C0OlGVn~GM{RS4+;Pe4Xk#$9UjiL7-?yAihg;>>~nG_$Dkur}z$N&^qrXsUM
zzfWKBotQl6ye-Kz=c+>|B?Mf&BNyhb)bpO!XI7<O{`tywX3XqLudL*zCj`(lu%wMF
z!V4;u^1P5qEwMaQA+rle?CN&j|1ouJ$n&E~{js+linnAhdD+T!CipCI6OJkx1!X*u
z%`{F*S|WPn4vQ}ZaY-1I><2K_mBkFG#p9wN1@*;VfTUO0DB8Zk+REdggh3vMbAS8-
zcP3m&MPevmI}|f;Ksi(JPLVyy^hUY0m$$J!m*lk=^)s!q8ib9SGR)qo4IPpmc>N_z
z^0Q4I<0lKx%HLhJ1&eT;L3O!EG`2PG)6|zDN)4aY^Q7zB@woK)w<|!2iX(T+mdG76
zjXs<<I*k{3U4)xI=)hSmtr8GZD5udwA5*$5LxFVtr+yf9j&Chomz(r4AS6_vt+&qJ
zX4!eG?y>I9`}(f)K^*Ai4-v^)HOk^xZ@lC#E>0Y4BTw9`1FwhS9adMfDpRg*?Kuq2
z_@l3JNvLH^wt?-Zn<L=uwA@N(XwRADIYR?>caERIU=2M8?B_BM7VzJ<@QE5hR4^Xr
z)eO08+-A6r)uzSL0_&Fycd>ydoFNQO5V)x>I}=cMAIIC%yAMw_%hd|lwEcsJc~bf>
z5;`|q?JsJ@y0B#S8<Lw8vPjq#J<$p=A|-_Jcd`8S2Vxf;Apo6^@PqSIh&Kpx9ai}B
zF4rRiiXW|X$~FHJH&Rt(&rt-bfPYO9sM_sL@bK@-VV?I9(0ZS-@Zl@|@#i#DE)=tY
z<{|?{FA${{@ADW4k5uTa<-%9SHx*1*L8;?20?qu9Qsgye+mmz8pm=Jr@5pM#*NMB5
zPl2gLA?4U;GC)K6J$K_JL~U;zWU2v_lFY!E^EDTpM^5MMV*M3edh{xHlmYWNKQtyT
z0uDFjIxWxB?^8`$H}vf_Tznn7xJU4$?c|tBDlb82>w5A$y2d<XbbQ#uk`qm6FfT8j
zCL=q0%^%j{k@ze>fWyG_h<;dAgBV=G_$5K~bVW%Zc>;nW=W&VyqPw*blCRu>xNdi+
z83G2Nb3M9C*QtgvKMoXR{>67<`hmL{Z|D^rkNb0ybA%ZiT*BgRsns|Fca10|R!SOT
z|91Q&ieZF#z}ol+Q`dCK@v`lfP+^aa2@X}}>|n~QJ{A}(R|3PvEWdHH%x`Kx2_;K=
z$<lxDa{$)!AUyoI@>a086F=GC{{3<Z4B#=2ovFVC=@+?3XG8Z@51Y9?X<rENe8#!F
zBcp0^=0{6<QrD$CKsiGu<A<!LaWj4DTC%Th(AqE!`!*2yTiZgIpZRW>S)W@?S@sys
zERN7S=%Uz0q$W*B$3aLL<OSMiXcP7MV0l7$+yTX95s=^U+f@qZ_6uKjPFJv8=5oFM
zklMfB7<%V@Om?UELBTTjYVKB695X3iqw8lkhU!1OkKWv;MMUe<1SxMmZ_>a*_i%Ue
zFm_E%!a`<$(nFQ)__r;$)qjYaN~`zQ_4}J%ZlD9a>}o1LRcox(4x58bX~(t@>DI0B
zsR1&T23io~BHT2Z>U}+11j#mC{#<mfO?e=QX_@>@+KhiQU6yL<<p-yvSqakL6Jo6$
z*zZp|KP}U=+WLVIuJ6;oG_7NURO|;c$8n4xW58D0X(~sYg)ASXEzc6Y0gw8K*T$&b
za<}id`&YJ(PN0totZzis--#Cf70IR+E`W~5#~h2{)!Wd~$u1}BA$hx<CkqIfK(^dU
zqQ}CN+++aSqg>R`9ub{oqkFUfUa`J3XvkoKfE`*0`k}q55>oLDR@9jMl)v{}P`Fk?
z26%|(p0iP6IuC3dwBq7Mu7LrhEo<6-Yg4pv9GyJga=J2a0~M+LbmseYT%-e!DZm7h
zn;(jPqGWP&WMab2E-hbZpOJ`_&m5z-fTCsa;P>rHn1{WvuL4Ds3B18>`8XNcMlon`
z;L8Ra2`jgN*UdA+sF7xc15OqJ`osma+<1elskW<7Lq$US(Dg-hvP)J(a%I^^Q-ihm
z>U*wfdL<E%z(QYcp+zMrJ}!;50w7OKKD5P0h>WSUs1YqPj;&mREim3>cdpQxt*tv*
z!L|;?`-ba$=+;Z9bB;~GHpahX-><#u-C<sh4c~tQ*M-wW_){(z(5P1WWTNB+K`My^
z1mKnIK739W3<5v=^g6_fU|B)=?3a-Ebv}a#n%2r{z!Q)zfPsC|A(pHsfB+VLO4f?4
ztdsq8&nA%TieIrRry!^@$(@KzGw|cgk#NfkOxCLd^7a3NgmzJqW`7A_N7W2<2+L3K
zy1QkhZEv(ry9Wr8oAQGjSL~GJ{Zu2NubBbCa3(!n7L4eQheHQN3VRzcLo#TuG*Yla
z;jRo3SME<$IOekR!~k@Y!z4Bksk9MoG+XQNUB#>=hr^W%TdWKX^h-#n&{$yPP5bP%
z_?KeH!VL^A;VFDja2Lk>5rz_;WfH<ByRkn#ZWS<F{k|3F^7DYoKbBHdHg$CQg;bi}
zj&^kgPvVjdL-L>gk^TVn@Bb^kvfiW=U95~q85owu{ipwR(E@nPl~D0S^@c5C)WTu)
za|o0|ASZ00JWP4?N&RDvACRiGwYSJp=$s8yzwRYFYvEQeQ=yPupSZcpZ~H_WQ^ug?
zV<{%*h+Z-#tB5$V$p3g%KE`fW^sMJK_bJ`IV>CpP?7vj?$AU$Z9VW;D=EpESC;}bA
zQ+cC800Z(Cs>;7OKz>1q?J5?KvKs-)OYTWDRRyYyhD|l76?cKzmy)DV%o?V#PL@)Y
zzk`1Qm-^=d1b2*C$+4%%V(6pwFp@OOJ3z_Wh2lgG$=%m1|Jn5-AvatLjIiqD3U55P
zSS>^>iFg)-B}eaSud$gEa>0uRvZ3s5oh1hyV0s-2V$;MBU#JdOVk88l%Yo4t8l;&2
zYA_P^*8DIRAIE3;_V~|pf1g(G3Vud>CmxlLrOTD{%dS9l=>_IFhXS?odBNVF{ngt;
zcrlol{}t$AYcNxb`$QTdOZ-BrDKqg0ZH!Vkmk^b`&FN4DFg4oUC&epp%%s7rf(K}X
zH9#QXL6s0OSBhjC;aoO@*AgQA3d7ommJLDirfjgx3pIvd!?g1zG2Y?c<)u7{AHBVV
zc$3%@xKCXr>-DBIz7<9!TQIiwmR;Em1N(DjQE<ZWD0_l2_c3fN(1_<Km@Ck3OpqaN
zEXjH#M~@H<>Ksl#!r#F!CLuJ2hYCO}f-Wa^2%!tfpIM*FJY?MyDG=NOe}c;WK1tO^
zcn(e|*6)tX7upC$@s4HwS75{%k;l~kI6)cnrm+g6mSKTUb9&6+`0lkY_F23qR!-AR
zPpPf+<jXZ{CPM`bV8UtS(Z-Y<@=ze3o-!;x*IsLwW+Os)O=KTdEIWl{*#Me>;gIMQ
zG_a_;y?Hkiz>=BU5$LYRrQYPckAhj0OY5?16eN^rRE;q$kP%`qoSVARTqr5RQrm(U
zWI_3GA{F?OsjKJH{q}ac_x8SexJZi6H43M1jT)6R!aRHW!fOz{hKajT49qPaqGenO
zr#+3<jadA}GG4cjV-9)#0`OTv$PJQD@ih;BC?IQ%IPmdiJZet>QDbO-70^CBoBjvU
znBD2_2y4I&>fSTMs*gRRx?k#94?Fr{1x1F46j+7(s!IVshTCt#>%s9V&XGx6OOigT
zAo7u*v|y8Dzu|r()1Yfgt%2^Lt=|&ZcZ}i>cO?z!oKBP-7_1x#fJaF*Y?<0zC->Pb
zcr9ttTb_8v9Rpw!o-vSzwVjT8f|NB_9B<((B~N2=(5fO!w=ueY)gtBVz~5KGOsulp
zAh9zDLjnH4w*8}$-bMD-kFm)hGUXyGwTd~k8W;1(+{q679L7<wHVPV9*<P5u7K~$n
zSoCGr(?mp$Y6dh2K&1!P`Z88nVb+)VG4g0IXpB^=N$L##RZS(#6HUpGn~ZvHx6mT4
zM1<<;`B=onpLdBr=#&~G%hxzG2UYR%3wHYDByY>)NCnC!=#tfC0(F=V-TYTJxV>vT
z|IgKxa;9St!ztk_3Y!|v32t|qiB_Q98BL*^UPC$AHeICv3e{8V`!axbcSL7sU>D0B
zY4d^r>rrJfAS#jd-(w(_)z3cSq)9wI=WPT1Ijm0ya2%vOM&KLvZtP&)yfqop1b9t$
zIJq-*u-^Ri(`DCI(bN5uPCeP1Ub|IiLjf^)+sZ({O?NSK*mlx*nFbBjl6uxO44+=7
zy6OY@1rGQ<icijOEN*6RL6q`3mR>qeQBN<HcLOE9&+wo{o`)Qg>^1|N7v&#}Q_9U?
zCWgux%8WYI2vZ?7qzJb|=;I$O%=0s^a=pqwjukmOJZz10eClTIN`X$^I`TcP`zZ%$
z8{Qq&0bhrY$WJQHjxiP)kqCDPE+;QWK>6--eH!4CCy)X5d9k%S@b%D(praj}h5*G1
z?}Rzj-)UI1t72HBmb8t*`d@&V`ltRdnXa)<7TpZyu!Knk8mygfS_ikX9x;-o(xP9q
zNcMjoPuYKMkgR_!2h+y(WRDS%x+B&c>v63Q^yvR+pLw&GcT9JhEfoxQ`>ezF>h>1_
za;y??vK3>~A`TZ0CGZfs!ehQFJmw(~&u@NiCGN?}6f?5=%^MDY%I;7ke<$x3Gl7I}
z^m@gr6i~EgF-`Ry@YL(ppgTgl+{l_742&~F^v>M|m2o$ETNLv~qTuKl`2WPBnYkA#
z3{Ak|PE!48Q=Yo-wKMJ$Viw5OkZnW(VE(;c)JAI)zY`ud6NKwAZR~x-<4%HRkucmd
zz`*nx->J=$iCC(_wW=z~+JCIhbgI=y_Hkv#=*RA2$3?w=-b9(z(Dt>CQkYbD9ZGG}
zRug}yu3DNW4ZKlmG^X};(@7BwrHHWfmDVGoAu_SmD>4HzYdjqVYVM_MQ2I^)!i}|5
zBgQvRL~90@HiJjhbE|3`+CNZ%NhodT8c%jc22hARm-R)`-IGEG3A~o87QuCxDn(+_
zHD(dYgti-kvAx=Sn>oWX{|3+tpasnYb`dgf!(j)gH=^9(KtWjKTQc$oTiGQ(TZc#R
zU=Mc$tZh}M^*W%m$&$6b_qId<&r;n|={U`xKjm~0_OMULePOb-GTykdN+Y$HUl|C(
zNfV>2A<fh@jRKjt)XbIE^^h`qS9x<egF<;O2%r<u*sLSEr|DzkN)I*XU)k6RUQn}(
zy#CcYb*hW!AcP71d5tu&0f0+;v4A$#ed(Z<s1;s^3)!?lCLF4Rmysv}fO_%=>M6x~
zwZZq%$KZ#h8ZQBxpQrPn9*Li2C75C*j8M`Mk98IA#PH1hF(PZqH2;$)u_~=O2->+_
zHI7Il0;EW|tsLLUG68od*E=MEXN}kOP}8WHfFWWsmefw=*#9MfDj6EtmPwvX;@;do
zT;YGb<$rw*0jM)|{S7Dg+9xw=1xqti-DVmx(nQL5UWHU|XcK>tD_ji54|G_CyGFsp
zSM|tRktul7^A{jng}f<C?cVk{Gec7+kByZ4)~>r4BhSK7w^fNs@s+R_Po`wji)sH7
z<xZ!%!Ec$+2Y;b6L#HT5$p6uy4-pkP9D+&7UOxH{9>^0*=9U0G;*stF!#~=W{UM>z
z_a?nn$~pQPXgDo5Gzu3&-r+dtAa@f)j{BQysw{XP3WNwQn`gI*Py8pHQUq$WJ%Rfg
zi?I+Qzg{jaG(;C%mK7>FUpy7g4@#IH0Hgq-I~NEn#aKdFxXr-PF}C<4i#+`8yF_xF
z0bxIPFu;oSK(_mpHy?5G_W~4d_8F7$zP3u^7|i8gECX6V_S_mFm^D8(*l(@xO6;Ao
zx#xi&oWDWG9cdvonR|dO86e3lEi(3bYWDX|21xd5q6BQ<-v6B)xOH`)-z5xaG6YDs
zr?ur|amvNl9Q&$<W#^tjf($;RCdlC1dU=Q+;Fhyv^JbkMoUBfxTU2mkgEbM6;u$!=
z0o&O@IZ$9<Dcx__=0viVEAX*yH;0XbhvMJs*N{Ig&*4N9-i_`yVpX^*7wBlM{Rcs3
zj7+ccU*x__zew`VS^$yr#gdrtBaz`j4x!k~|6rHZ{5&{X5`QUvxMU$CGVE}+nlAuw
z52D^j$0?rA;qMlmd@$`aWAytKA-iw|IQCMzHM1Jbcp-61$fheeM;`m9VL{|yy|wRk
zxhypA)4N*W<`0`M(DV}bFxNX%W_iLvzI8;UJrA*|y3jZl-*g%qr#`$&RN(*dd1nib
zEo)Lvnthn^J+3p+U+Ki`nm7Ea*aiU%2Aw2<H`xty;Jz;0R;qfn%D4Rm|A^Xp0;!q)
zp%$VNl#2g5ll2-w$iSd<#AoizPlfdiHsv!#zbYkul5hO+mp=0;iFJKYv9ExWPX>3g
z8R7Qes+2a|zp8tTkCw^Vv6<p0da@qTI`=1xzPLO&VoDh&f}XYiWfB0`r3^=bL;~Ve
zkZM78C+iHYjUR4Kkr4vw4-TSlOH<oKjn9&V>k1Nt8cP7Hx0bR8{@G#p<t-p>3@E~!
zn4cG02zO<3YV6To1(qLQj`NaJdXP{1gi>l^j-Pa)s#<44<8e7vRq8XY$C_|)P!Va=
zd8x)aI@QZOYULK<1@OGtuVM^~u_$+?R7ARkfTckfF{`gsgHvKv>E*AtP%AB<nF2|{
zGQb02*zGP@Jot}I5Ca=%1b`d!lN2UN9Z${f#qZvF>yY=25`<>7nZP!d3siXfVC9C)
ztT0|O+QUbdvvK)n`I0ZJt%<#z8CMn2%hA6uol@YFKV`!JkP5T_RfJj{_lf249^i{j
zQ`!jdt0GrS6E<J)3+%>9o^u?6#~wCl@Y6#y5KCk7Y!<2+3`W-*Sw2GW`diC*{o6~x
zl;t3Rx7mLw4XHQ5kT~cajSiDj($Z_#{1}mR{Ao~Zoy)~0-H>mu*xwxA&wNv_JHQ+Y
ze46L={AKD3u%mT6y0bd=W(Pm5p43I@-n2`il&sTR50e$_sCrY8*sDvxN87>A#iZR-
zCXV<onZM15F)rC<dA80Ln7|g99s}0~OL%uX@c0f=dbD#}<!Xj{E%sD++4o%V@ey!^
zR>_$yK<Sr%Xc5&#-Io$o2bt`)&XY++7HY=M65ZYd#Q$K6$wo}{9Ki9yA7szzJY}*H
z>Od)JmD5hnKS20<oP#2)dP05-)YsR(jg8Bl?77G`k{iKJE*gagS9gAs)YK9ED-+N^
za3$A6<{C*j7dB$`g!17h_=zUM)HADXs0|rvduYdU?5@0|KS2j(GjY>Wo|^h=(%ASm
zGMaw~-~k4=epOQ2V@#gRT7~L!HH@v}?8}J+r7)^|%OoItQ51<vwb4Ap6+uOrIPu$?
zp>cGg&B=!)Fb1x}=F0wz=s4g`DaJhN#GqOd|9*g3VeocO0&k5Uz7)62;Ap9IFN6T4
z^!(_Wxb2<PWs{QBh4#D~xZ6$bE$i22NV$p@z*hW>Mj3NVDXvW!(#@m5Hqd9(zqVD)
z#(l>6Y8Krq+`6hcX7Z7SLxUy#Jx!?}f;D7*X6Nw{rA==Nhid6kk3IJsA1@cS-EATV
zmmBoun3DBKs|s56hpdaVpq^FxRi%8ij-#x0ui;wh;g3|%n}X8bS_QN_+WVc3{l@`g
zfcM_oPONPX2eF(3I2NDBc9Wxnq$~BcA9k_@9w_rqQg&or(5zrVvC|h;Eq=bXSN$N?
z>Aa>#M2v**c>b5asd%Ws#wVF#kKL{k(ygw(wO(;0(GK?zm%vEj&l{F6<iIk`{|BSD
z@pT)r&emf_g5m)b+R0(J5ma;@PT1q$S0aJY#90QW;u#VX{^FGSbvxzh)$_lw{HH#V
z0JzgfNd=@<o9|#04>y9Y$k2SqbD@^;%r(f0#Od7xn(1*25SbTU`(I@Kmv;RirQi>K
z@e`b+bt3Hw@q|Git|{zvXyx>Y`wp=D3;=Vs|GHqtO#l_q&<5!OWuk1w?SLNmuFT&~
zPqzizzwhCuvPcv1Si4Ir$hYzv$lNxg6!BMByT(8gXeLFZzr-D<#<ASpsEb|jbblgy
zk;RAqo1kwH%WW%67A%42jBbCH(+!T;?I8@dUw`_I8SRTUT^~ahGlA>w_EL>V4FD?0
z!0T0KaO(@n`g#=U0%(ZQ1{y#^1aIGc5>3`2UV-TaHg*1N`p*ypd@hFWds;5aLijBh
z-cKSr#TeH0hfUwnQ|QyieO<V%YZ*Y7OR6!)o}ARhYXzRma;?92axO~44u#C}V)uOk
zbi%#zpt)l7SP11e;Sl}l1CD?QEJ~0o*$ttX;Cp8zJIpFw*3iD{>)A=#>^G+^qGF^w
z!;ixlkLRr5VoPH`>R-M{G3OM96$n3zLAfNwvJ_diI52Y=hMf3Z&&jO8txBmnfPvw0
zC8fe)+kBdh(y#%z^X3L-Cv{XINLcvW!TsuS{(Ze&5M#@9QHElyFbqIa6Be{#(Bvyf
zivX|Z@i;@XLrQ*=+S&mcUuE1MsRK0(o+KJhlrXYOM)tsJ;GrV!J8D!F{ZDhA0>r6|
zAV7Fyo6zS>5Zgx^7$BU^0|NxHY>waNqmHz1s<Xww06`#$rDZ%{L0n@6N+MI8{X|%$
zSW@F+rxcY>)@^g09MF(xAcn59#!yqGfS=%Lrim^8MY8^RNK}wR32~mnw(E|fn0UfU
zqzj3y%}yuZ??HsRVh!sZ@c2JT1Fp3@n>ap@N?|{*YF$fs9tT`$pilUq2}+x1z$=(F
zu7I7Ho=o_%eTNC|+U=IyZDH_N23aFPmJUI`9rD$Y<(U#7NvY2mcD=<Cy0R384cl)v
zCz*nm-q$sFB$Iw87<p|IPk2_y3AVU^=6<bZ2ce$epPBAKvGy=2Xcy4>bu`(Y&Y4m*
zos&pf2_5Hcx24&`ZoAd-elBQNgS*w?!D+n#E_wu%QUxLWwgtc!wB4+-(NV>#C7Y$C
z8m<)k*Z@{eslh786Xi8<X`Gp`XjD}u<(tP(MlK9NaQPw5VyJ&K`2;=(rxYIGmmsB}
zK@cFuspVSq{LEu0x`53Vo)E6i?*jnFNUE?rbpv(2J3RWaxu^pDA9)WD&yuKeHxnQV
z>?|_nr!wW+lbk3~%u5@5t^PWd7rWlsHnxf0QUM;P1;0M-V}~YjuNbXoeObqwxSQ~m
zr>$oFEcYognhy%oIp^)w9rI)VHGU|yd)%9Uzz_0*k5TByCtv9?85_rB%bv&Ngbj0Y
za`sxdbJnf)ds*rjOZINPAzU1#KKn|@%{vZVL)Js(p;SVB-|I=jl$}&vx6iw+UHIEC
zHvwet>~O5$*Lf1(cPV{2DV~#06>hlk(Z9%1A<-lB!^P5+?X0;Yps2V0WCA~pB)y9|
z?P$AQdM%l3)BWDuBw!KknfhpG$%|LtmvXr|JNx<RbKkY;+<A-KkwEIpITTbg_qyuS
zQ$V96rD4_k4a;r5kd1_T?Q`Xl&Y#!#2AJ%cz2aCGBky!|Drtb6%zA<N{_Wqnhjb-u
znPf2u(u;NjhH^vnN%RJFXdj#+;;oKK2uQsBXyUN2q|KVXwfn&SbP86s5G9stp0^HG
zh7+X@@rb>!tjt3U0@Q5z+`<N1lusfw*(#oyE!w)gPcH4BMSmOIN9ylp8%_=i0#uSL
z`dyt`%I}=48k;y9Ln_TuO2o)CUdJdST!-{kY?y-J%EzwY*e>!i<*QeT%W}gSv|@L#
zV^=ON!~5Lco*c8^Mq=7eS?g&L@5i80C2zA=;5Z!d^>>#9SK8HKix^+-3Cug(_|<&u
zSh;SCd&Ce_%JMkc>!C7&^4K+608JuiPxG^5#TJ)9_4YUFUT=28^EOl>ZjDPVxS3yT
z*V)e`xLbpImGMek(b=9R!&}irHOL!#{uP?s=Q*IgZ@Ia?i5%9%$21OiA+(D})jSmz
zavna8CZh2E#e%cL*|!gG<PNtSuy6$L2yCPh$$=s;IJESe=us=hhLDW~6!5%y&XQ?_
z@EWtcyhZU$Bzuu6%J;s4BBlVj8=LP%){QIOrPW74N(mmNj7M|8*~98@Cfv>8?8*;u
z&!r4qw?Dq-&g-hyOh4nQ9y}|P=ad>_SWe(QBbKn?c`lQgm3iqWteDn^Adt*ZBT3Bk
zRQTy$|9Ki8Q3}58PAaGZ%sIBeY{<Q@g8n-3Cr`?4z#N8t)KM2K;9Oz{BIm=XEmqB8
zW8(*xiIzF9*aMeaU)5}%Cel7)KjCK)H(+<yiyY-{VIxE<X(%lU{8}TVYFM95Gz?8^
zTg87`t5K&{Ioi%~O8`(}I_4)3^C9>(<~4^bFv(`p{Of&_mb`ufpq07uj)gsiOc<B}
zm`;*t-~O<XuolEbFF)#v7wU50JfJP%SW1Uti<;)RI*YT0>aJa#1!CBwY^X6*k96-}
z><FD5BJ5YBXkWWYiWadHRyVd2x#(l31}5h<wp(i0#WpDE&}y7@Gx>n}5sU7;4^*Nn
zKfh-RFJCkyZIvtnRCpFHsGUuif*-vq=9d?QW$=?|8&h`_4j=_YT{q6F3Df((3~~@u
z#R=isq>C4olX5v!(F2>>GxeI;nItNH_ktBjR)KSjAnAezTkn4V@@5!-%YM;pQ1_t=
z`1}R{Q%ekA=Aj#nmTlvr;Px#(ftp)L`Kv*qkG*#J22@nQdcnYxTp)Y6CSeCEE_XnC
z+p|3ta)Hx?+m>c=<5f*=<Dx|Qyj6)@qYi*j$H952+G>G<PR9Fbhqf=U{akK)(wy}O
zJF))269SWp(thHPbzttVqvN%PE3`9ORpdWtYnJuCoUamVR_@Y!`_b(V%%Z%06_#=I
z@gFEYf}e>1)Y1EFVzk!;YwH{`=}sn8ZePJC-B_h|idfL4(XsEod6(?8Yc0sGkDYc8
zr~4vgg?EUzfm(ID0n3nW+7e9adNakd;IxQcZIMaEwL(t_b}Mqrr#O0(!Lf=}$)=u&
z%91qpGOdlYb=OPWb|<?uEd>qsa!amk79d<V3KIb+YeZG+$9A7jQUB<U*VpzIMXLT+
zqIG=B4yznQnKdZ3m001X6pGqO)q6@=Yj?j?%-`Pe=KJ_KKlu1uKVB}<%Ag>St)B^a
z|NK}#dKJk27#^fH`FgwjNV&H=PANVnxj%FJ%YDXJJ)#s<G~R?!xly@Ic7b+FgGC)b
zLZ=K!TqJs_<p0w32HV|f@=GA^liumW5G!i@@*f>|UZ^|de@Qy%?K)hSrBNS12NQAR
z$}Y8&WokwusP9jK=sf9xLKVQiLI0hmRmCvpp|cyzSOOK-H$mmQcAz}$X1DbLt+0#w
z{AF&vlg@c9v2b)TJ@9;XJyv4}$L_P@L6!*cf!=m*wMg{WsW^>LXqPP$Qih19fn?Y5
zEKg+oxQhzhH=c|N{FCS4fuN#2H0r~TpVJ}SAl2zFWA@iNWgkXT+B%J)NcV4qgu*nA
zw~Co;$#L=4z&3j4@};X}O{jZiCPv1oO1~R_*1DFD8zlbHV++g4vsc^KLZ+%OfxHl)
zNa1S5aW6*r#&SMnJm<P%Sh}%gKfu(#yF}dM9QWy+YFG{_K)N4ERSB|Vml;Y>)L<%H
z*H#b=bSuATOe2jGVc?3E-@&S4ejYwN;%LLI7yyEgv2|6Z@L9Lqja~cU2O0GY)=CA^
zdXC#!n}#ln;`OgDU>YLmhp1uiCKD~-;YzzwuY1|-^2053-P8WS2)fl5QOo_NGvyZu
zqzpx%A1VBfj24X1?R|IPHi5=ZoV>`NjT9zg;5h?!>c0#*SzooJv5~VhM>AIr{ZpAj
zQ4SPC5>N9T?ZJ4G^YDhu5FDv~qHS$&aK#%Mw61?O4~Ez;4k7Ws|AJQ<nnDr+KtvEu
z1Q?(l1RzmZXZQ3RNDamgNFj%ZNstY6?;IoUtS78Zi+m`i{$nC9hiVK96BYRYV$feq
z^&Nw0gN7oj59AlWfWLqox6#=N%Tg<P_peJuey_tJJY{bvjfV{2b_d{xGY$~5{iVDR
z>GkC&_a)&P2={<$vi=Xb<OT#O`u#-qLjSg`3e3XDc%=-_K<ZAx_(nbaLN`Wuh0fe+
zRCB5iy_WVSjIC){Bn+3r<hyuN{_qu-$;wJ@i1N3Ma=v`D<(sC{EIGH($m$jeCs&4Z
zVZuu6Bn($4Dcu~Bu!>X7ikck7%)+xFf#x}0pBE5aLJDpj!?vH@q691|KxMiv<2~x6
z;YPW>_vnRifilvMWY2mrD^~5)h)(fFgo${9Z5Q^(EHNV-;fu!@RG(r!Ll`53E(wdd
zsiNY(u%$r%J5NpBi-r`JhWr8HzpWez+vg-V{0Lb_Z0R&yyzkKRGl+LIg)s3`ta`h6
zKX1Qo`mHi|jlkw%N+0mZfc4sQq+=jkm5PH8H+jtI2wL3f+*?gIY|wJ{`)<Q(Zg3sa
zVZ$qo4TDbp{1miGw{|~npTZ4l;Ya=`PKoz<^aZ7%z|bM-`JPm-vhoO`bE&YeODp2!
zwh+E&pf^Y?=`D9_+}5br9cO%_E!o+O=2p)x*D-wjmOPoHZwtVA`*=pMR+Q=QrJmSE
zMYV+g&we`ARvrY*N|2v2)pn@SEe%un75Yb>6Cc>qv<63|ha*F2b5MNjca$+{6~mB>
z<sZdOPFerXWXH!n=~>s6^~c6uBt50<o}l`ZL1rErr#eS{Sl9R@XCEDl4Psi+(qwXD
zN`rRqT131^GaCU}+p-<ZE%u$N7cx-os&rCU&e(GCr+K(!O0rDL5cOJ1XON^4bD!0A
zC205=#XG!51w#q=hg3^)OR}D&%*$$zdMW;2#(;>J89rXoY2<c|Qf^n)QShc?vKi__
zdAeSQ4aN5Yxb@2_?v+e!(gsdC3mHwt!di4rIs=c?{89i?*WSo2VE+n6PV4W@l?aO=
zSE}*Fsy01#w$n`$(afuQo~h`b=4qTg_Z!6N&q2M65WOu>iEqu`x*!-rRF4FmQck3V
z1~T$tVl&21_AkPtR_wMKJeMBM<q&+lQeoxiEklB%-Yv7fHO7~5WJ8O@8%rORSymSb
zj`qOXv{Jy$ncBj~Y3b{)Yl}ozT1!2@e{K)zR+>|scCVruCa-h?E~R*TVp^bceJ2Vr
z>~R*^yw0~`_@JKSY8oIM%eXPllh&7`IhHBaBHjwwljBG+ijiFiDmIUB5}~-AG0SWz
zLhZJ2(!0NpQ7A4Ep=ciNj~8;AB?@|%@oe}9B|ZRjciHnjuhfpIa0(#^TVd6OIN0Z%
z=w$Z`#zvdBbR%S0JCjH8_T?*(x}3aiONIG9wljyw2T_+E?!{{v*Jje;@>-IpGFOQx
z_-!$AbT%rSa5io_4?8=*ds!WrQSV+>n=5UQVXqq0Gb$qq4Ha-c=xlZbSu%M0@IN-P
zM?L}XRbm<M35WfFa@RZmu;lw~Bivu+OW}r0Q`NoZ+6{ymTHDlm-&e(U8+C&eUVXCu
zV8_;f!tW=c6873=N<<pbBZ8K@V0F8ZDhzbYr6Q&d3P6OXKn8*e>cC`@HX|mzp{qaV
zk|d%$s(t<($5OJzg9cy-e+m1d=wA@Niz@)o&C|oC=$P1qs%er%-z?}chshVSzOgS}
z-$^U;OV?;Q{)DwM2wTMs(gD&4-eIWTMEo11W!T$2SIva(c(qO9V)W+@94cO#ojYHX
zGfbZwv8F7Z`@E*(wg^ro%mt}(KHLK8ukQ*v`Vvi0!Q$MXvX6)8`=4dG%gJHh!%G10
zck1ZdNRV+QD$VaZAv_sftSAk+e(HboD$U5SMdDrmnuJMhxeg%fz0hvb=SC-VDlZVd
z7XEEq%Wq>})H>Yt_Zny3e9wanKC@pTV6tKLd*m_Si*A)VqL7?HU1WN=s{faAU)irb
zK16TRcLSUrj-Hb+gYWc9)JU9+zViUEu|QPpEP+g<`KO#gYhY_u>f$^dUXfwS)oh`W
z_q;6k?YOQnVeP!sdBqcmdj`XTuH$z{c0P}!xpiGbjT8%Yy&NDNsA%i<U&Lg+Ex0sY
zWAn-4Tbe2Owtqdo58r>I=}@%V$m_iX{E-*b&Cu7|PkxR&ehv&LWe13pgMR@iad0yr
z5$ArVVpG%AXQjsONdYl#)+26#MqXKt6M<p^=FK=#7R=+Tn6Odnqxv4fkaMyVMP%Rg
z^T)}oCESaIZ3>ggoR-pe^zqGEBgvsFkY$-151rZ}WNP&JU6>+O=f-tx`0=JS=ZGq6
zF*X_R_FFBowhf{gE$(}vWJtiP>~OM!tH&Y{3EsNKnL>e9ArpBBHtB7_194u?PN%lE
zo?hXeQjk@Q0Wzo+VjOsLErbi#=aR*OZMV_1{PLgaNh@92U;5M1e@PuHg?Kl+l$u~O
z4LY%+5FcFX9+V;w1JZG!dQSAW^&otL-|W7Bxm`=7%4U`4vi|H9v)KcT8epYDEq%^y
zJ&RGi?1>#qZuvSGXndNodFtphI9#<yyx89s_8oQ6LK1AZbm%k@2{*tf_k+!7R?yv%
z0_O>}*I35X<#X_LdzK_^bvX8!`L8v3P0MnvKXEQQ+V2MHL7O}yp$|3Ws0kpCR&RbE
zYRm8R3O#kE7HqFznL`2^vYRp-sEqBwqWb8~Gbj(YlF9GD;-9?qCU|FOuu3=OpC9D~
z;?Da?QKIfuWplk{m_lhKVc4w?ss2TX>6sc)w{e`fcugBu6E9u+pO0*JWo7=(&R0j#
zJvO%$Gg&)Nh*U^9Zs`uQW9*W4OT>=+m{Bp!Z$YiCS+U0@`>+FW-2FD?sN=UAV#v<+
z=KXv;AAPK@#r5c79o#IxKR=Hg{|?iQi@xFaHQ(=4Q7ndhHA;tf9K8~TFoWot%Id|S
zd;z6g=JsctAwiWc-kyUri@bUq2}^MLE%v+Gm8m_AyAbLPURJ3<^bISI-J&`_nV%h!
z;TG1`cnaU?NE->@!pNMHKOTMaY?l??kDYH4fsZf;!o3g-q4P`A(D;6py)q60pgZ~a
z*XG8@Xr2g9h=bL%&T^20-mIMW<Y|q%|9E-jJwXOSx!<0Z%`fG#(U{~ngMlx^J*}z|
zZ&_*GajmOnE8olb>vXs8>zxBw_2PG?d^e-^t9N(1A*D7T8VeSFvT4ms!mZ@;9u`j=
zZ}bIj*iL<WPuEiBO30y6o}C1Rnmz%Ce_s*bNHCn#`sKI$MytjOqO0A^5?f=s<)y}=
zprPYXXOTTQf-mNBc7ur9_(`46fiyv<5kH4Cp}N=6RvqVTHo9wSW?_bm?~ak_g_?OR
z<0q8?qNFlFfW>ejdrm92T6<h|(iYI8ca8KmMC50S^}*vd<DSY8;V%T0zgzRX7b0a$
z3i{~&=!&;qp<-dzQX;kp(rGHDvgi{nylTa!mXsbZSwXe<^vlkwp?ey=FbXWCHUsWj
z)e1N!bl*OamH^Di0L7AZS|7QWBvTj}8?7vcEif6t@(6zWET40bcY%AC6G(8SGJTA7
zj9zL><lcg-`-ccWc^*lyn#i5b`IFMsCA=@}e&K%OeqmMAi*2q{;xSWOQ7~O2#a&+k
zEt%vmaqSNVGe#zyCSH2o21iqYjs~HKKECR-rUMb`f1L*vi>D$~hoWb19<Ui1uQaB}
z-UzmUjN~ZqY=nrzj$tEj&jL3d{>H{>av7{|cH>!;_U6$YRkXt+NQ^|mkH45BpP_^!
zfVk>b;;Cx7?6~QLT;n6*4kzrB4w<54(vE>$o-+9uq(3XL%A)Iao(Ug&o(JW_MN8h&
zF*$Bbc1K!xeR-lg?0=YqKcFAO`%|R~vWZv#b(>y(TYa3n6Ng`TC(QM$iLVAaw%i-V
zO>%pUFj;7-Fmp_n94eDsj=BxaU-yVL%}*Pr?CDbmwGPB2piWF$&Z(6_<WQ53<R@Nv
zP@jN})EeqRS=8<9TQ^Bb<MHf?$D&>NSOF-XrxO#7dU`M?8qB(R8h}Hmj;72V>82~-
zF`xQS;66qyZY6)$Or>L3&@O{B8X%RO1ZNh*c|C$#S!z~@)PK?!L<Z>0&w|j+Sl$XD
zJxa&>gL$<6MyN%OwP0?%tRn<1Jl-Ki{?2;)oIR@il_njfiy;lWUX0yD+X(Clc$k&7
z9DSKhd|fCI&_zL$N0ymxP;{2DX+#641%9V{!10aIANzgzO&Ybt2!CpGx$jTjH*LA&
zc8-`aL5C`L*^F%11umC%*dV1lb`P019WE=|AW$>N!bke(R4=oxeME0KXh(H>G%t7t
zb%bMc1b%$qXAAcduI{;uXTy_uBZ7^84%W@in<VCsUJqSMRXm(vgi90m&W`{_9`nM%
zp&H`n-u63Yi2S{}k+|55ZiT^IGy-=(PV;Ys+)Q$|d!+oJ4C@cUSG*CAwWz#FUa&<G
z?P3g>eZ3oZ1kyRWPi~0c&k0G=9<Fvht>(tA9GMG^hXOgqeo=;Q)h?-~pLqpjXIwm$
zLD;AQ6ui0T|4&zU8B|9Tg$X!7a3{D1C%C%=m*DOiTrPx*%LI3Kw_w5D-Q687?h-6G
zVfj{SYj=KjjZ~dq(@%Gw*E?V$%4MkA&Se2$=-YnFzHDJ8{cs&t<9OCwX<b*ky}27B
zvU_)-v+FL^)6d{VgWzR;hw{0TVN9nB-edoG_l3fN3Emmrz;WVxGIb8|hKCYHo%X@c
zFrl~62B)M<6)`)hP(w;z+1gKs6XlyN-odFVDYZow(u~OKsLh7imwwu%Je@i--ohC`
zOLkY~nVK7amOygXa3y2p1!}zLPfwZTD>lK$p>?wzqkTDFsc6Q@!$^=OCI`3OjSb~u
z@Nzszk$I{%h*NOPGFx)9of4R6?t1ANB}KsO7L1zm*i;fR7v`Qpo!V<}(7(xC6%l)%
z9~*IhqRJ$2{x#D4G;~d**Fo`+Qr-^Kcy^|#>?TLA481rJQib{KbA)8I=Va3OkF%y7
z9t38rtSm-fYvVq0S2~j5eQHD{3y%zpN!1J}C%ds+;IY_4Kps=7a`@a))O|U{{9JaJ
z?rfF>J`S`duNbmqy8QBx;*Opm^o|{C<(!3~J&Qj>c9^O-*TPpvbgiWr#v=j#kFZ7)
zsZcDXI3RzXMg~{pv??@n4S%XIZ`1faqs;!jyMw9{cBr_5eP5<!Go#dorVQ@sHMkKS
znkAyW^Kh3RmxBZD{y(na)NU2u5XzG3C={y#`&yJ7KAJ^T8;9mT|8yk4E#E;vnRIQ3
zS1jHCSVi}@0kP5N3O%cNHggA{@faoUlHL9mVkGPoL)M^fPv<!rH)7G)_7mL0;h1+1
z3PTjY59<PP;$yu^Pa5<@_#;sX(}Q|{B!gf#{8@a+c$SB$TTvVww9eYt=|4@ne_L3w
z&}Q_xllV1)${m-UkA|(Gr%2!+!LyQAu_?9B5kJm^leXfV{hgYekemzPRozp2#zh|u
zf+8HwoMW?%4U`6Ulmy*`v&Rp7J6h_?SUNd2whHD(AC3ZH9ko+eFvhSoX_Td+p_xDa
zB0y@~ChUIVilrCTrPMLEPR<oIVEuWDiXyqd-#VKY(8!(}5H|}Vl2Rf;doHJ)hDa$P
zlB*9}!`5KOyXA_#WC#K?;F|*yQpE7?EfEmpBYcr?Kx%-YbkN(sL`kYFOoTfGN)(c>
zuz%$er!PjJXL;%sX%7{PH%41Nh1IF+c5w~2ET{>1H0f^SxhEnSqW)aWi-%eRS*%?D
z1c#mR`XTO;?5KER@DW0y?CvhJR~MI6s+&4tXeQbNX(Xt{-mc!m36;Q0_Z!CoOsY9n
z<y>~BC0P$)n|>^ub2(ei{PeoxipsB;U07ihU`8a*=vcx}8A5d4J35o+0)JnJYtP-@
zq~JF$N@8@#iW>Xa7~Z#3k&tX`Zu0zDQ&=J*>k;7FaWj)gV93tdfS3P`l>~0Ued&sI
zmU=~GyMi1VHmv}Zx@DVZMCT553hJ}AJRx$n(`R8ums3eazbDAo1Lo;x(qa6+Y{64)
zi9U(m##H0MX~cAOTXJ1pNfS(gYy*lKcOHq~26JXawCIAkv1h>o6Pk1btcj+n_rsNo
z^iN+O;7>R3x|Bm3SI>-3;R+oz&o!Gi?Sv{J59r)o4>-U-f<^ro4vjEwJD!j>dXXkg
zTQ4=+WgFKpIf)-hRo?klmM>fjaN@(&zt1MW_A##>-=>q~6NbxV{6)yV3Y~yt(|H$z
zSnf+>&YClXIohsStGs`DV84Y;7{~QCE$CKVYRp@>-NkZ>%Ki=sr02OOC!~w~<Y`h`
ztm*A`S4j<w3A+??#3&fsx(p2)l%UF&A5Sw`L?4vNZmBDLoavKXzlLV1Kv82HvNUU<
zM^O^z8hKA4o?a%C%R_tLj%W!Tlg++E4qi$-hwzwF_Wx7xfuW7e?;GmB2OY!U8$Ej0
zX0G*z(>{HFR>w24>kcf{NX{e3njD_SRv<%3QcM9{lT5~@lb~!Ho=Kb$a%l3tnm01N
z>R6O$<$X6%NO=hi;So{ET5<mqfx<-<n0Z=bCyJe)_!4Wx9hA5_U$3}He21-e-k7Ke
z%xi%gIFxlgi>snMDP2kk_T`wS1}zat;OccLotw<TUVVPQ!BLoM{2SSM)02)RC{b~I
zR<?kT&0X;RD5K)?n*idDs5t`5hEEly&+z-S9(^^O|GQ72cn`nbJU8~j{7Uyx(>A_X
zOa74eUvrr(*M&N{yH1lvy;pJ#{wHNMe)}Z)dLGuKxXLK2u|VO<|Gh#`K)C5QKSnaB
z!@_lH^J)T2tAfQ(-$RQbn!yErdH4WRQS@zGY1FDsiz@tkxZlTUw72rOR!e+&dsO)F
z8S~&-l@KOLG6EP$GO$(E=4qsMl}6=!%8#Od1FnDSBvLpYbw}V2zAj0RtAky-6Qh40
zk2=oVeu0s)c3TGh<$P~cxMwu5L?v$Vn5Dx~XJI3*u#hyPY|oJ8SM<fRYe^MA`OVR>
z`KM&iSh;e1hYHnGZ7N&wm%$&x9_bFz6f|u;g4?_r)Vks$p}Gq28VT>`?pxQgJ#qqL
zl^;0EmyBVgy7%7^-=ueT89R%UuC6E12p<FEYZOS#2Kac5^1@{bZrdtMsxqA$*;Pd~
ziPdWtFJrKy6IvDUTNp#md+4bF0sPMre8ZvrGNa{b2pn|=Kii?N@XUHJlVP+I^*Av1
zP0c6Dr;+WpNcasFaAv+F`-@2UVJA<W*{L_|yd}NN?$EN-!LSI{T6h$%n$a!{jJO_q
zSWJ}O?b^L@5FN_3)UD7NW#6Yue{2q2Cxe9;nqm^RY6J!s$4uwmH_SK!^Rgrb9vc4{
zIJUzsRA@Or8>6C-*nbG#YH}NOkw*$fkERhG@pCiK1`f!SM})3~@d*O_;#~V5()rID
z1Of(~J8%vU*3)=*CUG|GP@kSeNoEy-8ytHC`;6xE+Xv8Vr8~J6_DcUg_*KxA_h#!C
zAbRwB(I4p5RFqkC0duQL;CPa88KNh8?fbzypMK^S{jcf-+fK%kj%jCZ#SK#Ywy=jl
zEo1`{jU#C+u&b}~ViAPxx<{_=-WeqpU+$vBSnWH$VQ`e)yf*g?w`TA%@bN!$Zj5f!
zhWv-km#cqEvoOzvS%@i#m7PQpI4+l-f9*)`{0fy&ECB|QNt@|?ad$#`=L3Zdg-RrS
zkEAep_s4fw^X#6mT&ey^<HCX13%_2W{!tZ_-X?wCi`M0)f;`}y$#|2a<@pJk;Ef_a
z$Oy$Scdm^SJSVKa+p_D=%(Sf@LVpq8&nJchUEvvQgF_A&80^%(_`e=$#fBUzD$+BA
zytQ_o-GTO!ihrRsjD3|X1AnyY_Xwur{UFx1gAA?#j*VfK4S|$gYDCp0d=9#`niP`W
zS8%p*e@TTpFN<B<C~QM}^>I)QWTRBt1gx4kc<>z`a}9$L1{fzU-~AZVFXO#?ha?PF
zWAOM{HL()I)D?-sAM86;7_T~8{z0FfRB<p01~5ai&<`g(VeWsxPgCSxAQ~4B71@U$
z<bSC@=VZV;P&Gl46Fsy|fpI})<g0x5slzuXIwE?kb8tL+<<#LFkpD8fyBJRvGF2mt
zmd=^zJa4K>D>8B(z8@|^(aPf6c4gZuy1YOe(F{5b(r*#SWh(GSdJOW)F*3Lizu{31
z0U)1^+$s5Jd1eLDWd2FjE*`t*e%smozd#J$bc<C+gsaWkh{zB?#v<f4eN++iI?3U+
zxFgD_&$^jcx70OUv`t${ep1yOEYvP3;y*!yKZl%Vc_lnsaMFcP`hSc@I4Dc$&l8nA
z5aSu$?h&gzf^jMNoAaOi0?i+Q*(>!!G}lt?`1ND<bgDVY0G@hnwjO=FaSNR?BJfP(
zlzZS0{{mI;7(qmKk1UguVq!vpHqRH_&4P_Tkx!I!%eMGA-T1-`iAvxqRp&E{ctplm
z*<7{JEN$o|<-9vtYg9OMKF<kt+rYbESbId|-<*v*!LW?z&YU<}fbic#L4-vAB1Rc^
zH}W)A;&HY+yNcw<DZbXfqTtRXtCd(@O;0NQXkSq&(R#dDN=5me%m0PHFtpDD&YCBv
z{Zve{BTk_!-+-vM5D$l7W=3g}4=SvE-JTa6eS+fw9TR~KMwcmqPq~3wry1edr5v>@
zSqQP|dH>Nb@Spt-+o6|O)EoZ6YUAay?3l6AcEz~Z`oH@7V)*~+@1;6gFSfb!Yc?rK
z%UXlz0<%%jL$+{63RE_5*nV_6y;@|U>{CB;>aO67IM@ooPVD`%N-b}b-U>MutU~MH
zqCo9Ds8LR{jQf)Z2TUrV@^SW)8uXilRs3)JRg>EBrumLF_07^*wpqh20J7j!Ue$C@
zXsJc|Fu9x^;`V#u(V-~uNd6ga+qHo5q9&}c!nJjS#9<~Nz!`R`e?WeC*K)J5QIfHF
zPS>fC`GWPc^<`bX-`lX`1%lh9GeB|wrwz;LLMa*j4X9Whfv3=&1S0G|XX(%e_waVX
zy=~0+I$HP?yT7*ObUKaUW}G2%z@iZc6;n_0kjaOiiWML&XwqRBJ~M+~#j5@7v#7uD
zbEm+4<b%if6hDf_sNu@MeM8-T_f3nC?V#hXFiRwRS_UbU*`c3okM?TdUyaeNx>IA=
z(Kxg?3~*~=#`h~`@rRSX>iJ_%Pj=VR%*5nZ1=wltEHVufrrOkfmN_#cC`lu_SWOiT
zGfq0aAeycMN!;THY6a4vaNyfg253ab)hJ>+(v_w4-mVFyq4<K^VTE}Uak6tP;TlOT
zUI9g7X9dW9Kfk=mv0t7{cSf7fJ*=nUEuQ+w4Om}``ck~Yd6Wgsxk>qRV^1Tg)-Oa-
ziObBQ#iOu|tVQ$oA_IkO)b&oaTH%CLUD&mnUg}Ln{AGfIjv&4wFQfU~>bXUNg~HR7
z@YHe$q<otuErVE8sl@tLdddcExC!kW6H!w=Vjpe(gyv60Qzr-&Y8Xyj{cXInT0rJ3
zKp^?E8XH>?x5f>O_55T3lNeE#Mc{Hi*=keruf^_so=wkZLb<KVjU9s-!Orc4`3_Rh
zt@_wW_BjXoaVJ4MR*B&6cpL;cQCnK+w7g_>DM=H0JbzmHLpJrMW|y|t$mg+*T*UXD
zf#K^Br3aDD-UQUG&R$~IPod3+4hr0X`1eCmF@YKYa~$0OSUP%GKeJ7Mf~GEQ3i=Jd
zG9g!7@_~sX@}gvu?EjbE5>|v}!`{@4M_b}JRW_1JW4XeD->s_*Yc_LVT5B<9>MqX*
zE#r=U1Q;U-ANVn%UZ+LB8F?+Wu5&vCy&ZmGO}|(k4UY$8Ha-oh4LNZ;)Hd1*oX7Ac
z6w1h$D#Yo=%Pnpw6i>}cpC*9O90KXSVkzi>PtMNHbU!+VqWACj_4M#%-<<5_2Q#zA
znjz#3jnkKYVH?Ls28|k0?D#j?SbO}4L);_hg{LL&7P7*vjhb)^Hq+H?TOs^D`A9ma
zY#i;NGHwN|crGE0BR2JX`&Ee(++jFHuyHlL<sBD;zH|EBS|uL7XF=mb_zb!LUVGK@
z$mEdSePx*4nPHSr0IOzW3<a)CU?LP`>dXgSJ9zGMhe)k6VRz*dm~*w1`CBG!o+w_W
zyX>+c;&FEbPqJGS2qWg!&vgXWiXu78I|5`_qizgLSUde7tPGJ>EaZWgw#T*GMDH@j
zyJ&o+yoDC?4%LFbD98$>_1IQ_{AtmJ@`mLJb#L7Ll&wDJEJ(uvQ<HP&UsFP<^r66!
z1;46lUv?1jMLT&AtLOYuAidu3^UXtsl=*uLV-6DwG3K$pb9Zz}w5*4U8M?+T>a>|`
z+uAb#Ej=rFZe*RrOFqH;<adqVLwjP_P+5~cvT1?Iax~~&`4W=3XtHN|DebmHYIyRW
zQ7=xeUsuWk#wdS;Bhjn<9Sqy=5ajiB`yp{Be(ib`*)pYWCl_crq3c_0DOSGRr~>41
zW!X-pud0>YJ{)bmTu!X?>=S(vJv>b)G9(5J3`uidsDw<SE@c&0+^dGz7N$%8EKVc-
zgO+wBy`Q-I(D*%*jq#fOqK$JZke#@}z|tzF(Q|-$S|5}*)%B<O!t&tz6(TolmdQ2}
zRZ{J_cBR)+k-MO=*rffE%GRV9x)>8P%F(Tp!pp1h^@t-)oXT-@q!q`qaxt!(7$pio
zRFfmVMC5UKYATG~n(CfmV@S#<R<S#PqT8vU>BVVvAG{&mKC;sR#L?$&s9-DVSjmYH
zYb`}1isH$51SIm<nJw3>Y2J{ZY7huLJkN~r6c>YdE^A+_?EcwXYmr^FGVss5?_{gY
zJ4P|66JV{duk5xKBphI8r1dq5_+trh>n;<{xhQoJ-*{QYt{A78NWH7ybM$O{(t=|_
zHHq5+#|@hPBF>|<`OrN_H2IU`peo0EN?_B^H2D04Y1lXM`%pa(9iB_yEHh6%;eqz=
z(i!|Z(5LBL9xBi`^50{mvJ>z?f;ks7d1P?A8^5w&?yiHInIAC2EHS+_>zM#`_ptAY
z7;eAYSXy}csKwVM+oiiaMm($0u~^heww(fZ-4Q{0At|kp<qubVePivxzm!KrHYvRX
ziIMe*(Dky;oFHZtFe%pa&q*p++N6El6~3pHe-n>AyRIC}76?E8!C|J5hEP%c<^9o(
zLZOID*5;&ILC#Mu-V4VeB?SV$wwpRbv7T4QJFam47-krNN?suMLR2xeZ54RB;QbNl
zgNLSM9|I8~3D@0YEh0u)ElB3@?1zVzUeEZH4x=&`{dxQE$mhpM!!hfP7N0#Pskq*S
z1PK;ZJVjl&TH`<7_W{LH;sF+w4$^4TYCC^r3H#2RNC-QTXp#-{iT4Wu^xpb8W%@+h
zAxQmNf$NfI|6mw$<+3t+Sns1ddj@TWhY80lw3OvE*x*z&x)*k~j3@*-jr2rDK8jn8
z(1Bpd$8kdv?B_kC0W((%|A1+PmAhf;gTmWO^Xr3SGY2?502IOr`Gl%Il#&3$CA+=e
z$ib^klpAPYHIhPUDU<*>lJ4JxOrJ%rQo5D>!;tvt7(}ll_gpF4ne+H{S)xK{!CYmg
zP;KMD`1=MQ>;as%sQ(ZcV^3%+DcoYx{ZYlio(<jY1_dzK=??A^F7#;Oz_AhWdLocE
zq5zF(aZGhB*t(3<MEVdm-%$}VZ9Y1<Ee{ynV}fAz|H0)r4+;at5TIE712e}Bv{W${
zYsO}8iMB^Zn%iORu5!D)h$Q56VncE4WNob#lDRodP*Kgbp?Oou8aCmEv~ld_brEdB
zPj>i3AG}#~P;~6i5H5E>8GO3s+xC__uF!&cxc!J($5UZ`rj(X-Fw;i))YiIqL8W*`
z7q$&2_{G!J(+PO|_ab8n)EbxdUi<P3w+KERzieGU+<q5urSnH-BpPF1z-?0YpiBNT
z>!Kpr)Rtsz<!04j(6+RCVBx=D(2^EA+X<q%xS74O<VDbT>r1s@_pDHvd$HIZ1-XH1
zpKDKD?^YeJ`?8NCpC&2Mx+D&4e!xP%^oBqMvKaiSP6Z^GXyZhzN+r<;lUI%{e1t_V
zb8j;A#ivNz3|)qNoLmyV+qqa%l6Ca($ptK+D^zF6pX*d|P4rd@)IP<yBV?JubD~jI
z`llR?*h*Xz2<FV3qh<Quyg8)KbGPEVc(Gt!+vmIZl5^L)&}67R6H?|EE>Gfr?-;b>
zPOErfLIJYYV1~fb{dqTw4^*Y)@e1LIfAp{aIW#1wI7r|#*ESE|IVF~}I*sD8T0s?T
zatN$^c}`ZFf^|KJOIauWx!3OXolbmGheJ=-Pu)&Y%jO_3lkoKh8W>bAuH|z1#m>pt
zqfeClm7_kRS?J{N1s6?Ez#|xWGlGP$h<}`kqy(trXT;d@mJXskYt+577+o0R1l1HO
z-bT92;Zn*SpAA?tt)ICCZ>laWVG>VxCpne7eSA8kHuBiF?&sWO%PCxPoCjaJ!h9Hn
z@J>G##m{mRWCok)8$jiGKXKXz*C8l%JYt`dl6F=K`-K1d>UexhQ3JCSt)FO2rsRaR
zkqe}W#HhqxZDST}7!i)ANC!~=6C-K)jmAdK;{}P$c~gaLGHItrJrd+imo$u2+3~}K
zbN;3}#o0%P5=QW}6k{Aj8Z`G!FbhhD*HtG2J`B%z6T^K)K+$6<k7P@!hNDL<BQcF?
zgwc1=Dzf7{JK18E<LX12TgzaN-GLX{!UjNACv5p56j|wqG#HgfhDM|&py)WCOCcK)
z*w6opVpQcXcP@KZ1WopkWLaXmnDLt!j7{7YyWeLiaGe`6*d~zQms98W<Lp9R<Tn+s
ztN)M*7zWF|Pn~_GllkReE8YIRyv2K8(R8bvRx7PF5kt~=RNq@Xo+92F1A&?pdL*Fp
zR>#`{!=8(2%qsoz4`VNemQ%||F#If|B0jHcEyG~;x}d<qs^Sy*sW%!<!+L4WtiX#i
zp#az3no}*&lsC)DL_OaguPYOUYq4$x{c3wJcO+>v!&I^^dS3V*1pVagaI<Br>ER%#
zbL<*PI0O^F^UmA!A_cc(C}(IYjtUS|5G%#*Hwu<AsW&|%AZWq@_caL;{o)v4&P=LZ
zL*&A;*I*y6%nNcakKZ?H_($B{w#qs;RK*(RhR;hHZKS{6kC?rv6jDv<^B_}Kqs?Pd
zPs4J`J*3v$I7IX<E(Wy+&!R&IBrN@XUzul}*|z+|IkEcjfVhzkVu>QWt_gVau_FqG
z;O6e+xq>Cy5qhWpUd_vP#)@=~c9Llncvu9KhI$HP_^1h?PY;;19MKvkZ@|n(G~Yq1
zrr-B-sipt+wTnE3d_82}uYUgx#(WAqp{J6$5qrWMp(vg#&oB}hI3ocY8qlYwQHC)h
zbYM!gj^5aqcRpC;?>^e$N&zGMD<Rupe)RS|DO6mzJGd2ZmgZo)aO$hAoa*3&H$pr+
zHfwh$!J#XQulm;0C)3LQ(z>-j9IxdJWZ@&5D5fd}#mTUb$HtO9KmXDl7WZg<20ti1
zt_C?ggiq*>4RalV)GFqi?@ZJ~6&ylBs(8v`QmeR<R0Us~*Ap~vk^tJ@wOH$;<F1wG
zY`$eVBJQ|h0d&PM$(_7DSH0E!R^P<(TbEZ?r0IKwM`2CURL%9Oy}z(SOj{2nH%}~|
z!!zK@D6i|*k+1dO<iFXhSgIUNW@$8xS&VDWw)xBuf1Cf*5>i7t056Y8I$kCt@RiY~
zNj^YNs;(lx2S?-=5f)(noPb9t7!heSq`0r?H#r}#XE)H><`FY~OYnNFpEeQFiKpa9
zH6Srxp~s%#n;`Eq+{ClC8IeGTGWeWZ1vD-hcTK0oY+HB*N_UHjC(5%D25n(|^5;ao
zqNCDV;;r!^%l^tw7BO{4Sod0H3~GGa1m55&KDs}QiNV!d767t=(kzwShWrT#W}VJ^
zQA9ivb1%kRK=spmv4Cp0C}(+k^w6EBd1^U&q!7VX+vR6uu6C;QoKl~FU~Lty=haH3
zUARrG9~f6I7`}){@xB@>v|Sjlh@cN`LH&2ov%J&3hLP?AwpNYn?Q{E@6%jUuit1dS
z<Tz&?uF0WG0Y58;<?hg$5cdoUbi2%W?b*j)UWrrLQ8JtyW1%Jtp$1?_SK?x>omaSI
zX3|Z;NYm;tO6`F$Hv&>@xYP#)C(#tAPm`3#100)Zzpd}hKxxmHMw_2lz9A#Pq7Zzt
z?&3;adD?M^v@yNQoE~@<BdM#lU$c$vw;>_!7K43c0Hz$VKfP79RZ&Kko&<LZ`cx=)
z=k9i29WuL0ic8f0S-2<cEDoy6HP;O}kWNashH*TSP8=E7JL;*kiK_;gZkG9XgcLtp
zc9MKtrrwy4D&SKA6<%I}bDBg0d{^r6Izr5#-hxqZ&*c55(T8|u!M~0=LdbdJ!p*EG
zRv)Krf%i^MeX*`oPJ!Ai7NU>e-TrQ!x!11eO;PZwJiA;BI3AmnDh0PI8M>R9LZt_W
z$H^)#oJQ=<xfUBvZ$+yUQGLi0w6InPD$wIs2ovt>MOua$le$t4Wo^1XQCll@o2Eqp
zN86Vs3@Y;WS!tn=u-TNk+!98<2U1I8TMysu0vOcU&P;|q9c-nB6mB<tj&MA9Y*nXM
z46|{|Rrms!?t~_9@KbnDNHFkP)R?R$b1nYQP;kEkL-F|ipSYQnOpP?}WG_nyT3~V-
z!2!OT<1fi4s=tJ-7bGGOP>cB=KUcqI^gB;KuBWtN*Zz_R9Zc5@9aT9Kdmy)r8?MT_
z0A&fNW7J0ZmGsYls!3q2kWRydP!7XPKgMzGpx39#)SR^B6=1O}?txtldJ?s!DTTK8
zHHIzpr`&j$j+Mn44;6;C9K~$nhySS-W5ed-a`1UJ_J)qOITFiJ!QMt|;oQPbq8jOI
zcxJ7Dv~W1dEuD7m|5<o_I`5P&zMoA|27bqDmc??blI&{|j1Z|5hFf*m$l&H_!d9q2
zRj9mTYd#L+=;!U|l&;Q{fs++K&m#p>OSX6BFj>V9NTmw-T{-;5PHfHE&9Cp{kd=)+
zHQxVcqGR5>b1I2)Dv74e%>X}8vIAK!T@)FKk<@W^cDJdyR)bq+B&jMKu*K=I1xl}U
z3wQ0UuNuR*>`Sj2<%ZT4ckJ<c)--qRQ=*#+2G+j#Hx&%7eIWs9MKtMs1ZhPz>G4Cd
zaY0oGkZeLw6}a7p3F3>{?!yJ~J$8rJZ4aPuhqq}Dn7v9@5ZboFH6>O+-M31P@qitn
zAFKs)mU(BJpM)jrgj!?v(2wr}&P-}bjpJf=5eS+l%sHSm&t7v}Q+<hQB<IJ>vH1k%
zI*d~ae~r|!LxZAh_q3o?Jk0W5ec^ldzk6eh{hgu4I0x5{DW$Z=7UXbJAIn%%rh4Rs
z5IK-*SShrFTD(aujy+N}LPOrar6KbuI6iyBT84p6`9EK1vWOI<1+Yb>DDJ!Hkq$;T
zZGlf|;P=AR<yEamV?YJ7>Jdpfxa!sr0{w5uJVW;y5gOf0ucwXmj?T(<4cf5lnk$ZL
zy3Ksc4Z7vf4sCYLBuwkX{klw=P)%yw>y@|;Xo?lMWk1)Lh#ZuVdEm1&-=9BELT#!F
z$_S7x8=&918w(Zyrh6wu^A}8U9N`P+B8##u_l&0rd+3X17)h>?Y&0VEj)ygl&%#gG
z7GjaF7$~%1Tfo7R3#m54LA<z_<^KBoWBI!BTzg`I@AVU9&azgaE+YIvUMcyp>~qRw
zV+ooXY755ZdjVs=S?a3?l?LmFI=|OqxXIjLHKW?&!U))}<r-U8r7#~W^JMm_#lb7r
zURW~RBl1wm%$zwDtvU<T7SvTJv*i>BwjMpmaSQ?qB6r@Q`AnHT30p}-Za>usHYl!u
zNYS2UcvQTkmvOwqIMbSAdkvN#)O_?{>tbLZH(@pOm3sB0vYqmCmLJ2L>!rmkW0K?h
z`Zl6<)aNRtPT@x~<!?~X*f7{1K72s<@Y|$Z|K~}6;u`6P4+<Fx<Xb$S{~P+Yel`DX
f?!$+8ScDIl?>GLR>z5w}S%Ui(C0zLRe?$KR0T>_^

delta 54838
zcmeFYRa0O=v!;u?L*wpF<L>V6?(U7t!rh(59U6CN+}#}-ZQR{u`rCWQoH%nce_-xb
zM6JwxvnuN1$*e3s1TW|V$5xUBhrj><0f7No(yh`PHjLQK#Q_273rNH!0?u6UB;7x+
z%D6%YDFTKAu(av4qdcN1OZ3fYB2iD=O2pDPGq^!?&QAzEo<RB?^inOyiVmbzj(*G_
zLQqUVL1<?Q{ssx|_CNB^1bm@p-!#*wzhiZU&t`cUwuQgF?ItTTHf5N^t;Y{;%SIP1
z?%(jX0^fP?2`EB`+6RX|fk^S)n~kzEu0$Pg>-%Hviq3ak0q={L&-AT?(x0$7G)-(v
zteHB0CkNx>ypESacGtLdsA5Ykc~wIl;f=-P2&>QdL;eK@nU#&r9ku=d0&;(BkM+Q3
zJrMSbQHKwlM%O#B*!z#?nIEgr!4pw^aAqp@t=*qhzG_uz#gxtiGvm%Dv!xO~Jh(g<
zTcXdb?LrqN63uz=M{}2XnHA1&=_0i0aG_+Jc?J(gB&>pOufIIL3~mm8L9?bTWY&It
zjnMg(JU!;(#UnpG?&uXb!C+EZ_2FH!hD0il(--IVV^a;2N?mj+MF|vK<tS5J9FWXv
zeZ6gefiu0l^BDF6mFd{Sr4@gkK5QzDvs$mFbO&vMv7GCcDFp?2p5KrA#>SFo;=9-5
zRj(0>`0!@E12BJZi$*6zQ^cSe=-W2V66eruz@x61q;&XUQPp5xKA&7)gTOTzNKNUM
zEhHlS5=Sg(^YVO|V#S;L#b^mrdn(Tsef@AS7l`olZx%K@z@AjVLy+JdHO*Td4i*pR
zdhZVFO0zTMd}1jXIndOU(RcHrI&yb)kpss>%&ud48tX>vwyMByD#(ZvBY_Pcj)RRT
ztGd2y7mDV6?c{hRLsi$h;_JT~Ivp~V54hZ#)wM#yW`Cbc(YQV?oGgYmFGYG4yrg5z
zk>TG|+?aU>xUl<Lk*t@yx?G#4tqStL21${Gj;nIb9FdRzuz7O^mGP*XhiP|_;0ZD7
z=<l@;>7~8!YCJ<)-NT#K8W&FP5x|Er<-gE=)^tR3QB{A|KU%@l5x6h+c+`X}XWYcX
zXQXsDX*rrO>20<0h*qW{h{{>6Q?u%$ebfYwMvf@~1+Gn9PHWd8TDXo;oXGGemZ-D|
zw2|vn6+<x+DC2?DAM}NXe@skn%2aqx=5B_F;&wz7*z;Pg19=c&kh;>n*GbvTOI6~3
zOJQj<KKMVJcNfq=Yra}R1nLLRI(OD}*O{4o_wgC=Rkr-W3fn0r?CDfNgYwFbV4IID
zaXqL7e44xAJa`bNu<n?9Bl`Hv{B8CaCeT0WAmd^lN|KDQ_3|Fa!u>k>-h5m@^ySWK
z!XZ({)i!S!m+=8f8|8tdvk!xA>q2<9Waxa7kD}^Zi{3F@g4aad(QWseoC~*qYs+KU
zAU?L;L4bQ%grQ4r*SzAHWA_@=?=wBAjy3cPpq?9l9@58sU&4W_B%z9<94@`L1@Q<j
zY7nbkJq7uMcZgGAeQf<|I~>cDhNjOg5_3CfV^G1<hM#Rbma|snYqel(BpxwrCJbna
zx-RS$nz+=iPC8#%XesTy@DSl&iX*Supn7f-DL#ITwz>2xnDrL8+<-od>E(2PYqYcg
zXjT0ao|Dg-bKkl@pJu9yR4Bil#nDJIvFr|w9~H}v(TgsteUh>UiL(!)V8W>06Z-`l
znwJuj*5EH%&KhXhau@qcQ;opUO<7+QR`R|#vYXfcb`d@u`^!0xYT<+2x6!~pZh6u3
zHzQU<1GJzd2bFu?qU?AkuBUQkTPM~Kz<d{Tg=hDd9N`dT+>e~w!d-evWIk1y-}6Z)
zPoq>xRDu0#?ka`!F6Sw<E}LKo!}NDK@Cga&TPb1V<7~woj%`2Nb0rO{+=ga(ng8+?
zzCQ51@B%RmI{0dX3`JJ*XvN6HLaOZI<K@O2I=D;Z8AmZ4HwSLpQPl|ep0suiD8N7T
zq$quo!)1#3y`L2Y7X|O{2)j6WT3-8I9mXO#_H+y}b+n)-A4$Y3RMRL-iL?@Fn8ZZo
z8bk+(L}FM<nD-5~?Z|@81-<Dy2sD<CN>S4ntK=Wo#A+~LH!1CGAwx~;k~DkRN<%dE
zz^aq_t@)%z7ZMS#A`i~?EI_^kIek_N@yH|soB_38QVmJ>hAU5plk~I0R}w6E2nDZp
z4Es>QB=;pF*&{R|ZmaRD?RW8&PFtE?;hJ5%qWL4wnxbv4OLztko)l+2A1~8Jv!Jda
zjZGPwMo`rYHmeF}i2>DDWa&<X(H`Gn_cCJ9x-f<4_S!xswIUIiN{-Bd&I{q?lYy=l
z@fEltgP!t%!M}Jtw89P)VY0q|dz2}=3_e1Q*9}57uwy98cl2-i$M;D}!-Q;YtaXb2
zY*{eG><G%kR?O1tI{47WP#1|eNL*EqSwoDV$3Jp3y1}HPDe722l@Dc{Q&TQo{u-G`
zW9DNpr~DyPN&sPAP@gjjyc0Bw8w|8)I6cENF)OPW5;;7eS%>|*;RU{;j?wVNe|L)D
ze)RmRxh5`2wI5NmP~jXub8D2CI0Q=0E=KCnak(m>3~-)~5D9PQMii+Ck{>u&PWbK>
zr6?r76e)VLWdwBDF}F(8tACQ|i=Pa)*5Kz2LG!>#8{asJj8(A!;@+uOp~RteTh}Mw
zhF>mc6k;7RF$K42bypZKKZ<R-N|7h2{vZk{R~KJF?Ym?a&_;9{(~=7g>99)?e6+?&
zerKmGkClt%%;@9Q4!G<0rq+LuZ%$x9^>E#jb0b33b_{XyJBdvdp=h6*$IC(qw_w?-
zN~lD-NvA``8myE9HgHb~#U=(cePnSpH;f)UT9wwOC~6HKd2HU?p1zO}e$Y5>656&U
ztJO3sGtG&pM31E1dBP<5mHWezKDaP`xWJ51Std+}<dRMn-wiW{_cgWyzMmMK?GlJG
z3g7ih;lk-{*L)O<xVV=@+P^jEh!0JD0bg{?u1)5XV(R9=K!SGVs2@T?1zY1s+SM1s
zb)ZOU4W7T1me+O`Sf|p8)n<Y(q`(}dD0NQ89*Q0}<w^rP1@jNV#?tKRsCi_6JohbG
z{qn8=+ojO)r%qTm<4w69X??AZwkK7rQ}zoz{o`S$O1D4;Zk-G)8Kt)SoKxUic!k^7
zw3LG^kB}=6lh=ThP(VeoHFKPxpOiM8^{%+BA9s5Xo$2T2P=!TX;qd}KG74B(ve>Cv
zmLvJW^9+c3#=%F421}_%$v{O~+HrPb&8FE)d|%vHi#6hc`jBnuM5$SKKe&%Y?MFRe
z;tHwwwk~QswHU>RCFbos2ytk2KrTih9${{S8+Hdsv{W;y9d$su?UH2UQ7lk|%A&mf
z+fndQc}gmmg`L&Z<yk$}im*3v+m4V3o5mt{m46H9QbMPTTC$1Zf0J29YKW=6+0>>5
zIKqkaYQY}$MaiWhK~!(MB|H@5JA2^G8lAQeAGo&-ZR)$gE8E9@|1K^MM-iC6-T;nt
zA_P=~K9$pKQw+4rp(^PXVO(?^fJT5s+muexn8=d-%_4mUhoQqfI>Z%L5XwRhk6~&J
zj2Uq(hF%UA=a4+3uw>FkfgB>|j7?$k2u<-kI8Q5(jq#y4koOL^0qa*jM9>&v-WQ$i
z9V2_NRtj5zDJ;cjJLO{O>#t)s9hIuL&;d+Xb&R;l&FrE=YmLKHqaEHfY~0?TS_1Pe
z`|G*lq?P3GNzMX88nbX@xutkmqo+(xwjAp2#ikSM`V4GU)FVa^c;TYpcPemZgH&k2
zXGR}shGK}NthGbv5m{B&QTgC$(#^tU<bk&gZWcyAsaCX|^ia9bAhm*7b5O{7HlR|t
zPI&%z@Zx?bd;5>)zPg8Sd!sWp6s&p=UsWmDdtBs80W*^m4)_Ye^C*7xcjE8KyhtvI
z(=bpE({t*0RHa2XvGG*B*=7EAu=9yZL2^7S{Eeu5hk19baoKd%Q;qbL5Gwt0#H*4!
zGQ6-}-{uoPC%3rNWSzpuNt~I%XaE~Mhyz_G6FPHaC|qc|_ZR{i5mAlXSXji;dz07Q
zUQZy}NRLW%U7;A!^!9TkP#XJh%Fr%D7Sy=y{BiQJl&m<(u!?jKeh7I^xg;tF?>r~S
zPk30llU{4(w#*x{HY?skEl}3Drj!*@ic|*gw^0c@TZj1k#n>8+3bv|!NB}h(bs1GG
zTGB!o^p>L-Hfx-`j(Q%4*NL_P1yfuNLFOXF;`~~ym;%D`0UG=z*goK0HypD{8K&H6
znzDt{85j=Iwra|Pd=AzJ&4!b>Y{Nb3JaG!umYT;9YB%DbsmhiORZSW<(>=<FpX(Qh
zp?LdBa^ictzGunCfW~_<1P0*Bb~BCr!oExN2rZgfDlG=B+9CRL2Hklp6lX=grhtR8
za_3NFA42x~BpMV!vii$w@*#U4i)h^f-@#|#6@QJ$KkYp_y)1D!c_~w$BrhCc(S3eh
zv~hK>cSR3uHtg0^7I9;;O4?Fn;zF*IvvP;FoxqPX#~2)@LCs<R23-2x6(A`R%|lpN
zs{azVQ^T3W3`^X?#Gw*;#9`*<hQlGW<Z?B0eY!}^Fl1g$@7pFC+<6~sr@=Ts3&fQc
zkzh#JAPZi`4vQGZU&oHZhYAK=Uo26is7q_`T0Fc5qh?10*$A>Q?i-I7sI!7cXUbU`
zF|%{H2DldQ_`}dH1EHwNDivCOO+;!Zlf@Jh2&84l6!%->%z1yIi;4$=tB;vynA(#1
z3rZmN7!qf9`=+gr<AN(#Obawx@L3`|LVjdB_kZ%%4I2d6Je!fQ+9Bf=@*@o|N5mW<
z)RhIoK7jfu=dtMXm_<<&@OV;|vRt5DQpH?XLnxe*RaNC90-`>WyNTYq5c-BX^L$fg
z4PX>56oW@5+Mp{XnJ7@1I7jU<zbG(i)r%`{IwWtNgOaNbKiICZEragee9%|$<(-Y@
z)s*amlx(CW3QHytB&+i9am2XYLq$f@h1cOGf+Yxt=<JSzN}?|5%ciER-dmOG@M3nF
z)-V$r`z!8Q0IJFWUxpG!eHyic7t>j{0f}#JunGiZcbShbyH*x>W0cH)_egv<G8E-&
z#I98xGNRluBzcgQ2}9HRbeS_pQ`&7d-gL978m$`A%qW&yez9R*QsH==hlo;)(Y&{1
zX^G56UGg;B4M4nNmhBqus)e)d=oL>Kzhxm2DzjHM0n=1*qe+^nB-R?jkTJuNbl+2(
zUbU{~>m7Lyt=Z>ri&_(0MU$b@DF*X(81*I3iZgJrqMFXiD#-~<H?(;^@YH*QktK0F
zTBUI;`xO%Tv`tk{W9o_smTHp^^>3yTlSijXZTGWCdcx(C1udpUNs6mI<h)@zde+7~
zJe@#hfbPh$*?B8kXij{}{oT0FK4rdPXX^@!%HXwx+Y88Vp{k{r>T;0p;y+r9B5`8G
zz4bB4+UVV2hLltyigZ}fz}l}*=*jPFO<fCYOqi+)@^7vn7YrTH7iKo_@W|9*>OO|G
zIq+7p+%Z0VL>{`E)5tWGrhdY1WEwf^&<a=R1B4gZo)5vnGd&=zuzBRZGOEg4QtHxv
z9JEUli4v&=x1_UuyM0)`#l`kcH8|4X-f{CP?ec+{y<^H}gRzjOdr7IqRZRtoez=E&
z?`7(P%nffSB?u&=IvgQvT1>7sc{jYE&t3Ll*+t3d1?aR)#(g;2cm&&FyMB%%e||#p
z0IjdaJq+LpTDx;yJVx3!FRE+8as--aPM%C-C5-&bov($(L65KR#ikx5KZ>Uy&KmNs
zYh*(yF^~gU$g7o#o6E#tWe@+ro8Aq+P&5nIm!d3Wboj7NSP-yMp%;}D-I<;HBjWN%
zf{N5N)yw)bt$qz~)C114HmorAE(K|LK-kxGVc90er2zAIs1}q9wr*ykz?@qPcAT`$
zso{{5R4Pp)*EEQTY!$*~cg2Z>cWdFz%Bffr9G4$`$So6`S1jG{*u@lYaT^c#aR^>>
zv1Pd1Mx@2VuRfz?392c?*4V&t5)6;2dyP3V>CEvW_5qvV9<24Y9{F`H&bWi`0PLeR
z-^sYHShx}Mw(sl0?sQOlA9pf_t^4MeN1|fbwPr!%iVKWlGZQ<~Zmop0%J-jpt*Y5d
zpL*9Xe9JgK=iyE!Q=}c&8U|#1sI(Lm#lMn$gvkmNCBYxls<?Mb31k?+mi1!67jqUN
z8%$I8UDiIM;i;ns@n~TONcaT&0N9q8Tk1&y-e_l1;=7<xXc2|$qB_h{tk~EAn)@`E
zyXBhss5pI2<CM5!dtFmL!Y6^jmP2=ZxrA@S$Wk82Ew)bdMg(x;Y4+Lc?wHz#J8Ksh
zlEuAm`eXWSkgxSl?VIh>y^RZ&Zy`Tge-OGp6_jWA|44?=6`L1RdB#}Z0Mcq0-b@@4
zL=7>;U|biq(T#mEROodw@e3T0i%ZqC>0*n%wTm5%Ri9ZHzaGCIypvC_;xWPRa-9^%
zskS@{-QMw+KY(k5Pl?3W=ZQquH&d9<*^hd+rrCBK^gYq7pE913RsM;J4sQGHp<%a{
z<i-_V*|T4Gqw<E`bojGK7no?>X<c%x&OWBn8vN$bwgy+VT+h&oCg(fvxhI;<hJ{~y
zT52xV-HZdfytd#FvMN66S)_vP;El_9VM%Qdqfo^ku#U@e`18H7nJRGKKl-il<np;*
z>s8)sYU@Wzxx3{Qxdn5dNm#a#OuLu5fx)-Fv}zv2LOo$v<#Y17KfnnI&);=11?LGc
zx5Lp?&F$BJ1)n7YhL6_?qPEyWWGYK1g|2pb*f3cY9Ow;=x%IYH8CaauKO-ngJapAt
zeAylt_der7KT%{IHOaYxROw?KmeTrc>@$Z#Q`H0@xZP$MrJ$3!rPIpxul6Q8p7AC}
zHD}EPWOG=0J1#+JApiwh{J3-iehc<R)Z>Y7^KcL4@?uRY(aBN;_{|!!O4)P5ffvV^
zG1e7%D37fwWKSk6yF#gNO4)vreO;^$X>B#pVAIy3eV6RkIxhJ$DO<|9s_H&0rKKEd
z(s<Lq@{~Qi_Ii<WadINfZwF;uQV94wJ)IKp=ku;F4#ooLgMpQjBDFFhe)S<CPA#mc
za+pFAg=zi*suGiLli$KRo`cM2l%LV4!)J>q3H+s?x=7rr6G_jJixdRSZq>TP1t@f$
zT`C_6YwAo2IO0F_zkxw%jH%cCxMSyZjB4gWn@>X}D+i}%p6dB*o}KtzRjO~aUPJGu
z{@jiRn<7>tcLETxCl36Iixz|M3AE+zgS>{_1Y4n;<%4ARD}h09E95PJk?HrlKMAJ%
zd&Mx+)0>kTc`hQW(vor$`;}6@xAh1YAR>aY0j@Hz8O+3?6|ub5&p0$7Lu-@(Tcx;g
z__vD_sj8+nw6Tw0iO3(>1Nqrk!b!#~KZ`{CXPTEZs3=f3uP=($Fm$qnKCRkgnCqa>
z+)_W>pk9C<6_?TO!|aAHI9G~Bn5{3qE9r18vDU}~|E;5m?eTFQJguVeSJNMqcQPq=
zc@SNi5j&gH%o(eilq7f2z`^NT4+qLc<{<AGd))G03~O-Lq-6pNxdz(#$-k9S0SunR
zKcskU%y$5o-&pKSIj|P9nWYDPo~g-d&>rbdjRQq*k)aynH=0b99fLW+%L!rZUE5!C
z;{)gp*`sy<lD4!OO<vDiU)Y|UORb54cmyQBx0vc|W~LOSMoPsfX#+itqce%s1s?av
zXi?JcWWb*gyyG(ElIl^@y51A5b&Cy->M~#z$ABF@s#e4Nsgfdcr^gvaQ35`6vGbxn
zKdp=vP5wq36VqxxM*biY4`iRiwJ)-AkFvWyt>+2Z)mmL>N_8whPy1p83^)TB>X=m&
z>+eDC@_4#5?{>6fIuE9skI`9W$pqrZ1}2{1LYWQi(H9J@aEQEFj$lh}C-R=cNW7$?
zB!IG=PoMk!cMa5VScCEaPnTeg63&7jg1^7(SN(;pjNm8ZlH#foIjFjr6vND^tA6Fx
zT&i}DF^}@HmDE2XJ#a!13!tNM&9<te>D?&_A?9f9g6%d?h^jh$JK5D+Zb#FiZbWbw
z#M{A{`aHo#F|_A}F`z04WAh~$%Ty_unFIVZ+0PQ69LgUoE#rxTQ%=eM@_aXC+^>jc
z;2PUImSwRCMOM3cA3BH~Sza-#y2Ib(GI2DC&ecl!b@jZSE@Lm+P69H=1z)(G!S^6b
zLmv0+E)qGm(LtGNuU5g)<g)g|kwWstb8L$8aNe7CK1$kCmpD#;skR&A^;P2(n+fQ{
zQ#8;L2y+*f&<B*2<)A+o<H#uJg4?;vBp{ou`~4{{BLzj74a2H-SLNFaGc`zu|CF=D
zKPc0+V_)3HK1mfnlS}V8Ws%qG*kEpkZ@>s#(Z6ON1<mfBvgxWEY2JC#JT;%xW7=E?
z@iA;V{_2em&9|i`sXQ3O?NpM{(giLWXqF<F+xo9NMM7mdRu2O<hdANxKi48HD&4BL
z7fU!8d|C|E-!ZI8#*PizZ7ktanu>a#Xf$2ge_@BLx>xQ*dXGUc36))1W5*^M8a6}J
zPOZl7#B52U-q+R;!y7+&sB6OF(K7IU)A%}9YgocvN#4QH$tskcly@9Kt^+DXR;;3w
zAjlm46i|t6<#ug^Ob^)RZrny(a2}lrC=6<>_YnMWYoL5df$&rxP;1Slphf+ZC}rx{
zKLtT}@+lk%QVoEjsrZwy)s=;HZ+Gy$D0CUDy26B{mbe~fv?}{qA5~M%*MFVoC>DKv
zs(53X7eW3cy5UY_^za}<`V7#o>(b2rT>ko31;XGdYUTc1_Yg(;S8b-&{0K6<)RH%3
zN;kM)^@=3#foWJ5eWOUYNdNO_p#F8znrF4OC>>vwN!RV1qHuRK<Nta71@ixI_4I)J
zfPx$b0of3S20{JT0J1l>c2G07cd|47Va{md>gaHuEJTC_21A*wO+*Slt-+A&PgDpv
zyWCp1USNfM4tV1kBO^--@d;kexFaISi#ej`z*CZeO}zz563G5Qm{mE7;nMi7#Vgh^
zr<;85Yy}M%@tQS%-bY-8<qB_kJ8-S9{z=n+uWm{i)@|CyBP4)zTIO*G5XsA+ScC`P
zM=?P|hh)Sx-j-a&OAFqCf*eGiePRXX#9v%?!dkR1+k{`(X?g~7t=lM>dmPE`Gl@^1
zLHj71qJlt$w?}F`{>Ik{kE4xVS@Go$gD4Ya4i>cziuuhDH0)W9Q2zo^3kAN60USS6
zoh%2%@EU74MyWDE#1&?zy86#Vtr#4=!A!K5B*FcJ=W;y>0Z<7L3(!IG{8504gL%ig
z3xjoh`1gBvcl*l|ezCgVo%8qsBY~daM0Y}Pc=qOu9y|f>YA(d$^_-^=U(ovEwchpx
z^l=gws9OXg_-QgRzWLvToi!xFr0|#xj3e-vXqPTKaP3(b$-6+Q7h^?xZ)ab-b7;KJ
z(bB%K_2uD14t7~9zwnzulVhObg4jj?gMFtx_iXDtEl>zqm@zHsh-{A;^J#9_Jb(b*
z=kSoPqKvAKJU-|?fp|uu{B;mU-_uNLU^jk%YM!HYwW!S!U3|?q8BBVzuDR(KZOJ%|
zcVmnGTFn^Pt<S{dY|4gmB^8xp>Cb)j&zSrTt@xfQ$#Z=8=6Dl<C~v^UyJa%=p<sXg
zB4TgVfm@&%DzFDVk{0L+QH#W7ua?VW&;N)#;~Ip~yV~C;MZR+!3-a}vV=3a4pD#m#
zRB}g$(2z>B5@ysf61&AsgrkIxocCU18$T<VE%*uvX*>xN*@hG{*jAHb=^(6o!iXB@
z)VC{gPm7{BqX;Bmasc3Sd`>gS(nUfc=+Ah6b>4d<{nGw`0=Xo=SNwgS5@o6`k?SKX
zzxTqMh_Dr>#f3NgV<7XrO7M7TkQmPELCC%OQ^~!WakR!OLm<I6J)ZtdJleLBDcH7N
zOVS^~-es$UQlhT%m&rpT%52A6F5`0D_M(dkG&SYp)|P**!5NTcUSzn*M09?!ck2)S
zGyxr}`4$_s=BW0ob}wwvz1U3Yn^Md>1+z#zRB{B&2*(XrIaMZf)9i1Br+PFwVPf6i
z_^99#B8oPblOQf#Z0SDr>4ygL<Y=-BRjBRPdaP{oXq>&A<jlg0OTrb(pc%`uXRErF
z$PvNrW5Ve6`x=0ydQlf#Z@=!GXrxEmbVlsobS+_pI|nzUD~)Ea^mOvtUk~6#I$J}~
z7VY!LSqI(&$EmR&!=NM|5{^X4d|TB5xgKu6R}MFAggYz4Lj<lgqL1_$QZNrU*YUTi
zt?wA=+E*&sehqhPJ7k#k$T`)jZ1G#2r#>M$J?t!1c0mC(>UW;4j}R`JMLzah)!!&Q
zniFP^HrH7bI(VoVCOaOuJ9SqM^)(s{Yac72Q@a}K6(7f!ernSszjiCvoU79nD>LK8
zZpsi|EfdXj@NC-NIdl<kEs2Wcd7KU1)nLlN-#M5fU2!ydrKg@>U3HT#2{2wgIG6n4
z{1xj`)ZzgsaY%jTudD(OHds&pl-xjcR?c;CTyaG0=`)bud$rymcxpnIgnD^6B3)hn
zC!e*AA@w4Q<%y0ZovuHtKFx*#<vRvz-=&ER*lANY`L;HF_^wWW)J}EyK;G04qP=!@
zX!2dz6f}Lm>i#*<QTrbuY`?mGYE#9sfT(Q&KFxqq%{gV@r2bX6_y1Vd!tLqv{|o-4
ze$!bQI^W;fAsFuQ^zS%Q*=!|p*j{}Obh_#_{r_3gTxlc=E#G>2eEs`#;h*kHticX%
zspGp#|Nk-d`5x|p{9oBG#fG&@8XVAtzjv+op;zIs{pZ+#;KF4Do&Om0v1+j%=l_#=
zsc}f4pmwiFrKOBy4hR|wo*y!LdBMl)aa!Hi0s_i3HoN(uLtxMtsg`vvvwhaiNVz_p
zExj+ebnDwA&|OjWx;31S2B}ZTv>gXF44{_mnjm+WgtpEZ+dTr%SZ;%*;X`2f?+DYY
zO-?%5K=2VkLp|6}{K+WX4vW;q*N0oin#XbWB8N0Qvsy#{&?g^giJ?CfOM1yTj=PC0
zT19{#660yUJaRN7*E3Fbll5*B7xWCTjVUA>cgD8^r9FxE^-7$B-)qDNU7vJ%aRpVo
zdPx333miG058Q3#e>wQ+F?V(>owiCt7xwV^lKm;+fVB--`34sR^RD!XK1HX)(uMyL
zdi*~^6*m7P^q<a-|I&%Pg`F~7xkyeoqQnvN&vjHXXY7Am*A;Ox{Kxf?(_?Aye_UT(
z$9|jLH_}KEwZ1H))aDLznVCG;q2dA-P7L#cqj>@r224Pa{Gq4-Cmk+^>At(T9W79K
zBn$Byhxj}UxZrJvX1z)(_v~h0-9hy1{*(LKnLcrXffM6;5NN?*S1yKZ%%dGIXy>W`
zO6bNyd>J&H_g~E}U5O#A+l22Bmd-pMXRc1l;m+P#^u2vEJ8TN@W!(6DFuOHn4<zJU
z<bPX2U%i&?;hXh<+ZITH)r*y>pUPVoU8D!zJy8?T!!_D92|BfNfcbeAbQFn*eOW>W
zQZP^&ng<1?lTtlhV5gqdP-W)WBZF(PNv|3E;omN7)5XG3S=_l%i|1pu%}3l;Cb?!K
zoU+s>6y4Cwol<SBnwH9Du=MIvEIiJB2lD>+RH9wd=EDW}#yP3^0Uq?mFB;#_97J6i
z9EfRt=1Q%*Qc6!}eYrGN`DxIjN7bh3AByL+SsFLdyhXS+0`iUHfm)X-qJan7O1XtO
zyaCaEydkOBf#cQZS^aZPrldx4P2zu|`?ykfl*wyrG;9<9TXYlz3bd?`mECKJ$4`y&
z#ep?VSL!#JtOj4#mK9)WgA?f%>w79c|9Cg8jeUOLKQT{7O74dL(j{+$?NzqzE?Ra_
zk8gMrmj*{fXrlgi!y2I1Q_Lx(i{_xY4IS=%B)ocBCC4pF=IB;pHT`0QU!Nif&5@%D
ztDvB~c|*rLt3||t+TN(gGoR=DmC6+0sm?eJIY#q?Wo?sn9MP5N$vbR~EbP*vKqaMW
zNk};Uw=1U!{Q2OsM%Cl5a75GA_g|JtEF4eH?S_8lX-}iVGv5)x$ZDlG`yWkksgIRC
zwk+s3EXlKe`|@gRa(b6)GhE>n8(t;`8{n)wO24QR;e}-QVSCA+Vzv-1{BsZdzT+@k
z`$Sk<JkVvaI60R58PM)TX;1JI&c3ydKNAWLXEBvI_jZy=Igr{#iiJELq3oMv@hg3i
zL<w#N!4_%10VecWzDd(hDACwck{(QxMVu##P{T0@Jw)1Mc_VgTbq(}|hdk2bp|&R@
z^g?|1tzJI3YXcUi6yFSTl~Y^5O(5MuVsFlP{#2F4T0LC4awb8#@-8C<oFDq>MNY@B
zMNTJYrr4Tv>~mg907P=z|9c#Z**ROBs=4}~dDIsO2j#jR>fYmZlGkJszHdEs{H!_#
zgYn&Hf20#=dC*j*y(H8k6Ev&UZ29mVz4jAzWrm%lQ5A0LRi!9~ML_R?WzM^^Vdu}J
zM7GqOdRxE(41XwHKHERjObmZP(4$b<sP>E81JpS`iz{PSq6Hy~pN$m^CvCQBfq(37
zwXF}+mMZ>kkGK(#w2I~P5bF$}Eg)Zev&u|M<A4{(k2!(HDE=HBPCj`~aiK_tQL7NS
z;dR5tmv6Rh{)3__$s!AY#UF$hC=C3P%Mo<*RHc|x!$0{V@1`j9rxcW*fO%0Y8B$eP
zhlVbYBh6-T{&g@eoHiI~!zXf05fCeUSH|m=UmkI~4b#F8`_W4<??b%uqaqup{PtV;
z13JHRjzBX@G^o6l(b+V8^H-gvDj?K}y?7qfV%vUR1r7b2fK;CxWlaXiKRs4iEKf=o
zE$6a1#1=SjbPEu+Dk5D@6$tBIK?&D#|K{B4ZvR}bR{Fc?vr+!Z%p9I)byn@?>ip9E
zaWLM3=<`)0Zn(n4sQVYwZxaQmG_2j){yPJ`J7j)#dH$NxvgJqM*Ttgf&3=~e=4aQe
z80WFEnYMJ2tDv*;;8&DPZ=(cMdhwjdoi;N)U2Ha<aop?LE1t$SI#l|*e+-@KwGP}(
z!1+9#eE#?&P{FA)Wm@U_L32L)*SXRQH#ZMoaavJJ_j+<1_esX@vu4Z2zg@7S#p=v{
z<jZBLy{F9=aO8+TS@ZMT_IxW1QZxYH<SD#(b6<hm$lG|znRw;DO6~(lUxQj4z#cDu
z5j53S*NJjxTk0Qd5M6XM+D_OQ=5df$<y?l>T{JDZt8w8m{Qf!{>R184t2Xzu*RX1R
zGf&^0=g&Ew9m{aSMt6#Ed?)BN4b71jFNof>-zEwt;J(a;y5>taxHwa6Zahm{>K3fd
z)9-0_*aqM>(6RBh1j~Tfkn{&Prk&{k`TmI!wNCWsF=vHNQ#YSY)5^`Rz!vxuz<W}s
zBS+e=0UKz=wb$8(G>Eo(t*M5MFX>mka#K7zN}v6*CGh^iD}RQxW1WYu$uq^&3;mZV
zIcopI7rSP?{d?2#+1b_x=M(Wl%zF3@TdaT@Pm_T)`-aC6)dSE`wtImmn-lF)rIwxi
zcjdSI7)9ilL&sY;vB7vgUiw>)#ThmQwKtv*XDP46`qLmm93M+S=p%!2k`u%rr6`&w
zIwrTD?OBkgKo!XBFkXCud<X&Se4wr_b^f3zXlaWm7=WkW)^b4>&I5spGlr=Q-Hs$|
z66*AvewVH)u?=|Gtu&OI_StkORwppAcNek9bP92?SqF?Vn4t>eEi#|ak_+$%aMKl7
z95sZ1*<I9~gHyotArH$D;eelO4Q}uAXYQxr4u-e9kQE{|9eJZSF*|*LU^-F!@Yfcp
zhR<t0PDd$5ZzCV1A#vd>+!ABMd>u5E?+ac}I9e|bc?UqC3k=Z+a@q>eQ$Wa2^E3RY
z3M=qfZoZH=9+h`OA%2GZpoQ5=o4pZ-hrC2|en%^Md13ZtwUfyP8M}V!%w#@6?DYp{
zh&Uogg#3mNK%+cFdcaes40a?+z7CQhDM@wT!9K?H!9asA+cdh4flA_u?r9H-EyC*U
ztBy3lz5;~KGp(h60bcI6I54e@0%k<0V_riOH!8AQf=rAIXDI^ww%q(6e70jLCl$T~
zKRjK5b(DcH$-3h~ci4y!xj+Nh#NO2{i0<DZ=g8)ee^776OX0I{!a{sx`Qm>LZimDm
zLJ>k1NXq??WtK(j^_p^L*xxk*$>#4x>UTy$+Xni`fE_5XK9=hePSkTKdGA3d{?Ye-
zr*Mw90{bGulMceQzK;OU(I2rWEdq9W%vGYONMP}gt1S%}Wj}7p3qY7j3Ekvv#Dwg?
zhjn$cS$zixP>;Xz62N2<w9WGs?526bb#;$BE_6PPgG7<|gXFROnAMRGSIFjMhi~VY
zjDUH^-r_mDu>fZ}h4(*H*b(pYNHkvo9AXAx2FDp3%yS-g8}AE;9NvGur82m25*2a+
zJjvokNbyN*1870}Tdo@Pct=S<&q<WF-ABF$2~={q_#NY~rfT);>6k>i)!7$SS7-1w
z@U~QKuP2Rpv^0kPI@p~9nU=E}{#5#$SO-+<)`<;iSkr^Z1vDV^EF66+h3NaA1a9n1
z*?V%b4_1QoA$ZrvDl)X0>X8kwb13tEB}rq6MXo#&1*NFC!CLu&S$_!?=U)aZMbR>X
zl2Ec6;WC9yT$$YxtC@9C7~N_|<PD)DHWLQL=y<@wxT)$mF%L3|SBDdqF6)Qc9Rqq%
zsbj$h!FS)+b|!^r{@R;O$+IEJGHQ+R3GK_G?~?Z8Vdfj<eMljIRcw-Wex7%1p|EJa
zSKbocJMM=MkUSpq3+wZcON#oof+9Ocf<N+_IP_PCoy7I^K9ZaA#b(7}7^1m5ugDHM
zb_@OcYWPdB$D!HF1j{~mg~q&)1U$?3E1dX5V%tQ1QW%%tcgc<IVUVe3uX$Qmq7WfV
za(G=&lceq<)rI&KFC*>cz5DeVPWL2Ud4rzHD+M9I@PyPlEylakrIz8WVBk^}9Dx!p
z4CA=R5e{x#qT1zYS4@SX#5RM8vg7)mYj2khcZala1fq4SOoY&q%|JTx12;&^tP~La
zZ6VViXgtO~w$3{mB9@5<#~AdIgG>dCE$=0>an=w4n3Ia|b7H4Skknx6T>N`*_yJ^Q
z0Ts5v-`-&I>A}~mX8I@T9AGFhjB|8h+zM<ld*3}+b|dZ(@)tcsHnva(IwJKHk=S{7
zL@1G@gu>0h;p`bh(OjZ?0V+{#+~JTHXA%?YAYDx)xfz%*Eg`4NltNA89e-R<W?#<<
zYzoE}HR(bvkiOZXbKVf<pL52-ID7P?to6I9C7SOoAw2cmEg|cxg;0%FhAd}ikXnXB
zm5#*+FKJN8=<!g4MV`*hWPadV#)7-wZ>_Gc8A>@Wm9wCPF6=;-0SHw(SR+-)a)9Iy
zE)weMJTPZg)r@)*wg_F3b3vPM4bhH*gxr2VQAX?`lhEAkNAL2&3hSNR0qQoU->V6^
z`sW29n4!AYdHQVL7ew4P(M`OJu~EP_Jx$^i9`Q7q)>KF`#=(E0%HHlYg*8&X5YrXj
z!rA5Xt*7|~scOOi7*z;i1ZVN?mHF->kDAQfa(@KhoKlwp2A^WJ=Lrif_3E}(Bc5|1
z)H3znUdLUm@WZb0Z-XkG*VZn2Q!^xfTQkKpITFcHd%Qn-5))6;?&iiZr+*CAmsu3)
zJZV*-q)dL$E;KksZV{)8BV>>&KHf*z*0pK)^EY0n{NY#^U>>CXhyfXVxFvQcl~1A%
z)P*3pR~f=hj?H=CI3@Xr3kyA3_<KL*m;jYjyxS+&4DMM7OqleR>y?FEElqkW4#iqr
zh2(j0d~)v(3!>TRSVR^ldy>U`jhEBYQybpvR`y@AF<>aVuH)me`2jIwr8w-jrS_Mv
zdpHSsGeX_TfKc^e&|uHn*0g1xBuchyNZLzbg`YHnqqF;y<7n~ZiK;=sE7|#*=?W_r
z9w?{@NfAn!=H>4+^W+s{l(y*w#3-$z+_8Gpk0~;gXS8A)jv`IuVzue?9-{Wik}*{T
zDXh<l&gG;YRns<lEVE2B-uiJx!y2toPVE(LFAwc$U~FE~!kKdy_0a_Q=x3tX=hhaq
za4H?Kpn1Y5{nL8qKp+O`NOW+^gu5G@e6+z3?f@tI;4i7sacVd5Yh<DOXfXvN0V|7T
zUkHk_uHU_jPmY`|?(8QA4sKrt|1tYTcv0dR<lVY}bNIk)puRVy&JI+$@?`0Btheo8
zVIT21P%l5ktcSJx#bk)qmMnKpaQa4a^MJD38W~}_KV@lj0j(>P8$?3H*<)05HEpML
zo0g&^tvdx)`jg_MRO*XeQQ(v&w5uVh(It#U3RZgK@IDA6K(;dkZH?zQp}Q}a;VqUX
zi*$ry=)yUh>wfA4db9ryDxV$N0MyJ74ke~DAY78Yo0(vX%BshUKmBKF`g@49yU~%l
z5m$~mZIUU2{HfR3??3D{jKq$8!JdaLbU~rp+y+qOlQ?S8_~_8c74_uUMh+M<;UGTC
zlZb2a#35(O(L9jgyJl5k06j#Fy#ORcJX?kWEX~l6Rl7;l&!K6^$5thneZ)wU0uZWu
zWfKyo50kf}G~#wCTKDg(^_R?oU0Kfi`5+6f`dLPnG_=w7@yGnk@K7PIWgeh6_;y$b
z5xb~dk&NEv6tzm<5TRXBGySq($$HyJ&<`nCtW}cZxOf3RWqdt2D65EAP`A-5GnMP8
zIreDi{$l@~_M!frw_sHPAWCB-TRL*ht*`2+UAz`~koz^$_7BE14IF)0Zkgp*2Kbb!
zBS+C2A(KyKMOZQ|2FjtE8XtBLt1cum{8@n#jKyo(7q+s%M(xXpTs&8CFcR_N*n^0c
z{Y5SUQZSK^?*@833ccP+JYTD#y^C<HV(tfmTW06>Q@?uV-f8lt0TydCvJ;!$`S3%S
z+>U@uz1(=Mv%biy&;n59?`Km`VL)JTTj6;Qs&wuI!<8!$$*+*dqL@r!NCH^%bh{il
zzVr|J=9(!DV9;lRoJ>?eIwDQRWYy1r7jKUh)6`h7-^AoAO>FNpSh>zv3}Ul66@09=
zY%*&(ZFejtj&$zfy7z^_qP|_mUc}9KDoyo|9im2i^$tkSxduo=fZ1j4=-|tlD2|r}
z+QCNcks?jB`*L$*c+BL{FaRm=Hxp%{wST(53dU6zrZ$m@eNXA*4K|t!$&aHueoGq6
z-pHp{y>nHNvhpvO&by3!KBqmKX3sa42ZJM+d`G_c0|LH7&mZk*;VEs2?8Lz^KajqW
zLs@eB8@5>T_3EoG+SxZ{wg<Ii*sL_j2mfYO_?m^$1-EPbi$1&592R(CrTsA(v_Tk2
z+<IyY6FRvyAc}x__a-hG!3#1%G@Z%B$RqNHhVyfl#Pml9K8wcqdO)IW7B$lE#Hbn6
zT}nd89SWrHZv!>uuAVZ5Z)o=#L65Fnep86S%Gi1=4qy#TgKU|5*RVM52EL1VG3Epw
zo%J|CTHnuE)Iy6_b~}jQ`Ec)zn!HA!M2h#Ib{NMIp`dDFl&)DI&SOL>-ia?PAlc)!
zl4sG$jmvz(5P-a3z*cn97ofxhQ@{D()T0<16wrp?g9IBDx_cjoiO@G>w5R%aY<Q3R
zOtc-@8O+2PvPCCfP>9ne=?3yd8gi*{v4oF~`qVoU?`J5%a-%G`_`?<jQrK3{H$E`C
z8Bc%N&U(q{j^2VZ_Gi14K_+c|YWdpOI_F@9TVAYuTOhrLpw!pI3{{+}T${4{r7-F_
zH)W=Qg;#%~5|&7H31J0Pjfrms0ny06+_o()FgO-uJ0Z5pow!FFmYp`M<l)xadXsH=
z4IGZ(RZ)r&N7o@j!sV>-mps1FF43`f=eOpd3jZ)$47(r+$DhTD1aJ(OQBa90yxK4O
zq=g%Y769c*DY_3i$TaB&g{t*<z)}m{#<%7j`$wb0{>N4`^J(Rv;C<i7!*KjUxo=2K
ztC8t&>4Px*xN?PV{R7rjC?vKID%{kX?h|D3e^e+42lpzma10i<r9rTQ(PYEIYpnKV
zBp@&gpCUU3y=-x?J&-1-#wpBgxEnENdlhO-iD5e%OigCQ@TjPgb42+6A9DXc<o>@S
zH>F!N+Iv@Q7v2H^D}(nQk|ZGx%1Bu&#E>^VF$YdkZ&rTySwVF*{N77`-`syQw^tZs
z=~+vQl29a-D#!E2aeuQt5%(gAa)>?Ae~3GAO&saV<<n*S_$>~YLT>UvC^ZSC>i1BS
zh{S>sW#i7Zosj%LU>l;s#+@D}L_?(e+FE!RgctLM(@T+5fT3xM2-Pj0e<dp)F%!BX
zWSU8~+-<iJ^Ft-&pnx1~I(k@ZN82ju-vl3S5IqJ(;*Y}O(sb%EU%mh&-~UEy;QwQ5
zd`Xlq!rNbZ|Cu8}8Jz=T6AafPCly4(O#&Iv3FKtOB+Q)+@>G~tQtG?$NC}wTmfg!i
zdtvo1g9r)HAUUT3$G1m_v_wT$rgBPDB$%K)_IYi4;5A93VJqze@ry^M?h$oC87LBs
zh(GZTf^(V8C+m~G0fZjyrNo*@!VuvN6VXs$Gr_vhNCWG;V13=V8?2QydI?Z#?S6~O
z5&Un67F!ILgD~=8nPV8D#zyJ0ZLuXmh6dj`2X#l05C~+q6iT?-NfdMf4>ZDgp3j1D
z52oZdY0H(Ci{outL$=3zklKD2MY@C@6fLz45yb{1ur+fjk)Q)5eeAGQME-)ZLsc=`
zPz%LGNa`o!qM~dB+$>`rA#6KILcD%a6$d1p)ouNaoYFpWvW53+)t?ZQa~ds>tb;9L
zDjhG_^(OZo(-L@vlzT<YVDl!!`R*_jnfC?(p4c-+azHd21|NaC2v2~HrsFr#G9_s5
zP{aw;gfsH76z?XWo-D#faNd?Hl4^si!J@SIVR46Kuq3daZd_tZ%vydEpENgG8ST^(
zS-b(a+pw~wql`a~W7uwO(ZUIux+wnM%*Ti83lll=gaAx);0EKDg#D=^q6?xQu#o+S
z(6l_LQpTDfMshB+^ky3hL1SG5q?8K~ZW;hY2foo=0~-SrqpVIVaotPnldI6wv|b~2
zzFk^>(_Ap~Q?4OWL}sQqX0Xy0#w@tgVNMJ_u`8<(J(Lw^3B^4~?g@Q1xRV3^E##5f
zk&4xR=uv9pYW8?UdUl--WqKG_Z+<$v*c$0>qVX;SWl#Jd@qJnbYBnI!X@hT9^#%NI
zcn&+Zp^v(sL)o?`N3!Br`PU!+Ejr}e662XA8zgXf3%fIeWh5J9;QkCzcLdi$5y<%J
z12$?Y(@7y*d;bD~J&6%0+b?u-M`KZQXKGoUjObA#^>E{4hJNv_uz~wXU>RxyYf_Kq
zGr8yTZQ_OVR-Z|zOPUrG0Qmu7xZ4DMp+OrRD+(uvdQW1?YCkX(M!ZECYt%6yV{b!(
zCMz8#!=|;`*exHc4r^}@R?5P~sFvsjy9iO`yuPINdnsnWg1%wf)M|j7LJ0B@gdw}c
zP9Mb7e}i8;&;y|z5T#l*8q(s+7$HWl)?Ra8Ml_zFts>DWhh6IcKrHCPKvRg2Va_*v
zokZ491{x#vn5Kn2LyCc6D2#Pqj8YfrvCL+AM8y8=qR=YR;~z)6Y$G;iuhQE;y`nO!
zwB(FTtEx0ZZ{l_<xx;fHNBB5UD(*+6`7z7Vq%E-LQf9)?7;YhaiTI+9qOHAJUXb1*
z8|^L}n32s8oZ$ihoiU_kh-8AoO>(~#>S7X;k*aVQyO5rJg!}afPtnt0wJi4uojVvs
zB=nbTxi>{~E|;;tYvR*CSoOHoX2qNu7~A37S_TfMEwLf2tD|(r?W918!?=R=&#HJP
zX*pU`*na9y<`+_rznc$QnZ1?=!rCr-B(IX&?52B7(~oTfz)_r_R%K^`b_NqT%e<DC
znB;0urm5`iJ-H$*B6pxL4*BFfmryV<_DeXg(VwzucjApd9DjC^IKmerC%bqV8{K7j
zD->s!F`WjN)9TC#MNCYIJ}AkB&CU=0L%$B6@c>I7wzT}e7rFGIbniw1{jT>CHPyli
zFs^rw$A|!@=5TFBK@u)!R45uGV*?)o_6A3g=KOmU_&yI5C_3eT!|xA>J`)WVo?xR8
zhNLE@(h-)8CFW%2l8B(OCD*G40&3HlNc>L=x)VZUoRSn)k~rbGqUH6`VJMuo78FdS
z-@a~cZp{SG8?3*iBfwFhxy|>XgoJtz-<fy-0VAAG1HlM8Uy18f%JHeGWXkoa$453g
zz5pd(%9hEzD4F!Z>-)8d9+G61k;W?FX4J=z`m;>$6!d)hP;ciy_cgZK99{%a!U~=A
z3?@;{lbOX8R)WaNTt2c(RuZ*r%%A3IdFG$D;gr=s|2+cP`~18k)7urhD5f$QPj+HX
z#+C~Ls4ktbc}@~OY<Cn`{x-_z;62l8W?~{j8OJj)#$SoXUw@@DiQ7#57mhZ9vW-P>
zQ98$*RMOjqJx*UU$6RxLhH|IuZ7gC>;N<;joL+6P8Q+(LVGguSN06LU;}Q*99#8cy
zMerj{O*j){3=DorE^aRU`?4MXq<c6CO9GgvA^Aeh>ur(mOy66R)I|MSwfJm}8+bsM
z2h}<#Uj{{lwqJX@YAlOY0sRw6o?a|I@+F3~LrOEWZHHVR%m5ZAxPd*0fv)?W)uUQ{
zPUsZ2%{(^hPNk&qSnqeyG5sYQ^{>f96rUv6n3id)AvGmfM^LJafv`SOKrnh`3jm)d
z2{#)FKk>BDXns#XoQpL$u$3&&+b%jsVBy*SARaY7rUD(wFkpp2%7RZ{{ubz4S1N;8
z;VOYohaJ%6L^=D{QdD5!nuSTlOgPCnYX1-Y-}h0e=-Yk>mO@49SB;-5<0G?_)w|!#
z;(Yb4i}CJ6vWS1BNaG#3(ENSu4dDl}D1S+dn))v8$sT2oM&*NQsXamqQ@9_mCmdj7
z5hCl?FmoggEU>7H=J6{*9*U5qL&I~uV05oxYEf`{M?18XNxaf<Y_31;<lRvI0Y;VN
z;s?=M81FclaM%fZASX8d%_2B{Ui1GRHt<`nKAi08_$2h#SXlFUt!QcFy!r|Fyi;wQ
zNk$YmKhhH<Godw_nYbkWsy~R~kA8NEc)94!!PzS*b#Ho}&i2miI5=$xF;elQXZQmn
z_p;+D#?6nJ-u7a9UwpuAX+27MeB#wMtvxrb-T0ZAue><>dg$(+gMaefgS&D=@t2K)
z$A3x=DG&$g854I7gp*0iULino%(z0tueDw=VZPGYl*&210`DX}F$;|&L)R=%c*&k5
zea~3OFi9;T6+6q3My<1cea2M8V!Z*fp8`}wb2%Hdf<)WK9=&WoeI@I-@0z5jcN-w^
z<0Uu_8eNWR_z2@Cc4)Mb__MgeY?H!?NLT>4y`xiDzQVB=VyqZfX;Oegm{?{>S@luE
zs91M<tWzh0H+R-P3j#d-W?^H&!JYZ=^gffPl-GgV9&WED(GZ0%XY2cls?`scOu6w3
z_cgYTt1SYg@bK<0cE?;}rhxI0JsB;G^I*TR8Zms<MmRmH(MOd&Q0^j8TwiSSX9Dp7
zY)|xD%?p$zmme<)ZN|W?iy2swXp`m`<t^VQ9|r;p+<Z1{TJ6a9LO~Y-K@a^AeY@?q
znt`0rTQJ$`j~Na<8eJc!a-375;05it?U_5RB$%GeC71n7Mo9}j9c>1wQcQBMR`}g*
z8|i-9>NIjeCuvefjW5GIw2k}tI(sH#{-h!w&2@iednSo9b2`BHkf}rEX+~{xW;CT+
z<&nlb&rgu(vs#V6vPtDZP-&^riH7dt)3=!yFF(C{V>f6_rdd#RDK{_Lw`5KACqHWy
z;=3-5yM}eiDv)oYIC!Q@^L$jfqn%NWRlR+%xs)0Ql=AqyuRo;bDxSRj8FjjLEIHFI
zNv-(`{B1DIrVmuS99143V0YQ6Z~yS6_?(j26;ut)%d++?Ia`ptgAFsVeoq|+FmVOH
z5dkI7dDVNs+Ux(~>Meuf2)lJ{+}$O(ySqCCm*7s200Dw~<L>UR3GNcygZtnb+}$~3
zzkBcRd}n@4SItb-bai#F_1x>e)_M%3b9BEwS^hk<l$tguf2MQEC6pj~tHk<u&Nm_|
z)1z=f49HzG7gDDOEZar$3_|Y;w=dQ*UEMK;CI`s{Ms!b>`3LGtr<zZ`K=FCx%>C!G
zr{qqf!{=P14F;r+nR^DGciWqegjUz$^Y@ioA6JK!mib2XShFWD{+Su)_$<*(Rm##6
zmB|7}%UV1Y_Ns;8{fvAv=$tg>I6f;17ML&ppJL{ScDV}@4}HT-kjL4wlW0g-0sECn
z<Q>V=Y?Z|F!E|VDu8u2gGoiW4W1J;Oefbhn@sHjsgT_TApgyV+Cs$@^|M_cbc#?_J
z(c1k+oRY@T*iwOkj{5x=f?_i4T*tX)Jk&AB&T2f6q;6E>N}SQYYowX&hIsfk>~xQY
z--`v$d?7=mcJ8b%NAcAkE_#@BoY|^91<~BkH`F<dNuq9NL$_-k`Sd-wXv*t$W}sc^
z_ITH&<NlGE^Nazj>sgyE<Lp#tydphOx>D%dDuKjKlaG&}UGAsVOo_mzb>sj;r^JbG
zEaaM9h8<l)xv0I7qYG<Gw{+h-p820V&2w(77sQUAK-RgR6787`AT+NNeXXe_eAMh4
zGKMtwpVUG5Lpz$+oPr{JIa#?iO`GY-TxZEoF9sd+FOGog_vwX|nD@Uwoq!*YZ|k<i
zv-QtUotJlt(7C@8_pKFx<%%i0`%&h;VlV#b{6w}bR_aZ(jRyh0Aq0WM2yxu@l}-^9
z0moH7<V_Fej^)K%Ys*EZUp|1YNV~7oTIV}f6Adf(Z$OC<p5^%1usa((GblB-+@0nk
zaVN`t=;*F(NVDAw@;mO#`%PM-t3cw@SGG4huH}YK#NRm6HwJnDCb4{Q>H2Zb!X!)n
z`y&6%fosMBQTMDcUzKx)kss=y5jFP6^CPQ%qmzl%^x|Siv;CP^34SB$&Nl*|GH0uf
z8SAF=3FRX<<-Qf36n@;l+U2}7L)9*s3Gx{4Yp(Y`V!xBbc$n{j@mlUdc#;)RJKGxD
zB+l_aA==IUoC5U2Q>cpCvO^ui9JLcKFDD$K2vGC8Kx{_~9wk;XLFEJH++qNs|KG(>
z!NqkbbQ1#8L-axg`1lzq3R*pJJv|D6o93pX&rIzxLSiWJ#!P-sO#;$r<*_b8jy|$~
zwM&#l89Qmioxa!?suP}Is}6N4xG>;Qg#vs4pZSds4ZxAM`(M&Eyl8DC0)oE`W7@)o
z0rDXF!~Kl0!N78F*(imXj5+igj5&m@aYfMYYjpEW^n1wsjfq|kN1$A~vj?qR1Nnf2
zdKeo{Sg8UhgP#jX4dF8NpTu2ADBjRrBrdY#<$MTFNzt^MU$2H3=ShjJ2ic|_fttw;
z{Sv_c&%({&UIS#tevX&l2`Q1j5Q&`$#G;f3LM~z^CEAHj#g9$XZRB@GGx?Vo7ZL?W
zzuagyWu9iw?#U#LSX=D~5#PxlxSgaeHU#M^q4CG1%{7+GeWukFETle^P@<0=r})Om
zl#e+{lxf`6N_K$UgghKT59}D`O2|{PHu3lyH8(x*hC3Ir*Pd=I;5?x)x~Acg<cv2^
z3d8$G86r&ZbLz)Rvf%Sbb@}Oaf;UUrQ!4jY@?JXS?rXkMe<+CZI;3Ba0iOA0%l#S{
zm3DScMY^wF>AxHmeiRpKMnnni1;w>3E@Z9!(&)&B3lSc5y7tYDfyapm(Ypn91emFk
zIKB8eo%=$apKw^zk)%scX>~W%Vh4O>hUH?8S}R0>VTJwI&CN}9#lJp$*G&mo!Oq3u
zrg)1?7n4{;h*$#0>xpe<OV>Ug#Qp%hnl_V4DJGDNcbd{kHpvd(kajy5F}ePZY1&v+
z7$0G(&K4O-EOMj_(1^#((d#olNGWnRzjNt#Kp2@HPqO@#8>jV$FmY_qZ{6Q`<n`zF
zlhPJ@=6gdFlte#qC9IkjpKOCH+8jiP^HEZ3Bey8%g`kLvk1%RlH+2h&8F6v?7z_PF
zjnikx*n`~m)fiv?qv`{ts2=-NY$wF&j>Fg%n;}xdQ4^W9qX0`M6vJhC$p3hxh6c5T
zj-gtCykfl<JZ9PbtCLqHBmb9CiUIc&RJ}<P^j}8lG8VOgThK5Oa!X@^Hu0s;0UsFR
z$_e(le#0Q-HhPc{s&eNN<Ne;?ArW%hDrH-^uLL$N_iv`ecJwrJ2<M<AjEi`_Kp^da
z3-9wZI)eU+OGUJ?K#N&5_jL88fbwsKTImd7PTUqjvIFUw?@v9{g|1@(c7ETN8c0xh
zBr`k0ZT+V=i1Muiqm?y$>CAp$c*a@J<VX%`VPyW)DEupKmcT@x5Y(M>``wy8WeSHP
zSgqb%yd!>JTyu3d6r&A|7@Uf7%?pq>E=BD9s}jjViM?ZMA27j!ORo4E$H4E?Z;Vn&
zeJRf1m^kp5e8P%@M@LrN85yBcZMg5PJ+#_4aIRXDFx`KCorn$ap-7lGkzuv2Ya46q
zaKI$@?KD#rNw(4Db2pVupXdiX3OnWk6)_kK)}Hc#BjGZT+p51?ekSAyo;v_Dhu71a
zTY3uLR|~nnK8?9(g~TH{`IM$_oCiCI|8agXXEhgCK(m+iaj?$VVq$u2Dq{UpY$Ocb
ziWpx}d5WGqnkzSzxoTN0f0m|vFB34HJ;@4kH~<T!`B8WOA1gIjqm)@dZHAdiIft3E
zjOAw(I1yXhBU61-ZMpgcK*=4hJI0hYF!Ff*zOX02t9K>72jhc}=E`C`O-DyG(*IRM
zX_cp6bsp(51tU|<ne2pe!Vw)M?q;aLAd>%(0dFske_DsGE4vp}I}rR5et8+faCI3&
zCMNU%NvRINWLNpbnX;=_I}^FZLWYtS?F)%s_4ZXdUag2cUk+6XP~38O;^|lM+dqh2
zjSO_aE^X<`=Xn`s^Bq7TEdP<nYc6SDW=0*0XTn0Uk8}K?BI~l1?aW)QLp>K9uE|nU
zXNC=?K3vqX8ak5s4;NMX*N2O$UhsdrsEhxPiyEi@;iA44I@Z$YJ&yr7t*!D=mZHAG
zw-29j8#53w-YvWYa-m7Y96Wr^q}28F-}K_vUJ2RhoSu?!^WNZ|-$1ux1Ja^?+QYQ{
z&8}@#=1aRScu?V)DzTriY88YM%_yESWk@ep<>qartBGaHvseHT$71=!P+jqX9_(Fn
zs$yVu9^B)dy>?yMU;)rQQSv`44p=icpvOx9gY1uNzmKiKHL9n3VOCxL`!TjbX~7&s
zrO%Sl<{Iy&cYyA8$^Oqnb)%6$$-YzUtyn5?^WX@Cm~Nc;#uw)gUr}Sgf{F<rz0+2r
z7$VJTf$FLFyk)iP+4H+ed3B4`*|;kw9LK%+8&-X}Q{nnu9bm-@=Vhz@18MR1!~5t=
z{EyHl-!yabaq%D{2+Ejvo?QP%5?e$Mgb?r5mw;Bo?4=qENs67HXAshvAI@n5fo+cW
z+$^%!-#=9`O0pxLxjF|h&f}y8W2-`mNKndO23!<fcVoX1k1(Xt{P38Ip=PsXRD9!e
zGNUh$*=<U&AqW0rn66CJM9EbdTUgc<P1F&M)N=n2B_$VMr)O~+_=PyEH;F96!DE8X
z_`++2AGi6bkrz6E@5e<PfqVcN{%sx@KNP6m!fw(RicCLNca9DZj>b&&#f;41`!yY@
zdl9q?|B1>8(4@~MHEy~O@vKJ+1-XbC5ei|KiG>LGALFiwG$W2ksnrIuK?Hk`#a^@9
zO<Df8Z;C&4VSv#=W6|TM@_xfiniF^$0L~@|Au}sgUC~{9oUjYU^6c*r*N%Q`kz4%+
z$7(mci$$8wS&lkeV&!_eRP|%0`BNW}+K^gPrqrb6EEEm<IJn;W3{AJ@G$~pr+aDQ#
zN25;+8xoP*-h}2@1k<5~Ur<%h@V`A*(lyT>2I)mcVz|U7|9u?9z;jfk#}_(XA}4Ap
zi$&<;oPC@QVYJdC%c>vhyrr}?S)MsLuVyHm${kBl%#a-?l_dm7RVt!s*Q%Gsa1*xJ
zf{YcR;$#>49YX6EQhfLDOs<{)>j&Gh{0khepWE>JX$o>EnZ00Gu<=%#?{2G)bt0m*
z_tlAI+34=yN!+SGSh0(}<0(=MahBxlIpNrY6wPOfmvgKaVH-hyg<GaPRXksN)gZ9`
z6h#S8vx8nKZjaRw6>kk66O;$cQ2k6pCAu#;KcD<~O5(f0p3GN>YFl3du0dIXg)YV`
zT;FnWP$Nn1$SdC|*>B4ShMk+9{~};sdnAZOo78@VaA5J@L6`ktaRfd*T1vqWs>M{M
z?9B=M(2f0D1fi~?AjQne6;BIe#cn-58_c-OBJ~h=zY}NsnO7?RRa!H{_9Bk$#XisB
zI_T^nYABs4%a*t{jY1H}!V-dYmqZG}8J)uZU#pfpS<<D|(UF$9P()p~2xE*X6{pjY
z=pCP4nM!cR@eph%OzK>m)b@@;TMGt+h|rwFJ22bB!CxhZ(4?8>3#NkgowK#r5Y1E%
zihv#uPvnG85=MxA*_;ZcOM{iNu&2LtFfnFYUH&@D7;s=&;UyW6rd#kcZO_+f2#B;>
z!S(7@_@pn0CHQsrk?B(VA+-Sd_gnn+EIjf!V(e$zjx2eDCY%3sRk@2cq#uy$d++o4
zkT4Yvj|oIv9%UF^Mp3{D?RlEwxH$Nk&}4<W+D*~5u<*#&OtjFZ3Ux0v$f6qAxn(5%
zIi?2UQZaz{P^r(Gg+T@GVIvOTWdspE{f>&vlCHiIiS%-+3wpuF=C{E2ia~2%PH{)}
zPz8CphxM3hb&;Ns17X5h^~c%=aF<>>m!T;5g%rDSwQ376QTi*AKS-N2#+u-GE@{D7
ze)uhs;8cY5sbj3A<~3t9<n|rf*x^O>ZYCtsn^4m#-yCMQECt2H{ocg_ph`uY`_-ui
zvY;>V4UE2JKeiT7$TC2oPKRP9x|?_aG}NI-NvM)?FPa%jPowq3YSn5d1)lXXf{E_<
zU#w)-_YU9&s`exFckMQ9b1rD08RlP8w^H5Xzr;Q6QAb{BwUTR23?;Bb%TH%9)WU0u
z@1re7j}zhFei@5b^R!D!!dFpCBT6u3vtyRhN4oUFFRTl5kh5U?%V8pCQlka~uq2zh
zf{z<N7E`ix-|vFSXU(w%fpQ&NK0Bu63ArF)bXh)1O)m1*7r)iHOq^s%iZl;`ua?{@
zo=A<)i{CKdG|dEq6@9<S%5kaqI}FRW#NaN`t@VKE<7Y<i9Mr9+g`RFp2)UggQglP^
zWC_iiY!thItBQAIg&>AG%TkB{;QpMY<cA0^c$r9M&3aStl_jsgNXW{Y#tI-$u%eQt
z!q?P|pbl{>`IIgl99*7ryv+ybPGsPX<|J{b+rF+kUAeK3XhTT*l10t$7|p7u3)otZ
z`{R!m#IBB@SrocQ5NdpS&--#)8WEhf-OI-^|I0Zk(MP7sX&<2w@xtq4hNK`s-Wl6a
z;@6erm%`OcqY4oQtL%?&+j4@>%EPiUDTKHUCT8nH@R~;7{kL-aG!^Yn{610Y$mQhj
zjY`(`uAr*X;SuJc%*SxC8;%9@pMkjYEqQMf8^<yaLzB6J0uwyl9{katKa<Ehe3oM+
z9(!@(bvSJDqcdv2<wf2;0G<!vDjCv47n6O|UT~877^VNf@4a6nx2n$_Opb3qIK{Su
zuKEqXP9tdf@O;sC8CAEYG%RH({<ObseTW)fERE5SG^+RWK>wU$srMxyV%mAxJW5BE
z!;m2|BS{@sZ@p+^;E7^mA7O4Js@h2b0ik?b>xfj!Ufrx)OECP%6TpILKj$<zPEYFX
z<U~A%9S!HJzlAM}Na9(J)WZHO?kV+UIE!g)o0_;WDY)VR(>mhYeLJqm!z!c$)B}BB
zwF-Dj&L0*g9F_W)7jJ!57R4)N?w8eS)^7}!dQ@jOcmS9O0DlIo`t3oFD3`{7jOc88
zvv>1;yGLjt^*SLh0B~1qPY*J^xkyC$MS(h|m{`xAmx^&$dTf}IcG_dIXzvl&&NCti
zNsdQ~%$808$)-;iL+Y?iGM~=Xg6!#nKdp!juwH-lnvTWNK+R#S*Ku9Kw1|)T$blyc
zyBG5K>$@;|Y$RnehGXE7*-n?GbKlY)sEN(ogPLb}id_zSfFzv5S{`%}ScT3E6Uxc0
zXMA`>d<5&gUOL`l@i4Nm8A9Qtk=rHP<-)!5QslGj+%rLjrh7Xnj;8x8Z&dJW8C~5t
zdzyyRU^CC>K|iF+-@{KC9^3nE-g}-uq=?EHv(EF2_r>0(1iRzA6!XExBCjg{{(Vq^
zOS6oJd8+>n50FgXSE%604`jBhU<dKuuh5rWPedK8$xC}l&)JRVkev7*q7NH^6C@Z>
z2}!~x(`a%<$oG9-Vl1(>h&zKWCp`4hi0Y4g&5k%UdeX+86-d*F{3xxllxzfT=!!`$
zMh#cFMc?;~Mm@%ZQV~T@u(i>^wuf72TWN?=5%kO_f$+=5-LulHkJ~&zA9c21@9%2Z
z(WpU8K((!y0nI1p$Yq~HX(c0OyxFQ@XmE^Y5!^z?;7J#;$iAic>C|PnlXb%+&$-y3
zPJPjY^*bqiX-<mVW3kIDo|E|cYwPw-kgHIt1B+Gt#9AC;;-Hh+It#Yn;}#_lghU_l
za-}N`uyq7(Xo*F*yE^!j7-we?4f*=Ub<M*(ioGgt(9m0f7deF=QdJ1<5+%;}n$-r&
z5U&|dwFMf4(|?AUoK&uH9?-+Og8t<f@I7hU+Q0-smgc<Maa?2@$AoRH)X7QJ=Jh%&
zImffvw)g=@-MilEJ|M}+o31X;qb%Oov>dDqNEJbx3*?8VGOXj)tX{x@4x9*H$KB#7
zHl)-$3?8`YWnAtc?O=5os3U!rT<DlE6`NL!uN7R;Il8kJ+ns7>*P9wSBQIx7kuNE4
z?~%fPB940!$1K>dI7&J;Vo+>OE6EgV!!0^^z#cU1*Kqz`N4q;<KHiJ7>clR`xcEj1
zoEPKF`CPHviiuL%ZQ}gRD2=BxZACj+<MKt<>&nV3U|4HOvzw#bL7YhpXP6wwIErXn
zV-rvvMs3km(>Pbx0wIzI*jdC;9V;l7X6I_jg@JJ}6xVEK|G}+>+Lo1uUUJ!!{#f;A
z2lLUfr`implL#O2A><j=wW(wn5}ND)FnYUg!a9r01_BC?{lnxDFRIsQKG#y%mqK)i
zU(H?HQnWCIOMc>4L6#Z1SK$-n`Q%q^@x!2SLwHMY*Dd=a$x_Xg*`_Rv9v8dJYFnbx
zIv<FTwSKKPmEcU!%l-0w8w~MXbaAJ$3|rxrL%-0NA?QFc@uplNf8eJT8eL-|kgUv1
z-uB(jBEgRTRvluKvCe?~vK&eKdwZRMD&o2Yss*zxAg{UiiHcWNDZ?sZnCy=Ru4rVo
zHj@Dc#f=qfxbw_^@j&wGnkavg*RF;snl-{<Yg<Z^(34)Wp&Zy~Yrnde-6iR&LlOK3
z2lB)m%<j7ica(}(%eDarkWY#xByoxHXB@(~m6X<PsU??}X-}5sNYGe9D0RABnY0f0
zy=6l|<N|M%x5sN!ZyUsSBZeK$msRSo{2m79KAnis&j<tO!kSSfUS66UHhV>?Hp&Fe
zgHtWvjYwiwXkhR6rt&J?0`nF>tr6O9=mV#kWtV3i-!<OT()yHvhTDbC))w!LH%If8
zkPcw6p!yg$wem+~r(Iare6`m3`Q?7##de*Go2$=fz4OkPPQ!GXjtrNnHsPjanxXbn
zyU`<OWtz(4k0#t_&_T!R&2jo{dBX;D^At<x6NtC;cEsa0_F{DZ{%vv8;OVc^(6g==
zVB>4InuSW(r1J|n$(`rNzIvSKZ0RHfTAvP@)_r-c)---*k9s!F3uZf0-!7*<-<>VF
z5I$8l(cBK|G=C9ke=~KdTG@Iu5AJw&2KeoA=LjqJYUf+uuv`x=Tjm9kCzWGp_Gv1Z
z+%3$by^4haEqku6)m#I;hTEncp!I0gNWZg-Cv)iLq!Z}0|LvpRLsRW<M>Kus({2-d
zI(hm$Vg8zPKVppTBc{g#?&UU*vb?AX%KtP`Uv+gFd$+dKXx><@Oo*|dbT0vNUA7jW
z&x*!bd%xXYJNAEEsO#irXjplz8+G_-X>vaJs=yls&)d)QhO$}PJ5f|HHE`B+9@`i5
z$xR8;JqM7lzPl}5UUC_=-pE~;tlH3TJ{Ji-g^xl$&z+U-9erxUb+GKF-ui1szYhPh
z%S*Ff+tzVbJAbw=x)OXNB4kmyHc=$36V;^`&0Tp8Q7y&kv$zm6q_$Ol-&T5iEr0Od
zh$7UMUE%_J(V!f|kiCby8F-m0Cw1j3jHGp{j|b@9+`62fW_rbalRoWp&yXgeC(^BM
z$T)4kPJCLMy|{}mo{-|xq@NhMv{@_JP3Q-j*L;l7Sj?xQM_-K++oVQNW(L=z4`b3X
zgnool#3F_5%<2W0a^aw5BFSwks%+d&Eu?7Jr2W-~`!A^EKQL1L<A1|QjsUf1BJDE-
z0t^%c1V8niLVDxa?G)Ufl&OV<VU*WOrgHw#Dl_G;!*+AcYi#{ow>pdDZLaBqg94I7
zaQ=IqiQk>AC7K4y%>KhO(N+Hs&xF!1R~*yWM?r(IA9`LEg~5Ur0_G|RUX)uwn-@rr
z{=KP*-ESQay&6E8)>0)kjg9%n>WBAJpoFA*nZ^Nmas5ycV%z>oNixsHDobRL_6mZL
zp5NO-?nRBnez^Z##CAo-9~Xlbitd(lEh5(UUzHfEg{R-2WFKuo5~={}Av!pbb`En=
zE&~pZ2#^`!zv!S`r`swnbo)GKVufugFTwdafIFl=5U^_e->#n=ZeeekvAEuklJR;K
z5Q?M`A`^-xJ9i89*L!OeiU>YO@`~ta1%zRRz`d*r8di=qZ(myH`|c~5UJ=5*zGKoA
z<U17Op{VmRHbq8t({7^<hfc`ktD1Nd4%s7ULM*qhBHObSqX-gML%V@lfhnqN#kvHP
zCiAH<@K!RrtM&A}v;H;eka+Co#(DM&t}csj_z$39?l>Kw+d`Z!(e%Vl%lGJnh8)Kq
zQ0<f);5v-*Y^EGU?}oQv)A*iYA|<_0mye0$AupQMcjEF>Q?kFre9r`ySNCKapRBe+
z;txdUWN`bhO%naM*WH6`$rmGwVSuo7jDi>v;}uO1C36qX>V^(_fTFP<cmv(8CZ)^5
zt5pg;MDPgta1vWdQ?wvPP)^`cGJzuz)PyK8WcSAU^5@TAM*9kTLgU=M&oB0E`zYZw
ztcMi^5M$F#NGWl)GO@GKifUN=-e~x+aoDq{w=mC4Jkcg1^iv_t4Bt8j@_?^~dY-I%
zMhlbvtOChPrWZXv96}e4_BVe;Q`60@**15x!Gypp*E@&7*?9=3O#MF7d=V10Y=hhf
z%gBs0WfKjKjVI2k_ilCU9*cbIz)Qj}?eIi9&S}~gt;SsN5F?v!#X`i|6>#50T@}?b
zWrFe4j0p%L;%!|X1P?Kf2m#czDK|NbP$4OfWK7XK<;UPAM93!iP`DS~zdWKo@m%$7
zp-KGa$Ju|j3Onb<7-GsirfLvg%QubFmxh|95+iYYgu2*24x<ud5%7ipIbjbch~mBq
zf$wr~jV9!2J$XYQS^UhRGRgZdG)YZbUYztF!nF8BQNEX|{kar~D-*$qwLn>I{W&qz
z7q8fGFB(A<u|drmhDnJ;ga7oLtAm)|l?702+(OJ{7CCx~8eL$=a8KJ6*MU@uNKe}+
zQtU$XoWh{}X;jIRN4AY)Vf!iIyohtW>%+~U1Ca+joH1WR=v8dp^{Cw_Kvm+M#KlnF
zSmnZof#C4$AuZTV$J&HFt`0+n-wTX(+;ZH9)Mq(;60IFRYMl;>H?%n{%YR4S1x{!L
zg&Nui1jl$JFTt#-1hjYfq83o5?Gid|ux5DKX@Vr6q|c2UVLZP}{wBNa2{&05vm2)n
z6w}zn;6GhT*;1p)#>KgGA9iq76T{4ZZrf$vbb`th$TdOh#)FrhFDo7kffBU_6Ro)!
z``M>3>Lf2W3S19-tPu;wvcE)0m)w)41z7s<{OgqQP2WFCetC5}dkFjvLR_Ni8TE_e
z)MSVc3^lg+8)Peymcmiu_1Sy4JgO#<*GcSukRgW}$$$Mao!?vfh-^{HF|)s&w49KJ
z5(Pm)ZvX3<`Ta3NE(Qi=8b6EomHKM{FB(8Q(ro${z0W}W6D#2>Oo77d2zRk+lg>gB
zY$>5b*bSj6ZTAO3bXF`13Y$&Ym?HG$MC&pQg_vuR%Yw<{nPW?o0k45c`8~mpXA)_v
zoT!68VJkAHu%4ubu%|WIF?wegZ4l|GoyFAc6-1SyuB6BZ!<Q3fLqSORb#qzVP?YcR
zYX0Npx@kXIMooqyO1_&E{|o~To_W`Gz$<6LEBQuRcUj)8^_iB(<4cAW&&tYd#RZu7
z$ctBEi##dN4`HxaXM4qu6p-cTsN0V<n$97oKJ80f;82(Kb2`fKo9W9aqs;CLHku+q
zd2pF9p9iMfb1umiJH0iHkgGazbL3;fgcJ3ekG16t89b{f@5Z=OkckV+r+_6_0?}vM
zg+L}J31(!yy}>qS%44b|iRW<)-CVI3K^o8yn#d@S$=3(&8PAQW`1yVrs$Fn`O}Bh3
zJom06S)$-{uyO)L2=IWe9}X1x7_}Ny!|v3<8C1tJ<f52~6m2|4T$g##H$8kC@S9ud
zUzK;JoN1w(!DP@flb`28r;4440I8Q)PoH?>qjlgJ(BaQHQQ1KKG8>JMCnvo*yp1=z
z7zr#OoeFK6;cfkRL3E-WXf9_<;Sg^1%C7a8Pa26uGlf`W#*eWL!{+?InIx|zaR}IJ
z8abPBL;^r$y(^c4CP+<<?*d=e$zvzPh+huz#}|zOock^pW@^D{EWd#mYnn75Ud;9F
z`9!Bs1JCqGmRe3e<~{t35|9>;=vpE+h1L5in`KNGm}IIJ30%AVOkRVWI2WMCUpj;O
zGa}qn?X&m@$jQ<Az3r%OTP~P7jU$vl!Z!7BMg)jF^EN;}`kYRR5V89bsyR`}lS=WR
z_-D#4bo9+dct-Q1T$&z7qd@V!yiji9&C0{{7&~pvw8|x-&TEvD0WK4u9t04wWv`$w
z_Z$Z@%XOP74kbRd+{73=L5ee9@_j@cx=+NaYJG*zh^BA|_qUH)sng(JQ<}9j++`@$
zVufYdRC)Yn*pibaPSsNaf}KJfBmRBK5-8;Ef;tg6`dY=s5XPb23-<%Z=(>2k9Gr53
z<r9AdR$PKsUhVE5z^{wSrf&MyaXsf>LR>S-wSO046fUBgH{T>eOg$-6YJQ}5xr~%u
zJ|Jta$Gor!T!)@dak(DVpS@Y0t=_s_)MrerPb)WOcepIBZiy@@iHK8HHd-F0dB>+w
zVJ6yWL?iD%B@rc6Mu4_NRyimPtwUtwFUIiGTFtAN<#DLZf#I3$?(Q+v7@4G5vmZT~
zU22mJ;`@wPI$+pBBzt_vD|`$f5zL|p0^N<(iK;{jhCOCGmuI;z<A)Qdf&rlkRWEyh
z$GUm84hBQ4LxRy#zA6`C8tv5rR)*vE3<gu>1o=N>M=v&ZnD#;^Q2&D^p&5N(Nq#!V
zz0p#@2bYxek4xhC50}KSVZuYi^&c(?Os;JAzqzDDr~l@Xoc@<f%B5##LEPTAM*c4@
zDK++kOKOrN)&9VeTt6Gv{KJw6Gyh*K3GDWNuq3tW_*1+9NJl_Al=Ff0kHc-a71jr1
zba4K`7|rc{Fh(DUk#yES#AwiXeUpR`1|Ry+1eQ>Jk9L0t)y}{^&7PT)J6(bLuWP$)
z#+utXN@$<N#(M^ha1E~L-yPBmE0*07%_hRp=*D*Ge@N46;Ph8XV3*(bj6SygxZ~a+
zv_0i7G=v`Tocp~cvh8m3LSaq>MyuhIeV%2bD7rBBuYr+k!>lnRs7~FSq7)hrEtC&B
z$^U~+!l8v`RO!!-pP%{K$SLPmqnn|?q!`3<ZvE}*cPcf<nR0aswYq%bZ#41?`$kTa
zWKH=*k`_+%%jCCe<?!!MGN7i^8vYR-#+R4TM3PFm=K-r%tuny1(6aa?xA|%kS-4K^
zRsE-k05|RjqvZR+C_Mmq+m>utT5WHSN1oiG@7Ni{c4Jjouh*J49`S9Op1z+aEu~w7
z5?S4u2?2)jN%~68chtETcKF`UhayJBEJFuf;+H%`i5~8LfPL}Z2gkJh?r&{GZK!+r
zoZQKxwqaRRtzZ7OU-`u4gkG%)uKvsK)1OKls9(@xTZj<xe(o}gqQ7-N39bzExRR^h
z#Oly}wS<k(Ga$T_WbG;q{GyCIBKHLYx^H44nTp;G2eFVzBGKrd23LcMfQO<>;<@T|
zPgN<b)6r!Cs#6z)KIFIZf8_V>w*e`JR^*ztrOQzdr%0I3`>a;x#LHup>k#pyR9nnC
zh6Lur)+@=U5xNeSEyp5KN_5cJC&peFDv%4{`;5gyXHR=gPnxbCeB>~!TW9pwvjyq7
zYURO&!Rnz=u`IeE*06Jqzh|Dd<$bsqAu^=Nz(cbc8y+ZR>mvT;l;VNO5iwFsJirXS
z#_@Fj&pu}^wv<#bBnO7zxU9z2W(C<Srdxzl%=c~RBkvKA=%I4A{n0Tkv=qW6>={~N
z7UG~^TE5~~>BiysN^dcBKbzw)9+6Q4S}tOkBFwJm$k>Y62?ZM++TZk&0Y`g67ahm%
z0Ak9H)oyD_XsE;|6^SP8kaV$UOijeVRcVmFg<qYHj;oVX1yMl^N)5zRMM^lN8LHXT
zP*ZNad^QVfV!JxN{ToYY>LU*UYM2aKg_Axk5mA2Ef|76!v77R{u6!!Ie$KOHVWdzb
z)Jpe6rf6?;*Fp@7?uM_(>(!zz{A;5t;QLbke6}*8bKEfdYV)1LE)?DZli#U>W7sn$
zW?OSf5AKib61{mF!8uN6`8*WsL=-&}M<E1P@;1d}Fkc`kcd^2fT?&@y5{G;_u>@JJ
zo&|iiS5op(+@+CDCWA1JJxF+v4V0(v>_&LHT7cVM==~n2H$l@K1#VNJs6c=MaL5N2
z#(xkR%ZljJ1`SVkN|&>(NI33ubzwt|wDQGucPVTYi$t3W>|q3J{xaUOS{<%o?A)Yi
zVw`X$3)Ms$rq+<3bSlC5%4Np-|FGE`#ns2hYi7NiLfJ-fVQ?#$J5R84U*4L}>65o#
zSDdOz_t}7Rivs)I9j@S4tEk<84bzYVx(=Q($G+uBBD)vWpkL*slfc=TCd!=?5>k76
zqfm!0Se^0AU?Do*HZGyMq1G~0407OUgwtRM^hxHdvaeAEd|zXq$yed1Vriw+3Ka8(
z^GGZad+`;ETPJ!2C&@cz%~ZECGghz`A(j-x^k=(KCyBfmB@=FjHS`~VlI<dmh5St-
zi{v)3p|X<6YD?QYhdn*=4`ZY<vjLbCvy~Y7J&ihp`;yRT!Y>fqFdoHb;~BNbld&aZ
zE{y>{EKY~ab#y<6G!0-52>p0#w_<@f)&TXafKa(#;uSFm10Us|Q(E<OH`15aL~Mod
zODW91$<7LttT9F>$yzi6v<H#qF<!d~MmoJT!?|BB?!Gna>Zb3OIJTKj@Qs9(*Z$!H
zrsS1M%?b3WV&%!M*rN+aIT3|l$CUQ>Co)0GT@2$*<RWmTW#N?8H;0+t5Vd#Lgx0^D
zkQ(Qc^Y6-$8gZ)>qvdj!cOQ0b4>D?=-tD=^N_3PpG<eUb2rPa9t#yLI50PwRu4b4F
zA9FcY@M}H%jLBJTDzXq(4k-G<b+i<h&kNZLVzxYqL3=UE6W(8qVISwHm5i0qS_%Dc
z8)4g_cTEyQgnL;7e0zVkr|H~@gWK(V{2K>^J-jrC@%p$lvV^s3g8O$}@7m6S&VGZy
zuLit|@UkD?j)U?5i&d15UpyywWX{UoAMUogXko$?s}JG3lQ^q4Mrrdc=k;cUu`qh@
z&&$YB#aQkkvF6@n@}ra3wWTNc8v8Giu@@bmtVa&Wo1qL5TwQIJftT{;eDunyv0R30
zOQ@kgFON_h&+ucpy6s)Ccmmg~VHsu2wkP^EBQ$8HB3-pWJ@*huM-N{h_YVkuADZWD
zoui22byitf&9Z!h<AS4<E5ar2o-YC-g|h_pSj{&%h9z#(A<MW72$L1pAzEh#usa@8
z@|;Kv^dYD3ge|Bqat8B3;eUqx#!Go5lLTrK+R@p%1F@0vh+AFk;R<|qTOu<AsPskr
zOX+xw0&M7jYfc~f=9!NsTm0A}-A0MQl|Q7)TCcL=B(jNByW#h<TuL&K?3Bb!vtPnq
zYSOf<F&@;QRO!yj-S_7>+&m$wE2`f+78Z-OHGB4*&2<cPG&wxAbu_h7=AoH>9ZGqP
zR=l!~{%qUv@H6N7xJJ5~xVmF319d-}!!atW7=JMUqt+i6sqX3DMPmHL!JUCxQ@Ynf
z#HFeS%4suBR3>fn_4Ts$i4kh-tSc2x7P`HOf%!o4Y}duPa?`3pWmpg1=NINVVIv|C
zb~+@Ft%bB~OVI$ag)b)5w~!}neWhuzbG2y5-lq5Hcj&HYt%cwL>1qL9h#)c0CpFlS
zRv<t>)V5HhMo}>hX>2~J8L31=3ol9q-=hjUp@r+r3xVfVD9jrx-69-Xx*WQ)s<dt%
z4*A0j@q1C#)HWtmAR_q)qMq|dZ;ddblqU&n-e68cT*YKKcX>L0d)l(qAIce<rY^)y
z!18(%VZa~WPdbhrcX(5npSp4(c9u9&fS<DIMQ7=MqfYCx4RXdBd>FM{#+bF-MKO{<
zC9+&%OPX$$L%u23R{L^Fj9|Ybk|Z-z>?_hH;^n~fTbPV}j$P?#H@n!u!O~if_e5><
zmXNHNXtf|Kxu$f3A_Brf46eI_S#|u+`5p_FFFVWy{I&70A?iLO4-3<gG6*?m0lt?9
zcQACj$(g9=aav{zTowjq3&pI*6|~N#u1z62Zp5KF`*CmDV{J)cH<W3&76s*2je`|7
zWBdh$gB1**C2Zpbs{R{TW02HqSjIupV2wPt4mg9?E1s(xa>!aG+sRMX6Z^Co-YTIq
zrmNaI1OCgG&6ojkV940jl`bLz2*-ZF={d0@6Pa{=8TVVtJ=KHQAD)Axy?Y75hmkMG
z6G$ptjGw<C%4=GkT3qD_mjHtdtpuBDilkm&wa>SA_jeBPwnw?g-1P#d&=G$U6b0oI
z_tI*Q8QYNck%6)&r;twKd~i(|NQEQZXxM)rj@_4VQ&IJN2mKuh+4eyJdQ6v;WW0ab
zBkt|7S+m3d0?&?P5_7~vfDp{+j)jz%U2)R4s~w5;nMdacpXYN*Z>V>Ji$hC3;wfQM
zZLLB&sz`^Q_-WyH(^wmEHlG8e?W(V=bJ7@&mn=#aELTc<*mlkRteaM3{r3;+jD8f*
zc1~hN%O6Ez?NwRoCCBjtIvLG#An#?FHLe!n<=8_xvzL*SqFukiOW*ROgBC0vjo!AW
z)bXfafDY{AyJ_roUM9gcP@VQpozJ9H!eI-AE&lpSaAfIXy>fhlYyGKxuvUH>q(gVm
ze`1F`bS8{4G(q-S%j-&acp&F+GG3%MZ5?g4$m=R86K$qdQ_lc&*OE}ii-1itAF0ks
zHggsj)QupdEg#D?c-f$x8b(`b1zVA@%}%p?{oyTA4^D^gk@FmbesVH{iH*r{#zYS4
z5Le1Me8?25K_!2-v=i)*pT-J=lSzw3^<NXUf>Q~MZ<IfSoRgsrLBp%U$JHav6yHSn
zy3FY8za(zUfvyRJkdIzR4@<Amu<Orke%i@?3_DnDt^rS3<%X_6-Hg}UW<<Ls)rHai
z4oR(~?>NNKX~OALbIktoX+m&!$5`AOOQ9xmjPJzMZ?40`Z^*pXegbuSLQKyT&3%I*
z@b_aXsf6pNC!S~rUvc*nE>FK?YB2Ml*UMXs7y5jX46xt8m8SAo%XnNfQ%wJjpA=6a
z2eX;_BI0W64(G$zw8e{(pcp^=8Qc%mzS}bb#W`!Tw;h=|*b5%<Kd~19hMq5pRwVxM
z!bMD-A?{Og94@sC!QVgs4*${<?g6xvbEjeV`ld`(Cp}>B7k&(>3wH&dCPLq~LpiwP
zhIGD;oS%*Wa=~Y!d8S5TU6l2o<*piTn~6Ehew7Su#Q-?7W`~WUE8WO8D$me?%RhBA
z+F%-u5X-W$qm;(h7er6jcSKJ=&5$5kr(&di4E9}DP{FQT$a6)umT{iTbA=XYhfryc
zDtiTEY%ilw#q5~Tb{(N+*fg&u89l4+se9&1F<?poe9(rz;ElVaLgB6plHL%REiX~g
z(o<`$>-9H02S*9cUh+hKqsWfZd5Ghkf-@Hgz}Lo%Ab3$ue?6ptoUE}E;4b=@u*?f*
z#s%4w9iiC^{)3x+J&XKk8$a7!3^5vG{F!mMUZ&^%pc({LuagQ@u}@1x^hA--{zLF!
zN;MoBNZ2EjSLpr&-wU5;m)On){RTmc@S8O?N4bX0ge+P@o9G!TQk32))ihN{qaIaE
z1KTWMEi_=)BVJz(@<p~{)jtG|u+_&7IV(1&FY^nW=hyEqU|2#++;={|TU^5gP^hEh
z#xWAF7pb3ul47-((JIY8e^MzHj5~p|ww%j60AyIxVEPSiEcDjkM>DyRZ9ler3K2GJ
z^)>}-eg9?I4%gDtDNzB|?oWj3w_n1E!65dQ$mIZ}NW#Nw3%=9~9(1K+H+yQBy>aas
z5nR6`aQJ82uQToZeH6c(4Vqb)d#M(Zf9usXi<6M3WJ4>qjuxwAbI&9QtN?kK-Zhu7
z0S6*VA74J1alsV#Pt#1}*}_1EY1;hzS=d1t7Yz2v$q^@vxkD%{ElR`_Cf77eB`@vL
zS7^r5TLu&u8!XsB-5)B++hG0vh?8VPD6KyGBgFN;lr$6=o0`iQ@UZGG6oxk9s*IJw
zyW}a7Kk|TN-WGM8w|xX_fGns}@ESPPTOl(G8-j3ap-VsNm+_KqCK_@bVwah@pBkZp
zozL_esy9-Dd%R|6q>OUg#}El{N1iP1PYWFIDw4@#awhgk>_)+^GQ=|BtR2F9#1U``
za6mKO33(VcON3MOL)b*|GvG09x|zinJz%AyBJ(wd|J^0Y8eFEXN<;5=UkD7|$G19M
z&T$iT8J*TlUZgRWU+%<$nyX#ktPmPHWTn6i-07jg8?pyx{R8VnIZR3mq$NO^iwS6m
z65V2UWzI)y`962@H&%NqIqx+n#Tu{~k9d`0ZLv$jAA^9hCgN@cll@M6t@nwpR?EhB
z)5PxIzl+$hzNP>>8|*u}p8%{74=h<JiE-UX=?-ft|0YdU6&bIkhz!zIIu;{2G`6Rm
zut|G$)hQAzI)rsG{)sT2ITd&0V3zsH{EMT!iwX@FQ<Nr{U{qq*;D33N_IFalEv3qX
zg<6$WV@R(Jtzbc6NbkQqDY`}V_Zqf)Q_3ei11~A0=U<)_@B&_09~_X8gey!gei~n(
z>wk^We;Vi5>V3~Kxj6ax5oA9$0qEWA6Ti#;2(tb?EM^SO{b!d~(}!@PhuVH$sV~%P
zsdTNdlCSK-&sXBKous{&Zj7@j+`(r@-7MIB6&~>MmvBap@Cz0}oZukW5h9Feh1NJ!
zSbUjXIvfAS5A538*%3v|T(U}qRgpL{10zX~_19zgtCsC5t7jf#{XXtEkF3pV!qiy(
z8rbV3DicvV50hhTDM#oFYOh!VKYoheIUgDi)r)U^Fv=xknnX~h9wEmvYd@}Z43D%M
z=1LkE?dc=6l;10pBnwnu8rs)!BG|+JEAP6You<qjHoy|+-EY$jEZ+}mV_}Im1?pS|
zngf4g8#CzpB$TbCoCF{w!taN7db#qlc~Wulw`XK=c4zcU@xZcS7=cV_;qmn2V&dp=
z;VgQ!7Q42W#?}~HENIzp^N^p|NMf^KFg+2$*6H(^BSLmU``3KPS<3JxT6pbE!fi+g
z*x&(y6u?a5MQNdnR9#j<9VD(FSxm3kR3rEF(O0gvrx#Vg`c5Ywq6<NMZkGbln5Q2d
zw|F^4f{p6Kr)+JG#)mhCE4sV3o*6oPTz1GMZD_Wu*E3vCz8KE8N+2!l{Yg6K<H2UT
zQY!!@8t-O?cNfePP*k&Bg~favj4ieN;#1LpKoY-L+*=B3Q*8ngmX8O!;^cN`=Vu)Z
zsa7%pSv6yCl)Q;7-KELtJn!Sx5hhn+<VVu|Te0z|FSv5s9F}~p#_1|ZB!Fb(TFB)8
zDH8_2`=y&xO7!YW8hfvwf8^d@ffdRTi&iX|_%koi*Nxo^Zcd~FZkcqcIYO4`W{zFJ
zO9@_T;{wDz1NJH}Q#acuzd;({<9TuF?(BWJayhWWb`p<Q?DJ4)-o_biI8?1XVz9?0
z5#j`HqZ--Mx9x^voE@nl^JT|^Tk7Yv4I-34K$T5VoAghcqKxFS_#=Yys()|m5NaKi
zH{Hd6jdo)OR1Pti=Dymyc1v54AaFzJcUw|dX4M>0VKe-(s0^uKSX%qi&#S|7DGXM@
zd?Gd{T|$xBJzq>%8I;@sKCEj1tMiNNs{!`caWR(Ekfrl=4(&>ulb`*LUWvwyx?`Oj
z1^|b#OVBL@9?_Uj*u$xgCd?<hfwUUqAgnEq&5!NB2(8FX%c+su`W`S2Wr5?HLfN;G
z-a^>;d2Y^%MEDTi!#8#{WVl+zcuPDaww{=Jzug>RMrZ`-72;mF8V8X;j~y^qt8S)N
zGkM2&KThekbfK0^avF~&@n;5Bk7e8Z!WKQSDS@xHuy<J6fx@U$tJ$-Bu0b2vc@jC1
zUpEPw8jT@|w*RJ)XIAnpOackC?woQaA@j}P03h&iJwj%@xsN-P8_N=-j2cT4>mT}(
zGe0FX2~OI^g-wxGyKl&hH0=J9^<3`fmQM&<&3vXcMZBg9N030pAJVgjSj+x~W6?dX
zpB)7ARajM3Y=;Di6OZE2a*JusItu&@E8T0pUTF<avI_jMPcmjRe}Vp-(w-t7EIz4r
zE@}g_8FZqL!^l|`SfU{nAPg0yxwt)O?ZMh+TbO)N!viL5bKGrJ2~+qBqHxlOy>Wlm
zsL&Z0x_5OrO5b%y>b>$BENKi-OwsnS$H-iWSaL5pwui|S-fU%{!-IzvZem<9UKkS0
zks)Q*i-5|)jQ4W_Q21C1$1>3{TUavP(TfRe$w2b#zXVF%6~JncaX3H<6Xfun1tH3V
zFSsTjLmy!5Yio@UDQw+VU&2`HY;$4Qp=&Z#%`w6_dxgRzy&d=|LXhXK8<Qs%(myxh
z`_j?`?~irfZWc1~@=9||)<#2TEOY*Cm=nkSR8;Uo)QS=Wz-tJ)LT*obXJX8uvDL@_
zb$2r!R?IBE*sEDWrQK7vg?re%suINTSF#+D^x?o9B`i;z!<-;Vl`ze{s<OlSo7p_4
z9}k78IYng@SN@VZtEW?>1wDgN+zSDrO8h8|QHG*B$CH8a%Rw^mh9MC~5#Ac?Ih0Sf
z6DL-$TOtDkc=7;Wvfk?0sr}O<<TWQLGC1jdY0LNL-coxc4iEFRu>7>7(1(Z0`4Ace
z-zBy`8)BtzM4AWDYejSL6_CvS^HtDiRj@c9Rc3TYrWU3^dvAL(l`~O3T@4d5_0z9i
zYr{l=FG$7vdriqxW;KV;cO1*GcYiaY`<>6ozD)Bo0aQ<9WR*HDbJyg^qLrGUPF=Ef
z%XwOye$|Vlr(pBQ2Yrq0hxNK_(Tcb~NoapqCo__|j>_!$)vW`HyQ;pH)9kN&DjXl$
z>*ib<FVkGLmH#oDjg?%5%~LJ?BN6*W>|!lvTiUB=oBHE+W3c;U0-;>kvV<0ke!38m
zsrv(S8c=1hqhDH!)m%-2b|fzNGreGK&~WuLt1eozcYfWEzO+LrdA8~cANDWD&H(e{
zCBZ3h&(@n-d8X|yOChCp<4~%U^~|}QhR9aWk9$ov7P7pVD4@)KI9Gun55LJr<*>#8
zOw7E5IL%+VCQ?I6Y{S<=Y)5_Tn`DrCl!ga{5&+@WWaH_^)X$AGvoDNnrCSSufwl`q
z!chz_w<#_joG_IQRu&bV`B)Lmyw4m5@s4>w40`9#!D8ARt=d<v#r#%e(P_Da;(;@O
zc>bFP^qI53^yXpsOTIsN94~}`*l_{v0W1u5<oo^QpK;jB#S-;#)6=dcU)CWdsOIXx
zWdIS2dcPCb{UrDl26;~n%{{NLg+(Jl_Q3Sfyo`yiQeTc<69J1xybuBw9llp9d~eb|
z!1nlLx=tAGLvNli6Ff%bSA>KhXW$j|BMnIU{uz5HOoDrt%t6iJdm?{?H%4y^$k$~3
zO$sgX*(r{Jmn2{#RkhY4KhY9%%;?+aN<gQK3$f86e}VDq@j^y00vDo=DwbsJ={KB&
zf)@!+M2|TU-Fg+J&prg>y&-V^R?Q2Ha~Z*5F&`g(L<yC86^wHCu!#H)O~NVWYE#-3
zE2@)I<T5<|V-2Ki-2s)_h%L(i<jKahOLX`&lyjk9xct!V47DfgMV|TUW6K}08sInz
zo{Vvmp~!T|nr5#d6=T$4xEgUkGtPZ<e`wy^WK;Q2T)R3i;bWT*Y&oi5d7Tj0j-;?C
z5m<l8Wr1B^fBxe86(j`p)|v%MYK;@+^ExpNOF;cjY%PoGMo9~1#cNFWMG`T)rFoN$
zJw#}jU`v=h&(qQ*JOPCY1CbgN0I9DKiA45paW1K>3aL9}Avh!FCq>`I<9K>0d{0$o
zw;~o-hPb<Q+78V3R^wq)(ft!RhrX5CT$!Ye4oeGLQJRB_fPZJM@M!ZE*gWA|(jE$K
z{Z3QR-&||<o?T>0xCX0&cS@1E3M<b{a*=Z%-$7iv-XpOtad#1Ri%c8>yqd)>k%Ujl
zR;0g{N#W@(zybZ9TNztum!Ybq(2X)R&@xcNY(GRHygqAF`wuch3tOH!vgcu@v&l}O
zb6vr^%vuxN?V*u(<@xlJcXOs4QF0)v%}KU-?qte9=C{CYH&Hg+cuPi6FUx>PjFc~Z
zD0H|zS&}5S+F<8Z^qFIUiYV$(t(Sg5572o(?_1WYKs-H7u6N0%dYUGUotC(@spRaq
z&oT=r^UE)<hC<yHbsI0kQUSRx?L&?eoa4Zdl?B-O43xJ^-C0%GE>Fmem<kOfwXHi&
zqHGy!{;M*ep`<XY`-L+j2Dt}e+OG1jjEe}JsIjClVa*`F#LNi@+a>!PGokAvS^7Jn
z@FUAOH1Xu^9#pA2I@?gm41A9Hs2xp$gfd~zb=s$yK$_vVchrr9Yo@L_hfga`ImVst
zO*XLHkS^(O;DVS9%z3Y4{-zTSp+&uZ)GyR+S97lW;Nki-(oVCK%yl&kUe{nrcp>|0
znZ03Gr;zt_lE}bGFFK5)w5a!q=nVlR78&B6?2r9N^>i3SSO_~04#B<JYF0+Lj0y7i
z9X;?7VvHpW&`?<Hon#dhcNw@n+aI(`#-FI0g45cy-G<@e<)W7+Gf4yz$HHT!1p+?w
zuTli3Z^@O7g}Z7iGSo8Tt<rf}u@IYU^$JevWfJf<D&l}H&+#xCsuT)W?wz_shNI*#
zo#6~wz7ndw#GEp+DoL;{w-MCqpVmvB^ArO~ddbpxF*YazBz?E0oYMR|%`&zZg1(JU
zebpV<>tG?d$*-b!OT-}?K9nK3GOvYfFOH^Lv&IjE5xWIz1bx+PFCR<KzUr@TT47uE
z^v5DlJ?B6b^h*0*^p}6}c5xjnU_&o-^WGY&%M=RWTr|MYcXtZmepvSwOdtQ~K+ZI^
zyvz}MHSAH6XYApDKe~^2^!kXp@N<^!epCsh!q$Gb??i?UaYpywF#~Xlw@LiJHAf2K
zwvC9|^<D0jSe1rTgSdK{^L$9YL7w<oI2uW^0g;lvNO62<lIqs^(_@`v>0qCm5U+?R
z^JKwpSV?0-6~n2x2T^X_^NNeqA(e+uJU_N0uN-N>i|dE%WbqttfXhz-*Qco&y=GFD
z1@%~py~vdFA&?sevs!9m`@L<AecFOH$lfsJcZ2ZS1NF;1cVDPML)W~|d9XbARZOPF
z0raUOX)5$lGZx`2DI7ZbHC47*Kgkob3T7IxY%NF<GE9#HI|QQy4HFNBe@>72YHB<V
zWIj)jSES7@6RUYaHl?T^^JZW6S|IdTITlFb*51+Zt>rp)y-Aq9Q_dM}BxFW-iBYaB
zkNzLZ-YGh;28h;-ZCf4Nwr$%<$98f$wrzFPvD2~bbZpz{prgq@bMKwI?wXf*K5w<o
zI(2G)yK39Q`w^4hj){|0xpn18Ypa&li*NEr!2`wLLu*8T(`bn{qzO?{@Mh14QVj3V
z1i2tC`F!{Ln>KTy`-%Da<nY%h8{%M`*IB(3;{5Smw0jv>sHNca*CNkEs!e(f*RSa@
z*>{q^4obNTzCU@XzM5^N>p19Fvz=Z=iTP@_XF0mL=yNKSu3x<t^OvhE2oLhy$-@$@
z5#V#k!E5pLZ{6Gl8mkE8N|qVfy3sD3<oIF)ZRNCq;@&F~uBI3WZ#VLm8P!dponI^b
za{V{-Cb00A>*qAfShYQh_pm2eG!;b)n9Un@o-W$IAcOnbmJr1a<0~{+|62llGJc8V
zptuMLeUQUmioF#MD-;T8(eQ3ht2nUjZh-WJ%>y9<40Fq5y5P%BSWVeJfbqt<(gGeE
zp;WrX@ErN$ujn}JzF($vRD`WJibs@Zhy}5y-31;5$F!uiU^2K;SOy;&uVB0IhrU<H
zjpO+sSSY#&!FAkeb;vXvK2+hux3bVv4}CN=*gR5hm>&3!_@Pf&cSVd-dA>ul1t3q2
zlYA`ZL>vK`p%`a8lQ4?DpUgu*T`Gkw!+YUIT0;e4pKwxvPue?>pzg;*!Mv^hCBc_C
z+|A#;mN>gOU3)AAeZz-ZK{cPRFUmb#0GU$=JC|1DF+C%h-eX8$l%Hcr^!c*4b9Zp@
zU<2*sKf_cm34Q^cQh!s<s~$P~7Xbf(*yCe{j}|3mUsuKeO*GKPiH<ov6iTY2@25)b
z1NY5hXxp?$r>d!r2liHy-0dg>h3rgG)T&#cWpizJ{}OC#SJ9ipiEIBeg<#v%1Mg_O
z?bt~@C^%1qHl*D*RN1q&!@VpHJeViZ9`Q1cXXMEE>G=2lA7f8Mk7Z*|9-xko4n0u5
zPN1&iQ@W1t>%|G)JRB@31MT3#(D<4ORt$nSzh;7!|7HS|3r40yL5TaS+R(DsLze6R
zz8Sk)AV&h);oitLlO3j$uPGZ016$X)S40>Wb%XQ1$xcrN83R`BA7MKV=^NESouJXf
zr83$_2Y*)@d-c&k9Cm<0N2%>c5SvnXyabv}tQe%!G?p6(*-cUCQdn(H%i@HK7KP+E
zv?GEWIdK{0{J!75a{B1X7qA{9ApsCn;lJgstmtV;5YngcSUP{34GZEF(hVZsq85TK
z5oQPR$1)?}XYdzg2KUk9#dup~1QnB!J#l*J#U%TKSVf~by#xd3;v0pX6n$v}3&lGK
z<AR;smc38D16}F2SI1%P=OAw!E4lH!La+(d2+$n52E~isM&)y7c-4&2npP5cZS#)E
z)kOSg)zifvbJp%W-;ck~o*_~w%sIqrE?c{QiR_wM4IOl`X+4>p&nPiIby$i-DI?_*
zoVu_^zV<kO&5;0n@3+q%qtrgF>vk0Rj3R$HL=C<q{nf|s%w&TW4gG(aZp+t0$Zn}j
z8*e;NPXE#|ZYVN=#82y4Vr-+iiq|>H-_4$sysxCDc306$?HhDg={HWuwjtH58tYfC
zOC^p`5Q(h|rHEh&k+kGkjJv${2ZfdI5Uk0=#E@2H`St)qpt!ySqVhE#eu*{A_|<E$
z!Hpq>)F1tOCsMVVeaW`>Q)yvH-W{Co0xR8pMW|X+;x_TmpyKMSn<WIb1iT7EddKlu
zqzM^5>F`lur?T;mkrPo=^JT*!CHp?ygK%~DE9HrZt!VMvVSSoK-~X|&@u>8sTGtgb
zQ&C9eXt4sgH4YFJiX5brGVSRqZn0iBI#^qaN%3jX#i@|xqEHF^#BjY4dKZ(wCq6e?
zcOv%nV#0jsGf>v0upUS~dn5vX_TM6_$@Mlf7Q&nSCZMJZ<L0z5hHm1Q$qpExy1?|H
zPD1Um?EM3cKI?C67DQb(j}g;bN<E(sL6o(lcS`{ru;s0dOE8t(eZw`)JeRx;u{d@@
z%2*F>Lfi8rA!UJSkHeB?%?b`XGWFuHX$rxka8QUwux@%;WN|MobM$|CN<BZ=*M7DU
zBs@#$M*3yTQf77H$20p&eVvZ9@&JuGP+Q=El2*6+_7`4l)Jgg6FE~yQtZLeoWhIiJ
zgJ4ZyFCs8RI<}}jxm{LmE!DGRb8OpV6*+MOo?d&yS*%G#J6A)&<I6EKyL*7~#nN<~
zP!9Vn9jo<VAE)6uK~WU-!27>*z-VE@csf1*-Eg%tbLP%`z3PD6ZJ_&41#Wsm=>J{|
z6~f2;7G-HC@C_WxZIL@$kjnu^ywRRcEf8p^zb0oRYgsn7lR@vDee(Z?-a8STTw6Ah
zUMU-GVi17`9d1NyeTzNdGEz!N049r7Y=Pzr^DKuK4eu-vxh-DswMX}aIZ}J;f5ZV@
z{{T7P$U(sZ3Tw_ndA$%|$*2mVrC-DCb0H_(rYM?B9d!aRpXE{>6^5P%)10S$kp>`I
zzGjf+Z@hS*pl~6O%PSiz^%XoqG~7TwGQggrpp(_Y-y2~m<>Fud46b}NjwRFn7GpL)
zyL^u-sW$qN-f1+Sd1-cRhNcBB>u(A>>!5hN;*2#KD2!(uL}<yd%e7EFVDdfO<8-6d
z(LOw8jOD_3`Y;a?8z1Q>*vumyp)XKzlA-Apz1$KO_kAWbuKMiFY_1;D-VvH`{UVB5
zw|cG~k1+bAe6Ajj^Kt*{NkiW`Sg&TxiY-(x(ONYZ%#Y?}5aUZckV-fZzD9a!0ny(^
zBcvn4+YCr)23|#`rd?fD1oS*z@$3FdvB9}IX$Y_jCmxeC4?N8VqNgzWiU9Bx{}c~Z
zh??c)ev$PS%1b>s0wD|edOOM658s5$vkn7-v&?n@9a~9wf)Nrs2_`G$<!t#Lic<H3
z?Y6)13g)*?f2!y#H6!9KHKv-VKx5?W77^Z*!KgU&=pYQ3LzY+HF7=Gk?B4~|cvm?8
zwHdb$mYP<AZE(kKf@8ffR3Ht37ndsohL48d3B68dE#uNc%*x0f&m5aS>@XCD>&Yxp
zUtl2PRd6sP6Z#J)EF2b_<q@VL)&#q>$^d!VWe_U1#5TV+=AG4c*ia#YAazt#f6vMC
z!~kX6+NZlBIMVd08cabSJtH_Wi;_Uo&5>YGY}{(g-Pp?G2G+k+G{E+X*(iYb9_(@2
zGR(5kIBw?+CIVjZ7A>UQV#mTRVz>cyjnS<S+P&7_7CL$@r3z}o5LtVPvGcaI6)LSc
zAD&)s@ns~)f^KaKNxNlLK($FX*n&eFYfdHD0@LndB-kPw9;FtZPmkqCEiRw0b?X+1
z$C6HPuDi`e73+SzH^BTNidCE$f1TqQooRucQ=Xx1b&bn*-ibGfpvl%w3NOCu6TrH_
z;!ak;@{#-VRJ%3gRJ-ED8M?>t!{z<(xrf*u@iCPCgf#lrjPkOtJ7H*SPWDM|9b(H}
z<cPlC(P2!@W%*75l-iF!JAvjaE=oHqgd!^&Czc|x&g)N-0PwFVKQ{#fCyoAJLm~5$
z3S3PTfpb($U!C>=MuJifD~oMm@GMHSFV%2!eaB8J$givp9E3>{J4$E&8E0)(@@%r@
z`?8ft`f-%b`=dUouxJ&23Tr41|8$)UlW?E<Or4!g6s@p6BVmi@X?mz+T@<Wj)m192
z+ucBJB}#}xd%&0|WLzAlzYGix`sFvQxupxZ3$Yy`xm>U5yvc#UI7_1yJA>MK^Y>Lc
z(FxvA&$sEN*@kJ?LW@e?Pwgf<iS>1n3C<3YC{5d@D#-~lUYn+>pjd;z?>dDiH|?|a
znBb3DbM@gK=ZHmSn;a+Ft&$_ZL`UL;30#7|VU>KoX8|b|TK^T@`Wlz$yc^F;zRK*t
z=PMQg$_~3ZmAG&1m#S}rS7(3j0BRjhaR0}%&)C<{BveOj*f}4G3(mh|J4&YaK1gQQ
zjOhSNDO~rhv*6o0M??fa7H&>viv@>=Lg&iY#l}t0am<#KhUPuu5YXgVCL%=REeht#
zTM9QxfWqx$<<=u|Jz?Gm>RS~{>TIAlysK2C_wE$9sM@ny*3z<Z3}!p+ojOH7STtmB
zkOlePzmXTM`3g}Gh<;EP81fYdI=hnQ1mjAT<Q3+l1)lxvZUx5#1O|p#3?>vryOG`e
zj-fbvRs=awZalMtMiI+Wb!K|$eCW}?qG}Ar0K%wQF;5-@gIk2bLKtMfv>EJp!H=1m
zfNtzM+I3GO2<S<@6@eKribYDTT3GQjEW^+aJ@CZ#8A!7KzEvVW|NB;nuU+I(=vIsT
z#1sE&F(N<z`&NnkL}Xg2g;&vK@u|gC@%it?FZ!bwO#RnJyu#F%&gYD9d&Um91sqsP
zF0#Hjlia0%nQWI<Fiofr`Z#vwxk!N>-zV9d7e8!^A`dg{WEPrqlEUT}7H1r-_7t0>
zl>XS`($)zbRRM?NNVlnHkfW}o2smDb3#52-h9w-D{4pSVqpVFTbAs|8C8odCgQJ7H
zOu3<h^}r;Ps1H;{qeD9n8fgIFZrq?=Z1hh4xLQ0yVS!h&KZ4@ZGOM`sm0C*%{U&t6
zR^m0$v2*XA%VxfPn>3kQU(Je<pCo^D)_FRrGI-XtmsZC|>k>sM*YfhdwEs%76~KmS
z`gI>a^h2|$ix9!O(KqqSu=2wOf%?m^@`H9|Wf2#xx(%g=@y%*zw968BJ1*Sx34T@r
z5I+`bZ}Z1ZHC`HFJtARMcV0QD#~Ha*Sn8*@*q#>vjvZvZA-}?p+-F1U*<1D%<ZafH
zUgEfB@*qi;f8x{+{yzsDB|(vnFy8UK*5-I14JG8SY_NlPCQoDVzY6k=tniD_CRq#1
z29O2bhER&p_)#_3^aHgcaMsgSeq=5?zvptkVI_?r=0HZrihr$kG=_=>P`TXp!HKU>
z?FbHEI<<*qS?M%fnQVtxkWK=AXvXUjp6CP#dV9f4c&pi{fQ=dshH&~Q*k<1a%P33&
z>#}*=_YIqf*93|kYApNHB_x<Tk_BRW&`0Qs&l{X|MntcKGQfy&)=>IN6lumRO+nQI
z#_}i1!2Oif^gpe2xJB+c-twPDUSpSzh*W1n*oyymT_gXiYmRjzUCLKoBW-g2t83&}
zUE@b0m$q|_u;rUfcMRF&A7&l8L^7=FpeXVFFso=V&%rQ;N-+vheI!D|%=pIJ<Qe#W
zwZ}1_%WBa2#s=kEOWolY#9MJ5rPNy|BO}dPVFw90k(n*FQrPo!`^x^v1q6O~3i1*P
zF#kv{cRI>2h6sI3j2l@7v1OkofXNS#y=q`m95ZM*3*2|I1Pi5xtvRl_{H;t#E6Gqt
zyP#J$4$2>@CGt9UwsYQ`fjVR36vPGr7ViQ4crWmOzV|e|M1BlC=umUP?v`Wk)gcTi
z?N4F%Ql>Wfk!sg5HcOP<ZrHm;vF;#yVgsFx(4Sm{CEm9o>7r+RWfI9*^diG`>lm3i
z@m=hV;$DNO)uWlsv)BsOjBO5plAx5e!y(9vFC*7YR9#5S`=NzT{t<+eCkGBV)cpW%
z$j4+&KawnINAJ35=q3lo__o?Y1$_m{Rx%1Itk$r^>%qc$$)@BAnult}gq)6?>~2#w
zNEg_SoZ3|!0yv)-+O!HfBJJf-%7R?flNf{}`EdJ@XQa^WM1whnBmD4Y$9OQCvMQYJ
z(vAmWM}*%R!s;MzYne??*zemy3>ATk9@G7>M6gutpIQLiMdIp~$x--eRKJ=py=m{A
zSeDeV73rCRsi5b)Buak0Em7MM=@Y3x){n;ZOOf$mLqykZvJ6*c>Ys=$P_9UM@JISz
z-MByJzivGFd$r4`Np~QJV-j~xWgzFjZak242+_R^>0N^}xQyT}*rewOpxhDE1oDS-
z9Oz&kcwZ$~2;}D_b*RmdAFl+AJUXvhP<@$E)_o=U!fPQe#Z6@Z<2KO0h%d=9q}++H
zCQbIz%FysoMaAHvy#yPk9p#pbbLal1z1WY5Her#3EEI8<U`tEL`M0WeuZ8|d>O+mr
zvS2vMP{sY(C=Ig3Qu*3I0^?Q!%vl};MqtRcolu6^@%%`dMf7AeDhT%->6kf01th~6
zegbh4)aeLi=#QKKrPV`qK^Z=*t|;F$Uc$R}__I$zWjM;7+<hEFW)xqF<x1}G5WPzG
z5`))vjxz0zPzdsE<<>DGfS-f6ao!<Hc9U?j{fo!5%>^JlXUm`vyxH@GqQ2V|Y0~lF
z&IsU_DuAzZ1m&R0RPljO_N^fW4z^sQ(DgbPTMbXRHpc$Ene=KgN_4guB;)qHag%-1
ztIKu6g@fgWo99JgCx#|4<rnDCr{%o2pONy%z0(gfOUo~JiF}11+E?s%UVhjxsC&*a
z8__8M;RCpoe}I-w2B1w+eR5hE&VHr5{g&<ky|wE8B2{gE9N#8xuR#1trm6>Gjl3Ou
zBBy0%2;3CZO5`+DY;$fgcVh-b$E@2pa-5&_x%Yof3t?I5&pmoL4Np02e9>;JD(B%Z
z$<eCH*zD^`mEs>C1DJ!TUH>VV1F??3P^i)xfDX9GFWFcT%@`3wpGLWhjZQ1%%@PYL
z8%nKp-(ix)gTUvusa6J*yZLMuQX;!+k}<M@2E0~+R}oNXfL4O=zOPE7pl}@gwKlAb
zHncRUcN^^_eef;qrn`ywt_0hdDiS$t>I0_*G(SkRcS1S=oIP(FqA4;!J|I$H4M$rZ
zKtOz*Z_S?*931hSk__q;_(`i<Rw6D${<D4>Vhh0?(-ILUHQ@K`Dx`-aTp^o(AlON;
z_F-VWfeq?*_>GgXTYAWX>PkkS)yj_*mq~|dkC7xN$QEr?IbqQQ*uGZyFmn+~FlI0W
z(B?0xBGh@S`gpP|1pGS`yb3nOc!(qlfOxawF_LX&tv50ecTIXsY1K4ec+4GwD=&ns
zy9C-)wSK;Ay?QP(u|i1piC0UjH!$I%c*X!~S^4^@J!)rhz79IY*+m}ZVY^ZlHud%Y
zwNjNdWkBepsmt$WAiX+{>OZBuI>7gcHOJ~ss9U;Ztuti3dfP?#V{EGyBYx}^fSmjj
z)S+zJ*Jax)@9+Ktm)<V3BH^g6X%2yG{*}=m6$O{+hd(h>4dGr~unhPKCW#KZ|K8l?
zytHo7pbrirT#r6A12if+IeHz7Sv1s{(k<feQgY+sfdbZQx{J97NU(0mF&xQmP$3f*
z@>e>dR^v!6oeC*YyZRn`{S3Z!-~+vH3aldP&V{rUHJ@x8l|x%1Vf8-EH#-R?x}%xp
zORmxCna9e;tcl818!Z9t-f!uP8PB+;v63$bbp~H$Vts@yLDO#7GzGtNnKlvQ&~cc7
z7?vzT#7i3J^kezd&cW^Xa5Pbgk>EtUiTb<ZSs!fqSdCqPOK;x0e#AHgFb@1K@RuBc
z4?9WIw=5yIev&^W$EdSCFXvGGS~TNr)(%r{4gXUy6ZWV2;<GrhU8C9&wqpIpgLbVt
zu^q4CYc@=5m*w<ym)?YO8KWCG(v01$96lo2sBev!`hH%=Q$2h{JA4#CxpLDRv&+ot
z;ok$3tLX$SOW)xcJNvyBKq`z*^JL8j*@1C|enoNWf0P%7>{Tyw0dz<19o%5Lo8y~i
zeLZYCK;%Jhe$p1^e+4<_Jn!sy@!Z1Zdc}SDPKCdVWZt0|KOfq!k5|Kpq?<)b3J9S{
z+U$gk^$Z2vEUnJCJ!RA$387MS#}a-SSVcZ*ej^t!uSqffMo!xRJa+}IzxfJ$ogxkI
z48Pb#J;&!qcpV{X6hbSYwY3zoNrV&$k$nEP1iy?B9w9WDwM~dh)%y+XAY|2~R$;vX
zuLC1!IkO`N;Y8dL0nJT3)=zYkU37e_suen=h;n`rfBP%b;c;yHXb|!LMN#odRpb+r
z*P%LQZNL?1UF-yACQZ~3;TMMLY*_st7z%YhOG)q_=&Tx4`|zc#v_gz^`){RJNME+l
zKc(lL7o!nU<RmB<i7fmMz9$0$5cSGG(0%!LPjzs7AubksLaW;NJxD<s(SynbJe--I
zVDISN$|Fg^hGA+3hC?!3!%b>gW+Oh%PJyP-Zl5hgrQ@Xf;e%kI|6rqavcHyPT(22_
z@u<^L0t1u@=kFY--d%-^RXjh2^sjRyn8+PBwVYL?D_RhJHbX^4Ednr_zML=~7N5k3
zeKj`zawr#Jd*NS>7Gql&&M!xcG2QCM;+H`dlivuJvBSpLh=cKUC$39EzoiQaNVi{Z
zvm0u=_$?(e$m>kH)OpOb#YDZ%*oH~5w9x@&k<9ki#?Z!~{Fp!$B*E4_oY_fyL|8Wf
z`N__iGS?E-t<7rUR75$0Ptc!RfsHU?>ZdCj9yc|O2y1|bJy3i8Y>|QSj55y}Gvg2m
z9IsDSa)L644jD=OY=?zKe;0)UaDTXZZSnG0wa_R@vE;F}>Ty|o8||;31yRACIf0<R
ziO8>7m-jvNS;#aqTPA^V+hpIVltH>T02vGcf4DqZ-@2WHEcy~}E2P;kelxaWLCmIM
z?!$5yB=Sgb+82sB!jU<oK;gi|#vl|IM1dZhfcqh4cH2WT;bh8EEqz_FV8;`vmdrOq
z{r88l8>O{1T(CJG(O-A<Q>s|0Qg<8eU(>FDT$5h0630J`IhA6iRJ*IQ*|G+%3#~BT
zYP?ykSYClPvsxnep!m}~&qfG_66PX2J)bWtF-QmH<5W2t#=At!>v~{9e=5e7Q3K3K
zBZx!=2l$^u60ypbA(KI9zy&mW1Wa((KUT3$X%Z2FNJA6qcYy{uduqo8m8SWM1?6%$
z9adi~HOBFXt8+@de6Gn`wQ->Ezpm!s&=4e~9!nQ#nUf1+BKb$8X(i>aX&alTMIt72
z7X`Ig?n1#~dvBJa@XgnImC|3CX$rwjE!AY}-V)LwxiB}|dvL@JI40I2t?gNRacXuw
zgM`psRnvnzh~2CQU2a=@xp@_;Sz+y5dtpwg>1S|lz9(JiP4D43Ce@$<&6GqOYKmI2
zOV+@7bT%UN@VOJdMEkv<5zb145XP#B*|>0tW|t|j)GKKe*xiT*(qho-S3eSThvXIk
zhXE-_{Ok&*03Oo|ynY2P+#rq;Jn+K3JsGgGkkOyvb^aS!M4~_`K;T?*R2I6>`W5P-
z#Gc?^=)nu=$ZKD{qaZ)6YU^*WeDkZ!Ez0owCh2F&-Fy7?_GdzkhjpFP^YfJ5NTJ;Y
z&YAZZv~pq%SvLid!KM7SnuDS6tS-NDgG)c9X=N7?=Cwg`pknn9k|2BWd92A1^_%nO
z*%|EyA~AjV1~3>W;9=3CEA(TN;8tk5?)%!+^MJ8OJjTz*olpNixNx-RhA3VO$Y&Qs
zDl_#857)GFVfKV;?+@r*gvEU82$UCmgpeN+=wO7hf{`+rrhr{X12TnRdG6}F6p3sp
z`nHFoAT==qu<k7Q=Br0+tr@S;mCws)p|NZJTG#67>ABo)+sY4gLc2CdIgV73Y`6tH
zUg@Yn(v(-)+z2TiBS52@H+XLQY-%D`==Lmft!--J)08heAX?bZp4}SV%)ne=hTkB`
z(n;GRqR@c~6@Va4AnyS<ghcVGquq<9`P&mO0eXZ$(;v+3vJ1yYwhybpa^>)xEQhiZ
z33Y^Tv|$qY7r%5@k^6<Jw*5b%QRg&u2|3$MDzn}7&L8#G2L4Tbm<-GS5`d(@@uxiI
zPo(wgUA1PTmCEKy8GM^+MpYE1n%PvNgZ;?>g~dJ;+A5n4Hsw{cOE;ftBvpjW^r=^f
zsh2^(vT+0-m|vxPI|IkQD&3yE=D$f*>Xlj*f<?0Qb|6uEy*>yo1$_+?y2crKomEST
zM*@u(!o}gKQ`h<KZuJxcJLFk&;xMG#n*XR7AYngqC4`r^|3duXztU&#f1|=Y*PHD>
zE52Vqbvp)O{!1^&!QSS)1>BQ%9n$wBgoqqazxQI~r4l^6B@}!OVPCbNcfT%XaO-tx
zXdFCON5d<@8A~8>fH1G+^6S3}S}8=6v!3q!&xp6j`NI<B*Pj^l?h$puocyNQ(Hl#M
z?n9<ogpNVf22|>@-kx5oW!YTrEd#k2-M#I}3LerG@_?g3eO}gN&yv~}-{kghL*anm
z5BGp!@SF6mboW%oQ@!?$^Y2+3Du3emPY`_?*6N{hTP(F@rOezB_qZ>>27lekp|UX5
z6E*uqzO%s2hX*{|(Je&|Yz4NU#qlW~=qst;tJaeJE9}OB6KRg}9quL59*&w%<x87O
ztY;l`2}cNT-#SHl%~fnxC$4W6bBzEvlN~i@`Ty_@6q>kONSuO~ya&c~5NZ&4L{wyN
zn$#kCF4BJgz|`dWr{qQkkxQ_*3Z*UA&N&!na;B|`IG@hv(@JGlvYyDWfsYoP@!nUU
z#c&#a8#h_VTmKcLjtS`*$#F6!j{nOg97oK%z|BpEBivx)>I@vQmClg1?Ars7AH&zC
z?Bm_nc3!dcYG5mkLH4xhfn9zz0q$BbX46sW_P3=(*S=Zz*Qe+MEC>P*#CC~cbwT^~
zHA1^(8N(BOHI--GYI3~=O6G&_&jqd2z*6l+)hXP!K$IO<YpaHje_cEm$WY_LiGTYF
z=sejK62s4w6A?GAJbVo7jkSLQy8U9($g$jZ31aOa7<ZAM-`w?`kn(xyn>4~Ds6Rhf
zpN<+&25|<A5<8{jvt_y@o_mMEauS9}w)esn=_8$4XehcXoTzr6f|2zT#N>ay!YD=x
z=h_C`jPN?Rg(t0Pl2<Pzr=-o>2gq-5^PXRG$iml9fc{1{C+ge0FC#tz8gXwC<z@bL
z_cKyM?;Npv^eU4-wQ*kR;X<>fdE?^R+RtB?TK(*TQj#IulE*tHSc4q>g}P1_nSAo^
z##ZEP8W1lS^=zsSM05N*D8Kk@FLdJ<lpE#*X;+l`DY50gExof2mHl?J(b>M1m}D_y
ztZ-4OKr_eYVJOn0oGS1YoS-x*KfeU$GhA+PrnSPxu-M3CPRgrkG1Hv@dA<^rx2ic%
zdbQz<hkdZrL2AjizSvpA5+FN^sPmI=v|~xpJ=S?gfvWlqz*N#zC6V@seX6>@$qS_*
zi?^B{)dM>>VDBqVS8;kyov{D-*YLj^rd29*%b>S`IH?ir9zr8K!|V0Fd?lp9yO*Kc
z<NfIUg#j}|@4o~GSN|4J*W?OLO{-q0J+rlF_#_@NVlY(fu*TMtQ21=0fPE_xZU<MV
z2GKe+Clh?txi!FQ=-JzbZ;$XzcE2x>kXxKu^BEmn)unCQ$yi?7UXi~Ni3&ct2ppP{
z0M`kCtEr-Qz+P?Feb|XP6@g%3n~dXhUWDze%)P$B<h{KLumtyOzVGWtqS#hDUfez~
z*~a<xukK!0`H>;#bZ?#-t#xGqQ>ufSR!jvqY8;A_!=UmY#OR3I4yfAYu9EL$iVrL~
z^tw7<jX6M5rBaAA$P8>K+xXfNB(FKmxda0=xIcWhj<V6rg5F8k(1GN?hOO((!eL&u
z(O5yJX5Vi7blbGS9iiZt?ko6Do_yOsHlo!DkfDVav>d;Lp<a@U?-PL|1=n_zy3G~m
zffgcl)`RZZ_%*L>!x|YuvKBPudvF(_O8OoMfjm@tF6*l(%<;d-N*k<+olfZ{+BCk-
zj-Q78h&p1wDFr|Yv3xf*@_ZYXXApV<dO;|c1KUzSHm71O?JUFPP37q6`58$dalT>o
zBPOf5mVNIEs8v`Savd4;fjKaBZ4Zd9ySeGaP5`q@(?<Z)$0JE=AQ>zj0fO5Eh^W|u
z7){GLB)$cM92`vGse0il2BfG+iW32Jp)m&BgW?<qbz%I2;;p{|@wJU<<V_s0gpnvf
zL*uoyYI>QqJL2E3QNea;`w}D`QSpih#!!C1Nd}BU_EC?5lgXpx_x2v>jKz<Qk)W~Q
zC6axH5N(UuDP45J+<h~}+eoRxeI%14P(1)hqxWAkFPY-(;1DbpWW31kdJ+K0XZO_)
zu*{%>pS|m2NuTEk1h2>r^_RlCv1L1vqsIp%1oP+&h02CA3Hh=}&c<6o4EPjBp<Lk@
za0#TQl?U-hyeHpDGXT8A{e!2517L_92X(I~UwgKr#nj>Pwv0^3n33N8P|AD{GB&N7
zq{pb3VkSP#dRUl?-oU>n=om;u#CFeJO~u|;Mhi6;!$pA7nD}<9K>p3%&JBC)&lsxW
zw6#y`Eg3!ccG>~LoS5Wfx$(eIgOX(~67OZr_rJ~hpv9X37Rh}EJE4#-@LAZwbC|q*
z7?Ub7)aH=Sj6@!P;%;q@sF5IiBS+*Janzi2q0s~?`yij`8PSoJ1zCZYm@ox61Q5KS
zwi3=mm>CKpE{f7H>&Z=!_>nmZl&zmsLUym2r9!>?4X+JK|JIbh>)}tmbfg903fBFG
znT(n!je-`tKfKIgwq`P%O}xYl+2l<pd&=^vrz2hN2$nb7J#5Of-<jV>i(laiMN5E?
zOh#0G;VgM$s`m+rQsM+&()%mP%ZO(wVBh!VK*EendEH=hMFtbemC_oL<mG!(u9{QM
zf}7}j>-`leQZT9J`Gnfr9bM0fxlx%Dhz&z}>}tZmaB(cNPuHE@z9R<KUA%L0M94jD
z^!>A~QJT!p>;bFfZ#H1zR`Z+bl<aO4NPb#%YWVeO)3H;TIn)IBRcpCcGE|pzMgiuv
z50(J)9|RDEZMtiPiK)pWp6ME`(IA>iifCO{4+S3CbSaCCMz^9ae#K4}r`?y#jdVsm
z)kw0?3s%dd)l!NS8_ENBQm%=P&AOOGuh%Dhdg<^T8oM|eo7o4^RXO@(4tb`=<Mybn
zbF^8&PH7G`(+W5~;X%8$;TTz9&YXQD2<0si9Y$;4mt3RrUUBf8>RYJbAoCqaY6+px
zz>Dukl+z}{vZnQ_;%@q6qBLMp!wS0*gtXXjs_R`*(^J6BRf}lpExeaXOhZPa(v6R#
zn`Md+rk>toj=IA#eL$w5k1s!Ab7udY>H|Lg6H>K-xDU8URoed~?M^R-r&EU3_d=3(
zDhHM5;!A(7LejIR+<5Qr(a#H$jLYNXq7cxsI!Mr4$^H#jYZ#j)BxK`oN{G4d5Sx`Q
zJjK^uide~WpN8Ddx@;Bj$HK-bz5zoTzC);M*{jfA_T(*^m;3>%wFYfP-_iQ?SB3pp
z!5K|iP(Dz`WXbA9@~2_JgjRQk#H(%2t&_?SY`>jF87?4Kj`=&lt!$jz^AqyjI)a^l
zDzlmjdoX_QnFnoO$+_43nU&s&#ydU9<;s^XVNxvr#&;xIm@*UEQIHX~b{zJkeRXb;
zv89Ek03Q2*;FjM<4gOeZK-HA#Jfj|?A!X&1w-3->D|Ns*TZlX<+}D@MZwrC-o`1TW
zYl)zssK)Gem%)B)>YGUd`3z;=LY29>HzqrHDkF0yl26P1)Reg+jcj>kVuaeu^f$%{
znU{;m#F_|Zd&O%!UKV*ALe#M%Lq9?zfU=rU)wdJOpj-|XIs8=}LH>A=b^edXgkpp@
zUKPNSSHwZV;3g@h#)Q`{ztDua$CQ7qpo+nXF7=nWvm(O#4ki*!@*ymAi~c$ipi{f&
zhd!5y7zRcEE9$aHurclH7+Uk>Cz$z1cZr9(g#QR7V&p8vq^>y&U3V#!BB+khsIuk~
zMq{OxJrw!$9BaCpM^fo#eUjCw&pkt*MJwQrJB|A^-%wW4%CLE22Mt#qposHiU^z}F
zFT=@#BBS}~?XZEuIg^nj`KvxZfvnIVG@lfLRmIBii4?(ou-g@`sSuQbeooUR3ZYP%
zkDk?B!h>%k6#HYGQ4VMS;n#tHbUsFrmY#a6C03;qQCp+ILI<6#aydfyC8!D)cpb1s
zMYV;)HHPWJ?Nfvkw&kzl_j`qx-qqgkrvlC^S>q~PVKOy=Ye*P*mb9J^>=t>U82<o*
za9yLOK~ZG27**r~7qKu8j}L2cO<7|N9_@B|b#98GQlHo*q3`rP3Pc>&M?%IEcZR3)
z1#~%;SQoh~%=wt^GIPh0tFOWFNFHD^{U_1#ac6nLsHTVDlM6dDWF;rSX?UC<K!8WE
z%be^Q{QXI6IC0m=8Q$a#_B*)aP2FT<rdmH|HcdbZy^HLXZsh1K?kTfC!MeFX&Ss$i
z`*DD$?<hGEtTYbsfUDYxGVWW;@_DvEGuH}bKz0!a^w3miZT$vS`$fct01Ds(%kD^b
z#ohVSu3g=d!ouLxqsnAaGuvS`8*#>R%#v$NVs8X3Xh=2^xk>s2pJ;t}?o?WopKzTA
ziL$>cDH{!ZMB1O`TpWY5Q$ucIL4}f7!tEG_iPY(7M<N49Pc?jDnZ9x}U?ee@u`w}w
zIZP9!KJTzjl0X;Kv)#Y=3<cob^=H{2re7MHFHG5h(9&WADek$B>u(MU-V|z>(2I(K
z?ZM*@#*kkT>6Q-bJL~N-T6rak0JCzq5Nhx}3R3sC)ajTy#5xY7x(|+K<lsc+@4h`5
zzT8ZJglp6&fO7p|ITc0OlQ5L%1>btq#=8)P?HT{QgzK81Ri`&@e-l7O_gnusTV?Ec
zt}BNy^}a!BY$(tW+!<o(`n<E_iZLcxG7OrBXSK`;Tvb}X;x1zG1C`uu;bSavv0X-U
z{$akKmmaOi&Q4#le%ftxgdQ%qA+{?xbAUnH0^wTGNo6*W_++X%cs`D<x3nlyyY7qI
z0M*kIUij_5y}mYnOF&l!i&sbs1=WHHS+P5hi0y@p#xN(^DTOEfjas!tT`)rXj~zMG
z?Q^!OO1V6Z(4FPp?QP%CF4Hk|dJnlF#?bVEqtr-xI#n5<$d4NAl<U`6e}VBRBWe{#
zQ>f+wP0P#|<NgRHo^u1Cxb51nU0{JDTUJ{Et~Q|Oj_VA+0Z2UG>jrt_P1BIgIvPij
zfz4Bq=z>4-$}U#1AVeCe#_)JdWm<_Xb^Qs8BbJ-HHu4X*w@RZ(mg7bsMA6IDtCN7C
zgW=rfUudy=wq;-bW*6*$&WX4HdSF&6?pB>MYihG8(z-m2BiJ*tnBPrX042v2EOyiI
z+e1lw8B){868LLDPe(YUK049HSJg@McKCd3G(FvIhtmAdX!UMgl+NhtH$FqrB8pi>
z^{VFD;0e;AeO|BgaAJ-b_e+CdbiS&d3w%_i`!7^O=_Pr)hnQtNlvf=vlL2R*+oOO}
z?v*YPJ&jZc%ckwce-KBL<_biz1bd7%Pfez~X*#1|h5+5AkA%<QIB#XwjrD5w$&4)Y
z<h0s!338h_zTV<$qs%sZeYk)KaTW@J{B6~riqg!e)l1~j*G*Au2(%N)v08Yp*qQMm
z9+aD2JS1O7hiqwlQe|W<M=FzSceqPLrc`<NAC54pm==1z%2jw8Dj~{uKk!TDTOL}X
zUe`NSq5ys;p5?I<1^;wEUU!1^!v-Y~7G_kB2;!<y<HTx`dpK52`o-SVx;*C3Ezl-?
ztk*DJdSPV5I%4It<J7`-(%nS%_IY7m8>u}ZsRVwkv=6rMcJo0e;LN*F$o*rfg`Tid
z8&HKm!)9}@c=0K1!XQPgfOq2Y1+`tdvgRc|1lIh#PJ=MYybT9h1|?{Y41;Xl+Y@A8
zI2hiG;1xl8#<d}c#c;|fz7ElY55XPP6A0R$<|-=9wRl@Z-t`>m>!MwAuI4n*8yWP4
z-h~rKq5b~60slwE%OvkC*Z>~XZGs&iiTpAxQFPCkwZ<5aHgct+&@@7VXcdSz*;2JC
z3ginA=f0ZT%#>LpYeN5r-AEaD$qmt=(5W+aKz@g0NDsn_rtNQno=lmcPxIqVf(lR~
zWhQ~xP1vVHtvD+;Xzix=D~fytC~I2cFwB@eE^U8;_}Xq~8z!A1Fyd43e`AJBmPqGz
z`QyT^Z?(I&Pj>>Sn2DBVXk<b3#RRMX>-g(^<~6Mdj_pqj`i;KOjhSZnRi%DpSk-UX
zGd+PF<eLkGO553{cql+T*O(@Ir`@ghTfpI!G%)^8HY~^N7<^4dPu38&J62Ji`tFtC
z(O!G6sUH6_1HOJiadPvB*qZ@|o5XC!NEm*1^uj#KU+Mi_U~^oEHFPy8bg2lq{VuT|
zm79Dh(8YzW%i7LG0m|w8BOL~k$rLpcD{BcuAsG|%!|@0`g1S{7d<h&MYrqwefW2rc
zn;>tqv<Y9yoX)%-HMJwDybE8ktdouudZ9qXDvpqy)eMP3Q9hNUW8IF^b=XfzI)}56
zk2p;dxiB}xgl+b-=M$ClEtDR3)T&xd=#Q_f@0@8FAX6CT(0%ZDL#5D-H!5ty#0Wst
z$s=Y%YbiX8S<1hKgbm$&C+iiFJ%C1BG(a;&n)gi<^Rz2qVxbfsXj%;dZ4nF-f)D!^
zM1+d9JH=rq`Xu$GjDJ6u4-dY067pg}-5j`IPQjcwG>;ky2{TJkQ?vuR{F_UfQsN^B
zd0zGxVMfYdP$7dB^nW;+ZKE;k8E{zGy#nHHHTTFM{(ejs9eGx~<~9(X7b8zUyL`6<
z^Guj;$B!ZAeoY>Oyy@%I_z*5(ZjB5nY^*R=5;FF2Owz{-)^|jA_x{$t3X|~z4tOro
zau!5`z6~ynDki=4OXL85v!WcG;@Z_Y1_*WZP#k*iqa%>VzP89L6&7CXj$ZoOTadd>
z-LBU9$a)&<I=HBzV9yG*r%k+Wo_;Gm_uNSneDmcjaTVn{kH}nUk?7j>6yr?dgD#VL
z5y$H$MA;tZBc8qHxlTu}dW%H?&j^>v^Ynk_cxtS$@FIU+a+v|(eLg`NkdTEOC8Y;(
z;mgOo|Bc+mRClAk(bPH=<@2%GZS1hTsCFt1kVUEqdag%4edk2ggt9c$MmIdt((9N&
z*BG>mSrK3qvBO7-$_YX?t~6O>8q#+ki2*mMe{5{Ur>-5Zd%s^7d=hYVs48OAW0w2*
ze)EeWE=Y(%D?=Ml`LfSXDySvkL_x8WIlh#xrll%wDSVw7IeH+q^J4!7C7+Z=5JWh#
zKQDUqheh|WPWl&-Rno(x0!wS|cIG&QbX@Igtn#oR3w}p7(rir#T+NsQ>}5?GRXE%9
z6MB<cQ|2De`?oXAzF2Nw^f<446bSV6I;XEu9dwR^zH<m5UCFsTfXgvmM=YauT?;Wa
zx+~aM(p94*SBk`MV$N~9IM}~F$tx`v`${#HXLap_Oo8v|WAypVGhNwLe6uf}O3)Pw
z@(e|XB$Otk<x}CCsO`59NuM4;g!ug@$)x`h?l)Z-8|sMO*|b^9(0u&}n}P$0_^$@m
z1Wfne=HwB816g4;c5xI-l71rGR1S}V83ihP5Z;a|hVgM2&$t9E-fYeuOQJGukq{hZ
zHy5#z<$b}bZqnI=Tq!;QukLgqI*0JC>5(v_T3e<tJ|tWl49S#A9pW-b)fc6p`N>hL
z(PZh$UJeiC)D=idXCsx)=QW!K?PWan-eU5QvRelz`4FtFpU|PgVD2^%)E}gH7KlBF
zda-{o0%JxI7Ut*p%G_C#F9!zCi95#gb%!+>VayM+___gYkn%dC3amAOIpN39wNs4F
z)28MiE*2iS>c7n*eU*9hG(IKn;csei;v67NaWuFqUr<7dTUslEu*|ssAjm6$Nc<uU
zISmlI5;7ej`btBnCI(5S43I@HBB}X&rcR-1$A;K?2*#^aQZGVW=Uq^I6L%!V%EFaj
z@#KYT%*bW_D|II$54T)DO79Xfo56ix_`jIKe@KCk$gM*&|9>Kdi2rY-;1%!){QqJK
z(i$mCC|e@mAuFmuO(}MuF$zpxMBb2Fv7t1S>WsH->SwMG{d%gAbkCx$)gHNCaX;Bi
z)yu^c6<QbO$!Nn+F$ap2JT$5=pm&Lvt_44bBCG+rY9##4y2YvXYWG)$OOtoY&$`{?
zo+6>*ynCP&PBr{;>84_h>0)th@h4)lCN@n3w${lw)19+rPwAO445nuDCT_W1qz7-8
zCNxdh<iwGG(2<{M<LZ8_(CGzcz~4Z4&jrULPon2>s-5DCd<f`h%<ilf!(BSM>Z=Pu
z`ye1m6WLkAVOL6B8K>-_UsQ<!dg~&Xa!v4|lr3LgxT&4ugmWIM^vaE%-ZJp0GPJjn
z5^AnkZsQJ;sS+XCo{PlHnJ%WYP}kbri_P)^x!O3LTl65ax2z1}1;K4Oa(}aVkc9kW
zDkl&<NT+w?&r7Qt2&JQ-k^K{;`+j8n1qg8dHVBo$>^i}!Uc69`prQG<Px;EtS&PUf
zj1f6v>B@7Glt4j0P?kVyuyInQR&-(`i_t$simAsmm-}KfQ<`HiGUq(f#ssSf;a%AX
zA+%skeNl0n;L%*|)W)UE@$c6_fnct1{h(24MI*LYo@TR)pD*T?GHZi4WiWN}7zTh#
zT;X9Q@@?jk?oT^WBO^`_G%X5p`VQE9KO%bkjO_PQ<{6B3+P0M@Ml;}84{oVKkTJS4
zu0v{E3#-cD#l?B&Y$H{d^C8nTLRwr^7O1qo#<$cvN3P$P3;(t8olbkWE09L7-Ns}p
zgri2QQ(aN&L?{z)J9K^me%L^X;}rPyZUPjHwHH1f#+9}n7IH9~i+zhK(JQrSPPM5(
zB4l!fiOU6+lsDNBimV3$?c5?sJyQxP&(l~E{)#|9{p*U8@X>8n&xccdU%kD$lg7^R
zV>tXm2j^HU76!Oq_twhW`I~&Q_(^a)!~LtvvMz0CgpSK(kf!!>bd(xxegR?{a~8Jc
zO^4IM8WvsK3+CYG;@3}nQ7ky>a%@jOP3HdGuSV9L8;G?n;=A4cXgU-jhFWL#ZP;R4
zcWK=Og$6BZZH{U+hlwsyu^wm?_c7m0mU<(u7|6^oYrefp=D~x6DXtGTFbgHtCo#)R
zPkc47U#T3P(KM$Wod}Lv!UH}E=e<>llO-9MjD5Z2#+0C7bdX$FS&C?VhZiRK8AS{u
z-=ZTAU?yPce_i6vxYRdTd0;?t#vtWho<&_?$c+*2iNj3@^5MJxKN|e}J*&`dKe(^v
z!D8Nx`f=VR+1(^w?c@8~GaLT$cu3=FxuMEK7BqQV!~k*VoFN*3i`VWR7Ir){Tkxb|
zYwgbJz<zxukDV?_#7P8_s6jNaagG`_uB^U<SnTL#R9WnMlJ!iFbj{oPLGPhV^Wa6S
zJ#1`j4$jhDCgFQJWqiXAgl^|>?K57fFDcm1E*qsLJMdPALLcFN?d~iyT#pisEUC{M
zp38(+b65ALi53ISKF|EA(bX$Un2p<WEy=kDu-x-u^>9m5D=h{WMf+e4<2MoDbV(Bj
zGr7NXc;`ev^E-d9XX&XR*d0G(QWz~I^rK6_940#Mr;ytYpu1`dp<Xe<DQ#Sy`UmqH
zd<<b6D5EKRxwQ<PLG)_`?f&P;qFVP?;gxh!zWo8i76UB5RvnBSn4?4nsmD^WBWS#l
zjmAfOck=DDT#4TM6U*;Bo~RI5XvYhyB>sVoM&ZZ`DIyc-Nt6E#Io{tX+8!Ftksne?
zT#yQSHzCg&7L(j>usa@m8OeF1@8^GNF(C;BrFdP~L41BfgT|ed4BPO*79zT+<!F2o
z`)A0_3SirW>Dm}Cg!uyM%49<))S#a>H;;YrWZQHASwI2awV)a6NdUELojht&A#791
zOEO^7-*m7kK0dgIcujWx%_nE>7^#EIXEXvgRly(<v2v5JY5g}C6n}t5a-SLtJlh*K
zI}^XN>j{f0r%Ev=xn($pxUP4kD|=V!*gL|-6u@|!F$QS{x61NE{L7RIDi}QxGSD0^
zFIa4n3<i!P#RJFF?;1IxK!nl5;t9@AB$Y1gm7MohcWIUN0TMrPHPJ0QnYViGz<zwK
z3ul;{;VJ`hB*Wv*UnTod?RHGA>KbRaOmeZLli-kEvT-oCS-A4ctxLI58O+B#O-WG*
z8MwZWmIB8Kh&-MBa>JLf|1Z_oos;+k?Zqx%4c1~P@?ko@=4xFLjrK?2oAJ}zVKN15
zEL8nJ`a*%P`!a0nQwnR0&o-7U3`XaR8#Z#bG_`xGjOuFj?E@kmPXXSJx(=35hdX2u
zy%KfWU4yw$7An!9Dscqx6;;SUO5qydo#SP;1GXnaB}dp{Cqog1(J+xAW0@UhZ5?ST
zYKZO9*tw1fKi4wl7ZTKGBGP^t_cC5ko_L2|V$D=9KYsXR{lura%^F)>dJ7x7d$0O3
z_&){RdE);^&<zWVYEo+8#8JmQ;n1o^UByppqM)ys_rh=hwEOSsgw<H!oS4f@iZCq4
z`%$*a3S#h)uyA~BDrt&c$NT>=pS-F3JPaO;Tr%5(dw?f{FKR?Vbw+~=3r9<nQh&g`
zxj5d|so>g?*CnBNMV&N!VgDfB^W|x;19Jy4?~6e@_x5DG)gf$IlW%(s1z?w<d3@G3
zQXcek6U7_=@1Q>fp<1<)Q~AUkt&@)+m0^zowJV1zuJeswLX=F~Kyc0E-%MinOuP+%
z339&wO6i)z&^jB9_mfPV7TR>&)b%}&sAEH*S!7X75mHFWXwqExV4H`5kI-ga9kEIe
zUtz>|kAi;rZ>cbi*BoQt&(ezX-02D3+4wN&fdzgbk@lWCPJo={gFLdj&%!M)oWl8k
z=(+NVk@uk_$&*IB#OWbghY$}nTi^V<x)%96`gi%H_~W<!^uH|BrL2_s2fKCDNBaiV
zH>E1JzJ`$boN#N+Q!$!|<~{iPHZhpW$k>KD8n7A*ukBdL{P+~bxsD)z_GU)CdsRyW
zxREI*rh!WGmjv<kcWi9%+etxY1kqE9!RxrgzD)nv)%$aj*S#=$&O}&OSS0XJD;h>l
zV)^9rz5<s;O>s0|k16-}oVp~lTqzoOJ4OT;I06*4lqg7gbq~6b7r4^*Kj@M%5)0kr
zFKo!M?1A)yh@ar^gGv{~uNGZV_X^^G6(<f}9S&zp^uI}6M%eT}te@}+FTRAE7YHfx
zU{g=t<u0~~LsidNdEAiZ{-k0$Iw}aZ%FS>JImH%?rx)Z39cC0W^M8-@f+if!S##K~
zEG%YPEU5(!zu%_`9Of`zbxfvcWhB{|k|b4q+;6mz+U2oO#HyPKkxGbmzzK-~5x=uJ
zUxbAUyF)w{Bm9psti`}}wTr3`FmOc^J+#e7qb@w!;F;c14bqs0Pc_DT69j3*Yg@`4
zrsy?y`JJpfN<Fof3hEY?V3#CLR`FPL7`CeV6kI|H;_{3aPV|_fpfU8qEox%pn_$h1
z%sKT)-I7M{DQ6SJ(Z9<v^<|R-ZV^@)pfGYWyW;42;fiQwj)Fg2Tpr9N4V0`5IMlnD
z^!VK6t84LOpWa!)iGq4>hl$bdiKx<O<K993nwO`WBbf-So@J(O0S>k2Z!2t*nY{Cp
zL~lMX6Mxh9Kaa?gQL-11r?oQ&YN<xb(&Z2Q3qC)BRn4%=4h++&`TF94B#AHAJ}bKB
zeTjL|!3EM~A<t9Cx)`Oiv~d43PF}WX`1nriAalEBkI?@q-#TGJ1<lIQA6woMhNq_}
zq>oqq+)%+VIMuLkK27Udy}8h_^GMbw51=Pa3yOahjt=SGt+yx0jU#6#bK(iZ@cF;x
zTj2lHZxf~dcl}l|yx2xp>N_%<Pxn(3rg(v#_)xQ*zcnOkh#r#dU?Jv1K#!v~reo|)
zH_jC@*17qqvaCZ;B^~yUxouCWUERLEE8^8d28p2%Bg8xrJh}@KBXTqo_nj@K3x8zs
zKsK&NfOu8FRpggoW7X!7OZ0tj@=KpYI$kz3(YBY{{-eVvSZJo8axjl@qoqW$(deFZ
zXQ-a5e(v{y=#G)5`E1X)b$a8G+p7rJZhPRbUAlpvwt5h=B%f_wDrEH?C{w`cd%9JJ
z2?TikBU*}K0?R(aWWbuo2x{yuJTqMD=B*Dcpu{G!GcvX`C<nv$mfEAcT@dk%Z)L$j
za?jS0DRCLaT1a?pqFz+~Qf*K?7>I4|;Y(w=ich=QGDmTpt}|SS_oO_U&idjN&9JOb
zdp)+|bkLRIe%F3Cn6^GhhUbmjfSS(LubkeKM@*<s#Ku4?T>27}OzrFKbocimV@ym2
za6ZuwnVCeDEgH>IeJQX~X-r%h-Vc?PC=@7plP-)L8G*(Q@5v$7|48yu!8lLuAtW?1
z%**-UxfMs~cfXq&ZZKS-g3aYA4N)8;EWfy5=3IwI8SBRv`)7zX%*ZgH>{e-p$J^3!
zwzr4X)_QZ?JouMAN9}-WrPodJC!Mq~FupP?-)N)O$!sDjQ-A(-ogfdf0!s~_H-KK^
z|LW>I!`WclK2DX^sug>$8Z}$BwOUk-s&XTWXzfi1i4n2)s=bxFMoE?0YE_JyrAkF?
zqV_7$2=V5A-uHQq<9V-7=W!m_m+QlIeYk%A|NrbpobomoSvvhC^G04l%fsIb%r4j~
z5C{Kli21bgand@qj-&lqu96|!o75xb$tK^&=7U@T=RpU&w3aK|&uv+aQOBL{pFZ1y
zt!>O{FxjvJ;d#?J^++gK*A#TOR<ia6LWM};uMG{d+}dcOMe{}T#B@&Z{*y$P`ywyh
z+_~D{<6^3t$5@odbu;|v#B67rkEVS7&U6|5*15W-e4-WE`$?RR$L53hxlyfX&0C+p
z8+o((N09;!3--j3hBd+yaR>f!pqrDSZOvX?oF-&Dj}fs+O(@zy?#v+ySoWp)&jJxc
zDT=o~U7xv6$|NES86bHdxE%=wzotn3g<>_Y>mQa$h6Y-jL*ayC{3_ahQ0QYf(h*SS
zQ=MFba)~jBY2707En&W#k9U0~UfYUGf<N9eL8$3mVoQ}2H;+bkKE`n|L$fX|oN+J}
zw$|LuJuma3vtk*F9PkVw%aU1}6Tw+C_txgV5ogI6w*hy}c-T9n+;Q@|G{(j%?=a5m
z^xspTaVd!Qao+8i4YPOfp<rWG^B|i|siGdQ==$=2Q=+a>CPS1Y`9$siX?g!o?2~b^
zT>+tFn~7C4Ng@`NGOdV&A{mu${jE}}V*P^#Y798lbHc8NVq7e|`0-&jh)kAk32<ke
zmNM(2rU`C*+M6%Fl4`8gi$G=l-10|dA0H{GOYZQQTzzBYybW=;Kn|pEA^DfSorTZf
z_DLhuqcE4IKPDpnU~Di0tv)M7Q@~@9_F1c6p^3eX)--3a44x}_Vgj}EXgo5+NVBvv
z%-fWS8XJ+G*8A!r2eW#JFxkXYmE~Dap*LhH5PvPsu402V78{D+zehw_?u&kJ^K|x$
zlh+Jq{D>ZvxB1prK)|jFirduK=UFAkGK${(7M{*>;3k51{qx9yrOCYJ&Zjc5#`fWf
z?~>iuVyS>$ngby$nP!K#tDPVnrIHr<In*e1)JKC=yFdQCIrNe55k3TTgVpL19%q8w
zsJk#<*p7OZo6F@BoIv%VFtnxe?CH0VLAzJJonIj1eGs<61H-?_oHyzs<~<qAu=jTp
zvKB{Id_(uu0S^aFU(9s2{q%IF=#W0!IDRtj68&MTIR+Z7=b<7Eflllca93=Fl>BmU
zBnbqRk{RZ!+<HT_5sLJ8H|ao`ZLThTfiSSt?z8fw%lCCt>cpVYE3eunwNi2%1r6UJ
zavP7{JpP%uCPc^}%}x;yhWiEuUi?ao9LXRlU1v+Rq2Z49mgJt%Y?8A5cS(~X@*8&f
z9JuDDno{Bkd!95b5jgADLPxc1w~N1T{b2)y@2DpQ3brjFngOTN8(B;H`vBsn9T7q=
z<T%LoJ~I3$WlB~aG-fRzAk*>d@%i^t@<huS-)wy3PkmjvnIB%V+`sYBVns`R^qr7J
zygL8c$yT<DeT^=6!Aa*~$|tc+EtZH#iQ+8PDFwUyY(?0h)n)`om~veQO@MJo;HjmG
zij>${kd{5-ZAY7@kmowb>7h82o_Co)SWvOi->FxkOE9h!fI&yvO;;rdd0_cpZO(IY
zRlC-Qjaz+we%H>=J7cooTm}yT?Rn&kJRsL)V|g9>=L-!>r3Yo6McNH`Q-LFz!9hdV
zZWOKt<k1{)babdfogg{iC~muo6xM2Qlm&<o{j?EY)DtK3PkDu7Dn)bID@4U-=V-Qo
zm&A+>5tzJbPQGlZLX!Nbw8Rg}e{mDDQk~HNZf~mEF0n4rly(<Kq`lQ@8Nlyjnmd!@
z#I)_yciHx3z+sKyt4{l#k{mm%2EUNGTq;(o6Jj9$HGqZ8BzTvtze2wQ<KQ>^Da4-=
z!9L6%8W+1VFJ>D2Kqnc6`ZmTNs(Gco3{j=2bGKX4CI^4byiUAE`kK`7x*c;vC;1A^
zQm>Bd8@XBuxBi`(Yy47u$>70N$?Yh5T0L}Rzt%;bw`s&R?j$*FU^<D3NPV+++9WZN
zJCOflBD7)^9DYi5HmhG>Ao`UM<Gtl5_MWS<fha@yntRj{oR@ViO3jf&*4~_pkOQmM
zb=)nddxMI~0SKX)!ha!=8iD^pB5WcgB;xw#f00O#WE3~zKS+f3KS-pMghZtO(AK~B
z|40PU^WRJ)A#$ed-$+EdjlG(<xtMu<wvQYn1hCsmB+ch*tZ>OkRvjYlm1u(cv0QaL
zvvnNB?#pkP_Bz)OcNNPQU_w@c49QjVS=xIGKB`z7YL#3ndR4#Ow{JN8#KCrMNc4hJ
zL*Bg&wa2d-sTUCVI)$K{dm_CA^2;j%|7(=(SG#W5P|WqvDBewYGq2M=yM@an=14cw
zMLjfn)!g`xyh9){p;OGcSKlYxJCD1su#CLjWTi-;-lK*((u2DExc;`(RsM%m#syZ2
z%1YfRtQv&AVB&Hzg34h|b!tWZ{E`7=xZZwrao@53lL{g)0s~S8s$l!r<}IxB4e)WZ
zLvJ4X(8~kIQpFiBHm+#{2-%u+Ev)wjb9;0-$QRX(2cdmkJAoBi6;FHyLqnbqgpOjy
z?$K2U;V%SU7T`m|_-~DveMGhQGE}w3b7LHvP+6@p<=9Cv9Bh(ZS$1SWG5#P`J=VtG
z@8#3OXatNIEtq558rKanJ)$4C$f<UMiMZ36c*8=Ojsz|9IG2#FswHFU4}m{%rAkHP
zHfq3iD4QaVs-Fkb8E&VdyZU8mh0ghESQwnUi_RRUUO);v*-f#X#@HUtKHcXj<ioPK
zh8<;luN5(Do)w;r44M<4#J%{668Zf3!9_j+f&Ot<o!Q#G?H6Sy;-+OicyC1Dsay-`
z9u!Qn9PL~y^DQRUcchyySr9WVlqMI7I2FAPb3-IH_+P*2;}yx_jXQJ2v6{ySSJd6^
z82#9sO%SP$)8nkSa*CK$<grzu<nP%>Rof=CU8Zn~)!6SjAApQO8R62{7WjVf#yk+A
zW7GU9`zc|?%z)<wLcdn7zO0x2cW$uHQz2V2g)%QZ*Ze;~<UVZhs8usvjkp`>3lu?L
zm0?_c|9U0glp)-_y1Wpg<1}M<bkuRLU?=67Sl{z?Z7J23^p-8#i1!rO(0urLJXP1P
zl!xS?tCdQPBX(8jO;|IbFG8&<HUdHYDEo$>yr5o&kyL7YtwK)<#q(u&EBnKXMkN9S
zOH?47TwN|*vERKuyDno!b{RF<CpJTz9?*4OW?|M(Sy}$x>Ec4vG9_wp^YDcd89ZB|
zk2sDdgy-_}>E5j_yiN_BLzS2SKzG-j6RxgS$2|u<xo@J*0%>}c7IaoAu!wuhTsIYg
zknm2QDcrbD>DL5lq*Pn_^oQ{E1=?E-WqX{Mmley;6tl|(9|nmKFLYkqz==MoX6uS7
z@<dN-J*I!r<$!m;{rSYv{Z>itg}6TBZ#LZP^haxPI0OBPJH+t4@d9Y@Vl}Vn*pd=(
zEGeF9&uK|Jj4OA8je^5(UmmegA;siZh%3k9f7oXt($l_RMk4|wVj_+b;MVF{{>hNV
zxLSkmC3RVSd9ho-XDiTzSga-8P6aY52mH0BR}x0bz=aouR%c4GURA_PARqK_$oUxk
z2*j9A&7_hNUgPt0@RG&cY8x)IiaWhIXT0@f$f~z8zD(?*$b+CW1hB8Z(F?NTUq2A`
z`nhGMc@4~wt1PYUXP*C5RG*4(UhQPZphpGw@@#Oxr<?>WRE^sg_odNRc2sdc1}{Y4
zAO(8V9=+>Mi8D{;_x{yR-+r9)p<$B&Y$c%4GsLW0AocwB>6dmMK{O#PQRm&TiNYJh
z2RQNCy$QLAltVs2L{|THc?iz;)UJMQEby@`4On;YKvJS#i@{kXZ>R7=+7d-K0Z%E+
z^Rejk3ki*>@l5wWeOzq=BQJ%I59jAcdtn`i*OP)iXy(3O5J}Yr{4}?Lt3bCc*R>1a
zDOz{*M#Pu;cgG7=H;|nNb-MCx5L2--d`h%yUIU!DGgk<4;${dG49I`Du6DF;huk?o
zp=Q>DORiNh-bt?Nw!<bSVJ!hmR)T$$R-ij4sy&Y-<$=++s+PVVAMTIL@PPQ5BAu6a
zviFCV&eqS(gC)$3sQ3*NIbvC^&h6PMV&Tm7-^|=90c#mSm9~;^X5De_tn5Qapi5P~
z_lpvMg>uAxS@s9K9}gQRCV?n&k!}&ZP8acDmHV^wyRB36z^G^?xbMPeknu44I+HZa
zpVbK3Q496fxSJl~k?rx*?hAE|UczCMuxJ9zy*@#!hE?>h;@|#W@qiUI8LM5hd8La$
zG#3N(O2*2A;%s&F7v9sJ#dlr{4?1D0%7UODw<CsB-8?wa6fb@VwR_Q{1%2*pCQw59
z&%w<hyELFWn9NJH#&W-a8`qRL#*<*G-%<)4?lGEM_2I|mBh$H5_;iDTz}t`h=Du_F
z(0rN2;EcU|Q<m#h^tLiMS79Ij{H&;ZcWeU~s>a7RvsfM023-tWr?-Yt6e=B#W5fap
zGKda%Vaq`gRP*?jHSC7+L66!&+B$Fh;VtlDDRhx(NX>VJccnx4pu;{Ly4$NZ5IDFP
zC?;~y7Y&X0ZPfAGNN@2y?E&CdQP3}}#!H`*LV#{+8jr@+D7$uc!El*FHlnECwY0w|
zlkNII?xnl5QKIzzyJi8ofn8f~@Jk=C7^0stT;Ay_KXIxoQSH6V%_MokPn$wE(7ayY
zqgP4jZrp0)pH-u6+H3Zs#8dW4N)D*WD@G3c&>AY!fL0$A1AUs(%<F7QJMYj$%81ye
z7S)#m59yQyz}zPzFyM8i!(@yYm>V)gs#^}Yp_;3To5@FYH}`v#_S5=2Cz#d{ubJjc
zz2}+YF>e_LP(rQ3ORe_IEsxF;V|9E6yTD>1UXjJ@42jD@2hd6pFOq$nR2y}UB=LQ?
z$ED1#{mRhwq(j&?&D?7)f!ShlI_pHk$3YBEI+MczjlmqB@~4b}h#rn(D>F8H<FgEv
z#pHeGl2MZO;L@yfQe%fU1JP<W{qcd+;eCnW%g08Kh=Bdq<~kF!Pxcn;#@aOcwbgIK
zrc#_%&xU?bxvR#Y&nq=vJbCar-tZj|i;){LT9cnKX_!s-fPZ(|z=LO;+$yIuPM9kK
z5-mO75uN9@bv43=s`M1jTUbQ38XAw?x@&L~TuV!E#2LS_0r@om1pq)sMs|~I+6rks
zU>mnm%t=P}B`o9Jv68?)t!^?173BaK8RpRqGA7c-f3J7pQ=A!uV_~Wr%m1|g2N8au
AMF0Q*

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index a99a711a5d3..c490d522054 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** - Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 18, **Hunting Queries:** 13\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** - Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 22, **Hunting Queries:** 17\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -331,13 +331,13 @@
           {
             "name": "analytic12",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Unexpected exit-node egress",
+            "label": "Tailscale: Tailnet lock validation failed",
             "elements": [
               {
                 "name": "analytic12-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "A device has a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires that all new node-keys be co-signed by trusted signers - any error here is the only direct signal of a node-key injection attempt or a misconfigured signer. Investigate the failing device and which signer (or absence thereof) caused the failure."
                 }
               }
             ]
@@ -345,13 +345,13 @@
           {
             "name": "analytic13",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Large outbound transfer over tailnet",
+            "label": "Tailscale: Device Tailscale SSH newly enabled",
             "elements": [
               {
                 "name": "analytic13-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "Tailscale SSH was enabled on a device that previously did not have it. Tailscale SSH provides authenticated shell access to the device over the tailnet, using the existing Tailscale identity rather than SSH keys. Legitimate during initial admin setup; an unexpected enable broadens the attack surface for any device that can reach this node. Verify the change was intentional and that the SSH ACL covers it appropriately."
                 }
               }
             ]
@@ -359,13 +359,13 @@
           {
             "name": "analytic14",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Network flow beaconing detected",
+            "label": "Tailscale: Unauthorized device connected to control plane",
             "elements": [
               {
                 "name": "analytic14-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "A device is actively connected to the Tailscale control plane (ConnectedToControl=true) but has not been authorized by an admin (Authorized=false). With device approval enabled, this is the queue of devices waiting for approval - any persistent or unexpected entry should be reviewed before being admitted. Without device approval enabled, this state should be transient (auto-approve); persistence indicates a misconfig or a node-key injection attempt."
                 }
               }
             ]
@@ -373,13 +373,13 @@
           {
             "name": "analytic15",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Mass fan-out from single node",
+            "label": "Tailscale: External (shared-in) device added",
             "elements": [
               {
                 "name": "analytic15-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "A device from a different tailnet has been shared into yours (IsExternal=true) and is not present in the prior 24-hour baseline. Tailnet sharing legitimately lets external collaborators access specific tagged resources, but every shared-in device expands the trust boundary - confirm the share matches a documented agreement and that the device is restricted to the intended ACL scope."
                 }
               }
             ]
@@ -387,13 +387,13 @@
           {
             "name": "analytic16",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Subnet router throughput anomaly",
+            "label": "Tailscale Premium: Unexpected exit-node egress",
             "elements": [
               {
                 "name": "analytic16-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs)."
                 }
               }
             ]
@@ -401,13 +401,13 @@
           {
             "name": "analytic17",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Posture integration disabled or removed",
+            "label": "Tailscale Premium: Large outbound transfer over tailnet",
             "elements": [
               {
                 "name": "analytic17-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A device-posture integration (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) was disabled or removed from the tailnet. Posture integrations enforce device compliance (OS up-to-date, EDR running, etc.) before allowing tailnet access; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise (posture integrations feature)."
+                  "text": "A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs)."
                 }
               }
             ]
@@ -415,11 +415,67 @@
           {
             "name": "analytic18",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: New posture integration added",
+            "label": "Tailscale Premium: Network flow beaconing detected",
             "elements": [
               {
                 "name": "analytic18-text",
                 "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic19",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Mass fan-out from single node",
+            "elements": [
+              {
+                "name": "analytic19-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic20",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Subnet router throughput anomaly",
+            "elements": [
+              {
+                "name": "analytic20-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic21",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Posture integration disabled or removed",
+            "elements": [
+              {
+                "name": "analytic21-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "A device-posture integration (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) was disabled or removed from the tailnet. Posture integrations enforce device compliance (OS up-to-date, EDR running, etc.) before allowing tailnet access; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise (posture integrations feature)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic22",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: New posture integration added",
+            "elements": [
+              {
+                "name": "analytic22-text",
+                "type": "Microsoft.Common.TextBlock",
                 "options": {
                   "text": "A new device-posture integration was added to the tailnet. Posture integrations connect Tailscale to MDM/EDR systems (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) for device compliance enforcement. Adding a new integration is legitimate during setup or vendor changes; an unexpected addition could indicate an attacker establishing a control plane or bypassing existing compliance gates. Requires Tailscale Premium or Enterprise."
                 }
@@ -565,13 +621,13 @@
           {
             "name": "huntingquery9",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
+            "label": "Tailscale: Devices with Tailscale SSH enabled",
             "elements": [
               {
                 "name": "huntingquery9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Lists tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs). This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Inventory of devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity (no SSH keys needed) and is governed by the SSH ACL block in the policy file. Cross-reference this list with the SSH ACL to confirm only the intended devices are reachable as SSH targets. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -579,13 +635,13 @@
           {
             "name": "huntingquery10",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
+            "label": "Tailscale: External (shared-in) device inventory",
             "elements": [
               {
                 "name": "huntingquery10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Ranks tailnet src->dst pairs by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Inventory of external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. Confirm each entry maps to a documented collaboration and that the corresponding ACL restricts the device to the intended resources. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -593,13 +649,13 @@
           {
             "name": "huntingquery11",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Exit-node usage patterns",
+            "label": "Tailscale: Devices with outdated client version",
             "elements": [
               {
                 "name": "huntingquery11-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Summarises traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Lists tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security and feature updates regularly; a device showing UpdateAvailable lacks the most recent improvements. Use this list to plan a fleet update, especially before enabling new ACL features that require minimum client versions. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -607,13 +663,13 @@
           {
             "name": "huntingquery12",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
+            "label": "Tailscale: Subnet router CIDR exposure inventory",
             "elements": [
               {
                 "name": "huntingquery12-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Detects flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Lists every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -621,11 +677,67 @@
           {
             "name": "huntingquery13",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Current posture integration inventory",
+            "label": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
             "elements": [
               {
                 "name": "huntingquery13-text",
                 "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Lists tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs). This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery14",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
+            "elements": [
+              {
+                "name": "huntingquery14-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Ranks tailnet src->dst pairs by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery15",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Exit-node usage patterns",
+            "elements": [
+              {
+                "name": "huntingquery15-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Summarises traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery16",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
+            "elements": [
+              {
+                "name": "huntingquery16-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Detects flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery17",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Current posture integration inventory",
+            "elements": [
+              {
+                "name": "huntingquery17-text",
+                "type": "Microsoft.Common.TextBlock",
                 "options": {
                   "text": "Lists the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_PostureIntegrations_CL Parser or Table)"
                 }
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index a8e6efd0851..47c278810cd 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -155,52 +155,80 @@
     },
     "analyticRuleObject12": {
       "analyticRuleVersion12": "1.0.0",
-      "_analyticRulecontentId12": "c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f",
-      "analyticRuleId12": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')]",
-      "analyticRuleTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')))]",
-      "_analyticRulecontentProductId12": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f','-', '1.0.0')))]"
+      "_analyticRulecontentId12": "e9f0a1b2-3456-7890-12cd-ef1234560040",
+      "analyticRuleId12": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e9f0a1b2-3456-7890-12cd-ef1234560040')]",
+      "analyticRuleTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e9f0a1b2-3456-7890-12cd-ef1234560040')))]",
+      "_analyticRulecontentProductId12": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e9f0a1b2-3456-7890-12cd-ef1234560040','-', '1.0.0')))]"
     },
     "analyticRuleObject13": {
       "analyticRuleVersion13": "1.0.0",
-      "_analyticRulecontentId13": "d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a",
-      "analyticRuleId13": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')]",
-      "analyticRuleTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')))]",
-      "_analyticRulecontentProductId13": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a','-', '1.0.0')))]"
+      "_analyticRulecontentId13": "f0a1b2c3-4567-8901-23de-f12345670041",
+      "analyticRuleId13": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f0a1b2c3-4567-8901-23de-f12345670041')]",
+      "analyticRuleTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f0a1b2c3-4567-8901-23de-f12345670041')))]",
+      "_analyticRulecontentProductId13": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f0a1b2c3-4567-8901-23de-f12345670041','-', '1.0.0')))]"
     },
     "analyticRuleObject14": {
       "analyticRuleVersion14": "1.0.0",
-      "_analyticRulecontentId14": "e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b",
-      "analyticRuleId14": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')]",
-      "analyticRuleTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')))]",
-      "_analyticRulecontentProductId14": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b','-', '1.0.0')))]"
+      "_analyticRulecontentId14": "a1b2c3d4-5678-9012-3456-789012340042",
+      "analyticRuleId14": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a1b2c3d4-5678-9012-3456-789012340042')]",
+      "analyticRuleTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a1b2c3d4-5678-9012-3456-789012340042')))]",
+      "_analyticRulecontentProductId14": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a1b2c3d4-5678-9012-3456-789012340042','-', '1.0.0')))]"
     },
     "analyticRuleObject15": {
       "analyticRuleVersion15": "1.0.0",
-      "_analyticRulecontentId15": "f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c",
-      "analyticRuleId15": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')]",
-      "analyticRuleTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')))]",
-      "_analyticRulecontentProductId15": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c','-', '1.0.0')))]"
+      "_analyticRulecontentId15": "b2c3d4e5-6789-0123-4567-890123450043",
+      "analyticRuleId15": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b2c3d4e5-6789-0123-4567-890123450043')]",
+      "analyticRuleTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b2c3d4e5-6789-0123-4567-890123450043')))]",
+      "_analyticRulecontentProductId15": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b2c3d4e5-6789-0123-4567-890123450043','-', '1.0.0')))]"
     },
     "analyticRuleObject16": {
       "analyticRuleVersion16": "1.0.0",
-      "_analyticRulecontentId16": "a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d",
-      "analyticRuleId16": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')]",
-      "analyticRuleTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')))]",
-      "_analyticRulecontentProductId16": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d','-', '1.0.0')))]"
+      "_analyticRulecontentId16": "c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f",
+      "analyticRuleId16": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')]",
+      "analyticRuleTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')))]",
+      "_analyticRulecontentProductId16": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f','-', '1.0.0')))]"
     },
     "analyticRuleObject17": {
       "analyticRuleVersion17": "1.0.0",
-      "_analyticRulecontentId17": "a1b2c3d4-5678-9012-34ab-cdef12345030",
-      "analyticRuleId17": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a1b2c3d4-5678-9012-34ab-cdef12345030')]",
-      "analyticRuleTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a1b2c3d4-5678-9012-34ab-cdef12345030')))]",
-      "_analyticRulecontentProductId17": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a1b2c3d4-5678-9012-34ab-cdef12345030','-', '1.0.0')))]"
+      "_analyticRulecontentId17": "d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a",
+      "analyticRuleId17": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')]",
+      "analyticRuleTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')))]",
+      "_analyticRulecontentProductId17": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a','-', '1.0.0')))]"
     },
     "analyticRuleObject18": {
       "analyticRuleVersion18": "1.0.0",
-      "_analyticRulecontentId18": "b2c3d4e5-6789-0123-45ab-cdef12345031",
-      "analyticRuleId18": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b2c3d4e5-6789-0123-45ab-cdef12345031')]",
-      "analyticRuleTemplateSpecName18": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b2c3d4e5-6789-0123-45ab-cdef12345031')))]",
-      "_analyticRulecontentProductId18": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b2c3d4e5-6789-0123-45ab-cdef12345031','-', '1.0.0')))]"
+      "_analyticRulecontentId18": "e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b",
+      "analyticRuleId18": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')]",
+      "analyticRuleTemplateSpecName18": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')))]",
+      "_analyticRulecontentProductId18": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b','-', '1.0.0')))]"
+    },
+    "analyticRuleObject19": {
+      "analyticRuleVersion19": "1.0.0",
+      "_analyticRulecontentId19": "f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c",
+      "analyticRuleId19": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')]",
+      "analyticRuleTemplateSpecName19": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')))]",
+      "_analyticRulecontentProductId19": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c','-', '1.0.0')))]"
+    },
+    "analyticRuleObject20": {
+      "analyticRuleVersion20": "1.0.0",
+      "_analyticRulecontentId20": "a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d",
+      "analyticRuleId20": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')]",
+      "analyticRuleTemplateSpecName20": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')))]",
+      "_analyticRulecontentProductId20": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d','-', '1.0.0')))]"
+    },
+    "analyticRuleObject21": {
+      "analyticRuleVersion21": "1.0.0",
+      "_analyticRulecontentId21": "a1b2c3d4-5678-9012-34ab-cdef12345030",
+      "analyticRuleId21": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a1b2c3d4-5678-9012-34ab-cdef12345030')]",
+      "analyticRuleTemplateSpecName21": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a1b2c3d4-5678-9012-34ab-cdef12345030')))]",
+      "_analyticRulecontentProductId21": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a1b2c3d4-5678-9012-34ab-cdef12345030','-', '1.0.0')))]"
+    },
+    "analyticRuleObject22": {
+      "analyticRuleVersion22": "1.0.0",
+      "_analyticRulecontentId22": "b2c3d4e5-6789-0123-45ab-cdef12345031",
+      "analyticRuleId22": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b2c3d4e5-6789-0123-45ab-cdef12345031')]",
+      "analyticRuleTemplateSpecName22": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b2c3d4e5-6789-0123-45ab-cdef12345031')))]",
+      "_analyticRulecontentProductId22": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b2c3d4e5-6789-0123-45ab-cdef12345031','-', '1.0.0')))]"
     },
     "huntingQueryObject1": {
       "huntingQueryVersion1": "1.0.0",
@@ -244,28 +272,48 @@
     },
     "huntingQueryObject9": {
       "huntingQueryVersion9": "1.0.0",
-      "_huntingQuerycontentId9": "e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe",
-      "huntingQueryTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe')))]"
+      "_huntingQuerycontentId9": "c3d4e5f6-7890-1234-5678-901234560044",
+      "huntingQueryTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('c3d4e5f6-7890-1234-5678-901234560044')))]"
     },
     "huntingQueryObject10": {
       "huntingQueryVersion10": "1.0.0",
-      "_huntingQuerycontentId10": "f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca",
-      "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca')))]"
+      "_huntingQuerycontentId10": "d4e5f6a7-8901-2345-6789-012345670045",
+      "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('d4e5f6a7-8901-2345-6789-012345670045')))]"
     },
     "huntingQueryObject11": {
       "huntingQueryVersion11": "1.0.0",
-      "_huntingQuerycontentId11": "a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb",
-      "huntingQueryTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb')))]"
+      "_huntingQuerycontentId11": "e5f6a7b8-9012-3456-7890-123456780046",
+      "huntingQueryTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('e5f6a7b8-9012-3456-7890-123456780046')))]"
     },
     "huntingQueryObject12": {
       "huntingQueryVersion12": "1.0.0",
-      "_huntingQuerycontentId12": "b28cbdd2-8cef-be9b-a38e-7faceedfdbec",
-      "huntingQueryTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('b28cbdd2-8cef-be9b-a38e-7faceedfdbec')))]"
+      "_huntingQuerycontentId12": "f6a7b8c9-0123-4567-8901-234567890047",
+      "huntingQueryTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('f6a7b8c9-0123-4567-8901-234567890047')))]"
     },
     "huntingQueryObject13": {
       "huntingQueryVersion13": "1.0.0",
-      "_huntingQuerycontentId13": "c3d4e5f6-7890-1234-56ab-cdef12345032",
-      "huntingQueryTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('c3d4e5f6-7890-1234-56ab-cdef12345032')))]"
+      "_huntingQuerycontentId13": "e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe",
+      "huntingQueryTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe')))]"
+    },
+    "huntingQueryObject14": {
+      "huntingQueryVersion14": "1.0.0",
+      "_huntingQuerycontentId14": "f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca",
+      "huntingQueryTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca')))]"
+    },
+    "huntingQueryObject15": {
+      "huntingQueryVersion15": "1.0.0",
+      "_huntingQuerycontentId15": "a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb",
+      "huntingQueryTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb')))]"
+    },
+    "huntingQueryObject16": {
+      "huntingQueryVersion16": "1.0.0",
+      "_huntingQuerycontentId16": "b28cbdd2-8cef-be9b-a38e-7faceedfdbec",
+      "huntingQueryTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('b28cbdd2-8cef-be9b-a38e-7faceedfdbec')))]"
+    },
+    "huntingQueryObject17": {
+      "huntingQueryVersion17": "1.0.0",
+      "_huntingQuerycontentId17": "c3d4e5f6-7890-1234-56ab-cdef12345032",
+      "huntingQueryTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('c3d4e5f6-7890-1234-56ab-cdef12345032')))]"
     },
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "TailscaleStandardOperationsWorkbook",
@@ -4358,24 +4406,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -4471,24 +4519,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -4583,24 +4631,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -4696,33 +4744,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "NodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "NodeName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -4818,24 +4866,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -4930,33 +4978,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5053,33 +5101,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5176,24 +5224,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "LoginName",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "LoginName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5290,24 +5338,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5404,24 +5452,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5516,24 +5564,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5586,7 +5634,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumUnexpectedExitNodeEgress_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleTailnetLockValidationFailed_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject12').analyticRuleVersion12]",
@@ -5600,13 +5648,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Unexpected exit-node egress",
+                "description": "A device has a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires that all new node-keys be co-signed by trusted signers - any error here is the only direct signal of a node-key injection attempt or a misconfigured signer. Investigate the failing device and which signer (or absence thereof) caused the failure.",
+                "displayName": "Tailscale: Tailnet lock validation failed",
                 "enabled": false,
-                "query": "let baseline = 7d;\nlet recent = 1h;\nlet recentEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst), SrcNodeName = tostring(SrcNode.name), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize FirstSeen = min(TimeGenerated), TotalBytes = sum(Bytes) by NodeId, SrcNodeName, Src, ExitDst;\nlet baselineEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst)\n    | distinct NodeId, Src, ExitDst;\nrecentEgress\n| join kind=leftanti baselineEgress on NodeId, Src, ExitDst\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n",
+                "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(1h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where isnotempty(TailnetLockError)\n| project TimeGenerated, DeviceName, Hostname, User, Os, ClientVersion, TailnetLockError, TailnetLockKey, LastSeen, Authorized\n",
                 "queryFrequency": "PT1H",
                 "queryPeriod": "PT1H",
-                "severity": "Medium",
+                "severity": "High",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -5615,48 +5663,48 @@
                 "requiredDataConnectors": [
                   {
                     "dataTypes": [
-                      "Tailscale_Network_CL"
+                      "Tailscale_Devices_CL"
                     ],
-                    "connectorId": "TailscalePremiumCCF"
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "CommandAndControl",
-                  "Exfiltration"
+                  "DefenseEvasion",
+                  "InitialAccess"
                 ],
                 "techniques": [
-                  "T1090",
-                  "T1041"
+                  "T1556",
+                  "T1078"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5694,7 +5742,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject12')._analyticRulecontentId12]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Unexpected exit-node egress",
+        "displayName": "Tailscale: Tailnet lock validation failed",
         "contentProductId": "[variables('analyticRuleObject12')._analyticRulecontentProductId12]",
         "id": "[variables('analyticRuleObject12')._analyticRulecontentProductId12]",
         "version": "[variables('analyticRuleObject12').analyticRuleVersion12]"
@@ -5709,7 +5757,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumLargeOutboundTransfer_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleDeviceSshNewlyEnabled_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject13').analyticRuleVersion13]",
@@ -5723,12 +5771,12 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
+                "description": "Tailscale SSH was enabled on a device that previously did not have it. Tailscale SSH provides authenticated shell access to the device over the tailnet, using the existing Tailscale identity rather than SSH keys. Legitimate during initial admin setup; an unexpected enable broadens the attack surface for any device that can reach this node. Verify the change was intentional and that the SSH ACL covers it appropriately.",
+                "displayName": "Tailscale: Device Tailscale SSH newly enabled",
                 "enabled": false,
-                "query": "let bytesThreshold = 100 * 1024 * 1024;\nTailscale_Network_CL\n| where TimeGenerated > ago(1h)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), SrcNodeName = take_any(tostring(SrcNode.name)) by NodeId, Src, Dst, Proto\n| where TotalBytes > bytesThreshold\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| order by TotalBytes desc\n",
+                "query": "let recent =\n    Tailscale_Devices_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where SshEnabled == true\n    | project DeviceId, DeviceName, Hostname, User, Os, ClientVersion, LastSeen;\nlet prior =\n    Tailscale_Devices_CL\n    | where TimeGenerated between (ago(2d) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where SshEnabled == true\n    | distinct DeviceId;\nrecent\n| join kind=leftanti prior on DeviceId\n| project TimeGenerated = now(), DeviceName, Hostname, User, Os, ClientVersion, LastSeen\n",
                 "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
+                "queryPeriod": "P2D",
                 "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -5738,48 +5786,48 @@
                 "requiredDataConnectors": [
                   {
                     "dataTypes": [
-                      "Tailscale_Network_CL"
+                      "Tailscale_Devices_CL"
                     ],
-                    "connectorId": "TailscalePremiumCCF"
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "Exfiltration",
-                  "Collection"
+                  "Persistence",
+                  "LateralMovement"
                 ],
                 "techniques": [
-                  "T1041",
-                  "T1020"
+                  "T1021",
+                  "T1098"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5817,7 +5865,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject13')._analyticRulecontentId13]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
+        "displayName": "Tailscale: Device Tailscale SSH newly enabled",
         "contentProductId": "[variables('analyticRuleObject13')._analyticRulecontentProductId13]",
         "id": "[variables('analyticRuleObject13')._analyticRulecontentProductId13]",
         "version": "[variables('analyticRuleObject13').analyticRuleVersion13]"
@@ -5832,7 +5880,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleUnauthorizedDeviceConnected_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject14').analyticRuleVersion14]",
@@ -5846,13 +5894,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Network flow beaconing detected",
+                "description": "A device is actively connected to the Tailscale control plane (ConnectedToControl=true) but has not been authorized by an admin (Authorized=false). With device approval enabled, this is the queue of devices waiting for approval - any persistent or unexpected entry should be reviewed before being admitted. Without device approval enabled, this state should be transient (auto-approve); persistence indicates a misconfig or a node-key injection attempt.",
+                "displayName": "Tailscale: Unauthorized device connected to control plane",
                 "enabled": false,
-                "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n",
+                "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(1h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where Authorized == false and ConnectedToControl == true\n| project TimeGenerated, DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, MachineKey, NodeKey\n",
                 "queryFrequency": "PT1H",
-                "queryPeriod": "P2D",
-                "severity": "Medium",
+                "queryPeriod": "PT1H",
+                "severity": "High",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -5861,40 +5909,48 @@
                 "requiredDataConnectors": [
                   {
                     "dataTypes": [
-                      "Tailscale_Network_CL"
+                      "Tailscale_Devices_CL"
                     ],
-                    "connectorId": "TailscalePremiumCCF"
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "CommandAndControl",
-                  "Exfiltration"
+                  "InitialAccess",
+                  "Persistence"
                 ],
                 "techniques": [
-                  "T1071",
-                  "T1095",
-                  "T1029"
+                  "T1078",
+                  "T1098"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "User"
+                      }
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -5932,7 +5988,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Network flow beaconing detected",
+        "displayName": "Tailscale: Unauthorized device connected to control plane",
         "contentProductId": "[variables('analyticRuleObject14')._analyticRulecontentProductId14]",
         "id": "[variables('analyticRuleObject14')._analyticRulecontentProductId14]",
         "version": "[variables('analyticRuleObject14').analyticRuleVersion14]"
@@ -5947,7 +6003,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleExternalDeviceAdded_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject15').analyticRuleVersion15]",
@@ -5961,13 +6017,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Mass fan-out from single node",
+                "description": "A device from a different tailnet has been shared into yours (IsExternal=true) and is not present in the prior 24-hour baseline. Tailnet sharing legitimately lets external collaborators access specific tagged resources, but every shared-in device expands the trust boundary - confirm the share matches a documented agreement and that the device is restricted to the intended ACL scope.",
+                "displayName": "Tailscale: External (shared-in) device added",
                 "enabled": false,
-                "query": "let dstThreshold = 25;\nTailscale_Network_CL\n| where TimeGenerated > ago(15m)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst)\n| summarize UniqueDestinations = dcount(Dst), SrcNodeName = take_any(tostring(SrcNode.name)), TopDestinations = make_set(Dst, 25) by NodeId, Src\n| where UniqueDestinations >= dstThreshold\n| order by UniqueDestinations desc\n",
-                "queryFrequency": "PT15M",
-                "queryPeriod": "PT15M",
-                "severity": "High",
+                "query": "let recent =\n    Tailscale_Devices_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where IsExternal == true\n    | project DeviceId, DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags;\nlet prior =\n    Tailscale_Devices_CL\n    | where TimeGenerated between (ago(2d) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where IsExternal == true\n    | distinct DeviceId;\nrecent\n| join kind=leftanti prior on DeviceId\n| project TimeGenerated = now(), DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P2D",
+                "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -5976,49 +6032,46 @@
                 "requiredDataConnectors": [
                   {
                     "dataTypes": [
-                      "Tailscale_Network_CL"
+                      "Tailscale_Devices_CL"
                     ],
-                    "connectorId": "TailscalePremiumCCF"
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "Discovery",
-                  "LateralMovement"
+                  "InitialAccess"
                 ],
                 "techniques": [
-                  "T1018",
-                  "T1021",
-                  "T1046"
+                  "T1078"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -6056,7 +6109,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Mass fan-out from single node",
+        "displayName": "Tailscale: External (shared-in) device added",
         "contentProductId": "[variables('analyticRuleObject15')._analyticRulecontentProductId15]",
         "id": "[variables('analyticRuleObject15')._analyticRulecontentProductId15]",
         "version": "[variables('analyticRuleObject15').analyticRuleVersion15]"
@@ -6071,7 +6124,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumUnexpectedExitNodeEgress_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject16').analyticRuleVersion16]",
@@ -6085,13 +6138,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs).",
-                "displayName": "Tailscale Premium: Subnet router throughput anomaly",
+                "description": "A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Unexpected exit-node egress",
                 "enabled": false,
-                "query": "let baselineDays = 7d;\nlet recent = 1h;\nlet multiplier = 3.0;\nlet recentTraffic =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), SrcNodeName = tostring(SrcNode.name)\n    | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName;\nlet baseline =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baselineDays + recent) .. ago(recent))\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize TotalBaselineBytes = sum(Bytes) by NodeId\n    | extend BaselineHourlyBytes = TotalBaselineBytes / 168.0;\nrecentTraffic\n| join kind=inner baseline on NodeId\n| where RecentBytes > BaselineHourlyBytes * multiplier\n| extend Multiplier = round(RecentBytes / BaselineHourlyBytes, 1), RecentMB = round(RecentBytes / 1024.0 / 1024.0, 2), BaselineHourlyMB = round(BaselineHourlyBytes / 1024.0 / 1024.0, 2)\n| project NodeId, SrcNodeName, RecentMB, BaselineHourlyMB, Multiplier\n| order by Multiplier desc\n",
+                "query": "let baseline = 7d;\nlet recent = 1h;\nlet recentEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst), SrcNodeName = tostring(SrcNode.name), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize FirstSeen = min(TimeGenerated), TotalBytes = sum(Bytes) by NodeId, SrcNodeName, Src, ExitDst;\nlet baselineEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst)\n    | distinct NodeId, Src, ExitDst;\nrecentEgress\n| join kind=leftanti baselineEgress on NodeId, Src, ExitDst\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n",
                 "queryFrequency": "PT1H",
-                "queryPeriod": "P8D",
-                "severity": "Low",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -6106,33 +6159,42 @@
                   }
                 ],
                 "tactics": [
-                  "Exfiltration",
-                  "CommandAndControl"
+                  "CommandAndControl",
+                  "Exfiltration"
                 ],
                 "techniques": [
-                  "T1572",
+                  "T1090",
                   "T1041"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "Src"
+                      }
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -6170,7 +6232,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Subnet router throughput anomaly",
+        "displayName": "Tailscale Premium: Unexpected exit-node egress",
         "contentProductId": "[variables('analyticRuleObject16')._analyticRulecontentProductId16]",
         "id": "[variables('analyticRuleObject16')._analyticRulecontentProductId16]",
         "version": "[variables('analyticRuleObject16').analyticRuleVersion16]"
@@ -6185,7 +6247,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumPostureIntegrationDisabled_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumLargeOutboundTransfer_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject17').analyticRuleVersion17]",
@@ -6199,13 +6261,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A device-posture integration (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) was disabled or removed from the tailnet. Posture integrations enforce device compliance (OS up-to-date, EDR running, etc.) before allowing tailnet access; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise (posture integrations feature).",
-                "displayName": "Tailscale Premium: Posture integration disabled or removed",
+                "description": "A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n| where Action in (\"DELETE\", \"UPDATE\")\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Action, Provider, Target, Old, New, Origin\n",
-                "queryFrequency": "PT15M",
-                "queryPeriod": "PT15M",
-                "severity": "High",
+                "query": "let bytesThreshold = 100 * 1024 * 1024;\nTailscale_Network_CL\n| where TimeGenerated > ago(1h)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), SrcNodeName = take_any(tostring(SrcNode.name)) by NodeId, Src, Dst, Proto\n| where TotalBytes > bytesThreshold\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| order by TotalBytes desc\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -6214,39 +6276,48 @@
                 "requiredDataConnectors": [
                   {
                     "dataTypes": [
-                      "Tailscale_Audit_CL"
+                      "Tailscale_Network_CL"
                     ],
                     "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
-                  "DefenseEvasion",
-                  "Persistence"
+                  "Exfiltration",
+                  "Collection"
                 ],
                 "techniques": [
-                  "T1562",
-                  "T1556"
+                  "T1041",
+                  "T1020"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "Src"
+                      }
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h"
+                  }
                 }
               }
             },
@@ -6284,7 +6355,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject17')._analyticRulecontentId17]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Posture integration disabled or removed",
+        "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
         "contentProductId": "[variables('analyticRuleObject17')._analyticRulecontentProductId17]",
         "id": "[variables('analyticRuleObject17')._analyticRulecontentProductId17]",
         "version": "[variables('analyticRuleObject17').analyticRuleVersion17]"
@@ -6299,7 +6370,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumNewPostureIntegration_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject18').analyticRuleVersion18]",
@@ -6313,12 +6384,12 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A new device-posture integration was added to the tailnet. Posture integrations connect Tailscale to MDM/EDR systems (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) for device compliance enforcement. Adding a new integration is legitimate during setup or vendor changes; an unexpected addition could indicate an attacker establishing a control plane or bypassing existing compliance gates. Requires Tailscale Premium or Enterprise.",
-                "displayName": "Tailscale Premium: New posture integration added",
+                "description": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Network flow beaconing detected",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Provider, Target, New, Origin\n",
-                "queryFrequency": "PT15M",
-                "queryPeriod": "PT15M",
+                "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P2D",
                 "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -6328,37 +6399,40 @@
                 "requiredDataConnectors": [
                   {
                     "dataTypes": [
-                      "Tailscale_Audit_CL"
+                      "Tailscale_Network_CL"
                     ],
                     "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
-                  "Persistence"
+                  "CommandAndControl",
+                  "Exfiltration"
                 ],
                 "techniques": [
-                  "T1098"
+                  "T1071",
+                  "T1095",
+                  "T1029"
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  },
-                  "createIncident": true
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
                 }
               }
             },
@@ -6396,7 +6470,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject18')._analyticRulecontentId18]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: New posture integration added",
+        "displayName": "Tailscale Premium: Network flow beaconing detected",
         "contentProductId": "[variables('analyticRuleObject18')._analyticRulecontentProductId18]",
         "id": "[variables('analyticRuleObject18')._analyticRulecontentProductId18]",
         "version": "[variables('analyticRuleObject18').analyticRuleVersion18]"
@@ -6405,56 +6479,97 @@
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject1').huntingQueryTemplateSpecName1]",
+      "name": "[variables('analyticRuleObject19').analyticRuleTemplateSpecName19]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
+          "contentVersion": "[variables('analyticRuleObject19').analyticRuleVersion19]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_1",
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject19')._analyticRulecontentId19]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "eTag": "*",
-                "displayName": "Tailscale: First-seen actor making configuration changes",
-                "category": "Hunting Queries",
-                "query": "let lookback = 14d;\nlet baselineWindow = 14d;\nTailscale_Audit_CL\n| where TimeGenerated > ago(lookback)\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize FirstSeen = min(TimeGenerated), Actions = make_set(Action), Targets = make_set(tostring(Target.type)), TotalEvents = count() by ActorLogin\n| join kind=leftanti (\n    Tailscale_Audit_CL\n    | where TimeGenerated between (ago(lookback + baselineWindow) .. ago(lookback))\n    | extend ActorLogin = tostring(Actor.loginName)\n    | distinct ActorLogin\n) on ActorLogin\n| order by FirstSeen asc\n",
-                "version": 2,
-                "tags": [
+                "description": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Mass fan-out from single node",
+                "enabled": false,
+                "query": "let dstThreshold = 25;\nTailscale_Network_CL\n| where TimeGenerated > ago(15m)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst)\n| summarize UniqueDestinations = dcount(Dst), SrcNodeName = take_any(tostring(SrcNode.name)), TopDestinations = make_set(Dst, 25) by NodeId, Src\n| where UniqueDestinations >= dstThreshold\n| order by UniqueDestinations desc\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
                   {
-                    "name": "description",
-                    "value": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights."
-                  },
+                    "dataTypes": [
+                      "Tailscale_Network_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
+                  }
+                ],
+                "tactics": [
+                  "Discovery",
+                  "LateralMovement"
+                ],
+                "techniques": [
+                  "T1018",
+                  "T1021",
+                  "T1046"
+                ],
+                "entityMappings": [
                   {
-                    "name": "tactics",
-                    "value": "InitialAccess,Persistence"
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
+                      }
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "name": "techniques",
-                    "value": "T1078"
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "Src"
+                      }
+                    ],
+                    "entityType": "IP"
                   }
-                ]
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h"
+                  }
+                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject19').analyticRuleId19,'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 1",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1)]",
-                "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject1').huntingQueryVersion1]",
+                "description": "Tailscale (CCF) Analytics Rule 19",
+                "parentId": "[variables('analyticRuleObject19').analyticRuleId19]",
+                "contentId": "[variables('analyticRuleObject19')._analyticRulecontentId19]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject19').analyticRuleVersion19]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -6477,67 +6592,98 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: First-seen actor making configuration changes",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
-        "version": "1.0.0"
+        "contentId": "[variables('analyticRuleObject19')._analyticRulecontentId19]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: Mass fan-out from single node",
+        "contentProductId": "[variables('analyticRuleObject19')._analyticRulecontentProductId19]",
+        "id": "[variables('analyticRuleObject19')._analyticRulecontentProductId19]",
+        "version": "[variables('analyticRuleObject19').analyticRuleVersion19]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject2').huntingQueryTemplateSpecName2]",
+      "name": "[variables('analyticRuleObject20').analyticRuleTemplateSpecName20]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
+          "contentVersion": "[variables('analyticRuleObject20').analyticRuleVersion20]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_2",
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject20')._analyticRulecontentId20]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "eTag": "*",
-                "displayName": "Tailscale: ACL policy churn",
-                "category": "Hunting Queries",
-                "query": "let bucket = 30m;\nlet churnThreshold = 3;\nTailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize EditCount = count(), Editors = make_set(ActorLogin), FirstEdit = min(TimeGenerated), LastEdit = max(TimeGenerated)\n    by bin(TimeGenerated, bucket)\n| where EditCount >= churnThreshold\n| order by EditCount desc\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change."
-                  },
+                "description": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "displayName": "Tailscale Premium: Subnet router throughput anomaly",
+                "enabled": false,
+                "query": "let baselineDays = 7d;\nlet recent = 1h;\nlet multiplier = 3.0;\nlet recentTraffic =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), SrcNodeName = tostring(SrcNode.name)\n    | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName;\nlet baseline =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baselineDays + recent) .. ago(recent))\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize TotalBaselineBytes = sum(Bytes) by NodeId\n    | extend BaselineHourlyBytes = TotalBaselineBytes / 168.0;\nrecentTraffic\n| join kind=inner baseline on NodeId\n| where RecentBytes > BaselineHourlyBytes * multiplier\n| extend Multiplier = round(RecentBytes / BaselineHourlyBytes, 1), RecentMB = round(RecentBytes / 1024.0 / 1024.0, 2), BaselineHourlyMB = round(BaselineHourlyBytes / 1024.0 / 1024.0, 2)\n| project NodeId, SrcNodeName, RecentMB, BaselineHourlyMB, Multiplier\n| order by Multiplier desc\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P8D",
+                "severity": "Low",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
                   {
-                    "name": "tactics",
-                    "value": "DefenseEvasion,PrivilegeEscalation"
-                  },
+                    "dataTypes": [
+                      "Tailscale_Network_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
+                  }
+                ],
+                "tactics": [
+                  "Exfiltration",
+                  "CommandAndControl"
+                ],
+                "techniques": [
+                  "T1572",
+                  "T1041"
+                ],
+                "entityMappings": [
                   {
-                    "name": "techniques",
-                    "value": "T1098,T1556"
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
+                      }
+                    ],
+                    "entityType": "Host"
                   }
-                ]
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
+                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject20').analyticRuleId20,'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 2",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2)]",
-                "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject2').huntingQueryVersion2]",
+                "description": "Tailscale (CCF) Analytics Rule 20",
+                "parentId": "[variables('analyticRuleObject20').analyticRuleId20]",
+                "contentId": "[variables('analyticRuleObject20')._analyticRulecontentId20]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject20').analyticRuleVersion20]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -6560,45 +6706,271 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: ACL policy churn",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
-        "version": "1.0.0"
+        "contentId": "[variables('analyticRuleObject20')._analyticRulecontentId20]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: Subnet router throughput anomaly",
+        "contentProductId": "[variables('analyticRuleObject20')._analyticRulecontentProductId20]",
+        "id": "[variables('analyticRuleObject20')._analyticRulecontentProductId20]",
+        "version": "[variables('analyticRuleObject20').analyticRuleVersion20]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject3').huntingQueryTemplateSpecName3]",
+      "name": "[variables('analyticRuleObject21').analyticRuleTemplateSpecName21]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscalePremiumPostureIntegrationDisabled_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
+          "contentVersion": "[variables('analyticRuleObject21').analyticRuleVersion21]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_3",
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject21')._analyticRulecontentId21]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "eTag": "*",
-                "displayName": "Tailscale: Off-hours configuration changes",
-                "category": "Hunting Queries",
-                "query": "let businessStartUtc = 8;\nlet businessEndUtc = 18;\nTailscale_Audit_CL\n| extend HourOfDay = datetime_part(\"hour\", TimeGenerated), DayOfWeek = dayofweek(TimeGenerated)\n| where DayOfWeek in (0d, 6d)  // Sunday and Saturday\n    or HourOfDay < businessStartUtc\n    or HourOfDay >= businessEndUtc\n| extend ActorLogin = tostring(Actor.loginName)\n| extend TargetType = tostring(Target.type)\n| project TimeGenerated, ActorLogin, Action, TargetType, Target, Origin\n| order by TimeGenerated desc\n",
-                "version": 2,
+                "description": "A device-posture integration (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) was disabled or removed from the tailnet. Posture integrations enforce device compliance (OS up-to-date, EDR running, etc.) before allowing tailnet access; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise (posture integrations feature).",
+                "displayName": "Tailscale Premium: Posture integration disabled or removed",
+                "enabled": false,
+                "query": "Tailscale_Audit_CL\n| where Action in (\"DELETE\", \"UPDATE\")\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Action, Provider, Target, Old, New, Origin\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Audit_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
+                  }
+                ],
+                "tactics": [
+                  "DefenseEvasion",
+                  "Persistence"
+                ],
+                "techniques": [
+                  "T1562",
+                  "T1556"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject21').analyticRuleId21,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 21",
+                "parentId": "[variables('analyticRuleObject21').analyticRuleId21]",
+                "contentId": "[variables('analyticRuleObject21')._analyticRulecontentId21]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject21').analyticRuleVersion21]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject21')._analyticRulecontentId21]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: Posture integration disabled or removed",
+        "contentProductId": "[variables('analyticRuleObject21')._analyticRulecontentProductId21]",
+        "id": "[variables('analyticRuleObject21')._analyticRulecontentProductId21]",
+        "version": "[variables('analyticRuleObject21').analyticRuleVersion21]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject22').analyticRuleTemplateSpecName22]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePremiumNewPostureIntegration_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject22').analyticRuleVersion22]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject22')._analyticRulecontentId22]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "A new device-posture integration was added to the tailnet. Posture integrations connect Tailscale to MDM/EDR systems (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) for device compliance enforcement. Adding a new integration is legitimate during setup or vendor changes; an unexpected addition could indicate an attacker establishing a control plane or bypassing existing compliance gates. Requires Tailscale Premium or Enterprise.",
+                "displayName": "Tailscale Premium: New posture integration added",
+                "enabled": false,
+                "query": "Tailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Provider, Target, New, Origin\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Audit_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
+                  }
+                ],
+                "tactics": [
+                  "Persistence"
+                ],
+                "techniques": [
+                  "T1098"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d"
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject22').analyticRuleId22,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 22",
+                "parentId": "[variables('analyticRuleObject22').analyticRuleId22]",
+                "contentId": "[variables('analyticRuleObject22')._analyticRulecontentId22]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject22').analyticRuleVersion22]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject22')._analyticRulecontentId22]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: New posture integration added",
+        "contentProductId": "[variables('analyticRuleObject22')._analyticRulecontentProductId22]",
+        "id": "[variables('analyticRuleObject22')._analyticRulecontentProductId22]",
+        "version": "[variables('analyticRuleObject22').analyticRuleVersion22]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject1').huntingQueryTemplateSpecName1]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_1",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: First-seen actor making configuration changes",
+                "category": "Hunting Queries",
+                "query": "let lookback = 14d;\nlet baselineWindow = 14d;\nTailscale_Audit_CL\n| where TimeGenerated > ago(lookback)\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize FirstSeen = min(TimeGenerated), Actions = make_set(Action), Targets = make_set(tostring(Target.type)), TotalEvents = count() by ActorLogin\n| join kind=leftanti (\n    Tailscale_Audit_CL\n    | where TimeGenerated between (ago(lookback + baselineWindow) .. ago(lookback))\n    | extend ActorLogin = tostring(Actor.loginName)\n    | distinct ActorLogin\n) on ActorLogin\n| order by FirstSeen asc\n",
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Lists configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity."
+                    "value": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights."
                   },
                   {
                     "name": "tactics",
@@ -6614,13 +6986,511 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 3",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3)]",
-                "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+                "description": "Tailscale (CCF) Hunting Query 1",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1)]",
+                "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject3').huntingQueryVersion3]",
+                "version": "[variables('huntingQueryObject1').huntingQueryVersion1]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: First-seen actor making configuration changes",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject2').huntingQueryTemplateSpecName2]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_2",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: ACL policy churn",
+                "category": "Hunting Queries",
+                "query": "let bucket = 30m;\nlet churnThreshold = 3;\nTailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize EditCount = count(), Editors = make_set(ActorLogin), FirstEdit = min(TimeGenerated), LastEdit = max(TimeGenerated)\n    by bin(TimeGenerated, bucket)\n| where EditCount >= churnThreshold\n| order by EditCount desc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "DefenseEvasion,PrivilegeEscalation"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1098,T1556"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 2",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2)]",
+                "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject2').huntingQueryVersion2]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: ACL policy churn",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject3').huntingQueryTemplateSpecName3]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_3",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Off-hours configuration changes",
+                "category": "Hunting Queries",
+                "query": "let businessStartUtc = 8;\nlet businessEndUtc = 18;\nTailscale_Audit_CL\n| extend HourOfDay = datetime_part(\"hour\", TimeGenerated), DayOfWeek = dayofweek(TimeGenerated)\n| where DayOfWeek in (0d, 6d)  // Sunday and Saturday\n    or HourOfDay < businessStartUtc\n    or HourOfDay >= businessEndUtc\n| extend ActorLogin = tostring(Actor.loginName)\n| extend TargetType = tostring(Target.type)\n| project TimeGenerated, ActorLogin, Action, TargetType, Target, Origin\n| order by TimeGenerated desc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Lists configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess,Persistence"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 3",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3)]",
+                "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject3').huntingQueryVersion3]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Off-hours configuration changes",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject4').huntingQueryTemplateSpecName4]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_4",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Auth key sprawl",
+                "category": "Hunting Queries",
+                "query": "let bucket = 1h;\nlet sprawlThreshold = 5;\nTailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize KeysCreated = count(), KeyIDs = make_set(tostring(Target.id)), Reusable = make_set(tostring(New.reusable)), Ephemeral = make_set(tostring(New.ephemeral))\n    by bin(TimeGenerated, bucket), ActorLogin\n| where KeysCreated >= sprawlThreshold\n| order by KeysCreated desc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "Persistence,CredentialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1098,T1136"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 4",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4)]",
+                "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject4').huntingQueryVersion4]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Auth key sprawl",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject5').huntingQueryTemplateSpecName5]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleDormantDevices_HuntingQueries Hunting Query with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_5",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Devices not seen in 30+ days",
+                "category": "Hunting Queries",
+                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where LastSeen < ago(30d)\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, DaysSinceSeen, Tags, AdvertisedRoutes\n| order by DaysSinceSeen desc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Lists tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "Discovery"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 5",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5)]",
+                "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject5').huntingQueryVersion5]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Devices not seen in 30+ days",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject6').huntingQueryTemplateSpecName6]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleAuthKeysNoExpiry_HuntingQueries Hunting Query with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_6",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Auth keys with no expiry",
+                "category": "Hunting Queries",
+                "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked) or Revoked == datetime(null)\n| where isnull(Expires) or Expires == datetime(null)\n| project KeyId, Description, UserId, Created, Capabilities\n| order by Created asc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies tailnet auth keys that have no expiry timestamp set. Non-expiring keys grant unattended enrollment in perpetuity and should be rotated or replaced with ephemeral, time-bounded keys."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "Persistence,CredentialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1098,T1136"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 6",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6)]",
+                "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject6').huntingQueryVersion6]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle"
+                },
+                "support": {
+                  "name": "Community",
+                  "tier": "Community",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Auth keys with no expiry",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject7').huntingQueryTemplateSpecName7]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleOrphanedUsers_HuntingQueries Hunting Query with template version 3.0.3",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_7",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Users with zero devices",
+                "category": "Hunting Queries",
+                "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| where DeviceCount == 0\n| where Status != \"suspended\"\n| project LoginName, DisplayName, Role, Status, DeviceCount, Created, LastSeen\n| order by LastSeen asc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Lists tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 7",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7)]",
+                "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject7').huntingQueryVersion7]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -6643,53 +7513,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+        "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Off-hours configuration changes",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Users with zero devices",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject4').huntingQueryTemplateSpecName4]",
+      "name": "[variables('huntingQueryObject8').huntingQueryTemplateSpecName8]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleSplitDnsPerDomainChanges_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
+          "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_4",
+              "name": "Tailscale_(CCF)_Hunting_Query_8",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Auth key sprawl",
+                "displayName": "Tailscale: Split-DNS per-domain change history",
                 "category": "Hunting Queries",
-                "query": "let bucket = 1h;\nlet sprawlThreshold = 5;\nTailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize KeysCreated = count(), KeyIDs = make_set(tostring(Target.id)), Reusable = make_set(tostring(New.reusable)), Ephemeral = make_set(tostring(New.ephemeral))\n    by bin(TimeGenerated, bucket), ActorLogin\n| where KeysCreated >= sprawlThreshold\n| order by KeysCreated desc\n",
+                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_SPLIT_DNS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldKeys = bag_keys(Old), NewKeys = bag_keys(New)\n| extend AllDomains = set_union(OldKeys, NewKeys)\n| mv-expand Domain = AllDomains to typeof(string)\n| extend OldResolvers = Old[Domain], NewResolvers = New[Domain]\n| extend Change = case(\n    isnull(OldResolvers) and isnotnull(NewResolvers), \"added\",\n    isnotnull(OldResolvers) and isnull(NewResolvers), \"removed\",\n    tostring(OldResolvers) != tostring(NewResolvers), \"resolvers-changed\",\n    \"unchanged\")\n| where Change != \"unchanged\"\n| project TimeGenerated, ActorLogin, Domain, Change, OldResolvers, NewResolvers\n| order by TimeGenerated desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context."
+                    "value": "Reconstructs the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended."
                   },
                   {
                     "name": "tactics",
-                    "value": "Persistence,CredentialAccess"
+                    "value": "DefenseEvasion,CommandAndControl"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1098,T1136"
+                    "value": "T1556,T1568"
                   }
                 ]
               }
@@ -6697,13 +7567,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 4",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4)]",
-                "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+                "description": "Tailscale (CCF) Hunting Query 8",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8)]",
+                "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject4').huntingQueryVersion4]",
+                "version": "[variables('huntingQueryObject8').huntingQueryVersion8]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -6726,53 +7596,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+        "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Auth key sprawl",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Split-DNS per-domain change history",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject5').huntingQueryTemplateSpecName5]",
+      "name": "[variables('huntingQueryObject9').huntingQueryTemplateSpecName9]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDormantDevices_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleDevicesWithSshEnabled_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
+          "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_5",
+              "name": "Tailscale_(CCF)_Hunting_Query_9",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Devices not seen in 30+ days",
+                "displayName": "Tailscale: Devices with Tailscale SSH enabled",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where LastSeen < ago(30d)\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, DaysSinceSeen, Tags, AdvertisedRoutes\n| order by DaysSinceSeen desc\n",
+                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where SshEnabled == true\n| project DeviceName, Hostname, User, Os, Distro, ClientVersion, LastSeen, Tags\n| order by DeviceName asc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Lists tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation."
+                    "value": "Inventory of devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity (no SSH keys needed) and is governed by the SSH ACL block in the policy file. Cross-reference this list with the SSH ACL to confirm only the intended devices are reachable as SSH targets."
                   },
                   {
                     "name": "tactics",
-                    "value": "Discovery"
+                    "value": "LateralMovement,Persistence"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1078"
+                    "value": "T1021"
                   }
                 ]
               }
@@ -6780,13 +7650,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 5",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5)]",
-                "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+                "description": "Tailscale (CCF) Hunting Query 9",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9)]",
+                "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject5').huntingQueryVersion5]",
+                "version": "[variables('huntingQueryObject9').huntingQueryVersion9]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -6809,53 +7679,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+        "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Devices not seen in 30+ days",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Devices with Tailscale SSH enabled",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject6').huntingQueryTemplateSpecName6]",
+      "name": "[variables('huntingQueryObject10').huntingQueryTemplateSpecName10]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthKeysNoExpiry_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleExternalDeviceInventory_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
+          "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_6",
+              "name": "Tailscale_(CCF)_Hunting_Query_10",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Auth keys with no expiry",
+                "displayName": "Tailscale: External (shared-in) device inventory",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked) or Revoked == datetime(null)\n| where isnull(Expires) or Expires == datetime(null)\n| project KeyId, Description, UserId, Created, Capabilities\n| order by Created asc\n",
+                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where IsExternal == true\n| project DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags\n| order by Created desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies tailnet auth keys that have no expiry timestamp set. Non-expiring keys grant unattended enrollment in perpetuity and should be rotated or replaced with ephemeral, time-bounded keys."
+                    "value": "Inventory of external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. Confirm each entry maps to a documented collaboration and that the corresponding ACL restricts the device to the intended resources."
                   },
                   {
                     "name": "tactics",
-                    "value": "Persistence,CredentialAccess"
+                    "value": "InitialAccess"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1098,T1136"
+                    "value": "T1078"
                   }
                 ]
               }
@@ -6863,13 +7733,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 6",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6)]",
-                "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
+                "description": "Tailscale (CCF) Hunting Query 10",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10)]",
+                "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject6').huntingQueryVersion6]",
+                "version": "[variables('huntingQueryObject10').huntingQueryVersion10]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -6892,53 +7762,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
+        "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Auth keys with no expiry",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
+        "displayName": "Tailscale: External (shared-in) device inventory",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject7').huntingQueryTemplateSpecName7]",
+      "name": "[variables('huntingQueryObject11').huntingQueryTemplateSpecName11]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOrphanedUsers_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleOutdatedClients_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
+          "contentVersion": "[variables('huntingQueryObject11').huntingQueryVersion11]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_7",
+              "name": "Tailscale_(CCF)_Hunting_Query_11",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Users with zero devices",
+                "displayName": "Tailscale: Devices with outdated client version",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| where DeviceCount == 0\n| where Status != \"suspended\"\n| project LoginName, DisplayName, Role, Status, DeviceCount, Created, LastSeen\n| order by LastSeen asc\n",
+                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where UpdateAvailable == true\n| project DeviceName, Hostname, User, Os, Distro, ClientVersion, LastSeen, Tags\n| order by ClientVersion asc, LastSeen desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Lists tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records."
+                    "value": "Lists tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security and feature updates regularly; a device showing UpdateAvailable lacks the most recent improvements. Use this list to plan a fleet update, especially before enabling new ACL features that require minimum client versions."
                   },
                   {
                     "name": "tactics",
-                    "value": "InitialAccess"
+                    "value": "DefenseEvasion"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1078"
+                    "value": "T1562"
                   }
                 ]
               }
@@ -6946,13 +7816,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject11')._huntingQuerycontentId11),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 7",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7)]",
-                "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
+                "description": "Tailscale (CCF) Hunting Query 11",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject11')._huntingQuerycontentId11)]",
+                "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject7').huntingQueryVersion7]",
+                "version": "[variables('huntingQueryObject11').huntingQueryVersion11]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -6975,53 +7845,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
+        "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Users with zero devices",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Devices with outdated client version",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject11')._huntingQuerycontentId11,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject11')._huntingQuerycontentId11,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject8').huntingQueryTemplateSpecName8]",
+      "name": "[variables('huntingQueryObject12').huntingQueryTemplateSpecName12]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleSplitDnsPerDomainChanges_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleSubnetRouteExposure_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
+          "contentVersion": "[variables('huntingQueryObject12').huntingQueryVersion12]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_8",
+              "name": "Tailscale_(CCF)_Hunting_Query_12",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Split-DNS per-domain change history",
+                "displayName": "Tailscale: Subnet router CIDR exposure inventory",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_SPLIT_DNS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldKeys = bag_keys(Old), NewKeys = bag_keys(New)\n| extend AllDomains = set_union(OldKeys, NewKeys)\n| mv-expand Domain = AllDomains to typeof(string)\n| extend OldResolvers = Old[Domain], NewResolvers = New[Domain]\n| extend Change = case(\n    isnull(OldResolvers) and isnotnull(NewResolvers), \"added\",\n    isnotnull(OldResolvers) and isnull(NewResolvers), \"removed\",\n    tostring(OldResolvers) != tostring(NewResolvers), \"resolvers-changed\",\n    \"unchanged\")\n| where Change != \"unchanged\"\n| project TimeGenerated, ActorLogin, Domain, Change, OldResolvers, NewResolvers\n| order by TimeGenerated desc\n",
+                "query": "let exitRoutes = dynamic([\"0.0.0.0/0\", \"::/0\"]);\nTailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\n| extend SubnetAdvertised = set_difference(AdvertisedRoutes, exitRoutes)\n| extend SubnetEnabled = set_difference(EnabledRoutes, exitRoutes)\n| where array_length(SubnetAdvertised) > 0 or array_length(SubnetEnabled) > 0\n| project DeviceName, Hostname, User, Os, SubnetAdvertised, SubnetEnabled, Tags, LastSeen\n| order by DeviceName asc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Reconstructs the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended."
+                    "value": "Lists every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it."
                   },
                   {
                     "name": "tactics",
-                    "value": "DefenseEvasion,CommandAndControl"
+                    "value": "LateralMovement"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1556,T1568"
+                    "value": "T1021,T1018"
                   }
                 ]
               }
@@ -7029,13 +7899,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject12')._huntingQuerycontentId12),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 8",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8)]",
-                "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
+                "description": "Tailscale (CCF) Hunting Query 12",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject12')._huntingQuerycontentId12)]",
+                "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject8').huntingQueryVersion8]",
+                "version": "[variables('huntingQueryObject12').huntingQueryVersion12]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7058,18 +7928,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
+        "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Split-DNS per-domain change history",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Subnet router CIDR exposure inventory",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject12')._huntingQuerycontentId12,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject12')._huntingQuerycontentId12,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject9').huntingQueryTemplateSpecName9]",
+      "name": "[variables('huntingQueryObject13').huntingQueryTemplateSpecName13]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -7078,14 +7948,14 @@
         "description": "TailscalePremiumNewNodePairs_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
+          "contentVersion": "[variables('huntingQueryObject13').huntingQueryVersion13]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_9",
+              "name": "Tailscale_(CCF)_Hunting_Query_13",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
@@ -7112,13 +7982,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject13')._huntingQuerycontentId13),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 9",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9)]",
-                "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
+                "description": "Tailscale (CCF) Hunting Query 13",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject13')._huntingQuerycontentId13)]",
+                "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject9').huntingQueryVersion9]",
+                "version": "[variables('huntingQueryObject13').huntingQueryVersion13]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7141,18 +8011,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
+        "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
         "contentKind": "HuntingQuery",
         "displayName": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '1.0.0')))]",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject13')._huntingQuerycontentId13,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject13')._huntingQuerycontentId13,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject10').huntingQueryTemplateSpecName10]",
+      "name": "[variables('huntingQueryObject14').huntingQueryTemplateSpecName14]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -7161,14 +8031,14 @@
         "description": "TailscalePremiumTopTalkers_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
+          "contentVersion": "[variables('huntingQueryObject14').huntingQueryVersion14]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_10",
+              "name": "Tailscale_(CCF)_Hunting_Query_14",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
@@ -7195,13 +8065,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject14')._huntingQuerycontentId14),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 10",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10)]",
-                "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
+                "description": "Tailscale (CCF) Hunting Query 14",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject14')._huntingQuerycontentId14)]",
+                "contentId": "[variables('huntingQueryObject14')._huntingQuerycontentId14]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject10').huntingQueryVersion10]",
+                "version": "[variables('huntingQueryObject14').huntingQueryVersion14]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7224,18 +8094,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
+        "contentId": "[variables('huntingQueryObject14')._huntingQuerycontentId14]",
         "contentKind": "HuntingQuery",
         "displayName": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject14')._huntingQuerycontentId14,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject14')._huntingQuerycontentId14,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject11').huntingQueryTemplateSpecName11]",
+      "name": "[variables('huntingQueryObject15').huntingQueryTemplateSpecName15]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -7244,14 +8114,14 @@
         "description": "TailscalePremiumExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject11').huntingQueryVersion11]",
+          "contentVersion": "[variables('huntingQueryObject15').huntingQueryVersion15]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_11",
+              "name": "Tailscale_(CCF)_Hunting_Query_15",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
@@ -7278,13 +8148,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject11')._huntingQuerycontentId11),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject15')._huntingQuerycontentId15),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 11",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject11')._huntingQuerycontentId11)]",
-                "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
+                "description": "Tailscale (CCF) Hunting Query 15",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject15')._huntingQuerycontentId15)]",
+                "contentId": "[variables('huntingQueryObject15')._huntingQuerycontentId15]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject11').huntingQueryVersion11]",
+                "version": "[variables('huntingQueryObject15').huntingQueryVersion15]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7307,18 +8177,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
+        "contentId": "[variables('huntingQueryObject15')._huntingQuerycontentId15]",
         "contentKind": "HuntingQuery",
         "displayName": "Tailscale Premium: Exit-node usage patterns",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject11')._huntingQuerycontentId11,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject11')._huntingQuerycontentId11,'-', '1.0.0')))]",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject15')._huntingQuerycontentId15,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject15')._huntingQuerycontentId15,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject12').huntingQueryTemplateSpecName12]",
+      "name": "[variables('huntingQueryObject16').huntingQueryTemplateSpecName16]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -7327,14 +8197,14 @@
         "description": "TailscalePremiumBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject12').huntingQueryVersion12]",
+          "contentVersion": "[variables('huntingQueryObject16').huntingQueryVersion16]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_12",
+              "name": "Tailscale_(CCF)_Hunting_Query_16",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
@@ -7361,13 +8231,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject12')._huntingQuerycontentId12),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject16')._huntingQuerycontentId16),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 12",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject12')._huntingQuerycontentId12)]",
-                "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
+                "description": "Tailscale (CCF) Hunting Query 16",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject16')._huntingQuerycontentId16)]",
+                "contentId": "[variables('huntingQueryObject16')._huntingQuerycontentId16]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject12').huntingQueryVersion12]",
+                "version": "[variables('huntingQueryObject16').huntingQueryVersion16]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7390,18 +8260,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
+        "contentId": "[variables('huntingQueryObject16')._huntingQuerycontentId16]",
         "contentKind": "HuntingQuery",
         "displayName": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject12')._huntingQuerycontentId12,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject12')._huntingQuerycontentId12,'-', '1.0.0')))]",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject16')._huntingQuerycontentId16,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject16')._huntingQuerycontentId16,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject13').huntingQueryTemplateSpecName13]",
+      "name": "[variables('huntingQueryObject17').huntingQueryTemplateSpecName17]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -7410,14 +8280,14 @@
         "description": "TailscalePremiumPostureInventory_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject13').huntingQueryVersion13]",
+          "contentVersion": "[variables('huntingQueryObject17').huntingQueryVersion17]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_13",
+              "name": "Tailscale_(CCF)_Hunting_Query_17",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
@@ -7444,13 +8314,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject13')._huntingQuerycontentId13),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject17')._huntingQuerycontentId17),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 13",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject13')._huntingQuerycontentId13)]",
-                "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
+                "description": "Tailscale (CCF) Hunting Query 17",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject17')._huntingQuerycontentId17)]",
+                "contentId": "[variables('huntingQueryObject17')._huntingQuerycontentId17]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject13').huntingQueryVersion13]",
+                "version": "[variables('huntingQueryObject17').huntingQueryVersion17]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7473,11 +8343,11 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
+        "contentId": "[variables('huntingQueryObject17')._huntingQuerycontentId17]",
         "contentKind": "HuntingQuery",
         "displayName": "Tailscale Premium: Current posture integration inventory",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject13')._huntingQuerycontentId13,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject13')._huntingQuerycontentId13,'-', '1.0.0')))]",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject17')._huntingQuerycontentId17,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject17')._huntingQuerycontentId17,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
@@ -7667,7 +8537,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "Tailscale (CCF)",
         "publisherDisplayName": "Community",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.</p>\n<p><strong>Data connectors in this solution (install one based on your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> - Configuration audit logs (<code>/logging/configuration</code>). Use on <strong>Personal (Free) and Standard</strong> tailnets. Included in this release.</li>\n<li><strong>Tailscale Premium (CCF)</strong> - Configuration audit + network flow logs (<code>/logging/configuration</code> + <code>/logging/network</code>). Use on <strong>Premium and Enterprise</strong> tailnets. <em>Planned for a future release.</em></li>\n</ul>\n<p><strong>Underlying technology:</strong> Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.</p>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the <strong>Audit Logs - Read</strong> scope (Standard connector). For the Premium connector also tick <strong>Network Logs - Read</strong>.</li>\n<li>Copy the client ID and client secret (secret shown once)</li>\n<li>Note your tailnet name from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 18, <strong>Hunting Queries:</strong> 13</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.</p>\n<p><strong>Data connectors in this solution (install one based on your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> - Configuration audit logs (<code>/logging/configuration</code>). Use on <strong>Personal (Free) and Standard</strong> tailnets. Included in this release.</li>\n<li><strong>Tailscale Premium (CCF)</strong> - Configuration audit + network flow logs (<code>/logging/configuration</code> + <code>/logging/network</code>). Use on <strong>Premium and Enterprise</strong> tailnets. <em>Planned for a future release.</em></li>\n</ul>\n<p><strong>Underlying technology:</strong> Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.</p>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the <strong>Audit Logs - Read</strong> scope (Standard connector). For the Premium connector also tick <strong>Network Logs - Read</strong>.</li>\n<li>Copy the client ID and client secret (secret shown once)</li>\n<li>Note your tailnet name from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 22, <strong>Hunting Queries:</strong> 17</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -7790,6 +8660,26 @@
               "contentId": "[variables('analyticRuleObject18')._analyticRulecontentId18]",
               "version": "[variables('analyticRuleObject18').analyticRuleVersion18]"
             },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject19')._analyticRulecontentId19]",
+              "version": "[variables('analyticRuleObject19').analyticRuleVersion19]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject20')._analyticRulecontentId20]",
+              "version": "[variables('analyticRuleObject20').analyticRuleVersion20]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject21')._analyticRulecontentId21]",
+              "version": "[variables('analyticRuleObject21').analyticRuleVersion21]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject22')._analyticRulecontentId22]",
+              "version": "[variables('analyticRuleObject22').analyticRuleVersion22]"
+            },
             {
               "kind": "HuntingQuery",
               "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
@@ -7855,6 +8745,26 @@
               "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
               "version": "[variables('huntingQueryObject13').huntingQueryVersion13]"
             },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject14')._huntingQuerycontentId14]",
+              "version": "[variables('huntingQueryObject14').huntingQueryVersion14]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject15')._huntingQuerycontentId15]",
+              "version": "[variables('huntingQueryObject15').huntingQueryVersion15]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject16')._huntingQuerycontentId16]",
+              "version": "[variables('huntingQueryObject16').huntingQueryVersion16]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject17')._huntingQuerycontentId17]",
+              "version": "[variables('huntingQueryObject17').huntingQueryVersion17]"
+            },
             {
               "kind": "Workbook",
               "contentId": "[variables('_workbookContentId1')]",

From b296bcd6646e7a3121574944c625e87767aab08f Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 14:22:00 +0100
Subject: [PATCH 13/27] fix(tailscale): pre-emptive CI compliance (mirror UniFi
 Copilot review)

Applies every fix category we landed on the UniFi Site Manager (CCF) PR
proactively to Tailscale (CCF) so the eventual Azure-Sentinel PR doesn't
hit the same review cycle.

SolutionMetadata.json:
- offerId 'TailscaleCCF' -> 'azure-sentinel-solution-tailscale-ccf'
  (must contain 'sentinel' keyword, <= 50 chars)
- Added support.email: ccfconnectors.county118@passmail.com
- Removed empty categories.verticals

ReleaseNotes.md:
- Header 'Changes' -> 'Change History'
- Separator '|-------------|...' -> '|---|---|---|'
- Single leading | on each row

Data/Solution_Tailscale.json:
- TemplateSpec set to false (required for Version 3.x.x)
- Author trailer now includes the support email
- Description tightened: Premium connector is no longer described as
  'Planned for a future release' (it ships in this version)
- Em-dash in description replaced with hyphen for ASCII normalisation

Tailscale.svg:
- Removed <style> element (.script/logoValidator.js rejects it)
- class='st0' replaced with inline opacity='.2' attribute on each path

22 analytic rules:
- triggerOperator 'GreaterThan' -> 'gt' across all rules (schema enum
  rejects PascalCase)
- All 22 descriptions rewritten to start with 'Identifies' (schema
  validator requires 'Identifies' or 'This query searches for' opener)
- Em-dashes throughout the YAML normalised to hyphens
- ISO-8601 durations were already short-form (no change needed)

6 hunting queries: added entityMappings
- TailscaleAuthKeysNoExpiry: Account -> UserId
- TailscalePremiumBeaconingCandidates: IP -> Src + description starts
  with 'Identifies' (was 'Detects')
- TailscalePremiumExitNodeUsage: Host(SrcNodeName) + IP(Src)
- TailscalePremiumNewNodePairs: IP -> Src
- TailscalePremiumPostureInventory: CloudApplication -> Provider
- TailscalePremiumTopTalkers: IP -> Src
The remaining 11 hunts already had entityMappings.

README.md: rewritten as the canonical reference
- 12 numbered sections with TOC
- Standard vs Premium matrix, OAuth scope checklist per tier
- Per-table reference (cols / cadence / source endpoint / tier)
- All 22 analytic rules grouped in 5 tables (Identity, Configuration,
  Devices, Network/Exit, DNS, Premium) with severity and tactics
- All 17 hunts grouped Standard/Premium with use case
- Architecture notes: why two connectors, Proofpoint-TAP multi-poller
  pattern, OAuth-vs-PAT silent-empty bug, multi-stream DNS DCR pattern,
  cadence rationale
- 6 troubleshooting recipes covering common failure modes
- All non-ASCII characters normalised

Workbooks/WorkbooksMetadata.json: fixed two stale entries
- dataTypesDependencies was 'Tailscale_Configuration_CL' (table does
  not exist); now lists the actual tables each workbook queries
  (7 for Standard, 9 for Premium)
- provider 'noodlemctwoodle' -> 'Community' to align with Community-tier
  conventions
- Added support / source / categories blocks to match the Community
  workbook shape used elsewhere in the repo (e.g. UniFi Site Manager)

.script/tests/KqlvalidationsTests/CustomTables/: verified all 9 Tailscale
schemas already correct; no changes needed.

.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json:
verified TailscaleCCF and TailscalePremiumCCF already present.

Package regenerated:
- Version 3.0.2 -> 3.0.3
- createUiDefinition.json now has correct workbook1 label and
  workbook1-text (previously null because the WorkbooksMetadata entry
  referenced a non-existent table)
- workbook1-name parameter has defaultValue
- All 22 analytic-rule descriptions land as complete sentences with
  'Identifies' prefix, no mid-word truncation
- Local arm-ttk: 47/49 pass (the 2 false-positives are the known
  contentProductId and Template-Should-Not-Contain-Blanks-[] generator
  artefacts documented in Solutions/README.md)
---
 Logos/Tailscale.svg                           |   2 +-
 .../TailscaleAuthkeycreated.yaml              |   4 +-
 ...ailscaleDeviceAdvertisingSubnetRoutes.yaml |   4 +-
 .../TailscaleDeviceKeyExpiringSoon.yaml       |   4 +-
 .../TailscaleDeviceSshNewlyEnabled.yaml       |   4 +-
 .../TailscaleDnsNameserversModified.yaml      |   4 +-
 ...TailscaleExitnodeadvertisedorapproved.yaml |   4 +-
 .../TailscaleExternalDeviceAdded.yaml         |   4 +-
 .../TailscaleMagicDnsDisabled.yaml            |   4 +-
 ...Masscredentialrevocationinshortwindow.yaml |   4 +-
 ...NewAPIaccesstokenorOAuthclientcreated.yaml |   4 +-
 .../TailscalePolicyfileACLmodified.yaml       |   4 +-
 .../TailscalePremiumBeaconingDetected.yaml    |   4 +-
 ...TailscalePremiumLargeOutboundTransfer.yaml |   4 +-
 .../TailscalePremiumMassFanOut.yaml           |   4 +-
 ...TailscalePremiumNewPostureIntegration.yaml |   4 +-
 ...calePremiumPostureIntegrationDisabled.yaml |   4 +-
 ...ePremiumSubnetRouterThroughputAnomaly.yaml |   4 +-
 ...lscalePremiumUnexpectedExitNodeEgress.yaml |   4 +-
 .../TailscaleSplitDnsModified.yaml            |   4 +-
 .../TailscaleTailnetLockValidationFailed.yaml |   4 +-
 .../TailscaleUnauthorizedDeviceConnected.yaml |   4 +-
 .../TailscaleUserRoleElevated.yaml            |   4 +-
 .../Data/Solution_Tailscale.json              |   6 +-
 .../TailscaleAuthKeysNoExpiry.yaml            |   5 +
 .../TailscalePremiumBeaconingCandidates.yaml  |   7 +-
 .../TailscalePremiumExitNodeUsage.yaml        |   9 +
 .../TailscalePremiumNewNodePairs.yaml         |   5 +
 .../TailscalePremiumPostureInventory.yaml     |   5 +
 .../TailscalePremiumTopTalkers.yaml           |   5 +
 Solutions/Tailscale (CCF)/Package/3.0.3.zip   | Bin 62244 -> 61357 bytes
 .../Package/createUiDefinition.json           |  52 +-
 .../Tailscale (CCF)/Package/mainTemplate.json | 614 +++++++++++-------
 Solutions/Tailscale (CCF)/README.md           | 358 ++++++++--
 Solutions/Tailscale (CCF)/ReleaseNotes.md     |   6 +-
 .../Tailscale (CCF)/SolutionMetadata.json     |   6 +-
 Solutions/Tailscale (CCF)/Tailscale.svg       |   2 +-
 Workbooks/WorkbooksMetadata.json              |  55 +-
 38 files changed, 865 insertions(+), 360 deletions(-)

diff --git a/Logos/Tailscale.svg b/Logos/Tailscale.svg
index b7d6e8a1905..f3418621b91 100644
--- a/Logos/Tailscale.svg
+++ b/Logos/Tailscale.svg
@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" id="Layer_1" x="0" y="0" version="1.1" viewBox="0 0 512 512"><style>.st0{opacity:.2;enable-background:new}</style><path d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8" class="st0"/><path d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9"/><path d="M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512" class="st0"/><path d="M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8" class="st0"/><path d="M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9" class="st0"/></svg>
\ No newline at end of file
+<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" id="Layer_1" x="0" y="0" version="1.1" viewBox="0 0 512 512"><path d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8" opacity=".2"/><path d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9"/><path d="M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512" opacity=".2"/><path d="M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8" opacity=".2"/><path d="M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9" opacity=".2"/></svg>
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml
index 164dd75e837..8c662aea001 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleAuthkeycreated.yaml	
@@ -1,7 +1,7 @@
 id: 6b052c8d-5de8-eab0-1956-69a297765a32
 name: "Tailscale: Auth key created"
 description: |
-  A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not.
+  Identifies when a new Tailscale auth key is generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not.
 severity: Low
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Audit_CL
 queryFrequency: 15m
 queryPeriod: 15m
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - Persistence
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceAdvertisingSubnetRoutes.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceAdvertisingSubnetRoutes.yaml
index 38acd1b2068..0854c997cb2 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceAdvertisingSubnetRoutes.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceAdvertisingSubnetRoutes.yaml	
@@ -1,7 +1,7 @@
 id: c2b3d4e5-2345-6789-01ab-cdef12345002
 name: "Tailscale: Device started advertising subnet routes"
 description: |
-  A tailnet device began advertising subnet routes (subnet-router capability) that it was not advertising in the previous snapshot. Subnet routers expose adjacent networks to the tailnet; unexpected advertisement can indicate a compromised node trying to expand reachable surface area or an unsanctioned admin change.
+  Identifies when a tailnet device begins advertising subnet routes (subnet-router capability) not present in the previous snapshot. Unexpected advertisement may indicate a compromised node expanding reachable surface area or an unsanctioned admin change.
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Devices_CL
 queryFrequency: 1h
 queryPeriod: 1d
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - LateralMovement
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceKeyExpiringSoon.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceKeyExpiringSoon.yaml
index 0babe6a9790..e83535000b4 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceKeyExpiringSoon.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceKeyExpiringSoon.yaml	
@@ -1,7 +1,7 @@
 id: b1a2c3d4-1234-5678-90ab-cdef12345001
 name: "Tailscale: Device key expiring within 7 days"
 description: |
-  A tailnet device's machine key expires within the next 7 days and key expiry is not disabled. Expired keys force device re-authentication; surface this proactively so it can be renewed in a planned window rather than during an outage.
+  Identifies tailnet devices whose machine key expires within the next 7 days and where key expiry is not disabled. Surface proactively so renewal can be scheduled rather than forced during an outage.
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Devices_CL
 queryFrequency: 6h
 queryPeriod: 6h
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - InitialAccess
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceSshNewlyEnabled.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceSshNewlyEnabled.yaml
index b34cad6a1fa..85f3e59513f 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceSshNewlyEnabled.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDeviceSshNewlyEnabled.yaml	
@@ -1,7 +1,7 @@
 id: f0a1b2c3-4567-8901-23de-f12345670041
 name: "Tailscale: Device Tailscale SSH newly enabled"
 description: |
-  Tailscale SSH was enabled on a device that previously did not have it. Tailscale SSH provides authenticated shell access to the device over the tailnet, using the existing Tailscale identity rather than SSH keys. Legitimate during initial admin setup; an unexpected enable broadens the attack surface for any device that can reach this node. Verify the change was intentional and that the SSH ACL covers it appropriately.
+  Identifies when Tailscale SSH is enabled on a device that previously did not have it. SSH provides authenticated shell access over the tailnet using Tailscale identity, broadening attack surface if unexpected. Verify and confirm the SSH ACL covers it.
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Devices_CL
 queryFrequency: 1h
 queryPeriod: 2d
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - Persistence
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDnsNameserversModified.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDnsNameserversModified.yaml
index 9ad0bc8b2f6..d2dcdf84705 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDnsNameserversModified.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleDnsNameserversModified.yaml	
@@ -1,7 +1,7 @@
 id: c5d6e7f8-2345-6789-01ab-cdef12345011
 name: "Tailscale: DNS nameservers modified"
 description: |
-  The tailnet's global DNS nameserver list was modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device on the tailnet that uses MagicDNS resolution. Captured via the audit log which records every change with the full before/after document and actor attribution.
+  Identifies when the tailnet's global DNS nameserver list is modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device using MagicDNS resolution.
 severity: High
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Audit_CL
 queryFrequency: 15m
 queryPeriod: 15m
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - DefenseEvasion
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml
index 190f09ad7c3..1c1bf64eceb 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml	
@@ -1,7 +1,7 @@
 id: f42f2906-c8e6-23d0-e48c-0620e50d5510
 name: "Tailscale: Exit node advertised or approved"
 description: |
-  A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator - rogue exit nodes can intercept tailnet egress.
+  Identifies when a device starts advertising itself as an exit node, or when an admin approves one. Validate the device and operator - rogue exit nodes can intercept tailnet egress.
 severity: Low
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Audit_CL
 queryFrequency: 30m
 queryPeriod: 30m
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - CommandAndControl
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExternalDeviceAdded.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExternalDeviceAdded.yaml
index 39a1e7ab8af..ab926f2c861 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExternalDeviceAdded.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleExternalDeviceAdded.yaml	
@@ -1,7 +1,7 @@
 id: b2c3d4e5-6789-0123-4567-890123450043
 name: "Tailscale: External (shared-in) device added"
 description: |
-  A device from a different tailnet has been shared into yours (IsExternal=true) and is not present in the prior 24-hour baseline. Tailnet sharing legitimately lets external collaborators access specific tagged resources, but every shared-in device expands the trust boundary - confirm the share matches a documented agreement and that the device is restricted to the intended ACL scope.
+  Identifies new external (shared-in) devices joining the tailnet that were not present in the prior 24-hour baseline. Each shared-in device expands the trust boundary - confirm the share matches a documented agreement and ACL scope.
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Devices_CL
 queryFrequency: 1h
 queryPeriod: 2d
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - InitialAccess
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMagicDnsDisabled.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMagicDnsDisabled.yaml
index c8a497c18df..182e161b57f 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMagicDnsDisabled.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMagicDnsDisabled.yaml	
@@ -1,7 +1,7 @@
 id: f8a9b0c1-4567-8901-23ab-cdef12345020
 name: "Tailscale: MagicDNS disabled"
 description: |
-  MagicDNS was turned off on the tailnet. MagicDNS provides automatic hostname resolution between tailnet devices; disabling it changes DNS behaviour for every device and is occasionally a precursor to a wider DNS hijacking attempt (e.g. attacker disables MagicDNS, then changes DNS nameservers to attacker-controlled resolvers). Disabling is a legitimate but unusual admin action - verify the change was intentional.
+  Identifies when MagicDNS is turned off on the tailnet. Disabling MagicDNS changes DNS behaviour for every device and is occasionally a precursor to wider DNS hijacking - verify the change was intentional.
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Audit_CL
 queryFrequency: 15m
 queryPeriod: 15m
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - DefenseEvasion
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml
index 6cbec67b06c..e82b106dba2 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleMasscredentialrevocationinshortwindow.yaml	
@@ -1,7 +1,7 @@
 id: f817e2fa-6fa0-fc25-5369-cef9b58771af
 name: "Tailscale: Mass credential revocation in short window"
 description: |
-  Five or more API keys, OAuth clients, or auth keys were revoked/deleted within an hour. May be routine rotation, but also a typical cleanup pattern after credential compromise.
+  Identifies when five or more API keys, OAuth clients, or auth keys are revoked or deleted within one hour. May be routine rotation, or a typical cleanup pattern after credential compromise.
 severity: High
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Audit_CL
 queryFrequency: 1h
 queryPeriod: 1h
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - DefenseEvasion
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml
index 7db2be31550..8bf479f5443 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml	
@@ -1,7 +1,7 @@
 id: 668b43fd-cf28-961a-85af-957850df5027
 name: "Tailscale: New API access token or OAuth client created"
 description: |
-  A new API access token or OAuth client was created in the tailnet. These grant programmatic access - verify the actor and intent.
+  Identifies when a new API access token or OAuth client is created in the tailnet. These grant programmatic access - verify the actor and intent.
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Audit_CL
 queryFrequency: 15m
 queryPeriod: 15m
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - Persistence
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml
index 4a3f450b5f1..155d98440b7 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePolicyfileACLmodified.yaml	
@@ -1,7 +1,7 @@
 id: 1e7249c2-1a9d-05fd-45cb-c859eef5b8ae
 name: "Tailscale: Policy file (ACL) modified"
 description: |
-  The tailnet ACL/policy file was modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet.
+  Identifies when the tailnet ACL/policy file is modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet.
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Audit_CL
 queryFrequency: 15m
 queryPeriod: 15m
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - DefenseEvasion
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumBeaconingDetected.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumBeaconingDetected.yaml
index 0fa21b2798b..422ab6163cf 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumBeaconingDetected.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumBeaconingDetected.yaml	
@@ -1,7 +1,7 @@
 id: e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b
 name: "Tailscale Premium: Network flow beaconing detected"
 description: |
-  Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs).
+  Identifies when flows between a src-dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). Signature of C2 beaconing or scheduled exfiltration. Requires Tailscale Premium or Enterprise.
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Network_CL
 queryFrequency: 1h
 queryPeriod: 2d
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - CommandAndControl
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml
index d6cf85e2ea2..cc9b9f60ba5 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml	
@@ -1,7 +1,7 @@
 id: d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a
 name: "Tailscale Premium: Large outbound transfer over tailnet"
 description: |
-  A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs).
+  Identifies when a single src-dst pair transfers more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Requires Tailscale Premium or Enterprise.
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Network_CL
 queryFrequency: 1h
 queryPeriod: 1h
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - Exfiltration
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumMassFanOut.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumMassFanOut.yaml
index 9fea64a1247..b8e2815aebb 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumMassFanOut.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumMassFanOut.yaml	
@@ -1,7 +1,7 @@
 id: f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c
 name: "Tailscale Premium: Mass fan-out from single node"
 description: |
-  A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs).
+  Identifies when a single node initiates flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation. Requires Tailscale Premium or Enterprise.
 severity: High
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Network_CL
 queryFrequency: 15m
 queryPeriod: 15m
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - Discovery
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumNewPostureIntegration.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumNewPostureIntegration.yaml
index 84bc92cfeee..56777da2221 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumNewPostureIntegration.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumNewPostureIntegration.yaml	
@@ -1,7 +1,7 @@
 id: b2c3d4e5-6789-0123-45ab-cdef12345031
 name: "Tailscale Premium: New posture integration added"
 description: |
-  A new device-posture integration was added to the tailnet. Posture integrations connect Tailscale to MDM/EDR systems (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) for device compliance enforcement. Adding a new integration is legitimate during setup or vendor changes; an unexpected addition could indicate an attacker establishing a control plane or bypassing existing compliance gates. Requires Tailscale Premium or Enterprise.
+  Identifies when a new device-posture integration is added to the tailnet (Jamf, Kandji, Intune, Kolide, Defender for Endpoint, CrowdStrike, SentinelOne, etc.). Unexpected additions may indicate an attacker establishing a control plane or bypassing compliance gates. Requires Tailscale Premium or Enterprise.
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Audit_CL
 queryFrequency: 15m
 queryPeriod: 15m
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - Persistence
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml
index f088c28c546..712ca67876d 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml	
@@ -1,7 +1,7 @@
 id: a1b2c3d4-5678-9012-34ab-cdef12345030
 name: "Tailscale Premium: Posture integration disabled or removed"
 description: |
-  A device-posture integration (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) was disabled or removed from the tailnet. Posture integrations enforce device compliance (OS up-to-date, EDR running, etc.) before allowing tailnet access; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise (posture integrations feature).
+  Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise.
 severity: High
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Audit_CL
 queryFrequency: 15m
 queryPeriod: 15m
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - DefenseEvasion
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml
index b25391fdee4..d7c9815f2e3 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml	
@@ -1,7 +1,7 @@
 id: a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d
 name: "Tailscale Premium: Subnet router throughput anomaly"
 description: |
-  A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs).
+  Identifies when a subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handles 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate exfiltration or scanning. Requires Tailscale Premium or Enterprise.
 severity: Low
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Network_CL
 queryFrequency: 1h
 queryPeriod: 8d
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - Exfiltration
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml
index 474e7f6cdd4..e95fe6c50f1 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml	
@@ -1,7 +1,7 @@
 id: c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f
 name: "Tailscale Premium: Unexpected exit-node egress"
 description: |
-  A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs).
+  Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a specific source may indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise.
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Network_CL
 queryFrequency: 1h
 queryPeriod: 1h
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - CommandAndControl
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleSplitDnsModified.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleSplitDnsModified.yaml
index ace173aa676..c942fa3b27c 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleSplitDnsModified.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleSplitDnsModified.yaml	
@@ -1,7 +1,7 @@
 id: b4c5d6e7-1234-5678-90ab-cdef12345010
 name: "Tailscale: Split-DNS configuration modified"
 description: |
-  The tailnet split-DNS configuration was modified. Split-DNS overrides per-domain DNS resolution within the tailnet - if an attacker adds a new domain mapping or changes the resolver IP for an existing domain, they can hijack DNS for that domain (e.g., point `*.bank.example` at an attacker-controlled resolver). Captured via the audit log which records every change with the full before/after document and actor attribution.
+  Identifies when the tailnet split-DNS configuration is modified. Split-DNS overrides per-domain resolution within the tailnet - an attacker adding a new domain mapping or changing the resolver IP can hijack DNS for that domain.
 severity: High
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Audit_CL
 queryFrequency: 15m
 queryPeriod: 15m
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - DefenseEvasion
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleTailnetLockValidationFailed.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleTailnetLockValidationFailed.yaml
index c99c9dba86d..cd0e551f20a 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleTailnetLockValidationFailed.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleTailnetLockValidationFailed.yaml	
@@ -1,7 +1,7 @@
 id: e9f0a1b2-3456-7890-12cd-ef1234560040
 name: "Tailscale: Tailnet lock validation failed"
 description: |
-  A device has a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires that all new node-keys be co-signed by trusted signers - any error here is the only direct signal of a node-key injection attempt or a misconfigured signer. Investigate the failing device and which signer (or absence thereof) caused the failure.
+  Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires new node-keys be co-signed by trusted signers; errors here are the only direct signal of a node-key injection attempt.
 severity: High
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Devices_CL
 queryFrequency: 1h
 queryPeriod: 1h
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - DefenseEvasion
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml
index 9727041b6fc..e9cc0b56206 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml	
@@ -1,7 +1,7 @@
 id: a1b2c3d4-5678-9012-3456-789012340042
 name: "Tailscale: Unauthorized device connected to control plane"
 description: |
-  A device is actively connected to the Tailscale control plane (ConnectedToControl=true) but has not been authorized by an admin (Authorized=false). With device approval enabled, this is the queue of devices waiting for approval - any persistent or unexpected entry should be reviewed before being admitted. Without device approval enabled, this state should be transient (auto-approve); persistence indicates a misconfig or a node-key injection attempt.
+  Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). With device approval enabled, persistent entries warrant review; without approval, persistence may indicate a node-key injection attempt.
 severity: High
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Devices_CL
 queryFrequency: 1h
 queryPeriod: 1h
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - InitialAccess
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUserRoleElevated.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUserRoleElevated.yaml
index f2642cadb7d..9d549dee867 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUserRoleElevated.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUserRoleElevated.yaml	
@@ -1,7 +1,7 @@
 id: d3c4e5f6-3456-7890-12ab-cdef12345003
 name: "Tailscale: User role elevated to admin or owner"
 description: |
-  A user's tailnet role changed from a lower-privilege role (member / billing-admin / IT admin) to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review.
+  Identifies when a user's tailnet role changes from a lower-privilege role to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review.
 severity: High
 status: Available
 requiredDataConnectors:
@@ -10,7 +10,7 @@ requiredDataConnectors:
       - Tailscale_Users_CL
 queryFrequency: 1h
 queryPeriod: 2d
-triggerOperator: GreaterThan
+triggerOperator: gt
 triggerThreshold: 0
 tactics:
   - PrivilegeEscalation
diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
index 1ce1e4254e5..099069e926f 100644
--- a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -1,11 +1,11 @@
 {
   "Name": "Tailscale (CCF)",
-  "Author": "noodlemctwoodle",
+  "Author": "noodlemctwoodle - ccfconnectors.county118@passmail.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** - Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)",
+  "Description": "The [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.\n\n**Data connectors in this solution (install the one matching your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on **Personal (Free), Starter and Premium** tailnets.\n- **Tailscale Premium (CCF)** - Everything in Standard plus network flow logs and posture integrations. Use on **Premium and Enterprise** tailnets for full coverage.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the scopes for your tier (see the README in this solution).\n3. Copy the client ID and client secret (secret shown once).\n4. Note your tailnet name (e.g. `tailb094d7.ts.net`) from the [Keys page](https://login.tailscale.com/admin/settings/keys).",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Tailscale (CCF)",
   "Version": "3.0.3",
-  "TemplateSpec": true,
+  "TemplateSpec": false,
   "Is1PConnector": false,
   "Data Connectors": [
     "Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json",
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeysNoExpiry.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeysNoExpiry.yaml
index 0bae1501be2..0be911d6674 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeysNoExpiry.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeysNoExpiry.yaml	
@@ -19,4 +19,9 @@ query: |
   | where isnull(Expires) or Expires == datetime(null)
   | project KeyId, Description, UserId, Created, Capabilities
   | order by Created asc
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: UserId
 version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumBeaconingCandidates.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumBeaconingCandidates.yaml
index 616c7b710b1..5f6716d7121 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumBeaconingCandidates.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumBeaconingCandidates.yaml	
@@ -1,7 +1,7 @@
 id: b28cbdd2-8cef-be9b-a38e-7faceedfdbec
 name: "Tailscale Premium: Beaconing candidates (regular periodic flows)"
 description: |
-  Detects flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise.
+  Identifies flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
     dataTypes:
@@ -34,4 +34,9 @@ query: |
   | extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)
   | where BeaconPercent >= beaconPercentThreshold
   | order by BeaconPercent desc
+entityMappings:
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: Src
 version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml
index d1e712f3a99..5c2a4122934 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml	
@@ -23,4 +23,13 @@ query: |
   | extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)
   | order by TotalBytes desc
   | take 100
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: SrcNodeName
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: Src
 version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml
index 738c75aaf99..b8c9b6be3cf 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml	
@@ -30,4 +30,9 @@ query: |
   recentPairs
   | join kind=leftanti baselinePairs on Src, Dst, Proto
   | order by FirstSeen asc
+entityMappings:
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: Src
 version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml
index d9b3cef67a3..8181369fa0e 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml	
@@ -15,4 +15,9 @@ query: |
   | summarize arg_max(TimeGenerated, *) by IntegrationId
   | project IntegrationId, Provider, ClientId, TenantId_Provider, Status, ConfigOverwrites
   | order by Provider asc
+entityMappings:
+  - entityType: CloudApplication
+    fieldMappings:
+      - identifier: Name
+        columnName: Provider
 version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTopTalkers.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTopTalkers.yaml
index 38a0b1182d9..f1ed6deff0f 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTopTalkers.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTopTalkers.yaml	
@@ -20,4 +20,9 @@ query: |
   | summarize TotalBytes = sum(TxBytes + RxBytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), FlowCount = count() by Src, Dst, Proto
   | extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)
   | top 50 by TotalBytes
+entityMappings:
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: Src
 version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.3.zip b/Solutions/Tailscale (CCF)/Package/3.0.3.zip
index 628f2f8712998698cc1718847ce90b1f44b3f7b3..f7be2fcb7a9d9055bbbea06cc18da4333718acd2 100644
GIT binary patch
literal 61357
zcmY(qV|Zr4(ls30wr$&**tTukwrx8T+;Juo+qP{x`Q|+5yg$Cb-MiMRRb5x_?y9R5
zWkA8ufPjFYfXba~b;HZM)|K&qfJRb)fH41!nmC&oxtgh2iJ6&O*;~0<IoLB;yExci
z>G`<eawh)>78J{PP$y|SKmP7%O>=2Q8{2+W_s=D#bTjK}+LcWSWe1f7inTOnRD037
zF4>~&IEP?DjJ`L?NY&h~Q6)#VfB<FlkMn=|yuuBv3jmy<!8W=<>8PAY`?Pmm1W3UY
z4T8a{G9dS=L8Pc+?qzRn$vmfo7+Kva@7unt7COGZpFzi$CCgi<@zpp}2GAtGsMiFn
z;mp>Qi<oiacrUSL;n+Q`lK<j!wE+saA;+Nw6#MWt+-t}fi3K6VZSjQm`hf!dPP1lD
zPkDC;q_+x4?}bjW!|&HT#DKi(m(<MSNVs>vUSAxY56k$@p`$RAdq1_4!yq*u6YI2M
zucpgZrTtY(Tzrf3*&AU|nX8(4gVE2!)>YwMe0ANC*dZq#AJvoFy%n4_x%oJ^QTOpO
zj_A;4812mB_O!FptLCsYJ?(OJ>u3R~e@sOe+{cXLh_i`iRQsSiQ=0u3YGj>A(kyS(
z<vpxkCr_g#U9_<A`=$2>QlI&Y2Xk+V_R(aa=CVs)x7y(N$;JhOnc<cWZdv=V4bo?a
zfR9VS|Ng3PVCxpfUsT!DFB@?-bh^S435GcWxjzTC%mStqpyoreFG3c!1=t&M+E2fE
z=6op<I|x<nb}f!?L84?2yr;Q~u3?k0R6kJ(<$NN^mTLEYh$Q+7_cgIAlwc7%4^%~M
znHJ$k8;z~+cmrbTPNhcpTLNI|pHWuLawSrQ=*fV9)k61EJT+g}g&XO}4;sLObu~xG
zQ2rZJGA@T0j<GOq2=R-tU>(fA()3!0c6;9>&nSMmzfm1Vr2?LhIKK$F$iw%u6j4+W
zCtsE32!NMHZYlaeqFoFe(yKmiI9$56#*HjLt0tHUE_IXCN-V*sm}1a?epM?|(L(K_
zmxaMRu3P!NH$APx9-5bT{K879N+Ek((bfzqn(Zq}u23o|!V6?9${Prqy8%4u$hP#}
zkFb0AwgyDUL%B3aal1b6YG`pnj#HC1TJ$nV^bGkZaxlxZ2D;?o9_X%9)I7HT*-u}0
z#{Wl*)uUUYD*G+N%k1D9_(s2;GTlJM`hrFxe;~?0-6DDq-SxucXf{<s+g2``n6v&K
zPuVX@LYB#PMkYjbo0%40yZqW8#KO7Qv%(d2m4Kf;3@7)*n?!A1ylWJu%Kf0HOIy``
zJ)i~w<@Of`6#B4?OVoIuY-g3Asj^;i0Tbw7DYn_>NZ+TWgOU`BgoeV(f^Ibr6t3l?
zTnE??0e++8&|bQ72>iIAAAkxEcZ+mV{-2y%BaH2{F$ifiD1KQA=+88N+$;X>oGpc1
zIke8+XCqtJz8jwh%v>F+A+X*^I<P+f93|`elDfbU;LFR;+Nq&PB<&yPQZWG!mM{&q
zX&(s4&yNIjd@|J61emx-%;%ehT?ct3EO78VJ>yc^w!_B`XZNPdct}gaZ`k^HWx_qe
zfOY{t*1TseB*-<Z8YLZ14rO%1iNd8csk^ed43-C!54j5nOIlDyX*k)tT6F>Ui<MS=
zuPqmnfNHui<t~{`3z?+iE&78l5Apb6=8gu!T2_#o)u)&I^C;OjiG7!@rOq3@ub<vF
z$+QbqI#QJ&dDH%=upKFzWUcVplus(wU~#<QX}-)t&@&vM6K@cb-Ek4Qkmo_|1!8d-
zZSHaAb4eLW{FmDq35}!uNpNbC1VKre%q<=;i|S>not7WmVcW+BsL*r*iCXEHyh2|7
z_m2Dk8xDK@d;BSe#aFp_Str$Tle*kFuM^_B2N$W79i9qM3py8NLL)YZNYg&KFwj!K
zYYOz9nkLWfdY^H8)j%!3Yqi=i4<r1ydH+c9*-<5h{rW{>{fdI6*H@qZkDd=0Py1Xa
zd1j{dynfsF=WBOJU!8J0buYsb4SM~`@n3zxq&35?u=g3WRKX}^gplK}Q^OlWhxQl4
z_O{-wfHpU`Uyv&|TbB>5SDKh%>SIxJM^X7z&r=;(M)Dqv;zC(5Xcas&-ONtIIUvR0
zFA0~v=B`;ugPCJ|5xLLWHQnGL7%-O^eSdjKOP$@RV+@~DMrli9bR1xmp83Fh^0B=)
z^!_@$q{wvo0qy+};CmOawrD+htjaHfUO~xvf<y|?f$8uM0OCLUz3U`xME4Bh-um;r
zyzp_gyth$z1w3o_xd_y{V-LS=e<z!6@a5OFa}&t@H;ZkAHbOW?d#Z7vbI9aEkBhu^
z;2t#sEH5)oz7tIdcE8<kh6)oqUuI<Cbv3Tm=flq~rammh`>pgj0zt4{9NL+lHTMAW
zMYMh)W{8sQ;hCi6)9^7E>c$g8;vgJ>J+!u@r&-xOZ$IyEz&VU^k!Gu|M+Tu1O@jqJ
zbFj6$^sc3>_A@(#wFyiTLl!U%^LP|wlv-Ca!IX~qO=)tLB6ZdLZd%wd8nGy+RZREs
zs`lSK3;TVhjC13Fx*SOd&3hl*agE1TCSelDl<|kJ;?DjMRf$$TzASk=<;4f{v~>8d
z%8RS;#t61sCWLOL>l<3KyT0QGsS%*=csU-<FI4BTz8{yd6PGd0nBo44mTGaA(i$qg
z4(pmZtM;Oj#8ij?l#a<_>Lzr2`fV-)`&ZkfhvJXbD0TXU{TCavi}^9XEY-Rb*MXDJ
z9%uQ%tVi1dJX)1WnSF;$s4<U5bvXipn<_g#kE-dO_0dhwBc|6wWWzB7@U%FMeX-@i
zP57a#3y$zQjsEs}=XJ>>MA*901#?MCw&pwQFkQ0!6Iw(ISM{@2_C<2Bi3ANFnL<oJ
z^Y^~XisRZ6HDkdui~YyP^A9T4sq=Od`?4ctm99<6r8*u&1(T#()VLMv%eD~{52XUL
z7kx;<>%YyHefni_Oy+qmB`_|3fI50pE-1H7M$;M@S>wn5#bf`-aLO}EDSWBltO}(K
z+A&Id&3>YepeO{NQ2@V|z5SfIzVmTy%)Bfte}SAU$-t4RKif4^3$iTnk<vfWzS1>3
z5H(~O!7#Lxd2T|vh$XoUt-q6kV|MqA5Of>!3>)y_Se1{Qw_G#Jn%;9pIM13ce?9RS
z>n-0_Z{a%7?WAu=qx{)O<q|wyaTShLUKJNUE$J>dE-E_Qpyf3>oAi8BE@sLrOMBsZ
zS5YvNLh>bUo}h1iASO_&@dg_)7hpxnTdTSjDP|DT<ODV2BoSneWF_rnR>7#KG}w;%
z^<X)nPO5f(v>C7JH7@+oC<fb1O@mY@5CJwXK_ljb;u;moLO|C)2z6A*=4~vd1hqfN
zw2Q<rH`<8k2h(~S<sd~w)#koLn(PB#Jwn{Q*dcp@<}Q4Sk6-XyG>eVwF{H`83Rm0G
ziXR`Z;4!g$Usku0-_q>N!c8!MR4NT%Mw{j05dd5oHL?6Uy64`FNCsja4|6jVqo9Qi
zPB-Bd>Y^^))Phvb%wTZ*liz$eO_4_)w~Ygj1~LMMPTd$9F9{2aClV|TeWGZVDINlu
zHs>V|X61zkavQ!q%M30aY0;13+x-(HWO}P?Ks3rs<>!*v(S<O|_f3TVJDt8shD~03
z@>Catd`L(GzNjk)qzDMu9d^z8%yxt;<_!ys9KR91e-Rr=?z0(&D}-EmRJmUrMELA^
z+zTtOuz0O{-joiTzv?&ke1QU4p=@+nP0>kR9<Jz8k6Yn+)^ED;tZNdB@VhKbvehe9
z+;Mm1to%9*gBK1^0~4<(Fs$d&l;wjjN;|y~mSXD@7^sjvO{3=$I58eODsoxnaEyLc
z4T>NOfs=*P=tnE2b#Mi^I0$?Fan-}bV=7fO5h;s&C8E_?D?7>RnE6u??QZ76FDHB<
z-n(3h5kY^dGGYV-wl2i1%#Ee}i-flL22bfwS@}#kK$)+SG^X8LP`xM1tXJu62<+po
zsMYY<z|#~RPnvt8l#IE3`d=-x;nW!=oT+L4$rD3%ELASjS156+(%9$Pab{4`&D7-3
zieMEVmE<P$n{dTK+FxtwoZu}VHefigaPuJAC<E%G>&V7Zy3E_x4$<A0{Rk3VN#pto
z;Dxm`VfLc|IFjPj5-b_^+ZKgs0<0|BUb=;aw6N+?^YQ?hU4S)PeP!nFY6+<uWiuAD
z71;}-iEf;OC*SNO;UxJrI}_0CFyTJPvS4Ygy@j?nc(U1rDn(AH1;~rQvy0OX$jQ58
zdaH_o_ZDD&6-#y4ImjFkB^Yg6PDnD;K8LC&?tBocv`IJ_Qbx0Q)a3j_M7T%nMK#d9
z8A(R0q8wrx7U)Xb!1w{2DvqFxCr`;Pq(wYfkaA}hd}jzOs1q^oAc)6Pe!G)04MdCn
zM45qkVV%@?)xaF6w81H#b_BTmv<}w++P-3TFM0xdi0}2`lAdrN{2Osma+pMHDG1>x
z^USm0;Jwr+EZuQ>;qA-{({M4#sMr}^2dsz_Sf%tw(xoyaRIwY51fM8~{6D7D0%<qm
z-hD;<Fwc(P<%IjgLhZe67(rj3u{M}=IMNe(sPE4&90>j!7!(}@QNBT70tRg%eI-D-
z5Hh0DDdcTXXRgRJrm!P(5v*B8KB|P+jZ7@srk~P?)Hs<)L&W`+oUdT97RDqhoz1{+
zQ$cq02;bh~N+J5p;~ax=28=4&j%mb8QVAoC_Vv$81x(01y!hbEUq4V4!HfJZ=!BO|
zZG{V}iX=Uw58P17hzsMIJo#*C0mWK>wMO1<42I-+Z@x}~>=6uYqJVQFLJBz07%qSq
zW5aa$*AX~o#>>XJfTe4QG0Jj&dFP%#?l&^8!xhUR9q9t4Rw(#+GQTOaGUAITj#tU*
z49a$@B2>Mmb}^YO7>~whBa2i=sLMlrm2e;J>L@qAVVd-UmcD5kqULn-{3&NG5T)Q|
z6XuM@d(6Z<i~z6Fq%D<}`vrWS^FVX6qgB$eDIFyEkpv|bgoS}sGkh5iM%f9Q&QYH}
zJ-U7|DXre(g^gv}#giE=19pbu&yh-`^^80(GrBwVSDtysWHyCuBwqjY=%Q)g3S(w;
zj8%VmMWPW;R1J3n`twjhxgHyy7-{-~`y(mX`j7kaJe>nvp-q%ex4M{y-Jye=5S1yJ
zPYySgh^})SEyTrDgz$c!Ht!3MO$EGz&|(qTqevd2`3VmitUxhOsX#0Zj4fAYNeG71
zFR=36;8XmiUcvqBF@F%jg*AdB!4Xw4f;Dp?ilnskL9Rk))dgI;V?)}2k^Z3MrGtUG
z2xZ+zOuPQ5uJpu-1H{9#3KTzHbcp66)vxSYt=4<cmuFFWvW&ZTH670eQHz*m=rN0%
zSknh(!O}$tglh!qWe`#$<_xq=AG&$!MaIg5kxMJMGtg4-zmgiMpIi=M3EU;I`H%eg
zkw-)eR^p|UGY5l(FE;Z*GLUpD-#d61D@bWk*d-Bml-I@_C((1SBXMJLh2+|%x>(Ev
zDdE)Ol<AYBHKRsbL0ex&5{*4Lt_r1%_LgIJqY37cX8ZrnI9zOYQB|cLp(q>EMk`KE
zBY5lN1P{vk*7G@{aLk7rX!Gvf8mSJbX!|wjI_oXTAr1)LFDua7Dn=BNjkL$s>vCpQ
z$nhGTpH5B2Xb!UN5sQ-1IV~(rHXw<hQBycYh5-(U`CpD|i0}+Dz#rdKPmSMXv#zSx
z)rc==h`_afx+kHXRh6$f)htFxK*P;o6G~MhAB$-?ky8+tqsC6I*xo7dw@>Elbq5_J
zEh9EU7KO3q#L2tDg%n{yLsDokQ)jMb6H(TDe!pB1j?Nw%__9_;QPG!juU%5`)YAdl
z$Cy0&NxcGY5Wma(b|54j?Scpf?u27b*IV{??Ec!5&=A(6rsZC-VpvORbIFuD`X_p7
zF;fuQuOg43q~g9PNeTb0UT}15kO!(x{RH&af7&CA`V5Fvj~n?(<f|>Vl$TQ;iP@mr
z5xIw^r3#p-6hTFR78*m4I^Xj*y9vCES+ApsUK}s7Po65va-iox`dkbiYthmNnWoMy
znQA8kDqV^1-=bA2Imz(Ic+RjOyixZYDUJ#1NlBZ>&<7-4s^g38li<SGR@5+t&q5r8
ztoEiOa8~Bmz{>#YULnR49m@g^SGB2_?L-e75#@sN{H2`8r5_hyXA|T{Hq6OlupFAT
z0+=s`qQTO0^gO!SgBBUc#b;}3Bf05`iMb8AG0U$n(JUE@3wykRC^1f9cj%2#X#v%(
z<7LIJ-ZIS7?sq`o4ePCF)wPR@{g$YEKEL(rTw7Z}T;T01LPF$dL|(ZZz24^Xa1z$G
zdt;3G0(+s-dNM#gt98p9fdb|_O6eX@@l@i15#t09B60pU&NW|7VtWOJbe{FWdL!v&
zKVr@w`O2_&?Y`TR#}>Mw6#{hIX)*A+HzCW=(nX=+CxD_7aR;6;)wbmQ7Df#GW=6`&
z+F<>N+v@2<zDDB=)ZsSr7Q@vB!^ea(w<u|i<c2`D_V-gZhf0(g$Pk_APXK0(w+Tx_
z42qAmbn)=Cx^`wZF}4o?vfdWFv_H2^NV#cqa{jQ`L^a5edF)&9Vo=!kcp@d90h%p2
z#cWIz$#mpGbvQPD!t%B2m!!nm2Vy*0w@z|*EE8>ER18aQj=D`s+}XhhG=WcdOvwtl
zF$!xl%%eGBc}0P)si=b;XpYZG+yiwUmDB3$2q`M|@?+n&TQClUgo0YO`Aap7-_Bxs
z!v5R>VHt~bbBTsrl;AbJ_I?#{F@VE8#ZU^a(FH5B#q&Mi4;c9_zL=%F#KC!*@i2EK
z1~YB!Tx_YQG{xBwSn2Vaba1Kkio@Jp-;-N7b5kykC1T|=xZ8R=NqCHK<Ot$W-3mp<
z*AV`IHD#QnfE9C+?5aMe-Pv*VT*dSh<r(g{z6ey5pI(y72J(uNA<xNeUmq395Bj6W
zT<4edYaG7<($aXAKIug(ZEP6v({Ziws5pQJsdRtQC7wc!z69ZOA?j*BYaI(Sp#XDo
zH-!%(!pn2`$D@O%pZ{is@8%1dgt>W&xGVI$)Ks6z4$PcJ>N`jVbl0Q44xR>gjbZEJ
zrUpKlOw_!ZP{$?$`q?e0G~Rq^J-c#fUf7~{Ty6a7=$XxaSeH#*OIsOov+vVtZy8z<
zX@IKp577GCJDUTI+M3-~Ix;lgPzoEG@{$59`wJp6hYtGd)w~Z4KO6X4Lx^NyQ?9PY
zbr%H}>V>A1SmfrpguEkZ67f|(pLuRuQ^2VT?D{%!K!4~$(76MhZ>b%KV~vk7?+$4;
zyy@reABy_+wm-EB1~TK%fvS!cH;A-!gI9EW976-f;Vcti%N1648ck=N3>YF+jzR@1
zPL37{XDNT78-uLF(X6!5(ZxOfO8Nkc;#f`V<6l$)^Y+F+WQYcN)r5sK3>*$@MMc4n
zc`13`w&`-Eq%3}e#hVDS=i_`xoIwoeBHK)Afc*d^Z<q%HQcF1He!b=@@t|oo5PY^3
z+@f(8Cc)VeM5Z0tf^#V;9t8Z_$xs^TR4gF8r_ZZTf{#XcK+z-5Q;=#^(L2hz3EX|H
zHSfOHfcI?!`|BJH4lV}yc~4w%Q)rQdE}Z$t)n((gr?>uoFK}yT_S6%tj^NJ==icRU
zf}s**7*5OGso7HghD1`lTn9-i&QE`;ig2~BWDO-l;pB8VE;(U=Hy=TK3zM!6CW2ka
z;~jLSTv$mkWj)_E{T$l7auMo>#fbo88a4?V&OU;=@A8O#D0_3`vOhI`Fog%A&+*z1
zX=PTE+qUNG9s1?68qmP27V2~?{xOv&O{R59T{JtEaN88F4RxIZjJu9mXI~X(S~^c$
zeZGP{HTVVkyF!yHbxzl+zH?1?SMw_c)kWNqt^$f@aR})=W?ndfknJx-9_U3z=LApZ
zkl|0uom#SXrYI#d9{8cL<p-FERS0If$@OVf(>~}88n;%XdaV)7aztzznJqrh6Gx;_
zXG*GubkE<^tcO*viHwx)J_d{@c}emW{ZnDJ2QQk(-q%<D9DiB8KUPeH_;f3P`%o%%
zWB~I`jng9bQYq0_QPhpUO~l#yBZlUcS;$}oEiz>oCW{6CwD7=rOFx9rX`&g2XWi7u
z(mz>dYF@0;fZ;kNnNAuyZ1!o$*?-SNU>2+ld*BVOXgL*uWk}8gM(N`42kRP*88P=(
zPN`Bn&46Rz8>N;Pp!ZDDgxyju*$0oFIRYC6v<VlPvKd3V%Fk@O{X#pQcgE18-Rg(I
zl(SBjkRgSegGGq57(XrVaOHydbya&Y1Q4%!7p!3z$*TtA=suG{FY=^`-$BB$&Q24`
zqrrISx?TFPTFCum6y!u^2Y5(JZsW}=IwuV7Oe_p=QLh^GSkA_iIt>EU*!`V+p7>gN
zodg&{a{WI$$zbsGV6qkvT%au{D^9M@>z5{LjDQb%E$z-kThgM`zp(tG{f0u;Gsg;M
zdTjvbx$lc<VVI%}^RS2yA}Y=V<(J%rx5H(Wy+4wUq+z+{Y4BjNE@X|PqzFJA+0mk*
zd!#FLwr6FVJ@2n<@+}nL6(YjKX>`@b!0-mRI(6jv+j27k{@(Y|wIFtWJX`Ok3w?I?
zY86LPGEjidv!pe&zP4E{1&U0#Y&`q(D5Zd!wG2o=Z{cCXBdX^o@f58+i+GFOI5Y3o
z6W!x8%D06_0{6qMqesG@b%I4!<9nt&^Bmhev-y2Cj<nU|X!<a1@y2|h?v25uLnW(N
zvi%t)odX@&XMESPf{KGyJtW`5W#Sj;6nctp7mu)pXxf`v-o}jTx<3`pv<9@&JLW<9
zblk+vIsAY+#HQLH9S3&g!s~Mk=sl~#Uz<QR4Eslmw;^2%>S1pWm?s+cI{Ft~bin~(
z!}1Y-=8B|p*4^FYVg1A+><#IY(-vlC7Q^&UF8Dg~756qQoTaet4kl5?F&y%=uIp2@
zrgI#ylj``gAFTYS<7%i}W;BLtLwN0})ppYqF;|=+xnWyMY_TXrYw?eLvrf|^@fLyv
z-J<2B7)={+R@%HchcXX7J{w1=qbE8T0S`@u$64h`@Ve*SG$IXosUZ?FHgUZ~MPD_h
zQ9c)@Q6qqKB`s-4L@T@tNsvEfrh(1XRA5CVRxd(EX+!%w_h4*sKT_B+Jw!AUII5Ba
z6DL>sZnF>A`iqE^Ee?g-0Fu0j?;F$|*NU)riH4X3=sXf%gJ>Ra=}v%KvNewggK5=U
z56R0HQ6Q}XRI1Fn<YzPMly*+}=kG&Wk617Ud&W7*ytzNlLGL(RXV0v#BFF&F#*2G@
z>+(y`raYP-;Ye6yRHe?<jFpQ4AO0rj-1!&n9+>4cGXc<dl^(FrJ3A4cFR<@5Y_mFe
z?f9Of&$|S{`XFI@PLH6^9-}=BJybqz^{`b_<`0C>Jdr_gM*KXwD~k_3Ky4K$8MeKj
zgr><nY6cYKjC}r;fPfdcyFESzF>mp7*h4}7t$7z)X;8;_aLXYWqjV?dF~h8wP1dq%
z#>MOz7z^phb!#SVDvqGtoYzsTJK#I%=VN-nLPn#$Ru`A$6JJXw8m(%~>g#ESQ#Wdn
zR&4E|qqZmMHw&QW3c7QF^u3)+uw_f3UEvF;-_OtUk>5@;p_{XXn!iG!%Fn+&f3#LG
z@Kpzn{B!NJ`tk{NKgT~HuveX=?GF0g3CX}f!Q)@?_62e_1p(Hd`bz<2W%j1GM$5dW
z`S<Iu2ESkYG&@a)dN-f-NbCVW$1e`wh>HKeHl#F0IHle^5D*6*6cF;iHl&@AmA$H&
zoulo)X5{}hATRxFR5m1=Z(qL9Rk|ypC)Rgqf#n-dkcj%UY$Y8z$hvgKG;v~pweHV@
znNPgFKXmvpt;l4au^bN%nRNh3WgV_BkFGP1kFGyEj8Ju784jC?!1}yGHk`stkBIK>
zuQ^x1?!Uz$2BBN;Oiq*R2Jj;tzUAwbw-_~Wj-=g2$V4~rMLQU<;q34duXJ|YzIU{t
z*Ew}5iR5n~?|jdBX64+vKz{CKKv4`)A!mPnzJifNY`Ea;brE5B>TT9d4Z%pC1II_1
z-or1r2BCCkb~rX?p@)~ww|@{CZxERPz+%e`7oI>&Z?p4hHW9#X_-Ig2N;^-Am?|5b
zzvX6!@9uJ@00v0!oS@c`{Cq^fcb`~v8|+MM$UVZA^jL_{Y&VbuZgg|ZMB;fa`<i`I
z>%i3#4s!D&MfjgVSBXpS3#5N=y&=3VI`$k*Ty)&;+UAwB`HIPRZch~ho0pwH(cTB?
ziuAFFB9KxtsT`3N!Hpag5rTQqkOYNxro}OjYH&GQrkqFM#~Y;H;C#yWvIjp~<7O#?
zD-R&Sa%O2@?4jN{oO^f!BH@+Oh5SWJaIH6q&Ph`|AM-OSZ#qELKR=<w(F3b*UmTtp
zOBh9LQm)Qs+2#7U&mJrGcpwlsmIaYwm_uT?Zb%I7Bk)iN(<VkK|3dwx3(N#VdmE&H
z;H%3pmRQrw*jeG^{K*e$iMA1t@7OF0xu9IbbiNI2{^+nNB8A*I2*eS<*+NPv<Y4Dp
z@%RAlB#{@wHy#LlCxePu<0A8H4S_tQKH%tk13Ku|W!w<LVC$drB~kWYRmsUGB*gvb
z3m0s$`d!otXzY-iLebta;$tTCw&sn@RuG5xtUu}WSYkmsr5+tpzBiWS8{QXKZ-@D9
zVmz~%OaAmomU*a@NPu#92DPM*RV0%DXUX;I|0=eAOyGm|Vp~jw3o;Iell^PYFV6Z4
zo4uoPTEG6+W!tmbI1jVe%Dgs{p8VYA)77}U9!BDhj(K?fF>QDgV`d8-YzF9>&KlD@
zs^49!>g@p|3_=po7m;aTC8fB?#HJ?UXjT(`980TCyh2^h-<_zzl3sn0YP5uG_3}%c
z*q27U@PmU1zGPoHj6>RjbnG5(V!v}mpt9`3&wn{JS%2sa6He2BT(#(&NL801SJJHy
zga57|`MS8Oc*+YodXWPoRlX8J%^p;IFNe8NnHOd}<}GD760;#PQ^0dPTc$`1Jn<e+
zQ}UH}=q&UF0d!5~s^9q-s%@qgp6{a|xBteQw7C<n$%Q-YI*|2QD|iYRB!a<y6LYWg
z({Qhw8msrp6iBkcOrX0EkFl{4gj_LhbpJwHKP>i;i7l+I4tQ!tnq9K&!nS#8u;y;$
zMo0DW@Mu`6e3@#RYq&~#@u+F<UK#wl_kUQ@Z#I6;Nn5XJCkEhCW2=Irkp_sz&X)9X
zk@P3YbpxGC9Rt(1)Gzqef~g>lrq_oL1}4p>Wb>*7>M~9p>R*<1XrM+7I&;~GG4QXz
z#kCB=-{MQjBDuLKTB`$<Kh5(zFRy{_7wS39is5!FX)Rd>fc?Hze^lJZuV*zscqLb_
zOX=3h>FZ**+dd*6tI;;usZ6W!+@aIR_G{j>#OY~jT-l^7-MPFnN*?I~oIKRazpQub
z&_;SZCC;8~Y2S6%gw1bu>lE~Lx!G--k$d>0nNO{<PRONPra@n;jW2y2+k1Hst~?v`
ztlRB-(<gXbFcNvNcdi_7c`G?<z(V_N*D(fdE(u%NZ`)1oZiRE)G$nsY)ER6vT&BnI
zH|f+bO-X05J;yqmwW$+NMX%Ya(|UDpcnaK{yEaU9#RYq6ApXO!L!0T+rka}Sn!@hh
zSUlEKZ|c?X6Swx$-M%`I?r>PlJ~H?7=(SD!_HXETIafn}dGKs|1L>}r>*2WJh}qYp
zCwug2>j3Mn3Hc|ci#No>1K^dBcB$qxRhbj#3{ZDS&FN}*9{)h!q{XE;8>lfaQ=U55
z+WKEOx^$3k&WVd=y1IrQ>M^8U9<FP!yFa9JJhY@rmTPk0=jlL&j<z&>K8~c>p-r#7
zUzQ%cG%9@Tw*A!pXV?&ZqDP;4e7x0z-Q86&)m2-n#fek8wnM*yJGFIR)AJ?Wp)CWV
zHFL1l^Zz(C{%7j*|2V(lwzpRPBYlM_`<THitpV@;#rlKsxB2X;evZdWj5e#~e|-Fq
z`8V>PaM!7u<IAf)Do|=FA(#a)8VIVoWOR3jS=8gQy{`xsRH6YKXZwxgL8He}YVlkh
zvkO8j2pXoG{tQPyzufva7^_ai9bebnZ~K>N*Ds+uE<1xWIqY>{M67*XxHu~Pvh~)S
z?CX<p94-%A_{8J8NQ^_DJv3BLy?mi<U#}rw<__1wP`p;BiStG94|3ti`+nkXuMFYf
zr#s%=CFinQ=(qAm$ah;DhOu;Jq8%?{JCDjTPi_KwP%E1sH4yLqYn3Da^Ny#x=#)c%
z;o^9UlG|pr$0i6l!{cZI&c>aIex#T^r`%IL$qfWhwmQt7@r0c@F#IozDChrJ-2TUM
z`TtnR{+X0da@*5c9pcRWvuF{sd~BHM6UXm4Gh&8>Wb9kZ!H|D&xvd@GR2NDK(NZe0
zUY6|Hq0(@w)2PRVZ{8&9`nsp>UfJNJF;81`PKfvVhavtyjKBZGfX@9d1}WEnF%Zb@
z(`|Y>mFzR+l((;X`;V~3d8UtcF}cDP&I}4dVtB$A28<C9^n+cv=yQ)xcC{d#Y6B@C
zn~U+rx9zQy(@dyvdvyN=v6<_?@&>s6Cok@Q^6*CfUl8@nD73i4o2(9<Z((ys&;F}z
z?0<e`{l~AJj!ZX-f8TF+8j5qL9_#-fzQ@$24JM-_Ma4qzcTY_5^x@<0%!B<Ql-#lZ
z#XRM|F`sJ5B9qrY@1Vr#4g=R*Q2xJ6uyFogCQwxTUnV^4Z{Tt6XwJ#zNTEz`qQY<Y
zgVb78{onGla{tfslz*N>K<<Ph_4j)dqB!I_U1)ysT`f0iGk9HK-DrHkH`}My^k|fB
zo~}50?NnwT!Bo9ue`yTocQjy;EV{#VJor4!l-@4<6^dyBV5inusieb(_uyD%!#C@)
zKEEGPRK1L^)+RXvc9`79@;ek96%v{N!BjONK^SHitW-KH<#e=G-PJE1QYony#{!$E
zR#-;_RWB3ln`{P8FVNR7aQx%Tu*J0q5ZbABlZCdTIZd^t9UDXq?_FQcA-no-==S}9
z2MC50pDt5GP}SAN65A4@@pHpM@wH>PaSj0WgmiNF+U3o@#v6k~S~!7O4!Dv!Bq;s(
z^>pE7J%^drn19OUzD7^aXP9wW)vvX!|M_MxRd`8jH{O)&+4fW2W^sAKXh_rLo$9By
zxGn_xAM=0n`5a~)cc17U+>^b(73<EF+#9H@3WNR$d$CY-H~8l$nSt{QX`*q#`zW%!
z%JelRfMfQrkVA!H7C^1?^alOkc7PRM8gO}y|7K|wy?%2LSO5^16%tP9WaTt=xg7jA
zugQ4DGpGr~Rj6!b8NG3HfR|5>&Zan9a$P&6*?Qy3;ijd8keTFeV?+mpr&z_NZ>8K;
z`IU(P<Gq*%Af9->m?~$WmCl|Lplg_z@}Hr)d2*Lpt7Y>!3cssPV5aNz5liV5zZ!G>
zKSVjL))^}fH}T92z3!b0wehZ1riqW?8viU+k2vRr&4HeLqvyyXn^J0PgYuAI0yhi0
z$)+#j=BkP4{r4IIj#%qAwHY!q+v`2&-sf?;o8+&2BOEXZ{r@mb{g+`%tF=L&!_BKQ
zc0GUY->u4PhUm*V;qqm?{m-xQhWAyX!OMYBoBv42`mY4xiD%M@at6fXM1ZF3dL}z3
z%FalXj7Lw72ysX!OTAnE8ZQl!ID=d`SUU0G0o7)KY3ZdZ=)!=F#OlPpBTWe&hHP+=
z1bUhQEOU8+_d<WKIY>POV2a{5jsR~>)Yv;Cva8FY&;48+p8NJ+I+$C17ROZIOfuzj
z8#|5+a|w`Tqxp3i7Av_3DI1y5Qh=81cu;=Ohb=`NJ$=fuIjdE+WK%C&vcliFwu0Ca
z*%a2O12HZ1HrHyPAf41*BI)WT_rPycD1}2?ONF>)!n=|NundgS==lA#hbLk+lE)Pq
z0MCr7DuMT5ezKCTa%rOHHJWl1vj))5)6{3DQ+|-?GZMMc^m;)S&@XN`6n#hvY?P5l
z##~FZ)eFHfQ6aoj3i<NiN%RBdh*POzFyw4gH6r(X9M`{x*2fOIxf-W;khMi;@KG2G
zrQhM61+>e{%BFO&5slx0!K(yY?mStX!ga^USS%|QKjrZuMxxdM+V+7}q*>%aBm1nb
zWkzb{(*-=;Rmqkl9?QL`J1AN5$psW<p`R*NcgZQwV^U1XP!=+|+8s>=<W9vnGf2MB
zh9<M0WAgb_G{x^8!FCCvf{u`n$fN99G!_umzC%V|k_mbh3U!mlLZ~>aovboff|qNH
zy~O%(*6zX^09|vj5nzErP}?N@pY8W2Bf}pL#1GRprB1$!#XqqIoZbZlA_t8kcWV*R
zPW#&hD^s1^_RAXw$34tU*BfoWN}lh&OSqXVFD@xg^WX^M+8peAU1=A&d@OJQg2TtV
zq;@@k8-|8$fS|!ftI-XA%jw1Nk($k7aYN4j&U(g$N5boZzo*xdH&-uzSzR;Z0OQKB
zQ-l3gn|(s<^PLi4%T6or`mEh;W0m!sFuSLXFo55KC+%6w5%FvP0&xm<9m`<x8%i+1
z`y`;Fdj8+(cRS;~%jZGm;o5k%Wy;&^rhB_8Q33J!=xX5f;R&+s>G{k5qF(tzm)*K9
zWx>f}vogTnR%6CtW7eUL-=1xzt8V!1%A&?)1A(!g=5lLfWI^epea<!yPb+UD!6<?t
zPMfk~Z|H9Bbw3jTK2uwJSGjm{gHx9>lW@|8Vb^o@TF}6okfCuyFqJ~;{k^)%y8WkW
z_h3b+E#C5@aSPD@T=8sjQhhi2Vfs7rPhnkGU{9Al<dqKXr6R(Km&V)kuaCXY<)-zv
z3OQ(-iVp!>UONCj`m}k>^_RET^ZT%`jh2BtP0PlYu35XQ!U&Hm%P`(B7~Vc^0OYNv
zk%g|(sj<gK!Y`v=@w^qld^4pQAI~OVpRHy9LIvEDe`~XmKsfM>H5~pjV@0}W=Eo1y
z&T5!)d(Vu11Lp6Xi+ZEErT;Q&?Qv6hCGuW?*Q^d;wU0eHxKVGG!&Tb_M3!6F$$8SD
z=SwvBthcuZe;ZuPmTYi05&-4@TdOjcd+b-kM=#x^?gGRCH(tze3_rgOpO0f?(`=;x
z!R*qx59tUFn!1$dfgz`ZJu}abY2}k*JX-XV!&ktyinG+dft|+=`k)N9>w)vniY<N#
zS+I@C&9v(;*$;xQkfLAqhDCk~se>iJjbnje+nHuD8|$59`G~YYEqBADrl>|Ev97zz
z7%)_KNTrG{lDiHiGApfqhl&wIB&=sd=R_;SlC?+(-_GC8<EI<(SK1hEbeeWARp|F+
z!<?g4)qjMz*sKCa`Ay};aTl2{XUPP3cmx=WQl{0Q!B^LfurXy4-H~Fm1X%2Un;-|I
zyqG5YSR)axA16fe%;sOj%?-z0K>iM-EsCi@vDSO974Hot3fo5~mWNJ?AbuJyZk(kg
zuz?|14Ch;+AU}lUg8E86J;k~|NCP5GB8u{(EUw~ZdH#XicsAM%1IrGTZHC%TpPe&<
z1;563`a~&t8$$MFwUy2V8cPl6&O$!h3jBi5Mw*erfuZ60Mj$#zy&+Jfit-Rmc#Qgm
zSD5H~f_jO~DT=rGTU~)i1JALAnJ8aeRxIzYxPTj7PN4(xi!Z;^XT!+Jjv^2&D_e0N
z{QGc*=GI-JuP6n$Ii4aUWIbgi5hOehN-i3r>CSL^0>|L*Jz_eZMm-P`VwFM-5i+J$
z&Y*^Rq60H6U=PXern7$YaN@mf)R_{BJ5FMmvY-gzQ)JXFl}Qv*XZ>b9STC-2;OReo
z2>njmYCC<RKf~}~!DhQM4s@&V*^iNX-icS~dkA*Vq8k$Y^B(+7As@hZiDx*(wtlPa
z#+nf%cwhuqjdo_#@+KEbqQL*|`RCb-k%6lav2Cqf7O&yFWV1hl#Neq!IhS!fjocS_
zwsu7htu}9v&<NbOP#i{&L#o_Nx(Q;8*b~2c1EqRFQY0M6K!@wN?pz8CiS9MHOFu!^
zkvgb+icHoA#ddz%Jt*XCoW@-c8y%a9@wkEP!}G(81%%ZCSA#)q{F%6iC5-_49U<hm
zf!_!9Ub{d0RODi)VGQkJ6-ACZ+#1)~YJ5L>z1rk&BSV3=J&jSF9udLmXfDF~9C6QR
zBhzOc;#)SU3zPgRiR_rwb5{q_2(|Mu*c`X?>Ft|u0PBu?X-QdOY~C{{;A!tF|EiiM
z%R?#M-TH%8npzDjbU`ZlK}iDcRuHPJ>I4kMTm`(~DWL05c|ci2azPK2q9F1)84+3g
zgl4+f2`f~YGavjw>`rdY56%p@CNUK~k*<}^rz6a*7=y5Yk;Zl)wXrXD(sb_QIff=N
z$c8#W-u?{){&5Luj3jA6xc6kS^8}H|{qRHcBk?2R&xK`}Ab_%12I|c97ZLaNHl53`
zm-LuolOpF53(l62WjLk%O!5xg2-BlS=+hkb5!{H9SD(n975p<;5%r4!iIqO8m*_I}
z4`yUh`l$g@xb#j;DxEyD@=#WMMk~zSouOq4<qaO12?7zgX1{>44dk7|x4<sriNUBx
z575&vl`sSte!m9S`L8AEBeP-luwkcDufUN~r|`TI$h%e_s0|BsYZnGFle)i(aS(()
z%PUchj74>Fg<uVfEJfq9E`2%*-62o1&_PTLMX<f0@oU@Kc<pJkUZ&hU;1kGqGL<p(
z0mLmPIKYMA4-2|%Nu8z$(L(6*3GE<|yGYoE=j(<;0zgzTLLBSOOb^kx!O-HGC&was
zr`g<0KY6j-`z5#_&tN;yc0QtTHx$nN+>58TNLgG&!1#&qR4pAy(xdbs1#o6oSg6M%
z9g#&)_Ilh*+@znRz<psV(fVOQA5Kt%w|n#^sqL#G<Wa`JV4?|4H%P;l5)s^Hk*t(6
zgW(Ek`ga>B=Yz+qDAp!1IFrSGL$wVVhJJqaf0EKqd~jkD_;HXD_TQG`AK|$M{QHd#
z*LL@OWbHOfIN$@<*MMrF%LRm%F7LEUzRMhKxP%O4e#BE6m%|5f6$wk-TWf^+Q4f{5
z_zve83xYSPg_oC~8%K|3$WAFY;VWebK>pDDJ)Wk-vb6$_*Unup1X66l(9&={XSry0
zx3Vhzvsn12k_E(d@btKCa(%d5o;zig%$m8)5QFlh_eUq^=5Oa^*rnJh4bcE)Eg0zv
z8Z)+uOu!#S8E6^m-$GFo@fnVRr3M*S+KX!lrW=z5usNXTVj~>947`Bk6MO+-9i6{H
zIy(EZ`#^ai+~1tUZ^fdx+dXmq2P2+$3guKJ^!+s6rC>Bz{!Bu9+}@-w>O@>ajdKpC
z@Ph7<292PQ)|=Fn@KlaTM@D~FTamkyN2s`j>P?Wiq6_1rhV8NPoJm$wN27*_u#96&
z3s6f(cmi@O;@m{Q2FPwY5LL=oLMJv-lWj*9N!{m1qzrigh^Irt5FJi-#EXUMZ}0E#
z-n_SM?A0={AV@l_<KuCKfw5!d)a>`=cGvI5(4#XJL_1Q2%VW8Ny&K!p7JU{-xiX>Y
zZz?Ju(OBD`m)AQ<PFV{Te2`BOt1rLmEv7j^Kn6u5ge|eodGuDAZ0~vCKvujugpq9)
zUAQ@ld$qto41!gsQcjmpsnZ^gZY&sFtnSecUSFrke9xAXdsR%@sW45IeE1v36%6V#
zCpfiMxH~$jPE5~eS$lJCk$f6^{r56Z?sIDkSh-S6niG9sP_H+<+7OC^UuK-&Fyn6f
z#vZQHMLC1Yyn9J&^xRs_mO_T4?B%3@y&9=S5ljt1Xl+*}2E;@T+Uu=Sf{<fZMLB>>
z1FQIfd3|!Mwx>Zx5F<oaV9onnE)gJ#KzTo8CI7l9mS}?gHhLr-@e9bw!X5cfu{~HM
zjO91ym{W7bbe^}?P;sB!s)<h)X?t1!kHH@jNA&Df-o+Qu{foI^17ni-BuWWG3I4U)
zdz6P=uLT@2SvTu}<gzkD+3d*U-$?Y5<Pz2|hp!>|4D0k7)jT{@<T-XZ3$Xh=47b-Z
zrp9O9t9N^v69oos<irB#e>zhplQb9<`agnx-R_2Bad64XH(o~iFdxB1MCyv>?yc_`
zo>O>7f5|n0@=}2MT(QBX;n`S?&FIJ<Gt{{Od%?y}sCf7w(|uMykPsOORB9h$@p=ly
zf%gHqlqm9mtu~imgZ4ra>n3O~Qe#0;njnAs5j)yFkP~^9=edhWQs>LXpsOs>xikC@
zfDIGUpQOTox%Fej09j#d4X_VPjwv;U49TM)yb~Ruro@L~;$HzkyJHkLt=7j1pfno_
zRR+8xA<gu;_XT1R1cBZbYpCBJtIs(y&7_`HwC{k%^0JsuQy-w7542Ec>-n_WY`)Qt
zI6^Kqruv!BJ*=_u?|)>2wziic>I%|ff$cL%yzPct<K-9|_8s$IntqW3N7M|M3^kM+
z212a17a_dm#lq?{cbeY`WiBG}wP|Ac{v4;y6cjHpTPPd5>oHw;+0R{oI{5}%<9LL*
zM1xFJot&)+nhQP5=S-bukInQfsg`J>!$7&X(-6S*Wz_{oggq%zfvM=N_a;ykT+4s?
zmH)z%5`jcIKjaatZFOgai0H$gx@y#f!l=K9$ls{o=qMfjHKQ-0N6~=(eON7f_nUsx
zR;vX>3ni(MOdTs>v&&;hW#F%<{|-oec+6J&b`rC02z9#D+f^g&D2C1Z%u)j*J=+rQ
z1grph0zXhRJ_7K_1Xbh7naZ({CSL>#^SSrQL?gFWv76xryHx=OVhrIkN!<?#%Tw9V
zXw(5MCp;#j?Bo$y2oAncADHA$6uqa5p}Fp;9zx>3zb~p2=_Qy#lsMoOo&namjg54;
zFv#ceSL;>$-{6nwvUt8@^tN7D4%x^=9|v0x*J%?k40(<O&B;3g`RH_D0_1?-X2CX2
zO!55G1`ti)RM8V$IH&tZheEnu2Flu0FSnQqum&BEKYD2u<vCr1LW|2*1U;=b_}r@m
zkc*!EVaKDeJbw&R($Xo_Osg%tWwozY2@T`};#Isc+#Cai;f{;)a94nG%PQ`s&=}7y
zfv3yGy<eTX7D`q1IfEW0f4&Ia%|a4T-Z72aDkfEBlSB!cp!A2u<x4c)3c?mz=!gR(
z!s0b$w?vV3H2mO^GuM1PBm0c~dry&^Aa`E}z#oRhBO-Z^h6#C0LlKfhC8V`*nVjuV
zhZ+Txjf6=y2TOpu2Z7Che&^ib<tLy10qaRC{KAtra2YVfg3yS~3A}V+mMiD-6%Nls
zPk(|m(Hg<GvmGuli=}dntjzL<&ta$p`4KCa4%MOM5t|=i{~j%#B)Fg5XSNXbBwx|c
zwvb0SMe4U25Pc*@j({;{A@?8YA={!V8d%KnoE8&^XL8slR0>i*^noIa3>ai`3IP@(
z%`aA9k;mYP4X&eQ)f-mX2hNWS{<*P=;BbXfDpI~F-fwvLoSG#be-e+WF%ZATJ4G7$
zgAWsqYL7vOw>&tJSvfxkXNkj4yFVJtxC>F9DEc%CQcUJgD@U1ErioakLG7-jmqn5<
z)g4RILaIUP8fn~1D$d|cNW`J=ni8CL{?T_U(>+QvipQEP{#K)lOnYKNja(%+&CPC(
zTOfwoxS{M)QaTx!+<!?vwvsisO@Y;tIulAB)+deKts1=+7Li0t?gjjZ5>j)&G@dv#
zBY8kAc>wIH$|UiXe~Q|?bvTRR3A4_nd}QjoksTqSFJqar5f)wpcCJBlRr-Tja^sYn
z|3Y&j2~@gCgDGr4<CXFqhy%uTv>1_wB&9<xu>BB`x@XiE8%X|WrTJ;-ZZL|EjronG
z`rqS>%o5Q=s_`3L=z+7D!w52GY6^R{u);_(?I@)xvQZN8lu`I(;$IX>)Z|5e_bs^`
z%ozOC6%v6zjVEL=2;7Zeu?XN;H6y(g6)b{vE7_nb>EeX1(5#aZcW9iIx$h!1=L+bs
z%tJ$Cw$&P5(lj6O{wLGu5}3O$P;Z{!V!nh{a=-!9!1Oku3dLYZ3i%)^tB!N5hUV*m
zggzL9Z3AoXZ12oUffG7Mm7K(>B_<jSDF+2(XGOV@<6gyo=9eh%k(5qTPc3RE78m#x
zt)h0`e7>N5Uf)VAScM6S$jpO4JfsOF9i^q1@+Uu8xg7Ue1EWGl3mkC<f%WHzwKZ7m
z>u5hpU+JkLtYTA98K2K+T`DT)3bJ$$M+jb`ghuCJH2gS~boo=%tjY8%Xv^f~4y?}*
zqsk;uS{A)5s!u0Ney#Oi21n1i-ghTzDY5F)#$+!>5$J4}?hL(?{``es97}Crm4(3p
zu5X64Ah`v2GN(8izT}m{(WNM_W|SL!nQ}9mwE9D;CGkXmo~eZ;M=B|yv(Rxhw@3Y=
zHzTI~4$L;bzkI47^d&ziXL*G|H$1EQoHqt$Py7UF-_6jfD4T&>O)DU!rM1-n6l1sA
zNSsQhue&(ibrDexZtivZ9)!c))&}}yj}4i>(@sv0lr-snzjft59I2#$h*wmFfiTeq
zW~37?s}LKW4C9<CJfM3?>@3)K(4jf_3+W^6f2#f|oaR*laiPb$q6Y3@^YL#Ai2FrE
zK|W}Dq+bka*?Zq#Z7x0DpVs8Xa^_FsMyik=ljM14<<9&yf%<6d9Rcsc%x~~I^q6xi
zO%-{X-M9S6=UUJ`nTc;|*9bHyKnM;@ga8(u>~pW#`CIKd_M!{++P^=of{0=CiIB!x
ze;O{mb@hl!rcz6G1^T6?*xjI0cn$-0xU@t|IB;;=Ziq@|Pf25T-_d)vIqVsqml30k
z;3*`R9wV`o(M%~Ed8*LdTaoS|oZs0@$8P0hqy7ZtnsU9?g|fN7^lsA89Twcsy)^QM
zI3${+*R_+r+#~(H8%vyz^x<W{PGv!Kaq3TR?>doS)sK|JT`-0a55u|Oz__S4QUeCT
z13lmU=`(5_Z{~oH5{sw%X<r!ac5x!3CODdH2^uCPjEWEsF*v5pH?oIVw2?rb54HA1
zftkAZ`BYHaevZPOT*;O~>1Qfk^3bGc+-edmxKPi!N+H2w6#5&hjmgu#suI(w?#es$
zXZfNH2yG8jfqte$SAis>tZpIos6djNO@*eSYl#8Fw0nAIjw%xOBZC;aYZI?R>cmj8
z)&8-DQurTAF~DM|WtLiAJ9P8Bvr8wWMamVWvg2J^O|aPFq|IK8M{gGLs9Ph5)iZxv
zfpHzZ>YOyx6k}+4;x#3T*lw75>JvDIqz3SFaB(6ekbK_0`)5AzA)_Qv!7K2ie(L8>
zh_`U$Rei*VpEVlTpxUa7q#_+$1!9XK6obRC0K2{|UAh+GxL+hHQVi|yC6F)ZPNkGs
z!K8duMS5wy@#f&-`izbutyLrbE;dEg8@+wQ(=VGo(!bBKm@k94UM=mgc%AwoG9_gG
zW9K4P-gc33ytYX@9YA_r&R0xFsH8DeJi=2fcT1RRgD<7N>1k_c+WK;@nbqd)2!-Bf
z9p;um52AVlZg6<EV6XAErU1}4dg)57HM+Wt6`70j#%Th@)7bzK=b=?+QMP2A0yX|V
zV2tme`Vk!^+RSr{c8NX;%g5u;$12gHp=wJcYCuX_0wZasoxORoJxk*+kX^baJ?6A>
zI8DE<COswCZ3{$m2HOA`^<zA8F3IT(OaD>gan(Jcm^{xa$Nx6VwJG`XhGCGK)EU#h
zoXfQTQ@f_QBRV$d8NJQ^mIrCaO4VfHa}y`kU?KU9<R`mHKCLtHx7|fkK$(GBWg-g@
z2;uIG54x9zkLp9Q{_jnCb5^32&A@L9m7j1=W~woeR+|pvz97U?ARW_@-Zp<ftks{b
z0f9BURE8NI0OP?*+;&C8tY@vF?{krHZu`rLTeE$9&eL<dmjhhv$Me-(rC;}tB?8<!
zPZzW|<-o6ltDFtSEg1Ic?KO$3ghuXHNgao)u8A6ttC^KnyHy`V`u9#JuO%G7=|%Z#
z+w;-;7U_2jp}szVVA?^!>f&<Zb^_qFS)=p+adwZvv9;aa=wsWq?X1|=%8G5<c2;cL
zT(NE2wv!dx$?5yqc%QTPsd}qUf11^OeV8>zb$8AG^&4ZpS8b41_;@SZxM``DdU4xs
zaXdx6g_>Spj_A!~%NP4#Y>M=}youZgatvcO3G~n8ZoleP|9QACjd?Eqy4wC&?Cii|
zvuV&><Ee3@Ia~<x@pxx?^Zx9!>GJ8>X|Gu1R*Tj=KXl&2=KPyWxUqD<!SSGF6^lD{
zZ(HHu`@Z&fvw0x00><n4_SSik-<C~_QbP6Q$!IlSqHuZ4!rj4}t^0?mO&=?*6)(->
zYlryx;r+pDm6(<t&)3QM^uf_mhs6D1SdIYTtXu48US8N|t4P;<t=+0>Kg&N?+bntS
z__65<7|qWa^slQogx;57c#;M@wpF@6=X`(kG*v!bS}66epLHW{$ZOe1{BBq)@aoac
z>FQ?Q(OgbVgt>GTP{U@}TBt+Fj$#gF1`d50-T~%SUBy;IYhT@ZI#67VKbW=vnqfU#
z>i$$0=&{kb99aOQ+nF0r2P3t7A$5D7PV18H8hWuHS8%Ijo!+uTJOR0QCxbkyEh~KW
z>svhL9dTcjBb6$bQMd=MFC9zP3*zYR^aW=cTBrmvzf0%Nb2u2P^S)QOA5LB6D<S<$
z0kt~I@`m8Y@*z+oyFMAP-<tlNFQ&KiwB79imTtPZ6H8(7&^@0YEqz|}Y45P<?vB0P
z-LTk3H6lI4#pPS|o}``dqPDT+27dbsVykuYo4p*cr*my{v6X%mW-({v#`G`>@8IpJ
z@UwCR#4r&Ux|8{D2f_NkVqhFRo6cLPHPJLPb^Uf*D_HO(cNUYNo@fT0ji-1Kd=#<O
zCuEnnbEI^gLqMLySQ^!Rx%wgKHKI?W>Q3S<Vv^(@z$BV@(AMnTD1<+NAh%ywcyN!x
zeWsmEq%su)9xy9Cipftu+S(T*_93^O7^VPgb1xx^Z$9%lY%X#vMDu@wUo;aBs&N1N
z0%i<%j0{7MgrpE6STQNGY^w4za%mPq#5~ZQaPz-0QJ>#^%|2M}!~qn<Bglh2p`A3T
z^k}VaV2+JIQ;b9y;iIuZ5M;fzs=HHB!J(9mL^%K?uWbK;PfqmElHgt{`W3ZJ4NRP`
z0`)!yB!LUMuQ4dP2(5jnG*S=!mcnoQ8IooK6K!rE)I9{5v_r%dwl@bnIO5DF1kPnX
z8^2rRPV~+}MzW4H5c0c55;`ncHb56TzISySth*g&osEii7a?4YV+*(hL8QNnGDkvg
z-;U(32n9$jU;1f|A=)NVpH;IJF(M>q?;7W-5Y{W$au%>qcTnh8G%gg_L~rW0dMz&7
z8S=oRtfAv({*<rzMw!H0wS=p^01*L;4k=zQQ-A9no5K$%-gTpnI24?%p9dlA;_%>M
z#J6Quzeqt0ahbN)_p|nJui^y1zk|_!I^r*T@&5nKcI|<g13mMNgoP{YR-0c-r)(aE
zA7_gtAlUGjNV2(sZ$k(krO2%OX@L8iuSr6Ylpq|%|1;bz2y278z)8oH3FG$lx52fs
z89I#LsyljL#-J6cZOcY0`6t`G7TLe$8^~RV9ww3~C+0kth#;D%T|<ey>57mC`?ZP=
zgmsVw<FwYCsPA}P8#cx!l#S8H0J+*pCwCt(k+3`kZT)rmiTAUCb!8HgDzli$=0Sh5
z>m(J_(9|^kl_-f5`~fJ-lads2bQ2Eg9(Y~O0-DdilpFR0C<`~#dzx#h4F$*J%HwE~
zvy^3@oU$@y4AAGwbZP>x$f4kFto|cl>>89As*BPT>?9Yd1_u)N{9Emn^9}QEpbtpI
znH@vy&EB7o0|k;T^PIeqe=XmTUrV%e3S5ZL?G@za1hy7jh>^z|c-0AfBTx|YvkT}@
ziF`XSPwmYc7_KCu7u+E4;T45-<+ZzEc`SrSt?132sWJQsMsY36iO?$O61Joo?R!k`
z`Sa)l_O%)_Z~I3w5D<4@js1GipX71xgE$Z+FrU#?*$w+T;;<Gek=3i(UzwU=gTE5;
zQQ$G2Dr-=URD`uM{mbEEU{#EDLD+$<vRv7dZP`gZXd*A3@z$B7pnnE%3BsCDYn}9_
z?YJta?&6DF?aV@Rs54_A9&?R~TB$Z?yNImT!&rr3SPDN)2Vh4U03Atif<4*r|H!uv
z+glT@#ylb76`dC_0)?^RhgE7TI-Jx@34t(}o)cC@c5c77PcUL<`7E-V>Kv3+rK6~2
zR$Z>>cOSV~${Lu?G9thYQ}#S8B8XI)AY+X(A2$;T$MAsbMkE+&7;5C*;2rSYr_<`t
zngqob$pXn!tq)@FGlne7D7wb^%_e%0_6QUZeUq9Mpo@!QC+HJrnP{tFMX)z!K$4p%
z^<54p!QjEmGm~x`LK_N`0VTgojtIQsy1Mxa7DQB~q9~IN5ADB*WL9gHts1H^WSWv7
z-Y`L}j3$=e6NMEmOUTY-Aop&Ik||36!7`Cf{`!8sc?)TkjL8CfuOb+NLmPVvrN!iA
zO`Vl>NS#ki$wU<ttbqf0N&yw})rWxfT;6~`%FzPvRvR=0>_Xyn9Wzn6H81}cwXq2t
zuda#QIvp}@bycDVS_%o<%j22jEjsi2AXk=2{8ysN1C-1ji~v^N4PIBgl@$_M|K<m-
z=fG6*Ev;!;(Qvk5zGy%s9U>@T$7DB|t!E#oEk>v}SPCCCdW(r0U#K=MIcoZ!ESBst
z@~m#s)n(FHmbyUS@o_WM8ghKqi6pdVO}bq|U7Y$zHq0pQpsb0bu};WVTMG)7N~as}
z+D7=eq+TK$1P%+zVsQi|BGPyI!o(-6h4ZVq7Uke4eUU~zIzE;{y|nf6N<hyMq~b@_
zIz|*LrZsebyEytMjy=#=&Ra)%{~CRi<r|0oi6Pwe!`5@9i7vAfA&7`lHwA-vNb^{G
zUb!(hlq##M*fLABhK>2lBqP`4>n@a{Dr02CZvX4+lTUk3^s<Q3a6HkTpRi3s-f=0_
zH6hWgyJ2f31Z(-Be=h#$4s@13OhtcUGY+;trLC?ScFYs{Xx6tOc)1iwV5aSwYjEan
ze$xITt8_{<ao&chk735?MVZEFztjijD9*g2^iPAx45E4;-JNXANj?a1<)k(veE!9h
zgU$j4C@EH5s4?WfqFGe0Os2x}t=B#KQ%@mXzmY3_B<{1DFRNWomLn&yFhDXJDi26z
zCH}>r0}cIIYB}WEjDDRUSdI@>iUnoXjx5(o#O6!9d{3y61f3u}e#X75wWb?O;wAnV
zK8#Lh7x4mp!}ImpW(z3K$RMCrO$a1!W6!B)T}JzyiAx4q0dVbfF~^9q>QvfjS;bG`
z49XQX9T3O`HYqE)@28$zz}9&>D#=_KUMrZih_3oB|GR}wzVx7a$w$?}%BQdr5Qfqp
zWZ?ls?WeEz2a7^wpc?Wqa*MfJy*a)PN$Fe84bThyNPoXM4hZI<L5%O?>qVL+pXnPO
z3hebOtno4aW;>siS3fC5D*vwojXSe-OV=rw@>j^_0k()hq4yt+pszlcGXnT5p18l9
zNM%UG)JpubC6|ZF7ZZG<xe;y+H{uY$xZplXcCiv=Q2Pv6_vYKf;}Dlc%Yj{{!;Qc>
z^;5E79?UI9&2V&&eWK|kS?F@IGEIIEW6vsXPY8-XK#T22H)y^htrxLl1yAb5!R9y{
z>6)X8CbL-J>NA*Z5~z=tE{HZ|nMcKHdhcbSV$-q#MUMMYmIV_F;@0Eg4&UcbG`)&D
zy8kM%JZ+%-)2nTMc&Cq`SJ40b08(-2>$uJLIVjmPxUKu%{)uw^_*n`!bSO!uf6n4{
zpP+c~s#V)r_3b1Jq`(Poo(5K;lQYeRJZVCcwqeW!pJk2O55~LJ3?i4<51WReJ2{9n
zN7AL9R<eFa?vO$yUmeZv+FrMVruUn<hO8A?v@=OGeEB1tmES2*S1aj4ZoKk0xDv1w
zDjqy_>BvVQzn@iHW5r3Oq=vU3-}e?a>>0MqkpL=N1dis;=5%!;X_9Gmfy=v;%GB93
zB5xpMLf%J&tH*Lzghc^!tbKyw+N&BpZW@*77+8iQau)4GY@*f5<lhe~TU5I}eXV-f
zn%kutDA<;W%L{XSE1lNzlKOxoD|g8ST_BNmC%uExZ=Q>gOz}iBuuP?y{@^P{nciD_
zb0vOSH-hoPxiUE4yrbEMaHCcVk2hfIdkkXV>OXxV8Ci&q+1!a_hS%T)%J}RiG7!yu
zkJ*!viERhaTg_7T2Q0pxUh7i~!+34{iX+Yv^rdn_o9y?nfrKl#$Lg@rF(U^KZCebP
zrq34_`b<A=J{djk;k<yA`B5;p3w}~u$i%d}Oit3+YmjU}LP8#9A(-FzrtPVq!yD~J
zdn~ttD$i&jz=h#L&`Xr4aS3)LTa(P}&yWrf4G>MG>)U%FkiLnm+&ZNuZU($$UvqDY
zF)&&$ulv~y{BCQagq+X+LT+6=a%ZO>Nf31huSy}6X~#=<BsXg!N>`6N+{zB_SxN|2
z(WIB^K1dMN#{JIaCvQF@G~Ceb^(2#cu5SG7T-S|So~gP?=e&{LVk~dZO@Q<*zEB$H
z=XnGAs8Z&uX#DlKqqx+d&qRCK-MO9(KRZ*kvG+D9-NaaKIWyDPJ%2$xm4n>~`K20>
zt)fZ&bX~TJItQf&<LiOW3rq5(bnfQC>Q;P^syw2gK+`jSPtBK$`;73V+Mc7LdG>Z)
zc5X7boSdPj%g#7*dZPMB8B-(rtU>)juJY36k)+nn@57d>f0{h3XYo-y`%-@TO*_=n
z81a3w{LE6lEWN;3UXqJJ>Rx<Bx#(jX?Ea!f?Wt-}eA-i3ka~-*hT~hj7r8#CH%wiu
z>gg->_+cp_0GL={aGG48NBvg(^Pzmxht{WO{#oqIiyY}&dZ*^$Gq&a$Jw*5HJ-J&C
z$EW7-NayVR+u0`<Uy0M!#b$J%^eYG9hE0QvvfB(zkcKC&scbWy@gWKB#O0qHK{9}{
z1olvDeH7M5MR;o5)S|0XSMyocD4Q>THvc>LFamse1F7neqxY}r$jAQF6s~sEKpuLH
z8*8GwljwUwaED=^b~15=omw-kW#6k&a(H`%<YeMR^*Rm7eZ82mJbbLK@v&&gb(979
z(4n6;?=iK3SY*uYt8&b2^l96-j%&K~a^%n@=PO4DKS*0n-PVU>={0y^r$GZ{%DT^L
zL%APm0WFJU1MGVBkuY}N4lurc<i*SLat$Krdk^u^qivzH$8xz3c8~1?KVR^$(eM2R
zMD&BfE`gd%7pKk2mXRqhBmK=5yIAqdgHH)3{n_O;xmg};ejK}<P2V%sGKZ&W4oknN
zsXmEyPpcgr-7YJ??q-{TZ7=h=mFS6z<uWln&Y_+r#+7S=+tSaQyFZWizFyK=W_lrd
z)l&z$TkCdP1R9qIg_a!~_1s$v4(H8vW{U!BUUmXso>$H^mkqlFZ$m4D8JLaC-DRK1
zzF!a1-;OH9xdJYojE`>5$EC+xLwOdNkK@}OT}s5c1Q!z<p>rqah_>gK@1M&$#mjA$
zivZAdFx{&7{jpk|v(ucvqv^G2p5vw!eZMiIdeV%qtF5xy5gS`t_~cNy#?4jF-9k8k
zz=zW$FFz1@P<T7UYz3R6p>d#CKC{EFNtsJHV@JR4xp6C?=SIL-v(1-5De>@8S7+Ag
zqtrK26JU!!_hi&z_4`uca%5WNApUtwAK6Dp%MIAeZ3|(&MRheFZ~DIa?lSgi;I+!6
z$xa~?Wm*2&XVrDxl7}X13S;a25fJM}zb@BzXDOSvytj?ppXJ23oEk@QMM3`<<orU|
zt?Qp|Etnm;Y9@^BkHK@32X)Vps(HE`d3&{)uoTGQm<H6QnNT3)k~s?gI(I?5f8xy(
z&EBk+V(-X^W*ac5;|Jw-U3=G6{L<C7(8liv0WQ-jOS4U^nUS3;(@c&(y;jI_GwT^Q
z>NLF3y3dUc4&a|X%lQ&5PKJCyyntFspB%E@^qt<fl6VLZhMc=Hz|p_GH9tR1k&dzz
ze)+OV6+R~;*eGjKUWP^<3=d4)JY^S8i*c#aOpo1KZIvD-4EC&Fb<>8WvYZYdebsO+
z5C6zE!S!-0;n{Dq-|Cws<*c3TrgY$zMMKJj>unEss}5~$E@~f$3760IcNd9$Gq!>i
zdeBd&o!b%De|;p5Y~d6aO$$-K8=(>sDRQ1e8c&&BUY<qxtfDXfHBoI88!rN)4x86~
z8G|JH*GLCZhY&?2r5unvGD`2uZf=||LU@TS)-j^KMu?5|=}qg&WBY83!BM=zCoArY
zk&t`T7x*Lm5p7&s9|!U@0zjyP3@~tltLO4QC%?CxI-@t>%50Do`^)U@A4Fdi*P@~{
zfx`=9!ydpG7eM?2B5y|f;<RY}iu~t#a{%qd%tQ9^b0H1p<M0u-j1q9ekBmg|Y1xxJ
z$a7@O;907Eou@*6cIWSo!Hnzzg88~wXC2sGEcd*F)L`lK$0u@u)K4UCZKe?P?{4oS
z*ijKKk~0}=+_+nrosmo)^{Tmq0jU6A%4Ooy^w}6>(wL?B0Y1Tl%&FT&T1#WFraTgN
zoa<6kxs)`OCT}6?e5kTIL8ipKx~A|*4i8J8uam?qt~GAlfy!`Kw||PHzO@}lkFCwE
z1In1H$@+Fs75xLe`UMd)Kd+jVlsC!;Ru@{9i+(FXxGsxrgfDQ5H@I#1wq#D2mc#xD
z{|w%{$}f$>2$NSMJE*_EV=PdWq)0p3rs6Fh6T=P5V;RCv1}H%PNpuW6W=P9{4NHQF
zWax}@KT}d)j&Nx~+AJohS_3$KZ$=bNw-ZkN63b)K04qO~NFr~67oHJ{md5|JvVH|6
zibtN))76wruS1WBXty0Yc;FRnjcd`Yf%&vbc2h>oc};iaXv*o`AV?PmT!Fi+xftj(
z_&(Nn^vay$6xHOkOWe;s9XhrcmbT!KjzMtux?1b5e80y+zPaKoduOD_M~E2K%}j{%
znlD#k6pwpy@G3c4F?3JN^7-}TY+Ryi>dP-YpYO>ZT;f%wAYuLo_W2(9uRS&oA%DTV
z(yZbi2B1utYI4nSM+5#z794k&6s{>cVRyIc!G6S71cEnCTc#Q^Kb#24g`eZxhLev~
z{wDjVNp)=d(}g-V7m)fw--2+$*WuWEkCa)10|77JDqqoGzd!7mdI@~UpbR?*5pD(`
zcst1v)YZe=(r=g}xTj^I?vt2v2IVAn7@#^@&%yUOwICUxc-C$~95Tz(FoQEr-2&1q
zEdGKUls<F`!Zj&B2Qn$Y=@Nx-k9!M24eKx>^?0bf1=>$R7{%ihV(}`N?iP2k-TVjK
zT0-ZcadT%6LnVXrQ(Bgq{G_wX`1r58ek^jTfINj47+>Ks&GOF4*%GF+b`enm^WLiD
z!Mm_)kr`n1)sh-_vjX;ZVgjMn`<s`Fsb9XfS^Tqk6LJNar<}?GhC%Nv9$0}I6oR3W
z)WC%4tYP80LHTI-1-(r=BkNFrM#3jc)K8qA`@s$rtHZ(2W02Gn;w`9VIe}H<#TboQ
z_*(kRr-8l@^9IfodZxDy5oN3T+wgHlW4ag-L>BG!gV7ghL#1TP#w;t@dNHvCq}7IQ
zdD$V9b;F{cmd&zdoDbTP!<ipHg;V=U^MZ@K?4U24g<7#JZ+{mVW?e?l4J~OGg|8Gi
z#RaMDCxumnmCO<wmLqej&qWUDGZe*o$}?lGI|eD%o+4jV=fL|XtE~k^IN^o#A8S)N
zb}^5X4V%HygpSzBNQOHr3ENmJ9uzr&AHR?Ke6?{)t5=-y!4HoRz=uiPe*BU4yvy1v
zS~zLw8+cAzZ<Vl-#K<_Wh9kv3ev@bI*^$``PC9#;&>wfLB;NLa+g)TE($ajhkupe<
z>G6hf#3a$s+90J#6-dm>wa@Kh@X+VqB81{_<L}cS$OpyC8RR;aX#hs662thF-F_h{
z)zQf7(f)t4UAxv}u<5uDDuSzB{vM@8&Sa>Gid+smND?YagIdzo(sRFS6MsyI{Scfd
zTyUlTTU4W;2GCt*#UHLP0{ZZ_VG6U$7&rUNDL))}1yAe~J~QJ2_Ven<b|R8>;ryT-
zdaWOD!|Wd^StF82(4pl#?JZ$K7kY?8KzJqW4t4Q@D}D@p!guXS#N5)lu1ZFC3{sPN
zir}+)3_^KfbG4{Lide^AdOOk%WD6`Vgk&PNbtZ`u1m?UmnS{u_l*v<%acJ`Oqp;BG
z;^Hlo`v@{}aEwM<!L~s(jjsS+8v#94iaLg9{)ZWgs#k=`k$h|GW^a>II)-$>udj;-
zv^tC2>4`6H8yl~5FK~eq=S~9bO+!aLTx(lBqz5de3LXf5MSSn$&(rUt{ekM@6vON;
zopmPa$Ih9cP&o5*xTp-%JsC#CA2=fgciR&Gc%XE7k`z03e|%0RGsqEGLZd^f#bG8V
zeR-%s9)3;?dJ4E`SatJ&x2MAViELM9A_9g8J8`=vG-T{HReI4W=$t^F!Op6jsD*9S
zWplVBxo)0iz1lZn>xZPgmJh+>zRV2PXpp<UGlc*zuqsY;BmzZMH|WqMpg_SHagob}
zi_#w?s0StjmA!;sUE7d7aL4%J`vb74#sr%K2;rgdR}ajDK?odhhDiM33kf~;UN<Ix
za8#>4e_=k*Bn5OyO@Ctj-7HU?q{G<^=4(#n3fwUH_%=BcXcO@fn5>^PoeSLIBl|DP
z1$O^ml*`6)K>8vk3b)^BH3FjuWnukal1utulIsr@dBIXG4s2&T#+r6Jfvfiq-1`$X
zhc#dc3J<ax?VP-mK4JMV10#?5I95&ykZ{p$mbMhGfu@1JMfyjypsYg}(@O}@E4D;{
z;6jB217SX-XK=z?Z};zf+_eAUa*f&7uaJ)c3_U$Jj7pSd1c_KyM}(EohXIo(;?HOG
zxBA8lssFJ|EITm3o@IG|2NPt4Lk}d-49AwT5P!(l?%y2O?(k#Ke!jm9!;tXq+tAa@
zl%iw2@`XN}5HaDc(qLA!JWN{7`8pU+q<@Ir^eHJbEJW~IDI)MKo;4<1*dFo^WJXUD
z@El_`GD_2Rx8NXNxN^=<^=B`C2Z`ZQps|<WHzu11)0Lb{95>$y=1pK1I+G5K2X79!
z8=VEb+97%$5NmXJ5C^P6Z+j7T7!~GP{d)q}`mY54fu+5=eRCxyK~U?>pOE#Pn4N~s
zQ~Lo-<%I6Gbxbc`Q`ETvViiWyMS~aZ`djy#1uKyIOy8UAS1>1N;3-No3k`mg{>R0f
znREC>xn33J!+Er5NXPfeyjX#(THuJV=lMUOc-8D;TLcxSbrd7B2__E*gTSqTK!}so
zv^vBF3`Qd{42jiSs|h`AbJq_Oa0vOlpk2~Co!$~FScc}B?Hf$yV2q_ihZEEdcpa~|
z(G}o95nsXKe&8^;9(YO&)1eCG%Z|4i(HUI`DD`wV&MMb5Fuo}BJ^@j={s6;cEF8=!
zRY)f^xWyYEEIZF;962@)Uk<QYDe}?erSn~lZ2XEGT};Iw1>93=^J#Z7F{dWNS)N9L
zqxyS6<G~9>=)d<<yE_r>L4!V%@(4esf*0+Ky@+bV@$@NyOw#)XO%!M_OocI<^S5$v
z)e}b*t-0*9Eyj;@>L7Ep=m!b(^ga)}N}TX^+UyzMhYfvP?-iM2?;_`8YSJ;Q{~y++
ze6>6@J{Hgl+EdghdDNsuNAFDz(~Cl*Ku)t@cm^~QCUz}Mr1^|eNeg-b{##2SYyWH)
z8-IliT#Hs#0EjArBV$vE5vq=U9~T`iitq`K#E2gKvK~dkhXyNQZ)&x4I5K8VM&>>X
z%UPhsfgfh<S0(U}t4M=6IHt}W<5O_@k5+do_oA{$ul>3*Rxw!jPtucARGbV<g5)?~
zuGDtx6>i5`K7_K{U?R>rvDTMAE^qvr;_>BfXa`H|J^R>@be_|XgLHp)fd=G%AYN{&
ztJ&+>X6R=-Dl&NaH(10IbZ=g<Q75m+5iyc~eIa&qPDntD8DJ$U?jv~IaJge+az*PN
z`C&XC8$-Xc(l`&Ifa8<6HqqbW%-7XE-yj7IRr?AxN_-*twCb<a%@XfF*Y6|Zvj~Td
z5|b8J!eg~Hhws1GmH%`=w%u0*(%lDY@KcW>Lr{=%)(hO0p7lj2t!Xo0f(xP@mJ@tx
zOQTTI?jjnPmae@Gs;fMR;ovx!VaXun7G0F>f#~2-4)7~bFxxjp<rck5Q2Id5`kE!4
znMHHL2>$KtQ|xkl5`jRRiOefX7_+p&jU>Zz%X3BUkqE&p+ZBEy>pTU1EcZc5GaFHz
z3k1DS$SnIY36+PeFjwldHxq;q?|i9f$}P|qD#ZX`W<90XY<VJ*D#@OhkbYAgj{XRW
zS1!S=Zz_j#u!_0|gv=qRIn8uYC;y<byK3NBHc!>T_#wlkegS4K<x+1V>HU^@=Xt%H
z$2iYqL(HX2zWwyUi85iHI}V9ZDpx+WLlQSov-@BHYW4D~9=M*t$jZP;PEL)ao^kX#
zNB)!~YW0X??QpqTly-l6N9(Im{RYFBr1}5SWpR;_4o=kjhETYZSjpf8GAu^axzI8&
zLCGxc<!BAC<`5H%|L)B2lK<VAF?#;DGb<H-130r?j&eIgM$2l90=>H0WCk!Io5GWa
zN+Ws+{?RerK3tIQet|j2A0@(}P@OL5@ng-*L=3MY(u^!_s{Tr^kJdiOVm&b>NdF1V
zxaA7|U(k#t(sB$MM~;|^BwW={Ibp7{*xb<FY&>2{S>5>}ogt^8^r$hs?o^74y<sJm
zkJ69wAc|c75VK#M?~9!)xox0i885A#?yWZ)&VVDLv{h*67Ex2h?~i&IHAB|@uP$i`
zt~Iv@9=B?ycAy@K(UE(~{dY+#m=_sna}82&6moy}JG8X^kjNZh)`h;$)dnI2q`~FV
zx!7<J?QNQEU+8>1k8Ou^yl+`~#35?=Y1GH$YW{d%W8qR!0VACfZudG~#J|@cUB1D7
zA0KlK2W*g8r3+<64*_7MNni(KlLA4Yn6|KKH)8M5r9yZQg!lz6<a@X6^$HO?fsSdz
zl3ZM1Io&L75jdaeW2Al;4wzawtC4h?dw;GeA}VY>q@xGVor{wWw6*C!iR%_615+G5
zWYDwEd?>Wibbc~t$hSu^(^?K&nJ6YY{xzJ)eCSa3JABs;;7-4D36T;aR{4;|FFLic
zgnNmgRMd&>|Nj<ecjE77Dnm@eY5;Mj0{8FYZ2t2KAkMCUe}H)>_o<Zu$tWD9V!)P-
z{r2T$NK4Lsg~au}QcG)0Zm2?W^NbSk@9Y727O)k(4?HYYlDMcr<JgmT{He=3L<_Ok
z24MyEiskb`x~C9=pg7-0R|g&8)Ad3j`C63*O~OfM3Q(LwFx+Q^;L===6sZkdebUT6
zF9+qI8>BIA)cq|<!ZDY5hG`x#J*N^de<&4F&geQ$p;;9Qt_ihVDSkngz}YzlRiz;=
zk}@9q4^6kdDE(!V^+t_l=Iz%ytC(+p(3g&USj`N}1*OoFV@^1^`Ap&shXZFf*ayq{
zMLdWEXgSRtKYX+1I8(fTo`86so~h44-{{bsi@M|^of7T+h{wP<+yL}}T%~PyJBUEI
ztJ?ccJv^}L@H=(27Q`rHOh3=g-xK*+zU__fl>7uT6?<L2bM&SGn{1E-{j}H)o;mf>
zq>B2zKc!O!Bb@bagARa$(hpbQg?!|eEv7RHPrVONhc!U(V>Jl`d7tC36*xo12F2FL
zN*qd(&#2|NXI{!tgOQ)v5odaD>gWqRY08mjul<ZAJHb1eLZT~Cqt$NF&tnr&Yw@d?
zu!0xp>PSHQqpehJl=!JIS|&4Lw@tfOlv#YR`+?es3kAnVlVN`&bz%Z*tc7$a@th;q
zea^(?_2{q?t4G0sQQieG3+aB(xCliKoW;*!uDe}q>n3?F#s+t*3npwoiD8Sgk>;KY
z)lK3)jjnk#>EzmV<jAz<nm0^u#la>Hvl?wPqWQ1wk@bYa(L{XQX^Jy<1?{K_MYwy~
z2VCoCXAq3|y2kY^LA*+RDr{5Im;)C%g`b(JdyMi>RQw+ChK=QI{}eq(a3%jkh0V(&
z(ASS{r#OmP2?Eos7*XN!o0=%Q6Eu?jJ4`Ehh$(k^O04Q}hJ}{z(RNMxcB=HHWbTUc
zm+x)yXy9?acwqQ%kUZTlx}S)D$&y~uo9aB9nyIjy86LjSe3kx+)hFwwDKN_ZL+~&u
zs?{-!b4S}(H0Y?>saY`0cx1M8>BI0m)l6Zz*Rm<mhYiQr95`F4M0QYr>6r^RPX3W^
z`)ZnZzPD(nE_x3~!|&-=k4lTEmc#hn*;=Ww8t5fX5k9n@d)T!Y*sh=(LJt)-2)|jN
zeb2@sMu!2?)iEqEw9I%?aw^R^U5d*-_JVpgHkf>3DCZ)!b(NMwb;zSlPyOdPoc017
zS%{N$G|;7_WMMkCf=tvuJ^5GKz5J0v4cNY<IQW{2skoN*NA_=QY8FhZp>%wHOKk92
zMhzV*xf=L7hfw-Ep4>_+wQBqlZ$o2bv9B_Zu<o~lh?krs@Ol;=orwx)LZv0R6<}pX
zz*H9a+3ue!_V}QXxWL_{xEhy&5Jf1KsvI)sN00OE7L^T<XxtCEaoTknb;LMhRWpBb
zc7b5O1y>HL%FtyWS+xuGX@gIvpwE;-g(KPLh<;g8(h};4J8x`Gl5H9PEd}e<Fzzti
zSHiA+b2aHG!04PInABeVN~xUWlD3b_Vw)q27fC8-@W<e((`+XZKb_OZJ1Z((P$w2n
zDXF|jrCqw4C4E*7hh*+4NkUHg$Of}#rm8b`|MQfjsRV{o5F6ex=;4VvoIP+C?<f}k
zE87Yf{-S7FG?f5**502ZCU(b~LUetd=|5YhrRx1JHLGV`Ui=Yi#autU&R0SMK6m&o
z61T+9?kbhuS$wxneLSI}M_`7`2x*4Hz5H}J&yQO*>|!&YhkIM?b_k-^N8V$Pd-JLq
zGV|P6yxF$9+dk*3ejZ$8+bn)zWd_AIJ}!56bb79QdE0D+bUn`&)ZnJ7RVhYx+eY|V
z=~eIW?JK<R9jTn}eLN*KPj|!hXlIUewKwgw1IX5h#FA@^iA#Iw!Lp6fOqrkg)3)!&
z<K~(2x>+CJLu8Er8>6|Ax8ghL$H!Ur_t76|0l&ZQdVjC4rWB?+B83(>&Xc?DJxhi8
z`Bqa~5DRBk2sf8Ep5LoFq^q2k$^e=7NVY@a*K3^)UyqGQPt#ND9Pf2A&Phvd)wB&y
zXX~F@H$p-MiOU1=1{X(T7h8c4d`~vZ?5q&X5s8CHqh$=<hWg>cU%5S2jq>~gIXjw-
zkIe^u-B-N2x?Nsu3NfdzMn*I4?<Ik;dZ1g}1(zePD=-_m>#^At!=%@VeI##z%~v2#
zSMB(Xc2%_^Tv;bNM;nBfq4!!7mOD8d<dxZ1@3ohWORma4GU?l&&yUv5aqp{4e7MSI
zZJ(Wz_vZQV&u7Q5oUl;s!|XordyRf)JBZ~+ZrKPB{Kn_H%7VDzP1L>Ih<&`@NLljb
zwaMD)ZnF{ah1)Q~!rc}qjSfzIe5Bf)_Lu9Q7*Xy-eHn9*?=*7p+9Ivk>I!OxJ@a#%
z)LfcwWzLE1(VF70Q4Uxk$;fG9->Xx0$LYGVIM|1I^Q#hxwLKa11ab$|DtUU$Y&U4`
z#6j%NmmhBBQX5P2;nC*$GE*YXLj3d7JVE@L7Jt30QGOi}b0j)6b?=f#COguxQaLN}
zV5MDQj6B@0Y0F0qiP2;>dg4<LF!NyyVSac!`z$66h0hgIBz6;Nr1TkV$dZnT13Ru4
zx3K#>9}s#kGfmVXA=#ZO<^q~z{ZSN5?{8b?imf*I4`m;Q6`#NXv<nLAG;NjDWSM0}
zM1)F9SW8QU=b@#!=r3JI3||UyhvJT_1k%c)nGRqevk4CFHIfSvSjKsD%Un798ct!1
zk0|~jw`fTx_shiV1a+Yu4-#cE_cB6k7F8BucRq`Bryv%{>MdBD@BfI-Sw!{30>b#X
z0o}-hKew1aftL9LtXiMs?eLKN65U8ZszeSxn8o8U^%dv#SY`H8-`pjJzrOW1_~AO^
z1c@cfA<tC3A85JTt@C@kND)3-{c9;mkcxZl$g)K9bKK?UMFme^c%+vD?8tBBp&9YJ
zlnM|;Dv-2r3KUTQ{m}%X6~*$qB)Qxva<eUsw|lsTA!zbVcDJsdxW;)byxjhR1=W;P
zC$M@Hr;;~h3D-XXUD1L{wR183;=Z1A8<dyX3yFwSiA%G?JiMo=v)8N4cGQu%*xW_I
zzHT-!#D;}KjNHUN`+`ggX%h2XXus@RNl~BV-N3r~nt?5>szo~&V9mq9hMy>I&X+L=
zDR=Bc2PFtzDT@f05u2N5IrZy;24C>p!7>HCo}_M!9)8&`2kd#0d5*PGzkzSwp|_HI
zl6sKX4u$8wgMpIwNYmUSnh!j#R$l*(fewf3G1xfH<!IshRmG3fVL-->^f*U;>%B^r
z7tKjPoH_bv_^*T=FgI?s8J#0srWX8}Q#Dv06>Aq_9nFz8f&1K-O$I%n-x%3=97}OS
zoB;YiGWIqE5Hq4!;9WaA8}i~mM|*oy?{V(l*EfL2oRC2&TaL={z{aK<5RqZ*Wuj*z
z71c8Oe~oaVAG2gp?4e#6cp}M1YNvu4>3(&;<{9g1c`_aAEzbln@g%Q#-}L#g^4&Pv
zJsb(9rkhyu?;d6Y@d1@?caH+IaN^E-`%6=*@ClZ-gPs6oWJVhD3;vFcC&*gxZgcFN
zjQrvwOu{bh@<ck%X+9CGL0$HcCk7BXShPbP_tTx$fa<{v#D_{eaA+QT$EIjdxCu1)
zVkU)N3rRu<@kPWzBEWn+<SakoEGInc%5S}+om0J0L`YD$+rR2r*8{-5tCDyv*43%A
zZ^oe!LXODDvY22#n@6y{xizF1U|knC;QBKvM6e(_56>WR3QKgbfx2h+;7n<M95I3e
z=1*YtndGqPp#oYbF#Yw^*y*8CFRt{23w-r><sEmYRb2Q9;A{%IAb(x_{NM->$|5rO
zF*dvNEvp6fZ+vb6^bNr08pHqLb0YD9jpqm&?bx<c#28>XqT$LE_d$IB9ihwN(YCJr
z%#z@ovnvA`f_OH$V+y{cIXqXC?v;rDd%%trM`RRc)e+N#Yz>Kcu|)C4?t2pM#>+kx
zjyMI*;AXx0pXqs&#_<10&)Wg%Im?^GQLflIRfepwH_5H44*R<K9Iuxp1@chNql=+s
z(kzAu`yLI{qcKJ@wS|&#Guoc^BcA0Ac#NU<UqD=*jPdt&-5kN$B<|K2eGYAc6P3FU
zg4XkvcXIGT?XptSd<^{DE#oZ^UuA<_JwK@{w3e0iC+DNMsV+s7O)d@OaglAb(mgqA
zqs6$hNO-X)Ty;1A+=+GYz6t<ZpBF>`;BLTM1P$?D;4Wvt{1Qkd@j<6BZaAKc7>|g_
z^E-ic)=Fd_z6?<wE)l^IK<=OmNK$8|W}4wrxz9S8Vn;+m3KIe3ZfgZV?s7^0Mecxx
zC7J$+)0=RR0sR663M@9$#5dK<(U8{6VJ!Wrh-PwCX~@RX1=)wjd)XmnjnZ^8L8n%8
zc-`YPLTEjpJIVm93vOIirx}jN3&u)IX^h+7n8m!Mv@arW5}ZAl4%-jh4jq{9R|^U$
z^G_G_`9=uOYTvOx_gwmL%mjkts*t3;h<9Lfvp;8Z^Wa=BFn1_w=}xdL5+n%ut7;{$
zVXI6SsA=JjU{bljS_#`Y$3(`%t}`e?ysroxxO>d@Xcrn3uEY8rz~RM0?5kb;^v7`v
zUjTXt;WoXa0$T1(Skd@bR4&CrJCJ@EnlYC7OS<plZyVy;c2%8~B0^*XxO;5vpyPNs
z^$5{OqJxdOQP5^<a~$T+c5fdapDz5D4W&O)VW4qPTqcLzLV~>|pN!n{3D^knJK@&e
zG&jj8<8r#m6zf}0Ph_;b0Y6#3xBqYAu1@g3#a&(&K-@Y0x45G#{cmwc>i7i{MiIRz
ztV~GQ6W;Op{A`bn-jqntK^?pC>Mdo)m8hz>p6)CN0*5s1dXHzQz6Beq-<%BrP<N02
zs5_Z~|E=zzpZ-yIrqlNRIsa03T^#?YyC~IvsXM!W)SW{GK;7x-0@U4Z?Eg*O_5V+G
z$A)FK+sE{u>dp?@FVp7fKl-74|E2C;>6QM6y4y7y_|i-HqW`BIdP%rw-!y^vWdfk?
z=t}_Vj`n}4JE@#{iGNdfHc(P*V#+HM$>JqtzQj|BUZo=c!S1HKi2MY;ae&R_!&ZwN
zcTuR|J?cVtY^2U%R7i$dj_k7E5gFOQ_2r5)NKJQA<Fdc`eU_=vA=0=Lq~;S2dI~CH
z<Ky=2nju&FFtCv*SBHs;(-!x4KC(57+h<;V{$olj*V@Qa)iw7wBQ-SmtRJt;hpg5@
zwFWW!cdu)jxZ;f&VW=xnPtE6Rsff6ph^4JDbkV6HsXgjg`*xaUYmMRvv92}Qd;n2s
zt{xa3;Axm7Sk@HU+?cL+`59E~dDC1xJ;3*e%4rfZB76%sEOzWBLJ0=1hm&+cwo)^y
z9zM|6bETu_>=R{a)<+`diOc#(EV+6NuJh3z`Ep1q<3%<BZAlJZ`pmiVs7u}j%=~~2
zJtukNx>+DPn)mEHlw}~BQAarJnNWt6C*1HosrWznQ#oZoPWkbXL0lgLFgtUwl?feV
z9&Qh)q@O4}UY9^nGMx+0xh!ajq;>w$6Bku7;?XB|y>}d6Gt5A|TS$2ZNNE^`L<@pU
zsrmZ0L49oY_3%)rH^y2pZ16CQ`s(h?pdzA?4~7OAmJ_Li8U;Vv*p^pMsuk2d)(oTC
zIC|;1_lv<~8t-PZUeb9U*9%1Le>v0Bjl)A_?V3w+@g1i=zv2eV;(ATLCH)SayPwUe
ztIVmh|6&#TQ<ncYb$P+fMPhlJq1lqFyp(nI(M#%1bT)o~lVqkNmO(*v4@LQ!j32&K
z9}vDDA(uy;I@p%*`J*jis&cyLnB#VNK%Qvr_sWZ<d+=|nVOQ7S%qE7-5#=>OX)fL(
zi&%f+t+pBm1%G_kSf#=-*1)Oq5hFwLpDF$ad$T3pj#s=%5`~J`ywVf-W~d|fa(54`
zO2;C?AKF7fp=?})hkslsqz2{Tz$&;c$06V^g3o!<IsKeQP}^-1cZW?r9-bOAb)wqb
zd<tUDVl?G50~f7KJGyrLvlf8iw-H(K(n)Z@0Z$KN<`sOzo8lp|#cIS$zdixFRIO)D
zV}Fqd5egCVT<vR2<{E!}30hdkJ@$Z$j{e_bZy)p@u?GVZ`y_0;XOh{wDcNr|$jn;N
zOHU{#{t#MyaKgaQ#=6h5<I;Mdt((@+^t~RE*=(hNz%TYmYTr0<>!SGwJmQ8(lU_c>
z%YlV`^3~EKK{Mx2rwjn_Kz;)N-cK0yyf9qmisCU#i-arvCbo3-3@C-8rFrAFR0<{A
z(3%tqRGGw1AnKbI&5T-Uz&bbWjIdM1?}gGqj!zNm4OsQ;LpluKkE5~Y<xj)LFVaPU
zj+(|_UlUayP9hbR%HP3%XJU9E{Ah<}XsXb@-IPD*gb$@x7;CD{KpzP6&-VClq~{o0
z3T7fjn&<CPJ^5KfC_kzec>%!hen)YNk|eZd@$>GF7gpIflnvuSL?zpoqt%DSEsvU}
zpYZt!#8602^08U6YQ{H@rEmJaLGeSX+Svs2TkOw|f6N}McKP>_>UWz*pjw82Pf_mf
zdGeRu*>~~mce%H2g-P!`1L&7h<F`qclx^{++WL3t+!u^qP2;!pJ7e^d8jD-?KZlr=
zpUFw!w3j{eUjl%4Up)U=>Sxi|lThgO&tZ?`C1b<y%7-t<^G^$CMzwK2;n$OrRKS_7
z1J2Cyo9B;Dx~gUIwc1;^q)%>qmQ(Rts@9{Gsitlf2!$#zSCSSzlqzgsKPDJS*Ii78
zu1C`k_4T1XR}%OqfH^d#B#+S2!M*!n?I|@fR=^k=i$fXOot_4xpm95n+@>cj(DSUu
z#`y&n0SyLSz<E~?n)<V$UPF_yCUu!_LETJ&%K21)xNTo*L5#KyzP5eMV8O%be%S1U
z$()>beUfY&4|sumuUefO&t&xPM)GBZru~=wwSXuMEjapxz8Bt4&}Cpux<pAAA15sz
z+Kx^f6wtKVcIhANcKzkb`-kRxi^PS66BrzD`|q-C9Ryl`Z+-{wAxkEGJxansG#mWz
zCi8oT@{ODvGmMMdRR^oo{;r#soH7+tRNU*0>ing2SIEnyF?KkZy_-dv=^ntX$HMXR
z4fUqt4In+@g+Ic12C0^U97HB(DUK(uA53lbexVi&El>DJd$Y9@BlH6{WSpJXguQKv
zIJn}@$?v0-2*bGosT3;cRsA-~CRoC?YPlsuW}0|;v3C7&>ibw^(bfqYG_eMM^dqo=
z22V><XJwvU0=YQrqx+jS$>QmQV<qr6e?|@7dUvI7R*v7?`*C$n_V_yz2-RLV;5)mA
zeQEN1*?TVXeOl4$P}qAw6ht#T(V<v_y4it1a{@kWxAyt`e7M)MB7ay}ADSDvT3b1|
zU$!WHUs*TZL`Ynqa6a}tiQC7=AFirzK`M-|7n?9<-=_Cgs({wdqE^u~6$iJZ84AsT
zRe};KlTOdwrla<+H%k%V4-w{XnM7&7p`u+PF6^m)()6a=uC<9asugOxP|dvDEJz(J
z^yZ1znx^cH0=BA@lf^MDhBX+I<J}*S6+i~w7OOC0jmVuguI(*M5#y~^)(}o@YKb!F
zx`Ll33o4uIx(!2YYg<A1IqVAt5&=OB70^@&nAqb_TER|4`52b2E_rN&T4FZf%GZq&
zRU+LCPh|i(z7yBGtVwz#@-$3l^_(;sN$&|&3;dTCGOS4k>Dm`a-kQrbYIGOKi$}m{
zBWaD6*>*KSpyj}}slF%G$gWKFyu<So$hfaHI#i@~VurJXj%+9D&+C!~YKT>6(5N65
zY#?5azDwDngf&Gcv`yyHOgR(RC|A+XQDS;V35W^IqL%yV0tOd22zt)zAxB~--09?>
zGRnwa2a~r=yqsVK=WG+lH9Ta~b(e30${91roR#B1ki+mUm8+YM#v7%Ac<Stj%7*$~
z1QJ6Cv$?O%DZ-41Qq9v2*Pg4bO5m3F;tL3Ol?S1}55qGBbhcp4_9B}pYOR06cSV2d
z4-l@i8OWq{&D*6f&A&|#ntoeMO#GmxkqODz7F20q`$bZ`-I+I&+H;l817sqWOXR28
z_nx}tVR6)uIZBsGZBIs8GE8&wLzq!4C#Bdvx&KN+(%`u;!yMBh%iAL$L0&$GQbE_3
zHOpqg7e!tXRci5cg7Xz*{$Yd@bHy|*(u&sURwg}?Q704UfWK*M?)J5p-5~TX*P1}S
zA*Za&esjj0p!#V14sBnc%0s>Gp#acGm`$9C2}J?18hkXlDo%(MQQ0Z=?xQTe$gDjB
z3cELV+ZGFVL6o~b2z|j!f+$i8{H#9{$ZI`6D}e>EsIZ!H!iu0rQ)`2VpKB++OW%u@
zWdio)?m-gOyD-&LY5!d2vdwiVPfI^+OJ@mKb3gBt5uB_4Cpx+Tv$?H)wwkU{#wec;
zkUqQ|J`k`9X=RuU`7pm*H?*<z-}NLTyP5>+U>oF`1<TcxYMEYkU>jJ?u=bn!e`%9m
zXrEvF#xi((;w)H7Moz)h#WqkAUp->$w}eT;Wa_uH;m*}}oEjjqEZ}GvbD5^l6LkH0
zp;&o?OSJMaarB{1q|MUYjQ^h5esAH7Fbe<rzOI-xz22%X?F0UHRVmHMl%HQ%`y+i9
zy};*oU6ktyHp+ntM-ZIoZtAJ`{>+u|Vo^&x9FsjeV;c>c@B<|wj{oE|OUxu9^TLV5
zsHmb#Y<Yb=s~#2I@1Uf0FAz!9@-%=Bs4>RJaz#+K1M-#!shREsddlVk7?BKOAD9QZ
zPG_V(Pb)CF3N@&eW!@n2Tt5CRpHdch2nGMb6L_@!aL$8h6pwg=IzrE<4Waid<v^LK
z)#Rzg1bf4mIP(4mU7|rZzEu41lF_V-+zCc5aq=+Ye1eO?6qSXXp*cY#%&#!5%2wN*
zI!+QM_u-AALofR%UT1FiSth7O*s~9%g{137Pt22cUMqfkO481e9q@PND(+dRm5&*>
zjW)+g-t}AcRg1Xm)m5!vG2-EF5dEx5^4d3HI}24By2x$l>j~VOQ|2l!Ox2)Ut9BH{
zbaLRN<C5LGMdx;_{^e?@;cP8Ns20!%OT~<bIkQ{bW3`@n5dgSU2VG+88`D|MfJ-&d
zs5Yzl*I=b^ln|qYPrO7ToLxAL#G3TZ+7k*Q1}v1vT^HBD$Z}mWiZB8%lWo>+l?5J)
zXc8th6+w9g`2uEa)MeNS1!HW=u@5~6Hs=qBwCr&22n@(BY|mmI!yr)nr%*R75u6Tm
zCWqLw1m^ei-PIRVa2WCYPyV>qab|A{INZOD4?ydzD5>DF`MbitI7A}lx;Wm@FEzoT
z5T?*sxv$Mh-jkf9Iz!&H$C=>f1}C952a6Cbra9;8XB#b%C-D{@1x87uA;}T&cFFKE
zHLLPpaA`fsz7AzARjPsYwBEXV_ioWMi5rD7g<Y)P+uLxtrD5IF{EUq@>oEK?EjsAM
zsxMiT)i)l$XP!}WPqKbW_nv^C_QKkGs`3Srtp9fK>?4s$6G9{`bz9zjkpI0f(SNqX
zRBZ49%CvcCW3ukN-@1+Jl>Qyl=2=f05fxAHg3;zl>BO&~{4wSD82>7{+ri@E54EGs
zqGUmRj26z4aFwa16s$u+m%D~JMuY(zWR8Vb0&k8lm({i*xN`$y0oFE+mqIt{!mA3a
zi*tv;ie)C*0@ZxN$_CnCy&~>@h>ZDL1pRE<`IuWNF(J?&Kg7E+&we&Y!hqufnee$o
z_;NG;_HxK>MUSDC@ZdhO22(#whj9$G9<5<<dy|nRTcLE7{affm=4OZ9@0E@Lid)D!
zU8_Q7j!fH9Tw)G7V;}M^8>J>iv!XF8b$HynB!2X<;q2Enh@pod$3pcGkT3708lF@{
zE~?Z((mKiTXOnR`$}dWpYx-r5T!o)z(YC<Z!FPj?aB~So=0PFy`Q>Qkt!Nm^y{jLo
z-p$87l}bDxhB1`M+xhc6Xm`AhT-gR&w2E7^6^rm6J>zIyhG*z9J5j}yEuyL7W@dC<
z4cIaY$UaIby5<#)=qWjNku=g(>f8$2bq^86*OW3dT=_}8^Lk()x`Im$mS|{m)Ur#k
z7#jWBo-fK>9U*_*X#eP9s0f&;Ht3D+?|Ybn<Y9Bie8y0F)}Mz1s`ZRP?aApx0jL)J
zFXtVIEZjIy6*np&B{*EEegr{eEL{6gP{&%pFIq#W=V-70f{jS+01@-Ofguk8i|ny-
zzj@x?CcZ&7kSN&Ion$3=0fJ+=Tn<oz5w1GVqZU-#Y9<n<2dZ^p{K4PdD`Nyww938g
zw$KqV2X4ai{J5VfWhgaL7HHW5&>&5r(>VvT53K!0rOV(SI0lPQ9S7GkqH4l^e?TXW
zigj@e(!V;Jeqc_)h5VJBW{Q@w8EH64Q8AK&t_pn~L@z?V4oAXWvOXzSm57Ge7w{G2
z+Z_Y;78rr`Jh_o5Km{{HB=UT6y8%MT_rfG3>yZt|tQ*H?uR&}Pgxrw8sz7;5Mo|-9
zQI6oF|HUA<PfYCUE512361I@2@>Px)gc53GJCgM>&(VTHSnC$1EA`>fd4jPtPs@QU
zYmZJ@^TUINQY|_n@j5G!l9Ml0+|4Yjvjdy*pTf!OnzJ^d%jejk0t)woOF`S=4zP}r
z@?V7;i@dne^B-xTK|!0Nj~e->aA=+{?wu_VvClNTx(oyY@H#4RCmC{`T4q<sZ!yds
z^{{|1S<W*Cvj?LS37~B7JPzRtjz#gz?gZi7PJjkprV0mP#prM91_7O-1MFqliC`kX
z-jM(h$DS>?iiQ%0V>CtFnbW~roKrQPht*5MBE#zLQuhGa4JH>XogaoKwl_v<yvHPx
zhbWZ_X)P8sM7*xhrm7bl85?LDlkJ&&z@3w)sMbA6)vVVX$Qr4d#v-G(LPDZu!!w&K
zT=*RW*(#@ewcftKzOgCMI+%>zT7v{$i5UWlC_yuEE)Uq$xmPwwngdDdd5RwStH6b3
z^SGywOxqC3jFt@*e_zhv6Fp0+yo7`R%f1YOUcaZ9ZNLs*2T4c~H*&B!{EbGGv1yw?
zQ>`Arq>#zU+}pp+9BhR6BOM<*e_<$(|36H<Q()xH^F18f6Whkd&PJ1D!;Nj*wylkA
zTN`a`+qSjI#`w?k{k<3O-CTU;rmFkY={l#YgZjsV>Tap)|4n(CBze64cH`HZ&a!%4
zK;c|8EwPfKD^%iCsSHaNPpLFiP(dDxJt&#m$fzu6&8Q>;KFFyehjJxrD{>xgj7BRl
zs6r~}RN&LA4)|5#JIT`?Rp3YM#^G2HHl718=NPITX*EpX+0XW@316)_P(Gv&ex?qC
z|7L8B12QxIeV#rDqV~=i#XYmJR~(z2$?pHJ+DM1-QeB77vhBDslIIHmDONH-yhWs)
zVMgbEu6YzUdqHE@ITYXnzcvVIXnI$6Kz=etZ6}=QI#Md07fj@rZ=H|q0!WrL;E19y
z!!+bz9Ra+cYdZ(kpBR1wwv8IHAVnESf&~z55JTtl=YW@l<NW*?4K|Rs5*h(dTCVal
z5`zOyWRGT4W7WgzyrpNGq+!GXhoj-~AZ@kjCf=_OF+Z;)G=Sbl1{U0uCQ)!Qb+Rr_
zzasx<UiG~Wh7mJ9k7T&4`ZR#gutz-BtoE#prRt|F{~QOGqU_*BdNpK(_rTEuP+@^D
zo$J9(k8A{GJmxo^%GZuUKg5Ci3;U<wT<w~W!>T1LT~&pqrASp;O|(Vr5>RE@_E8nE
zhgz!(tMrfNHQFF|r-Zq1Wo8~oX!dQ{piRBGtMCfTb_ZuYcT+?c|08Ga@zbnX5R@)U
z?}D5qH4E=<q8i$k!Ycts;0D8bcV4sLNr)1JElUKnp746pIcR6G$gcmlvlzXei+$_E
zno;TJ^{_2T`d`mBOLqt%xu|Y3nrZ&OWF<DEvX$M45A85o!X|l>G&Ws@`1o-`aS>n3
z2l^=t!CB@TCX9Mg)>?~-FX1_w4g}i8@5<ea;QvcG_%34RsN?GqhisM=pD34`F#7#S
z3PQ*d>1n{8HZbK)O2@@>fbd9mvd8cPJdltgLYJ>Em$s19j>Jr5z3vYCeVj&MylJ$u
zXFEGD2=H=i*YV_$`h5NH_hM;it8%eWn^8ROzH0AjZ)#<t^X5cdEVnM7`-OC%#WcGq
z4Cdw<pV&V<0HVd3;h6d)N}z<YgIr-wyev$F+*EO&m78x6dJ!gaNDw<h^*!#mhe{c)
zC`nT^J$lGFHZ_4p!bY5r?v9Z<k%Tf87{dhC%>S}KXjWX6{z&%iO3-b!n^5*QM>(?E
z1K!Wh1wrw0-FDZyayLpvV9Qg86^%PX+OUDSig!KUk~|3TDs?Szny@N!?4M|*Ys$G4
zbQG_mtZrzQra_fTxCQaDTVJ@j=^P!Cl~%U-zqBBEJ&S9rE|c1-R;0UGep=Ze$Vo>c
z`qq(eOmrz6#<+E~j{er{S}?yeS=xcz`V^j9b>gsLHM4;ggVLn_w;%DQ;&6thIx*`~
zYs^}ADHJ(ufXOVKmM0r5E_3wuBZ_0C55}94X8GqgFzb8|#GTOTY@*E9u#r*}I<YXl
zMR2)lvj=3h%c=!?oPp?#9cDZ3vQ@D;X_{NffqKhq{qWYhQRRIu<AI7%twW;#jdyvG
z<%(*)QGD#AG}W>bY$X1G6|AaS4cCNnqox1-7^-AY>oQgAYW@oN_cU$Mf^RC!(z{eK
zZ;w!oXeakOsQTUx5!jB^d>qMOp(}Fn5whG)lftHxSG{A=1Ey}iOiD|ki0(`fn#va3
z4Q^3W8@y}<T{981Oz69|h`Rrj>)4XXT1mcjCAV+I>HR9N@-el49srhw>FJEKnaE#+
z?qMGha0#<tL>U(2yFz=bO#wh+UfeRBMUt16jUv=FpM}<5hA?z!ubt6FFk3`{NVuX7
zXh9O2BxFj*eOEk%S2k(H8APC$s)X$OI4!q_RP^WnxIe;kIM3RM&SSA-shwu#I$8WY
z9CfmYGX`h0lLaDDSJ$QiAiLtIjyWT-eEOvzE{Gf0$O}~N6)nCq49xD4)Q#pakQ`!p
z>dEEG0LQVo!@lV4bQ}+&2<%5=lL){y;BMjwstBA8IL^3_hld{FHui>jpUew4qX_N?
zvAAp7?sA<D{v=7mZ+a~KexmBt(4BBw+V5?%C@7K5u?NHDUI9NagN~Vi7``2#-d30N
ze@50W?W2ES=i1@rw=+YkmzwcTx@^l345g|3#9nh0Af-7HB&67AFlEc}M8w2n!l^~H
z^8hZ&?sSIr4p49fKxCOs%#kEqGn?hIyWQCsou9Je+93C+4E}=O70+Nnh3lpZ9)T@J
zFXm_C9O-RrfwmE#YpXR<*Lj6UPY5SR_e}g|Nw}d!I^Y7%Eh=h5W<E$i7!53)`eVmG
zDNInQksvfeiCRT@u8$uTC()vF0rdv0$ne1?XT@KQhuw0RrDrPqhraxfGi5fzG%P7T
zc|MX{y*mMjYoR1sW^-Wh8H{Vn?=>CNlu~jBe!Hz6&6_c@3}PpO0PV64dD^YW9M<Om
zApt!d=p4|T2n0UOzK3LSEZH5L^xRFnzG(yZZ(Z$VvI<Fl#_4)C3(Z97xy}Rh<242#
zTG{u2P<lfrJHua*47T8Wv#&3@oMlbs(Zr+4qGdsMe@Z}lQR8aTrJDF}{yn^2@HIic
zb~LF4?eIX5{h!+KY}7+L_t>KL8oOuVx&1ORzYYaTcu&Ay^Xfw&kn6F4*I96i{%n#C
zas{T52vzQuLZo!Xz;mei2YNNc9vR<3kBcZHqG4Ee`uD5!R-0>VO3WZ*NP9BJI`Tm?
zJ?Zpl4Dpj|xC^KZ3XayX`<PSWHnx}84clNt7U%jS`89xW@j_FbRJgfPLL;s)PC?$m
zmGMBx9`{@rny;$M7_A!1_imGjl_FErGjZ9_?gke&zM{OkZ|YAKFXwQ{FZ8-bNaKZ9
z2I-6JS5jgoAtlYDqXWOq!xHI=5MntSsPtExJL9=DHFMOpB2oe=m7m)5_f!opvhGJy
z`KctbY%1*;)=f%6{$m-UD$)@kmVsfUpNuwELupguRu&RrH>6(}A_WRMm3V{hv0E}4
zulsZ1rZjvXKwUaQ8or@SIs&xD@p28K5)#sA$+fIqVQTiHA__rBkk$<j6!*>{FVv+Y
zA6F88w>s#JN{(j>#N2M>E6ic-B^SJrtE5<8bM^v-U6E)n>k-nxi*gylLWl%$w+TAI
z?-?4Sdwg!PpNo<4BiTL9q0k#5Ylv_Dm{?hbF(SOb0Ok@$Ag`%+zGXJyE#%7i0{H<4
zSEu`X2A=G|>fat$j1Y*Um<h4LN1amXzS?Np-Iv+hywy{eW4#34Uq5IpqHsRXpp;6d
z{9X9&hT=Jms@G7ik%XTMA?lc9FPh#T#T@jP#{$?TbYf1y1MG3zU=2qgY6&6zRA|8I
zVZL6GgzS!3Y6c#T(4X~s$ZxR%<4bDce1N-vFI6bNPAH*v@1U)LYd9ZoF^D|sk720p
z)nO}sD4~;5wPbB{kKDHZ{<5PCk>{>N7ueh5Vf=-GzoUmZy)k6zGbbvOp}qqadsAI>
zmlHLd20UQN72IE6-6wFzR=*ZhewH8Zje2O~{;|iucK=`W68nSg3CLj}D(B$cBFVDc
z1bgodjxXO9?`odcUIJ(gn!z@}DIo~C+ZEjHptfu#0Jkf(hSH1+)W|M@|KJgbcm0<~
z?~yiOj)sD1h>CfgH+ruj##rC{QUMKJEVRf8d#BF0kb}Y=ml#}jxWr*%U@Gor#iVjQ
zqju0ChE5*Fk6&pV<&JBQUvv-eDDh_^gs`J_slEaz33KyHX93de4eptdN?52VZUytq
zD(j)roj)ycepl&AT_YH(H}hYKnu}eDW<C&D<3!owwifA*wrk=XsjWljw*BvO!6oLy
z92MzVW=wD*7DZZ@<;E|0$57G#q9nZ&AX?BVUocyPiC{{HX{W=+d9t7nX-<VRQwm#J
zh+|BOf1}wxJB4eKxcx+(g1B{QDX935`@%7T;12}?JJeqt0sO!PUqJ8=Ay2M8gPq-|
z5MC+?o#@#l<UbLoXntI}=VO>)-zKckgd1gDq9khBfw*&cb8;RqHyDl=Z|!moQ#RL;
zfp7$=82wW2rR*yinWSI<b2A}6G-+YcIK({@qKQQu3o9kTjyt=2?e7x8ZH(AWU?zX+
z1^1_QlCT$m&%gk(fbS{wuj8^@%x>`Oa6P(n@aN!@aaObme380)%ByTGJ><kLMLL;?
zdP;)1X!1&o|93vYmrZy76TLWRUi|!{ES^mrlMIdN*SG>{;Sh?hAb!ZQ^-uLW8O8zL
zfBUUS=Sx(h;OrcKf=_K7+rbC^Fc;)u6Yt%bGliQz=B}0Sy^{Soj<TMxf?Ku?oGt=z
za9*|X6*3p_j|`-KA@Suci|?%m<#2!@%ZkfCO8%s~OMQ25U-OQ#R1dno3qFMmYy`fy
zE7&{z_yMqNv(N^5JBO`P&n3s@XsJ<3uzLIM_=(btLT{Ne{pE{KtmN20rg|nTF#EuY
zi&Z(#Xk219iepxg0mRJ`Sz88(7;NygAUkH$6H)32#LG?q1d9c9r%5|Z<94j7V9Spq
zWfxOQ%~csd%C_==0Yfem$Mlh0$^IG%mV&ubg@;?+{*UV^L;DVXECqKlECtZAs`7}k
z-DoY^AB&U~Z%>H|r>RvDNQp96P!;f`Nr_bz0KUx0Bnxb{yr$bZQYrkmtYmirewDS#
zk1bRs3s5n5b{o0N)}9bIsr5KF$Vm?R&fw?j4Z}sdba7Ygote&@M^^S2BBP4C*25Ln
zG7~I{vD<XypBn}T6;=!sk{T0KL<Mz!G!tS&z=Xj=SG+HdCRq|pD?>IYhBdd#2u8Ws
zghvsshLWA{u`16ez-3|3XGPS)^l~ke95>ZmShxL&OUDkPM#DNzVG?tMwBa=<&aYO)
ze4vp?ANum?XkA$IM+uj66#vRP^K!O<PWB@zn3-+bY>PXoCn&vI`ZJ9539~ffTxtgt
zZJprurIInskyRl{DzHb7!hKFao9V%#`#kQGNu6e9s!F_te2KdPGU?_et6bJg0OT+|
z#R?Mg0QNo<TLV1_2l#`~c;u0W5$ax%(ku;<UXkhjWUdF^#~RpA`RawDg*im(g%v6Y
z@Spl63FVj=DWc@}(j^J2;$(@N(*0^y?g)|FVF-~R!lWjJxnXK2NtWmw&N5zui6P+l
zzdv|aCX9lLczFUXoRnT+#%T@c#iuB1>L_fj@#<F?4#0<NW~5(92CXLh9iXoRlG%GY
z^66Sk=7C*8y?CSRM~(P*Zz}~5xwN8^NWB+_jCLbbmv5VWg!6`@NQ*hac1wi6C4u<9
z_&Wae3C>I52MlwX#hsy@ui^c-YdjQR{xhHpra@rxyME<gNPmm2z_8=h;q6VTpVOKE
z%g=l$PRM^7jHRus9ZsSF0@TLhq++rFs#B_WCJsIkxi8_d#b$pqdx&PtPebU(TY~){
zCO?(<Id%N;Xce5#B=?$L4Rl9x=u71h=p$rrw$gX5uRa;`?*~f*0Y_h<w2pE%8DFI6
zFLk3$u#tV9n4XWR@+rN(dXjG5qgJpup2%xM&T8Ckrz`Qg-SG4@MkZpcG$N6+&DCgr
zkxTtt@6`J^!P1D9Gluy{@Daua@gB#?KHQUY<&S~=hbBI|M#5AWwrGhIw1@2HgQ|R&
z(|DJPv+zdVDfr4wl-og=nCLTlZ^u6sXnFtCGr}{0#wc{f$wSN-%{BM=7D)Yl6D&{c
zcd;}A&6g86Fn804_=syhP?&1~l>5#PnU4#HS_bqxQ58#Qap-NHB*ipn@?utTh`klz
zd2In0y08LA_}4m$`V7zG=xd}(uqp%`uL9L5+fzboHm{q>Kag9<E$8j4vFLtJY{jWj
z(ioy0scE5u&_7B=D^YMM>Ob^fj5?%YXHkrJSUG2Y9l|09A~KnZ`a&Wk_VI;|<|{=c
zSEIdz(S6`;tT^8YT8qNq4bac;Y!_3TBnak!2=wEOdHsPuwevU%*N%?ZK5zLNI5Z@G
zDXaN2#kB^5K+arZS*hTYl!LG_4>!_mi-C67^9prnI+0(q4Og~7WLSBe?Q?OT+Xw~o
z?_Py?6s;s^{@T04HsuU2L_|V=UUq@)SP3YzFk!c2A;$TiRHtG{_zQL%{4D&ba~XCr
zHR$2HJ&o@E#J>M%Mt8sEFd#$`IfEey$zXDa3MAJ<P%U0k&WMJ{C6Z5_BxxiKPqP(M
zvUrph+%xSIggv;ZCR|79)X}V*d^V?b1K-EZN9?C5v}u#!YLvm_NEg-wI=2L6Ep&-I
zKr~MD4QoA~x)Md;5^-JOddk4Qk-z!-D%w@qj~>=_mfyA;DC;xrrr1Yn7I`$avwoqE
zPncIHp!kZvd7=-<^nMyJ1(RUHzWo<oK0%-Q9hK#Pk5Z+;k6(SC4z+88ovz17PHodZ
z0vS_X${QI*)^~B5UrPFzyhXaVOpShOHxDm@n*UlSU)RdPIt_TLei9hR3+zFge`Q+Z
zACy>ZqlD}`*pzb}oOc{eA}h)h$<^ETK3fXHN<%CZMa~k67@(qeL;e<m)8XZububf3
z2ze?!ZHM(E54wQ;E&m?gFnkyE1JY2)IvMQagPL~)v4gL1*u~ECc#<tLTHfF|k_ywn
ze*>M{Be*(#5ltp7V(I57K)E}CV1kvyPE*whc1$W{h?bKS#=D6HKC0n<SkF%4`tJ`F
z6IE+!5{Ab2{YhQxJ#$&QE8L1Lp^J$IKf?GH!*wnT+xIj;$SPdR_qml1-hXHQQ89TD
zuNT@bKko+6=NjV{#)Bx(e|eY;rl|?&N3k=}DQZyKXAWkdw7&zyEBf?&8d6E9f%F6m
zp}=(m0>7?TYgBt5*VOO1DW44QH(TdDf1e+ubFXOS;Fr%hn>ck<s}pUlI_O>HJ2aMl
z#I}}AYp(kZJUW}7XO}i+@X@Hg$}RCiyB}*So*b5tgXnn906_gbTRNvH?>u`mNjma8
z8{+*G8b4<eAKH|X-psCOR>^FUJAY1b#nNR_x=6WE;$*mBm*ZsqaWq~1e6!f*>MeJP
z*J}7%^g|DK#k6A6$&>ifPCefUX?&^tAsz|dBuxq~zQcMy+5luS1#<>p{NSz{3_7#|
z<QAiOX~Zf8?0(TbY(3g(YNTzB&ps8axhmHki3nLx_{m9-(6rBII+x8LU4fJ_9|;b@
zadshkc_O*UQl#x<uOr4*M;J{>tz}JfK_QK}WtsE9gONFpe1@dgY{=4e{4`6q-lpy*
z$&b^|)0M1y<!2(t9)QL7>t5E<l>l%xSRCmmN$!<_PJMfpZhgHi-S?NrhwHzu=bv!p
ze-6w{iiq6=$Ibdl`Ay(gpXnGwd-#k25Q(s+^;O7-%wnC(6nJ)n?%bI=0!rnUY+L%F
zGe$j{2G~73@OPq=F1C2PPiH?wS892=uFl&eLaRQ+CyZ@Y!Z}AHR+DuEj2;z#Y|(G`
z;=smro)wG#+?s+~%9$o39)qI^e$ReAX*acvR?a&|f>kN+5M8<<P^D?bu5aEZs#N0^
zUjpG>Ol9;H-|yf`=j&(jcC1QJYehx3;9L;61Y#u^imrFDw=xke9oWoOLy@lkkrIs^
zum-zYish*&jWpTny3qx;X1|&Gjttg*a@`xb{&TZOq`dN1g0LknPc6vm217K+I6`p+
z(#20i1xbw8Aln1`(hz1_dpiKUuOs6E>8`r3xJ`b7a0(05kJQ<W3jsW_8BUUjkay^5
zP7})9?Q-tfIxf##R#dNBjU?k6I=zq+wEEck6OljqIOykwQ*3mXap*ALB@BEc%&=h)
zK_LxY!reqt<PBQD+Av>NKZGx7p|PI4O0o$nnz3WS{o`kU>6M|`!&O@=aG>7HmqTa|
zEx{1%2h3jc$8xNVa0X^`Q%;Y4fLF)6OJ-*gV4Q$>0`>IJZ<GzPY2H>_P-BG$)K~$1
zd7q1M0y=b7*j?V+D(m-WWLYOVH1U`-gU<R3X9bSOV}vk&pTB~0DsK<(3$`QlbpIOa
zD;_t}-p`cEbdiy9ZOr(5QQ5fW+wCh1Zuf5#j9++X-|$(XraNhI7d<E9iUsNV{*p*e
z8#b0y^J;9gL2mdX@jAUM<@f!08vmfP!y7~P`WAQmQyD$~1-;>#Q5ib{hmWHT@<g1o
z@lE^{YU5zBYY+YBM#I3EY4cN=Jr#S=LZ$5vL-bAXKFef*uY)xfmM($+?{5u<N12Om
z2G3s6TIrm7g@Wm*y(t}*EJHp=gIvcJIr^1v?`&=?DMPP&GAzWAQ@<qpE5d??h`cmR
z4h=Wh6`9V=scd?(_0)n^9>n&KpmNoMhEd+LFl`)j$G-Kc|G6HbSA{jFywifQ<Ln<c
zSM*f3Z_BKBuBFAfrwKTHB7<}kFtVQRf|%Sw_t}3&EBeH}ryg{fgF8>)+lE+?^Lu+^
zB{tABPi#2LP%dR>EiIMPWE*_Rh+~>P6~Fp$O{>>lEtHb*$pEk0&I%}nz5s}~Cx@lO
z$won##-8NE`(Y}GGG{3hWbw^DYR^lSUufO^3LUGLcg^`pUqe~Nf=OvocVQBkU-XfE
zS|6k;Q%~P$rA4Ws`dMOpnMJJsucS`BTaqO_PU2!CSoiK|*Xv+hz1)XYO|ASgrI>LY
z8X=%DtyUaZfkk}~$sns{*y!79!jh}-D}m9NZ>@itCMPA5g#gN+(zGRKQSp2p_9ghi
z@b44qWjNe5G&TEU8}<0;<aDD1!#JX+rLz;fQ2A}+?pvC~#kN)pxjt6vE^>X(G5({v
zW_s%Ir~FL!Hcx5=%QUs~ieKv`%i4iYvR=b?1OKUDL;o^!{kfQb=EY*+%mg=<&L4pR
zPn)T1SPq~Y%=m!~EihL=Wa5v7*LEc08+n!<J>AV3X{Jn9GN<fZU*7^>V<|`$qy_$9
zPD{8mN;mX+1w!yw9>skIkQXcvt!Mw1%TIpu_)=Dzlqo|QgM}1=L+nl{k8&FrQx$sF
z*tK*GsS&-(zW^V?c@z@!$|7JiM|gHg0bu-O1u}a&$<0vwzG+J*oyiV*xup{SxSy2V
zKOuu@)8Iayh3%DE<Nl2DR&?)sl#q>`jZ?HX8v)|Vk*yoJ`2H|2jjmBp%!d8dVM3{~
zmp$EJ%9H@zE%*&tY~*js*)*NbJ6yNRL1ug@aQF~H;#=O49`p$EtJ1LMJHq%CL$bA5
z?S2-2u+zoWj9$UtEYWr>(;JxaBW?01B?j6NfcnqcAg4F@Bd2MaEU|Vh?Oy}?b_`mV
z3GEv)RsUexwXKoetyMQ`7_Z#~@kK(g#^VRG9Vx%;?z9^ZKnn2ZWA2^y!#_K&*Wa-_
zwUQKg5RG$NxEq$vR_h`2WZ4%VOADYg^c%JN{&J}8ErHc{zyv%G%)y<POB~KA6y7RD
zuUz*`{RODJ<SXs!vyU}Q-|c%n;E48a&-5aiKZuVGU`+qjR87Z!ccTvr>5w2QI56hO
z-atD;2^dB5c3$a4l<y<tCSQq{;gtXJ@ItBhA~((LTn%@Es4UOJ&Y?NW51L{=_`Qth
zn6SXraiQyj+D%{XoQhu{>^c;V+s;JDmPj|Rli6b^!+Vhf4rCWFTRiSz#2!m1%oLF*
zMW(jK^mWcxAN}4*?SfMBrKo6v^$G0R&RHTjU3}ii_R5CORCajjyOa@xZMaXc*qhXa
zf+T7(Jo?pewu=0~KvmQ}L`XE7anRsR&0dw|=?t}l8o#>hDJ+_vM;n{I^<#EJmY{Ms
zD0R(;qYG%tqt4nfVCYgaiREu?9#i{IE5=Ush}+bKVSF38XreU^vqUW>j;0n@cj)vn
zY3?Xnfy><G<%uag^iqvumyDt_P3;1iyz>#?WTiGi*Rs^f+5T@RV;DQmcg-8@B`W@G
zke+CMgSXUz3bQ0)FM(<jNP97(&7Q1G6Eu2vB945-2aR-u;0Yt}@$WkAMxXi9+jygu
z#YAK#J&S?D>f<q#k$FZv*O3!Bz0+<iyIoXX&J&o6Un>O`$?|`$9X4gacc5T=q)u{A
zXbpDF+)2`*OeAZY#ry}gLv<nMbg<JbR(iML+!!60Iw5<xb-wb>Wef>8va_*wA3Hc%
z)&}n6S#JUDf7T)m75XId4ac%ogv%4OP3Plnny>@fTnvuj?AoczvwC38Z27b^aRigt
z0ShU+fH^i>HH-&QiHh4;M4N+%j{-GR39`X;_>?g2`y|AB@aYMZsPP)H=cC*7F*%1k
zA7b38lgd+6n2S{vTQNVW)XKEZL908=*?JxHnVPDfvQ%r~<(6=V4}+AV74(_MKEk|e
zg57sA-RYNND6x)7q6tHhb}VGK(Vy2POJ2c0Ynx!kUFm7nv6K13b<?kMnmo{MRsxvU
z4#bD0B)w-;YMsBS$UhjH@Dm&P5y}#@B$M?1u2#8dukU(K9O%=I=&tAg>~`T$7WFqG
zUiT=Kp*WOw$WQWQdQ0?Fu%_F*maA`d{*y1ZupD_ykCVQFcWj~ZX0SU13%@oE=;iDw
zPB+E#C*?>F0oit7Z*(EVsQ<Gfh?=M3p`_I#(S4eH<0Vjr&%uwsy{2Wg%W0RiK=K|k
z6@*$~{}P}@jiR`mN_S>Il`y&^f*Fj2%>jQ55i~)EtKL@9P_QOtt$_g=>E<b%*lfGV
zy#|=jTK4U4{+wxM{A`o7$$$|v$LJR!ph)9nV<!wY6ItIB`+Y!A+BX<LxSV+qxgu=7
z$|ZYBD$9W_jDpc-b9TZ<Jkj{ZUg$9X4_#uW3axs)_cCEsmByKFa}BTa{10}gmg<Y#
z+EP@b`#|mAnkMlItj_&N1~=7)st*%&-jk%MHPva?55vG}tQz-G(u@DXPg>OpW8%t?
zpxWq)*X6{VYhK#v(Mrp(b^?mNy7vrimG?K=3H6nq+nTnpK6P1V7dKO^*ho1>NQg0Q
z<X{uUkDHBFt^e88B!~inpOLvth3YFs3SX6&xlG_q+XrtRbcAM%P{Z>F`b>H)v2`%H
z)G_!5*sC+J5#@2kRJv8Mh0r9;gz^!l8VVz%9}ut0CI=Sq3J0z88Aejqh)$6h7gnJu
zQw$SKgQ1sVJe(H}PAtv_Gqlkj1H~wKJmGmP%^Cv0suf^hTrs@cs(GE&m<4LsvMMJ_
zQP2ck*>UQ&atg|>tqaOjQ+6-~YiPZ>Pw93#q>{A?XmZ;`6|lV46&{kEh3IB%tcLjB
z>+2VyQu$3TALgyPL@pP#gLAyF+~}uJGx)O%vT*BPe0q+R$53e4Bwp9N&E&g+4dttG
z?&Drj_xZYC#@!MCBy6GS07(J#a06MPJ>4%Ty1kr&@Gf597s?3US$4k;5Xmoh&Rpu!
zgoHbi4^>-S6l7SSR1CoM6^CMafl*?u#$0vS8))#%yyq4|pCi25&7nB9n|Q2-zV`+S
z?qd`MzQ4$er-Tqk)XVI~5V!K}mwjf>Ni7pz;?FXLG$hFg*sPyg1_}O^(&4$4j58n1
z$;8Bm&d1iwr}6NPQ320yLUwzN-;lZs_CiM(7O)h|Bo;v#tS&|tjzb&7h;Oh|j_1F9
zJ;Ek>+h;cU@}Ar;9LMgH#ViDM2*&Ri7$(XQ6ly3qx+Z~k_U0ayPg)*UAb=fG{tsYt
z$6G@%O4K}}KyEgb(6UE>!hZleqI{8d84fH{<JcrysQ3?H=PN$(`IhQVRWx0!;H>AI
zv$oNmHo@y3wuz2t-f}?@>vV&s@(&e8r6G<fPanC@3dp6ggS|~XH&{#@P*EdXrH(A=
z>Bspl^ykIP^XcQ=>RI$eha9BC2aMtHiGXBy*i5C)-@O!HSf0|`Z6FoCx-4~w1|TIK
z`Q&St6^Fb=X8aRkg3T9-fU=iI0Ff`!EF97`8qZOJli5L3IK7A|-ES8D{Y5?Z%Kb6q
zw2R^I;Z8JWZyBEhe;8ebW4M0*CZm>HjtF(qdfdo0aH3Y`^b?LChEQ4rp4`xitb(eZ
z-6N4L=n25Gze8cqT!M6$HtFrDvHmf)iBb!cy%7Jv1CK2p#j_7+Eu)l9G^(Tcgh1iC
z?q!-I%JRC_F=vI5a-oMmNqa610=4K(BRxYPCh)jtXX2vamT4@`agX5ylKVn>gK(ts
z8Ha!OkvP~o7K6&jf4atVhoYSgx4UG0t*`<>IggYX`siD-t8irAVF*cFH1%o#gdAzw
zJ7@j`0lf*Q5juiI93lfT(cKV!KgF$W7<%yjr3S;IlhG&g1*$CO=-{8{4&`*>j1n@l
za9!I(539IPfBnzI<34PSMaW>>IwC(zx7}4PdE0{+l0{#v+VwLRvS*9d!YWvC^|y?y
z=FjO<tFM;R^U861X?6AFE`p9s`z;pfnp1iOow=o`+G`r!Dc(FAdG+WkcGT$RT8lw3
z>Kc}sWdh2YV9sLKpNY%!@8ymy6Z*3DY{f~41i8k4v?nt!JwO)Ho-XrAJ|5i3^G;m@
zT~3{Gkj6>c-}$V^uZk#1eyco_lSD2wH!XMGK8>(rv5UlX{mMw|*dqtVVr!rr(3GvX
zd7)|XFfs|QtnW$TxJH^fCdK$3m_bKyFFAZ*1>+Vri`XC2El6CshB7gV^lBrD#3L|i
zNslkaDxA{{&44s7!s9XJ<bn;Es>n}F;Af&m7x&c_`6JO(i3JIK7iXVW=vXw)_73(L
ziQ!@67~>FP!`P7aTV2t}?)!BObdM1#%7&ja@!H_$t08}u6|fa0+zy!yXE-=#uBOj=
zt_Flt$#(zYlncX-lT5PK98+#vp*Ggmx<W_Fe>hd8ReSVd*jIyP>oMx^KLmG>QC*&8
zQmwdE)AYF5$0Khrl(}s9_&Df<){)5pc{m>1pJLh;Ph0Jq$l7d&kKAoliU5}wVq8}p
zt6u|WqT6#%_|CfX`6w*CI`Ds5Tn0Hqorxq=CUB3)*X(({7O|uzDgHds{;|sMgfF0!
zszsjwpP+>`%pwv%CTd=Tfi=hHhp~~BLtQ_c8-$a@)*yvI^g8Rv|6!7Z%Ln)trTGhe
z!<kH=HwN#=ey>&xu9Q0?qIFz-Zx9We(+CBijk$n*#B9V4+^HQ33BebVd#(yd7!2kH
zoh0Y_$?0J?RR8$Pu;Iq;6+%PRO`<`m+m63qqw1oEZd6P2)$XU-c4!K1YmlaZBXkpe
zdQ09nhNtXC-f8-dU*8!ETN=qwGeEPhjqDSxDlW=XwG?aSvs<SG9W+gDnQq?%u{sye
z-ht}HbzRn(CB#TmQ57zPb3KXEd~G|HPxxjZe2|F>Bn_6VSy?%_c0)=*S8C~AGh{1K
zaH-6JM?Q@r3i+Ig1K>Ds>7Ehm9uhPt0ksCGhZt~{KWGb$;*P^1;UABgMV!@Wp;sK7
z5j&Un0mAg%i-mv__zs1?a#|YxyM$KfKhYG-17S;VGfb69Okr^-xU_QzrisX7B(T9L
z*whL`;0Sd&{yVWq>;_P%tM`l9{vGU1L*uZB>Y0&C%dfD^T6p1LB|c>!(e%lIjM_4T
z?nZ(0saT6PadqF7@#Va2Y5XJzu2U_!f%7@i366APxE%th?^Z$Rdn0uJou;GOaIDdP
zAi;goT8e|6>eAC`XdUg!yl7Kz+Se;-56!aXy8DmvfM@|qPUqoAW1ZP>2Lq@b&G}|U
zjP$m@h2K6~r|aV8>4&(Trt!2LN0kN?5YLqp`qc}_XsEwiT(tJ@`mSVPWJfzP{(=5{
z^ZJbL_o4UYVxJZ_*&AbVw?+QAnzbk&D`}x6jl`@<<ST*j91~T7F+xu9gFJV^gFg%!
zp4&c*7h~i+m6#luS<tPb<N(92DJvUQ!lp!@mdx1Y)KCVKG9iPSG;>=Q@s~$%G6Kwz
z7FL*-GlUiiF>f7cvn#%2h#6qcPEs>BdRtg-#w8^t3TomS!)z03Ke86f32*@dBJo-|
z0q*C>E_c=1&cQ!9f(_y8bbb>-{>hGnIgy{U>U%caL=RISQj{cIf(oG<gqP&`*Hw;(
z9yj_YgVmpi%?D3sMAXUQI*A)Bi#C8;R3&;g9&c8X$?KKf;e(o<Vkq{;gWoS7zLOuW
z2AqshqlwIZpYQ$-Dr4I^kJz^cP&A)YS)MYrMOH9k_9#@+4l;-Oa6Ytwl2<hHU-ATx
zbs(ah7#>Ce>Zc8&@!nCy_n_qQNHMgX@O^u1t0Y6s6zpyTEp)-(%MBxHL&OtC@!ZTA
znfGT{o*hm|PQg>|gj}u_2QP?qQvTj6m#nX0+ys6brtwk_=kb#*{I0GqO(KGWy~9Wy
zJe4AOjt!x`k^B!uQiGFTYqCn|YB{7!&o1@@Sjfso8C)S^r!OlW^jr{g@bOe=-Ej<Y
z4!D^i{6cZj{Lf!8x2qL*LFaz`-;N<8ZvQ9cZMA!Fu(^JZoq+|(xpn>jlXFkAz3wJp
z{+(lVI1<ema?5U1HJsw+0tC1Q%f4sT)^G8HN7wO4)X1D(zm!3rw73Y>c%oz<S9>DI
z>xZ5F<q`}fD1BaY$`#+#9K@dGgfS1VogT#Lr`GZ>`n??S1m#*Ok_3Bm4||7yQ9c*Z
z9kb#`5cWfGVYw?AJMw`)pbRY>tFQL%|BS5}7Azz3*cisOdmBPvhv$HKgQ(r6;3CC+
zAqfA6E4GU8Oj`$ya6w||{qt8ly0uA8BAkCFkSsx5(a`?+>?6kPBlDLByf$takBMQ%
z{$M1&&SuJIh8N%%^+}_b0qjuArr61tOjDk{5iB<GZR{(>P)ktnK#B>^pl96X&-HR;
zKJE&XS|}W>hw6ND`O}s0ZPFGuSV8SN7(w-Af8*2k$_FBmnQUu&MLTFg&wT_hwOMC{
z0`qNNQ{_|5ZL^zRgVRbFAq(8s{irS=?z$eV*aj976JFRhZxg?bV8T<3=my?IgOt7Z
z3T?Bm1MS0f25T}{0eCa?Jg#Dupc6!>KwQ4GY2KNXEmnt0ta$o5hm;yUY4rXG)dMb7
zyv!o29fjA4$7+<4bk8cuJKL^e0^Bj%e#!217Hs_T9O@iRgG~FKS+V76QujxQyfBsx
zK}&?kh?HvPRT##5!p|htVP~`QqWby<k@F8|kJeScQ78|ze28;Wul5t8thk5^3<{*s
zJ+Us_f`vPz3x|$OXbsM*21-%m80^`Lz>!fv5D899nWCLDu0dD3TrLoEMRFulAu?ir
zZ;~k>1ZJ?1sv1pP5Xmj`<;V7P#n#aMXtRLOoV0nIDLS_1n`^o*LAq|)MpgP2IBTcd
zBVTtHzuAf(r&%j#bFp`VHdn;jkq%{)6N4G3n=@H!<mNqo2|~sr*3SOUUy#8rRay`E
zWLwb;kJx0o=0wF8DhahFQto#)UIvZN3_}O*J~|yq4N%c8ZSGTNe6S;D%t7qw&Zp}Z
zVS=|sGEYI1C4>+#p3qr{C{M%SdXz(6Ua*l*X}cu>JY;O(ko?P*q+gid6K;|{s$Fpl
ztldIbbAJnev)AqaVWu9QcNySR+`aDv+2N5>vYv1WJ?xn{xEa6SgI3L$P)YkH^BVS!
z6?iY!KrD{k7eBjFL}p7?37f5d9OmNCsQE78JRV2k9i36Z9?j=gnyw&Qe*BB|3pmVN
zpaQ|(Em_U7N`}8cypqWERA|8>0D9eMAdcMl^BbRGv%<lNZMk{e8f`zw>Fm7f+z@JZ
zTy#)?=VH?9<D6xbwZ}=DH`Xv>g7!Q5|2SaYUTR_Wtt;4`FnCe78y5Ie0+=C<H|pFP
z5$WY0d{Q0FuUPQC%6WGvIOke<kpGhOFp@!71H4}lI>hrN`7fAZ+|_I#S)Zz{$E?)t
z5SDkeRDCB3yc+|h1{=nEq`?+=QEXH1pQn$YKD*(0hWV>)PTWgkLR_Q{_d%bWJw&*d
z0JA|(B1i)$T<R3Rur;S_SP+dph2s1GOeinF5X1bDQGIV}ksT%2?=P6|jFdSYZ0KDv
z(6<!M+&`T2|69uhStO4D$R$y}yrvy|+@<yuFn||`{@5*P%DX#nxNrCpO>U$9J?Wni
z@veTj7Cd+gwRX6s&BuoP<Vm!4MOH<mbI56eGo!h+Td4otE#m{-u)R7xDPP<|OAW4P
z(8`d&4{#U#!+5~i$kRhgnD8_?mzQd?#^ef;s>7Ioqz(6Hq&R{2AsoU>44>n-iR<cC
zzvLkD{Wa?y!t)O#GRcUmP}3h4XRisTt}YmDZ!x9F*N7DIJv)#zC<~@|rcu*GX77{o
z{Y^WGZtrw_ZV<g$%tEgKVeMhBf&agljR!e+C-6pOee#RItlvCm%G1vV&-a@Ak}QV$
z*u#kFJ)bA$wIhD@*X+XJA`KF}0$kzo>an6rHaeemlp4l1*PgfSWS=&DB&qxZw`39W
z!;&L$o6JPW3!VK}_un4>0Jb$}Q@2kqB=lleYxzEYfZ0vj1Q<RTq@G=<Z**w1nRz=b
z(Q_+r`R)yP-;Uj*T|+1T^M)_yb0=sk4($9_=RS`&10$Rmo+kk6x2-`v-U$AnI(O8!
zlV<0M8Ut5nwHi#_&r-XpP1)b&D&D4!zV|EgHdf5g-2KeE+qZ|OEv*4J`k~!DHrN|B
zJb1<<1dZdsH`_3*VHcncUkCVY@U1$C1{*08Fg8YU@|@4<7L3lprSR5Qw6{*w!2145
zyiMq}ng#0ih>#}U{iATq(@DzFi_2&F{vz^Bl?{b%Kq`g$lahEwT;6jd8TKdM%-Wq9
zzZs^cOh|GVr!t4Vpx^6S#xx^fgHI&iw2b&hP9y}IRC`ryXS#<-KYNF~BcC`!DMUAD
zaGa$6x9zRTc1Suiq08ejW=3=1bT-{(H9E2JLYT)qAcBXYnjR7-GdCD%U&Q>Ij`QIa
zD_T{*g!*h1>BE^RON4i4uwIvXupYxj59@=L>T6uS`m}2*hzje0sBjnkX-nBG!%eml
z@dJHF{r7LHEtMju_-<WoMzE-zyM~zu0*vT2xS5p+%Vvs&f;I%JoI&G1A8_Wb?Zb6m
z1jqEbsQSjMZYwnMz|WKd7Ap-Mu_qxbvMrRS4_N?bP@RLL4KqrnC3)lHL0wu6f)d4&
zuc~G|eK!qo*s4;GVjD0!-{9rVI!0X?;kc0|emn?ctB9Vc4+K~`d>O;dATNm3v-)#%
zg+~0NCmjhfn8^AzWA{y+$uZ!2lzrJg$yrG&gsO_E$BCsq6n0U!VxHsl#{FsD)2D#H
z|HIwq>G&O7vQsq|DdoS9M0nbx&(j0_FVC5d-H*AEK$jcTw6`MA9Mtajt&Y2rj)zeW
zTH0jQWHWrmf&6gq^Zc!pH>>c`t2n*{$DZ#A4VAc8^5MIQbEeRTUI>dhC1Bm|h~U0!
zrevN3^y1KMfg@rO2DJF2&~?#ddRN?NO*^&>w>u<-5oCra|8|$Z-^9~`?>K)e_X~da
z>jHU7Itl|0kz2N=+ZOCN*{?(P8B><6AKC3(Q{0wo%*=a9O5X3@Nc`WKw@4K24euVa
zGE#w>8?3WlBLqJauY-AIbUMCg!m$4W_{~lpp@NzQBy-%DS7@?acfS@*o`TjgkDlkg
zk)Q+a4nIG)Nsvh-u{}RSn4E1UKzIQ~A+qn6X*lrh>Tcxo5|2*ms{hMp9@is<bL2kz
zOw#o+rrbCK<`p%C1C|MS{NtU%m#~Ot;g<T6*B1H{2!Ozf(t`(P7`fZ5HzLvrRbH*#
z)1XP00#=$ygy{1mN=<#=<5QRI<2o2G?iU;BCJ^*n;zvMlCn?01sSP-ejNHn{ogJi8
zg=8GioMcd`CIs<W0Y394cn7wj@GiGo?aJnWR!u9XXEpLgp_q%doG?yJJEwp3Z)ebA
z*kK(|l^CRKAJApMzmtOhTX-7qPbWli7aq%9GKl{!@98IV#l46%Q+8?p$o_6VTKp4M
zCsV$24yhOyN(rfvcug@2NCNj&@AdS|LM<+1*{pf-T5??F*0f;Fp|58Dh-&Tk$?(ix
z&iiFvN$NUlh4fq1&#Y$ovGh29?UWSy?hrxuMSOeuaz*6|m2{x8al<#ob<VAG!-4{s
z=DFT1Ih!nb=<WUIwx+vlvaGxQ;Mmv9>&Q^=1?isljfO2amT)7f;sy0@!&=B0;-`-h
z`}Rm}p-&?mp?$I;c{rV_8h*|idsayQKehT=qx_qZgA@ft?WPlj4rAWykuTh4N0|$M
zjHL3DNg*!aUVf(I7}TS3Jd|MO;-W0#`)(!|p<YC}-a9bOxQJk1>00c-JS~AwJ85Xy
zr#Vo5ts}NKDqb3oL71Lwi)u2HK-=gAM|VfD0biK?R@B<TogiNTp@gri-6p@_dJ;}x
zLN_1pcO=y#FdsE|0F#+fIYEN)q=HO~>975M6))K;soj2b`@>jFZAy3MqnJ%Brr)7p
z^_{(daL-{!b&-pdeeu|qT@zg^RtwWp=SOYzZ^;k0s*3nzx1^(`NYe&rw25IH;9%Q;
z*3Z90ZX<)y{tv-f`VA6{Zm5{Wx9ta_(=Ae5{>V8AB!8nz(Uhv%s-7gFCNvcJoV<%$
zO{<aWH>raIOI!GZ^*VKH7f-5hW-$w5Pjj%?P@5kO^5gj$3m=5%_4J2xe$%6_56;F+
z=WhhHSY@z%A#@RZ(CkZM{Q*YZ+JIGKb@BFg*jZ?(xy~nTXq7P-mn@`8w(*nlv3h;@
zwd%~x^rL5xyPEu|y`e|APEhP&NIDiy*$^ig^)0Cxt7JXhRg=8ncC0$Ab>bBN8Z(0>
zP-1b%_3m2Ks$<7T3mp|~Spu){cG@}RHf>o_<kPY)j?=PgSNaOI00bb?L3|&wt4Zis
zv3}y0=%jL&oT}X%mQWw2$QdnOp}NYge8?Iv*Qt1c@~7uIrfY1<d3$Z(J^lA4t)JN9
z*F({oB?lxfhXgJ=RxMn+W%~Mxk7I3)cv`^01}J&+^5Z8j4fx0VGCw1cylHT#`!c?N
zeC6qy3n6yn8b33v-k=YdbZ#>WC3r*9JQ|_R-W&68M&8*f*}RqZXNJ_F3jK{GH0tb7
zaDV_5H^s(ZYYenZ3oB_yE!wzKl@z#~=aDnSJ-)ie&Ig!AO6Ce?@SnJEo{hZNNazqL
zW9Zk_LyyxDp5kj8Wc_+==bDtn^JYu+#K+^-E?$Z3NnFOy#dz~*+TzJ8unnkanSKA^
z6WN{TI~9TaHUk#*9_X|oey79|s}Z*&FEB#2S{dma@7nygXP0)5d%wMOTCe+S>rc=3
zUxk)+1q#{au5?Q5k6ob0a@nk5Ko?LW%X_I7V}5k1u=JQsX-st|gqCY$aK4FRR~s={
znZ;RAw}9@Wc2dPpL$aQaRhFv8PL+l1&1yh<E@?GXHsJBx$S{2BkFhXykVUA)u2g^g
z&3vH?I@t0dw})HqEFZWtrS4l(@3wbdDHH6$_aoW%>H72L=f}yId~yD;F?75C*c!d@
z{?eWE`SKTuZD&*O-N(_}(bcVwz0MD|qUh5qB5v+%O}$tl-&b7wUhR7E#<(=`l71Cf
zIE#^#Mn(2mBlr^Q54o4j7oJ4bFTLAOJ;(>LP5!#Osj!UnzGavW7F=kG_*r?&z$dQV
z&||2OSHG#_kxJCfIBAOJ^KCB)T)!_RW9XbbqZLo5&5RF?Y!azSAxq=jV;WQ?ZZY{B
zbN!5vef%FBLztvLBYf*VnNhu7g_mHia75QyZ{={JCD4;bvTL84ql?)nQ^+c+jf*Nc
zWk8ddXLxLUsxurlG97gEdXrQ4ONC{^{(vB+LdIqc>6fjuPD3JwX6d~pPI3R<!UD`r
z@+sibE0X)pUGu_?F9-dSY}>jlGypnX)7#WdZ6-q`+*ODE$-Aqzw9AbKD=%C*;jD_C
z>#7_F)2+p@&ve#(nW6+_73r<))n4rX^Dp~DXwvaU5=U9nrQsW7=N?9uZ&+_ovTOSm
z5}ZeTCApsIGS6;j-Qi%(FE{lCX!=a$nT$_p7mZ6dNzbdauFt94BUlcDW|9aX{HQMI
z32d{{?>{ar5bnR@pl!v%BQodwC~#k~ar557wlwYG|6K!H$4Q-b(Hao?w&NX$X;5Fx
z2FC*g|EvrprS5v>=b>|I%Lng(Q?!<q2m?DjokF0qF{l2nKuZxM#+Cu-<Ov2GCVUY7
z1q0Zspx7DcHGd0j$Ot4vfCyE1dirgETfHgwwP7IEW@S9Oi3^XcI6jRg3=P=HgI36R
z;Z0xdeS}An)l+@{nGKZ)XDKfGF5`8F6eruzg0m0Xzu1PSxm5?0A~f3fCyS0g$v9)4
zmO}tYZ>QB$-Ss3u6H>8nL9>Mj&mr6M(|y*l-%>feM#v#zocKX&W8_5#*Rv?hhQ5Dz
ziN0%q#VH@4+ki$d*yZqsR0Plx@?-h)tOzS0f&=!&<Dz%uqQ0<{?WH1O{Y;2IwW1Pl
z_BJqfjLXcl#!*Lm5%FDo$^7aHsp=GDGQIQ{Br{+AxN}da85cRtlykd8BPoBmmh9Z5
zb&<fUlSghz)V4^GD~ul>W)4ddDD(@UUt8pnS&fF^nIW|~+$5crfeM6ijMvm6vP6}u
z0ZVXR2hQ?=_k*4bb(;Sy*#S|gI9Yq(&8~>H?FH<8oM>IEyT{}sv@ycTA?Q}K$^pSM
zW!hcV1r*+U>?;rf1`IkdNiE5#-#L85HL`-t%6Vhpz_A`Kg#Rw>ChbGIZfD@2@SsuB
zYbtOa|H$j)#tUciS@@Ibn+!7n{WWUL2LW$)xY7T#V0dj;=5{)++x_4Wn-loL_Lt}d
zuf_oW@Eec8wy{m{9|jznkSX@M(*76|u;zNJ6c_J5K9zn=pt}4J?crGrK2A$V(G^|U
zJ*4ELkr~U8rR~A2Yr(7vZvGQ!e2^_o+ny5<|88*BJyGCq1#LjORRrIosUHi0hr}NH
ze9oiM{7TB$-W|)iKhM|N<Ck%PaX{my7igNB`P(9!&d;n&;?uyG`l{h`g8r+bCZ>#<
zZ{csFp4`;$#k6_0&s?2(g09c}3P=v$I%j*Iok^SA0l2UX<!`3#CW$h`zsX?9;45M}
zDPlRE?5U@bnF+bk^%u=_>3>l=cOcP>nap8CVI9o4e%hq|?l4s3y}MrF)`&p))LP{)
zEtfbTI^vm^TbA{TWL;5gwhIsVG<J`Q>lNS!&Y-ueSMdI3AAA0N()Y4D899VW2YHnw
zV9~-S;qPq~+q+$#&txc)GAyxKA8=$CRvOe<CPwo$;HEyA9E!eeD>aM^%N`?`RYg_g
zjF5}X!?z>V>>@=-Cy2=`)<c?|uMyqU+mJnTs!y+x`LoYh6xNO5AB@j0?BYYp-pi7n
z;V(%Y8X!(;0ZN-I<7!_4KBa4}&3>ambt_)|<Na5o=Ohtto7N12SLO65dHgpnWh}j|
zsLUQAP7+I7tOI%A6yneO-^(^A<1fcd{-;rlc`s$miNSfa(IQ&7A9oGIfGel)>AZ50
zS(k=$`rhM?;KWk=DIz=-+k4g9o3rgdNY~yirx)Ln&D3c;5-wc-l(j>xb8^#$I_Jow
zH*=pd%+5Sjh}p+Tebn(b{W~PMyPx%s8$2$Xm1Gyd<7>mzmH9z;(S=2MKS|}Y)qrF2
zD`!{k<d;L$DvU1sdggjxk*?kB5c*;Am8V15dbYi}G`xalI6&q&8H2bZPL`2LY{Avl
zTifMpSErBN5gqXNbgebk79H`rSuMLJn%FR&;GNNSw+D^O9g6?Cog4k_$u{!zO?1Kt
zX^IhD?#=(13vFgnS(hexn->*~=i_5{@;z?t-;LhiVMxuxH9#qXk8`Ak=a0yyDcFO3
zzS(k}7OaTDTHlinKW2@--||ThnJr8#90y=VvPyG-q2qQ#X5Aqxen)T=!__O@&G+Us
z9QzPK*dp(Neuw&(Bwj!Ttg@_#Y1wZa270Qp1pm@obTHFYygvn3@1G>Bv{e_~ZRXJ&
zb^EJ<*iDzFUWW{%)`)oX<8ni%7N%L?kvA5JK)$zM!|}$zo|22H)<MS3sv!sIPMmG;
zxaMW4g^f-T@S`38*Bi6KID_nuzqk?NO<x=<Byip{>A$q9>q!#H3s4ch!qDJ4bK15b
zaTfa?a(?AQLvws!GEq^Df&FTJr-V#B6w4yn3+?%}g|W`F&ESc=uaBTuMO3K`$WbLE
z_F%Ie@T9l;S&jr#Bcyl_Uj4)iI60=S$Rd<iz|>vg^X6nR*AAyjjU`wQX`o@tVj{_b
zs!fN)$Dkv(JEJ<LhR@l<GXv|B)pCs_cZ-uJ*WYmoaPsWtEULZIR7Xz!o?4TWY^UBA
ze9SMzJEM!HG5u_O*hMixi0)fZmyVte$%^+ENb~=y`>LQix^_*H;O@Z*&c@v(1b2dL
z+}$;}1b26L3+@iV-Q9KLuyL2ecmDIAs+pRpnz@;(>AqO~bglJX^u?;KN8SY^n7wv-
zC}w)IQd~LfHCf#|=WB9zv)HEF>C^IH+i8rxy8jSpnY4d;0_vY9T)pbNc<B_hC*QBC
zhTMD)NZ4g-&fcGqkkrS!UGl_~b@;Fwp;cXmuIsl8xp3cJ93d0ta|^n-L?9ZVML)bT
z6Yz=!hh41NG?_Zh+xR5Ea8O#p_sgzTshuZb^OD-2H0yjGUkzhNmIvT-B&tiPEAgC7
z=UA1=wjGWH!Au$1a`J=+BvU|UCZc~eik;%*<G8&p%MEaaY{oy84N#}xqzJ+#yDQiu
zA?@1A)X<>pl@72(_Cfn>iINpyZHRDe=RQ7NGVeZ^m3bbQmA=>tMD5Hn78F0!_|(M9
z-(mHY=gobZn0Rb)ct#w+1A7j(hRFAMWx9EWzY}=LI^9r=k;y3QW`*qvpx+DA!=Xbd
ze-7*bmrB@K2Oo$FXsuS4brMAi%q2@_ctni}YB`lww;WvfiaRFXf5#q*2Kri@La@;S
zF&_izCi=D2*n^i-Ir!S#WoR?I9M()eX?~<|5V=<GI0x&OdxG64P}lucQwpIft^o4h
z2QSHnE1fW3rteAPHsYAmaZ_IF&7;5IzT)d)+N|u-0bCmC(1>FSHm?mfLZP1|j_P^A
zE?02c#6)C183>FaW(G5fG{6T^;!(Axy<Iz+9XC)Yz|x{?_2_(1$G>XRYcckpwgem6
zOcmsgnc1yqXy*U2Usk`0I(gWWt^F*byZR!ZsAx}RAXL-M5%Rp5P^)Dub(F<Pmdq$;
zJL%oR-SJG}KsM?^+4a#LzpbtP$#E~tEC4*s+j1}Go%xSJ9Q~tXLC$AZFI`iQ>i)~F
zzn8zFzzFq20W;_9^PSUuy!<Q%rUYNN7t098oK57meFcI6VRjP4LiIf7jfu6zVw)7+
z-PU7))?)-1r04z6POj?k-tWg6R$O(ksh+{Thrd4#V)LW_R$g86xR0|x6wnpqNUw+Q
zl)N;D0uwVK6I!BCBO5+_dc(U8?74X4zk7R7{4}rDj7#J*<uGvDU`VRQQ2oL(%4n!=
zP8;;&&hV_-!R;bBJlnga^DVB|^7fs4790jV2fJ_{ij<)l=H@OdYKVXl=d`_jdqc<o
z+1rQX$C~Z3*284fl?$a}uB0vIdL3oNe}qp}?E{dqM?+a%5T3iw?==7XaYC<nt$d=A
znXsxF)(-XG?7yX|NNF?Pul;=xM%+QF%_2nvTy?ZvcDpeRBs3`o9PAJ`OW^X(FV`h|
zpVkE%k`RmN-4(e456c$VF!N_m;_rC_Y~UcLko+`Ek@1oX5e&a=y_qo`cDCq~f=Cq@
zRc*y<#(4srCqyZf2)AJTltq{4aWFf?R4{7*Zrx#u=8^SDVIFN-Kf}1}0HecOat%pq
zSv*mZ4$BnZ5fKCEcid@7)yP?g`1~UhWB=?b77+=)Z2%Iq61;?o_H%;Wmu{)UuSZHM
z8C|RKwavc~CXiib3&Rp2Xul_FYqRJ-xE;IgyB*);^5dDS^{)WwOYZmQ`!^P80}C&V
zL+F2pFC#=iS2!!}R%oT7Fw)2LFilz((bp)zn=&$6Ht?cKJ;t<pFMOsl?37Z2)cuWL
zOhLA}=x=}vuEEJBGCy-xH9vP4M(^{HRj(I02jOPa(rs?``d!KUjKJ@`6$|G2<ff0I
z9th8p9pX1$rZl61wIF%GAIi2PqrDZOiufR+xf+79VWaUa^wYBabfk3AzGqlet_!Nm
zei~*^p70jCK9g@d++B=ph;KmlH@4ags^1%HoZDl$8w7{UHA4xmdYU#XbG=D{c@0<D
zd#dm=s8(#~<6I5|CbqAGU_IM2o>^X&%x;6-IC01#y;?I2X=JIp^ph2^M?1_b;~)7U
z%sLs2$@J+Dy324jeXJqqTqe5f(d+KPiK9*?6O_OxTAcX4(~MG`R4|wZG8<Hq;ol*;
zCRL9PN=JGldT(xuF7T1gO1v?R%8x#ju%<Q#JTSGgeH+##uCe^_wYUMLJER4R>}=*i
z;hnz%lF-BGv>AcA+cq^{q*l<t=N*j^lpWevKKjF4=$XyWxqkt4l_HP@M~};&g^q&1
z)GO`R12EW5#SXKf880d?x$t34{w>}DBA6mpt2>OUFs#Bx+%UWLERiPe`MP{Twf%hr
zC2r`o+b8o122MT2ot>vnrYgzIQNrH5q<jhG)}6m_Ji0Gxmi*>$SMh|z36t3h`tf~I
z@YSy?rhhn0;6(ZX4m#<&&YW33UOx)ji@@hc>`bpFH67HWyfE1y5*0c}j`21(-Q2F!
z7zUK%gfK<*x834V3X?KCR<xMDqM2YMbWSR?1xO4(dRuf?bSqE4IyxKyl$#7DuuY>4
zx;u-OLbMG2BA(}mL55eJlFx(dJgq*jOiS)EMWM?}aVAvXC66N^=nAf8Qr2B_{^hRJ
z=SNnGv5mf=p#VCQy7q1B($ssvq1G-6#Nz`O7q?^4Y>Tx!LNk9lcjd>fdui`^1s95j
zpz=ay0hP_sYKnu{HFFT0Q&lvH@M2k)aod)ynjtyCu+v?yZqsF0nYuHxhhZpi0@p69
z82oeZQFze6@*n}7^jhS>Z~2~r-+saKIWx@k!p#|AX)s}A+-+vRMz`%%V>QT3$1>kR
zbw{R6$I@TaK#tLtrb#e8yD*G#Gwvj*mo*eihpM(H-XoN^I|IEMM6cZN?qiaoDDg#i
z<%X1Q*84ZQV&_=#drDitJ1t5-=h;$$lbl&+BNOSh1knE?kjBGTyjb<%=*My85!zy(
zIPtWu(mA6K|Lou<i>$1dR{3IfIGj_<0B(bKC|B<LK0n&fy?O)HPKa=h2dQk|vAH~X
zSjs3kROH2K)Em~(`OZ;5$PY^)hz+3Xqnib*TJ`i!Pj6e0CC*wdxW)V!_d0(YF9N(O
zCH`qI_%?md+M7quO0_04*?5;uI83@R5OX$9+S8~floEFV6;3YrVf$mBiACdSGXzn&
zFvaL3Zue&B+(n+?IC>>I4F^b)j3=AYS64qbnW13tj}QaWPbmXK-tMxYcj&>Cnzb`>
ztFl3DLkT<&P$;G%!O3$G9Nn=XJJOh^<COB+Z1SY&D*nR;LQPhJ*Thm$p*=fk-D~cZ
z!k^DEO}+vW)P}TL$y32t9{TT*A07*k5mM1b<{ObRt>I$&+8MNC_HX{!@gzZ!l<*k6
zHV}9L6>$Ps4<lD&{#->}6LLK*=kz*M#a4tEARBtd&P4ZZ*)MK0e^6GG@FL5>Dkc>~
z_bu}su`%~KdMV&6x^L3~DM;-d%`y2sFXwYj^vF+zi7Wap&8b3TQ)D%a6Bb0h3O!mt
zBAiKk;jtA9U6OzYUz!!NLcxfXE^rQ%@X2aKSbrfu&I*~vF%RC`dcaN%>cSEN=*MER
zkTLK`-B{C*Ln+G6C3>iT;+q*+_>s%DOTbLOFh$LSimj2RPK*(&K3}?EB3um`mOGm_
z%$cv}XTcWd{G2qa*5lnjtrEouWCev|VSd-IGZLycR9pCti;MU4-9IkRm$-cT@7jZ6
zzcO=fc^+H*?hdlrkn?kEd5N{G&91lf`R<#<d4p3&86q_Q4CqvFQR%Z3A+<xZl)v;x
z`gvN@e(yt#A>(Dmu|R%v^V!QTd4V>#Yx|HBo`o^d?twjt7)*Sr!CYNBHRu}JKfhlE
zt=O2ZnKz~3y8N(Dk~(33#%*eq;ynS@v2H~x{yl@+@+=B8I^$%e-xkUh0V&Evqn@EM
zDkg+YU)USP9>_1T3^tCrpNK1Hpm7$_sGzFGc%!eVj9>DZKK(?xEu%3<*1%KJeUl*W
zR?pj(U2<H3XD!WUdNsR|qJ~%P85wJcP$<>dQ~w_{4U{#olNf)}t((Pif^i^tcW`&N
zxVU&gscgG>*U*(}@Wy@&y~p9`|5DRXP)QhoI2W>jDvcB{0BpgK=XgJPKcEOIK(y-F
zcK?5&Y6N1FjPJXLqpF)bnM~T_H#EPcthyTsh(LwMrEG^V8O8FO-qip`1RRT4lV$XD
z?<A%S^%zh!QCYfLaQ|FF`x(0ACXK89E-r_TUvc2}LJJORWi>4J&B3(7kUmYOyf_31
zG4KWyp^ds(gouT_q(4B*!I}{18*X+LqUbq+uIKBC4QR72;?MLWeQG|fQvuam|1_<V
zX(y^w2*#`uuEoO0YR5kpEFU*Se)3Ff4uq<q+rHrFfBP)8zu$N%?`n5VyAaZUu8p8g
z_SK<MwD$3XlX{8KWebd1QJ8n0#BnkfK4Jqo+s?(a7p^C#YqS+dwUQa<9D}6je|v;Y
z3H7zHv$&+W7xNy{I*1dawX7c<v)G_OUwtRWeN9^F6?0Lj99x4L^dS}0(+ayFCHjju
z4I`oy3GAYv{qi9?;Eaij(`y3}BX4d$TA=_EY2Eu$O~d9Sb#=;&z(-<b%lLXN6-df0
z>x$J8Z6E(>=Ety{NQb)`!`dK=khl2d$E6temfoe4LQ290&coaE+M+W4mi0M}E4{fz
z;||G$SPquCpV9zT3tjP8Qae{3yU00hZ7M0pspMPaX;34J*~p3ncvPb+vaQ3$L!@=w
zp|BI3^>#ApI)Sn^Wq46)gYzkkgEXid;6>Vmr4kR5Z=-aM5%D3s)Ro~?I8bzL>&9cI
z_PdyLjQz<)Ru+vH|58ZN^!$g$vcpDcp+>A;r>f%c)w_k|I^UUY?Z=Z7DdPJgtibUd
zZ?n9HLl;bB1-`cW2_AjRtVJ&zX<kDb1&U;LX<n}FUK6>y-di%|3%Dkl^*sw%jNj;t
zJ}rzBNpE#Ri#+1~kDk!7XpY<pBIx^?D>H+6W>#U$L_;9q7S9!Ljz;*RBIRDM0P7!z
z{s${jos}rqq7F6<>T|tVUNN0`GoZ<Y4{>57E!8*OY}3oL_782(BAsY399acjdhXsI
zjmvi_Z}aK=<)c`29kn{TrmtwK*lV|ecCrlvXZ@0`{(sh5(BCQ@K%)+}w|=l(xjt;0
zgv#Ur(#7!GS5G8b^;tZ45i6mN&fw#82JA?_N=S%U6$Yq>8Z!wRVMX=X+pG<4WqF*p
zWsvG+NG^SVU~mru^AlOe=3;!7#->tnhoi}qYgF5gUIpu}08>dh?zp!+Z;8^&Wiu!8
zlC$eacCx9tIDG1{65YiTjei<<KzlhBEW&`|Bj2A<)yUR=*pS`^r(6GVT3#`0{4ZOp
zMN>QfNvMF#9R^9DNVb%Zi-luBY?04*rnB|4(=~nAMkQn-F<YR7zBEGs#zFDIGvk4p
z;0_Awh3>|Y1%IX$<9AC$ZcIpc{9r?R+kaSV*AJT)dhm*(bCC3<21#G>mmfHt!eCV_
zK};$kau$OY9mUP$N1YI2Sf$+o&tF~G%Qf0=Mum>?Jppm|6jqWijN~EbCa}JF_#1`4
ztJZwpj>tIZB{H6|tRy`dkb64$guaf1z=r>KU&@uzOIYXM2{>CjL}LhoWX8oiC<k~1
z1W=RD_M`{m5wan~BKGfS+cip-0I|+sTWQbeOg1ZkV6|S8(Bjvfdm4>enEHaM2F*Wj
zQLhCV2lgE}*Y##4UM$pu(Ml^)1tE1dKJ>L4ph<Qw>n@qRAej{X>7_<B;s%~qAnh;z
zPsu39#usX5JwZOv8wk;-=fs=<yx|7!Z(`|2%?2xjE^J;2!`FzX<L4JCX9xqBJqN!-
zCQ1f4FC-auITztr9`J9&F%k6$Aelh{2guPUd=_HXHXg2g$k@JiRBu<WwYo>Q9<EwW
zT6f9@PLVcLi@ZLIZCmrP9?6Y=`7Ek}V2savqzSoWmpVS8Ngs5yN#Cvsvzyxkj6@?%
z7U$l`+9zuq=#<gPSD)7%1(Y;h10E+hZ6$!ffAh`1SoAL99;`By;3%3fE@O%5)?Eli
z)qeZlnBlzaFXX|(M5=k?Y*${veAwKObk;^(E%I3D8BgZttfajF^t+1HM#8wipkIOa
zuM-`YUaYLt!59Isa;PR{$<(71;aX#p?sn%fBO1E6B^|Hnp^p9tc3i}=zx3-Euq5NS
zwS(e~YR&ADaR39^Coju%*1vi^xz1ViN>jF~Q3)p^YF%W0Mh@_f*cYT@B0$U?H;8w{
z=7QNKl5G*Qu}^5*|BFgadh-=-`Ztxlc6vX01)2G00rnILVFevq+1#oR2|<m>#Ed40
z=x%>5x}Z-+9cOzz$Y{-usduTaMT3Q>cx)b9_y9jN2|1LkFu2F~@T*9QvL(sdkq9Ot
zBNm-($rkh0w^%{b!j0eZGkysfkSQHEix2N1Ck2N+EOVbwDLF&hkNB4RjNR01S@q5i
z-YKF4hPvn7b*7bmiDA3#p(Q9`{+md~tq=g-?mufAd@bHD;Kf6NreMr@MbVB0vA)ky
zI9yzNFiRlh3koc_=4qc#Jz|g~e1cU<7{6`RaNV<6g;rVh#Cq{)<z)P#<v(dYy_nmG
zs4}=hy?Ej(?+90KX`=vNY?jPas&A&z)}c%2ZYXl>Gfr0HG%36(jGmrN&dl~elnG-I
zR$f?;aJvB?2l#P&4wq_lP&nH{zDCn11UA#2nbqJ$>Z3>YEVi2T=bhj8<W-V#E#epF
zJHH6=FfuR)oXMGn|L-_t9>kFU6^G0Vp8S8wA+vntd_lP(dpCHW`e5?8)<v95{Bl2C
z>l?0=43>lPnhRF0!QEM1s|yj%x{@MGUfIMdHuSYA#*DLMx}VfFhhl(0Os_dc%|Ob|
zd{OM9Q)xWGD6H3{O3qF6y3<PRUci}-6L{I;SW0!-Mz7bp^Z$TD-W6Wk`|=v%j{cMb
zJ?kRnhmARPqg0=eK>kHy<|-ahEe^%nJK*b^l(V$iu4~mEdx#G}q{6wxM%D>v@47Wy
zk91I4BBb9|h*l1_Sck=|-qE4nE33%Kosp#{4350BKptvDmZrn!tcNp{H{#F~;0cBF
z!(<~@6j_^*9+UkiEH?(xqc|t=vu|Qra_=M^S%G1)$z-m9|KyMF)nILd(yG~=vi4E?
z=J4;fZ`B!>gF_zTN!+AQKXjSNm|zT8_QK_my#?In*u^x!4f5K>&sqAxrC&Z`pj9qi
zp6?Eqo1UZOjpLUHi*)15i=*LXyp15Q?Z?;hsahep&UZM#pt+skcwuZ@58H9gBX!zd
z7@w&B&ip-vGJW>>6m#0Oqs!pXH|)z0FmZ2<p;HNL7e(s^?ydW)_SI@iIRKN>zRRFR
zQ{&VQ3mTzm*zd}u%HCCKxw>>ral~45I>BZcnC?8CIF1{RKC)rsgbl|i9nyb9&M-up
zYwK!t{LyI@4hfDfie#dQscf&PkIAqvD}hgB?`yk~^r#WvoZa{~;}5;F?)YkJD`vu|
z6|2U?g>ShB9`eFMT&<$YbfXJxKvcQr|KyQ{PHx?wO7?QmLVtaI;!%I17KQ14?LgAI
zsUi;Y*6rR1-i%+@gpUh#WOs#TuC5N$LX!vp`TpvvzURk+t311S849+<cb;F&pALR<
z2z8u{eGCp~z~Z<k5V$Zqzakp?{1_{s5J~vkq(6-GgDh!jMkw27;++jLRgE?;yjG1`
zrPCXA$O`#ny85=C!lC)VR0Y`??F{6TM$iB$WxY&1G7i>zp+M(>MaerT3^`btp3P^8
zU|60w|5C5j51tgZOL6%Ui%Vm0cAs6SdRuz=_UtlV$=b#u=WZ{L&{3-vT%Ng3`eCZ~
zgRO8W1YEth%zRF<)9Bj16wc1@?!C$-<(3T??oCSfSdyisI2B6a08s~77U&<jGI-o{
z+zdwOSx9ATi9N_VH!rlc-`pL&-CertOX%)gj|U_RI(R!?+<$f72~VF*McQSj)&k)8
zET#H0v!ME+S2@lZl}8-T0EHg#ky@Qx9sJLr{hRaTp-4L2?3eS4o%8dn<H=asJhV=6
z@ZQGB<FB}>24jiCFh1Xri5suFv+krZUFN<;<4*7lDMlEF1^(0f=0*cUleOXYyBmCj
z32#zu9=YQE1IsT0j}ysw*E6T*{D}foxM2cma%lz04r}K-^}FdiNoQnOKU64*JoE4o
zo=iE**uNwKT7m=w8LU0K6*~5pY>S#Z2b<1X(X5VF50LmN6Bl++aZ<ReNxOXYfGo^8
z?#afJImgeNfn1RYUwFK<zWTgl$}QWO=&S4!;?9~}<PvGF!9_Az^=&*v@j7oW&U=zO
zF*~JOY>=x3Xbeho)qAFwPq;1}MZ3$p#wXsqiT?ThXLl-_q=*eFOhc2G5>i|55h-c&
z??6d7FVHgi_D=@Ui|5l-unSnncFXu#cll;@rt<u}m6m7PBGIfe*F2h_j+3pzy7I3%
zA6`ETUDrz^w%~+SeKmX3BLAyH#+tByAGACoYwP3p4VQ$Z^7a7yz%y5->{OJk+R7n8
z8s1LM07Y25%GO|jj4m-Y)BX3G1((0?Q)D|porT-A&3*Dt`fLN8+I-neI^SR8f@@5E
zZj^nyHI@hc(g$@Gd-7hkijjEJU`BAtiC-7#CEea+*g_yYV|)bZzFfl-%cV)PQAk_J
z{f!H!28uJ)<&SB%_A`ohLc)!u+X3hh7Zk>Oytp66@1EhOHN4o(DG@8{r}i64q+hnQ
z1bb#RYbm8Z%Ny#=;?)yt$fs7`<AXVX6`!tjwrT1?vOnf>a*<3>*)%*)r%Hh0mjQ^3
z94X8!?qBw?c+ntcktgAjWrfqd6bbaywHuRBxf_ex!n<UJSGgRvE->3JUuR>fMUf3h
zwyRlfR(Gj9zuBd^I{t9{X0d`s-Y$SkmpN^_dIr-J-9AXI*z6v6D0<u@Ir<&@G?Uo-
zVs3XTC$(%f7wIO!%`0wz$!G0%Se0*RAwEFd?Z}_$jExy<q`}a3`@`i~msM@Q<44PZ
zxgPN5>3}hoKi*!AYYv^yYsDSa5T9@7dviRn{UcACFtl`9OtP1Lw-u$bErcNk+-zZ{
z;VO}JLE+o1Sswjqa47&2BFahJ+4A8wW<Wg8_xQoVA%_x>vFZ#BQ}qS&@{HY*+j+rp
zce2;>4OL^^-t^RJp4bl-wNimX8r*3fM{Fv9%JI`u{+FAw(~)u$JAo#OoG-=~I!4lX
zSJXZJt;AZB3D@}iwI_qLzH!!<+bma{x2KdM*^JV@yE?Ey?1keY!=r`VjP0!kVH4c0
z?3cwXkwOsf=2@hB!2#d4b<Wym4)>Rh4EOg;Md;?S3?ru2v)tt;JhA?f)iFsI243X;
z(R#p@j_vuc)ddLKlaJkl%(T8|!AWzzt%sar6X4`Bb;64ubmW<KQikK5o|ayOP&q`C
z8jTYr3!T|5mzqu~mO+(VytYxFRU-&;PAeA78tAgLJd-mE=nd&Xa!tD3S)YH-W|04N
zM}^Qx!*@1#-2|3@cXoSuds$ySTgruHsJ5aTRnZI$9H~?*l2{bQT0hq*%I%1qx3}x+
z7$1jZY;#~G>3D8Tbsdu)%-;HDw~n;S6+3Mkt+}s?uj<{FAHSKb-Bh<26i<9B>%mu@
zZTCRIp;||ay7hJA{+s8KdvHIU1$X!h+JVN6o>l6)&ceZU6invk9-jMo^YtIz^YF5C
za>Fude9Ie?o}X#$o`*qOW<ma1mT95{rdCK<7pSe|9A*S+T2P!b@ryBqtZ`0aRh;!O
z74L2OikpW9bFUpDLrtLzkAX{53#ry}m-Iq1(lwdPLmrXK7WSHt9ymNML5)Wdslo>p
zmy$p=igZldPW$1(w)qLM7Buwcp`CAh6#Df&eSq}t5LO)j&gF5r<@*fx$`F2(^}}-<
z@`H6UVIt>=wB;H20t3fZMOLc4xn04kA*#>DG@43-@EE}qDVDwHW<k#3P6MxR`2*xj
zsYRM*jNWD`$4pI5ITNGR-+x~dVnv0{+U$-el*yZK>_}%G;+_=I%O%V#)222^SWXdo
z$!hD0+p%4%4Ag7@4zrUzL5am^v-O4o(pA&V#_?y+5C!LbvyVk_8`dmbNWIOS&_5nu
z+%%BBlBBj=<NnFY$e7O(6!#%*c5=tkpX|={CuN~vMGthLPMH8)u?X-{|9M;4>*Py&
z0aewIsm_y77VJ-^UwxdmwZ%aPkiy_Wf%Bg#gcN1K(YI?NkCb7L@XAij^?8H<9_9*q
z$eVnM33LozZ28(kl#2J6@qM7J;G~ami*c@#gmvs{P2}fyUAA-#&eqguyhcIGPRUlS
zYcANLO2U)#Nw;iP@4H^j9KU+*w5R-i#MzL5aW(Rjn2TC8&fa9pDn*~9j?x&!mk|VI
zW_)^;FjveB-k7~)c`m2i;F;sB!;56koD5!%1{4}Nj;NtN6!7;Sip+^JwTuW|U35~9
zWbrAtTrrf##U#gA@{`HIMy%XV`Qx~u)&6Ad$_f{Sle?_`W@X0eVxs{*{xRRR`adKd
zLbZmaPSf2Int?1WevgJHot2nKBV???wX*9q4@pNnk6&#4Y=36-j>YC>GKIq&2MrAF
zEgI7DCTKl-579N;YLq=-RmktX72d$_5|CY#F2PR>>6muJVmUtha;Yu4X}LmzvUjoM
zd|rWy0P05^yyxw(8q>e~4DDZ{`!TrC!fYgX_+fEJ>%QDw+(flvs%#%7=mJYvg<bRy
zbWCg1j7L{_@X)NDi9E*!vUXW~WL9t~8XV0}{VmlHM<KmL)v84%o#FV~Tl3LU**7Bf
zn4dwy84)lem%Z%fZrQxq-I-klMOa4<5BzNS6=IgeHOAuFCn`F#4PKa+!^h}%oaa=Z
zk+*<syy-%BXqnLlmkO<}T!dK<b<1mx`Mj=#klr|i=lQNYTx;T<TVMV%)=EpxlcVWX
zfBz}Znm1Zjoa{QTKJmmnJX-bjNOY~0Xf)I5f}OSSkEiGHlov@Q2FNU-(+4Dv>kpKO
zDN3(*TV5%ZD^G6}RD6qcZPoeUncP$9LJqfsTYISbuRJ$X<5CH|OngehMNO7684^SJ
z*PFT8iz{fO57Uq1{u0y)vHa9qCAv1t_m;r7Vs$o6^9O&C0TlQ`Y0?`UyElCks`*R&
zj)4RBTxH*%JWwQklrc4a+!JeprXASll*q0JdN`x~MPkh)ilD9K=Ii~lT~{Yye%DsL
z_|MDQk1C)3;z{E^yt#XT93G;VID7)+@735HyXa$HMZ95($*2SgmeG}1^!_LVmjb3z
zsJAFg3G2gV{J>qrlf6Bwx+~b35<tSvQ7~xU@HXlsm8J@^30?0QTYkurUqv!bqK%s3
zdJFtDRWT0NwUUFXUD;Gq+Npr9{b%KpfI5v8K36^IHh+q7+-*aa8Zd)xjWRxao&SgX
zC<I4-k{8<3#F~yut5uH`$@;VDcz00tFn`2-iP2xo<zXt(2wn)RLd}h#rbwW8Lu{4I
zt6E`RxzC-@M+A6x@vI7@;X5&xWN8I8xY;gl@)Y4sr2w~|Un*@YK`r`gep*|d_(GV?
z(CPjg7f;U5LyveeE_+Y=slBeL{)FGQQ85uhLi=@Ik4rEg-hCIM*qX`45w@OL0H5#u
zu-eBw#Hh*+|E<HW_cxS2F8kqwK*&Rg{PdUzlq$}m(Vr3$dCyWb$sD5do~8|*b<k8)
zrkm=$`xN?tFe3HLjwxyULA^wTY?sqN;5J#;ZxJ_h(SBkgZSD+2a9|VyKl^RCznL-?
zT`ne)-68Y~ZX@WqVd*EA;;Fs1U{XL;<?FS$n~pZDp!R$E<kO^bLF?U868qPpha5v=
zMc{Z)mn!Y~C7Os(RQxhn(iTTHoVgV(&i>_1gmR3YYyQ1<kXkbTdAL7B)Ttg3{+MYe
zXE)q&<vZiSIosz*I;T(!;*8XvVSQJ@6M6wGvM49uq3>DI6Z<+=v5o|gdLsz_aBW0z
zfgUIIwQ&qcWi(Pvjy3MXh2|Z~ZYp(g4@5V<Lndh@ygo!yx9Bo8s?y>x?=zn8@0qPT
z{^roRJqD;V`o<R?LZM$(fZ3APv+e}d%@aG}3xT!+Jbm;f2*eXe7qv*Y$)0z90SVmG
zm05w1<ua997f=jenN{1%Q)ftFt?z{#k1amYQJ;gZvKdNFAmt+8bc+Az4*cyJ{9y!7
zxb0A?u1hpY@*Pc!vmb-hj&1i&V)dOgVD@!$pCJ%IO?v!*YTN}Rm%{$xAREA`yD+DV
zVmlqvs!FXFkB1UY6xUq?i~9FtM3q<(?Lc}+AiIwAH1^jOoWYPokF=7^#sdK)r)Qv}
z%QDVlX|EPa&Vx|mzlEl8Ap$=A$BFNGeaPLCXzzkt<CihuWg{VInZ%dpwRgrCOl68l
z$uERUox)LD{Uz+DT(4px_(Y+|X{T;T%!0`Zzdh!u!Yeho4YrRy?;C$1F03Hn)HF#b
z##1#%syoi}2o=V>Ju#f36t9eAI8bUS{w6JT(@U^F4)^q&@w-t;%J^=!MZC#VPi-=e
zeXrHwhO9d`*o0|&H&!qj6N4?i?_DH46mv9gca`SSU|J@*3rpD<%4eE&rT}(1-~{fd
zi2E#snXtJIuH>nZ2JZ4eY>Y$?9^`Q2<i{FH{2Izw1IxA2T$wYemuBaxedOZ5Sw(vo
zM0g**DV}akRF995iL8|^Tnf~wklT=m%+U0r17jv0??le^;g<!2CQIkLE$9A1-LzV=
z4F=A4ury*FuP0h)cks9z(Wz9JsqrYzxf}!<($|pe%j;<{tC*6u67J>I$0JCp$DD*b
zT<WVE_edpCz>g{-tDV}hIam*2XOpIRGz^G8)(lzNAj{JOy+=N!7w$IHyH=38(zEN7
zIkj8UZ#bj1TeELCAGz{sv}cmK@>;ZK&RjY-xVDL2IM2Jb74DvyU*3gnot0kRNe!+p
z?woz?URB*aOOA5M>F1^PbIBRtr6vR`guAFgf)yfN)Od923aJPxenjLK<`Ps~F;{(4
z?^jETGD)1Qli{CcL13n*R10kJtTa9zPErrCX6~jL16|WA$v2PvhzN%R>N8|Jrn=7<
zV;gA8RKq(ywvWzXFxH`78~CZDj2`F|WqGCsE`7x)@6i%?XSszOqwD*dqKCDA#hp@0
zrEfxlJpft8lswr>$B$A6f5}9tRtOKs4pw(3GQrx>|IdPaV;Z>^G)0#)rS0dVy$=99
zg1mLmZ%;Dgc;&RK-RBavc>_=}lu8;3^x{m<_;ja54SaK9lZ_?<Crm#uT;;EIGE!51
zV7k9{SwGE|^GML@e9yR0`Md#^U7K<5nfdnq*4#f!I%>D?8tfdW%p268*1VVPU^JS!
zQ|dL!KcDAVH4D?P5s+)p13!Iyu5q&?H!)=B3bb+qyowo;svKZ{b7GWM;zXqZe-WMo
ziFZF_*|+40Y6JFvP}ILrtpWW%DC=LS-hkpCRQWH|Xh8T6>iidKHo*D^P5gs4lYf~r
zZXUD*Cyp-AIckQ2=&KG}PKSY7^*f@v9=W!sL2RudRd5|WXsk)~8o)`jUr4hF6*Aqp
z!(wp#pz?_2Tq7DlmUqlmVH9btSX7i?Z)I{~utK0N*RKxAqKSZH8l!Jn)aj&f3Evh|
zl*L~df2yK@4xo-s&EgyV8S5-cAFioW#LGE4`JS&%eH5fWea8HP2>}5C3sK}yt`$_&
zwxUP?0Wla40rB<Y?Z2-A-+!Jy4h7eDGFCAcF*Y%`F?TYzwPCPuw6*!4i%4MyQEAUW
wKyVPiLZJP-!pB(P8~jn)THoA8+1T37>Z8<uEr){sXV&MBJK$r)0RMyj1EsWUP5=M^

literal 62244
zcmZ^~Q?Mw(wgk9s+qP}nKHIi!+qP}nwr$(C&zyVTdlNAq^U*(5E7!`b>Z<6dtX7Z)
z20;M;0Du6fG^p10zZ_29!UF)1%>n>G|JQ2dXky@O^2b8N#MHvp!r8*kmd?`2&h|#<
z#}S)7@h`vpLP=M$L`X58bsh3oHf@cyoj3IupS0xVq$}yZOj0l_una)7xheghH<~x|
zHxjiS08<7OlQC>1=Wex%NE^rS0dc>#I&8ncF#2bDHf%#m*V{ok8BQrZZGCtAm?=UL
zl&R(065mSLI3}GidmBGN3kT=s>X_Zh9DDqX6ga+b$AogliE@^#o|@=#zIw5{>NUS6
zW&(AYkSXZq=YQl)Oq*Ab*||;&k^sM((#)%uBXe)MC;hY_iKU#)uV;DRzsvvtxHD9d
zIc<Jn>xpmRAJGjSbG#T3Lq-I@4QZ;UH}f9NI5(%qCqvSHvuMinWncIIG|`Gpiz{E4
zzO=WRGu7bOz}i674gB?U51o_@8S$m87H;yZEZe-zgVtD=LE&gjTT<g@NbAVrb#HNc
zlY4nxftyy4Gpqf0TdP~9ZfSd~ado$|gU>~$pa~p+#IncQhA}9N5}GT?9K;~sB#<!4
zp@8}f?rrNVx1fFVAN}0>`-|^B@U`}Vq}waN&(<^9dplC{X`<W5W`=MCG&iU}LB!9`
z_5OW6m6SA=hwsyZuRCCek>Zhe3d~aQgozcbM57;l|0s0P0c2s5BPXIAu4wUQ<L;2%
zep2=`<WoM+L5ND9<0`Hho`faf;_@_E<;7O0ku!&&%NAu$evmm-1bfl8#l8TBB^BDv
zO|XJe(=-nQ3I|QIkO8VK1vnRL#m<eTIc*uliNo(_`0?ZA1s{SOZ&AYFw5c9HNnhq+
zL@$HcEQA3a#c2)-t&??Z^M_F7@9yp{HEVEB&+8L2xeA>OT+cu9KRvt{gOJR!HXw0y
zm)cwu&&xu0Wj{jlWlFMdP0ty5pTzI8L_IEccbr&NDHQo{>jbZY<=q|=yLj`xl+Lao
z@+zv!oToE^(d3Z}k0^QAG$uN|W}$liLhNg&Kx84geP)CApv`(AdoF5-yOK?Q#W<Oh
z5>YuHcf9n$O6gA#(CN#yZ0j_JbNIV%RN~4s=`f60lse}Zf$wgh5!vTB(9Nl-XYkl~
zNfJk*4~GVHJ2df7#vvjnp&0|&VhACiid`D{nP*^OV1BhFDR8v--v<!0$0`rLSHa~!
z{`w1?6{V0xsGd|S<<b{K^d*~dbGKHWCVx}7umaH62vjiU=H}!xK&E$h8S$4XbEXk=
z^9elbGinh$VKLc)cku^|Y~Irz7&7k!P*j7GHbAd$e6VACm~YQhI#~meb!gp#8Pdq%
zKLm#QXiULyp9k|?#RkQyV7}^>ZxEyS=R^;t1tX9Q44o&8dcU#hXjBX%@tcj%+v|UV
zo3e&Vg#(KKuWx?xXGYYoqF$4XNFzg%FuTj4`D8f`=lUulTublqS+OqqIJ%{S`glYQ
zP?AX&hSk?>K?iga%BvTO)Nh9T238cY27Yhx*_k-kH1bxQ=F400%BWgaS^&7gYHDRe
z=VE%3JJycqlfVgB5p(~Xdu;I8$Rz%pwoFjhedSQ(Qb=R1-XedjOBtKLRlVQ(DCRqK
z@2tVEVg|@xf11g^sF;2eOptda@w|0@eAP{;qH-ZuwN{9bJ01)#o*7F|@QAmn^d@j7
zh~gLmI0aL3#n+bX3CRnBbT-ak3vx9Wa~b<eQjdX(O<9~2A7TEkoOf#Gb`U%rFKAgr
zn7Z8tFuO2KnqA}>Os`T!1;?wK4aYXGQ+6&L;b(r3H#tN_=9$YE6znZDP{vVv6s9nD
zo_|YR9cnKgyUj|{${Gubkw&B6kZIU69{^a;>iQ9OLr8<`a;wuYIHi{fn`xd{LoV&p
zm(eiD)(Nn>H0hdMdHx{M*70+k_sNM9B*d=P<VR$XWx1Z!#m#cFv@1ihAFY{anhd@u
z!Ck+IGvQy8sr=Q#Jeey@9MX^D=iuVt!oc(9<l)%9>D%q_EDXAuv;EzQy%9+(Q7sA+
zQ-goeE`dikj0WZHNd&4CGUiwkz14|k=0ib%?C3i>b}FjMP9D@o14VIO)kKBFBvH}l
zkA|sc7NRm!YlJx6iz*cRbUZVmtjr}J$TbVywN2Z1`zn(5^aeQS;NyAEbSB;CYdw3e
z$Ss20i!t8C7x=a&op|{IK9>w5jZ=m+YCtzPd%LUq_U+s3c(XKf19-;xYYEU*=L%Nm
z>P}YG_v6yGcZc9aU}nM4M+B3&V>u%C7+zMhCMcyIw&E2GB00Spt}7`ZeaYctsvV9q
zS8`<0eI?j>@zYUSX(g#pm%Ds0f1uS?Em&(3>g0X(t8{*C_<^43;g!++t^XV-v8#wC
zmKGL_1vEq1&^+GWGpmI$;CG3|RG{9b{g#Zc2o`4?va?mc1QAOPH{)V^1yG16uWAZc
zKAiqdVY+f#Jr*^LnY+q_PDQ*1*WEDxDR=xEtCX@9SwqV89TUbuQ{2h1eNMQDt?Hed
z_=ws?D-+)u)HeC_)7UW>v@BK{kf&|ts>1eU8kM^9*Zk@xtRal$o&m0#<+jdh`>-f3
zPo9hJ%Efxo<2)~3I`%hD+Lt@cyY-r;d#+N`RlGBFF~!b?mk$=+876UZ|E)0I!&%hT
z@H#{S%An<_N!jA6li#cS&!OhGXN|26X9xUJ<xIA%y4*UoBhhTJ*%yjqhJhlY-;j!g
zZ)A;SJk_w>R=9pCv>h80yDlQw9V*}|<WYX>Ll#E@ETdc3(X<ObtX5r!gU(HJLLo+~
zrexVnJPAwFgJ+8N_VAu9Pj*7}Vg>v1PB_WnnuzqKf|lQh+nW8x3T0jHE0yin*z8|k
zmid$JKUUV`In9nnF<cQ~p)sB^fn&h&IKnQ_2pLIfi?m?&-i}ZkGUb$mGMZ&GhWo@>
zUt@E5{!8fP`SHlpXc_^)t1UP^Ws23=REq1Qt(v8gReybd;1{PCLM_PBsjSE{QbM=K
z1eg|>w&V@}-VxxJM{c?<!PijSaq0vhkAPxv=c@-`Q{@mZtI9Y4wBjk7Z=7d>bY@}d
z$eaDS`Rt2x<r~*FFZ8FL3BmBv4eO}Cl<k|+R{uA6%;=e%Haptqr}jtP{ma?3G*v<h
zozFd|e$zuNt$t=CU4+>AJEQU&VB-r3h<B#V6Rznis~3-R{Mm7n*Wwxc?zJ(<BlQ|5
zaoNOw8AX|@S4_jRdI7Tz@Vuj(CWV8>nI@$?W6EUNd(J9o_2LZ8Q=4!{>|rk3Xguhw
zwOwI8LtzfW@1fBQEQ1{tFnL)EX+RrvF&rS$%#Vl7NJHjKsIWpEh_l$x4}Wd@wcEkx
zTnL*$OQaDz$H>ckC|u~s9e0KsXsZf%O_^Zds*F2C5FHwdP*jqpCO|?7{*=ZPOb<Ow
zRGcWpr+`wa(E#kJiU1x7se_9hH?|U(|F#Niu!~}~u?b>L^P;z}M>n^($XXB{E{21Z
zmXGI?5QR&(_EX}Pr`W@x9_ToBCu0Ip6-5QE=7<0Q1%NUyB_}tOBs|!h907_@gVDc$
z24?#&vWsK3u?u3x?Mi`L!$*B1#Uw@RG7(TsO4ep6+1f=Z4JJ6Lhr%&dr$n<~(4ZkB
zq{cI2v>Ekh<@*m1&)6aiT7e8Gy`s5bWQ+?nu@_B9GJ0wnac81)78}cirdW-`l!4ux
z_AIymxUmTe%7>V^;0P#8<KVprOm56J6aHH-FWx=P&Su=r&+58F3t-|k6Dow5%;y*s
ztH|=i{-+=n&rHO7<l&eJ1OtuXjVRO3He&b7!gLexDUrX<fSgRVIbm9m_EA!%h5pq7
z1(#4%NETuN`e7uTK{9D63nk6&M$Io}vh%CLbJ`@k4>qK*4_52#UGY&NI`oo17Fvgt
zlfd*cuC&QSS%{b{)Z*Caazf$<TIjC+r1DSeK*gjbARW!eo~Oj_!~ADvG@xpYVy2il
zNC`+Y?x8*Kt!&6~Rq?6UX0f9N4FFY=$cZS#M4};1cHYontw>NyPaGHrrZ^IaP>-4N
zG8FSI$V*woqg~h}qkp(aV2Nrn$nJb`SRjqE8@ako7X;eLLToXBEHcW6)zKDdKk<r@
zuPF*=VqafCW<o$ZTlG`QuVuOrvr7Uv+4`GFsZV0Y$Bm&E_#P3Jr*8O`D_d3yC5Oav
z)dn~hxB?}Njc;KI%y?wf#nbxp$4zniBdiHwBK0wrC!t1~hv<o@2f(ZBqR0ETK@$AT
z7W@}LfzaG1=vtQyd^Y`asadW_@9En__f;4gt+2VyM8Alqc_owq3<jp_nI4tUI7n+`
zdR-z;Fkr8T)E&R=&fCoJbF;s44vmTb+8|sk^D~>jB8;A&hDUzGOlrob+l24M?t47R
z6(>QyCW8VpbLPNeo`Mc?Cg|h?^7;ykdtcnlcQBy*)d$p7jg^V3IvAN*I8n>WpK7X%
zw|&3gYASjEYbu1JXTv{iP^V$fzPw-?)hl8|(t(AVX;3RI<*<Yv%m|}+Ivi+@tHWu)
zPo9`K?o`O+STjUWQci^wy$SMqAApGWh6KywaZAmx?qz81@P6W-t5v_9Gr>;Owf`~S
zRE;=z&x<1~4qV=>0_VGl9TU=taiFEB3i=B&Ski=zRGHZAI-T|QCT>qeRrxdC5g!KZ
z)nE#C%A7INuU{%_3rL@k_{CSTjv^*=SqQNr{<WJt>!R8;OW+EnD0CK$^TfA{L5_=O
zJskV-8cj_}g9U_O7ajr!-#RPYg;pAZ7iDNMfhW0bQhbyR_;pvn8jCc15ayI&#8o}_
zs*Zt8>*!lX?uC_JzN@TPU*?<!pFwOHg_avxG2I#c1*!ZlhD1JtCPr^QQ`}SXEYU<m
zq@#x2$n#>{C?bU-1u+-W2vjS*#0Sf?wCaHQrx2}>a<S$8=BM6=Phxf47t1}GS@5;9
zLuxHswjsYsM!_bKA`+A{A~YT|RfHduDcorqDNKPTs2X(@yoL`-eEkvB3Uwtzj%vpI
z+s(fICT`!Li^lK_sBCc}u^T9|Wx2Aog~ISSE}}MzEpnR_gG=m|x#sEA-IREv=*j+F
zq{x0lA5fp@_!INoe9B=TbIPG)C0@c75#6t{DN20QoH;z!aQZfE?_<Us1>o+FDOyUA
zh!Ja&Mx#^FZEC1gltR16%Am1f!V%~3_%sILlJFp{fn2}7nWgkDx}PD11LZPMyeYVL
z5p56VC@5pc@o}m+Z$R$-;rBQJ>K9mW3M9_xNn=SftQ===h-D!C0vBh@f{i8vwll4h
zm(P(O056u6b%OmA%9|kXg)o_=W989ZMM{6n!)Ohxm~SFbRFmELJB8Ocm*38JLrJuz
zTR`^f;}kI}F%cpI;Fv!wGCrsR&h#*8U@?xjS-J}3h&r+2HcV9E%u|`RSglOu0vKd`
zs{`X^8q53u%d><XSufUr1@*2lPhyt=3({_3Rn-??@sda^kbM{}r%LWpx2A=m;O?1*
zvulVpZY<UZ0M)}jM6X}osebF>-V!s5Qz+jeoBCpRwohd=3S894Ov9qsW6T~U5wOiM
zy$ul?!IMup<+(K+^-<=A<<^Bb6T6{6Pm?*<TWUVH7C?`}dFV$6+)5*SIYQmsDwGA2
zVJ{=5{lsc4y3K2&+qU<wKXup_@q2)F5XA~-7iHx5jj@3wHtO^o>#777X?h3)dLm~$
zCc*D=RaqpI5-lPdWd<BSBFfUNv(7PJkN_cNW|`e5qZk|DlM>hL?$UEP!SN1rb8LGj
z?h0lBjc~B1@dKRjW~*Oc4#wKrJ4U^1OTJp<8ud(;QCAF!1%6M72q7zI1G51GzEV7s
zt!-|dPQcCvQ(4G6?SS7rf}qG==zECA$X$@QuYzDe$SyK=8zqDKy-9c<)t*+tjGBba
z{`qTsV%zppNjwN_I2nG-EGz)li84*TfVfArJ(7wc(P$<jFdLPSmH`<#6EJxxN?0uD
z;ObdGPuU8NL6Gr*w`f0g!VZLy4)UpQ0)Pfau~c8MQoHr&F@6z1@?bjFvqxeqn<Z(Q
z;8nB?DOwc+&~kj|As-R@7%8>{yZACEWreCetGh$oiaK+iHSN)~v|*&Hm`wN~MPo9N
zerB_d3ZwP1+xg#H2J&Sg;h(t9ea}?_yha5YE-?AI{pG(icbEQP-6$JG`}n0lU&{;P
zSXZH`?I~s{Nmhk{T9=sJ2WbjVdlL^XO3n|W)JT3Q-OJBP@LT=>G%`5F`*S_vblWRP
zN;Zp9A-gGZ5<gi-(Op@`(aHv;5*yxV47vwO@bq?#UI%TaXd9Y9+1_xIKbh9=F1ENT
zLYbx`#oQP`!@Hvg1Asg~Q>bGlfFJz@YAATbj8Iz~wXiQW=kwL{UM_)HMv5&^E;0Ad
z?CK|NaiXq@YQ!9MDQ@eK7<LtVV2~DQ&%OB?7Rr%@2CtLmK(oJ!=AToti_dKrgQF6E
z7Ws|^Q^2g+qFa-1ePwv#G9~KN3oT=39cy7><gSDiJfeh!$=vRyg68@NzVi4nAL(R8
zO$ezegiH+IH<VO3#|9ziz{9}x?o*Y9Uw9tKIV47EHlIP{ViR%Kz{-<Mbd`q*Nq?#w
zDhO_Qm6o<BV{GqB{N+-Yh3?^n_VsKM`!NeR5iKR~P^o7LHqF0QWp?#!G&Gxp-T?8K
z_R;|)QSf#w1hQHZ`PXnGE$Ur>;O=0gD=foes`;uaD%6_%7MYBR-8-@ksvr(6nG3=r
z!3F*pilHQT>|@LZlD=tYIhyYTY6@cML|ByT{aefRQt3%`ImeXmCNP2zcznbKJo?Qu
zGv9*df6w)kn*Cg5J;)(Sq!npawXvE?ir*fTFs<T1PPA!wxT9mHCvwlpvRRLqP+#s%
z9LJ$_&J42o-dp=Qw>`J+W1L+l4(+BR_EGI2W5Ss8{yYMuSz}j}e+N(B1}8^cL(x8h
zoKLeUQ2q5;j9+BEfh?O9kckZY!`vt8du%N+emTcLcON&19hP+*bGF%tM>fI-%Z<x?
z+6)Oc^^)d~V^h;QAI22A68Y!tS10-3nVoF;cMMKH@`+^#@Ou^=2_}XOaC{g?L44Sp
z7rzo`Q7V|d;WH1vlb9|651Oc$n8Y>eW3-r1TFfWTn_k0!jr6z}Xf+3x)Ts0R*6|ox
zq88XoZjPW1Y))w_28X{myq<qW5Z~h+T!1QFsG$bJu|GV|&YP2gui`q{j*lPj-(4~e
zl#g}Ss8e%kr9G^n*L8S<R@5>hgFtJBU4lJao7IE#Au6hE0fJX^s|;5#1l>7@VW{q1
z((hN+V*Ex@i#J<Xd3?Sda;Y}xtNLd4k&)-3Dw=c#$tbcT9f>qro60XCzC`BuVTiQy
zM>La;>?D+qI~^#@Gj2@^ufScAD~L@)v)`8;86-EHs^Al2%OnZeRe{eZ;Pw|VZsTe1
zypueitdkTQrc_PFJMFE;LtJ=Y^`pq!V!p;(R0Br@)3@DP)KXLI*~3Tr4hPj5ZGc<H
zy$~xc_5QmngNEj!JbmJ*`oS010*O|e21J3ABQ~VFhQbp4X<hV8yyI0*7Iib(Ek#2!
zyo&)zugQfF(JoA>qa<W%_WXy?=HC2wYh+1+o;(RZ*Bx4ZGzJ=#tqFwi)o>|0bd1nu
z&S|r833Rbc5FRO!hsk2q9F8;rPCg0!_AMQV(GnRsj8rJffbu`oPx5kj^lw$yta`uW
zYLMUVj!<(I{0)R7_HtxKeoJJUQs~%#LP|``#r};NHp`zA9@1<Z$YjNk5zoz3TS%NC
zuL_cWu<EyU2KKfPIR*K}TESF}1ICh>Cy*mu?Vl9iU`~;!%`16ICNldw_5iHHSYli-
z?kT1D7L+RoA5*G};fKDHA}q>5N&N-U+a)sGMVpjExPyTOEO*F-KQREfd9q~L<&Es5
z8*L!YJSU+KRa_GXq_pE-JzP_ka?cl=8kH~MFK<SJ#7NphcYo;1uv;a7wA?HI(4h^D
zi7Dk@?@xJwgAWOR@_W1aE|Smf!yYiFZx~}1O-oO3?MVbmET2t$=w?gm)I*w5&#-6s
z8`COwV3o&C77$_k3c&S{In}HX;lLN!mK{G1|3>B^(QogX&*5lcGSaWge{Bg7dn!)k
z_@5tRTkNt`@5@M35{u1~s0&p%Jy`|*jI07#B;_=B#l~Eml_QnMx6Ze8?U}+E(L*aC
z;(*#dgRlc)FH+k3u=S7!JT3HyZ*CIqk&eFimR?@q!p8gCr4hD1tufV?MceI^4WqiT
zfrq^L6TE^K2Wo-qRX1RYn?Y`=z)PPf=#tm-%0~4C?%j-PV&Gi)-x4|5U-`e8fxt(=
zs&E&NH+EK28bF9`LSuYJYIOR}adkcg>y5FJ7R<>kmQ1kg>L1(=FFXE<T$J-*=!_sZ
zGJRD9DxCCMA<D)S^*s9<)Q0bvu8RByNVLuXU|UEoy`ma%7PV^yvsg)yxR&<0uop}q
zvRKJ^5V&R=(Dz3q-flWL+hk#}&3L|x_hKKhb_ymi)XlGKe`k1dv=KNIPNq{HL<M_q
zk@Q=JlAf%Ce?JliEeJ(ru_iF=(6-rp_H<Q%;Rm?-2^JMmX!3vT{$Lohzq}KGvx5k!
zH0kOu<zfpY#>fhgRdTzVR%Q?=^P!+3q9Yh{MJ+CEae6Xg#<novoWKih5$wEyJZ0E}
zES>5SexYV6X;KBByk8H#0U3ot^ni4rlTLlEv$q?twQkav2+yP39*pyh`GM@{>F2ni
z^?Cq)$-*u(?2>@lHLDB(fy$4dht)-}rU$mpU}IbOF1apAc$zzF&DZ70w}L=;2mGQn
za~ZjzFOibZsB%TwA+N}O0s2W&fD`#Jhs=M*{hSMyF&$_eQ05NiH{AEP(L)o;U|UN6
z&<O4E$RWWQR%X}aWb7X*jncC5N?2d-EIFi7p4HH}?80RaNg@EYk{xqA=xYVfDnCeC
z*QVb$=z@uk;+Z|$Q({+xsD|je_wla^c}u|!t7SP8r~|uDi>_%(Z)uFD(ol-Z2zV!{
z%zbbzh<(&+YIeX*xioX4B~lAr;1_70L+x*)Pu7;l+)(Z;4+jcOGumBdm9ogtaLZFE
zjA^&yQS)uu-~UO=s(SENOF8!*6ZDoOS0iw!@GP@0e+X(9G`(&m`^LfzI9^Mwf0yu1
zoN0dcQ1i%(R%s9D-X0L|S9kx}RHmLo-_>2B=i}oW75YN+7iySU=@g)P>%N4x5iY2t
z&y;$nUHx$YXY-?E+6lb5$ZILC3#Nq>m@6MG2C1uoICgi|3>~|fvJqWdtF(~te0S`&
z$JC_|(xaNTngr)(B;(p{H(hKYcIxY>;?ZvD0>tC`J~z|`!(8~)5#_e`rZg5LpJr`n
zSP!xja*%ABO$CKfnvY71eqbVNt>OuWx5Qf>WlAy>4DoH?ew!9nOVx!5884qZgDF@B
zVHdFln7oLS?)$NRBGnwXVB07Utrt*=;yDC}zXIhH#kh~Jw!SFwej1*z$Tn|6g$W5%
zqS9DBL1Oi`v~Ef8_CycxdptgX-kVx6`erN3ifx@x%Sly_K$7CxOWZ<<u&YR^#W^sa
zAAE&;$HQ!~@apn55zL#kYbrd2i*IhTIdLq5tqs{72>-jquRq)EX7@K={wJr$Lrey*
zbO|rXMu7~ntf6X{PtCeHMJ4MCc7KU1wm4ksiUiRwRyoQJ6M$F!PjIhQ8VY`hOZyR&
zjaK!|J+3()X>E6l1&yOJ^m$c5NO87nwINX(cdI-cVLj`P(3;NiSUxDXXad@Ede$VX
z=pBqJf2Ztkj6EOM!%fo@bzDttj9$t>U*niu*cFjbkV?xHmJGCx!Prd2M5OW2vm08&
zw<;YZac`D}5aP{h#>p#L#z}XNWW4vuLtx2E2}>*%Sg2vSto>MOJ`jCyXL~9)g?c`2
zfq^^r;@~?O4I*c$@b5AfA8}WFk)?Lw;SdV)?A_DPG&4#Xv|bOU?Q1ko62Kw7i(*>C
zlPWrLUh0A$K>kmXaRhgkal}a~KHz8rB*J}aKY*Ew22>&3Rx-Derb$O`A`#$?4}ULu
zq*{5)k4}z)kn$obuEn9V5IxG?zkM)wvelSRpOAXy4mIS?9ZA!c+4@YXDA~`obi>@Q
zppS(XKC#=7-c`4JULt3y!|^Q`)_yTH9u&T#C^Sa&W4F&1OMbowj1PP3f}asWvcRv~
z3#5C&=n`1+t;p-Es%o6)`@=_vF8Bf0jw^@mcca6&s3%med#k%q#W5)$=mrR#VjUaJ
zcA+Js=+B>I+Te{gbJ-U~J4z98L((6cKC7e_QUBt8Bl?KZJaRh3Td5IJVPY(T>^rz?
zA6JWZZX;P6JqjRQ)n{uEx_7x+!Ge|@5QrQ>A|OX%a$BuwR49c!lCN%8u`bQ;alhWz
z<EA1jwG}#2%-*IQRU+X_t{v^ApTwzn&ysRayzxzJXlmxIt(-z`-e1CB^EUoNY9la&
z+^eCWx{H2Kl+FU-3r-)Yww>TRai%+X0$;Qz2tU@&+J6ShgKQsvf1Z`%`aATeJ%Zkz
zjN3n7;SGE~2~OIV^2Y>aZT_y$R^7C$ss24q_fv$Kiofwtr|zd>-uCx%qb~0UU*Z4b
zhf8liEK4r|03?D!03iPJ!)**KY*kEb?5+Q~;{SERuYIhPx5gLm-+oY)yX8^SS_a;Q
z{L9wM!U-dq*5miBC0yGQ8(31ojVG$0N3)%NzqEMKEl8waG3-S+Osm)$S<-HEb8j>L
zJ$^rd^P7L)NBv<QHVHMcK?cV8w>J*#TEo@{&@hq6*GJz9#9LwAD0)A*S0---JCx|v
zT-{`t8h0R*uM!W&M*%l_Uv<v@)}-Y747mUug7_iKmDK|8T-&Pc^Z$BC09hXbeEwad
zhahYY9n#<TRG4?rSt1iA#%Kap4QSyAp7o}1yx24l&;bW6v|4uKT^?C}g|$X*Ua;=n
z(Eb7~_*=g#wmu|`gfJKP)uaO~jJ$vyyc#$WF7V{LuQ-N;3*5ZSNgRs`vkJFh`@Blx
zgR?n+zYeES!_RxzRbUq1mWv(B#@1$n?ng~q@_<JB5h^YYl-&}Goj*@*3i&b!z!{uA
zED{hUw*H3r8hS#|E(rJl{QM*1tk{dwUSN~TZL8obJ9$@chE*#$eYXYSLl(~ED^L$v
zQ>ZU6|JHD|^G<9X-w5)^jRjxMD6lL}_Ha(isJQ18R{g%g7)b^2=irY2T2D+bc(rtE
zslX~T5PI=Ke#iv|$GX~&1kDHx-Jw*Z_ZXg&gpVpMLEazHUju*<lHxH!7RFtZek8iF
zfv&I4&i0oV+yZsYJKM2C8hmZ8k^Xp}(Cm$QO=t|Rl^l@On*|RcE}xB+XU**ku#-ei
z0M~HH|C0nle1n6;y)`K8nDB^g<OATSP@8^B0F7mE!J9zIcU?J47Y85vYao=r(W1Vf
zwWXm$b_Pjv&w!@^!_$&GJQH3N*1h(ulfBD?U|u*rs^s`1+&y~4r`Z8he{49ngH!(U
zLXu&kh=7-5ya}<Ak5LF64|CD}{pdcTd4~3t;&wwsk!`P70EyX}wx&|5!ZC8U+D5I_
zs?q;@mx-C>#C6%S>BF>AQukyIqBG{@eadrqwn5>G;<Tuoyv%HBTOD7jb|;o1_9pd6
z*$UyEJE8n>O<E$QTybggSp#^JU1y9?Y~OR{R21)YFA?<PvCu@!PEI0^3q@c<7D1g*
zv=FqzJOFXRN`xvMheYbiWQn3KO(^Ua8ELi@8_EYAz{5wGaN^pte^;4;YR|bLW>bSI
zwK@&NwY#0x`L@C+RvQWxslNKI{BdzlveNVg8=yUDp8sM|nJV@VrpGNUYsA@|2$MUv
z;ej>A60F%{({H{SauCJw3h+kDr|?EgCqdV#!KXm24qsz6I&E!DFHG%-A?^ob^MuD;
zCdNQ*W#r17kieaoSEu@rukus`Zhrc@m)BR1XN_HIjIT?dcYRyb)EDeFJwA)>4Lg--
zpJGLCB(~C4LZaXw0mjF)VF+F<86qN_tzqc=Tw}a>p)0PPF)0Sn0P71!5f}_e-ii)p
z;PID5?b{LEOfS|12^!fZvExCfnRyB6ZGgS_VGu<%@DedleNFlrBfA`40=P|5aM|Vr
zt(-qGuT%igcB1g4y9ZoGY_WQVpqw*ZE1cb0E2lcTiQSc}@X?kY==kX;Qbl&DSFlBD
zY_Hhh!Oz$|J~EH)ZJ+MDD;K(1ZdITUwRlLM-CDG{ZY>I$>26j|?ro(rUDe0Bb&KU#
zU#1-fi9bvOJyITT`3-8j-2E#-YIUzz?W!|JJDbSkIx)8`9&M`0+bcpsd2Uv70=Jj>
z%?x*|XZN-`S#BB=zCD|Dcq*@xqkJ3GYF4HtGM8Us9gS)=@nR#^EUwfZ-CBM;cbCp}
zGhHu%?rQLmKD#yOb6uJgw9{QNoZVaVr#h;QeSKe%Dqrp0Yhx*nd*y7CF`K)B8w5W=
zx<-Fjs&uyJj&??o?`y^0HoLbdBHdcz=g)RVnfG;YlhIChdN{kg%KoV_wnJBo$<&~~
zQ?+_=G`d^y{m2jWG8rQAabGD{aeZ=kyL;%aTIylDyG0%D@{~A#y4C&H5VAPf{bdPv
z*Sq+S$71=brD+b!B!Gg)-O8_EM`IQUlUvW%<^KYEslwe}{!?3R<f#@-3i|2x7iV{8
z?LWY3Oqa#;yA-RJQQeP!$dYa?Ss;z6qn)3zr&_sxw7c{W?k))n=DNQA4?2Le%llvL
zYV262cpfQrIFE0Z;PUmR^XLEO3_enm+5A88;B)#j`9c3kc4=j}aVReE=je-aCjb0+
z|I}x79iPzhIPT;x^!<K_l$3`Ap`k(JD5&HPObUXRjc~f(K5PP=Syh|+;p0D3joNnX
zu6zC2<uAWZt!e?uUeN}e)^e{NG4TESiKD%Yn1zQ1ZGX?qVYD=8;Q*KGHa-ev?#Mtb
z1^0>Cy;ViF${DJGrf~a*>ctz*H_(YK=l6xPy*!AGmj-Qr-^_loG-T-zhv%+526g^e
zUo~0SVi}2fhQtK$v`VTZw=dE?aOr;`NB;-e{a;A`{|gb5e$g?R1uRdI;$8C|)pExH
zzk05l8xY0qy!dB*f%69`v(sjyo$Y&!*;f0Lfj1T6NFmX#R83|djV5~5BF41cOGpQc
z{a4Py|H<+CUpeppBggVO^N-Ti+EiEjCiPl$r-p5OkM9TS?j0@$s#BVZQ(UYEbX>Ej
z`Tvyd|KGC69RE{R-2VT{Zd0gvu@-5wV;6U?`Grg|CbMQw4anO=l`Zx0fup;?l!c7|
z;e5l)9yHr)W(S?&4mSX0;!H<6Qh0e)NUFvbRKGcLzC+F)I)AR6?H9rwJ=d%I2jvY|
zWTVMNIo)?3ai|I;1!*Y4l{`?fPE0Z;!xE<j<?V~emHGL=(OpW&!AF5|ykllhSR6FJ
z=R|p!Iad3h)<FMf*l)|oG&n;Y=capHA3)3;xqhzpx+pGX{)3>?<q2Zu{2wX*LHuU~
zGuV=bC!}fLM1tDtL98?@|C|56(f^m91AMOM-{Id3yDH0)X<{(*|9>b;SP(ejFi!(t
z@Nky#HkT^@T&GKQs`M_`D0tUTrv~$6SC3k;_MMu;NB=tO6spn{>t|iG&yxV7Ncjzl
z<C)w2T=V@>zd%&u3TJYSrE)5C=ns`ex=WKb>+9DESjEfadUfKXZJ+IRg3puxelDI#
z6{w;rI56$x>Zw9&sjP<TqWhn#y96-GwQ1mXawYajUZtzFs&<3kOMHawJ50~y8dMPt
zT$pAGtvun4PBs$_NvAqF-Iuq|6Rv@tN9t{Vt1}nv+LzaHKCtro3h@n3!Q_>Je{^Cv
zlWokEQ&UJ>nilqk>K=8Xsa$v`*`Nxm;lMPLcd~>xcx@&d6Mw)qhUz@OKA=aWgyR~$
z{+C;CrtpT^X0i$CgYMryc6%J-di^S|&lF#k<t+hV|AGJG;$t)Ec=SPi>zM9mV9-`6
zzVTC7{NGOAbm0x)|K#?b*ohN}^tmJ!=aA*}Qdr&;00!>K5i;3TEhy|$`?n+Lb0q#Y
zbh#ZDl~7vxMFab;ehL7C@?OsFgwxg|8~y9=X}&@*0^IkPDygNk^^10LPgR*05RB`5
zVl&$4UD{YS`4=O$SrgI#U@uUj<X0lOQ}}AcMRBg^wi`;bRmYyySxsTV@>$<a$NtG%
z)V;SwY|^xNo^mx>#Wz}iev2r3iPl2CB>3NqCL4TZ8_TE$y07<wb!wD%217LX7<Hc}
zja_ER*r$BAFECBwFgnDtieF5)D9`2Gc1Ec;@ENi?swiu^FZBl3sd_ImN~5QIbZ=F4
z(~o$Z=a{8}`p2vlTFbjK;Qvvzm2L8MX`-AKHd%g)&AU{c`Ubm5|28gI7j5-b{9PFb
zD>Tg)-A(2awV8L3pD(`Sf!%D)-)MdLs1K(RHBua-;Y9pkl-=&U)<ucJR8DOqbC%Il
z1f+PpXe^<RIm;az{-YsQBge|X-EA7&LjzaFG-)uvf?=tm_|bx3^x4i%{cT0IZ>g|l
z4ODf|)RdWC`xix!eXIu@e`nm_40gH*;Eohnd?HMesH9i*%*n!(L?4%|hL1E!)g`_8
z6DFgXD^8Mg-pM|1u6V_4s(9r?CX+1jnm*<j*#7wj{D?w%RpyA}kLn0*4x+$58Yy--
zQg$_NAwTAz@(1!JbJ2_V_c`@I31~%Ok^70ak4Or{&x%yb=n`OxI9^AIF-{uF1r8o}
zh>9T%O23~EbDwRt89~N`u%vF&s~K6pqHk94T7ab3FyoICITq;ar@SLN0(fUc5~a2A
zRQ-l9GjW0t<jiAbJWpH<wsnK+BL}^l<C9zP>bR5mFm!q1WMEHRs)dC`lfr0Fy03uX
zWt=rn#%vs+8dHP_CKXDba@c@Fp=(Vlw&A6OspNjcH;cN3dP>Dp8Jt}uN#>-{OWtss
z$ZEoInFS`{UlmQBlVTrxq-c`C4Wu&7S{!4^?DA1!5IvxE3>Lr6B=E?{^4}Q!Ez@)G
z+xT7Jj#BB9X@QhFj_N$~C6~|TNg6Pgf`A(CrsdzET-hJM2SbG>=*`*_CSoqQdqP~p
zsO$H()jBufFF&t!a<7-gkuJHHt7Dg*w+}j&TWXZPFLg$_?X9Lv4QBEfO|Qjv*3eO#
zuTS@FTfFTo;h@%C*udS1^Ii9^(@(25p%}M2o1)LLVI1GWnzq-Ok(002H0mw3>z^((
zADzB->lm$P7vXQMAJ3OxJU>1NdO9sPv$eA3m)ooJtCWrFmFl3?mxdKvyt~#e+Nveq
zoaWlAFR>e=qPN$jIy1SlMPKx7p}zM^qoeFq^0O8GLHfMCFFks<i?li1JFA<YnvV_#
zCqC<S)0##<)hm_pGw!d$PuuU4%c3pMuY-IS<qB82tCiJ>i(=-AwchPEx4GJ_dAk<g
z3ijE~n$L|F^eU$vxH)?2>z%T%C5J8zyJorAn%S4Kdf~XSnxv)sZVw(#yT;c2j1<<}
zl+SOS9+$_H-|NkPT5<nQ{W<$ReEjM0aFm(5z4{v6Vn^NfhIPIQZ@t^np|<w3-E*V6
zdh3=4i#mti?1WtJs&bw0Z5@O=vCnl$vGZ%bo2{j-^6}Y>uXpXlA8cJx-BLWTZa)95
zL%-97pKeQic_|j^+M(})NxQue36mQQ9!mEY_CC4;z@xsFp@P!6w*C6$xE^;nWAQ)h
zc(&B@tIW}9tA72l___X^arydHUeE1czyIa5A?dEJ^8$1OvqsY8D?QBVmydNi#I4%8
z!qd9Bg>BZ6_`77Zx_KjWnKbg=wPL>XNq4U)vgBqX>rR83>sjZe$=?_Jt9LbDw8hzQ
z3y|yj)V|310p!i_%Tyt;I~R6PnFB2x)!Td9<KqO+G*j+_A-{AkTq1mxvMTv?+pW>(
zg|*w;u-rj0CN;vz>07gvteyD&Z@TZG4@+P=9XkG6wZ<wYHnudl8Fd<!`efbOA146P
zG}}cag0K*<VJ7xx)lb`KX`v548G!n;?YakB6J4h#z-?~|0g~cDF|^<!y>Fclw%Fiv
zE)#~2%W#Erjk`b~Q3nt8W%p$>efAo4rHbN0t8V#NhIm&z;HD@Zf({l)0*lxZMp16&
z#~Or@JuEmpRR_y)rIDiOTZNhM(+ENdFqnRhW9W|&{gT~HkhCom@HNliBf8}Cu4U!N
z1YCjF`%@P@O(9w8yjP3%1ry{PkP^y4CUhabkQFw}ljB)I;Vp;qtdWr(gL6RqB%YUF
zgvu!ZMT-QIyyk?L+KvzZ<+t7v4?ssUM_TM4a@P_XL#IV)XCHo$jy^pbyPv72bO0h*
zx_dAkEoKM!f^8<qO=3Y&vH!*uSSH`4%~wFW6T`bej^hv@{Fo(QX9gq2fl;p_&yj}X
z*u+4ZBO)u5+b7E7N|l{|3-{{H;rMMk-Ec$cAB2gqU=Y~*K&s-#Ot>2_?vEC}-0yz@
zK|RhF6c0=~47lD}e_RN~VB-lCC2y4$ATfq|mI?<MeI>hJAvMmUq27-TS7XyzpJpK0
z);jc9Cix{Zj%K;1fZ#PO)QZ$d6q>bawIYNE2j0I1bVZ1D%KwDJ`v7J~fJhCX?}^Z7
zH(w+Uy%Idt2<2|xfVaVZk=T0~hr0zI7B004u75E&iZsBDv`27n9&1f0;V7vVhXoBs
zd?>e4A_g+VX4u_4%s#-r4Hx+PHyA}BaJm-Q#n5S$^WST*XS4PQkBsAZj%Yo29#!FJ
z-i{Zc%aj`D3z*~!Oct{%0T!+0aCpWyAaHEwDDeT_O!z4DDm2y{5z%Y3b(+W4wt&4R
zJUBfO?tBR{jO~Gf^Z=y+tOAM9>XUZzDGCRv4<GQ^${mXMtTB>sC4AOjJB)O?h$MX-
zWrJ;FGjg1;(_r$mnkw_#l|!pS3m*q&Zz{z68umzUB|Tsn<XtkY4VCz=j%c6J^H2lS
z0I~Nq+!V9&y~;CH2igVU+MJ}!*raQS-_5{9?p-NGrh`DLyX6O=B(*}C{{mV31Dp`p
z2`@xh*$xt%zU*(&jX~F!G!dkb@RI63VMgeSCM>e*3BhE!LrSnLYcVi_(1p^17nrW;
zhS^x)M5#&!p9()aWE{i{ToT=uz{<YBLDQj+`vj0cFB=>MVW;jN=<`a<2vM9GcmLUR
z=P5j%{ZTjRH{X|l4;Qvx^akQ`5sw4=umi@^O$xVu7v2HcHc`qA2E3IN{lH?&rQ|KS
zKB7a9*!KbCBe^~in-;#M4cJGrEYc@EEF*nL56N9}M`~D3`k5A7u=vJA8l@bq;$V7I
zQX}NegR^lwzzsf<4lDtfS|7K(Dfpe#2me0x!TzX2FVF)i6%QyFc8?nSxnNuJ$a0h^
zRD|h?x6f#kZE$uj*nNXH@S2gbsSUB9PR*cFG%%L?Vq<wNZEl53F+klSQ_l3LeZPu)
zr_ZY_L=Y`~zD-|1wxtyX+=j#zMI&CO&q?G9>C$jQAL1%Q4A89as~JwFltv?fSUz}x
zsJ0J)LkKLRgI&EY4q$>gF6M=1s_P)kPylhYEmRJz(*$tZmjo&9%|oCsf1fko%07H=
zOSG0G91|NG9|4RsPq^VPlqFpdyiIgJp^zHNXyB_IjuE-PngYDUJjjoRkj-6k{s*Hy
zPfP#?f0s!tB8v7;A_bZN!@rMTID=?YXLW^84(LZ2>vxq4)IQn*IqO*30=Cxj0h-OU
z=}%9<)wQupYzvRxl7Zrj1%G!G`dZgwyMFF#avU){SiIhm<xyVCC4llA*#1oYOX21$
zUR|r@J_K9XFbM05K69qk&2V?&%b?|1S5yi2Ky8SyFzwG1<#=w=@y$&>w2to#ke}c#
zK$i)fel^hb?GKnB+M0gFC}wOFfXG#%t4KK=Q=e5j+L&c@tY!2+qyDiNJKw1qTkFe|
zW=L5gw5Mp(hsWP<epXMo>S;akIS@Kv#?SsK`p20>WJcB(bLf_o29%&^6br)-NO1Ab
zSB*MRTw4LwSszXYP7*oi>!xESWvY+eL*(XG&>Z$w(%F(Yh0F|Nf5}MnoXv;2+7|4-
zG3b9MP(+JG)kWiy1we=3!6<md?T&Y$K*~7SK4E(f#^4^PUH1iIuuqBsLFpQKU@*4W
z0@WTdK*7gdV1UFCml+p^VT+XIK(dfH8!$kKtrM=D0-x2-;-0D-<ihpSk9ps0N1rnt
zJ+c%NZ_+)7<vuweWz1dyd)C(pfY;E3U@cSXYHMp-f&H|KI)^C$8d%G!w;`a$)2%ZV
ziS0H|Yw2?VKR#fNxgnRiG~(acx3)fL-XQ{=BIcR&SX$^K4rpg@e_=C{IejLf75svI
z{H{Gu4T%W^XpB*ULknt`Txh4r>V^pHbIPz$8pL>$jEFz8#0l<6C02MMba~^IIQ4#g
zkD1cQ<QX$(*q820w4{IKVh$R$<3(>?hN<{{It&T-jCIbAcT70RrS&pKc7ny%qkdkX
z`;z0&jDOMxGVroWww2Qz_h!3X5Ky~)lBfF2gW=_J?b>iUDQQ-|a5Zi!n`o=>XyhEN
zq@c#5WHB8HfRWV=x^(f#kg&#FWV2vm^r!KjGhc@m#$N(GY}j`W7@YOfawE{%0WDFQ
zDx8XTu^P-7AiS)V9bnc(-~Udff!vZHdxd@aN_g{%yxR~RVt71Zs(%fj#h2-ikIm4h
zUv)8Kr*@N)sw}ED`B#`qc2X|-k<Y|=N*UB?Z>%VSQ4(5gW$PliyF{cZ5NV084aLHr
zN&g;7kwHFG*k|UL#&$b;6t2Sa1cs3h*AF;3ghq&JD^QxblO1ag!>qxDF}pP}!x$vu
zu6v+j$eCqC9;-_ydG2=7xy4jLk89l%<aXRd>L0kprU61afvpgY4G#!g(m;ZxV}~pf
z_UE!X3BM9U9C$7l$_)r`U{)RALkC!8$pa1$!<H%wNjWfT)}|MlHaG?RXi<PXhKe*O
z_#=BZAhi27{5VO+Ym=aIV_d7hrRVL=a5yUXUv$*U);FP~jI@eB=ca=K3;is0`Mbll
zLW2$8Lu8Af_cSJ|l}CmKb%amz$^9VeZ^uJEA!TGM;FroSTyHk%9F5v>hH@9jmRvJO
z<<6B}AnvW<)SuA$?BnSV5FmsxPKvXu08gR-L$lc#kYDj5+qZLBQ^C=J0<#Q{`g0w-
zF;TjYoM(;z8z}MLZyOri{|r#(@rza&%@z+|cj~V`Z5OVAAL9H>v)V$Pp@60;&n-3i
zO$VG-uxBm!#HIDDs0>M>LP0!nQQ^T1WYh$Pg}f+GfH3<^`9)LY-K>2Zm5Spm3W6hC
z9(xj2x4O!Mg$?lb-bAQFpw(W9=Wdm;b>xqd&-sRS%Iw~G9aPFVxX^A}YcvCSkP#ha
zs2lJ&UhSgD!ve>>kAQPv(YYRZ3X|F6m#CASthLh-+EiWetM>7=%&XMF(SNA$yaG_T
za)98-7Y*Z;$!C!3J>X0ZmtW=Z#?4GHYl64xB)wWZ)V~|hFMi4sDd%ZMXLIyAp4fd1
z4twVsD-5B~WB^=DRe;*TO-E-n%mEkgO&p78&u|Se2MW>p1x*#s@Ma+z&G(1A8g03b
z=@0naDT(7fMOv+cVv~tncd@r}^BoDYLX&5S)0_grlZ(y);vquRn*>@pFhuZD=7BYm
zQba~^(40M<94l<|`js{-&<)e)q4hd`{f1G=%d)%i``=eI@p#&-ak<v>LY6=HXN@GF
zJ9{sYQuE7Ij?2tFr#Ejm@b{AbVw648T<!w|VN45iv-bmVNY5Q+Vd^e!0B6faJ>Q?W
zmPuB0+X7uA{C@FY8{*)TKHCk~GG<il<B9XQB6LSbWsB84@<W$dXbAmAL*X{<w~7;u
z*L-3L5jMTuBLt0n`z|0J!u3CdIh{sD#Ui*(#_&6jW8e~oMW-~f=^t;BMF!axA3BM&
zM~DNuM*vU%8mKLE@{lh0KzdROesN~^o`w!kz|di`18$%jX399c2g7jF^Igi1HpX)A
zu1E7v>C2u&C^G+GvFRv){zmZiAlufQLrB7}y%R&fc@7(Sk7a{8#A@qV<ZyE46Ng*D
z!Y_o02v9)8CcoppB{~-c!ztSxaw30l40cEOiGXS*+!4kT{2~qw!-4_CxJU9$`2RVl
zi1e(TcE(%}7uO_$`t2*j-JC}ZHk0a!itL+xViy*tSo`O3_+oZA<rAZPxl&-rb!gPL
zt0>bO6-tRS=UY5ihZ95h`eUaH!L1NOhbO+*u;e(W8uAwFmaL1qm_)jhJup?y$7;vS
zBS!wjqI8V=_^<OE$U~`C-hmI%KM++BI895SozyvsR%geRh>Wvvo-OZNcq7SzDoW49
zBr*X@K{ch3=$VD;WEsvY@gb+8fKi*=D^Z%F<IUA1AA`Q<;^;>tafKqBNy4c~!XY=8
z#R?w2(UhfsV41Zp>$T2i;P!u>t#a^S=xXi_)3IpNiu4&8P~VIZ*c6>TR~yla!%<A=
z4xqs49ps$@uT#t;LIanF%bc<S9wzb^KNCHf0C1$}#jT>xR3Lkp8-ALo90>6;ii;B{
zChv71g)Zeyz)K!0$!wcL2_i~1BNZu0#*0RhB@`12$I28bNeO-JTX0$#(s(J&!i@Yn
z%}Jt_I#@zt;6gE|#`($0oA_$hv4We@MDaZ$o2JJcQraqTzJ#c*<WZp+Mn)xVsMI|s
ztGwd=%;r!>)AipWK0bU$yz?z)0{tohX|6)#i9izI@qn7vA2gcvZ@>TWztM!-g*Clc
zJR4O4q_s^d+6hsJkJW0EjqxWf33DQ*Jc;;}RLLI`7S2;H%&DhUlzHVZBK1AJeIouo
zJdw|t2J#3=P6L77CiBJbCnxIjq<@^*?=RW_DuXA`+hYwUs4gICswwH!P=6J_(^7<K
zL?<J+zZ_6Im6b2#Wt|+I;k{La4=+He`LO@d=1uxzNupauT_PuYWO)G}Q6h%ayzF6C
zdA?mFzA^Y67`fp5*&VN;$gE2pmAM>&r?p$WH}XmRw;y(SBD&5=1_~>ov<cjd3aG`M
zG0k58EvFQQCP`^M&D7vWpOew7^%vkz0#~H>L#5C}czHP#W?q)Y_Ha>ZV?3&#kSwFm
z>*pc3o}^C&Os^2Ax+hg%v${acdGEiA1SY!{7sSA>C*)O=P+Kip3ou)(<e|h<4ISO@
zI`P>C2lhI>j0D0w^qRS*sdXK{P*2E5<uqx2zqM!HAM@8d3l^3I0MpR>B`0Ao3J~iZ
z4Pc*5-lBL5Z`E3K(j!^;@#w)E{3-P1PqWee+R|cPVghtCx%k(5M~LB)kOPVxY3GDo
z<vb0Q8429>CDwQ{o#@53#}kf>Nc4O&bftbCfx0qx^#*jMXHI?TzR0?epolum>zTP>
zw?S!`PeIkR=>F?xMFarD0RoDS@_5qdt&_P<K5i2`@*R&T!=N3%!lE-%9RrK0T{tEg
zv{4sa2flxnZ>8BOHXR4jU0J9h;@7)sFia?UE}=AWX5l<rmwS!QMhcgUeB+x=fD)fe
zXeJp7F_&fFBhR`G;<PtZw_ZkCuR4Og1hZUjjaAcGa<OM^D*&eBP#%bl6%>!t<l07_
zXC33wi^9)}_jP++EM3DpKi=Ndu#drC_-|-+=Yb@~M1M%Dd5XawEDsvi2Z`fs>CJck
zxm8h#15d*6bUF`cA>IR2`TE!;?Hr2fK#P!+?b=Uq?ZiqjPZ!(L3z~m<%u333anvb$
zM^N@?HhTz8%8V0eOz|v-W3{OOE?07aUh?It$J44~R-%+e2lAbCu0-EuE7m|%Jq;Lp
z7@}P1CFo^z@+rsp5?rjx)D@hI^yubXQ#-R%5ICRdL{Oa@yCjmQP7*CHPt_Ddd%;Co
zmV?hZtGFDHO-oMDoZ)B5wxE^lA5y9UMV7a%4yN4tGLXkz{{8Cy%iD(Du!>e`P8y7c
zF2pSH76^jqUVv)i69Bqs^8c`RSHX=WYL<Y_%<M8Vv&&FsW@ct)W@aukGnLECRAy#o
zW|Wz6-QD-j&P;4<?BhO+UK9$YLduX*Ql9+IpZ*<rl>5N`N~JA$U1mVfuqfRWzCazA
zWS^gTx=4oYXFI;R-@t(#upe+y&|v#c@aV7tqk8&F2NPokoEF0z33kEycVVm>`ThKD
z=SlZqXA@z5i<C)usLIdZGqbb8a#fh6LPVZ+Na4bD_|dq7E$3XnrMMf#VYmedEm>Wy
zP)6w0waI7b;u!2fXzjbv^Doisa7jP+4--eq%GXPK--@7LfBn{)n7Fp3sG;(f{Kl>V
z{iW+(h5fDjO@7H94-^syxRVG+1HkVag<`49CUtgjKig(eQ4fjs<1Y87HgnTDQq2CM
znTnjfe~4e+*|q9COvwv&l|l{lw+>DspHq2r2Q}94q}7qpiKuYf%*^znOxg2zAdV>O
zROw<WP}Q|6Yqj~n=9Qpy*tM;MWKJ<?goInN3<Ae+W)+TULkeALZ4{C_bH<28XvET5
z!QhGose?T26}mWXN2z3Yq^N3LV|N)p3SezGNm^|Dwt{#XY-IKDO^OSYqe>I~bxzt`
z%G9K?gK<rMP_EY4fUD8i2p&`$)=WD#RAw6+v<K@`#Bj`@1X}&}6dDZNr=JM5BCc;*
zXG`t*?_E6Si5;FNyE>&WE;ntPuilv79?>JWd@8UgE&v)673qnhl{^;f--Py>e0;cV
z*%2=$@&&XmAp|aso$dbkIK4M&<qx($HYvOt86xn_ENZ<T?%w#kjwRdRJbdUxbyn$V
zHx1Igv=Mz&`gVBw#qkjYW2RQN*Pkh^dOo_`-H%#7SS|{jy)0X@$GNR-q%54|$Z9U#
z`xHLZ&Un3^EU}a-S#-hL=IeRi*E-0aCElJA?4(XzzE`KV-;Eu`J~lplEWWL`a1yXt
z*Q>7ZmAg>y-)8$b_^^LC-p|-{yxUK=l__(j-dmpSJI|)iTj^b_wVN&395=7#%;T7C
zsD6c@Q46iMVMnRx4;ORqCoLNl?3xrqsz)zM%lSiliz629o7_2B>>65E<D=gmC4D}s
zHh(-j`nlT7EUv|V9{hIlb9nyP<mN0fd%XAA17yP3c0#nd2(LW?s?eMGnlHbe+iQ~|
zNaPOOW&`YeLxsy+Ps<?8kz=ZDw3%=9E9FjE=;XB#SLfP5G+47J2mG>U({%n^igK%l
zJk%O{@l?#;xJcCrm3nk85TY>ZHIVKm>b!OXibHoLM-QQQZT9iQb=_}q`qq7`?b%q(
zw=h|yrTY5O;OqK+*yi&|Wi6*~?f#j?hN8Q;)Zxzs$_C9qpmZ&}O)<oI9lHQ<iK}#d
zgjl67`aEH>0=Sajj~KpfST<PrV7k*4oU}KQbEm+_bu95z=IRN4R=XU}0J7BGfaKae
zv`@0UfqAj~(v?XskNWHvCPVT?^z<G#J6j>sP3L)|OD*p5XY=nR&x(B9HY>Jx;O(~5
zPqmYbig&YcyB2LE=_TI2-tI^6Yek5Smi5oC<5Nl7mp11cX%}f0GbLQO9>)B*xtl0x
zXSM#z#^NA$fiG2IO-=OSM?nx`ICk8EY{-Y$7->~&f5p2w(kt6`g|JIaKKt@v!pKcN
z!g%{XgiSFy-^QNDs0uH+*!ZS5nbIQBbD*{qu*q}@;b!*TtLO-9<cDg65}%G+JX8fK
zvd2)0ey`LLB56WD_m+ZVgPyDRZ|(C$JT*+S`3cVlJZRemvKiwSq5SBg&0h?e(!7&W
zNC``T;$Zk@6kwK5l|mt50aYiTBs?3DkfB>ZdV3A@<LbYsxQ@62Z(hUYjx&M*UP6Ro
zu+wk2hVkKV9OmL6a8}@(<Ld72g0Q=s5<&vtLt6?Uf_@AUZj$>`$Jr=ID4HQPxp4Lk
zOr$v?(!$x@BD^lNnR%BddyALh8YR<d5TJKFym@a3BLZ-72t>RkXVBEc0zt806a%0u
z%|yt5<+ZflB9i|ltvwhn5zqj36aG_og23d0g>pf6&25R|hpIrpjO-5>5pG5+)aM7Q
zUa1P<#)b2*hg=rGdInp}0v6~D68q?e2MaXWma-#WhR?VQ-|-}8;=GtP<!i8+C-GS#
z;c6j3LQJnhMlirK(DumSzy-qx)ar;s$3V_w)eQd12Vx?|cagCa=C=kN)Y8gg@$SPz
zKK{)82_jk5=NU)AW|rMoNq4v5O83dwLllPJLmu6kMjaM<7Jp1;^n8rTc*3qfdmLlj
z-GWZxdw~ik{6QX;<j0RgPbezS;4Cd}evh}t_Sw)Hv)O{*b~XGnR7kW)iGpx*xR5u(
z7+#)?fB8XYAIWf(fAW`IyAhT^t_m7cYJd*Ots%6+5Mqr@VP$0+cO6%g_tvVR2^3p%
zV(<LTmH8DBDgGAA8|RuioMX~A$9mris5-bzy05gh{8*SUL<iWPX{4;?rwtc0`6EJ9
znl$RX2J*S1|HRmA16B*I#YSNF;nwC9@OLh!3B#{G2F#o&;^4ZMFDId?DTW4|pobDa
zVt2Y5v!nm`1W+wj-bPZ&G^l$?y*)yAtHUs6mQuD<emrK5+N7ZqHHofcuVuRSw_Tth
z-9;pms9>?s5Y)6cUX-9|EkjZJ59sUP4mGtO{}Iz-6_nRf&WZ_nH^+12t!Ojk-=83$
z->xw4+R#J4w2V>s^Xd81L3^(3pmyibET@3A9bZBd=2Bg!fOX6sq3Sa#fzd;Q7EhI?
zwNA!mH_EcDw-PT5^~K9HsD+OnX1%K8SnDx56+g*+v|TbBZ4JA10Ns<9fdNe;dxy;7
zH)xg7vLR40icE(^Pc*<|;sm;9vIYVWXd25x#A(T}sb};Jre4^-tCBS|LZ^*xx5$ee
zlF6gi3|gouov5-Tl-3RV#^u8&CIO+Rfi~Eu)VTmhKifPSgKskJf52z!2ca8X>*EJW
zH<+5NX|M;=mDhxt=aU;>f~3`ALCE`Z6V}+>_CT8m!A+4nc5p!MASZla<H(!eDx{5)
zk(n*lv9dxr#bVS&=FMe?&Eb~EpHTQ%9a5Rr88QXL)Yj>u4|0W8AL6=V;NC9t7tNAT
z+^c74lBXL8EAiq;HVl(L@w%f;Vb0xH-{L)>nysvE7~&6O?V<rSCg4>-lXD5TOT1Jm
zhzs?{Y9JynL-~zhA2%Xjht5Nmu>n#V50P_l$!|E*A96?S_Y;Qdqq0s+TO5DoMQj`E
zIAYq{giT~mF+$C1qBkb3`~(t*cYtVL)Nn~tv9_hMU~Nwm5K%~a9t)otzEc22U97ky
zua%hZWw_1KNa*^U#Ph3B^&qNe)PpcCs=W!1tpR5lO6fh3$U*t$2ol6Bo>uJO4<W#K
zgXq@XB9{%|Z)&w^>BF-|C__#6a?>^iq_`^P=2g;dhgZ@WjBy9|5AwdqhzAZYkNp+0
zuD=m{8V52ZWK<N0sl%u}^#Fw&9mi;E1rZ`29&SzJ*j7dBF$s}<w?%^`gV8qjz+!B&
z0jn;0M*llwC6_);Gv5uJIe`iss4#Yh=z-EAwa}A}GifR}A~%vm22U(M+BD&kAIw4J
ze49|6<>_UXq%sr44Z;<xY>bbAXSTN?qRn%DK0Q6P<hp7$Q%*#JBt&o=9ftS!_n&yy
zbN23Le(Uf>T6v1zrjbd?%%qTM$OHf^RNaB{pQNqR`OuT;BX&;eQ~iX<O=8V7f-FhS
zUyYVn?kOqwHDK;{TTXPA>a1^mzy)TxYiRbPS*5c`D9!ld7uY|f{B}U;nC*W`)$mPu
z9wW$Tuw=`$+x_^sCDGmy1{6^kjwaeO5wv>9I=0IJNGYbgkJ_ta7%NUf3Q5KeAoG0C
z%DYoqi7<odoQ!lZ6Yfz)^WROOE2jv3bDXw}!gCLb(|49z#WN$wi`Vo6b?}d_%9IcL
z<zCT7iDq2oRLsJ12x<Z~_S12vgun&W(_3}F39e-BwUx+(iZYrauE;#?nD2WE=;Fw@
zalmCe4}W~Or%1nEDVc=#PAQj;f(WV^!blzZ!q9(ZuEdRp2>0(lpH_e}jD>L%IR@`k
zQoaj$nLS~Ny5oNK;!0lISVkX2%Ux)gS!;YZxgiNo>u!_^B{8MWA`-GXkmOMc<&Bpd
zb|Fsf?s=1#)ttM2yBvC@b2<!0VxorR1+}2JL$Nn|X+TmFQL$$E)Ee4(i6{Z8a8y3?
z4-INMe}7z=6D<R}5KfSqE!gubfVGcL+Wm)Y0}tiez!^qH(0xp7m8rTSa`auM85_5w
zQc}Dw{|&XtMDl@N;>1RBHO9uj(-a+kY3Vsi7zn`LG{XL4Bj2a<@RN=BL=0^N+J*^;
zE3pQ9hN9KU_fwAks2H{%Nc)U;iT*~?)!1NR6CqM(k^H>sO2wi75bSPU4%Fl8dZJtl
z_jF9EI>He~5l7n;2VdhN5f1|p>=_C)ADRiP10(aqMSCn}F<yH2*%*&}86=g_q8O*v
zBnL13-W(a!g`#{WUd!uZCs|{WX&_qa*PuKUE@zuz$7tBNF#07doRJ-i^xyeY_`g7$
z^5e&Xz_Ywzwya?*5^y?1*w>Uu-qA8`0bW;A?x+`h#*`&uhR|B6&zY&w-{Q6c4*(+s
z_3VC6_&P?_yl1LThnqTnh<xQI=REJqYb%*<6FeV@fO`_*Sxv8$*b&SK4Q8fR@r7l_
z!5k59&i*&o?Mb+6MI|mxZ!_7B@eM~84M9dK?i37Luo7>3?t(1*D5>?g@1C<aS@o>O
z$ai<#+D8@UM->{M($kcd<~~kb?Xt1XY3*4H01B1wrCfYhQ23I8H&WvV9_)ywBfq$N
zB}7dqgcq#!3kbjF#*8kQSIOIuW5%a1JTI-2Z}!eq8)NG3W$qwj{6t$@xu#ugvrm;W
z0i{~H3NM)&5pzCj8l4()TgGFIA>Tr_p5&%Ok!+y_9x9BNd9GM*rHLEbV|JHJ5t<^8
z-O1SB5epyB4SZ_#1c@_u<Q)dz(@qGNK?+xNnNR9K#yVMaW3I+HjHPg1Bk$=pdAoaP
z$kd5${ozv*dlIW9n;F<*wT}rVSIRzqkM=EFnmp05U59PrqTMa5ZzuoKZz9ud88+{x
zwgm+P{8eACjs|&XyaHqix~@ano`3TACj@~gwy)R>BgAI#kqVb^Bd!iFsV!CmZo2<I
z5<sOcf;)~c4n8P4kku^k;EXByI8J+LN@vLdbM3M7%$}m|Pq(7gXFa^y=psI@W$4S$
zwsXqf<1KdzX|J7WBd$luSUh&Bsw!+k8MwqIK=4V6PC~tSAz>eqUZQ{C^z%%~F!KYs
z2|!jM=IDGWxyJAtFks$c9WwQ1qIUX`{`(a>eO7IhxA?sN>ks;t<U+k9jmjse3J+{*
z-R#AbT6;aP=SmwMeOiU`D~k%?xpi1AgQs|frEj%+OS1NB;eiiObT4AvEy*4}J@Bbs
z>kjjG`pc>+=Qoyx>-xE>>N{`AsUy+QpswU9vt-q_56Dwb>^bM+!`$kORHM5(mG_7}
znrk~%n9p?Tw{_`08l7C;3^~R-$-QdUkNWASvZp7Sflq7n&#}cv=9_uRIX)#BKAOl2
z$ql)(*LAGZt7gT!ido5-Pks>w5~M2DH_1NC#=@@fMEc6Rua|IJj`t42<r$K%7U^4j
zoEuUgXVR>7@|xVqAh|`8f2#K4TYTx~>r?&pgj>~j@AWf}l839wou76~k1IVkd#X#K
z+_5K@C*o3bB90(7qVZXELOfBU*#n0BBQ2VkIaZ;eXzqq>{D*llf3TFv=6_kIERLNO
zyG*ezuAsu;y~v5vYXrB$&q&&WR@k~;(QU35D0FhbX$Cm4vqUuWFVji1NMWd`VArj>
znzR>SXmgvV{c4Aa;O;p8T_s4u*E~I3wlf18pEVqi%~V;G_ErrW%}vs2Hq*mKFpAuk
z{~ghHm|kfFw)W3E`PSgH7vT~~Q)ce*d53<IhSf*EVmqQ2+dU*PD{&BOdmccOJ_+~*
zZ<eTOIM&bV-IKlH6Ei{ZazP67^2b7T;?n)*QTudDwfx(K(Ex{o-IS&2L>8+hKw@tZ
z>svG6Y|o+H!`==7e$|s5%9End>uVqOta=0H`({UT%qan?(^Ev#<|;d8>gAeVmGxT9
z<E7@E%lmHKciWjI_-niSvxQf$w`amXE!G>^I=Qop?bU_VYNqvS^$40vL#pi_f7ULV
zDr6s>XWObSaT?=dHrM33ayYXkUv=zZ-*?O7Vw^N{v(!GJy1aca{W{i*^?2R>R5w00
zA07=(Jl7axHjaL1R4NhWUY<vtwO^-}$Ju_3{|Z`^DPC=@P}8C)O`I&!eRbU0<Y~7R
z>RNax+T=KEIyGC;tC)1*;_j-bam&4s8v>Yie9aJP`mvPTi@<~5EGyf0dw9M7XJj?d
zOm(qE?ex~|esLuAwcaYKY18$MK`r|=YV7gxaD<7cz4{WzZcEwz_WN`t$!e#aTV>6A
ztIt+z#nvq^Hf;fe`5C$XW!0*{>naRaQlH17O6U7bCs%t@#lyXYQ19xAFVvc>mW^0Q
z{Y=4Ym+l`g9>y)r#ic|TfNR$|vvyl4D&7xlR0JasgzK0tQ1^-&mNH7`+IGO}UJc1m
z_8d^o(QLWTdzq{2M&0UT>3#hf`x4+)&cF-AsPFZtA^xha^8$PwyGFwOIW5u+gpYGF
z!mYx#+RM7JoqgJs=v^*O!>XC3Ob%o3QngU#tiAiI6TH><eWzC0{j}r4;{6Tf#jjE*
z&i1Ik4b**gVo&mDANH!}X{?CYgO4Dz+?5`V?&YQJ@nM2zn6>c1fLo>zF&Uv!O_Ku9
zerx)EVd4HdsCZO>OM`y2|I}!!<S4P*wRX|T5T43>Jb3U?&AB+pv15ee#a_a7xMH}m
zGfV=iZn~AgVL%EKE)%N1!SAyqq@|^}VK5|ID$D;TUd*SiF@*50dYt^&j-=-8<>%3A
zCLyu35G{{k5*3kRn>m=tm)@{44*OV4Q7$uCs-+kv0<Hj;-*O#-BEGM!601Ti!yTK4
z4j;fIbErDCakdQVAU<7AEwddc*uP>pVknL7yflVLe2X2Wye5us;L=dwhg2b6wYD(<
z>R=+)U2%{J1VMa!o!?$z@|jv@dIwsR4X|o?khMcW@=J6hCPo+7J8@qB0|e^|l)FRp
z&g4*t4zokKcUyh@R1lJehvNGyf*0KP<^_BnbxI-w3M$dJaZ749+mRWwL#e`T`gcN#
zyEu1LTKJEEDDP8sHi50VlGm@@_eRcz&LQaFE|OuNqZuL>`)$ua$60u&9|@d44!Gu<
zYsse3tQ!hz;&buG9wfYu?)FJWjlVZs<0HP3-Ep~&TWJc?Q9$8|OP{XJlais)<;*~z
z2+2~%O^{g7(&d*N#mdxdts~t*tU(wHBs)}3<&&Xctz~vsYiW6B3I9+`Uw*K+g7tyK
z;F69;oHEr!$pzyRWdJwB`&K1ZkQ$v?pw~^e<*!x1o<Omyn)TE=<y7vQsEo0qtP#2Z
zEYLB{WMfDjp~~LOsaWaDoJ@T`1AgtjY@8Rvj!#6(;!gUVe>@3kUm@h}Ym;HF@ir47
z^s>SR2Q^n3t`tA5c%7kD0fR{t`DyJVt?{x%c!#T8Jx|zL4u}=#SJ-`C)6!a*UHJE|
zx0Uglc>P3M%@BEj7<{XTnL{c|`%Wgfp#YrvM$KXY#yJVEG{wVY+;x^wg$@uRa+L#<
zw5e!+R?Jw%)z7%0(1AitxK!+&PE(@<g0EtVJO5qG!1OSp4Kq&EItM|Vn4m75E?oS|
zW3w3v%PsTm9&!T0LKG3}nw1ZmAd5~5L7aTp*z&*?ax#8ktfC9_vbH_ljA9CGltIc&
zw@}Tvg(-G#yAu_L@37m|FhNUCLBg8>WzM)D)mb>xQZq<O1fu-lY<PRPYhx{eKluBX
zsOlgy4PMH%M?r+#{rvp~`Hu6vV;|1rDTmbW%J*%z9o~KW`2y6?mfSnKAXaH451)5%
zuI1!-jm!YktwZ?j@NApRfPzbx*wzXCHbEZsogSHmPNswOJgGA^JU``B7bR43OR8U9
zES&+mr{#=nxA~W(9!k}UKCO}wTF}u5?w^KK2wwbH>znP4Hbb!kglY(fz~CLb!5<N=
zxd$?dU0Hr4TlXOInR#GjNO#bBJ#tV0Rcbkw1}f>c3#fRmZ}wJXwcNX}(@sDbO)E5;
zt>!V1{UlIc_&MJ78W$5Wb6nq?TP2)P-$SY8t=+ZA-AEY6z>cA)$hJwGAed&X7?TP}
z&{~?#)Ny)T?T2)23iS5ea@^GnW3ry6wYP7A^Kg2aP9QU*SD9ejfSXL_d^y&UY#zw#
zz(xJsf`7xa@hUtQM~krB5iS(*L_}AUvZ<7bj)e@8YAKUK2k@M&%`4O9(}}_qn~nv0
zl1znEw2UB<ITLY%NQ$>TrgY0<29M=q=!sJgu55y3>(L8mxYM-(ak`VqMzlnl!{8Bt
z;tH{=&)gp9(-*~g%GM&SItD4!93!7s<-q$VtE~h@I^l-)9tu)AcGPzN8Z?8W4jZzQ
z5|40J611^a*eh~^K71Ya`KbLNsa}3U2Tv{&2hm^X?w~@(<FUC@G<Q_k)7PA~+9GB%
ze3yP!1xJE?_#(^FwFSEqoOJRura$UhLA3evWqY2rPfPQ~M#3OTs>>V35tCR$YmJ0D
zl`k<b*FLv{zSW3#g8-V%jkiy~FCP>)r+;Kq>J}KSQUpUWyX{<DqP>CJqis5`^A|IO
zbN}&S^Z4pui7aR0GN~m~vpxpJQP-zd=H<5a2y8meoeBSPhrdW^kuxc3q5`MG7Lu3>
zOTU(+wd71lO(Msb2nYWx!JI4IX;HO)n$W4RS@D}I44*zcME_qB%iY0B3YQbVfQ4h^
zLuQ!YVOl-GZa|VDv@4iH|I1tnx4a}`i%7;t29xt}d=Ke6*+LQm&M9PfWI*Uu$=dx0
z-Mk_hdP3*2E*g~CO+xO-k4@(`4DN`|(y9nTZW?ywZB5>pBskURn+Vg^l_YT!nCi%6
z>MQY9HcK+bsl=~Ml#KwHOZVYtU}GEZZVb^5(mW{tx&XSj7Jtz*!SFjyP|-ZbjSl2k
z16aHc59yiy0$B5VG&=tUV2zzQF=VXn-fRV)Uu^x9NS`bH19UI8{5Vu)M$ZNU(l01V
z)Y<rNeI>pg?75#8ZgQHAi!-yu4H9r9`}<Jh?ld52^!etIM6He0;}@ASuC{=#s^ZI#
z4&Kj42Gq0nd6UY43$$Zh>Sdk9;y@y3M*cr7UY}52*WWXHFHsJ3V%^8TlAlnW-ur?w
zD@>2(5PSzrhC*as4i7ix{b`FW((w!%&s266N+cbc>=aP!v~HNS`y0miX^twZRbz87
zqldhu27*}8D$H@K_7jA#e9+f>>4xrhnZh)gY@GY1RFNQoWuweUqn5*gPra1bXs-Fk
zK3Y@@4B|HwLWk%-&u|s*`dY(EjQe|snB(`S<Dtof->}tOFd0{ACD@A>wk2*0b8MGs
z)LdPh1tnE~U(=<yhtV?oI`f=A*^3`AR9V%L_(|W2>$Y-7j1{_OA@vQ;?&q?wmk@gj
z+tRd>Gxs(2?TmK-;KtJSVN6{iq)utq;&H7|A;E}=_bYE4)&8{k|G8hcXLUlw=;@6M
zN&$wRRESa{Ohbi4EUP8ON>D(A$rJMDu{wM>7eng3|0R+g7+}wgF~Elbvc#4P5-6rA
zU)qN-@L@KFt~5{UN?+p#8=}AcB5*C=ZIft7WdCmXdgMyfDo*XnD4O>(?%6?i5dH;D
z-?PdJ^_&*;Tc=dPV?Qkx(rNA{c)wGP4kKZx*tU7waWZ;~vra<Rwh12+f+Ksu=K1Zy
z*PsIU^ehn4MAXy12C57luO_SYC%Pf~u=&~~fa%Qb3Tsb<v{QFV^Br`J3M*8<LG;ZG
z{DQswKzHDT*7C^96c}z5LT2QUR1Xk*EmIyskru=Mja_a0!>*M7kL=1M?=N;0)bquz
zoOu5WyUHnV9?~kHJmSqCkVQ0g+*R=U4ivCFSYEkNx5Ky}16hkitGyJ*-7IJ0C=er;
z^A6{d{^#wvS0#P-TC-)P&K&$kT6mD9w%2`sv4bk-8wCD!CXzj?_W9s_sI<DIzhHWj
z!;mmUyI+y7k7a(@CXL=rnfp1g{JA|8M~-L&k8Cb;Sm!QhQiQ@1mlu9!qFDoibvrp=
zZr9+tPq*kkSGa_?5i5PtwM*N;kXMfR7ZYuYG|&Z^JvRtdAi$|~dm<p10&ZRI9BRRj
zp733koMJb05jqF?#O4`C8$<PGB^oQ}u+S>e2xpfwL+7zW3eRJF4gJ~*mhI^_)7j42
z&3kZf97C2ZPJJ91Up6ual$#hrFv{c@hP;;IV2-~DOe9{ipiP^T6D@Tnmx@ji`Y=Tb
zR<AYo6E3+F1>d68+25$Yz>Nrr?G?L%2J{>}L`yDf_hcIzZ;2FKi$<Cch%%BbV_lH}
zs+JA}9vv>4-~pF72p=6#hZ3eojg>H?zpJz-F?3v3>><n8l4_F`XIO}4#b3KIO{>`>
z(hP{=F(5~v$A`hMJNY`KP5UM_1ETvm{CpA|dKe-`)}%XGOuyC`i)SqdV#!UoD(#F+
z-+7zW8JD79e26#T?lMvBJ{TW_@5I9t^@F3k26gg_ejTH&r)H9=n`tMF;cr`O7KJf1
zbIC{^xS$S8MRa}k5tCgh2r6**8@Du(;DaOR4vNSYsy*ipba4I)ens<$h3nWz{R#a;
zdCtS#uU}iPhvXX1CrmK8;zH{j{M1qLBor1sgX}o0PGtouT4htffuu!ksui5+j^>}r
z(S1&UQ4!v!gtC#E*NoDT+jnARixu6wo#24_(}$>J1WiqDxaO8w=gpY*tYt4|;;A04
zJUkZZ`&@O;1%k?U?(rO#Lp?Mek;e$t2b8Sead@d@Bq!`HOIzpck6R}Zv7f3?_yveE
z_e}_3F4AwYUJ{!{0sqi19j5>f)X#93hJrH+{=g?OI8;6s5c7VeyA$cB+dL9d9j~PH
zNx2Jygs9TvxyutS_+uzX(c;Yk1@+r1+&q#bFFc|z{N-^c*s|~>7QK^HN*7hidCyG#
z`;Qe6YfKKhgK_QG=pQ+0gas;sfAH5`s@XsI>)tf(U-;|K#0+wz&J=p<@J9E_KltmF
z;UD~UJ0bIL{6%I0lTyH`W{6r5JV{iAlgY(=TAoHye78<X#gbRV$VEC}xUL=9g0=g|
zENX(hlQ6D6YSx?3t6vPKOFeK7lF@S`C86toIRc!*QDy{H%XeU(yw51$b&5smJ9QJ4
zQ|(|X^=@*OwZa+UYa0XFB6F6x9F<WXa;!#cT?`8>zIM#XbEZBPkLXyZb`|PheI<7X
z99uSx3}UAvVq9kf7cTYjb2e%`8+}{Zmq$}i*x*+o6_|{4S2VTuFWJOnDALFqF123!
z7nWzDi1A)2$3Rgfs7UdGWUORkbqlHttj%;s<8SB~C7xALM{oZ&VbZntPE#XWBcw*q
zSkEE<GGP}rW&fBkM+%{TOqj!4(7#L=?9m_P>RAQZ|5p?C$NDc51`1aDZxa^TtoLQY
za@_u9!W<$K|1n`j1nK`WVF<dkJAp4;e$@m!1blus=Nwx=M<=Y*R6c|~RAfEwjJH!e
z-NkDlCEhc-+pOV*mxUw^RmS+bY7Y|ETJi|>SX2~gpM7eFvI>QK>`{ADJQs#zs9y0R
zG}`wY$_@*3a%J)E*;Pr7SyAQ1e55JgB&HSV?aB(AI;M<aZ(*rL=PXj0OhqQ#D`_ni
zWp%7Q5`8hx;=FTd<SAG>Cz+@yiz4;Pg3vl-Vu1CoNq?UyV4Zi)B?Xu$!o1GXRuIrq
z9F8v%<WVbbnltFCP(q)es}MOgF-B#&&nsfo?aKY4D%rTyecN_I>_*-$|4%k-;^y|&
zq2~|l2;a(;Q&(?MWtL5H%bd|0@cuhl%clcq1|}(A_76k9;u>hTgrJ*UDqSY1sqg9}
z!$Ze=1kirW&cO)?rV%po=Vt@#0;6^V(nzfaOe6wtG^*1QpOo^WW$dk46VR%WCw&BR
zc+2<>f25E*i_sjdA<_HB69FQ8it;?}b>pThCUR*a%(kEFbu96H3?}Z0IMxH+dH5bo
zkhHFo1G$Q&2D_Q=(L2bSl3PiO#gIyxMMImyZ@7%lmZ9<7VV7p4w8oUb(qT)tlVFHK
z2_@~G<jI%J>Mi0jx^mfC+<e<^E0#Cg(I=KSoo;x*#tAGe1UkQ(7?`mq031-}{#)WR
ztHX%gvzzp@0d$w5I{VJBlpM%sp<5ua54I2xMuySml+-;TBK;hZZ^u(N<le$t^@0Yp
z=yn%^DoDHQcIA1KTr34{4A=l{h4$}WzBP~~VuXI+=HkA|cSv~3IqD0P^zbw$^=WnK
z0)M%;qDzG@_x9jMUE+6Qq#}K(uSoYV_vUN$mwO{_-~7G_$-r_bW~fIGRI8>h02EHL
zSFoSstW9m5%tJA_l+d2*_&^&D>&PP=m67U1@|(ep6Q;8c+$Gz7n$GgE7>CoRRbRTD
z7!yqV{8Kx+4vlvSoDRWEOjOTutJcd);Z%VS<;4+L!gCGN1ZyVRy9#o^X|qOba<Uxo
zVz_p%-P@5j@xx7sUi#Zqj7OI;&|z5O8#41R%9}AO?14K3Up;WD-IX42U;i)nhWq*~
z@S*y*d-KWtl?VQFlB^`P=H{oHv?^@e00zE?vzNdbf-Bi?N^EXEzMffhJB4A)3J{nk
zg~)Q35Gum#KcHjZKf|?x2N-iFCqydmr<_zhPdDn4ceSLiCki%T6@9OZhXW7uMFS&>
zLGpAzXyp-4Nt4`1R@FN+wb0;xV0!8WZzXxgTNh(u%)!>1KL+0Q&ZCb7o}+3!{)hq>
zVHX*^u{JAPD+iAkx*W9@plFXO>Q$#tFS&rgG&%O-KZTVE&#C{dROMI6x?z}M3vr_R
zvtUmRD+*a@rg5a;CuZt*SS|ah5z<=i*Tg@mn(~h$V>RHw@ht&bNme<cCE*8xd2UNj
zBG&JYwvkoNdxmWaiO~$=a^zLqm{z}OPF;u2g^BpKEhQ8><a7)e!lByI1yU+lzGu7o
z>XH$Gj8`P}2D(w}{Xq#Q!A3V;O2@Hrcy_}$EE?9XLO1h$`gKI<?>llTXyIuS{M96m
z-+DIIX?F%N9-xv$QQnA62;EI!s`Nh=(f&+cInmUWc}n|j+JcbhxzlQD?*9<d7J7!o
zu?%$uzcOqI$xN6mUs$K1$xxlTC}Wh(lQ*6J8N8n`5eYvdZtJ6Z4+g3J1lfjfCsL{Z
zJ9p<BxE7J{KO<-~D<UD{6}dE8J&<Q?oLCZ_=gM+XfXw0n2@!H8-Ii;~fJn_NHZMje
zgIBFO<|E1;0moV4L}3Jlk~SdC^M1>d1gw0qAc>+xd|9IqD2<FdNBOGrl)rk`lHB0~
z-;1O3_Ag2OqXZ(z`h*%w=QD_>kvino$tLGA882{C<dSG2lTNi^&Gji<$p0}Me@|1A
z4sU2wSgtSQBh-bHsPhMCR!zJ74{7@!()Rx&X*(zUhqO`sXVO;wUr1Y#W*_a4;J?Ff
z5J~RziJ>h~%qpALpDZ((!Yi2ajD$!?(@eEyqZKAqVWRR)!A(t~uE%yZ5(^rxcwWRp
zu7#a|SfZ-3sWyz6#xYj5O`=nNDAuJ+>p~@*y6>WRuYXmY!=*i3o>Fg9l|;AP2xX~V
zD)8_*6*&03#Y~di0~o<-_Mi#hjYWX*lq1aR8<T<W2E*M=!aE~DkiDFxgMj<xH~tF4
zdH-`54pJ$!_r@d|kEyRPv%?~_oBHA|ME>z<u*M7X=O;grcp2o0s`nkuk52Ra?hYb^
zH;%9xa$=<7Zadm6;rtwT*;!%!<0mf3#ehq)YguRpybh%T1fg;yt#1ViC|}AAU%0&Z
zKkCU1*E?K>p=h#=m)EZET*i6K+&_Z(3#uq6k6`u4kHxP@6E5Yq22=QzYGz`4MSVSK
z*C+tlbBS@3i3`(%Ufk!Y)0fLk)l^Zr*guMbecfzehztt{7=94>?D8|prHRdQqAA+9
z7@<DMvV(Q>Gyz*!(Tn_<b25+kyVQKPh(SQHWiQq*hW|`agwKT7+%)Z`U)$IJgzE{G
z$?x?bab<L;Xup`h<4Ni{(n9qDzJ3GWLgq>0L2Nq^k^2e;O4cPoeT!(`cfVY584?Q}
z0oV0UqxdT^=gnv_ApL>#PiRj1cW9nDd~a9=Y*-TfYY%d{37suMss{YgO*L2_6-yt;
z2BsBVBHM*8qd1b^pbm=JB)ZIoBn~Y9D9^JvR2wpY<>wI4RdaJwg5rOq=3HN3jS(6o
z`J3b1WUrAa7F2}Dlc@*=7}Ys!-lv3YNC;f1#8a?W8h&s+@zOzeT56Xa6J`2R3V!r+
z>b(=;xU5MNmbd+uG~%Ci93ReU6Vr4}I1UerzpPp_!(Ubnq5&&!Rzd}FI{l)X)Bo_W
zKpjqg$EXPMh*qx(m+`j1j{(AD(4rc@zpWI&IeixFqAM@%LO%ck{``0GdpcP?Dj+Ah
zkk9~9wyMd&-yppp9}NSV1OBA1JNzXcD|i!yCGb`*+$lCF=H5@`Bj_XM&7PwlsXBJx
znfEItkLh<9JM@IElym!qMVgA-<18^fq{9pR_WZ+8VtNcA7wAD7ypD8Q#7_?BS$d+5
z^f;L}7bqy5+DrnA(uWrqqCROR0V%xQ8|2AFWiG*f<l=*h^fYc@j}-DkTjgkPXPA7|
zi*Nv8zz!9w9~vbz5$^qcsv=}sZ?Y@?(i8YpMv;>zkKqYMEYrMMQNx;2@u%wsvJ`t?
zC1-zNcOqr{sIf!M5a=#)Fb|?!=SqKVU{B~ScUy$75IQB>AG*YLWNS4dy*Nb>-biJF
z>K=bEY$5G6mx>sDt`?(ewwdZ{F1bH@WfrpD=JfWhMt!0+HZMKog{I@ow*EFN4Fm}6
z!kHZr)&Vn1c=?t=Gknyal$v5Q#>9K55zVK+XGEh8SCm*HC?6{9l#~jCo3MUEs|oy~
zsQ)!Co=IF^40ZH-NIr<c9&Jy_E^v~eQ9f=-6gH10D4L=?yhOb-eHxnWD*+!eAUEx@
zG+PjqqF48up2s}@wMyRuQ+&=7oSh!fR>sa8#cW{xs?5nq;bN7Q!H}LWqf~+;NxMMa
zLhktm;{Z4NpI<O82mdb^cZgHq{x^)f#uc>+GiR6B`VM1(n~vH`1XB3OzzN#HM*LUm
z-OmUhZ2qEggw&4E*$>uZ_GO8auu<;Z#vDJ&@*<{vzG&PPXW-v7PCpu~&~jeUR0xFd
zI}o9|r|E)0$w6yz(ZRDJ1iFaA;Uu*v$($FGbWeR}W<R+CY}dHcz2wISm)lzp+j+=&
z!nO&&=+_DGhI@n<>m3D~h@{7`=Xl6?_mxGLC9+xxaq|R_qTl-PIMfR!T?w_e*w%Lt
z*uv%`CRtszU4Ql=2nGUQL$9uaY%Z^&h=GP3!^vj(qB0BMLM82MeVMx*dLo3h7++9@
zk`Lp|S;{q9tJ$DAcn;wgcqX)MPEV3YMMCR-i!r-nc)oApdbL8pmg}Ulpwl>~X(NR|
z>Y!4(W_ZyxB2A?u6>w%v1eWA>l2qWgf6+Lv=D{ivPTEO~ZJu6~F{;v%FB&H|_-`7=
z@ZV`1@)wQs3G(-sdDU~yB4xoP_WPo7%G)$#Ntu7B|2K^@{^-b!luYfvx?36RB1&W)
zs;>}eM1FX$JxljYLd~NM@pLc@sIt;v^T2};kmcv3GmJbKPcJGn=R;KB(2!l=h|sk#
zd>f+`+kZnxlKEB^^2?TOtAFF;NUS9~a#bR3BWVa=*jaR&CE=F4n(q9?o{=WqZgCCN
zH(<l`o3bIMc_Z)j$JT#J^`*4dR>6*VLLW@~)(0<|A@NN?KQQ%A-Iz|=`|B1>2q(^V
zu=UW#IYp~dJMEVG*d6>dZ+9rK7n;)3?V-KdjyuW+A*vYHW`NH>pZNEv&aiXxH+xpc
z4#Mh~FJc}l`=fE-n>*R~leN+j1n-zi$=}g<)YzVvy}!XHgVazW-sx+;Wt##p>j)IC
z2CmVI=S)U^hnP1U33sfY0YdQ;+xJ1oK?=8O7PjgP=4WI<>FrgrzIgcBK-1xA%~r*!
zq<py|6h{Uv@ooJNQj1CtfxRyt_xQ!*<R$;b<JPaFC@hGoB7ZOMel$-G1XE;y)GR9i
zz-}3shbR4Vd90FPgrxCCNG(RL`DU{F#l^4L*M!dXqu?S?t&M&vN?TsreaJS}d38Vg
z43UzoW%F~c3_Ubn{`h2|f(D=V<Cc6I*R-zEAo~8<?V2X4aAigi=1SOA{r+4kG-xMe
zX=@B!bUa98k2=!kmZqsttuRESYuzyuKp2*r3x;dtIYNkKO|Sif-Qp%cgZg{XBsP~i
zaQlvQ+R#*}XUUF<F8gR8X&>oGx`t?90)6R?E;4h0Ts)U$N+ZL{=+HEI<qo6qWQ+EB
z5zeh(CgJZS37iv0s=bHqB%Vz2-#S7@-t)UsM_I#3dBEz*50C<6O(&~A57e>n5p}8*
z*iicBh*g9#dE|i)1xYX=VL5EkI~Oq2$(lW)Y#U2OU#ObaSL2~`t})jAhUKN>`cc^E
zZ=30{zvFiSkFCY?nVNlE;k6CQ`YdjIj%T-jAo!}zt#G}RHPts?WN^Jve4S?{yr}Vk
z7B7(jrQX=kG3Iyej&^QcP@M`g*ISsEX}{FOl{s_{Cn!tv_=3quZxNh^CN5UmbI*0S
zqbDuB`>on(y6SOO2r+D4!BHQ#nGcs4_^Vl<vVzcA=Guyjqw&D{K&35T*>BE`=K!%Q
z`Pt;HH-@S93Kl8D17z778ZOq~rl6=In;C*iRWeQ@)-0_>;}w%#hiuo2eX@irAxlrD
z?!n;K1Fo)cX^r&j>dGtplAPQHCoH$f8?BW$^*4B~a|(qcZeW=#h(CiR>7}}_&5f0K
zIo&Qs_pV#ucvBCi>m!U>$UUCQh;Qo%eXAC`Niwn!9iKT;Ne!jI0#)$7o0Nh<wBKis
zx7W7rL2ookFxq4Db?^X8F^v%9bIXj{_EP3b2=BkG#1e53nmLOHAr``^<%Wv}u<t~C
zASlp@*&syVK+uVq_Hzn*C0oNC!hh5n{8adf?^?rT66?tOvAuX7`g|y8lsICnXxlti
zvf}f2Vb8&R_g?L>3+e@|%!>dL_aJC%Y0_T1uHJ6d&%{#R&4VQ)dM8%3cT{!L(!S}n
z<<erMp-WiP__-3={>usxVM_Sj$X;aZ8p2Z*7H!9<UNejPa$sbff4lrZ!qOwb?EvZH
z>kd_mMt&;&0OE`2iWKtlVu`k(g;`@u3u12%HL1j-4%T!BKhH+ibj^(Y5Tt;vh1p;g
zO*$Fh?OEY|wU;j5ug@WY!J2OGDXCfQ)h&aZZ^H#<;k{n|$4X32@{Ql-C?EUNu;jg5
z*~j^^_7_xp`+{oMpZo(;hLly#@3#y0*8U$ftUT*!I#e%5mB+WlE?;IXDQ7C$5!#RD
z`xJHM{2QY3ZN%~_jmxL^0uS80Ur1AGJiF?*PY<g%4P<&XO+U%AqtKYpuH?fnTbJ<(
zY3Z8|W>9>WTRr<_>-6%U<Z$&O9-9?Er?lRWOlNg0KJMau1FO|u{E9zwLq6n8{%F#H
z<^Y(tyF^~~`db%OSN)3L^`alto;-`+)mA^hCSsE{A4tAdH~96e>Or4&&3@1TJ`EeX
zdY5PbUpJ;iUuiTd)c$%@)cgl??x5r)pIrwZ4cWfrvmDjuI@tKvTEBj+HQ<xKkpY#V
z^6p)73$yH!Wmc_9`SVuwJ)<>Tt=zv%g&*NS6*h1oFz*UHK%D<iAvvKg9YPLZSD!1M
z@@1$3t*#z);A<MWJ8|09T+i>)sQn`9h(H6gqfwM(uBecil>89}?j<;QDv$xNK(tXD
z4}(8azZ6zzD^r)G&T_sQdKCXO^lln<3zF9%)Hlwb4*s-?fEGJpH83OEn4;JP3?C%e
zr_wUSFdH`lMqNedTHM#~bBRln0%88{(*vLRJEhDTx%oJ0`Ovig!9@m5vv*5=wwM{0
zE1U0~=`9l){2IDsjn)5{?&!wTG`|B2-AD3M@@=ga3(mUF{z?4f0r?H1HDrL0sHYZ6
zz4gKAz$s%YvY?<h02?~Tl$6@Te(~o?1lIuP5Zg6~OQ*4Q-W|m@`@Kt2AaTeOs9U(g
zB)Ad(_%!+9+~wV&&5k1KE*7V8bS#5r_!M|QIjCcY@gaceAwCT){6>1tu(dg+jkdK3
ze9VFMMtiKUj|kxxkrr*=c-}j7d5C~5$vHm@|4IdIdn@N6f`S;NI<UFwSbsom7}K%Q
z+SG9IBxc&kMp-obXKLTr8_wTaW0A8eC^mLl&uSvBbZBF)YjM^DB=zWH<=AkFxQDIg
zmi(vvUUlPM)ME3NT-RHps-RzGHi6%1=j$T3RkmxJU!~0;fU(C~(5%W0LSt%1VV&9w
zRsfqyt5{lXZ=;vJF#~8YU7^^-R5`Ci(R;s@(G01-B#CNmA_0Wb%am%th;rX)j5gmX
zu1*n;`GdyFX<%p<er<>Y0w*cz!nQD5>n_ke>5{;4>=`VLNk67BLZZ*Ww9KCMCLB@e
zRan>=v$8W&>CKrw2pqqWcGrP!RI#k0!vyZk1(G8Xu0Ygn8<}8Mr5djw8Xig*30^Sm
z-fHMeT>y!xTJg)CBD2&wj;~?vTN@XlQ}}TK;~2#R!z*ED*GJ2E`(S@h9lqeUYEPQE
z()5R)-r}^c*74_l1ijK6W6~DJfLI=X#(pgt*NtG(w|ZNTZEsHwddCIryRfy9t0wTL
zO>4L|2Mc`~7)%=2&Q$u|^}{NVdG<~OB8NTS#*92k$r7sy4}k>7koHF%Cz;hxGY2G!
zFxEy~9Ei1JzBIRAMvQQ+JPawY>94j`!I}k;%W!6~)d#IaNIIn&O&M^}z%CWb>W<cH
zrT$dMZ`zXLwMmenVEgx^mS;%s>0%mRmEv7in<a{pK%>}kBNgkVjuV4DQS@IiJ$<u%
z46d6sNpLn%6p>!LZ*DWXV2fonLCv)U)=wmv<k66~sSk8c%?+I_jqQHRp3Jghqq9Ft
z+@#wzzEQ=G+bT?Bj^REIlXcYv%l+gl-v-RtHa0Mi$Q(G2p>ZT2D;Xs_edMKP$&RtM
zNaCjo?wfoQOSQo8eo4=soXTde&Gl8wuo3Y^l2t&Jm_MFle+DxI9I?-<9${IQ(+B~S
zuq_$1GruMBHjX&lS|4ZBbUfLyjhAT1DJyeakbN^PZ>{4Fd5U5hcQrz#`C*#_h+gLA
zXGBi>t|}X1a~HqUUr|mDcvQev7_#R<w00VrU?IR>7T|4+KwU-^z7W;-0rc1cdn^~_
z$1z6d<<^|io2GQg`>%1>=GcgC)Ac}Qn)tpuI}ndo*TYv=*gv+oEOG)Ssp%lBh%Is1
zr`%7#V`>o@69!FZoYu5gMAe#R%#3h&zG8%@{W}bn5zP!UJ|E^W^TJwYzniY)XD5>n
z?Q}i@vkz&8JT24vuynriI2J!s{}1)sBSF}+;xxW{Hr9fLzZZ<&R!`^4)i>n}cviA{
zd;~Hw!-r5nT?mQEhGlyO6Ffg+cU?Th;<BPKI#R;s+WE5`Dy@1^YLSDAj;`tzp*pEq
zH7rZ?(Yr2ZU=VCO9E{CIXF;|mdj15bs6=SJc7YXwfYALRD&6m-K)mZ-Wdr&cz*knD
z!Ki?ZT~mA)8tw?G>c~zE;a(F6JWtYm0WZ)HhwG-`R2qCnam9LYC}mG)l2amgp!&j<
zp4CrMrV99Z-NZaRr^1&o4LMsx<FWhh95XlL4;K*za7HKQqdiQ{0P92(P>%GX-sHR=
z&(7(lIXm;KzIUNYQMuyO(NNv7Gtv0EQcGDF(omg?dPvcDHAqo$8M*};vxGQ~YpnS2
zd)Vx3x51UV`taigC%-)x{*7Xycquu``85$rX_Hiz%~gf39`H3kDVVg0N>N6>X@Tc^
zuFq5lke-NSfyhY8#19sWbg*t%B%pw;j+SN}W2P?Dy0#T^$rR1_g~*CfM`h#2;CLMn
z4V~H<Z!o!uL@wF_owQO6+PdJfvnvlvGk7_GGIt|wj^~H|bF3A!<)#4Jr1VlDi~C7+
zMpcPd-Z<8oJ41Yxt79oZc|Z?ICpj(YbzbO-YAE0!I^w{|G!E(@_(w30I&VPytiKcN
zJkflXCIa*zj04^xX_wL(vjJmXSs5j^{BN27WQFjf*dtnMndO{b2|q+`f)MkR7+^{C
zqN*c-GK25@j0|XwdT1DJ@Qt{#wwqa>pO{PRcKqRBsnPqO=?pq7K(${7awHL*xhNbo
z`Y~YW_aT6olTN`1fAYUcasu%?ElmhmX>GtY92S-HTY+od{-U&=`DK*Du}wbqsLkb7
z?)t%4XRYTNjS^6y3A~aGvNDL;G*?ak7}co6Xm(MM%%2gdp*H@a!g6+}dfa<{9;4yb
zWVDD~U^i9)YZLF<Tfx4TF{(&os>5_99~-HW%2+3*zX;xR5~siHaSs)BjAptF9z|<F
z&E*}sq0?8>j^0NfW#CtmCFTq0u~ukEKDdfFdwx8IeMj#*cUDWnHsZM=>pi!<@Xq=D
z6cw=2rS1mTNuq=)f4&6E3TI2|eQqyMEmXeamDkiey~NF&KH(qGClAyB_!+_Vn6b~I
zgOrUtmEHFe>|PZ|%pT7B2;JB!MR|?Mf~DDCgY9z2!VJn~JVoTZ&k`qGn22@ZeAucK
zRUc@NBkJ)d&pa!rULE&D81CN3z;>tbVeR=+k2ePvv(fA*ce3ZEMK>XFO|+NQ!z;Df
zn>Sl=>ID*(zQ=E?|7-{gaX*a^>-PfAHL0LwaQc3l^a<VTWV+s1g^KDVtdj}vnDoKR
zz)g!Ef&(^T=D|G56?ggrY7AL1Vp)-bq))v5g=gD5#0<IACEW}gL9B!u{1U}bJh#Lk
z0Ye$G-SqGlgIz!MW;hJBzRvrZ>EJ?FmC#3*=AOjB8_l8KaO1#$vnYI*@cdS_eAiQT
zT}Ks%>p*Su-tvjgbjZpE&d`PJP%Vq_R*DhkDjp!%$gYVdxmXpqeRnw@7k!A{z&N$L
zmY|Wu4{T<#TtQv9nQ?|*-55G?bq5u&`K@51Jls`7_!Uk@jIVCsxo;dq(ea>dl7@Ww
zq>6%N&~sgibh%?aom=G^Q>aEx@YT$K`#mL*D#V7MkA)Xb6m$<b4}!!hjOVFHP8x=u
z5tl`>i4X&F2)(~y+9hCxlp_tRWXE{lQ`Ec=zyywAafOGP>>>BGj-vod+e(K}fp|5H
zSC1LozD);O(G(ED61EW)ZkIG}eabOBwUa5vefpK+zCpW$bA~CviEm`TI%_BSL_HJ!
z#!Vu_5t#2_-KWa|L#`uP>XPVv4w$ahIs>MO0X7lrxPByiTP5V12mTYO$T0qET;EnJ
zYh(!&V}sHxX>d38jLT`QDuR9JY=*}p<aoTxY@F!(P)GHGM7>0R9DxMEww?Is)N!C*
z`)>SxntwcRFx>~jM;?*s>8=e4Wj#@(`azcZyjYrLP&{Gu5yW#0OSM4fmFTWTtz*Ek
zF4Lhkg0oj9@W#1ua`P?)f7=X@=ZE}bZ>=jzX{BE{FH2-5J|u}>b;(dnkl-34nX3G&
z3ct-nMc%_^zN@E^v%$jyM5EW5003^LIb=12O`0oUHPc4fqzrw&D$kWt47^baYlVy-
zK&%B2t2zG@87y)KQ-2;PlERpZ$2<0Q%D0vGNR!mDIyvGl7&WI2gAaDM3zm<_bk{c6
z(dgQoN0f9|J~v`HmA3(An}T|#HpB?r7<*h~bNva9vIsu(w>c7sY=w<FI;h4&xnBfN
zmJm(ZSE|JR98J+&N5NdqgA`R;q-wRhJkB@gjvQWh?3Vs36@A_noD!a4zH*1M`-nd{
zeg(%Cg^Zz~s&kUCn$Frp8p(7v14VeVhZi3)SxQfT)l(PBhJHC0F}rcNOc#730Mk{8
zhIYY+9jWJTCH>|urD`iA0H<}Kt`2H8=hRXknHRP=7?*c^T~~HAGvJoVY2>E}TcTka
z`P?YWi*)}U11fly#Db$t6^F(p44~|g@C6I9AiSt!d;Kl@bF-o4YiJq)#@)vtG6Tf$
z`<C_?5hD)nn)SZYP;&u<eRi;@A=!SHdeG|}F<W^5Zcpw&{->$x`l`m?n_t?qUm&{x
zVCn*I@?a%%ccW$2)?!7DYyK%Dd62L$T+&G10*<*(`CE`#0h72L7sL3+CM(1{fED8F
zOSGJcvH@=+Vo;w2j!^1<k@Zc1kuX8Gv29x$+vdjh#@yJpwaLcG#uMANZQHh;-1+{C
zm-{+XGY{2W)u;NLuBv2*0{$W?e-0;!xo&(O2V)m0PKn@Pk(wT0pyjAkGlEvs(632=
zutb9dmAscrKL~mO(bdYy*Sxw(hy0Xw<;rSOQQs-9*Gu9K2V6YJQ@Eo{PkYZ2)|+1$
z(s*_W@y80VlsmBNs^;0Q7OOT0Us{HUTxP0So(B;pDYm*(TBsDC5x;)Hm*_(i#dYI>
z-eLcqp^WjqW@Zxa2s?K$pXl8aSRlWldc_k=?1f2|>g3KdHU2|AM%Z{9qqJQ-#Bd)G
z&4d~Sg4rVwpf@a~`*w<e!rPG)6hT}Bp=>}!9a^JeL@CqrZnQf*@Qd5U3b(O)tD|=q
zCWk)q2|e{@mCOFCM0PE^m@I(yLPi9{tk{!xBKO3Sszgo8GN4nU3Q7bS0?bLQNcK6K
zV4q1lKi#5rYo9hriLhb9wgGCCx9A*X&kxfH3SdzRK@aWKUh?-m#B69Cq3pYQSUGUC
zeGm8hpVhKYF|!9CH-33ROK0WGj1Er68WS?PIkmF{HYon?BN<{>+@EOb{#^~@0opSv
zXc;Y*Et7;6LqG2ZQ<D~>3ldK8x{Pt6cT4HTkPjo9^sR}eW5&*!n#QMIuZq4=bQcp2
z`LIOE1D3oU0z==y{|g2oTQjvLLc|C`|Gx#S?;qaj=fLsNGP<c_e!-+Sog(;J<uDSv
z{m0_bwmceBJN1Od^1|%?rT~mS!<+LFxU3yseV+CXFd9Nz_*n=)+Hmp2U!kQNd`F&G
zz>W+oiY$63#}IZs=a}SdS3*=CF`^Zyl8*={931i>>qza?b$?4qz-~y<#j{OdwXO*7
zM+P+=Xvs}NgMQy>9oY!CLF!B@R&*=xV;u%ISWYuVSJxi3tdg)TJNexC`&*tZwA$7|
z^JcAHe50KW7pmsMdsHF%sRkV{XB;F=eeig+wARy%N%nR#*KV@3=4cH;<TjkAXM()z
zj_8cQn)HoW+O3OQkT07^_1U+d;yE|GKnE#;iUz`D7n<;4g*<EW*t2>>^Es?%JFUcu
zi21*Jxq%6;<+ra+t+L!cjt&-&-=C|Onr-Wk5Ll#YZdZ5twY7Ztxp`9FVY)04nZFnV
z-)VC7c(y4FZ}&PXUq)v+*f@_~v7zbJy?X%A=S^$txbJ6g5${1ZM2tO=O=8BjZ$GwI
zFu>*yQcw>2lnQUrIAQ(q60739uw*a>ga!>uAa6X}>rqO0PH9E;U&Xe^h~Jzt7v@lS
za3+pP?(D8zN$$q1y#`0<B)hC7v$ve|()v4D?snZ`_{AP<aXs@YR}^qw&2<g6t^Tti
z8dGMuLz8rajp^v&d_nc$uO>1=?eFvHFpQ^^GYg*{=5R$MSzd_xn|fq4v^!If={fUE
ztI)OaZaU>r>>XJ^0PI#6U0nW!rv0j`Fw|78ivL=Njs$D0yP*hrk3OG-G^)vBCK?zx
zzL)GhZhC7xC>W2v>0BB)jp2b02i3+vQ~%(#Pvyy%aLr?p=~HAf{uAu&SfMU)a@>HV
zw~PPP$Itca^7-C=o$Z2dRc81`YTm^oL0_twY1Q|PGhtWGkinUhD5aY%z?G^LsUA3)
zMy9OZSvH6ea2}<mS<ptdm<AwQ#4N4)+4xdTw#Y}hD4Ri~^>F=1-P-Zy0Y)q9$7fSZ
z+m4?lb&uD4X9<0?=n`ff(qYM8*B|-q2*lLq?j3Ofi>(|m<3H60)+F)@<;<8sw5`wo
zHfoTb*Zpk_&__ZBY<HS#RUXEaX}NpH*XWGrbg8QQv()gKc7o)8wn7tiZ_d&{hG(Fn
zr=XKkyIi%ap6NoR|0FJR48H2=7N48v^=At92Y9;(HLQgNxpL<1P;cr|Eec04DE#Ud
zHWsz@2JICPIDsRGY0?vgt#M!)>?lPhU%*b;h^K5t5XOtQYk+n~+Z*VvRQiIWnm(6z
z!cvC^>6{!&v6nZpnmHCs=W`Y;ZsK=`bOBQBVD(`fI)-A<9hpwXMmhanSOq(~vT$S-
zT?ikauLnYm3W0(CpKf2{ug&-4^Y@py9?aV&NSm&<AhVODHoZv#&rZf9`;h|xs>q<Y
z_&~#J`6N{M@;2OEq&l*_*e?&!B0V0~YT&e;GCkU=sx<ZwO_tLrX-zpVS*on9^`139
ze>t7?1ZfNDZjMC8rpr~t#4U&MALEs2E`tSPJhW7LV<(J(($#DJf>4sy)~&S~1d`Yc
z4M{u~kUb|$yf~X>hA!I7cz)ay-v@Zj|J5nAqTNd8$<C)5Qy|fg9oVCVy05ApWoJxb
zvN;eJ?m<w~vF9|xPS_Nj>{9~BnGa(vsW{tCeL+6t1PpnF4VQS$12<S~+l1aOoV5r}
z*s&GnO0>PEX!ikZs1A2V>nF|-dzQ32V}U0zI8}X>EIm%XpzSh9v5hxT!;zvT^&|)d
z<Ub)9c2fsjFCbYMkOPPd3OOC6w0M+RYY85vFL_B@pz<wQ8$BGDfB48G{^E9zd0)Z_
z<I&Mlg@1L9Nr&&Zi4R=JrOyhUWGHw}<10fCo+6dB{7W3>!g7#l*-|25cAq+wvwzFH
z>~-QN-Z7pl7tP1m^Z`h@vMi@h&<xH0=)*r)XaYo5#m|PDXbRRzU;yew6daljKZDcF
zyz{2W>yl5MFe{z-_7CBQ?-;CdaG>^mn8L<)a^G%995Jg{^CM_~nMusB)u};zwxT>d
zFe12-zLTF+0voQRJm{i77~?l=qC6mS4cBc%<!V9*B;}Kx6vkYk!MqKvpAPRlEa}{B
z(#Fn5W9f{AJb^iQc@rwwYjSt8yHm7uckLz0y4f>P1bIx7bY`(N82esH1U<NY$z_+l
zMT4Hs?p>UnX*MvWWbiQG7J)KI&i!e0IwtthC{3_TjqWuZaR@I=go(}tmeX@KAPhB5
zJ<$X!aRDwl&q9E#&;vXV5Lt&kCLDgaOc4r*3xoKJ@WWN$9XQ{Ng6w1*sG92APW7&&
zYJu@c!&^^%yj}>rsHF2<7!4u(Ranq{ku-`GzU!;VxM}4A<gyFf??#K42P8VgDT9Bc
zX%QItCVq5HIpM$Z9fh-#ypEny8w;~J)c6#$dBkN)_?k0C@$#Y0Q5r;otLom^H6L7+
z1I&h`eO_-_$;pVB-lG%`3J7u3i}U57Ug7dzKpLuJOIo!HWn)UU8wlkHL~6rEVC#R^
z$14(UN0HeMxsq5Ln+ewaekK;EuT!YTz@`H?F~1rT>MaL6Sv(_Qn^Q_o+x%vt^D-}N
z9-#ru>8g1}$IvHl?X{jT%w_1WJX|W;qlQDp&FY#;cQ<YUR{T7;yrL1cL+G3T$5ts;
z#$Fj1S^fC(s1&z2n-boY|MK*Hxhpr!s8BUx=eD0z%<H+(Zc1pkMQ;<}=>$Y6Q$0Ub
z>juw`;u-?cHW>#_)(4M(`eUj)1_*ySPM7QO1*G^HN-)U`n|Kb<X<jI>+Uc2N{ONfq
zquDlGgIkerg2k-|;)O)mV#_`Q(i=qXrbe|uhJInPak`jsz{K1DChINy>b`)~<+39;
zv==!0y?tym)iY(_)kFHcAZiAEh8I+^H_}5dtY-O=qont;6?7BH*9^*retU<)6D;Kl
zV0&;gQDE4HHn=0n=6hcL3G*v{Q07tK%t5%N0BXt?BmU3gwp38BF3K>2@GE+j911k%
z9WpD%g2MoHXD(VKSGLD6wEGyznNl7b&H^@r`(ng>s_WAZ2IwDLA>*5LFl{4`o1Hn1
zT`AY4T+t`RxQoPN7`*cmKhK^np^^Y!$ct1bwVp1pr`m5?!){%}oUQ#{A`AbXu6oLv
z=>$J(Lj#-lW_-i$-6h==UC?*9mGJ+}lV<h6YWyFN-dS$C>Qn07qx#<gp((%-Z6F@o
zdeGPHm>o>;TRB266V4?JoSQg_R~%yRc2hl3k1g1+m+i0jUck(TycWmr4tI=T+9M_O
z0E2u&Sj(5AbYpG8(<O^_wXt8|)*Bp8uHE?nf?Ps$LX>0zi~QL4w{=mO3W(B*Ggnjk
z$>Ic+czbR~$lE(fIPZDdp2MV2`WtP_+9N<b9ee_((~SPm2fw)Rr%Y|tI&&yFl6=g=
z&ti_lT8$H#FR(zqN;M0MyC26&cS0(QyExiMaj{VM3a}<Tkl@j>!4i5S3|rnIh!jBF
z;&^b!(Fxt`fI=LFh(T>QSV(NXKupS886}_PJ%JQeV!HuI&I}84XhuLTmR%;0_X0%x
z>iLJkp?Dbdvbai;u%{I~mCNh^D#B`T5i+34KS*dH2kbCWPCsccmY<3PPV7npMu4t{
z6tAtku){#XH-^x*D-0;XK*=LW1_J<n9Rvn|arB6p%4^pUm|>`LrqQwd;k*Vv!}G9o
zO5l||l}De|uNfy_`TEd2<Mr~<d)HfW?}K2u%W+QZ#S=`w^sZm<m6s}1SzPuN^nh#_
zqoAa^<Lv@L@jV4FT%0DNH`tJ9vXdwVnZfoGt)9`8Ym4}eX-NMg&3)=r%j3yl!jO42
zI^;d)-|)~LcE8bb0N8a&EpWF&zkk1Zi;j-mwNyJ8w$UWR5`7Y$-YL>3hzf+9=$^#V
zF!xeBhpR#(Uhe)4@Ij#r<ID2AS_nGJtzkQ#3JvEB$@-dTWH3REqa*1j@qs5J7Khj4
z$r2uN9=6z;sOKi<2!FlV8yRuCj=YTZ?EE`KN`r-f3Q$D?j;AO~%5{d>BH*F&6<%@_
zfS9F<q%-#WWqzLuD8oOc7MFfB6+QEGx!p9MTFF_+h1QEk(xxVkz@y08`XTBmF5IA1
zMiLk!>3xWMOVaF@=q=e9h&$Di(_!Y+y%j*f{MpYJv7M5d!5qGTe{c**a2oL56rKJF
z-JwP;B)QD*X{)_@1OH%ZcmuqBVxTT{Dd8GvJXhuOfXY#{u5<7WltL1oMoUEhhM}X}
zR=Htp_Ev-?lvxq*OY$XAD;*Kana}v8GB|+8xTSHsm6@L@%~5!6nt~Y}7*l<HKYf5x
z#57znsDF$)yP#2A8YYBSpza@ZPo9ist|*gcnVFm)5}y;KcV--*pft?yDCb#4o1u~^
z6hptBDp0`xXOg*#SaIvjvRX79J!8$_kKpkDyE7Kc>z{_`q1G3jA5PhEWW{`?7(DNq
z2L)VTHMg5Urmne=j9T`s5|d{zt;Y_72mcNSxC2LkM!+2i<nd-Z8_9}kMm%F^i<>ph
z=jf`&egJo1{TjT|;lpyN(_1oav8nnL_1T}*)YiD7gXNt9vw@D~is94am>R8R?|83F
zzpo15SqVS4FPsLGfqI2I2A%kBD#@VOLW{?Oj1()^3yuaAF{763^X2(t2_hB}9-wEr
zmo(COn0DoxxYI-Swy`g$NULE84e=E}RKjk=!niOJHHy&Q@me8WbsP&bbOG&xtYEqG
zg&Eg`GW=MyfW)D~HchC_>5VoRUD82UoLnPeb{?5RCk77wmpddY*Hu~l4jf?oDs*k1
zX%o>M2wy~D{k?hj!P6+V(S_7_Oe5FjRdv0GIDTvG=M3c^jI>XxDLqHBonjBQme4nr
z++s{A<w(XsdqWyjFSn;r@lxIF*XGjEP=O3+zTk7kYP1<t(h&>(LzO}E6h=lWRIv4;
zArtaVR%OA8Y#Kos_5+~8tOgfmQDFGf5{Z>-s<_G)KF5R73XAtOkW$C0P#fi2{a>g|
zz0z+ir)sr-p|<Ssr<F7|gHOfUC-$Y<|K*EG(OSJTJ9c<{G%(<5X_v6W16RvD5120i
z=6NKg9x+jQ-5U5aOjXAJ<%{`scqJBurBWQI<fuGT%>L;Zyebo(eYT_Sw-vPD%vsEH
zHzt)%=8>GW|4{!~sDaIMb~xuQd!gA)ZY}I1EF}^CwC&k0E;4Wg$^z8c_Y3MC?+zxU
z<44*QH_HXj^X@stRJ=n^1y#K-ZI|Z1H}X1fefxxStxOoZKZIw~0x_75Yh+%`WFnwF
z!BDa#Wd9EOT7%KaO>ly>BDl%H%G@Jvd-kAZ@cOcnI2to=6KMz-_aP+~*$!h=gQ`eZ
zuo6w?;1s;&7^FH(XZRtgVQ+Q~(xJod95)AqZOh_Rq#zWxnpKP?enlW?P3s|Ju)dg%
z4cgv{CB+IQF6IZUeMdVSX)iQ=^%~z9)Ik%Y1%FdL?JyC(2D}4eJ>KE0p|K?pZ})JQ
z5E-E!`^OFX$3}aWl_ngu$k-XM$QX?n2-qyi99b$FlAaL4b}+#m<<8i)|J7aZBvn17
z0EH=Cn8w1CDz+$z<n#yNr&NpV9>*9PMSo3#u2ii`c%?f-CAGv^y)Wy>eM?(z^6T(S
zPv0=v&JMU;t}qqxw^GOQa<_x6Xk=0;HDnUWS^atv`Cs^!Vugl>6-vfNv4}B!XsuiU
zPWa-{jh1yS$iqA)^>?T0zr9r`JJ$9oJ~3wp+F##tcR|mBY2~E~PfIe51d!#WyfhKo
z`#yj3Lg`xZ))j2)%q!dUci_tpht-It=>Fyfn$iG`Y0O+wOHNk^;`t><S+vUIa4<BT
zFo3m6`XwX{PuO`9LBGtXa$Ukc+u;ZHnNRwAwRStp1g=Ky*ArPIe*ecQ|9^1G18jOv
z`{XY{F5?;Tj;Uxld;>AE(nLJp045Z_n;oEBj=|!p{^n$0af3ZwOmab)WTs(|v`qq~
z11}u8q8Ns&1U!d%#o}cmpVOn7MHscNCm7?oic7tvyQX(Hg)iS^_dQB9{I4>5h@a5C
z4P?kn?4DOdI7=MCXwT+KNf(W>1-h3-tMj$A8Zq;Ih;3+Wr!i9z#9;U+x>bzEv!exV
z+q~W>Q$oW#*M+skZIzpxoXBLTWbO(s<j!WjnxpDSKQ7h^Nu}KziP!=L?wk*|0{ibh
z5>d&!AZWC<94@~2zgbmL>3XDRj}dS5Y3B9Kxj6$iAFG}Hp}<}Qyon1xA+nIG_&UK0
z<`;j5PJGjb8L)har<^tPIUBv4b`oFsJ`LZ5>#}~(pEjGn3^s+f8@=G$jheM$_E+Qh
z(MS#6$l`8NvVO=vzr~Th^f%V{YGv;HS1)>A-oX0F>WSUxT1ni<Qoa12E9BUQUgzWe
zQJbqA?yID=XibF2)HlEc?sX6o>X}Jr{qeKQq5;~%uyQ~kMVgeA;itbMHrU;Hwpq|T
zAmp2z`O+=oT$lsZ3BQSt%Z$gBH7^#{0)7oSkF)2_llDpCr2gm7aDV_bsJ)E56Gy$B
z_E=!TVGkz`n9=}<0DHuxifYJA5vO}-e&I_V6h;bnRlfN4l7|)o%pT};YNI5BXs%g6
zK01(zd;ZbEsNG9V`lT7^eh}`AnP*%_3;G6ae-y*`a`u8X-+HObwr)(s69&r^uN3sD
zH{6MWSSP42N~T9^EK15HlL6VK6>EBnSYGE?5~b!4rP8mmli@388P&=4<irN&FJDJi
zuEX}Jm42w{ezh7+Vj}rlO8gwLhKc&kk##RL6t4H?FeH$X>{9W=)qlk24Y~FfUDe+=
z7Ma!&j!b_^Swq|5DUXyG*EuA4B6SzGJf4<5g-dqtm%UD}a^A#Wx<IXQWa|OijG55E
zHA8HLRw!%5-#$*M-K)u8bZ^&-XWg8RBgujT%Ky+R*6k0i+sYz{+ZSBa&oa+`4p}Q7
z(_g+BEw^*ID#&gsWF-PGXwEW&gbk_BGUbh8=$loJ)y^`31x=PJu%J=SQUy8S7tK%9
z&98}38?4a7&>35J0%PZ0<NXt>@!Lga>BPsChr6@Y!G{wonYW&s(b1ruS85#By!Pvv
zY>`Lj>*K%URpmJCVv0456`dUPQ+hN{*y=l4K??CMp7&_G0;<*FqqQIJAm3VdXZMHC
zkAs*$Y2ZpovErG0M+hAd93!R2TN#>N7MrYh@QsK!V3-v~UBc26T>o616nQeodyJs*
zP~+q``M9aUmf$1Ba12sI4?=jzu{RVVqYNJ$*8#D;KQG5I)2A`E)q9Q=f-`e`$+v!G
z!=O$tt-@d^EHrI;FX&2VVR9f0y?T?vpSclW!N5|Bl@Rk|OA^0*!@4MBo|I(WmHeLM
z;gsel<4v6GkERJ@-9n-!4<l+PDkmSaoTyl?DJ-Mu^PqN~ze6t;R+u3bD0#5rvY(m~
z$}-5=?)d#TgR9$DfG=>HMNuH{>i}=V@l8Gr_iV@Z^k{OKNprc|m+#xp(bM;fcw3>0
zsq5EP2WZu`7td;oqCn0*29bF<J*l1$sLjhLp)QINKRtLgr)>+urB0mL3oSOn?ZI8V
z%538K4>~WbFG+*nB94e;aKHaDHNi3huJ8|{E&ebR^WNM#1-dh<AVInBe@w5w5)M`y
z9T7d#`OxkLWcSL5Z+8A#*t{g#%ZoKQYSKe+m6{)B{P`Ric)SPfRndF3jMzT!O}2u5
zf$V0j+jj*_7h#)&O|tEQoA`F>z;tm@W#|qho!b9P7kyWId~?Ih_O=Y!OHpjs|J7gp
zoghb>I>Q~hnD>n7o(6UAW*49T9Np<GLI&Hmq6aoBKX3)rAAuAfp<6ecCwO#G(I~Ui
zo!1k6x-7!Z8{@0b(<_V;n}I`){A(98uc?mt4vWkt1$7ZDeTFgJK)LPhiwLYU(no^B
z(X_?QW~WIkEQYse7R&zi?%)0mBV@J*IG9N@BhoOw=E)NTNe7I*6weUHoU^7uBV+{{
zcKkH{gmn2{db}7<i==)Li9RBFZd;bvWl$ttjGn_dBos%*x;6;6@J&?*@zvt(DO8_s
z&a2Le_8dG{O{5pPl`Q!zcd)v}-CV%pi-ANrosQn@8N+W^FIjNex6j$LrIZF<Acp<z
zTDv)AXZaY$C$DYypB3Sl^6Z(4q<iVs9oIUOV3>0A(%ylFqof}2(%`63%w!>v2jSrM
zJB%U!f&8IqE5<<2DcJz^tPbXpDP{PRZirxm%IBNI$~D@N?3>~ROCKp-e|sNnSbaJ`
z%EFaR;X2K8u*5>H&hlZ-<AT=8Ksi+&F9n-!+p!kyA^3U)XS?xJ)znRXSm_B_Vq}jm
zXj6L^XC0fD-2)QalC235p~mXyE#=MT0xksS`g3)?XT!2VhuUEZtp)G`|2B(kU)h&v
zy+4U184mabyfQ;D@K=tmE8=eqzX$bDYtAghsRqlU`lyVSeFUMPx-t`;CHZywO6bh&
zN$+Dtp*2?>J}D{a>Jz;%cclS%TAx{!dHLrj*O@u9E3>kamysC6z{r|DvWO_8T*~`G
zA-%-<P=(4ND7mZGdH>tYsR0l`n+CGC9Zs<1Aa&WweJ1oQc@v2)76WZEk;6PrPF^B*
z<N;484S7i%k`iF1Cx;zWOTbM<4(5lu0L7rVQM7%7vjyO!hC>}k@Ob=!a3NkuLt!jn
zKNL4~L_1UTNtHXv@<F?GP_VT-m*TS=4KS;+9)ypXGRoPh4Ih#jc>O6t2Ggd11;fg_
z@^@E#!7>tWP(wZ%gMH2CH0`B`TGMy+Jo)-|JU(Oo?W#o8iKk^t^bVHR06_<n)|;{}
z$~_Ql;H;KT8AuV7)9Pc6Dc_c%LAm|YIE*<bv=OPxOa2%T7B0}yU*~AE>b%wPT=(F6
zeb@aU4fYO%jApAEWp%1IS@MvOAdRzCAnnyf)W`CPsH<6(E!VK|8irs3>1$jPZW)tn
zV25#cdOIz*)*ae&VSUcjgx{SLU^HCA3;~B(=EeE%%gBiuA#`wFm(@)99Q<a4j@72c
z(gK^8Ob_vaC%hpnE>MK2E_+ij4_~L-)4LBZb*t41`1JjQhk0^_FEV;}JDsl|N_7z_
z95-Y)sT9%hE&5^=;v~vQ<L~16>kp)^y2A9nA`dQ8VLqTNbvTjFyWEeAXaRIGsn-He
zJSbJsJx5XKf`K(fVCuI!p~Jr_hk4&e!0LU+B8RU8#-G#CxzWrAnu`pTyg`*;e9mJb
zJ=0*bmkVE+-c+&Ogrtwph_v!YN>SHX>`u<TLK1$6e@9m{y-wVfd<sr23aiBZp=ijs
z=V`oztnH15N;8C3mK_*#x#p(#%<a5gtiPhq__N9rW5_Zt0E>-}gvUd@PRIN7>r{)*
z9dmmPpHSC6{t+U1J0-S~##_k6rk)Z&-v}_lB!oXKInjaz_x9#(GPZZn0<n>ZCS(Nx
z_TAGb0kN(IHN1oiNQUg`ijhR|3W=V_D-Qb8t%H<u<pJboyF1O1u>3pM|8(g&*D&SB
zgMrS!_)Sbd@H7()y<!sZd`@zWu;4;STHY<SnndBRk)*~+%Ruhmj-SLZj<5{an1C>M
zO_v-m+ieLK_Sl-@(PYgIrp_ARfWvbqGH%QYm^91&`Vk<hY~>(T`VVoA?L35lFuuGM
zJpLp=?pI*Hd?F)6tW#&&FCm6SZt~gieYL}89xu8VA_CuWZlCCwn%w!(lAg46X-_b&
zu*rlWn`!(k-@2BZs~e0qY@@ynWP#SUFqUWj8y2?bRx{Q;CUeUp%nte(_7UkxQ}S_8
zaz+Kg_8Gb)1Achka9)q%vM8wUgzYNDbBBd5d*>^7ZVUO|Kq#GGZ;ZY3zNWiV0$|`-
zdo_0}D^6KduYc-iH-_pze2(5crbWf-(}k#SK5x>&!}sua09d<brV(MYFbvRTJArM>
zZS@}#W-=PRb^U>6mm8S=-u5*WpK3KW>W9stW^`j)$n@(rgg;~}4YeW1MR{noH2QkB
zh*E630=enkngF24=~)6zI!u4FT$gI<6$Ynd*oZRT6XR?gIqpw7KdsWW+xmettl!hW
zbnRoqG~5Ssr*W(h6aTIB(=^U_OF4dOJKiM*Ltc#$?~PIW<!--kkFOkE-C$o+c)zHs
zzY{G2D^g7@+`670bF4;JZ$n2XyIgFCl<oFjte_NvIr1w>o(og*lR+4d@-ahuB=lB|
z9)AQ0iVbAI!Uhus?J>eI4;|E$QHp19V#XAv0)6H}BDE7UA;PrwT#S=4c;Vw=l@>Sh
z3=N^|*wXh~oBoKz(<=}xXQ=Qs(2zS!XT4v?M?3PGnL_ahKr>8~Om2=$Ot{;p=L_#M
zk+AVwVD%PIwG1Box?PFzbP(}Vq>3>`G~6v8r@+`K1`7>-*+3v;;}P_}c}5yF)~ayC
z%O=8{xPX-(Z*ViyaT9K+NNgXvzW9^knjMu=S@zM?U?Z{mo@bU(NdnZKFqB(r(@05-
z%iyd~rllO(5h6v$R$A7G6`90UF2NU=Y;w3%=+4&Govh&6gcE!tbUt+JC)T;dCE}V8
zUUKZ$UiI#<tj0y|zd`6BXd(SB7Yb@rFMTpq_J$;vLIE=9%Jv_=rwfL`9|8Iu;zjUm
zVEhhCC<3~lAw*4UWi=3qC>KBkpL~cT=S2jMI3;JzUe?KRx@Q~AeI=k&m0J)}ne0Kr
zt`+=o=0v>Z4KC;10rmR7>78A)<k_EsxG^<D9U=-7d>-zZ>DwEv(;h)Wlx6}DCKWp+
z02p;LhME~rEEn?AWud6<1O!Yll!&(ha}>k&N@GQ9G@i;Z36=gd#ba)JFRX4#xTFRW
z)i#oiW*c4ptJt-aNQ80`%ax&leo0AHT1zazwC`R^U@4Xy!oc7Xf#L@hPhsqD5onQF
zW?@{48;8^5RzdUC?^_A(08i-rV`(K7Gbh)dD5V+g7*|(_WUe`IWdAuI<u}mzfj=`U
z>rG2B#mh)kfEX+u==^oD0z~YUaET<1hAmR`!eNbbNVGzrj%%SjLS^(x<6}<1KTUgU
zZ;`doB?stxy-N<Z!mVEBLSg$p2@BU>4oS9VOd-w3(#$SVy%fyWQSlVf|B0b|P28^-
z*v@P2Q@eY|Xi20veySOag^Hy(PEh(=9K-dX33iA~0Y-%lDO+eN|Kb7V0VQ^;I6!G_
z6c`_+7s*r=m<k3i&7gMt1$JL*vSKk?gyuR$YE}LY;R!<8?+Z};F&1T~o+8VkkJiIz
z@@$_VWgAzj6L}O5KlA)&w~NHQNNsT9s*@{%@z7%RF!5y4Sy0wo{j0skW-h1&Z(68^
zvb%NGTuig;a8TPO#)Lu*gc4(6puP>9*2pl`;%9@gh>zBXg~T`^>$m5B+4}pmdROQ(
z>O1MEd@Mu0q+f0YvP(Z0;1Uk>$>#+}f6iBL5AnqyApa}a)6Q_F7XOJnOpf%0TuXN1
zH^vyXULG+zN1OAZs{hnzcb_z$;4!l%iz-1Qyde@1FS?|tg>p3e2-mVXqP8&kR|L*J
ztXvqH4|RhTAlw9!9oycA%w&gWmyh}+Vf6MA@=bD2@IGyoqSuGo<W>ZkV!_10M{Z>|
z0{r)tWx)yKqudGB+{dtqU?YK(P@Z7B2~nnmi4@zBJOk1nFqcS%5rGZ?aY^AZ0(9ge
z*m6?GF#53knf1A>L$*E90--I4C+NKIlQbQq=g`DrgYNiz;f+u<pE#C(1;%Vq0OtP3
z3F_E4%~d${OiM!A(_==bckg}i&*DAta@uYNY8~Y#Kkiv`SsEZ-iKJD)7*loxpg}!7
zWm<l&z1A?#MuqX2$~~-DbqdP?qbm{$lZqA|U9T5#GXcB{b3X#x^}N)docC2Uk8y2X
zmWzRc7K^Ddp#!Qp42Sd5R+<Z?L|JQFkV7n~A5Nr$U$XS{eY@Y@PWRs4R}UA-3AslR
z3~bP2az|KZPha>9|Eyu-ZxjP-h=)J2Zp71G#_Ptcf#R93+sCnoynhK<!zc|?P6@RR
zK@?H7M;!V2G9Ps&fW$9spek4&fo=bTSnTd}ca)9)4*K3R<EpO%lSV+=Sq}&1VFgvD
zs5E$m$Es_A0G9hN;_JcjDz1@9d@Hg(>k!J3kn~W~lz`!WW3!NJYVCpUp{-w%xOYqv
z4|gRE8C=fP9awCfiH}kkxU#i*&K|Sbh}tsbx4a2VJBC>U{w6^2)OH5`2}<^0ae}3v
zv;wW^L9419{l@6}Rg1Krqd;E?3#saIgXGR292LX^`!+}=gR9(a08^7;bm~QRS`|xp
zH9q!{g|j`xIh>PFZ44}`ih~GcEjZ@@so2Y|m#L^c%?wxwjXrqm%UEHBd0*DY$fMz)
z2}-RNxeLTsHH`@GA8N+D6!dfZg%$~A5_B)G$0B9{z$M|Jb6Tt%f8)>`bj8b0`01Au
zz?SKeDzt6LC7bI6`Y=DH#m^iF2e)<snAMeX=3`K!DUmBG+ZwJ39uL}yR$#yxPXPlC
z+S#t@Dz#7}t-dc47;s1QMuzrrJkho<NbsIjmIGpv+5a5?;@SNiBhFf+({nzyu%E*Q
z^!`qR)W=Bt!#<52Y@4^HLt6gclO4_;%pGhuFadfTI;#45pE7ADd(&&T8tiDGrf*xB
zn70|O=8oIWnlIB};o8#AT1Ju6>oiw=pg$pgjS^A{m`IpASdyf^j%AdNQ`Iww18$%t
z_8A|vDFLWqDeg1yfSABgyiy)Ub8&R8a2E8bMz{*;Ati(zV&A|}5ndQT<$6_MJR53G
zWW*Zz_|(nZl_I@@P4s(w_fsy)Hlhc*BcU!oNq}^`JyRSiG70_=LM|XyQ04A(ecBfw
zm<j%Qv9&w!_0Wr?s}q`z1kHx%j6KxfX;ieUYE-12yp6^7AC^q}U4NKD-`FRIX%2T-
z!mJ7l-p)U*i(grf9L-v3*)LWk_dmy_+`l#`w%=BR>0^6x$H*w%QEN{1_%;Xn48L{G
zd{`|yraR4-3I@A<*AaX5`ipX{6Y+AC;?koI7Y-!}kh&sczbZWEA(78-V78L><YbGP
z*aGH_2EgQYs8YUD_KTT8BR6`z<5UZ%TC<s_`VM&O^=dGkU|nzIOb-UeSs;7oZbQm=
z8htE_`J&PAbPWSxaA;@lg$u(Iad?u|U~J3N_Puw;eZ$Oy*&A|<saSrk7q!vZChSB;
z%!J^3PMi1~@p_P9SSAkl3@|dkCUolXW+9iVa<8gMvGpHoFrRAoQG8sPGX-$C+H?Qd
zKX0PWZfN^jM=MM&ybk|i+g6issG(L0kOA%{by_nA`|0E;#!_T>hDw_eu`t=V>J`}m
z*)`sd0(Fm4c4z}<;*GU5W2QGRWE)1;Hp55sbL(n6y5G>j$!Kkunost|hS12om-R(5
z-IKxxiF{V8mZ5dnszu^5HRe$&#C97(alJbHo4La?{{}D%V1>*DcagGgBjE>rY{YmV
zfPu0qv}EQFwsJ^*whoUFz#r}i+SsX1>vurwP^9Si>}`oXOLt3W;5CE6$m=2P;hs?X
z!R2UYzHw)lMr*UYG7?3SC&k!6nX79V2Qzc4TPUyVqh$52^5t=bg!5hy!6sp_+eCFw
zGsMN09%{|MvU3o<pyw2M|EqWI)R4$UiV*(&8f|Lp4<X~t3f5TnrHfvoUU(fTY}*2r
zc&GtUMy3RGQXtStsWz((eviI}AXe&pMC<`xE`$1H0algZN|kWJ$w$04ReTe}Gxx{H
zY^l=%PhO;IbQYi(=l0cjqK!yUqLFs;{3pvqJe}O{P()re-q%A-qvnD}$SF9|JC$Sq
zPpqkIWNcR^bvB8AbNg^b`0<wi^)>V(OE1u9a<6?dvsS1yE6shTAv0aHjQ3So?S?Mt
zC#B-WV8TF$b);JiTtZckoHd1_4}(Afs&&|#iuCSnj|&UzkCd^Il3zM?7h{y!cp7%9
zF{yr%4iYKU%=)qIUt&BNG&h7T69y13^yZjU<w*G;9R`pw(ZgZb)Ewob{}2J*DLj&3
zN4zpU;Dkr}av+kLeQz>brCg)0!A8^aL!$^`lpRikj`BAll=#26r^-V2p+QLya(H*E
z_$6TIm7~!AI1qWPv6=`Y3+U(3!9sQ+WLu+C@+Z*Xfl$MN_@e}o+_^&HD8&)WA#4VZ
zj<F{kSpo>R?~*9-21Eipz*lSray+hl_(@Z~7ohQT&X`U1byOS2;4c5-7}ELY%&ifF
z+X&!-|I+@h#N8>IdmaGc`UN)bL<gnC(gS=i0h+?vBI^K9cer;pL~&3TBVvc}`ETJM
zY^s9;F5$pZAVIsmY^)}WQ!l>eI94^SI`<3{WeJ(IKnLH}%fkY0xjHs)))^ou>NLB>
zgf=$Vl8~vMfvqZVT^v<{1^1OR0)}l*q-wc?AM18=**STs{=I$;1=8^zPBanR=xrlc
zMXGUwjn+DR5Ov1N_Nx3v?aK;?rtGZsCvmx05*K+SF*?X47JvC43bI;&7f)OAFBOPu
zHYzgX4p*xMkcW<WA04N9K1aM;boRxz*NQdhSAy!o7v$Va>(<I{Fz189FQJ&O;2L@C
zpN0ojc=ge_*W<R-y3gopL6|>mzQE8=+QVM&Or7P81pU?(lkqylrRl=pTzu1QY@GV=
zE>T7N$M2IPG`6foJ!$@7#{am^%y6X}yKB+#vtk=`Fytf|qRD=k6aRJLwo=WzRiW)K
z#7E556KKseh<cc6NE+d<EVgSTVMD{x5#PD909Cd#_|(r-gR0boN&fN2p9U<aWH$97
z#eRa$zL`8J=EU2BtI|3M|Elh>K3XPc$7YJ37$|zg>O7vX`r-ldq|~y`L_KT&PYEDx
zGz!!KkfwoF3voExWNL4KxI0Hj32HnzioGpOZId)UOA)UtN)l@>`CGrWlsyQ{4kIpa
z0i|9*6PBcWKwKfhmF=mCXL}WRenL6kOK#~wKHU>qsi_5F@`ajOohhy7<y2Lv@3=l&
z;>AHlv~lO9I@{<}FUzR4dziP^&3+YAM66}G8?_S3EhIcGrl@&+r8<H#n`*B>y`_3-
z0qqoMDvlumDC2H-!Q#PxVt`oqU}JxTu>dI%vb6EEoL<82t+x&ZzZfA{Cff;I6Zv4p
zw+}WRsH_T;CF4CpRC!z1e^xK~B05^Q+gb5dQN5h~3)86uzWGzOjMBlDU`o)d<Gyjc
zJ_G!5>B<{H0acVr=^_>j0m0okDRWLkh`7Us4FUSdhT`eWUd_TagQ1xEBg;of-hXSE
zu77z8nz0@P@ihl7rK9vF8j*&)W6)!BNm+RhTO1>kk3S8HuXDTFW*G7B6$e@n23TzB
zcL!NOLrn9&p1(|e?Pwp5?yQcz*&|MCBzIAJH0_cpr|9<9!)1p$sohj0_39Dv({%`N
zGwU>!Ng)4A5oj}JicfJ}o~^S3mZ(K$$H*zjl0Myzynch!p6xu=d0OG#i#-+I4m}tA
z{6yU0Rr2Nw&<5on+9Y)`_oXD&A*Q>n^Ayt2g<5g5B)9hxzj4Loq9%F{5cm)ea^`fO
zve<}qp_R4E=_cnNAOk(m!H`zHpgsob>ucY}#^q1;T;&=mjo~L3jUz*=JHN?l>PY^T
z2^t)@QR<^|k0hRp7_)gn`w9@jV2CpJ%<35FK!w{K+Or;es4N*w(1Y7f+_aRZrTv^V
zF}aQYBQWF%j<9}JQrlxfnZj0u?t3+itLx&&g#xWOs&dOLC~{F0jZU-CJj5MEL!C77
z%ZIUXbfV4Kmo+#Rp~Lpd;f&-s=uSD-BId-fT8i*~fJJfec2AOEO#rbJzs&GxsdO)l
z2(9$|=$f?co!oVkn%tG{yc;;EQT;9Z=Vn;BD)0*Xj8+AEOgX+y1<KvCz%JN#G_bZ+
z-PU8q=4uwxJJP1AId<}qmQ#~8<2_xuACfI>erD(K5v@&s3Xf*#QlBI5oRA<7zTJHy
z7oP|0<(Qi7NV^JF4MfgWMo8bf{i;&okFJxPPOs5g=^;oO*iAucZ>=K69o_v-$NnR5
zBKY3gPMlpXC#k$61P;IFc9WB%l-rN%0NfNy0x%XBat>5Iu<TGF@zWPJZ2|taSA!6?
zX+YB>GFIYug22n)Gy-(sb0pbf&)u#P@~y7EwO$Eju?~+g*WhT8&l}b+)Zj9$|Bqz1
z^>ZJx$<b#)f#xl=m&a`*s^~nNa3H*|L;<Ibw+c=pFd`-X$tC^scFN1U=l}BRp9Um?
z5Y8VZ6;Rr3euFW*JV<(?L-S$Jh1w=F*Pttsr*{(=X2-EWYF%vY|5EEeb?OJHg+K%(
zPVkb~NpvbC5(j;`r*Jc1RWc^-JHYcZS#ko`g)(n~Xh?=O$QP)S<SK3l^dWX-|8{!0
zFWCKkk2I4*nNYylU0OlCRoFn~u^pvKxWd^r0SY#=sG<WU@3=IN<?lva?L(*glQ@bj
zKLX!`{6bi7Tj8?diNt2~`m>#H@WgKq;cx@`Gj7c3UUcaD7_(W3+;+E@YD8<GLkzuN
zbqBY;P;9P8Q7(WH_{UHa7=aM&yH8>%x}+;`y}$>SFirnOV36;{(0xzKMOm1DCFA=^
zRHr!Oy1}s7J7y|F`naDfk4-Hj*m6lV_SloNhD5F4b6K9v_fGCbX~dzhIUsJ|&!1kT
zR{<<foB;=^{3a5zKV!ft3Wpl>N^V0qHuT;F#U8s#k1f2f`g(SfF6Yg8i=-Ik&gkPX
z*7G?#wAjid;Kxrtl-P4BqY5OLVlZwg@oXj5El%t_#vx~Zw{r>`2<uXs4j>3TuB28x
zY@1KFRUS5kaM|3z?)(u`2pSRjc5uIXoPS?$AHvi!U6iR5Cjuv>1rOFRX!;eRO+?W1
zc$}%#A+50a!^RPoP<1>Ir2{<zk?aqG7;$u$tlWY1z(Ym+cg(07=I>^JBIK#8kiW>r
zHnH!S5U#Hd5D=Ws0|9|}4(Bh6Q75`Lwb^1IAP`JuZ5hv3l+av(mdw)NI1y1TmeRb~
zDMja(bKhL2Y)CQ`$JAY8tf^8YO!P9>!d3VpTmL*HDafUUJWplc^*~cfI$<NxgTmF}
zpjYVkBtc)Xf%ge|{GZ|g-^PPof)J>KaF|!KsU<#-2hIdBAb!vSqXQW731yEf;$~%}
z5Wj5SVMDleyQg$p8vd0<)l8J5M>1%KdUaxbrk0{MV2ZfjVhvweiok{MH=mPACCKRO
z8a$HCxD$%LwoM>DE93%ST)^<S*0zV#NDR!%@T6LMm=v-PYW+HzY|r3It(wkFBCmvv
z_p#s7>fx~4>UcjFvaiA4>hR>U*?<r`0$Qno5`WwIBNnvXtg_S7B&esDr>7aM6#Lq)
zoc;i>98Xfv#HV#(#-UYHom6NZKN-0&0>u}AJd6DS(&QWb9GY5qKv;s3iUCQ49Iu{d
z*#iS$EV_Wt5t$IF&hPX0A0w;6@zM*{{qFGW$K|F84t(T0Kt4;R$=ghXEU>rCQkcq8
zXis*gMzbhw@U#BwTwd&UXV=&!c1!a(E%fzqA2&3Kf5l`o>&G_U#M4BmGHpE@V6{(`
z*?dr#!8Pxo;glcuukk~<-Sgh!196ZKVvNclA>~S+*~BC^NA5f}H)5EJi>uetgR5?}
z-`h&pM5=e|4e8=2?b%OKe%@*58mb-|fL00peXlPCS9Vf$-9GQWb`j{X+$48rk7tdz
z&YSeUOYO%+^_+65c*8@8`9+Big&AcKDW0xkZ^IJ>{bTEQ7Vw`@WOmV~o$R(tuccCK
zyWg9e1TFt~r9B#1@e$PbrCx5%&VGLS-gj-fbl#$NB$E4a4TaRqy{`K96woS5Yg+ey
z!}C}y<e;Em`(C+b2ml)2Cc9>@IM>A~JKda18lWb#Um(AK1$OSCT!~mETTX)ZV%&hE
z-H?2eyg?s2gr<u6XrL4OC*6KDaavl@Wl!JQf8c&PhpJeLk;*sE+k~nhi2VrjjJvR^
z1R#g_*KGOT!iQRxPa-whDV>=w+PS_@F72QF`8K?dHrUNEnj92TO}6ZJb8acWbGB}5
z;%W@5G*2xNr_g*IqmFVLGElW;4nZg%yFy^U0AwjtuacJKMKox~?cm0(TwF%>xxYO*
z<-Co=wx6=q(;?rFL8nRG=ByxaIuRP|E(xu)Yrq#Vz1$O7bhrzs``WW{-xl|XBdL}F
zINR%?GeZCznk`MDXHWC9W5t%2K;QN^>RoSkBl0y=B5#dLFSuJ=>(n{SBzo9@d6)4?
zUeVi~rXX6=#xy9Hc>NWg+~+-@yKlL<zKI^zBE&X{bS1V=K-W4I5q23q{zF3L^OF^C
zhpTTN(bxlFIcVVs(FypxNi-Ll$nelAV4_F86c<u1u7LN|YnDPYjL(Gi<t>JHBE_3r
zNul=@3^^63yV!g$vT0oDF0DQaQBL$MWjdMzc9GV2Gv#TH<WPBte=cS0x&`@~JFlx+
zGy9CMdhn`DnNx0zWj#Ukidw=&<h@K`QQ>2lux4H#f<!S#k0vwMR~4Xt{pV$JL@o5T
zJE^E<!MO!)OX+hJ^4D1)Wm0|v?lAnL?nl7_-X(4@YCfF$V$~cjE@5bySeeU;L&<s8
zRn7Kk65S*26Ja)K18#S{=uzGlF47-mP31+wpKHW44ePT>M&apgtAtN$H5v@6N87pX
ziT>2sPWg$X{73<ffab6TX1Ofdf4y%qQrAxyWo~?95l>+ghUWgvC&_egzuC#y3S$2(
zKk7*o>T%*dU@YNT$%NyIndQ2<NU(+LtzDf3W7(!|s54fNbnjp62%jAy?N_AgT)Rt&
z6|ojpH@1_w8sMe{rvMt;tu*c98kBYEG|#%3eZc}q#dh8YDlt`_-?K!PFB+1!N)}al
z7cPFdm@<bxdRNRZFNnwzCet;h?I<2V35vOGoL3WP^nV%VBB@CbBecmBFRCQxajIbk
zH??Q!H*+vcR{ZJ(FOaH&;2c5G0}Hj;{r>60IDnAzqSc_`OCR+4?GG#;vHVzuZZuoA
zO^QO>xA+BXZlM&e21!2l+7%km(bo$Gp5%i$BDIJ+(D8YK+S{HTXiy8BC)~HRiW{$L
z@){Q<%jd02<QsMUiFF-ama456sOV*Vo_6T^g4@sKw<j&wj&PIe54<3;X{a40e%l1+
z{X9BeYq-KVqf<lujj?7`@5l8jxn}Jlv$y}J-H}C%FQCFIo+04_%~$9%34QcFhZN&A
z(Z(j1LZ*`$oySk;NiR;hohlA&X>{znZ{9U0{aPEU>tm<g)A_y#Rq-A2ZJ<`ee!wbh
zo2~@=N4>eyS!jCHu8!!W(psSxB!@Mn)l)o!>EKw!s#H@?RAoszN166U`nuaCe!H`M
zy0)SwN4XVu4l9s%8-<H1YeZM?$Mu*`)%fU6FwpT4L#h5(qJ4bJ0k0B5ojoYNl~m!b
z9FE>e(|bx?Yk$8~EYRNZ=J)tGKlu1uKVB}{%BU!qW02+l{`s+f^eUM1F+BLg^y}^N
zBlX_?IJNkg?EcLCFV7iM^@wsz(RdS9<woT;#RbMKEzXaG5qg!RMUt0FfiFED@ZFuJ
zfJDkZnVmi?@uJ4Bz|n!{g}Ot5m*j)quETXXT8#lra8W1joKkx^=4KS4`u<eN&XXQ!
zbV1x3%wOr+Rg80<y1SuFCD8GG6EuEn2P(tv_FEsYio58~Uluky8C=(r3r82z1J7sI
zV>R{&9KI`_6iL3Y+b*q^NrAc*r%{USa%I9QkO{O<9J*fRNlYJiF~R#LlQF@+0gj$X
zsyaiXz5;}~9U=|Voq@9Ee{E9t;iP12(iw~N{zgeEPUHEgn#+|O7jF%0V|FfIx=Gc9
zdsJp&WuB_`y9;EmYx}xG5iUKpu%0}7w|y;SsreBp2p1_{tvKz)iriSuhmGf6R}9NE
zw(JL)1$LK6c%I`wz0(ZKqXfzHqo^rEb?mZ03yB#{Me5lJfrD-37maDAb0G~}(Fr(O
zSIo~NMn)ZNxEK3_5@Ky#l_`GKEqCMAegr_pJcGB=fVQ6Fch;t3%AtAx>kFEO3;_`{
z>fL0fd$`i6)bCz4zx;3yU-xo2FotdQL)P}V=}i3z3MESw96*k^BdZN(e0$#=yiKGD
zg9nI)X{0h0hsYhU*Z66~#rCQ#gNvH2HJY_@7?{Q!j&`6FmUNo$<N(f_0w5SNM{=Tp
z!Pwf~;7%|yY+e6q9t?9>96}Lz|B0wPG=(Az8AUu1WQcJPghFML)6;VxJs3A2jT#vt
zNiop9bBw&Rp13wG`k|EekD0O@x-lX`O!NatBY!d1cMPTv8i}qxP+t55egb;jMsF`7
z_e062e_cBIdmRDkDQ81@JZu2JJBTonX@HddFZG3Jub%*=9~t*Rq$hNf&3^<WPl!?g
z45~Ngw^dbeHdf{<bz~+=cPiF5`r#L*3DPTU)>fmsbA9-=j1O^KO~WE_q%=1F#hc29
zpM-37c1lA`pk0j1<)a<{G`&{Ixus@yw`e4#3W6&$PEsdvqy|~(=8&Xyyjph5<S2GF
zfh`#<@A3M)px6>hXzLiR!|WFIq9Syb+cLqUZaRL9+k20G7&jOb!${7oH;Yo$PL0?U
zUsQys7x;Ezf9w(q(h;FVtYP&j&NHM5QuvaHxVsuU{tJ65?7#E0w7ox25;9OAkb&DO
z(eQoF^23i%Wu#Wl!^QiKEifT`qp8G6pW@Zq#ruH$y6Lydyfq@*hbe<cMx584BV9we
zsx&-8gvnzrC$Qp9m)>gnVZ)ZQUw0eUbA#(pjvL+)>{#>)=ciy*dbRuU`&91G3n2NU
zcqKmPe=ewv1cwgE&-bKzRa8chT}nm#Tw9SRw}lD4f_*^a$ZvUC<F`h|@3;~g?I_M>
zw6=P7xsMSOwiGC&{90VLk7tBx#hCwI>WgnwR7(cJ^wYDo@*-hZg2KpF+oS(!X_z9c
zFgWs>_`sc}GdwCi92rWVgXZVBqmE6l7=~gh|0r&9&i;2MH$Lvgz_zYpFgErg<t1(Z
z1l^wkI`hyt)j8_Rw#F|t`{-0`7~6`GE}Iuy8nS!WBI-?^)tJ34*TK@_(5ZGI3*D|p
zFMZ{LE1z%*z^71_V_t@=*Iqh<BA1-|thO(~Aj~Y@;X5iAN+dj_S(0Cp^D1RoR)5q_
z4g50kkBXh)=M$SoZPzU2abp{WXga2t`EjT~-|M)c^j?6lep$t{lBGl5z(sE<tEE&}
zi^)ZA=$V#Ziqf?=a_hf;1t+il_vT8J)rdRI<YHBa0XN6_rio<cRRdrqwx@L(@4)j0
zc?vVApBbjV1t$5e)ms+=M~v>7s9VZ~lGs2&IZSHK^vUr>eAJ5DRzu+0!?henNKh)G
z^1Nk4bkw_L-nYi|GLC9wnRH|2t2)c(D#_U%T$^5cbEdxVaa#KN^V%}Wjm}Cx;Gg@0
zhPBodm;I}lrs*rapld0?p13yHT;GXeEJwU$4xh`dI3bwVxVk1N=Q4h*%cRZaXs%Ui
zwWyC`&g3{stWtCrlB(?^f@C;;XY4Y2s__5n>a3#bh?;F3Ah;9U9fG^NySwYg*~rE%
zxVr~;2=4Cg?(PuWJzV~C&ly*`A69pdUe#mNQ?GAT&Dm~`AhWA?j7E8Z3{7)?cf63-
zEK%6IjBm$3DDh5rn={|@^3y2|K`{hrE3CQ*7w4=KgZys6)MWF9ZiGC0XYwe)p?n2O
zpOd$3si?rme&!JMAnL-yy<{!(3Lq1%pe^}B_A&{Lpe;t8&Q6sR!Ol(herHFom(`K^
z$L;fKbEO?B{AGhiW@RLiu_Ep}o!yQgOD1n0!TUze$j4iiSms;eVZUFw>#cuS%H6gJ
zo|MH>xG~dIb+3g^15u{-_D_S)%M##5-5{k`pPWC$v8`43-6VA4UfWEmNFzo>&~g{N
zem6>mk*<Yw#MD6{nD7+XKu}>FglzI=#H2TD^~YSYM3hIhkJWK36<Y#$0H*LiVP7=E
zbD}qKMGT9KuqiqwHlb>o6wy~pdaPlJ#q3X<^OrZW%7U^rS`MqQRt904_(3|qbiy|{
z>Q@o}1{qoQcF$FS&@HcyS$vG)+<{}ob2F&(B_-4RsS$h1@~O{jI)01rRKh}#I``cz
zp#JK%u%j=@><2`=`(w`W5PkoX9CtYd+*^1l;;jb8HVRaHscQ4vP6$tC7b{vr-Y<=~
z{7L{hj!1%QoLQLkmg@kj!87e9eO`28r^*8HOHo|oT0tB8qW0mgzt=eP=372g@Lz`&
zLMA)bUk^MMd(o}ZN0gE?KNgwpFYAA&-c|Oij1SS<^<95yo@3-D&JZ|DiJFL$({~<h
zED)D~Bv6U9tjZa*2exLV&(AUtl^CX60Sk@1XMgfukLwx}*Urj7E1qAwm%;Gh>jd4A
zolhg_Ze3T<BPBvz&j%<6syh1p=P}u@3ocDpIDB#h)&ND{_J0p=!*`$Px|FSU3I@*s
zRtkdpnT7`YDNpgoPl4fN?0(`D-~UnJ;$=c1&*`P%{G_YTPK(`>{@SHxJ>nK<<dx$%
z5hx*K-i#+>!8*Q-2^+ONs_zjDIU_$&LiJrgdzj2#!aGmgrZk((Z7F-h7~h;VksP`N
zTb9lB(5)Rp{fRNZ3s<ZLYFx)b9B*0!MO4{}vB`S3-)NJ!Z4l3BbKeQ2K)uKfr#QNL
zEE1FAuWSBQEYvPyq6onuyD7XU$<N*C)X_08DB4pFvWYQ51-C(t|K3~+>B9A~WVvA9
zZ8EK}Y&AV;qfaYkI4u)L=2R)fyV<4O1fONpi5-P}?^1WK9Dy8=fd}1lVz_Mp=@a}4
z{FHLLl1P)wF3)3y=@qlv8#TgCgI@ZW+j<hCeBKi~mfZ4nG}8PqXY<rGWN^G}k9c;t
zDe61wqJ<*dZt2i%A{K6dQ|X78(W;=kCHs=^X|J)4sVm^%>-H>7-s*7b1Ng5sc}>f4
ztv_-uJ2~tI8o-)8p<oO(<f;pxj#h7e9_lFU^a?$8rWJ0lU|T>n<TPbEQkyzJMD@{I
zWKtb&rBK{LBs_W<Oz_UmV3%zwJUu7~#Gmz(p+()P$>n*=GKJDg!m-;PQvZ$+GcY&#
z*~W3=;x%nrO|o?5e>Sq+m7S%RQ=oySe{5kdX0~>g7^#?g+|nHeWbBf0OTvkKpHVe0
zX!%iFv*Lh9{to20)idX);|C5g<m7nsemtCwK2+D@d33Q3ZkFGjokfm+hUv#gU-SD~
z?02dvl|a3iWFR_?UJ643AiJirdoih=!Ks$H{TXLSf5?<<&p`nqFCRw25}ozL^r~H%
z+S9p<pkEQ?lnX^)vGdt2s|!;2*`XM2;O$MP2%L{}P+S<9a|_0!ub+U~(fv3DW)TEP
zb70&H!H~LATE?b#tL&BWkbe4;4{>(aJ|^?T_(B}4=5^MC9Q1&4-jm0*pZ&+nD{qOi
zkShHStZcth9~w<b^%#tNA@69_lzIP@)g9NmYPIq`kH1WJ`@Y;dLR2q)W+`+t>b!V&
zw;NOGL}SAvPByIpB-~0b?%?so@kgH#hJhN}d-~S0mqLz>3hbn4Kj{;3`S+CwOa#Np
zY@hWMHd-}TkX?Z@OKgo9))$(Kg2qlmoy86mNWNIhISnFi<0o}O2Qq}6Cj1;SL>gX4
zTXmeXIT)^KSw)$$zB?x7=js-*j33lS$dW1oEXE5tbJ}^;I^$}S_I^DES17MT#J}vZ
z-+A0-+|w8${Dq(kc59yYLZnT}z#rTnT=CZ{R4sumrDBU<o#tYyi$2l9t2S)v$r%Zf
z71WE5Qb3!A?rDsoD2UYBOoS^nn=kpzeTO7kLI@KhG;7vrL)2c<EMZg}^gl6dfhjBx
z-*282au4#)@osYi2`^QrkFk$2%It~VTk!O)hzU~WQ3R`r-RVFdRIV=JePMSCcN=#L
ztD;_Pb7c|_SvpFB8Jel?hKlGZq;Vv*-xvUlOt?+F^!g1><^mlJLJ@s@)#*(KB0qn3
z9#kxziclYl{(bd;&&+(GF-P@Avd>J3^3FkuIP4fU@%Aiq<Kb^?oTiY){$w|uMQd*!
z-BCk7Jc7bZ5`2%t8u<t%8u5#-ZY7zjrpt++UdS^&67F!uIq8rsP9f_U*yZ`75QAd1
z0<R*vUgw$kzUO&RK3u%yEfbUL#soal#_!7)-C?(45`Kq$2=7mmF3cfjsoV7WwbjSD
zJ8}3A|Ae`IHR;7j*PeT$q)C3S5iT2D4Q`IfnnQJx%SpeX`QIIKP4nZ%DSO70QLQ5h
zDY!F}HYlw!hyr@@f#Sp~ANs>@BdzA=pxlq`oEtYuNz?J1iHG7{g;)V-pT`q3j(U0s
zXBw=!c^W^*PF*e8Te3~phk~Dn0(UWD@hb(p0M(9RL0~3lw4ZcNG6Eom^J)aIvJ6m!
z(tpwyMDEvFkPWGyxx5uZc9el{g>|(4N~BGJy<lOwtSba7Jl-Kq@y2@dlryUGFI^@|
zA5#W?y#%L;w(+ZG|9)1^dh~fV>1Cl%KpzcV0abRoK?x*l*NCnj_?h8>z&A#J{OjMZ
zNt2cs;SU`y_x;JcrY(28&Jh3;Y^X|?-N*(oaJj6*4kg2>d&r{ca9PC;=_i96Vx*65
z^)l<)d-R5*PE@x?^MYqkM>q~g;QQxYj&Lv0>YlrJ4kEcXGQ{}DVBPGzSyI91)zFo6
z#r+9pxC}|}{K&{de)xCjhJ?A-{f-%8f3I#7E;f@JVF(w^z#XvDf@>i+v)t_->0i*s
z^@rbAypfN!sl7>`aYT`UF~-ck-i<o~864dw*CcOeM5O8Wm%E-eb7PlI%tfX{fgEE}
zRH0k7OKKT^y#jJF&maFl+Nt>|dUMZv2Tn%24ENZ&EYkMxer8{{G7x^d4X<@LZ>h4X
zFWcSTj}_d1ywu)zm*^d!^`eCFGJixM?xG#n?uPa_Jl%gMwWo)6hSqnOG)tk#!Qb>y
zM5)(0`W4RqIo9ZyoT)5gD-mWu<||$I<9M=SyVW}+O*yr$7$8Xpzk%3dkbUj1RmRz+
zJ?kxy(VE>|b*}2hlf|3TJyJy%b%~fD{L51+<%XH>Wq8AM&+t&jS0aXP>NpChfy&BZ
zduL6y6ta>4RA88{3ufaRx5yUX?jZA<Z0UaQ9V3K6?cs}__SjYwG#B8QMVvn9Xw<vQ
zToV-eS^*n!{2<T7aV{Kfc^$sR)9oaEPOa#u_3TPl-cN~H9e#JjB@g#GWDU*g$jPJ(
zm|#jjJ_^cMU0sT~)xvz?sB$2{`q6|)6cH5^o2C(1L3C%a$O$-rfge|_wkPf^?zx_3
zcq>2t?QEJ1It{WSsT{VTzyA50>W-Yq|AjKvE7*#{dY68M?$KAXtw*el>R3t8PDJs1
zhcui_17j@100wY2(YnH?S0kCL2atz*n<N|<W)2)Y9#xmJfW;Ra`qHnM8m2WiXK>7{
zLyc-vF5?|sM7TIz4-L8pINd_2-Ya~<lqc7dDpUvcw<_9yH;t?@3d?=_<$!}(u?K@N
z<=O$QP<Hsen);y;w#nxPIjdzZbC1$v48L1?S2om8z%iDnQO%Cpb1Z%o(A545)XVCS
z_XG@w<;4!~2C`wJeMnB}_eKW5kqgiO`<zmMkedOFK17@=BNS~2_V$|R?JP7urrc#0
zR{>gdK96FBqlg^wzw?pM)pZqc?8P`&^D4I`4p|c>=rPh)owLm-NN`Emxl|5R-!PHK
zg28Y{GUu6X;({do_7wTt1hOZNd^=kk${D*@H+Kr=$DU7uARV;QR#C>$H7J!NV!#=`
z7vjJ*?c(;lvd7T~>yT-iTczX*>ofg2Lqrf?<Y}AB3v6P^4UC@y;z=kHAiY&k&1^|1
z!jh<sSV7jJC%EN`yl3#ug6@t82w@|7b_9W2-=T{I0@DHwB!fTyC5e+~p~5`EkRcEV
zK|aVN&0LOx&v7;=P#r6jY>u`52(MSu>1H2kT~y`uXx7=xb5DXZK>W3omjJd71gzfv
z0)?M*`NQrL>?wPqaN}-8+df`ruPv=8*EDxQP)>FPQHoKBeBKz)D1w%sHcxr!RdOsV
z*lo{Bv!27Z{TbQjb9S70XmlnNls-_q(ZWeVba0+AakxJ+_^G}3w5Kk3A3jFvF5EsP
zpf@i|W3`EjoBEk)zv`d}2sXF3Ij`2`m+^>tdAax8Oyyu`vvW3~<^G^0gBmg4yW^ZC
zK46(|wvG*&SIKnBx6kn|?Ca&#=4?1aWo%~7!ws*elZ*dMl57Mn(9HgZ2>7`JO}-=i
zDtsSXg9W7?+udWqesd#<GYzx}EN<F+!T%h}nHAKe4(33g1MyC3P!BRCnWR09R4viG
z3Oz%gZDMsRg*C068=XNF*=t;AG;iDTS8Y8bb96sr{KHw&duLS-=dk4rZKn}z*0AwX
zwOO%t4VMvfO0M?Kx3qX?UxX4Jsrhq0CDhNbc6$GtARjkED&qkr`zCC1E1TN81jzVQ
z7JJ^3A;8*x%T(?C%LDy0e9|bsuX$0Y`dWPf;Px2DCM^9YG>C@ti3FEA>W8OsS&4?X
z+hY~QxPVIuYplGHjmz+eekr0{#pw(^Am*rCdPhzE`)t4X#w|EwC4ws5u!U(W4T7R5
z`{<Vm_RI>AOdir#^`HfKY&Odt31~U}VvEz9Y~Y`~4+K?Ie*f^m6YvxQ+wjG^E^~b#
zg6h@mO%2P?wkN1eJtYq(YieW$U7iRbSs~Rm*?4>=8O)~fjldZuhcZvdyovrp8&Im5
zXJ#y)`W_U@DX5&a>V6f8z)l{Nc~)yHjGmwL9%slAoV2#kps<bqh^~6kl%(Ldpb2VZ
zRnqY+sgCv}b1B6+l%by<vVb9gYS1BbZZ-#b_51$;MWd?nY-Z=pOgWSyM8|Vm+W1&M
zh8&L3DXe_*!tM#1!!U08RHOQgd@b9N*CKe#e2PSSd2AOr&=(h0drq2nu|-<*hrJ)n
zrLtTX>t!ChjGJ^nNYr^=l~j4`l4%+^nUdqHqAkaR1gid<_!r=A`!9?W3~4j6pILtx
z`^~6;M9;oFv$r%t3jFi1>5F6T<IAGgtXox}zkC<J#~^)H#J5>s%h@49N6eas%qfS`
zixc5Mh!cS<tGCahw5rvs7E+yx{|&lc)r+OFzUYiX9|<i>PN;!gdXi%PoQ^px*!+Z$
zuyR`gKCpf103H|)E|ZG_Ub3_q>jBoH@{7r{N_Mna{>48%yO&iE{;+m#UzH9SDOFAE
zkt2GlPG>6=>R;jZN_GmTB5CR3+~?II)|Z^{*H?np3Al)R?p@0dNN|jloiJ9e>B0$h
zp3GoBCHMB}x=NC7Zl{oNUxE^9<q1p&xw#DUBBToL+bfN$Go71QRD?C~)#{e6W6@(0
z+vKrZ=|V4hX()KHiN&}_!Um+qD$-$C>-B$ifZt%5_M)ahXeH^gq8^%<Pgcyp+wKtX
z=r3Z-{!9rF6!S+<nLf8wYux)xexKW;VyuT?<f{XCl&qOjEe?*lo_YW#%O3Y_KUwjP
zWm@Z3sSUHAeoKCD3ELoo+%hmh#cfj$3Mq-5$$e^^by$!lDDY7K57kDu-v<k;;9;gy
z;1~H1)^0PtkG{+!1R=*z3XJ-@>1+8N5h;!G-w0si1p3Fj4m|(nxoG4K9CGf&I6m4)
z=h~aX*tA7_eHA8{lMiWh=;iA-T*&VjM6Q$UVqZKcdwBM*q^{`8)+>PZ81SMw(ygs5
z2XxP`DS{FRCZzCQX|$e(9(@KF-t~mkaCRMy#2wPl-AWoIcx)h#{pz+hw_-5Fjd=I<
zl-~it=&lDOYVKXpA_)~PigY!;6Px-c*)8kyZ&2&{?}Oj}gOQtJnzXk5!;i1m9?G&%
zF9aCz$?%mNg<)8)m){EaB=-u##1u-0;0ar3d@=Vz`xb)u4fspNeNQA%xeh1xnDT62
z(Ok*@Nn%0)S&D>i5U*7DBzFnl4q|jT$hV#`&ZWFbkn;TbjIqXGpQZR?8M@XdaNZKv
zzHqVYugvtFUfcjdU*f+8gWVAs%tOQWC@3rxzSxB?R3gLnm6g9U_`Nmv-rPG%EB}Sn
z()Cv{4qj<C9N^3(_-|R+4AHs<Iy8k_GzO8etK!udbKC3GX^@J0-$2>KKM?YFU6;7F
zliGy!>0u!1OGhiW^IA5ua$-BY<Qjy)4AM<re=%WH|BNr$3~>ndrjUvA8hl0C=^Fz1
zEA&Su2(Nk@o*|#!G*J)&$}GX+0F=O_dB715WwCpKaC`z-R6llbz_s4IqdwPQ^&~+~
z%<wKL$|bp>uhQd>PT!oE$e8i2p^5C(GyDHy!tO3cQ$_SOFk@x&#@cV&Dv}CxY{y?c
zKM0yx+`F#K2gTQyNTV9TXTf@{yt(uR-f%C$UO9&Pm!fx^N}*fChVEqCRGf3X=~DkB
z>XuI3b7lAT|8M5&7N-OYRhP9HnZXN>hRb2{qAcR|H-`)Gh?mijb+@2qp<}RQlfIhr
zs-iJeq*YqX^A`#FV(To+EAb7$Mjc8P@I40Rs62HbPgwj&gmY}SSET9$!lm>f=f807
zH@~?XwPPgLGOdJ-Q<mT4^WuS=4O+~-dRP+x?Q%TOY}2%RkW)Z`3TPZBGP_rr-ccbb
zu|SLSC+2p+=2g@y+5CzPc1{nr0Bw>Ys9MGO9FPD@_aU9DI+mpczO0n@C~buZWzOw6
zsb&-O7y@Yr3;&0$X)gql4%wLvLsQ`4m=7i?pqNg|-Hjxj34en5(Y7)rYMQ(4K^WAP
zY`Gf8rQu1g7vn1|A>4p9N2Vaxd;PzGE(F!vptHtb!~t@8=~2h9Raw92&rlEh5C%F)
zf^W)9{XL$So&9_hft`~<jfU5$e6P7dnr9gi*=4MCt64B{zw`cw=Z@GSmjW6LuF%@K
z*eyC|Ewx-xE_eP9(S0}ge~Iq38d4v+x${RhAwlbUqwpewVeoUdKt?K9w%>8b$=S?W
zF+j<uVfM^j-WhhNZ3{iA@8=qYob~Uvty8{gq)v8H#IB=SrF4t<t30SFMMQ440Yd!&
z<M7J==DDg8d)}00Xw$M5&eARFwt-uVUKQ2NPq-GEgwIne*`aQKCSUA}lTPH`pmtpg
z$S!Nciz;2)HVN!!0|T8Qrw0b*M)obXo0`PwTIO{en;0&ch^?;c8~i^<94=wpuATiz
zpRU@`94{49kUuNeMxjY{ru-u9h_ke*LVCHnp*}ZfeH{QkCGH>XIbDw9m>K7=tdL0f
z!6g(^oJ4XFXCeh~iyG8u25$_Y50RPxyDW;IJRGS|-?^btek6<`(W$%Aa@<jLJj!a~
zG9Pt57G()$&q%?AG1w0f9Z=m2{;M^-S95F%KbZg*g}661<t~g}a&pvDxp>Lx&F)^F
zotzSqhn(@wB2qV|uS+{*oHsQD6E~!e(@<77Wuw*&rtB^d$2@(ekS83D@RME60FG+A
z8b<C$xiYpr*)}6ImRxe!uQF`IPIZkZ-omLS$RmjDt@>quwGnT#9#*7KpHt;?jOeO+
zi>AGBSltTyl72vWln2kdNd$19&%miPEJl%wO3fi9ATW=v$8hz*`xUiQG&t62M&Ocn
zqt|J8sWlh#l=Ja90J)333>R{1=9h35i_TUf(kiyLDt0N;Gw_8KORerDr>&7jnvrDb
z@tPZ8`>FCLHGV0WIBt<6hGWDx+$T7z24>FTi2tfVM_0hCbpxTjy#gSTBI~noTrQ^C
ztV{p3+FmR$>-tP8wO6~bpfJGLy1g?zZWZ*XymS!}=YYTLC5px=;yg^mZ~6UIU0&_7
zxMp%GP3M2PcwN3Cn*LO^O+RSj_Sl6l=KgYz@b!q+-IC1S_EWPwe~;TZ12-Q&DsWHu
z>QssiQukwsryc}J#*FA?w)2uw)~8Q{e_~f9=8B3x)3ZihmTnXM|Ma$$38uxMFD>K6
z20vbfnV`x@rl{ag+Zye<_59DaI@H<v>x&_a_!Fl<BN%}re>%k5^q5aWujRH44*THG
z<DX2wFIUDQ5~MbN466=1a@f~3+3;S(awQf?NtwvU>m<l5ZOWHS&q<yof{^TksD;qv
zbwPj6&(C$fJA@$*9QOD2a%bQDJ;)DXV2U$^$s3-aDf`JhfejBFGa%gyXtuWUaEgaL
zAmM_hBI)6`#H@>+bPF-n(P&@AHJf@NoL4f6u~(k3T=iUrn}BWZl`X8o2<bGK#@W1?
z+3}8#Mcz9zvr<lg?p;*>7BP#=i`7xRGCDPE`&1Qfdu|ZTAIPN96ibRJ6_f<FHGS@b
ztQ9g(+$mV+jN4Q73SwI;W01|H$`i(_a+hA=gFWqu<V<mk2BO5?`@4=pT9T%Odq)Bd
zYSoM;tsI?jt3o9eia4Pq?J#Y(k-LqsE}K5c?!iU8!!*G!3$ntfJa*MyegV1>KG8hE
zo{V~4v(@IE`6yW-YI7a~YD>u!zZEzzVpmrmN)N%lYo!dK^<G@_{%$ZJzI)D)F#l2n
zW;F(gFpT$KxFd@rWj$BUQa9~Tq|avC)SV;!&Ptgd-5~IiOEmxcr`G?uBPo2iyjc(4
zq`-J32KYtq5>wbIvuFFrY<ELzIrHBTFaO?ttd<9klQ~7e(WpKQg&%hEarwGAi9L$m
zx}HR}POI6<1X)b#_?B3RRID^9`{l7`*-ZalQ!TxJKG}J{o?Puc#QQ0He3n>jfUj>r
znDb7~ZybFst+47|J<Pl~Q+Bm91N#qL(v|RO^6^`fStc{xEz4y)+jI~MextsHWo(n@
zAjOOxFmJm1s^!w+$m|A|gDJ~+7mhr+?n0}|Yq{8+&q!p-ZdrL}N(5Pio&n+H-ckPj
zL*RDQfihnCG$zWDbw#NJ(@lg70k1YkbQ#a%`piTCy)Df>!`gt5PNZ^w5J9I)Uc-yc
z@+o9fvSW0w(=VPTcT*W%LEBPB5MOgS238nL$|Ep|)7EsQc3tC+<V+oh|M_ipoU^0^
z$a!7&QEmIr&PtQ$vW=E!_N(};D(@6Qzn+(=(ypq<iVt^?g^tSCF!IWRLuUnd-bJw+
z|IW)YZq+E=SmKN3y~WHWBriG?)DXBGvECu+En&P!nh!s*#*n-^45_ewIsG;NN{7x*
zoPqoleG1d{(B{1M%`)}W6&UO=lg!}J20#1V?V${QCubHbk)4PI<jc9F%p-!@-z?02
zf4mK8VR%Ljw?OsMXrNbf4>wCfar@KG*vi>YA-W;nA=&LQ>RE$~#;8WH>ln1}4hz%`
zO>Ns+`F7LaKi&~is5C0LP3Fai53h%ZtebW2xMfNTk!rQ@maL4XMcB_#>3df7kaX(V
zePeIBh)aBh!9XgxMNa;}<<x^fs(?w<?x<2p!b2k32gNEO0Tk*maRy_$s7Y{GWpf&#
z9Ry2RB=Le(HnC~reZAyzit@oiQnZWR5+sPwIbbTrM_4OJVf7q<2AAB(`0*P;c|L}C
z_hFRyCCXsjYO~enfL<cLZ!uAfQ3Xpu2dd8K%KIs>L_#zWP-QQPG^4urAdTC9?nr>!
z1xJ};kdJ>@gxuFKuSAn%GrZNXUf{ayIWQCsU$vsd65jXX&XPfu;bF`=2QFbT1JXYe
zj_HG(E5{3kPbd5<B^S*hgKLko?BlR04)XUNR)?6cgMLOeM9bYY@j>9~qb&U9(83D(
z9S96%+xmg1Hk_IW!7jbK(ZtH7g_j#-S3R0aX2GB6KzMi;I&&ViM&?%j4@K;kLokiD
z%v+UoSI&#jidZH8qPg;Hk?Q7=k=Z6U<PnsXaKJDK<$!-DIRY@{{-SJe$BgWDhv28b
z*Avn$P~_3dieWA2^@<~DND3U)WS#C_v~iiBjPk*4c_hcB-+r-oTN%`ULIpw`{)5VK
z9ug?o@+(pM#=v?9E>XhHl(F4cs^yW9?si<auhbzYD86+zxv4PzcYVEWD|34Ur?Q59
zQ{%3RDSXlmZu8X5>oUZchv@i~CS<$#sQ5I1HbUlzEaYs*xBWABLcSICc=rXhp0m>Y
zTroZCXttf~wY_cWl3d}OI(!$3@297$r{l}NcPR_MI-~NwTVEc5R=(HM_nq74dox~F
z>Hv5;ym6LA%w{DI>Xe^zF3RG~?a5Y_ZkCPu?aOONfPh8)*7Uf!E+FOQ-Q0}@7mS`;
ze;R<rvr>8f9k4$JbOY7B)t$LMt~uQHXP-vBPLUyXiyc`zL4v>cg@Oe!>R;8QiP2NV
z3tE<mBM+slo&tOX1g~@NGW0~J3ET`^hJ74e63uK~tjLHud%0x-7m?*_vg9tbtJo*|
zs(9;OW8Go0OrhD3$g2WUPeyITZgKc>W-pL3eeXW)(-t_|uwA?uQE%<?U3^J68eAwd
zRNrvP@{3lcu+2J$Y&p^^-{}#u)**&Lk^^~nOV8wG6$$bYNmqKe|LhwRmF>l_8R}X_
z9vzb^m>kD2nJmEywpn>sf4-%tPD8pL#iwrI|2pXKGNTrq(q`4w@mI4|(6l}Z%EbM+
z1NR$JDyd_4DP&=z>(#?c5n^q~XyO0+aLG>D8~6f(-;N}}E#{e^Cn&Awp+nj6mJB94
zZ_;@Lj4ckc0c(pC?xS4hG09|3&j&5&H_qKcwpEswQSm3elN~GEzP}z*7<wF94X|x9
z=M*hFEP$?EA-)Z5am~CGC(Lo+WQG{)>4W8Yzp~kd)WaxtzMx+a5_VMy_(c2@ayY#w
zt%X>Q(MvKSQglSy%uN@JRgSyaMJ?Dg#GOc$45aucLeTmLiJ64cYb!42Qw6fwxPu1q
zgpcdDxIvWio<Ay-v#iQATR$~IIL_;GtWhvw@VqQv7MM1dt9Ax-IF`{iiu)?Bg2!?m
z!H!}rYp-fXQabr4o$r!mRHqpW(NdPf+H<;F>rk)lkr&e9CQ-eB#XEmgl|S52bRH2B
zo+__`!$K~pbZF23&j*5Gb%4x;^kXqN(Q~pzsmW5tAAArxetX<uzXk7YZs<@uZ+?GH
zy}#4>rJCR$axT|^VPg;kntQ(*%W4<H`@c5o!zVewmtN;@%bYe#&2>Qo!URO$do0dk
zu3CNG+Eg02u6u270E!(u{kY}t>nplG6ivt0?;z+oIt6Sl*E-sv><vEN#WjUjk~424
zjK+<!+Bx2LXIx(PgLTI`ylHR7)yW3#11?v3Qr8llN}9EfK8`5D7~1I+9pt=-gDvF0
zpU2y+JI&8W!Cm9GZ~~#I*j<m_CYPz0rNcSH)A8hd@*-vE1BM|I#tkOtI5^E{p#Ek)
zyh7GNhRo!;by#*ZJ9U<ks=Q$LiiAVM#((%7?Q2Z)!_`dTZrEIeF@|~@1F+dkilH@x
zKF?D1wOX9U4U~*$9K)(DO~ZJy@v(@#Sb$D#pn#;=p%Ui?gH6R>=cJmKBm5@nEeiyJ
z4GnK@7FfPe%-p>^SCCi-OyA7I&4P4SoM6{j7m<2_2OzL4%u@ixN0lFWX3)6xgvuag
z6Jjp1<q=%v_tOBo>hC|kwozwWLdPtJHD5oxsINhPX~?DSL|#!xNlT_GG7JR=&j~;V
z`ZT}O$-?PiI#DIs#_p`myPg60`!BYb5~Dn;p}Qa+<c<RgL`<khs8w&qmJr(rikqFB
znvld#Tr68=D|bh};TwREp4H6X8KnS8ojNCnTN!<6=%{AW=_)=^BJ|Vo@f1(uLY)y&
zkG40^v%<?-u>Etyq|W#V`w39Ba-rqXSS?K6J~XtNvphDfnmt*C@1tcSQR6O|>Q5co
z#@K{w)djO}d5)kvW_TcV2}DX4m(NXK&48t>NPgSO+NvZ?pTHQTak`4RZjJX(mMxRE
zWAW|37H<(5P~~K|^&9ZFx=?bm)~goECsSGKjpKj`jk$K8S$x@rAFZLagoDs>sDu;c
zQoKTR*3EK(x)Sx3`Mnr|g?MP@Z;4pAe34Ox!wQEQ{!<GHy0(LT?H;ic_c$N7dg+s)
zU08|^<bz@hmAWh$zKL=^Bh8%a+mVUX2t#kV)qYLOM%^>%vAY1TAjuwK(Ih!0+~6Iw
z9|3HLH`L_1%UrcSMA<?-M3K{vxb+|9M!=@eZNE=w((mri<04QE76sBll8jXx20V!{
zrd`el(RiF<^Y2FNel@ROnewZFiguQxK@Qt{U7(PmfeYnZvsrnAXYU~Yom1u$7^0=j
z{<c=7xDU0B=7e(Ng5nE%lHjYpO4W_>0So-r9z5^}KF2lVYY^o=Xk*#5(J_ChQ5k7%
zprFS7Lxye6{+0y1%-_;}r6;U5)IEa~*)}slYwo4cD``4AT8fQzJj|FjOdsUnieJLM
z_W_l{K)B5pWl|GPrZqV3hC_%BmG&&}D4go}V~Xr_kaZjBkJXbYF#YY?aQg?NEIbS(
z0?rSsZuYd**FF0vYm>*!nZY*^g8CY}b(^>WYXbZp5y%(XX$SNlpH=PEWKm^*L%R8V
zDwTS2_j_)R8C=Ch#Tu>_pK!ZMg6nh5bwZCMlYd)5IGji(jSe21^wwL)*8okn%L6(?
zOWrKH2)?gSY)(oPa4Q3gu5Um&&BB4cs|{G4p{8J;Aqbe~ase~Q!<=)V!jsNW60Z0N
zQ%lmdml>Nc)ujG7S8~T7Ek=Owi<#TQ&bfQtM&2|jm-3s-<)Fi<ahYOBhoXVIsR`Kc
zpon;Bg~hYT{dw0CgPENeH9Ycfd3*pX`QQRw9{F&A{yw-BuyKhSr7))E+rO&oWo|Q6
z2%s3dvcw?;u6|2R1OjI3a+iDDs4oL)Np!1`$9)uvY-f6d-cIH+15&rUeg`N{EavL7
z8``<}m1=BWRCiqCPv~hZFgOTkO$t;d<N4NrH!!F_L19=t0k0hNiYA5{kJ8trIIR#l
zO`t&E?TPo4zbb_SR*PbhFo-2QFT^z;83WEUFB_@t=yip1z@wSk;gf1-d=L2634=9h
zm-0l!aSFryDw?;e8Ujd5xU+D6gyV3N@A2$=$PMXIwSQal3eXsr4nQvYy-AugWc<5_
z>LUQXX*W*#Qzen6WBK772NCOpk$);B=#crCtlXYWePLtm4)`+UkoPf~826A<h=zLV
zo>{9vO$;^?3&*{ue*mu^7hRGiPjjhCe-bpx<2Y0Z4mEH_@sx`qEIX~GF!MAZE0w`2
zl|RrmUPdtV^7gdL)@I8=DGJ03a3K`p9bGx}mI;FrY5e{-_J7cm+OqcZ8~RzLrQ^<w
z4*wZzoA>RVi6fkeBWZEaLJyYiZEch-3692!Ydbr;Ti4#ILaopdR2L1}VD#FQ-RKnU
z+gaT-MeNv>-89JzuP^P{VfC(S?AxWrG#3o6{|sm@7+U{H0Mv|Z*8L9DjBeKD*~-QQ
zR>N#%;{vNe9X|A1zNj5O>|4I4?$A0Nfu!!x)*XR!H^1ficP%kZ@Z}K?EmLAWAV+D2
z>OgGe-r44V!&9`wtWbMtCJvqHRTY~iL~J8rG>jQ?fa#un=9ngWVl{BiFPY;Di4659
zXQTn@Y2(NG#o6xZ!D(2i6@7XFPb?1y<8%XEVMZ87w=bz>R7L<2D2eaoOsUhoa{REY
z@U={&TEVT}gn(0zH1)91uTQB<z3@%U-7%G;Ad~%9K;tF2U`^)eRE0wqUBaQ5<{i)(
zCG<hKnw*N&SS+w$PAxJy2UE>z3r9~Do^$v~JyN}g{^P8v!NFO{wowamLu1upU8jY6
zrBSB>+`iqmg@Aqoe?W&`1FTt<W1|Yw9!a4Rv;5aOJ)XTHJSTLP#@GCdWW?s`;EX`&
z@<E!N$MF!}nZ8Nk{6!NC2k4^tsN!sk1EU$-UYg=rI)Ym`YxOAI(-HO4^N7F9i*fKb
zw4_>)t)LL`#Wd@YU@lD5iU2*H@q8UQ_5%^Vuj~mkWLYUw6yrLPREd8tCr+JeDn(L7
zY(?4rN?)9;g`Qe)S%_Yk^H(NDn$7jsGHN_74G-(s$2U|+&Bx0<8NBK+uqw0`mkkc^
zJd`stXU~MI&x5r1bmYrz*my&%#*T6vg8d4j_P*Hhxe`k<x}u=WVVWUiaC`xtf*s??
zm}qGq-9)ERrWNb%IwVe*`Pk9U<=`P^;#$}T#oFJh4l?2_f7(yiYrq^`vcuOFHLO*1
zwPKgR3z3p67&tlv`nPZ2V7~n^uF(7ScOYq<@Y^@}jBnqtzMlTiQRx4lD^n+PW01MJ
zm6$oe%H9fO1+-_db_Ux2|3PFoZWd(czkN%9g!zX0KM}shLVpyZZ{O^Ut?bpz?Hp{s
XLjCu2NT~n31^#sgeT@;f|GE2LfGa^^

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index c490d522054..e06e3688ad1 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.\n\n**Data connectors in this solution (install one based on your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit logs (`/logging/configuration`). Use on **Personal (Free) and Standard** tailnets. Included in this release.\n- **Tailscale Premium (CCF)** - Configuration audit + network flow logs (`/logging/configuration` + `/logging/network`). Use on **Premium and Enterprise** tailnets. *Planned for a future release.*\n\n**Underlying technology:** Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the **Audit Logs - Read** scope (Standard connector). For the Premium connector also tick **Network Logs - Read**.\n3. Copy the client ID and client secret (secret shown once)\n4. Note your tailnet name from the [Keys page](https://login.tailscale.com/admin/settings/keys)\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 22, **Hunting Queries:** 17\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.\n\n**Data connectors in this solution (install the one matching your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on **Personal (Free), Starter and Premium** tailnets.\n- **Tailscale Premium (CCF)** - Everything in Standard plus network flow logs and posture integrations. Use on **Premium and Enterprise** tailnets for full coverage.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the scopes for your tier (see the README in this solution).\n3. Copy the client ID and client secret (secret shown once).\n4. Note your tailnet name (e.g. `tailb094d7.ts.net`) from the [Keys page](https://login.tailscale.com/admin/settings/keys).\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 22, **Hunting Queries:** 17\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -127,7 +127,7 @@
                 "name": "workbook1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Tailscale Operations workbook for Standard tier - configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals."
+                  "text": "Tailscale Operations workbook for Standard tier - device inventory, user roles, auth keys, DNS configuration, audit activity, and tailnet health overview."
                 }
               }
             ]
@@ -141,7 +141,7 @@
                 "name": "workbook2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Tailscale Operations workbook for Premium / Enterprise tier - configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput)."
+                  "text": "Tailscale Operations workbook for Premium / Enterprise tier - everything in the Standard workbook plus network flow analysis (top talkers, src-dst pairs, exit-node egress, beaconing candidates) and posture integration inventory."
                 }
               }
             ]
@@ -183,7 +183,7 @@
                 "name": "analytic1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A new API access token or OAuth client was created in the tailnet. These grant programmatic access - verify the actor and intent."
+                  "text": "Identifies when a new API access token or OAuth client is created in the tailnet. These grant programmatic access - verify the actor and intent."
                 }
               }
             ]
@@ -197,7 +197,7 @@
                 "name": "analytic2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "The tailnet ACL/policy file was modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet."
+                  "text": "Identifies when the tailnet ACL/policy file is modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet."
                 }
               }
             ]
@@ -211,7 +211,7 @@
                 "name": "analytic3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not."
+                  "text": "Identifies when a new Tailscale auth key is generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not."
                 }
               }
             ]
@@ -225,7 +225,7 @@
                 "name": "analytic4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator - rogue exit nodes can intercept tailnet egress."
+                  "text": "Identifies when a device starts advertising itself as an exit node, or when an admin approves one. Validate the device and operator - rogue exit nodes can intercept tailnet egress."
                 }
               }
             ]
@@ -239,7 +239,7 @@
                 "name": "analytic5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Five or more API keys, OAuth clients, or auth keys were revoked/deleted within an hour. May be routine rotation, but also a typical cleanup pattern after credential compromise."
+                  "text": "Identifies when five or more API keys, OAuth clients, or auth keys are revoked or deleted within one hour. May be routine rotation, or a typical cleanup pattern after credential compromise."
                 }
               }
             ]
@@ -253,7 +253,7 @@
                 "name": "analytic6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A tailnet device's machine key expires within the next 7 days and key expiry is not disabled. Expired keys force device re-authentication; surface this proactively so it can be renewed in a planned window rather than during an outage."
+                  "text": "Identifies tailnet devices whose machine key expires within the next 7 days and where key expiry is not disabled. Surface proactively so renewal can be scheduled rather than forced during an outage."
                 }
               }
             ]
@@ -267,7 +267,7 @@
                 "name": "analytic7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A tailnet device began advertising subnet routes (subnet-router capability) that it was not advertising in the previous snapshot. Subnet routers expose adjacent networks to the tailnet; unexpected advertisement can indicate a compromised node trying to expand reachable surface area or an unsanctioned admin change."
+                  "text": "Identifies when a tailnet device begins advertising subnet routes (subnet-router capability) not present in the previous snapshot. Unexpected advertisement may indicate a compromised node expanding reachable surface area or an unsanctioned admin change."
                 }
               }
             ]
@@ -281,7 +281,7 @@
                 "name": "analytic8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A user's tailnet role changed from a lower-privilege role (member / billing-admin / IT admin) to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review."
+                  "text": "Identifies when a user's tailnet role changes from a lower-privilege role to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review."
                 }
               }
             ]
@@ -295,7 +295,7 @@
                 "name": "analytic9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "The tailnet split-DNS configuration was modified. Split-DNS overrides per-domain DNS resolution within the tailnet - if an attacker adds a new domain mapping or changes the resolver IP for an existing domain, they can hijack DNS for that domain (e.g., point `*.bank.example` at an attacker-controlled resolver). Captured via the audit log which records every change with the full before/after document and actor attribution."
+                  "text": "Identifies when the tailnet split-DNS configuration is modified. Split-DNS overrides per-domain resolution within the tailnet - an attacker adding a new domain mapping or changing the resolver IP can hijack DNS for that domain."
                 }
               }
             ]
@@ -309,7 +309,7 @@
                 "name": "analytic10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "The tailnet's global DNS nameserver list was modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device on the tailnet that uses MagicDNS resolution. Captured via the audit log which records every change with the full before/after document and actor attribution."
+                  "text": "Identifies when the tailnet's global DNS nameserver list is modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device using MagicDNS resolution."
                 }
               }
             ]
@@ -323,7 +323,7 @@
                 "name": "analytic11-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "MagicDNS was turned off on the tailnet. MagicDNS provides automatic hostname resolution between tailnet devices; disabling it changes DNS behaviour for every device and is occasionally a precursor to a wider DNS hijacking attempt (e.g. attacker disables MagicDNS, then changes DNS nameservers to attacker-controlled resolvers). Disabling is a legitimate but unusual admin action - verify the change was intentional."
+                  "text": "Identifies when MagicDNS is turned off on the tailnet. Disabling MagicDNS changes DNS behaviour for every device and is occasionally a precursor to wider DNS hijacking - verify the change was intentional."
                 }
               }
             ]
@@ -337,7 +337,7 @@
                 "name": "analytic12-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A device has a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires that all new node-keys be co-signed by trusted signers - any error here is the only direct signal of a node-key injection attempt or a misconfigured signer. Investigate the failing device and which signer (or absence thereof) caused the failure."
+                  "text": "Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires new node-keys be co-signed by trusted signers; errors here are the only direct signal of a node-key injection attempt."
                 }
               }
             ]
@@ -351,7 +351,7 @@
                 "name": "analytic13-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Tailscale SSH was enabled on a device that previously did not have it. Tailscale SSH provides authenticated shell access to the device over the tailnet, using the existing Tailscale identity rather than SSH keys. Legitimate during initial admin setup; an unexpected enable broadens the attack surface for any device that can reach this node. Verify the change was intentional and that the SSH ACL covers it appropriately."
+                  "text": "Identifies when Tailscale SSH is enabled on a device that previously did not have it. SSH provides authenticated shell access over the tailnet using Tailscale identity, broadening attack surface if unexpected. Verify and confirm the SSH ACL covers it."
                 }
               }
             ]
@@ -365,7 +365,7 @@
                 "name": "analytic14-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A device is actively connected to the Tailscale control plane (ConnectedToControl=true) but has not been authorized by an admin (Authorized=false). With device approval enabled, this is the queue of devices waiting for approval - any persistent or unexpected entry should be reviewed before being admitted. Without device approval enabled, this state should be transient (auto-approve); persistence indicates a misconfig or a node-key injection attempt."
+                  "text": "Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). With device approval enabled, persistent entries warrant review; without approval, persistence may indicate a node-key injection attempt."
                 }
               }
             ]
@@ -379,7 +379,7 @@
                 "name": "analytic15-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A device from a different tailnet has been shared into yours (IsExternal=true) and is not present in the prior 24-hour baseline. Tailnet sharing legitimately lets external collaborators access specific tagged resources, but every shared-in device expands the trust boundary - confirm the share matches a documented agreement and that the device is restricted to the intended ACL scope."
+                  "text": "Identifies new external (shared-in) devices joining the tailnet that were not present in the prior 24-hour baseline. Each shared-in device expands the trust boundary - confirm the share matches a documented agreement and ACL scope."
                 }
               }
             ]
@@ -393,7 +393,7 @@
                 "name": "analytic16-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a specific source may indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
@@ -407,7 +407,7 @@
                 "name": "analytic17-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "Identifies when a single src-dst pair transfers more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
@@ -421,7 +421,7 @@
                 "name": "analytic18-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "Identifies when flows between a src-dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). Signature of C2 beaconing or scheduled exfiltration. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
@@ -435,7 +435,7 @@
                 "name": "analytic19-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "Identifies when a single node initiates flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
@@ -449,7 +449,7 @@
                 "name": "analytic20-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs)."
+                  "text": "Identifies when a subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handles 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate exfiltration or scanning. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
@@ -463,7 +463,7 @@
                 "name": "analytic21-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A device-posture integration (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) was disabled or removed from the tailnet. Posture integrations enforce device compliance (OS up-to-date, EDR running, etc.) before allowing tailnet access; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise (posture integrations feature)."
+                  "text": "Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
@@ -477,7 +477,7 @@
                 "name": "analytic22-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "A new device-posture integration was added to the tailnet. Posture integrations connect Tailscale to MDM/EDR systems (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) for device compliance enforcement. Adding a new integration is legitimate during setup or vendor changes; an unexpected addition could indicate an attacker establishing a control plane or bypassing existing compliance gates. Requires Tailscale Premium or Enterprise."
+                  "text": "Identifies when a new device-posture integration is added to the tailnet (Jamf, Kandji, Intune, Kolide, Defender for Endpoint, CrowdStrike, SentinelOne, etc.). Unexpected additions may indicate an attacker establishing a control plane or bypassing compliance gates. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
@@ -725,7 +725,7 @@
                 "name": "huntingquery16-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Detects flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Identifies flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 47c278810cd..af0e18942ea 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -2,7 +2,7 @@
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
   "metadata": {
-    "author": "noodlemctwoodle",
+    "author": "noodlemctwoodle - ccfconnectors.county118@passmail.com",
     "comments": "Solution template for Tailscale (CCF)"
   },
   "parameters": {
@@ -60,9 +60,11 @@
     }
   },
   "variables": {
+    "email": "ccfconnectors.county118@passmail.com",
+    "_email": "[variables('email')]",
     "_solutionName": "Tailscale (CCF)",
     "_solutionVersion": "3.0.3",
-    "solutionId": "noodlemctwoodle.TailscaleCCF",
+    "solutionId": "noodlemctwoodle.azure-sentinel-solution-tailscale-ccf",
     "_solutionId": "[variables('solutionId')]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "dataConnectorCCPVersion": "3.0.3",
@@ -538,11 +540,13 @@
                   "kind": "Solution"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 },
                 "dependencies": {
@@ -1728,11 +1732,13 @@
           "kind": "Solution"
         },
         "author": {
-          "name": "noodlemctwoodle"
+          "name": "noodlemctwoodle",
+          "email": "[variables('_email')]"
         },
         "support": {
           "name": "Community",
           "tier": "Community",
+          "email": "ccfconnectors.county118@passmail.com",
           "link": "https://github.com/Azure/Azure-Sentinel/issues"
         },
         "dependencies": {
@@ -1821,11 +1827,13 @@
                   "kind": "Solution"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -2457,11 +2465,13 @@
                   "kind": "Solution"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 },
                 "dependencies": {
@@ -3761,11 +3771,13 @@
           "kind": "Solution"
         },
         "author": {
-          "name": "noodlemctwoodle"
+          "name": "noodlemctwoodle",
+          "email": "[variables('_email')]"
         },
         "support": {
           "name": "Community",
           "tier": "Community",
+          "email": "ccfconnectors.county118@passmail.com",
           "link": "https://github.com/Azure/Azure-Sentinel/issues"
         },
         "dependencies": {
@@ -3854,11 +3866,13 @@
                   "kind": "Solution"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -4376,7 +4390,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A new API access token or OAuth client was created in the tailnet. These grant programmatic access - verify the actor and intent.",
+                "description": "Identifies when a new API access token or OAuth client is created in the tailnet. These grant programmatic access - verify the actor and intent.",
                 "displayName": "Tailscale: New API access token or OAuth client created",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend TargetName = tostring(Target.name)\n      | extend TargetId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, TargetName, TargetId, Origin, New\n",
@@ -4390,10 +4404,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4408,8 +4422,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -4418,10 +4432,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -4443,11 +4457,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -4490,7 +4506,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "The tailnet ACL/policy file was modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet.",
+                "description": "Identifies when the tailnet ACL/policy file is modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet.",
                 "displayName": "Tailscale: Policy file (ACL) modified",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, Target, Origin, Old, New\n",
@@ -4504,10 +4520,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4521,8 +4537,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -4531,10 +4547,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -4556,11 +4572,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -4603,7 +4621,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A new auth key was generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not.",
+                "description": "Identifies when a new Tailscale auth key is generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not.",
                 "displayName": "Tailscale: Auth key created",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) == \"AUTH_KEY\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend KeyDescription = tostring(New.description)\n      | extend Reusable = tostring(New.reusable)\n      | extend Ephemeral = tostring(New.ephemeral)\n      | project TimeGenerated, ActorLogin, KeyDescription, Reusable, Ephemeral, Origin, New\n",
@@ -4617,10 +4635,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4633,8 +4651,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -4643,10 +4661,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -4668,11 +4686,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -4715,7 +4735,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A device started advertising itself as an exit node, or an admin approved one. Validate the device and operator - rogue exit nodes can intercept tailnet egress.",
+                "description": "Identifies when a device starts advertising itself as an exit node, or when an admin approves one. Validate the device and operator - rogue exit nodes can intercept tailnet egress.",
                 "displayName": "Tailscale: Exit node advertised or approved",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n      | where Action contains \"EXIT\" or tostring(New.advertisedExitNode) == \"true\" or tostring(New.allowedExitNode) == \"true\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend NodeName = tostring(Target.name)\n      | extend NodeId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, NodeName, NodeId, Origin, New, Old\n",
@@ -4729,10 +4749,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4746,8 +4766,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -4755,8 +4775,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "NodeName"
+                        "columnName": "NodeName",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -4765,10 +4785,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -4790,11 +4810,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -4837,7 +4859,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Five or more API keys, OAuth clients, or auth keys were revoked/deleted within an hour. May be routine rotation, but also a typical cleanup pattern after credential compromise.",
+                "description": "Identifies when five or more API keys, OAuth clients, or auth keys are revoked or deleted within one hour. May be routine rotation, or a typical cleanup pattern after credential compromise.",
                 "displayName": "Tailscale: Mass credential revocation in short window",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n      | where Action in (\"REVOKE\", \"DELETE\")\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\", \"AUTH_KEY\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | summarize\n          RevokedCount = count(),\n          TargetTypes = make_set(tostring(Target.type)),\n          TargetIds = make_set(tostring(Target.id)),\n          FirstEvent = min(TimeGenerated),\n          LastEvent = max(TimeGenerated)\n        by ActorLogin, bin(TimeGenerated, 1h)\n      | where RevokedCount >= 5\n      | project TimeGenerated = LastEvent, ActorLogin, RevokedCount, TargetTypes, TargetIds, FirstEvent, LastEvent\n",
@@ -4851,10 +4873,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4868,8 +4890,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -4878,10 +4900,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -4903,11 +4925,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -4950,7 +4974,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A tailnet device's machine key expires within the next 7 days and key expiry is not disabled. Expired keys force device re-authentication; surface this proactively so it can be renewed in a planned window rather than during an outage.",
+                "description": "Identifies tailnet devices whose machine key expires within the next 7 days and where key expiry is not disabled. Surface proactively so renewal can be scheduled rather than forced during an outage.",
                 "displayName": "Tailscale: Device key expiring within 7 days",
                 "enabled": false,
                 "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(6h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where KeyExpiryDisabled == false\n| where isnotnull(Expires)\n| where Expires between (now() .. now() + 7d)\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\n| project TimeGenerated, DeviceName, Hostname, User, Os, DaysToExpiry, Expires, LastSeen\n",
@@ -4964,10 +4988,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4980,8 +5004,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -4989,8 +5013,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -4999,10 +5023,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5024,11 +5048,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -5071,7 +5097,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A tailnet device began advertising subnet routes (subnet-router capability) that it was not advertising in the previous snapshot. Subnet routers expose adjacent networks to the tailnet; unexpected advertisement can indicate a compromised node trying to expand reachable surface area or an unsanctioned admin change.",
+                "description": "Identifies when a tailnet device begins advertising subnet routes (subnet-router capability) not present in the previous snapshot. Unexpected advertisement may indicate a compromised node expanding reachable surface area or an unsanctioned admin change.",
                 "displayName": "Tailscale: Device started advertising subnet routes",
                 "enabled": false,
                 "query": "let recent =\n    Tailscale_Devices_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where array_length(AdvertisedRoutes) > 0;\nlet baseline =\n    Tailscale_Devices_CL\n    | where TimeGenerated between (ago(1d + 1h) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where array_length(AdvertisedRoutes) > 0\n    | distinct DeviceId;\nrecent\n| join kind=leftanti baseline on DeviceId\n| project TimeGenerated, DeviceId, DeviceName, Hostname, User, AdvertisedRoutes, EnabledRoutes, LastSeen\n",
@@ -5085,10 +5111,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5103,8 +5129,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -5112,8 +5138,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -5122,10 +5148,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5147,11 +5173,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -5194,7 +5222,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A user's tailnet role changed from a lower-privilege role (member / billing-admin / IT admin) to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review.",
+                "description": "Identifies when a user's tailnet role changes from a lower-privilege role to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review.",
                 "displayName": "Tailscale: User role elevated to admin or owner",
                 "enabled": false,
                 "query": "let elevated = dynamic([\"admin\", \"network-admin\", \"owner\"]);\nlet recent =\n    Tailscale_Users_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by UserId\n    | where Role in (elevated)\n    | project UserId, LoginName, RoleNow = Role;\nlet prior =\n    Tailscale_Users_CL\n    | where TimeGenerated between (ago(2d) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by UserId\n    | project UserId, RolePrior = Role;\nrecent\n| join kind=inner prior on UserId\n| where RoleNow != RolePrior\n| where RolePrior !in (elevated)\n| project TimeGenerated = now(), UserId, LoginName, RolePrior, RoleNow\n",
@@ -5208,10 +5236,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Users_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5226,8 +5254,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "LoginName"
+                        "columnName": "LoginName",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -5236,10 +5264,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5261,11 +5289,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -5308,7 +5338,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "The tailnet split-DNS configuration was modified. Split-DNS overrides per-domain DNS resolution within the tailnet - if an attacker adds a new domain mapping or changes the resolver IP for an existing domain, they can hijack DNS for that domain (e.g., point `*.bank.example` at an attacker-controlled resolver). Captured via the audit log which records every change with the full before/after document and actor attribution.",
+                "description": "Identifies when the tailnet split-DNS configuration is modified. Split-DNS overrides per-domain resolution within the tailnet - an attacker adding a new domain mapping or changing the resolver IP can hijack DNS for that domain.",
                 "displayName": "Tailscale: Split-DNS configuration modified",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_SPLIT_DNS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldDomains = bag_keys(Old)\n| extend NewDomains = bag_keys(New)\n| extend AddedDomains = set_difference(NewDomains, OldDomains)\n| extend RemovedDomains = set_difference(OldDomains, NewDomains)\n| project TimeGenerated, ActorLogin, AddedDomains, RemovedDomains, Old, New, Origin\n",
@@ -5322,10 +5352,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5340,8 +5370,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -5350,10 +5380,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5375,11 +5405,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -5422,7 +5454,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "The tailnet's global DNS nameserver list was modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device on the tailnet that uses MagicDNS resolution. Captured via the audit log which records every change with the full before/after document and actor attribution.",
+                "description": "Identifies when the tailnet's global DNS nameserver list is modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device using MagicDNS resolution.",
                 "displayName": "Tailscale: DNS nameservers modified",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_NAMESERVERS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldServers = Old.dns\n| extend NewServers = New.dns\n| extend Added = set_difference(NewServers, OldServers)\n| extend Removed = set_difference(OldServers, NewServers)\n| project TimeGenerated, ActorLogin, OldServers, NewServers, Added, Removed, Origin\n",
@@ -5436,10 +5468,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5454,8 +5486,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -5464,10 +5496,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5489,11 +5521,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -5536,7 +5570,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "MagicDNS was turned off on the tailnet. MagicDNS provides automatic hostname resolution between tailnet devices; disabling it changes DNS behaviour for every device and is occasionally a precursor to a wider DNS hijacking attempt (e.g. attacker disables MagicDNS, then changes DNS nameservers to attacker-controlled resolvers). Disabling is a legitimate but unusual admin action - verify the change was intentional.",
+                "description": "Identifies when MagicDNS is turned off on the tailnet. Disabling MagicDNS changes DNS behaviour for every device and is occasionally a precursor to wider DNS hijacking - verify the change was intentional.",
                 "displayName": "Tailscale: MagicDNS disabled",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"MAGICDNS_PREFERENCES\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldMagicDns = tobool(Old.magicDNS)\n| extend NewMagicDns = tobool(New.magicDNS)\n| where OldMagicDns == true and NewMagicDns == false\n| project TimeGenerated, ActorLogin, OldMagicDns, NewMagicDns, Origin\n",
@@ -5550,10 +5584,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5566,8 +5600,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -5576,10 +5610,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5601,11 +5635,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -5648,7 +5684,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A device has a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires that all new node-keys be co-signed by trusted signers - any error here is the only direct signal of a node-key injection attempt or a misconfigured signer. Investigate the failing device and which signer (or absence thereof) caused the failure.",
+                "description": "Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires new node-keys be co-signed by trusted signers; errors here are the only direct signal of a node-key injection attempt.",
                 "displayName": "Tailscale: Tailnet lock validation failed",
                 "enabled": false,
                 "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(1h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where isnotempty(TailnetLockError)\n| project TimeGenerated, DeviceName, Hostname, User, Os, ClientVersion, TailnetLockError, TailnetLockKey, LastSeen, Authorized\n",
@@ -5662,10 +5698,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5680,8 +5716,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -5689,8 +5725,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -5699,10 +5735,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5724,11 +5760,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -5771,7 +5809,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Tailscale SSH was enabled on a device that previously did not have it. Tailscale SSH provides authenticated shell access to the device over the tailnet, using the existing Tailscale identity rather than SSH keys. Legitimate during initial admin setup; an unexpected enable broadens the attack surface for any device that can reach this node. Verify the change was intentional and that the SSH ACL covers it appropriately.",
+                "description": "Identifies when Tailscale SSH is enabled on a device that previously did not have it. SSH provides authenticated shell access over the tailnet using Tailscale identity, broadening attack surface if unexpected. Verify and confirm the SSH ACL covers it.",
                 "displayName": "Tailscale: Device Tailscale SSH newly enabled",
                 "enabled": false,
                 "query": "let recent =\n    Tailscale_Devices_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where SshEnabled == true\n    | project DeviceId, DeviceName, Hostname, User, Os, ClientVersion, LastSeen;\nlet prior =\n    Tailscale_Devices_CL\n    | where TimeGenerated between (ago(2d) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where SshEnabled == true\n    | distinct DeviceId;\nrecent\n| join kind=leftanti prior on DeviceId\n| project TimeGenerated = now(), DeviceName, Hostname, User, Os, ClientVersion, LastSeen\n",
@@ -5785,10 +5823,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5803,8 +5841,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -5812,8 +5850,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -5822,10 +5860,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5847,11 +5885,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -5894,7 +5934,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A device is actively connected to the Tailscale control plane (ConnectedToControl=true) but has not been authorized by an admin (Authorized=false). With device approval enabled, this is the queue of devices waiting for approval - any persistent or unexpected entry should be reviewed before being admitted. Without device approval enabled, this state should be transient (auto-approve); persistence indicates a misconfig or a node-key injection attempt.",
+                "description": "Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). With device approval enabled, persistent entries warrant review; without approval, persistence may indicate a node-key injection attempt.",
                 "displayName": "Tailscale: Unauthorized device connected to control plane",
                 "enabled": false,
                 "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(1h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where Authorized == false and ConnectedToControl == true\n| project TimeGenerated, DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, MachineKey, NodeKey\n",
@@ -5908,10 +5948,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5926,8 +5966,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -5935,8 +5975,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -5945,10 +5985,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5970,11 +6010,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -6017,7 +6059,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A device from a different tailnet has been shared into yours (IsExternal=true) and is not present in the prior 24-hour baseline. Tailnet sharing legitimately lets external collaborators access specific tagged resources, but every shared-in device expands the trust boundary - confirm the share matches a documented agreement and that the device is restricted to the intended ACL scope.",
+                "description": "Identifies new external (shared-in) devices joining the tailnet that were not present in the prior 24-hour baseline. Each shared-in device expands the trust boundary - confirm the share matches a documented agreement and ACL scope.",
                 "displayName": "Tailscale: External (shared-in) device added",
                 "enabled": false,
                 "query": "let recent =\n    Tailscale_Devices_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where IsExternal == true\n    | project DeviceId, DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags;\nlet prior =\n    Tailscale_Devices_CL\n    | where TimeGenerated between (ago(2d) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where IsExternal == true\n    | distinct DeviceId;\nrecent\n| join kind=leftanti prior on DeviceId\n| project TimeGenerated = now(), DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags\n",
@@ -6031,10 +6073,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6047,8 +6089,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -6056,8 +6098,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -6066,10 +6108,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -6091,11 +6133,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -6138,7 +6182,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A node sent traffic via an exit node that it has not used in the prior 7-day baseline. Exit-node usage is typically intentional (regional egress, privacy routing); a first-seen exit destination from a specific source can indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "description": "Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a specific source may indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise.",
                 "displayName": "Tailscale Premium: Unexpected exit-node egress",
                 "enabled": false,
                 "query": "let baseline = 7d;\nlet recent = 1h;\nlet recentEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst), SrcNodeName = tostring(SrcNode.name), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize FirstSeen = min(TimeGenerated), TotalBytes = sum(Bytes) by NodeId, SrcNodeName, Src, ExitDst;\nlet baselineEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst)\n    | distinct NodeId, Src, ExitDst;\nrecentEgress\n| join kind=leftanti baselineEgress on NodeId, Src, ExitDst\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n",
@@ -6152,10 +6196,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6170,8 +6214,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -6179,8 +6223,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
                     ],
                     "entityType": "IP"
@@ -6189,10 +6233,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -6214,11 +6258,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -6261,7 +6307,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A single src->dst pair transferred more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Tune the threshold to match your normal traffic profile. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "description": "Identifies when a single src-dst pair transfers more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Requires Tailscale Premium or Enterprise.",
                 "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
                 "enabled": false,
                 "query": "let bytesThreshold = 100 * 1024 * 1024;\nTailscale_Network_CL\n| where TimeGenerated > ago(1h)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), SrcNodeName = take_any(tostring(SrcNode.name)) by NodeId, Src, Dst, Proto\n| where TotalBytes > bytesThreshold\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| order by TotalBytes desc\n",
@@ -6275,10 +6321,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6293,8 +6339,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -6302,8 +6348,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
                     ],
                     "entityType": "IP"
@@ -6312,10 +6358,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -6337,11 +6383,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -6384,7 +6432,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Flows between a src->dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). This is the signature of C2 beaconing or scheduled exfiltration. Investigate the source node, the destination, and timing. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "description": "Identifies when flows between a src-dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). Signature of C2 beaconing or scheduled exfiltration. Requires Tailscale Premium or Enterprise.",
                 "displayName": "Tailscale Premium: Network flow beaconing detected",
                 "enabled": false,
                 "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n",
@@ -6398,10 +6446,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6417,8 +6465,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
                     ],
                     "entityType": "IP"
@@ -6427,10 +6475,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -6452,11 +6500,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -6499,7 +6549,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A single node initiated flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation across the tailnet. Tune the threshold for legitimate scanner / admin workstation behaviour. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "description": "Identifies when a single node initiates flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation. Requires Tailscale Premium or Enterprise.",
                 "displayName": "Tailscale Premium: Mass fan-out from single node",
                 "enabled": false,
                 "query": "let dstThreshold = 25;\nTailscale_Network_CL\n| where TimeGenerated > ago(15m)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst)\n| summarize UniqueDestinations = dcount(Dst), SrcNodeName = take_any(tostring(SrcNode.name)), TopDestinations = make_set(Dst, 25) by NodeId, Src\n| where UniqueDestinations >= dstThreshold\n| order by UniqueDestinations desc\n",
@@ -6513,10 +6563,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6532,8 +6582,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -6541,8 +6591,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
                     ],
                     "entityType": "IP"
@@ -6551,10 +6601,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -6576,11 +6626,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -6623,7 +6675,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handled 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate increased legitimate workload, but also data exfiltration to a non-Tailscale destination via the gateway, or scanning of an attached subnet. Requires Tailscale Premium or Enterprise (network flow logs).",
+                "description": "Identifies when a subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handles 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate exfiltration or scanning. Requires Tailscale Premium or Enterprise.",
                 "displayName": "Tailscale Premium: Subnet router throughput anomaly",
                 "enabled": false,
                 "query": "let baselineDays = 7d;\nlet recent = 1h;\nlet multiplier = 3.0;\nlet recentTraffic =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), SrcNodeName = tostring(SrcNode.name)\n    | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName;\nlet baseline =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baselineDays + recent) .. ago(recent))\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize TotalBaselineBytes = sum(Bytes) by NodeId\n    | extend BaselineHourlyBytes = TotalBaselineBytes / 168.0;\nrecentTraffic\n| join kind=inner baseline on NodeId\n| where RecentBytes > BaselineHourlyBytes * multiplier\n| extend Multiplier = round(RecentBytes / BaselineHourlyBytes, 1), RecentMB = round(RecentBytes / 1024.0 / 1024.0, 2), BaselineHourlyMB = round(BaselineHourlyBytes / 1024.0 / 1024.0, 2)\n| project NodeId, SrcNodeName, RecentMB, BaselineHourlyMB, Multiplier\n| order by Multiplier desc\n",
@@ -6637,10 +6689,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6655,8 +6707,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -6665,10 +6717,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -6690,11 +6742,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -6737,7 +6791,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A device-posture integration (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) was disabled or removed from the tailnet. Posture integrations enforce device compliance (OS up-to-date, EDR running, etc.) before allowing tailnet access; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise (posture integrations feature).",
+                "description": "Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise.",
                 "displayName": "Tailscale Premium: Posture integration disabled or removed",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n| where Action in (\"DELETE\", \"UPDATE\")\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Action, Provider, Target, Old, New, Origin\n",
@@ -6751,10 +6805,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6769,8 +6823,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -6779,10 +6833,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -6804,11 +6858,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -6851,7 +6907,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "A new device-posture integration was added to the tailnet. Posture integrations connect Tailscale to MDM/EDR systems (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.) for device compliance enforcement. Adding a new integration is legitimate during setup or vendor changes; an unexpected addition could indicate an attacker establishing a control plane or bypassing existing compliance gates. Requires Tailscale Premium or Enterprise.",
+                "description": "Identifies when a new device-posture integration is added to the tailnet (Jamf, Kandji, Intune, Kolide, Defender for Endpoint, CrowdStrike, SentinelOne, etc.). Unexpected additions may indicate an attacker establishing a control plane or bypassing compliance gates. Requires Tailscale Premium or Enterprise.",
                 "displayName": "Tailscale Premium: New posture integration added",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Provider, Target, New, Origin\n",
@@ -6865,10 +6921,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6881,8 +6937,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
                     ],
                     "entityType": "Account"
@@ -6891,10 +6947,10 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "enabled": true,
                     "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -6916,11 +6972,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -6999,11 +7057,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -7082,11 +7142,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -7165,11 +7227,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -7248,11 +7312,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -7331,11 +7397,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -7414,11 +7482,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -7497,11 +7567,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -7580,11 +7652,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -7663,11 +7737,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -7746,11 +7822,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -7829,11 +7907,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -7912,11 +7992,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -7995,11 +8077,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -8078,11 +8162,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -8161,11 +8247,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -8215,7 +8303,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Detects flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise."
                   },
                   {
                     "name": "tactics",
@@ -8244,11 +8332,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -8327,11 +8417,13 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 }
               }
@@ -8374,7 +8466,7 @@
               "kind": "shared",
               "apiVersion": "2021-08-01",
               "metadata": {
-                "description": "Tailscale Operations workbook for Standard tier - configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals."
+                "description": "Tailscale Operations workbook for Standard tier - device inventory, user roles, auth keys, DNS configuration, audit activity, and tailnet health overview."
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
@@ -8389,7 +8481,7 @@
               "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
               "properties": {
-                "description": "@{workbookKey=TailscaleStandardOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Standard tier - configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Standard); templateRelativePath=TailscaleStandardOperations.json; subtitle=; provider=noodlemctwoodle}.description",
+                "description": "@{workbookKey=TailscaleStandardOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Standard tier - device inventory, user roles, auth keys, DNS configuration, audit activity, and tailnet health overview.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Standard); templateRelativePath=TailscaleStandardOperations.json; subtitle=; provider=Community; support=; source=; categories=}.description",
                 "parentId": "[variables('workbookId1')]",
                 "contentId": "[variables('_workbookContentId1')]",
                 "kind": "Workbook",
@@ -8400,18 +8492,44 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 },
                 "dependencies": {
                   "operator": "AND",
                   "criteria": [
                     {
-                      "contentId": "Tailscale_Configuration_CL",
+                      "contentId": "Tailscale_Audit_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Devices_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Users_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Keys_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Webhooks_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Settings_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Dns_CL",
                       "kind": "DataType"
                     },
                     {
@@ -8460,7 +8578,7 @@
               "kind": "shared",
               "apiVersion": "2021-08-01",
               "metadata": {
-                "description": "Tailscale Operations workbook for Premium / Enterprise tier - configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput)."
+                "description": "Tailscale Operations workbook for Premium / Enterprise tier - everything in the Standard workbook plus network flow analysis (top talkers, src-dst pairs, exit-node egress, beaconing candidates) and posture integration inventory."
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
@@ -8475,7 +8593,7 @@
               "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId2'),'/'))))]",
               "properties": {
-                "description": "@{workbookKey=TailscalePremiumOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Premium / Enterprise tier - configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput).; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Premium); templateRelativePath=TailscalePremiumOperations.json; subtitle=; provider=noodlemctwoodle}.description",
+                "description": "@{workbookKey=TailscalePremiumOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Premium / Enterprise tier - everything in the Standard workbook plus network flow analysis (top talkers, src-dst pairs, exit-node egress, beaconing candidates) and posture integration inventory.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Premium); templateRelativePath=TailscalePremiumOperations.json; subtitle=; provider=Community; support=; source=; categories=}.description",
                 "parentId": "[variables('workbookId2')]",
                 "contentId": "[variables('_workbookContentId2')]",
                 "kind": "Workbook",
@@ -8486,24 +8604,54 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "noodlemctwoodle"
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
                 },
                 "support": {
                   "name": "Community",
                   "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
                 },
                 "dependencies": {
                   "operator": "AND",
                   "criteria": [
                     {
-                      "contentId": "Tailscale_Configuration_CL",
+                      "contentId": "Tailscale_Audit_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Devices_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Users_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Keys_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Webhooks_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Settings_CL",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "Tailscale_Dns_CL",
                       "kind": "DataType"
                     },
                     {
                       "contentId": "Tailscale_Network_CL",
                       "kind": "DataType"
                     },
+                    {
+                      "contentId": "Tailscale_PostureIntegrations_CL",
+                      "kind": "DataType"
+                    },
                     {
                       "contentId": "TailscalePremiumCCF",
                       "kind": "DataConnector"
@@ -8537,7 +8685,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "Tailscale (CCF)",
         "publisherDisplayName": "Community",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale telemetry via OAuth2-secured APIs.</p>\n<p><strong>Data connectors in this solution (install one based on your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> - Configuration audit logs (<code>/logging/configuration</code>). Use on <strong>Personal (Free) and Standard</strong> tailnets. Included in this release.</li>\n<li><strong>Tailscale Premium (CCF)</strong> - Configuration audit + network flow logs (<code>/logging/configuration</code> + <code>/logging/network</code>). Use on <strong>Premium and Enterprise</strong> tailnets. <em>Planned for a future release.</em></li>\n</ul>\n<p><strong>Underlying technology:</strong> Microsoft Sentinel Codeless Connector Framework (CCF) with OAuth2 client-credentials auth.</p>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the <strong>Audit Logs - Read</strong> scope (Standard connector). For the Premium connector also tick <strong>Network Logs - Read</strong>.</li>\n<li>Copy the client ID and client secret (secret shown once)</li>\n<li>Note your tailnet name from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 22, <strong>Hunting Queries:</strong> 17</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.</p>\n<p><strong>Data connectors in this solution (install the one matching your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on <strong>Personal (Free), Starter and Premium</strong> tailnets.</li>\n<li><strong>Tailscale Premium (CCF)</strong> - Everything in Standard plus network flow logs and posture integrations. Use on <strong>Premium and Enterprise</strong> tailnets for full coverage.</li>\n</ul>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the scopes for your tier (see the README in this solution).</li>\n<li>Copy the client ID and client secret (secret shown once).</li>\n<li>Note your tailnet name (e.g. <code>tailb094d7.ts.net</code>) from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a>.</li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 22, <strong>Hunting Queries:</strong> 17</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -8550,10 +8698,12 @@
           "sourceId": "[variables('_solutionId')]"
         },
         "author": {
-          "name": "noodlemctwoodle"
+          "name": "noodlemctwoodle",
+          "email": "[variables('_email')]"
         },
         "support": {
           "name": "Community",
+          "email": "ccfconnectors.county118@passmail.com",
           "tier": "Community",
           "link": "https://github.com/Azure/Azure-Sentinel/issues"
         },
diff --git a/Solutions/Tailscale (CCF)/README.md b/Solutions/Tailscale (CCF)/README.md
index adfbdbee2bb..4907d86e4ac 100644
--- a/Solutions/Tailscale (CCF)/README.md	
+++ b/Solutions/Tailscale (CCF)/README.md	
@@ -1,62 +1,342 @@
 # Tailscale (CCF)
 
-Microsoft Sentinel solution that ingests Tailscale telemetry via the OAuth2-secured Tailscale API.
+Microsoft Sentinel solution that ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via the OAuth2-secured Tailscale API. Built on the Codeless Connector Framework (CCF) - no Function App or container required.
 
-## Data connectors
+- **2 data connectors** (Standard, Premium) - install whichever matches your Tailscale plan
+- **22 analytic rules** (15 Standard + 7 Premium-only)
+- **17 hunting queries** (12 Standard + 5 Premium-only)
+- **2 workbooks** (Standard Operations, Premium Operations)
+- **9 custom tables** ingested via 9-11 polling rules behind a single Connect button
 
-Install **one** of these connectors based on your Tailscale plan:
+---
 
-| Connector | Endpoint(s) | Tailscale plan | Status |
-|---|---|---|---|
-| **Tailscale Standard (CCF)** | `/logging/configuration` | Personal (Free) + Standard | **Included** |
-| Tailscale Premium (CCF) | `/logging/configuration` + `/logging/network` | Premium + Enterprise | Planned |
+## Table of contents
+
+1. [Pick your tier](#1-pick-your-tier)
+2. [Pre-requisites](#2-pre-requisites)
+3. [Installation](#3-installation)
+4. [Verification](#4-verification)
+5. [Custom tables](#5-custom-tables)
+6. [Analytic rules](#6-analytic-rules)
+7. [Hunting queries](#7-hunting-queries)
+8. [Workbooks](#8-workbooks)
+9. [Architecture notes](#9-architecture-notes)
+10. [Limitations](#10-limitations)
+11. [Troubleshooting](#11-troubleshooting)
+12. [Support](#12-support)
+
+---
+
+## 1. Pick your tier
+
+Install **one** of the two connectors based on your Tailscale plan. The split mirrors what the Tailscale API actually exposes per tier - network flow logs are only available on Premium and Enterprise tailnets.
+
+| | Tailscale Standard (CCF) | Tailscale Premium (CCF) |
+|---|---|---|
+| **Tailscale plan** | Personal (Free), Starter, Premium\* | Premium, Enterprise |
+| **Pollers behind one Connect** | 9 | 11 |
+| **Custom tables created** | 7 | 9 |
+| **Analytic rules wired** | 15 | 22 (Standard 15 + Premium 7) |
+| **Hunting queries wired** | 12 | 17 (Standard 12 + Premium 5) |
+| **Workbook** | Standard Operations | Premium Operations |
+| **Network flow logs** | not exposed by API | `Tailscale_Network_CL` |
+| **Posture integrations** | not exposed by API | `Tailscale_PostureIntegrations_CL` |
+| **Required OAuth scopes** | `logs:configuration:read`, `devices:read`, `users:read`, `keys:read`, `webhooks:read`, `dns:read`, `settings:read` | All of Standard plus `logs:network:read`, `posture-integrations:read` |
+
+\* Premium tailnets can use the Standard connector if you don't want network-flow data, but the Premium connector is the recommended path.
+
+---
+
+## 2. Pre-requisites
+
+You need four things before clicking Connect:
+
+1. **A Microsoft Sentinel-enabled Log Analytics workspace** in any region.
+2. **A Data Collection Endpoint (DCE)** in the same region as the workspace. The Sentinel Content Hub installer creates one automatically if you don't already have a shared DCE.
+3. **A Tailscale OAuth client** generated at <https://login.tailscale.com/admin/settings/oauth>. Personal API tokens (`tskey-api-...`) do **not** work - see [Architecture notes](#9-architecture-notes) for the reason.
+   - Tick the scopes listed in the table above for your tier.
+   - Copy the **Client ID** and **Client Secret** when prompted - the secret is shown only once.
+4. **Your tailnet name** (e.g. `tailb094d7.ts.net`). Find it on the [Keys page](https://login.tailscale.com/admin/settings/keys) or in your Tailscale admin URL.
+
+### OAuth scope checklist
 
-The split mirrors what the Tailscale API actually exposes per tier - Network flow logs are only available on Premium and above. If you're on Personal or Standard, install Tailscale Standard; if you're on Premium or Enterprise install Tailscale Premium (which covers both endpoints).
+Tick exactly the scopes for your tier - extra scopes don't hurt but the connector won't ask for them, and missing a scope means the corresponding poller will return `200 OK` with no data (Tailscale doesn't error on missing scope, it just returns empty).
 
-## Contents
+**Standard (7 scopes)**
 
-- **Data connector** - Sentinel UI card ("Tailscale Standard (CCF)") that uses OAuth2 client-credentials auth, polling the configuration endpoint every 5 minutes.
-- **Custom table** - `Tailscale_Audit_CL` (typed columns for actor, action, target, origin, new, old).
-- **5 analytic rules**:
-  - New API access token or OAuth client created (Medium)
-  - Policy file (ACL) modified (Medium)
-  - Auth key created (Low)
-  - Exit node advertised or approved (Low)
-  - Mass credential revocation in short window (High)
+- `logs:configuration:read` - audit log
+- `devices:read` - device inventory, including tailnet-lock state, SSH enablement, advertised routes
+- `users:read` - user roles and last-seen
+- `keys:read` - auth keys and OAuth clients (for sprawl/expiry detection)
+- `webhooks:read` - webhook configuration
+- `dns:read` - nameservers, MagicDNS, split-DNS, search paths
+- `settings:read` - tailnet-wide settings
 
-## Pre-requisites
+**Premium adds (2 scopes)**
 
-1. A Microsoft Sentinel-enabled Log Analytics workspace.
-2. A Data Collection Endpoint (DCE) in the same region.
-3. A Tailscale OAuth client with the **Audit Logs - Read** scope:
-   - Generate at <https://login.tailscale.com/admin/settings/oauth>
-   - Copy the Client ID and Client Secret (secret shown only once)
-4. Your tailnet name (e.g. `tail-XXXX.ts.net`) from the [Keys page](https://login.tailscale.com/admin/settings/keys).
+- `logs:network:read` - network flow logs
+- `posture-integrations:read` - device posture integration list and status
 
-## Connect
+---
 
-1. Install this solution via **Content Hub**.
-2. Sentinel -> **Data Connectors** -> search "Tailscale Standard (CCF)" -> **Open connector page**.
+## 3. Installation
+
+1. Open **Microsoft Sentinel** -> **Content hub**, search for "Tailscale" and install **Tailscale (CCF)**.
+2. Go to **Data connectors**, search "Tailscale", and open either **Tailscale Standard (CCF)** or **Tailscale Premium (CCF)**.
 3. Supply:
-   - Tailscale tailnet name
-   - OAuth Client ID
-   - OAuth Client Secret
-4. Click **Connect**. Polling begins on a 5-minute cadence.
+   - **Tailnet name** (e.g. `tailb094d7.ts.net`)
+   - **OAuth Client ID**
+   - **OAuth Client Secret**
+4. Click **Connect**. The connector page shows "Connected" within ~30 seconds; the first audit poll completes within 5 minutes and the first snapshot pollers (devices, users, ...) within 60 minutes.
 
-## Why OAuth client, not a personal API token
+That single Connect click deploys 9 (Standard) or 11 (Premium) Sentinel `RestApiPoller` data connectors behind the scenes - see [Architecture notes](#9-architecture-notes) for how that works.
 
-Tailscale's `logging/configuration` endpoint requires the `logs:configuration:read` scope. Personal API access tokens (`tskey-api-...`) are unscoped - when used against this endpoint, the API returns HTTP 200 but with `logs: null`, silently. OAuth clients are required to grant the specific scope.
+---
 
-## Verification
+## 4. Verification
 
-After Connect, in Sentinel Logs:
+Run these in **Sentinel** -> **Logs** after the first poll cycle completes (~5 min for audit, ~60 min for snapshots).
 
 ```kql
+// Audit logs received in the last 15 min (should be > 0 if any config activity happened)
 Tailscale_Audit_CL
-| sort by TimeGenerated desc
-| take 50
+| where TimeGenerated > ago(15m)
+| project TimeGenerated, EventTime, Action, Actor, Target
+
+// Snapshot of every tailnet device on the latest poll
+Tailscale_Devices_CL
+| summarize arg_max(TimeGenerated, *) by DeviceId
+| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, ConnectedToControl
+
+// All tables receiving data in the last 2 hours
+union 
+    (Tailscale_Audit_CL                | extend _T = "Tailscale_Audit_CL"),
+    (Tailscale_Devices_CL              | extend _T = "Tailscale_Devices_CL"),
+    (Tailscale_Users_CL                | extend _T = "Tailscale_Users_CL"),
+    (Tailscale_Keys_CL                 | extend _T = "Tailscale_Keys_CL"),
+    (Tailscale_Webhooks_CL             | extend _T = "Tailscale_Webhooks_CL"),
+    (Tailscale_Settings_CL             | extend _T = "Tailscale_Settings_CL"),
+    (Tailscale_Dns_CL                  | extend _T = "Tailscale_Dns_CL"),
+    (Tailscale_Network_CL              | extend _T = "Tailscale_Network_CL"),
+    (Tailscale_PostureIntegrations_CL  | extend _T = "Tailscale_PostureIntegrations_CL")
+| where TimeGenerated > ago(2h)
+| summarize Rows = count(), Latest = max(TimeGenerated) by _T
+| order by _T asc
 ```
 
-## Support
+A working Standard tier should return rows for 7 tables; Premium should return rows for 9. `Tailscale_Network_CL` and `Tailscale_PostureIntegrations_CL` are Premium-only.
+
+---
+
+## 5. Custom tables
+
+All tables are Log Analytics custom tables (`_CL`) populated via Sentinel CCF poller -> DCE -> DCR transform.
+
+| Table | Cols | Cadence | Source endpoint | Tier |
+|---|---|---|---|---|
+| `Tailscale_Audit_CL` | 9 | 5 min | `/logging/configuration` | Standard + Premium |
+| `Tailscale_Devices_CL` | 27 | 60 min | `/devices?fields=all` | Standard + Premium |
+| `Tailscale_Users_CL` | 13 | 60 min | `/users` | Standard + Premium |
+| `Tailscale_Keys_CL` | 10 | 60 min | `/keys?all=true` | Standard + Premium |
+| `Tailscale_Webhooks_CL` | 8 | 60 min | `/webhooks` | Standard + Premium |
+| `Tailscale_Settings_CL` | 9 | 60 min | `/settings` | Standard + Premium |
+| `Tailscale_Dns_CL` | 5 | 60 min | merged from `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` | Standard + Premium |
+| `Tailscale_Network_CL` | 10 | 5 min | `/logging/network` | Premium only |
+| `Tailscale_PostureIntegrations_CL` | 8 | 60 min | `/posture/integrations` | Premium only |
+
+**Snapshot semantics.** All `_CL` tables except `Audit` and `Network` are snapshot tables - each poll writes the full current state of the endpoint. Use `summarize arg_max(TimeGenerated, *) by <key>` to get the latest snapshot. The 5-min audit and network tables are append-only event streams.
+
+**`Tailscale_Devices_CL` is the richest table** at 27 columns. The 5 most interesting columns for detection are surfaced via `?fields=all`:
+
+- `AdvertisedRoutes` / `EnabledRoutes` - dynamic arrays of CIDRs the device offers/has approved
+- `SshEnabled` - bool, is Tailscale SSH active on this device
+- `ConnectedToControl` / `Authorized` - control-plane state pair (unauthorized + connected = the rule trigger)
+- `TailnetLockKey` / `TailnetLockError` - cryptographic node-key validation state
+- `UpdateAvailable` - bool, client behind latest release
+
+---
+
+## 6. Analytic rules
+
+### Standard tier (15 rules)
+
+**Identity & access (4)**
+
+| Rule | Severity | Tactics | What it watches |
+|---|---|---|---|
+| New API access token or OAuth client created | Medium | Persistence, CredentialAccess | New `API_ACCESS_TOKEN_CREATE` / `OAUTH_CLIENT_CREATE` audit events |
+| Auth key created | Low | Persistence | Any new auth key (incl. ephemeral / reusable / preauthorized) |
+| User role elevated to admin or owner | High | PrivilegeEscalation, Persistence | `USER_ROLE_UPDATE` audit events targeting `admin` or `owner` |
+| Unauthorized device connected to control plane | High | InitialAccess, Persistence | `Authorized=false AND ConnectedToControl=true` in devices snapshot |
+
+**Configuration (3)**
+
+| Rule | Severity | Tactics | What it watches |
+|---|---|---|---|
+| Policy file (ACL) modified | Medium | DefenseEvasion, Persistence | `ACL_FILE_UPDATE` events |
+| Mass credential revocation in short window | High | DefenseEvasion, Impact | More than N delete-key events in a 30-min sliding window |
+| External (shared-in) device added | Medium | InitialAccess | New `IsExternal=true` device vs 24-hour baseline |
+
+**Devices (3)**
+
+| Rule | Severity | Tactics | What it watches |
+|---|---|---|---|
+| Device started advertising subnet routes | Medium | LateralMovement, Persistence | Non-exit-node CIDRs newly appear in `AdvertisedRoutes` |
+| Device key expiring within 7 days | Medium | InitialAccess | Devices whose key expiry is within 7 days |
+| Device Tailscale SSH newly enabled | Medium | Persistence, LateralMovement | `SshEnabled` transition from false to true vs 24-hour baseline |
+
+**Network & exit (2)**
+
+| Rule | Severity | Tactics | What it watches |
+|---|---|---|---|
+| Exit node advertised or approved | Low | CommandAndControl, Exfiltration | `0.0.0.0/0` or `::/0` newly appears in `AdvertisedRoutes` / `EnabledRoutes` |
+| Tailnet lock validation failed | High | DefenseEvasion, InitialAccess | Non-empty `TailnetLockError` field in devices snapshot |
+
+**DNS (3)**
+
+| Rule | Severity | Tactics | What it watches |
+|---|---|---|---|
+| DNS nameservers modified | High | DefenseEvasion, CommandAndControl | `DNS_UPDATE` audit events affecting global nameservers |
+| MagicDNS disabled | Medium | DefenseEvasion | `MAGICDNS_DISABLE` audit event |
+| Split-DNS configuration modified | High | DefenseEvasion, CommandAndControl | `SPLIT_DNS_UPDATE` audit events (per-domain DNS override) |
+
+### Premium tier (additional 7 rules)
+
+These require `Tailscale_Network_CL` (flow logs) or `Tailscale_PostureIntegrations_CL`.
+
+| Rule | Severity | Tactics | What it watches |
+|---|---|---|---|
+| Network flow beaconing detected | Medium | CommandAndControl, Exfiltration | Regular periodic flows from a single source over 24h (jitter-tolerant) |
+| Large outbound transfer over tailnet | Medium | Exfiltration, Collection | Single flow tx-bytes > 1GB in any 5-min window |
+| Mass fan-out from single node | High | Discovery, LateralMovement | Source node initiated flows to N+ distinct destinations within 5 min |
+| Subnet router throughput anomaly | Low | Exfiltration, CommandAndControl | Subnet-router src->dst throughput exceeds 3-sigma of its 7-day baseline |
+| Unexpected exit-node egress | Medium | CommandAndControl, Exfiltration | Egress through a node that wasn't approved as exit node in the last hour |
+| New posture integration added | Medium | Persistence | New entry in `Tailscale_PostureIntegrations_CL` snapshot vs prior |
+| Posture integration disabled or removed | High | DefenseEvasion, Persistence | Posture integration disappeared or status changed to disabled |
+
+---
+
+## 7. Hunting queries
+
+### Standard (12)
+
+| Query | Tactics | Use case |
+|---|---|---|
+| First-seen actor making configuration changes | InitialAccess, Persistence | New principal performing privileged audit actions |
+| ACL policy churn | DefenseEvasion, PrivilegeEscalation | How often is the policy file edited - high churn = governance risk |
+| Off-hours configuration changes | InitialAccess, Persistence | Privileged audit actions outside business hours |
+| Auth key sprawl | Persistence, CredentialAccess | Users with many active reusable auth keys |
+| Auth keys with no expiry | Persistence, CredentialAccess | Long-lived auth keys (compliance / hygiene) |
+| Devices not seen in 30+ days | Discovery | Stale devices - candidates for offboarding |
+| Devices with outdated client version | DefenseEvasion | Client behind latest release |
+| Users with zero devices | InitialAccess | Orphaned user accounts |
+| Split-DNS per-domain change history | DefenseEvasion, CommandAndControl | Audit-log slice of per-domain DNS routing changes |
+| Devices with Tailscale SSH enabled | LateralMovement, Persistence | Cross-reference with the SSH ACL block |
+| External (shared-in) device inventory | InitialAccess | Devices admitted via Tailscale sharing |
+| Subnet router CIDR exposure inventory | LateralMovement | Every CIDR currently bridged into the tailnet |
+
+### Premium (5)
+
+| Query | Tactics | Use case |
+|---|---|---|
+| Beaconing candidates (regular periodic flows) | CommandAndControl, Exfiltration | Looser threshold than the analytic rule - investigation aid |
+| Exit-node usage patterns | CommandAndControl, Exfiltration | Who uses which exit node, how often, how much data |
+| New src->dst node pairs (lateral movement candidates) | LateralMovement, Discovery | First-time observed flow pair vs 7-day baseline |
+| Top talkers by bytes (virtual traffic) | Exfiltration, Collection | Highest tx/rx nodes over time window |
+| Current posture integration inventory | DefenseEvasion | Snapshot of every posture integration and its enabled state |
+
+---
+
+## 8. Workbooks
+
+Both workbooks are wired automatically when you install the matching connector. Open Sentinel -> **Workbooks** -> search "Tailscale".
+
+**Tailscale Standard Operations**
+
+Tabs for Devices, Users, Keys, DNS, Audit and Health. Quick-look tiles for total devices, devices with updates available, devices with SSH enabled, subnet routers and exit nodes, dormant devices, tailnet-lock state. All KQL validated against live data.
+
+**Tailscale Premium Operations**
+
+Everything in Standard plus Network tab (top talkers, src->dst pairs, exit-node egress, beaconing candidates) and Posture tab (integration inventory, posture state per device).
+
+---
+
+## 9. Architecture notes
+
+### Why two connectors
+
+Tailscale's `/logging/network` endpoint is gated to Premium and Enterprise tailnets. We could put a single connector behind a single Connect button and let pollers silently fail on Free/Standard, but that would generate noisy errors and confuse operators. Splitting the connector by tier means each card only registers pollers the user's API tier actually supports.
+
+### Why one Connect button per connector deploys N pollers
+
+Sentinel CCF normally maps one Connect card to one polling rule. To fan out to 9-11 pollers from a single click, the polling-rule contentTemplate uses the **Proofpoint TAP** pattern - a `guidValue` parameter (`defaultValue: '[newGuid()]'`) and an `innerWorkspace` parameter that defer evaluation to inner-deploy scope (Connect-click time), producing one shared GUID across every poller resource name. Without this exact shape, Sentinel silently deploys only the first poller - the most painful bug we hit in this project.
+
+### Why OAuth clients are required (not personal API tokens)
+
+Tailscale's `/logging/configuration`, `/logging/network`, posture, and DNS endpoints require scoped credentials. Personal API tokens (`tskey-api-...`) are unscoped - against scope-gated endpoints they return HTTP 200 with `"logs": null` (or empty arrays) rather than 401, so the misconfiguration is **silent**. OAuth client credentials carry explicit scopes and fail closed.
+
+### How three DNS endpoints become one table
+
+Tailscale exposes DNS configuration across three endpoints (`/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths`). Rather than create three tables, the DCR uses a **multi-stream-in / single-stream-out** pattern: each poller writes to its own input stream (`Custom-Tailscale_DnsNameservers`, `Custom-Tailscale_DnsPreferences`, `Custom-Tailscale_DnsSearchPaths`), three `dataFlows` transform each with a `ConfigType` discriminator column into one output stream (`Custom-Tailscale_Dns_CL`). Net result: one table to query with a `ConfigType` filter.
+
+### Cadence rationale
+
+- **5 min** for `/logging/configuration` (Standard + Premium) and `/logging/network` (Premium only) - these are event streams with `start` / `end` query parameters
+- **60 min** for snapshot endpoints (devices, users, keys, ...) - the data doesn't change frequently and a 1-hour granularity is enough for snapshot-based rules; reducing this would mostly burn ingestion cost without improving detection
+
+---
+
+## 10. Limitations
+
+- **No VPN tunnel events.** Tailscale doesn't expose per-tunnel connect/disconnect events via API. This is a Tailscale platform limitation, not a solution one - if it matters, file a feature request with Tailscale.
+- **Network flow logs are Premium-only.** The seven Premium rules and five Premium hunts depend on `Tailscale_Network_CL` and won't run on a Standard install.
+- **Microsoft pre-built "Network Session Essentials" rules don't auto-cover this data.** Workspace-level ASIM functions (`_Im_NetworkSession` and similar) are sealed and can't be extended from Solutions. To use Microsoft's pre-built network-session detections on Tailscale data, clone the relevant rules and point them at `imNetworkSession` (a non-underscore workspace function that unions Microsoft built-ins with our `vimNetworkSessionTailscale` parser) - included in this solution.
+- **Snapshot tables overwrite, they don't diff.** Each 60-min snapshot is a complete current-state poll, not a delta. Rules that need transition detection (e.g. "SSH newly enabled") compare the latest snapshot against a 24-hour baseline.
+
+---
+
+## 11. Troubleshooting
+
+### "Connected" but no rows in any `_CL` table after 30 min
+
+```kql
+// Were any pollers dispatched? (DCR ingestion is logged by the workspace)
+union AzureDiagnostics
+| where Category == "DataCollectionRuleLogs"
+| where _ResourceId contains "dcr-tailscale"
+| where TimeGenerated > ago(1h)
+| project TimeGenerated, Status_s, ResultDescription_s
+```
+
+If you see no entries, the connector hasn't been dispatched yet - wait the 5-minute or 60-minute cadence. If you see entries with `Status_s != "Succeeded"`, paste `ResultDescription_s` into a support thread.
+
+### "Connected" but only `Tailscale_Audit_CL` has rows
+
+The remaining endpoints poll on 60-min cadence - the first non-audit snapshot won't land until 60 minutes after Connect. Wait an hour.
+
+### Audit has rows but specific endpoints (devices, dns, ...) don't
+
+Almost always a missing OAuth scope. Tailscale returns HTTP 200 with empty data when a scope is missing, so the poller doesn't error. Re-check the OAuth client at <https://login.tailscale.com/admin/settings/oauth> against the [scope checklist](#oauth-scope-checklist) above.
+
+### `Tailscale_Devices_CL` is missing `AdvertisedRoutes`, `SshEnabled`, etc.
+
+Older versions of this connector polled `/devices` without `?fields=all`. The current version (3.0.2+) polls with `?fields=all`. If you're on an older version, reinstall from Content Hub then click Connect again.
+
+### OAuth deployment fails with "Invalid Token Endpoint query parameters"
+
+You hit the Sentinel CCF reserved-key bug - the connector definition is including OAuth reserved keys (`client_id`, `client_secret`, `grant_type`, `scope`) inside `TokenEndpointQueryParameters`. The shipped connector definition omits these correctly; if you're seeing this error after edits, remove those keys from the connector definition JSON and redeploy.
+
+### Premium rules silently never fire
+
+Confirm you installed the **Premium** connector (not Standard) and that `Tailscale_Network_CL` and `Tailscale_PostureIntegrations_CL` are receiving rows (see the verification query in [section 4](#4-verification)). Premium rules query those two tables exclusively.
+
+---
+
+## 12. Support
+
+This is a Community-tier solution. Bugs, feature requests, and PRs:
+
+- **GitHub Issues**: <https://github.com/Azure/Azure-Sentinel/issues> (tag the title with `[Tailscale (CCF)]`)
+- **Maintainer**: noodlemctwoodle
 
-Community-supported solution maintained by noodlemctwoodle. Issues: <https://github.com/noodlemctwoodle/Azure-Sentinel/issues>.
+No SLA - the maintainer responds when convenient. PRs that include tests + a reproducer trip the response time considerably.
diff --git a/Solutions/Tailscale (CCF)/ReleaseNotes.md b/Solutions/Tailscale (CCF)/ReleaseNotes.md
index 87485d6bcee..9d06c4786eb 100644
--- a/Solutions/Tailscale (CCF)/ReleaseNotes.md	
+++ b/Solutions/Tailscale (CCF)/ReleaseNotes.md	
@@ -1,3 +1,3 @@
-| **Version** | **Date Modified (DD-MM-YYYY)** | **Changes** |
-|-------------|--------------------------------|-------------|
-| 3.0.0       | 11-05-2026                     | Initial Solution Release |
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
+|---|---|---|
+| 3.0.0 | 11-05-2026 | Initial Solution Release |
diff --git a/Solutions/Tailscale (CCF)/SolutionMetadata.json b/Solutions/Tailscale (CCF)/SolutionMetadata.json
index 116e0785314..c818a8a0597 100644
--- a/Solutions/Tailscale (CCF)/SolutionMetadata.json	
+++ b/Solutions/Tailscale (CCF)/SolutionMetadata.json	
@@ -1,6 +1,6 @@
 {
   "publisherId": "noodlemctwoodle",
-  "offerId": "TailscaleCCF",
+  "offerId": "azure-sentinel-solution-tailscale-ccf",
   "firstPublishDate": "2026-05-11",
   "lastPublishDate": "2026-05-11",
   "providers": [
@@ -11,12 +11,12 @@
       "Networking",
       "Security - Network",
       "Identity"
-    ],
-    "verticals": []
+    ]
   },
   "support": {
     "name": "Community",
     "tier": "Community",
+    "email": "ccfconnectors.county118@passmail.com",
     "link": "https://github.com/Azure/Azure-Sentinel/issues"
   }
 }
diff --git a/Solutions/Tailscale (CCF)/Tailscale.svg b/Solutions/Tailscale (CCF)/Tailscale.svg
index b7d6e8a1905..f3418621b91 100644
--- a/Solutions/Tailscale (CCF)/Tailscale.svg	
+++ b/Solutions/Tailscale (CCF)/Tailscale.svg	
@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" id="Layer_1" x="0" y="0" version="1.1" viewBox="0 0 512 512"><style>.st0{opacity:.2;enable-background:new}</style><path d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8" class="st0"/><path d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9"/><path d="M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512" class="st0"/><path d="M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8" class="st0"/><path d="M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9" class="st0"/></svg>
\ No newline at end of file
+<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" id="Layer_1" x="0" y="0" version="1.1" viewBox="0 0 512 512"><path d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8" opacity=".2"/><path d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9"/><path d="M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512" opacity=".2"/><path d="M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8" opacity=".2"/><path d="M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9" opacity=".2"/></svg>
diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json
index 50c09195a9f..75474e04e9d 100644
--- a/Workbooks/WorkbooksMetadata.json
+++ b/Workbooks/WorkbooksMetadata.json
@@ -10600,9 +10600,15 @@
   {
     "workbookKey": "TailscaleStandardOperationsWorkbook",
     "logoFileName": "Tailscale.svg",
-    "description": "Tailscale Operations workbook for Standard tier - configuration audit, identity activity, ACL change history, OAuth/API token lifecycle, and security signals.",
+    "description": "Tailscale Operations workbook for Standard tier - device inventory, user roles, auth keys, DNS configuration, audit activity, and tailnet health overview.",
     "dataTypesDependencies": [
-      "Tailscale_Configuration_CL"
+      "Tailscale_Audit_CL",
+      "Tailscale_Devices_CL",
+      "Tailscale_Users_CL",
+      "Tailscale_Keys_CL",
+      "Tailscale_Webhooks_CL",
+      "Tailscale_Settings_CL",
+      "Tailscale_Dns_CL"
     ],
     "dataConnectorsDependencies": [
       "TailscaleCCF"
@@ -10612,15 +10618,36 @@
     "title": "Tailscale Operations (Standard)",
     "templateRelativePath": "TailscaleStandardOperations.json",
     "subtitle": "",
-    "provider": "noodlemctwoodle"
+    "provider": "Community",
+    "support": {
+      "tier": "Community"
+    },
+    "source": {
+      "kind": "Solution",
+      "name": "Tailscale (CCF)"
+    },
+    "categories": {
+      "domains": [
+        "Networking",
+        "Security - Network",
+        "Identity"
+      ]
+    }
   },
   {
     "workbookKey": "TailscalePremiumOperationsWorkbook",
     "logoFileName": "Tailscale.svg",
-    "description": "Tailscale Operations workbook for Premium / Enterprise tier - configuration audit plus network flow telemetry (top talkers, exit-node usage, subnet router throughput).",
+    "description": "Tailscale Operations workbook for Premium / Enterprise tier - everything in the Standard workbook plus network flow analysis (top talkers, src-dst pairs, exit-node egress, beaconing candidates) and posture integration inventory.",
     "dataTypesDependencies": [
-      "Tailscale_Configuration_CL",
-      "Tailscale_Network_CL"
+      "Tailscale_Audit_CL",
+      "Tailscale_Devices_CL",
+      "Tailscale_Users_CL",
+      "Tailscale_Keys_CL",
+      "Tailscale_Webhooks_CL",
+      "Tailscale_Settings_CL",
+      "Tailscale_Dns_CL",
+      "Tailscale_Network_CL",
+      "Tailscale_PostureIntegrations_CL"
     ],
     "dataConnectorsDependencies": [
       "TailscalePremiumCCF"
@@ -10630,6 +10657,20 @@
     "title": "Tailscale Operations (Premium)",
     "templateRelativePath": "TailscalePremiumOperations.json",
     "subtitle": "",
-    "provider": "noodlemctwoodle"
+    "provider": "Community",
+    "support": {
+      "tier": "Community"
+    },
+    "source": {
+      "kind": "Solution",
+      "name": "Tailscale (CCF)"
+    },
+    "categories": {
+      "domains": [
+        "Networking",
+        "Security - Network",
+        "Identity"
+      ]
+    }
   }
 ]

From bc258a66ce88305a5b4700db346039b0bbaf58b2 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 12 May 2026 16:43:07 +0100
Subject: [PATCH 14/27] fix(tailscale): connector publisher 'Custom' ->
 'Community'

Both Tailscale CCF connector definitions had connectorUiConfig.publisher
set to 'Custom', which renders as the subtitle text on the Sentinel data
connector card. Community-tier solutions should display 'Community' there
to align with other community-published solutions and with the solution
metadata's Community tier.

Files changed:
- Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/
  Tailscale_ConnectorDefinition.json: publisher 'Custom' -> 'Community'
- Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/
  TailscalePremium_ConnectorDefinition.json: publisher 'Custom' -> 'Community'
- Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json: Version
  3.0.3 -> 3.0.4 (auto-bumped by createSolutionV3 patch mode)
- Solutions/Tailscale (CCF)/Package/mainTemplate.json regenerated;
  four publisher references inside the connector definition wrapper
  resources now read 'Community'
- 3.0.3.zip removed, 3.0.4.zip generated

No other changes.
---
 .../Tailscale_ConnectorDefinition.json        |   2 +-
 .../TailscalePremium_ConnectorDefinition.json |   2 +-
 .../Data/Solution_Tailscale.json              |   2 +-
 Solutions/Tailscale (CCF)/Package/3.0.3.zip   | Bin 61357 -> 0 bytes
 Solutions/Tailscale (CCF)/Package/3.0.4.zip   | Bin 0 -> 61348 bytes
 .../Tailscale (CCF)/Package/mainTemplate.json | 528 +++++++++---------
 6 files changed, 267 insertions(+), 267 deletions(-)
 delete mode 100644 Solutions/Tailscale (CCF)/Package/3.0.3.zip
 create mode 100644 Solutions/Tailscale (CCF)/Package/3.0.4.zip

diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json
index 76799937700..1f3c0e1bef4 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_ConnectorDefinition.json	
@@ -6,7 +6,7 @@
   "properties": {
     "connectorUiConfig": {
       "title": "Tailscale Standard (CCF)",
-      "publisher": "Custom",
+      "publisher": "Community",
       "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
       "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Personal (Free) and Standard** tier tailnets. Polls nine endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events (includes ACL, DNS, tag/group, settings changes)\n- `/devices` - device inventory (hostname, OS, IPs, tags, lastSeen, expiry)\n- `/users` - user inventory (role, status, deviceCount, connection state)\n- `/keys?all=true` - auth keys, API tokens, and OAuth client metadata\n- `/webhooks` - webhook configuration\n- `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` - DNS state (merged into single `Tailscale_Dns_CL` table with `ConfigType` discriminator)\n- `/settings` - tailnet settings flags (device approval, key duration, etc.)\n\nSplit-DNS state (per-domain DNS overrides) is captured via the audit log rather than a separate snapshot table - every change is recorded with the full before/after document and actor attribution, which is richer than a periodic snapshot.\n\n**OAuth scopes required on the Tailscale client:** `logs:configuration:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`). For Premium and Enterprise tailnets that also need network flow logs and posture integrations, install **Tailscale Premium (CCF)** instead.",
       "graphQueries": [
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json
index d738878d352..41a03fa977f 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_ConnectorDefinition.json	
@@ -6,7 +6,7 @@
   "properties": {
     "connectorUiConfig": {
       "title": "Tailscale Premium (CCF)",
-      "publisher": "Custom",
+      "publisher": "Community",
       "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
       "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Premium and Enterprise** tier tailnets. Polls every endpoint the Standard connector polls, **plus** Premium-only network flow logs and posture-integration inventory. Eleven endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events\n- `/logging/network` - **Premium** network flow logs (per-node traffic with src/dst/protocol/bytes)\n- `/devices` - device inventory\n- `/users` - user inventory\n- `/keys?all=true` - auth keys + API tokens + OAuth clients\n- `/webhooks` - webhook configuration\n- `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` - DNS state (merged into single `Tailscale_Dns_CL` table with `ConfigType` discriminator)\n- `/settings` - tailnet settings flags\n- `/posture/integrations` - **Premium** MDM/EDR integration inventory (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.)\n\n**OAuth scopes required:** `logs:configuration:read`, `logs:network:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`).\n\n**If your tailnet is Personal (Free) or Standard tier, install `Tailscale Standard (CCF)` instead - this Premium connector's network and posture pollers will return 403 on lower tiers.**",
       "graphQueries": [
diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
index 099069e926f..df769cb868a 100644
--- a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -4,7 +4,7 @@
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">",
   "Description": "The [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.\n\n**Data connectors in this solution (install the one matching your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on **Personal (Free), Starter and Premium** tailnets.\n- **Tailscale Premium (CCF)** - Everything in Standard plus network flow logs and posture integrations. Use on **Premium and Enterprise** tailnets for full coverage.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the scopes for your tier (see the README in this solution).\n3. Copy the client ID and client secret (secret shown once).\n4. Note your tailnet name (e.g. `tailb094d7.ts.net`) from the [Keys page](https://login.tailscale.com/admin/settings/keys).",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Tailscale (CCF)",
-  "Version": "3.0.3",
+  "Version": "3.0.4",
   "TemplateSpec": false,
   "Is1PConnector": false,
   "Data Connectors": [
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.3.zip b/Solutions/Tailscale (CCF)/Package/3.0.3.zip
deleted file mode 100644
index f7be2fcb7a9d9055bbbea06cc18da4333718acd2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 61357
zcmY(qV|Zr4(ls30wr$&**tTukwrx8T+;Juo+qP{x`Q|+5yg$Cb-MiMRRb5x_?y9R5
zWkA8ufPjFYfXba~b;HZM)|K&qfJRb)fH41!nmC&oxtgh2iJ6&O*;~0<IoLB;yExci
z>G`<eawh)>78J{PP$y|SKmP7%O>=2Q8{2+W_s=D#bTjK}+LcWSWe1f7inTOnRD037
zF4>~&IEP?DjJ`L?NY&h~Q6)#VfB<FlkMn=|yuuBv3jmy<!8W=<>8PAY`?Pmm1W3UY
z4T8a{G9dS=L8Pc+?qzRn$vmfo7+Kva@7unt7COGZpFzi$CCgi<@zpp}2GAtGsMiFn
z;mp>Qi<oiacrUSL;n+Q`lK<j!wE+saA;+Nw6#MWt+-t}fi3K6VZSjQm`hf!dPP1lD
zPkDC;q_+x4?}bjW!|&HT#DKi(m(<MSNVs>vUSAxY56k$@p`$RAdq1_4!yq*u6YI2M
zucpgZrTtY(Tzrf3*&AU|nX8(4gVE2!)>YwMe0ANC*dZq#AJvoFy%n4_x%oJ^QTOpO
zj_A;4812mB_O!FptLCsYJ?(OJ>u3R~e@sOe+{cXLh_i`iRQsSiQ=0u3YGj>A(kyS(
z<vpxkCr_g#U9_<A`=$2>QlI&Y2Xk+V_R(aa=CVs)x7y(N$;JhOnc<cWZdv=V4bo?a
zfR9VS|Ng3PVCxpfUsT!DFB@?-bh^S435GcWxjzTC%mStqpyoreFG3c!1=t&M+E2fE
z=6op<I|x<nb}f!?L84?2yr;Q~u3?k0R6kJ(<$NN^mTLEYh$Q+7_cgIAlwc7%4^%~M
znHJ$k8;z~+cmrbTPNhcpTLNI|pHWuLawSrQ=*fV9)k61EJT+g}g&XO}4;sLObu~xG
zQ2rZJGA@T0j<GOq2=R-tU>(fA()3!0c6;9>&nSMmzfm1Vr2?LhIKK$F$iw%u6j4+W
zCtsE32!NMHZYlaeqFoFe(yKmiI9$56#*HjLt0tHUE_IXCN-V*sm}1a?epM?|(L(K_
zmxaMRu3P!NH$APx9-5bT{K879N+Ek((bfzqn(Zq}u23o|!V6?9${Prqy8%4u$hP#}
zkFb0AwgyDUL%B3aal1b6YG`pnj#HC1TJ$nV^bGkZaxlxZ2D;?o9_X%9)I7HT*-u}0
z#{Wl*)uUUYD*G+N%k1D9_(s2;GTlJM`hrFxe;~?0-6DDq-SxucXf{<s+g2``n6v&K
zPuVX@LYB#PMkYjbo0%40yZqW8#KO7Qv%(d2m4Kf;3@7)*n?!A1ylWJu%Kf0HOIy``
zJ)i~w<@Of`6#B4?OVoIuY-g3Asj^;i0Tbw7DYn_>NZ+TWgOU`BgoeV(f^Ibr6t3l?
zTnE??0e++8&|bQ72>iIAAAkxEcZ+mV{-2y%BaH2{F$ifiD1KQA=+88N+$;X>oGpc1
zIke8+XCqtJz8jwh%v>F+A+X*^I<P+f93|`elDfbU;LFR;+Nq&PB<&yPQZWG!mM{&q
zX&(s4&yNIjd@|J61emx-%;%ehT?ct3EO78VJ>yc^w!_B`XZNPdct}gaZ`k^HWx_qe
zfOY{t*1TseB*-<Z8YLZ14rO%1iNd8csk^ed43-C!54j5nOIlDyX*k)tT6F>Ui<MS=
zuPqmnfNHui<t~{`3z?+iE&78l5Apb6=8gu!T2_#o)u)&I^C;OjiG7!@rOq3@ub<vF
z$+QbqI#QJ&dDH%=upKFzWUcVplus(wU~#<QX}-)t&@&vM6K@cb-Ek4Qkmo_|1!8d-
zZSHaAb4eLW{FmDq35}!uNpNbC1VKre%q<=;i|S>not7WmVcW+BsL*r*iCXEHyh2|7
z_m2Dk8xDK@d;BSe#aFp_Str$Tle*kFuM^_B2N$W79i9qM3py8NLL)YZNYg&KFwj!K
zYYOz9nkLWfdY^H8)j%!3Yqi=i4<r1ydH+c9*-<5h{rW{>{fdI6*H@qZkDd=0Py1Xa
zd1j{dynfsF=WBOJU!8J0buYsb4SM~`@n3zxq&35?u=g3WRKX}^gplK}Q^OlWhxQl4
z_O{-wfHpU`Uyv&|TbB>5SDKh%>SIxJM^X7z&r=;(M)Dqv;zC(5Xcas&-ONtIIUvR0
zFA0~v=B`;ugPCJ|5xLLWHQnGL7%-O^eSdjKOP$@RV+@~DMrli9bR1xmp83Fh^0B=)
z^!_@$q{wvo0qy+};CmOawrD+htjaHfUO~xvf<y|?f$8uM0OCLUz3U`xME4Bh-um;r
zyzp_gyth$z1w3o_xd_y{V-LS=e<z!6@a5OFa}&t@H;ZkAHbOW?d#Z7vbI9aEkBhu^
z;2t#sEH5)oz7tIdcE8<kh6)oqUuI<Cbv3Tm=flq~rammh`>pgj0zt4{9NL+lHTMAW
zMYMh)W{8sQ;hCi6)9^7E>c$g8;vgJ>J+!u@r&-xOZ$IyEz&VU^k!Gu|M+Tu1O@jqJ
zbFj6$^sc3>_A@(#wFyiTLl!U%^LP|wlv-Ca!IX~qO=)tLB6ZdLZd%wd8nGy+RZREs
zs`lSK3;TVhjC13Fx*SOd&3hl*agE1TCSelDl<|kJ;?DjMRf$$TzASk=<;4f{v~>8d
z%8RS;#t61sCWLOL>l<3KyT0QGsS%*=csU-<FI4BTz8{yd6PGd0nBo44mTGaA(i$qg
z4(pmZtM;Oj#8ij?l#a<_>Lzr2`fV-)`&ZkfhvJXbD0TXU{TCavi}^9XEY-Rb*MXDJ
z9%uQ%tVi1dJX)1WnSF;$s4<U5bvXipn<_g#kE-dO_0dhwBc|6wWWzB7@U%FMeX-@i
zP57a#3y$zQjsEs}=XJ>>MA*901#?MCw&pwQFkQ0!6Iw(ISM{@2_C<2Bi3ANFnL<oJ
z^Y^~XisRZ6HDkdui~YyP^A9T4sq=Od`?4ctm99<6r8*u&1(T#()VLMv%eD~{52XUL
z7kx;<>%YyHefni_Oy+qmB`_|3fI50pE-1H7M$;M@S>wn5#bf`-aLO}EDSWBltO}(K
z+A&Id&3>YepeO{NQ2@V|z5SfIzVmTy%)Bfte}SAU$-t4RKif4^3$iTnk<vfWzS1>3
z5H(~O!7#Lxd2T|vh$XoUt-q6kV|MqA5Of>!3>)y_Se1{Qw_G#Jn%;9pIM13ce?9RS
z>n-0_Z{a%7?WAu=qx{)O<q|wyaTShLUKJNUE$J>dE-E_Qpyf3>oAi8BE@sLrOMBsZ
zS5YvNLh>bUo}h1iASO_&@dg_)7hpxnTdTSjDP|DT<ODV2BoSneWF_rnR>7#KG}w;%
z^<X)nPO5f(v>C7JH7@+oC<fb1O@mY@5CJwXK_ljb;u;moLO|C)2z6A*=4~vd1hqfN
zw2Q<rH`<8k2h(~S<sd~w)#koLn(PB#Jwn{Q*dcp@<}Q4Sk6-XyG>eVwF{H`83Rm0G
ziXR`Z;4!g$Usku0-_q>N!c8!MR4NT%Mw{j05dd5oHL?6Uy64`FNCsja4|6jVqo9Qi
zPB-Bd>Y^^))Phvb%wTZ*liz$eO_4_)w~Ygj1~LMMPTd$9F9{2aClV|TeWGZVDINlu
zHs>V|X61zkavQ!q%M30aY0;13+x-(HWO}P?Ks3rs<>!*v(S<O|_f3TVJDt8shD~03
z@>Catd`L(GzNjk)qzDMu9d^z8%yxt;<_!ys9KR91e-Rr=?z0(&D}-EmRJmUrMELA^
z+zTtOuz0O{-joiTzv?&ke1QU4p=@+nP0>kR9<Jz8k6Yn+)^ED;tZNdB@VhKbvehe9
z+;Mm1to%9*gBK1^0~4<(Fs$d&l;wjjN;|y~mSXD@7^sjvO{3=$I58eODsoxnaEyLc
z4T>NOfs=*P=tnE2b#Mi^I0$?Fan-}bV=7fO5h;s&C8E_?D?7>RnE6u??QZ76FDHB<
z-n(3h5kY^dGGYV-wl2i1%#Ee}i-flL22bfwS@}#kK$)+SG^X8LP`xM1tXJu62<+po
zsMYY<z|#~RPnvt8l#IE3`d=-x;nW!=oT+L4$rD3%ELASjS156+(%9$Pab{4`&D7-3
zieMEVmE<P$n{dTK+FxtwoZu}VHefigaPuJAC<E%G>&V7Zy3E_x4$<A0{Rk3VN#pto
z;Dxm`VfLc|IFjPj5-b_^+ZKgs0<0|BUb=;aw6N+?^YQ?hU4S)PeP!nFY6+<uWiuAD
z71;}-iEf;OC*SNO;UxJrI}_0CFyTJPvS4Ygy@j?nc(U1rDn(AH1;~rQvy0OX$jQ58
zdaH_o_ZDD&6-#y4ImjFkB^Yg6PDnD;K8LC&?tBocv`IJ_Qbx0Q)a3j_M7T%nMK#d9
z8A(R0q8wrx7U)Xb!1w{2DvqFxCr`;Pq(wYfkaA}hd}jzOs1q^oAc)6Pe!G)04MdCn
zM45qkVV%@?)xaF6w81H#b_BTmv<}w++P-3TFM0xdi0}2`lAdrN{2Osma+pMHDG1>x
z^USm0;Jwr+EZuQ>;qA-{({M4#sMr}^2dsz_Sf%tw(xoyaRIwY51fM8~{6D7D0%<qm
z-hD;<Fwc(P<%IjgLhZe67(rj3u{M}=IMNe(sPE4&90>j!7!(}@QNBT70tRg%eI-D-
z5Hh0DDdcTXXRgRJrm!P(5v*B8KB|P+jZ7@srk~P?)Hs<)L&W`+oUdT97RDqhoz1{+
zQ$cq02;bh~N+J5p;~ax=28=4&j%mb8QVAoC_Vv$81x(01y!hbEUq4V4!HfJZ=!BO|
zZG{V}iX=Uw58P17hzsMIJo#*C0mWK>wMO1<42I-+Z@x}~>=6uYqJVQFLJBz07%qSq
zW5aa$*AX~o#>>XJfTe4QG0Jj&dFP%#?l&^8!xhUR9q9t4Rw(#+GQTOaGUAITj#tU*
z49a$@B2>Mmb}^YO7>~whBa2i=sLMlrm2e;J>L@qAVVd-UmcD5kqULn-{3&NG5T)Q|
z6XuM@d(6Z<i~z6Fq%D<}`vrWS^FVX6qgB$eDIFyEkpv|bgoS}sGkh5iM%f9Q&QYH}
zJ-U7|DXre(g^gv}#giE=19pbu&yh-`^^80(GrBwVSDtysWHyCuBwqjY=%Q)g3S(w;
zj8%VmMWPW;R1J3n`twjhxgHyy7-{-~`y(mX`j7kaJe>nvp-q%ex4M{y-Jye=5S1yJ
zPYySgh^})SEyTrDgz$c!Ht!3MO$EGz&|(qTqevd2`3VmitUxhOsX#0Zj4fAYNeG71
zFR=36;8XmiUcvqBF@F%jg*AdB!4Xw4f;Dp?ilnskL9Rk))dgI;V?)}2k^Z3MrGtUG
z2xZ+zOuPQ5uJpu-1H{9#3KTzHbcp66)vxSYt=4<cmuFFWvW&ZTH670eQHz*m=rN0%
zSknh(!O}$tglh!qWe`#$<_xq=AG&$!MaIg5kxMJMGtg4-zmgiMpIi=M3EU;I`H%eg
zkw-)eR^p|UGY5l(FE;Z*GLUpD-#d61D@bWk*d-Bml-I@_C((1SBXMJLh2+|%x>(Ev
zDdE)Ol<AYBHKRsbL0ex&5{*4Lt_r1%_LgIJqY37cX8ZrnI9zOYQB|cLp(q>EMk`KE
zBY5lN1P{vk*7G@{aLk7rX!Gvf8mSJbX!|wjI_oXTAr1)LFDua7Dn=BNjkL$s>vCpQ
z$nhGTpH5B2Xb!UN5sQ-1IV~(rHXw<hQBycYh5-(U`CpD|i0}+Dz#rdKPmSMXv#zSx
z)rc==h`_afx+kHXRh6$f)htFxK*P;o6G~MhAB$-?ky8+tqsC6I*xo7dw@>Elbq5_J
zEh9EU7KO3q#L2tDg%n{yLsDokQ)jMb6H(TDe!pB1j?Nw%__9_;QPG!juU%5`)YAdl
z$Cy0&NxcGY5Wma(b|54j?Scpf?u27b*IV{??Ec!5&=A(6rsZC-VpvORbIFuD`X_p7
zF;fuQuOg43q~g9PNeTb0UT}15kO!(x{RH&af7&CA`V5Fvj~n?(<f|>Vl$TQ;iP@mr
z5xIw^r3#p-6hTFR78*m4I^Xj*y9vCES+ApsUK}s7Po65va-iox`dkbiYthmNnWoMy
znQA8kDqV^1-=bA2Imz(Ic+RjOyixZYDUJ#1NlBZ>&<7-4s^g38li<SGR@5+t&q5r8
ztoEiOa8~Bmz{>#YULnR49m@g^SGB2_?L-e75#@sN{H2`8r5_hyXA|T{Hq6OlupFAT
z0+=s`qQTO0^gO!SgBBUc#b;}3Bf05`iMb8AG0U$n(JUE@3wykRC^1f9cj%2#X#v%(
z<7LIJ-ZIS7?sq`o4ePCF)wPR@{g$YEKEL(rTw7Z}T;T01LPF$dL|(ZZz24^Xa1z$G
zdt;3G0(+s-dNM#gt98p9fdb|_O6eX@@l@i15#t09B60pU&NW|7VtWOJbe{FWdL!v&
zKVr@w`O2_&?Y`TR#}>Mw6#{hIX)*A+HzCW=(nX=+CxD_7aR;6;)wbmQ7Df#GW=6`&
z+F<>N+v@2<zDDB=)ZsSr7Q@vB!^ea(w<u|i<c2`D_V-gZhf0(g$Pk_APXK0(w+Tx_
z42qAmbn)=Cx^`wZF}4o?vfdWFv_H2^NV#cqa{jQ`L^a5edF)&9Vo=!kcp@d90h%p2
z#cWIz$#mpGbvQPD!t%B2m!!nm2Vy*0w@z|*EE8>ER18aQj=D`s+}XhhG=WcdOvwtl
zF$!xl%%eGBc}0P)si=b;XpYZG+yiwUmDB3$2q`M|@?+n&TQClUgo0YO`Aap7-_Bxs
z!v5R>VHt~bbBTsrl;AbJ_I?#{F@VE8#ZU^a(FH5B#q&Mi4;c9_zL=%F#KC!*@i2EK
z1~YB!Tx_YQG{xBwSn2Vaba1Kkio@Jp-;-N7b5kykC1T|=xZ8R=NqCHK<Ot$W-3mp<
z*AV`IHD#QnfE9C+?5aMe-Pv*VT*dSh<r(g{z6ey5pI(y72J(uNA<xNeUmq395Bj6W
zT<4edYaG7<($aXAKIug(ZEP6v({Ziws5pQJsdRtQC7wc!z69ZOA?j*BYaI(Sp#XDo
zH-!%(!pn2`$D@O%pZ{is@8%1dgt>W&xGVI$)Ks6z4$PcJ>N`jVbl0Q44xR>gjbZEJ
zrUpKlOw_!ZP{$?$`q?e0G~Rq^J-c#fUf7~{Ty6a7=$XxaSeH#*OIsOov+vVtZy8z<
zX@IKp577GCJDUTI+M3-~Ix;lgPzoEG@{$59`wJp6hYtGd)w~Z4KO6X4Lx^NyQ?9PY
zbr%H}>V>A1SmfrpguEkZ67f|(pLuRuQ^2VT?D{%!K!4~$(76MhZ>b%KV~vk7?+$4;
zyy@reABy_+wm-EB1~TK%fvS!cH;A-!gI9EW976-f;Vcti%N1648ck=N3>YF+jzR@1
zPL37{XDNT78-uLF(X6!5(ZxOfO8Nkc;#f`V<6l$)^Y+F+WQYcN)r5sK3>*$@MMc4n
zc`13`w&`-Eq%3}e#hVDS=i_`xoIwoeBHK)Afc*d^Z<q%HQcF1He!b=@@t|oo5PY^3
z+@f(8Cc)VeM5Z0tf^#V;9t8Z_$xs^TR4gF8r_ZZTf{#XcK+z-5Q;=#^(L2hz3EX|H
zHSfOHfcI?!`|BJH4lV}yc~4w%Q)rQdE}Z$t)n((gr?>uoFK}yT_S6%tj^NJ==icRU
zf}s**7*5OGso7HghD1`lTn9-i&QE`;ig2~BWDO-l;pB8VE;(U=Hy=TK3zM!6CW2ka
z;~jLSTv$mkWj)_E{T$l7auMo>#fbo88a4?V&OU;=@A8O#D0_3`vOhI`Fog%A&+*z1
zX=PTE+qUNG9s1?68qmP27V2~?{xOv&O{R59T{JtEaN88F4RxIZjJu9mXI~X(S~^c$
zeZGP{HTVVkyF!yHbxzl+zH?1?SMw_c)kWNqt^$f@aR})=W?ndfknJx-9_U3z=LApZ
zkl|0uom#SXrYI#d9{8cL<p-FERS0If$@OVf(>~}88n;%XdaV)7aztzznJqrh6Gx;_
zXG*GubkE<^tcO*viHwx)J_d{@c}emW{ZnDJ2QQk(-q%<D9DiB8KUPeH_;f3P`%o%%
zWB~I`jng9bQYq0_QPhpUO~l#yBZlUcS;$}oEiz>oCW{6CwD7=rOFx9rX`&g2XWi7u
z(mz>dYF@0;fZ;kNnNAuyZ1!o$*?-SNU>2+ld*BVOXgL*uWk}8gM(N`42kRP*88P=(
zPN`Bn&46Rz8>N;Pp!ZDDgxyju*$0oFIRYC6v<VlPvKd3V%Fk@O{X#pQcgE18-Rg(I
zl(SBjkRgSegGGq57(XrVaOHydbya&Y1Q4%!7p!3z$*TtA=suG{FY=^`-$BB$&Q24`
zqrrISx?TFPTFCum6y!u^2Y5(JZsW}=IwuV7Oe_p=QLh^GSkA_iIt>EU*!`V+p7>gN
zodg&{a{WI$$zbsGV6qkvT%au{D^9M@>z5{LjDQb%E$z-kThgM`zp(tG{f0u;Gsg;M
zdTjvbx$lc<VVI%}^RS2yA}Y=V<(J%rx5H(Wy+4wUq+z+{Y4BjNE@X|PqzFJA+0mk*
zd!#FLwr6FVJ@2n<@+}nL6(YjKX>`@b!0-mRI(6jv+j27k{@(Y|wIFtWJX`Ok3w?I?
zY86LPGEjidv!pe&zP4E{1&U0#Y&`q(D5Zd!wG2o=Z{cCXBdX^o@f58+i+GFOI5Y3o
z6W!x8%D06_0{6qMqesG@b%I4!<9nt&^Bmhev-y2Cj<nU|X!<a1@y2|h?v25uLnW(N
zvi%t)odX@&XMESPf{KGyJtW`5W#Sj;6nctp7mu)pXxf`v-o}jTx<3`pv<9@&JLW<9
zblk+vIsAY+#HQLH9S3&g!s~Mk=sl~#Uz<QR4Eslmw;^2%>S1pWm?s+cI{Ft~bin~(
z!}1Y-=8B|p*4^FYVg1A+><#IY(-vlC7Q^&UF8Dg~756qQoTaet4kl5?F&y%=uIp2@
zrgI#ylj``gAFTYS<7%i}W;BLtLwN0})ppYqF;|=+xnWyMY_TXrYw?eLvrf|^@fLyv
z-J<2B7)={+R@%HchcXX7J{w1=qbE8T0S`@u$64h`@Ve*SG$IXosUZ?FHgUZ~MPD_h
zQ9c)@Q6qqKB`s-4L@T@tNsvEfrh(1XRA5CVRxd(EX+!%w_h4*sKT_B+Jw!AUII5Ba
z6DL>sZnF>A`iqE^Ee?g-0Fu0j?;F$|*NU)riH4X3=sXf%gJ>Ra=}v%KvNewggK5=U
z56R0HQ6Q}XRI1Fn<YzPMly*+}=kG&Wk617Ud&W7*ytzNlLGL(RXV0v#BFF&F#*2G@
z>+(y`raYP-;Ye6yRHe?<jFpQ4AO0rj-1!&n9+>4cGXc<dl^(FrJ3A4cFR<@5Y_mFe
z?f9Of&$|S{`XFI@PLH6^9-}=BJybqz^{`b_<`0C>Jdr_gM*KXwD~k_3Ky4K$8MeKj
zgr><nY6cYKjC}r;fPfdcyFESzF>mp7*h4}7t$7z)X;8;_aLXYWqjV?dF~h8wP1dq%
z#>MOz7z^phb!#SVDvqGtoYzsTJK#I%=VN-nLPn#$Ru`A$6JJXw8m(%~>g#ESQ#Wdn
zR&4E|qqZmMHw&QW3c7QF^u3)+uw_f3UEvF;-_OtUk>5@;p_{XXn!iG!%Fn+&f3#LG
z@Kpzn{B!NJ`tk{NKgT~HuveX=?GF0g3CX}f!Q)@?_62e_1p(Hd`bz<2W%j1GM$5dW
z`S<Iu2ESkYG&@a)dN-f-NbCVW$1e`wh>HKeHl#F0IHle^5D*6*6cF;iHl&@AmA$H&
zoulo)X5{}hATRxFR5m1=Z(qL9Rk|ypC)Rgqf#n-dkcj%UY$Y8z$hvgKG;v~pweHV@
znNPgFKXmvpt;l4au^bN%nRNh3WgV_BkFGP1kFGyEj8Ju784jC?!1}yGHk`stkBIK>
zuQ^x1?!Uz$2BBN;Oiq*R2Jj;tzUAwbw-_~Wj-=g2$V4~rMLQU<;q34duXJ|YzIU{t
z*Ew}5iR5n~?|jdBX64+vKz{CKKv4`)A!mPnzJifNY`Ea;brE5B>TT9d4Z%pC1II_1
z-or1r2BCCkb~rX?p@)~ww|@{CZxERPz+%e`7oI>&Z?p4hHW9#X_-Ig2N;^-Am?|5b
zzvX6!@9uJ@00v0!oS@c`{Cq^fcb`~v8|+MM$UVZA^jL_{Y&VbuZgg|ZMB;fa`<i`I
z>%i3#4s!D&MfjgVSBXpS3#5N=y&=3VI`$k*Ty)&;+UAwB`HIPRZch~ho0pwH(cTB?
ziuAFFB9KxtsT`3N!Hpag5rTQqkOYNxro}OjYH&GQrkqFM#~Y;H;C#yWvIjp~<7O#?
zD-R&Sa%O2@?4jN{oO^f!BH@+Oh5SWJaIH6q&Ph`|AM-OSZ#qELKR=<w(F3b*UmTtp
zOBh9LQm)Qs+2#7U&mJrGcpwlsmIaYwm_uT?Zb%I7Bk)iN(<VkK|3dwx3(N#VdmE&H
z;H%3pmRQrw*jeG^{K*e$iMA1t@7OF0xu9IbbiNI2{^+nNB8A*I2*eS<*+NPv<Y4Dp
z@%RAlB#{@wHy#LlCxePu<0A8H4S_tQKH%tk13Ku|W!w<LVC$drB~kWYRmsUGB*gvb
z3m0s$`d!otXzY-iLebta;$tTCw&sn@RuG5xtUu}WSYkmsr5+tpzBiWS8{QXKZ-@D9
zVmz~%OaAmomU*a@NPu#92DPM*RV0%DXUX;I|0=eAOyGm|Vp~jw3o;Iell^PYFV6Z4
zo4uoPTEG6+W!tmbI1jVe%Dgs{p8VYA)77}U9!BDhj(K?fF>QDgV`d8-YzF9>&KlD@
zs^49!>g@p|3_=po7m;aTC8fB?#HJ?UXjT(`980TCyh2^h-<_zzl3sn0YP5uG_3}%c
z*q27U@PmU1zGPoHj6>RjbnG5(V!v}mpt9`3&wn{JS%2sa6He2BT(#(&NL801SJJHy
zga57|`MS8Oc*+YodXWPoRlX8J%^p;IFNe8NnHOd}<}GD760;#PQ^0dPTc$`1Jn<e+
zQ}UH}=q&UF0d!5~s^9q-s%@qgp6{a|xBteQw7C<n$%Q-YI*|2QD|iYRB!a<y6LYWg
z({Qhw8msrp6iBkcOrX0EkFl{4gj_LhbpJwHKP>i;i7l+I4tQ!tnq9K&!nS#8u;y;$
zMo0DW@Mu`6e3@#RYq&~#@u+F<UK#wl_kUQ@Z#I6;Nn5XJCkEhCW2=Irkp_sz&X)9X
zk@P3YbpxGC9Rt(1)Gzqef~g>lrq_oL1}4p>Wb>*7>M~9p>R*<1XrM+7I&;~GG4QXz
z#kCB=-{MQjBDuLKTB`$<Kh5(zFRy{_7wS39is5!FX)Rd>fc?Hze^lJZuV*zscqLb_
zOX=3h>FZ**+dd*6tI;;usZ6W!+@aIR_G{j>#OY~jT-l^7-MPFnN*?I~oIKRazpQub
z&_;SZCC;8~Y2S6%gw1bu>lE~Lx!G--k$d>0nNO{<PRONPra@n;jW2y2+k1Hst~?v`
ztlRB-(<gXbFcNvNcdi_7c`G?<z(V_N*D(fdE(u%NZ`)1oZiRE)G$nsY)ER6vT&BnI
zH|f+bO-X05J;yqmwW$+NMX%Ya(|UDpcnaK{yEaU9#RYq6ApXO!L!0T+rka}Sn!@hh
zSUlEKZ|c?X6Swx$-M%`I?r>PlJ~H?7=(SD!_HXETIafn}dGKs|1L>}r>*2WJh}qYp
zCwug2>j3Mn3Hc|ci#No>1K^dBcB$qxRhbj#3{ZDS&FN}*9{)h!q{XE;8>lfaQ=U55
z+WKEOx^$3k&WVd=y1IrQ>M^8U9<FP!yFa9JJhY@rmTPk0=jlL&j<z&>K8~c>p-r#7
zUzQ%cG%9@Tw*A!pXV?&ZqDP;4e7x0z-Q86&)m2-n#fek8wnM*yJGFIR)AJ?Wp)CWV
zHFL1l^Zz(C{%7j*|2V(lwzpRPBYlM_`<THitpV@;#rlKsxB2X;evZdWj5e#~e|-Fq
z`8V>PaM!7u<IAf)Do|=FA(#a)8VIVoWOR3jS=8gQy{`xsRH6YKXZwxgL8He}YVlkh
zvkO8j2pXoG{tQPyzufva7^_ai9bebnZ~K>N*Ds+uE<1xWIqY>{M67*XxHu~Pvh~)S
z?CX<p94-%A_{8J8NQ^_DJv3BLy?mi<U#}rw<__1wP`p;BiStG94|3ti`+nkXuMFYf
zr#s%=CFinQ=(qAm$ah;DhOu;Jq8%?{JCDjTPi_KwP%E1sH4yLqYn3Da^Ny#x=#)c%
z;o^9UlG|pr$0i6l!{cZI&c>aIex#T^r`%IL$qfWhwmQt7@r0c@F#IozDChrJ-2TUM
z`TtnR{+X0da@*5c9pcRWvuF{sd~BHM6UXm4Gh&8>Wb9kZ!H|D&xvd@GR2NDK(NZe0
zUY6|Hq0(@w)2PRVZ{8&9`nsp>UfJNJF;81`PKfvVhavtyjKBZGfX@9d1}WEnF%Zb@
z(`|Y>mFzR+l((;X`;V~3d8UtcF}cDP&I}4dVtB$A28<C9^n+cv=yQ)xcC{d#Y6B@C
zn~U+rx9zQy(@dyvdvyN=v6<_?@&>s6Cok@Q^6*CfUl8@nD73i4o2(9<Z((ys&;F}z
z?0<e`{l~AJj!ZX-f8TF+8j5qL9_#-fzQ@$24JM-_Ma4qzcTY_5^x@<0%!B<Ql-#lZ
z#XRM|F`sJ5B9qrY@1Vr#4g=R*Q2xJ6uyFogCQwxTUnV^4Z{Tt6XwJ#zNTEz`qQY<Y
zgVb78{onGla{tfslz*N>K<<Ph_4j)dqB!I_U1)ysT`f0iGk9HK-DrHkH`}My^k|fB
zo~}50?NnwT!Bo9ue`yTocQjy;EV{#VJor4!l-@4<6^dyBV5inusieb(_uyD%!#C@)
zKEEGPRK1L^)+RXvc9`79@;ek96%v{N!BjONK^SHitW-KH<#e=G-PJE1QYony#{!$E
zR#-;_RWB3ln`{P8FVNR7aQx%Tu*J0q5ZbABlZCdTIZd^t9UDXq?_FQcA-no-==S}9
z2MC50pDt5GP}SAN65A4@@pHpM@wH>PaSj0WgmiNF+U3o@#v6k~S~!7O4!Dv!Bq;s(
z^>pE7J%^drn19OUzD7^aXP9wW)vvX!|M_MxRd`8jH{O)&+4fW2W^sAKXh_rLo$9By
zxGn_xAM=0n`5a~)cc17U+>^b(73<EF+#9H@3WNR$d$CY-H~8l$nSt{QX`*q#`zW%!
z%JelRfMfQrkVA!H7C^1?^alOkc7PRM8gO}y|7K|wy?%2LSO5^16%tP9WaTt=xg7jA
zugQ4DGpGr~Rj6!b8NG3HfR|5>&Zan9a$P&6*?Qy3;ijd8keTFeV?+mpr&z_NZ>8K;
z`IU(P<Gq*%Af9->m?~$WmCl|Lplg_z@}Hr)d2*Lpt7Y>!3cssPV5aNz5liV5zZ!G>
zKSVjL))^}fH}T92z3!b0wehZ1riqW?8viU+k2vRr&4HeLqvyyXn^J0PgYuAI0yhi0
z$)+#j=BkP4{r4IIj#%qAwHY!q+v`2&-sf?;o8+&2BOEXZ{r@mb{g+`%tF=L&!_BKQ
zc0GUY->u4PhUm*V;qqm?{m-xQhWAyX!OMYBoBv42`mY4xiD%M@at6fXM1ZF3dL}z3
z%FalXj7Lw72ysX!OTAnE8ZQl!ID=d`SUU0G0o7)KY3ZdZ=)!=F#OlPpBTWe&hHP+=
z1bUhQEOU8+_d<WKIY>POV2a{5jsR~>)Yv;Cva8FY&;48+p8NJ+I+$C17ROZIOfuzj
z8#|5+a|w`Tqxp3i7Av_3DI1y5Qh=81cu;=Ohb=`NJ$=fuIjdE+WK%C&vcliFwu0Ca
z*%a2O12HZ1HrHyPAf41*BI)WT_rPycD1}2?ONF>)!n=|NundgS==lA#hbLk+lE)Pq
z0MCr7DuMT5ezKCTa%rOHHJWl1vj))5)6{3DQ+|-?GZMMc^m;)S&@XN`6n#hvY?P5l
z##~FZ)eFHfQ6aoj3i<NiN%RBdh*POzFyw4gH6r(X9M`{x*2fOIxf-W;khMi;@KG2G
zrQhM61+>e{%BFO&5slx0!K(yY?mStX!ga^USS%|QKjrZuMxxdM+V+7}q*>%aBm1nb
zWkzb{(*-=;Rmqkl9?QL`J1AN5$psW<p`R*NcgZQwV^U1XP!=+|+8s>=<W9vnGf2MB
zh9<M0WAgb_G{x^8!FCCvf{u`n$fN99G!_umzC%V|k_mbh3U!mlLZ~>aovboff|qNH
zy~O%(*6zX^09|vj5nzErP}?N@pY8W2Bf}pL#1GRprB1$!#XqqIoZbZlA_t8kcWV*R
zPW#&hD^s1^_RAXw$34tU*BfoWN}lh&OSqXVFD@xg^WX^M+8peAU1=A&d@OJQg2TtV
zq;@@k8-|8$fS|!ftI-XA%jw1Nk($k7aYN4j&U(g$N5boZzo*xdH&-uzSzR;Z0OQKB
zQ-l3gn|(s<^PLi4%T6or`mEh;W0m!sFuSLXFo55KC+%6w5%FvP0&xm<9m`<x8%i+1
z`y`;Fdj8+(cRS;~%jZGm;o5k%Wy;&^rhB_8Q33J!=xX5f;R&+s>G{k5qF(tzm)*K9
zWx>f}vogTnR%6CtW7eUL-=1xzt8V!1%A&?)1A(!g=5lLfWI^epea<!yPb+UD!6<?t
zPMfk~Z|H9Bbw3jTK2uwJSGjm{gHx9>lW@|8Vb^o@TF}6okfCuyFqJ~;{k^)%y8WkW
z_h3b+E#C5@aSPD@T=8sjQhhi2Vfs7rPhnkGU{9Al<dqKXr6R(Km&V)kuaCXY<)-zv
z3OQ(-iVp!>UONCj`m}k>^_RET^ZT%`jh2BtP0PlYu35XQ!U&Hm%P`(B7~Vc^0OYNv
zk%g|(sj<gK!Y`v=@w^qld^4pQAI~OVpRHy9LIvEDe`~XmKsfM>H5~pjV@0}W=Eo1y
z&T5!)d(Vu11Lp6Xi+ZEErT;Q&?Qv6hCGuW?*Q^d;wU0eHxKVGG!&Tb_M3!6F$$8SD
z=SwvBthcuZe;ZuPmTYi05&-4@TdOjcd+b-kM=#x^?gGRCH(tze3_rgOpO0f?(`=;x
z!R*qx59tUFn!1$dfgz`ZJu}abY2}k*JX-XV!&ktyinG+dft|+=`k)N9>w)vniY<N#
zS+I@C&9v(;*$;xQkfLAqhDCk~se>iJjbnje+nHuD8|$59`G~YYEqBADrl>|Ev97zz
z7%)_KNTrG{lDiHiGApfqhl&wIB&=sd=R_;SlC?+(-_GC8<EI<(SK1hEbeeWARp|F+
z!<?g4)qjMz*sKCa`Ay};aTl2{XUPP3cmx=WQl{0Q!B^LfurXy4-H~Fm1X%2Un;-|I
zyqG5YSR)axA16fe%;sOj%?-z0K>iM-EsCi@vDSO974Hot3fo5~mWNJ?AbuJyZk(kg
zuz?|14Ch;+AU}lUg8E86J;k~|NCP5GB8u{(EUw~ZdH#XicsAM%1IrGTZHC%TpPe&<
z1;563`a~&t8$$MFwUy2V8cPl6&O$!h3jBi5Mw*erfuZ60Mj$#zy&+Jfit-Rmc#Qgm
zSD5H~f_jO~DT=rGTU~)i1JALAnJ8aeRxIzYxPTj7PN4(xi!Z;^XT!+Jjv^2&D_e0N
z{QGc*=GI-JuP6n$Ii4aUWIbgi5hOehN-i3r>CSL^0>|L*Jz_eZMm-P`VwFM-5i+J$
z&Y*^Rq60H6U=PXern7$YaN@mf)R_{BJ5FMmvY-gzQ)JXFl}Qv*XZ>b9STC-2;OReo
z2>njmYCC<RKf~}~!DhQM4s@&V*^iNX-icS~dkA*Vq8k$Y^B(+7As@hZiDx*(wtlPa
z#+nf%cwhuqjdo_#@+KEbqQL*|`RCb-k%6lav2Cqf7O&yFWV1hl#Neq!IhS!fjocS_
zwsu7htu}9v&<NbOP#i{&L#o_Nx(Q;8*b~2c1EqRFQY0M6K!@wN?pz8CiS9MHOFu!^
zkvgb+icHoA#ddz%Jt*XCoW@-c8y%a9@wkEP!}G(81%%ZCSA#)q{F%6iC5-_49U<hm
zf!_!9Ub{d0RODi)VGQkJ6-ACZ+#1)~YJ5L>z1rk&BSV3=J&jSF9udLmXfDF~9C6QR
zBhzOc;#)SU3zPgRiR_rwb5{q_2(|Mu*c`X?>Ft|u0PBu?X-QdOY~C{{;A!tF|EiiM
z%R?#M-TH%8npzDjbU`ZlK}iDcRuHPJ>I4kMTm`(~DWL05c|ci2azPK2q9F1)84+3g
zgl4+f2`f~YGavjw>`rdY56%p@CNUK~k*<}^rz6a*7=y5Yk;Zl)wXrXD(sb_QIff=N
z$c8#W-u?{){&5Luj3jA6xc6kS^8}H|{qRHcBk?2R&xK`}Ab_%12I|c97ZLaNHl53`
zm-LuolOpF53(l62WjLk%O!5xg2-BlS=+hkb5!{H9SD(n975p<;5%r4!iIqO8m*_I}
z4`yUh`l$g@xb#j;DxEyD@=#WMMk~zSouOq4<qaO12?7zgX1{>44dk7|x4<sriNUBx
z575&vl`sSte!m9S`L8AEBeP-luwkcDufUN~r|`TI$h%e_s0|BsYZnGFle)i(aS(()
z%PUchj74>Fg<uVfEJfq9E`2%*-62o1&_PTLMX<f0@oU@Kc<pJkUZ&hU;1kGqGL<p(
z0mLmPIKYMA4-2|%Nu8z$(L(6*3GE<|yGYoE=j(<;0zgzTLLBSOOb^kx!O-HGC&was
zr`g<0KY6j-`z5#_&tN;yc0QtTHx$nN+>58TNLgG&!1#&qR4pAy(xdbs1#o6oSg6M%
z9g#&)_Ilh*+@znRz<psV(fVOQA5Kt%w|n#^sqL#G<Wa`JV4?|4H%P;l5)s^Hk*t(6
zgW(Ek`ga>B=Yz+qDAp!1IFrSGL$wVVhJJqaf0EKqd~jkD_;HXD_TQG`AK|$M{QHd#
z*LL@OWbHOfIN$@<*MMrF%LRm%F7LEUzRMhKxP%O4e#BE6m%|5f6$wk-TWf^+Q4f{5
z_zve83xYSPg_oC~8%K|3$WAFY;VWebK>pDDJ)Wk-vb6$_*Unup1X66l(9&={XSry0
zx3Vhzvsn12k_E(d@btKCa(%d5o;zig%$m8)5QFlh_eUq^=5Oa^*rnJh4bcE)Eg0zv
z8Z)+uOu!#S8E6^m-$GFo@fnVRr3M*S+KX!lrW=z5usNXTVj~>947`Bk6MO+-9i6{H
zIy(EZ`#^ai+~1tUZ^fdx+dXmq2P2+$3guKJ^!+s6rC>Bz{!Bu9+}@-w>O@>ajdKpC
z@Ph7<292PQ)|=Fn@KlaTM@D~FTamkyN2s`j>P?Wiq6_1rhV8NPoJm$wN27*_u#96&
z3s6f(cmi@O;@m{Q2FPwY5LL=oLMJv-lWj*9N!{m1qzrigh^Irt5FJi-#EXUMZ}0E#
z-n_SM?A0={AV@l_<KuCKfw5!d)a>`=cGvI5(4#XJL_1Q2%VW8Ny&K!p7JU{-xiX>Y
zZz?Ju(OBD`m)AQ<PFV{Te2`BOt1rLmEv7j^Kn6u5ge|eodGuDAZ0~vCKvujugpq9)
zUAQ@ld$qto41!gsQcjmpsnZ^gZY&sFtnSecUSFrke9xAXdsR%@sW45IeE1v36%6V#
zCpfiMxH~$jPE5~eS$lJCk$f6^{r56Z?sIDkSh-S6niG9sP_H+<+7OC^UuK-&Fyn6f
z#vZQHMLC1Yyn9J&^xRs_mO_T4?B%3@y&9=S5ljt1Xl+*}2E;@T+Uu=Sf{<fZMLB>>
z1FQIfd3|!Mwx>Zx5F<oaV9onnE)gJ#KzTo8CI7l9mS}?gHhLr-@e9bw!X5cfu{~HM
zjO91ym{W7bbe^}?P;sB!s)<h)X?t1!kHH@jNA&Df-o+Qu{foI^17ni-BuWWG3I4U)
zdz6P=uLT@2SvTu}<gzkD+3d*U-$?Y5<Pz2|hp!>|4D0k7)jT{@<T-XZ3$Xh=47b-Z
zrp9O9t9N^v69oos<irB#e>zhplQb9<`agnx-R_2Bad64XH(o~iFdxB1MCyv>?yc_`
zo>O>7f5|n0@=}2MT(QBX;n`S?&FIJ<Gt{{Od%?y}sCf7w(|uMykPsOORB9h$@p=ly
zf%gHqlqm9mtu~imgZ4ra>n3O~Qe#0;njnAs5j)yFkP~^9=edhWQs>LXpsOs>xikC@
zfDIGUpQOTox%Fej09j#d4X_VPjwv;U49TM)yb~Ruro@L~;$HzkyJHkLt=7j1pfno_
zRR+8xA<gu;_XT1R1cBZbYpCBJtIs(y&7_`HwC{k%^0JsuQy-w7542Ec>-n_WY`)Qt
zI6^Kqruv!BJ*=_u?|)>2wziic>I%|ff$cL%yzPct<K-9|_8s$IntqW3N7M|M3^kM+
z212a17a_dm#lq?{cbeY`WiBG}wP|Ac{v4;y6cjHpTPPd5>oHw;+0R{oI{5}%<9LL*
zM1xFJot&)+nhQP5=S-bukInQfsg`J>!$7&X(-6S*Wz_{oggq%zfvM=N_a;ykT+4s?
zmH)z%5`jcIKjaatZFOgai0H$gx@y#f!l=K9$ls{o=qMfjHKQ-0N6~=(eON7f_nUsx
zR;vX>3ni(MOdTs>v&&;hW#F%<{|-oec+6J&b`rC02z9#D+f^g&D2C1Z%u)j*J=+rQ
z1grph0zXhRJ_7K_1Xbh7naZ({CSL>#^SSrQL?gFWv76xryHx=OVhrIkN!<?#%Tw9V
zXw(5MCp;#j?Bo$y2oAncADHA$6uqa5p}Fp;9zx>3zb~p2=_Qy#lsMoOo&namjg54;
zFv#ceSL;>$-{6nwvUt8@^tN7D4%x^=9|v0x*J%?k40(<O&B;3g`RH_D0_1?-X2CX2
zO!55G1`ti)RM8V$IH&tZheEnu2Flu0FSnQqum&BEKYD2u<vCr1LW|2*1U;=b_}r@m
zkc*!EVaKDeJbw&R($Xo_Osg%tWwozY2@T`};#Isc+#Cai;f{;)a94nG%PQ`s&=}7y
zfv3yGy<eTX7D`q1IfEW0f4&Ia%|a4T-Z72aDkfEBlSB!cp!A2u<x4c)3c?mz=!gR(
z!s0b$w?vV3H2mO^GuM1PBm0c~dry&^Aa`E}z#oRhBO-Z^h6#C0LlKfhC8V`*nVjuV
zhZ+Txjf6=y2TOpu2Z7Che&^ib<tLy10qaRC{KAtra2YVfg3yS~3A}V+mMiD-6%Nls
zPk(|m(Hg<GvmGuli=}dntjzL<&ta$p`4KCa4%MOM5t|=i{~j%#B)Fg5XSNXbBwx|c
zwvb0SMe4U25Pc*@j({;{A@?8YA={!V8d%KnoE8&^XL8slR0>i*^noIa3>ai`3IP@(
z%`aA9k;mYP4X&eQ)f-mX2hNWS{<*P=;BbXfDpI~F-fwvLoSG#be-e+WF%ZATJ4G7$
zgAWsqYL7vOw>&tJSvfxkXNkj4yFVJtxC>F9DEc%CQcUJgD@U1ErioakLG7-jmqn5<
z)g4RILaIUP8fn~1D$d|cNW`J=ni8CL{?T_U(>+QvipQEP{#K)lOnYKNja(%+&CPC(
zTOfwoxS{M)QaTx!+<!?vwvsisO@Y;tIulAB)+deKts1=+7Li0t?gjjZ5>j)&G@dv#
zBY8kAc>wIH$|UiXe~Q|?bvTRR3A4_nd}QjoksTqSFJqar5f)wpcCJBlRr-Tja^sYn
z|3Y&j2~@gCgDGr4<CXFqhy%uTv>1_wB&9<xu>BB`x@XiE8%X|WrTJ;-ZZL|EjronG
z`rqS>%o5Q=s_`3L=z+7D!w52GY6^R{u);_(?I@)xvQZN8lu`I(;$IX>)Z|5e_bs^`
z%ozOC6%v6zjVEL=2;7Zeu?XN;H6y(g6)b{vE7_nb>EeX1(5#aZcW9iIx$h!1=L+bs
z%tJ$Cw$&P5(lj6O{wLGu5}3O$P;Z{!V!nh{a=-!9!1Oku3dLYZ3i%)^tB!N5hUV*m
zggzL9Z3AoXZ12oUffG7Mm7K(>B_<jSDF+2(XGOV@<6gyo=9eh%k(5qTPc3RE78m#x
zt)h0`e7>N5Uf)VAScM6S$jpO4JfsOF9i^q1@+Uu8xg7Ue1EWGl3mkC<f%WHzwKZ7m
z>u5hpU+JkLtYTA98K2K+T`DT)3bJ$$M+jb`ghuCJH2gS~boo=%tjY8%Xv^f~4y?}*
zqsk;uS{A)5s!u0Ney#Oi21n1i-ghTzDY5F)#$+!>5$J4}?hL(?{``es97}Crm4(3p
zu5X64Ah`v2GN(8izT}m{(WNM_W|SL!nQ}9mwE9D;CGkXmo~eZ;M=B|yv(Rxhw@3Y=
zHzTI~4$L;bzkI47^d&ziXL*G|H$1EQoHqt$Py7UF-_6jfD4T&>O)DU!rM1-n6l1sA
zNSsQhue&(ibrDexZtivZ9)!c))&}}yj}4i>(@sv0lr-snzjft59I2#$h*wmFfiTeq
zW~37?s}LKW4C9<CJfM3?>@3)K(4jf_3+W^6f2#f|oaR*laiPb$q6Y3@^YL#Ai2FrE
zK|W}Dq+bka*?Zq#Z7x0DpVs8Xa^_FsMyik=ljM14<<9&yf%<6d9Rcsc%x~~I^q6xi
zO%-{X-M9S6=UUJ`nTc;|*9bHyKnM;@ga8(u>~pW#`CIKd_M!{++P^=of{0=CiIB!x
ze;O{mb@hl!rcz6G1^T6?*xjI0cn$-0xU@t|IB;;=Ziq@|Pf25T-_d)vIqVsqml30k
z;3*`R9wV`o(M%~Ed8*LdTaoS|oZs0@$8P0hqy7ZtnsU9?g|fN7^lsA89Twcsy)^QM
zI3${+*R_+r+#~(H8%vyz^x<W{PGv!Kaq3TR?>doS)sK|JT`-0a55u|Oz__S4QUeCT
z13lmU=`(5_Z{~oH5{sw%X<r!ac5x!3CODdH2^uCPjEWEsF*v5pH?oIVw2?rb54HA1
zftkAZ`BYHaevZPOT*;O~>1Qfk^3bGc+-edmxKPi!N+H2w6#5&hjmgu#suI(w?#es$
zXZfNH2yG8jfqte$SAis>tZpIos6djNO@*eSYl#8Fw0nAIjw%xOBZC;aYZI?R>cmj8
z)&8-DQurTAF~DM|WtLiAJ9P8Bvr8wWMamVWvg2J^O|aPFq|IK8M{gGLs9Ph5)iZxv
zfpHzZ>YOyx6k}+4;x#3T*lw75>JvDIqz3SFaB(6ekbK_0`)5AzA)_Qv!7K2ie(L8>
zh_`U$Rei*VpEVlTpxUa7q#_+$1!9XK6obRC0K2{|UAh+GxL+hHQVi|yC6F)ZPNkGs
z!K8duMS5wy@#f&-`izbutyLrbE;dEg8@+wQ(=VGo(!bBKm@k94UM=mgc%AwoG9_gG
zW9K4P-gc33ytYX@9YA_r&R0xFsH8DeJi=2fcT1RRgD<7N>1k_c+WK;@nbqd)2!-Bf
z9p;um52AVlZg6<EV6XAErU1}4dg)57HM+Wt6`70j#%Th@)7bzK=b=?+QMP2A0yX|V
zV2tme`Vk!^+RSr{c8NX;%g5u;$12gHp=wJcYCuX_0wZasoxORoJxk*+kX^baJ?6A>
zI8DE<COswCZ3{$m2HOA`^<zA8F3IT(OaD>gan(Jcm^{xa$Nx6VwJG`XhGCGK)EU#h
zoXfQTQ@f_QBRV$d8NJQ^mIrCaO4VfHa}y`kU?KU9<R`mHKCLtHx7|fkK$(GBWg-g@
z2;uIG54x9zkLp9Q{_jnCb5^32&A@L9m7j1=W~woeR+|pvz97U?ARW_@-Zp<ftks{b
z0f9BURE8NI0OP?*+;&C8tY@vF?{krHZu`rLTeE$9&eL<dmjhhv$Me-(rC;}tB?8<!
zPZzW|<-o6ltDFtSEg1Ic?KO$3ghuXHNgao)u8A6ttC^KnyHy`V`u9#JuO%G7=|%Z#
z+w;-;7U_2jp}szVVA?^!>f&<Zb^_qFS)=p+adwZvv9;aa=wsWq?X1|=%8G5<c2;cL
zT(NE2wv!dx$?5yqc%QTPsd}qUf11^OeV8>zb$8AG^&4ZpS8b41_;@SZxM``DdU4xs
zaXdx6g_>Spj_A!~%NP4#Y>M=}youZgatvcO3G~n8ZoleP|9QACjd?Eqy4wC&?Cii|
zvuV&><Ee3@Ia~<x@pxx?^Zx9!>GJ8>X|Gu1R*Tj=KXl&2=KPyWxUqD<!SSGF6^lD{
zZ(HHu`@Z&fvw0x00><n4_SSik-<C~_QbP6Q$!IlSqHuZ4!rj4}t^0?mO&=?*6)(->
zYlryx;r+pDm6(<t&)3QM^uf_mhs6D1SdIYTtXu48US8N|t4P;<t=+0>Kg&N?+bntS
z__65<7|qWa^slQogx;57c#;M@wpF@6=X`(kG*v!bS}66epLHW{$ZOe1{BBq)@aoac
z>FQ?Q(OgbVgt>GTP{U@}TBt+Fj$#gF1`d50-T~%SUBy;IYhT@ZI#67VKbW=vnqfU#
z>i$$0=&{kb99aOQ+nF0r2P3t7A$5D7PV18H8hWuHS8%Ijo!+uTJOR0QCxbkyEh~KW
z>svhL9dTcjBb6$bQMd=MFC9zP3*zYR^aW=cTBrmvzf0%Nb2u2P^S)QOA5LB6D<S<$
z0kt~I@`m8Y@*z+oyFMAP-<tlNFQ&KiwB79imTtPZ6H8(7&^@0YEqz|}Y45P<?vB0P
z-LTk3H6lI4#pPS|o}``dqPDT+27dbsVykuYo4p*cr*my{v6X%mW-({v#`G`>@8IpJ
z@UwCR#4r&Ux|8{D2f_NkVqhFRo6cLPHPJLPb^Uf*D_HO(cNUYNo@fT0ji-1Kd=#<O
zCuEnnbEI^gLqMLySQ^!Rx%wgKHKI?W>Q3S<Vv^(@z$BV@(AMnTD1<+NAh%ywcyN!x
zeWsmEq%su)9xy9Cipftu+S(T*_93^O7^VPgb1xx^Z$9%lY%X#vMDu@wUo;aBs&N1N
z0%i<%j0{7MgrpE6STQNGY^w4za%mPq#5~ZQaPz-0QJ>#^%|2M}!~qn<Bglh2p`A3T
z^k}VaV2+JIQ;b9y;iIuZ5M;fzs=HHB!J(9mL^%K?uWbK;PfqmElHgt{`W3ZJ4NRP`
z0`)!yB!LUMuQ4dP2(5jnG*S=!mcnoQ8IooK6K!rE)I9{5v_r%dwl@bnIO5DF1kPnX
z8^2rRPV~+}MzW4H5c0c55;`ncHb56TzISySth*g&osEii7a?4YV+*(hL8QNnGDkvg
z-;U(32n9$jU;1f|A=)NVpH;IJF(M>q?;7W-5Y{W$au%>qcTnh8G%gg_L~rW0dMz&7
z8S=oRtfAv({*<rzMw!H0wS=p^01*L;4k=zQQ-A9no5K$%-gTpnI24?%p9dlA;_%>M
z#J6Quzeqt0ahbN)_p|nJui^y1zk|_!I^r*T@&5nKcI|<g13mMNgoP{YR-0c-r)(aE
zA7_gtAlUGjNV2(sZ$k(krO2%OX@L8iuSr6Ylpq|%|1;bz2y278z)8oH3FG$lx52fs
z89I#LsyljL#-J6cZOcY0`6t`G7TLe$8^~RV9ww3~C+0kth#;D%T|<ey>57mC`?ZP=
zgmsVw<FwYCsPA}P8#cx!l#S8H0J+*pCwCt(k+3`kZT)rmiTAUCb!8HgDzli$=0Sh5
z>m(J_(9|^kl_-f5`~fJ-lads2bQ2Eg9(Y~O0-DdilpFR0C<`~#dzx#h4F$*J%HwE~
zvy^3@oU$@y4AAGwbZP>x$f4kFto|cl>>89As*BPT>?9Yd1_u)N{9Emn^9}QEpbtpI
znH@vy&EB7o0|k;T^PIeqe=XmTUrV%e3S5ZL?G@za1hy7jh>^z|c-0AfBTx|YvkT}@
ziF`XSPwmYc7_KCu7u+E4;T45-<+ZzEc`SrSt?132sWJQsMsY36iO?$O61Joo?R!k`
z`Sa)l_O%)_Z~I3w5D<4@js1GipX71xgE$Z+FrU#?*$w+T;;<Gek=3i(UzwU=gTE5;
zQQ$G2Dr-=URD`uM{mbEEU{#EDLD+$<vRv7dZP`gZXd*A3@z$B7pnnE%3BsCDYn}9_
z?YJta?&6DF?aV@Rs54_A9&?R~TB$Z?yNImT!&rr3SPDN)2Vh4U03Atif<4*r|H!uv
z+glT@#ylb76`dC_0)?^RhgE7TI-Jx@34t(}o)cC@c5c77PcUL<`7E-V>Kv3+rK6~2
zR$Z>>cOSV~${Lu?G9thYQ}#S8B8XI)AY+X(A2$;T$MAsbMkE+&7;5C*;2rSYr_<`t
zngqob$pXn!tq)@FGlne7D7wb^%_e%0_6QUZeUq9Mpo@!QC+HJrnP{tFMX)z!K$4p%
z^<54p!QjEmGm~x`LK_N`0VTgojtIQsy1Mxa7DQB~q9~IN5ADB*WL9gHts1H^WSWv7
z-Y`L}j3$=e6NMEmOUTY-Aop&Ik||36!7`Cf{`!8sc?)TkjL8CfuOb+NLmPVvrN!iA
zO`Vl>NS#ki$wU<ttbqf0N&yw})rWxfT;6~`%FzPvRvR=0>_Xyn9Wzn6H81}cwXq2t
zuda#QIvp}@bycDVS_%o<%j22jEjsi2AXk=2{8ysN1C-1ji~v^N4PIBgl@$_M|K<m-
z=fG6*Ev;!;(Qvk5zGy%s9U>@T$7DB|t!E#oEk>v}SPCCCdW(r0U#K=MIcoZ!ESBst
z@~m#s)n(FHmbyUS@o_WM8ghKqi6pdVO}bq|U7Y$zHq0pQpsb0bu};WVTMG)7N~as}
z+D7=eq+TK$1P%+zVsQi|BGPyI!o(-6h4ZVq7Uke4eUU~zIzE;{y|nf6N<hyMq~b@_
zIz|*LrZsebyEytMjy=#=&Ra)%{~CRi<r|0oi6Pwe!`5@9i7vAfA&7`lHwA-vNb^{G
zUb!(hlq##M*fLABhK>2lBqP`4>n@a{Dr02CZvX4+lTUk3^s<Q3a6HkTpRi3s-f=0_
zH6hWgyJ2f31Z(-Be=h#$4s@13OhtcUGY+;trLC?ScFYs{Xx6tOc)1iwV5aSwYjEan
ze$xITt8_{<ao&chk735?MVZEFztjijD9*g2^iPAx45E4;-JNXANj?a1<)k(veE!9h
zgU$j4C@EH5s4?WfqFGe0Os2x}t=B#KQ%@mXzmY3_B<{1DFRNWomLn&yFhDXJDi26z
zCH}>r0}cIIYB}WEjDDRUSdI@>iUnoXjx5(o#O6!9d{3y61f3u}e#X75wWb?O;wAnV
zK8#Lh7x4mp!}ImpW(z3K$RMCrO$a1!W6!B)T}JzyiAx4q0dVbfF~^9q>QvfjS;bG`
z49XQX9T3O`HYqE)@28$zz}9&>D#=_KUMrZih_3oB|GR}wzVx7a$w$?}%BQdr5Qfqp
zWZ?ls?WeEz2a7^wpc?Wqa*MfJy*a)PN$Fe84bThyNPoXM4hZI<L5%O?>qVL+pXnPO
z3hebOtno4aW;>siS3fC5D*vwojXSe-OV=rw@>j^_0k()hq4yt+pszlcGXnT5p18l9
zNM%UG)JpubC6|ZF7ZZG<xe;y+H{uY$xZplXcCiv=Q2Pv6_vYKf;}Dlc%Yj{{!;Qc>
z^;5E79?UI9&2V&&eWK|kS?F@IGEIIEW6vsXPY8-XK#T22H)y^htrxLl1yAb5!R9y{
z>6)X8CbL-J>NA*Z5~z=tE{HZ|nMcKHdhcbSV$-q#MUMMYmIV_F;@0Eg4&UcbG`)&D
zy8kM%JZ+%-)2nTMc&Cq`SJ40b08(-2>$uJLIVjmPxUKu%{)uw^_*n`!bSO!uf6n4{
zpP+c~s#V)r_3b1Jq`(Poo(5K;lQYeRJZVCcwqeW!pJk2O55~LJ3?i4<51WReJ2{9n
zN7AL9R<eFa?vO$yUmeZv+FrMVruUn<hO8A?v@=OGeEB1tmES2*S1aj4ZoKk0xDv1w
zDjqy_>BvVQzn@iHW5r3Oq=vU3-}e?a>>0MqkpL=N1dis;=5%!;X_9Gmfy=v;%GB93
zB5xpMLf%J&tH*Lzghc^!tbKyw+N&BpZW@*77+8iQau)4GY@*f5<lhe~TU5I}eXV-f
zn%kutDA<;W%L{XSE1lNzlKOxoD|g8ST_BNmC%uExZ=Q>gOz}iBuuP?y{@^P{nciD_
zb0vOSH-hoPxiUE4yrbEMaHCcVk2hfIdkkXV>OXxV8Ci&q+1!a_hS%T)%J}RiG7!yu
zkJ*!viERhaTg_7T2Q0pxUh7i~!+34{iX+Yv^rdn_o9y?nfrKl#$Lg@rF(U^KZCebP
zrq34_`b<A=J{djk;k<yA`B5;p3w}~u$i%d}Oit3+YmjU}LP8#9A(-FzrtPVq!yD~J
zdn~ttD$i&jz=h#L&`Xr4aS3)LTa(P}&yWrf4G>MG>)U%FkiLnm+&ZNuZU($$UvqDY
zF)&&$ulv~y{BCQagq+X+LT+6=a%ZO>Nf31huSy}6X~#=<BsXg!N>`6N+{zB_SxN|2
z(WIB^K1dMN#{JIaCvQF@G~Ceb^(2#cu5SG7T-S|So~gP?=e&{LVk~dZO@Q<*zEB$H
z=XnGAs8Z&uX#DlKqqx+d&qRCK-MO9(KRZ*kvG+D9-NaaKIWyDPJ%2$xm4n>~`K20>
zt)fZ&bX~TJItQf&<LiOW3rq5(bnfQC>Q;P^syw2gK+`jSPtBK$`;73V+Mc7LdG>Z)
zc5X7boSdPj%g#7*dZPMB8B-(rtU>)juJY36k)+nn@57d>f0{h3XYo-y`%-@TO*_=n
z81a3w{LE6lEWN;3UXqJJ>Rx<Bx#(jX?Ea!f?Wt-}eA-i3ka~-*hT~hj7r8#CH%wiu
z>gg->_+cp_0GL={aGG48NBvg(^Pzmxht{WO{#oqIiyY}&dZ*^$Gq&a$Jw*5HJ-J&C
z$EW7-NayVR+u0`<Uy0M!#b$J%^eYG9hE0QvvfB(zkcKC&scbWy@gWKB#O0qHK{9}{
z1olvDeH7M5MR;o5)S|0XSMyocD4Q>THvc>LFamse1F7neqxY}r$jAQF6s~sEKpuLH
z8*8GwljwUwaED=^b~15=omw-kW#6k&a(H`%<YeMR^*Rm7eZ82mJbbLK@v&&gb(979
z(4n6;?=iK3SY*uYt8&b2^l96-j%&K~a^%n@=PO4DKS*0n-PVU>={0y^r$GZ{%DT^L
zL%APm0WFJU1MGVBkuY}N4lurc<i*SLat$Krdk^u^qivzH$8xz3c8~1?KVR^$(eM2R
zMD&BfE`gd%7pKk2mXRqhBmK=5yIAqdgHH)3{n_O;xmg};ejK}<P2V%sGKZ&W4oknN
zsXmEyPpcgr-7YJ??q-{TZ7=h=mFS6z<uWln&Y_+r#+7S=+tSaQyFZWizFyK=W_lrd
z)l&z$TkCdP1R9qIg_a!~_1s$v4(H8vW{U!BUUmXso>$H^mkqlFZ$m4D8JLaC-DRK1
zzF!a1-;OH9xdJYojE`>5$EC+xLwOdNkK@}OT}s5c1Q!z<p>rqah_>gK@1M&$#mjA$
zivZAdFx{&7{jpk|v(ucvqv^G2p5vw!eZMiIdeV%qtF5xy5gS`t_~cNy#?4jF-9k8k
zz=zW$FFz1@P<T7UYz3R6p>d#CKC{EFNtsJHV@JR4xp6C?=SIL-v(1-5De>@8S7+Ag
zqtrK26JU!!_hi&z_4`uca%5WNApUtwAK6Dp%MIAeZ3|(&MRheFZ~DIa?lSgi;I+!6
z$xa~?Wm*2&XVrDxl7}X13S;a25fJM}zb@BzXDOSvytj?ppXJ23oEk@QMM3`<<orU|
zt?Qp|Etnm;Y9@^BkHK@32X)Vps(HE`d3&{)uoTGQm<H6QnNT3)k~s?gI(I?5f8xy(
z&EBk+V(-X^W*ac5;|Jw-U3=G6{L<C7(8liv0WQ-jOS4U^nUS3;(@c&(y;jI_GwT^Q
z>NLF3y3dUc4&a|X%lQ&5PKJCyyntFspB%E@^qt<fl6VLZhMc=Hz|p_GH9tR1k&dzz
ze)+OV6+R~;*eGjKUWP^<3=d4)JY^S8i*c#aOpo1KZIvD-4EC&Fb<>8WvYZYdebsO+
z5C6zE!S!-0;n{Dq-|Cws<*c3TrgY$zMMKJj>unEss}5~$E@~f$3760IcNd9$Gq!>i
zdeBd&o!b%De|;p5Y~d6aO$$-K8=(>sDRQ1e8c&&BUY<qxtfDXfHBoI88!rN)4x86~
z8G|JH*GLCZhY&?2r5unvGD`2uZf=||LU@TS)-j^KMu?5|=}qg&WBY83!BM=zCoArY
zk&t`T7x*Lm5p7&s9|!U@0zjyP3@~tltLO4QC%?CxI-@t>%50Do`^)U@A4Fdi*P@~{
zfx`=9!ydpG7eM?2B5y|f;<RY}iu~t#a{%qd%tQ9^b0H1p<M0u-j1q9ekBmg|Y1xxJ
z$a7@O;907Eou@*6cIWSo!Hnzzg88~wXC2sGEcd*F)L`lK$0u@u)K4UCZKe?P?{4oS
z*ijKKk~0}=+_+nrosmo)^{Tmq0jU6A%4Ooy^w}6>(wL?B0Y1Tl%&FT&T1#WFraTgN
zoa<6kxs)`OCT}6?e5kTIL8ipKx~A|*4i8J8uam?qt~GAlfy!`Kw||PHzO@}lkFCwE
z1In1H$@+Fs75xLe`UMd)Kd+jVlsC!;Ru@{9i+(FXxGsxrgfDQ5H@I#1wq#D2mc#xD
z{|w%{$}f$>2$NSMJE*_EV=PdWq)0p3rs6Fh6T=P5V;RCv1}H%PNpuW6W=P9{4NHQF
zWax}@KT}d)j&Nx~+AJohS_3$KZ$=bNw-ZkN63b)K04qO~NFr~67oHJ{md5|JvVH|6
zibtN))76wruS1WBXty0Yc;FRnjcd`Yf%&vbc2h>oc};iaXv*o`AV?PmT!Fi+xftj(
z_&(Nn^vay$6xHOkOWe;s9XhrcmbT!KjzMtux?1b5e80y+zPaKoduOD_M~E2K%}j{%
znlD#k6pwpy@G3c4F?3JN^7-}TY+Ryi>dP-YpYO>ZT;f%wAYuLo_W2(9uRS&oA%DTV
z(yZbi2B1utYI4nSM+5#z794k&6s{>cVRyIc!G6S71cEnCTc#Q^Kb#24g`eZxhLev~
z{wDjVNp)=d(}g-V7m)fw--2+$*WuWEkCa)10|77JDqqoGzd!7mdI@~UpbR?*5pD(`
zcst1v)YZe=(r=g}xTj^I?vt2v2IVAn7@#^@&%yUOwICUxc-C$~95Tz(FoQEr-2&1q
zEdGKUls<F`!Zj&B2Qn$Y=@Nx-k9!M24eKx>^?0bf1=>$R7{%ihV(}`N?iP2k-TVjK
zT0-ZcadT%6LnVXrQ(Bgq{G_wX`1r58ek^jTfINj47+>Ks&GOF4*%GF+b`enm^WLiD
z!Mm_)kr`n1)sh-_vjX;ZVgjMn`<s`Fsb9XfS^Tqk6LJNar<}?GhC%Nv9$0}I6oR3W
z)WC%4tYP80LHTI-1-(r=BkNFrM#3jc)K8qA`@s$rtHZ(2W02Gn;w`9VIe}H<#TboQ
z_*(kRr-8l@^9IfodZxDy5oN3T+wgHlW4ag-L>BG!gV7ghL#1TP#w;t@dNHvCq}7IQ
zdD$V9b;F{cmd&zdoDbTP!<ipHg;V=U^MZ@K?4U24g<7#JZ+{mVW?e?l4J~OGg|8Gi
z#RaMDCxumnmCO<wmLqej&qWUDGZe*o$}?lGI|eD%o+4jV=fL|XtE~k^IN^o#A8S)N
zb}^5X4V%HygpSzBNQOHr3ENmJ9uzr&AHR?Ke6?{)t5=-y!4HoRz=uiPe*BU4yvy1v
zS~zLw8+cAzZ<Vl-#K<_Wh9kv3ev@bI*^$``PC9#;&>wfLB;NLa+g)TE($ajhkupe<
z>G6hf#3a$s+90J#6-dm>wa@Kh@X+VqB81{_<L}cS$OpyC8RR;aX#hs662thF-F_h{
z)zQf7(f)t4UAxv}u<5uDDuSzB{vM@8&Sa>Gid+smND?YagIdzo(sRFS6MsyI{Scfd
zTyUlTTU4W;2GCt*#UHLP0{ZZ_VG6U$7&rUNDL))}1yAe~J~QJ2_Ven<b|R8>;ryT-
zdaWOD!|Wd^StF82(4pl#?JZ$K7kY?8KzJqW4t4Q@D}D@p!guXS#N5)lu1ZFC3{sPN
zir}+)3_^KfbG4{Lide^AdOOk%WD6`Vgk&PNbtZ`u1m?UmnS{u_l*v<%acJ`Oqp;BG
z;^Hlo`v@{}aEwM<!L~s(jjsS+8v#94iaLg9{)ZWgs#k=`k$h|GW^a>II)-$>udj;-
zv^tC2>4`6H8yl~5FK~eq=S~9bO+!aLTx(lBqz5de3LXf5MSSn$&(rUt{ekM@6vON;
zopmPa$Ih9cP&o5*xTp-%JsC#CA2=fgciR&Gc%XE7k`z03e|%0RGsqEGLZd^f#bG8V
zeR-%s9)3;?dJ4E`SatJ&x2MAViELM9A_9g8J8`=vG-T{HReI4W=$t^F!Op6jsD*9S
zWplVBxo)0iz1lZn>xZPgmJh+>zRV2PXpp<UGlc*zuqsY;BmzZMH|WqMpg_SHagob}
zi_#w?s0StjmA!;sUE7d7aL4%J`vb74#sr%K2;rgdR}ajDK?odhhDiM33kf~;UN<Ix
za8#>4e_=k*Bn5OyO@Ctj-7HU?q{G<^=4(#n3fwUH_%=BcXcO@fn5>^PoeSLIBl|DP
z1$O^ml*`6)K>8vk3b)^BH3FjuWnukal1utulIsr@dBIXG4s2&T#+r6Jfvfiq-1`$X
zhc#dc3J<ax?VP-mK4JMV10#?5I95&ykZ{p$mbMhGfu@1JMfyjypsYg}(@O}@E4D;{
z;6jB217SX-XK=z?Z};zf+_eAUa*f&7uaJ)c3_U$Jj7pSd1c_KyM}(EohXIo(;?HOG
zxBA8lssFJ|EITm3o@IG|2NPt4Lk}d-49AwT5P!(l?%y2O?(k#Ke!jm9!;tXq+tAa@
zl%iw2@`XN}5HaDc(qLA!JWN{7`8pU+q<@Ir^eHJbEJW~IDI)MKo;4<1*dFo^WJXUD
z@El_`GD_2Rx8NXNxN^=<^=B`C2Z`ZQps|<WHzu11)0Lb{95>$y=1pK1I+G5K2X79!
z8=VEb+97%$5NmXJ5C^P6Z+j7T7!~GP{d)q}`mY54fu+5=eRCxyK~U?>pOE#Pn4N~s
zQ~Lo-<%I6Gbxbc`Q`ETvViiWyMS~aZ`djy#1uKyIOy8UAS1>1N;3-No3k`mg{>R0f
znREC>xn33J!+Er5NXPfeyjX#(THuJV=lMUOc-8D;TLcxSbrd7B2__E*gTSqTK!}so
zv^vBF3`Qd{42jiSs|h`AbJq_Oa0vOlpk2~Co!$~FScc}B?Hf$yV2q_ihZEEdcpa~|
z(G}o95nsXKe&8^;9(YO&)1eCG%Z|4i(HUI`DD`wV&MMb5Fuo}BJ^@j={s6;cEF8=!
zRY)f^xWyYEEIZF;962@)Uk<QYDe}?erSn~lZ2XEGT};Iw1>93=^J#Z7F{dWNS)N9L
zqxyS6<G~9>=)d<<yE_r>L4!V%@(4esf*0+Ky@+bV@$@NyOw#)XO%!M_OocI<^S5$v
z)e}b*t-0*9Eyj;@>L7Ep=m!b(^ga)}N}TX^+UyzMhYfvP?-iM2?;_`8YSJ;Q{~y++
ze6>6@J{Hgl+EdghdDNsuNAFDz(~Cl*Ku)t@cm^~QCUz}Mr1^|eNeg-b{##2SYyWH)
z8-IliT#Hs#0EjArBV$vE5vq=U9~T`iitq`K#E2gKvK~dkhXyNQZ)&x4I5K8VM&>>X
z%UPhsfgfh<S0(U}t4M=6IHt}W<5O_@k5+do_oA{$ul>3*Rxw!jPtucARGbV<g5)?~
zuGDtx6>i5`K7_K{U?R>rvDTMAE^qvr;_>BfXa`H|J^R>@be_|XgLHp)fd=G%AYN{&
ztJ&+>X6R=-Dl&NaH(10IbZ=g<Q75m+5iyc~eIa&qPDntD8DJ$U?jv~IaJge+az*PN
z`C&XC8$-Xc(l`&Ifa8<6HqqbW%-7XE-yj7IRr?AxN_-*twCb<a%@XfF*Y6|Zvj~Td
z5|b8J!eg~Hhws1GmH%`=w%u0*(%lDY@KcW>Lr{=%)(hO0p7lj2t!Xo0f(xP@mJ@tx
zOQTTI?jjnPmae@Gs;fMR;ovx!VaXun7G0F>f#~2-4)7~bFxxjp<rck5Q2Id5`kE!4
znMHHL2>$KtQ|xkl5`jRRiOefX7_+p&jU>Zz%X3BUkqE&p+ZBEy>pTU1EcZc5GaFHz
z3k1DS$SnIY36+PeFjwldHxq;q?|i9f$}P|qD#ZX`W<90XY<VJ*D#@OhkbYAgj{XRW
zS1!S=Zz_j#u!_0|gv=qRIn8uYC;y<byK3NBHc!>T_#wlkegS4K<x+1V>HU^@=Xt%H
z$2iYqL(HX2zWwyUi85iHI}V9ZDpx+WLlQSov-@BHYW4D~9=M*t$jZP;PEL)ao^kX#
zNB)!~YW0X??QpqTly-l6N9(Im{RYFBr1}5SWpR;_4o=kjhETYZSjpf8GAu^axzI8&
zLCGxc<!BAC<`5H%|L)B2lK<VAF?#;DGb<H-130r?j&eIgM$2l90=>H0WCk!Io5GWa
zN+Ws+{?RerK3tIQet|j2A0@(}P@OL5@ng-*L=3MY(u^!_s{Tr^kJdiOVm&b>NdF1V
zxaA7|U(k#t(sB$MM~;|^BwW={Ibp7{*xb<FY&>2{S>5>}ogt^8^r$hs?o^74y<sJm
zkJ69wAc|c75VK#M?~9!)xox0i885A#?yWZ)&VVDLv{h*67Ex2h?~i&IHAB|@uP$i`
zt~Iv@9=B?ycAy@K(UE(~{dY+#m=_sna}82&6moy}JG8X^kjNZh)`h;$)dnI2q`~FV
zx!7<J?QNQEU+8>1k8Ou^yl+`~#35?=Y1GH$YW{d%W8qR!0VACfZudG~#J|@cUB1D7
zA0KlK2W*g8r3+<64*_7MNni(KlLA4Yn6|KKH)8M5r9yZQg!lz6<a@X6^$HO?fsSdz
zl3ZM1Io&L75jdaeW2Al;4wzawtC4h?dw;GeA}VY>q@xGVor{wWw6*C!iR%_615+G5
zWYDwEd?>Wibbc~t$hSu^(^?K&nJ6YY{xzJ)eCSa3JABs;;7-4D36T;aR{4;|FFLic
zgnNmgRMd&>|Nj<ecjE77Dnm@eY5;Mj0{8FYZ2t2KAkMCUe}H)>_o<Zu$tWD9V!)P-
z{r2T$NK4Lsg~au}QcG)0Zm2?W^NbSk@9Y727O)k(4?HYYlDMcr<JgmT{He=3L<_Ok
z24MyEiskb`x~C9=pg7-0R|g&8)Ad3j`C63*O~OfM3Q(LwFx+Q^;L===6sZkdebUT6
zF9+qI8>BIA)cq|<!ZDY5hG`x#J*N^de<&4F&geQ$p;;9Qt_ihVDSkngz}YzlRiz;=
zk}@9q4^6kdDE(!V^+t_l=Iz%ytC(+p(3g&USj`N}1*OoFV@^1^`Ap&shXZFf*ayq{
zMLdWEXgSRtKYX+1I8(fTo`86so~h44-{{bsi@M|^of7T+h{wP<+yL}}T%~PyJBUEI
ztJ?ccJv^}L@H=(27Q`rHOh3=g-xK*+zU__fl>7uT6?<L2bM&SGn{1E-{j}H)o;mf>
zq>B2zKc!O!Bb@bagARa$(hpbQg?!|eEv7RHPrVONhc!U(V>Jl`d7tC36*xo12F2FL
zN*qd(&#2|NXI{!tgOQ)v5odaD>gWqRY08mjul<ZAJHb1eLZT~Cqt$NF&tnr&Yw@d?
zu!0xp>PSHQqpehJl=!JIS|&4Lw@tfOlv#YR`+?es3kAnVlVN`&bz%Z*tc7$a@th;q
zea^(?_2{q?t4G0sQQieG3+aB(xCliKoW;*!uDe}q>n3?F#s+t*3npwoiD8Sgk>;KY
z)lK3)jjnk#>EzmV<jAz<nm0^u#la>Hvl?wPqWQ1wk@bYa(L{XQX^Jy<1?{K_MYwy~
z2VCoCXAq3|y2kY^LA*+RDr{5Im;)C%g`b(JdyMi>RQw+ChK=QI{}eq(a3%jkh0V(&
z(ASS{r#OmP2?Eos7*XN!o0=%Q6Eu?jJ4`Ehh$(k^O04Q}hJ}{z(RNMxcB=HHWbTUc
zm+x)yXy9?acwqQ%kUZTlx}S)D$&y~uo9aB9nyIjy86LjSe3kx+)hFwwDKN_ZL+~&u
zs?{-!b4S}(H0Y?>saY`0cx1M8>BI0m)l6Zz*Rm<mhYiQr95`F4M0QYr>6r^RPX3W^
z`)ZnZzPD(nE_x3~!|&-=k4lTEmc#hn*;=Ww8t5fX5k9n@d)T!Y*sh=(LJt)-2)|jN
zeb2@sMu!2?)iEqEw9I%?aw^R^U5d*-_JVpgHkf>3DCZ)!b(NMwb;zSlPyOdPoc017
zS%{N$G|;7_WMMkCf=tvuJ^5GKz5J0v4cNY<IQW{2skoN*NA_=QY8FhZp>%wHOKk92
zMhzV*xf=L7hfw-Ep4>_+wQBqlZ$o2bv9B_Zu<o~lh?krs@Ol;=orwx)LZv0R6<}pX
zz*H9a+3ue!_V}QXxWL_{xEhy&5Jf1KsvI)sN00OE7L^T<XxtCEaoTknb;LMhRWpBb
zc7b5O1y>HL%FtyWS+xuGX@gIvpwE;-g(KPLh<;g8(h};4J8x`Gl5H9PEd}e<Fzzti
zSHiA+b2aHG!04PInABeVN~xUWlD3b_Vw)q27fC8-@W<e((`+XZKb_OZJ1Z((P$w2n
zDXF|jrCqw4C4E*7hh*+4NkUHg$Of}#rm8b`|MQfjsRV{o5F6ex=;4VvoIP+C?<f}k
zE87Yf{-S7FG?f5**502ZCU(b~LUetd=|5YhrRx1JHLGV`Ui=Yi#autU&R0SMK6m&o
z61T+9?kbhuS$wxneLSI}M_`7`2x*4Hz5H}J&yQO*>|!&YhkIM?b_k-^N8V$Pd-JLq
zGV|P6yxF$9+dk*3ejZ$8+bn)zWd_AIJ}!56bb79QdE0D+bUn`&)ZnJ7RVhYx+eY|V
z=~eIW?JK<R9jTn}eLN*KPj|!hXlIUewKwgw1IX5h#FA@^iA#Iw!Lp6fOqrkg)3)!&
z<K~(2x>+CJLu8Er8>6|Ax8ghL$H!Ur_t76|0l&ZQdVjC4rWB?+B83(>&Xc?DJxhi8
z`Bqa~5DRBk2sf8Ep5LoFq^q2k$^e=7NVY@a*K3^)UyqGQPt#ND9Pf2A&Phvd)wB&y
zXX~F@H$p-MiOU1=1{X(T7h8c4d`~vZ?5q&X5s8CHqh$=<hWg>cU%5S2jq>~gIXjw-
zkIe^u-B-N2x?Nsu3NfdzMn*I4?<Ik;dZ1g}1(zePD=-_m>#^At!=%@VeI##z%~v2#
zSMB(Xc2%_^Tv;bNM;nBfq4!!7mOD8d<dxZ1@3ohWORma4GU?l&&yUv5aqp{4e7MSI
zZJ(Wz_vZQV&u7Q5oUl;s!|XordyRf)JBZ~+ZrKPB{Kn_H%7VDzP1L>Ih<&`@NLljb
zwaMD)ZnF{ah1)Q~!rc}qjSfzIe5Bf)_Lu9Q7*Xy-eHn9*?=*7p+9Ivk>I!OxJ@a#%
z)LfcwWzLE1(VF70Q4Uxk$;fG9->Xx0$LYGVIM|1I^Q#hxwLKa11ab$|DtUU$Y&U4`
z#6j%NmmhBBQX5P2;nC*$GE*YXLj3d7JVE@L7Jt30QGOi}b0j)6b?=f#COguxQaLN}
zV5MDQj6B@0Y0F0qiP2;>dg4<LF!NyyVSac!`z$66h0hgIBz6;Nr1TkV$dZnT13Ru4
zx3K#>9}s#kGfmVXA=#ZO<^q~z{ZSN5?{8b?imf*I4`m;Q6`#NXv<nLAG;NjDWSM0}
zM1)F9SW8QU=b@#!=r3JI3||UyhvJT_1k%c)nGRqevk4CFHIfSvSjKsD%Un798ct!1
zk0|~jw`fTx_shiV1a+Yu4-#cE_cB6k7F8BucRq`Bryv%{>MdBD@BfI-Sw!{30>b#X
z0o}-hKew1aftL9LtXiMs?eLKN65U8ZszeSxn8o8U^%dv#SY`H8-`pjJzrOW1_~AO^
z1c@cfA<tC3A85JTt@C@kND)3-{c9;mkcxZl$g)K9bKK?UMFme^c%+vD?8tBBp&9YJ
zlnM|;Dv-2r3KUTQ{m}%X6~*$qB)Qxva<eUsw|lsTA!zbVcDJsdxW;)byxjhR1=W;P
zC$M@Hr;;~h3D-XXUD1L{wR183;=Z1A8<dyX3yFwSiA%G?JiMo=v)8N4cGQu%*xW_I
zzHT-!#D;}KjNHUN`+`ggX%h2XXus@RNl~BV-N3r~nt?5>szo~&V9mq9hMy>I&X+L=
zDR=Bc2PFtzDT@f05u2N5IrZy;24C>p!7>HCo}_M!9)8&`2kd#0d5*PGzkzSwp|_HI
zl6sKX4u$8wgMpIwNYmUSnh!j#R$l*(fewf3G1xfH<!IshRmG3fVL-->^f*U;>%B^r
z7tKjPoH_bv_^*T=FgI?s8J#0srWX8}Q#Dv06>Aq_9nFz8f&1K-O$I%n-x%3=97}OS
zoB;YiGWIqE5Hq4!;9WaA8}i~mM|*oy?{V(l*EfL2oRC2&TaL={z{aK<5RqZ*Wuj*z
z71c8Oe~oaVAG2gp?4e#6cp}M1YNvu4>3(&;<{9g1c`_aAEzbln@g%Q#-}L#g^4&Pv
zJsb(9rkhyu?;d6Y@d1@?caH+IaN^E-`%6=*@ClZ-gPs6oWJVhD3;vFcC&*gxZgcFN
zjQrvwOu{bh@<ck%X+9CGL0$HcCk7BXShPbP_tTx$fa<{v#D_{eaA+QT$EIjdxCu1)
zVkU)N3rRu<@kPWzBEWn+<SakoEGInc%5S}+om0J0L`YD$+rR2r*8{-5tCDyv*43%A
zZ^oe!LXODDvY22#n@6y{xizF1U|knC;QBKvM6e(_56>WR3QKgbfx2h+;7n<M95I3e
z=1*YtndGqPp#oYbF#Yw^*y*8CFRt{23w-r><sEmYRb2Q9;A{%IAb(x_{NM->$|5rO
zF*dvNEvp6fZ+vb6^bNr08pHqLb0YD9jpqm&?bx<c#28>XqT$LE_d$IB9ihwN(YCJr
z%#z@ovnvA`f_OH$V+y{cIXqXC?v;rDd%%trM`RRc)e+N#Yz>Kcu|)C4?t2pM#>+kx
zjyMI*;AXx0pXqs&#_<10&)Wg%Im?^GQLflIRfepwH_5H44*R<K9Iuxp1@chNql=+s
z(kzAu`yLI{qcKJ@wS|&#Guoc^BcA0Ac#NU<UqD=*jPdt&-5kN$B<|K2eGYAc6P3FU
zg4XkvcXIGT?XptSd<^{DE#oZ^UuA<_JwK@{w3e0iC+DNMsV+s7O)d@OaglAb(mgqA
zqs6$hNO-X)Ty;1A+=+GYz6t<ZpBF>`;BLTM1P$?D;4Wvt{1Qkd@j<6BZaAKc7>|g_
z^E-ic)=Fd_z6?<wE)l^IK<=OmNK$8|W}4wrxz9S8Vn;+m3KIe3ZfgZV?s7^0Mecxx
zC7J$+)0=RR0sR663M@9$#5dK<(U8{6VJ!Wrh-PwCX~@RX1=)wjd)XmnjnZ^8L8n%8
zc-`YPLTEjpJIVm93vOIirx}jN3&u)IX^h+7n8m!Mv@arW5}ZAl4%-jh4jq{9R|^U$
z^G_G_`9=uOYTvOx_gwmL%mjkts*t3;h<9Lfvp;8Z^Wa=BFn1_w=}xdL5+n%ut7;{$
zVXI6SsA=JjU{bljS_#`Y$3(`%t}`e?ysroxxO>d@Xcrn3uEY8rz~RM0?5kb;^v7`v
zUjTXt;WoXa0$T1(Skd@bR4&CrJCJ@EnlYC7OS<plZyVy;c2%8~B0^*XxO;5vpyPNs
z^$5{OqJxdOQP5^<a~$T+c5fdapDz5D4W&O)VW4qPTqcLzLV~>|pN!n{3D^knJK@&e
zG&jj8<8r#m6zf}0Ph_;b0Y6#3xBqYAu1@g3#a&(&K-@Y0x45G#{cmwc>i7i{MiIRz
ztV~GQ6W;Op{A`bn-jqntK^?pC>Mdo)m8hz>p6)CN0*5s1dXHzQz6Beq-<%BrP<N02
zs5_Z~|E=zzpZ-yIrqlNRIsa03T^#?YyC~IvsXM!W)SW{GK;7x-0@U4Z?Eg*O_5V+G
z$A)FK+sE{u>dp?@FVp7fKl-74|E2C;>6QM6y4y7y_|i-HqW`BIdP%rw-!y^vWdfk?
z=t}_Vj`n}4JE@#{iGNdfHc(P*V#+HM$>JqtzQj|BUZo=c!S1HKi2MY;ae&R_!&ZwN
zcTuR|J?cVtY^2U%R7i$dj_k7E5gFOQ_2r5)NKJQA<Fdc`eU_=vA=0=Lq~;S2dI~CH
z<Ky=2nju&FFtCv*SBHs;(-!x4KC(57+h<;V{$olj*V@Qa)iw7wBQ-SmtRJt;hpg5@
zwFWW!cdu)jxZ;f&VW=xnPtE6Rsff6ph^4JDbkV6HsXgjg`*xaUYmMRvv92}Qd;n2s
zt{xa3;Axm7Sk@HU+?cL+`59E~dDC1xJ;3*e%4rfZB76%sEOzWBLJ0=1hm&+cwo)^y
z9zM|6bETu_>=R{a)<+`diOc#(EV+6NuJh3z`Ep1q<3%<BZAlJZ`pmiVs7u}j%=~~2
zJtukNx>+DPn)mEHlw}~BQAarJnNWt6C*1HosrWznQ#oZoPWkbXL0lgLFgtUwl?feV
z9&Qh)q@O4}UY9^nGMx+0xh!ajq;>w$6Bku7;?XB|y>}d6Gt5A|TS$2ZNNE^`L<@pU
zsrmZ0L49oY_3%)rH^y2pZ16CQ`s(h?pdzA?4~7OAmJ_Li8U;Vv*p^pMsuk2d)(oTC
zIC|;1_lv<~8t-PZUeb9U*9%1Le>v0Bjl)A_?V3w+@g1i=zv2eV;(ATLCH)SayPwUe
ztIVmh|6&#TQ<ncYb$P+fMPhlJq1lqFyp(nI(M#%1bT)o~lVqkNmO(*v4@LQ!j32&K
z9}vDDA(uy;I@p%*`J*jis&cyLnB#VNK%Qvr_sWZ<d+=|nVOQ7S%qE7-5#=>OX)fL(
zi&%f+t+pBm1%G_kSf#=-*1)Oq5hFwLpDF$ad$T3pj#s=%5`~J`ywVf-W~d|fa(54`
zO2;C?AKF7fp=?})hkslsqz2{Tz$&;c$06V^g3o!<IsKeQP}^-1cZW?r9-bOAb)wqb
zd<tUDVl?G50~f7KJGyrLvlf8iw-H(K(n)Z@0Z$KN<`sOzo8lp|#cIS$zdixFRIO)D
zV}Fqd5egCVT<vR2<{E!}30hdkJ@$Z$j{e_bZy)p@u?GVZ`y_0;XOh{wDcNr|$jn;N
zOHU{#{t#MyaKgaQ#=6h5<I;Mdt((@+^t~RE*=(hNz%TYmYTr0<>!SGwJmQ8(lU_c>
z%YlV`^3~EKK{Mx2rwjn_Kz;)N-cK0yyf9qmisCU#i-arvCbo3-3@C-8rFrAFR0<{A
z(3%tqRGGw1AnKbI&5T-Uz&bbWjIdM1?}gGqj!zNm4OsQ;LpluKkE5~Y<xj)LFVaPU
zj+(|_UlUayP9hbR%HP3%XJU9E{Ah<}XsXb@-IPD*gb$@x7;CD{KpzP6&-VClq~{o0
z3T7fjn&<CPJ^5KfC_kzec>%!hen)YNk|eZd@$>GF7gpIflnvuSL?zpoqt%DSEsvU}
zpYZt!#8602^08U6YQ{H@rEmJaLGeSX+Svs2TkOw|f6N}McKP>_>UWz*pjw82Pf_mf
zdGeRu*>~~mce%H2g-P!`1L&7h<F`qclx^{++WL3t+!u^qP2;!pJ7e^d8jD-?KZlr=
zpUFw!w3j{eUjl%4Up)U=>Sxi|lThgO&tZ?`C1b<y%7-t<^G^$CMzwK2;n$OrRKS_7
z1J2Cyo9B;Dx~gUIwc1;^q)%>qmQ(Rts@9{Gsitlf2!$#zSCSSzlqzgsKPDJS*Ii78
zu1C`k_4T1XR}%OqfH^d#B#+S2!M*!n?I|@fR=^k=i$fXOot_4xpm95n+@>cj(DSUu
z#`y&n0SyLSz<E~?n)<V$UPF_yCUu!_LETJ&%K21)xNTo*L5#KyzP5eMV8O%be%S1U
z$()>beUfY&4|sumuUefO&t&xPM)GBZru~=wwSXuMEjapxz8Bt4&}Cpux<pAAA15sz
z+Kx^f6wtKVcIhANcKzkb`-kRxi^PS66BrzD`|q-C9Ryl`Z+-{wAxkEGJxansG#mWz
zCi8oT@{ODvGmMMdRR^oo{;r#soH7+tRNU*0>ing2SIEnyF?KkZy_-dv=^ntX$HMXR
z4fUqt4In+@g+Ic12C0^U97HB(DUK(uA53lbexVi&El>DJd$Y9@BlH6{WSpJXguQKv
zIJn}@$?v0-2*bGosT3;cRsA-~CRoC?YPlsuW}0|;v3C7&>ibw^(bfqYG_eMM^dqo=
z22V><XJwvU0=YQrqx+jS$>QmQV<qr6e?|@7dUvI7R*v7?`*C$n_V_yz2-RLV;5)mA
zeQEN1*?TVXeOl4$P}qAw6ht#T(V<v_y4it1a{@kWxAyt`e7M)MB7ay}ADSDvT3b1|
zU$!WHUs*TZL`Ynqa6a}tiQC7=AFirzK`M-|7n?9<-=_Cgs({wdqE^u~6$iJZ84AsT
zRe};KlTOdwrla<+H%k%V4-w{XnM7&7p`u+PF6^m)()6a=uC<9asugOxP|dvDEJz(J
z^yZ1znx^cH0=BA@lf^MDhBX+I<J}*S6+i~w7OOC0jmVuguI(*M5#y~^)(}o@YKb!F
zx`Ll33o4uIx(!2YYg<A1IqVAt5&=OB70^@&nAqb_TER|4`52b2E_rN&T4FZf%GZq&
zRU+LCPh|i(z7yBGtVwz#@-$3l^_(;sN$&|&3;dTCGOS4k>Dm`a-kQrbYIGOKi$}m{
zBWaD6*>*KSpyj}}slF%G$gWKFyu<So$hfaHI#i@~VurJXj%+9D&+C!~YKT>6(5N65
zY#?5azDwDngf&Gcv`yyHOgR(RC|A+XQDS;V35W^IqL%yV0tOd22zt)zAxB~--09?>
zGRnwa2a~r=yqsVK=WG+lH9Ta~b(e30${91roR#B1ki+mUm8+YM#v7%Ac<Stj%7*$~
z1QJ6Cv$?O%DZ-41Qq9v2*Pg4bO5m3F;tL3Ol?S1}55qGBbhcp4_9B}pYOR06cSV2d
z4-l@i8OWq{&D*6f&A&|#ntoeMO#GmxkqODz7F20q`$bZ`-I+I&+H;l817sqWOXR28
z_nx}tVR6)uIZBsGZBIs8GE8&wLzq!4C#Bdvx&KN+(%`u;!yMBh%iAL$L0&$GQbE_3
zHOpqg7e!tXRci5cg7Xz*{$Yd@bHy|*(u&sURwg}?Q704UfWK*M?)J5p-5~TX*P1}S
zA*Za&esjj0p!#V14sBnc%0s>Gp#acGm`$9C2}J?18hkXlDo%(MQQ0Z=?xQTe$gDjB
z3cELV+ZGFVL6o~b2z|j!f+$i8{H#9{$ZI`6D}e>EsIZ!H!iu0rQ)`2VpKB++OW%u@
zWdio)?m-gOyD-&LY5!d2vdwiVPfI^+OJ@mKb3gBt5uB_4Cpx+Tv$?H)wwkU{#wec;
zkUqQ|J`k`9X=RuU`7pm*H?*<z-}NLTyP5>+U>oF`1<TcxYMEYkU>jJ?u=bn!e`%9m
zXrEvF#xi((;w)H7Moz)h#WqkAUp->$w}eT;Wa_uH;m*}}oEjjqEZ}GvbD5^l6LkH0
zp;&o?OSJMaarB{1q|MUYjQ^h5esAH7Fbe<rzOI-xz22%X?F0UHRVmHMl%HQ%`y+i9
zy};*oU6ktyHp+ntM-ZIoZtAJ`{>+u|Vo^&x9FsjeV;c>c@B<|wj{oE|OUxu9^TLV5
zsHmb#Y<Yb=s~#2I@1Uf0FAz!9@-%=Bs4>RJaz#+K1M-#!shREsddlVk7?BKOAD9QZ
zPG_V(Pb)CF3N@&eW!@n2Tt5CRpHdch2nGMb6L_@!aL$8h6pwg=IzrE<4Waid<v^LK
z)#Rzg1bf4mIP(4mU7|rZzEu41lF_V-+zCc5aq=+Ye1eO?6qSXXp*cY#%&#!5%2wN*
zI!+QM_u-AALofR%UT1FiSth7O*s~9%g{137Pt22cUMqfkO481e9q@PND(+dRm5&*>
zjW)+g-t}AcRg1Xm)m5!vG2-EF5dEx5^4d3HI}24By2x$l>j~VOQ|2l!Ox2)Ut9BH{
zbaLRN<C5LGMdx;_{^e?@;cP8Ns20!%OT~<bIkQ{bW3`@n5dgSU2VG+88`D|MfJ-&d
zs5Yzl*I=b^ln|qYPrO7ToLxAL#G3TZ+7k*Q1}v1vT^HBD$Z}mWiZB8%lWo>+l?5J)
zXc8th6+w9g`2uEa)MeNS1!HW=u@5~6Hs=qBwCr&22n@(BY|mmI!yr)nr%*R75u6Tm
zCWqLw1m^ei-PIRVa2WCYPyV>qab|A{INZOD4?ydzD5>DF`MbitI7A}lx;Wm@FEzoT
z5T?*sxv$Mh-jkf9Iz!&H$C=>f1}C952a6Cbra9;8XB#b%C-D{@1x87uA;}T&cFFKE
zHLLPpaA`fsz7AzARjPsYwBEXV_ioWMi5rD7g<Y)P+uLxtrD5IF{EUq@>oEK?EjsAM
zsxMiT)i)l$XP!}WPqKbW_nv^C_QKkGs`3Srtp9fK>?4s$6G9{`bz9zjkpI0f(SNqX
zRBZ49%CvcCW3ukN-@1+Jl>Qyl=2=f05fxAHg3;zl>BO&~{4wSD82>7{+ri@E54EGs
zqGUmRj26z4aFwa16s$u+m%D~JMuY(zWR8Vb0&k8lm({i*xN`$y0oFE+mqIt{!mA3a
zi*tv;ie)C*0@ZxN$_CnCy&~>@h>ZDL1pRE<`IuWNF(J?&Kg7E+&we&Y!hqufnee$o
z_;NG;_HxK>MUSDC@ZdhO22(#whj9$G9<5<<dy|nRTcLE7{affm=4OZ9@0E@Lid)D!
zU8_Q7j!fH9Tw)G7V;}M^8>J>iv!XF8b$HynB!2X<;q2Enh@pod$3pcGkT3708lF@{
zE~?Z((mKiTXOnR`$}dWpYx-r5T!o)z(YC<Z!FPj?aB~So=0PFy`Q>Qkt!Nm^y{jLo
z-p$87l}bDxhB1`M+xhc6Xm`AhT-gR&w2E7^6^rm6J>zIyhG*z9J5j}yEuyL7W@dC<
z4cIaY$UaIby5<#)=qWjNku=g(>f8$2bq^86*OW3dT=_}8^Lk()x`Im$mS|{m)Ur#k
z7#jWBo-fK>9U*_*X#eP9s0f&;Ht3D+?|Ybn<Y9Bie8y0F)}Mz1s`ZRP?aApx0jL)J
zFXtVIEZjIy6*np&B{*EEegr{eEL{6gP{&%pFIq#W=V-70f{jS+01@-Ofguk8i|ny-
zzj@x?CcZ&7kSN&Ion$3=0fJ+=Tn<oz5w1GVqZU-#Y9<n<2dZ^p{K4PdD`Nyww938g
zw$KqV2X4ai{J5VfWhgaL7HHW5&>&5r(>VvT53K!0rOV(SI0lPQ9S7GkqH4l^e?TXW
zigj@e(!V;Jeqc_)h5VJBW{Q@w8EH64Q8AK&t_pn~L@z?V4oAXWvOXzSm57Ge7w{G2
z+Z_Y;78rr`Jh_o5Km{{HB=UT6y8%MT_rfG3>yZt|tQ*H?uR&}Pgxrw8sz7;5Mo|-9
zQI6oF|HUA<PfYCUE512361I@2@>Px)gc53GJCgM>&(VTHSnC$1EA`>fd4jPtPs@QU
zYmZJ@^TUINQY|_n@j5G!l9Ml0+|4Yjvjdy*pTf!OnzJ^d%jejk0t)woOF`S=4zP}r
z@?V7;i@dne^B-xTK|!0Nj~e->aA=+{?wu_VvClNTx(oyY@H#4RCmC{`T4q<sZ!yds
z^{{|1S<W*Cvj?LS37~B7JPzRtjz#gz?gZi7PJjkprV0mP#prM91_7O-1MFqliC`kX
z-jM(h$DS>?iiQ%0V>CtFnbW~roKrQPht*5MBE#zLQuhGa4JH>XogaoKwl_v<yvHPx
zhbWZ_X)P8sM7*xhrm7bl85?LDlkJ&&z@3w)sMbA6)vVVX$Qr4d#v-G(LPDZu!!w&K
zT=*RW*(#@ewcftKzOgCMI+%>zT7v{$i5UWlC_yuEE)Uq$xmPwwngdDdd5RwStH6b3
z^SGywOxqC3jFt@*e_zhv6Fp0+yo7`R%f1YOUcaZ9ZNLs*2T4c~H*&B!{EbGGv1yw?
zQ>`Arq>#zU+}pp+9BhR6BOM<*e_<$(|36H<Q()xH^F18f6Whkd&PJ1D!;Nj*wylkA
zTN`a`+qSjI#`w?k{k<3O-CTU;rmFkY={l#YgZjsV>Tap)|4n(CBze64cH`HZ&a!%4
zK;c|8EwPfKD^%iCsSHaNPpLFiP(dDxJt&#m$fzu6&8Q>;KFFyehjJxrD{>xgj7BRl
zs6r~}RN&LA4)|5#JIT`?Rp3YM#^G2HHl718=NPITX*EpX+0XW@316)_P(Gv&ex?qC
z|7L8B12QxIeV#rDqV~=i#XYmJR~(z2$?pHJ+DM1-QeB77vhBDslIIHmDONH-yhWs)
zVMgbEu6YzUdqHE@ITYXnzcvVIXnI$6Kz=etZ6}=QI#Md07fj@rZ=H|q0!WrL;E19y
z!!+bz9Ra+cYdZ(kpBR1wwv8IHAVnESf&~z55JTtl=YW@l<NW*?4K|Rs5*h(dTCVal
z5`zOyWRGT4W7WgzyrpNGq+!GXhoj-~AZ@kjCf=_OF+Z;)G=Sbl1{U0uCQ)!Qb+Rr_
zzasx<UiG~Wh7mJ9k7T&4`ZR#gutz-BtoE#prRt|F{~QOGqU_*BdNpK(_rTEuP+@^D
zo$J9(k8A{GJmxo^%GZuUKg5Ci3;U<wT<w~W!>T1LT~&pqrASp;O|(Vr5>RE@_E8nE
zhgz!(tMrfNHQFF|r-Zq1Wo8~oX!dQ{piRBGtMCfTb_ZuYcT+?c|08Ga@zbnX5R@)U
z?}D5qH4E=<q8i$k!Ycts;0D8bcV4sLNr)1JElUKnp746pIcR6G$gcmlvlzXei+$_E
zno;TJ^{_2T`d`mBOLqt%xu|Y3nrZ&OWF<DEvX$M45A85o!X|l>G&Ws@`1o-`aS>n3
z2l^=t!CB@TCX9Mg)>?~-FX1_w4g}i8@5<ea;QvcG_%34RsN?GqhisM=pD34`F#7#S
z3PQ*d>1n{8HZbK)O2@@>fbd9mvd8cPJdltgLYJ>Em$s19j>Jr5z3vYCeVj&MylJ$u
zXFEGD2=H=i*YV_$`h5NH_hM;it8%eWn^8ROzH0AjZ)#<t^X5cdEVnM7`-OC%#WcGq
z4Cdw<pV&V<0HVd3;h6d)N}z<YgIr-wyev$F+*EO&m78x6dJ!gaNDw<h^*!#mhe{c)
zC`nT^J$lGFHZ_4p!bY5r?v9Z<k%Tf87{dhC%>S}KXjWX6{z&%iO3-b!n^5*QM>(?E
z1K!Wh1wrw0-FDZyayLpvV9Qg86^%PX+OUDSig!KUk~|3TDs?Szny@N!?4M|*Ys$G4
zbQG_mtZrzQra_fTxCQaDTVJ@j=^P!Cl~%U-zqBBEJ&S9rE|c1-R;0UGep=Ze$Vo>c
z`qq(eOmrz6#<+E~j{er{S}?yeS=xcz`V^j9b>gsLHM4;ggVLn_w;%DQ;&6thIx*`~
zYs^}ADHJ(ufXOVKmM0r5E_3wuBZ_0C55}94X8GqgFzb8|#GTOTY@*E9u#r*}I<YXl
zMR2)lvj=3h%c=!?oPp?#9cDZ3vQ@D;X_{NffqKhq{qWYhQRRIu<AI7%twW;#jdyvG
z<%(*)QGD#AG}W>bY$X1G6|AaS4cCNnqox1-7^-AY>oQgAYW@oN_cU$Mf^RC!(z{eK
zZ;w!oXeakOsQTUx5!jB^d>qMOp(}Fn5whG)lftHxSG{A=1Ey}iOiD|ki0(`fn#va3
z4Q^3W8@y}<T{981Oz69|h`Rrj>)4XXT1mcjCAV+I>HR9N@-el49srhw>FJEKnaE#+
z?qMGha0#<tL>U(2yFz=bO#wh+UfeRBMUt16jUv=FpM}<5hA?z!ubt6FFk3`{NVuX7
zXh9O2BxFj*eOEk%S2k(H8APC$s)X$OI4!q_RP^WnxIe;kIM3RM&SSA-shwu#I$8WY
z9CfmYGX`h0lLaDDSJ$QiAiLtIjyWT-eEOvzE{Gf0$O}~N6)nCq49xD4)Q#pakQ`!p
z>dEEG0LQVo!@lV4bQ}+&2<%5=lL){y;BMjwstBA8IL^3_hld{FHui>jpUew4qX_N?
zvAAp7?sA<D{v=7mZ+a~KexmBt(4BBw+V5?%C@7K5u?NHDUI9NagN~Vi7``2#-d30N
ze@50W?W2ES=i1@rw=+YkmzwcTx@^l345g|3#9nh0Af-7HB&67AFlEc}M8w2n!l^~H
z^8hZ&?sSIr4p49fKxCOs%#kEqGn?hIyWQCsou9Je+93C+4E}=O70+Nnh3lpZ9)T@J
zFXm_C9O-RrfwmE#YpXR<*Lj6UPY5SR_e}g|Nw}d!I^Y7%Eh=h5W<E$i7!53)`eVmG
zDNInQksvfeiCRT@u8$uTC()vF0rdv0$ne1?XT@KQhuw0RrDrPqhraxfGi5fzG%P7T
zc|MX{y*mMjYoR1sW^-Wh8H{Vn?=>CNlu~jBe!Hz6&6_c@3}PpO0PV64dD^YW9M<Om
zApt!d=p4|T2n0UOzK3LSEZH5L^xRFnzG(yZZ(Z$VvI<Fl#_4)C3(Z97xy}Rh<242#
zTG{u2P<lfrJHua*47T8Wv#&3@oMlbs(Zr+4qGdsMe@Z}lQR8aTrJDF}{yn^2@HIic
zb~LF4?eIX5{h!+KY}7+L_t>KL8oOuVx&1ORzYYaTcu&Ay^Xfw&kn6F4*I96i{%n#C
zas{T52vzQuLZo!Xz;mei2YNNc9vR<3kBcZHqG4Ee`uD5!R-0>VO3WZ*NP9BJI`Tm?
zJ?Zpl4Dpj|xC^KZ3XayX`<PSWHnx}84clNt7U%jS`89xW@j_FbRJgfPLL;s)PC?$m
zmGMBx9`{@rny;$M7_A!1_imGjl_FErGjZ9_?gke&zM{OkZ|YAKFXwQ{FZ8-bNaKZ9
z2I-6JS5jgoAtlYDqXWOq!xHI=5MntSsPtExJL9=DHFMOpB2oe=m7m)5_f!opvhGJy
z`KctbY%1*;)=f%6{$m-UD$)@kmVsfUpNuwELupguRu&RrH>6(}A_WRMm3V{hv0E}4
zulsZ1rZjvXKwUaQ8or@SIs&xD@p28K5)#sA$+fIqVQTiHA__rBkk$<j6!*>{FVv+Y
zA6F88w>s#JN{(j>#N2M>E6ic-B^SJrtE5<8bM^v-U6E)n>k-nxi*gylLWl%$w+TAI
z?-?4Sdwg!PpNo<4BiTL9q0k#5Ylv_Dm{?hbF(SOb0Ok@$Ag`%+zGXJyE#%7i0{H<4
zSEu`X2A=G|>fat$j1Y*Um<h4LN1amXzS?Np-Iv+hywy{eW4#34Uq5IpqHsRXpp;6d
z{9X9&hT=Jms@G7ik%XTMA?lc9FPh#T#T@jP#{$?TbYf1y1MG3zU=2qgY6&6zRA|8I
zVZL6GgzS!3Y6c#T(4X~s$ZxR%<4bDce1N-vFI6bNPAH*v@1U)LYd9ZoF^D|sk720p
z)nO}sD4~;5wPbB{kKDHZ{<5PCk>{>N7ueh5Vf=-GzoUmZy)k6zGbbvOp}qqadsAI>
zmlHLd20UQN72IE6-6wFzR=*ZhewH8Zje2O~{;|iucK=`W68nSg3CLj}D(B$cBFVDc
z1bgodjxXO9?`odcUIJ(gn!z@}DIo~C+ZEjHptfu#0Jkf(hSH1+)W|M@|KJgbcm0<~
z?~yiOj)sD1h>CfgH+ruj##rC{QUMKJEVRf8d#BF0kb}Y=ml#}jxWr*%U@Gor#iVjQ
zqju0ChE5*Fk6&pV<&JBQUvv-eDDh_^gs`J_slEaz33KyHX93de4eptdN?52VZUytq
zD(j)roj)ycepl&AT_YH(H}hYKnu}eDW<C&D<3!owwifA*wrk=XsjWljw*BvO!6oLy
z92MzVW=wD*7DZZ@<;E|0$57G#q9nZ&AX?BVUocyPiC{{HX{W=+d9t7nX-<VRQwm#J
zh+|BOf1}wxJB4eKxcx+(g1B{QDX935`@%7T;12}?JJeqt0sO!PUqJ8=Ay2M8gPq-|
z5MC+?o#@#l<UbLoXntI}=VO>)-zKckgd1gDq9khBfw*&cb8;RqHyDl=Z|!moQ#RL;
zfp7$=82wW2rR*yinWSI<b2A}6G-+YcIK({@qKQQu3o9kTjyt=2?e7x8ZH(AWU?zX+
z1^1_QlCT$m&%gk(fbS{wuj8^@%x>`Oa6P(n@aN!@aaObme380)%ByTGJ><kLMLL;?
zdP;)1X!1&o|93vYmrZy76TLWRUi|!{ES^mrlMIdN*SG>{;Sh?hAb!ZQ^-uLW8O8zL
zfBUUS=Sx(h;OrcKf=_K7+rbC^Fc;)u6Yt%bGliQz=B}0Sy^{Soj<TMxf?Ku?oGt=z
za9*|X6*3p_j|`-KA@Suci|?%m<#2!@%ZkfCO8%s~OMQ25U-OQ#R1dno3qFMmYy`fy
zE7&{z_yMqNv(N^5JBO`P&n3s@XsJ<3uzLIM_=(btLT{Ne{pE{KtmN20rg|nTF#EuY
zi&Z(#Xk219iepxg0mRJ`Sz88(7;NygAUkH$6H)32#LG?q1d9c9r%5|Z<94j7V9Spq
zWfxOQ%~csd%C_==0Yfem$Mlh0$^IG%mV&ubg@;?+{*UV^L;DVXECqKlECtZAs`7}k
z-DoY^AB&U~Z%>H|r>RvDNQp96P!;f`Nr_bz0KUx0Bnxb{yr$bZQYrkmtYmirewDS#
zk1bRs3s5n5b{o0N)}9bIsr5KF$Vm?R&fw?j4Z}sdba7Ygote&@M^^S2BBP4C*25Ln
zG7~I{vD<XypBn}T6;=!sk{T0KL<Mz!G!tS&z=Xj=SG+HdCRq|pD?>IYhBdd#2u8Ws
zghvsshLWA{u`16ez-3|3XGPS)^l~ke95>ZmShxL&OUDkPM#DNzVG?tMwBa=<&aYO)
ze4vp?ANum?XkA$IM+uj66#vRP^K!O<PWB@zn3-+bY>PXoCn&vI`ZJ9539~ffTxtgt
zZJprurIInskyRl{DzHb7!hKFao9V%#`#kQGNu6e9s!F_te2KdPGU?_et6bJg0OT+|
z#R?Mg0QNo<TLV1_2l#`~c;u0W5$ax%(ku;<UXkhjWUdF^#~RpA`RawDg*im(g%v6Y
z@Spl63FVj=DWc@}(j^J2;$(@N(*0^y?g)|FVF-~R!lWjJxnXK2NtWmw&N5zui6P+l
zzdv|aCX9lLczFUXoRnT+#%T@c#iuB1>L_fj@#<F?4#0<NW~5(92CXLh9iXoRlG%GY
z^66Sk=7C*8y?CSRM~(P*Zz}~5xwN8^NWB+_jCLbbmv5VWg!6`@NQ*hac1wi6C4u<9
z_&Wae3C>I52MlwX#hsy@ui^c-YdjQR{xhHpra@rxyME<gNPmm2z_8=h;q6VTpVOKE
z%g=l$PRM^7jHRus9ZsSF0@TLhq++rFs#B_WCJsIkxi8_d#b$pqdx&PtPebU(TY~){
zCO?(<Id%N;Xce5#B=?$L4Rl9x=u71h=p$rrw$gX5uRa;`?*~f*0Y_h<w2pE%8DFI6
zFLk3$u#tV9n4XWR@+rN(dXjG5qgJpup2%xM&T8Ckrz`Qg-SG4@MkZpcG$N6+&DCgr
zkxTtt@6`J^!P1D9Gluy{@Daua@gB#?KHQUY<&S~=hbBI|M#5AWwrGhIw1@2HgQ|R&
z(|DJPv+zdVDfr4wl-og=nCLTlZ^u6sXnFtCGr}{0#wc{f$wSN-%{BM=7D)Yl6D&{c
zcd;}A&6g86Fn804_=syhP?&1~l>5#PnU4#HS_bqxQ58#Qap-NHB*ipn@?utTh`klz
zd2In0y08LA_}4m$`V7zG=xd}(uqp%`uL9L5+fzboHm{q>Kag9<E$8j4vFLtJY{jWj
z(ioy0scE5u&_7B=D^YMM>Ob^fj5?%YXHkrJSUG2Y9l|09A~KnZ`a&Wk_VI;|<|{=c
zSEIdz(S6`;tT^8YT8qNq4bac;Y!_3TBnak!2=wEOdHsPuwevU%*N%?ZK5zLNI5Z@G
zDXaN2#kB^5K+arZS*hTYl!LG_4>!_mi-C67^9prnI+0(q4Og~7WLSBe?Q?OT+Xw~o
z?_Py?6s;s^{@T04HsuU2L_|V=UUq@)SP3YzFk!c2A;$TiRHtG{_zQL%{4D&ba~XCr
zHR$2HJ&o@E#J>M%Mt8sEFd#$`IfEey$zXDa3MAJ<P%U0k&WMJ{C6Z5_BxxiKPqP(M
zvUrph+%xSIggv;ZCR|79)X}V*d^V?b1K-EZN9?C5v}u#!YLvm_NEg-wI=2L6Ep&-I
zKr~MD4QoA~x)Md;5^-JOddk4Qk-z!-D%w@qj~>=_mfyA;DC;xrrr1Yn7I`$avwoqE
zPncIHp!kZvd7=-<^nMyJ1(RUHzWo<oK0%-Q9hK#Pk5Z+;k6(SC4z+88ovz17PHodZ
z0vS_X${QI*)^~B5UrPFzyhXaVOpShOHxDm@n*UlSU)RdPIt_TLei9hR3+zFge`Q+Z
zACy>ZqlD}`*pzb}oOc{eA}h)h$<^ETK3fXHN<%CZMa~k67@(qeL;e<m)8XZububf3
z2ze?!ZHM(E54wQ;E&m?gFnkyE1JY2)IvMQagPL~)v4gL1*u~ECc#<tLTHfF|k_ywn
ze*>M{Be*(#5ltp7V(I57K)E}CV1kvyPE*whc1$W{h?bKS#=D6HKC0n<SkF%4`tJ`F
z6IE+!5{Ab2{YhQxJ#$&QE8L1Lp^J$IKf?GH!*wnT+xIj;$SPdR_qml1-hXHQQ89TD
zuNT@bKko+6=NjV{#)Bx(e|eY;rl|?&N3k=}DQZyKXAWkdw7&zyEBf?&8d6E9f%F6m
zp}=(m0>7?TYgBt5*VOO1DW44QH(TdDf1e+ubFXOS;Fr%hn>ck<s}pUlI_O>HJ2aMl
z#I}}AYp(kZJUW}7XO}i+@X@Hg$}RCiyB}*So*b5tgXnn906_gbTRNvH?>u`mNjma8
z8{+*G8b4<eAKH|X-psCOR>^FUJAY1b#nNR_x=6WE;$*mBm*ZsqaWq~1e6!f*>MeJP
z*J}7%^g|DK#k6A6$&>ifPCefUX?&^tAsz|dBuxq~zQcMy+5luS1#<>p{NSz{3_7#|
z<QAiOX~Zf8?0(TbY(3g(YNTzB&ps8axhmHki3nLx_{m9-(6rBII+x8LU4fJ_9|;b@
zadshkc_O*UQl#x<uOr4*M;J{>tz}JfK_QK}WtsE9gONFpe1@dgY{=4e{4`6q-lpy*
z$&b^|)0M1y<!2(t9)QL7>t5E<l>l%xSRCmmN$!<_PJMfpZhgHi-S?NrhwHzu=bv!p
ze-6w{iiq6=$Ibdl`Ay(gpXnGwd-#k25Q(s+^;O7-%wnC(6nJ)n?%bI=0!rnUY+L%F
zGe$j{2G~73@OPq=F1C2PPiH?wS892=uFl&eLaRQ+CyZ@Y!Z}AHR+DuEj2;z#Y|(G`
z;=smro)wG#+?s+~%9$o39)qI^e$ReAX*acvR?a&|f>kN+5M8<<P^D?bu5aEZs#N0^
zUjpG>Ol9;H-|yf`=j&(jcC1QJYehx3;9L;61Y#u^imrFDw=xke9oWoOLy@lkkrIs^
zum-zYish*&jWpTny3qx;X1|&Gjttg*a@`xb{&TZOq`dN1g0LknPc6vm217K+I6`p+
z(#20i1xbw8Aln1`(hz1_dpiKUuOs6E>8`r3xJ`b7a0(05kJQ<W3jsW_8BUUjkay^5
zP7})9?Q-tfIxf##R#dNBjU?k6I=zq+wEEck6OljqIOykwQ*3mXap*ALB@BEc%&=h)
zK_LxY!reqt<PBQD+Av>NKZGx7p|PI4O0o$nnz3WS{o`kU>6M|`!&O@=aG>7HmqTa|
zEx{1%2h3jc$8xNVa0X^`Q%;Y4fLF)6OJ-*gV4Q$>0`>IJZ<GzPY2H>_P-BG$)K~$1
zd7q1M0y=b7*j?V+D(m-WWLYOVH1U`-gU<R3X9bSOV}vk&pTB~0DsK<(3$`QlbpIOa
zD;_t}-p`cEbdiy9ZOr(5QQ5fW+wCh1Zuf5#j9++X-|$(XraNhI7d<E9iUsNV{*p*e
z8#b0y^J;9gL2mdX@jAUM<@f!08vmfP!y7~P`WAQmQyD$~1-;>#Q5ib{hmWHT@<g1o
z@lE^{YU5zBYY+YBM#I3EY4cN=Jr#S=LZ$5vL-bAXKFef*uY)xfmM($+?{5u<N12Om
z2G3s6TIrm7g@Wm*y(t}*EJHp=gIvcJIr^1v?`&=?DMPP&GAzWAQ@<qpE5d??h`cmR
z4h=Wh6`9V=scd?(_0)n^9>n&KpmNoMhEd+LFl`)j$G-Kc|G6HbSA{jFywifQ<Ln<c
zSM*f3Z_BKBuBFAfrwKTHB7<}kFtVQRf|%Sw_t}3&EBeH}ryg{fgF8>)+lE+?^Lu+^
zB{tABPi#2LP%dR>EiIMPWE*_Rh+~>P6~Fp$O{>>lEtHb*$pEk0&I%}nz5s}~Cx@lO
z$won##-8NE`(Y}GGG{3hWbw^DYR^lSUufO^3LUGLcg^`pUqe~Nf=OvocVQBkU-XfE
zS|6k;Q%~P$rA4Ws`dMOpnMJJsucS`BTaqO_PU2!CSoiK|*Xv+hz1)XYO|ASgrI>LY
z8X=%DtyUaZfkk}~$sns{*y!79!jh}-D}m9NZ>@itCMPA5g#gN+(zGRKQSp2p_9ghi
z@b44qWjNe5G&TEU8}<0;<aDD1!#JX+rLz;fQ2A}+?pvC~#kN)pxjt6vE^>X(G5({v
zW_s%Ir~FL!Hcx5=%QUs~ieKv`%i4iYvR=b?1OKUDL;o^!{kfQb=EY*+%mg=<&L4pR
zPn)T1SPq~Y%=m!~EihL=Wa5v7*LEc08+n!<J>AV3X{Jn9GN<fZU*7^>V<|`$qy_$9
zPD{8mN;mX+1w!yw9>skIkQXcvt!Mw1%TIpu_)=Dzlqo|QgM}1=L+nl{k8&FrQx$sF
z*tK*GsS&-(zW^V?c@z@!$|7JiM|gHg0bu-O1u}a&$<0vwzG+J*oyiV*xup{SxSy2V
zKOuu@)8Iayh3%DE<Nl2DR&?)sl#q>`jZ?HX8v)|Vk*yoJ`2H|2jjmBp%!d8dVM3{~
zmp$EJ%9H@zE%*&tY~*js*)*NbJ6yNRL1ug@aQF~H;#=O49`p$EtJ1LMJHq%CL$bA5
z?S2-2u+zoWj9$UtEYWr>(;JxaBW?01B?j6NfcnqcAg4F@Bd2MaEU|Vh?Oy}?b_`mV
z3GEv)RsUexwXKoetyMQ`7_Z#~@kK(g#^VRG9Vx%;?z9^ZKnn2ZWA2^y!#_K&*Wa-_
zwUQKg5RG$NxEq$vR_h`2WZ4%VOADYg^c%JN{&J}8ErHc{zyv%G%)y<POB~KA6y7RD
zuUz*`{RODJ<SXs!vyU}Q-|c%n;E48a&-5aiKZuVGU`+qjR87Z!ccTvr>5w2QI56hO
z-atD;2^dB5c3$a4l<y<tCSQq{;gtXJ@ItBhA~((LTn%@Es4UOJ&Y?NW51L{=_`Qth
zn6SXraiQyj+D%{XoQhu{>^c;V+s;JDmPj|Rli6b^!+Vhf4rCWFTRiSz#2!m1%oLF*
zMW(jK^mWcxAN}4*?SfMBrKo6v^$G0R&RHTjU3}ii_R5CORCajjyOa@xZMaXc*qhXa
zf+T7(Jo?pewu=0~KvmQ}L`XE7anRsR&0dw|=?t}l8o#>hDJ+_vM;n{I^<#EJmY{Ms
zD0R(;qYG%tqt4nfVCYgaiREu?9#i{IE5=Ush}+bKVSF38XreU^vqUW>j;0n@cj)vn
zY3?Xnfy><G<%uag^iqvumyDt_P3;1iyz>#?WTiGi*Rs^f+5T@RV;DQmcg-8@B`W@G
zke+CMgSXUz3bQ0)FM(<jNP97(&7Q1G6Eu2vB945-2aR-u;0Yt}@$WkAMxXi9+jygu
z#YAK#J&S?D>f<q#k$FZv*O3!Bz0+<iyIoXX&J&o6Un>O`$?|`$9X4gacc5T=q)u{A
zXbpDF+)2`*OeAZY#ry}gLv<nMbg<JbR(iML+!!60Iw5<xb-wb>Wef>8va_*wA3Hc%
z)&}n6S#JUDf7T)m75XId4ac%ogv%4OP3Plnny>@fTnvuj?AoczvwC38Z27b^aRigt
z0ShU+fH^i>HH-&QiHh4;M4N+%j{-GR39`X;_>?g2`y|AB@aYMZsPP)H=cC*7F*%1k
zA7b38lgd+6n2S{vTQNVW)XKEZL908=*?JxHnVPDfvQ%r~<(6=V4}+AV74(_MKEk|e
zg57sA-RYNND6x)7q6tHhb}VGK(Vy2POJ2c0Ynx!kUFm7nv6K13b<?kMnmo{MRsxvU
z4#bD0B)w-;YMsBS$UhjH@Dm&P5y}#@B$M?1u2#8dukU(K9O%=I=&tAg>~`T$7WFqG
zUiT=Kp*WOw$WQWQdQ0?Fu%_F*maA`d{*y1ZupD_ykCVQFcWj~ZX0SU13%@oE=;iDw
zPB+E#C*?>F0oit7Z*(EVsQ<Gfh?=M3p`_I#(S4eH<0Vjr&%uwsy{2Wg%W0RiK=K|k
z6@*$~{}P}@jiR`mN_S>Il`y&^f*Fj2%>jQ55i~)EtKL@9P_QOtt$_g=>E<b%*lfGV
zy#|=jTK4U4{+wxM{A`o7$$$|v$LJR!ph)9nV<!wY6ItIB`+Y!A+BX<LxSV+qxgu=7
z$|ZYBD$9W_jDpc-b9TZ<Jkj{ZUg$9X4_#uW3axs)_cCEsmByKFa}BTa{10}gmg<Y#
z+EP@b`#|mAnkMlItj_&N1~=7)st*%&-jk%MHPva?55vG}tQz-G(u@DXPg>OpW8%t?
zpxWq)*X6{VYhK#v(Mrp(b^?mNy7vrimG?K=3H6nq+nTnpK6P1V7dKO^*ho1>NQg0Q
z<X{uUkDHBFt^e88B!~inpOLvth3YFs3SX6&xlG_q+XrtRbcAM%P{Z>F`b>H)v2`%H
z)G_!5*sC+J5#@2kRJv8Mh0r9;gz^!l8VVz%9}ut0CI=Sq3J0z88Aejqh)$6h7gnJu
zQw$SKgQ1sVJe(H}PAtv_Gqlkj1H~wKJmGmP%^Cv0suf^hTrs@cs(GE&m<4LsvMMJ_
zQP2ck*>UQ&atg|>tqaOjQ+6-~YiPZ>Pw93#q>{A?XmZ;`6|lV46&{kEh3IB%tcLjB
z>+2VyQu$3TALgyPL@pP#gLAyF+~}uJGx)O%vT*BPe0q+R$53e4Bwp9N&E&g+4dttG
z?&Drj_xZYC#@!MCBy6GS07(J#a06MPJ>4%Ty1kr&@Gf597s?3US$4k;5Xmoh&Rpu!
zgoHbi4^>-S6l7SSR1CoM6^CMafl*?u#$0vS8))#%yyq4|pCi25&7nB9n|Q2-zV`+S
z?qd`MzQ4$er-Tqk)XVI~5V!K}mwjf>Ni7pz;?FXLG$hFg*sPyg1_}O^(&4$4j58n1
z$;8Bm&d1iwr}6NPQ320yLUwzN-;lZs_CiM(7O)h|Bo;v#tS&|tjzb&7h;Oh|j_1F9
zJ;Ek>+h;cU@}Ar;9LMgH#ViDM2*&Ri7$(XQ6ly3qx+Z~k_U0ayPg)*UAb=fG{tsYt
z$6G@%O4K}}KyEgb(6UE>!hZleqI{8d84fH{<JcrysQ3?H=PN$(`IhQVRWx0!;H>AI
zv$oNmHo@y3wuz2t-f}?@>vV&s@(&e8r6G<fPanC@3dp6ggS|~XH&{#@P*EdXrH(A=
z>Bspl^ykIP^XcQ=>RI$eha9BC2aMtHiGXBy*i5C)-@O!HSf0|`Z6FoCx-4~w1|TIK
z`Q&St6^Fb=X8aRkg3T9-fU=iI0Ff`!EF97`8qZOJli5L3IK7A|-ES8D{Y5?Z%Kb6q
zw2R^I;Z8JWZyBEhe;8ebW4M0*CZm>HjtF(qdfdo0aH3Y`^b?LChEQ4rp4`xitb(eZ
z-6N4L=n25Gze8cqT!M6$HtFrDvHmf)iBb!cy%7Jv1CK2p#j_7+Eu)l9G^(Tcgh1iC
z?q!-I%JRC_F=vI5a-oMmNqa610=4K(BRxYPCh)jtXX2vamT4@`agX5ylKVn>gK(ts
z8Ha!OkvP~o7K6&jf4atVhoYSgx4UG0t*`<>IggYX`siD-t8irAVF*cFH1%o#gdAzw
zJ7@j`0lf*Q5juiI93lfT(cKV!KgF$W7<%yjr3S;IlhG&g1*$CO=-{8{4&`*>j1n@l
za9!I(539IPfBnzI<34PSMaW>>IwC(zx7}4PdE0{+l0{#v+VwLRvS*9d!YWvC^|y?y
z=FjO<tFM;R^U861X?6AFE`p9s`z;pfnp1iOow=o`+G`r!Dc(FAdG+WkcGT$RT8lw3
z>Kc}sWdh2YV9sLKpNY%!@8ymy6Z*3DY{f~41i8k4v?nt!JwO)Ho-XrAJ|5i3^G;m@
zT~3{Gkj6>c-}$V^uZk#1eyco_lSD2wH!XMGK8>(rv5UlX{mMw|*dqtVVr!rr(3GvX
zd7)|XFfs|QtnW$TxJH^fCdK$3m_bKyFFAZ*1>+Vri`XC2El6CshB7gV^lBrD#3L|i
zNslkaDxA{{&44s7!s9XJ<bn;Es>n}F;Af&m7x&c_`6JO(i3JIK7iXVW=vXw)_73(L
ziQ!@67~>FP!`P7aTV2t}?)!BObdM1#%7&ja@!H_$t08}u6|fa0+zy!yXE-=#uBOj=
zt_Flt$#(zYlncX-lT5PK98+#vp*Ggmx<W_Fe>hd8ReSVd*jIyP>oMx^KLmG>QC*&8
zQmwdE)AYF5$0Khrl(}s9_&Df<){)5pc{m>1pJLh;Ph0Jq$l7d&kKAoliU5}wVq8}p
zt6u|WqT6#%_|CfX`6w*CI`Ds5Tn0Hqorxq=CUB3)*X(({7O|uzDgHds{;|sMgfF0!
zszsjwpP+>`%pwv%CTd=Tfi=hHhp~~BLtQ_c8-$a@)*yvI^g8Rv|6!7Z%Ln)trTGhe
z!<kH=HwN#=ey>&xu9Q0?qIFz-Zx9We(+CBijk$n*#B9V4+^HQ33BebVd#(yd7!2kH
zoh0Y_$?0J?RR8$Pu;Iq;6+%PRO`<`m+m63qqw1oEZd6P2)$XU-c4!K1YmlaZBXkpe
zdQ09nhNtXC-f8-dU*8!ETN=qwGeEPhjqDSxDlW=XwG?aSvs<SG9W+gDnQq?%u{sye
z-ht}HbzRn(CB#TmQ57zPb3KXEd~G|HPxxjZe2|F>Bn_6VSy?%_c0)=*S8C~AGh{1K
zaH-6JM?Q@r3i+Ig1K>Ds>7Ehm9uhPt0ksCGhZt~{KWGb$;*P^1;UABgMV!@Wp;sK7
z5j&Un0mAg%i-mv__zs1?a#|YxyM$KfKhYG-17S;VGfb69Okr^-xU_QzrisX7B(T9L
z*whL`;0Sd&{yVWq>;_P%tM`l9{vGU1L*uZB>Y0&C%dfD^T6p1LB|c>!(e%lIjM_4T
z?nZ(0saT6PadqF7@#Va2Y5XJzu2U_!f%7@i366APxE%th?^Z$Rdn0uJou;GOaIDdP
zAi;goT8e|6>eAC`XdUg!yl7Kz+Se;-56!aXy8DmvfM@|qPUqoAW1ZP>2Lq@b&G}|U
zjP$m@h2K6~r|aV8>4&(Trt!2LN0kN?5YLqp`qc}_XsEwiT(tJ@`mSVPWJfzP{(=5{
z^ZJbL_o4UYVxJZ_*&AbVw?+QAnzbk&D`}x6jl`@<<ST*j91~T7F+xu9gFJV^gFg%!
zp4&c*7h~i+m6#luS<tPb<N(92DJvUQ!lp!@mdx1Y)KCVKG9iPSG;>=Q@s~$%G6Kwz
z7FL*-GlUiiF>f7cvn#%2h#6qcPEs>BdRtg-#w8^t3TomS!)z03Ke86f32*@dBJo-|
z0q*C>E_c=1&cQ!9f(_y8bbb>-{>hGnIgy{U>U%caL=RISQj{cIf(oG<gqP&`*Hw;(
z9yj_YgVmpi%?D3sMAXUQI*A)Bi#C8;R3&;g9&c8X$?KKf;e(o<Vkq{;gWoS7zLOuW
z2AqshqlwIZpYQ$-Dr4I^kJz^cP&A)YS)MYrMOH9k_9#@+4l;-Oa6Ytwl2<hHU-ATx
zbs(ah7#>Ce>Zc8&@!nCy_n_qQNHMgX@O^u1t0Y6s6zpyTEp)-(%MBxHL&OtC@!ZTA
znfGT{o*hm|PQg>|gj}u_2QP?qQvTj6m#nX0+ys6brtwk_=kb#*{I0GqO(KGWy~9Wy
zJe4AOjt!x`k^B!uQiGFTYqCn|YB{7!&o1@@Sjfso8C)S^r!OlW^jr{g@bOe=-Ej<Y
z4!D^i{6cZj{Lf!8x2qL*LFaz`-;N<8ZvQ9cZMA!Fu(^JZoq+|(xpn>jlXFkAz3wJp
z{+(lVI1<ema?5U1HJsw+0tC1Q%f4sT)^G8HN7wO4)X1D(zm!3rw73Y>c%oz<S9>DI
z>xZ5F<q`}fD1BaY$`#+#9K@dGgfS1VogT#Lr`GZ>`n??S1m#*Ok_3Bm4||7yQ9c*Z
z9kb#`5cWfGVYw?AJMw`)pbRY>tFQL%|BS5}7Azz3*cisOdmBPvhv$HKgQ(r6;3CC+
zAqfA6E4GU8Oj`$ya6w||{qt8ly0uA8BAkCFkSsx5(a`?+>?6kPBlDLByf$takBMQ%
z{$M1&&SuJIh8N%%^+}_b0qjuArr61tOjDk{5iB<GZR{(>P)ktnK#B>^pl96X&-HR;
zKJE&XS|}W>hw6ND`O}s0ZPFGuSV8SN7(w-Af8*2k$_FBmnQUu&MLTFg&wT_hwOMC{
z0`qNNQ{_|5ZL^zRgVRbFAq(8s{irS=?z$eV*aj976JFRhZxg?bV8T<3=my?IgOt7Z
z3T?Bm1MS0f25T}{0eCa?Jg#Dupc6!>KwQ4GY2KNXEmnt0ta$o5hm;yUY4rXG)dMb7
zyv!o29fjA4$7+<4bk8cuJKL^e0^Bj%e#!217Hs_T9O@iRgG~FKS+V76QujxQyfBsx
zK}&?kh?HvPRT##5!p|htVP~`QqWby<k@F8|kJeScQ78|ze28;Wul5t8thk5^3<{*s
zJ+Us_f`vPz3x|$OXbsM*21-%m80^`Lz>!fv5D899nWCLDu0dD3TrLoEMRFulAu?ir
zZ;~k>1ZJ?1sv1pP5Xmj`<;V7P#n#aMXtRLOoV0nIDLS_1n`^o*LAq|)MpgP2IBTcd
zBVTtHzuAf(r&%j#bFp`VHdn;jkq%{)6N4G3n=@H!<mNqo2|~sr*3SOUUy#8rRay`E
zWLwb;kJx0o=0wF8DhahFQto#)UIvZN3_}O*J~|yq4N%c8ZSGTNe6S;D%t7qw&Zp}Z
zVS=|sGEYI1C4>+#p3qr{C{M%SdXz(6Ua*l*X}cu>JY;O(ko?P*q+gid6K;|{s$Fpl
ztldIbbAJnev)AqaVWu9QcNySR+`aDv+2N5>vYv1WJ?xn{xEa6SgI3L$P)YkH^BVS!
z6?iY!KrD{k7eBjFL}p7?37f5d9OmNCsQE78JRV2k9i36Z9?j=gnyw&Qe*BB|3pmVN
zpaQ|(Em_U7N`}8cypqWERA|8>0D9eMAdcMl^BbRGv%<lNZMk{e8f`zw>Fm7f+z@JZ
zTy#)?=VH?9<D6xbwZ}=DH`Xv>g7!Q5|2SaYUTR_Wtt;4`FnCe78y5Ie0+=C<H|pFP
z5$WY0d{Q0FuUPQC%6WGvIOke<kpGhOFp@!71H4}lI>hrN`7fAZ+|_I#S)Zz{$E?)t
z5SDkeRDCB3yc+|h1{=nEq`?+=QEXH1pQn$YKD*(0hWV>)PTWgkLR_Q{_d%bWJw&*d
z0JA|(B1i)$T<R3Rur;S_SP+dph2s1GOeinF5X1bDQGIV}ksT%2?=P6|jFdSYZ0KDv
z(6<!M+&`T2|69uhStO4D$R$y}yrvy|+@<yuFn||`{@5*P%DX#nxNrCpO>U$9J?Wni
z@veTj7Cd+gwRX6s&BuoP<Vm!4MOH<mbI56eGo!h+Td4otE#m{-u)R7xDPP<|OAW4P
z(8`d&4{#U#!+5~i$kRhgnD8_?mzQd?#^ef;s>7Ioqz(6Hq&R{2AsoU>44>n-iR<cC
zzvLkD{Wa?y!t)O#GRcUmP}3h4XRisTt}YmDZ!x9F*N7DIJv)#zC<~@|rcu*GX77{o
z{Y^WGZtrw_ZV<g$%tEgKVeMhBf&agljR!e+C-6pOee#RItlvCm%G1vV&-a@Ak}QV$
z*u#kFJ)bA$wIhD@*X+XJA`KF}0$kzo>an6rHaeemlp4l1*PgfSWS=&DB&qxZw`39W
z!;&L$o6JPW3!VK}_un4>0Jb$}Q@2kqB=lleYxzEYfZ0vj1Q<RTq@G=<Z**w1nRz=b
z(Q_+r`R)yP-;Uj*T|+1T^M)_yb0=sk4($9_=RS`&10$Rmo+kk6x2-`v-U$AnI(O8!
zlV<0M8Ut5nwHi#_&r-XpP1)b&D&D4!zV|EgHdf5g-2KeE+qZ|OEv*4J`k~!DHrN|B
zJb1<<1dZdsH`_3*VHcncUkCVY@U1$C1{*08Fg8YU@|@4<7L3lprSR5Qw6{*w!2145
zyiMq}ng#0ih>#}U{iATq(@DzFi_2&F{vz^Bl?{b%Kq`g$lahEwT;6jd8TKdM%-Wq9
zzZs^cOh|GVr!t4Vpx^6S#xx^fgHI&iw2b&hP9y}IRC`ryXS#<-KYNF~BcC`!DMUAD
zaGa$6x9zRTc1Suiq08ejW=3=1bT-{(H9E2JLYT)qAcBXYnjR7-GdCD%U&Q>Ij`QIa
zD_T{*g!*h1>BE^RON4i4uwIvXupYxj59@=L>T6uS`m}2*hzje0sBjnkX-nBG!%eml
z@dJHF{r7LHEtMju_-<WoMzE-zyM~zu0*vT2xS5p+%Vvs&f;I%JoI&G1A8_Wb?Zb6m
z1jqEbsQSjMZYwnMz|WKd7Ap-Mu_qxbvMrRS4_N?bP@RLL4KqrnC3)lHL0wu6f)d4&
zuc~G|eK!qo*s4;GVjD0!-{9rVI!0X?;kc0|emn?ctB9Vc4+K~`d>O;dATNm3v-)#%
zg+~0NCmjhfn8^AzWA{y+$uZ!2lzrJg$yrG&gsO_E$BCsq6n0U!VxHsl#{FsD)2D#H
z|HIwq>G&O7vQsq|DdoS9M0nbx&(j0_FVC5d-H*AEK$jcTw6`MA9Mtajt&Y2rj)zeW
zTH0jQWHWrmf&6gq^Zc!pH>>c`t2n*{$DZ#A4VAc8^5MIQbEeRTUI>dhC1Bm|h~U0!
zrevN3^y1KMfg@rO2DJF2&~?#ddRN?NO*^&>w>u<-5oCra|8|$Z-^9~`?>K)e_X~da
z>jHU7Itl|0kz2N=+ZOCN*{?(P8B><6AKC3(Q{0wo%*=a9O5X3@Nc`WKw@4K24euVa
zGE#w>8?3WlBLqJauY-AIbUMCg!m$4W_{~lpp@NzQBy-%DS7@?acfS@*o`TjgkDlkg
zk)Q+a4nIG)Nsvh-u{}RSn4E1UKzIQ~A+qn6X*lrh>Tcxo5|2*ms{hMp9@is<bL2kz
zOw#o+rrbCK<`p%C1C|MS{NtU%m#~Ot;g<T6*B1H{2!Ozf(t`(P7`fZ5HzLvrRbH*#
z)1XP00#=$ygy{1mN=<#=<5QRI<2o2G?iU;BCJ^*n;zvMlCn?01sSP-ejNHn{ogJi8
zg=8GioMcd`CIs<W0Y394cn7wj@GiGo?aJnWR!u9XXEpLgp_q%doG?yJJEwp3Z)ebA
z*kK(|l^CRKAJApMzmtOhTX-7qPbWli7aq%9GKl{!@98IV#l46%Q+8?p$o_6VTKp4M
zCsV$24yhOyN(rfvcug@2NCNj&@AdS|LM<+1*{pf-T5??F*0f;Fp|58Dh-&Tk$?(ix
z&iiFvN$NUlh4fq1&#Y$ovGh29?UWSy?hrxuMSOeuaz*6|m2{x8al<#ob<VAG!-4{s
z=DFT1Ih!nb=<WUIwx+vlvaGxQ;Mmv9>&Q^=1?isljfO2amT)7f;sy0@!&=B0;-`-h
z`}Rm}p-&?mp?$I;c{rV_8h*|idsayQKehT=qx_qZgA@ft?WPlj4rAWykuTh4N0|$M
zjHL3DNg*!aUVf(I7}TS3Jd|MO;-W0#`)(!|p<YC}-a9bOxQJk1>00c-JS~AwJ85Xy
zr#Vo5ts}NKDqb3oL71Lwi)u2HK-=gAM|VfD0biK?R@B<TogiNTp@gri-6p@_dJ;}x
zLN_1pcO=y#FdsE|0F#+fIYEN)q=HO~>975M6))K;soj2b`@>jFZAy3MqnJ%Brr)7p
z^_{(daL-{!b&-pdeeu|qT@zg^RtwWp=SOYzZ^;k0s*3nzx1^(`NYe&rw25IH;9%Q;
z*3Z90ZX<)y{tv-f`VA6{Zm5{Wx9ta_(=Ae5{>V8AB!8nz(Uhv%s-7gFCNvcJoV<%$
zO{<aWH>raIOI!GZ^*VKH7f-5hW-$w5Pjj%?P@5kO^5gj$3m=5%_4J2xe$%6_56;F+
z=WhhHSY@z%A#@RZ(CkZM{Q*YZ+JIGKb@BFg*jZ?(xy~nTXq7P-mn@`8w(*nlv3h;@
zwd%~x^rL5xyPEu|y`e|APEhP&NIDiy*$^ig^)0Cxt7JXhRg=8ncC0$Ab>bBN8Z(0>
zP-1b%_3m2Ks$<7T3mp|~Spu){cG@}RHf>o_<kPY)j?=PgSNaOI00bb?L3|&wt4Zis
zv3}y0=%jL&oT}X%mQWw2$QdnOp}NYge8?Iv*Qt1c@~7uIrfY1<d3$Z(J^lA4t)JN9
z*F({oB?lxfhXgJ=RxMn+W%~Mxk7I3)cv`^01}J&+^5Z8j4fx0VGCw1cylHT#`!c?N
zeC6qy3n6yn8b33v-k=YdbZ#>WC3r*9JQ|_R-W&68M&8*f*}RqZXNJ_F3jK{GH0tb7
zaDV_5H^s(ZYYenZ3oB_yE!wzKl@z#~=aDnSJ-)ie&Ig!AO6Ce?@SnJEo{hZNNazqL
zW9Zk_LyyxDp5kj8Wc_+==bDtn^JYu+#K+^-E?$Z3NnFOy#dz~*+TzJ8unnkanSKA^
z6WN{TI~9TaHUk#*9_X|oey79|s}Z*&FEB#2S{dma@7nygXP0)5d%wMOTCe+S>rc=3
zUxk)+1q#{au5?Q5k6ob0a@nk5Ko?LW%X_I7V}5k1u=JQsX-st|gqCY$aK4FRR~s={
znZ;RAw}9@Wc2dPpL$aQaRhFv8PL+l1&1yh<E@?GXHsJBx$S{2BkFhXykVUA)u2g^g
z&3vH?I@t0dw})HqEFZWtrS4l(@3wbdDHH6$_aoW%>H72L=f}yId~yD;F?75C*c!d@
z{?eWE`SKTuZD&*O-N(_}(bcVwz0MD|qUh5qB5v+%O}$tl-&b7wUhR7E#<(=`l71Cf
zIE#^#Mn(2mBlr^Q54o4j7oJ4bFTLAOJ;(>LP5!#Osj!UnzGavW7F=kG_*r?&z$dQV
z&||2OSHG#_kxJCfIBAOJ^KCB)T)!_RW9XbbqZLo5&5RF?Y!azSAxq=jV;WQ?ZZY{B
zbN!5vef%FBLztvLBYf*VnNhu7g_mHia75QyZ{={JCD4;bvTL84ql?)nQ^+c+jf*Nc
zWk8ddXLxLUsxurlG97gEdXrQ4ONC{^{(vB+LdIqc>6fjuPD3JwX6d~pPI3R<!UD`r
z@+sibE0X)pUGu_?F9-dSY}>jlGypnX)7#WdZ6-q`+*ODE$-Aqzw9AbKD=%C*;jD_C
z>#7_F)2+p@&ve#(nW6+_73r<))n4rX^Dp~DXwvaU5=U9nrQsW7=N?9uZ&+_ovTOSm
z5}ZeTCApsIGS6;j-Qi%(FE{lCX!=a$nT$_p7mZ6dNzbdauFt94BUlcDW|9aX{HQMI
z32d{{?>{ar5bnR@pl!v%BQodwC~#k~ar557wlwYG|6K!H$4Q-b(Hao?w&NX$X;5Fx
z2FC*g|EvrprS5v>=b>|I%Lng(Q?!<q2m?DjokF0qF{l2nKuZxM#+Cu-<Ov2GCVUY7
z1q0Zspx7DcHGd0j$Ot4vfCyE1dirgETfHgwwP7IEW@S9Oi3^XcI6jRg3=P=HgI36R
z;Z0xdeS}An)l+@{nGKZ)XDKfGF5`8F6eruzg0m0Xzu1PSxm5?0A~f3fCyS0g$v9)4
zmO}tYZ>QB$-Ss3u6H>8nL9>Mj&mr6M(|y*l-%>feM#v#zocKX&W8_5#*Rv?hhQ5Dz
ziN0%q#VH@4+ki$d*yZqsR0Plx@?-h)tOzS0f&=!&<Dz%uqQ0<{?WH1O{Y;2IwW1Pl
z_BJqfjLXcl#!*Lm5%FDo$^7aHsp=GDGQIQ{Br{+AxN}da85cRtlykd8BPoBmmh9Z5
zb&<fUlSghz)V4^GD~ul>W)4ddDD(@UUt8pnS&fF^nIW|~+$5crfeM6ijMvm6vP6}u
z0ZVXR2hQ?=_k*4bb(;Sy*#S|gI9Yq(&8~>H?FH<8oM>IEyT{}sv@ycTA?Q}K$^pSM
zW!hcV1r*+U>?;rf1`IkdNiE5#-#L85HL`-t%6Vhpz_A`Kg#Rw>ChbGIZfD@2@SsuB
zYbtOa|H$j)#tUciS@@Ibn+!7n{WWUL2LW$)xY7T#V0dj;=5{)++x_4Wn-loL_Lt}d
zuf_oW@Eec8wy{m{9|jznkSX@M(*76|u;zNJ6c_J5K9zn=pt}4J?crGrK2A$V(G^|U
zJ*4ELkr~U8rR~A2Yr(7vZvGQ!e2^_o+ny5<|88*BJyGCq1#LjORRrIosUHi0hr}NH
ze9oiM{7TB$-W|)iKhM|N<Ck%PaX{my7igNB`P(9!&d;n&;?uyG`l{h`g8r+bCZ>#<
zZ{csFp4`;$#k6_0&s?2(g09c}3P=v$I%j*Iok^SA0l2UX<!`3#CW$h`zsX?9;45M}
zDPlRE?5U@bnF+bk^%u=_>3>l=cOcP>nap8CVI9o4e%hq|?l4s3y}MrF)`&p))LP{)
zEtfbTI^vm^TbA{TWL;5gwhIsVG<J`Q>lNS!&Y-ueSMdI3AAA0N()Y4D899VW2YHnw
zV9~-S;qPq~+q+$#&txc)GAyxKA8=$CRvOe<CPwo$;HEyA9E!eeD>aM^%N`?`RYg_g
zjF5}X!?z>V>>@=-Cy2=`)<c?|uMyqU+mJnTs!y+x`LoYh6xNO5AB@j0?BYYp-pi7n
z;V(%Y8X!(;0ZN-I<7!_4KBa4}&3>ambt_)|<Na5o=Ohtto7N12SLO65dHgpnWh}j|
zsLUQAP7+I7tOI%A6yneO-^(^A<1fcd{-;rlc`s$miNSfa(IQ&7A9oGIfGel)>AZ50
zS(k=$`rhM?;KWk=DIz=-+k4g9o3rgdNY~yirx)Ln&D3c;5-wc-l(j>xb8^#$I_Jow
zH*=pd%+5Sjh}p+Tebn(b{W~PMyPx%s8$2$Xm1Gyd<7>mzmH9z;(S=2MKS|}Y)qrF2
zD`!{k<d;L$DvU1sdggjxk*?kB5c*;Am8V15dbYi}G`xalI6&q&8H2bZPL`2LY{Avl
zTifMpSErBN5gqXNbgebk79H`rSuMLJn%FR&;GNNSw+D^O9g6?Cog4k_$u{!zO?1Kt
zX^IhD?#=(13vFgnS(hexn->*~=i_5{@;z?t-;LhiVMxuxH9#qXk8`Ak=a0yyDcFO3
zzS(k}7OaTDTHlinKW2@--||ThnJr8#90y=VvPyG-q2qQ#X5Aqxen)T=!__O@&G+Us
z9QzPK*dp(Neuw&(Bwj!Ttg@_#Y1wZa270Qp1pm@obTHFYygvn3@1G>Bv{e_~ZRXJ&
zb^EJ<*iDzFUWW{%)`)oX<8ni%7N%L?kvA5JK)$zM!|}$zo|22H)<MS3sv!sIPMmG;
zxaMW4g^f-T@S`38*Bi6KID_nuzqk?NO<x=<Byip{>A$q9>q!#H3s4ch!qDJ4bK15b
zaTfa?a(?AQLvws!GEq^Df&FTJr-V#B6w4yn3+?%}g|W`F&ESc=uaBTuMO3K`$WbLE
z_F%Ie@T9l;S&jr#Bcyl_Uj4)iI60=S$Rd<iz|>vg^X6nR*AAyjjU`wQX`o@tVj{_b
zs!fN)$Dkv(JEJ<LhR@l<GXv|B)pCs_cZ-uJ*WYmoaPsWtEULZIR7Xz!o?4TWY^UBA
ze9SMzJEM!HG5u_O*hMixi0)fZmyVte$%^+ENb~=y`>LQix^_*H;O@Z*&c@v(1b2dL
z+}$;}1b26L3+@iV-Q9KLuyL2ecmDIAs+pRpnz@;(>AqO~bglJX^u?;KN8SY^n7wv-
zC}w)IQd~LfHCf#|=WB9zv)HEF>C^IH+i8rxy8jSpnY4d;0_vY9T)pbNc<B_hC*QBC
zhTMD)NZ4g-&fcGqkkrS!UGl_~b@;Fwp;cXmuIsl8xp3cJ93d0ta|^n-L?9ZVML)bT
z6Yz=!hh41NG?_Zh+xR5Ea8O#p_sgzTshuZb^OD-2H0yjGUkzhNmIvT-B&tiPEAgC7
z=UA1=wjGWH!Au$1a`J=+BvU|UCZc~eik;%*<G8&p%MEaaY{oy84N#}xqzJ+#yDQiu
zA?@1A)X<>pl@72(_Cfn>iINpyZHRDe=RQ7NGVeZ^m3bbQmA=>tMD5Hn78F0!_|(M9
z-(mHY=gobZn0Rb)ct#w+1A7j(hRFAMWx9EWzY}=LI^9r=k;y3QW`*qvpx+DA!=Xbd
ze-7*bmrB@K2Oo$FXsuS4brMAi%q2@_ctni}YB`lww;WvfiaRFXf5#q*2Kri@La@;S
zF&_izCi=D2*n^i-Ir!S#WoR?I9M()eX?~<|5V=<GI0x&OdxG64P}lucQwpIft^o4h
z2QSHnE1fW3rteAPHsYAmaZ_IF&7;5IzT)d)+N|u-0bCmC(1>FSHm?mfLZP1|j_P^A
zE?02c#6)C183>FaW(G5fG{6T^;!(Axy<Iz+9XC)Yz|x{?_2_(1$G>XRYcckpwgem6
zOcmsgnc1yqXy*U2Usk`0I(gWWt^F*byZR!ZsAx}RAXL-M5%Rp5P^)Dub(F<Pmdq$;
zJL%oR-SJG}KsM?^+4a#LzpbtP$#E~tEC4*s+j1}Go%xSJ9Q~tXLC$AZFI`iQ>i)~F
zzn8zFzzFq20W;_9^PSUuy!<Q%rUYNN7t098oK57meFcI6VRjP4LiIf7jfu6zVw)7+
z-PU7))?)-1r04z6POj?k-tWg6R$O(ksh+{Thrd4#V)LW_R$g86xR0|x6wnpqNUw+Q
zl)N;D0uwVK6I!BCBO5+_dc(U8?74X4zk7R7{4}rDj7#J*<uGvDU`VRQQ2oL(%4n!=
zP8;;&&hV_-!R;bBJlnga^DVB|^7fs4790jV2fJ_{ij<)l=H@OdYKVXl=d`_jdqc<o
z+1rQX$C~Z3*284fl?$a}uB0vIdL3oNe}qp}?E{dqM?+a%5T3iw?==7XaYC<nt$d=A
znXsxF)(-XG?7yX|NNF?Pul;=xM%+QF%_2nvTy?ZvcDpeRBs3`o9PAJ`OW^X(FV`h|
zpVkE%k`RmN-4(e456c$VF!N_m;_rC_Y~UcLko+`Ek@1oX5e&a=y_qo`cDCq~f=Cq@
zRc*y<#(4srCqyZf2)AJTltq{4aWFf?R4{7*Zrx#u=8^SDVIFN-Kf}1}0HecOat%pq
zSv*mZ4$BnZ5fKCEcid@7)yP?g`1~UhWB=?b77+=)Z2%Iq61;?o_H%;Wmu{)UuSZHM
z8C|RKwavc~CXiib3&Rp2Xul_FYqRJ-xE;IgyB*);^5dDS^{)WwOYZmQ`!^P80}C&V
zL+F2pFC#=iS2!!}R%oT7Fw)2LFilz((bp)zn=&$6Ht?cKJ;t<pFMOsl?37Z2)cuWL
zOhLA}=x=}vuEEJBGCy-xH9vP4M(^{HRj(I02jOPa(rs?``d!KUjKJ@`6$|G2<ff0I
z9th8p9pX1$rZl61wIF%GAIi2PqrDZOiufR+xf+79VWaUa^wYBabfk3AzGqlet_!Nm
zei~*^p70jCK9g@d++B=ph;KmlH@4ags^1%HoZDl$8w7{UHA4xmdYU#XbG=D{c@0<D
zd#dm=s8(#~<6I5|CbqAGU_IM2o>^X&%x;6-IC01#y;?I2X=JIp^ph2^M?1_b;~)7U
z%sLs2$@J+Dy324jeXJqqTqe5f(d+KPiK9*?6O_OxTAcX4(~MG`R4|wZG8<Hq;ol*;
zCRL9PN=JGldT(xuF7T1gO1v?R%8x#ju%<Q#JTSGgeH+##uCe^_wYUMLJER4R>}=*i
z;hnz%lF-BGv>AcA+cq^{q*l<t=N*j^lpWevKKjF4=$XyWxqkt4l_HP@M~};&g^q&1
z)GO`R12EW5#SXKf880d?x$t34{w>}DBA6mpt2>OUFs#Bx+%UWLERiPe`MP{Twf%hr
zC2r`o+b8o122MT2ot>vnrYgzIQNrH5q<jhG)}6m_Ji0Gxmi*>$SMh|z36t3h`tf~I
z@YSy?rhhn0;6(ZX4m#<&&YW33UOx)ji@@hc>`bpFH67HWyfE1y5*0c}j`21(-Q2F!
z7zUK%gfK<*x834V3X?KCR<xMDqM2YMbWSR?1xO4(dRuf?bSqE4IyxKyl$#7DuuY>4
zx;u-OLbMG2BA(}mL55eJlFx(dJgq*jOiS)EMWM?}aVAvXC66N^=nAf8Qr2B_{^hRJ
z=SNnGv5mf=p#VCQy7q1B($ssvq1G-6#Nz`O7q?^4Y>Tx!LNk9lcjd>fdui`^1s95j
zpz=ay0hP_sYKnu{HFFT0Q&lvH@M2k)aod)ynjtyCu+v?yZqsF0nYuHxhhZpi0@p69
z82oeZQFze6@*n}7^jhS>Z~2~r-+saKIWx@k!p#|AX)s}A+-+vRMz`%%V>QT3$1>kR
zbw{R6$I@TaK#tLtrb#e8yD*G#Gwvj*mo*eihpM(H-XoN^I|IEMM6cZN?qiaoDDg#i
z<%X1Q*84ZQV&_=#drDitJ1t5-=h;$$lbl&+BNOSh1knE?kjBGTyjb<%=*My85!zy(
zIPtWu(mA6K|Lou<i>$1dR{3IfIGj_<0B(bKC|B<LK0n&fy?O)HPKa=h2dQk|vAH~X
zSjs3kROH2K)Em~(`OZ;5$PY^)hz+3Xqnib*TJ`i!Pj6e0CC*wdxW)V!_d0(YF9N(O
zCH`qI_%?md+M7quO0_04*?5;uI83@R5OX$9+S8~floEFV6;3YrVf$mBiACdSGXzn&
zFvaL3Zue&B+(n+?IC>>I4F^b)j3=AYS64qbnW13tj}QaWPbmXK-tMxYcj&>Cnzb`>
ztFl3DLkT<&P$;G%!O3$G9Nn=XJJOh^<COB+Z1SY&D*nR;LQPhJ*Thm$p*=fk-D~cZ
z!k^DEO}+vW)P}TL$y32t9{TT*A07*k5mM1b<{ObRt>I$&+8MNC_HX{!@gzZ!l<*k6
zHV}9L6>$Ps4<lD&{#->}6LLK*=kz*M#a4tEARBtd&P4ZZ*)MK0e^6GG@FL5>Dkc>~
z_bu}su`%~KdMV&6x^L3~DM;-d%`y2sFXwYj^vF+zi7Wap&8b3TQ)D%a6Bb0h3O!mt
zBAiKk;jtA9U6OzYUz!!NLcxfXE^rQ%@X2aKSbrfu&I*~vF%RC`dcaN%>cSEN=*MER
zkTLK`-B{C*Ln+G6C3>iT;+q*+_>s%DOTbLOFh$LSimj2RPK*(&K3}?EB3um`mOGm_
z%$cv}XTcWd{G2qa*5lnjtrEouWCev|VSd-IGZLycR9pCti;MU4-9IkRm$-cT@7jZ6
zzcO=fc^+H*?hdlrkn?kEd5N{G&91lf`R<#<d4p3&86q_Q4CqvFQR%Z3A+<xZl)v;x
z`gvN@e(yt#A>(Dmu|R%v^V!QTd4V>#Yx|HBo`o^d?twjt7)*Sr!CYNBHRu}JKfhlE
zt=O2ZnKz~3y8N(Dk~(33#%*eq;ynS@v2H~x{yl@+@+=B8I^$%e-xkUh0V&Evqn@EM
zDkg+YU)USP9>_1T3^tCrpNK1Hpm7$_sGzFGc%!eVj9>DZKK(?xEu%3<*1%KJeUl*W
zR?pj(U2<H3XD!WUdNsR|qJ~%P85wJcP$<>dQ~w_{4U{#olNf)}t((Pif^i^tcW`&N
zxVU&gscgG>*U*(}@Wy@&y~p9`|5DRXP)QhoI2W>jDvcB{0BpgK=XgJPKcEOIK(y-F
zcK?5&Y6N1FjPJXLqpF)bnM~T_H#EPcthyTsh(LwMrEG^V8O8FO-qip`1RRT4lV$XD
z?<A%S^%zh!QCYfLaQ|FF`x(0ACXK89E-r_TUvc2}LJJORWi>4J&B3(7kUmYOyf_31
zG4KWyp^ds(gouT_q(4B*!I}{18*X+LqUbq+uIKBC4QR72;?MLWeQG|fQvuam|1_<V
zX(y^w2*#`uuEoO0YR5kpEFU*Se)3Ff4uq<q+rHrFfBP)8zu$N%?`n5VyAaZUu8p8g
z_SK<MwD$3XlX{8KWebd1QJ8n0#BnkfK4Jqo+s?(a7p^C#YqS+dwUQa<9D}6je|v;Y
z3H7zHv$&+W7xNy{I*1dawX7c<v)G_OUwtRWeN9^F6?0Lj99x4L^dS}0(+ayFCHjju
z4I`oy3GAYv{qi9?;Eaij(`y3}BX4d$TA=_EY2Eu$O~d9Sb#=;&z(-<b%lLXN6-df0
z>x$J8Z6E(>=Ety{NQb)`!`dK=khl2d$E6temfoe4LQ290&coaE+M+W4mi0M}E4{fz
z;||G$SPquCpV9zT3tjP8Qae{3yU00hZ7M0pspMPaX;34J*~p3ncvPb+vaQ3$L!@=w
zp|BI3^>#ApI)Sn^Wq46)gYzkkgEXid;6>Vmr4kR5Z=-aM5%D3s)Ro~?I8bzL>&9cI
z_PdyLjQz<)Ru+vH|58ZN^!$g$vcpDcp+>A;r>f%c)w_k|I^UUY?Z=Z7DdPJgtibUd
zZ?n9HLl;bB1-`cW2_AjRtVJ&zX<kDb1&U;LX<n}FUK6>y-di%|3%Dkl^*sw%jNj;t
zJ}rzBNpE#Ri#+1~kDk!7XpY<pBIx^?D>H+6W>#U$L_;9q7S9!Ljz;*RBIRDM0P7!z
z{s${jos}rqq7F6<>T|tVUNN0`GoZ<Y4{>57E!8*OY}3oL_782(BAsY399acjdhXsI
zjmvi_Z}aK=<)c`29kn{TrmtwK*lV|ecCrlvXZ@0`{(sh5(BCQ@K%)+}w|=l(xjt;0
zgv#Ur(#7!GS5G8b^;tZ45i6mN&fw#82JA?_N=S%U6$Yq>8Z!wRVMX=X+pG<4WqF*p
zWsvG+NG^SVU~mru^AlOe=3;!7#->tnhoi}qYgF5gUIpu}08>dh?zp!+Z;8^&Wiu!8
zlC$eacCx9tIDG1{65YiTjei<<KzlhBEW&`|Bj2A<)yUR=*pS`^r(6GVT3#`0{4ZOp
zMN>QfNvMF#9R^9DNVb%Zi-luBY?04*rnB|4(=~nAMkQn-F<YR7zBEGs#zFDIGvk4p
z;0_Awh3>|Y1%IX$<9AC$ZcIpc{9r?R+kaSV*AJT)dhm*(bCC3<21#G>mmfHt!eCV_
zK};$kau$OY9mUP$N1YI2Sf$+o&tF~G%Qf0=Mum>?Jppm|6jqWijN~EbCa}JF_#1`4
ztJZwpj>tIZB{H6|tRy`dkb64$guaf1z=r>KU&@uzOIYXM2{>CjL}LhoWX8oiC<k~1
z1W=RD_M`{m5wan~BKGfS+cip-0I|+sTWQbeOg1ZkV6|S8(Bjvfdm4>enEHaM2F*Wj
zQLhCV2lgE}*Y##4UM$pu(Ml^)1tE1dKJ>L4ph<Qw>n@qRAej{X>7_<B;s%~qAnh;z
zPsu39#usX5JwZOv8wk;-=fs=<yx|7!Z(`|2%?2xjE^J;2!`FzX<L4JCX9xqBJqN!-
zCQ1f4FC-auITztr9`J9&F%k6$Aelh{2guPUd=_HXHXg2g$k@JiRBu<WwYo>Q9<EwW
zT6f9@PLVcLi@ZLIZCmrP9?6Y=`7Ek}V2savqzSoWmpVS8Ngs5yN#Cvsvzyxkj6@?%
z7U$l`+9zuq=#<gPSD)7%1(Y;h10E+hZ6$!ffAh`1SoAL99;`By;3%3fE@O%5)?Eli
z)qeZlnBlzaFXX|(M5=k?Y*${veAwKObk;^(E%I3D8BgZttfajF^t+1HM#8wipkIOa
zuM-`YUaYLt!59Isa;PR{$<(71;aX#p?sn%fBO1E6B^|Hnp^p9tc3i}=zx3-Euq5NS
zwS(e~YR&ADaR39^Coju%*1vi^xz1ViN>jF~Q3)p^YF%W0Mh@_f*cYT@B0$U?H;8w{
z=7QNKl5G*Qu}^5*|BFgadh-=-`Ztxlc6vX01)2G00rnILVFevq+1#oR2|<m>#Ed40
z=x%>5x}Z-+9cOzz$Y{-usduTaMT3Q>cx)b9_y9jN2|1LkFu2F~@T*9QvL(sdkq9Ot
zBNm-($rkh0w^%{b!j0eZGkysfkSQHEix2N1Ck2N+EOVbwDLF&hkNB4RjNR01S@q5i
z-YKF4hPvn7b*7bmiDA3#p(Q9`{+md~tq=g-?mufAd@bHD;Kf6NreMr@MbVB0vA)ky
zI9yzNFiRlh3koc_=4qc#Jz|g~e1cU<7{6`RaNV<6g;rVh#Cq{)<z)P#<v(dYy_nmG
zs4}=hy?Ej(?+90KX`=vNY?jPas&A&z)}c%2ZYXl>Gfr0HG%36(jGmrN&dl~elnG-I
zR$f?;aJvB?2l#P&4wq_lP&nH{zDCn11UA#2nbqJ$>Z3>YEVi2T=bhj8<W-V#E#epF
zJHH6=FfuR)oXMGn|L-_t9>kFU6^G0Vp8S8wA+vntd_lP(dpCHW`e5?8)<v95{Bl2C
z>l?0=43>lPnhRF0!QEM1s|yj%x{@MGUfIMdHuSYA#*DLMx}VfFhhl(0Os_dc%|Ob|
zd{OM9Q)xWGD6H3{O3qF6y3<PRUci}-6L{I;SW0!-Mz7bp^Z$TD-W6Wk`|=v%j{cMb
zJ?kRnhmARPqg0=eK>kHy<|-ahEe^%nJK*b^l(V$iu4~mEdx#G}q{6wxM%D>v@47Wy
zk91I4BBb9|h*l1_Sck=|-qE4nE33%Kosp#{4350BKptvDmZrn!tcNp{H{#F~;0cBF
z!(<~@6j_^*9+UkiEH?(xqc|t=vu|Qra_=M^S%G1)$z-m9|KyMF)nILd(yG~=vi4E?
z=J4;fZ`B!>gF_zTN!+AQKXjSNm|zT8_QK_my#?In*u^x!4f5K>&sqAxrC&Z`pj9qi
zp6?Eqo1UZOjpLUHi*)15i=*LXyp15Q?Z?;hsahep&UZM#pt+skcwuZ@58H9gBX!zd
z7@w&B&ip-vGJW>>6m#0Oqs!pXH|)z0FmZ2<p;HNL7e(s^?ydW)_SI@iIRKN>zRRFR
zQ{&VQ3mTzm*zd}u%HCCKxw>>ral~45I>BZcnC?8CIF1{RKC)rsgbl|i9nyb9&M-up
zYwK!t{LyI@4hfDfie#dQscf&PkIAqvD}hgB?`yk~^r#WvoZa{~;}5;F?)YkJD`vu|
z6|2U?g>ShB9`eFMT&<$YbfXJxKvcQr|KyQ{PHx?wO7?QmLVtaI;!%I17KQ14?LgAI
zsUi;Y*6rR1-i%+@gpUh#WOs#TuC5N$LX!vp`TpvvzURk+t311S849+<cb;F&pALR<
z2z8u{eGCp~z~Z<k5V$Zqzakp?{1_{s5J~vkq(6-GgDh!jMkw27;++jLRgE?;yjG1`
zrPCXA$O`#ny85=C!lC)VR0Y`??F{6TM$iB$WxY&1G7i>zp+M(>MaerT3^`btp3P^8
zU|60w|5C5j51tgZOL6%Ui%Vm0cAs6SdRuz=_UtlV$=b#u=WZ{L&{3-vT%Ng3`eCZ~
zgRO8W1YEth%zRF<)9Bj16wc1@?!C$-<(3T??oCSfSdyisI2B6a08s~77U&<jGI-o{
z+zdwOSx9ATi9N_VH!rlc-`pL&-CertOX%)gj|U_RI(R!?+<$f72~VF*McQSj)&k)8
zET#H0v!ME+S2@lZl}8-T0EHg#ky@Qx9sJLr{hRaTp-4L2?3eS4o%8dn<H=asJhV=6
z@ZQGB<FB}>24jiCFh1Xri5suFv+krZUFN<;<4*7lDMlEF1^(0f=0*cUleOXYyBmCj
z32#zu9=YQE1IsT0j}ysw*E6T*{D}foxM2cma%lz04r}K-^}FdiNoQnOKU64*JoE4o
zo=iE**uNwKT7m=w8LU0K6*~5pY>S#Z2b<1X(X5VF50LmN6Bl++aZ<ReNxOXYfGo^8
z?#afJImgeNfn1RYUwFK<zWTgl$}QWO=&S4!;?9~}<PvGF!9_Az^=&*v@j7oW&U=zO
zF*~JOY>=x3Xbeho)qAFwPq;1}MZ3$p#wXsqiT?ThXLl-_q=*eFOhc2G5>i|55h-c&
z??6d7FVHgi_D=@Ui|5l-unSnncFXu#cll;@rt<u}m6m7PBGIfe*F2h_j+3pzy7I3%
zA6`ETUDrz^w%~+SeKmX3BLAyH#+tByAGACoYwP3p4VQ$Z^7a7yz%y5->{OJk+R7n8
z8s1LM07Y25%GO|jj4m-Y)BX3G1((0?Q)D|porT-A&3*Dt`fLN8+I-neI^SR8f@@5E
zZj^nyHI@hc(g$@Gd-7hkijjEJU`BAtiC-7#CEea+*g_yYV|)bZzFfl-%cV)PQAk_J
z{f!H!28uJ)<&SB%_A`ohLc)!u+X3hh7Zk>Oytp66@1EhOHN4o(DG@8{r}i64q+hnQ
z1bb#RYbm8Z%Ny#=;?)yt$fs7`<AXVX6`!tjwrT1?vOnf>a*<3>*)%*)r%Hh0mjQ^3
z94X8!?qBw?c+ntcktgAjWrfqd6bbaywHuRBxf_ex!n<UJSGgRvE->3JUuR>fMUf3h
zwyRlfR(Gj9zuBd^I{t9{X0d`s-Y$SkmpN^_dIr-J-9AXI*z6v6D0<u@Ir<&@G?Uo-
zVs3XTC$(%f7wIO!%`0wz$!G0%Se0*RAwEFd?Z}_$jExy<q`}a3`@`i~msM@Q<44PZ
zxgPN5>3}hoKi*!AYYv^yYsDSa5T9@7dviRn{UcACFtl`9OtP1Lw-u$bErcNk+-zZ{
z;VO}JLE+o1Sswjqa47&2BFahJ+4A8wW<Wg8_xQoVA%_x>vFZ#BQ}qS&@{HY*+j+rp
zce2;>4OL^^-t^RJp4bl-wNimX8r*3fM{Fv9%JI`u{+FAw(~)u$JAo#OoG-=~I!4lX
zSJXZJt;AZB3D@}iwI_qLzH!!<+bma{x2KdM*^JV@yE?Ey?1keY!=r`VjP0!kVH4c0
z?3cwXkwOsf=2@hB!2#d4b<Wym4)>Rh4EOg;Md;?S3?ru2v)tt;JhA?f)iFsI243X;
z(R#p@j_vuc)ddLKlaJkl%(T8|!AWzzt%sar6X4`Bb;64ubmW<KQikK5o|ayOP&q`C
z8jTYr3!T|5mzqu~mO+(VytYxFRU-&;PAeA78tAgLJd-mE=nd&Xa!tD3S)YH-W|04N
zM}^Qx!*@1#-2|3@cXoSuds$ySTgruHsJ5aTRnZI$9H~?*l2{bQT0hq*%I%1qx3}x+
z7$1jZY;#~G>3D8Tbsdu)%-;HDw~n;S6+3Mkt+}s?uj<{FAHSKb-Bh<26i<9B>%mu@
zZTCRIp;||ay7hJA{+s8KdvHIU1$X!h+JVN6o>l6)&ceZU6invk9-jMo^YtIz^YF5C
za>Fude9Ie?o}X#$o`*qOW<ma1mT95{rdCK<7pSe|9A*S+T2P!b@ryBqtZ`0aRh;!O
z74L2OikpW9bFUpDLrtLzkAX{53#ry}m-Iq1(lwdPLmrXK7WSHt9ymNML5)Wdslo>p
zmy$p=igZldPW$1(w)qLM7Buwcp`CAh6#Df&eSq}t5LO)j&gF5r<@*fx$`F2(^}}-<
z@`H6UVIt>=wB;H20t3fZMOLc4xn04kA*#>DG@43-@EE}qDVDwHW<k#3P6MxR`2*xj
zsYRM*jNWD`$4pI5ITNGR-+x~dVnv0{+U$-el*yZK>_}%G;+_=I%O%V#)222^SWXdo
z$!hD0+p%4%4Ag7@4zrUzL5am^v-O4o(pA&V#_?y+5C!LbvyVk_8`dmbNWIOS&_5nu
z+%%BBlBBj=<NnFY$e7O(6!#%*c5=tkpX|={CuN~vMGthLPMH8)u?X-{|9M;4>*Py&
z0aewIsm_y77VJ-^UwxdmwZ%aPkiy_Wf%Bg#gcN1K(YI?NkCb7L@XAij^?8H<9_9*q
z$eVnM33LozZ28(kl#2J6@qM7J;G~ami*c@#gmvs{P2}fyUAA-#&eqguyhcIGPRUlS
zYcANLO2U)#Nw;iP@4H^j9KU+*w5R-i#MzL5aW(Rjn2TC8&fa9pDn*~9j?x&!mk|VI
zW_)^;FjveB-k7~)c`m2i;F;sB!;56koD5!%1{4}Nj;NtN6!7;Sip+^JwTuW|U35~9
zWbrAtTrrf##U#gA@{`HIMy%XV`Qx~u)&6Ad$_f{Sle?_`W@X0eVxs{*{xRRR`adKd
zLbZmaPSf2Int?1WevgJHot2nKBV???wX*9q4@pNnk6&#4Y=36-j>YC>GKIq&2MrAF
zEgI7DCTKl-579N;YLq=-RmktX72d$_5|CY#F2PR>>6muJVmUtha;Yu4X}LmzvUjoM
zd|rWy0P05^yyxw(8q>e~4DDZ{`!TrC!fYgX_+fEJ>%QDw+(flvs%#%7=mJYvg<bRy
zbWCg1j7L{_@X)NDi9E*!vUXW~WL9t~8XV0}{VmlHM<KmL)v84%o#FV~Tl3LU**7Bf
zn4dwy84)lem%Z%fZrQxq-I-klMOa4<5BzNS6=IgeHOAuFCn`F#4PKa+!^h}%oaa=Z
zk+*<syy-%BXqnLlmkO<}T!dK<b<1mx`Mj=#klr|i=lQNYTx;T<TVMV%)=EpxlcVWX
zfBz}Znm1Zjoa{QTKJmmnJX-bjNOY~0Xf)I5f}OSSkEiGHlov@Q2FNU-(+4Dv>kpKO
zDN3(*TV5%ZD^G6}RD6qcZPoeUncP$9LJqfsTYISbuRJ$X<5CH|OngehMNO7684^SJ
z*PFT8iz{fO57Uq1{u0y)vHa9qCAv1t_m;r7Vs$o6^9O&C0TlQ`Y0?`UyElCks`*R&
zj)4RBTxH*%JWwQklrc4a+!JeprXASll*q0JdN`x~MPkh)ilD9K=Ii~lT~{Yye%DsL
z_|MDQk1C)3;z{E^yt#XT93G;VID7)+@735HyXa$HMZ95($*2SgmeG}1^!_LVmjb3z
zsJAFg3G2gV{J>qrlf6Bwx+~b35<tSvQ7~xU@HXlsm8J@^30?0QTYkurUqv!bqK%s3
zdJFtDRWT0NwUUFXUD;Gq+Npr9{b%KpfI5v8K36^IHh+q7+-*aa8Zd)xjWRxao&SgX
zC<I4-k{8<3#F~yut5uH`$@;VDcz00tFn`2-iP2xo<zXt(2wn)RLd}h#rbwW8Lu{4I
zt6E`RxzC-@M+A6x@vI7@;X5&xWN8I8xY;gl@)Y4sr2w~|Un*@YK`r`gep*|d_(GV?
z(CPjg7f;U5LyveeE_+Y=slBeL{)FGQQ85uhLi=@Ik4rEg-hCIM*qX`45w@OL0H5#u
zu-eBw#Hh*+|E<HW_cxS2F8kqwK*&Rg{PdUzlq$}m(Vr3$dCyWb$sD5do~8|*b<k8)
zrkm=$`xN?tFe3HLjwxyULA^wTY?sqN;5J#;ZxJ_h(SBkgZSD+2a9|VyKl^RCznL-?
zT`ne)-68Y~ZX@WqVd*EA;;Fs1U{XL;<?FS$n~pZDp!R$E<kO^bLF?U868qPpha5v=
zMc{Z)mn!Y~C7Os(RQxhn(iTTHoVgV(&i>_1gmR3YYyQ1<kXkbTdAL7B)Ttg3{+MYe
zXE)q&<vZiSIosz*I;T(!;*8XvVSQJ@6M6wGvM49uq3>DI6Z<+=v5o|gdLsz_aBW0z
zfgUIIwQ&qcWi(Pvjy3MXh2|Z~ZYp(g4@5V<Lndh@ygo!yx9Bo8s?y>x?=zn8@0qPT
z{^roRJqD;V`o<R?LZM$(fZ3APv+e}d%@aG}3xT!+Jbm;f2*eXe7qv*Y$)0z90SVmG
zm05w1<ua997f=jenN{1%Q)ftFt?z{#k1amYQJ;gZvKdNFAmt+8bc+Az4*cyJ{9y!7
zxb0A?u1hpY@*Pc!vmb-hj&1i&V)dOgVD@!$pCJ%IO?v!*YTN}Rm%{$xAREA`yD+DV
zVmlqvs!FXFkB1UY6xUq?i~9FtM3q<(?Lc}+AiIwAH1^jOoWYPokF=7^#sdK)r)Qv}
z%QDVlX|EPa&Vx|mzlEl8Ap$=A$BFNGeaPLCXzzkt<CihuWg{VInZ%dpwRgrCOl68l
z$uERUox)LD{Uz+DT(4px_(Y+|X{T;T%!0`Zzdh!u!Yeho4YrRy?;C$1F03Hn)HF#b
z##1#%syoi}2o=V>Ju#f36t9eAI8bUS{w6JT(@U^F4)^q&@w-t;%J^=!MZC#VPi-=e
zeXrHwhO9d`*o0|&H&!qj6N4?i?_DH46mv9gca`SSU|J@*3rpD<%4eE&rT}(1-~{fd
zi2E#snXtJIuH>nZ2JZ4eY>Y$?9^`Q2<i{FH{2Izw1IxA2T$wYemuBaxedOZ5Sw(vo
zM0g**DV}akRF995iL8|^Tnf~wklT=m%+U0r17jv0??le^;g<!2CQIkLE$9A1-LzV=
z4F=A4ury*FuP0h)cks9z(Wz9JsqrYzxf}!<($|pe%j;<{tC*6u67J>I$0JCp$DD*b
zT<WVE_edpCz>g{-tDV}hIam*2XOpIRGz^G8)(lzNAj{JOy+=N!7w$IHyH=38(zEN7
zIkj8UZ#bj1TeELCAGz{sv}cmK@>;ZK&RjY-xVDL2IM2Jb74DvyU*3gnot0kRNe!+p
z?woz?URB*aOOA5M>F1^PbIBRtr6vR`guAFgf)yfN)Od923aJPxenjLK<`Ps~F;{(4
z?^jETGD)1Qli{CcL13n*R10kJtTa9zPErrCX6~jL16|WA$v2PvhzN%R>N8|Jrn=7<
zV;gA8RKq(ywvWzXFxH`78~CZDj2`F|WqGCsE`7x)@6i%?XSszOqwD*dqKCDA#hp@0
zrEfxlJpft8lswr>$B$A6f5}9tRtOKs4pw(3GQrx>|IdPaV;Z>^G)0#)rS0dVy$=99
zg1mLmZ%;Dgc;&RK-RBavc>_=}lu8;3^x{m<_;ja54SaK9lZ_?<Crm#uT;;EIGE!51
zV7k9{SwGE|^GML@e9yR0`Md#^U7K<5nfdnq*4#f!I%>D?8tfdW%p268*1VVPU^JS!
zQ|dL!KcDAVH4D?P5s+)p13!Iyu5q&?H!)=B3bb+qyowo;svKZ{b7GWM;zXqZe-WMo
ziFZF_*|+40Y6JFvP}ILrtpWW%DC=LS-hkpCRQWH|Xh8T6>iidKHo*D^P5gs4lYf~r
zZXUD*Cyp-AIckQ2=&KG}PKSY7^*f@v9=W!sL2RudRd5|WXsk)~8o)`jUr4hF6*Aqp
z!(wp#pz?_2Tq7DlmUqlmVH9btSX7i?Z)I{~utK0N*RKxAqKSZH8l!Jn)aj&f3Evh|
zl*L~df2yK@4xo-s&EgyV8S5-cAFioW#LGE4`JS&%eH5fWea8HP2>}5C3sK}yt`$_&
zwxUP?0Wla40rB<Y?Z2-A-+!Jy4h7eDGFCAcF*Y%`F?TYzwPCPuw6*!4i%4MyQEAUW
wKyVPiLZJP-!pB(P8~jn)THoA8+1T37>Z8<uEr){sXV&MBJK$r)0RMyj1EsWUP5=M^

diff --git a/Solutions/Tailscale (CCF)/Package/3.0.4.zip b/Solutions/Tailscale (CCF)/Package/3.0.4.zip
new file mode 100644
index 0000000000000000000000000000000000000000..1f7a3ab375a843676c4d7c139c15fc330b8940df
GIT binary patch
literal 61348
zcmY(pQ<xw@(l*-mv~AnAZQHhObK16T+qP}n_L=>5|BG{*S@9w&Dxa*3l$QbqK?VQ-
zfB;YpsnQND>D*An1^^gM1OPz$H)`Z)V&H6|Vj*l|YGG^PY++|hYw2WXd#&T;gvFNd
z%a>aq<wg;&>G)LF-IDCof;_(Srs|tTLgr%9*{~;_7|a4J4e;08luqSU<EC(%to;Iv
z9xn31C^boar&5^&!3+$T**Dtv_3IkTzuK?)92vUa1wu>dRMM-h^U_ZODt`zBTA3E1
zR|PCl8Erpfdt2%yG04E;PVvC{buG{S?c*FWrZ_>?GMT&5k<5=W;Z?QLZyj^4vP95?
z1JiSvDIL@1d5uJj+t~`h@0J9Us=2_6tM)-n%0M^(HhP;gxYq|5pf1^xB_;90&Y#A@
zFQpeU(FSKg{RkEOen4D3oi+Bs4r60!Y#}7|CzF~~U*_Y?Mh2D0bX>T@f~A5wLzzmf
zh@jvO^Q$+^tSn18?G|-_lex3hv*7xsJ+56wBqpLet7|(jeQN7zezW@Xbpp<=RX@^^
z(dBt}w^zk(d1l7x`p(`AT=#^WI<TJs(;jmR*`VrCd$uT}4`Or!U)&^n%;_VfMk`yb
zDMcu+{^zy#7hIR&n-gt+n(E1DvGS@@SGz**<k`vzjDhx!8fHcFs1@967nhrz*Z1MN
ze{lN_%2!Cy*e3&SE_kNY93F}x3}GM>y4Vb=s9D8}@Ia6_WV?BP*x?}M_J!>=U-&Rs
zxy!jArU{;m#s7iwKC+To%3SqSDVXh<Fhiov^D!L%JJj3ACQp=6_`+WqscA-#2YKvo
zP5V0lV^<OdY+qqB<G`$<a=J6VGFW#i7_<h8kNlbGhBnM-drrV0Hng)TY^q{kRN;gS
zTqx?|gg%%UUG4^mZ<+B8Kh@5GQMN(M%0Rs;lv3#*Zi1YAgnT#euOc`hdCVMT%HwA2
zWD;|sM?%d4z@T2$1^tnt^>q#e**O)yG*F4#_!a_DI{8GsT9oT5snRA2C!KUuh6(Mm
zpZ%E`EtcTy?2}g}GG$WflhW2kV4)0eAriSFaX~HsLm@7I=&Vh^DSPJSj{(@dqxW?H
zYEH7{A=0~z1!sM;QxeR|<gxtMA^aEcC&9xx`gP!CH&=gGt^CIEgRcRa>T{kRVJ5dO
z(ejM<R1cHG8^BxL8nP5UCCf`n(VW2uJyo;FeH7<QqvN?GQB7-^NCLK+2W&;32vKQz
z>shHFp&bS)9L<s&Um!Eb0{2p9=rvp(mJrOWQ%^#b1(D7%sB+iC?oLf*+YP@;Sj0Oq
zRtS_4DW`~ue(8>KK4V3lf?RswJ_+Wz#&GZF<-@{6v)J0avfM5eH$?W8<19PqAYLAW
zgy3H45-^<T;ooK@PL3wY_?({1I|J06^KmdqWC$K<Qpm4lU#x4MuFP$@EE(jE-WLOF
z=l)x-N3<+0@?ntPaB7f#-%JI|n!;-TAi%4uud3<caCpsM$0A`~H^vY(l^HKE@UPEU
z6dYotw^*p?C$yK_#XUP&1$0o*Y#qZQs@9{Yc1PESs~B)|ydUVA7)88&Jij(xAExXV
z4S4W%i%JD8cUDCd{mH!LWQqIY`BcV7#7~(^FmozkI!PGm`zlpl*UQxwU5{-iLca>?
zam7xlEi<Y3f^C|^PB)R55r+0!yecN3+qLJ{oQnwQchLi<&gG6<o$ue?R`KLZWoja&
z09oUKh>%?gs|1bEs>CmHra%$wz!~neJm7OofKyK(!o3MWnV^>;%|!wcDNT+Eh6`~i
zGMv}DSy8p)gDFr7!dO0WskCiQ5VMLE^4+FitP$&{T8Q8jT+u4YsO&s0o{#n%KPy&S
z-3Od$+NC#{7-<LP38U()d5=?q>PIJu#9hu(U^8kbMLYv$yKv)vnGoQj=C?%1eHC@i
zyN!OsnDW6Y9_I>`5l*^4Kc)kt1?R_Qq_!KEaW$)Q<{sbuy1zPJAe?RU9VBUKmJ7PA
zKVNTMLH*T=Z4|w<%akZJt0#TBeDUl0ogp8yCP{n|im*W^-)H)_`gU!v`faVf+kUMs
zE@I%Tx7$~bE!XO3A*$mM^T!c6<uB9i=mxTGbRzueQOKp7vt0}hBbh)2ps%r4-lop!
z@k43j++kTSnw4FkL8wqysr`MNL`9CS6jAywiDOhnQCfCT3NPFsUO5<^n>u}VuZdC}
zJ^=eYyxbqWmS!!dPvtrJkgJI4&*1QWT2Sr2egHh@b$bqy2GlP=t}VYWD~q4kEBl+(
z*MM_2UrPWjyS9IJZ11I0^uB#McW?bU`qG(4slo)JG^gtqJBE!eb=XO&1|N{ZK(f=K
zWjm1hp%2=8X35boa->EV-`1k5ygq$wqH02dJl~66!eIH@L?9h$n6eJRUxjKGqlU?t
zA72QYzVx30A#UAKMGr$^S%RwyyBif<vk$WS{4Ssr^VM6l-BR%sC~M7V7y>O_CHKsw
zHD6f3ERCSzY108I873mYBUCyYai_IRZ;KMr<tfS+_L4(JkO_p?ETXzj)-?O}&1?_o
zQ!fntsx!sy)E~UCCe)r<=miMD6DJ<O3pxgZlto)~xYK2A6qg=NlT-eDmt9_m)`v0Q
z(ZhDp-`r9W-}j$9N{j+@#mI27eIq%J_y0PLpE`}RMU4!UHdTl?6;+b!v|CorTeRgD
z#wCIIA+}EyP&A<6(Co15*}hrFKNfthMX1s&9=uwaTrQ0Jq$^jSIuD)(cRR`sr9WBc
zVpAziNgddwL5#cAtIFWw-j>^NyOqy$Z;WlZAJe}bA?T0mfhI?*9SE-sZT%Tezhn)q
zRvT!maoiA(hl8#zS~L|WV{W{+4ACY&IHiI!b5=cXVOb&(o{UxVlFCDCZu~iLTD4za
zrl8AxVYL1HeECH}KXcq^U|F#zE7!Ivyi&ymE2S5AiI}ipdfhRg=OmM3@Sq9Gefzig
zvdp|LjZ3}EC;CU{3{pgH$pmCoOQ~BTAgKNNzPcS8>rcB!D1<H#n3N;7LfS`YuG>yl
z<K_q9(DC9_v9w(<)O0+pkDC^U<Sde~$LrbC4`eu}X@D2UJ(2mw*_Jtn`XdFc!0HDV
zG0aaY<})S~BM)?tvd-<j;{orWonthA+Lz}bWUo}tF{N~$<1H|y$lgpo{q>Y>tub>R
z>~hf6r&Ro^CwB^*DZLIwFDZ`>oe_7HnGg~hsnzfpn~Q(BEfF^6lBT+JzAw$4O(gsl
zF^$!=JQU`wQhSFEoA<LI<Em0#4;R)8YH)y<br20Og}0D&Fe#;zR~TwT`hGN@R3%cm
zINpj;_Lva(tQUrEq@aY);|&8@5Tz7$Ky;1>X2hi)7=k#?WA-!@R)9DdqThq3ogb@*
z^MPtPiLjHvCvSCKCQ9)7Q!z@=wbU+sitH+IhJ%y)l0S!m;5Mwzu?ADs)PfTeBj+}`
z@=#p8n$y(i$jE^^2wx=G%z!+{&dJ++WzfJVcKpDx7nT6PFcIRSFHA}W9hhRo#otL$
zw50*An3hUw-;>jLG((zA61{`@2N`G-1cjnLI7S>A8e1?>67p2uBuyj;JbB(j7R15>
z8|W@{XO00>B;0HO(Yxz6fZzB|Q4fENf!xO_uDug>jQa;4r!Ix2L5f*cbLvbRm1LM-
z?N5GZCQv>Apeyvc=ehMLd(=BR2nkO8pMfO|c$u$8DE1%{#WBSJRUm=$mkAH_?7V{Y
ziUnh844(2jjD=h|;ymfd;>!Hf>TE2b<!+a}i}X6`iS!#nv(Wo=G~%^uWvmHT#q^wN
zRJ~VLU_B#`2oUs_qQsTMZ!#O5QN{wxQz(d_eRYGELKtCA8*&n9#Zc4%Wi`?OGv3q1
zv&bh4`VCMym}oFt-3jHRxD#?^6+sEJ90mNfISU){il~J%LCr3Pyl)2_ey;m0(NR8M
z@?rv5SmsW+^t8?8gUi^~m|AzqU}@PjndV||1xYlU`G6XC#yO9oyCCSNJt2#c^TFq7
zYR+WWI0-3J+mt>HlaZuZ1<dIgo~cuP7IbBHqBjT;@}j>lRTB)rL|aJ-!KHypUP=iK
zD7T^Vc~oNSDQuukpH?84&@c-?nuvp{L>mZ(650$qH+GR-R|Bx3?C}%2a-extlp(fb
zewgAS6rzl&wmW8d$-GRAnjYGDc~sD<5eu@-QhUvo%r#|cbrqr#w~8i=Cacny_>*0j
zhtJ*_@dEL(>o!Kf86g7w;KhNG8vBc_?|+Er7R%+?AQr(d{m(DY+QFyp6KE_-2S1ts
zd6djmq36LfffS%Lt=Yhdk^1e*pE+`X$djjFq=@KDVvrJYj^JRPFqTw+_h-fF(DO41
zC>bHkto>sKG0Ry4QlH($JK>kGp@B*q8F3uJ&>>ERJp;g=&UkE2i`C%F2I8a!7X-AD
zVwC+eA(Drtz1m=5a+2Gf2dVlCSUhNOZNYvvMhd$_0dQ_bgh-&`FeJbPB23fH0|WPy
zBG9!bXasiBN{vH>#UuXCa@nDWokA<5JP|Dy!y^gbvc`HvfaUZUQ}8C=ig@<t^FY1W
z|CHbzjPSShwxR}nfBm&WqsEk+)Is`qd1Zz5-9#mA$Bpm~0O8eZ4eBoh$O4lRl1wCN
zg*bOcpfrXaoeyJ5H}F!%!>Ffc)HME*grmSrgC8asC}VpA`D<oKsMOI2_&yzALj(Kc
zDWVXh%P_$@6s<?6q-mc_uq+WfT5ntPvYbngz{!OJ%JBUQQ5v|!<Aj2D)zF%^s4P#|
zJ@&`}p$NA)q0X7Zoa|Si(Wf!`eycYu%XRyG8ej{nZxsQU6&94sicEV6K=(I9n`Z--
zb#|h7f*nw@k^r?hQ_M5#;_0BCVFRW>2L4zZAgNT&$DQF_k%<mRByOTyT5CwULm9UG
zEvb{<Xwh&iCIdmRB1}~l;=7RJcuz~Q@g2>m7r5wMT^}j4i?gSMDOZS;gIRzr68k9)
z?I;YiT%D>&Qbr8$BJ+{*c2}dYeM>Tc?=v1kA^;r~y>jF#6ojk;I)$|+WoB&Sa!OLQ
z$pZu3xRWz2QVQf8(U&y|U*iQ~L27Jox=)s2)@Uw~c{E1%?D(?bzyfu4Y@A7VWmU8u
zTSx_K6Y}dwPO%2#4*~qlCC6ucpk<Hi$^x|=OrBMQSC^`=n$3}&3_rOsu~#MsxuCXV
zG!@w8b(p|Gzb4l!r&Z}6JN~77kSD=xIMY*3WN6+3&LZBwlu*{}X@x<k4q_lBdx2*-
z%e{OD8RNb{e2eS2$9$v8!no_E{G{>8DMRdej>?NzHYfU2exm~c3Co9r)nSU-PiQs+
z5uGV<lZS9e=cR}~Tqt0T`O4oJRT?c1z^^YtG{mX*A1YezwL)f5E0E)6w||Wv75R#m
zz+i7+DOP}p3>Z?8x4ftqD3<8T4o9ynV9tSyK>NhilD^pOLSi`z|K>dL;DjIJFItEc
zk<A_s<-J-h1W18Xum0>}qprdyM_?3&*^u2BvYtlHzl}zZ%jA)08f&97;3kGrh>)dB
zja7~rYzJ(A8;I6-V>-(f)!Ukn-;c$biklq#+vBh^+eDNXxdkI`&KRsZIE-R%kl;Ql
z>RK*j3c)ZOZ6YtYcBv)VAt4`BqG)Y2B?Q^QcD=4b?kE|Miq}(}SZ>Ielq1Bbb$mHA
z7$VzAw}mZ<M`kuLHdq100Y^+@=Ii^}!R370tHAxCl>+?yA%Cv_A)a$q#;AaMJ%<CV
z>gk$-bW~QnVN)?1B?JyNfsQRw4u2}3WJ5@VTZtGyy=ML(#o0MssL>v>6E_dr3|bOE
zpBEwN4CR-H1`bN3L`#~zo{K|V_o{on#v7YE(eq|1iy)^d;#j{T<*cD@ZX2g}8zA!V
zyM_BH_Spp!x3>wv9lRHaI@@SE*tO}iC8WfwK}ycLW<s?T*JPI}vG<L0*I*#Uvt2_N
zM@+(cRge(qt5~$RuayO;Ncw6XsQI#m9rGF#te7zH5zSFqYAPuqI~KM=vB7r@PEO)A
zQObu11I{x9BXWG;X>{Rz9k<*-7P>rHVwpNqlx9WA1oyfeI?<q_2{2BYUpCfEXfAUm
zczBOgDq|zYCgwax2lGVQw<kTptsx?697h=xcdCdfu#JZaVO~{19XSuO<G0wK3Bz1n
zSO+a`R`m!noNQm=wY#oLLTkf++zcz>ljSL5Ln!*Z1Ua81IksX*5Qb(|ui`~})fWns
zoTuT`)*LcRMJPC5R~gMpiHpms&5BxidyQmFU0U4d;zNvb2)Re8k4W~bXqhN3aQ2j9
zm~p)a0Il6<L9VD;S{g7%+V`r{t#)o{0&@CeTN)H3Ln-*iZtw9vpN$#2zSA3J$nD<?
zk=&gM>|UW=Y!Bc!-(E!hh=i>a9S9fA3mcBvS3lo)HHG035Y%zr5A6xBlktSMaO^F`
z(z*9xP4YL-1v#%-yNwDJyK4))7&%1<^3NndL>$)O3!2Kdtk2@8p3m%Pad9iO4?$}U
zP0;sPw4N%=X7*C3%24RIK-xALm4VDK(DuPW;?{7XA}ukT1I=l(N&Q{y@-VIZ6BTvL
zA1ZAd6RRle$7bT*ChX*%y9W5I<arriXbk*H1n_K@?HFMQj0bGNLU%v)rpy9ndeQ`H
z68>sTD<1*bs*Nimf{a69PK`SUnR~{`)(~>qWfyzx1_h3cKv+uu=X?4DxvVI;^;w3o
z%#iGSf9E8mp>|~Zmw1lBYPYf()eYE0C0p6?AM0%>J3Kr-4eOlcO1d9MVI2Wq4&IQ|
zCF=P&eReX?%3fQa(&(t>qkZ{cQueV$3zMabeeX{w*-q}L<?Ohj1<HvKR|Q%VO^hrI
ziRWbbxlw4ziOLjEiImc#tUd43I~Y@AcGhJA#bTJd8XNIHsG$g91i{*+@^o)OJbvqn
znDKtAri2;g{SJF`6RKJADT#`+9MSz@NQl3^gjcmBrKiL0Q#;;XN@Slj$4^;~uNya*
zKDk6iF^v6^OBR|KP$Fj&8WR!G&2B`J1Nm3ja+SKGcrSTKYXeNxj0||Z3<+JNUU0Cl
zFQK1LcJ4mDTczGxugIdNrimiXkP8yi{YJY`^J+;SK&g<OPr6#zY8;jNElXQ!IK)yB
z3o88WTd*kScfgX^3q>_7iow|-OP<kHF>7PzRtF)SR@F_d#R!ew&uhKK$oWKm%8tJP
z8}A>?c9bgXHrpu(kl4eC%*cw%a?mWVa0skgC~wybUX(n{pzpOo;&}~O+G;nQr0htS
z>Jq}?TNk3T_C)an*8|+9S*;CzXG+i;8w7p>!HWSGcGTWQHbC~3UWQz|L>YgKzxH}a
zYuZ|Ss^s*fCSLrN?aglCsHlgosrOlj2Mt3RCqY(9E$-DC&O2yP1<UREb5|Yg&0^0J
z`ylHBEJKkkG*M7Q-1@}50EI9uW^{2b%K*80V;)n50z4{1f@%kk2Dc+3{)~GlxZkyE
zvnM7l{eZ+6@v-D!eu|!h4QeA;O{szW0wipj`Zp&PvdM_OWhrnXtJmUwwdUR-bL7Rt
z*x-gIA6tX6E65-EiS4E;40g!p;yuu0*TnycgndNRA<34LXi?HRPQUfvd#f_-dQki0
z-3rp@7zqk04F2^%P<oqZ7LOv3*5mB7`PSWA^RVx~y*qd2j$Dn~^UAh=brP$u03L$b
zbbn^DoU<t!A0yLFn1uN|kfbC~;VoWCMw>S^Q-Vc;m+Q%m8`DIut%U|_6ZCWsnI;ob
z7)Vyby+bpPyr7tm^l5g=OP7p6$c%XatLnWnsvFGGSij;+ffGpT2IqCM{!3Jr-r%yM
z{&tUYwW0zr_@;q0^B3oY+?_JbGO;?61zn(Z8q12J+78N9%cP^foGm$pGrA^6&Xxl7
z66Hg#L75`6b4}N=va7T4jg<T{`dC{I(Y+vuXaOxd6qnyx42~0WiOw<B-7#q7%Y3(r
zxQ#wS!G!bA@c7CjRM;9A1NGF#jIwb*<R+y{i$RUXsCo$;2Bp+CH}I)Fe6S-Kd2Nb&
z9R<@-`CA+vnX8u`-D!5bZ0W#sNY&x1`ibYwwJ&QQljrBE5kI$fDPTWhnU+-ZLPPzG
zpshq=<aGo^eVvgA^FY|}f+8a^G@n_T6zx<2Ur!S!jHl#d5Vbn8VQBhor8Ld6d7Ap=
z8YKvpL%i{nzTH;8nvCtw0vKBE>WCZm(5i+*K1izgLh~4PG|o_Uy&)ai{^}WdqPq!T
z)Sr5Zl|{&XqhtY>#4DDe;}=%{dR|SuCHf4ypw5zW>n@+*_Ltpplt`DF5fH`n(`5v3
zfyO{Vf^@ns^Ls3r03L1SUQ}MV>)u66C_0kzp=j!_1mMeTNrDfcQ1tV&*pf&PPU<eF
ze)J|1A1OH*!MQ<BqQbivlhTe!y?Y}wJuIZ_S{=soiTDmZKNS{V2d`)Drd|hL+Mq1o
zuMT1;Y#pfdMOY_D^QqF)n~R#|sY(OD!(MZnbD^f>2-R<NpGcqKppCTg+}U2M=8LS4
zrQ{GaA=(9KxJN-HN8FMtj=Z~(VzS;}aeJbWEYsvaAb*{R>&J*-0opSng@X5qR;jJe
zi?_Nz-k4>ZNI^>l1qhO<D+~eu=wWG9ljQ8k%<}qrK15al+4yj7e;6<J+dQb09!p3;
zG<TfGuOs)j&S}Vzrom)j+g?N{_*Jf_f;ac(9o0S|xqlH%Q`s_#G}%lraBV+RKfNIS
zn7PGrJl@&6#rACAE-@KC&}W-wT4$Rq95Aycubo8FglLM?=KyqV4#giSSo|eEm{rg^
z)RKO|aW2j+J#5i|_dZ%7c!f-)A^mZ33#pByx~<}>Ppzo#DRrdMqmtY;4bY|LAZX0w
zX|9HAs0z@sV?oHfxj=>7x5yLQ0;r@tI9|F7>ReO}d4EJZRkPL7z3ik8^a~l04eOcD
zm&n|3b&-Yk5e~D}r%6a&oSj_?(LKH7ZqJe5-!yZSK)*knLYzRg%htH5Nz|Chw8Mz6
z=FWJu@S%vVBzKxs8>tH7vZYYjOO{7lbp+>tZYs1!Cl#u~Iq^<EO9{tb4B&H#l#!q_
zuEkt!^<W!LJN*2rAEStzY^Q5}Y{)xFFNy!7ebGfJSeu;`Br0VU-HV_9U1=QQb!i+i
z+MJ@GAqfs=fqf|s)KhHi-&jEol3!@?%5RW7e8Bkt!W{i8ff3b>PdSOHERH*QdY$7k
z_lTjp1V`3nm$%bQm>u?Wi?r)p8uB4p8?^|TP3Wx`$>}NC(d?37$tg%{T>joo`1+0S
zPbCMDB()*_)yOohnOX8xcSPm(7lhW9ZeBclzQ-}(1C#yyg$Y^^p_#4z^1;`#<O;YU
zoAOs692x;hp<^v|^>WaQrvWl+;Z?I6Y9-l(7x+V|8zlJNMv(Ix<Yyhjr23C$O!x8E
zeJo#1fPgKVTfkSh!9J=E61S#m$eJ<3Cv0%G;1DPsPB!(m*{4o(RXH#*hOLjNy3qns
zDg^kfY|b?=uLr2BEe<LHSHVokV{Xo!X(w}0K>I{s(-8=rWCz;`?VPYx`igSu<=i<4
zBhlzhOBz)YCZEl`$MIj+=AZcA&zV6pDYcp^Z7jww91X2V<nnQg@8?-I?T95R;q}M%
zs_ytY#^&y8$c{y#k2ZF`rfs=4xo?00A0PK89vk)8F198Lo>IATAK$i|u_`|QH!T>F
zul2Kvt7oKxOkY3$URA=@d&mz5cs)Hiw||GXui$fuu+Y8~-*SknbGN;f8m5(vb#G#|
zK4LtSyA4M=w_i2zEPlTyuXaCh^8dd!<Z&Q%x$*)4fFL#m0K&gEq>X`vt+I)Yz4gCl
z<o`7wuY9bOHpLt7UcXV4x=JG_H}<FiW$RDj@go}7;`Xe?U0W0CnNfioj+Q}<W*)y@
zTRmwP#8a*q_Qv)dS}fy>+nryZoM)e&oPT%eAgaGp?X(jCb-DPhRt4yv;9OnbGOqz$
z>qNkYAY1N*&f;wbal-9>WUCdo>C`ZfC0#~|g*I`7+G#OhY_Q|5v36a4b~Pb4*tE&;
zW$(c6y)QWDWL!Fde(z_25%rP4=YD^`1K|a&*kNjP;Gj5btTv4GL5N=bC&uVMLND2e
zAhc(9S-0jON0u*keqrlx;pm$Ig;!`V-2v#|=N5{s!T?=xkRc!xcAw?Zls4JwWadWh
z?=z>H_256)fGxv$xbXq+ztE{SS?HM&x&_Q>(BUANZ^3b0sOK5*MY5R=)cc<|04qf8
zWEMvAalQhs<CZ@biF&X+!8|V8_w9|Gv|R677ZfwN3rKeF&gA_YR~&$mKZdCDb<y#|
z;1kox?GfZb4eaD$1GSLh`S^Edh0%^Dt=O8T9Y_C6)JnYLyhsnSM7;Z8<<EjBjKV>%
z=BprUBR%;XdA9z*V--;ce8q^aF13j+iILu);V>xdI)PWcts_KI0;ufo_O9!R>IJWm
zZZ76qWdu4coXZWmz+hWf`4OWUfuT9<i1Zx6aS-!TrpC+pBlv3oFhG(&M99FnYtjw>
zZK$X1t+liL;Q_WlS@q6xY?lIGoo%2y+5<FuWm**!gKZfFWbtP1AjK81v2?GweF1is
z$nxhL3I%+YfQM~#5WlkqhZ{2*u?c(x9Pwz^Z3&<@4=#KcFZ!x0W#!@HWqk?y<7d98
zFJxn7<dm5~($q8PZpizz<O<J%7lnDJJ?mmuX@Wmz6c<%|^d9H_ci5-N0YiUuD5sr6
z>f&62e!LK$hj?rep@N4=5Dgb&&i?N3E~04~=Y{-cU08t?Bng9=Id<R^b@_wI($Ofp
zTRV2m?m9Ec#qgn~xLLm=tDyaIGx<7{8o#%73PxvI4aP)|-a-SF7QCUg!QhGP<G`kT
zZ&VK%n^53GVGKY)E;2Z!y`DFY$%G5j#JUwbS93L>7b!x_uRB<o0+*#)dYuLR)`$aU
zbQH~l_&tSsOpTX@$<s;jV<{g%l11SC@Q^KCXZ#r%Mn#uMvHTccL6a_1)T0}j^C>s(
zuDm{f&J8whl?^39x)xl?5=i7YleR^H3wk)=IiW8Gtu-Wv&t)oKDqj#N<rzms^pk7+
z*#F}Xz?Q^Wm-9Jf^F##<&udJ^(4!k+doNDCJ?r1|P^Nbczd5T20c6I9_$$rN{434O
zM4d-^AL3P7T#c0|)YTPTuvNo)*KhQVqb@h0zj+lEe$S2YbIazP7*@}AmK^mQC`evz
zZndjruhR|lwb#k7Zk26at3%%pzK_egjfO9o$s3hz1kE@U7|Ni?M1B%~=L-AT2?ye3
zx&SUDP5^0|Y8HK}K$PIeQfR}5{Nv{mGq{xewdtmhbgzor)sP~F9NDdeX}MQnqML^P
z+|fu#!@Ic1TdD$-JTGv*tgHhc<mouh31hV{Yb=}lfz;ipKFJ^8)G(PIzLBU_Cw6IN
z_II+_>>QJfS85vVmL*rZ?^3H}_%v>rV|F*xuWpeQ?Ot6QB#d@8mp<0WzHW4BQH8rb
z$IYE?Yu<NNhAeD#Y325Jy4dWPkhpmzn@+DWP0A!*B}3k*Oe}w&*m}6(t-k1WZ`d4o
z(!{!5&f>eVbgZ6idn!1pK|}iNRMQ1)EelxK?$}K2ZHKbnHY9wDR_krnUZq6yG-%Z<
zPfMmVzx;JHX;medj$F4^rSj<7bmzRiaIT&1j1F{HgZqbJgFM@*Nj^Q@IgQb^xpbnV
z+R&@!BVy^Jy>opi*>1O#act`2)@vR2<6GPQdZB{y`sm*J4%1aR-_3f<8g-yUL;U2?
z+78lH8T8LgCs&Z0TeC-M@|B9ibXjJ!W3#GVQf6oE%fu(j78Mrh`Cz4KvEuaM_V)kM
z(WwQ0dqI#t+u1q%Sc59*^mtQ=(e){r>82r3xKf$<XMq}+|9D%?>+@KW1=9G&^L2UA
zL#@=yX2(b6e}T1;r#duACnww87+syE)16gC8f=(F>$^0oSkv1NmEGTx?V3_R8ncJn
z-T#kM?SG+O|Bv$rW@mf#Kh{_2Gfrqdl54RaUM)Xo>rCg)bTi#vqcoY!|D*9!>fgwJ
z(p{};iX*H1BuA#M0Bhn$r^l!4l-ku5LRN#t{ISZHTZY_hKQ~|)0~|SlScUCupOG76
zhFd%B&@&SG@_Of6Yp6UKeR5Ozu;W{-S+k5}zv2i=Z?|8L8n*s@>13}UX6>my)!#2=
zKT;C1_=U}V85fN*ccibHboENrwoys4!V#*0Du1I&8SM@08|uWG{qxMxRu;s{Lw&Nh
zN5XEgIAGxmo8z)H0%h(<Pc@Oxd=Zgun$Q67s8YNzrYFKZXpt%V`+=>!<dBJr>STY1
znAK{r&&&rt%V}=}%FL05ax9-Quh?BN#R1T)XmOM=>kch<sQ+IUA-4aqxcrah>i@A2
z{|hOZ;;^N*IKrI&7ttha{!}~LFM`v3ZomKzPS?Mli7NZ(bXPUVrplifq@hq~xgy@Z
zORnZntyY8er*Vt8^ZS9SYju;2(lmL=F*e5IABM>PF#7(70h#q*3?labV!)EvrdV}%
zDA=aSDDGVM4jiLTaLyd>nX!i~p6lfXMRA5M4jRJ3>IOQo(`22T?rDHKRQZ#FHx^(|
z?ATf+BpZ=qb!-1iVk7&1?G3X3&tCNZ>|u}oza;7wlWK5;Hdq`v-Z5p3o&VR{`2TdJ
z|3}wudzuUBzvp*4^hG$5PIUhd-)(x!3T@V&v~;oer#q@(=IE&|?eJh2F>CyPIZym=
z&ZnEwiDh*!+Q~4xLO|6Q75}di%pCt$38ba}R|$^?o7il->hsc>5{NTfNPl()fT}FY
z|L^rPar{qt;y>kJ;Cf;30|OuMh;~^Hm+If#*DLj!v>un}w`!k%8f}v*yVZ)e&Q|R`
zcFQu3p~_z~zSTx@+H27Xmt3LRAHBY3i|!Wt_@f${F_Nk+lv1EWyD=>?{xoVcy?h*#
zmcLG{RmD3t@6x-D=d{b&%f&V{2a;C?1)!Q-GLdVomQYh!bXB~%NhBs+p73rVS)d=|
zmcLH2Y%%LSze3);!thM2Ko?ZOf@vn%OyyY%Wj0h5wQu6resq322JPv-qu35KKZ4P&
zdUYDZ0V}U96<QbKPh9BdiL9T%Ot3anOiCt%u3z0AsJ+vQCWqphWP&QFf&<e`+|1-%
z)v%gqjQb{D9jJA8e}xzpmy4}$|4*CVblw$}%|t_jd+TpStJ&2lojzr!XOfS~(gr{9
zf5QLG=dhZz-+!UFaZL5r$yc8%xYm+e<OTdQ_G%{Ys`pPQv7X~AQJi7!#~6aF(##E7
zGwWO*zg?+(db3K|*)7Vy<p4dV$nWX~=iS^Qas%(sKew58j$a_QgNe=1>1ycTygJ=A
z=a4!8d!C|&dE_SEA$AT43bXuN;Z4=FddsadtBZyLY+Agll>s#XwtP9Wu7zT2*>@T&
zl;=`*Gr{D`<#Y)xm1M>=FLmwYwC^nW?X#=IdKI(Rap-+TECY3imvCZ-$o07M{~^j~
zw9Hztx`?Eu>U8a1s!VjQ(NBJkRQjeXyG1)LZVh(l7`%k%TNP1Q>Xifq;<}jGOf`HH
zG?q_B9(+{dvi`MvSD7U?vA)@N?0uP_zD@YfF~9^7)%_2{^nV$qHCk$QSzSEJ{%+*V
z|NE=*n8p8gjJ<lDXzLN1sQp;OAG#VGv-*#P^#58An0z6cETM%viECDu-biC%L*yHY
zkaFwJ6eI}hV61V;S?8jJ7on921xX<oIwar9H7UAM23{Pr5?z}-u%|4<MwJfC7ez_d
zgJvj+^;{h2H3g~xYn~>p!{p_vj2QozMR0an@_L$&#&+H5qlUWEWwcN7P9s*lu(DxI
zH5CO~F<97eVziJ6ldzH+D{9t|o(RYZ__QXirlCn(F=evI5O3&ZPKfQBZ^er)lul%d
zI26`EX?3mu2+&H}!<VdRaP|K&hLAh5HkXTD!MiW41xZCMii|l(etafSA$(e;Z04L*
zR>t)_ib+t=RxFBhzd%-uU{C}2eV+d6aL5TTet{=3nAylp2N2_MLDU5&#XuZ=n$0#x
zUc2NQ_u<DrBb6<wi>DbZftyYeh9Y5}t`vOWX0@#!-WWgZVy~asMbH$Q#X+RYll*{r
z;ngfDE}quLfHV961TE)lx_4)E2-O}ZW;8F8|B}T48;#g#*0l96CrT#?7(HNeE;djp
znaSnsDo-#cbX(~~+C@y4O~@rR3H~ZwIN%_=E=<%XMwm%qZ+0}{lR6M)$-#d^>>J5@
zPt4|4R2F`=1Kq?8^WB3z1CFz5P@aKNevcgdh`{ZX&DBgF_9tbob1_TV@LOvv_mfed
zX)|)8hrq%7+c>#VbIi!a33~^KqaStk=C)G%3jEpYwMNz%y)fJ<dwu!lQuzAL%Zy8j
z-217{AiLGs*rCBTI_>GT)x`uhqVsuTzQnuZM-L8W)7=T{Nj3<6c%7M9yA8#%)7=`q
zfoJ4&7tyk_(TbLOyQx=Wy;=8qqxIx+c+kLNIln4%-}>@=@eTabg{Q0Cax-fyYjL@~
zy1z>G*rwL{qQxer`uSG2ann*I`|7;aVR41=96P<UDc76BkuCYDV-Nm)P#HVzw1J+x
z`UBDH?R)FjU9~`$%eAxm@yYe*^!VaE*EH>Ea$B`i9yj~?GCci#Hn}X;`usBJd)cCR
zsm*Fxow(>=wpHfmVXii7yD?{1&11_v+fhBTK8;rCv<N#(M|HJb8n&qL**0&TjjfTL
zDQ6Id8?8xJy8nJZ|Mr#E3_4p?b)UC%dW%_|NC#)ehHBG&{iavL3HQ%0-c%xy=gZt0
z(@szM-r*{LYmE74{&w@g%jt{IX~TWrr*U0)PhRz=e|M)P_%#;Ql|1aJhT8j!*yqpH
zNW%tOsSKo5=_i3TmrXMc%8Y5$&9~?M&2#hnN<&YMvU%%g@r3<(PK?W$@n4R=knBTj
zKd^iC12b&}bHg_+crgPp*lx1G?l}^*FVm$T>oSv;d|9kBwmVx*c)TIk41fRJ<}Qj3
zOn!L6+ne=~?jIXb?)>Z2vXkx9cXZ#xFW>A4ZiYPZahO(Hnr)%aj_y{QX0lfFSs}>m
zHnZ&4E4yQM-&h=eA%6H(3&q-=4t0RLZ;Xm1&y1t(1<j{Ah&=f6!l+$qqia4r%iLaP
zg2!2ieh-=_h~iP=Y?L+0ZoHn3Mt`2}Uu#KaM>$q0XC)r4c1VqrMEEst`{=>bnao8`
ze(N>5{7rzaiSE`~#9;vSzJd+KZ4YgJ!BKFG1sfs-Msznyp|`cV40PwE2AUheij9*A
z#$i$n($XT&8xo2WnI;J6ji%M!e2Evr2@IDm2`UTH4#Te(XMdY~pQI?f<!Z6gSgP0W
z-!4@hQ^VRNsIK?`+Mg=|By@}8MzN6}trJRoJ3D);3YO(eB|+A=3M0{>7B~^8Gy528
z8;KG5lG#a=xG59xHqYcEyx{k$VH3q#t-<TVtO=f>lPYuBZ$$k@45W@s4Q3}1z6o2x
ziW(8jb+4jum&bb0&P<BK+rxj7DkwA(k5>cwD;z`ok{w=RJHGadXT2E~fQD#}m@rM~
zt|cgjMuXheI&?4f_vBRUZn}=b0f@Nq=iXGb$n6g)wz&W|nFV>--W!*HnOqkae?IZf
zAD#s=TnB%_hithzGi^8r`)N&{b8W}I`4NA2R0aeWAhh?Tdh5U*v8~7Jq5EE(TpuyO
zs_D6Ku+=jzJrkEvp$D9F<TM9<9PGB7yg+Q`GjV%G?l>PTE#3|I!O*a}n;}=o@L=fx
zUC8*pwH=V2j^LtH6VNS!`-u|hPmIuDFEQ@ejG^6N;bbseuzWFTXEBD!=rNCJSDK^!
zJxumbOfHDgay1`txNj>qc!-n$y6$>?HuD9d&`W^<tx&F}bvPTWXYt+VG1wdMA)ykh
z;JQzP!$<>)NPBqqrcu|FV)n#pu|J^U1ovfDibOz$SoAv^2U+`AH*x&Gzro1zfx!){
z7egmiPIb*8J)1Shc*N{SeMD=)^Jq%PefB(v-Nw{--$10_VA7b~@i6GE2Sc+yfdON?
zM{y5u=0Zh<S0OPLNJu`TEz^89wuNjpVZp_T2<J<X;cQRjN53cyU}cE-)}ORe41ci^
z`&faVZQMYJ&Ke_yR>NijbRtNoOGr}W&^K8(HX_G~I*q74t7+1m+_|*MG;wit2kRlH
z*9a&4G&-SFv5u%rP?h3_#3KDCucGZx!bRR*$Z~9|PFfEezclNj^h>!oP?#=BS_Yg7
zod!xPj2Ac*4w}D5@r#vp05o&?H~0`K%09`H3L>HT!zKQtjXdr@aAEL4p=j6vrg@_t
znDGi5SC8TsuIK;=ZYQB;!PQGCTrz~0yPy$Zai$uYJea@lam%u@E6Go|V_`TWMGq!G
zuQ0^Izb{C#$KHj4lBb#TAqMe_enQmpeb%t~AEp1Qy|aCwJq-2(cs&K=(c;7n0`~0s
zhqVp?BH=Qy?F+6OkLnwFr7+|S$%sYLL3FlVf*!DG<<UWKt=|JVWK!&*1!tVO1*BO>
ze1RI2K6UfMGz<R*(kp-H78yH4##7EXcQvVm$ASxGa(kZUp*sOk^dY{)YjTDAJ-h<?
zar_GQT!NOdi9#~spTYMGSnyS-QqD5fP%y^`%>r|iMl)TJ^Mto<3$5`sDrPznU|NBO
zS~9<_HTKB-^?|gp0U~iPPJvVj&4GsXI>4zilY|I%fXx0Rah`fvIhd*ro*|r^r%;ax
z*AvvSeuvJ-S%d(fNy|Mch*%<Vk_V}<_Z&iD2M8MjP+A3}dO_gV0BM-d2}xJmf|n*A
z;ABI)5L}%Kc)vBCLcr5Osv~=oHQ&TCbZ3jd9M2aG3mY2(ggo=N=FguFkr%W@crzxK
z8cd_-n-PH#vA>)M7{}PhgM^sLR(zs_*^(2&4~4VCC>$C_rIbL1#z+6R4GyChW#XKo
z5X$24AZ7Kgc#7OjktbsvO_9gaTGB_omNNC}2DrRbdX8@5-ksO?zMA)UN1m;9E%NH)
zx+3!y&4Iz~8C)9Su^dG3c;VnCmzh}tFU#Q3wOZ<h&-numVSV0f&bYD>=MH=kv^4XA
zD$X9H4UrqB{c)@m_enCgv0;na{*?~$9qa|<GVar-2D-NO4iiLE-KP+xgoO+cxk7ju
zDXU}ZvqDP~y@ZCjgr*|uAA`RAm7=k^wnSlum?=zif;x3@^!4gz^@yXM+8vh-p#x_8
z7M`qslubx#WPLu1W=UZ{0g6gKKXi`>8|Qr8pcBQp8DO2+?rh-1pMADwI%-m?`p`8<
zW^M(|Zf_-(C4rsCL_hjVO04H>KG@khZ}){x_cM+xQY4}-5}U*iItT|w&Mjtlv;zfF
z%Fg=nr+a@C_MXahk3U-LxCjuGwt*Yw-)9=A_J9rwKIQ@gB!;lWFu(SvP)Qaf6Op4H
z9Yn}F{>mxvN&PhTv8i4*TtDrI=hb)ODdWyFQ!(K>&2vb$g9B2!^aZecZ4H05h9($u
ziBeBTN5=;Ir$y8yLIJ?gN>rmA0XdFgow-<ar)gS8j~ej(9p;D&a)~oN@vU`p^PTz)
zB+w~hj!}=fnJ!{~diLgr1|yZjXTnL|FWkrP$n(UT2%n$Y7&$mJzh=>eW|Fja5Z^xg
z6brdtlqb=M=p$1E|Bgg_nL9$4Cqa=z@5lFmF_lz~AtrWLdLY%7=ADZrH0nVRwRsh(
z^6Tk4vVAMj<vX!5>On50hw;%13a%cl^9s$Ej$n57gCdBDgB7~Hf_}e0+wC5o(*2dV
z)^8pHFN^!tmctoIy+Vz<VME1COO;1G>u4njInFJU@rWOcv~Iw)n_HTgIp#8h6$8CL
zoW~fLA1rMHsjjg#{p6b3{>z@-xmzEVn<;Cz-$lMq9i-0SiD=iyFEbr$^grkAfr257
zb!_7fjiocyo_fOt{Vr=pUg<<_Wdpx@J;e4{8EafiuR;fx^MSiYgfa1CqWYpd8+Q-b
zk9!u2n8MO7mV*h!#ro12;U{(QG~y(pmaj)|g*mhvG-?%`oa7{#Hkpgif<3f%A5zAK
z=bmf#`|6XqdaWb`yeK^#iBs`vv~mNV0b+N1!RV~)(z5ke;ac3sFk#`^LRtG8`}!B8
zo{`@&4ZvKaz+TtP(8<_V7UQ#8vM03FE`T1;F_TJeUI^4*Esuow2E1jON9bJc{L!HO
z08WMSoFHqBB{#r+AOza6noAVu5M)LOKSl)hHjf<m?giPdg5nf8GEpc>OVqBkb-f{i
z_;jYo(4cQUXwU(dXq$X&{No~u^+ElziLr0_`$>tgplLam8z5ZJ3L4gGqIlsN^!Q7B
z-EiTj`kngxFtL4r?(<Ys9!{0!>}h5bPfA;OfFm>*Os7frkk1Ai$kR1En=H29DMoF;
z7wQwdjc4!H8Mya8(|}rA3*a?)s4zed=!M?SLM%x#40ZaCu&xb13I2o2`}GHEO7#4|
z*4j#8U$P^hwdgvH?)cId;5k~<Fg<=g6Q^?X7imls44t%T&)ltN&jIW`d`{7u0~{g&
z$4ie-S9nZ$9yimb&eKOGb}Y;Msv$rFS=o``LiVPWdj<wP$WZ;tsV{g$6Q!L>ziH<P
zVhMAA!JO?gaFx~Djr|7pVoqMvsDUAuANi**<ubHo_v4MJ@~PuiA#~cw6u2!RnKV(V
z_)>(7DML_)@m#Mh?w088W4Bs;^Y-;vt6GeqR`kP+6umsIkdQ_)zvUm#?I9(eMjrj8
z2le3m^@9X^?zki`%svy?5K*V{q@p^v)*P&4QcbYdout=`2L|_px<${qA|<@7=o}8-
z$0hp*Arb9a#`1+k)M)_cT=k%Kuv34b+b01RZjHSOZG*G-DC)~ld;3iUZc<E#(3$OH
zf5uw25!CH>JD1`|yAEF5`a>ZR9B-qqV`ki`X9vbl5TZDC1|{Yh`-l$UTBPl1U`Oi7
zjvx7307M)R#DI0WvarLcZlxrlk8ytvEcU5VfBecGmYkhlfx|aArwdnItBJrj5B)J?
z+vc!61V+)U8yFvpBBh_DV<jeWJ`X3)<s2ku3t(aC!~40LoDMPl8=sha(ho?odHU9y
z#NqU8-7=CUE=l8X&wGCdYpm}S1b+puUXs!yDICXyQ2Qs_#w?yFe;e&HQb>+w%jOWG
z%Du=9FDq&ZfSA1C;26}WZqaZEZve3U*v)#{&fpzNx88)p{>~9Nj)_xP0gKky6tJ&|
zQBsQsXSyT%r?U55!F6KH?o&kENX=<MZp`jKv9Q5}8rYAwL5}gFEgDA-ni;QY7-;x0
zrnqd)kC=XGjD!n@g=d_v)}04Z-jRJg$+k5Y2odvWAI4HoToJ(0;5wlOt2z1<yPO>P
z!xCh%atq@jI+Wp)Djm3ONi9Spa!PkcoJt=ZLOhcGAfT9w^n~#TzKOvgv7rMnA5eS{
z9~$QmlCO0zE}C$Y;O<3`zy0R8nhS-&qfkE6QvPtx?!w>{XzMk#eV8201i&g>ZRYE<
z@0<1y7|3+}jiAJt_Ai-lB#fbc1G3eJ;!uvI#+N*3U2tB|h<uLoOg2PYPNq0WADS!^
z<Z@&Y3?qNxQamDj1vGpN=A%$A@4<uV9g3<7oMIr-Na~$HsdwZ}L5$xx%2G0FxtCx@
z=%is`lbnDdr<l@B@Xp4#wh0uFdY4vLM6XKfmnu%vaYt`gOhDW7a`Y#Wy+9Xqr{K^g
z;gFuo;RK7=UCc5xwaPkI^qc22^W3`1)jGUG_qOms>YTH0hX0NXscymxYKqQTY>a8f
z=Ex)V0##!74&j>zuT#hqLiLeHNT0F+8Y1x%KNmTf1hA*<&8eb`A(K7Ij~Gu?2!Vbc
z!o~>{R`5NQM3?m=<s*)lVsI#=01+Xcm;5V9B7jPfA#585!@(FKNdb9XSbE$PQGX`E
z!2<L(%R{E&JQhKs?@ZpO&hx{<k^FAay@H+AK>aZ$muA2kS=uIWyo9Ey;#Z*_PC+Yc
zs?<H9q`2<(#N}2)-vQ7oHa7Z5cJL`~1@$HcX|6%!jY#6}{)C)15E_*O$g~Ldwbh8<
zgEO;IIv*PWq`gBa)(x4DjnnCvj{Pew3wJE6JcIO{T*Dh57A{yS%x9!il5-OvDfKn8
zdnxudI-AR#3Hbm)!T^ojru4xds3aM9Z+?>79{}A7Dvd4N(`Nw>?k*B$t~1`&TyvFp
z(3*!`!k{SIwKiHim0cj}XX+TA>$OD&L?A|`{k$#g@GPxb9`BxAlf=mqU0KXWoPsGa
zr+AuOUceNKYXaQ}O)0uK{wQcFGVNYXZK+7+Y3-5di*_0N1<WQ-rqnY-Phk$yHiMfL
z(YJaqEIkmg?Uuk;CoO59ml670cs%rX{R3E8<bwQRxDtv4p|F6`Sl!;#0V!5<LQwS!
zl4ba4{W1#Ao8+*B@eK+^|GfNb!4Qxo?hB}GFIA(oSPo__IhTlv%37_t0Hei9^h`Wu
z!^z>k6Q68oYrn($FazeU%HJzveAx7ZYHDV*utEFhy))<W*eDT5q_jK)h@Q$nH3e_Q
zh(P~z1oKSp5yeArchR<;8rja5Ul;!1OSva+hD!;^i3a_e0<fLg%eTodS`43*WXSkf
zw*cI{_hG8SRB~b<xxs_^TsN*Go@{bhyz7m*GwtUX(vzWkFtj}_XZG9hL&lv1S=f16
z-^vrWBUaaR3bvs|9l$U*HV^<F97trG$AemDjnZr6c^lM?Z+}7w9_{D@4uyrz3`|Pv
z$}x##iMr%6_)|rplWsfDJPOokVZI8V-|)7@Fsb;ijLO`Bo#$*_@G~YGElM%=Ltq9K
zT6`h3fqXFBRGx{4JjG)Wx4ogd<?_*H)d})7ko9tFyo%o9-#%tr5HJmg;y`RHuV9QW
z+cxSvyO@_w6k&GktK0o@=?UJY@%FZsbu9M6Z$Yao4>T?&>O)H1Lmcj4dBCVAL=1OZ
zcdjFdqYI5B$Se$3yX}Am>OD|}zn@jo!J&X2v<OMjzWxNyL97V<WU)Q9p!r9`w77H!
zTb-ik9eI~|qZ|LY)Ht5n6xVVnMw=YqVmSxsIZw7~EVU|nIZ8>SKhH_$Qshmhd=*61
z(}1^|KH8N|oK9Lhk7A5B-o>g^UEaA+k9Nj2r6W@rp5uvD7{$4POD<`0IKkrJL`@;I
zM@+bRDcC$+CA$r>alz541Kcd}8kC~#Z9+wW(DJ1DZn$%I3gW0kJ%IT$XERFO3R<NJ
zQScEupQ6Z1AP}N!F0!Gg59pk+PgfrK0ids3X)9)z$^Q!!au12me<v#8*H4}fqJI0?
zzE>_f(7z4F3l=gmWdA7#6{dgqd98G$F?yKsQm7ry0m#q+v_&(IPms+r;U4r{0(7}x
zshFFJ{K7LGD<cGFrBMo4<avh#Hgu;Kg&W9v*4<aED_$(BvoHUWrHxtgAhn7%sbn>D
zt!)_fJsWziS!xwliI<@vyZ~v58fn*CLBv~b!b~GQyXJT~IJVp}^b()~EypSpjGk|a
zMSHZbU)0}jTvU}SZnq#fBYAqk)1$k|7W487Fa-9Sj5zf#4Vy4g`?JO}61M(6-kE0?
zN^@YjZ>SZrb)cx7tavUbvSw8zSiB;a#`_y#!RCo6={YHq7csyL;U<Za#f1NIE7c}S
z^PbL&{>i{gtFg(9LSWF5cf?5;c7ZesY|~mqDpcwa1P|ulLYIL<iz;{mt7pY^I<<=9
ze6gD{L^#8r<tUii^IKy7D1iu)K_fM0M-n0+==rcAorA7sn7>?M$4JKsjLlgZ(B}GN
zs|@hE>kRc~1=0Vm7-T}Gx3I!^u|C&EjGEl)!*iZbTE_K`pjg3r^MkJua{XjKUw-%f
z+~U5B+ZH<C*C>5*`fi{3^uR@jK@H#Xs{TcKy{WQYnRaO0!DYMs8{n|o!-3fx`-(Re
zAfR<y6SOma*YEy$a$?mg80~gzQ}{BvhV5NY-THDpeEj*6O0~&))%}U;v)$Ha9j*D~
zqV!em)9v}|&vzU4|8aIt!IixI;<sblwr$(V#I|kQP9{z!wrx)AWMbR4tvB;~u=lR|
zAHD0S4|=6mSEagEf9~u4F7%YDw}uR*RnI4v=Z8N$mkU)Nixcq+e0=52?X(qhytpm4
zSYBcuMh#Dob2VnNC9}Th>w?|Sr$%>~Y(qy){C)H}TW@;w758IDF;7jOpOf$F9lZD~
zHVwKf+!bzA`*)o_4o>{9jt?_7ogcMZzpLiCQld4__MO);*-!QGRu>vF*zUEgVzDP0
zY%3gG?*>oT8~g9ZpuC<=cAV$=Y+1C(#Z`|Em6r3w3l>K$+<m=S`1nn2dYP%McqkrT
z+QrWH$NE>IMYZg>KT|3u`@gRj{BA!yoA-N_zr~K~`I&XPig?x6+^wqiqwQn5&6?+$
z50fUJ-u#SB|EhXb@NEc+JE`AeQKjo+ri;J5uJUohLaA@{#1~>sR?9{_q+uoBt6R6j
z%g3gxsj`L~b@jrxj7j@<i4iUrrV*SG5Zq04H?VtUEps)6b6xvISV1lEaMm0^w%Kfj
z&s~|X>s<XRd`Wae20Qyjn4EzZj8XsFQDgjdeHR|cI%ch;`%7x18xTL|WQ1F#ZH<?4
zQ+vy_E8&M+j7G&OCi~Fcja$V^aWvJnrpTO|jf^`DYPML7*D6PM@TcC{bio>D-6df5
z<BdX*(=F(;{=JEId`Av^zX~^cD4LJYoY&hSpmDmw7ejjCOqf&{8&y@}<Hw7`-lvEA
z+oIx8J`OeN(f)JOrJ|$cuAYtC7W%*sOy@nvucbm;h28F!IybA|#KjV^8@<!SO9MA2
zxPo<5(BU#*B-cZwSDxnoL|_Vs#+xBxV`PJD<AAdEDq0lz-O)<ePqyFoHf!Q=E)pol
zYvS{Q)xySs@j>00-I+|UT}F4z7q~$d8aq+fxW5#3LHiKoV@lR;XTV%wxLG1%V`8SH
zjtiYM0<BrO(FTO53H4f=2==hJ(Qep1<cLIQ8z=A)U2=JsunS<*pvwLy`zj_K=aCpr
z{v1+2*D#MPl2XJ96hR@4cgrs{O{Ex3;_-*`CeJU^VtV`nUwbsz4gpCIW)VjK!dI-&
zZj|5NM3R^TV&M<7Cm|Ar!-@mw*9>51Mv~2*4s@5Dm6z|maZ5^_-ukhdh4jwsSuzkD
ztV(!G4vb?16K?h`A<6CI<#5Nyj=f$79=HvMC|UA*SzqyT6nw+p2|~re5s2m<Kv4H{
z1;qmscLUDX;(nS7!(gLb5|I)hF@buLiU1jTAwQown$P7{`g4=$t~i6Ia=}18#kk|K
zMs!D%!jD4qyc_3pM=IFMfYhv1hw$KN1Doj?fg9{2tGj}MyujhTF4+<w&;aXs8ui*v
z7mC9yF-MF#gt5Kl*%aWNwBxPxe)zkOI7iz9^h50ZVIJHexHgZq5s@-?mWj4n#9&1s
z2puS>mW+l7x9M@W`soyE*D4J3@rA4?FzTXyb@TtX?Dm5WK%9oeKyp@f8Lb`Wu(ix!
zFA4vH!g|7;PeBH-J?F{eD*?+vAlABm;s{A&j$!^M?Gl|c)mj-F&=8(J12)?<HlZep
zyAG>fYiU)&^d7n@rv5Fveh?AEEwFyFE!aUgMWO38_>_S({nkHd`dX;D1SJgA0Q94r
zsK!k;WdlcX2Z+e#KwLBt+Hv&nkXR?c>Bh9!$!lNGpPd9IWObSGbFGv68fStSpUU;%
z!qY}Y4};`&(WZgzPn)7}2%HiH#=*_mi%9PQvQOzVf$eQ6ZaI&Xj}*=K+m3!QZ)N_0
zNXul<CQAwB=*dlC6<OgyOfc91QSFW$Ah?f7Ma=XQ8nOKLeP4P9TgQ4M@Zi8OfQ#w`
zCx2V6MCOcjb;|Usaabg%4I&{sI*8Bu0dr3deGeK)=lM0J{uHV;G?32y6HJ`kFL&rb
z-IF^^hEysb^x%NmBd2lgqv1(Sa_md(_|v`KX|h#n5fi7$jY`;N`qbZw@8o_PPbqiw
z`|Y~^o_or00LKtreF5;_4fifu7)l!PiO`7Irhg-pV3Q2ipuJzp#*z@}hh(S}i~2tW
zSLJWPEoS1QQ;si#oX4qjI9yO3T8MftqiNkzGVdoL6#zX1pv^3@&H^^_-Qm>;aDzGV
z6DD8QA5@n}Eg?Xz(pYg_gf$qWswC7bg<RnVH>HUJO!`i>%PlY4VfBQeX2@;2nW5JR
zlIYQ}6pb$=(gz6%%vKs$Sizj)&>EuCCzJh>F$)rpiCr9bILsP#sXasL8Z}URxczEQ
zaNJHY9@YekC-I3sG?R3R(oFf3Ik2Sq`;4vp-yIfh?$-Sd_Yrw`Wp%?4Zwx~S6`&~r
zw-S<!TVR32XNkg?$dJ71JHiHc@59{xE5a&g+>dMCK}^9Tw`EEHmN$8J97SIBh;d==
z;8dO#@vf(9gKur_Kb$nf0I{fw)cj*D0Z=H$8KiU8$Td#I){w-Kt|Oh7Pw_|FbimyB
zcUb_W)v8<KGKu9*ipD3+=$7A648M9sN1R3~JuuU}x`#-~a$uU#kDYxIIY?N}06|QW
z@mUUme^K0?R=KPTf#x=w)*xJKxKiXaFE?$|i)2^DoZKqf?eHpEgE1ce^&!4j8HvD=
z<*~mdcKsdy%Q%oRA-ytRTpdmAxfdYh=r~$iD~JH`@NjDy+qODNk5QPE)fN?+6iVCJ
z1B0R22BfC&1@)g0OD27qYJMI%a{>`KSZVAG){CG;VxcD;Ytr0eL}ny~2%1=Nv}yJx
zKQxKV`97gK%iEVAMQJ946NIBz)sz<v>v*v$q%LrByYT&T-L{h}BO`<pz}ZiV#|8id
z%(&}5ZVfPL_5L8JzrpNPOQ&Gxl}k7OZn24#*APNCY0FH0R8%@h{c~pYU&&EpI8*gt
z3!%$T;?-uS3bOw72&aR2bM4h8EBh`OAm7}-F`ROd$t<Bb|AR+l=bTn$kHoVm;)Z@s
zoAxe+pT%N<htC)J>FEl82bSEDJPT22GWf1-bmBI#g0Cefljkn$qL*!;wivxDh9(Q&
z|52e5Nb4|E8=-kT+C@iV@driNV+Ls>U&yn^r;i+=Z*qZYsNE5d4Ox0pb`YeiNBUHW
zVj434g(^ju$eOT97OrP?50q)VlOqp2DujW_p{E6eiQRv@ED1LOu=E9F>hfAJrp(18
ze3<YO^zG}ILpsP(B4rM-089b?i}UN+I1f{`>eDAW3UE?Dlf@t0M6MQjB|1}DEbTDf
z=1^Ww2;RS87DbZBt@J8vU}|WBM0huKfRT)Tq7rizd%EO$ZLSzndSU)vqAmf2X0+-i
zDXXsd*e|dWrPXy*e}pDMNyMd7+rl{V)NGcg?eY|fBehsk)9QEY*M~E_#bhQzl-NNJ
zsXW&0B#_&h+!>S#(Gb&t9q!VlSvpW{s$w((R`quM(^iQbb`g*}tt6e~&zP^s>Qzz2
z$nF(9eQ+(1_n*y-;gn>}&+L9Bs%4i>p<9fj)2_qvvX6B>d+n27KO%(y@A2gl_~%p`
ztW+f?_-k>C6;NPSzisx&m6hM;N!-j@TspP}66J4J&~uUcOWC62bE|oWaP+lMXMz!f
zV>7_vRPA&KxD3dYMU!CfS~4lvQYSGS>Q=CZedS#7AHsZd*Gx6m#)1h3H~Z@}#89KD
zF}J#4O!;yYud3+_e}<>Ys(J~GKLfR|3$gEnG6>3(B-a3(DEA(F6#25q$`3@0yythJ
zk1|Kp^8nSAAHfAlVE|X-4wf0R;dH7e*c18_nN);xcojhpg@{wYot}|UyGqd2NuLt$
zE>FnCUO68hSJ^L9+-t7*O)1F44FR=MRx(neu;jJ^4{Sbi41wG`C<XdS7%o1YizD>u
zlzP|6f-JU;GZ4tON1IX2(^0Z}8?UX&Lc`Hc2K!hRlIbHFL>wG#D(mK=KZ>8JqC7}@
zqX~A4NTeDMr!sHSGVWLNjqMaoX=$>dB+|FdB{+Ex(eGchf(mtb%|!nQft<cvO{z;w
zsZ)KW<tofizaF}}X5r+qIH6Xp$(38my7_J+^2C80pbw2TT&hSTM|%V(M*W%Wwp{5E
zQIH~=PWrj6t>K%g-EOLSr01034h_DRpyM8G7b>nkpki$Xey)DjC&T&+wotoYIQ<a_
zV>YWDi~nQGfPI}M-CMkt^MOYC__H1a2R@ALpuzE|iw7(E&o;Ow9B&3ks8zx+ejJk>
z;_gv77Ej^m3&Bzuvn0`@E`ij7f>N`wKDPGOXa`3cclNYR2FMcKUP(*I#<}5m{28;0
zwA;MnD$0Nkb2q`WL#IJZ)A#N>9=w#bi+T&!txj$X7&z}Qt4*GMU4UP)10gLG>5y*;
z1-7`%4N%(2BagkkfSd)uSl$?>?kb}F816>d9G3tKPRYQ)yP<+(@tCS`)3&4;BMr}Y
zBMc)95>8|o>)CzbpVKby>jxxm1in}8aBlHqKQo&i_15eSY%gZ&oJ;*c=v+8;Wyb1A
z5OoDB4n`8_#EZ2@HE1Qs&`3Po$al6ZCHttVl1cdOC5ft|zvOa|*6!i!Z0PlQ6AHZ4
zR(*AC=*7-VsJ#ziI~1ROlwXz<2I^71CDl*G@Bw_OmS?MImc8Pao@y|p{&LmRy_f_$
zHaT-`{a$Uo_))%kmsnN9;w9B!26hqPM?E-6RfX~fuY4Y19!w3|-2s&iis&`-s<Sz+
zbMj2Oa5H!Jr{>;UYU*gHGsurxXNs!I`2&9bfywYpYJ$EdJ;mt0UgaZVk9x*O70OQ%
z)z_Bl;8(RA{scLOXVHxsmLDaHFV*Xp)D3;ruHVY5?$Cm!#VhH;{hT34&HP93@2O}6
z_%GGS?@vtm{fUoFya#`U>RCMJyWXQaNR|D{)>Gu|UY(h$D^UCXd&g>#zLY3FRBl^R
zTQ&DS3a`451KqPv)IMK#XI>$BYOlUUS1Dp!)E*vcub=!nTV})a(ONp#x7TIeCBQr~
zXrmEVn4ocg;EZXh+zz36N&7u?+^aFM6t^QzfIQ;aZiV!I$v4z%XwuiDEb`8&o5@i)
zAM+Eo83#PDiBPw}*8W~$>~?p$14G|qFdsbI7$@1pndu_gq0?YcGZ{Jk-hdFPY5%Ei
zl7C5sbhlq$(HuF_VU3uk)L(#}#u>lEZKNs5_=1lf>mj8+lW*kBmrU$T?0NYWr&FBp
zVCe8B(-oZuFHlWx&CWk_;?+xGw|pK^<cj}jeX3_As@AA87GfyS2h7!jwsLb-sdokb
z=qJ2*wjp-1t5fpm^8S0~%^M#J9yM~yrxJtwazkUIGGouQlh<|=6L_!M$BD%f|B62q
zIH-A32fQ<JC+OyJVq(cQ1nX*ZP3$7Jj`LYW%kE<B=h)K)y;`%)vey&s>u(2#6|AP?
zv*Ks1H_wMpK)+3RdOEEqGxn0khs(3;vtJ(T6<Tjq8N?Mn-pV#^TB;>pT(%qEkI=8f
zrdJmwdQ+LQMIUsnLB2N&!-t$UQBzia!Fqh%Pu;qzCn;07S5_Y%SubrKUVP@Ork(X}
zs#nS*M_zBchrag*rv+=CZwB2iT4gSD*iDP0C#}r3^W8j+6=v)<$1RI^?CEA3s(a^$
zKNs38!j4i<A1~+nPfC5(&6{OoDkmpOYK3FPzRB42`?I;X@Azt<nd+ju{OO%r^x|kr
zSOfOY=1tdkdbO;u@9Tv>97W{yGC#+(+fu&1vC7pFZ~U0P)HHZ=ddqWKao_e~QWw#i
zUbN}i)M*NOj7D{(2)nDS@O~@s@pCoOxX73*4sM$JKxoctUX6h=YY=_%?R0;7UG=uo
z(37KTT>DToX?2zx=5l5l!Wja=*~Rt)zg9Oe(^fb(bX$WLHxQ5EE&=43DpY$rRQfnC
zHfh3_#WrKNvt5PH>3hT&3VoWgAl@<Y;e}{r)=#{?WkkIK@pa5ZzEa=NeHyWJv&*{>
zdd<OUP;FwijXK)9Qf-jIR@rU}FTPq$zgDN>iPn8;bnu1z=w8edZ*el*0Oq;aE08+c
zhraGT9&07?;KvWGaHWHxeSIx{dYk|rVJY}DV390<{{?5GtVw?HcDFb5ad-V#RWvEe
zsY*3DdSkUww4X50y?WV2AD+T=Jaq6`!wELbQDB1Y)l$s8dt(33gMaO87qNqwGzvln
zOixe1Yjs$2bKy{bOoVKfzq@ektFaZdAb>#{-OQGl{`&)Ad<(mnh<cd%=P-r1aG~1_
z!k^^n#l>m3k1E<Sm9c80*mz+eb-3KFix>ouGb0^%9ehWX<T7N0pEW;rjn~(X=fM(1
z=j-U5ULsvad-W#uWHEiVMx)4I{+0q!B5IHNe1Eudk;awPKLDOa5*_t>=^&tZmrrHA
zbAGScbw;m%G&w*^_7_>390Z?aS0W(PfkSgILmq%=R{(td!mmcViqt553Q}i!Gc%&l
zj7lW$^2}*a@B6SYrR3R(EQknXI#%5&1KbDpbe<&`*SRXBSGWIHaFtX&Z6PvSJC*yy
zGL!g;$E{Bl0H1F6Jb)Y&k|Q{iB*y)5E44HFkxRL3E^a`~&zpRa_&9koDxNfIX}-sc
zcmLzq?L3veF<4U;fh*2qp{Yz#ib9jW0C_gdS{*M#d{$ReXgHgjsW;f^$27JzcHE&#
zXcu2tvV^|19Z<Ke&5Z-ni>k@tW>6LFJ+AsW0V5xej+LZ0(mO^cN~Vi`D_(>ylWn9g
zV2d}fZN#QTcDR<q?h&6H-kXe~M&VBrO5+;H?+0=VWTjD(_O^+5%ZJ1^!?IYq@S}b{
zV4IE`2!paI;xa(P;$Q*=8j{?P?3A|yZfc+ti!qAUP_~fu$im6r_!EkvxeOX0EBoR}
z2Q9EdQ-aY_xb;h`mk=U2q}kn_O}}V$XyM^&_=5-b)}pPMEt*Zxn^#D#O9`K@Xzm?N
z*}WSCXdr+quvawa1APX<M#m3c46>cho1C@@iP$E?M(1-==N!_|2yai8YvYvfc9=+a
zmz<?<`}KHn;URh$@v&ZJWQvXAu}}9-Bu3T-?+BSbpq`wKi#N@DxrAm*Jo$o)xvS;G
z&CAiB<`7TqF}d;i@@I{v70T%VGN7wTHUBso@QpKJxx*xLPS6OsyU`8y!T&3vFw~Iv
z;Y5<p$^YRp8F#7iH`ygls%zYvEYPtz2iF(*l7JDq3dh`eAjcW%Pka7S`HcPydADci
z!Sf-2=xfJ^yZ!*<=^%x}(1>VDvuBRvnjD9`OZ|stZPERQW`X~QW|gJ>hh|xv{)c8M
zKm9|q2tv93cnd-d>Chu|d#Jny+E0KP#bXs<@W`2N7j?2+-{_ksieD|Da#KBdu!bX(
z!1yUGN{$25+NHlAyhFcKqvvj7kWvKX$~{9>3zce?@k~t@Go1Vu7P++Osrof=8-67`
z1*pDUT;pz*&-!<#;PTz|bH+ryuWjb$T<(}me#SAoa)4n_J5w8epaz*hm;@ytej0yx
zgl<qC3T}Q+lg{ueM01eWqb2eOR`=aNJCfD@K-eKrN(s>hM6(S4vhjS3#x!g#ZN_7N
zZ>V_#donG<YrC+rRsBuGA9`b&7-9GX?bW@JXDLIaUzUxTR?_vNq6r9pql5Gy(yC#h
zyk)a=Df_+l$Z*EHybyXHWo~d`m>uM~vtTQR<xNPTVdh2j%*%mxVZ>6tQ(TbRZc=zf
zc=0r$;R+(V`pn&+K3!p~rz|7-s$-Bs?J?qcbvCU3FSV7RNGF`ozC&#a$4<uK(jhY#
zs<2_Z9}<wRN<uc)3VVf4kcV$0L7!z@QtA~axUfURc(CE(H}B<ATz4J)lHF6}L19-6
zO%AcE+cODgbuh%3hri{Rm$smH!jewj#`OO@RuOLcziuzF3>s+uwv{wU`qAwT<w#GY
zp|wUymBOExn`7V7N!Mm(yMYhM=Em2r-=7DJlRaQ@_@e<3rAib{G3)oagk*aokH_!n
z+^$k4Am@SO!<O;Yp<-Fiza@dOMIVj)sQXJR<7(S_6grLk-b7$|!QZ2#@SYSoQGwH8
z3qf2(X+TTLT52YwHj!gYltW;abk3Fbw9w8V75G%dtmr)uieDeLIzn!G5$$?+F`2`W
zN5ITJ;Ugn1U^lmpWGnKQE{q?fLyz@6cDVfmIdfzZ5h|pNr@bXq*jzVZD9~TsrHd0>
z!7=#pt-HiyzIE5KMD*GKC9$V4F0;n~gcl}fi#qtX<GS#6r0&n+pPviOfN$$a5xWe^
z_To1Qm1!-Lr5t6`<n420qSnR6nJe=Vpl4$nX|jTD18e%D_WfE5=&n-GF+}m-PghXA
z#Q)XKyRvHbIzFLe_}6mH?@{agAImj{?M$D(y8F46d49Q-;E*;~!UO(5IQTO1F#aMY
z;IBSHF@Wy&```H>VoY8R2c=H>zmjWR@_$P%sT4B!rr^jRt&yL9etb2q0pCKI8g}OV
zu3_D30^0BbT@c-%#)ty|9=P**{)Svzjg;?P3Y#C{B`~s!KFgr%4C$>N@oomkkV`jA
zSUW+9ZnVO1S&t@tl`F+=e#}8YGZV9toN)n=m9;wb@W_zSd%ufiz{D5~;a33S0E-_%
z&d+U%9eAK|_;KKL=u<(bqO_>D5la+kfR-6v<I%IbC!&n@EM2br1Z#vamoxU)WAnZN
z*VOob0hj*JmtOK`;<w)Frx~+GqkVo5-o@}R1Tmd2kYSi&gwJNH5*(N>W~&Uo8fhir
z39B*}q++b{k&EF!Ei2q`EGjRER3y@juB_`>vx=W6Ix`p!Yhd*AMNPqVGENY`{qwz4
zj7Pu!&9;)sVL6?Qh>|7tX%nr|n6<faq&F1h7)K<l^%rd!wq=<$M(fxd1PIWCH+Pxb
z@~WUmw5DLgl%9OQ<ra!1V%#>44G&--r|Y#p7IYvXrd=Muzw8#&|F&DS|6{jyT$#2N
z&L5lA8AT@ykAU8^C_uj9Hwrwcwj(7P&=P&KpKVOS&q70RBM7LM@EoE;YiGrtd+jB%
zWepG(Z>RqU-ir8(x2{RrNjMGWd<k&&eI+_ihJW(|MQJhdfl3UK&xctkv9v#0FSR~s
z#q7Y98d0uI<R3Ly1YV^d`qSE;AnR9{BZT*3928)e2b4wzfM&SWCO)Kq;8erKqKan(
z0%Ga!rE|p{cW$E=SfRlOOMdh?{S4`Ss*!tnr_{uCA|o|j0zJz<LhIy12zxQBcF^J|
zp{ULD%+CHW0%Mu#T#33Q=sd3~#tN;L7f78_y3vQ2v_|EjsSFb$yw>jI-2@WlbQ7g@
z^<+pyjzzBogb-2DwYflp4I`x23=h%Y`R#k$=3|)%ZRve`PC9RLJ9z@FW)fLovtv4z
zk2;bN9z|N$=e|GLNt=xYhIb2%Vb7v{KJ<_rrNI;^l$PW$tRA}Jm+$Lin^&f5rgvTD
zehw&qZV$ncEgr!ulf%T{x67Fnp|HfQ6*Do4R0X_NE&0~yuKr$&Zt-CjUp7T6CX1uj
z=Gp3QU`R)fIX{gFO$P9U#DNuv()-w^bbTn$hYWT}?izeb4=vH1coWfz;Tl*1lB)F%
zmLl4qosMWU?d@#iXe^8&*>Kk7Rz@7_(N1J-+Y9FB8}Kj7<-Ych<$Brrm*o<oZ&bIf
z)yMHt<byYcmPaYOulo5b5!eCTSJEP0%BDqK^H~bTpHw+pO1XG&7BB|!=VpjN<0YxO
z8rU*4R7*C;;9M^=SG6Qmvudg@fINx~OIv|1f}z#`I~4{7|2e0~kS5it32Dr$G6PBf
zS)E+88E(N*@*yYVv2L>iAJnK~CE%c|aDzE0y3Q^AV{jTrt2>2zVd)+BZe1y}D75<r
z@zD`7RysP~uQ*@Ml;74%T#mK8aHTil1ne`St<U8yuY8(f@nvo(dkd`HyO`iKo_`(&
zXim2Q`eixbFV@x7?DcHZ^|Krm=)C+JEaLIH)-PEoe=W%n(35_C!nb#fi9?DSU?eK+
z!g*YCx?`eqM(ZB<p*<ZML%uLmIS(L#;u5(w(cWOq*3~{;BLodr`wBLSe<JvBm@U;!
z6Yf6M@519U35AUi5*Jm%Vzf0!>^|F-$vYt0?kWK2?gBLM(}*F3m5}_V7qlZa=MS4(
zT4%rr?IqnKBY4x6PNb~PjyEtPU49-_Uvv=1&bTqdoIu1SvMkmM+Q2RE$vK|mc4&aa
zCGr@h{DhG8JB~9mkK}~z6Z+jX%XQ}@8WuMJftL?Id}@OmPMY?N`;^cj35;93Ip9S0
z`w-~gj%-QJALJ$$gUr_yWIDX$crNYwNH9#|_ag;!R?d1q3A)@&$<~}3)-+*Zxm4%R
zpzcE*PJu9rCoUoF52oAW5Q>`bH}^xzX`u}{?V3m{dn^H%WARe&ju_Ti?#M~QEl}cz
zCp=fNWZkEj@fPY9EsH*w#=4W;FqKcobWF?;M(RwVwvBA`tnlo}L8+F%(f8Be5LFP|
zO~{}f)HsS(X2z15KqcpMsu?0z22T=Z;$(0$Emx)z7u~N@P%`HhGH~zj8m?<cwqo>w
zF^ic594Cyc|1s-J=+iHP(WM$Z2TJd~{UNFAe>Do2%u!|pK`4G;|7)K?(CZX~#8>X_
zXLglC@sAJDv&@sSIA7an;8vN_jOCx{6(PrJG}cAXfD&uRoV;i1WAX5g^=j9l{x#or
z4`5jN7$KmgnuuwI4eZ~xY!d2Uwk-d6X$B>bj7(1ql}@=t(is9t^d*bhfa4?WJx;__
zftFM7zr2hoy$MAI=1TfomqGoE;hh_FdTh*OV?^VnEHQn2Z9Ce(GR~|6iFy~ps2J`h
zD`9e5o=*o>N*2X$OC%f@yFp<u<@gk=IF&<%W*iK0(k)jzp&);Y@jaSE6+_>Cf_QQN
z6!FHlkOB0g1f;bJmdgi0h|LC4TDG5I);Hy9&GAAT01RAyWqD;(@E_9}T%#vUBA()=
zOWeyDJ;~!39QDZWnq45Djg>x5IyS2uQwFC`J`()M>RyVyj?LlsaLqjQzjMa=o;w(~
zos^)@lm236zujj8h}>mPZ;v$~_%%bQsfL7CL;Y6xOiK}F5tWoEynRFMR8l&Vlg4v<
zgy&Xw5Yai3k6Qg|o8NkxTrw}wA*&|EIXSp6i;wgpn#7zkrA2urZPTniWCawp;G}R2
zqaok4LlupcvV^X=L$dqlgLu~zYH1>+o>?jiisE3+ykO*J@sNLwJJP}f1&r&K<ewfU
z$`Bt5ti{-5WM<PdczIMxyGHaHs!+zR$nv-{!_+|;9!pASjT`cLl*CIndf)3d@NI-^
z6)?R#AR69ZdYUx3WazIit@^62hdI{IZF&Z?s*}x9>nDt#0Jon=>tC&a6VM4cvbc5K
zip#;=qk<kcC^Z<tM_84J`$qRSvBCV9Tq2U-4FhBpj}N;U1P3jKWZ~<zsqqA#sMN=W
zekc?N^BLNchal90_dBsAaMrOLn?(>?icp-*L6HWBoS*sll%;sQ8pRFg`Q+m~5nX<^
zD`^tAsZ1TCu+4^i^06JMz-Zh@yK-f73^y`7L)Q>?MRrnWvq6-!vqpAAzHq7Dtb-ES
z{ZC4_Bupst!4b&zQXvS!2qr4tG>K;oD}~|{TT|HU-27vns@7MQqRh=tQ7p)ScjB7r
zadza57i~tKZ$qq@+Zw$utaEcy&M)H+yOCUq8XQ}~Kc<4->rTRm{W87<8R~)7*w{@S
z0>cy$?0ty`GGE@6MIHlMB)eN46@<fOi;DbF7UfJkdemc5=|(y)|0?htaa=bL3rV+>
zr~f1MRHY?KO6afpG`SUN!VPFe_SvUWj0p5MZq&K%`#P#(H-<8_xw|$!>2ApGroixO
z%y^wEtgC_)%m(5*dNluK>RJMTfp`Z6M>#G!)aF0gh<jGO8*&`q|KOl)c*UX<V`+#B
z=<PV5dMkmyWjT(~n%-ukGrQCo$aLbNfk+<x=)^Rja?S$L!sdtz=o_z=J3A>JO7S6m
z>ikJMFMcvbnTzo)1sSHXpT{@cS+?_Sx$>si)0;O;Zp1++4lx^T(xdpV?2z~c!%#)O
z-)f36b_Q*!2}Zhm+6Un4XQkr}`?|(;FMz!$e8_E*Q<(!6Iz^n2R`TrQCjM_krxQUX
z1vWJ)S8G40g>nm8;U8#|v}>tj03|_w)nhopzl&zTI9}r9q+s>YFfJw6snx9LeMi}4
z(dZ@khrSC%W144Pf}u_xV16tI^i(h_7>Qm3yF$(CXQ1Gb(ACfD3`P2cs{1}~PXnwA
z-8kLURzr<AAEGl|v%1{l;t}=C3mO-%CIZJ}oiy5GW4CN&jGv@)0~_1<Fg~#oK6#Kc
zOch)QuS-&M6D23bahIT!T)rW77>uYo88lEH4jK)$pifcKNI#qSN4?5GU2-~Lv=9&?
zuv<mj4!>8&)M-FG-J<md7U_?QkEPfrOR!l-p9AlWcmFum75~n+b(5AuxdpCHMp<|p
zKz$4h&&|Lz?&VUNvp70ZK_coIm!cf^D7hV^4&X>o5OmE-n?XbOGcyp293RwlFb#{<
z6a&2fp^7dwXC-XCZus+klKgD-d(aVO4u*zEJijGgzFk)-Q5U&MK;^jX(ye9Rurh1E
z3%~;O6ss_BBmMssa)4$3FCk~GY8@`-c-Bx(&e7AyKmFiNZ3(LM0kcH03`O{_p*Pcp
zGA!XqtD}F0(GfS;*qJ5S(_Se7?a@}~(w>#UD!X)6s!Kty>cN@Oo4ZM=onnx1NXTVa
zB=-?a%As=yWh;~EA`m@UFvPh|Zdg>q<BBM$zvqxN@!XH#s_Y7m*HD^(kou7WYQsp;
zVB%Hq7A>L#gdPj;(m7;r20I+pdgp5^6e=HS3IKDLG0%jEgR$V`{>#V3|JTQ{PW|<9
z?Ur%d<EW=__|t&RBQbtvAD;ZRU+rN&^=lM59cS}hF?#HtIak7ac|tesv8a0ko!k`}
zE>7!}EyEMsM*8bbb}?cXdmrFV`qPW;XSr@n-VB>vZ7-`;@_QRzYo#BIY~VTOXH`C4
z4li9F2Y;Gjy{@`M_1Nj?v<kkN9EzWnUd<-|_SD<Xpvl?i`C(G?rVp-fCsVAKi&eLa
zlW|jQZ25)l*y(o;uF4q7R`^;z@BFwwOPece+yZr*rtf-P<|&E3@wkY+9y@yaTpFYL
zxNY0>sp{@#=4ZE?0+(5<RC}B}&4POIw$oc*kL}X-an`cqKX0+6ZkjYHSmffwbsLI)
zO$l>-I4_3%SX|u`yQ^HY%-ry<<6^(Key{J_^zr1tZTe<&i=*)iZ7(RU$1|laj#%0F
z_|a3b8d}%mf3V=Cd_JpZxL$7UU5#cI*J8d7%J1wQUOszyIP=Zmqj|qKjYIMI!aARY
zH{-ABP+R-i@;lRE!*|Gm{XB+V{SCX^Ug0|3Ro4f1V4v;s%g(RyYRZ<T!pCVfsn+#3
zeqZyP>YBoib@TCN4f>U?UWOg**_mXBYr9@KOv>endYJ4`YJaM~u=m~-03P*u6g8C2
zx$WBy#rcTC5sUv(+P&qLcX`f6W94JN#drRnka^otTE^>NzW(I2A?c{B0S9ygvqsY8
zEB^k43b`1kUEGSbGdzupOWH;qiLXSX#d6o7=o|0%4a;VW0;mqOnR^{AWV|0CB{OH)
zY?JhPUrSu~$F8!KUj8NDOByGc-hg}<KA37GS4aK!3zH#vqIz5Rn_V6NX{Pi1QDheP
zd9!)ZQfGxee!lCiet4T*P4jIO!%~BsoW51<N!kg|YHJ%$pf`$O8?EbKtYunBAcQvO
z8|jzfCo|u>`tL_r9lSlo<ts;l3=;t%I~Y&f@m5z8zUPCmKm*={;ysKmqCrvI7z^S1
zVe7OuUkI;?*x``s3-q!Er25B1@G6nfIq|Xt*ON9ju{H|(S^cn_sy|yc!fe9+%c1gQ
zd={G^YITb1KHwC<^K;ua-LbP)<7ydCm;Yt!7AyW^>wxnV%Zx6rw<G$#cDShu2B3op
zLvg17PspjEj&r3%GODUza@j)%sD%MkQNphah_SSVF&1#=;PqdSTSKj`?uP)sl^r?J
zA{Wafz7fiIHpjr_YvA!Mi)}GJ|AKG6=<k7sL<y|)jB^+i@6Ipyi3YW<wc8Wx6mCsq
zr~vgY)+dK@8gWD-0}>q5T|k2Otc!G&1Ti<mO?u7H2(?p0NI)ux4ZJJZqj?HKcUxw(
z0^%dLhTlbO`eR4=4ex5XTNsI|zW_L#^wcxZvCG~pFa|`9=mqY<#u}0Z6#Ih0dcS12
z-e-1`llLW@NdwlVV>sx0K_mwEF0>vYJx^Hb*lnp8fs{@2D<6559B$w)*n{Llm=HRQ
zo5|qK`CmP~?NBk8hxdO6^;=js3Ge-QKcQ2^JAEr?A8<5oiKwXn@mk16vm6k9F?vul
zT#Rb*{FJDSe7zppEq|?i_5|`>)y(HMIR^RLj6$X_e>UydiC5j@)VQ&0?q-`$3#Sa?
zh0}sMY_WV`1$-TZsW2a)Rrfu_`Uq|MWGn(xsc<e|e;X}>#8wb3CqFY$2(|#g>O2|3
z7NW9-OYsI}L<(s%!TKn~CY$|uf_t3#()su^f@|<w41mwaMODS}|Kd0JZ~P_`DDaKn
zS{fkIFxi9*5xeweB7~scfR6n#l?>?CERgti2#djY8n<0I84ioCGvK8TTZ_PrK7BrL
zAQ~FdCcyEvIp=`spA_}roYNwT4}oQMq5rx!(7)~t8E68$^j>KJ*tuNX9xk`-gyIlb
zxfS!ImvbVE8hpG1VEaxm&0)I&yzVl<3+|pPKI;fYG3!U2fM8cp*k=>=u~g-Yz?76y
z90Mr1+8Rest@MmM)ZIX4D2$=L_{YC;dhZK)FxPPJ(Ch#7bcFhtkXJsO?YHQGh_ORY
z$SOJ4(q$5K!~ti)>0uo{;P)3UL&51WxE#PoZP0pxX;Hr^fEVS7dV=F$d^vzYWmIN@
z7!*Eyz+iJpGl2-<?cQL|E-G_@_M?}doFu2QgL@?4m)a^v|A09!f<d@JdK8QSNTkq2
zn2(RC#*k^f$?mu-Pr%b?B@5nM`e&$;jPHm(&W=JU(S8|clDV^pV<>nonKWX`#J^l%
zwTl?c3m@CPGEf(I20Q5IjQkNwC2wu7M)oAUTrKnmuL#5&Wra^S2oN$Mw6*z69lO`n
zeoEISUvJMX+kLoUF7tU>d)sj<G+KY{K1fDvBGqIaV6EPQAICbJ&C6&7sGx>hq=~G+
zPx(`_F$U<5$PhV_-GWL%G}=T%i7Ar8xyBY*u^6NcqcZYlpu8NJVp;;HD48_kr;1!2
znBF$UP{}4nmY!uEUQP6&fZ7nIoGPMBT@rI1vUP3#kzBv@xbMPbc}TK$?PqQo{jx%n
zP9Un(iWdYoGq8)2o$;Yb-|}ObqrU9pA_un~lVnD*G<%YL`S5nuu>y})<5>Tf+w%7}
zSaY|Z9))%g`+)OOuC+sR7*)8rmI+-}C`_D8{K3E=Vpn>OV4gM-9e@wLu?Dl^wiCoW
z;>!D|Tqo<vJ1XQK=!XuTBiAm9g2*#(zxVmJoj@|Ua|{rAFd)SiN{hxrK?E#e1ZwZ4
zEBd9!n14u)-3_8pMdptes6>es0~4kOmiVwo$mFB>rX5`TdjD{{d=9c%hF;<A9rK4_
zRi%!P4bwM02(}hZO=d3klJXuYi~5e^PJ;i@cH8<9f44pRtl5KeFXPCQbImO~tO&w!
zLqPt!lMj7&ax9MTPQH7e5eK;|ko&iji^I76yOT3Lkgp|)L7HhK;$_<Q5YF0#=K)O3
zV7H|J84$~A`3l=T&j`Fn;zG&qu{mJ*Z^{o#<AL^Iso!#)>4($S^GceUa5U&BFncIT
zQKstgKJl&fvOd!NF>q)GxI#?UlI3JQz}V+tu7<U-j<Z@qy9JU;sj056ZU*-A`knyi
z0DweT61C0_0kPcpB|0p})K7j39v>|S+NCJe_EIq`(!Q~oZ5$$wAXU8mR#xgP2_u)&
z`L4x8=fv|pI~Ln;3%@P9Oq>(&k5DQ45!&(ZWRt`t1BCs7q&cEu^~p@h^vK6MgpkAo
z<><uYUt~kw(s!bhdVn*9@tWbM-#Z%|TE0FJbqn%cXD!$doVjzjPiXvRPo3Tp;UxS4
z`&P2Eg<&eZc96%L=Kxm4>+r18upKRynb;Ry2sP;Qa8~V-r(aQak6wDey`2W!1Sa3~
zU1OTLqUSQ%@_|LyjFgG&d*fRb4w8+Wt&8h%+c<TqsO<X<k1|2<ue7rw!lX{l{|pw5
zJNJiSXd>4)v_lr-XyX1SppTr<54U6RU=(}D05C@R?$hqrHB5ZAYHqygO~cEBEf!OD
zo1Cr-$+V?5ncL$&E@M3&1HM}?e~ry{n}ogkmTHD8uS+w5_+bvGc8oNdn%jxy^x4T}
zkTIwz%@GeuDb|v(k19Qmr00J@)+=tWk_P3$Dnt~ApL({<j-V_|6?!<<xJYd4r;}M!
zd7$oJm28o0k3$M(D8p$36%k%NUZ2rg=;TQas29IiIf3q`6$4b3DLW0EQzO^kZIw)6
z74-oqi8D!RI=-tpzcC^yzE3;?a4!=9?}Dsh6rv<*zGrkRRVY7kc3-6$o3|T%N0sHS
z8=a#sQqnwt*I4q191E*eR_ek-{AIW~3aHQXy=l1przZX{=aFL@iHT^M0F(_I5L+S*
zb{r+>C)QJrfuGSLTnPKucMbkV($&%+K@-70jwWUKl#z?T<~fay*!8nBq3+BrO3koz
z4+o2BB$#M&GSf`fX-`(DYUl}xUr{_dO)*gutGr=sX0c#|4)4YWWq&i$H$vu1r8Uwr
zq%hgS(;UuO<fqHA42jcr*-u8$pkeuon)o3o_hIG2YQzxkolGCB`VuqpP%5%Et`MW@
z)3G=@FogN3?{Iqts5r87Ud8wt7Ume4)!+gfM7X_v8ig7<lAzT(q;<NCmfqaMs&5W`
zQG)poV*|0k0L|sY7-K;kGNFvyFr<RXHUk;}Wn2FUC>Gqogn^zi)ekq1*QJqGvUy41
z_<=&6GKBTE{s2i$uNB3(1lB4l-jSpqq5AoaJ)KH)wUQuYBdbF|e**>}<G@mu48Py<
z`31#U7)@#9)I%_O;;k|#FEFD``jJVXvNm?LW$BQMi%e)MojoR&r_W{KyMw@!=y=41
z+*Vdd%z>ET?T~cW6W3|7F({bVL9!eqaH!SeldILIExatPlWlq~Lz1*#V{O62)=~^E
zPr^AiEQY+LQejI_hJ~?QATktkyRlwE*7jdIShBpt=sTU>q^d(Ek#4(lG*aedaz7o+
zm@9+D&N?2i3@~aZ@_ddby~H8#tKDo9%1nZ{S!PKh)gc4-mdB*m3j%ZRyviO<Y^~n}
z+pdwcx?=Ko@?Myt8(r$;lo|alNS-Suct~HdrRN|pa~24K?}rgD4i^hxKTLyxm**9~
zgA2z7qZKcH=M-rFWesBr`x$Q#XAp<y%3xy><H+~9-S`;lfhTOVcjK;Y+cH+X;`4N=
z&%km0QRA@->;<UI2L%-SC}g{1lF_rS-)A+z$XwAwi!UQ~A6C70L`T=gyz8~)(z>Uu
zTiDR_wHlhyY!w^BFZw}j-#B*TqFD|ac}<{6E1T@)z{EQHV(F2fnZ2)58thjA3RTgl
znTt{@fXHsB`Xg~+mSm&X(t@du1u^?iMbW4uy-e{soF1(VSu&XipyKwHrNv*RN5*e&
zL6k54@jpt>C80t6`6Y#%U-Rkb%xkRt*Ll~h)C+yf?G$WPz2XOQIY0L;#=91!uc}4S
zvtRD686uI|Z(k1=UhLd22pRaNfN$s4hU%k>Q~xVFXZkLUk!NR1YNA1kn)M5K!JEkO
zS!#p6=66`YYwYwRQ}u|{9(~JD4qCTU(F1v-udTfGbIa^|<*d}*m%s$Q5>I8)=Pi{F
zr`Q)_<k!H>FY{39hwk-Les+~>sk@Tcdt~p<*)QskZj@L4UsG01FzTx&J${jo-Qmom
zRgGU#Z`~LdHP;VPZ#9iyv*v!JPDg(a{d!mRBsFShKdCRi3>&-qmZ&efXFq=weEh=M
z_~%g6(l3qHxacWG>q_p2dz<1X@*jToPL_AAGN12@e)P*-O|d9a{R{Sf&Oc#}a;la4
zwW)NQ79T87=^LWP3AZf->NgQkcncEDQeTyx{8IZFRHTDrO+KstmHJD_RWZMHp^0#c
z|IUj`?9n(r6NXX&=JH%xKi|=;>v)5S=r!ahJ&#Z{H&q~xz>}EX(;bqPI-}^}*3)8x
zIojnhSSaihIpIe(i%w(08bCz`E?X8myPdZyT##yC!G!eg1R{eD(q%$Xze4E0<HiyE
z)2C8ly`p^YKckZMaqTCWB9xcdTNYaC$HoX5{UIwVf|c&bGNnjmW6)%AnYezN8}t)&
zO(nIT)fK_%Nnqdwh@5Q24Cw1)hxUu#w#06?jAYV)K|;oe_WX&?p^l!nRz*QYg&QBC
zW+mnSQ;_&eT6P_BlCwSnz4VUM2)KwJu)D0LU>u!t0KZK*N|6_1X#mE?knc;@ZV`=+
zl~B{VbG>9h{QHX~K@<+t-(ge(M_`7Dz-_urQydTRsl?&8jjM(aEz!Se5?etloLKI)
z$NGZ+;YtayY5GO-J{T)P1fz)01(*enE0g-#(l+7b#lckp%~i(+09E}7PmI>4Bygsd
zGDauLVfepN`p4d(DUJ|9#_*N|!@`bhn)YH##5d-;7iUd?Qp^Zej}51YdfDus$l~nx
zYMKguF1BpRb-y>M3i(xK;rpC+y}5cXa$PuoX|6@B891&6PikMmD0UR|x2im%8L}ug
zo2OL{wTIYQvI0gi7fFqcmkP)fJx@CsKoLTyP~OdDkb=rTj^7Rs%a0r-YX}|TnG|su
z->WU^{)`>OZmx2GVWU9bux!ZEx({?uvLkmKdjUyh)Q@h8knFE?CZuVL5cf_!At&l-
zH-FfO+AU$mq`59NL5!tVNuD;jpfysj@rq_1C9rg^;oTLsy=($bs>2WP&liLc(!V%{
zQ^MXJv4kCw<TWHiOYm3=&h&|9Io-da)6c1l?=~RvaY??2pl2^QL@KK+xyWY1(uJ-C
zJmmquY=TC(@&%B!=5&o3*#_|9<~LePTA^mFUP<6@*|Tk`?@lqYD^)#f_xu1b?rn_@
z6RsVbVlVEfW>Lbyq-m2S6M?9zd-h>|9liR=Dp*8hsI)C(zLv&$orD!?6&5t|i7}RD
z-TY@a{9LAr?n-`GU%=^3mj<1wWk(ybNd&cyeG*4+%t<)6K(+xAHF+uD`tIQwWhkiz
z=5sv56we`SfU{XACl#udbN8nT=5|kOaSUpPU5qvNDRoK0#qSng>-BP=CXXr$aF5xW
zexcieiJa=ow1#U@EoAlPzR=Af-`X8`oAg@Jaov-aaZ3vyGsA|j)&rAFlwYL6GIqJ;
z8d#L^igvowM`L<V1GxV6`Eqgm726wkmmQ6_D>BB(V<;R6h)PDkoN)3|h~&l;Tcr%1
zm<wy)G-MiovdHpv3rLcaPbHF1bz@F8oA5)Gltz$P-oIpcgIT=ZW&E^a9v^J_)%M&r
zK8Ri|6YY?*x_|s^y`5gG@FK?sU!ozWtjuvqnjU7=R?idi{F4=)I$77**}Iw9_ztLd
z03f3_6LamDSUCO{yG3{GpKz|wGY@@29xlGS_yF8}r3{V$Ua@^&2)1p!bB(w#8LU@`
ze*ag<wOj9@9ca+z=z_h535X8R)WC+Qo*X*aU_|%dFDa;(cukXBB^wq+gUivP-{&yv
zddenV6H7PMIXtejsiCd@3URfdX(TU{!^z3qG$1qo(NNhsWtwBdrY5%h3sDtC57XfL
zh#b>k?(8I4<IO;9d37$T7BiQB0fKvp%ZpG<z4Ig5+{GmLAmpESxN=6<rUM;dM%8L&
zOp2#!-!X)zmrmF?W;KkO#bxn#k2dl3?`!I%Y3GdXLzSSl7<V`h%G_m^me#KRXlz<^
z5_N^TLBEW|riU;n3bh@@fT>DuT>bES-0W(%!I8ZG^y3F*^STmCCo@sJl3L|lvS}~r
zl(goLZ$G-keHsmrkl0NnVg)hLVxD_j$x#BmRw*RWq))baT$val0YDP~0P$5REk~Tc
z6nuvhvRU&XU=Dlj0Zx+?>5=WjnQF2*PS!U$BO|Dmf?3}6L^gcc4{#Ky8wY6D1*pes
zce}!<3mtIyxw|A#jjr!UZBK=<p8s*t9A(4b@S<@axu-$DB24@Eh~D69#0)2sIJrN1
z_LFn6#E8uRuW3$0-M%2T%2v^xG)W>N`~ID*U2lCbUT1c@<wua4kY_Ja3rQ#G$>2We
z39aOnSRs37dN%{M7jb9wgoIt_aYn+XP{n&z+~$L;TK#;&edNGD=NTkyvXUp!#%+?m
zt&v}E@U-<4VTHWd_7b%)7<GAft!ekVWsq)dpl$K`HF^)TVzOQlVw)A8%}{pSv&(qR
z@yeS<xpXW^cxANBxt8zNq&`Y%j`^IvWP<efIf@P3ayEnoI|||U;nC*w^eAlGhmD*e
zSjy6bjokD{oYi8zM6V`80)tf9i=GI$=!{l}OYyj|7%9Z}(V%NHx^I_J6%JT~cvlht
z@WD&Lp7lv1aANGg0rgG)Dm}1we7k)A(p_Kg0wzQXXGwrJ?sA^+hwR7Wr{?v4%p6z?
z9G15y<cEzjsL;g%f*hzx3Il5d(am{bYkWwxll`6Wl0421KixMO%XJt5Y&+pS)zr{p
zcN8l;_GmJ^OoY8C#nz$3R>{+p<@=qEu^{nOE8_!Kng)(mOp>3qdD;e!ezb_An>yJ&
z^K`X%1My8E_$Ybnny)n?dv|TRsw8XfI>omR9Fg+zOM7=62G@gn>-xj-0G1pr5Yyyq
zV3eTKI6^ZYj}4zxp>lMp?B3h#+}9-CQM?0U*hV(j<M6riegWznb{kY@Uq&(+Rf2bk
zRd4>uno>gbYtr^H-(Y^OmewZdTS7Odsv^lGav(Vg@L(mMH=4c0?3N&Fz{C*g->$_G
zI5R$<?7(`FIx_AFKbq7Z72;VM)(oEw=g;ZmAP$`<WzI;TOf~U>%M;G=Ai*jhuqRiV
z%2Lln1vzKf-vbp5!sCJ3t0gyFzk+Up79ZN0^lN|hrhCW8$@1d_7d}5t<{_kp{Bbey
zL3FobEW~?;PtywW<%3L*zZV#16gajnr4m7os7NeNI&3U-wd^+eE@fI(@2H#l<4(hr
zYH2EY_`@mu0C0t-Bmv-gv{BEThSEoxG+Ghv5b}~=BBdO`r{j7P$>#1PwNdpLZNz~@
zPH_r>UNVB+d><v9x-ODhK@c=*!cSvr@jXSwGEA>>rgfe>$umqSTbzze$?{oCncZ2+
zMc5*eE-{6s)A$6t?*2acxX=0`x~PTC=maz0?$0c=%`ex!*`>AoKZ-w+>5%?8FKl#n
zDO0|=XEp}}C|h9R&JqP}hDv$?8m%p)?fyXN;Ss8QldkNwx%3rNbHdm3?ryjY)W7)Z
z_at`l@kuo~^N{DdRpIf)dK!<)&630nFt)vc0G#s1L6kIw^*aWhzaazLb_~G2zRhK=
zc#d<pBwz`5v2mDz;l06bD<31RGnK)jgx?`-SuX$)kXxJCW2SwI`?vu-z-Sq8WfnNC
z2+wJ3n)o}T%gFQtjJ+FE5F*s#_2qa;K|Y60)PsZs#Sc}<d1EUS9Ue%aCh^Ja#OZtF
zJmQvFuy-t@`C!k2D`*ilLcemLG1Ma6RE4zO4p#oe37F7R3bUl4-Iz0O=Cx{l#i5EB
zUXKu%)UTdYVXBxn`LYDf=x}`gIJoP5gsz+!&TfZ6;!(zc25<!4H*R-;u<6dbCn@=2
zqDb|_7|nTc_1qvI(kPXX_djVRan#i$*=W@01P(cjW<Fx;y0M66<kTNZ{J^9!VADHJ
zyU@d{lHNU&o1F<bt)ear;yfiYFFSLNsr)}=KNUIKY?Cv+uQGW$PudvPy!Q4lCOAC4
z?`Mv;LK%5k_O}mgdEfW5#GeDC<n){`29CFX?`QV6MBMM>+czDN!J>`OdpCiiwgyl>
zFYX-;K(TI8JY70GzDRB5$5UW%cinBwIXCQ4qjNgn_p*nMrSMViHe`?Qd)actkA&nz
zK<t2{_*Q207-5jAAxv`Ao03RB&w*Seu3Bs8z;{4=a43p*S7O!SVh6KK`!Ly;<p-;M
zHS*hKT%1B7wJl^W@?;}TuqZmL1}65wI%-5GM3P$!)}dpY^dAs%ykawv8-&bZO5j!P
zH;~&VLl{a&WzM*rYXinQ=JBwE?XaMXz|lD&CXQ^bVccWW{~uG|7#&#~b(wV1v2AqN
zF*-K8W81cE+fF)8$F?hWDz<Ig$<+JJteN>$Yu$Q&J@=lo_t{5Y<}dG%??jB5o<!Mx
zEg7u0!zua&#>MHR75nHj{F~e)_x_HiLE;AyhGEe}MI58Z`kjcSx{IcI3$U}9SWooB
z*ZqN@W4nW3w_ll7T#!R|brYfdF5a}3U`rCEEUA{z464Vlvp;A=Z|}FKc2@%*=*Auz
z6gA{&;NfWDyLvM79@U<RsBX?}E^IrqmLASa_@qk56&K=3ManGW%Oq7mKknJ(q4z^K
zedp&g3)3sop#NTr%R`0n$FfWD7S~3`6{S>y{%DuuNviZ4l;bUe%&f$cI*=zP&tarO
zPF=L5b|_yzK`UKCuWKm3LwIkRo(*Yjma`{kH`A)YDRZOyrZw+G7i41GYgWoE&Q2xQ
z%7c1!i3UR%PyF@3C+$oL>Z#FbC#qmHd-=;UrK$E7YxZwPzu2F(Q6cq6k?w@lRX$HV
z2Yl?)u@#N`T{u}y^}~oy@!Vsy!w#5nVs686sgk3sX4C;CkI|^7Z}Y82L=HD0La6SL
zV9RxTPGIdxKjl5$!M``bFujZEq-TNkNrt2>2SSn3y{D%;g~`(WyIopyd&b!bq@3~H
zMdN>a+_+MKy}xTjkq^;1A;~-cRUfv3_HhcC0tb&c(mqmza-UDa$!*;3OgzH;naK9n
zGxdzGN*MM+bYoqVIib?19f{<!DV`ODPwGscYkEyAM4O6^b<<S-!%rX<PI?n_>iJ2z
z<M6GgcMeHXSINl2pu$cITS2cZiaLAkTnrsGI=O#IBpCg}gLCRi347+`@Z`ssekE=m
zUzUvIYL1Sn#M)qz)M}SAw2Oi3llWRk=FB6)3`fyLh^s13{>9maxk(v?4R(aos_yJ#
zf8m9dEVWkN#rL`%^gmv@I(<LdLnOTZBMVVo-m{xpLaSaB7F$>rSN*Riz#Tmu^kz!C
zjK&hLY#`2=bxlI!lViyh=zY;!KqtL{)$h3q^L3m<;K#X^2zFCB2G9Qyklx>9ooXN{
zI8F8_KM`)Bx-K3hiFq4?&B-$)SOUvYLbtj5>97ou@In>H(nE#lAn+cFR=e(Xm=I;<
zoXpz%DIUY~%@Kjr^(6hZK0L4$kgIf(H^g&In|n(gm!RSY;O7CSx}DjuzPd?&KHT3O
zKX{p_pRd;fn#4AYe?EOaq(x<3nWgz8)Z}rzF!iU{<QRwqxjlgs`h@v^OQGf2p*%|D
zGbV30M!pfHDjqd7aX9>kPk0D!88mQ91Z9}gz4y{x2OB&yN>4f#a-+RRQHf5*PMMwP
zi6w~v88H}M_ub#s3cy*%bs|};!)?7aV(@0jv{EHxQ(G_<uv+B`+a%R;$>Jf=BvlST
zU68#}WdLq&mb%)pmS=;^NV#L0!IVnb3$XEzuBmYKhr@s8eA1P@CSXnAl{<Pa-(W>~
zYKRO_0ezw!{~3{x9{<c@6XqYSCCOp{n;#oe807&ls7o#JVsMknX^3aT%6Luv>Rf|Y
z=b=TgWy^`BegnKI0heb7g|vC_gM61iL7Q86f#z5C(duyuAIS_xbf3w|X^=_1dzoR>
z_-Kz)SwtMh03IBaJ|c!4QR{TZPJUU9voUTwi{Y^t;WWABkREA&7w?Pbroh+Z+DpsC
zPglL>S>|^IR>GY9rI`z<$N2UbYff~Hac!9JgDV8%?9uZ6N(JV#`qT6EM1!#FcH;$#
z3I+|fVrmVS(Q+wO`cGPo2U(4WzE6n7Ew6tIo>}00;A&=)-9Kv?TG>`$>vi3<sK@E^
zoBn7EpP^|IQ#R^)DXxT`B`x4zP;H;C;{}@((imP8OjiN(YQQwlD)O3ih0kn+tOB|S
zh#+sg##=R~a8>FqA88z#as+%z%0Dd~T>kje%f4qoUyf|-pmcH!2)f3ED<ldI1z2G`
z^XVJGG0X$RrV(T%>14J01&@Voykx0cwK+_Qpjj=`z(yVwdo)8xO%ac%L)|ev^0L&Q
z18egF3%N0P!((5$Q683(1oX1Lm2`c&e%`&b+>OuOO>ns|aT&%2oUMXIS)s24{;W6~
z91yHQj}VhV`%X-@-gB8iO@<}u!UsoaEQUb%aTC4Xb}yuxcyzGuQSqm3e~5x(XrF?E
zq3y<WofClSA9DTKTGvI&F`4LVWUFl*SBr1kdH5-vs^w^u(E8tLetFx@%fkBaww=~%
zZy5TOHO3vD4*J@S(^b;hHDEYPYT$dGu+c5wqj$pk-x;eNp75LK(P{5ln>IOls*ezA
z)u+5t&RcT?LO|Drx8lG;LWRwjg*NP>%%1V;goaOllml(+ZZZ$-=?ER@7a<VLmua}b
za~rrmRN5l+aOQ4Ca3n@*)|98|HAdrfxIX~z1<88Pf>6;o)niqtwdcJAk9`E%YCD*5
ze&h)IJEG#c#?&!q%T9)xMBCzj{@Cmy)d?4<8*&}HtcgL`lo|@XX2tWCCsuwf$~*Ix
zA4pOy%Y|#=CR;cR51OW{&DwcpfZx>TC8}wYmNa9^@JotQMe4i&4;AtxLbA4pdS9Vg
zTP}{dkS9}9hfIK@6V@?|1mi8GK885acYtNwAmn4dyIq#!eOkd&lj%{QD1~$!Ut93W
zxSMz_>oT!)jUCKfL*W)qG4|T83#j6nHiMLdR3;sA1_MvnIb@9D8lEz1@ZuUklpmZ%
zO-=Cj!>%#FJYOs0w;s5LUFDCnn8ZrE2|pOyvo~+=QKIuUa$>uTG7iU3)ygS=Wbx)m
z?x>QAU(@6A3|`&V*LQ@H1AYv;dJC|LnTKDhv)K-iOOy`UxzQ(lWT|@nosO&fkg5UK
zC=f4<#H?$S7zyaFbF%K^ShhkxNFh0{k0P&W`Uvh70~sV?ay>*WnG6v}fd+9(rqA1B
z`y2)>h@pUE{qf9gbiu-;ImQ8hGspOP9Kp2w+@y=Wo?z5pGodIx8qTAfs$0I^qcAnY
z<Ck}JS#S_WC(h18BzgwbMDlkBsMJdp_gF^qST@jeyIltZct5D<ivBn0h?K@vGp`J%
ze;Fv=@M|2MJ?)$qrb8spXdC|cRuj3Zx8bFIY0bQ9tRs+To>YYPLnKrYmQ*Q4GF%b%
zMluEEq>9|S=&>Z&+`2S)1oUlFh}P*G+9sn|U0$2C6`=`}Go+vtq3sH$pq$CltX)GY
z1qbtrq0Xq6v6^G3iDJ+@(>k5d%8UL|`}yN9NQu&l4A&#X(@cm|piJmnQ~mwR2}-^4
z2q5Vq%IYU8r}Dv8PWEli7fkvIm;*6^Z3OP!3^p6rB{-|bm9aV>5MmO4JCq{p9B1&Q
zNfDG07a7TQC-H0E|0D3o34u;00--I=K~J+Pp}S`r?tN6+0I%5fx=M)zqf}p;-yrrX
zpC-hU$i@Fiq~C8~=4A4n$%!thcO-Z+Xb#poll|-Fgd9a+COpE_%fSq+02|ZOMyP6P
zcP*~xqgfUT6#OyoL4$QEZet+Ceb;WMe5aQCmW=TEg6lmyrl%2d((-$oXCtvE4U%71
zRAO7|TkdBK`E>`y^~nbMInm?q?Y)kv5|n4U6AsGjL3Y&+(rYVQOOrN=01)VZ(?ffP
zptuHIpccus+~%@C$PkBG;GL-ho*u|O04r+zhgwu;o>e9GTEzCIh<y&Z=CQndqG_K}
ze|poJ=?{9YR}@}Xy?gMfJS_d$>1{zwf(TH4PWJ>V)0g1wdN4U5d7nb6zPs~pgX7Tm
zxPnE14b$(;>EH-0WuD@^Hz8A-H6PUCag_|E2P4DqTb(;d5++6M_9h|Wwz3WvZf2Fj
zzWD+r>}%j8Aq?Ax5Qe~5VF^7Dh7orSI3arw-NxW%@9*AKNiZnG)J(tpdi(M0);<M-
za<-;X{ZNO&Z!-^2;vn`Lojtho=A{X;Obsg{!xTH@EwLppgv)fOo8UVZ7z*7&YH3$<
zUGtmrT}h>0W18Rx*`qsV7%JN|(hgErzbCZLGbFEuKrAp+f=pYeLmtwZS1f;8bM#Yd
z5ED)eeq&7e6%GULLIp0wwM>3FRd{FB2;GYPh0R&j@zeZ8pT?8_Tft3g3j9Tu5Z0Mb
zjbhvMWbWdBMottK+{?4WB!aT_ub-52qlG$szu`AL!lO+7pL7RP$|e}Xg~GdZq#d*I
zy{<8EFeB9@@I<j0E?m#cVEMihVC^<;ffRYwl^IeA(&{>E5)(lxT>k$F@JYZTS(`3(
zU?}oXmV)f-t8H+dSn66)x7?RTT1dnN8|hLTz>Im_ybopgqOj-0AjSMi1({OxeN>WV
z!U5lHM5n9w)1ARghuJVhiK(i?e_AK3>ah^F&uIRIS5RcjK#^4hcCP_(U-san(>V&F
zlt-xwzDrO&mCIwGqR^+({2}=__{c{_6uemDFjY#Ez7zd6szv!!0k`jui?=EC-rT7j
zWT2}uBIlGF@!ZfHmGSYrQ<*|Qbcxr)MgcKk1M8TVixPcYqMWQ8uFb*65_)R8K|&0R
zKYdREV!CHwe?Xv5a<m1bb9`b`Nw@>eHICSr7$$}Oc1pxE310HAdjH@W&1R<4JbPKO
zb2hNvkU8?^!RI4_03F#mEoJ$P_eZ;`-D2Z)nDFU>87I49x!Gf3PQ=iP>pbhNQmqs{
zA`{GMI#uk?I3<&y;Je{`lehXXYq_+!D7%cLmcO25hZ59GhQt9!^Y_}?S5+~x(yV56
zNn4^tkw-=4?wWgwgAIO|a-McbUUMI1?yLCa?)8OR>VrzwYhC!5Q-4Q9Q?<(7MRyek
zmCD_blm{C?*jyJ`LM`AKnOFi)B%Wia-v6n2tV%hjmbZUWsd(!wNimh0!mC%xVW`GR
zT(w}wdwNZJw^<)rlEm6)sB@)a>CXMq;8}iJquvjpKxi%AYF0}5G@7hQRO)FjZ_nbu
z49DUUUTv{|CKqKus;{puAI~5g!>b;9!aola%fgcGv3@j=CtElYpo6o+Pne$=I=Gyy
zyfWa-2G(5Wz>#^Wtw*-+a?psv9#C0Zdd`l)(UU474mXA;L*^&kNB4EKSCusJxn#eb
zEPCIqkt6WW_0NeK>MH@?c+=4<!)7f(_wG{hHAg8wk&_E8+)J}Nt9(7i;^@EwGuJCt
zS$F_4>|Kyn-EPg*yYq>=g+h!dNJ%;c(yqJ~HX1_X%djh)BZ>+8N&;?ToRPnNRGYCN
z8;4VblIosPNCF1HPbkpf!hkVXWmao_L7P~ZXcO<PXf9RCf0E%M6iF3m$W^s}VxnbI
zlh0~NEK6R<k<P5hlO|An48cVhb^tf1$rsmm#vP?Xg8yjKkV}RP1kjK#W-B+B##6)m
z$tlP<u2lZv9BD-viPfH>@qlSg*<SGreM6D8&SYXhE*g)a^_<J-GZUG9W&&5I&i09>
z32o!O4CD^gDpGJ(FCmcWS1lB|c7)c@PthfL+5fK0lVSDv!Mw|#Sbn`h?;;IiVvdoL
zaUTrSnyrV$rEnJXfj|BQK9)UupR6M9<}cu#Xpx1zvc?H<mAJ6LKv9(9x=)+J0tP2j
z(9ysPqL~Avxn!(`7*VbBN14l@p(QC(?^wHFrxhW?Ft2x(fDl^mtwjGS78<F_7y_xT
zv;ykLcSWI=kE)@^@V!|McAK9`C5LlIPZfG@zkXzSU^P|w)uz9vor6YyZu3U+y~3AB
zZg-WEZC)B(Y!{T0>hkut_YUUyy1#H&W<@6;4ibb>2+tXk?xHRBF$YniVfRZ)Sxo8Y
z-Q$KEDdxT`2K#VS?bP1p^zR#YVH*lkDB7STk<sm=TTrNQyB}dZQtzj4>lOuCrp{~0
z_x(s*q1Ds5l%fbDPAQ5HIrA}99(6d@pvz(JWW<yZ>V{@hOlFX(OkVtL{2m+@a_v@0
z=ocB6Eq{?j&rbuvHV-CtKqDI0WM1DYH_T<!;7qM*8LCLpxq?oc4O)q%_0s-tv&-do
zk*eq)O-nJ+)LHbUsKv;_mipS1wOrN0j(k<}|GfW?LD#m9naD~B9OE|7S#pM^A4RJB
zf=xgE!^ru_N;%V<0+f^Lc^&5{TG9VL3fKosYEjP$j2{3+(t4AS5w)?Gsrk0QFLoN}
zv*Wm`b)SzkY@~qq6J8KR`td`=eQ6vg6IyqLgbuh#0KUUP@fI_SyeBwUVrEa8m!Xem
zywLIHf%<bOk2OpG3BOxKi2!3sG})1;)C*8;<)Qg4YBz2&e%oBn8Tl_7#}2a*Y1<Vz
z`q>8UF}g|qewzvJ0iuk>UiKRzHhuRA2aS1)@jSB_X3<R2DPv1Sc~|p(GP_apla>ab
z3n|E3W`^$Bo>O)}AL+-%DvkG~^}+gK8Hr%QPe}FmmqRKknMW@xVpYu<q2-9I8q^8H
z=!2!B50<poiq-(5q3iqU=AN)Y)HFBx_8*q)sfNsp+a3{*?R?QUJE)5^Xrdg5i;^eP
zT8<Us)hnCu$Nxz41@>C=1=K}Nn@Q?Hs<|FH!;EjlBQnOtf20}pq9zI_=i8$fEv|PB
z=Q1P60~XJvAwQn2!qw_6N!E6o)NbV>5*+$DnZa=Jy0PQQnSDm=$(Hi@^;i1kGmd55
zFg)XF2rTk=`O2w%ur>G+VCrKdm|@b8oi;#oW1stNYaE)B{%wKJ=hTKSkI~+!-N^Vk
zUY5x0B8?*uGb}Hm|H6y;mki;YwBM~~G0dN~1n)$yiYN7U6GPyML{=2$qh~V0Phf`A
zm(v1;#x#ar@GDPZ@;Hkzu97)prHieJ{xHEP-2)AlVtLDD0C9$-f{cxPw#bkT<947?
zcO+&I2XCvE#tM4$Psrf1r67WLgB)yR-P4e+wfN4hgsQQIRWUJb!~5<euNRRqkoqG0
z_=4f_KvY0>XtkCAx{<wi99G0ybT#++>@)f0USM!YPWt14jlXnYC){1*w}we?0*n|x
z%b^r)24jClY9b9?Du>jrc9?cAYynW8F+e>ES;;U(=D5$$rWU?icOxZ?qpLNFcuMgL
z^W(|%LGSGOUNZM$`7c`KLfMg3`<Oae$GmgOY1VDwke0#`opratTN{Uqtj?NrcGAy}
z;?t}^p1bT)r^TWl_3Mh+WN2xpS&G?C>8DvuR4Mf3PH@-%sLY)mtuRs(%F~;ogj-nt
zb$yG8?UMZWFAXo7-paXJ2T9h6fgm?Vv}lqpcKoKLa&pEgRHO0>#K>cF1iC@7X5<1F
zWk(A_vFzZ8V6L*Gd5;CW5)!g}th@E@CaaP<?f?can<F4S1N{&|Cp?aU$e(oDCW;&C
zjapLJOa%#^sFyS_jCengKbGH*4w`*8%Yj8OJMOoP)zB!){GYnKQy_E6HfO|@c7Kw>
zQl;vu{0zEKYf^^AO9U$c)o}vRFN2gdH?t$XNxMnAt)Kgk8#PO2RM$L*zEtzR>!3Qa
zZYYRKIEG}~EgiiFJKqo2&yU^P!}qBzSzCr`2D>fr6gNPY^?FIplmjI~gGg$8Om2_j
za}-ZK35th0ly23EJ??4~-ncz|cgM~CZGxgq(%C1CC)Vds51o($9BK&l{uq1j)m)Hp
zHLsO1*MURKQdC7y!mXkH11>&GSi_xHBykF`YM0I1VY@Z6w;85<tu3#8Vf8H`8Xe+k
z(#vQ;V9L4!ry}<7FPe&3nnr=;%|4n6<CbR6tfyb8<`#;InM5~pIYaZ=GGe)|(=gRI
zy#h#8DL6$_A*L?ZbyHmVQO?kX>I+x5sMco!lC&89qa=%Jf|X|#;VuC3MJ>w3v~vSg
z&2AHQohe*{y6Pty0~bEOP*5m^*>4%fR|&Q_|0@IbH_|Q@3eA@ol}LzpaqJ6+6e)JB
zfK$3Ke@C+k%XJ06F_QeBys@K1a@zfQCt_gNm4=%%Y45iqI2M+zQWcQY9>ym-14>gZ
zqAhy~AI)$<o}!$-p<FGIMZY=gYZ16M1P2n6)$)@oWd??@EHCs~BG`(TX7!vzZm@#n
zC&BtvbbO~La(svTlNP7oCA%0MMwYXqp@kx|cQkdgq`mAO^QtBK2q%dwvD-w>v;hy+
z-K<UGo>zCjfwnGEhyOH{U2W^LTKwJ4!)BROEi|))R`N*-2Y&h8|1=d9j>j__rQE)Z
zGui}u0H@i1mjv=!Lm9)YI3xeQkX_4XlcwG*>3v;#!+az%TEsH^nt3muaGmV?Z$8pW
z7XsQx1z@{EmPAt2o?3fc=E0c`Ds6{O_*mbfJ%>1>s2QV&Q_EeHZD#Nc9b)bYm;ML|
zJjce|=xhnVnsPWpntYYPOuq}(@>CE&+zN+5xoroQ4!PzI;3%0Tx21VO&%5r!IpSV@
ztY~$wA2)ikUXP(Y=RL!7HzM27|0|%~o5G?@EzpkQVL;IH(~YPv)@}^D18-Gq$qGrY
z30$TmsEU$W@YkcfG^t-E@jiLsb7JzK%d#X_pUn^ZpAbJvdDd68;8AOCT=MxZXv{#?
z^ql1Ka=u?uAUy+12G(;V$Gd1z`F1q9#`tuV`1~_YirY(QMNY(3q+^}_w{SmVN0ec{
zCbQlBPau9Dl`H}?Q8cq3kS-1(A1Pyx-gyI~(GO)0Jk^CAU!#jnC_93yjv#h4yvH1>
zN$4MX%M%B0XiMotgyaAVgf2h;N(P>7C>Z{y3>T_;R`3|!7KM=~W3DJ~mXcLQrTEXy
zL~vo9g-C21%6@)kgrT<j<Vt>p_;5gV;`hK<Q^93vXZ61F@9LOZY!gbAmLEk%yO}xK
z4<<EgUBisOW5p{vf^<d?wk`L@%u2nPRaHyRiwfyBzr*?0msE>_By>vj2q|e*!+Mb(
zW4Ro;*?2lL?v>t2s?3y8Mtn&9^8Kdl+1c_juLr=b@B7o!vk27Fw<KIM<ph&`)8WdS
z$VlOw)hyw_C+<$V=TDQF_9fM-Wwr0<o!=hS^m;!f;peLAx<MMv5-5_po4WxzZPL9-
zJ+*=rrJW-$>wOH?{`aSG<VOb1bbd?B6BO%SY{1icD0_lEaxQvY&$4>J<1SQOuf<0b
z0+F38Lzi~W7M&D*rVE2pR+g_vfsc_W#FWgqKnR-!<OxP6%raF37(`ZScnS>pm{7Q$
zxpO9eu`RqSdwP-(cgYVuK?HO0T_0{)Koq1})a-#*1s`NBR)gE25sVcL3@);+JFtLj
zaU~2({as0x_i<aJYbvY9ftjp}4g78gKK%7a>xpipU)sLTb}|pyKfzJ|J>|aOGT<U6
z3ooB=ZxLAin>s_VvG@5kQI0+iv{;uDnfzf{zP=APS79v&9pBqao+u<1lXecE)Vh!A
zeX!baNuL?B%oVNAJkAFnd*+go)$mM_%%e=LHl;JT^aORFx|Yi)a=;PdC^fc;oUCOR
zK`lj}p9PYT+t9`cDU-FF_*V$V=vNXu=`NcK2X$H8yeyk^N!_d}w{2q*J8YslbP&T(
z3__yFm`lEmc5A$+Ub=%a_T2!J_eFQ+=L<_tWl|FSt+=`k{UQ1=hs`i2K=&&Y7v)CJ
zzU(Hqo3w+-)uAC5?65wsF5=X276E$FD?;n&)6a+Zu?wD3jOQh3r%G1tZoJPB=GrIL
zlXXIVCf64KhHt8vMNr+@f6L;VH7NFv!|%<IMB5=qW=lSStS8#?OiNLt4|~EftZ1M&
zq2il#H}Q?OFJUwqeKMR9-t#CLF8bvtc{t0ck-?(fZF%4_YVgB3tYjJhgFX~<Jh#Xe
zopBVPmX$F@pM>hiFZQo_+r)reM3#mUUlS?4(&2U?L^uEQTw|K6@e*1_$>lli-O~xA
zZ=v7Wv0lPcn#=SYK(D5~GW6a>8DCEFeuK!~t-W0yam>bhNom*tivNc8K7Dnc5^iWO
z6Ck_(xXyscfyNLXBwa~g$^HhIaLj`vGS8^;8qZA&b)xv^#T8wh(6MWG9y7z16E#C$
z@m?HlE3xus;Cxm^1~RUHAmb8OV`=X<cD4f96l?p#6FnpR3cW>7TJ(92W|dm_`Cr<2
zod!`?E!LFGm%S<L&0Np>Uf+gNhK(KLA$0+-@lu9QPY!$+o|fdy7bC~v!(b!7&5Zmk
z{!~#}UMgGaB^rHdwGr0s(Hf3!?=SDqE&R1EA5$maNZV>)>%*EEdpD<+=g<O+!R70a
z=`kD^>j8yVsRs)<Ie%{KO0dWLq|8Jh#)6CV{_Z=yWs`dhKVgZUWMJ=L5)peqf21QP
zGL4{``K!1I)e)GsMPFXExa_wERtLymV=~!oBap$?hw@A%5Mc$t8|}5BQe`Zv*fW_@
z!qq9%)}zVyxbQvBY$leFtel`n=lMfhW96d`H=siP%~3pV4r>gKDq?4>W3{LC2yZJ%
zH<giiJyh*=zbP7=uPOMa(7h8>ejPzB->a9I6Ej{(R_Jf%@8w?NBHRE4yjcLrpCzEq
z9>){Z$=|8(C#fpFN`G1k&p!m)A5`P(=h0>(1}F+?NjD6H+u4qi=y7HbF4c9hlC@^_
z8F9z>nlx)r#+p<G+f-o>n!g`R>SG^1o8chuUf@j^d1Zkzg64J^V@<jUDM=scoYivE
zaX|<1p^p&DsWuCq43;(e`!Ls7`HZJAU5o@1$|JecBAFx32IAVVNX`XI^~5t?nj+|~
zc8P%O8Llg>*xo|5w&~8v#?byTucXN>+5rb*u<Gv=6m;VQ5c$0rw^8Fh?pJU)EFN%e
zyKr1hRpzatCe));L8B|-wEF{{VQ#}2FB91>(Nwi+ii>Ibo>*DXm_iPP09<a4AX{?m
zEd{|W<7r%dxp^w~pq^7iL@&*l5eqiDM7$wumVS@9hG#;B{6emwww*4MwOxm&`DSTR
zGq`*Md~{@dT*To#jS>Ar^kGDVIekMChUP=_^QDoWF4FMaFp;6)`y>HjQUX&C%;TR^
z;e9`sym0uYgli=s8qx-;HQS_i7B`nw&f1n2>c{NHs#B8z#I8-7+)}BU^|T4C#%dHD
z+|sU1hu-yE9hy!$U-g2EiHlyNBxhv{o*^U^fN#c4Qt?eDXDq%aIRdiucAusSs_j#w
z(RJ02sS2uZgL##LI{jj1F51@sTa%h@j$w5s=SXHcrrk(zx~TsuLA;HgE(uvHzzFv3
zYJbA}t9(aO!FJq<Hz9Bu-CAk;mJ@;;me;>yOk$3uoy@KV$5r%SWkfVrx}b7^3YHIP
zEbyBkW`@xqYRWlwpIn9<l~P}Z9$8xTzg@y(gmjC2@We6Z5yzfD%dz*2gD9s)@AFA(
zm^YF<)T~a(tY1ycBw&xD(|NMJVHFT=p$C0)k_~0E)~DYKN?b2@n*bd5^S%uCjg_~V
z1tk<FSI~S_Eewf8smBta&`~KO2ML|8iYwQ8%Gz?2``yH#go6Glv2ISO;sLHs$?Uu9
zY4Wm#mG4OBNjf($c;aY{EmzWwGlO|?YLmt3v=iqr7@+Pv@5eNS2vl<o${L9OIgkap
z8^HxB@>1ybVN@XI_R9ZYmi5j<V7AYS<b=sO=rQC^x--gefaZeL6fWG=#;#-xF8Pki
z+=zkmhoV-|ykAT&c4AJt^QJEP@HqG?E3booxaH{hDe?_yWEul`mmN(5%NH*n*Ne+%
z;6g6@(bk{OZC_?4+!8+|OLSLu5Ff_;u)=q@-9yatm&MM|!5qV1(^{5j`+~IWo8VEp
z`>WjYpNJq&X1LIt#!LEKRBS`lTRf8AFoqJp=N(%a3EV$!V+g+QPA+VFMLQ^{WGY~U
z;8vUQJH3z1vXl=fRlvwlxh1Tv;OCt3V&`b8zR29nC)Pg&l`Lurk19&>QlO=|gN}to
zlq_b+u@5U%q@6QH$<kZ2rb(Cl=Vkwtw9_6dw-hR^6)5?rN9Az6|Mf6q@Gok)q!!qC
z0{PiAukpO{H$y>8SL=uKdSq4F@(3R-&rEWos5h`;*KbuhYy<}@CSP7(uj7LgPoRuE
zdbZOjf?6{yrQUuz!tpWBbn;jVBGC(|O7eAx!Yka2ug-=!L-5Ds`xWc3BjE@VZa*5+
z_&$+!JlI}1-9BdyA=3Or36M}VxaTLhL2R?ZE9vm{k)Bxd)(z~9SK2vgD>kj5w9B?@
zw4*92Qg>mSM&~(=Fl7`^b==dgi5jNkTkPLINGY|D8B7iFK(uQF-OA|e5Avwzr{&CX
zYLU;PNL`{7*Eie4;3dOim-^2?f<`|Vqd7=cl@f}mBbE}p!5P^vdpJy6k)8k<0nAY9
z-ZT-1Y5Rr3p*cLg13!cVE@CbB%|NjVo)L?Kj1>&gn7(k&_IEhys4}BSXzi767P|G&
z|0OoMY_)OLCOSzgX-E2(S%yUa^nOPeL@EtW%DV1<7)k#tpZ9%Vu@lPCVWOzg^oMZo
z^n?DO5lWppnKMk+1ho)#?678js?nL<e5;583A*Ra10@q*K@sU-e|4-hZ=LvTcg^#k
zD1CUGhaTfYr!e9WLQWST`Y<mhv`cPCMYE<24F4*_$tiq6#m2gfrkkB})0?)li^c&*
zQN@3hNk_+SgHek9r2LQe>_TES5v7g}h%#kWW38EW(ap9OqUy0&`20tiEH0`@ssM?N
zwi9uG<vZR7Z-;&O`Q5g;4l@TUPhvquJ+Et8LzMvRAPtBX_+^!UMb_P4@CF4@#EnW#
z=H%Z59sszsyXY6d-L4~sn;59c>BQ=(J~ZSt$m>3E_V1kIgp`0BF>yb0r1Y0DtFm#*
z272<kYiKbg_WR$IyOyD@q0{gM(E)r!Wt<GAqCxy&%;-qS@P8%6<q_mddI{izoKcW`
z^*f-3{KYJ(4EvGkdHQd<1)4eQ=r4bhf&~hDbM$BrxLDu#`x}V)uJMZV>U-gY21atf
z!W=!>(Laa0+Alv=c*UW=-GyCLo>6RgayeI|bue9C#MnOMMA`mFTb!*xv?X8bjK0OV
zjA8>VLaJS5wyM8S3q)Ji?#i1NZ$C|Xt0-)q6L%K>b5lF1)m3>~?W(&~Hak^!zrzQ_
zZQ6#B9^>q=?CG8PGgvo|Hd%IO_qMtwLbt1N)ux*yLgLDXr57B_9lwxE;KhCmm;+sU
z`?-0+or<m(`%sq<CLdS|G%2aE$Nk1{{#6SaUhV*fcT{55qjAj)ZowOLYNH)tU9Pt+
z_VXr~zjNYmGwVAUzD&zLVNv{Q?)iqwbX;^4K#5Al>_}sPp_#}${6xargAqe+VNO3J
zZP?l@16|$N6G-)=4Lt#tH}0nFY`ad&Uz-RbsIR9-=Ft*&m?T(d$5<)H4>4DZr83A^
z{dr?T7wl|xlUj9X$wm&x%HxCMyM~n17V?;;n*qf*y+P_9?Y>GhQ$k9hrkCsrff=UG
zXg6I!QzNM!%bcg@pf1_MteOHnpiooGX_Nh~*CgR*bC2DV^0{ycJeE#f*JH6o>ZhT(
zs&LWX*ryD_`L<9ApLzPj8HOl-TS;mRJBJtZx?~~bS{3y}fJik3Djgrx_=|H8k%$$V
z8W_WS`b#j6^Vl$hf3-dGJ~NEPDCdr2ELIo<?t>W-87p0KkX37j44>C0DoKjE<xSli
z*ap=HrH$n}EE1aoSGbw}b^xrmsl(}>yFIgM!$F7pWxPB~BQ8#YK?IzEz4J^#GanTM
z6f{9dI~vhxEi|N_;&koLPtfE6amrL98PlYB_w6Zf;~Nho>gF?wXHTJRsVP13vo{F6
z*M@+aqK7RUZ+coExoxWnwsg7{NWC8puw9bZE_vHl8(b#iuG$sYAB@pn^j5>z6M!7;
zx}_1oX+^6VU|(0u37!L=6ZmyF>FxT->GA?JvP<(>a9Y#>$<f6tYM_9Tai%H)`eT)>
z1lw$@=MByEYD3*|1xR&1gGL6+n~?E;E8Xy<fovClI((o%JNUi*^}5vrHo3Kao9c`I
z`m$v;+mEBAI^_FBZ&n;%F3FFI=q*m6IBJwoN6tKDQ9$@FurQNj4sXoJ1s++!a6(>(
z`X_Ht1_LGOpfE0Oij-8UPTPP||5%k2^4t_m^~fzGA20&!MiI#$&Jsoe=McOpYNZEM
zFhmVDWeTpjSGO}LF<4&rR~RbCBo?K!Ef!DzPuL45x_?AQEnAXXIU6Y5y3Cs7z!G8r
zTchowjoz6x3WY5@L$mWNbP3a6BH2nCXZfu!c~_Jy3tD#`i1S<2&h)rOB!n^OXjK$(
z$|n-4C*qqsnP^k^dpfue!GN4!X!Vw{Npj&$w)yZAuZbIUJ{w8!cXs?6&>&;{n1};`
zr<0i@Zszj!<G;GA>j3h5^{K6r`KK_Vv#C&`v_(Io`_{^PzWiafw4VBPG(J#8z9-$x
zUO>UH%TY2t=O5bEBTs{K2Mv)f^T+4?NPzg`vicwqK84phmRINF^1xpihL!#zt9mO-
zz)o!$JRzgH`{3(ZrfFOZb{|p1`2z8D6VDUEL(-^EAgD}9CrdeR%6*=4dw}p&fzHs>
zWldV~uPPz>#=HAjPYU<}u$cfRY#P+~t<3ptv@V<i1rRG0V2>ixmkl;dLHO?X!+Bp-
zRA_<30OJl^^m*d;9k<DjmzzLSJf3npC<ir8ZD*;~Oc~R0=wsg`=}jd>+pGF&7jgWC
z7KgCkt$$ej`QB_iso85-|0ZRiR3&7c_wyHaXX+Fs=2pmD7H0Qh)Hsul@3`!a*iYZ)
z4QO1q)a`HWf%eT;xYS)3><h2>O%MJr$nqs{zdWA#{o-rtBrThs$K5Ym3^dnU2>PeY
z6VyTL$lx5*VbAg6Y}oJ1_O!|#9kZQDVGr>D7uf#V5W;w}sD`fg&{-Z&J;V?l(w9k|
z=md)jdZGcXo$VTb*dOSY$o|Wy*G{1I5<kyBI2@{{`*>rUQCSdMv`>0n&v1xjO6IP*
z#e>QH*aJ6%sf@x(&Y}Z)^n_0l=6Wbi?M5q;zf*{;`S?HMbiS^aDseTmf>%QxQQXtz
zAN`%KN$3``JV*9q&q4HLsQMb3cG5WU3e2&p27qcU?lB^yjx~g*AVPA^CVyrMPhHqN
z>f#{iEcP(sh4Qx<)}V&6tM!61dm=3eB6jO1h)q|^TH^T=SqJKsEdUD)Jiq=-#4exw
zX?(XxYH(o)ghOM0(JDtq7>t|mfvYrcKyl0Q=_1?WzIjuj`l@gBoW9zEaSpewf`m!z
z1sv6K7o0^1ksqYg5JcZWJ35Sfp)NbS?mSZ7QT)(!HSz6+{zB#6KTtU$l<N;y4h-=8
zzx=p5?pAhUYN&xx|9lwyb(g{s1NOF%KU`_h`9arjLVn|%VIVbzIM@SP@MNBnWzUHv
zLaikinONu$&Sd@)M4ZBK^yXATiGzU?jv*kUpU4Db$!jS`COvw0XVTg~m~x=NL>*>_
z|2xmbgT&@$*~ZJ>biEJr3{6S34Qq7e2QRQ17FfM-nGC%A&fH=8$=%f^V7lbZZralL
ziO<?$QgjuuQq}e+`5+Z2OU{s?GkT7cyi&zeVjZ`FxtY?*^rxj#Oz&5rmm>&93azRF
zovYAhZE$C^1vL57=|0C!juDB|Y!B#q4GAx0oZ1(o_MDG)aDlkaHY`Q_&oc+mLWe9!
z;6a^<6Cq(<NnnhrhHQYKfiS6S7QrlxjDP?_SG*B{e7AERGyY~Iw02J^ygkH2$ipgl
z&e3z+YjkAl;Zs`1rMxIL=7msW#$S_B6j;6(Ut;<uLe4Tg+Otd8H85GkV-F;CxPY)O
zB4i7A1-|X~dZxmlq={RO3<uuW^Qn^504x{xVs&Zh!ri)r=Rt9zJ#BE-E-y>q4NA;G
zbh$Cp-JUrkH#uQ=(C>sYcN}7}3;ggq_VpHV&PZyiWN965hNjW^b~hiEkXVFtyF>d^
z65XI%g;)s6pjw^6SdZQGl3j!rG_#N?2pBIsoCmgXm{vwul;+zfl&TN#zQqRczW-nd
zg#iRZ{`M0KWgr*|2Eh=Fl%RW_zdZ<sy!`EBE~eo{0>@Xc#mIW8)Xv#{^ghy%FEb=;
zrzULwmm|lq$qGFL*kL0yJEiJ^lH|p``fq~)y|rG$z$H{Y!4YT{lbnOUU}QZ^7H4MZ
zHcJ3}`Mp?zBu{%o4@0h=et)+UP5Wl7kWNz~0vZ6WS9F{XzBi(46JFs@S)w4St2Gv;
z%R;7u7v}!USP^SvgG8!tsXYzXVbp|vloeq|Mqgr_cXXCoU;50Tz~Ucr#3-}F^1p6-
zW4y~K?%fOiMI?quyxl?8N_=gE)37wqFwOBn!`Obbe2Y312Ux3}bRqPJC<~*0R@1k}
zDM5nc<SsUYW7YcG9M*mp;FB;ysc1Q(p<{4}_m3*_^g*7AD&mydaO1}@wX`<@krC9x
zX9W#7jn+*w@f3ovOa48J{<qn1*5jw1h=0x=;u-Z$zi|b2B;4N#t%h@Vji?|yS9X&G
zz#GLD@lz^L_!bLBclimAq9-6pWDmK{)p@Y{n9%vpIFG*9nM7y&E|sIk)%sV*ha9*|
z^6+q3RuvxxdX5Skhr6>lf~w%WPRdm^u9~>XzT;&x*`q}hMJjvC;nridA9c0~o0j_X
zPHE;-=fdv`%w*R|h1ZWS5N0-%Z*Mz0V)qS`#UH9CI8DoN%W$XQhR&_#``4lu#k-Ht
zbxU@)mh~0#XLBy%=YO8=+U-A2*KKtvXxv8eju|2Ktkt&#5z-CvbZbG~avQf@Og}m+
z4fKAY`u=B#sF#&L`mz&Y>@r~VItW}{u>+3QTB3q@xT5ORbG_y`Tkm%5ugk(wgo_K}
z$V_o0`0J9cxfS3;`)Rxld-J&JvVJ(qf@z|2#OLks5<<p>T5$mLug|=k8?Kc6hA<uB
z0z}2to`7E0bi4op5iOxx?42}w0&)KU5<bBMQC@VmJsT%fL6cwodlRyK)b)vQKM}2p
z-8U_7?;ChBR<T?V#0AGEeP%NIVCV&#OXa$9eE7Hp-o&4?-mLpzA8-<A{d!hoe<r>d
znR?hyujD!y-r#Y$P}Me2I*Zan?@Gjx?nXD3Bj}jFGB9T#XZPM$=KJ*sRwCf*2-gHo
zmn3zQT!KKt1q2fG|AB<ne^;k#Rowu(x_eN#aI7L+0}-P8KUb$KhW*Hh;7V^bjg8m=
zqIcNH9oq&FO8_krP1s*5KdL4QMBnC_%gjPkcJ>+TH}sI(;5-#;ttEp}%yyI__#tLZ
zz{*VecYkF;vvAE6XZ=*Cyk&k!ZyVy5QfsoMq=kR79DKy7Bf?e2br7C5f~6}D#|v&o
z>^6YQ0^Wxot)kfCq$cghPP7S6GQ5$_p?nU*WM`zx=^Odly*S~XsR+k1|7#WypR#3A
zqqp}Lh_ow7Bt8jg`KB_j;(nxI2Z{ABKq1$Ia`kRQz%Iz+^Km0=%`L5ZDleG~07Y76
zx255)XuIX}d?sL52fx|%HmzhEv;*q-6Djwf@@uJqC}Z$uhlP(cPASr$G(C1P|9!=_
zW~pY!+_W<5MRVcmMYF)xuwu!~{cBCVM^i4K-3V^mYl|e0Q8zV_BVSlM5Z|3Q7$&qJ
zKs&rW{dU0@gdZ2hP+uRUQOB&#rO+*(9&fR%*L=`HryL{1^Rx=W|LEcWY)xlQWbsUh
z^Bu{OPYPRPdvYA9YFQm_l(%^9Dy$NBf87jUfi(NeDVrHzrSWF2X2QTl{2Bkhj`))r
zx3d==5}aghGtd*7?|B<tZ)BgLyM*6Nk{BiA+!)iVn1|zvUF76Jt0UId^nZEdte)SH
zHB}}2Gqn2v6AuKwaTXO@aQ#ExI3b$}-wgeF;S{_sN7CMMqawaPA=|08$=DZgR=r|_
zlD{k=e)$OJRWBA8I{L--oED9%Ozlg7W+DtoI4C75e9q%2i6a)GPKo0iZ+px0A<%68
z*b%@Bvh`UWs*FQl+eydlvLud;B_blSM2`7;78ARjO>pyuN*SE7NA-l7WGPBU4?y~2
z+|N=3)roXIHEonPMd)75bBq5|u|kPy#Ba*cyjon{#eScI-UAY?2hHQnSm^}*+=eFK
z7J9Y4M;_aOgHC>~#N+>@-g`j=Xw9YZ=I(7hv%Z$ZDIW8Y%2a4ngel$&|Mc{Tvp#t!
zKo0h+-6Xt$4>31yqHMO6KlNOwZsBfvojZ;B(!Yz++sQSU7!*K{IR=PVwN%_XSvA#j
zEO<R=MwyF}FFnsvMY;~@p##=}5XQ%BU0u!#CQLgP$^Yg@HfqFe<Ho69T}1S`y*@hT
zz7E88T(UOMBHxWsrT@OkT}EJcCe%Av6j%=PBrIlpz5_SwM7EK6GiT-8EbS9TQYtTB
z(47076<qM3+FC6<{j@hTTXGz8viG~cN$0BH@BVKi^RaJoQt6efz`V&$-rt*LoJXan
z=yk1iJazWx-X;RhP81~oWE8^^=@M|SFKlRv$Vf#yiDJ>aQ(V@5V@Q8+I3){{L@j)W
zx$&^LS^INv$xXW&Y6PQm`fuL`6m{H>GTCZI%R;+WC8(*}Lt{xo({Ufv<Nj@?5a@9X
z7X9Wo`J^hWH;#t|0#-{F#)m=eXXBwINj<tFhC1;`{#$;+a64YX?)&!2q9%1SPWiP9
zPaPXePo<0I4jUCaq>c&k4IIk}?nAb8o4s!^4H06ftaisFbT6TvWQSA&uR9Zr&OO$h
z&~S>+>#(F|LF&!=h}nt6x8ud}if4^B&SBBz%5$2QPUgQ<${$KsjRBkb)7B5%6Nj!v
z{QX`1tikMiZmA>d_`kgPjFuJIsvr_w+i7grT$+}Q4|}X1RuR=JY?Ti6^4*fY$ahNv
z1*TAlpnD`|&iE{G4*kp9d$}#0rY$R!t=JYwZJyG5fwC=Yo7Kl9GvUB^ZgyQYH_Vvk
z<=Qn>4M0hSjOqP+^&&xO`-;_!xYcyk+)!%Am`UzC)g%&9q3$`;q-7a&_G0buuVUAG
zarnZ^Qk@1ZwFhx2D?~gIpXKQm+6TR5eFS?_k?pX7Dhfq6?g`s*Yxeoa+D+BWdFu*i
zbEXuR)ykEbCR-hRTQy7O-rSKGkI?g0Cp|uPuWVbjGt1MwHJh>tPaP#MPdO#TRdcqr
zD$gaH`U^OsZQj{12*C^hK^)Y<!}S(=E<AHT6+hO432~JE*O%E;woE_c5X>jslNYej
zekpSpdU3O76o3PH|2`e<YG|05yxetCONn|GgltIm+g|MnRaQUHIrgO&AJM#MLFqoU
zcs|octiqz|ba*-PUz?}SzXg4b-G<+Kn3FF$cDDxX*(_6eSrkjOt%6(u5ISV|)=De_
zOT{iVih4!mfBwyS2DxaCa?GmtDxneEt;a;+u7am)MgVj7(~jRx(z2FozYy|Ah>dMB
zsTEE`GDdFJ>aIMaS1~;<>m*Y@v56?&$GoRlt`DHMCf3$KeU}%Q_Yp>b@&U`xE!tA-
z71N2ld3aV#Om}!T5ew{7%=yZk(iJoIG|V;A3H}ByRcncfN`t}ONnkVW)-nJ@2QAyn
zHB|avl1Y(dl;xGH5=!wVd(OHVcfV|2iUv6#Z^|S7vgPVFkchc=YDw?2jd~ubaCSwb
zW%;7MvD>+<{{KB*AHr=6AoPBk>IRkO*nD{F$$fe|z-82QXM@sv7w@<C+Qzz{NG!iU
zOmYbl{%e205qTSF#;RH`-=vf#yP;VYOB_K{N-jcqUnKgX><X}#)ae<e?~~l_!y4dj
z{tOr$c$%+2;CoKl@9jERlcrG_z=SBM;?yg%i)L;?A!_JP`>q4k3ysc?dyT36SEHI?
z*5hm^gmymQk3lhpfQ@6>UPsH-r+>+H-P<)f`}IW!vWTVA<L_Os2e+mrX3y8WCGQ`}
zK8Rb+ZRW|$9+jhsavjp;!it!Q<xp&AL9eP^*HNrUv2mEJNW~FD2VBw?xVCUmC-F~k
zGs7z1(|{x^48xeQ$;&J{(j6q2F*!MG&y+wMr71Z;M0Z7yYsCUyAJJ}=t0s)P;LIv*
zOT+6W26yF|L(|$xBXrQwW#R3e{WlgLhu^8_Pl17IR_xkPK4xsH<%5LSm2mGK6k}RC
z4O_ptY=e#sxy7-gShf-4xSnyp!7H9SzTu)=6S>HAjdePZxayrmXqins_QaQ(5Ba#=
zVow|FT%<m(GkQH_qK+e*_qYqhN1?@cv@hakYW9-XmHec8))sW;z`)YxZV<kz*0pn6
zMO+;5b8D@Fu3<}!KWm8(f!^|pz|gNXW`W@p1OF^9BEb^);^F-17?MZY9xiVsEG`OW
z`EDA4;mVqnTa=8tLz=N3p_9`K>r^U))bx8rzm;&^U$>DutS%#n0Pb5zTuV!=F^>9W
z@s~|4sdh87D2KSBNOB!3q<p|Gbi+36-`t=GL~GD=gME#`xB&^&h;VW8f$r_2xb2bT
zRcKOQYH6|b1eG97(E(D@PcwD_zbwtoci=8lekDj%BL_VR`)8cWK~;=F-L+#=Jox1T
z*99qiS!N=#+oabUJAl25f;WQhny=rTgC>CLzc<hct;IeGw7W#;Qx?RC1w?|19tGv#
z!O;^%Wy7~*qrO5MyQk7cd_|G{5GS;+b~@0uhLu<mFQ5%)xsW@$FuIjy6OT$LT>kMe
zg+hE>*z!)%sh1*87xVgsph*?tX|}9wJo=JrMijc@TUCiEda$rlsqu2HilW_%wwCyW
zR+7TaP2t+lY*H=Afe>Px!1Xi(KU#b*1c2ahs;e1CJnh9SU%j0tGRYGeF6;@hRRAd7
z{G|)ziR|3moJPHb7bln;4GO=k{lR{1!GQj2iJ5s2A2Bi+0SxXNRTUO?@KI=NIb1m@
z4eM~pKZRBp(8%^Q;^YtMnk`Uw`(AxN_e0JiPW8j&);$BxOV6v8zI63p?u$oYKR#DL
zm?8I(&p0zqH8=J;MyB(pE@|u=*vxw1paq*wPYkUqujBgur9TGK-%9_nmU3eO*t^~g
zY;R)~-k<7{a4!K2KlicI-lpH-PNy*)zst(*I@Kp`j*8yWj%w0Ia8pO&a}peBlb&3N
zI_`%_J^3Jgpz}aNtPsfzOq@DmgfjtIk}CG>XYl-M?_b$x!r{->FHcRXhk?1*o!?Az
z)MKr)V0{LZ$o#g`M?I~t>zlvk#V3`NvMn4mYRpWvj-@nk{p1)=CS+UGIKcjPEwpj8
z*@<T!Q3o1aVgQ-bXq?LCnHQMIN!2X8IQ1X;Gb5Iuu&dJ|8Bg`oA}L0*8U9JI=rjtW
z4MIBUFlCxl*)q{kZG63kO3w7^!FL(S((tY*#2RiG4;H53Inmop+cHo4oy*Oj{xvf@
z<}!SeWE-}n%;<UK<t5JKsZ(b$DfLnGiV+__zm%;)UB$<0q@XLET@J^`s^taFD8oEC
z??3z5yM=%z;kmn!W-t)|nI9_|)1s$1-8E5;y~$?kNgXQh|FjZ(1Ud&APRWT3JA(i7
zE7#W$4vC8(Sf*dV50}tPOx#0hu=`;96gX_dZLcM8>ET!kB_t>lRD9|+AUf>bH0@hu
zd>%(-cALMpbkUh%brEOp09j?(wPo7;`%Br2{q+1#o0R!ZFg81+(}zvhE{`bU_8;SB
zH)T=>C{$x;@mS)1j+GIjZ|nI{R7fP|?b<Gw`c4;{_Ia5Pe7MRNw<_URC%v5rJ6@m#
zkxWgVYx<2Xi)ZdqPOyz<t9clcE)4p!vNaV#0s@6d0OlWvU5DmpKiPN9621t&AC-*!
zX641@Zbj3R`iXl6pdi1SH!|FCKru#>yEb)_XjQQe;%CZ)0EmUXt>=xCjo_}`UCXv{
zZA~PjW!J}2rmp{_;C3d=RL48)VY=V2nF$JV`aU%<C_S=gw#D8oM%Oy0>DbKR8_Z{M
z-B26w1+>3}al2;qqkFpQKx4iRNgc*H_4uJV`4w(MlC4P<+RNGPa0O-$_10VVkiGkG
z<@-8Bm|4?61;luM4b=Crh`5`8PTFmsE){OVj0|4tg4gLrsnpjplkg0&p@o~^@=uRf
zcGWMd*Q(Fh>a*&0E<!chw9;FC*@KNK^v@HE_lqYU#C{8tolzQGp)62>M?jpeh&+f#
z(i|UjkZ3y+@aOY0E9G#J@$08VWL}~$r)SAMWSle719xFkBdyY00xs&WnF`+WXc{NP
z>do#uR6e&jH@&20nLIV&OqxISc}?x)F%#fSeB}9GbfahaU{f7X6qBFfgby@){bIeu
z=`tJBpio$j6IB}VlJOS73Eq(1xb%lVwSS%bGwuKFR46huHK7n%0#7KBh|*&V<G1@x
zjdM#dyX>Q+LePGi@S<hh>7ue(N*FW|-LNxpBp!w(K=<GH{R7zIT2{o;A!SA;fsov<
zew@bt)!SJGWzuz78j8Z*3wL*SDBRuM9bTkxcbCH5y>OQocXy|7cXu1U{`-&VnCOX#
zzM0I6%$0G@zR1YDdDb~=BUtH8HX}&W;czrS_fh0esQJkWsgD!Ehoi?e+{OP&5RyAi
zB>q`5tEO8Q)=`kKyu^W%tCM*?UTW>SsLFR9D{4(qxxQ#o{ShKR35)r?iRT5$^RmAw
zWIPo|+U&a%VX;u>(;m{E@+n=P4Sde)yz>|0=9R&-GL!e|c;0_Ky#2(`CU3Qs(`)Hv
zEzzf+WU#Xzd+on{?dgw8@5)E{_K7-*UD6ZCifJYWGgd)<P~a9X{h$!(9xZ>4kO1E{
zRVFUux)(Oy-wGr#V$OJ`y^7uDhUQiY+H6|GtFLSZzV0<cYqC%RPJBijT^p9;96Y=4
zQ7kr+D;z|m7Mxlls22Petq?rdnpT}6s%%6+WW9jbnxt(NNJkZ!?u3y-owISKnYs_?
z#KhgY%D%J{)WK9t<3GYFiV%^(!7mqPnep_9wSIk%MAGmKBW;PMEA2a;5A74%h4*x6
zlk^1W9cu}`c&G*9##w`}+Biqq0;i!DBYU2H>QlfH6g?5PbU1@VecXEs9MR1CetNcf
z(ik$kSB1zCy`eOQQv@0s;A=cedv2npZH<Oc#<q7k8mN1-;dWNjCv)EFs(Q6N2^q3%
zqJza&>u%s>BoJzWmu-Ps(5hiPr%g=l>1wcvuPEYV>+{V^RqJyZ*8luUa55mzw0-?b
z!)Un@to~l-83tplHBFrpw#RYd+nS8(#`xQtf&7?*y*CZ?yoAmiZS==qkOKQLtbNJW
zX4CLDzry!y%v-s6mJqG-6%Sy7{NBq|*!Nu>55cch4GgNay_nAuMIn{=qRMf@<uP>5
zxvp!K4~A!K{V#m>c+aQzD<czJR%A2IJ_lkV#T{I&Pmb;}uaQp=J6df8;~IOR+0;op
za{awVeYU@^y2|!iM^)<h>;~y`a=dun_h0r7QkJ86H`8_ipKk{TJ2z9cG<C?GLzfjD
zt}rKsziHM~hRHlZ&{NT$xOu*Iv0s79RsH&=pDRk9XjW3?I>Ehu8i!1A*b>&FcVXbd
z@=FTw&N?+;BJ_?)#CqCAdF^5TM@v6LOEj13c$u|ee@DMx3_Z>Er9K}{D2v!I8V_zE
zm}4m{Y}4<W-ob-%Yb{~ekCQ0~qP4Bp{$fE+KO3`AlZ6Odt#Oa?H7gFKkSV*`M~W1f
z!hmfvkvG9LJXQ6WaQjxjXVvj)B~@#y;z0!C^BO1jtCZUupVqdQ_K>BMPsx%^%u3$B
zmw@H)WRgK4;rcwb)R~jx*SBxt$l}cWeb*WL&2A~H@tz7gl}gcJB3A2#Vry<?2(>u_
z$n0M9Ll@&TXOO^k+oQHcsm6zllN?5_T|MO%6v(c~a(S&hpsAB4p(9zWUM)LLF=9Dh
zOY@oYop~^xnK{*AJVA>FmgmCCuCxHma$j5`A~EADDmUGoYI#Qb%8Ap;8lKSRkMGm)
zfm(+M*obqYOh^{4%cqU{>x_zv#0v82c0;vaf5$_5q?8KYG>@2*?Ap?g#163~)>bO_
z-UuaYI7s*`mxtE;M29Wr<b>@kN4i!XXWSUa1>>J^GD5Zo&(g#ig)F7Sfl`fmfUnK?
ze1dNssFbaguOYlgxuLJ~w_JnnqJMCp@Grztuq8tGDR;~X0)~W^e9hETD5E&#`NsI<
zv-lc9`#=|t4N5TPA#YDmE>F{XmA*5RVssCjfroU6)$=1&>ZBtw(EiS6oT4eFYgLFa
zW8ku8(?*hdCUbso2bY`lN~(k6hvblh73-XW9B|w)X5#0=WzDdy?3^N#{_)9XJc9yk
zp4?JVy??;KNc4SC)+2lrcn^Pz)Hw{{ywv6=(JvDg9}jdpWS(}9l%W-O3-5DQNx~(X
ztvM_VXfj>EeqOmBZX6<Cv=NHQb!D_W(Zub|7v5sCWE6a3x)1M5l`PC5WNui8^xNp=
z*q-12fIDKUUkQ3P&<1e*EoqY7X@to}Q-PUfv|3b};B?Y$X#UuBt!aMvI|82}V_54z
zMEva+qoz}8We6GMgfsdb-%Q{KCdZ(S5Yyc9W64|J%*^o3P`%)UJ%zY_Ait**bJl9I
zKi2~6iseFA%LZNr+4D@d3#2&esP_S0IB~6b-$c4wtnXj$%S2!4oFq827*~Q}o{nPE
zBBZ{f-XK!nj*@I}-Awh3P?CcTTuaP@*ON<4vLEy2Bug2>(1K&_(qykB*N+4vN*`%b
zQMwpXuxlk4O*D-R7(;h6Dpn&;GeOVuh5WimXmZHXQw<7Ey5&o%vZ0?D9&o&)bO(MP
zeiKG5F@o<>oNl`lx1E35WA#kvQiFu4Hffk2U$>n9T%sE(U#LILH@!*ynIIYnE;FvZ
zEMKq^%jinrk&C=`CBV>%{q4%sXZHK^^Noe_i6w)8;ke#Eh``XGRY05FBR$G-{^|XQ
zBs>X!omi2I)D0V}O^-Eh%TKN7utp-bJeLB-X|fN!h7h%6481{BHWiA}Q5mZnLNql&
z!aCp|=8M1wy~y9Ii2;)X=`%PD%rMr7B6vLfYo4&W0K#wN`>soxkj<xKC#togN>A?8
z?>5bkb-Y)@vuLd)`zmquD`8zNDcAcCK{$hXnq5t8?FCk91-+*(=bZowKTa5=pO+CX
zZcbam$aw7=*WYY8-6??&iGEK04~f07VCoO#=71^eb!C_k{gqqcW%c?)@asm+@fW^f
znkmvlOb2tWRGy<$n&KAP=e^V^&j5>raYHmupUp;x^Grn{o9r+>Mj!n;)WeD9%~r3F
zRCCO_;sY64Sh2{{eQ1KP{gx`r`tWUmtyr7d<shwx02w!DTL%+)Z8G^~j(ReGccW;N
zyzUUDL<AJw*d==$_NDua&ore;B6u&$`p6o(Lj<YeC+3_t;{&Ga>eZCZ29n5ItliVb
zV5|)B8*C9;m22=$o>ty5jM*#N9Cr-wNB=jr-H)9m7SA`j+4=DyGLQGP%%7OnnaZan
zVW`h`{7C-aa#SISV|c%N5YF~jWFv^=r?$TNOOQ@B;f64lln7K)NVI$#jU(SZxr{{J
zzES<`GTo0}xLr@gc6I9KKlF7DB&|*IIuKXckoUO@9Ivq$n}Fu1udjSF8>$;_o*C-U
zl39kJg<?VBH;h9wdC%+;^Dq~iyr_A*Lx7k)rS?j#AM1S3`DI3%K%d1(S9pI{0gmDF
ziE(LICk{?xny_Ao#<cu#tI$5MZX&#pt_d8mz)VvN&E5J)#JY+<xh8ir2L?cybaE%E
z!pD=|gf~KVIigsHxcZ7VQikE$9@Bt|0~u*9muzz%VMbP9)X{HzM)bbEd?Q{#F84qx
zkCLv?h0&G!VprhyUkXEcn|gFOWG7@4Ky$!4wtvq`)MGbvW9Alm5rzZkYIrrlK+@`W
z!Q~(>pXlCiD42;m_yT{dJ>>5aNfKmjT@j80%(p@=1W-_27*Tw+tr<yQVl#mOnBeFV
zUMd^G`?MP{ZQ%MEE>)n`D7p}!izrR;ifQ(P+NG1^eMZ~$6!{}npb<{0r+?BrQ<;Ng
zPZd%ZN=b79{{)l<=w~3~s)4>?2PD-*mGSLL@=M`aO|=e4g3BSl%y;(H*ZyTuL5+!5
zg8hIK{@O=<^WzW(i_xkDfp<JN#&Wx?!|GduR?L*x&5_u!qZRCOHD{aFZlvnelTk3Z
z{W9$e(%Fw>HU+Vm5dQgG6N@cR8dk<7e-&s|8Pamv36z!=aE!Y1syr)?U%Bj-&3P`C
zuB9&6Av22}9SGL24_%AOLQ;6tjzLnw5*tA<*LF9<yI-`)&5Ust_wDvU*FOJ-CTzu)
zgYD@OQB!1AJ6u7o`$`1SL9hdbjCHln?+(6WWxRFHX8zZO$PR7dVwvkNKx3oXMx{qN
z1%8qL8fy1*X>k8ThE~&EZjI=^l29ztC6c^S;^@qkp+)^r?0l10Ohm^$7-eN@ib9f=
z2&II8)cHyG{TB`rjJ+%8E`P)ZQ_=qzzU<M=KaRcTl7*K&87d`+)(;m!meN4i9g|4<
zGl8$l|3G_q5%}O>vGNf5nY*rLz1;I}J0teLwKMi-<u6Fc7sAA}Jn%mBhq;PAQd8Y7
zt%0i6s2v++&QW6Ji-g#g99Ddd8<mX%3{NH1)>@U2kA#h4cUmb1Fi)V+ZofNm-boP9
z{OFf+cI&O4o(iH4Iqm?m`Zr!NzPnRLIs8(2k3p=JW|jC-Gq6QR`+RjpOOgCYA3Ywf
z{S0XNc?;>wZGvT|s=$qt`4jnaj*q|z2A^Qx5H`$D8P@zq?8c3%(W%OX(G8W$1#7x|
z<T#yO=^V;cEMM6>03tIj4RB?lHj+K#Tr0sMgnHJDFTkAFsH2$zX7hOMD})o3=b~+D
zyoz_6CdUAOz}JXH!vtBWy1EHUu~EzVCAC3O`Xn~EQv5>LsfJSWM~s9p#)4}J!Aaej
zvMclbmsw%@WmbIkwhjj;dYPC|j9!Am1x7a5_<!RyW=ma6E?<e{oaOjSl?@S~RN80L
zs*l}QKoRBU24&lA^O#4DL-b&Gg2QQs#@9>U=?hEH{WN+Qx&N0;jdzA(tpx0P0KzFp
z%M`0^#s&dicL8!ed(~zpd9@q|ta0olT5j&Fr$kaigK;ex!H(sOA=ktZkny#to1<$Q
zwElV{X`T({KOBdj@M-_)IApYKoTYX&Sy@%Kt)9X0ocy$QS$N4^nF&45TbzqNm!k9c
z44F3U2ck1KpNN&OpITXs{a|ifvBIIYeekfF`jNgKvXN&7Y}QQ+hK>0o73^+-+cxF(
zL(hL){>g!}9`fg2L)=!0kpPb!PL&0+!rBSjUd|GjKa}ZiCXw~9-zf7CW5|Azg|C_s
zm|ew=gRN=_wEolQ&tK?_`toEjrn_G!|ABh$g)7mqY?!&ARG++Y?A+$;Y;c6vs7b&&
zzfogdDwbv0*E2mI3U3Qkg5-{X^Dmh5rzr&BK+K(VR9Q8o=CL>G>EgjfS8*S)TLR|*
z2%5l7-7<!KnfLm0ev@!|^P8l2*NLx?d6Q!9={6Z#tCyeW@N3SEW0bb{-1kiY_9mL=
z#;0_XVcIU1a??fGjuLAy=jAzUtNQZOliazgatOQ{!IHW8D1a-FIkLdz2Y|?vJ1*pt
z<~u<XkZ#o!zH!ZekbS&~+ad$LalxV&nwZ^UzL}R4tXS&BKW;PNDDPQ6`KpV8e{#oD
zD;u!9A}Nxiz+6{mOv^=iTCRd_IWJefVQqIv*a>GEUt~c+Ll-Ey{c|*<KW#kX2&qD;
zt{_<GM`DyhrAY=GszWJzWUeORPwTICutq@{=Zi8yJ(^l9G)|~^EwS?I&XP~*!AFdW
zg-N0;iH(2M-n!_z8lGm(&W35_D>Sp$B2#H#w_k+XinX>Mb~x7r7goRG+p88wQw}#y
zppor~KP~)uN;RNT)UbN@pM_iCxL;~GY>FpWI?C+YbXX%=P(VbIThWk)@`=h|Bp3V*
zouU?{?}Lytb$u{me+0JP9V#r7iMd)h0mW98Pqj}PI4;nzr|y$+E1XMuAtBTu%{tbw
z+Dnz+Mp`)NmtCH2r4pN4N+O4!tCF3pkp*V326R^vE=7o9-Q)){tJxvaS1cDFzuIy_
zvdpGW%BXeJdgt`O3t%F-NVSk^qIgrkt{>lT`z-{51!!IZ><$q~YO)-z7=7wRV0avf
zGPwmBSAAQ%UzmJT^FD9XJg1qKFTOR9{}vX^t#RO7Jhz2Pv4ykK$yvQo&>oz$C(@${
zdU6tkVzEDZuh<daDGU>lqg{f<e_|GZx)wI1?oF-6o+lP)Di5o0GIK~(SoDVGLHT5X
zEdZt|<vxYD5^a@V<@h?v)8U|0zr(nYb|QsN|IDs|-4_We$`(J|v^|J=bJ+jl)I2{Y
zW$Yag4}x>Tn$)jf>p^jG!KYp&i7`c@WWx!>96sZw<FqX;4m=Pylb-mqS#2x?3~JVD
zPNlDT$mqC0v}W;GaoVm!-U~A;cRiT4EobI|70q}8a+)-8#FK4-jl)(c0_tzA@603E
z`Hb)RwYFtUHVtjjVh0dl^j)PXL`IF$I3Hjh48(Pw_J0d4NS8cf(`1u(BaV?aXZG|=
zW0h+-fO#Z;F{3zxra+O`4MlCX=5)v{s*H^yIIz*Eu(~PXjHsce;PF&N=c7i)ua7Oz
z=)Y~t-Rwh}3e2589+w`qoE?qZe0`i+mv6F{0V(1ay35}pOFO_;*A_oq%Sk9OfX#MX
z5PhoVa=d`35t?3spLM3!?L_Jq2o`;e-9kRwpQryDIS(Z5WmXirGRM71)h!<T^}z1z
zavs7++EK)l2<Wt3@<h~p;pQ2}{)sG6WCR?CSHqySRRT`42b}hnxZ8OZb1j|4)3g<g
z7bUg9V1tojcANXQ=!dl|&xBVqR?1M+pzm@>2jwZ82TG>&clG$$JbNd(<@a}!+Y|lP
zfw1<R1oF-o|Ai&9wn#^zqkb(Ow@Gen6C{Xvh0~y>;G`A}Whr=y;VQc_5$B3<PA~%X
z!_GRWVPTE#7<`6_+O9Y97X3F&o)vI9O8z%YK3%_P;uSRi!zSd}7tj<0u8NK0(DyAl
zlq)@=Q~n(bk(erv3KnHUSArZ4@>dk!=@{8AOH5T0QkEU57CUK75<YZFf&OnprSn#&
z5>#bIUey}fyxt+dK#}XrA`dVoNogfVT%(7|uEEbCUJhZ*<N^dg##X~U+5d`?rSZKL
z`pOraMW^PmR?hT96ebni8l|m1-sZh5*xOV%PV8L6bu-iJAMBS;ZQVifypAGha|TN2
zlY}!jrGIMucps@HM>+o$N}mmt2lq2I-==B~Uqt-E#a5wlOr5B+1oD=-o9!tI(;LsD
zZyuie%ckJonAQ1q-o{QDtlR*bI?oCjXm(q}eK#1!`jkFobet{P8H$#fgT}?$kFWdP
zDx$I|G3tH;C7w$79v>>L|8{mo2L*t>mfH+ryNJd5fE}id|1`Or9qKwd@eC+VJd%0E
zzHTWXxu^{<%45^6!~^_aDDnj(;eSVw?Kg7%e^TV59kDk-A2j_l0&Y=xbn}cbIXXtx
zp9Jj5!rT^gm_uay*`FW}Z|7g;ze}S^(0cQ;BKjint>p(Z-vhb=<S+EuKj~(0z%{kJ
zkxPp>QEnf}grVA<&Dn(mZO7#GB_qy)^~ei89A{x`YaqN$%b06G{pC(!dw-${9$1{)
zLyp-XUf-h(S2-!nYn%m)dv&-S6w4-sEdOw9VZrZ54^D4$Qj4FU_k^OtV-mB0q|t<u
zhzad>5hU$b>TTLWI24{mrGhuoMAnVs&enhGNBh7Kla1RDMd4vGqCpG5jy;-4$;X;G
zXj&u>$i=5ot+2DU1t&nC7Y)lycSG0>pF|o~V5TK$kqQfmYKh~M^&A08!&F&H-=Sa?
zNlcMF#VKm5?bv^|a;~K*E?rcVd#n;fF3QQ)Z_L0~-n&qMZ3lF_h!YrHW-TxN#`<ME
z66J@`uQH68gB##=Qe%q%nRUqToOSLAfv6mszLKDC=kxsW{MI#)ED6X+z^r1NI8KSY
z9mDy1!+-teqi3;F6V&|~R5xgOMK}?h7T3#M9{x<3y%*2dAGo86NTyPmdNGWg7XHgs
zyx)ZVR&$G>&l$z36spTKWCq)Xd)@nHEvNzujl;Riq?JeO3<@10WUW89{n;8fPKgb#
z%1ElQ%o41!!?s+u<Y@E&tsrP;EqaQ0#x&R<Q|`c@7Uo$>JlVlzMO`ANXXnR`ja0pq
zp%fg8*pB3}u!vxfXJdoRkZ|-OZV&PIMSNmtfN|up{hdcg8Jh<c-=;P;%<K%^wxed#
zYGZ&?ZzTj5@e)j+T!}GUGcT)A?FI4wiz7o|d~sy3@c$u4o`w9Mab*8k7h3$e0JUck
z(k_S3vBu2qK>ssOCdsZ^<ViRS0b8yDg~2U|AHmv_7LAE1R1{YQZk9LXEqEWqfJ%A=
zk2f;^V>%{6R^F=dUPsgP?wChbnK<>gjbz1}K+Nwk2!nvUk-GIcE%<_gjSCa3Rx4iO
zo_5j>_W0U?ls`d+;0}dKeQL4!Wy*W1L&>WK!fNKBwHzp~(cKIC|D=>~9F~d>Ebpe_
zP^3NlM+z?2Md;32p7k+5i?K3_$D&FE4<BqKe6ww@erf#Ss`AJK8aB|&=jQw_<uoBf
z--zSJ%R2)2ew&dIIVLbvH7xdo-&Oyh$55IeRAr+~lyU~D;-a>daSqaC(i1_{N)PLm
zf{~^G(N}B<cVu5Ju9KO$OSj|Ey1P0tPPL0#VaQF=hu;62`TcVZxVYbBOZz4u?>}QR
zq@<Q8a)Pg49Aj+9XNgjs1@N6uLn9_iGY&VAq%LconB*VhU*#W}1O-LP2a#m8Rn#n*
zv!p}e><>K+{qoan#vJfh(d1!HGR@bVPq_Rqg)#?&L9_U)BD;KHN}M?7YW|GGL|L&c
zE6CGc1d07%H?s2@!UJBNTJfW_rCMZI>EY7~Rqm3(X?4n~ne(3AiFZ)6kL+~##!=^<
zaNe1RQOo-0FD}MF3u0RM1RijF^(EbjSy(mgpe}$E$mx9BUI#AWxUGDsv%fbrlmmem
z5poS$Wa-uxt0Y5b@Uqq!H1^oBVzqE%3|*B2u`D=rHqi;r@?E&Mo)*8C4Z;n@I0%Mc
zV`k%%lI#m=@DLAJZb5Yx(VxXlhaN*jkiWyLulIfBi6X+Lx)XYw@@)AYAv@48oO)c?
z{fhsaEYHNSGE*#<+}(CS0Qk|zi@I~Y+<3baeNb<8Chu*h6peFz$#7YE8qh_2O=~h0
zu^0@)kQ8NfBG>p5@5!RW+^^g3`2xhLh6E<K<sH#(JfLjEAlU7A7=!f#LsQ)0CG%!|
zJ4GLs@nCgi#LfW^oR?H_p!QV+yT^2zsAT>{Of{D9tB92)GE1+~t~lk3Anw)n=&Lv6
zL;#UIcrzr$_NV3W9W6XEROa?&gTdh=_)>KndXQqgWK{Z$5cc;%&hEN4Ck7%%8(G&B
zFCG}%-C_Se<umd}dGUNSt|+R|zR4Eb*qkf>ZmP$Fpo5?D4I~n7-pm%<1z$cFB7nd>
zR<Y3jo^&R1J~$!SpLUr?;BBjnB2SP-y;&INi0b}@G}`c?1r%K$3{{##E#_tx(s0!h
zg*wrCXrnjFp~RfeaJL^^-G;Ig`u%y2Jas6;-H>G#PRw=L5!aeReEZw+LUdoS2#^~^
zxga_|M0?PgK*tqXmvGZzVY=b!H}AIeH_2uV0<f4mXetog<CwF>t5c%rSP`&=>;1i-
zvPzuI=WqyWkd$U?)~k+p6^Da4q0etb4Q;!V%PW5bz9SRr<VhuOc+ZgvOnMR8<S%BQ
z)Ri91mI16eoA5Kg{Q{$9AWtws+T+_wsxzB(dsYN^Gr_yw!ufVk;D>ba7hATnB=!3|
ztW%))Agq(=Pw>90RWC4QFfOv%pG&G}b>6OTl!|*yqHaKpzQd=p7)+EsZc>^0jg9jL
z&e$SOEG{upt8JJathb(VqA|=B4|{gBF4<~>wO5`_JV$5Fz-Z6es$Rk*EPItquM1XR
z+WaWKwXCW(da|_wq|>($mz(e#ak67MLGYLYMx#09>E+WpEcuLmN6%R0eR*YlmKImD
zM3@kEp#a@;6_}S*8=p?@f9eG^Yg7#_1+u%meP5c#b{`KfHvmHjqW1o##+t>eI~deJ
zqcmb&OjReKXIjXEnA%X!`vW@%YQ@>;M9|&En%NE$1D<a{V7D_zRDy_D7at%^-&W`O
zJVwq%-(`JL4@b^tp5y$w+oyLs<w!@i`lp}1+h*WZ(J3CrT<JdRjd;BEOkl04i>GGJ
z6c4_WPlEMP>+WRvMGHd}AU>*+-nL;TBeQ^2^LZM+=Nb;Ob&)lab8;D*cbmvb(q@`-
zx&;PMK~YU4YkuV<R?X1>S@{VxRN6c;nt$&Q8Ey_=d=6foUQ7eXUDFAwNY`dD4SPg?
zEl<{d_WZ%^8q#zeRVI8`c`d1>L6(7L*Xb}a1YD34Z$(CF8Qvk}B{OXA?WfA<kzoE2
z*ts$xxAK_jQ5D9Axc+qUgY<BnL>S*=GJRzhrqJkDn-UAf-h6^U^)SUZQ)+ExaoB_)
zvQ+Cn6pIj-NT<Q~kAgwc<+NgL3kDa9)Dy;Lr`*ZWnxB5Rc<3?VbAa86#BzDd4I}BS
zBdpV6I<dsrmB=ZrLbjur&f=<S63+Bz>RpXXw7V(k&YRJ>Fw0e@oT4R*zjY%nU?5@_
z{d3R7@f)_xobY`uoe)CLZ|+*~m_%u<w^)C&Gcy;m1;l-cTbw-5ji-9@0*#o-SWrS;
zDN`p&_DsFpL`q+*6P|A@>QcJMV{}wQQ-7!P*^N&5R{F0o>Lrpp;iEw0;UJ>{4T5_9
z#<ManFg|!&g?#LTY2<}|objcB|HPQYQ#;f<^Dwc3YCprdbX$_-?$#%M4H;*g_=P$o
zc$dGD*>XMMHDB|tc?*B(II&BZ+UAlE6fpOmd|E-Y^M?_en3*SFGv|zuT$T};MSy0&
zk!0~|eW1QKU&(;++EUlcjaacLQz9+c`s+{H<<*-9%g6fXA{@bY1Y)$cUi~#U-e5OX
z=IsiB^eUpvB;H%|>D^Rulpw9YVaT6VQ2<`C+RdYrmo($;h{0-7A_@<8w<sWh!5bq7
zOGKM)j9H8P4JYXP4mJIu-^I`JuXt3PAyuY_y_1#lg~!<tn=3ArM91n$$II&j)`t^|
zh=LYuaAl4vvlCpUOdbq$pnCZNnzNoEj#!FF5~g%xsDh~DCFK6+2O|9wTPx4JtEOJJ
z_YeP%G@haZAIlK2JIlIQ((PlKL@B{HV~ev;n!#+)4B!<4FNXY<2xTYH@g1QF?G(at
z-yCo_S^+&qZpAd1o6QN+<-!>|QnjhQvH-cK>9S|Y=8TK}eyA`@QHdvIkiR8lphiZd
z8VWx7XoWr;q52{}bsYOrtS0sShDdVo+y2vbdPBuj*3{M{LA9kQH@gqwgjo5^s<_jN
z;*v+wf|D)5fK6Rn(0lZ2xF1*x`h=YMZ*Q~-@o+avUFJ*#`L`9Di`Hwrc7$&NQHYO<
z%y_sLB<xq9TbL_Fg;w!Uj2gM6C0H~23v<$S2ejtz!?$&(q8`Z2RpP&H5jxF^Rgz+5
z@!A+jo%3;{XCJHIs7$9}pl6*D*co(r7Q&t99)`laNz$rP>dcDus9}jcp7N@$+BLE-
zd6b#!cc<<Uook2TfOAF6GbK2fq4y2W`^etPx+tl}>=NWKHfzQhw)2Pu5bIIvX$M=c
zAmYe{{@~hlMkgN4go3r*1fQrspx>(<29gJhaYTQi*s5X1utpwHljfB-fYJ=v>6gJ;
z27aZw?u^3TMee-c5Le*)j&ZB*A7XgC)3AHflPu<T$~(*&9Pua-;)4LhBl>v%TuNAy
zrttD85s%PXi%TVPMy$v67GgYojcCl<1)#++RU{<TPmGdC6cj5&ln^AV$1d<xng3}=
z`77mjuFXqSeXkNs5$B>P^|jWDftf5D%dLu?qFu#YTiU6RwnDM$h+mW128XkOc$+Vk
zZ0bczo|Z-q8;~$Mb%9URVG5F=IMxZ}Z4RiW)@3(r`hD?Ue_+rzwTD0Gfkwb6>T=T_
zCJ7lPa-7U@V_UGGXuC(FETC9Md79%hy(MY#*7n}0Lo=Pm?HFCT^_1~AER!>H`JKAQ
zi`BUR2SrLz*V##Z5%LXbigKL~Dh45+^R8nAIg_)K)1prQ$VjT2LtJ7om+<zu)9Wly
zS$~-)c6hl&d!KS}j*8d+(TnzL9EAANhM@i3rtc@DQD)2Dt<X0ozZqGH!O$g~xqVL3
zpwmvbeKA=@woT2-%Zi?nkrmg)8h1&HZBWJeR4$c??C!i+g!Ctiyr9dn3y+Y?=`hNO
z5IYBB47OIK$iOfF-)DWw^wa4m@_TT6&J}n~dql0YDtyDoU#RPVCB+(@j{1Eq+c2Zf
zF2y7nT(D`6gjhjKXc6Z?7_lh6{!_G8gCZ>P_{DS_m!&x2G$-$wWAm)6p};l~3+&%#
zOj5H)K8{TJ$ar)l-<*FqOkWSU&;MjNykLchrgaKOCCE$@MMfDT;0{EVV&iM*A^~&f
z=g#m97oBuK@}pvaBR}&XMZ2h+8{N^xR#Qy`9HQLE;}qR1nX1Z4?|4o_8f94JU%a_f
zE=V&D=+WWfok`zPy}6!5AQoc<!9)s4geLV|fIBe!Y2bIa6~8AnaL5|Otc2Z+at_m0
zz~s-w*)qjBiS>O52tszw*X4tS)=1Oo*@o4j&#!W`WGNCwTD=H7m|ys&q40NXUqDx3
z2|5$|y+cm5E6U$HHe?u$yLVq{u9G)g*pIjc5J4fbWkG%(*Yqh0Rr1<3u?|IVK*yFd
zm2o+mrC@!xtRBT=wLPbSYq^}(s+Z6#o&X`7B(6VuDH=$I8dGY6vGd(i0>MqHuZgU_
z@Enp9R0>G6kf25)bhI`$x2tX^m-6B$3z$R|@RObjisbhdJxzL#2*V3VAb#+*Pv0fl
ztRD%0OQl|UO#9R)q$-udPJrO9@eal9iBz;+c6f>Av~nZmx0pR-6M5GW0=-bpVQmBK
zhlP~DmZrdaB{n(E+N3FFTj><BjsJ<fAVW}`uZ|VWzy-3mWy<eo2hdW@ApT0_pg6kx
z^=(y-DrrUj5P$u~-;i(Ddf0jYNIXCoal)W?h{PA4hTMWX{4<;#l`5HRs9AMqAU}=X
zm!|X#<|E&{upMe8=oI?6nCm=<39qFdy7Z-p8v6QBte40D#?<l7DS#=Q;60q77K(GV
zr7CyIAl=?g_t-UXvzq281phH|Q#`{KzX1m|3qdDGxJ*s2Qf@;cI#b)5_7W}WWG8yQ
zAE!KYf2wSu$9ldS{I1QKbtrhDgSiR)WIf4Bw}adDm{zsYLW5gr-t{opn68${Ox{3?
zN!6UV4R0^MApurW^Y>}k)3u?dY46UM()TeX1dTg;Ru|jh<V@mp&&EOV=h|Uw0D?T7
zn$IXmM$v9#gIguB8y%Zoxl_9>-G&QtyDi&>%ds1eR(lq)8;@0c*6g)QqZ?54%4NX~
zShRa?dHoQvbzXM;AT_kMv~!Nxv!=d#o)Y7lJHSI3;QH0xg%a;lA<|Xj`=vs(s|L4T
zeGvt2rBGBsQ66sP4O2Ct=72_Wj9JoDy$s(BGb|GwwMKBOSC#3>NU~;_tzr-L`2H=O
zvV6<9P*fz0njwA8uQZQYQw$?rl^U2|&+TLLs0{T;xA_68sbhzF#o1nI!ONKF6}>wA
zpUn5)$7%b!OAXKuZn#p*C=AVrFvP&i8B?bEX!#K9VXhgeHHu)UazZsd@XgS74F97b
z@3>ap6?O6TY+3uoSl==gHg5j<zMt2ZSFVzNv-?`gx?r?l0<M~l2(dKVJ2BH~RSVNn
z)C|yu<$xSei&X8lO@VJN2+j!9EgzuXav2R-Tj-q-tXMEYw+EW`om*}nY|Z~OrK4{9
zq0#==v}L0P_+OtDdq}MouG9vtif<RWHZ8(*e{o5*=+r>JUe|=hvAY-oL?v>C5q9M)
zQFX4`Kuc1LPSRu*3STj{Bax3NcsXIpWDN@2KPu*5st$$jAC>(t)qq0wkE;5YYC^&L
zM|J*7wV<H?qbC1Rn<>tg44a3op-E$lw7;~&59q3oTF*w*bQ+9A^*!_K&O#Ku;&f0w
zf{m?cEgLJcXHKw-skGAqSmL8mBE~ea>V-#Clz86>_oeYfO`>t}d_!~@Xb|&Yfc7UI
z2{KvG464IFX%*SQ5fcfQQdPvy7!=hJ_Yc93&n(>6dQvPKRo>ij$Bngc^s~L)9|RPn
zLBFAap@D#aK!K<QSLlQk16P%BK|qEQKtM3Rp8oqN^#AA1*wNI`$yC)+#MI0ZVCiIO
z2cWn5We4~_i|hx`mZ{8wfC%A2fgu08!q>IXKlH1#t)V4A#njf`=Bw0yP6vnhXVkZ^
MGwACIbNP?@U)3+|WdHyG

literal 0
HcmV?d00001

diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index af0e18942ea..515946da2f7 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -63,11 +63,11 @@
     "email": "ccfconnectors.county118@passmail.com",
     "_email": "[variables('email')]",
     "_solutionName": "Tailscale (CCF)",
-    "_solutionVersion": "3.0.3",
+    "_solutionVersion": "3.0.4",
     "solutionId": "noodlemctwoodle.azure-sentinel-solution-tailscale-ccf",
     "_solutionId": "[variables('solutionId')]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-    "dataConnectorCCPVersion": "3.0.3",
+    "dataConnectorCCPVersion": "3.0.4",
     "_dataConnectorContentIdConnectorDefinition1": "TailscaleCCF",
     "dataConnectorTemplateNameConnectorDefinition1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition1')))]",
     "_dataConnectorContentIdConnections1": "TailscaleCCFConnections",
@@ -359,7 +359,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "title": "Tailscale Standard (CCF)",
-                  "publisher": "Custom",
+                  "publisher": "Community",
                   "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
                   "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Personal (Free) and Standard** tier tailnets. Polls nine endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events (includes ACL, DNS, tag/group, settings changes)\n- `/devices` - device inventory (hostname, OS, IPs, tags, lastSeen, expiry)\n- `/users` - user inventory (role, status, deviceCount, connection state)\n- `/keys?all=true` - auth keys, API tokens, and OAuth client metadata\n- `/webhooks` - webhook configuration\n- `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` - DNS state (merged into single `Tailscale_Dns_CL` table with `ConfigType` discriminator)\n- `/settings` - tailnet settings flags (device approval, key duration, etc.)\n\nSplit-DNS state (per-domain DNS overrides) is captured via the audit log rather than a separate snapshot table - every change is recorded with the full before/after document and actor attribution, which is richer than a periodic snapshot.\n\n**OAuth scopes required on the Tailscale client:** `logs:configuration:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`). For Premium and Enterprise tailnets that also need network flow logs and posture integrations, install **Tailscale Premium (CCF)** instead.",
                   "graphQueries": [
@@ -1551,7 +1551,7 @@
       "properties": {
         "connectorUiConfig": {
           "title": "Tailscale Standard (CCF)",
-          "publisher": "Custom",
+          "publisher": "Community",
           "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
           "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Personal (Free) and Standard** tier tailnets. Polls nine endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events (includes ACL, DNS, tag/group, settings changes)\n- `/devices` - device inventory (hostname, OS, IPs, tags, lastSeen, expiry)\n- `/users` - user inventory (role, status, deviceCount, connection state)\n- `/keys?all=true` - auth keys, API tokens, and OAuth client metadata\n- `/webhooks` - webhook configuration\n- `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` - DNS state (merged into single `Tailscale_Dns_CL` table with `ConfigType` discriminator)\n- `/settings` - tailnet settings flags (device approval, key duration, etc.)\n\nSplit-DNS state (per-domain DNS overrides) is captured via the audit log rather than a separate snapshot table - every change is recorded with the full before/after document and actor attribution, which is richer than a periodic snapshot.\n\n**OAuth scopes required on the Tailscale client:** `logs:configuration:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`). For Premium and Enterprise tailnets that also need network flow logs and posture integrations, install **Tailscale Premium (CCF)** instead.",
           "graphQueries": [
@@ -2266,7 +2266,7 @@
               "properties": {
                 "connectorUiConfig": {
                   "title": "Tailscale Premium (CCF)",
-                  "publisher": "Custom",
+                  "publisher": "Community",
                   "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
                   "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Premium and Enterprise** tier tailnets. Polls every endpoint the Standard connector polls, **plus** Premium-only network flow logs and posture-integration inventory. Eleven endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events\n- `/logging/network` - **Premium** network flow logs (per-node traffic with src/dst/protocol/bytes)\n- `/devices` - device inventory\n- `/users` - user inventory\n- `/keys?all=true` - auth keys + API tokens + OAuth clients\n- `/webhooks` - webhook configuration\n- `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` - DNS state (merged into single `Tailscale_Dns_CL` table with `ConfigType` discriminator)\n- `/settings` - tailnet settings flags\n- `/posture/integrations` - **Premium** MDM/EDR integration inventory (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.)\n\n**OAuth scopes required:** `logs:configuration:read`, `logs:network:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`).\n\n**If your tailnet is Personal (Free) or Standard tier, install `Tailscale Standard (CCF)` instead - this Premium connector's network and posture pollers will return 403 on lower tiers.**",
                   "graphQueries": [
@@ -3572,7 +3572,7 @@
       "properties": {
         "connectorUiConfig": {
           "title": "Tailscale Premium (CCF)",
-          "publisher": "Custom",
+          "publisher": "Community",
           "logo": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbDpzcGFjZT0icHJlc2VydmUiIGlkPSJMYXllcl8xIiB4PSIwIiB5PSIwIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCA1MTIgNTEyIj48c3R5bGU+LnN0MHtvcGFjaXR5Oi4yO2VuYWJsZS1iYWNrZ3JvdW5kOm5ld308L3N0eWxlPjxwYXRoIGQ9Ik02NS42IDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzEwMC45IDAgNjUuNiAwIDEuOCAyOC42IDEuOCA2My45czI4LjYgNjMuOCA2My44IDYzLjgiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNNjUuNiAzMTguMWMzNS4zIDAgNjMuOS0yOC42IDYzLjktNjMuOXMtMjguNi02My45LTYzLjktNjMuOVMxLjggMjE5IDEuOCAyNTQuMnMyOC42IDYzLjkgNjMuOCA2My45Ii8+PHBhdGggZD0iTTY1LjYgNTEyYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjggMjguNy02My44IDYzLjlTMzAuNCA1MTIgNjUuNiA1MTIiIGNsYXNzPSJzdDAiLz48cGF0aCBkPSJNMjU3LjIgMzE4LjFjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45bTAgMTkzLjljMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45Ii8+PHBhdGggZD0iTTI1Ny4yIDEyNy43YzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45UzI5Mi41IDAgMjU3LjIgMHMtNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjggNjMuOSA2My44bTE4OS4yIDBjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlTNDgxLjYgMCA0NDYuNCAwYy0zNS4zIDAtNjMuOSAyOC42LTYzLjkgNjMuOXMyOC42IDYzLjggNjMuOSA2My44IiBjbGFzcz0ic3QwIi8+PHBhdGggZD0iTTQ0Ni40IDMxOC4xYzM1LjMgMCA2My45LTI4LjYgNjMuOS02My45cy0yOC42LTYzLjktNjMuOS02My45LTYzLjkgMjguNi02My45IDYzLjkgMjguNiA2My45IDYzLjkgNjMuOSIvPjxwYXRoIGQ9Ik00NDYuNCA1MTJjMzUuMyAwIDYzLjktMjguNiA2My45LTYzLjlzLTI4LjYtNjMuOS02My45LTYzLjktNjMuOSAyOC42LTYzLjkgNjMuOSAyOC42IDYzLjkgNjMuOSA2My45IiBjbGFzcz0ic3QwIi8+PC9zdmc+",
           "descriptionMarkdown": "Comprehensive Tailscale telemetry for **Premium and Enterprise** tier tailnets. Polls every endpoint the Standard connector polls, **plus** Premium-only network flow logs and posture-integration inventory. Eleven endpoints in one Connect:\n\n- `/logging/configuration` - configuration audit events\n- `/logging/network` - **Premium** network flow logs (per-node traffic with src/dst/protocol/bytes)\n- `/devices` - device inventory\n- `/users` - user inventory\n- `/keys?all=true` - auth keys + API tokens + OAuth clients\n- `/webhooks` - webhook configuration\n- `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` - DNS state (merged into single `Tailscale_Dns_CL` table with `ConfigType` discriminator)\n- `/settings` - tailnet settings flags\n- `/posture/integrations` - **Premium** MDM/EDR integration inventory (Jamf, Kandji, Intune, Kolide, Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne, etc.)\n\n**OAuth scopes required:** `logs:configuration:read`, `logs:network:read`, `devices:core:read`, `users:read`, `auth_keys:read`, `webhooks:read`, `dns:read`, `feature_settings:read` (or the bundled `all:read`).\n\n**If your tailnet is Personal (Free) or Standard tier, install `Tailscale Standard (CCF)` instead - this Premium connector's network and posture pollers will return 403 on lower tiers.**",
           "graphQueries": [
@@ -4376,7 +4376,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -4404,10 +4404,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4420,22 +4420,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -4492,7 +4492,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -4520,10 +4520,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4535,22 +4535,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -4607,7 +4607,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -4635,10 +4635,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4649,22 +4649,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -4721,7 +4721,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -4749,10 +4749,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4764,31 +4764,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "NodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "NodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -4845,7 +4845,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -4873,10 +4873,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4888,22 +4888,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -4960,7 +4960,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDeviceKeyExpiringSoon_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleDeviceKeyExpiringSoon_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
@@ -4988,10 +4988,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5002,31 +5002,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5083,7 +5083,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDeviceAdvertisingSubnetRoutes_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleDeviceAdvertisingSubnetRoutes_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
@@ -5111,10 +5111,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5127,31 +5127,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5208,7 +5208,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleUserRoleElevated_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleUserRoleElevated_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
@@ -5236,10 +5236,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Users_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5252,22 +5252,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "LoginName",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "LoginName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5324,7 +5324,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleSplitDnsModified_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleSplitDnsModified_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
@@ -5352,10 +5352,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5368,22 +5368,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5440,7 +5440,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDnsNameserversModified_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleDnsNameserversModified_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
@@ -5468,10 +5468,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5484,22 +5484,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5556,7 +5556,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleMagicDnsDisabled_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleMagicDnsDisabled_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]",
@@ -5584,10 +5584,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5598,22 +5598,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5670,7 +5670,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleTailnetLockValidationFailed_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleTailnetLockValidationFailed_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject12').analyticRuleVersion12]",
@@ -5698,10 +5698,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5714,31 +5714,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5795,7 +5795,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDeviceSshNewlyEnabled_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleDeviceSshNewlyEnabled_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject13').analyticRuleVersion13]",
@@ -5823,10 +5823,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5839,31 +5839,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -5920,7 +5920,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleUnauthorizedDeviceConnected_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleUnauthorizedDeviceConnected_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject14').analyticRuleVersion14]",
@@ -5948,10 +5948,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5964,31 +5964,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -6045,7 +6045,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExternalDeviceAdded_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscaleExternalDeviceAdded_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject15').analyticRuleVersion15]",
@@ -6073,10 +6073,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -6087,31 +6087,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -6168,7 +6168,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumUnexpectedExitNodeEgress_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumUnexpectedExitNodeEgress_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject16').analyticRuleVersion16]",
@@ -6196,10 +6196,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6212,31 +6212,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -6293,7 +6293,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumLargeOutboundTransfer_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumLargeOutboundTransfer_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject17').analyticRuleVersion17]",
@@ -6321,10 +6321,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6337,31 +6337,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -6418,7 +6418,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject18').analyticRuleVersion18]",
@@ -6446,10 +6446,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6463,22 +6463,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -6535,7 +6535,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject19').analyticRuleVersion19]",
@@ -6563,10 +6563,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6580,31 +6580,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "5h"
                   }
                 }
@@ -6661,7 +6661,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject20').analyticRuleVersion20]",
@@ -6689,10 +6689,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6705,22 +6705,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -6777,7 +6777,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumPostureIntegrationDisabled_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumPostureIntegrationDisabled_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject21').analyticRuleVersion21]",
@@ -6805,10 +6805,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6821,22 +6821,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -6893,7 +6893,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumNewPostureIntegration_AnalyticalRules Analytics Rule with template version 3.0.3",
+        "description": "TailscalePremiumNewPostureIntegration_AnalyticalRules Analytics Rule with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject22').analyticRuleVersion22]",
@@ -6921,10 +6921,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6935,22 +6935,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
+                    "enabled": true,
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
-                    "enabled": true,
                     "lookbackDuration": "1d"
                   }
                 }
@@ -7007,7 +7007,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -7092,7 +7092,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
@@ -7177,7 +7177,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
@@ -7262,7 +7262,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
@@ -7347,7 +7347,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDormantDevices_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleDormantDevices_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
@@ -7432,7 +7432,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthKeysNoExpiry_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleAuthKeysNoExpiry_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
@@ -7517,7 +7517,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOrphanedUsers_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleOrphanedUsers_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
@@ -7602,7 +7602,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleSplitDnsPerDomainChanges_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleSplitDnsPerDomainChanges_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
@@ -7687,7 +7687,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDevicesWithSshEnabled_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleDevicesWithSshEnabled_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
@@ -7772,7 +7772,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExternalDeviceInventory_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleExternalDeviceInventory_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
@@ -7857,7 +7857,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOutdatedClients_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleOutdatedClients_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject11').huntingQueryVersion11]",
@@ -7942,7 +7942,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleSubnetRouteExposure_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscaleSubnetRouteExposure_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject12').huntingQueryVersion12]",
@@ -8027,7 +8027,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumNewNodePairs_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscalePremiumNewNodePairs_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject13').huntingQueryVersion13]",
@@ -8112,7 +8112,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumTopTalkers_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscalePremiumTopTalkers_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject14').huntingQueryVersion14]",
@@ -8197,7 +8197,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscalePremiumExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject15').huntingQueryVersion15]",
@@ -8282,7 +8282,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscalePremiumBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject16').huntingQueryVersion16]",
@@ -8367,7 +8367,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumPostureInventory_HuntingQueries Hunting Query with template version 3.0.3",
+        "description": "TailscalePremiumPostureInventory_HuntingQueries Hunting Query with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject17').huntingQueryVersion17]",
@@ -8452,7 +8452,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleStandardOperations Workbook with template version 3.0.3",
+        "description": "TailscaleStandardOperations Workbook with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -8564,7 +8564,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumOperations Workbook with template version 3.0.3",
+        "description": "TailscalePremiumOperations Workbook with template version 3.0.4",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion2')]",
@@ -8680,7 +8680,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.3",
+        "version": "3.0.4",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Tailscale (CCF)",

From ccb8266c1839086de8e9ec7ed8ef87a3dd5795d4 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Wed, 13 May 2026 16:16:34 +0100
Subject: [PATCH 15/27] feat(tailscale): rebuild Standard workbook with 9-tab
 forensic UX

Replace the existing 8-tab Tailscale Operations (Standard) workbook with a
substantially richer 9-tab version that mirrors the design of the UniFi
Syslog (CCF) workbook shipped on add-unifi-syslog-ccf-solution. The
Premium workbook is left unchanged - parked until we have a Tailscale
Premium licence to validate against.

What changed:

- New Standard workbook has a persistent hero KPI tile row above the tabs
  (Devices, Authorized, Updates Available, SSH-Enabled, Users, Admins,
  Active Keys, Audit Events) so the most important numbers are always in
  view regardless of which tab is open.

- Investigate tab added: picker-driven drilldown with an Actor dropdown
  (sourced from Tailscale_Audit_CL Actor.loginName, top 50 by event count)
  and a Device dropdown (sourced from Tailscale_Devices_CL latest snapshot,
  top 100 by LastSeen). The Device picker uses DeviceName not DeviceId
  because the audit log emits Target.id in stable-control-plane ID format
  while the API emits a different numeric DeviceId - the only reliable
  join key between the two streams is the dotted device hostname. Audit
  events touching a device are filtered on Target.type == "NODE" (not
  "DEVICE", which is what the previous draft tried - Tailscale's actual
  enum is NODE).

- Hunts tab embeds 8 of the 17 packaged hunting queries inline so the user
  can see results without navigating to the Hunts blade: first-seen actors
  (24h vs 30d baseline), off-hours config changes, key-expiry-disabled
  devices, never-expire auth keys, outdated clients, dormant devices,
  subnet route exposure, SSH-enabled devices. Each panel has a NO_DATA
  message explaining what zero results means.

- Identity tab adds a KPI tile row (total users, admin-tier, active,
  connected-now, idle/dormant, shared/external) plus a recency-of-last-
  login bucketed barchart (Today / This week / This month / Past quarter
  / 90+ days), orphaned-users table (active accounts with zero devices),
  and a role-change history pulled from audit Action == USER_ROLE_UPDATE.

- Devices tab adds a "needs attention" pre-filter panel that flags
  devices with one or more issues across: update-available, key-never-
  expires, stale (>30d LastSeen), unauthorized. Each device's issue list
  renders as a tag chip column. Full inventory remains.

- Credentials tab adds an active-key expiry distribution barchart
  bucketed Already expired / <24h / 1-7d / 8-30d / 31-90d / 90+d / Never,
  plus a computed ExpiryStatus tag column on the active credential
  register.

- Admin Audit tab adds a hour-of-day x action categorical bar showing
  when admin work happens, and an actor x action heatmap (formatter 4,
  blue palette) on top of the existing event log.

- Network & DNS tab consolidates the previous DNS + Webhooks + signals
  bits into one place: current DNS snapshot (MagicDNS, nameservers,
  search paths), tailnet policy gates (DevicesApproval, AutoUpdates,
  KeyDurationDays etc.), DNS change history, ACL/policy change history,
  and the currently-served subnet/exit-node routes.

- Pipeline Health tab is new: rows-per-hour-per-table timechart,
  per-table freshness with MinutesAgo bar coloured red, and a
  _LogOperation filter for Tailscale-touching operational events. Helps
  the user spot when a stream has stopped polling.

- Premium-only queries (Tailscale_PostureIntegrations_CL,
  Tailscale_Network_CL) are stripped entirely from the Standard workbook
  rather than left as NO_DATA placeholders. They belong on the parked
  Premium workbook only.

- Header banner updated: workbook title becomes "Tailscale Operations
  (Standard)" with a deep-link reference to the Premium companion
  workbook for Premium-tier customers.

- 50+ KQL queries gain noDataMessage strings explaining what zero rows
  mean in context (e.g. "Healthy state for an organisation working
  business hours") rather than leaving empty panels.

- Formatters added throughout: heatmap (formatter 4) on the actor x
  action grid, bar (formatter 8) for count columns, tag chip (formatter
  11) for OS / Role / Status / Action / Issues columns, datetime
  (formatter 6) for TimeGenerated / LastSeen / Created columns.

Files modified:

- Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json
  - Rebuilt from scratch (52 queries across 9 tab groups, 88KB)

- Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
  - Version 3.0.4 -> 3.0.5
  - BasePath updated to absolute path for local createSolutionV3 builds

- Solutions/Tailscale (CCF)/Package/3.0.5.zip
- Solutions/Tailscale (CCF)/Package/mainTemplate.json
- Solutions/Tailscale (CCF)/Package/createUiDefinition.json
  - Regenerated by createSolutionV3.ps1 / build-and-validate.ps1 wrapper

- Solutions/Tailscale (CCF)/Package/3.0.4.zip
  - Removed (stale, superseded by 3.0.5)

- Workbooks/WorkbooksMetadata.json
  - Surgical 1-line update to the TailscaleStandardOperationsWorkbook
    entry's description field. LF-preserving byte edit. Premium entry
    untouched.

Note on the Premium workbook:
- Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json
  is intentionally NOT touched by this commit. Premium tier requires
  network flow logs + posture-integration API access which is gated on
  a Tailscale Premium / Enterprise plan. The existing parked Premium
  workbook ships unchanged; we'll rebuild it to the same standard once
  Tailscale grant Premium access.

Technical / data shape findings (worth recording for future iteration):

- Tailscale_Dns_CL is a UNIFIED table fanned in from three DCR input
  streams (DnsNameservers, DnsPreferences, DnsSearchPaths). Queries
  pivot on ConfigType to read the right shape.

- Tailscale audit Target.type enum values present in real data:
  OAUTH_ACCESS_TOKEN (319), NODE (11), API_KEY (7), TAILNET (6). The
  previous draft assumed DEVICE - that value doesn't exist.

- Tailscale audit Target.id for NODE events is the stable control-plane
  ID (alphanumeric with CNTRL suffix, e.g. nGddQEhHzh11CNTRL). It does
  NOT match Tailscale_Devices_CL.DeviceId (which is the numeric API ID,
  e.g. 4195069007596891). The only reliable join key between the two
  streams is Target.name == DeviceName (the dotted hostname).

- Tailscale_PostureIntegrations_CL schema columns are:
  IntegrationId, Provider, CloudId, ClientId, TenantId_Provider,
  ConfigOverwrites, Status - NOT ConfiguredBy (which the previous draft
  incorrectly assumed). Only relevant to the Premium workbook.

Testing performed:

- All 52 queries validated against the live test workspace
  (stl-sec-siem-law, uksouth, 2 days of real Tailscale audit + devices
  + users + keys + DNS + settings data from tailb094d7.ts.net). Result:
  42 pass / 10 empty (all covered by NO_DATA messages) / 0 fail.

- Workbook deployed via REST to stl-sec-siem-law for visual rendering
  verification (Microsoft.Insights/workbooks resource, category
  sentinel). Visual review confirmed tile rows render, picker dropdowns
  populate, NO_DATA messages display in expected panels, formatters
  apply correctly.

- build-and-validate.ps1 wrapper run:
  - KQL validation: pass (47 files)
  - ARM-TTK: 48 / 48 pass
  - Field Types: pass
  - Classic App Insights: pass
  - Hyperlink Validation: 1 expected pre-merge failure
    (Logos/Tailscale.svg URL at master not resolving because branch
    not merged yet - same false-positive every new-solution PR hits;
    resolves itself post-merge)
  - .NET-based Detection Schema, .NET-based Non-ASCII, and TruffleHog
    skipped (.NET Core 3.1 / TruffleHog CLI not installed locally) -
    substituted with Python ASCII scan + manual rule checks.

- Privacy grep on the workbook JSON: clean (no real tenant IDs, real
  device hostnames, IP addresses, OAuth tokens, etc.)

Breaking changes: none.

The Standard workbook is a drop-in replacement in the existing
templateRelativePath slot (TailscaleStandardOperations.json). The
Premium workbook is unchanged. Solution-level dependencies, Solution
Hub install flow, and DCR / data connector resources are unaffected.
---
 .../Data/Solution_Tailscale.json              |    4 +-
 Solutions/Tailscale (CCF)/Package/3.0.4.zip   |  Bin 61348 -> 0 bytes
 Solutions/Tailscale (CCF)/Package/3.0.5.zip   |  Bin 0 -> 66176 bytes
 .../Package/createUiDefinition.json           |    2 +-
 .../Tailscale (CCF)/Package/mainTemplate.json |  570 +++----
 .../TailscaleStandardOperations.json          | 1406 +++++++++++++----
 Workbooks/WorkbooksMetadata.json              |    2 +-
 7 files changed, 1382 insertions(+), 602 deletions(-)
 delete mode 100644 Solutions/Tailscale (CCF)/Package/3.0.4.zip
 create mode 100644 Solutions/Tailscale (CCF)/Package/3.0.5.zip

diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
index df769cb868a..08066805d99 100644
--- a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -3,8 +3,8 @@
   "Author": "noodlemctwoodle - ccfconnectors.county118@passmail.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">",
   "Description": "The [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.\n\n**Data connectors in this solution (install the one matching your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on **Personal (Free), Starter and Premium** tailnets.\n- **Tailscale Premium (CCF)** - Everything in Standard plus network flow logs and posture integrations. Use on **Premium and Enterprise** tailnets for full coverage.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the scopes for your tier (see the README in this solution).\n3. Copy the client ID and client secret (secret shown once).\n4. Note your tailnet name (e.g. `tailb094d7.ts.net`) from the [Keys page](https://login.tailscale.com/admin/settings/keys).",
-  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Tailscale (CCF)",
-  "Version": "3.0.4",
+  "BasePath": "/Users/tobygoulden/Source/_Personal_GH/Azure-Sentinel-fork-tailscale/Solutions/Tailscale (CCF)",
+  "Version": "3.0.5",
   "TemplateSpec": false,
   "Is1PConnector": false,
   "Data Connectors": [
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.4.zip b/Solutions/Tailscale (CCF)/Package/3.0.4.zip
deleted file mode 100644
index 1f7a3ab375a843676c4d7c139c15fc330b8940df..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 61348
zcmY(pQ<xw@(l*-mv~AnAZQHhObK16T+qP}n_L=>5|BG{*S@9w&Dxa*3l$QbqK?VQ-
zfB;YpsnQND>D*An1^^gM1OPz$H)`Z)V&H6|Vj*l|YGG^PY++|hYw2WXd#&T;gvFNd
z%a>aq<wg;&>G)LF-IDCof;_(Srs|tTLgr%9*{~;_7|a4J4e;08luqSU<EC(%to;Iv
z9xn31C^boar&5^&!3+$T**Dtv_3IkTzuK?)92vUa1wu>dRMM-h^U_ZODt`zBTA3E1
zR|PCl8Erpfdt2%yG04E;PVvC{buG{S?c*FWrZ_>?GMT&5k<5=W;Z?QLZyj^4vP95?
z1JiSvDIL@1d5uJj+t~`h@0J9Us=2_6tM)-n%0M^(HhP;gxYq|5pf1^xB_;90&Y#A@
zFQpeU(FSKg{RkEOen4D3oi+Bs4r60!Y#}7|CzF~~U*_Y?Mh2D0bX>T@f~A5wLzzmf
zh@jvO^Q$+^tSn18?G|-_lex3hv*7xsJ+56wBqpLet7|(jeQN7zezW@Xbpp<=RX@^^
z(dBt}w^zk(d1l7x`p(`AT=#^WI<TJs(;jmR*`VrCd$uT}4`Or!U)&^n%;_VfMk`yb
zDMcu+{^zy#7hIR&n-gt+n(E1DvGS@@SGz**<k`vzjDhx!8fHcFs1@967nhrz*Z1MN
ze{lN_%2!Cy*e3&SE_kNY93F}x3}GM>y4Vb=s9D8}@Ia6_WV?BP*x?}M_J!>=U-&Rs
zxy!jArU{;m#s7iwKC+To%3SqSDVXh<Fhiov^D!L%JJj3ACQp=6_`+WqscA-#2YKvo
zP5V0lV^<OdY+qqB<G`$<a=J6VGFW#i7_<h8kNlbGhBnM-drrV0Hng)TY^q{kRN;gS
zTqx?|gg%%UUG4^mZ<+B8Kh@5GQMN(M%0Rs;lv3#*Zi1YAgnT#euOc`hdCVMT%HwA2
zWD;|sM?%d4z@T2$1^tnt^>q#e**O)yG*F4#_!a_DI{8GsT9oT5snRA2C!KUuh6(Mm
zpZ%E`EtcTy?2}g}GG$WflhW2kV4)0eAriSFaX~HsLm@7I=&Vh^DSPJSj{(@dqxW?H
zYEH7{A=0~z1!sM;QxeR|<gxtMA^aEcC&9xx`gP!CH&=gGt^CIEgRcRa>T{kRVJ5dO
z(ejM<R1cHG8^BxL8nP5UCCf`n(VW2uJyo;FeH7<QqvN?GQB7-^NCLK+2W&;32vKQz
z>shHFp&bS)9L<s&Um!Eb0{2p9=rvp(mJrOWQ%^#b1(D7%sB+iC?oLf*+YP@;Sj0Oq
zRtS_4DW`~ue(8>KK4V3lf?RswJ_+Wz#&GZF<-@{6v)J0avfM5eH$?W8<19PqAYLAW
zgy3H45-^<T;ooK@PL3wY_?({1I|J06^KmdqWC$K<Qpm4lU#x4MuFP$@EE(jE-WLOF
z=l)x-N3<+0@?ntPaB7f#-%JI|n!;-TAi%4uud3<caCpsM$0A`~H^vY(l^HKE@UPEU
z6dYotw^*p?C$yK_#XUP&1$0o*Y#qZQs@9{Yc1PESs~B)|ydUVA7)88&Jij(xAExXV
z4S4W%i%JD8cUDCd{mH!LWQqIY`BcV7#7~(^FmozkI!PGm`zlpl*UQxwU5{-iLca>?
zam7xlEi<Y3f^C|^PB)R55r+0!yecN3+qLJ{oQnwQchLi<&gG6<o$ue?R`KLZWoja&
z09oUKh>%?gs|1bEs>CmHra%$wz!~neJm7OofKyK(!o3MWnV^>;%|!wcDNT+Eh6`~i
zGMv}DSy8p)gDFr7!dO0WskCiQ5VMLE^4+FitP$&{T8Q8jT+u4YsO&s0o{#n%KPy&S
z-3Od$+NC#{7-<LP38U()d5=?q>PIJu#9hu(U^8kbMLYv$yKv)vnGoQj=C?%1eHC@i
zyN!OsnDW6Y9_I>`5l*^4Kc)kt1?R_Qq_!KEaW$)Q<{sbuy1zPJAe?RU9VBUKmJ7PA
zKVNTMLH*T=Z4|w<%akZJt0#TBeDUl0ogp8yCP{n|im*W^-)H)_`gU!v`faVf+kUMs
zE@I%Tx7$~bE!XO3A*$mM^T!c6<uB9i=mxTGbRzueQOKp7vt0}hBbh)2ps%r4-lop!
z@k43j++kTSnw4FkL8wqysr`MNL`9CS6jAywiDOhnQCfCT3NPFsUO5<^n>u}VuZdC}
zJ^=eYyxbqWmS!!dPvtrJkgJI4&*1QWT2Sr2egHh@b$bqy2GlP=t}VYWD~q4kEBl+(
z*MM_2UrPWjyS9IJZ11I0^uB#McW?bU`qG(4slo)JG^gtqJBE!eb=XO&1|N{ZK(f=K
zWjm1hp%2=8X35boa->EV-`1k5ygq$wqH02dJl~66!eIH@L?9h$n6eJRUxjKGqlU?t
zA72QYzVx30A#UAKMGr$^S%RwyyBif<vk$WS{4Ssr^VM6l-BR%sC~M7V7y>O_CHKsw
zHD6f3ERCSzY108I873mYBUCyYai_IRZ;KMr<tfS+_L4(JkO_p?ETXzj)-?O}&1?_o
zQ!fntsx!sy)E~UCCe)r<=miMD6DJ<O3pxgZlto)~xYK2A6qg=NlT-eDmt9_m)`v0Q
z(ZhDp-`r9W-}j$9N{j+@#mI27eIq%J_y0PLpE`}RMU4!UHdTl?6;+b!v|CorTeRgD
z#wCIIA+}EyP&A<6(Co15*}hrFKNfthMX1s&9=uwaTrQ0Jq$^jSIuD)(cRR`sr9WBc
zVpAziNgddwL5#cAtIFWw-j>^NyOqy$Z;WlZAJe}bA?T0mfhI?*9SE-sZT%Tezhn)q
zRvT!maoiA(hl8#zS~L|WV{W{+4ACY&IHiI!b5=cXVOb&(o{UxVlFCDCZu~iLTD4za
zrl8AxVYL1HeECH}KXcq^U|F#zE7!Ivyi&ymE2S5AiI}ipdfhRg=OmM3@Sq9Gefzig
zvdp|LjZ3}EC;CU{3{pgH$pmCoOQ~BTAgKNNzPcS8>rcB!D1<H#n3N;7LfS`YuG>yl
z<K_q9(DC9_v9w(<)O0+pkDC^U<Sde~$LrbC4`eu}X@D2UJ(2mw*_Jtn`XdFc!0HDV
zG0aaY<})S~BM)?tvd-<j;{orWonthA+Lz}bWUo}tF{N~$<1H|y$lgpo{q>Y>tub>R
z>~hf6r&Ro^CwB^*DZLIwFDZ`>oe_7HnGg~hsnzfpn~Q(BEfF^6lBT+JzAw$4O(gsl
zF^$!=JQU`wQhSFEoA<LI<Em0#4;R)8YH)y<br20Og}0D&Fe#;zR~TwT`hGN@R3%cm
zINpj;_Lva(tQUrEq@aY);|&8@5Tz7$Ky;1>X2hi)7=k#?WA-!@R)9DdqThq3ogb@*
z^MPtPiLjHvCvSCKCQ9)7Q!z@=wbU+sitH+IhJ%y)l0S!m;5Mwzu?ADs)PfTeBj+}`
z@=#p8n$y(i$jE^^2wx=G%z!+{&dJ++WzfJVcKpDx7nT6PFcIRSFHA}W9hhRo#otL$
zw50*An3hUw-;>jLG((zA61{`@2N`G-1cjnLI7S>A8e1?>67p2uBuyj;JbB(j7R15>
z8|W@{XO00>B;0HO(Yxz6fZzB|Q4fENf!xO_uDug>jQa;4r!Ix2L5f*cbLvbRm1LM-
z?N5GZCQv>Apeyvc=ehMLd(=BR2nkO8pMfO|c$u$8DE1%{#WBSJRUm=$mkAH_?7V{Y
ziUnh844(2jjD=h|;ymfd;>!Hf>TE2b<!+a}i}X6`iS!#nv(Wo=G~%^uWvmHT#q^wN
zRJ~VLU_B#`2oUs_qQsTMZ!#O5QN{wxQz(d_eRYGELKtCA8*&n9#Zc4%Wi`?OGv3q1
zv&bh4`VCMym}oFt-3jHRxD#?^6+sEJ90mNfISU){il~J%LCr3Pyl)2_ey;m0(NR8M
z@?rv5SmsW+^t8?8gUi^~m|AzqU}@PjndV||1xYlU`G6XC#yO9oyCCSNJt2#c^TFq7
zYR+WWI0-3J+mt>HlaZuZ1<dIgo~cuP7IbBHqBjT;@}j>lRTB)rL|aJ-!KHypUP=iK
zD7T^Vc~oNSDQuukpH?84&@c-?nuvp{L>mZ(650$qH+GR-R|Bx3?C}%2a-extlp(fb
zewgAS6rzl&wmW8d$-GRAnjYGDc~sD<5eu@-QhUvo%r#|cbrqr#w~8i=Cacny_>*0j
zhtJ*_@dEL(>o!Kf86g7w;KhNG8vBc_?|+Er7R%+?AQr(d{m(DY+QFyp6KE_-2S1ts
zd6djmq36LfffS%Lt=Yhdk^1e*pE+`X$djjFq=@KDVvrJYj^JRPFqTw+_h-fF(DO41
zC>bHkto>sKG0Ry4QlH($JK>kGp@B*q8F3uJ&>>ERJp;g=&UkE2i`C%F2I8a!7X-AD
zVwC+eA(Drtz1m=5a+2Gf2dVlCSUhNOZNYvvMhd$_0dQ_bgh-&`FeJbPB23fH0|WPy
zBG9!bXasiBN{vH>#UuXCa@nDWokA<5JP|Dy!y^gbvc`HvfaUZUQ}8C=ig@<t^FY1W
z|CHbzjPSShwxR}nfBm&WqsEk+)Is`qd1Zz5-9#mA$Bpm~0O8eZ4eBoh$O4lRl1wCN
zg*bOcpfrXaoeyJ5H}F!%!>Ffc)HME*grmSrgC8asC}VpA`D<oKsMOI2_&yzALj(Kc
zDWVXh%P_$@6s<?6q-mc_uq+WfT5ntPvYbngz{!OJ%JBUQQ5v|!<Aj2D)zF%^s4P#|
zJ@&`}p$NA)q0X7Zoa|Si(Wf!`eycYu%XRyG8ej{nZxsQU6&94sicEV6K=(I9n`Z--
zb#|h7f*nw@k^r?hQ_M5#;_0BCVFRW>2L4zZAgNT&$DQF_k%<mRByOTyT5CwULm9UG
zEvb{<Xwh&iCIdmRB1}~l;=7RJcuz~Q@g2>m7r5wMT^}j4i?gSMDOZS;gIRzr68k9)
z?I;YiT%D>&Qbr8$BJ+{*c2}dYeM>Tc?=v1kA^;r~y>jF#6ojk;I)$|+WoB&Sa!OLQ
z$pZu3xRWz2QVQf8(U&y|U*iQ~L27Jox=)s2)@Uw~c{E1%?D(?bzyfu4Y@A7VWmU8u
zTSx_K6Y}dwPO%2#4*~qlCC6ucpk<Hi$^x|=OrBMQSC^`=n$3}&3_rOsu~#MsxuCXV
zG!@w8b(p|Gzb4l!r&Z}6JN~77kSD=xIMY*3WN6+3&LZBwlu*{}X@x<k4q_lBdx2*-
z%e{OD8RNb{e2eS2$9$v8!no_E{G{>8DMRdej>?NzHYfU2exm~c3Co9r)nSU-PiQs+
z5uGV<lZS9e=cR}~Tqt0T`O4oJRT?c1z^^YtG{mX*A1YezwL)f5E0E)6w||Wv75R#m
zz+i7+DOP}p3>Z?8x4ftqD3<8T4o9ynV9tSyK>NhilD^pOLSi`z|K>dL;DjIJFItEc
zk<A_s<-J-h1W18Xum0>}qprdyM_?3&*^u2BvYtlHzl}zZ%jA)08f&97;3kGrh>)dB
zja7~rYzJ(A8;I6-V>-(f)!Ukn-;c$biklq#+vBh^+eDNXxdkI`&KRsZIE-R%kl;Ql
z>RK*j3c)ZOZ6YtYcBv)VAt4`BqG)Y2B?Q^QcD=4b?kE|Miq}(}SZ>Ielq1Bbb$mHA
z7$VzAw}mZ<M`kuLHdq100Y^+@=Ii^}!R370tHAxCl>+?yA%Cv_A)a$q#;AaMJ%<CV
z>gk$-bW~QnVN)?1B?JyNfsQRw4u2}3WJ5@VTZtGyy=ML(#o0MssL>v>6E_dr3|bOE
zpBEwN4CR-H1`bN3L`#~zo{K|V_o{on#v7YE(eq|1iy)^d;#j{T<*cD@ZX2g}8zA!V
zyM_BH_Spp!x3>wv9lRHaI@@SE*tO}iC8WfwK}ycLW<s?T*JPI}vG<L0*I*#Uvt2_N
zM@+(cRge(qt5~$RuayO;Ncw6XsQI#m9rGF#te7zH5zSFqYAPuqI~KM=vB7r@PEO)A
zQObu11I{x9BXWG;X>{Rz9k<*-7P>rHVwpNqlx9WA1oyfeI?<q_2{2BYUpCfEXfAUm
zczBOgDq|zYCgwax2lGVQw<kTptsx?697h=xcdCdfu#JZaVO~{19XSuO<G0wK3Bz1n
zSO+a`R`m!noNQm=wY#oLLTkf++zcz>ljSL5Ln!*Z1Ua81IksX*5Qb(|ui`~})fWns
zoTuT`)*LcRMJPC5R~gMpiHpms&5BxidyQmFU0U4d;zNvb2)Re8k4W~bXqhN3aQ2j9
zm~p)a0Il6<L9VD;S{g7%+V`r{t#)o{0&@CeTN)H3Ln-*iZtw9vpN$#2zSA3J$nD<?
zk=&gM>|UW=Y!Bc!-(E!hh=i>a9S9fA3mcBvS3lo)HHG035Y%zr5A6xBlktSMaO^F`
z(z*9xP4YL-1v#%-yNwDJyK4))7&%1<^3NndL>$)O3!2Kdtk2@8p3m%Pad9iO4?$}U
zP0;sPw4N%=X7*C3%24RIK-xALm4VDK(DuPW;?{7XA}ukT1I=l(N&Q{y@-VIZ6BTvL
zA1ZAd6RRle$7bT*ChX*%y9W5I<arriXbk*H1n_K@?HFMQj0bGNLU%v)rpy9ndeQ`H
z68>sTD<1*bs*Nimf{a69PK`SUnR~{`)(~>qWfyzx1_h3cKv+uu=X?4DxvVI;^;w3o
z%#iGSf9E8mp>|~Zmw1lBYPYf()eYE0C0p6?AM0%>J3Kr-4eOlcO1d9MVI2Wq4&IQ|
zCF=P&eReX?%3fQa(&(t>qkZ{cQueV$3zMabeeX{w*-q}L<?Ohj1<HvKR|Q%VO^hrI
ziRWbbxlw4ziOLjEiImc#tUd43I~Y@AcGhJA#bTJd8XNIHsG$g91i{*+@^o)OJbvqn
znDKtAri2;g{SJF`6RKJADT#`+9MSz@NQl3^gjcmBrKiL0Q#;;XN@Slj$4^;~uNya*
zKDk6iF^v6^OBR|KP$Fj&8WR!G&2B`J1Nm3ja+SKGcrSTKYXeNxj0||Z3<+JNUU0Cl
zFQK1LcJ4mDTczGxugIdNrimiXkP8yi{YJY`^J+;SK&g<OPr6#zY8;jNElXQ!IK)yB
z3o88WTd*kScfgX^3q>_7iow|-OP<kHF>7PzRtF)SR@F_d#R!ew&uhKK$oWKm%8tJP
z8}A>?c9bgXHrpu(kl4eC%*cw%a?mWVa0skgC~wybUX(n{pzpOo;&}~O+G;nQr0htS
z>Jq}?TNk3T_C)an*8|+9S*;CzXG+i;8w7p>!HWSGcGTWQHbC~3UWQz|L>YgKzxH}a
zYuZ|Ss^s*fCSLrN?aglCsHlgosrOlj2Mt3RCqY(9E$-DC&O2yP1<UREb5|Yg&0^0J
z`ylHBEJKkkG*M7Q-1@}50EI9uW^{2b%K*80V;)n50z4{1f@%kk2Dc+3{)~GlxZkyE
zvnM7l{eZ+6@v-D!eu|!h4QeA;O{szW0wipj`Zp&PvdM_OWhrnXtJmUwwdUR-bL7Rt
z*x-gIA6tX6E65-EiS4E;40g!p;yuu0*TnycgndNRA<34LXi?HRPQUfvd#f_-dQki0
z-3rp@7zqk04F2^%P<oqZ7LOv3*5mB7`PSWA^RVx~y*qd2j$Dn~^UAh=brP$u03L$b
zbbn^DoU<t!A0yLFn1uN|kfbC~;VoWCMw>S^Q-Vc;m+Q%m8`DIut%U|_6ZCWsnI;ob
z7)Vyby+bpPyr7tm^l5g=OP7p6$c%XatLnWnsvFGGSij;+ffGpT2IqCM{!3Jr-r%yM
z{&tUYwW0zr_@;q0^B3oY+?_JbGO;?61zn(Z8q12J+78N9%cP^foGm$pGrA^6&Xxl7
z66Hg#L75`6b4}N=va7T4jg<T{`dC{I(Y+vuXaOxd6qnyx42~0WiOw<B-7#q7%Y3(r
zxQ#wS!G!bA@c7CjRM;9A1NGF#jIwb*<R+y{i$RUXsCo$;2Bp+CH}I)Fe6S-Kd2Nb&
z9R<@-`CA+vnX8u`-D!5bZ0W#sNY&x1`ibYwwJ&QQljrBE5kI$fDPTWhnU+-ZLPPzG
zpshq=<aGo^eVvgA^FY|}f+8a^G@n_T6zx<2Ur!S!jHl#d5Vbn8VQBhor8Ld6d7Ap=
z8YKvpL%i{nzTH;8nvCtw0vKBE>WCZm(5i+*K1izgLh~4PG|o_Uy&)ai{^}WdqPq!T
z)Sr5Zl|{&XqhtY>#4DDe;}=%{dR|SuCHf4ypw5zW>n@+*_Ltpplt`DF5fH`n(`5v3
zfyO{Vf^@ns^Ls3r03L1SUQ}MV>)u66C_0kzp=j!_1mMeTNrDfcQ1tV&*pf&PPU<eF
ze)J|1A1OH*!MQ<BqQbivlhTe!y?Y}wJuIZ_S{=soiTDmZKNS{V2d`)Drd|hL+Mq1o
zuMT1;Y#pfdMOY_D^QqF)n~R#|sY(OD!(MZnbD^f>2-R<NpGcqKppCTg+}U2M=8LS4
zrQ{GaA=(9KxJN-HN8FMtj=Z~(VzS;}aeJbWEYsvaAb*{R>&J*-0opSng@X5qR;jJe
zi?_Nz-k4>ZNI^>l1qhO<D+~eu=wWG9ljQ8k%<}qrK15al+4yj7e;6<J+dQb09!p3;
zG<TfGuOs)j&S}Vzrom)j+g?N{_*Jf_f;ac(9o0S|xqlH%Q`s_#G}%lraBV+RKfNIS
zn7PGrJl@&6#rACAE-@KC&}W-wT4$Rq95Aycubo8FglLM?=KyqV4#giSSo|eEm{rg^
z)RKO|aW2j+J#5i|_dZ%7c!f-)A^mZ33#pByx~<}>Ppzo#DRrdMqmtY;4bY|LAZX0w
zX|9HAs0z@sV?oHfxj=>7x5yLQ0;r@tI9|F7>ReO}d4EJZRkPL7z3ik8^a~l04eOcD
zm&n|3b&-Yk5e~D}r%6a&oSj_?(LKH7ZqJe5-!yZSK)*knLYzRg%htH5Nz|Chw8Mz6
z=FWJu@S%vVBzKxs8>tH7vZYYjOO{7lbp+>tZYs1!Cl#u~Iq^<EO9{tb4B&H#l#!q_
zuEkt!^<W!LJN*2rAEStzY^Q5}Y{)xFFNy!7ebGfJSeu;`Br0VU-HV_9U1=QQb!i+i
z+MJ@GAqfs=fqf|s)KhHi-&jEol3!@?%5RW7e8Bkt!W{i8ff3b>PdSOHERH*QdY$7k
z_lTjp1V`3nm$%bQm>u?Wi?r)p8uB4p8?^|TP3Wx`$>}NC(d?37$tg%{T>joo`1+0S
zPbCMDB()*_)yOohnOX8xcSPm(7lhW9ZeBclzQ-}(1C#yyg$Y^^p_#4z^1;`#<O;YU
zoAOs692x;hp<^v|^>WaQrvWl+;Z?I6Y9-l(7x+V|8zlJNMv(Ix<Yyhjr23C$O!x8E
zeJo#1fPgKVTfkSh!9J=E61S#m$eJ<3Cv0%G;1DPsPB!(m*{4o(RXH#*hOLjNy3qns
zDg^kfY|b?=uLr2BEe<LHSHVokV{Xo!X(w}0K>I{s(-8=rWCz;`?VPYx`igSu<=i<4
zBhlzhOBz)YCZEl`$MIj+=AZcA&zV6pDYcp^Z7jww91X2V<nnQg@8?-I?T95R;q}M%
zs_ytY#^&y8$c{y#k2ZF`rfs=4xo?00A0PK89vk)8F198Lo>IATAK$i|u_`|QH!T>F
zul2Kvt7oKxOkY3$URA=@d&mz5cs)Hiw||GXui$fuu+Y8~-*SknbGN;f8m5(vb#G#|
zK4LtSyA4M=w_i2zEPlTyuXaCh^8dd!<Z&Q%x$*)4fFL#m0K&gEq>X`vt+I)Yz4gCl
z<o`7wuY9bOHpLt7UcXV4x=JG_H}<FiW$RDj@go}7;`Xe?U0W0CnNfioj+Q}<W*)y@
zTRmwP#8a*q_Qv)dS}fy>+nryZoM)e&oPT%eAgaGp?X(jCb-DPhRt4yv;9OnbGOqz$
z>qNkYAY1N*&f;wbal-9>WUCdo>C`ZfC0#~|g*I`7+G#OhY_Q|5v36a4b~Pb4*tE&;
zW$(c6y)QWDWL!Fde(z_25%rP4=YD^`1K|a&*kNjP;Gj5btTv4GL5N=bC&uVMLND2e
zAhc(9S-0jON0u*keqrlx;pm$Ig;!`V-2v#|=N5{s!T?=xkRc!xcAw?Zls4JwWadWh
z?=z>H_256)fGxv$xbXq+ztE{SS?HM&x&_Q>(BUANZ^3b0sOK5*MY5R=)cc<|04qf8
zWEMvAalQhs<CZ@biF&X+!8|V8_w9|Gv|R677ZfwN3rKeF&gA_YR~&$mKZdCDb<y#|
z;1kox?GfZb4eaD$1GSLh`S^Edh0%^Dt=O8T9Y_C6)JnYLyhsnSM7;Z8<<EjBjKV>%
z=BprUBR%;XdA9z*V--;ce8q^aF13j+iILu);V>xdI)PWcts_KI0;ufo_O9!R>IJWm
zZZ76qWdu4coXZWmz+hWf`4OWUfuT9<i1Zx6aS-!TrpC+pBlv3oFhG(&M99FnYtjw>
zZK$X1t+liL;Q_WlS@q6xY?lIGoo%2y+5<FuWm**!gKZfFWbtP1AjK81v2?GweF1is
z$nxhL3I%+YfQM~#5WlkqhZ{2*u?c(x9Pwz^Z3&<@4=#KcFZ!x0W#!@HWqk?y<7d98
zFJxn7<dm5~($q8PZpizz<O<J%7lnDJJ?mmuX@Wmz6c<%|^d9H_ci5-N0YiUuD5sr6
z>f&62e!LK$hj?rep@N4=5Dgb&&i?N3E~04~=Y{-cU08t?Bng9=Id<R^b@_wI($Ofp
zTRV2m?m9Ec#qgn~xLLm=tDyaIGx<7{8o#%73PxvI4aP)|-a-SF7QCUg!QhGP<G`kT
zZ&VK%n^53GVGKY)E;2Z!y`DFY$%G5j#JUwbS93L>7b!x_uRB<o0+*#)dYuLR)`$aU
zbQH~l_&tSsOpTX@$<s;jV<{g%l11SC@Q^KCXZ#r%Mn#uMvHTccL6a_1)T0}j^C>s(
zuDm{f&J8whl?^39x)xl?5=i7YleR^H3wk)=IiW8Gtu-Wv&t)oKDqj#N<rzms^pk7+
z*#F}Xz?Q^Wm-9Jf^F##<&udJ^(4!k+doNDCJ?r1|P^Nbczd5T20c6I9_$$rN{434O
zM4d-^AL3P7T#c0|)YTPTuvNo)*KhQVqb@h0zj+lEe$S2YbIazP7*@}AmK^mQC`evz
zZndjruhR|lwb#k7Zk26at3%%pzK_egjfO9o$s3hz1kE@U7|Ni?M1B%~=L-AT2?ye3
zx&SUDP5^0|Y8HK}K$PIeQfR}5{Nv{mGq{xewdtmhbgzor)sP~F9NDdeX}MQnqML^P
z+|fu#!@Ic1TdD$-JTGv*tgHhc<mouh31hV{Yb=}lfz;ipKFJ^8)G(PIzLBU_Cw6IN
z_II+_>>QJfS85vVmL*rZ?^3H}_%v>rV|F*xuWpeQ?Ot6QB#d@8mp<0WzHW4BQH8rb
z$IYE?Yu<NNhAeD#Y325Jy4dWPkhpmzn@+DWP0A!*B}3k*Oe}w&*m}6(t-k1WZ`d4o
z(!{!5&f>eVbgZ6idn!1pK|}iNRMQ1)EelxK?$}K2ZHKbnHY9wDR_krnUZq6yG-%Z<
zPfMmVzx;JHX;medj$F4^rSj<7bmzRiaIT&1j1F{HgZqbJgFM@*Nj^Q@IgQb^xpbnV
z+R&@!BVy^Jy>opi*>1O#act`2)@vR2<6GPQdZB{y`sm*J4%1aR-_3f<8g-yUL;U2?
z+78lH8T8LgCs&Z0TeC-M@|B9ibXjJ!W3#GVQf6oE%fu(j78Mrh`Cz4KvEuaM_V)kM
z(WwQ0dqI#t+u1q%Sc59*^mtQ=(e){r>82r3xKf$<XMq}+|9D%?>+@KW1=9G&^L2UA
zL#@=yX2(b6e}T1;r#duACnww87+syE)16gC8f=(F>$^0oSkv1NmEGTx?V3_R8ncJn
z-T#kM?SG+O|Bv$rW@mf#Kh{_2Gfrqdl54RaUM)Xo>rCg)bTi#vqcoY!|D*9!>fgwJ
z(p{};iX*H1BuA#M0Bhn$r^l!4l-ku5LRN#t{ISZHTZY_hKQ~|)0~|SlScUCupOG76
zhFd%B&@&SG@_Of6Yp6UKeR5Ozu;W{-S+k5}zv2i=Z?|8L8n*s@>13}UX6>my)!#2=
zKT;C1_=U}V85fN*ccibHboENrwoys4!V#*0Du1I&8SM@08|uWG{qxMxRu;s{Lw&Nh
zN5XEgIAGxmo8z)H0%h(<Pc@Oxd=Zgun$Q67s8YNzrYFKZXpt%V`+=>!<dBJr>STY1
znAK{r&&&rt%V}=}%FL05ax9-Quh?BN#R1T)XmOM=>kch<sQ+IUA-4aqxcrah>i@A2
z{|hOZ;;^N*IKrI&7ttha{!}~LFM`v3ZomKzPS?Mli7NZ(bXPUVrplifq@hq~xgy@Z
zORnZntyY8er*Vt8^ZS9SYju;2(lmL=F*e5IABM>PF#7(70h#q*3?labV!)EvrdV}%
zDA=aSDDGVM4jiLTaLyd>nX!i~p6lfXMRA5M4jRJ3>IOQo(`22T?rDHKRQZ#FHx^(|
z?ATf+BpZ=qb!-1iVk7&1?G3X3&tCNZ>|u}oza;7wlWK5;Hdq`v-Z5p3o&VR{`2TdJ
z|3}wudzuUBzvp*4^hG$5PIUhd-)(x!3T@V&v~;oer#q@(=IE&|?eJh2F>CyPIZym=
z&ZnEwiDh*!+Q~4xLO|6Q75}di%pCt$38ba}R|$^?o7il->hsc>5{NTfNPl()fT}FY
z|L^rPar{qt;y>kJ;Cf;30|OuMh;~^Hm+If#*DLj!v>un}w`!k%8f}v*yVZ)e&Q|R`
zcFQu3p~_z~zSTx@+H27Xmt3LRAHBY3i|!Wt_@f${F_Nk+lv1EWyD=>?{xoVcy?h*#
zmcLG{RmD3t@6x-D=d{b&%f&V{2a;C?1)!Q-GLdVomQYh!bXB~%NhBs+p73rVS)d=|
zmcLH2Y%%LSze3);!thM2Ko?ZOf@vn%OyyY%Wj0h5wQu6resq322JPv-qu35KKZ4P&
zdUYDZ0V}U96<QbKPh9BdiL9T%Ot3anOiCt%u3z0AsJ+vQCWqphWP&QFf&<e`+|1-%
z)v%gqjQb{D9jJA8e}xzpmy4}$|4*CVblw$}%|t_jd+TpStJ&2lojzr!XOfS~(gr{9
zf5QLG=dhZz-+!UFaZL5r$yc8%xYm+e<OTdQ_G%{Ys`pPQv7X~AQJi7!#~6aF(##E7
zGwWO*zg?+(db3K|*)7Vy<p4dV$nWX~=iS^Qas%(sKew58j$a_QgNe=1>1ycTygJ=A
z=a4!8d!C|&dE_SEA$AT43bXuN;Z4=FddsadtBZyLY+Agll>s#XwtP9Wu7zT2*>@T&
zl;=`*Gr{D`<#Y)xm1M>=FLmwYwC^nW?X#=IdKI(Rap-+TECY3imvCZ-$o07M{~^j~
zw9Hztx`?Eu>U8a1s!VjQ(NBJkRQjeXyG1)LZVh(l7`%k%TNP1Q>Xifq;<}jGOf`HH
zG?q_B9(+{dvi`MvSD7U?vA)@N?0uP_zD@YfF~9^7)%_2{^nV$qHCk$QSzSEJ{%+*V
z|NE=*n8p8gjJ<lDXzLN1sQp;OAG#VGv-*#P^#58An0z6cETM%viECDu-biC%L*yHY
zkaFwJ6eI}hV61V;S?8jJ7on921xX<oIwar9H7UAM23{Pr5?z}-u%|4<MwJfC7ez_d
zgJvj+^;{h2H3g~xYn~>p!{p_vj2QozMR0an@_L$&#&+H5qlUWEWwcN7P9s*lu(DxI
zH5CO~F<97eVziJ6ldzH+D{9t|o(RYZ__QXirlCn(F=evI5O3&ZPKfQBZ^er)lul%d
zI26`EX?3mu2+&H}!<VdRaP|K&hLAh5HkXTD!MiW41xZCMii|l(etafSA$(e;Z04L*
zR>t)_ib+t=RxFBhzd%-uU{C}2eV+d6aL5TTet{=3nAylp2N2_MLDU5&#XuZ=n$0#x
zUc2NQ_u<DrBb6<wi>DbZftyYeh9Y5}t`vOWX0@#!-WWgZVy~asMbH$Q#X+RYll*{r
z;ngfDE}quLfHV961TE)lx_4)E2-O}ZW;8F8|B}T48;#g#*0l96CrT#?7(HNeE;djp
znaSnsDo-#cbX(~~+C@y4O~@rR3H~ZwIN%_=E=<%XMwm%qZ+0}{lR6M)$-#d^>>J5@
zPt4|4R2F`=1Kq?8^WB3z1CFz5P@aKNevcgdh`{ZX&DBgF_9tbob1_TV@LOvv_mfed
zX)|)8hrq%7+c>#VbIi!a33~^KqaStk=C)G%3jEpYwMNz%y)fJ<dwu!lQuzAL%Zy8j
z-217{AiLGs*rCBTI_>GT)x`uhqVsuTzQnuZM-L8W)7=T{Nj3<6c%7M9yA8#%)7=`q
zfoJ4&7tyk_(TbLOyQx=Wy;=8qqxIx+c+kLNIln4%-}>@=@eTabg{Q0Cax-fyYjL@~
zy1z>G*rwL{qQxer`uSG2ann*I`|7;aVR41=96P<UDc76BkuCYDV-Nm)P#HVzw1J+x
z`UBDH?R)FjU9~`$%eAxm@yYe*^!VaE*EH>Ea$B`i9yj~?GCci#Hn}X;`usBJd)cCR
zsm*Fxow(>=wpHfmVXii7yD?{1&11_v+fhBTK8;rCv<N#(M|HJb8n&qL**0&TjjfTL
zDQ6Id8?8xJy8nJZ|Mr#E3_4p?b)UC%dW%_|NC#)ehHBG&{iavL3HQ%0-c%xy=gZt0
z(@szM-r*{LYmE74{&w@g%jt{IX~TWrr*U0)PhRz=e|M)P_%#;Ql|1aJhT8j!*yqpH
zNW%tOsSKo5=_i3TmrXMc%8Y5$&9~?M&2#hnN<&YMvU%%g@r3<(PK?W$@n4R=knBTj
zKd^iC12b&}bHg_+crgPp*lx1G?l}^*FVm$T>oSv;d|9kBwmVx*c)TIk41fRJ<}Qj3
zOn!L6+ne=~?jIXb?)>Z2vXkx9cXZ#xFW>A4ZiYPZahO(Hnr)%aj_y{QX0lfFSs}>m
zHnZ&4E4yQM-&h=eA%6H(3&q-=4t0RLZ;Xm1&y1t(1<j{Ah&=f6!l+$qqia4r%iLaP
zg2!2ieh-=_h~iP=Y?L+0ZoHn3Mt`2}Uu#KaM>$q0XC)r4c1VqrMEEst`{=>bnao8`
ze(N>5{7rzaiSE`~#9;vSzJd+KZ4YgJ!BKFG1sfs-Msznyp|`cV40PwE2AUheij9*A
z#$i$n($XT&8xo2WnI;J6ji%M!e2Evr2@IDm2`UTH4#Te(XMdY~pQI?f<!Z6gSgP0W
z-!4@hQ^VRNsIK?`+Mg=|By@}8MzN6}trJRoJ3D);3YO(eB|+A=3M0{>7B~^8Gy528
z8;KG5lG#a=xG59xHqYcEyx{k$VH3q#t-<TVtO=f>lPYuBZ$$k@45W@s4Q3}1z6o2x
ziW(8jb+4jum&bb0&P<BK+rxj7DkwA(k5>cwD;z`ok{w=RJHGadXT2E~fQD#}m@rM~
zt|cgjMuXheI&?4f_vBRUZn}=b0f@Nq=iXGb$n6g)wz&W|nFV>--W!*HnOqkae?IZf
zAD#s=TnB%_hithzGi^8r`)N&{b8W}I`4NA2R0aeWAhh?Tdh5U*v8~7Jq5EE(TpuyO
zs_D6Ku+=jzJrkEvp$D9F<TM9<9PGB7yg+Q`GjV%G?l>PTE#3|I!O*a}n;}=o@L=fx
zUC8*pwH=V2j^LtH6VNS!`-u|hPmIuDFEQ@ejG^6N;bbseuzWFTXEBD!=rNCJSDK^!
zJxumbOfHDgay1`txNj>qc!-n$y6$>?HuD9d&`W^<tx&F}bvPTWXYt+VG1wdMA)ykh
z;JQzP!$<>)NPBqqrcu|FV)n#pu|J^U1ovfDibOz$SoAv^2U+`AH*x&Gzro1zfx!){
z7egmiPIb*8J)1Shc*N{SeMD=)^Jq%PefB(v-Nw{--$10_VA7b~@i6GE2Sc+yfdON?
zM{y5u=0Zh<S0OPLNJu`TEz^89wuNjpVZp_T2<J<X;cQRjN53cyU}cE-)}ORe41ci^
z`&faVZQMYJ&Ke_yR>NijbRtNoOGr}W&^K8(HX_G~I*q74t7+1m+_|*MG;wit2kRlH
z*9a&4G&-SFv5u%rP?h3_#3KDCucGZx!bRR*$Z~9|PFfEezclNj^h>!oP?#=BS_Yg7
zod!xPj2Ac*4w}D5@r#vp05o&?H~0`K%09`H3L>HT!zKQtjXdr@aAEL4p=j6vrg@_t
znDGi5SC8TsuIK;=ZYQB;!PQGCTrz~0yPy$Zai$uYJea@lam%u@E6Go|V_`TWMGq!G
zuQ0^Izb{C#$KHj4lBb#TAqMe_enQmpeb%t~AEp1Qy|aCwJq-2(cs&K=(c;7n0`~0s
zhqVp?BH=Qy?F+6OkLnwFr7+|S$%sYLL3FlVf*!DG<<UWKt=|JVWK!&*1!tVO1*BO>
ze1RI2K6UfMGz<R*(kp-H78yH4##7EXcQvVm$ASxGa(kZUp*sOk^dY{)YjTDAJ-h<?
zar_GQT!NOdi9#~spTYMGSnyS-QqD5fP%y^`%>r|iMl)TJ^Mto<3$5`sDrPznU|NBO
zS~9<_HTKB-^?|gp0U~iPPJvVj&4GsXI>4zilY|I%fXx0Rah`fvIhd*ro*|r^r%;ax
z*AvvSeuvJ-S%d(fNy|Mch*%<Vk_V}<_Z&iD2M8MjP+A3}dO_gV0BM-d2}xJmf|n*A
z;ABI)5L}%Kc)vBCLcr5Osv~=oHQ&TCbZ3jd9M2aG3mY2(ggo=N=FguFkr%W@crzxK
z8cd_-n-PH#vA>)M7{}PhgM^sLR(zs_*^(2&4~4VCC>$C_rIbL1#z+6R4GyChW#XKo
z5X$24AZ7Kgc#7OjktbsvO_9gaTGB_omNNC}2DrRbdX8@5-ksO?zMA)UN1m;9E%NH)
zx+3!y&4Iz~8C)9Su^dG3c;VnCmzh}tFU#Q3wOZ<h&-numVSV0f&bYD>=MH=kv^4XA
zD$X9H4UrqB{c)@m_enCgv0;na{*?~$9qa|<GVar-2D-NO4iiLE-KP+xgoO+cxk7ju
zDXU}ZvqDP~y@ZCjgr*|uAA`RAm7=k^wnSlum?=zif;x3@^!4gz^@yXM+8vh-p#x_8
z7M`qslubx#WPLu1W=UZ{0g6gKKXi`>8|Qr8pcBQp8DO2+?rh-1pMADwI%-m?`p`8<
zW^M(|Zf_-(C4rsCL_hjVO04H>KG@khZ}){x_cM+xQY4}-5}U*iItT|w&Mjtlv;zfF
z%Fg=nr+a@C_MXahk3U-LxCjuGwt*Yw-)9=A_J9rwKIQ@gB!;lWFu(SvP)Qaf6Op4H
z9Yn}F{>mxvN&PhTv8i4*TtDrI=hb)ODdWyFQ!(K>&2vb$g9B2!^aZecZ4H05h9($u
ziBeBTN5=;Ir$y8yLIJ?gN>rmA0XdFgow-<ar)gS8j~ej(9p;D&a)~oN@vU`p^PTz)
zB+w~hj!}=fnJ!{~diLgr1|yZjXTnL|FWkrP$n(UT2%n$Y7&$mJzh=>eW|Fja5Z^xg
z6brdtlqb=M=p$1E|Bgg_nL9$4Cqa=z@5lFmF_lz~AtrWLdLY%7=ADZrH0nVRwRsh(
z^6Tk4vVAMj<vX!5>On50hw;%13a%cl^9s$Ej$n57gCdBDgB7~Hf_}e0+wC5o(*2dV
z)^8pHFN^!tmctoIy+Vz<VME1COO;1G>u4njInFJU@rWOcv~Iw)n_HTgIp#8h6$8CL
zoW~fLA1rMHsjjg#{p6b3{>z@-xmzEVn<;Cz-$lMq9i-0SiD=iyFEbr$^grkAfr257
zb!_7fjiocyo_fOt{Vr=pUg<<_Wdpx@J;e4{8EafiuR;fx^MSiYgfa1CqWYpd8+Q-b
zk9!u2n8MO7mV*h!#ro12;U{(QG~y(pmaj)|g*mhvG-?%`oa7{#Hkpgif<3f%A5zAK
z=bmf#`|6XqdaWb`yeK^#iBs`vv~mNV0b+N1!RV~)(z5ke;ac3sFk#`^LRtG8`}!B8
zo{`@&4ZvKaz+TtP(8<_V7UQ#8vM03FE`T1;F_TJeUI^4*Esuow2E1jON9bJc{L!HO
z08WMSoFHqBB{#r+AOza6noAVu5M)LOKSl)hHjf<m?giPdg5nf8GEpc>OVqBkb-f{i
z_;jYo(4cQUXwU(dXq$X&{No~u^+ElziLr0_`$>tgplLam8z5ZJ3L4gGqIlsN^!Q7B
z-EiTj`kngxFtL4r?(<Ys9!{0!>}h5bPfA;OfFm>*Os7frkk1Ai$kR1En=H29DMoF;
z7wQwdjc4!H8Mya8(|}rA3*a?)s4zed=!M?SLM%x#40ZaCu&xb13I2o2`}GHEO7#4|
z*4j#8U$P^hwdgvH?)cId;5k~<Fg<=g6Q^?X7imls44t%T&)ltN&jIW`d`{7u0~{g&
z$4ie-S9nZ$9yimb&eKOGb}Y;Msv$rFS=o``LiVPWdj<wP$WZ;tsV{g$6Q!L>ziH<P
zVhMAA!JO?gaFx~Djr|7pVoqMvsDUAuANi**<ubHo_v4MJ@~PuiA#~cw6u2!RnKV(V
z_)>(7DML_)@m#Mh?w088W4Bs;^Y-;vt6GeqR`kP+6umsIkdQ_)zvUm#?I9(eMjrj8
z2le3m^@9X^?zki`%svy?5K*V{q@p^v)*P&4QcbYdout=`2L|_px<${qA|<@7=o}8-
z$0hp*Arb9a#`1+k)M)_cT=k%Kuv34b+b01RZjHSOZG*G-DC)~ld;3iUZc<E#(3$OH
zf5uw25!CH>JD1`|yAEF5`a>ZR9B-qqV`ki`X9vbl5TZDC1|{Yh`-l$UTBPl1U`Oi7
zjvx7307M)R#DI0WvarLcZlxrlk8ytvEcU5VfBecGmYkhlfx|aArwdnItBJrj5B)J?
z+vc!61V+)U8yFvpBBh_DV<jeWJ`X3)<s2ku3t(aC!~40LoDMPl8=sha(ho?odHU9y
z#NqU8-7=CUE=l8X&wGCdYpm}S1b+puUXs!yDICXyQ2Qs_#w?yFe;e&HQb>+w%jOWG
z%Du=9FDq&ZfSA1C;26}WZqaZEZve3U*v)#{&fpzNx88)p{>~9Nj)_xP0gKky6tJ&|
zQBsQsXSyT%r?U55!F6KH?o&kENX=<MZp`jKv9Q5}8rYAwL5}gFEgDA-ni;QY7-;x0
zrnqd)kC=XGjD!n@g=d_v)}04Z-jRJg$+k5Y2odvWAI4HoToJ(0;5wlOt2z1<yPO>P
z!xCh%atq@jI+Wp)Djm3ONi9Spa!PkcoJt=ZLOhcGAfT9w^n~#TzKOvgv7rMnA5eS{
z9~$QmlCO0zE}C$Y;O<3`zy0R8nhS-&qfkE6QvPtx?!w>{XzMk#eV8201i&g>ZRYE<
z@0<1y7|3+}jiAJt_Ai-lB#fbc1G3eJ;!uvI#+N*3U2tB|h<uLoOg2PYPNq0WADS!^
z<Z@&Y3?qNxQamDj1vGpN=A%$A@4<uV9g3<7oMIr-Na~$HsdwZ}L5$xx%2G0FxtCx@
z=%is`lbnDdr<l@B@Xp4#wh0uFdY4vLM6XKfmnu%vaYt`gOhDW7a`Y#Wy+9Xqr{K^g
z;gFuo;RK7=UCc5xwaPkI^qc22^W3`1)jGUG_qOms>YTH0hX0NXscymxYKqQTY>a8f
z=Ex)V0##!74&j>zuT#hqLiLeHNT0F+8Y1x%KNmTf1hA*<&8eb`A(K7Ij~Gu?2!Vbc
z!o~>{R`5NQM3?m=<s*)lVsI#=01+Xcm;5V9B7jPfA#585!@(FKNdb9XSbE$PQGX`E
z!2<L(%R{E&JQhKs?@ZpO&hx{<k^FAay@H+AK>aZ$muA2kS=uIWyo9Ey;#Z*_PC+Yc
zs?<H9q`2<(#N}2)-vQ7oHa7Z5cJL`~1@$HcX|6%!jY#6}{)C)15E_*O$g~Ldwbh8<
zgEO;IIv*PWq`gBa)(x4DjnnCvj{Pew3wJE6JcIO{T*Dh57A{yS%x9!il5-OvDfKn8
zdnxudI-AR#3Hbm)!T^ojru4xds3aM9Z+?>79{}A7Dvd4N(`Nw>?k*B$t~1`&TyvFp
z(3*!`!k{SIwKiHim0cj}XX+TA>$OD&L?A|`{k$#g@GPxb9`BxAlf=mqU0KXWoPsGa
zr+AuOUceNKYXaQ}O)0uK{wQcFGVNYXZK+7+Y3-5di*_0N1<WQ-rqnY-Phk$yHiMfL
z(YJaqEIkmg?Uuk;CoO59ml670cs%rX{R3E8<bwQRxDtv4p|F6`Sl!;#0V!5<LQwS!
zl4ba4{W1#Ao8+*B@eK+^|GfNb!4Qxo?hB}GFIA(oSPo__IhTlv%37_t0Hei9^h`Wu
z!^z>k6Q68oYrn($FazeU%HJzveAx7ZYHDV*utEFhy))<W*eDT5q_jK)h@Q$nH3e_Q
zh(P~z1oKSp5yeArchR<;8rja5Ul;!1OSva+hD!;^i3a_e0<fLg%eTodS`43*WXSkf
zw*cI{_hG8SRB~b<xxs_^TsN*Go@{bhyz7m*GwtUX(vzWkFtj}_XZG9hL&lv1S=f16
z-^vrWBUaaR3bvs|9l$U*HV^<F97trG$AemDjnZr6c^lM?Z+}7w9_{D@4uyrz3`|Pv
z$}x##iMr%6_)|rplWsfDJPOokVZI8V-|)7@Fsb;ijLO`Bo#$*_@G~YGElM%=Ltq9K
zT6`h3fqXFBRGx{4JjG)Wx4ogd<?_*H)d})7ko9tFyo%o9-#%tr5HJmg;y`RHuV9QW
z+cxSvyO@_w6k&GktK0o@=?UJY@%FZsbu9M6Z$Yao4>T?&>O)H1Lmcj4dBCVAL=1OZ
zcdjFdqYI5B$Se$3yX}Am>OD|}zn@jo!J&X2v<OMjzWxNyL97V<WU)Q9p!r9`w77H!
zTb-ik9eI~|qZ|LY)Ht5n6xVVnMw=YqVmSxsIZw7~EVU|nIZ8>SKhH_$Qshmhd=*61
z(}1^|KH8N|oK9Lhk7A5B-o>g^UEaA+k9Nj2r6W@rp5uvD7{$4POD<`0IKkrJL`@;I
zM@+bRDcC$+CA$r>alz541Kcd}8kC~#Z9+wW(DJ1DZn$%I3gW0kJ%IT$XERFO3R<NJ
zQScEupQ6Z1AP}N!F0!Gg59pk+PgfrK0ids3X)9)z$^Q!!au12me<v#8*H4}fqJI0?
zzE>_f(7z4F3l=gmWdA7#6{dgqd98G$F?yKsQm7ry0m#q+v_&(IPms+r;U4r{0(7}x
zshFFJ{K7LGD<cGFrBMo4<avh#Hgu;Kg&W9v*4<aED_$(BvoHUWrHxtgAhn7%sbn>D
zt!)_fJsWziS!xwliI<@vyZ~v58fn*CLBv~b!b~GQyXJT~IJVp}^b()~EypSpjGk|a
zMSHZbU)0}jTvU}SZnq#fBYAqk)1$k|7W487Fa-9Sj5zf#4Vy4g`?JO}61M(6-kE0?
zN^@YjZ>SZrb)cx7tavUbvSw8zSiB;a#`_y#!RCo6={YHq7csyL;U<Za#f1NIE7c}S
z^PbL&{>i{gtFg(9LSWF5cf?5;c7ZesY|~mqDpcwa1P|ulLYIL<iz;{mt7pY^I<<=9
ze6gD{L^#8r<tUii^IKy7D1iu)K_fM0M-n0+==rcAorA7sn7>?M$4JKsjLlgZ(B}GN
zs|@hE>kRc~1=0Vm7-T}Gx3I!^u|C&EjGEl)!*iZbTE_K`pjg3r^MkJua{XjKUw-%f
z+~U5B+ZH<C*C>5*`fi{3^uR@jK@H#Xs{TcKy{WQYnRaO0!DYMs8{n|o!-3fx`-(Re
zAfR<y6SOma*YEy$a$?mg80~gzQ}{BvhV5NY-THDpeEj*6O0~&))%}U;v)$Ha9j*D~
zqV!em)9v}|&vzU4|8aIt!IixI;<sblwr$(V#I|kQP9{z!wrx)AWMbR4tvB;~u=lR|
zAHD0S4|=6mSEagEf9~u4F7%YDw}uR*RnI4v=Z8N$mkU)Nixcq+e0=52?X(qhytpm4
zSYBcuMh#Dob2VnNC9}Th>w?|Sr$%>~Y(qy){C)H}TW@;w758IDF;7jOpOf$F9lZD~
zHVwKf+!bzA`*)o_4o>{9jt?_7ogcMZzpLiCQld4__MO);*-!QGRu>vF*zUEgVzDP0
zY%3gG?*>oT8~g9ZpuC<=cAV$=Y+1C(#Z`|Em6r3w3l>K$+<m=S`1nn2dYP%McqkrT
z+QrWH$NE>IMYZg>KT|3u`@gRj{BA!yoA-N_zr~K~`I&XPig?x6+^wqiqwQn5&6?+$
z50fUJ-u#SB|EhXb@NEc+JE`AeQKjo+ri;J5uJUohLaA@{#1~>sR?9{_q+uoBt6R6j
z%g3gxsj`L~b@jrxj7j@<i4iUrrV*SG5Zq04H?VtUEps)6b6xvISV1lEaMm0^w%Kfj
z&s~|X>s<XRd`Wae20Qyjn4EzZj8XsFQDgjdeHR|cI%ch;`%7x18xTL|WQ1F#ZH<?4
zQ+vy_E8&M+j7G&OCi~Fcja$V^aWvJnrpTO|jf^`DYPML7*D6PM@TcC{bio>D-6df5
z<BdX*(=F(;{=JEId`Av^zX~^cD4LJYoY&hSpmDmw7ejjCOqf&{8&y@}<Hw7`-lvEA
z+oIx8J`OeN(f)JOrJ|$cuAYtC7W%*sOy@nvucbm;h28F!IybA|#KjV^8@<!SO9MA2
zxPo<5(BU#*B-cZwSDxnoL|_Vs#+xBxV`PJD<AAdEDq0lz-O)<ePqyFoHf!Q=E)pol
zYvS{Q)xySs@j>00-I+|UT}F4z7q~$d8aq+fxW5#3LHiKoV@lR;XTV%wxLG1%V`8SH
zjtiYM0<BrO(FTO53H4f=2==hJ(Qep1<cLIQ8z=A)U2=JsunS<*pvwLy`zj_K=aCpr
z{v1+2*D#MPl2XJ96hR@4cgrs{O{Ex3;_-*`CeJU^VtV`nUwbsz4gpCIW)VjK!dI-&
zZj|5NM3R^TV&M<7Cm|Ar!-@mw*9>51Mv~2*4s@5Dm6z|maZ5^_-ukhdh4jwsSuzkD
ztV(!G4vb?16K?h`A<6CI<#5Nyj=f$79=HvMC|UA*SzqyT6nw+p2|~re5s2m<Kv4H{
z1;qmscLUDX;(nS7!(gLb5|I)hF@buLiU1jTAwQown$P7{`g4=$t~i6Ia=}18#kk|K
zMs!D%!jD4qyc_3pM=IFMfYhv1hw$KN1Doj?fg9{2tGj}MyujhTF4+<w&;aXs8ui*v
z7mC9yF-MF#gt5Kl*%aWNwBxPxe)zkOI7iz9^h50ZVIJHexHgZq5s@-?mWj4n#9&1s
z2puS>mW+l7x9M@W`soyE*D4J3@rA4?FzTXyb@TtX?Dm5WK%9oeKyp@f8Lb`Wu(ix!
zFA4vH!g|7;PeBH-J?F{eD*?+vAlABm;s{A&j$!^M?Gl|c)mj-F&=8(J12)?<HlZep
zyAG>fYiU)&^d7n@rv5Fveh?AEEwFyFE!aUgMWO38_>_S({nkHd`dX;D1SJgA0Q94r
zsK!k;WdlcX2Z+e#KwLBt+Hv&nkXR?c>Bh9!$!lNGpPd9IWObSGbFGv68fStSpUU;%
z!qY}Y4};`&(WZgzPn)7}2%HiH#=*_mi%9PQvQOzVf$eQ6ZaI&Xj}*=K+m3!QZ)N_0
zNXul<CQAwB=*dlC6<OgyOfc91QSFW$Ah?f7Ma=XQ8nOKLeP4P9TgQ4M@Zi8OfQ#w`
zCx2V6MCOcjb;|Usaabg%4I&{sI*8Bu0dr3deGeK)=lM0J{uHV;G?32y6HJ`kFL&rb
z-IF^^hEysb^x%NmBd2lgqv1(Sa_md(_|v`KX|h#n5fi7$jY`;N`qbZw@8o_PPbqiw
z`|Y~^o_or00LKtreF5;_4fifu7)l!PiO`7Irhg-pV3Q2ipuJzp#*z@}hh(S}i~2tW
zSLJWPEoS1QQ;si#oX4qjI9yO3T8MftqiNkzGVdoL6#zX1pv^3@&H^^_-Qm>;aDzGV
z6DD8QA5@n}Eg?Xz(pYg_gf$qWswC7bg<RnVH>HUJO!`i>%PlY4VfBQeX2@;2nW5JR
zlIYQ}6pb$=(gz6%%vKs$Sizj)&>EuCCzJh>F$)rpiCr9bILsP#sXasL8Z}URxczEQ
zaNJHY9@YekC-I3sG?R3R(oFf3Ik2Sq`;4vp-yIfh?$-Sd_Yrw`Wp%?4Zwx~S6`&~r
zw-S<!TVR32XNkg?$dJ71JHiHc@59{xE5a&g+>dMCK}^9Tw`EEHmN$8J97SIBh;d==
z;8dO#@vf(9gKur_Kb$nf0I{fw)cj*D0Z=H$8KiU8$Td#I){w-Kt|Oh7Pw_|FbimyB
zcUb_W)v8<KGKu9*ipD3+=$7A648M9sN1R3~JuuU}x`#-~a$uU#kDYxIIY?N}06|QW
z@mUUme^K0?R=KPTf#x=w)*xJKxKiXaFE?$|i)2^DoZKqf?eHpEgE1ce^&!4j8HvD=
z<*~mdcKsdy%Q%oRA-ytRTpdmAxfdYh=r~$iD~JH`@NjDy+qODNk5QPE)fN?+6iVCJ
z1B0R22BfC&1@)g0OD27qYJMI%a{>`KSZVAG){CG;VxcD;Ytr0eL}ny~2%1=Nv}yJx
zKQxKV`97gK%iEVAMQJ946NIBz)sz<v>v*v$q%LrByYT&T-L{h}BO`<pz}ZiV#|8id
z%(&}5ZVfPL_5L8JzrpNPOQ&Gxl}k7OZn24#*APNCY0FH0R8%@h{c~pYU&&EpI8*gt
z3!%$T;?-uS3bOw72&aR2bM4h8EBh`OAm7}-F`ROd$t<Bb|AR+l=bTn$kHoVm;)Z@s
zoAxe+pT%N<htC)J>FEl82bSEDJPT22GWf1-bmBI#g0Cefljkn$qL*!;wivxDh9(Q&
z|52e5Nb4|E8=-kT+C@iV@driNV+Ls>U&yn^r;i+=Z*qZYsNE5d4Ox0pb`YeiNBUHW
zVj434g(^ju$eOT97OrP?50q)VlOqp2DujW_p{E6eiQRv@ED1LOu=E9F>hfAJrp(18
ze3<YO^zG}ILpsP(B4rM-089b?i}UN+I1f{`>eDAW3UE?Dlf@t0M6MQjB|1}DEbTDf
z=1^Ww2;RS87DbZBt@J8vU}|WBM0huKfRT)Tq7rizd%EO$ZLSzndSU)vqAmf2X0+-i
zDXXsd*e|dWrPXy*e}pDMNyMd7+rl{V)NGcg?eY|fBehsk)9QEY*M~E_#bhQzl-NNJ
zsXW&0B#_&h+!>S#(Gb&t9q!VlSvpW{s$w((R`quM(^iQbb`g*}tt6e~&zP^s>Qzz2
z$nF(9eQ+(1_n*y-;gn>}&+L9Bs%4i>p<9fj)2_qvvX6B>d+n27KO%(y@A2gl_~%p`
ztW+f?_-k>C6;NPSzisx&m6hM;N!-j@TspP}66J4J&~uUcOWC62bE|oWaP+lMXMz!f
zV>7_vRPA&KxD3dYMU!CfS~4lvQYSGS>Q=CZedS#7AHsZd*Gx6m#)1h3H~Z@}#89KD
zF}J#4O!;yYud3+_e}<>Ys(J~GKLfR|3$gEnG6>3(B-a3(DEA(F6#25q$`3@0yythJ
zk1|Kp^8nSAAHfAlVE|X-4wf0R;dH7e*c18_nN);xcojhpg@{wYot}|UyGqd2NuLt$
zE>FnCUO68hSJ^L9+-t7*O)1F44FR=MRx(neu;jJ^4{Sbi41wG`C<XdS7%o1YizD>u
zlzP|6f-JU;GZ4tON1IX2(^0Z}8?UX&Lc`Hc2K!hRlIbHFL>wG#D(mK=KZ>8JqC7}@
zqX~A4NTeDMr!sHSGVWLNjqMaoX=$>dB+|FdB{+Ex(eGchf(mtb%|!nQft<cvO{z;w
zsZ)KW<tofizaF}}X5r+qIH6Xp$(38my7_J+^2C80pbw2TT&hSTM|%V(M*W%Wwp{5E
zQIH~=PWrj6t>K%g-EOLSr01034h_DRpyM8G7b>nkpki$Xey)DjC&T&+wotoYIQ<a_
zV>YWDi~nQGfPI}M-CMkt^MOYC__H1a2R@ALpuzE|iw7(E&o;Ow9B&3ks8zx+ejJk>
z;_gv77Ej^m3&Bzuvn0`@E`ij7f>N`wKDPGOXa`3cclNYR2FMcKUP(*I#<}5m{28;0
zwA;MnD$0Nkb2q`WL#IJZ)A#N>9=w#bi+T&!txj$X7&z}Qt4*GMU4UP)10gLG>5y*;
z1-7`%4N%(2BagkkfSd)uSl$?>?kb}F816>d9G3tKPRYQ)yP<+(@tCS`)3&4;BMr}Y
zBMc)95>8|o>)CzbpVKby>jxxm1in}8aBlHqKQo&i_15eSY%gZ&oJ;*c=v+8;Wyb1A
z5OoDB4n`8_#EZ2@HE1Qs&`3Po$al6ZCHttVl1cdOC5ft|zvOa|*6!i!Z0PlQ6AHZ4
zR(*AC=*7-VsJ#ziI~1ROlwXz<2I^71CDl*G@Bw_OmS?MImc8Pao@y|p{&LmRy_f_$
zHaT-`{a$Uo_))%kmsnN9;w9B!26hqPM?E-6RfX~fuY4Y19!w3|-2s&iis&`-s<Sz+
zbMj2Oa5H!Jr{>;UYU*gHGsurxXNs!I`2&9bfywYpYJ$EdJ;mt0UgaZVk9x*O70OQ%
z)z_Bl;8(RA{scLOXVHxsmLDaHFV*Xp)D3;ruHVY5?$Cm!#VhH;{hT34&HP93@2O}6
z_%GGS?@vtm{fUoFya#`U>RCMJyWXQaNR|D{)>Gu|UY(h$D^UCXd&g>#zLY3FRBl^R
zTQ&DS3a`451KqPv)IMK#XI>$BYOlUUS1Dp!)E*vcub=!nTV})a(ONp#x7TIeCBQr~
zXrmEVn4ocg;EZXh+zz36N&7u?+^aFM6t^QzfIQ;aZiV!I$v4z%XwuiDEb`8&o5@i)
zAM+Eo83#PDiBPw}*8W~$>~?p$14G|qFdsbI7$@1pndu_gq0?YcGZ{Jk-hdFPY5%Ei
zl7C5sbhlq$(HuF_VU3uk)L(#}#u>lEZKNs5_=1lf>mj8+lW*kBmrU$T?0NYWr&FBp
zVCe8B(-oZuFHlWx&CWk_;?+xGw|pK^<cj}jeX3_As@AA87GfyS2h7!jwsLb-sdokb
z=qJ2*wjp-1t5fpm^8S0~%^M#J9yM~yrxJtwazkUIGGouQlh<|=6L_!M$BD%f|B62q
zIH-A32fQ<JC+OyJVq(cQ1nX*ZP3$7Jj`LYW%kE<B=h)K)y;`%)vey&s>u(2#6|AP?
zv*Ks1H_wMpK)+3RdOEEqGxn0khs(3;vtJ(T6<Tjq8N?Mn-pV#^TB;>pT(%qEkI=8f
zrdJmwdQ+LQMIUsnLB2N&!-t$UQBzia!Fqh%Pu;qzCn;07S5_Y%SubrKUVP@Ork(X}
zs#nS*M_zBchrag*rv+=CZwB2iT4gSD*iDP0C#}r3^W8j+6=v)<$1RI^?CEA3s(a^$
zKNs38!j4i<A1~+nPfC5(&6{OoDkmpOYK3FPzRB42`?I;X@Azt<nd+ju{OO%r^x|kr
zSOfOY=1tdkdbO;u@9Tv>97W{yGC#+(+fu&1vC7pFZ~U0P)HHZ=ddqWKao_e~QWw#i
zUbN}i)M*NOj7D{(2)nDS@O~@s@pCoOxX73*4sM$JKxoctUX6h=YY=_%?R0;7UG=uo
z(37KTT>DToX?2zx=5l5l!Wja=*~Rt)zg9Oe(^fb(bX$WLHxQ5EE&=43DpY$rRQfnC
zHfh3_#WrKNvt5PH>3hT&3VoWgAl@<Y;e}{r)=#{?WkkIK@pa5ZzEa=NeHyWJv&*{>
zdd<OUP;FwijXK)9Qf-jIR@rU}FTPq$zgDN>iPn8;bnu1z=w8edZ*el*0Oq;aE08+c
zhraGT9&07?;KvWGaHWHxeSIx{dYk|rVJY}DV390<{{?5GtVw?HcDFb5ad-V#RWvEe
zsY*3DdSkUww4X50y?WV2AD+T=Jaq6`!wELbQDB1Y)l$s8dt(33gMaO87qNqwGzvln
zOixe1Yjs$2bKy{bOoVKfzq@ektFaZdAb>#{-OQGl{`&)Ad<(mnh<cd%=P-r1aG~1_
z!k^^n#l>m3k1E<Sm9c80*mz+eb-3KFix>ouGb0^%9ehWX<T7N0pEW;rjn~(X=fM(1
z=j-U5ULsvad-W#uWHEiVMx)4I{+0q!B5IHNe1Eudk;awPKLDOa5*_t>=^&tZmrrHA
zbAGScbw;m%G&w*^_7_>390Z?aS0W(PfkSgILmq%=R{(td!mmcViqt553Q}i!Gc%&l
zj7lW$^2}*a@B6SYrR3R(EQknXI#%5&1KbDpbe<&`*SRXBSGWIHaFtX&Z6PvSJC*yy
zGL!g;$E{Bl0H1F6Jb)Y&k|Q{iB*y)5E44HFkxRL3E^a`~&zpRa_&9koDxNfIX}-sc
zcmLzq?L3veF<4U;fh*2qp{Yz#ib9jW0C_gdS{*M#d{$ReXgHgjsW;f^$27JzcHE&#
zXcu2tvV^|19Z<Ke&5Z-ni>k@tW>6LFJ+AsW0V5xej+LZ0(mO^cN~Vi`D_(>ylWn9g
zV2d}fZN#QTcDR<q?h&6H-kXe~M&VBrO5+;H?+0=VWTjD(_O^+5%ZJ1^!?IYq@S}b{
zV4IE`2!paI;xa(P;$Q*=8j{?P?3A|yZfc+ti!qAUP_~fu$im6r_!EkvxeOX0EBoR}
z2Q9EdQ-aY_xb;h`mk=U2q}kn_O}}V$XyM^&_=5-b)}pPMEt*Zxn^#D#O9`K@Xzm?N
z*}WSCXdr+quvawa1APX<M#m3c46>cho1C@@iP$E?M(1-==N!_|2yai8YvYvfc9=+a
zmz<?<`}KHn;URh$@v&ZJWQvXAu}}9-Bu3T-?+BSbpq`wKi#N@DxrAm*Jo$o)xvS;G
z&CAiB<`7TqF}d;i@@I{v70T%VGN7wTHUBso@QpKJxx*xLPS6OsyU`8y!T&3vFw~Iv
z;Y5<p$^YRp8F#7iH`ygls%zYvEYPtz2iF(*l7JDq3dh`eAjcW%Pka7S`HcPydADci
z!Sf-2=xfJ^yZ!*<=^%x}(1>VDvuBRvnjD9`OZ|stZPERQW`X~QW|gJ>hh|xv{)c8M
zKm9|q2tv93cnd-d>Chu|d#Jny+E0KP#bXs<@W`2N7j?2+-{_ksieD|Da#KBdu!bX(
z!1yUGN{$25+NHlAyhFcKqvvj7kWvKX$~{9>3zce?@k~t@Go1Vu7P++Osrof=8-67`
z1*pDUT;pz*&-!<#;PTz|bH+ryuWjb$T<(}me#SAoa)4n_J5w8epaz*hm;@ytej0yx
zgl<qC3T}Q+lg{ueM01eWqb2eOR`=aNJCfD@K-eKrN(s>hM6(S4vhjS3#x!g#ZN_7N
zZ>V_#donG<YrC+rRsBuGA9`b&7-9GX?bW@JXDLIaUzUxTR?_vNq6r9pql5Gy(yC#h
zyk)a=Df_+l$Z*EHybyXHWo~d`m>uM~vtTQR<xNPTVdh2j%*%mxVZ>6tQ(TbRZc=zf
zc=0r$;R+(V`pn&+K3!p~rz|7-s$-Bs?J?qcbvCU3FSV7RNGF`ozC&#a$4<uK(jhY#
zs<2_Z9}<wRN<uc)3VVf4kcV$0L7!z@QtA~axUfURc(CE(H}B<ATz4J)lHF6}L19-6
zO%AcE+cODgbuh%3hri{Rm$smH!jewj#`OO@RuOLcziuzF3>s+uwv{wU`qAwT<w#GY
zp|wUymBOExn`7V7N!Mm(yMYhM=Em2r-=7DJlRaQ@_@e<3rAib{G3)oagk*aokH_!n
z+^$k4Am@SO!<O;Yp<-Fiza@dOMIVj)sQXJR<7(S_6grLk-b7$|!QZ2#@SYSoQGwH8
z3qf2(X+TTLT52YwHj!gYltW;abk3Fbw9w8V75G%dtmr)uieDeLIzn!G5$$?+F`2`W
zN5ITJ;Ugn1U^lmpWGnKQE{q?fLyz@6cDVfmIdfzZ5h|pNr@bXq*jzVZD9~TsrHd0>
z!7=#pt-HiyzIE5KMD*GKC9$V4F0;n~gcl}fi#qtX<GS#6r0&n+pPviOfN$$a5xWe^
z_To1Qm1!-Lr5t6`<n420qSnR6nJe=Vpl4$nX|jTD18e%D_WfE5=&n-GF+}m-PghXA
z#Q)XKyRvHbIzFLe_}6mH?@{agAImj{?M$D(y8F46d49Q-;E*;~!UO(5IQTO1F#aMY
z;IBSHF@Wy&```H>VoY8R2c=H>zmjWR@_$P%sT4B!rr^jRt&yL9etb2q0pCKI8g}OV
zu3_D30^0BbT@c-%#)ty|9=P**{)Svzjg;?P3Y#C{B`~s!KFgr%4C$>N@oomkkV`jA
zSUW+9ZnVO1S&t@tl`F+=e#}8YGZV9toN)n=m9;wb@W_zSd%ufiz{D5~;a33S0E-_%
z&d+U%9eAK|_;KKL=u<(bqO_>D5la+kfR-6v<I%IbC!&n@EM2br1Z#vamoxU)WAnZN
z*VOob0hj*JmtOK`;<w)Frx~+GqkVo5-o@}R1Tmd2kYSi&gwJNH5*(N>W~&Uo8fhir
z39B*}q++b{k&EF!Ei2q`EGjRER3y@juB_`>vx=W6Ix`p!Yhd*AMNPqVGENY`{qwz4
zj7Pu!&9;)sVL6?Qh>|7tX%nr|n6<faq&F1h7)K<l^%rd!wq=<$M(fxd1PIWCH+Pxb
z@~WUmw5DLgl%9OQ<ra!1V%#>44G&--r|Y#p7IYvXrd=Muzw8#&|F&DS|6{jyT$#2N
z&L5lA8AT@ykAU8^C_uj9Hwrwcwj(7P&=P&KpKVOS&q70RBM7LM@EoE;YiGrtd+jB%
zWepG(Z>RqU-ir8(x2{RrNjMGWd<k&&eI+_ihJW(|MQJhdfl3UK&xctkv9v#0FSR~s
z#q7Y98d0uI<R3Ly1YV^d`qSE;AnR9{BZT*3928)e2b4wzfM&SWCO)Kq;8erKqKan(
z0%Ga!rE|p{cW$E=SfRlOOMdh?{S4`Ss*!tnr_{uCA|o|j0zJz<LhIy12zxQBcF^J|
zp{ULD%+CHW0%Mu#T#33Q=sd3~#tN;L7f78_y3vQ2v_|EjsSFb$yw>jI-2@WlbQ7g@
z^<+pyjzzBogb-2DwYflp4I`x23=h%Y`R#k$=3|)%ZRve`PC9RLJ9z@FW)fLovtv4z
zk2;bN9z|N$=e|GLNt=xYhIb2%Vb7v{KJ<_rrNI;^l$PW$tRA}Jm+$Lin^&f5rgvTD
zehw&qZV$ncEgr!ulf%T{x67Fnp|HfQ6*Do4R0X_NE&0~yuKr$&Zt-CjUp7T6CX1uj
z=Gp3QU`R)fIX{gFO$P9U#DNuv()-w^bbTn$hYWT}?izeb4=vH1coWfz;Tl*1lB)F%
zmLl4qosMWU?d@#iXe^8&*>Kk7Rz@7_(N1J-+Y9FB8}Kj7<-Ych<$Brrm*o<oZ&bIf
z)yMHt<byYcmPaYOulo5b5!eCTSJEP0%BDqK^H~bTpHw+pO1XG&7BB|!=VpjN<0YxO
z8rU*4R7*C;;9M^=SG6Qmvudg@fINx~OIv|1f}z#`I~4{7|2e0~kS5it32Dr$G6PBf
zS)E+88E(N*@*yYVv2L>iAJnK~CE%c|aDzE0y3Q^AV{jTrt2>2zVd)+BZe1y}D75<r
z@zD`7RysP~uQ*@Ml;74%T#mK8aHTil1ne`St<U8yuY8(f@nvo(dkd`HyO`iKo_`(&
zXim2Q`eixbFV@x7?DcHZ^|Krm=)C+JEaLIH)-PEoe=W%n(35_C!nb#fi9?DSU?eK+
z!g*YCx?`eqM(ZB<p*<ZML%uLmIS(L#;u5(w(cWOq*3~{;BLodr`wBLSe<JvBm@U;!
z6Yf6M@519U35AUi5*Jm%Vzf0!>^|F-$vYt0?kWK2?gBLM(}*F3m5}_V7qlZa=MS4(
zT4%rr?IqnKBY4x6PNb~PjyEtPU49-_Uvv=1&bTqdoIu1SvMkmM+Q2RE$vK|mc4&aa
zCGr@h{DhG8JB~9mkK}~z6Z+jX%XQ}@8WuMJftL?Id}@OmPMY?N`;^cj35;93Ip9S0
z`w-~gj%-QJALJ$$gUr_yWIDX$crNYwNH9#|_ag;!R?d1q3A)@&$<~}3)-+*Zxm4%R
zpzcE*PJu9rCoUoF52oAW5Q>`bH}^xzX`u}{?V3m{dn^H%WARe&ju_Ti?#M~QEl}cz
zCp=fNWZkEj@fPY9EsH*w#=4W;FqKcobWF?;M(RwVwvBA`tnlo}L8+F%(f8Be5LFP|
zO~{}f)HsS(X2z15KqcpMsu?0z22T=Z;$(0$Emx)z7u~N@P%`HhGH~zj8m?<cwqo>w
zF^ic594Cyc|1s-J=+iHP(WM$Z2TJd~{UNFAe>Do2%u!|pK`4G;|7)K?(CZX~#8>X_
zXLglC@sAJDv&@sSIA7an;8vN_jOCx{6(PrJG}cAXfD&uRoV;i1WAX5g^=j9l{x#or
z4`5jN7$KmgnuuwI4eZ~xY!d2Uwk-d6X$B>bj7(1ql}@=t(is9t^d*bhfa4?WJx;__
zftFM7zr2hoy$MAI=1TfomqGoE;hh_FdTh*OV?^VnEHQn2Z9Ce(GR~|6iFy~ps2J`h
zD`9e5o=*o>N*2X$OC%f@yFp<u<@gk=IF&<%W*iK0(k)jzp&);Y@jaSE6+_>Cf_QQN
z6!FHlkOB0g1f;bJmdgi0h|LC4TDG5I);Hy9&GAAT01RAyWqD;(@E_9}T%#vUBA()=
zOWeyDJ;~!39QDZWnq45Djg>x5IyS2uQwFC`J`()M>RyVyj?LlsaLqjQzjMa=o;w(~
zos^)@lm236zujj8h}>mPZ;v$~_%%bQsfL7CL;Y6xOiK}F5tWoEynRFMR8l&Vlg4v<
zgy&Xw5Yai3k6Qg|o8NkxTrw}wA*&|EIXSp6i;wgpn#7zkrA2urZPTniWCawp;G}R2
zqaok4LlupcvV^X=L$dqlgLu~zYH1>+o>?jiisE3+ykO*J@sNLwJJP}f1&r&K<ewfU
z$`Bt5ti{-5WM<PdczIMxyGHaHs!+zR$nv-{!_+|;9!pASjT`cLl*CIndf)3d@NI-^
z6)?R#AR69ZdYUx3WazIit@^62hdI{IZF&Z?s*}x9>nDt#0Jon=>tC&a6VM4cvbc5K
zip#;=qk<kcC^Z<tM_84J`$qRSvBCV9Tq2U-4FhBpj}N;U1P3jKWZ~<zsqqA#sMN=W
zekc?N^BLNchal90_dBsAaMrOLn?(>?icp-*L6HWBoS*sll%;sQ8pRFg`Q+m~5nX<^
zD`^tAsZ1TCu+4^i^06JMz-Zh@yK-f73^y`7L)Q>?MRrnWvq6-!vqpAAzHq7Dtb-ES
z{ZC4_Bupst!4b&zQXvS!2qr4tG>K;oD}~|{TT|HU-27vns@7MQqRh=tQ7p)ScjB7r
zadza57i~tKZ$qq@+Zw$utaEcy&M)H+yOCUq8XQ}~Kc<4->rTRm{W87<8R~)7*w{@S
z0>cy$?0ty`GGE@6MIHlMB)eN46@<fOi;DbF7UfJkdemc5=|(y)|0?htaa=bL3rV+>
zr~f1MRHY?KO6afpG`SUN!VPFe_SvUWj0p5MZq&K%`#P#(H-<8_xw|$!>2ApGroixO
z%y^wEtgC_)%m(5*dNluK>RJMTfp`Z6M>#G!)aF0gh<jGO8*&`q|KOl)c*UX<V`+#B
z=<PV5dMkmyWjT(~n%-ukGrQCo$aLbNfk+<x=)^Rja?S$L!sdtz=o_z=J3A>JO7S6m
z>ikJMFMcvbnTzo)1sSHXpT{@cS+?_Sx$>si)0;O;Zp1++4lx^T(xdpV?2z~c!%#)O
z-)f36b_Q*!2}Zhm+6Un4XQkr}`?|(;FMz!$e8_E*Q<(!6Iz^n2R`TrQCjM_krxQUX
z1vWJ)S8G40g>nm8;U8#|v}>tj03|_w)nhopzl&zTI9}r9q+s>YFfJw6snx9LeMi}4
z(dZ@khrSC%W144Pf}u_xV16tI^i(h_7>Qm3yF$(CXQ1Gb(ACfD3`P2cs{1}~PXnwA
z-8kLURzr<AAEGl|v%1{l;t}=C3mO-%CIZJ}oiy5GW4CN&jGv@)0~_1<Fg~#oK6#Kc
zOch)QuS-&M6D23bahIT!T)rW77>uYo88lEH4jK)$pifcKNI#qSN4?5GU2-~Lv=9&?
zuv<mj4!>8&)M-FG-J<md7U_?QkEPfrOR!l-p9AlWcmFum75~n+b(5AuxdpCHMp<|p
zKz$4h&&|Lz?&VUNvp70ZK_coIm!cf^D7hV^4&X>o5OmE-n?XbOGcyp293RwlFb#{<
z6a&2fp^7dwXC-XCZus+klKgD-d(aVO4u*zEJijGgzFk)-Q5U&MK;^jX(ye9Rurh1E
z3%~;O6ss_BBmMssa)4$3FCk~GY8@`-c-Bx(&e7AyKmFiNZ3(LM0kcH03`O{_p*Pcp
zGA!XqtD}F0(GfS;*qJ5S(_Se7?a@}~(w>#UD!X)6s!Kty>cN@Oo4ZM=onnx1NXTVa
zB=-?a%As=yWh;~EA`m@UFvPh|Zdg>q<BBM$zvqxN@!XH#s_Y7m*HD^(kou7WYQsp;
zVB%Hq7A>L#gdPj;(m7;r20I+pdgp5^6e=HS3IKDLG0%jEgR$V`{>#V3|JTQ{PW|<9
z?Ur%d<EW=__|t&RBQbtvAD;ZRU+rN&^=lM59cS}hF?#HtIak7ac|tesv8a0ko!k`}
zE>7!}EyEMsM*8bbb}?cXdmrFV`qPW;XSr@n-VB>vZ7-`;@_QRzYo#BIY~VTOXH`C4
z4li9F2Y;Gjy{@`M_1Nj?v<kkN9EzWnUd<-|_SD<Xpvl?i`C(G?rVp-fCsVAKi&eLa
zlW|jQZ25)l*y(o;uF4q7R`^;z@BFwwOPece+yZr*rtf-P<|&E3@wkY+9y@yaTpFYL
zxNY0>sp{@#=4ZE?0+(5<RC}B}&4POIw$oc*kL}X-an`cqKX0+6ZkjYHSmffwbsLI)
zO$l>-I4_3%SX|u`yQ^HY%-ry<<6^(Key{J_^zr1tZTe<&i=*)iZ7(RU$1|laj#%0F
z_|a3b8d}%mf3V=Cd_JpZxL$7UU5#cI*J8d7%J1wQUOszyIP=Zmqj|qKjYIMI!aARY
zH{-ABP+R-i@;lRE!*|Gm{XB+V{SCX^Ug0|3Ro4f1V4v;s%g(RyYRZ<T!pCVfsn+#3
zeqZyP>YBoib@TCN4f>U?UWOg**_mXBYr9@KOv>endYJ4`YJaM~u=m~-03P*u6g8C2
zx$WBy#rcTC5sUv(+P&qLcX`f6W94JN#drRnka^otTE^>NzW(I2A?c{B0S9ygvqsY8
zEB^k43b`1kUEGSbGdzupOWH;qiLXSX#d6o7=o|0%4a;VW0;mqOnR^{AWV|0CB{OH)
zY?JhPUrSu~$F8!KUj8NDOByGc-hg}<KA37GS4aK!3zH#vqIz5Rn_V6NX{Pi1QDheP
zd9!)ZQfGxee!lCiet4T*P4jIO!%~BsoW51<N!kg|YHJ%$pf`$O8?EbKtYunBAcQvO
z8|jzfCo|u>`tL_r9lSlo<ts;l3=;t%I~Y&f@m5z8zUPCmKm*={;ysKmqCrvI7z^S1
zVe7OuUkI;?*x``s3-q!Er25B1@G6nfIq|Xt*ON9ju{H|(S^cn_sy|yc!fe9+%c1gQ
zd={G^YITb1KHwC<^K;ua-LbP)<7ydCm;Yt!7AyW^>wxnV%Zx6rw<G$#cDShu2B3op
zLvg17PspjEj&r3%GODUza@j)%sD%MkQNphah_SSVF&1#=;PqdSTSKj`?uP)sl^r?J
zA{Wafz7fiIHpjr_YvA!Mi)}GJ|AKG6=<k7sL<y|)jB^+i@6Ipyi3YW<wc8Wx6mCsq
zr~vgY)+dK@8gWD-0}>q5T|k2Otc!G&1Ti<mO?u7H2(?p0NI)ux4ZJJZqj?HKcUxw(
z0^%dLhTlbO`eR4=4ex5XTNsI|zW_L#^wcxZvCG~pFa|`9=mqY<#u}0Z6#Ih0dcS12
z-e-1`llLW@NdwlVV>sx0K_mwEF0>vYJx^Hb*lnp8fs{@2D<6559B$w)*n{Llm=HRQ
zo5|qK`CmP~?NBk8hxdO6^;=js3Ge-QKcQ2^JAEr?A8<5oiKwXn@mk16vm6k9F?vul
zT#Rb*{FJDSe7zppEq|?i_5|`>)y(HMIR^RLj6$X_e>UydiC5j@)VQ&0?q-`$3#Sa?
zh0}sMY_WV`1$-TZsW2a)Rrfu_`Uq|MWGn(xsc<e|e;X}>#8wb3CqFY$2(|#g>O2|3
z7NW9-OYsI}L<(s%!TKn~CY$|uf_t3#()su^f@|<w41mwaMODS}|Kd0JZ~P_`DDaKn
zS{fkIFxi9*5xeweB7~scfR6n#l?>?CERgti2#djY8n<0I84ioCGvK8TTZ_PrK7BrL
zAQ~FdCcyEvIp=`spA_}roYNwT4}oQMq5rx!(7)~t8E68$^j>KJ*tuNX9xk`-gyIlb
zxfS!ImvbVE8hpG1VEaxm&0)I&yzVl<3+|pPKI;fYG3!U2fM8cp*k=>=u~g-Yz?76y
z90Mr1+8Rest@MmM)ZIX4D2$=L_{YC;dhZK)FxPPJ(Ch#7bcFhtkXJsO?YHQGh_ORY
z$SOJ4(q$5K!~ti)>0uo{;P)3UL&51WxE#PoZP0pxX;Hr^fEVS7dV=F$d^vzYWmIN@
z7!*Eyz+iJpGl2-<?cQL|E-G_@_M?}doFu2QgL@?4m)a^v|A09!f<d@JdK8QSNTkq2
zn2(RC#*k^f$?mu-Pr%b?B@5nM`e&$;jPHm(&W=JU(S8|clDV^pV<>nonKWX`#J^l%
zwTl?c3m@CPGEf(I20Q5IjQkNwC2wu7M)oAUTrKnmuL#5&Wra^S2oN$Mw6*z69lO`n
zeoEISUvJMX+kLoUF7tU>d)sj<G+KY{K1fDvBGqIaV6EPQAICbJ&C6&7sGx>hq=~G+
zPx(`_F$U<5$PhV_-GWL%G}=T%i7Ar8xyBY*u^6NcqcZYlpu8NJVp;;HD48_kr;1!2
znBF$UP{}4nmY!uEUQP6&fZ7nIoGPMBT@rI1vUP3#kzBv@xbMPbc}TK$?PqQo{jx%n
zP9Un(iWdYoGq8)2o$;Yb-|}ObqrU9pA_un~lVnD*G<%YL`S5nuu>y})<5>Tf+w%7}
zSaY|Z9))%g`+)OOuC+sR7*)8rmI+-}C`_D8{K3E=Vpn>OV4gM-9e@wLu?Dl^wiCoW
z;>!D|Tqo<vJ1XQK=!XuTBiAm9g2*#(zxVmJoj@|Ua|{rAFd)SiN{hxrK?E#e1ZwZ4
zEBd9!n14u)-3_8pMdptes6>es0~4kOmiVwo$mFB>rX5`TdjD{{d=9c%hF;<A9rK4_
zRi%!P4bwM02(}hZO=d3klJXuYi~5e^PJ;i@cH8<9f44pRtl5KeFXPCQbImO~tO&w!
zLqPt!lMj7&ax9MTPQH7e5eK;|ko&iji^I76yOT3Lkgp|)L7HhK;$_<Q5YF0#=K)O3
zV7H|J84$~A`3l=T&j`Fn;zG&qu{mJ*Z^{o#<AL^Iso!#)>4($S^GceUa5U&BFncIT
zQKstgKJl&fvOd!NF>q)GxI#?UlI3JQz}V+tu7<U-j<Z@qy9JU;sj056ZU*-A`knyi
z0DweT61C0_0kPcpB|0p})K7j39v>|S+NCJe_EIq`(!Q~oZ5$$wAXU8mR#xgP2_u)&
z`L4x8=fv|pI~Ln;3%@P9Oq>(&k5DQ45!&(ZWRt`t1BCs7q&cEu^~p@h^vK6MgpkAo
z<><uYUt~kw(s!bhdVn*9@tWbM-#Z%|TE0FJbqn%cXD!$doVjzjPiXvRPo3Tp;UxS4
z`&P2Eg<&eZc96%L=Kxm4>+r18upKRynb;Ry2sP;Qa8~V-r(aQak6wDey`2W!1Sa3~
zU1OTLqUSQ%@_|LyjFgG&d*fRb4w8+Wt&8h%+c<TqsO<X<k1|2<ue7rw!lX{l{|pw5
zJNJiSXd>4)v_lr-XyX1SppTr<54U6RU=(}D05C@R?$hqrHB5ZAYHqygO~cEBEf!OD
zo1Cr-$+V?5ncL$&E@M3&1HM}?e~ry{n}ogkmTHD8uS+w5_+bvGc8oNdn%jxy^x4T}
zkTIwz%@GeuDb|v(k19Qmr00J@)+=tWk_P3$Dnt~ApL({<j-V_|6?!<<xJYd4r;}M!
zd7$oJm28o0k3$M(D8p$36%k%NUZ2rg=;TQas29IiIf3q`6$4b3DLW0EQzO^kZIw)6
z74-oqi8D!RI=-tpzcC^yzE3;?a4!=9?}Dsh6rv<*zGrkRRVY7kc3-6$o3|T%N0sHS
z8=a#sQqnwt*I4q191E*eR_ek-{AIW~3aHQXy=l1przZX{=aFL@iHT^M0F(_I5L+S*
zb{r+>C)QJrfuGSLTnPKucMbkV($&%+K@-70jwWUKl#z?T<~fay*!8nBq3+BrO3koz
z4+o2BB$#M&GSf`fX-`(DYUl}xUr{_dO)*gutGr=sX0c#|4)4YWWq&i$H$vu1r8Uwr
zq%hgS(;UuO<fqHA42jcr*-u8$pkeuon)o3o_hIG2YQzxkolGCB`VuqpP%5%Et`MW@
z)3G=@FogN3?{Iqts5r87Ud8wt7Ume4)!+gfM7X_v8ig7<lAzT(q;<NCmfqaMs&5W`
zQG)poV*|0k0L|sY7-K;kGNFvyFr<RXHUk;}Wn2FUC>Gqogn^zi)ekq1*QJqGvUy41
z_<=&6GKBTE{s2i$uNB3(1lB4l-jSpqq5AoaJ)KH)wUQuYBdbF|e**>}<G@mu48Py<
z`31#U7)@#9)I%_O;;k|#FEFD``jJVXvNm?LW$BQMi%e)MojoR&r_W{KyMw@!=y=41
z+*Vdd%z>ET?T~cW6W3|7F({bVL9!eqaH!SeldILIExatPlWlq~Lz1*#V{O62)=~^E
zPr^AiEQY+LQejI_hJ~?QATktkyRlwE*7jdIShBpt=sTU>q^d(Ek#4(lG*aedaz7o+
zm@9+D&N?2i3@~aZ@_ddby~H8#tKDo9%1nZ{S!PKh)gc4-mdB*m3j%ZRyviO<Y^~n}
z+pdwcx?=Ko@?Myt8(r$;lo|alNS-Suct~HdrRN|pa~24K?}rgD4i^hxKTLyxm**9~
zgA2z7qZKcH=M-rFWesBr`x$Q#XAp<y%3xy><H+~9-S`;lfhTOVcjK;Y+cH+X;`4N=
z&%km0QRA@->;<UI2L%-SC}g{1lF_rS-)A+z$XwAwi!UQ~A6C70L`T=gyz8~)(z>Uu
zTiDR_wHlhyY!w^BFZw}j-#B*TqFD|ac}<{6E1T@)z{EQHV(F2fnZ2)58thjA3RTgl
znTt{@fXHsB`Xg~+mSm&X(t@du1u^?iMbW4uy-e{soF1(VSu&XipyKwHrNv*RN5*e&
zL6k54@jpt>C80t6`6Y#%U-Rkb%xkRt*Ll~h)C+yf?G$WPz2XOQIY0L;#=91!uc}4S
zvtRD686uI|Z(k1=UhLd22pRaNfN$s4hU%k>Q~xVFXZkLUk!NR1YNA1kn)M5K!JEkO
zS!#p6=66`YYwYwRQ}u|{9(~JD4qCTU(F1v-udTfGbIa^|<*d}*m%s$Q5>I8)=Pi{F
zr`Q)_<k!H>FY{39hwk-Les+~>sk@Tcdt~p<*)QskZj@L4UsG01FzTx&J${jo-Qmom
zRgGU#Z`~LdHP;VPZ#9iyv*v!JPDg(a{d!mRBsFShKdCRi3>&-qmZ&efXFq=weEh=M
z_~%g6(l3qHxacWG>q_p2dz<1X@*jToPL_AAGN12@e)P*-O|d9a{R{Sf&Oc#}a;la4
zwW)NQ79T87=^LWP3AZf->NgQkcncEDQeTyx{8IZFRHTDrO+KstmHJD_RWZMHp^0#c
z|IUj`?9n(r6NXX&=JH%xKi|=;>v)5S=r!ahJ&#Z{H&q~xz>}EX(;bqPI-}^}*3)8x
zIojnhSSaihIpIe(i%w(08bCz`E?X8myPdZyT##yC!G!eg1R{eD(q%$Xze4E0<HiyE
z)2C8ly`p^YKckZMaqTCWB9xcdTNYaC$HoX5{UIwVf|c&bGNnjmW6)%AnYezN8}t)&
zO(nIT)fK_%Nnqdwh@5Q24Cw1)hxUu#w#06?jAYV)K|;oe_WX&?p^l!nRz*QYg&QBC
zW+mnSQ;_&eT6P_BlCwSnz4VUM2)KwJu)D0LU>u!t0KZK*N|6_1X#mE?knc;@ZV`=+
zl~B{VbG>9h{QHX~K@<+t-(ge(M_`7Dz-_urQydTRsl?&8jjM(aEz!Se5?etloLKI)
z$NGZ+;YtayY5GO-J{T)P1fz)01(*enE0g-#(l+7b#lckp%~i(+09E}7PmI>4Bygsd
zGDauLVfepN`p4d(DUJ|9#_*N|!@`bhn)YH##5d-;7iUd?Qp^Zej}51YdfDus$l~nx
zYMKguF1BpRb-y>M3i(xK;rpC+y}5cXa$PuoX|6@B891&6PikMmD0UR|x2im%8L}ug
zo2OL{wTIYQvI0gi7fFqcmkP)fJx@CsKoLTyP~OdDkb=rTj^7Rs%a0r-YX}|TnG|su
z->WU^{)`>OZmx2GVWU9bux!ZEx({?uvLkmKdjUyh)Q@h8knFE?CZuVL5cf_!At&l-
zH-FfO+AU$mq`59NL5!tVNuD;jpfysj@rq_1C9rg^;oTLsy=($bs>2WP&liLc(!V%{
zQ^MXJv4kCw<TWHiOYm3=&h&|9Io-da)6c1l?=~RvaY??2pl2^QL@KK+xyWY1(uJ-C
zJmmquY=TC(@&%B!=5&o3*#_|9<~LePTA^mFUP<6@*|Tk`?@lqYD^)#f_xu1b?rn_@
z6RsVbVlVEfW>Lbyq-m2S6M?9zd-h>|9liR=Dp*8hsI)C(zLv&$orD!?6&5t|i7}RD
z-TY@a{9LAr?n-`GU%=^3mj<1wWk(ybNd&cyeG*4+%t<)6K(+xAHF+uD`tIQwWhkiz
z=5sv56we`SfU{XACl#udbN8nT=5|kOaSUpPU5qvNDRoK0#qSng>-BP=CXXr$aF5xW
zexcieiJa=ow1#U@EoAlPzR=Af-`X8`oAg@Jaov-aaZ3vyGsA|j)&rAFlwYL6GIqJ;
z8d#L^igvowM`L<V1GxV6`Eqgm726wkmmQ6_D>BB(V<;R6h)PDkoN)3|h~&l;Tcr%1
zm<wy)G-MiovdHpv3rLcaPbHF1bz@F8oA5)Gltz$P-oIpcgIT=ZW&E^a9v^J_)%M&r
zK8Ri|6YY?*x_|s^y`5gG@FK?sU!ozWtjuvqnjU7=R?idi{F4=)I$77**}Iw9_ztLd
z03f3_6LamDSUCO{yG3{GpKz|wGY@@29xlGS_yF8}r3{V$Ua@^&2)1p!bB(w#8LU@`
ze*ag<wOj9@9ca+z=z_h535X8R)WC+Qo*X*aU_|%dFDa;(cukXBB^wq+gUivP-{&yv
zddenV6H7PMIXtejsiCd@3URfdX(TU{!^z3qG$1qo(NNhsWtwBdrY5%h3sDtC57XfL
zh#b>k?(8I4<IO;9d37$T7BiQB0fKvp%ZpG<z4Ig5+{GmLAmpESxN=6<rUM;dM%8L&
zOp2#!-!X)zmrmF?W;KkO#bxn#k2dl3?`!I%Y3GdXLzSSl7<V`h%G_m^me#KRXlz<^
z5_N^TLBEW|riU;n3bh@@fT>DuT>bES-0W(%!I8ZG^y3F*^STmCCo@sJl3L|lvS}~r
zl(goLZ$G-keHsmrkl0NnVg)hLVxD_j$x#BmRw*RWq))baT$val0YDP~0P$5REk~Tc
z6nuvhvRU&XU=Dlj0Zx+?>5=WjnQF2*PS!U$BO|Dmf?3}6L^gcc4{#Ky8wY6D1*pes
zce}!<3mtIyxw|A#jjr!UZBK=<p8s*t9A(4b@S<@axu-$DB24@Eh~D69#0)2sIJrN1
z_LFn6#E8uRuW3$0-M%2T%2v^xG)W>N`~ID*U2lCbUT1c@<wua4kY_Ja3rQ#G$>2We
z39aOnSRs37dN%{M7jb9wgoIt_aYn+XP{n&z+~$L;TK#;&edNGD=NTkyvXUp!#%+?m
zt&v}E@U-<4VTHWd_7b%)7<GAft!ekVWsq)dpl$K`HF^)TVzOQlVw)A8%}{pSv&(qR
z@yeS<xpXW^cxANBxt8zNq&`Y%j`^IvWP<efIf@P3ayEnoI|||U;nC*w^eAlGhmD*e
zSjy6bjokD{oYi8zM6V`80)tf9i=GI$=!{l}OYyj|7%9Z}(V%NHx^I_J6%JT~cvlht
z@WD&Lp7lv1aANGg0rgG)Dm}1we7k)A(p_Kg0wzQXXGwrJ?sA^+hwR7Wr{?v4%p6z?
z9G15y<cEzjsL;g%f*hzx3Il5d(am{bYkWwxll`6Wl0421KixMO%XJt5Y&+pS)zr{p
zcN8l;_GmJ^OoY8C#nz$3R>{+p<@=qEu^{nOE8_!Kng)(mOp>3qdD;e!ezb_An>yJ&
z^K`X%1My8E_$Ybnny)n?dv|TRsw8XfI>omR9Fg+zOM7=62G@gn>-xj-0G1pr5Yyyq
zV3eTKI6^ZYj}4zxp>lMp?B3h#+}9-CQM?0U*hV(j<M6riegWznb{kY@Uq&(+Rf2bk
zRd4>uno>gbYtr^H-(Y^OmewZdTS7Odsv^lGav(Vg@L(mMH=4c0?3N&Fz{C*g->$_G
zI5R$<?7(`FIx_AFKbq7Z72;VM)(oEw=g;ZmAP$`<WzI;TOf~U>%M;G=Ai*jhuqRiV
z%2Lln1vzKf-vbp5!sCJ3t0gyFzk+Up79ZN0^lN|hrhCW8$@1d_7d}5t<{_kp{Bbey
zL3FobEW~?;PtywW<%3L*zZV#16gajnr4m7os7NeNI&3U-wd^+eE@fI(@2H#l<4(hr
zYH2EY_`@mu0C0t-Bmv-gv{BEThSEoxG+Ghv5b}~=BBdO`r{j7P$>#1PwNdpLZNz~@
zPH_r>UNVB+d><v9x-ODhK@c=*!cSvr@jXSwGEA>>rgfe>$umqSTbzze$?{oCncZ2+
zMc5*eE-{6s)A$6t?*2acxX=0`x~PTC=maz0?$0c=%`ex!*`>AoKZ-w+>5%?8FKl#n
zDO0|=XEp}}C|h9R&JqP}hDv$?8m%p)?fyXN;Ss8QldkNwx%3rNbHdm3?ryjY)W7)Z
z_at`l@kuo~^N{DdRpIf)dK!<)&630nFt)vc0G#s1L6kIw^*aWhzaazLb_~G2zRhK=
zc#d<pBwz`5v2mDz;l06bD<31RGnK)jgx?`-SuX$)kXxJCW2SwI`?vu-z-Sq8WfnNC
z2+wJ3n)o}T%gFQtjJ+FE5F*s#_2qa;K|Y60)PsZs#Sc}<d1EUS9Ue%aCh^Ja#OZtF
zJmQvFuy-t@`C!k2D`*ilLcemLG1Ma6RE4zO4p#oe37F7R3bUl4-Iz0O=Cx{l#i5EB
zUXKu%)UTdYVXBxn`LYDf=x}`gIJoP5gsz+!&TfZ6;!(zc25<!4H*R-;u<6dbCn@=2
zqDb|_7|nTc_1qvI(kPXX_djVRan#i$*=W@01P(cjW<Fx;y0M66<kTNZ{J^9!VADHJ
zyU@d{lHNU&o1F<bt)ear;yfiYFFSLNsr)}=KNUIKY?Cv+uQGW$PudvPy!Q4lCOAC4
z?`Mv;LK%5k_O}mgdEfW5#GeDC<n){`29CFX?`QV6MBMM>+czDN!J>`OdpCiiwgyl>
zFYX-;K(TI8JY70GzDRB5$5UW%cinBwIXCQ4qjNgn_p*nMrSMViHe`?Qd)actkA&nz
zK<t2{_*Q207-5jAAxv`Ao03RB&w*Seu3Bs8z;{4=a43p*S7O!SVh6KK`!Ly;<p-;M
zHS*hKT%1B7wJl^W@?;}TuqZmL1}65wI%-5GM3P$!)}dpY^dAs%ykawv8-&bZO5j!P
zH;~&VLl{a&WzM*rYXinQ=JBwE?XaMXz|lD&CXQ^bVccWW{~uG|7#&#~b(wV1v2AqN
zF*-K8W81cE+fF)8$F?hWDz<Ig$<+JJteN>$Yu$Q&J@=lo_t{5Y<}dG%??jB5o<!Mx
zEg7u0!zua&#>MHR75nHj{F~e)_x_HiLE;AyhGEe}MI58Z`kjcSx{IcI3$U}9SWooB
z*ZqN@W4nW3w_ll7T#!R|brYfdF5a}3U`rCEEUA{z464Vlvp;A=Z|}FKc2@%*=*Auz
z6gA{&;NfWDyLvM79@U<RsBX?}E^IrqmLASa_@qk56&K=3ManGW%Oq7mKknJ(q4z^K
zedp&g3)3sop#NTr%R`0n$FfWD7S~3`6{S>y{%DuuNviZ4l;bUe%&f$cI*=zP&tarO
zPF=L5b|_yzK`UKCuWKm3LwIkRo(*Yjma`{kH`A)YDRZOyrZw+G7i41GYgWoE&Q2xQ
z%7c1!i3UR%PyF@3C+$oL>Z#FbC#qmHd-=;UrK$E7YxZwPzu2F(Q6cq6k?w@lRX$HV
z2Yl?)u@#N`T{u}y^}~oy@!Vsy!w#5nVs686sgk3sX4C;CkI|^7Z}Y82L=HD0La6SL
zV9RxTPGIdxKjl5$!M``bFujZEq-TNkNrt2>2SSn3y{D%;g~`(WyIopyd&b!bq@3~H
zMdN>a+_+MKy}xTjkq^;1A;~-cRUfv3_HhcC0tb&c(mqmza-UDa$!*;3OgzH;naK9n
zGxdzGN*MM+bYoqVIib?19f{<!DV`ODPwGscYkEyAM4O6^b<<S-!%rX<PI?n_>iJ2z
z<M6GgcMeHXSINl2pu$cITS2cZiaLAkTnrsGI=O#IBpCg}gLCRi347+`@Z`ssekE=m
zUzUvIYL1Sn#M)qz)M}SAw2Oi3llWRk=FB6)3`fyLh^s13{>9maxk(v?4R(aos_yJ#
zf8m9dEVWkN#rL`%^gmv@I(<LdLnOTZBMVVo-m{xpLaSaB7F$>rSN*Riz#Tmu^kz!C
zjK&hLY#`2=bxlI!lViyh=zY;!KqtL{)$h3q^L3m<;K#X^2zFCB2G9Qyklx>9ooXN{
zI8F8_KM`)Bx-K3hiFq4?&B-$)SOUvYLbtj5>97ou@In>H(nE#lAn+cFR=e(Xm=I;<
zoXpz%DIUY~%@Kjr^(6hZK0L4$kgIf(H^g&In|n(gm!RSY;O7CSx}DjuzPd?&KHT3O
zKX{p_pRd;fn#4AYe?EOaq(x<3nWgz8)Z}rzF!iU{<QRwqxjlgs`h@v^OQGf2p*%|D
zGbV30M!pfHDjqd7aX9>kPk0D!88mQ91Z9}gz4y{x2OB&yN>4f#a-+RRQHf5*PMMwP
zi6w~v88H}M_ub#s3cy*%bs|};!)?7aV(@0jv{EHxQ(G_<uv+B`+a%R;$>Jf=BvlST
zU68#}WdLq&mb%)pmS=;^NV#L0!IVnb3$XEzuBmYKhr@s8eA1P@CSXnAl{<Pa-(W>~
zYKRO_0ezw!{~3{x9{<c@6XqYSCCOp{n;#oe807&ls7o#JVsMknX^3aT%6Luv>Rf|Y
z=b=TgWy^`BegnKI0heb7g|vC_gM61iL7Q86f#z5C(duyuAIS_xbf3w|X^=_1dzoR>
z_-Kz)SwtMh03IBaJ|c!4QR{TZPJUU9voUTwi{Y^t;WWABkREA&7w?Pbroh+Z+DpsC
zPglL>S>|^IR>GY9rI`z<$N2UbYff~Hac!9JgDV8%?9uZ6N(JV#`qT6EM1!#FcH;$#
z3I+|fVrmVS(Q+wO`cGPo2U(4WzE6n7Ew6tIo>}00;A&=)-9Kv?TG>`$>vi3<sK@E^
zoBn7EpP^|IQ#R^)DXxT`B`x4zP;H;C;{}@((imP8OjiN(YQQwlD)O3ih0kn+tOB|S
zh#+sg##=R~a8>FqA88z#as+%z%0Dd~T>kje%f4qoUyf|-pmcH!2)f3ED<ldI1z2G`
z^XVJGG0X$RrV(T%>14J01&@Voykx0cwK+_Qpjj=`z(yVwdo)8xO%ac%L)|ev^0L&Q
z18egF3%N0P!((5$Q683(1oX1Lm2`c&e%`&b+>OuOO>ns|aT&%2oUMXIS)s24{;W6~
z91yHQj}VhV`%X-@-gB8iO@<}u!UsoaEQUb%aTC4Xb}yuxcyzGuQSqm3e~5x(XrF?E
zq3y<WofClSA9DTKTGvI&F`4LVWUFl*SBr1kdH5-vs^w^u(E8tLetFx@%fkBaww=~%
zZy5TOHO3vD4*J@S(^b;hHDEYPYT$dGu+c5wqj$pk-x;eNp75LK(P{5ln>IOls*ezA
z)u+5t&RcT?LO|Drx8lG;LWRwjg*NP>%%1V;goaOllml(+ZZZ$-=?ER@7a<VLmua}b
za~rrmRN5l+aOQ4Ca3n@*)|98|HAdrfxIX~z1<88Pf>6;o)niqtwdcJAk9`E%YCD*5
ze&h)IJEG#c#?&!q%T9)xMBCzj{@Cmy)d?4<8*&}HtcgL`lo|@XX2tWCCsuwf$~*Ix
zA4pOy%Y|#=CR;cR51OW{&DwcpfZx>TC8}wYmNa9^@JotQMe4i&4;AtxLbA4pdS9Vg
zTP}{dkS9}9hfIK@6V@?|1mi8GK885acYtNwAmn4dyIq#!eOkd&lj%{QD1~$!Ut93W
zxSMz_>oT!)jUCKfL*W)qG4|T83#j6nHiMLdR3;sA1_MvnIb@9D8lEz1@ZuUklpmZ%
zO-=Cj!>%#FJYOs0w;s5LUFDCnn8ZrE2|pOyvo~+=QKIuUa$>uTG7iU3)ygS=Wbx)m
z?x>QAU(@6A3|`&V*LQ@H1AYv;dJC|LnTKDhv)K-iOOy`UxzQ(lWT|@nosO&fkg5UK
zC=f4<#H?$S7zyaFbF%K^ShhkxNFh0{k0P&W`Uvh70~sV?ay>*WnG6v}fd+9(rqA1B
z`y2)>h@pUE{qf9gbiu-;ImQ8hGspOP9Kp2w+@y=Wo?z5pGodIx8qTAfs$0I^qcAnY
z<Ck}JS#S_WC(h18BzgwbMDlkBsMJdp_gF^qST@jeyIltZct5D<ivBn0h?K@vGp`J%
ze;Fv=@M|2MJ?)$qrb8spXdC|cRuj3Zx8bFIY0bQ9tRs+To>YYPLnKrYmQ*Q4GF%b%
zMluEEq>9|S=&>Z&+`2S)1oUlFh}P*G+9sn|U0$2C6`=`}Go+vtq3sH$pq$CltX)GY
z1qbtrq0Xq6v6^G3iDJ+@(>k5d%8UL|`}yN9NQu&l4A&#X(@cm|piJmnQ~mwR2}-^4
z2q5Vq%IYU8r}Dv8PWEli7fkvIm;*6^Z3OP!3^p6rB{-|bm9aV>5MmO4JCq{p9B1&Q
zNfDG07a7TQC-H0E|0D3o34u;00--I=K~J+Pp}S`r?tN6+0I%5fx=M)zqf}p;-yrrX
zpC-hU$i@Fiq~C8~=4A4n$%!thcO-Z+Xb#poll|-Fgd9a+COpE_%fSq+02|ZOMyP6P
zcP*~xqgfUT6#OyoL4$QEZet+Ceb;WMe5aQCmW=TEg6lmyrl%2d((-$oXCtvE4U%71
zRAO7|TkdBK`E>`y^~nbMInm?q?Y)kv5|n4U6AsGjL3Y&+(rYVQOOrN=01)VZ(?ffP
zptuHIpccus+~%@C$PkBG;GL-ho*u|O04r+zhgwu;o>e9GTEzCIh<y&Z=CQndqG_K}
ze|poJ=?{9YR}@}Xy?gMfJS_d$>1{zwf(TH4PWJ>V)0g1wdN4U5d7nb6zPs~pgX7Tm
zxPnE14b$(;>EH-0WuD@^Hz8A-H6PUCag_|E2P4DqTb(;d5++6M_9h|Wwz3WvZf2Fj
zzWD+r>}%j8Aq?Ax5Qe~5VF^7Dh7orSI3arw-NxW%@9*AKNiZnG)J(tpdi(M0);<M-
za<-;X{ZNO&Z!-^2;vn`Lojtho=A{X;Obsg{!xTH@EwLppgv)fOo8UVZ7z*7&YH3$<
zUGtmrT}h>0W18Rx*`qsV7%JN|(hgErzbCZLGbFEuKrAp+f=pYeLmtwZS1f;8bM#Yd
z5ED)eeq&7e6%GULLIp0wwM>3FRd{FB2;GYPh0R&j@zeZ8pT?8_Tft3g3j9Tu5Z0Mb
zjbhvMWbWdBMottK+{?4WB!aT_ub-52qlG$szu`AL!lO+7pL7RP$|e}Xg~GdZq#d*I
zy{<8EFeB9@@I<j0E?m#cVEMihVC^<;ffRYwl^IeA(&{>E5)(lxT>k$F@JYZTS(`3(
zU?}oXmV)f-t8H+dSn66)x7?RTT1dnN8|hLTz>Im_ybopgqOj-0AjSMi1({OxeN>WV
z!U5lHM5n9w)1ARghuJVhiK(i?e_AK3>ah^F&uIRIS5RcjK#^4hcCP_(U-san(>V&F
zlt-xwzDrO&mCIwGqR^+({2}=__{c{_6uemDFjY#Ez7zd6szv!!0k`jui?=EC-rT7j
zWT2}uBIlGF@!ZfHmGSYrQ<*|Qbcxr)MgcKk1M8TVixPcYqMWQ8uFb*65_)R8K|&0R
zKYdREV!CHwe?Xv5a<m1bb9`b`Nw@>eHICSr7$$}Oc1pxE310HAdjH@W&1R<4JbPKO
zb2hNvkU8?^!RI4_03F#mEoJ$P_eZ;`-D2Z)nDFU>87I49x!Gf3PQ=iP>pbhNQmqs{
zA`{GMI#uk?I3<&y;Je{`lehXXYq_+!D7%cLmcO25hZ59GhQt9!^Y_}?S5+~x(yV56
zNn4^tkw-=4?wWgwgAIO|a-McbUUMI1?yLCa?)8OR>VrzwYhC!5Q-4Q9Q?<(7MRyek
zmCD_blm{C?*jyJ`LM`AKnOFi)B%Wia-v6n2tV%hjmbZUWsd(!wNimh0!mC%xVW`GR
zT(w}wdwNZJw^<)rlEm6)sB@)a>CXMq;8}iJquvjpKxi%AYF0}5G@7hQRO)FjZ_nbu
z49DUUUTv{|CKqKus;{puAI~5g!>b;9!aola%fgcGv3@j=CtElYpo6o+Pne$=I=Gyy
zyfWa-2G(5Wz>#^Wtw*-+a?psv9#C0Zdd`l)(UU474mXA;L*^&kNB4EKSCusJxn#eb
zEPCIqkt6WW_0NeK>MH@?c+=4<!)7f(_wG{hHAg8wk&_E8+)J}Nt9(7i;^@EwGuJCt
zS$F_4>|Kyn-EPg*yYq>=g+h!dNJ%;c(yqJ~HX1_X%djh)BZ>+8N&;?ToRPnNRGYCN
z8;4VblIosPNCF1HPbkpf!hkVXWmao_L7P~ZXcO<PXf9RCf0E%M6iF3m$W^s}VxnbI
zlh0~NEK6R<k<P5hlO|An48cVhb^tf1$rsmm#vP?Xg8yjKkV}RP1kjK#W-B+B##6)m
z$tlP<u2lZv9BD-viPfH>@qlSg*<SGreM6D8&SYXhE*g)a^_<J-GZUG9W&&5I&i09>
z32o!O4CD^gDpGJ(FCmcWS1lB|c7)c@PthfL+5fK0lVSDv!Mw|#Sbn`h?;;IiVvdoL
zaUTrSnyrV$rEnJXfj|BQK9)UupR6M9<}cu#Xpx1zvc?H<mAJ6LKv9(9x=)+J0tP2j
z(9ysPqL~Avxn!(`7*VbBN14l@p(QC(?^wHFrxhW?Ft2x(fDl^mtwjGS78<F_7y_xT
zv;ykLcSWI=kE)@^@V!|McAK9`C5LlIPZfG@zkXzSU^P|w)uz9vor6YyZu3U+y~3AB
zZg-WEZC)B(Y!{T0>hkut_YUUyy1#H&W<@6;4ibb>2+tXk?xHRBF$YniVfRZ)Sxo8Y
z-Q$KEDdxT`2K#VS?bP1p^zR#YVH*lkDB7STk<sm=TTrNQyB}dZQtzj4>lOuCrp{~0
z_x(s*q1Ds5l%fbDPAQ5HIrA}99(6d@pvz(JWW<yZ>V{@hOlFX(OkVtL{2m+@a_v@0
z=ocB6Eq{?j&rbuvHV-CtKqDI0WM1DYH_T<!;7qM*8LCLpxq?oc4O)q%_0s-tv&-do
zk*eq)O-nJ+)LHbUsKv;_mipS1wOrN0j(k<}|GfW?LD#m9naD~B9OE|7S#pM^A4RJB
zf=xgE!^ru_N;%V<0+f^Lc^&5{TG9VL3fKosYEjP$j2{3+(t4AS5w)?Gsrk0QFLoN}
zv*Wm`b)SzkY@~qq6J8KR`td`=eQ6vg6IyqLgbuh#0KUUP@fI_SyeBwUVrEa8m!Xem
zywLIHf%<bOk2OpG3BOxKi2!3sG})1;)C*8;<)Qg4YBz2&e%oBn8Tl_7#}2a*Y1<Vz
z`q>8UF}g|qewzvJ0iuk>UiKRzHhuRA2aS1)@jSB_X3<R2DPv1Sc~|p(GP_apla>ab
z3n|E3W`^$Bo>O)}AL+-%DvkG~^}+gK8Hr%QPe}FmmqRKknMW@xVpYu<q2-9I8q^8H
z=!2!B50<poiq-(5q3iqU=AN)Y)HFBx_8*q)sfNsp+a3{*?R?QUJE)5^Xrdg5i;^eP
zT8<Us)hnCu$Nxz41@>C=1=K}Nn@Q?Hs<|FH!;EjlBQnOtf20}pq9zI_=i8$fEv|PB
z=Q1P60~XJvAwQn2!qw_6N!E6o)NbV>5*+$DnZa=Jy0PQQnSDm=$(Hi@^;i1kGmd55
zFg)XF2rTk=`O2w%ur>G+VCrKdm|@b8oi;#oW1stNYaE)B{%wKJ=hTKSkI~+!-N^Vk
zUY5x0B8?*uGb}Hm|H6y;mki;YwBM~~G0dN~1n)$yiYN7U6GPyML{=2$qh~V0Phf`A
zm(v1;#x#ar@GDPZ@;Hkzu97)prHieJ{xHEP-2)AlVtLDD0C9$-f{cxPw#bkT<947?
zcO+&I2XCvE#tM4$Psrf1r67WLgB)yR-P4e+wfN4hgsQQIRWUJb!~5<euNRRqkoqG0
z_=4f_KvY0>XtkCAx{<wi99G0ybT#++>@)f0USM!YPWt14jlXnYC){1*w}we?0*n|x
z%b^r)24jClY9b9?Du>jrc9?cAYynW8F+e>ES;;U(=D5$$rWU?icOxZ?qpLNFcuMgL
z^W(|%LGSGOUNZM$`7c`KLfMg3`<Oae$GmgOY1VDwke0#`opratTN{Uqtj?NrcGAy}
z;?t}^p1bT)r^TWl_3Mh+WN2xpS&G?C>8DvuR4Mf3PH@-%sLY)mtuRs(%F~;ogj-nt
zb$yG8?UMZWFAXo7-paXJ2T9h6fgm?Vv}lqpcKoKLa&pEgRHO0>#K>cF1iC@7X5<1F
zWk(A_vFzZ8V6L*Gd5;CW5)!g}th@E@CaaP<?f?can<F4S1N{&|Cp?aU$e(oDCW;&C
zjapLJOa%#^sFyS_jCengKbGH*4w`*8%Yj8OJMOoP)zB!){GYnKQy_E6HfO|@c7Kw>
zQl;vu{0zEKYf^^AO9U$c)o}vRFN2gdH?t$XNxMnAt)Kgk8#PO2RM$L*zEtzR>!3Qa
zZYYRKIEG}~EgiiFJKqo2&yU^P!}qBzSzCr`2D>fr6gNPY^?FIplmjI~gGg$8Om2_j
za}-ZK35th0ly23EJ??4~-ncz|cgM~CZGxgq(%C1CC)Vds51o($9BK&l{uq1j)m)Hp
zHLsO1*MURKQdC7y!mXkH11>&GSi_xHBykF`YM0I1VY@Z6w;85<tu3#8Vf8H`8Xe+k
z(#vQ;V9L4!ry}<7FPe&3nnr=;%|4n6<CbR6tfyb8<`#;InM5~pIYaZ=GGe)|(=gRI
zy#h#8DL6$_A*L?ZbyHmVQO?kX>I+x5sMco!lC&89qa=%Jf|X|#;VuC3MJ>w3v~vSg
z&2AHQohe*{y6Pty0~bEOP*5m^*>4%fR|&Q_|0@IbH_|Q@3eA@ol}LzpaqJ6+6e)JB
zfK$3Ke@C+k%XJ06F_QeBys@K1a@zfQCt_gNm4=%%Y45iqI2M+zQWcQY9>ym-14>gZ
zqAhy~AI)$<o}!$-p<FGIMZY=gYZ16M1P2n6)$)@oWd??@EHCs~BG`(TX7!vzZm@#n
zC&BtvbbO~La(svTlNP7oCA%0MMwYXqp@kx|cQkdgq`mAO^QtBK2q%dwvD-w>v;hy+
z-K<UGo>zCjfwnGEhyOH{U2W^LTKwJ4!)BROEi|))R`N*-2Y&h8|1=d9j>j__rQE)Z
zGui}u0H@i1mjv=!Lm9)YI3xeQkX_4XlcwG*>3v;#!+az%TEsH^nt3muaGmV?Z$8pW
z7XsQx1z@{EmPAt2o?3fc=E0c`Ds6{O_*mbfJ%>1>s2QV&Q_EeHZD#Nc9b)bYm;ML|
zJjce|=xhnVnsPWpntYYPOuq}(@>CE&+zN+5xoroQ4!PzI;3%0Tx21VO&%5r!IpSV@
ztY~$wA2)ikUXP(Y=RL!7HzM27|0|%~o5G?@EzpkQVL;IH(~YPv)@}^D18-Gq$qGrY
z30$TmsEU$W@YkcfG^t-E@jiLsb7JzK%d#X_pUn^ZpAbJvdDd68;8AOCT=MxZXv{#?
z^ql1Ka=u?uAUy+12G(;V$Gd1z`F1q9#`tuV`1~_YirY(QMNY(3q+^}_w{SmVN0ec{
zCbQlBPau9Dl`H}?Q8cq3kS-1(A1Pyx-gyI~(GO)0Jk^CAU!#jnC_93yjv#h4yvH1>
zN$4MX%M%B0XiMotgyaAVgf2h;N(P>7C>Z{y3>T_;R`3|!7KM=~W3DJ~mXcLQrTEXy
zL~vo9g-C21%6@)kgrT<j<Vt>p_;5gV;`hK<Q^93vXZ61F@9LOZY!gbAmLEk%yO}xK
z4<<EgUBisOW5p{vf^<d?wk`L@%u2nPRaHyRiwfyBzr*?0msE>_By>vj2q|e*!+Mb(
zW4Ro;*?2lL?v>t2s?3y8Mtn&9^8Kdl+1c_juLr=b@B7o!vk27Fw<KIM<ph&`)8WdS
z$VlOw)hyw_C+<$V=TDQF_9fM-Wwr0<o!=hS^m;!f;peLAx<MMv5-5_po4WxzZPL9-
zJ+*=rrJW-$>wOH?{`aSG<VOb1bbd?B6BO%SY{1icD0_lEaxQvY&$4>J<1SQOuf<0b
z0+F38Lzi~W7M&D*rVE2pR+g_vfsc_W#FWgqKnR-!<OxP6%raF37(`ZScnS>pm{7Q$
zxpO9eu`RqSdwP-(cgYVuK?HO0T_0{)Koq1})a-#*1s`NBR)gE25sVcL3@);+JFtLj
zaU~2({as0x_i<aJYbvY9ftjp}4g78gKK%7a>xpipU)sLTb}|pyKfzJ|J>|aOGT<U6
z3ooB=ZxLAin>s_VvG@5kQI0+iv{;uDnfzf{zP=APS79v&9pBqao+u<1lXecE)Vh!A
zeX!baNuL?B%oVNAJkAFnd*+go)$mM_%%e=LHl;JT^aORFx|Yi)a=;PdC^fc;oUCOR
zK`lj}p9PYT+t9`cDU-FF_*V$V=vNXu=`NcK2X$H8yeyk^N!_d}w{2q*J8YslbP&T(
z3__yFm`lEmc5A$+Ub=%a_T2!J_eFQ+=L<_tWl|FSt+=`k{UQ1=hs`i2K=&&Y7v)CJ
zzU(Hqo3w+-)uAC5?65wsF5=X276E$FD?;n&)6a+Zu?wD3jOQh3r%G1tZoJPB=GrIL
zlXXIVCf64KhHt8vMNr+@f6L;VH7NFv!|%<IMB5=qW=lSStS8#?OiNLt4|~EftZ1M&
zq2il#H}Q?OFJUwqeKMR9-t#CLF8bvtc{t0ck-?(fZF%4_YVgB3tYjJhgFX~<Jh#Xe
zopBVPmX$F@pM>hiFZQo_+r)reM3#mUUlS?4(&2U?L^uEQTw|K6@e*1_$>lli-O~xA
zZ=v7Wv0lPcn#=SYK(D5~GW6a>8DCEFeuK!~t-W0yam>bhNom*tivNc8K7Dnc5^iWO
z6Ck_(xXyscfyNLXBwa~g$^HhIaLj`vGS8^;8qZA&b)xv^#T8wh(6MWG9y7z16E#C$
z@m?HlE3xus;Cxm^1~RUHAmb8OV`=X<cD4f96l?p#6FnpR3cW>7TJ(92W|dm_`Cr<2
zod!`?E!LFGm%S<L&0Np>Uf+gNhK(KLA$0+-@lu9QPY!$+o|fdy7bC~v!(b!7&5Zmk
z{!~#}UMgGaB^rHdwGr0s(Hf3!?=SDqE&R1EA5$maNZV>)>%*EEdpD<+=g<O+!R70a
z=`kD^>j8yVsRs)<Ie%{KO0dWLq|8Jh#)6CV{_Z=yWs`dhKVgZUWMJ=L5)peqf21QP
zGL4{``K!1I)e)GsMPFXExa_wERtLymV=~!oBap$?hw@A%5Mc$t8|}5BQe`Zv*fW_@
z!qq9%)}zVyxbQvBY$leFtel`n=lMfhW96d`H=siP%~3pV4r>gKDq?4>W3{LC2yZJ%
zH<giiJyh*=zbP7=uPOMa(7h8>ejPzB->a9I6Ej{(R_Jf%@8w?NBHRE4yjcLrpCzEq
z9>){Z$=|8(C#fpFN`G1k&p!m)A5`P(=h0>(1}F+?NjD6H+u4qi=y7HbF4c9hlC@^_
z8F9z>nlx)r#+p<G+f-o>n!g`R>SG^1o8chuUf@j^d1Zkzg64J^V@<jUDM=scoYivE
zaX|<1p^p&DsWuCq43;(e`!Ls7`HZJAU5o@1$|JecBAFx32IAVVNX`XI^~5t?nj+|~
zc8P%O8Llg>*xo|5w&~8v#?byTucXN>+5rb*u<Gv=6m;VQ5c$0rw^8Fh?pJU)EFN%e
zyKr1hRpzatCe));L8B|-wEF{{VQ#}2FB91>(Nwi+ii>Ibo>*DXm_iPP09<a4AX{?m
zEd{|W<7r%dxp^w~pq^7iL@&*l5eqiDM7$wumVS@9hG#;B{6emwww*4MwOxm&`DSTR
zGq`*Md~{@dT*To#jS>Ar^kGDVIekMChUP=_^QDoWF4FMaFp;6)`y>HjQUX&C%;TR^
z;e9`sym0uYgli=s8qx-;HQS_i7B`nw&f1n2>c{NHs#B8z#I8-7+)}BU^|T4C#%dHD
z+|sU1hu-yE9hy!$U-g2EiHlyNBxhv{o*^U^fN#c4Qt?eDXDq%aIRdiucAusSs_j#w
z(RJ02sS2uZgL##LI{jj1F51@sTa%h@j$w5s=SXHcrrk(zx~TsuLA;HgE(uvHzzFv3
zYJbA}t9(aO!FJq<Hz9Bu-CAk;mJ@;;me;>yOk$3uoy@KV$5r%SWkfVrx}b7^3YHIP
zEbyBkW`@xqYRWlwpIn9<l~P}Z9$8xTzg@y(gmjC2@We6Z5yzfD%dz*2gD9s)@AFA(
zm^YF<)T~a(tY1ycBw&xD(|NMJVHFT=p$C0)k_~0E)~DYKN?b2@n*bd5^S%uCjg_~V
z1tk<FSI~S_Eewf8smBta&`~KO2ML|8iYwQ8%Gz?2``yH#go6Glv2ISO;sLHs$?Uu9
zY4Wm#mG4OBNjf($c;aY{EmzWwGlO|?YLmt3v=iqr7@+Pv@5eNS2vl<o${L9OIgkap
z8^HxB@>1ybVN@XI_R9ZYmi5j<V7AYS<b=sO=rQC^x--gefaZeL6fWG=#;#-xF8Pki
z+=zkmhoV-|ykAT&c4AJt^QJEP@HqG?E3booxaH{hDe?_yWEul`mmN(5%NH*n*Ne+%
z;6g6@(bk{OZC_?4+!8+|OLSLu5Ff_;u)=q@-9yatm&MM|!5qV1(^{5j`+~IWo8VEp
z`>WjYpNJq&X1LIt#!LEKRBS`lTRf8AFoqJp=N(%a3EV$!V+g+QPA+VFMLQ^{WGY~U
z;8vUQJH3z1vXl=fRlvwlxh1Tv;OCt3V&`b8zR29nC)Pg&l`Lurk19&>QlO=|gN}to
zlq_b+u@5U%q@6QH$<kZ2rb(Cl=Vkwtw9_6dw-hR^6)5?rN9Az6|Mf6q@Gok)q!!qC
z0{PiAukpO{H$y>8SL=uKdSq4F@(3R-&rEWos5h`;*KbuhYy<}@CSP7(uj7LgPoRuE
zdbZOjf?6{yrQUuz!tpWBbn;jVBGC(|O7eAx!Yka2ug-=!L-5Ds`xWc3BjE@VZa*5+
z_&$+!JlI}1-9BdyA=3Or36M}VxaTLhL2R?ZE9vm{k)Bxd)(z~9SK2vgD>kj5w9B?@
zw4*92Qg>mSM&~(=Fl7`^b==dgi5jNkTkPLINGY|D8B7iFK(uQF-OA|e5Avwzr{&CX
zYLU;PNL`{7*Eie4;3dOim-^2?f<`|Vqd7=cl@f}mBbE}p!5P^vdpJy6k)8k<0nAY9
z-ZT-1Y5Rr3p*cLg13!cVE@CbB%|NjVo)L?Kj1>&gn7(k&_IEhys4}BSXzi767P|G&
z|0OoMY_)OLCOSzgX-E2(S%yUa^nOPeL@EtW%DV1<7)k#tpZ9%Vu@lPCVWOzg^oMZo
z^n?DO5lWppnKMk+1ho)#?678js?nL<e5;583A*Ra10@q*K@sU-e|4-hZ=LvTcg^#k
zD1CUGhaTfYr!e9WLQWST`Y<mhv`cPCMYE<24F4*_$tiq6#m2gfrkkB})0?)li^c&*
zQN@3hNk_+SgHek9r2LQe>_TES5v7g}h%#kWW38EW(ap9OqUy0&`20tiEH0`@ssM?N
zwi9uG<vZR7Z-;&O`Q5g;4l@TUPhvquJ+Et8LzMvRAPtBX_+^!UMb_P4@CF4@#EnW#
z=H%Z59sszsyXY6d-L4~sn;59c>BQ=(J~ZSt$m>3E_V1kIgp`0BF>yb0r1Y0DtFm#*
z272<kYiKbg_WR$IyOyD@q0{gM(E)r!Wt<GAqCxy&%;-qS@P8%6<q_mddI{izoKcW`
z^*f-3{KYJ(4EvGkdHQd<1)4eQ=r4bhf&~hDbM$BrxLDu#`x}V)uJMZV>U-gY21atf
z!W=!>(Laa0+Alv=c*UW=-GyCLo>6RgayeI|bue9C#MnOMMA`mFTb!*xv?X8bjK0OV
zjA8>VLaJS5wyM8S3q)Ji?#i1NZ$C|Xt0-)q6L%K>b5lF1)m3>~?W(&~Hak^!zrzQ_
zZQ6#B9^>q=?CG8PGgvo|Hd%IO_qMtwLbt1N)ux*yLgLDXr57B_9lwxE;KhCmm;+sU
z`?-0+or<m(`%sq<CLdS|G%2aE$Nk1{{#6SaUhV*fcT{55qjAj)ZowOLYNH)tU9Pt+
z_VXr~zjNYmGwVAUzD&zLVNv{Q?)iqwbX;^4K#5Al>_}sPp_#}${6xargAqe+VNO3J
zZP?l@16|$N6G-)=4Lt#tH}0nFY`ad&Uz-RbsIR9-=Ft*&m?T(d$5<)H4>4DZr83A^
z{dr?T7wl|xlUj9X$wm&x%HxCMyM~n17V?;;n*qf*y+P_9?Y>GhQ$k9hrkCsrff=UG
zXg6I!QzNM!%bcg@pf1_MteOHnpiooGX_Nh~*CgR*bC2DV^0{ycJeE#f*JH6o>ZhT(
zs&LWX*ryD_`L<9ApLzPj8HOl-TS;mRJBJtZx?~~bS{3y}fJik3Djgrx_=|H8k%$$V
z8W_WS`b#j6^Vl$hf3-dGJ~NEPDCdr2ELIo<?t>W-87p0KkX37j44>C0DoKjE<xSli
z*ap=HrH$n}EE1aoSGbw}b^xrmsl(}>yFIgM!$F7pWxPB~BQ8#YK?IzEz4J^#GanTM
z6f{9dI~vhxEi|N_;&koLPtfE6amrL98PlYB_w6Zf;~Nho>gF?wXHTJRsVP13vo{F6
z*M@+aqK7RUZ+coExoxWnwsg7{NWC8puw9bZE_vHl8(b#iuG$sYAB@pn^j5>z6M!7;
zx}_1oX+^6VU|(0u37!L=6ZmyF>FxT->GA?JvP<(>a9Y#>$<f6tYM_9Tai%H)`eT)>
z1lw$@=MByEYD3*|1xR&1gGL6+n~?E;E8Xy<fovClI((o%JNUi*^}5vrHo3Kao9c`I
z`m$v;+mEBAI^_FBZ&n;%F3FFI=q*m6IBJwoN6tKDQ9$@FurQNj4sXoJ1s++!a6(>(
z`X_Ht1_LGOpfE0Oij-8UPTPP||5%k2^4t_m^~fzGA20&!MiI#$&Jsoe=McOpYNZEM
zFhmVDWeTpjSGO}LF<4&rR~RbCBo?K!Ef!DzPuL45x_?AQEnAXXIU6Y5y3Cs7z!G8r
zTchowjoz6x3WY5@L$mWNbP3a6BH2nCXZfu!c~_Jy3tD#`i1S<2&h)rOB!n^OXjK$(
z$|n-4C*qqsnP^k^dpfue!GN4!X!Vw{Npj&$w)yZAuZbIUJ{w8!cXs?6&>&;{n1};`
zr<0i@Zszj!<G;GA>j3h5^{K6r`KK_Vv#C&`v_(Io`_{^PzWiafw4VBPG(J#8z9-$x
zUO>UH%TY2t=O5bEBTs{K2Mv)f^T+4?NPzg`vicwqK84phmRINF^1xpihL!#zt9mO-
zz)o!$JRzgH`{3(ZrfFOZb{|p1`2z8D6VDUEL(-^EAgD}9CrdeR%6*=4dw}p&fzHs>
zWldV~uPPz>#=HAjPYU<}u$cfRY#P+~t<3ptv@V<i1rRG0V2>ixmkl;dLHO?X!+Bp-
zRA_<30OJl^^m*d;9k<DjmzzLSJf3npC<ir8ZD*;~Oc~R0=wsg`=}jd>+pGF&7jgWC
z7KgCkt$$ej`QB_iso85-|0ZRiR3&7c_wyHaXX+Fs=2pmD7H0Qh)Hsul@3`!a*iYZ)
z4QO1q)a`HWf%eT;xYS)3><h2>O%MJr$nqs{zdWA#{o-rtBrThs$K5Ym3^dnU2>PeY
z6VyTL$lx5*VbAg6Y}oJ1_O!|#9kZQDVGr>D7uf#V5W;w}sD`fg&{-Z&J;V?l(w9k|
z=md)jdZGcXo$VTb*dOSY$o|Wy*G{1I5<kyBI2@{{`*>rUQCSdMv`>0n&v1xjO6IP*
z#e>QH*aJ6%sf@x(&Y}Z)^n_0l=6Wbi?M5q;zf*{;`S?HMbiS^aDseTmf>%QxQQXtz
zAN`%KN$3``JV*9q&q4HLsQMb3cG5WU3e2&p27qcU?lB^yjx~g*AVPA^CVyrMPhHqN
z>f#{iEcP(sh4Qx<)}V&6tM!61dm=3eB6jO1h)q|^TH^T=SqJKsEdUD)Jiq=-#4exw
zX?(XxYH(o)ghOM0(JDtq7>t|mfvYrcKyl0Q=_1?WzIjuj`l@gBoW9zEaSpewf`m!z
z1sv6K7o0^1ksqYg5JcZWJ35Sfp)NbS?mSZ7QT)(!HSz6+{zB#6KTtU$l<N;y4h-=8
zzx=p5?pAhUYN&xx|9lwyb(g{s1NOF%KU`_h`9arjLVn|%VIVbzIM@SP@MNBnWzUHv
zLaikinONu$&Sd@)M4ZBK^yXATiGzU?jv*kUpU4Db$!jS`COvw0XVTg~m~x=NL>*>_
z|2xmbgT&@$*~ZJ>biEJr3{6S34Qq7e2QRQ17FfM-nGC%A&fH=8$=%f^V7lbZZralL
ziO<?$QgjuuQq}e+`5+Z2OU{s?GkT7cyi&zeVjZ`FxtY?*^rxj#Oz&5rmm>&93azRF
zovYAhZE$C^1vL57=|0C!juDB|Y!B#q4GAx0oZ1(o_MDG)aDlkaHY`Q_&oc+mLWe9!
z;6a^<6Cq(<NnnhrhHQYKfiS6S7QrlxjDP?_SG*B{e7AERGyY~Iw02J^ygkH2$ipgl
z&e3z+YjkAl;Zs`1rMxIL=7msW#$S_B6j;6(Ut;<uLe4Tg+Otd8H85GkV-F;CxPY)O
zB4i7A1-|X~dZxmlq={RO3<uuW^Qn^504x{xVs&Zh!ri)r=Rt9zJ#BE-E-y>q4NA;G
zbh$Cp-JUrkH#uQ=(C>sYcN}7}3;ggq_VpHV&PZyiWN965hNjW^b~hiEkXVFtyF>d^
z65XI%g;)s6pjw^6SdZQGl3j!rG_#N?2pBIsoCmgXm{vwul;+zfl&TN#zQqRczW-nd
zg#iRZ{`M0KWgr*|2Eh=Fl%RW_zdZ<sy!`EBE~eo{0>@Xc#mIW8)Xv#{^ghy%FEb=;
zrzULwmm|lq$qGFL*kL0yJEiJ^lH|p``fq~)y|rG$z$H{Y!4YT{lbnOUU}QZ^7H4MZ
zHcJ3}`Mp?zBu{%o4@0h=et)+UP5Wl7kWNz~0vZ6WS9F{XzBi(46JFs@S)w4St2Gv;
z%R;7u7v}!USP^SvgG8!tsXYzXVbp|vloeq|Mqgr_cXXCoU;50Tz~Ucr#3-}F^1p6-
zW4y~K?%fOiMI?quyxl?8N_=gE)37wqFwOBn!`Obbe2Y312Ux3}bRqPJC<~*0R@1k}
zDM5nc<SsUYW7YcG9M*mp;FB;ysc1Q(p<{4}_m3*_^g*7AD&mydaO1}@wX`<@krC9x
zX9W#7jn+*w@f3ovOa48J{<qn1*5jw1h=0x=;u-Z$zi|b2B;4N#t%h@Vji?|yS9X&G
zz#GLD@lz^L_!bLBclimAq9-6pWDmK{)p@Y{n9%vpIFG*9nM7y&E|sIk)%sV*ha9*|
z^6+q3RuvxxdX5Skhr6>lf~w%WPRdm^u9~>XzT;&x*`q}hMJjvC;nridA9c0~o0j_X
zPHE;-=fdv`%w*R|h1ZWS5N0-%Z*Mz0V)qS`#UH9CI8DoN%W$XQhR&_#``4lu#k-Ht
zbxU@)mh~0#XLBy%=YO8=+U-A2*KKtvXxv8eju|2Ktkt&#5z-CvbZbG~avQf@Og}m+
z4fKAY`u=B#sF#&L`mz&Y>@r~VItW}{u>+3QTB3q@xT5ORbG_y`Tkm%5ugk(wgo_K}
z$V_o0`0J9cxfS3;`)Rxld-J&JvVJ(qf@z|2#OLks5<<p>T5$mLug|=k8?Kc6hA<uB
z0z}2to`7E0bi4op5iOxx?42}w0&)KU5<bBMQC@VmJsT%fL6cwodlRyK)b)vQKM}2p
z-8U_7?;ChBR<T?V#0AGEeP%NIVCV&#OXa$9eE7Hp-o&4?-mLpzA8-<A{d!hoe<r>d
znR?hyujD!y-r#Y$P}Me2I*Zan?@Gjx?nXD3Bj}jFGB9T#XZPM$=KJ*sRwCf*2-gHo
zmn3zQT!KKt1q2fG|AB<ne^;k#Rowu(x_eN#aI7L+0}-P8KUb$KhW*Hh;7V^bjg8m=
zqIcNH9oq&FO8_krP1s*5KdL4QMBnC_%gjPkcJ>+TH}sI(;5-#;ttEp}%yyI__#tLZ
zz{*VecYkF;vvAE6XZ=*Cyk&k!ZyVy5QfsoMq=kR79DKy7Bf?e2br7C5f~6}D#|v&o
z>^6YQ0^Wxot)kfCq$cghPP7S6GQ5$_p?nU*WM`zx=^Odly*S~XsR+k1|7#WypR#3A
zqqp}Lh_ow7Bt8jg`KB_j;(nxI2Z{ABKq1$Ia`kRQz%Iz+^Km0=%`L5ZDleG~07Y76
zx255)XuIX}d?sL52fx|%HmzhEv;*q-6Djwf@@uJqC}Z$uhlP(cPASr$G(C1P|9!=_
zW~pY!+_W<5MRVcmMYF)xuwu!~{cBCVM^i4K-3V^mYl|e0Q8zV_BVSlM5Z|3Q7$&qJ
zKs&rW{dU0@gdZ2hP+uRUQOB&#rO+*(9&fR%*L=`HryL{1^Rx=W|LEcWY)xlQWbsUh
z^Bu{OPYPRPdvYA9YFQm_l(%^9Dy$NBf87jUfi(NeDVrHzrSWF2X2QTl{2Bkhj`))r
zx3d==5}aghGtd*7?|B<tZ)BgLyM*6Nk{BiA+!)iVn1|zvUF76Jt0UId^nZEdte)SH
zHB}}2Gqn2v6AuKwaTXO@aQ#ExI3b$}-wgeF;S{_sN7CMMqawaPA=|08$=DZgR=r|_
zlD{k=e)$OJRWBA8I{L--oED9%Ozlg7W+DtoI4C75e9q%2i6a)GPKo0iZ+px0A<%68
z*b%@Bvh`UWs*FQl+eydlvLud;B_blSM2`7;78ARjO>pyuN*SE7NA-l7WGPBU4?y~2
z+|N=3)roXIHEonPMd)75bBq5|u|kPy#Ba*cyjon{#eScI-UAY?2hHQnSm^}*+=eFK
z7J9Y4M;_aOgHC>~#N+>@-g`j=Xw9YZ=I(7hv%Z$ZDIW8Y%2a4ngel$&|Mc{Tvp#t!
zKo0h+-6Xt$4>31yqHMO6KlNOwZsBfvojZ;B(!Yz++sQSU7!*K{IR=PVwN%_XSvA#j
zEO<R=MwyF}FFnsvMY;~@p##=}5XQ%BU0u!#CQLgP$^Yg@HfqFe<Ho69T}1S`y*@hT
zz7E88T(UOMBHxWsrT@OkT}EJcCe%Av6j%=PBrIlpz5_SwM7EK6GiT-8EbS9TQYtTB
z(47076<qM3+FC6<{j@hTTXGz8viG~cN$0BH@BVKi^RaJoQt6efz`V&$-rt*LoJXan
z=yk1iJazWx-X;RhP81~oWE8^^=@M|SFKlRv$Vf#yiDJ>aQ(V@5V@Q8+I3){{L@j)W
zx$&^LS^INv$xXW&Y6PQm`fuL`6m{H>GTCZI%R;+WC8(*}Lt{xo({Ufv<Nj@?5a@9X
z7X9Wo`J^hWH;#t|0#-{F#)m=eXXBwINj<tFhC1;`{#$;+a64YX?)&!2q9%1SPWiP9
zPaPXePo<0I4jUCaq>c&k4IIk}?nAb8o4s!^4H06ftaisFbT6TvWQSA&uR9Zr&OO$h
z&~S>+>#(F|LF&!=h}nt6x8ud}if4^B&SBBz%5$2QPUgQ<${$KsjRBkb)7B5%6Nj!v
z{QX`1tikMiZmA>d_`kgPjFuJIsvr_w+i7grT$+}Q4|}X1RuR=JY?Ti6^4*fY$ahNv
z1*TAlpnD`|&iE{G4*kp9d$}#0rY$R!t=JYwZJyG5fwC=Yo7Kl9GvUB^ZgyQYH_Vvk
z<=Qn>4M0hSjOqP+^&&xO`-;_!xYcyk+)!%Am`UzC)g%&9q3$`;q-7a&_G0buuVUAG
zarnZ^Qk@1ZwFhx2D?~gIpXKQm+6TR5eFS?_k?pX7Dhfq6?g`s*Yxeoa+D+BWdFu*i
zbEXuR)ykEbCR-hRTQy7O-rSKGkI?g0Cp|uPuWVbjGt1MwHJh>tPaP#MPdO#TRdcqr
zD$gaH`U^OsZQj{12*C^hK^)Y<!}S(=E<AHT6+hO432~JE*O%E;woE_c5X>jslNYej
zekpSpdU3O76o3PH|2`e<YG|05yxetCONn|GgltIm+g|MnRaQUHIrgO&AJM#MLFqoU
zcs|octiqz|ba*-PUz?}SzXg4b-G<+Kn3FF$cDDxX*(_6eSrkjOt%6(u5ISV|)=De_
zOT{iVih4!mfBwyS2DxaCa?GmtDxneEt;a;+u7am)MgVj7(~jRx(z2FozYy|Ah>dMB
zsTEE`GDdFJ>aIMaS1~;<>m*Y@v56?&$GoRlt`DHMCf3$KeU}%Q_Yp>b@&U`xE!tA-
z71N2ld3aV#Om}!T5ew{7%=yZk(iJoIG|V;A3H}ByRcncfN`t}ONnkVW)-nJ@2QAyn
zHB|avl1Y(dl;xGH5=!wVd(OHVcfV|2iUv6#Z^|S7vgPVFkchc=YDw?2jd~ubaCSwb
zW%;7MvD>+<{{KB*AHr=6AoPBk>IRkO*nD{F$$fe|z-82QXM@sv7w@<C+Qzz{NG!iU
zOmYbl{%e205qTSF#;RH`-=vf#yP;VYOB_K{N-jcqUnKgX><X}#)ae<e?~~l_!y4dj
z{tOr$c$%+2;CoKl@9jERlcrG_z=SBM;?yg%i)L;?A!_JP`>q4k3ysc?dyT36SEHI?
z*5hm^gmymQk3lhpfQ@6>UPsH-r+>+H-P<)f`}IW!vWTVA<L_Os2e+mrX3y8WCGQ`}
zK8Rb+ZRW|$9+jhsavjp;!it!Q<xp&AL9eP^*HNrUv2mEJNW~FD2VBw?xVCUmC-F~k
zGs7z1(|{x^48xeQ$;&J{(j6q2F*!MG&y+wMr71Z;M0Z7yYsCUyAJJ}=t0s)P;LIv*
zOT+6W26yF|L(|$xBXrQwW#R3e{WlgLhu^8_Pl17IR_xkPK4xsH<%5LSm2mGK6k}RC
z4O_ptY=e#sxy7-gShf-4xSnyp!7H9SzTu)=6S>HAjdePZxayrmXqins_QaQ(5Ba#=
zVow|FT%<m(GkQH_qK+e*_qYqhN1?@cv@hakYW9-XmHec8))sW;z`)YxZV<kz*0pn6
zMO+;5b8D@Fu3<}!KWm8(f!^|pz|gNXW`W@p1OF^9BEb^);^F-17?MZY9xiVsEG`OW
z`EDA4;mVqnTa=8tLz=N3p_9`K>r^U))bx8rzm;&^U$>DutS%#n0Pb5zTuV!=F^>9W
z@s~|4sdh87D2KSBNOB!3q<p|Gbi+36-`t=GL~GD=gME#`xB&^&h;VW8f$r_2xb2bT
zRcKOQYH6|b1eG97(E(D@PcwD_zbwtoci=8lekDj%BL_VR`)8cWK~;=F-L+#=Jox1T
z*99qiS!N=#+oabUJAl25f;WQhny=rTgC>CLzc<hct;IeGw7W#;Qx?RC1w?|19tGv#
z!O;^%Wy7~*qrO5MyQk7cd_|G{5GS;+b~@0uhLu<mFQ5%)xsW@$FuIjy6OT$LT>kMe
zg+hE>*z!)%sh1*87xVgsph*?tX|}9wJo=JrMijc@TUCiEda$rlsqu2HilW_%wwCyW
zR+7TaP2t+lY*H=Afe>Px!1Xi(KU#b*1c2ahs;e1CJnh9SU%j0tGRYGeF6;@hRRAd7
z{G|)ziR|3moJPHb7bln;4GO=k{lR{1!GQj2iJ5s2A2Bi+0SxXNRTUO?@KI=NIb1m@
z4eM~pKZRBp(8%^Q;^YtMnk`Uw`(AxN_e0JiPW8j&);$BxOV6v8zI63p?u$oYKR#DL
zm?8I(&p0zqH8=J;MyB(pE@|u=*vxw1paq*wPYkUqujBgur9TGK-%9_nmU3eO*t^~g
zY;R)~-k<7{a4!K2KlicI-lpH-PNy*)zst(*I@Kp`j*8yWj%w0Ia8pO&a}peBlb&3N
zI_`%_J^3Jgpz}aNtPsfzOq@DmgfjtIk}CG>XYl-M?_b$x!r{->FHcRXhk?1*o!?Az
z)MKr)V0{LZ$o#g`M?I~t>zlvk#V3`NvMn4mYRpWvj-@nk{p1)=CS+UGIKcjPEwpj8
z*@<T!Q3o1aVgQ-bXq?LCnHQMIN!2X8IQ1X;Gb5Iuu&dJ|8Bg`oA}L0*8U9JI=rjtW
z4MIBUFlCxl*)q{kZG63kO3w7^!FL(S((tY*#2RiG4;H53Inmop+cHo4oy*Oj{xvf@
z<}!SeWE-}n%;<UK<t5JKsZ(b$DfLnGiV+__zm%;)UB$<0q@XLET@J^`s^taFD8oEC
z??3z5yM=%z;kmn!W-t)|nI9_|)1s$1-8E5;y~$?kNgXQh|FjZ(1Ud&APRWT3JA(i7
zE7#W$4vC8(Sf*dV50}tPOx#0hu=`;96gX_dZLcM8>ET!kB_t>lRD9|+AUf>bH0@hu
zd>%(-cALMpbkUh%brEOp09j?(wPo7;`%Br2{q+1#o0R!ZFg81+(}zvhE{`bU_8;SB
zH)T=>C{$x;@mS)1j+GIjZ|nI{R7fP|?b<Gw`c4;{_Ia5Pe7MRNw<_URC%v5rJ6@m#
zkxWgVYx<2Xi)ZdqPOyz<t9clcE)4p!vNaV#0s@6d0OlWvU5DmpKiPN9621t&AC-*!
zX641@Zbj3R`iXl6pdi1SH!|FCKru#>yEb)_XjQQe;%CZ)0EmUXt>=xCjo_}`UCXv{
zZA~PjW!J}2rmp{_;C3d=RL48)VY=V2nF$JV`aU%<C_S=gw#D8oM%Oy0>DbKR8_Z{M
z-B26w1+>3}al2;qqkFpQKx4iRNgc*H_4uJV`4w(MlC4P<+RNGPa0O-$_10VVkiGkG
z<@-8Bm|4?61;luM4b=Crh`5`8PTFmsE){OVj0|4tg4gLrsnpjplkg0&p@o~^@=uRf
zcGWMd*Q(Fh>a*&0E<!chw9;FC*@KNK^v@HE_lqYU#C{8tolzQGp)62>M?jpeh&+f#
z(i|UjkZ3y+@aOY0E9G#J@$08VWL}~$r)SAMWSle719xFkBdyY00xs&WnF`+WXc{NP
z>do#uR6e&jH@&20nLIV&OqxISc}?x)F%#fSeB}9GbfahaU{f7X6qBFfgby@){bIeu
z=`tJBpio$j6IB}VlJOS73Eq(1xb%lVwSS%bGwuKFR46huHK7n%0#7KBh|*&V<G1@x
zjdM#dyX>Q+LePGi@S<hh>7ue(N*FW|-LNxpBp!w(K=<GH{R7zIT2{o;A!SA;fsov<
zew@bt)!SJGWzuz78j8Z*3wL*SDBRuM9bTkxcbCH5y>OQocXy|7cXu1U{`-&VnCOX#
zzM0I6%$0G@zR1YDdDb~=BUtH8HX}&W;czrS_fh0esQJkWsgD!Ehoi?e+{OP&5RyAi
zB>q`5tEO8Q)=`kKyu^W%tCM*?UTW>SsLFR9D{4(qxxQ#o{ShKR35)r?iRT5$^RmAw
zWIPo|+U&a%VX;u>(;m{E@+n=P4Sde)yz>|0=9R&-GL!e|c;0_Ky#2(`CU3Qs(`)Hv
zEzzf+WU#Xzd+on{?dgw8@5)E{_K7-*UD6ZCifJYWGgd)<P~a9X{h$!(9xZ>4kO1E{
zRVFUux)(Oy-wGr#V$OJ`y^7uDhUQiY+H6|GtFLSZzV0<cYqC%RPJBijT^p9;96Y=4
zQ7kr+D;z|m7Mxlls22Petq?rdnpT}6s%%6+WW9jbnxt(NNJkZ!?u3y-owISKnYs_?
z#KhgY%D%J{)WK9t<3GYFiV%^(!7mqPnep_9wSIk%MAGmKBW;PMEA2a;5A74%h4*x6
zlk^1W9cu}`c&G*9##w`}+Biqq0;i!DBYU2H>QlfH6g?5PbU1@VecXEs9MR1CetNcf
z(ik$kSB1zCy`eOQQv@0s;A=cedv2npZH<Oc#<q7k8mN1-;dWNjCv)EFs(Q6N2^q3%
zqJza&>u%s>BoJzWmu-Ps(5hiPr%g=l>1wcvuPEYV>+{V^RqJyZ*8luUa55mzw0-?b
z!)Un@to~l-83tplHBFrpw#RYd+nS8(#`xQtf&7?*y*CZ?yoAmiZS==qkOKQLtbNJW
zX4CLDzry!y%v-s6mJqG-6%Sy7{NBq|*!Nu>55cch4GgNay_nAuMIn{=qRMf@<uP>5
zxvp!K4~A!K{V#m>c+aQzD<czJR%A2IJ_lkV#T{I&Pmb;}uaQp=J6df8;~IOR+0;op
za{awVeYU@^y2|!iM^)<h>;~y`a=dun_h0r7QkJ86H`8_ipKk{TJ2z9cG<C?GLzfjD
zt}rKsziHM~hRHlZ&{NT$xOu*Iv0s79RsH&=pDRk9XjW3?I>Ehu8i!1A*b>&FcVXbd
z@=FTw&N?+;BJ_?)#CqCAdF^5TM@v6LOEj13c$u|ee@DMx3_Z>Er9K}{D2v!I8V_zE
zm}4m{Y}4<W-ob-%Yb{~ekCQ0~qP4Bp{$fE+KO3`AlZ6Odt#Oa?H7gFKkSV*`M~W1f
z!hmfvkvG9LJXQ6WaQjxjXVvj)B~@#y;z0!C^BO1jtCZUupVqdQ_K>BMPsx%^%u3$B
zmw@H)WRgK4;rcwb)R~jx*SBxt$l}cWeb*WL&2A~H@tz7gl}gcJB3A2#Vry<?2(>u_
z$n0M9Ll@&TXOO^k+oQHcsm6zllN?5_T|MO%6v(c~a(S&hpsAB4p(9zWUM)LLF=9Dh
zOY@oYop~^xnK{*AJVA>FmgmCCuCxHma$j5`A~EADDmUGoYI#Qb%8Ap;8lKSRkMGm)
zfm(+M*obqYOh^{4%cqU{>x_zv#0v82c0;vaf5$_5q?8KYG>@2*?Ap?g#163~)>bO_
z-UuaYI7s*`mxtE;M29Wr<b>@kN4i!XXWSUa1>>J^GD5Zo&(g#ig)F7Sfl`fmfUnK?
ze1dNssFbaguOYlgxuLJ~w_JnnqJMCp@Grztuq8tGDR;~X0)~W^e9hETD5E&#`NsI<
zv-lc9`#=|t4N5TPA#YDmE>F{XmA*5RVssCjfroU6)$=1&>ZBtw(EiS6oT4eFYgLFa
zW8ku8(?*hdCUbso2bY`lN~(k6hvblh73-XW9B|w)X5#0=WzDdy?3^N#{_)9XJc9yk
zp4?JVy??;KNc4SC)+2lrcn^Pz)Hw{{ywv6=(JvDg9}jdpWS(}9l%W-O3-5DQNx~(X
ztvM_VXfj>EeqOmBZX6<Cv=NHQb!D_W(Zub|7v5sCWE6a3x)1M5l`PC5WNui8^xNp=
z*q-12fIDKUUkQ3P&<1e*EoqY7X@to}Q-PUfv|3b};B?Y$X#UuBt!aMvI|82}V_54z
zMEva+qoz}8We6GMgfsdb-%Q{KCdZ(S5Yyc9W64|J%*^o3P`%)UJ%zY_Ait**bJl9I
zKi2~6iseFA%LZNr+4D@d3#2&esP_S0IB~6b-$c4wtnXj$%S2!4oFq827*~Q}o{nPE
zBBZ{f-XK!nj*@I}-Awh3P?CcTTuaP@*ON<4vLEy2Bug2>(1K&_(qykB*N+4vN*`%b
zQMwpXuxlk4O*D-R7(;h6Dpn&;GeOVuh5WimXmZHXQw<7Ey5&o%vZ0?D9&o&)bO(MP
zeiKG5F@o<>oNl`lx1E35WA#kvQiFu4Hffk2U$>n9T%sE(U#LILH@!*ynIIYnE;FvZ
zEMKq^%jinrk&C=`CBV>%{q4%sXZHK^^Noe_i6w)8;ke#Eh``XGRY05FBR$G-{^|XQ
zBs>X!omi2I)D0V}O^-Eh%TKN7utp-bJeLB-X|fN!h7h%6481{BHWiA}Q5mZnLNql&
z!aCp|=8M1wy~y9Ii2;)X=`%PD%rMr7B6vLfYo4&W0K#wN`>soxkj<xKC#togN>A?8
z?>5bkb-Y)@vuLd)`zmquD`8zNDcAcCK{$hXnq5t8?FCk91-+*(=bZowKTa5=pO+CX
zZcbam$aw7=*WYY8-6??&iGEK04~f07VCoO#=71^eb!C_k{gqqcW%c?)@asm+@fW^f
znkmvlOb2tWRGy<$n&KAP=e^V^&j5>raYHmupUp;x^Grn{o9r+>Mj!n;)WeD9%~r3F
zRCCO_;sY64Sh2{{eQ1KP{gx`r`tWUmtyr7d<shwx02w!DTL%+)Z8G^~j(ReGccW;N
zyzUUDL<AJw*d==$_NDua&ore;B6u&$`p6o(Lj<YeC+3_t;{&Ga>eZCZ29n5ItliVb
zV5|)B8*C9;m22=$o>ty5jM*#N9Cr-wNB=jr-H)9m7SA`j+4=DyGLQGP%%7OnnaZan
zVW`h`{7C-aa#SISV|c%N5YF~jWFv^=r?$TNOOQ@B;f64lln7K)NVI$#jU(SZxr{{J
zzES<`GTo0}xLr@gc6I9KKlF7DB&|*IIuKXckoUO@9Ivq$n}Fu1udjSF8>$;_o*C-U
zl39kJg<?VBH;h9wdC%+;^Dq~iyr_A*Lx7k)rS?j#AM1S3`DI3%K%d1(S9pI{0gmDF
ziE(LICk{?xny_Ao#<cu#tI$5MZX&#pt_d8mz)VvN&E5J)#JY+<xh8ir2L?cybaE%E
z!pD=|gf~KVIigsHxcZ7VQikE$9@Bt|0~u*9muzz%VMbP9)X{HzM)bbEd?Q{#F84qx
zkCLv?h0&G!VprhyUkXEcn|gFOWG7@4Ky$!4wtvq`)MGbvW9Alm5rzZkYIrrlK+@`W
z!Q~(>pXlCiD42;m_yT{dJ>>5aNfKmjT@j80%(p@=1W-_27*Tw+tr<yQVl#mOnBeFV
zUMd^G`?MP{ZQ%MEE>)n`D7p}!izrR;ifQ(P+NG1^eMZ~$6!{}npb<{0r+?BrQ<;Ng
zPZd%ZN=b79{{)l<=w~3~s)4>?2PD-*mGSLL@=M`aO|=e4g3BSl%y;(H*ZyTuL5+!5
zg8hIK{@O=<^WzW(i_xkDfp<JN#&Wx?!|GduR?L*x&5_u!qZRCOHD{aFZlvnelTk3Z
z{W9$e(%Fw>HU+Vm5dQgG6N@cR8dk<7e-&s|8Pamv36z!=aE!Y1syr)?U%Bj-&3P`C
zuB9&6Av22}9SGL24_%AOLQ;6tjzLnw5*tA<*LF9<yI-`)&5Ust_wDvU*FOJ-CTzu)
zgYD@OQB!1AJ6u7o`$`1SL9hdbjCHln?+(6WWxRFHX8zZO$PR7dVwvkNKx3oXMx{qN
z1%8qL8fy1*X>k8ThE~&EZjI=^l29ztC6c^S;^@qkp+)^r?0l10Ohm^$7-eN@ib9f=
z2&II8)cHyG{TB`rjJ+%8E`P)ZQ_=qzzU<M=KaRcTl7*K&87d`+)(;m!meN4i9g|4<
zGl8$l|3G_q5%}O>vGNf5nY*rLz1;I}J0teLwKMi-<u6Fc7sAA}Jn%mBhq;PAQd8Y7
zt%0i6s2v++&QW6Ji-g#g99Ddd8<mX%3{NH1)>@U2kA#h4cUmb1Fi)V+ZofNm-boP9
z{OFf+cI&O4o(iH4Iqm?m`Zr!NzPnRLIs8(2k3p=JW|jC-Gq6QR`+RjpOOgCYA3Ywf
z{S0XNc?;>wZGvT|s=$qt`4jnaj*q|z2A^Qx5H`$D8P@zq?8c3%(W%OX(G8W$1#7x|
z<T#yO=^V;cEMM6>03tIj4RB?lHj+K#Tr0sMgnHJDFTkAFsH2$zX7hOMD})o3=b~+D
zyoz_6CdUAOz}JXH!vtBWy1EHUu~EzVCAC3O`Xn~EQv5>LsfJSWM~s9p#)4}J!Aaej
zvMclbmsw%@WmbIkwhjj;dYPC|j9!Am1x7a5_<!RyW=ma6E?<e{oaOjSl?@S~RN80L
zs*l}QKoRBU24&lA^O#4DL-b&Gg2QQs#@9>U=?hEH{WN+Qx&N0;jdzA(tpx0P0KzFp
z%M`0^#s&dicL8!ed(~zpd9@q|ta0olT5j&Fr$kaigK;ex!H(sOA=ktZkny#to1<$Q
zwElV{X`T({KOBdj@M-_)IApYKoTYX&Sy@%Kt)9X0ocy$QS$N4^nF&45TbzqNm!k9c
z44F3U2ck1KpNN&OpITXs{a|ifvBIIYeekfF`jNgKvXN&7Y}QQ+hK>0o73^+-+cxF(
zL(hL){>g!}9`fg2L)=!0kpPb!PL&0+!rBSjUd|GjKa}ZiCXw~9-zf7CW5|Azg|C_s
zm|ew=gRN=_wEolQ&tK?_`toEjrn_G!|ABh$g)7mqY?!&ARG++Y?A+$;Y;c6vs7b&&
zzfogdDwbv0*E2mI3U3Qkg5-{X^Dmh5rzr&BK+K(VR9Q8o=CL>G>EgjfS8*S)TLR|*
z2%5l7-7<!KnfLm0ev@!|^P8l2*NLx?d6Q!9={6Z#tCyeW@N3SEW0bb{-1kiY_9mL=
z#;0_XVcIU1a??fGjuLAy=jAzUtNQZOliazgatOQ{!IHW8D1a-FIkLdz2Y|?vJ1*pt
z<~u<XkZ#o!zH!ZekbS&~+ad$LalxV&nwZ^UzL}R4tXS&BKW;PNDDPQ6`KpV8e{#oD
zD;u!9A}Nxiz+6{mOv^=iTCRd_IWJefVQqIv*a>GEUt~c+Ll-Ey{c|*<KW#kX2&qD;
zt{_<GM`DyhrAY=GszWJzWUeORPwTICutq@{=Zi8yJ(^l9G)|~^EwS?I&XP~*!AFdW
zg-N0;iH(2M-n!_z8lGm(&W35_D>Sp$B2#H#w_k+XinX>Mb~x7r7goRG+p88wQw}#y
zppor~KP~)uN;RNT)UbN@pM_iCxL;~GY>FpWI?C+YbXX%=P(VbIThWk)@`=h|Bp3V*
zouU?{?}Lytb$u{me+0JP9V#r7iMd)h0mW98Pqj}PI4;nzr|y$+E1XMuAtBTu%{tbw
z+Dnz+Mp`)NmtCH2r4pN4N+O4!tCF3pkp*V326R^vE=7o9-Q)){tJxvaS1cDFzuIy_
zvdpGW%BXeJdgt`O3t%F-NVSk^qIgrkt{>lT`z-{51!!IZ><$q~YO)-z7=7wRV0avf
zGPwmBSAAQ%UzmJT^FD9XJg1qKFTOR9{}vX^t#RO7Jhz2Pv4ykK$yvQo&>oz$C(@${
zdU6tkVzEDZuh<daDGU>lqg{f<e_|GZx)wI1?oF-6o+lP)Di5o0GIK~(SoDVGLHT5X
zEdZt|<vxYD5^a@V<@h?v)8U|0zr(nYb|QsN|IDs|-4_We$`(J|v^|J=bJ+jl)I2{Y
zW$Yag4}x>Tn$)jf>p^jG!KYp&i7`c@WWx!>96sZw<FqX;4m=Pylb-mqS#2x?3~JVD
zPNlDT$mqC0v}W;GaoVm!-U~A;cRiT4EobI|70q}8a+)-8#FK4-jl)(c0_tzA@603E
z`Hb)RwYFtUHVtjjVh0dl^j)PXL`IF$I3Hjh48(Pw_J0d4NS8cf(`1u(BaV?aXZG|=
zW0h+-fO#Z;F{3zxra+O`4MlCX=5)v{s*H^yIIz*Eu(~PXjHsce;PF&N=c7i)ua7Oz
z=)Y~t-Rwh}3e2589+w`qoE?qZe0`i+mv6F{0V(1ay35}pOFO_;*A_oq%Sk9OfX#MX
z5PhoVa=d`35t?3spLM3!?L_Jq2o`;e-9kRwpQryDIS(Z5WmXirGRM71)h!<T^}z1z
zavs7++EK)l2<Wt3@<h~p;pQ2}{)sG6WCR?CSHqySRRT`42b}hnxZ8OZb1j|4)3g<g
z7bUg9V1tojcANXQ=!dl|&xBVqR?1M+pzm@>2jwZ82TG>&clG$$JbNd(<@a}!+Y|lP
zfw1<R1oF-o|Ai&9wn#^zqkb(Ow@Gen6C{Xvh0~y>;G`A}Whr=y;VQc_5$B3<PA~%X
z!_GRWVPTE#7<`6_+O9Y97X3F&o)vI9O8z%YK3%_P;uSRi!zSd}7tj<0u8NK0(DyAl
zlq)@=Q~n(bk(erv3KnHUSArZ4@>dk!=@{8AOH5T0QkEU57CUK75<YZFf&OnprSn#&
z5>#bIUey}fyxt+dK#}XrA`dVoNogfVT%(7|uEEbCUJhZ*<N^dg##X~U+5d`?rSZKL
z`pOraMW^PmR?hT96ebni8l|m1-sZh5*xOV%PV8L6bu-iJAMBS;ZQVifypAGha|TN2
zlY}!jrGIMucps@HM>+o$N}mmt2lq2I-==B~Uqt-E#a5wlOr5B+1oD=-o9!tI(;LsD
zZyuie%ckJonAQ1q-o{QDtlR*bI?oCjXm(q}eK#1!`jkFobet{P8H$#fgT}?$kFWdP
zDx$I|G3tH;C7w$79v>>L|8{mo2L*t>mfH+ryNJd5fE}id|1`Or9qKwd@eC+VJd%0E
zzHTWXxu^{<%45^6!~^_aDDnj(;eSVw?Kg7%e^TV59kDk-A2j_l0&Y=xbn}cbIXXtx
zp9Jj5!rT^gm_uay*`FW}Z|7g;ze}S^(0cQ;BKjint>p(Z-vhb=<S+EuKj~(0z%{kJ
zkxPp>QEnf}grVA<&Dn(mZO7#GB_qy)^~ei89A{x`YaqN$%b06G{pC(!dw-${9$1{)
zLyp-XUf-h(S2-!nYn%m)dv&-S6w4-sEdOw9VZrZ54^D4$Qj4FU_k^OtV-mB0q|t<u
zhzad>5hU$b>TTLWI24{mrGhuoMAnVs&enhGNBh7Kla1RDMd4vGqCpG5jy;-4$;X;G
zXj&u>$i=5ot+2DU1t&nC7Y)lycSG0>pF|o~V5TK$kqQfmYKh~M^&A08!&F&H-=Sa?
zNlcMF#VKm5?bv^|a;~K*E?rcVd#n;fF3QQ)Z_L0~-n&qMZ3lF_h!YrHW-TxN#`<ME
z66J@`uQH68gB##=Qe%q%nRUqToOSLAfv6mszLKDC=kxsW{MI#)ED6X+z^r1NI8KSY
z9mDy1!+-teqi3;F6V&|~R5xgOMK}?h7T3#M9{x<3y%*2dAGo86NTyPmdNGWg7XHgs
zyx)ZVR&$G>&l$z36spTKWCq)Xd)@nHEvNzujl;Riq?JeO3<@10WUW89{n;8fPKgb#
z%1ElQ%o41!!?s+u<Y@E&tsrP;EqaQ0#x&R<Q|`c@7Uo$>JlVlzMO`ANXXnR`ja0pq
zp%fg8*pB3}u!vxfXJdoRkZ|-OZV&PIMSNmtfN|up{hdcg8Jh<c-=;P;%<K%^wxed#
zYGZ&?ZzTj5@e)j+T!}GUGcT)A?FI4wiz7o|d~sy3@c$u4o`w9Mab*8k7h3$e0JUck
z(k_S3vBu2qK>ssOCdsZ^<ViRS0b8yDg~2U|AHmv_7LAE1R1{YQZk9LXEqEWqfJ%A=
zk2f;^V>%{6R^F=dUPsgP?wChbnK<>gjbz1}K+Nwk2!nvUk-GIcE%<_gjSCa3Rx4iO
zo_5j>_W0U?ls`d+;0}dKeQL4!Wy*W1L&>WK!fNKBwHzp~(cKIC|D=>~9F~d>Ebpe_
zP^3NlM+z?2Md;32p7k+5i?K3_$D&FE4<BqKe6ww@erf#Ss`AJK8aB|&=jQw_<uoBf
z--zSJ%R2)2ew&dIIVLbvH7xdo-&Oyh$55IeRAr+~lyU~D;-a>daSqaC(i1_{N)PLm
zf{~^G(N}B<cVu5Ju9KO$OSj|Ey1P0tPPL0#VaQF=hu;62`TcVZxVYbBOZz4u?>}QR
zq@<Q8a)Pg49Aj+9XNgjs1@N6uLn9_iGY&VAq%LconB*VhU*#W}1O-LP2a#m8Rn#n*
zv!p}e><>K+{qoan#vJfh(d1!HGR@bVPq_Rqg)#?&L9_U)BD;KHN}M?7YW|GGL|L&c
zE6CGc1d07%H?s2@!UJBNTJfW_rCMZI>EY7~Rqm3(X?4n~ne(3AiFZ)6kL+~##!=^<
zaNe1RQOo-0FD}MF3u0RM1RijF^(EbjSy(mgpe}$E$mx9BUI#AWxUGDsv%fbrlmmem
z5poS$Wa-uxt0Y5b@Uqq!H1^oBVzqE%3|*B2u`D=rHqi;r@?E&Mo)*8C4Z;n@I0%Mc
zV`k%%lI#m=@DLAJZb5Yx(VxXlhaN*jkiWyLulIfBi6X+Lx)XYw@@)AYAv@48oO)c?
z{fhsaEYHNSGE*#<+}(CS0Qk|zi@I~Y+<3baeNb<8Chu*h6peFz$#7YE8qh_2O=~h0
zu^0@)kQ8NfBG>p5@5!RW+^^g3`2xhLh6E<K<sH#(JfLjEAlU7A7=!f#LsQ)0CG%!|
zJ4GLs@nCgi#LfW^oR?H_p!QV+yT^2zsAT>{Of{D9tB92)GE1+~t~lk3Anw)n=&Lv6
zL;#UIcrzr$_NV3W9W6XEROa?&gTdh=_)>KndXQqgWK{Z$5cc;%&hEN4Ck7%%8(G&B
zFCG}%-C_Se<umd}dGUNSt|+R|zR4Eb*qkf>ZmP$Fpo5?D4I~n7-pm%<1z$cFB7nd>
zR<Y3jo^&R1J~$!SpLUr?;BBjnB2SP-y;&INi0b}@G}`c?1r%K$3{{##E#_tx(s0!h
zg*wrCXrnjFp~RfeaJL^^-G;Ig`u%y2Jas6;-H>G#PRw=L5!aeReEZw+LUdoS2#^~^
zxga_|M0?PgK*tqXmvGZzVY=b!H}AIeH_2uV0<f4mXetog<CwF>t5c%rSP`&=>;1i-
zvPzuI=WqyWkd$U?)~k+p6^Da4q0etb4Q;!V%PW5bz9SRr<VhuOc+ZgvOnMR8<S%BQ
z)Ri91mI16eoA5Kg{Q{$9AWtws+T+_wsxzB(dsYN^Gr_yw!ufVk;D>ba7hATnB=!3|
ztW%))Agq(=Pw>90RWC4QFfOv%pG&G}b>6OTl!|*yqHaKpzQd=p7)+EsZc>^0jg9jL
z&e$SOEG{upt8JJathb(VqA|=B4|{gBF4<~>wO5`_JV$5Fz-Z6es$Rk*EPItquM1XR
z+WaWKwXCW(da|_wq|>($mz(e#ak67MLGYLYMx#09>E+WpEcuLmN6%R0eR*YlmKImD
zM3@kEp#a@;6_}S*8=p?@f9eG^Yg7#_1+u%meP5c#b{`KfHvmHjqW1o##+t>eI~deJ
zqcmb&OjReKXIjXEnA%X!`vW@%YQ@>;M9|&En%NE$1D<a{V7D_zRDy_D7at%^-&W`O
zJVwq%-(`JL4@b^tp5y$w+oyLs<w!@i`lp}1+h*WZ(J3CrT<JdRjd;BEOkl04i>GGJ
z6c4_WPlEMP>+WRvMGHd}AU>*+-nL;TBeQ^2^LZM+=Nb;Ob&)lab8;D*cbmvb(q@`-
zx&;PMK~YU4YkuV<R?X1>S@{VxRN6c;nt$&Q8Ey_=d=6foUQ7eXUDFAwNY`dD4SPg?
zEl<{d_WZ%^8q#zeRVI8`c`d1>L6(7L*Xb}a1YD34Z$(CF8Qvk}B{OXA?WfA<kzoE2
z*ts$xxAK_jQ5D9Axc+qUgY<BnL>S*=GJRzhrqJkDn-UAf-h6^U^)SUZQ)+ExaoB_)
zvQ+Cn6pIj-NT<Q~kAgwc<+NgL3kDa9)Dy;Lr`*ZWnxB5Rc<3?VbAa86#BzDd4I}BS
zBdpV6I<dsrmB=ZrLbjur&f=<S63+Bz>RpXXw7V(k&YRJ>Fw0e@oT4R*zjY%nU?5@_
z{d3R7@f)_xobY`uoe)CLZ|+*~m_%u<w^)C&Gcy;m1;l-cTbw-5ji-9@0*#o-SWrS;
zDN`p&_DsFpL`q+*6P|A@>QcJMV{}wQQ-7!P*^N&5R{F0o>Lrpp;iEw0;UJ>{4T5_9
z#<ManFg|!&g?#LTY2<}|objcB|HPQYQ#;f<^Dwc3YCprdbX$_-?$#%M4H;*g_=P$o
zc$dGD*>XMMHDB|tc?*B(II&BZ+UAlE6fpOmd|E-Y^M?_en3*SFGv|zuT$T};MSy0&
zk!0~|eW1QKU&(;++EUlcjaacLQz9+c`s+{H<<*-9%g6fXA{@bY1Y)$cUi~#U-e5OX
z=IsiB^eUpvB;H%|>D^Rulpw9YVaT6VQ2<`C+RdYrmo($;h{0-7A_@<8w<sWh!5bq7
zOGKM)j9H8P4JYXP4mJIu-^I`JuXt3PAyuY_y_1#lg~!<tn=3ArM91n$$II&j)`t^|
zh=LYuaAl4vvlCpUOdbq$pnCZNnzNoEj#!FF5~g%xsDh~DCFK6+2O|9wTPx4JtEOJJ
z_YeP%G@haZAIlK2JIlIQ((PlKL@B{HV~ev;n!#+)4B!<4FNXY<2xTYH@g1QF?G(at
z-yCo_S^+&qZpAd1o6QN+<-!>|QnjhQvH-cK>9S|Y=8TK}eyA`@QHdvIkiR8lphiZd
z8VWx7XoWr;q52{}bsYOrtS0sShDdVo+y2vbdPBuj*3{M{LA9kQH@gqwgjo5^s<_jN
z;*v+wf|D)5fK6Rn(0lZ2xF1*x`h=YMZ*Q~-@o+avUFJ*#`L`9Di`Hwrc7$&NQHYO<
z%y_sLB<xq9TbL_Fg;w!Uj2gM6C0H~23v<$S2ejtz!?$&(q8`Z2RpP&H5jxF^Rgz+5
z@!A+jo%3;{XCJHIs7$9}pl6*D*co(r7Q&t99)`laNz$rP>dcDus9}jcp7N@$+BLE-
zd6b#!cc<<Uook2TfOAF6GbK2fq4y2W`^etPx+tl}>=NWKHfzQhw)2Pu5bIIvX$M=c
zAmYe{{@~hlMkgN4go3r*1fQrspx>(<29gJhaYTQi*s5X1utpwHljfB-fYJ=v>6gJ;
z27aZw?u^3TMee-c5Le*)j&ZB*A7XgC)3AHflPu<T$~(*&9Pua-;)4LhBl>v%TuNAy
zrttD85s%PXi%TVPMy$v67GgYojcCl<1)#++RU{<TPmGdC6cj5&ln^AV$1d<xng3}=
z`77mjuFXqSeXkNs5$B>P^|jWDftf5D%dLu?qFu#YTiU6RwnDM$h+mW128XkOc$+Vk
zZ0bczo|Z-q8;~$Mb%9URVG5F=IMxZ}Z4RiW)@3(r`hD?Ue_+rzwTD0Gfkwb6>T=T_
zCJ7lPa-7U@V_UGGXuC(FETC9Md79%hy(MY#*7n}0Lo=Pm?HFCT^_1~AER!>H`JKAQ
zi`BUR2SrLz*V##Z5%LXbigKL~Dh45+^R8nAIg_)K)1prQ$VjT2LtJ7om+<zu)9Wly
zS$~-)c6hl&d!KS}j*8d+(TnzL9EAANhM@i3rtc@DQD)2Dt<X0ozZqGH!O$g~xqVL3
zpwmvbeKA=@woT2-%Zi?nkrmg)8h1&HZBWJeR4$c??C!i+g!Ctiyr9dn3y+Y?=`hNO
z5IYBB47OIK$iOfF-)DWw^wa4m@_TT6&J}n~dql0YDtyDoU#RPVCB+(@j{1Eq+c2Zf
zF2y7nT(D`6gjhjKXc6Z?7_lh6{!_G8gCZ>P_{DS_m!&x2G$-$wWAm)6p};l~3+&%#
zOj5H)K8{TJ$ar)l-<*FqOkWSU&;MjNykLchrgaKOCCE$@MMfDT;0{EVV&iM*A^~&f
z=g#m97oBuK@}pvaBR}&XMZ2h+8{N^xR#Qy`9HQLE;}qR1nX1Z4?|4o_8f94JU%a_f
zE=V&D=+WWfok`zPy}6!5AQoc<!9)s4geLV|fIBe!Y2bIa6~8AnaL5|Otc2Z+at_m0
zz~s-w*)qjBiS>O52tszw*X4tS)=1Oo*@o4j&#!W`WGNCwTD=H7m|ys&q40NXUqDx3
z2|5$|y+cm5E6U$HHe?u$yLVq{u9G)g*pIjc5J4fbWkG%(*Yqh0Rr1<3u?|IVK*yFd
zm2o+mrC@!xtRBT=wLPbSYq^}(s+Z6#o&X`7B(6VuDH=$I8dGY6vGd(i0>MqHuZgU_
z@Enp9R0>G6kf25)bhI`$x2tX^m-6B$3z$R|@RObjisbhdJxzL#2*V3VAb#+*Pv0fl
ztRD%0OQl|UO#9R)q$-udPJrO9@eal9iBz;+c6f>Av~nZmx0pR-6M5GW0=-bpVQmBK
zhlP~DmZrdaB{n(E+N3FFTj><BjsJ<fAVW}`uZ|VWzy-3mWy<eo2hdW@ApT0_pg6kx
z^=(y-DrrUj5P$u~-;i(Ddf0jYNIXCoal)W?h{PA4hTMWX{4<;#l`5HRs9AMqAU}=X
zm!|X#<|E&{upMe8=oI?6nCm=<39qFdy7Z-p8v6QBte40D#?<l7DS#=Q;60q77K(GV
zr7CyIAl=?g_t-UXvzq281phH|Q#`{KzX1m|3qdDGxJ*s2Qf@;cI#b)5_7W}WWG8yQ
zAE!KYf2wSu$9ldS{I1QKbtrhDgSiR)WIf4Bw}adDm{zsYLW5gr-t{opn68${Ox{3?
zN!6UV4R0^MApurW^Y>}k)3u?dY46UM()TeX1dTg;Ru|jh<V@mp&&EOV=h|Uw0D?T7
zn$IXmM$v9#gIguB8y%Zoxl_9>-G&QtyDi&>%ds1eR(lq)8;@0c*6g)QqZ?54%4NX~
zShRa?dHoQvbzXM;AT_kMv~!Nxv!=d#o)Y7lJHSI3;QH0xg%a;lA<|Xj`=vs(s|L4T
zeGvt2rBGBsQ66sP4O2Ct=72_Wj9JoDy$s(BGb|GwwMKBOSC#3>NU~;_tzr-L`2H=O
zvV6<9P*fz0njwA8uQZQYQw$?rl^U2|&+TLLs0{T;xA_68sbhzF#o1nI!ONKF6}>wA
zpUn5)$7%b!OAXKuZn#p*C=AVrFvP&i8B?bEX!#K9VXhgeHHu)UazZsd@XgS74F97b
z@3>ap6?O6TY+3uoSl==gHg5j<zMt2ZSFVzNv-?`gx?r?l0<M~l2(dKVJ2BH~RSVNn
z)C|yu<$xSei&X8lO@VJN2+j!9EgzuXav2R-Tj-q-tXMEYw+EW`om*}nY|Z~OrK4{9
zq0#==v}L0P_+OtDdq}MouG9vtif<RWHZ8(*e{o5*=+r>JUe|=hvAY-oL?v>C5q9M)
zQFX4`Kuc1LPSRu*3STj{Bax3NcsXIpWDN@2KPu*5st$$jAC>(t)qq0wkE;5YYC^&L
zM|J*7wV<H?qbC1Rn<>tg44a3op-E$lw7;~&59q3oTF*w*bQ+9A^*!_K&O#Ku;&f0w
zf{m?cEgLJcXHKw-skGAqSmL8mBE~ea>V-#Clz86>_oeYfO`>t}d_!~@Xb|&Yfc7UI
z2{KvG464IFX%*SQ5fcfQQdPvy7!=hJ_Yc93&n(>6dQvPKRo>ij$Bngc^s~L)9|RPn
zLBFAap@D#aK!K<QSLlQk16P%BK|qEQKtM3Rp8oqN^#AA1*wNI`$yC)+#MI0ZVCiIO
z2cWn5We4~_i|hx`mZ{8wfC%A2fgu08!q>IXKlH1#t)V4A#njf`=Bw0yP6vnhXVkZ^
MGwACIbNP?@U)3+|WdHyG

diff --git a/Solutions/Tailscale (CCF)/Package/3.0.5.zip b/Solutions/Tailscale (CCF)/Package/3.0.5.zip
new file mode 100644
index 0000000000000000000000000000000000000000..d4391e580d09a10b08a5da210724806e04de8d36
GIT binary patch
literal 66176
zcmY&;Q<x^p(r(+fZBN^_Ic-kcwmEIvwr#t=wr$()v-aNWzc{y<6)z&=si!I;6=gud
z(13t|pn$x6s&(FtHc*Q2fq+U<fPgUnS^eW^V(4t5W+7@~YGG^PY++~1VCiIMd!_5;
zgv*ieBamAl<3^nb!{xcENjbr#9YJR29ZzUBE~UFxL&v#5h715g1ro_vlUedf`7nQx
zs_6ip3M#<!N=?$(u2dyQHiH0t{Op*s`@CZD&-QCRLxZh%0^?CRk@jk8J@J!*$sYoP
zRb@c#Rf9-W#oWu-+E7497&Nr7r*P<TGg9RAemX=ORhFV`md^Rzo+yAZ&iK31Zw-64
zvP9T~3&(RwB^}4+X_b7G*Vzil?*=Y9S!=F4Tm7xFn5jT8Y~&iRe}^9wXjQ5iXHx2m
zqc5gOV0<Td+%?94&M`8`-H@zGHdErQ70$-e_-sJtM-BtEj>6}$gd!68!I)&L2}cb>
zt|FOq9!bd^{(EN-R#l#6>IKFSKcm};Z_f2bd2F+UWOQhn!p_xzfrZ28(ez|5^{A7B
zhe?bpz2p7HZl{dH((NVP)xD_`meCOnqkk6*o)g|Sf@#^K=0sV}Ao!0BQc;8aA=j7i
zO7%3Y)+F+*#?Qyj4=7{0Z+7JEJNbM4ncA}rBf}Eo!*MfL5EiC8GK3ZV{lnnb3}P=g
zm&fPZ-ip^A`e$g-*gGp>9<;9f91)rkFlq3Ly7UaXq*dj!=uomGOsCmk<iQaA&XwJ@
zNcaeJx%-(Yz6G(oCD4(}KKhD9%4`)wDOBx+7;B>a(<o`+Bkp~4a{$gbQaPxy+$=Zj
zlOhpI$1w)zm_3CGp1*{ZNpNm)8S|N78Js6097Y4pd)_Rdxg96Qi4QW23*&SO#8kQO
z;b1}zF$`m2!T@5FF=rL5r_%UZkoJ3sl6w%ZIs~;EtwbKzU6xmbRQTrb(19>CkCnGZ
zb;62^L1s4eSgc7D6vD5%s6R@ovD1qtE3eX*2{vJy)J7yqFOQ;EkM_NRA$wjz^K_!=
zuhOybQ>?4oP8sp#HG8i<XFjtbvq1NjF4p`ZE{z9?7|J>@67D*%&fWlmK}=!!vbrl!
z=?nve!5mjP1$%&cN(pFZC*!O}wJ1XOC`7$L9wts$=r}=HPbchSGdg!B-3;UAe8%<~
z9AMxMr`YmX|2R2XAMy3#$kXVJt+=Je=#VSx)x@O)OHZgZhdQi;b>7HI8Lr(S`6TWf
z8|PR5t%n{K-aTgHe7?y!0hv89Wkhe1E$~KRX^CRcgN{OxbcZ>nCh?M9mzzT5gxrVS
zq9KT$agd^67i(%6-c)g>CvoCA%2zNpkbFTvj@V%(<4lY~ZjP>ql7L6yHKl#QB=`;n
zgpcC{8ML3KEIc<(<d0P;8CR2Ze2#Bi9TV)$qcJEsOfUgOBG|WdZ}fAoZycX&mK<6~
z@3Wz`bN`Lk7bpW=l2IU`7)GE$FMx_|Wv<kJ5cu-?y9luK7fI{Ku}ZYZo;f5{ZF&a|
z;qB#y7KIG;H5MlN5fg!6ez$f;2@4#2oZ;7evNo|#&A9w_XCctlpkM!!k|px@cbL^#
z=2_DWuEQ#i4V$H14xk36?$7M`MA7TOY5LS>%vXmCXj5{)2{}ZGyA~~>*OQfYZPyuB
zyns^5vvQ}zrkPB9!4~a7=Zk2}$gg%gf+`jezxvD@z7^E;`{<z)*HV|AjrSivyLg(F
zat*N(knFKwRGHqyWwJ&%P0BYtQ?N)*uyNkBJkT>7pc79JlHCbmxuEAEtp#E+87;1f
zU+0pvl=!`S`cX9#N9nN2qSM<_GHF{}AZ8WIRJqMRxFgn&wNSw+1macFk=c1X0^j91
zepc+ZO858x^|HH6yv+T!BuXu=!iQ-Qt&`LQie4uv5HmU_WkSOy^S{RZav`8a&F<sD
zx6E|-?pFrCMi&j23AmSN{$!^@`0*Lmn|pFqgl9f;7hOD|YU%ma?f7jF1b}g9wSu6k
z$gN*Y>rXTAU~N)|WZqvWS1a#%+8|s$p{B!MH!J?+N8Ot#O&HF05#nDHUL(Hr;#?DM
zUi5CYe~UqK_;tR8`Lv+wqG^$ril>%()~s`!7zJ}}b)x{AFeqo8^FE9Wf%~B$(YN)U
zOqz+OVqal7rJuwtv@X-w_2-3vd^j-GO+%Gu>5h}6eNo-Rob69v2q*C&_UD*|Zg(^6
z-aI8@Z}I!v>k|_A;5M^tIKAu4%mrJ8PrZZw?X3>h=@szLan`uyEM~&+0_J)7ejZu)
z08GziW_y9=ZM>EPZ+bPdxHk^6X!<<8czyXoP61CBap|E#&|9(@mAXWZE^iQ#R}J1H
z27^gWiBsxA=M`VI`OHvZV(UqdF1YVRS9yKhtZ#RufIXc{;lttgI8E}5MNip>-)y?I
z%h#sl&Q5Ji&fW*j!IE?p(nXEHL$d`}6?Qi&yC&{u_xYW}DCfJ|wVyEv6sYRWXc>Yn
zT_*M2r8QmR!Yz)Vk?1mmsv0GsBBE5fn(=8hO>Ik&v*ar)7x&Y`MpFxi+Rks^<J30?
z4<dg49n`6)42t#@^&E`Y*--2$X$^r!;Yw4@xk+6@Cn#cWxY{3gwoEL@;izn~K9$h5
zV~pY}3J7!9Eq3tJCk;nz%~jxr*p;)MZ$Hb8lR@~&mEq5l;n!xz_?E2HVwdQMm~XCZ
z!O0H8<%W^6xRr>Xq{|@TnVZ{>epm{fLEvKSh|RWKVy5@)b+FUrYLDGeyWrYt$f{d8
z6wQ*Fc^<E49_}Lh4h@g<#<W^G+`G$JA8|@O->i(Die3rsCyW4+`KBqe?n0q#AU?LG
zn$~G$v+l+iaY<efkMPzoC(mXVNtm4)x!5`+K^D;QXd}`r-dI*lMWPqbyP^-!TbzEM
zoZ0F#St;%ET(4}qy7~C_^ABJ+sn+@f@3x+7Ws|fS0nM8T(;puH<g2uglrPwpk0tN8
z4dmy32UcRvip5v^byc3oa)u!|gER{FO1&-K3*~D%7B%I>j^(AW2v?nmx;N$%H4N1V
z$C3u&w^h5XFM*L+Z)=V`Xy6Lu$x9&bVnSD>B6J7*tc`f5OARnelal%HSbl9mpPqf4
zggSJFx3$%6myLtE>rv$Km(3KWTH&><M1JFquE7K8p>3{)L)hKl|HxOzJzsf*bTJ0;
zJd}ehbRrmlR$l`?9N>1OmI8-RQ9U#2YXzELxzl?qZ<5a(25O=%6*fHny8l{NLhL@l
ztb^>Y1@hV*0%NwwjxQuy+s}rH*VP$NvW{k~Z`7{9ruj*EK7XYz7t#wFqkrV(>mLVk
zDz^`hIna@Xu)n`wq9%fujBTXk*v*&l&m+&b521nthPg3#bE60i3i|r`&U=1L)N_5m
z1o5;mf%_;=rn*w?6uJsyaA8;gNAkY}icy#b#UVkq;722mBUi}POY5Y5lx7tf#o1ZS
z%cf~^MH-Mb2p$AJ9jQlMN$D$(XHhLeZrE3u|4wA<83>)!%hA<QMzgRO)xdCH`SJa5
zix?b)j~v7j)vjgLu_&|-VvQ0X)uXjM1Z5Br7NM0C+v!fpe!^NI{e3CYGA}%HhLSZ_
z%eibS$30aQq%8T4x+BG*$}Q3tZm1X&2M6M*Nuw%WK_X^u2j#=&{S^y*Q@D7#&eNkD
z9rG*QrEIQp`w_8xj+XMp!P1$plt;a=QxncX&w!@Es-DUzaGEf4_!o@k#!z<rWvKH(
zXjE>4ZB{<%!LnTVm}}ba<+J@60bL5Q_r@uL?%9!WZ;je}vuTvK_Uy^V-@4o=KA;_s
z$h?DGSN=rvN%It0J;Gwp$l1Fs651^}y2X0aTbDEn8df-o1Kha@B{1hAl0-H|!khAe
zj){uGv0`ah^Wrjvl;UV1MDlQ;2vU$qe+buJD$wufZJ;J>be{emZu_4*fH8I%ainkw
z-@G1nA%;x<ZL=Dg*mE@~ep-`?+@jT<Ol{HgnwRIEJamT>iKAH>QS7>YJ=|;nU7Em4
zp2Re+LLw5kcEySxp9su5T1A+(g{6Ms2tYe7rq!_)Pubj|(40T5p7STSmsN~MkvaX_
zRM&^BT!x10Ypeo!fSWw$ArEH3wFq(>x=m>dBki9CD|35y%?1+RpWY)J_eb&lndrd)
zHIB=R62C5mz5yGDlHQaoRZNQb+ePHGzeSKr(7!vUMUQ*q*R&Bogb<gDbr6%w7$|a%
z+FaEOT0>H7nxJAww<Cc#WtsbiW@5eZW6^-ABxA055Hod3O=wQ5t1Y~mzAcEFLP#_H
z2{cQT0$oA$mV9%*F@N&eo9Errk?XD%otdQno*=RX-*)fvvdh?(Db5KlRFF^=(}z+Z
zy%g?*ds34BUqON%u$=cKQ%9wE)KPQH`(|@i`$**yk}y_@{0bE51P}251Ci1vA!Xep
zam@MsYTzq{OrZ7h6IPU;%P>*|1XeGobdA-g{R;)Rm|80G0(B?;rIh)6YTOPn$d3JS
z!F$O)9?a8zVT<XtyC*=G3(eJ-!vy~(7y}JUiF5J1xvTM?9-zwpyaBF$2`XV?bZcYu
zx34IBm5G2{m}wmai`43ZN*(o>gm61pb3_g()@>$9So13^o7%gKyJvgt=ShZ3gJ9J1
zOMohnG>+<N=yozfIn}V_@jU%IT+=+|w>WL=g`KmBRjn&Xt!klz*l@5KTg6!%O(J!t
zsa7D}gJsmpgM~PR7`I7lG`u+m1URfTcyhylI^`{{xyZ})y>`%<dZzzbC6+nxl*33$
z(}JPTx_=HW>qW?^`UZ$n1l*Pt7#S+@(4e=5Fp!CKhM~ow>@jElR^n$s0KZF}3D$Si
zV<2(|*YE}vEb2nUkYTiHW?!Ud*Y87VEhMJo#Irb5JnD0@d0N&yiQd_hERQF92Do-s
zI_UKR=OPdtHzHevAbmTKAWRd6t+)cUY~dn!5Bi>MgwN(^2`^A!?(N7>X*44C1UL|w
zVUvzL9YpCSc!r~8@$Ixyya0qalypSv21C3YMp4cASXEasS)}d_-fK8`UXT9HSJiKl
zdD<9y<+`wi#4n^)h=HK5XzSG(hBnsGg8b9l&{?;-UYFZWGsA?7__0*U-Gw<GEM9~@
zi#paKI(x^+IC;!`;TC&5AI?<l7Kx{LWLVO|kXR)z$+^B@Dg<Ql?*0=@K6KRd`E2+x
zJ49<-huam}2%N_Zr51AAPtWxEz)HAsc~9OLll<n|@1*eAw|NKBk{`l7)wm9`nu8$S
zXAI{In28f4j~*bQb3-j`nSCi07nTh2ESIbw;){SR*X@rP&@F;Kb`;PyxWHU~s;P4z
z#;6b-fpvt|nTg^71z_n)VvJ&KQO~T4$MY#H8;CiIzaKh4Nu>((U1{Fsnn^Jvl1Hi~
z^hOlAG-1-H6S`@Q7Qc)o08qqBBD9pj-*bV|vUKHZpON)DK=a;oM?v-d$kHhf;Km6e
zsLq9BLa`n~z8Y~6&B8RIu4s8Ze6{!eU+@`|)iAM<H{o$;fA2hutVS+Vz$iOlQ`l=#
zjE%2cOv!22yWrp&bn#_};e<MZbK%ilQ+$FSQJCFX>Qts4upY?(^@W)4UoL8PK-)R-
ziDsXA`nbc6aB4Qzl(&VcMLH<>!bDjsPIuii)P-(Z8AsK?&ZG{p>Jg_E(Vx}OP$9uy
zb}W!$e|cbbGx|MW4CAOYtWNaIuC~B>5Xkc|Csvs{7xOWmk(1Y+3{{m32KzzqoBr~U
zFo9!=-n4yxA*X`9puUD1du{%3l?Ype=GZ_Oqi9-K;6kd#s2BtR@T`yQ+@12YqF(JU
z^3hVi#5RZ=I8Yq9yd-jb&jk%j2MpMgD)bYRmBUw}_Bs)pXM3VJYS#xCxmj&3q$E?i
zoz^qe--(Oa?O**H%MHos%qA%8Ddwpc8OshvFD>BCK#RcpB-N8X+ss2^xeB9l9_eNN
z9uX~Ah!s)J91P{XSS9q415Z}d+agBd{+$?#nk#HUb>qr(0+@d;EFV(LqR=xlL}A5B
z4JH+!%9tLi9oAj<UGFg!uIj;ejLH=V2xKUE_`_g#^ygd1$dY%Hs>Znm>y8fNJDIDy
zPswmC6mf)M8I8447hSp6QtePs4XwbUG+U5E?hv>W+M;xw49LbAsZT9EvLzSuE9jlw
z?;8WCwlnMz%j3~FEKH17z=$AGGTDTc;z4-7t~&^DbW%VNx~QJ&zsY8uRk1Dob{7ai
zG<=?lP!G$BHtj6=k#IGB(P_Jr6$=-stF=d`eOe}_c`wTs+Rg9zFkG#-zS2Wq*}r6R
zLy>lr8LuEgozEKDD<1{kx8vg|lX&T0`F(?9uYX3~xUeG^hp<v+Zi$X27bD1HAIrOw
z5nlT3>94=&)_|>Goc_wfYx!FvNBg}6amikAe<4?p(C9NF3@-(Hl1)8^xURPxHD22)
zD|(MG;X_?sL}ajJ!TH%B4^)x#**tLly#+PK7#5<cDu-!uC?>|2Zt1Bk-}HM9!bn0x
z>P&?lJ;Gix#2F!aZ2V<vnJaZt=}YccldX{4T@=Hxv39*jTd$P0UX#pwpImee#X>@r
zSTSro<8qd8H~AjX9KA^}fg1Sq@W7ypu`zqQDVBx&lF}kva(>)#$HV}q&+V5Q{idJ#
zffjdXQPV$vN{ZH8E9)oKx=Hsisn4G+vyc0WBA&QHo^?`jJsL_qzf-R)*AF9}PWB0G
zr4*?<#KLGJUoUBdSxrh@rYyjr$KNK}&7=Klshp(HH+Ej*-Eq~i^pU-q-byVib!enZ
zThR`zF%cDSD{N%)C#2=@J6e!?!ZMenPiSeGICfpRdH?A>1;2o%rV?(ID@{Fr>!KY1
ze-f!aN8<IN9?{T{{|KEVG)yTt$g;ukvwC76vH7DGo~(ti+($%QiO_F3c_Qg%Jf_Yc
zd5;Qq9==<XN97d<+F7*QtJ870w*wTY>B3NOQtm>IT0^d4D>~r$P=q6clZ#trY!uvV
z>4JP_q6yXEHnJB})P@*bl3xd<HB|0GZSS-MU@VnYs4)}5+EN}y8Z=%<&y7;4-k~u@
zL(ywm8=A#hhQ$-~wPK|8-8G@6Cr&APL*U|`tRb`6wg53m%!gdT;&<P5<{V-c{+Ufx
zWP;T=Rz70#RqL09a;&4_&J6|*a(B#=tsztlOD^_04N6?=S5l$G1mYj4C;KYTPH^|8
zdy|TS+}Ef>?P&JT@mz!1#bwjK*AWs`Y~{zlt+!z8a<h2#uHjcI8Na<{@fCdexxz3P
zVHamd?4@9S`z^f7<6`2D59UM3*~gVGOq4whzFnhdxq4t!@(_m?t0lo+73fSfF>`Vx
zoYUs#HF8N$RHlGm(J72^^}kK;VNZ?OTUUq_Nn`KoZp7ix!I2_}K())~>)k_oeK!=d
zlKhkaL|IjW4*K$wt2y)OD2sEPaDosi$-e!BS9c`kXC6ubi&v7*JQHVJC&yD;Z0`i}
zJ#X=?C@vG#Y0MEwniJvC&2FU91NoPD3YB`|C(ChQEw`$bvUH)b(PXvb-|7+{AA_Lp
z99<o}XDa;HjA-Jfrio(C&<RDyyY)AZ*d4zd0w#lXJ!|P=Dzns>v@QABfyi!9iYxsc
z+wp1U_sY*yE2MO-T#;Qdl+A=1xQ!MX6v8nHtefVyQ^cnpp8ovAC<n)MmmPisKOR|G
zY^zo@Y;<%>klEvrTTm5M<YHLv5t3N9(A;hmzo>ee!`$nK(FaU8I_kFDW$emU{VApw
zKK#w`0mgxXJ+H1Y6!q}?88Mrzpc?-knlB4Mm5}&8rv<u?k_&0$4dc|B=z!;i+F>{~
zbMpPMxyTw(68z<*SK|+{tr@giJ0G1H)k99-J1hOS7Q61surL)m!s#Ow<jYGsKXjIB
zCVfIxO+-Wik3ms)AaQh)L2ZnSa}Q8&%tNY3fJbFWQ0<`c-u2K>=wX*Ut-$mlS+hVu
z;;KS)=}3=KM?aJL5Y7WzzkvT?4YmR4(W%@5ate!d7|6v_(9bn$4hbYHk4Pq@kqMVJ
zusoV`O-SKEVv=2&6x4p0w@fMSGlbYcm#DfDrjqi;m8!bOF%J=E%2Jd%f776w3=mzZ
zhN7TzA0wgTJAx;MCTj2*QEBJM&7fQ|BIM<__?LAMm6m`vp>5FRv0lTXP(FkWT6g}W
zWsd=VrlS}Y+qZ|cFz)<$I4o6T<C*yQe&YIFOcRriHfC^(5Vtn?vC3ZAZa8i1i!^IU
zlj`Zv_gct|j7ca|bZA=;`sDj+WSuGd^19hPvAN?*omtM8K%i%c_DOWejsAe1E;v(E
z>9f7*C6h$IO22BRwQf~EREO2}s-%UFO5Fy{!d1(vu0Zal63nv9BPD_wb!O+Po?~TK
zXX7gc)kXA?jsl8%RS@YsW_BonptS@dH}v9+Q>?pV(8#CxP8C@jQ@D}|H~jGU@&ioR
zD#S0ksr6}9<9_H38kd;t`o@@g*%N0PnJr$>6MLj!M@p*N6!$u6mc#PbI7UiWFMY<7
z?0EUo0YFIA!HdSR=iZesdmoGEN9i9y?`|p3K({<w`X#N&5pLLaQaPFy%95dh81y-7
z{x14zGLeQyr_lDp0lN2tKb3=drK|#DxUf%Bqf;+xB`Kb)vQ;kD=z-B~lFX)c9M`)S
z6dZ(PgTp7ycleNZF28lC`pFZV>6vBzKss1etxk%)vT;w4>1p>F$yg@<oQ2)>O%%7t
zyg(h=zvvCBUX~%*qK+qbZOyrH?FbEPzJARL*H15{3DP`taqknE|5l_Tdk7(<_bsHZ
z3yVBo88|!n#xhcQ)lHDz92;Qds@pC{D*)9Sl9cdcRU?b5yPXFAGn?Y9T9gr-2bt}U
z#BrnHTG9E5K6C%En09J#z_TzfgnjoK4u3n_zx>t)=lFhCnLuUFi^^QeI7OcKD>tXJ
zl0!nZ>4oM1(Yn=n+R>yyO+Y-?NdGR6-Sqw>(oU<IyOiI><ZL)D@^NCYYc?tCL}6z4
zc62InCpTd0Qdqum0s>@&YrbWS6alC`BSIv256*4d`mA`f`~8qtzKH_7R9J{OnXbYJ
z8a@|C+lDM>TW*Hm!|}a=U(K}8Yhh3KUaj;<$_mxeWr4JjI?%4XF-MjOo0V&G5w(y%
zVlx%884>D1{T({1Tjn7mQx@4K({W1PjSsf_EBI$^!)%(Ddwt_Z<wT-32RSk9j5T+B
zS(AcZ{*OwyP0gxunHt&!bf11EX96!xbiC*%m!*~W<akfe_4Ub_`wWAP_u(?}OSnJ<
z71_6wTZlpg?TsCGeQHH@Pq8DdKCQG_qab5SR@@pOXMH(<4tIB%M-Hs4vqMbS9p@C8
zqpu>;or~@Bw!cZu@cZ)ZsCnb}%6m=3u6|+tLcX1|`FzQBJ9lXa!dyPCMx^o4;~<Mm
z{t8z%<q9f|_lF<@G-*$+rtm)<A(qJ?Ip#?drxfJ1i9&Fhi*(kSf+;?I>_+J8wnEi_
zRAJq%G5kZi*_Z~yG`M=#v<H&{Z4yUW$nQmJcJl7HZcCk=<1Ms5F*gsIWh!WmA&kur
zUP1sCIa1uTvo0Fp+U%qtaayZr0h0W$MB{Kqj&T&T<`gAOX-Gs1yi7@uo<d{)$O<a3
z{6dQtLBr&ueeQcO*61H8?8t5+nn@g0NrFkts~nfv2W-7XM9L<+yzOQZ-Qe#V)E(#2
zkazLg$OY(Z5^wzoZcm!b1qu-c<MOv|l9w+ce_92oB-(Y!&qfx2cxH)r>wXfCI0$BI
zs(I1$X{TerI|S$1H4CgTax+K$#l5d($t7q*HqDRFUsz;RrH<9nm5V_}Ph(Wh(u2R<
zFw0w$-Vl$3Pbf$ut<YzWsIO*bNzv@)T+kBvJukPT@JwS{#|&}3967*|HP8gr6~fjH
zX+Dqx^2GZIsWD_SA8Wqq^j7CU7Ko)R-r-ZtQVKdGc)WZ*9d54gD3=4=bi%Hp*{~<E
zIk%>rtb0TTaVc55Vp1<7o8TGd-KA_xN8HZb`A&(W*EMOhNjL%)a~@YwuHE19KOf73
zW)kW(RXVuL-Z545ViAjnP5fUEZ0aOWFiOwf3|4mk%n)sEw!yaE?iB9wy}p7!77<VV
zEjnruV|$7bmq~BneUfq(P8RtEbQFx22?amtLs7nsoYkJ+q3`5+1^V=9<2PQxzBvEZ
z)|PtJ?%cdU&L$$j`ci)>psdW^^j2${mNwSCO4RyD@X_ov?CaWnsS{g%f3Mx-ei17E
ze}i2ohsBTW10W#NXec1$e+IiYh8DJ}CN}og|BQG4JJP-Mu~ONPY`lH>LRaZ3jhI~D
zr3IF+KS3f2Z(NPrwU%^kO{izZ0Bty20{=7p@cGi}$uKXOa`|g_Z10zLb9`~T^UI_2
z%;Tf;&kiG0^;fE$P9m@#kD%3x5Yr=~tLtm#6|ifa7{m~C%bmz+yv-o~U%PMlYUM3P
zb(|w<mr*j24SbPy25dMRytpge9hdJNE$DR)9ZDkkTgW@_bM9F=mrjtMyBSav160V_
zpP#QlBw;H~xEftV815RYbz=iC(r5pPF{by>3(g@ZotYi>%~|M?rSt6{g!&sqre<K#
zWrhoPAf~t3`C_XuU>AHeC@7_!Cq+z^4URgw*^#@uOhB_f(mMyJ<zGHtBH+7EEV>Og
zCRXHbA#-{xL}=C<NCFqSxnD$L*)01S{ZH$_72<Ys^P~Crp8;2KOYaM$J-D6_9vAI<
z_J5qTUGG}wl{0t?$aii}75y8R9YE3Ehv@S4u!zEt64R*ckrlxW?GzCLwb76S1b1dc
zF^?v#IGO;Cqwo{8Qg8UrvV&~lZ$7yBGhj-ih*0eLYG^vBk3NT<t=~wvMRWn5G2$zW
zZQ_d(6nCfizm#^IAgf;2kRxb-)b?(6F7?IrgO@2b7V@n!0-fg16b4=3@T{x+$T0pu
zU^;Az^&BE{k@3@{#w++E`)dOIf~L9;mxFWHVjPZYsAuS{wX^-^1GPY3@y>E=mw{ZF
zX<$6u1vYzOSrL{%Xc+}&^JeX!AP};#bg#L226dLo^5-531%8r3LTGf5ytRfz9Q!k3
z6Zil;;?b_x5<q7jT=*tg^jTNR&L_an{u~7FXTD${Vq^8kDKmq-sb|pLi2rfX6^V^7
z66aQD#>KAEglP6pTx9X#Tbz5;uuqc%w!!F7PCJ*(`I!{ccp(uV+1LVd1s{trCIR-W
z{q4bRcoP8snd*8?REZrd37eHQcHjeJ>7B*W@lSTQPVB1PRc4Zl(S1#Evq48zLHor<
z@>K~PQE%%MoGw5e&P1QdLKA}lvZ1xX@R9O;-==(bR38nGMCe^<3`j{KA~>bJo<EMo
zga^mOx)m>1YbBr;HC)24J6M&PfUR0~jScJO4;S3%D5eM5TMFHnIzK&&r<3seVm^>G
zo6y_A0Y|#-_!AnOnjWcg`4N$l7GtKkM>iVxV{Y7Sd42w@8$#R)2YP~REu@Mih}cmk
zLyHm*>~O+ULSGDKYe<fO%T&HhzA#A26TX`G2haGC|2sU;rqpSd^BHvWL<Jn*OH9Vl
zgBwYEFMho}d(>Gd%bTX(tW~%W8uNYprPfFOrB-I5?gNt#*$M-J=5i#)%Ca8Bic!7m
z7uNb=mzzjbUPXo9QzO#sl6fb#)svkiS3MUxs+XHv?Mm4Tpkc1|D*45&vaM@n=<DA1
zVM(vi=s7d_pLq^(Gd?x8DmWUcpH$RrVLvCyK)hTR(7DtxFnv?af=?Bg3es2#L)egi
z{A^+dkBYwzBj8Z)vbbFxHGIgC(@K<qcLgrGX$bz7UP>0p#YNHbH&DsbJooeR8t8tW
zuH&pIZu^qvlDQvP-R<v3#eMu57Sn@Q^54~oUD}!booqJSN95y`T7P!Rk}KVJ=+rZO
z8aK^xx*O_OHYtmCF0Tv|Mmw8JA8O=Z*1NQ6|GGWJ&7N#&-E~!l%x`vS=k|BH*le4S
zyLly>0#;cj<q|KGp|8~@mcEW{J=_Rap7p!eZT3CsW8E%hh}_sZR*ttkl^oS!p?$Wi
z83Q(#ge+{gZKig&LfLN`628Q%^*3rSQ=<7Av}=|C(&?<vQI009zli}6Yu3MMJ-RmB
zxo^&$YXP0nf$r*v|6tgl&2(x}0RWu<?5>T)W8L2kz3M(<mOeV$R|nGVc8eKDrao@H
z)^Xpywe2tGYUnQy?yYZdU6pg)>^JO@`?~aGj~=b<U|p3#|Cs6I33795_DD^>RC557
zWkx$T|F%oY?5usB_(0#J#ickKtTZiF1{`c{{hN+XZKRuX;{2J;&f$j|3~8r_>q_jd
z59v%dO{v1=%1roqI#9u*Ep@MtBWX5h<7>~Cr3DZ5QZJirAGLo2Ya>o{>64C+x4N;r
zI!ghaRYjT{I7Mqa^eec4t^3OEFX?tI84%5xgRSoW<5d4Q)a(B^zu~sGR{mpsg(>5h
z!6UgA@BYQ|W2Vk@_Eay^?Ilu+#r!`SKV<${`A@p5f1BdVt3E1FYA7L?_%Z4Ws5+%~
zb%jvY;Ih822;`QbHQUb)7{!1_OrTWZIooIC2AL7m0vviqBA#DveQS+WC!>$AEAO{`
zi?wQ&Q0<o;!I|v#$}z&$zAl{Xl_ab^HKzLeW$Z^vLKZ&pcrW6j(Ps}0ekWbN(6+5t
zk}q?GYGNo}|E7udM(_=FV$c45;%X}kV&|hf-rXhVv{)Fh@I}aRSsZ~ecVwcS$Y(td
zPd80y0D4d>o*&Z};~lifl>d3h(^+)LB*1X8zeUMvwb)}7fSlpB{{zm-m4<$#m@%i^
zT`|Q4)U0fAm@(rHt8ifOKNb;=e_34qWx4!67P5arN~XAM=`0R$=KhIj5;cFUo#_|D
z?>;m91qsR6zm|z1|KN06HOTQ>Ffm9|snBv+vU`V0-Jx2&1{c0@ldSXWp0;acgM-F2
zdC@U8#^WChv41i8{>6aK`X2@<=l?Je$Zb=sx;vC?)8v%5uX+cLuqL>tk9N&CLl(~T
zbAuweLl*{(5D@eNojB>Uj!$+qAswpxDIgmQ@FuoxEfbReP~mp#{FB5+&i~mP<owrO
z^uPA-M*lB~dc_o)T%ipXhmN-_Sz~Aa^EUpkuJr%t+G$U7q4?+d?G6JmuB2nV|Khs=
zHmxvc>?ukYdcV6P3#Jbr>(UPPhf%V||IK;g|8fp!N+*-oJ8!4N=?VeYSWy0NC73z>
zTL~1U|E+|F{S7>h9gR8JOevJ<O;q^p0gx(-^8X$`3)jEO6aP^T0jVE`G%)avgkqQF
zaG~+Vd$nAz#o%#)b))_P-)Ngu*{xo*dAefnu~U|D1XKQ!@ufbJ(_V{3vgiua{^0dB
zQ*^t~Cm7k#jGa_%p^^d{+Kpq80pF;@^89{8QT{TqS{3iuyu;)=p3|;iuMpeN97t6e
z6o6rJ!9u0IQbI>-(N*!{CY6|Uam>GoYJqh`Q2sK>w#lmh^a6eT0>?M83|mlz0HKv+
zGnHp8lG#vI)V@Jf``-EG7__VRhHg91`~bnQ;?-%42&%feSZG~HG;wZ_C$@GBH^JUa
zJt>_Kx^{W9ul~j$o*YVGk_oQ#8xoX$;(9vovWDG6bKE!aa$mi>`!mF-xLjgw>tAj9
zfV@jun~8=5_tu|^R<p|!Mgy8o&m<qU#dSf@|AhaupTlm_e)oy)#x>Pjr&xWa<XTH*
zkr(ifu@^H%SN(s4lIc6Xkj5G1zK<cxt4v>GHnY$63EGt^rZ=mVo!+4T^E$waDe}9#
z#(y)nh*&2)@Xu}LpA{5}?O@?Ba=IM)XJ3QyihD={h%-;w!aQPw@BlA|9Gz8hw(z<N
zpwV*U%<iJ8gpd~RYGp_Vgr``}s%N3xTK1KO0OPrs-Ap|Bd;ut7pq0)5@YB^!0(@tv
zZk}AF)~Z;&jzaG$Vt>(fc!?%<h+U04{})kCvt`DD-9;=dRkv&BLT#dRm1**0q|!HC
z)h*g_VRNuM$ME@YzEu&mrG80JAc2dS%~Zn|abx*p#Qu9F0eh6?o7xPSiS_lKWAF0>
z-A%$*jv)@1xZZyl0RLkEXtvbqvAcMbMXl$|u>iC@W{AEVV=rGO+Il1=YTs9hhAs!k
zto~ym{eKpOCZ9<sOBfK3<C-;O*VEWIPy|N8W!$<mg^7bYm}^{e)_7=;#2Dm4!BU8a
z4yZPBO^Pm6K^F$C#8)Tx?P&_}Fk}Ps#nF@XVSkmxdM*s~nu63oGy^E=aQJyD!^hue
zke!_ty&mVH@m#n2=wNR3nC+9i)5w(1t!&s+O~pZ$4d>ULm@VYOq^xAdikdZLCjxQ;
zKCCIK>FE=fO<625BpZ5J6Jq=3S_z{IWfNJ#4@5Q5Tb(O_0<@EMiKHtUT>Za|p%f0S
z%@v}T3GWJP!BR1bB4YNFAD)QSNFG;cnz?6GRS7%~V-l2fl#Alr&(V~_f2jlgJOMsC
z9C8ATpOMH7r`L1Sfh4$GQ1l=vuu(=IXR^)FRxbp`eFX7NDdbD);^_xV5CKV|FyyR&
zO5uB6cH8>l_3?u)&id&cWG#^yd=$n!>36tieyx(?Vt@`dqR~4rc)38+ojbEbsLnVU
zvw4}~r#wEyX!v@wmaTs|X*zkp=st^cv7uVYbS`&Sd4f5K+j1}J4obRwLN0|#@TZE!
zT~^}roD@?6l$lJHR(nG(xkCYt0+Khh!JpaBad`r2nu7P%K$}<*0ei?t;4wB$8Z(Fr
z?_t9)(OBJ5h3Y9IK~$X84i=d!fy=eUUJ5$1&3YcJU<CM)H4~c^$8>yr$X9=aIx*Kz
zo{N=_fUh0C%fv15vwhvtXP1Aj+kSWx;vk|&?D$k+QC@FpZdGL-n0E8oZexQU)c82D
zS`yv}q=5#tZ0kaHC+-E^Jp%wMwjnq-+Z*CnvGrW9qS|&>8<CSQSB&Z{HmhDQ^zR)G
z4r@5grxzu!t<O*AU!dPzgnBwH*E6>A78hG9dn>dLZR)Mh+8h$UKVHk$uUo3*Uz|5P
zEH1I1VgcJ53cWd8+0q}n_K;uum9YS)b*$W#Z>U~x-y6T~s(Hp-p6!+Q51t37hiC8E
zCV;2OP1SaJ+|0}KFyQNSa!I1~>3PuiqDA>ahuyL|alyfCv&_%KTz$rNeb%m;&z5zj
zqk3cwfLZCZfH1>Id%0B_wxIOUHfNoUr<t9pU>HUatwmY7_jWh;`kB@YK2ue7m$!Iw
zgHxTzh-k)vVbgu}s$av6h?#mrIF(51`8>PIvfWd@d$1zd8e{&EztueOeDW-E(s0-J
zVO;mOC$D<Lzq`{C@(P#sQW4=qQ~m8(;^X^rq+y+-R1Vsz^n=)%$EFz{ecCkg`pfg~
z`l<PCxuGXV)x7nic*6cHC&uN}IEpI@nsbQb8)3J8V7jefcKEu5FlHbI&rKfGJx8kc
z8BqGZCO2s*ki|Z2yS>>&$RBd`D+>N5cR_q$^4$~3-mH&e@8}QBHuUEqC*^j1NB4F7
z()G6RM#!T8mua=7*(TP^=uWk1CVNGn6|&q;GuvLhsyj~iwZ*|F%DZ2+NUZJ2PzR*@
z`lv+m^f=~j&|Ip6*u5`5ocfgxme%8w+|5-cWSoWg*PwZVI3W%GdRdeF`pd~^^vB8G
zm9|WFq+^w8R^q`*hs-#6xL@;@k3JHk$!zrGmwuy5R03>Gbhq{b{x5LvON3B@_R!{M
zd?m+Nh#?A46!$+VOtw}Rf$sctAhRR5v2k+2_$<mn+S*ikLn3iv0OEk&Xa=2)=XeqP
zz`wF3L1jTYVMO(koUfB_lhlPbJS|q5i}eQmTcy9p)Nyx+t1I3?_GXKKN!;Ri(QOn*
z>qHV?PfuT~g5|kW$<Yj~!pL>$gpP&k%-+Y^Mq<Q1<+c;0uFHhH%`*i^&IP?{IK**R
zY6$yqYJ#U3Wy)Ok8Zo|50_h@BgE`4XufrB`BS(aD-K(hG6>;x%GLzy6cZnWl3JU*7
z#;b!wiN=sUXa6m+9bf$+wB85{z(g@eNdS<zYYR(Y(xbJt4&BK_9iK?t0_vz8K*$=u
z?@Yyu+~6tj%!PO<EvU+NUwQn?6uNi>^U1d1`Q|AJ9Q=jvvlZ&hbPyfv0a|=#I*xsF
zBmV9fzmQ!(Fy9vItpj@`HXp8r?t1ZaeI$UZ0JDD~R!({JO<YDr?(x&n(i{Zw@!E3o
z0`XW+CGC}Y<9u+n`PY#KL&NH>hg_lm2FnKMLC5#4ZiDr71Q(^6fNv7tO_acXV21{K
zN$|#I4DAGqCPNTF<V(mpOZ=LQ9`gXW(jV^a;&6W8@IZ~0tNTDAepzuKL8SyRcGnwl
zn9q}jUI-0nhw?P7A==<RN$xz2AzVWaiIi9c*L@fsL>N*>*dw_&jk=~3b0$_xz=QuK
zzALj*CIvCVW!hff&)UPijuZU(2}V;43~pFCA3Cmbs%sAE*{C@pB;!2nBV7%i!&Euy
zv*$zUHl`!|0-^YVkj3eahr?>!ADZzA3>e!vjJroP7bz;d42iKoMfDkN0SMUG7IM^t
z1s5kGpDjZF<#?nz{6TMkC_^E#{$P;#6@`b=#}4vj;|4~0+880S5;h&68%|DFLY|_4
zwZXo=9x+bZ`G@wSnm*mhokzP&i-16HupSz)N;1(~r3+pOf1k`8NiDfgD%NN6Jkkm?
zMB@E{I>Y|^VdGBImwr{OZXr7>BK-+Pd#`<tYfnXu`7Dd-ZvFdDoN@&NP_+Wl6=68q
zq7Rz1(l9vDP!WXe!JGYCb`)VqL{%%0EI;fW3n59v@}D@R3kINkTWQ$ou+`$SC#<2x
zj>tIpY?*pyk0x(>0!rL0YATbiXt<8>5yNrti!_P9-WKFp67GW_XtGU&;X*`(KEW%w
zJ}bC__ftQWpSWMJZ+iy*eD8vasR(0xKs$DQgWCK4(6MQm_W9Ngf9mS_Cb1OuOGt+?
zgLOBbK<+Z>XEB4bFWm#$0BE<c!g7zDf>TXo-+^^1?|MX`S_OVWSTsJ2$_<>ulIUjK
zdh0Ypqe1y{1l>-GQC$9L2GAdp)%ZgKZy)}>S$@PjPauo9g<#l7&QSV$O@wN+$tTz=
zXgH(!C%^=WBiOD<1VbCw#MZf*<$!ji=w=WRHXQFu%^ix7p5PYt0F*A}$zU3h8SpT^
zJA`Exa<GB6;OQ?EZc{HShvVPEX7NX-Xmk=ojQI>LpCPj`7GVAuQwmOVqUQ-*R3K`c
zeETqX{vyWy<yJxHA5eL8AZz9`15>oNP!wo}*_p5|`Buk$pKi>@e`9N)S5dtwo37x0
zb!Cn{9V!+MiWu+vgE<Sb=gl4qQxUg9c{3*!8_K2;o{)r+w7DGh9Y)>8f`OgLQ+uLA
zT$d6f4TiNwDeW7<CX+>gBmMJ5-Xnrlh>d@oL_D3vi;Byy<~eL9Q-+%PN2V;A-jXTu
znY^(_&;RME{9Rlt=f<3g|JhuSH{wK{XP$2t{~48^Q~?5U$I$YCpn2~v?*|@15{210
zs49S<mhD_0Y9<sEtmRRk72C>2vJ3c0$kNOUmMlw%A$UfF;p?7y><h)%#)czO=UX<=
zcYrUT<B)&162$u2JG4LL_iov6IXn!Im{q)sSSdpzzg23A_&F^6c_a;~phT3d?_`yY
z^?4FYxLg5-6RfF&<M&5z^BY3dq~4f(Fas#F_mDKxy*zT_ua?IX*yg0VBoNpn^L=+{
zNXZV@wHmSPE5R0kPDdSAp1iYl<3WQ8t;hBrYEv^fURyKyG#SDycG`g-Y62s7)85v`
zDTi+q=8tg%$vjC_frNBk;2tC>T23K{qaApl3LfrP==SZOuvc^*`@E5A$9aDcOicoa
zC>z{<T92qe&_iyBfI_JAH1o^QIcmy4x$rCvxIp3-$!9Jh&#H$}k97@7Q6|~@94`SA
zPdWE)IqGp&Sw17mtt_w-l@EVCYwI|x6%1i`%jDXcnwl0+KkdSfAu6DHw!*4SD44M{
z>kMU5yY=H5#uWcgZ;1PBFw5*Isn3n8D{l;Mkp6a2^K{0H_0*x;V>7p(l&Hxp{v)n3
zfuSA&M?R+>WF#UCW*Ff?#g(&;6qCdiL!`Fp2lxn$!kqDX<SzgT(kn`lWsYbqfmC@G
zqo067x=dmz*664m#hy%S%4astpqK}7<oZRpn(w>su+H^($M^V>*c+vce)=0<NZ4wm
z?lWv}YTSw0S5kjEUS^1nTH5XIbf-HKdY4ziO0Rh^qI`~5D_#dQ-4ZQ<=2b-_eI)^%
zyrY#g%vh%!wj&WJs)k{w9svak&ZvuACR~)k5J3Yl5vc4H^y=D%?1L)?r!Oa7haMAb
z4)*lTE_ay{9mp!vd;CpLFJLPAz|!T$Pbgm)do}a0ZB6CmcXzGP+%ETJefJcyj_TeI
zqdrO-yxb-J`3LdclX?HmFXYiNR8pow0vmUa7?0Z~3wV+e?q<XBd1WRFIZ-E#zZgX*
zq|IKApGpdtS1Gh=`1nZ)fEK_RII%va`xiNLy))nCt9{kcOzlPjQZ9`CmelbWZ7Sv7
zS0Aany)Yau9!05!>kxg8W2lH|4e_-7l|7RSD&O!o#aaM<VnDZRMu>DwbJO7oJ*89X
za)*Bx_~=o2XEzjv?}i6*9221`y<-$UZ{A3tfq%Oa6+XzNrpilzKp;|$1pPT0TySDN
z)K5K9Tgw|B67QTm4{;INOv!KrwIv1*=4x+<FcG6E8Z7v04<>BD1?GkThv2xFa(z(0
zd}8ct{$5fd0(e@^#X1-dtdgd+x;WuqO(vp6fo{aVCkCAcf^e~Y!0vOjv>r~C=A3C}
z6OSsJguo;8*eoYWchFCU>u7))z700puarM+pywJB{Eeq?))@qMJ^*0t&3VWgLJT+%
z2dqMGXA!m}xnFe#4+yRe-wFPMOMCVE>MBfvpw>DnVW09N;I&w~jqXIU=a4ztbZ|X>
zJ`*PjbLVL+)W13z(w=x*PoDxfdjy=KHwL)G0*)3R9xn-5@;t5qrp|yv6Fasg!QUYu
z16kP-kRtY`mAi(9d}uKJs;SR}q!Xo`DnDsw$Px*&z`@+@(}<PTTaEpO_7YBBbQpml
z7w`Ee&*gFqWq0F^sfwxNRw0Z!$<zcbA(`}%zlmf>m{W#e4&r%UTHGzM+{bRT`{wNH
zaaXjNL#>#GnW=mET%n==$o-VRKedOHc>eL|FWs+)6s#X4-gPG+e`fWWz=MiBQKS&p
zy|LzEr<7?zu<oR|TG%(d8`LX$$`vc&Z^hzr@IETp+YbqE&oWjlB&ACOI^(Gaw?mkU
zf^DA!p1(2nCb139-leWD!|3fd5xPz>9l~O@kNqBN*+SN^-|1Y8AMM(IcIyv?Ms~c3
zzKWT4r<)lVKSqw^+8&geW9}o}M{JR`r$-p6r#yNPYylE;K$Za2?aIRYOM4?D4SPiJ
zy>GEcoBHincE9NC^aA>Kof}ZN;#y4#xpCl+6Wcb6=OHwTY2Cp5P!u8iBpWL=iT`mh
zd8XhXJyU>y!1TADx5?=M$G`EBwI_X_Je#j?tw|D5-_|W7Y2tz+j^M2KXRyZlR!R6r
z`0_a^J%ZYCOa!BUvTe-bk>;n-J|l(vaHeb)IkMb~%IKn^mKcP^3lZ^`#?%caKFKu@
zo*$=KPunSyL+R$LNLbV?vE!H|wH2s%jZFdPvIGsCWN@ZCntv*1-zA|dOU|GQ%2sM#
zD@s%D;F*;z7Tn-&f&*%t4@1c~TG-53UE@H*w=vyCTVXWdwJ{1g1Ob_Cq1JE#Tx~b^
zbb)7YIRYX6(LP$BfvPc#x5<4<6G?CUDS0_P5tKXFe*G57M{+1XFikdm$AM9bL;95I
zi6Vz3K9+PU^HoAM5B-e*1bUzFm+Yni(CpvR)5NI65QIX5iwW7(yCipi%7Wb=ul0O*
zd|}nH#m=(V3tm4K=f93VbNlD1@jQ^+qV;xRfqTK3;ILtAcgz$O&a9vr;xiGP4ZE;y
z0n~?zd=36o;XBd`QfAc4BIjxmx~l3Wf6Y)B3t_ItmZ0zpR&ONZBR3)c0#Lt;42s`<
znLbe%8(^46ql}flY1D@%-ZZ2|EfbyOqt`|#=R_}C7B{J=S@MdQyrk}3Oq*JvA?S}-
z45bX~lpz?Cja>H(52dB_{BOpAQ#i~2K<yPD+9w|}33;7kk@+e(MWk0dl*oLEU1Xg(
zH2T>_5B|9=ev-Qs9$XTBq{V2N_l28h_mrREUUoe6Pq;*v-MdBq4(Ioe2ElJQ4T=~u
zwnZgkcoUIkWY&l9S9yCf_Hp2KAVHLq?TMn%DWg0-MIwv1=TRT9e`k3k4%dkY$CV?d
zA_@O(q)G$bAUQ|o7-T#aFQqCiWlqRPUn&<RrZ7>Cyz6((HC`YhPX}Bm0z7hlS36!l
zrEt-F+?QlBC*eB)*Qmrh3{O+qGh6YlGAu0X;J}=Du9lN9(Nnn7?i4Zy{>mrJpCf?0
zBcY|zr!OryiL;kT1w2$(+K0xj^9Yxg&c1t+1Acd9-@+g5D~q;!|C{Sv4(jN1HF@&z
z^`BlX6=i{APFbz<Q#h|E8aMen_675kGoq^2zT3B+z<_}7_u-msoCH<4W?o<RJS0k%
zGD?&L%MToaP8+?!KG8k6d=O_JEw|`}^hmXfNiJG1_z_cdyyN~bzpu$P8rwTdV&v!M
z0Y5Snm)2gz4MjwyS%Y-+(1mmHV!4G5{TFflqGVtS_l+!iw#OrtcABo@uMGJdOlDfk
z5i1j=MDDpilbMg58h(d_Z2{cr_b#DQLZp2z&%3f<Js6CpC<vE5iAez_$}k`EtW|{c
zl%`Y5gn2Z|67h_BYE<D^=xW4+fh>`k?u*J84f_gZ)D$y%`k%YB*c{3I>SaJO3P-6J
zuw?;<n0?^AQ{41EMtwD(c$%7qofYVSI$aiFiH60T$jBXVF5+W^l_T60V}CR7%>`Ko
z_62=ISAK%zqx+eirz}RoOf)KPIeIjIP2jGk&pHBFU>=TTLBEXJG1T`Q*GZFn_Xp7X
zK%|q>dvKTSbd)r!escxrvEsFd!Y?ackYCiq6tpiWe1adzX201~lrd_O0EJR7fs4_+
znhfIm!=-D(kBkblk!SeqQ^Swm*O&`-1GM=>1y&H+3lFnCkIa8u<C=#-kUqT8!2CIp
zsHCsQ|C|l{USp}bVQBk+R?i7+BU<q*EA!xD(O5T1Eu_mg{iRE}SsStLa|R)%O^1~j
zV+sz8;?;^?NEafZD-=0+CNzVw?snOwk>t6E=-8qmn9!3XhAqw-lyN3hKZW}|mTc3k
zn`_sZBh!Z2q<JE58X|R&zITZM(|0L}EFcVlF6MjYtSx&(_vG;_!d?9MW>~wlB&;mc
z$Iq`>$XE3zaeE(}-rregQGZ}U#1p9&gW!Rl_x|)ba2bDUubT>+m*;VJ0NqY$46_OZ
zrbQ_t5;cUHC_64NlI`c83+%&8xzpWf)lW0bw0uv;ebRS;($|u?YjA1-@<`)f4~nF&
zhr+;$wa;i}kS<1IJ;pXwdRa6u5ZM=6j01Mk-4u26un%V;7ENA4o`(A%azfAHRoXnm
zfd#l<jt(u2i(5s3WBG2x6?utU9tAoKDYB>>y%Efhd?Xdc6rz(==R<O7$tjr&e4Lrq
zjFSDs>NPMZN-VV@jN4zP;zTRMFhy%Gn|ec9+GPdFNE!N2a>QG(D5AR|zmuN8F(gxg
zp92fxAc5qw_gz18fDaiZfpTAgAN7(xe}X)P{$ACDefU_Sfeo3gI!P+h!Ii!=89*`A
zjPkSP*wCeD5>EL1MMa9Fty=>5LhevXjAE2jpee&BW;oImQd*hZoTa<0%hAQ5s(4{=
zV0!$n-bFU>8hPN^kLK0d1V_-V?JrhB={0uAXYFPm8li6)yV3El(d}?eyAO{SL(9%H
zO@BR(q}lgU=AWFnbf&MR@Rn6$(ScO#zSUu2^?%E++2e*lU<dJ*VQ*Lu_{1Pztg=p7
zp1de_S<o;;q;fv}f9%~;cjVpQF8bKEjgHx|ZQHi(if!BMj*X6OJL%ZAlb!qiKhN6F
zTKf&`gH=brgBo=(Yt$Guulc#Ylb^WF#HNiHXS8biSMD|t?3cjuUR61|%ma%~kpU{}
ze~$ELj8s{}lh;PahB1*h+1Obm*)vv1fgLbb=`*C1Au7ARM;?@eU)4jhU^aJ?(>TYX
z;E^3kv-0mFnf`LfAC&u}(n=<FJZpegg-RfA90H~JJ8jIbO^FVX*GW9Z1L>|t&%{F(
zKnbh^Cq;`*&{3E`gN>{a&PR5Ma#Uq%u)#^2_aiO2;$T8c0F=8eHsE?JHi8$`7LTxd
zRc55I$#A8i0wBvn?+qC=BdM<z^!~G2!+9H&s|REC=BiTv3i1)~R4ea>TN34-v$lM5
zCU$k_Yr&)P!|$oiD7)3&+_k|jHtXTB)zcg<y5n(jw%qs6mjMFYnwLBNy<8~b&^kN2
zeh0eMA8&iyCjOzrZB*ONCVK|@t(I<`)n>!1&6eY{p+QsYg~FPw-L19d-%p6ocYYp@
ztL^+9oF!H6`eFJt6MK4_YxbLXniqRTRvqj0T$}TbXQg%K3;b-}_WU1Shc46??!EZ;
zQ8j#Q)0W0QdT*rfw=bPv5A{;rK9?T)XIEDf)069Wg7a)=DV+^oWkP&g>zM3MMGWeM
zn@j76Z&mA3RnDvBO>%O>IgUl22L-yk9hSn~O^>a!JZH@~=Ir{FQ?lGV-IcZOc?5Fe
z7kgq2u1+Sdc6=fDUaVF**`Y_n;(K?-OBg&2^+Q2QdEM5Ha$P*xn;MM|&3k~hQyv|i
zE&!u^?D49w@wCTVX<(c_=q6X;MVQ+%%zEBBV$S#w=v7iL$!lP<9q8lbFZ@RP%35L0
zY;)a%b;66c2HbJ0t!y^(%ACuv+Ka|THx-U7y7s5D!H(tSL+$V2R;gg~GL5>w#G7lW
zAc^UakzyNZ>pKS=hT-0e6vFIS_v3)!cG}>C-}a>FTw~8WHD{;${o%02(c$Sl@Ar(>
zJj}@U2Ox(F&2V-m*pmaC6`U4V;X!$ww3qEMeEQffuGZlVYl}JewV&SfE6358hY-+`
zX}eYqQX|UhySx-Uth8f!-(D7TCw=_YguvULgL+1=ZAnO|%0;Q~k0_=;gg*NA!l={a
zY-lmN%--2zPasf={eV~`iQ`-DVo@~5Wx16{$bOj@)?!cRN<UVo<R}-be@0K9M)tYr
z_T(%0Cs~l4{s|y^ib4MAjqBY~%54;Rzk(0P>m-Yp_ZJ!McfJ3Li2#Uw^lNokb2EMT
zQ4oqau04+s8}gwfMtb}Dnh-E~?!?-*eG%+(v+uq_n22DruL%A=mk0$G=YL1QZ2a?o
znbK3yr=YeJvB~v_;D8T2+UW@Y&-8aht-)B3wh`qvL>rd5y3QCGkn}_*v>>$pj;si|
z=G@7&7GDuBb^Kl*tcA&EJ<A{(K_EqP_{So8FgK)B;}=;8v4n^siYKL%RcJ(_%qZw_
zk2^_bJGt=}pw^ZULQf)JQo<RG_?ozBOcWOUk}iOiPT<ZNN}NP#KOY#Hu@c>bg>+{h
znlAi^3?3XE4<H@^{n1JGm#UY)$X!ZC!UCNH!2JKocgy5;x=GElg-CI9imq<358Ou(
zjXYd{h?#Ze6$BA*T*x@62u8Z#+rrrfY7KYjl|V>{mGjkw$QYa118V5Q*x<)tT7`F0
zWZnHM`r{q0!jBY_p0mPV<D-El<SE*Vu)vo^t}`#RM*4eyIz0Y#LlWZ)Ff|v5zuGPU
zTtI;IGGCXlW1K_CdJQ=6CZ*%KTQm@^v7IJ#oh9IJAclv@EJHyuMl)9PDB~f3#67Nv
z6$k%g)XZWOg@KJEcuq4H!u?kuqFb6d%%4NK$!5OziNTX~!X60ZZKk*&wY85sF0?)c
z1BDTI0%fs$nN$(rmPu!&hi+#X4Cd^6if3_0{T*rK-Zv<*!rx^PsJ{H!bOfUF^^Viy
z=TEttZ9grYaXTG(U3L<H;US|X%H#z86o~txjN;@=`PW`_j1Uhb*JUeixrs9d^8NnN
zM-SQ|hB1Uv7)xldE~c%`<Z0q=1K!;<IEG|nM;TIau(R_J7VqJ+etqQ9!8D?1HS+PA
zKr+HS(fl3ib`+upqq%_t4RMt9=^S2=rEdt*8ZpZ%l!4cc1G6zG&iicF|8aE&$pQrM
zLoS@}|GWbpGozBh<;8NYc|Gt?&(Ja9gE}w;<^?L#8y^8?W``c|@pn_!5<=Xr`0V2Z
zItnGpbCz?Z4-w1t*5kaJtcZ>uh3+?XvJ3}>^U@Sfo<t?a#*j03c$0t=x(dhceW47l
z9O@l<{Zjpm`3!k?VC+FMhyhRJ!`ps~8Ni-A^n$LEcPrPJ!9aF$7MvN@<pX_x0kILB
z8Ar$ie$?r0CYliiOar~BM6?hcr|{(g2UU<b2x9&4<r|)G^*gV0t>2kKuiztqvn}it
zQeivVm|Qb>3#_0S1l%tB0yw{fy3WAM+2sy^{A0Ii@SgLnN|?7eihIx;37OgE**0vU
zc5Ua7nz<_%N-;?4l1<7*f<k!D)(13FW|k-nsQ31S&@(axCVO$r^<+(TCP(td0^fK;
z*kqJIR16Si`ZULuI2jKy|0bb(499=6y9C0kMTZ1?!Z6Qfrr4TqA~jd`;S`2s#&<d!
z4E13Nyv+U#@XbQ>`+;lZ!Ip3~XbFXw;4-`7FO((Ur$SG~*^pXNAeipl7_SPJbIFsv
zuMuOye-gzq&6I>51#J_Z^6-oCFO$#Dqgs}u^kE2+6avoG;oWoQQ8LoZ+f@Y+F@m7C
zAn_X;Cb~HGEkl0C?5a(=!@6i<6<`IL)!s~ldQcVFIrkVL3KF+DFaI8~XXz<{8u$qI
zd_IXL$?3|Uao6vR3G1W9u&SX9X*>lvM;h$?S;FA51C(cpZ~oTY|D>>j@k_tTOD00W
z1gw%-R+{8~_g5ORNJ|#24x&*<7EYLoMT?bY;iT7=`m+BM!}?_$Oeem7xL-a8HI2b$
zguE~l3CE;}yF}8Zb2g*N$=xQ;#G_&*3--~*fV$v=34a+tM!zkrBA8^YhjOp<9{O`7
zw7CzPF4<X9K0vRnfyAz?p)^l`j@X_TZ3UBsM|b}5#{C$Y{JN2+z#^>}rS=Lobqpbd
zQ}BrWJJR$M3dPXw6TWljaO@eKMMY^(txln^M>I7I*mzy+S}IfD(O+kn$e^z{He$#Q
zD<_snV?s*I90{&YH1TopUc=0r+l;vsO_8z9>(aLw(e#`rp?}MUe3O*6BH4*zfNA7r
zQ44o%g=o2&E*LzSUSC&N*B0{gG1&@b7id6G4!aE)38|LzD=HROBXoQjkpwpn*{3AJ
zY5uM_!mXo|cN8X$2rVyy?yjtGj+}|d_wm+#v~}W!)>^?f+!wI#RZ4IG_5-#+509(!
zOe<AZFHA5Vm03C}-H6Va!jgJzS{QBWuhLJsLiJ3nFXqWbX26SZlG@}q>U0EreIoyL
zD0G{{W;&4J$jjQG<!?K6ej6QS*;*yA5r(t&+BqAUdjYl}9Hg!_wHpC99N*Ab4l(Hr
zcCzT!6gpE5&pX<BLfbXxv@&~ko0>N(lsw@~H%Kdc@u5!PyqUKPagu1{RasmuID)A(
zz~H1DzEcQ5QZuVg3srbLY^}CT3P6rt5v~Vi?pet7kLZ+5pIx|oci?d8B&zAgE0c8K
z&A8<R8Tig+<;%WvS<?UHvP=Tl8d;?qOcl<sKM#zS3VU5wjICFS!e&U{zYe4m2AsoQ
z{UqLPHe{H|VkPm6Z|5d53p#;)VY+#3Gka8IW#iCjBzqG#aO799ts_4vN2CI*)8IlU
zNH|4Rmd8`XO3VEyCX>#p=>vi+GmD!_qu#dUpW+WEpnEM;5OhFFh_7fJT0R=9708Wf
zl|PppFZ@cWfTE}tp$c|j=)J#uUmF#v{g)H>6C018YmR^El9l|I8Sm+~zzs?_GKvD+
zxm%^2@|i#5C&Age!yT9quCsTYy>}P?Koj`7A$wu5{n=p_vhWVNZipk=o9~PF{b#@H
z@hA@gyA!^mErC3tP+Pf2j_mAG#cH%m3_r}H&Q=045HHjZ!y$UKBx1WZ!@*KlYy{G}
zaKWF;e4sASno(K~+^dmwp9P-bZcGe=3>!m!YLdAyKKkUxl_?SFYjB}`iDs1#ob4PA
zoX{b|2)KMZ6GJ0(p;SgAJYyQO9U|?)yk()59P5xcU6;dDL^L{%zo;nyNu>`dA6_#S
ze(z-FV9ke=lZQ(A=lv?FssTN#lP6;sgW`_2SAeP$Kj&4hpHXq1v3-s2o?pb%>!)$3
zkrNq4t!qZ7=V<xOJ)Oqir7tQ9|KThURvD1_OL_B5s6%G-30vlL2)SlxLy%k>?SN9r
z9c&rcX)~j6iv&Gd8D-m-L=I^*%H<&(?#&hZ$eO-%b(9S#5<RIx5$n$h?7TL~8ak;*
z3e%;&-3tF==-ANYd1F7pyzZY8Ym3fm#k3;%xnGyjA@|WGw|USwqVQGrcIL~Y$Wkoo
zv+W<nzYblFAPIUwB^CS(|L~mY4YJOri*t;YpTGZ3g_l7qF#(ZngPKY?7#?l1Hgo;_
z*%Hy>P)oNOvixl35iF`R=;qcF+eE*iqP!|F_LHaBlEI&Nv+eiI{1?7kziiQ{J6M+T
zbYJi#gLKc0gM~65jr-+z(QG-KU;e>NLxgcFh37jk)g1=0U-hqE;mmAAryQ;%GNUW-
zLKXa<rqU42y$?APQAurk(3{PY4j0URUfyey^h0=Ue9FTv;@`=Z;Kt88*g(Q%+(Ql6
znAqVx$F@!SEVHN0j-cM{o~Q1^NtSbPg%=4OkEp_oS_aP3B_@{NJ*E*hgm`%IEL{1$
zVTPgVs;tog?1vG12nxLBoQy<vSdDlYh6g|wYV{F3QT%amL2yB==7GHzRME$Xy2I1D
za!!!DPhDpYm~DSXG_Ajy;4u%E2=JxDUd6YS()Jb`@uX39&>OX4X-}L?#!|8u15Jzs
z6W!fWKGmdA)GV9GUIL_19BtnLugNQ=fN)!H;Ijn0&5pUpJ1cJ{Ee7o!7W?g#c6}vR
zesc78snxP%U$=YUXYC3vHOrDyK>jcDUIVo?U(Y6P-2Akv^_|xVsV0UBt7-Y>uDNrn
z$z1G4$WOJ%991o<N5b+I)LAHX7(Y*R9$1pc!iSDO869&s(!ch~j#BhbUXpXCW4s{&
zG`iE&RW2Wh3lGdjXHt_4HJNF~_w}kD5qmVVzG^T4NpwFu>VuSOdBRCbEU%IqbsPW{
zs~`32m(&eI)h=N5Rc~lf%kq_c@qXS2tY+aOxP3YX2@yae`u(wJABZaV%w4-u{WYvU
zirlYJ93=}<(+m~4`WMGXE3-6kol5sKqTOhbd?_9FC0FXNT|azlz;^Xd-cq{0ULHF8
zW@vo7=bogCu2TN|q4E97tG;S5J{_v6hWC74*qR5<rHI-ec!~y*FomqgNa4N<$xYn(
z^AA{ur@9_+3HT#{>se4ERj#>8Ta~sfeU@uk*+BU(=+~+5@xm=k*?`d4JWtpE)8-iz
z<%rd|`(S5=VjpXvpXiWAoBo^G<l$n>O_YuUP|2+5jvnFZw5qBtYNFR1K2fnV8#R$V
za-G9eRh<4F7d6a7UTHDQ#78)e+>Xrq1Q?-L9`&kg{h-(ynt>!*Ms3c@JHGEUNM^Tr
z98l^&^k#dgX)2^yt3D87BH97QH;6iac3-M_0)6WyK6|h$a=EEie&h1nJofEEj0uAo
zyy8=fMt!=hv|E~VZ1_vSeia?yxZK5w(-ikaI1wPIeN`Rwcl5f~<L&U!x<x3){mQoJ
zad-vKr?9H!@nZ1c?J<pJo$b8y4a0Y{wbdp@>)uuQUHi@J;S(6}7m<Np`^lWWtnuOU
z?D{OlbK|%6TU8e6Z(ko3TX$`>GH))s&2K3GI&5}zQKmngEm!hE-x}n1vp9UnX&XIl
z4G7lf>wfCiQ#(nU#=o-u_{e!_^YrGkSTpOacUQYo89DNP+dcHVKR7K~_j)tzcGa$M
zrN?br8a-)cv0LcoY5Z-@ZhPFaM8KYDzNxl%ei*gbW*K&rhW>at-+xl>yJ68R7h5?s
zSyn3?C-zOouHT<6eEcTX0?pNyJQPmv++&tT)502XqniJ^y)&rigneT-#KTc!UT=$Y
zZ2K*h>l^EQZSlsBnM*ChH|Mtk=T(nwUuF#v{h1}(p1-<HL60%$Za>2ADu4UD75M_(
zj5RN^=1YT{=0A{{bDGy;VayvupZq#Ko?h2{tTpxJsT<cnluTP)<cGOjn1}F&!0>i)
z0g%@khUPko$42h!h~kFgvD{_AJk!PMZ->es=cT4igmSp%?DlqRh<SaFSVN&t)0U(=
zroOyTtt<vf*SAdQS73fl*{D|<n|e<pR_^u%7ecRjcnxYzEOyaHdsk`=vbd_-P2r_i
zYnj&?)I2eIPmPX#&>!7P1>!BvMw_5K-yx0E(LU^T@9}smi6=i{=x;ZAIJ(!@(x=Bs
z&=J<6PeWG8BE%E~TNN$Ji?_SIp^v-k$EuPkQBF1LsnHwj&654Zf$p`-E{5<l=HsD*
z&l*mMVU8lxe>eWSCk~svGo;J4b6up4Vlrq*S#Ui)0srp%i--DSBjj@YJ%r<4O{`%B
zfebU~XSc)*-XDk)TG+)zG{Q7Khku9*7rW0Qjit^kEzKZ&RMAzaj#nGUB?yCPAmn#l
z#3F&68S5hI5<01-R(!{fHPX8#8|%jl5J{p7bqvlgk*=e?`cwLH*uGn%(UdRvDT=$I
zBs8A&h5iV?L>gDu#(=zxCH~a!WrBedTs~Fw&I4X^>x^H4Y4bpq9WHYIau9t|T#10u
z1P;x=40!@$TmkX*3%?rgD$$_zDN3E`&(4a%GAWb2E3jn1yzj%ql~d*>u_7Z;=vsHD
z4R9Yg(0i3(UFWNkU)}!if~&0RX$zUf#`%|T919shJbq)k2=sKj=K<`Xm=ei_EGd4>
zz1-edI-hFALfnv)pEva)>2d00R6Kdq%3_a~;9mOJ{XCt$F<46ui7Vc7v8h5*>boso
zggO^yqd|}*KBuQ8G@Q%L+#BpHJ%ek58-J)8+Qk=^Dq&z_57KRCd*g`mqGo#dH>is4
z9$({}h>4F!*ILpC<sGXNE!)+gl^{Zo*)Gx#xWxz5F5<65Zn(DN?h&6n!JDj-W^t4$
zl}Qcs=|9#=d6cZ9Z8E{?A*s!%BJMlL>E{Er{c{6lSTRjn0c=znOr%Ilmj98P_IAKc
z19D<H{-ZUNEo39Ic&eRnQb{zQQ4?%+Up)Ds1zu=cFh&Z$etGQ@N(7HQx4W|`g-(|a
z5wV6pcwlcm#)ieR*%Y&RmF&8l`00xF-pP#Jr$K-g3iLPbs@6iF??Bk-#KDVUuJd`5
z^ENRF+f>--LVo(ZV+IEC?a4}Qyvp4UGx_eai_C4mJ}*8ZR1Xs&&daQ9sc{1C>E4ON
z$ok+NG4lt^lZ#2|Uvob$p}8_IzTi^sYI$*sUzktx$fpk2+=P6EbH+1@--Ig*wwhdP
z%*l{%f*HpHE|qhVR>;Ghey|Vm1%cpo*^aS>41gC&Ij=CrWjf(n<8Qi4nq1eoH&vu-
zdk$$J^7WtH{LTX<-cWzW^Z&b<C-5bL>gymxxc-3P`9qF?r5Vwd;lL8fH8lZ!m(G+s
zAS=E_57p6n2ENO#4aoq-y?O)Um{pOE8Jv0S9*}Nnc?xb=cHb!g*QD|k$f)uU(&8HP
z5ri7jWkBloRDBI}n1nD+z$wDwkvH2e>14gWF|bGyzgk4+rhfAL8IDQ@2T)#;oB*Y>
z&wM|4hkdEW%>Ro;{v#k?{u!oPs9dXpXL_cT@uXc?<kGUIDrMj{{7QHlSYxHM#>2eu
z=RZxsmAmWbtjT&myX?R7`Qx&MS;y=u0Y*U`%x#2$niK+I5>&v18T{c9dO-zf_=P=9
zy2EQw%|YIeR;V91-FE{WDAxM}VTT}TWh9$W&9eL}CJV8eGw`)^S&#j_p%xA7sdS95
z9l|Qs^*0e?3?{U(!ib4FYkMQlQbx)tR*l)#GWDXOiAXCAU9vKRC~HQ=3RcZB<?Q!5
zBg0wm3PPBDRQbWhVfN7HE`qICRyQHVM%foJvo8la#SzPe&hbI&yUF3d!%Js~jaHG_
zHD>Py4d{#GyyTcL*PMbBYmbr7t8?M~Q`A?3BAxL<`wn$}ICU}&mk*i4QHKrNOG`kz
zDGS-!DDD+ILm$441btR;Noo8(!G|9jCV&qYzj^;9#dY_mU$T3eGAQhdvB@!RZF@HH
ztPYM8`><V}WqAvBCoK8oZQNk&v5NSw|LgWL>!6`lyPc$AvUIl(j1vQiruI4&bsB$C
zex5^1Cw-f_-6kP4n>$~>L4N@#UhaV9p>zW<T9qh<QcnB1gk(n}k7xT#epfj&h|9q7
zVavqYP^lbe(h8XsQ;Pux<x%&ScGlIl%_wXJ<-MuE%A&t#S@AtNYLX(S;}(**s`7xg
zl#SGENNp0wxG0Cf9QnK(-D$DCVLIrkh<V9-APm0&e07BU%o4`+?ouj;6OVwoL*hqP
ze86sg9obf7iXI#Q+Ofyx9yi?Kfs!RMnFJkL*2}>PCTzZ&I243O+<spVFZegd;Kz5S
zARc=|<F+CZvpzsY>LrZN;yD22jm_Dj0V!;gaN*-b)1Sk?Fdv$Q*!Cw)>@w&d$`vZx
zS|LX@%BIEJ=fq5-hl@8~;VZzv#x~Mq4ci9MG^YOjS`X;1Qq(m<^WV=@RJ$Zh>EK;m
zGk=|!)HR|7etB8gqtRX9%1C-{SzmvleFh60$94IpT)UrJ+2@yAiH;fbWjv4%#Dgy*
z4-+q90{$8!KL#+}+pA4i_g%5TBE}Wu@zCmIc$17tU$aDst~VqXc_Q?96O}miKmB&4
z(kKv{f+K^pN2120zZ%y;Z(+=gI`i6Ver`2^Y<hz)if+<i#RGv3+<8AE)?scnQoVC2
z{{09qgOgkGT>;-<%xv{ca5p@LUcO<**$GN=rxQlVc{J^-TrG76umpk3PR>bk#s@%G
z*6K1KqC&^)wU^35h%p)=t^&mamp+1>pWBu?^1$Np<00rWq=QdKYtw8am;D#u!p!ZS
zj5hvHP*C$P;M#~Qn5y!cp7=K>@XjD@H5mHRPyI~dUU=%K9k;=tdwvk!#qu-)Gg~N<
zWt?V0%w?+*99Sr2s|>yxX(i(ctFjQJW~%a)kL5qDDBg4``BfCDM4}Z_S=X~}oiJH)
zW;h(yzy$C^Ps4XMNff^wJAn2gVAv1FVoRlj=X5qENtM{AOR~;j(c#9E*;JBe8j-9v
zSh8c>mSfQztz&Z(Ai@y-yUXlePz5`pJq;hG{N#sB`;KOX9KVfc%L5$9>2~dp0~<(;
zZC?Py1-8;qdI<vnBi4!2TA;#$qBN%aG$wYiz2hYEDBN*l-c~$+Y}Q~BoisWEd23OC
zs@CQIK>*XbuS5%0t#9+Sfk%!hIfyWXgm#O}FFLV$T<m|+RxMlG0A=xf7|n;&U?5Nq
z@FGN-?se<+$07(oy(v^z+m>{bbm}Yp5a1a3i1(V0a|M85wV3$8#7E1QBhHsvxLvGP
zJD#=R_2VlHD>Y|{PMgnzZT<Y0a8dTC%@QGnF^!3{tAHw^gTk_18Bm@vKy&Ee6VSx6
zfrGO44E=N^n)U9b5nHAufJ%A|IKqGpy3)_PeNk@YI+T%`sD@qQou>2hB|^BH*4b-z
zkW)0^eBj}I8-}yU^=`o46!covmi-B*Tj0-_SGL=Wl)Xyrp`n2oBDCG+<^2ad(&;i%
z>-^q;f|7ti0~9Iz*PpdDIvfOHy+$P1-agll8RxeJ3e1J){Z;Am@%@~6%<3^T@%6sR
zR8g9Ea%602qmY}C9B*x&pKv_;n2g&Ntt&BSbl43hU?I#@d$DzJ4PPQ3uNy+jol{-g
z$~P;Z`71j}4m@!v-kE%+e!+vzKTwOR-J9{UlE}3nn{|^OEpKX{4H@QMr%9Caw4<{*
zx||*yZu$mv<e19~STJOOF3BBO!KeZ+oXfT+1A-~xHssHt7WFaW{V4ZP9huI-<e?c`
zp5f`E%-UE<hw@*J*Y-z3857NxeXo?n3GUoPS2hCSKi@&NaM$s3Zmyd{k|s$p?z+R0
z3QhgRgY_)xHVk?>9*cblMlkY!D4l3y(ojO~BD^Qgk)*8I)iqwH`~Z?J=SeA-i7Elb
zBgN>14Y1ghuC0cv#YD5?b&M<vGI!BQLbIu2`~b@Tv1Z{U-bpmj9B!||$mqA?93I`I
z(l{=K_fTOV5xQ)ghcnG3HcdC_Y&6qpv*&}BSfT+Mc@b(h3q#+&uYV5B;^=Ura4n&D
z<UU}mXda1i{VF~+P07m2z(Y;^;Y9DcTJ5@T;EkuShb(AU80B!IdUo&I7)_#l^<(I_
zwcj8Mg2sLFS%l_7FK}p%1HoEbUG;X?25T?ZL7~ngkoi0buTR^ir4n^bmVlnr`v;+$
zXIdOeWFI3%(E$GKw(~VJy%SF7*ca{P<S5Fmxyo@kISiM`xs~?r&thZ4s~uv9DBX`h
zi@0~<SBI%;;{xG<E7L(jE|Xw{1Yt2LO<YDNThzguEv158l8u2Ppg#k^W?!{fl6bj^
z$6a8ZDfu6Ga{A8w23Qbj(OLfI&P=kUtzKfGIVlEvl*XFF__j7fd8Vx5F5%@Fe(-MY
z<se@od4D6aWRH<XrR8qK9bSdQc!ZU|85zdhKa4DohAY@c?3<BssM((h(2fpVwWjUM
z;{3;v&HltpXTOOn7ochP10f3s3^3lXkot@9h~`ZN^CNPJ%r%K;oV@Q7P_%hO@_poX
z&HEz|tE!&r;=TX88UyAMX<J7AN0Ny%h<L^T2C(Ej*6JB^Q5lR2$2uSc=8rXz#WA8(
zVZR3U6>@F^{v*i%p8qAu>>vMIlC9%?OR@)@Z%GE9{U1rz{>A(sNw&4|za*JbsR31{
zGdWwY)G=P)Xk8m=&}1a1lGJoeA~UEIOoK2z{m^7dcoeY>qp=D`IQ?jJi4O%W6`b1G
zc8SsieLgmAck({?b1t4iL=smhl9LL8x+DT>V_B@=?h|YG@hXma`+|PsR7Nh$$<Y#r
z|9Wv(L}z)MR=D3_pISSTe`8GUd_!y#-U|_>H@H32Gt8F=;dVL<KFRfxstCpUkbmnw
zB30+eh9<Dw!E(}rDB1^CrqIm5{&;y`$SG?Cf?(l~ZfA11GX5mO#1YzG<dhbyA^G8C
zS`mtpVhyQ<5j#0l;uMO8vvua}9#grg^Atmclm`nFdi+n>?>W&dss0K2P{t3>%lj&a
z2w7Ur24nTdr0&eYt3PsgA<&2UEmS`$jEGBH9j2rosPPX>wq~z3+WL+`-U)~ar}M(E
zNUNx}8OZZZW3DBWfp%w=4PbETy&xuJAfKG4133hcwDZLHDPSBte|x-<2RrS14x2i?
ze>Z&5$~ZXX7u4HdMP3u2b5K5_T{BL%2XA@GyYHS}kw0(lD5qoR@f>pHiW2`%U)G0t
z@sBS%=Ksf+_3ix+U*-hG^WVNq{BvWEzL}>EQ?s#8bxRgaee*UMCt~?TifXv6RqIvQ
zs3HN3?%+0+nrr?|rkSxL--tEG1>0C{A$obNkm6urFqQqpz3y}5sSU)H`QQvLDNyLw
za|)Nl?D_)MHM)FZJ3&bACATED21Q9NgKYontdr4@%?I!=l7pDXUDZLxA$3J`W>vU`
z)(CMrQ(~IW;7p^rkIO+sz9*pXA=qQvG%EfjWw+8%;0yag{DhbjV^i-*@cd6SGHYY2
zY7yMLLxci<^#k7s+4DUGZ|5sWAJt*994I+|Fy!u{2VLs~{S5Sp=KD;zrW6kQabl3V
z0yfyC=Yv}Ot~LRdfQ!L`GSF=Vo^u}uQj+bJG`^Z`P?FB~ezOp8fjr!SwxcaYJnW{x
zG{G~he@_a&SVTGQlB#<joIyGJG)>2iS^=sY%HGziHUW8>fa%<0bfoi6<%&bm6)}uO
zuv2v}YpLtSSR(3mE;}#{oK#baHR}BACzUG_8kouG2qIU3WCT@M85w8l<ja<IU;gsu
z8RUIrt~nifp<87!^q8AqMq=<O0SkM35!}q{E@QvdN&(74!_jT#^_oGS*QTeVC{7J~
z<ZW@{8PCu5;jnM7`~#?=(8t=7lMe&rP_sDTlhwYD@}8FtZAj?mkX{9xc<Q4W=JXE>
zxz|(RY%WTZcEgdlw}BVft-62czPcphjNd_qYRv9jtrFWERTfpTx8SMRD*-y`jS-;C
z=rxT`ZSWp}V$sNp?<wkpeWyhYY4#^+{h99Gzle_P@f*>3gJXOnI%ayQOUdDqe-NFK
z58XGSGoStk(e*d}gXjuhzY*OwjkdxvG~{NXn|^!3JSOZ=F^!X;|G?+;;1B5?XWf}y
z2QQQRkVpKE7R(ZY2hsutjQHXfU&T=5$&n*31=_n%UMDv_+vTJ6>LZj(aNDIeTqnah
z53`B45D-T0?EScSLD2+#z40HV?$>YB63Ft1^w*%3%JX|G(+IaMYef9NzDD0f{y}u~
zOr60gVSkM4wLB(Tu1AX2VYS?AX%t0Aw^v`FF{(YHgt`pS6>4LYbgF1%fKT@EH7Z}k
zH%MqhUtGQ~p{W9-YMxZMkE=!6^9{1cxG_k)45pF5W`^NFQ((aOd%ZLW@Rlbj?2=m>
zKUmo+G9K$3`y%@(pNiI}=%vdu$P{hD&cULp)56xvn{1xZVxVoJVMjIOl-Si^d|&oK
z(*T}xK9vMxTxXKmimQ`caD`mKz)GxTrdp=+rDfUv!n%nz*GVKgT*HV#T3TqGBudOc
zZ;jEsotq$ORQE{f$<UO4nUrP-3qs-u+VVYHK1K#PDn#I_`X*}S^<V={_hjhBrHBGs
zKR#DR$CG|ZMSbBS_9Q~cuV*o_&?~RCPY(&%g(Zkq!`zDN;{A`55Lmh<RS4&mN|y&Y
zk~lN<NHq(~+V1WZ?Sw=^n+DC)`L*Ks4}ZVWQz1()+wd4|n}n?w6WtD%3&sOf(x@M|
z;*-MnlbEUlPsOzHDXS-1da}>yzsy<@^1XK2%q;vLL)t^nusBwruIW}stRR_*QWP5M
zHMJOO(w1b6b9nP-3ciB(6DK3#XC>@>)gHhgHJ%~c3G79y41VS9;DBori`dIa<Z+>C
zRYpK0C~<4PJd+fzADU5|P$=`015J^vlcVO1`7gH6tfMz=>pmJB_C2<km`*7M2JII|
zP(<Jr%D4hIu0$+;AJYoOLF`FT^5zb~AlI{+ns)0{q=pf+6-n`gf8VGQoxguY<{u>(
zLEdlNRJM>wGV|@jH^`^vvluV&Qst9rB9l*bU@Z(NT`AhHNBl!U8y$V#%~*)%mO>4u
zOFw_!v>sx^2~qm0!=q%k32pBDUmy2>ecb;aeVm}ge|((R|MYRz|C^61HtVOI6#7>=
z)i;HJNbzLM3~z~HR@=VCv(4g)Lt`m8$P!WH8yih0M~v$r!WY;;+uFik%xtYCt~H!<
zJ!*(ui21JL3tA}Wxzd5yq*>Z@3oiuxu&8GLD^|uvW)sczi0m4FhLrJey3KIJP!`>F
zB~Y$%s=>|UQFsk_jvf1P17a9%IP5I&IvNSWRgN-iW=#Wn9P?cpM)F4oCwV{qE+8X`
zxenihYJ7rK@2qimItqMOtRupk5Mu6zu|)O!!NtO+Y2)-y_vo<SzJhGu7_WsuLWq77
znCRTh)*K%fhJZY!a$N7>kz|EyB!hG(T%(3~?Q%+@0vGIE{fL0<`p(kH`&{njpn2e`
zggh*vBqV3PE73@`saye3KBpRNf?M;CVOQa+N*s$_!`zQo@xf!)$3R9A?Ya5c3>z8w
zq`gTJUBcf*Xb{<6F>V;#my<f1yhe99dA>p!HDTPVn|yttZsXxU1+>9t$MGnyn@v<A
z5iv{M$HDgzpf@~*1d?A0BYiuuGAn$WDEAQS5GK`aXvFf<1>`7L>sdWD+S)$ZKK=M8
zgr56(@m>QwD{Deq0fPuAd(PX)HXs+Pl)Z7Y(!H9Hp=Sxl<a?#Zm=5FY+o{Jf`w^|^
zlzx|}aLMl!6%+jV@XN*xU6@=H`^@jLwpoC+jYEm1*Y9Ry!m+@DIOf2eVV*zRUyooL
zlI5rpi13X6s5Z3~GWy=7jV(>&Kv@HSYYXL(Dv8s|w^>?MFqkCKcv@o-TU<{vC|<~)
z)UNwnQ11ae5dQz<>&d@T!@`ycg?4W)`t#;(lZX^5h@UQKh0H=@;x&S=)LjbW`?`Q$
z36E6L$K5i6<vqer1UcwDbP=LGsooER5;^TodeZ^={E&U;HfDFdkm^(SJ>#7VX`s4h
zg%vOUNy{MjK-pfvq>v*U!2)-{)E_DjKsl$#*`OA7T#+w8=yqaW4sy;%W56s7K+ir3
zW_Zu1f|cIexuBhLCP$nhDo0AR3jbvi+fl6fW*X+u$Ygp)7ugUPX_Z-%`*@hjh=Z_J
z6!}qtX1I;S96q57rW|YQJ^?9!A^<Tz9vowErEx(QBIL6lspD>ao1V~F5<WHCs3;hd
zF4DbY+B6WLD^>&PzP{hwpI1GA7RqIIi$#D>wSgAOt7O`|$KcnPCK7~H-n4%&t7#(<
z*e-n@u%GT?Bau#h2LK`B)%b>EG=N)u@x_C&G2)RxqE7e*797GcFnEVd81ThnOMIVp
z$FSd_=kK+rqJ?-2+tqhM@k@>R4qg;yuA18f+r0H>m<EzJ3VD6T1mfdyrU#hebpM_`
zn`7m+m+%eYrbu@I3>xl6%INo5;_vu+@$c|lv^j3sKp?P~xcY)?Nvsxsqd`6Ec=<Vp
z^6$+#D<vN*X6r_aA?XU+he47eiy1b1PqWP$A|!6%<X?^Ep5rqF#j4R`!V~~XRgph)
z!cD}0w(Furk?7rdMTQ8P_fktlg`$u)++uJG(Lz#$N~wul0<>~4U{Sfe7n39Mrh;AU
zC{3$;*t&>wCdF|mNmWFd_CV$s47c+5Wu6hWLBFZNs(>7`lHcMK)=kAW%^*bSk)UsC
zLSS<NH^Vc7vDx<*UV2jJ&#9?2nYmJ`d3f^dQzj2eFSKcli`(n3@3!+4!P=$~!3i#i
zCs0!&e&r3Tm^Ea1X7LqHh)nDR;to*2>|0uPfF3T2y@2nvar%9N_8rtTGP-Ao99N5}
z$D-s{h-Wqdvrmr7jL3Z#eH-F4Uhm<QITjeBSfJuhE2;)!;CLKRBwF72Q^xt*38lGP
zAEuDV!XI}Q=tT)90#K#fmRqt$N#!B>W}e>UfUg|xPXpXXAvgK!f27@_)cziEx+W*_
zI#TID^hquXp%XRfIoXsB62got65K}+K8Hr(lpB%u_dLp81UATph$&V#9k=*?1ff9d
z-G92zf9jgZV<En~&)FOw6efY+HJH&BqXXoAT_HS1+z*ICnU7Jn62(5vrDDi3T!-*`
zT%#X7&i7)MB?2qq^Ql`ixPGii-9}*`3$3!*5c%v2OiALvwGgR)rns<-qHN?7HL<5`
z)E8v_CM&@ls!w-LyE(*kMmcF@)Ae`<AEYYF$#Oz)PDNV_<KphGHHG}~pF8;d{krJc
z%2kpT!t)myp(1^P2LWNb0L<PbO<YI33!3aH2h=1h*nR$DowaLeq14<#4o;+c_M@iO
zMd_b6XZWY`j5l2mu^77YBwlTPswn4Qk90cN2L9hUIVaOWV>neRi+N&c;Rlb%jtQsg
z9+_83#0|r|Pr{wL0IOv&M&ax8v+Tx2Hz0VqygbKcO_p<W>gfBfoV>=@jnCrmDWLui
z&1FYO{ik}*U=0_n{*Q{4klKf#IylV}F|N82OVU5W9<#_B`9hvO{c7cj{ZfUULlN(J
zY$-C637VnZJTvVZl`>HIFZ^i2MAnnEbMU?B?_kUlPysxM=un2HhhCOYruMOCnQYit
zz2UrM-2Yaf(^uAmk>xI?5W|F*VQ*i@Z|ETqL#gse1>lMZJ*A)5Z5sHi)t){v??ICT
znk>icGq_q5l<CdraCE|Wn?rfMfcSAAzv}PpR|~obe_@cIvnRpz>JKqdFfdnPuW8Sg
zU9ZoVLdz^J+)LCYqS21Z-X`<bmmUKGE74lrMhz^4RSKyJ+x4nhnMEI1EOR%k@liO^
zOC`0e^}t`=PS~M2oP}m6Qb5xLEJr$c-@T-@)XPzrQmFuEIsqQv*3O!G5s&F@EcpEW
z>7+rdg0W{IK_)R3?+bm?FFF_v(7@Y+&^+SL(aQ!wHCT-Cb$GQvz34l2#Z7^|c8N7M
z%GYe~v-|>(l>FiUxhJ`6zLx1W2~+U`+1$?>8OZ;}(FpqDdoj(A&+LV(<V-3}B<hYE
zkR`DMKfKWA8^eWgV?>&O0LJ<LPP>hjM1$IEz_K&f){um_C{h9JI<@iwpH5lU$D@UF
znh~1jSw{t%2sch?ZiekH?bSSXCOs0)C#qMYDK=<ALnxfp2oV(j^6pfZWH$k88(6MH
zVGBD^61@%@_2QCQeux@#qZq}I?MxCC0%4%IN(h!x3t=IgYCPh><<i!?B>^WNsRD2N
zC;^@h8>53au|uf#9II!LvLQRwQIv;ua<sB)JuINHo744`UXYF#0dAvXX0OX^#p4T_
z+HwPk1m3<01%eOiY5W120TI{+2kwjuR~nFHE0FF_xvrFNso(+8-`9YRMWR)V2|KT%
z-9<KqGB{dNH^k@e+c!3jVLZ_UY&VO{K(0}k0yrF)-l$l{AP-C`v^ET|6W9h57alud
z>i#pmMP#zJ;=EKwD-@j@_84vY5FK)t2d(tKxSb-)^1}b*cIpHs1w3cebF6|H-`uX|
zT%z(HZl`7Q&F#phQqG4*Q*8c=+Yz{djMD!ZV(%xVm11gc2->K0-Qg=8gHRgVA(r(9
zgFBhhjqwIKul3Hxk?kT~$@b!*Py;cA<{&_@9iu#&^7UlJN$D+W#Pecvgj*(y<7YAD
zBO91j<?)b6x)ZF{GEWpa9}uYhRa9y-(<9f~mE?KH?#@%N&IVnrJ0x!}-?2KF?!9b&
zntoY+&`2fGY1X_Bi!g$XKeOG>*q=aEsJI>DNzo6gGClhTbT?FRJb?=EefJePZjfdW
zzy!+#t2hi_MmwV@JC2{Ds?#uccxJ_ehaheJqTbSNtCJfG4#DTkI`_Fp4=5!ru&1aq
zUfW}pf{{J_8pm;Bg4$tRJPG-u;Ox0AO8PST`L8?vB}W?OiOofK^G@l-TG5`o;ujR&
zg_BQCs#O39Pq<oC(t%#KOpHsHR&H@Br6(r!j(yYjoNP7NWDtxWyJ8bomi1bh#oQWn
zvJ|NleafCqteTf4qsi+#ze`33=ExWXVBV`zDJtizEN?;6C`h~(zV4~&WWSKsA3@Y8
zIio`I0G_u+uH9HwUr-Ozmo!z$Ursb%8#B~2i~I$z4Wx0sTT(X-QZ$2Kpy>QjNNsZu
z<G;^Vfj-17yjl_eDBX`&9pCN7SKYq{=T1lOKm%xgejB-kcSM!Dh>;x{*X}>31Q4hE
zLhIj%hbE?b0|%h>K9#bRH}l#iShr(e@}gOia`+XHsbA`$LG^K<`sx(@Ns9LM57dKG
zKLxZc0_=WmryR-?o=`q}m3*nc0;ui*)OpKR*tL!0{$FSp0A%w-ZOgBeM*!2B{?1v-
zqrT-=$?T`p;ncs6flb|s^#&y$>T6$v7J!f%^)*1rN1E6h4QKnmk5LPs%-SPTR}3wG
z^HQ&!O5Q1x0d`)N-#F3t8z(*j^4HQVOVnQdO0J?7p0Gzb)qernRJ+Ye4;HBnjL_qS
z+ZF>2nuvb*2olZFT$P`ss7D2r=;GN>&KZ2ArwF+z6}B!m5l{2qd2@+9nj~byQ7OV*
zp34{%I+=GJZ!(j-h8$%U5R2xg3&az7kurFBK>wu4DtWl|vfN~eaeWLH3j0J&l+I<<
zZA@GT`kjT(mc!0&@8gCLq}Eq7DYH9?%&3cUnOM@V82VrJzazw_PvzozC57I9M<pBJ
zJ4`W0s4TO$EVk5-j}tTbL;wCAtb9k2Ek!ODiy?>4%++pT*iY0oo!oI&SAw7~@qKnE
za<UaWU|@h7+An_F61Uwll1&Q%4IL}mGd7t=6SH8WhK7!gFfl^&lbnC7C@DooZUcIX
zvpxc|{Eplhw1gkHyP~FO0+VWhuuV8xi5F{m0M6Ek?@P{p34{J8v6fBeM%jRPk@YT7
zG#>Lm!>9(1AdHeg+w_>HIUW+yNyBd&*Nh%oV%lkwTETxiv)=2B_XhzZloR99_KOsJ
zF#Qe@j3zx7U=cX3OzvyT_=}(*4ygugp*B7MtmaRAV!S>rfj7OJH9GkVj{hsIfBYTx
z#}P8vIKi@DSlDq*(_UPe_~v}~(wr$snmN(hvC%Y1FPp;?MZCjaO;b_SQp=Wn_j{9?
z5TGiD(D$_K&CO?t>%!$rYdw11&}l7rO6Lkr=}%FAtLh_$5vx+OMMmXNM~J=EPvB^l
z5~=Ztask<r=NV^17-A?@s=N6ta&U#miQC~}g^{CFO`#(K(-JO|d-Wx~sJKDg<|;=x
zwjY?ARt-7Y_kkYC_LNTJFJS3R1~E+$lKqt~#I$V@;y&polq5YJ77v@zyJalcwAbaP
z$Z<5PsWYY*bjBJr-Z3nrL{=^}yt~47mrbC_b%X)_g@RB*1{cQ&%DCGjR`4T|yhaol
ziJt4hC#$u(aW!B?6^XW>QY!(s>}0h~OA;^folK)^yyUk=Q3N11{#?_*Mi(Fh9fba<
z+Ohbg%p5&`r>0lfOdqA9t(*6!FIu&$&aVzuaDOenR_pNtX)@aF?I4}s-o;SCj<Oe7
z`ME9y@2u?*F(VBH5`|G};8Q;!XF=Nwt(!eKQ_CPYAyA<?NsNyt^xlG>T>NP$m&Okg
z9G~>A(;3+abtYdxQ62cp;p{^<4IgmKHA$hOp%-PNxbye1*73Jg&7tex4ZQ81*3ww?
zEaO<4H?(lb-;vo;1dd??oXxs<=`fj`Mhrvu4;)r6Kpz$CNqMO*mc*XBhw|!A6PnM3
zRnWBBhQjv7{43XCY_cmTW;OTPW=)M<EOo1Zjaz29$g#wNQg($!+L&aC3U-F$yMr3<
zT?7HmS;~<-)$2=7cRj6_bBgbq5@7H~!z=2>IAdp|6Ut1fbV_R9u$5LmDk;`PaVYcj
z^NW*`jz*J?w&2Xy>j^`Y7er8gzP`)y1+jj-Ob#|-AMUP=>AdS4?!qpY4z<eLI=T3;
zImoUQyi;a{%~w)VQ{z3MO!hbFXyyvN4`zm;OEYkB@vURmdj=R7`O9idMcdvd6pV~z
zHExNUis1J@@YEs^;OD)J^dQ_;$Y%EtkUH^$;W{8b(vI{~!21Rp3Va0Hdh+dEhk&dP
z&EBk<f&B%M>D3h5mdB**gW}nIABS;|(=yMQzigZ{Iv*<heh)SSZ<*vXa_QO%hqql8
z4eZ63PzNi<8tNQnti0S6BWh!brrL&i!!%nK4JqxHHnyR<*h&iWqovr&y;r;Gl3zM<
z^CK&%4aBkh&%UXqDZOxHHG2T5mM*rT=S~W;n`yAF9BE~#fF}fL<x=S#GQ~0vTp@*(
zbC%AL%`LXc(X_o&)ih(<k~+om5p!E##ULGajgI3y&-c<)KBCxGeIHfk2)&1N><+;S
zX;c(wGeZdfCa-c^|H|uhzp}#>$MF5?&I92-%0;!zOn&eqyV%%k-kj%?#M56t>GGB}
zGZiEwGZaF`39PTm*nDf)QU$-JI;9&=9MtnRH$edcM*0ELO|62wa4GnXAcQZ@lUOJ1
zyB#n=L2W>3SWSrs8A`6P8VNS=GXh*&$6lgUo}dB@ZJf6D44mk!4)P`l`7dd;26{Kd
z0~gSnc8GHCHpYd0i>b|9f-HTZI^ML`B!P5Y3xCc-Y7DuHELT!ljr>t79{ftY=YpiU
zVQ<W$jcZa0dmj$=Y?9tzlc%Kg+*M9^K0Taw+G0#vN9Q@%uY+QC%1+Lc&FK45^*ePp
zTl3<UX6%#6^4HR0_Y&35hWNh+ZtCp|+4sK&I8P=euly4Kl7o+7NL*!qT;TY)t9AC1
zSkc^VqDO564)FMNY3uj6pK)$&Vr+H#>~_)Eh+ROAP-M{Ya0RCMEi|(8g18Q?^mxZK
zw(u$2l;M0vTGo^{&6VXcNHWs3u2XKLO`IT8L%TwI@A3si829WTq%4y!5IChBzmP^a
zXhwX`CAI4Z6Qt2m<x<csSVd=wpnNsPK(Cl^>O~KN%>5-KHSyXrtOnMTCRkypoer;x
zK=D%T&j?38rYqUi+4lZbec9a^AVr2`sls1=*HjBi0q6Z*c@MN^PWBgrCp1v~b{+`3
z`Lu+%Jm59ucE&%oXPjkA%aikvn^bqo$N7*OcBXGCuKh6s)^5^Ao?~^rWxR~Q-G`U4
zc_eh46W33T&E}5*KRAlRi{7iO#8;aa^w`wRi^?fp9w929ynS5t`RmlRr!R|7uHu92
z&5P7}sd?|wxUITt1t*_+gtJfX-rdK*ku*#)-S!>&aSslMuNrqB$tlg={Xgpq#_N;)
zSHpiEms4&FL+(qaB)X5#f2Z`6=5j3H`d!>512CY&%Zv8C!caajI-N|)x!)^n)#eq)
z&-h#o2adFpMZ=oHh9Z|hmU!RuM+@bY$@V2$pDc?L4zAG9$pLeQ3p>0{oh0uh*aiD$
z04tSt0F|#<C`Igj6zUMW4o__JCOo=_cHJ5J;$?z#R)stjE0%|8Kd}mG#c*sGHj;wZ
z18vAse&Np+x|Motv^@jh>-I+Jg{iCc-32;yWsuHOhz%umE$dA*b#Eu$>s_C=73^#C
zS6ZB-;0RT(sa=7^KvKCDDL#3bi3FhbD)A*`Le2ExPyNy1o*VUY%|_BE`M|Be%?2GA
zkRS5}C62UIo|0ry@}^|qoBMnTPBC-3mwiOni-QyntPAWu>o0kwX(WcxaCeJ+G%cLE
zP+Ubp8mz3Z=Ip8$`=|wk?i)Xhz_AB};a~0=Lw6&K4kC1bsMAojYCDCmgVJM8>1oYZ
zGg{tG^7eXMZsU`ik9{0k-lEg2`umh-sp-DCwDrPMCFj&?lp|VR^OLvHxiqvN+6E`q
z0scSBUn?;}L|N6ozZr}+a80jgmCiQ*U+m7my6ArS1*kO;uI}Gj4gk+=K<^MRiOM7L
z<}k7C>XC}tPbKeHgm#NX60G>sfI8)$3NbSm*D9KL07dq0_;bU=2Q{^g=laZ%uz_b^
zu4UqfM$Cpq(D)cRyHFdZjcl%*DMkT{fL-49WJ4zedQ6zc0gYC`R_a3VitwBwri;G=
zyGqJ?V6<{$_rrl(doVp(0#viB54}_*e@L@SHknwX>GDE@G>K2;Ce7S~7WgV!fcV8Q
zSqXK1K2a4~$9JOz9Q;zMIWM0Ou#=^CVGk<cT4IsvFQM^qKj#3K88cyOFRO{CzazwU
zmh4533n8IO34gsowFH(&*m(ob8SyS4kd%YY=Jh{b-RcG92)@ku^D~ecUUh)Sec>1H
z7zn=2_Z3n&`@c<c1-m3jZyGh)fFiE2oYTw)CJ(S2-Rd{^9}E?CEv7EgQT5y2HFrUq
z5oT#58RMQd3fDY(=|O<goNs-%_fslKt<t%U_J;>X=d*HYI@(y|{%%AknXC9J%XQ6}
z9cyyDIAtm5T1}0r?q(+)W&7}Rz9fQ}!e;xV;D6$H_^1i@kz~^B-Td=|gW~n!`K#qW
ztj$TVMNhyVrK7qL(?Ne{Ke%Fk8_wkE1$7!-m+*wc<Y`?>B>(dro!e1z&S}on_nHUA
z{gA{lGJlaHsW|_W^+rBU!$qWHV+Uy;@tH$G;GhM!j>|0uOPWNND-m=jZA6{@b_E}=
zSV(<Kn2UI$sSUg#YN&F;*7aO!P$wA2Gg=Guo{jEja2Y|7#o%RP9Zf~l(&jVRHM22%
zc?Z3&_!V1SyWGP_X#8eCV0y^V^cXWIZbyHP=P_@ij~;0E@OWviIOP`p;p2xOF;en`
z8cMwcU;OQxJ-tf1G`X`tQN3A{uvlDE%c#7;ANX>;7Blrp=(%;B*Nvw4+We<2od+YJ
zmoH(5v>qQmSB>ei>ggf`Bs-xLCUtIyCIR{Q>Ow(QdBjg0UG3UzQO^Ssb&UP7z?2m5
zylq*9qXrKF;{S)MZwidF>)MWO+i4oxMw2v2W83D$P8-{{ZQC{`X>7Z(zj@yO>_3`0
z*eCb$TGzGL&gri9C1E}W$~-Qja4wnESdV?D(BM3%2+;-B^;U%3kK9h!U&;aJ*5rV3
zpunhxOmFu+_Xn_ULsCCAqmn>%PZt<hN${uwtSb^(&8aZL-lz{5F;e#)pwOnbAyQ`m
zAST@3aH3p76NI|eIQ>l-0dHYw9WY8o@#gv0mUpUD%02?KZllW9WD#+rI%rUzV8oFA
z#MLnM6g0?@lv;EgPM!}%l;nLhwvW1D<m)KEA25sk;|6(;jg-#jOgLC-sBp3?jzVW3
zd5R#A*sshcjv9cOGHS?mMrod)$hPzG`$Z(1m2&B+{2|a&Vh1sh;sy?^&SWJO%q5gE
z@BRiteTky)Uc=5v8!RXqfv_GLSxobpww{KG7*KiB>fmt0IsyHw;A@H6=dqRBpV>N3
zSQZidmj@FuR8qF&BN^j-t^8bB-CRIbr7nypE^<U6XzlE+wES(V{ruSefKII_{G|kN
zOM*4t)}#Yjag$JOHt$SJ8}@3z5`+xfYnpe>=DmD55n!ivRp#81miuL2Lc%KW<27~=
z$Rc|Cu6Kl;iRnpPZI~NyqW2%Hxsm}z<_tmreyJT{>fR|#dn|$VA&Y{gm%MhfR&PCX
zkM}5N6ZY3pEv?*zm-uSiNiDTajb1owJsUCVsTqrI$vpoZ-BwuZ0VxZ@&Hx>;N_5Sl
znVO-Xo6X9gevDCievsxe8@i}FG4atZ{*hl(Sg-A0W1W!-V5&$^@XTf8uc3EzQ8&Aa
z&wuIbCx6-oY#ebb=F#v2aow$@JHowpnT2%tMsWBL<edNtx|-A!yB+voPG6>aBF7ay
zjmMvGCtXMndAp|R(jl{0iDObaD)3y6p^qCvnLYq%npBPboYG9dSD>~q+)^QIy)5j~
z%8#nB^=oquKFeG7=VS%Xq|vbo0|%y=zHlEG?sad0Z#}}DuP(lx!pzMiIGEY{d#_h-
zo71J0Z`Zgh?sVG`TL*(k21IWV`~+Q{?p9y?P*~r6oG|PGHLE6)1vZa(3NGgB4C*PS
zLLKu)BzauYRo6yj>L2_$Un$7sQ8QB*1-f{%ocaT7ti~qI?8>tP1kj?!ti~4zBAxZR
zS%2|Q0VTe0a^A7TEef!Sn*>WR^so4eo$~?`W!assv*m7*vd$GB1FHPpI_(Yo{Do`T
z(`9awK<?r-`b*=SU~A@9@1^1+RUPV?ayR+rr$lRJTE!NTW{tnTwW3WH&6ErUjcoJ!
z|0!l}kY+9UA4HKJ?XjG<&8M|4ydGUTtO+yC`eLENaTIFD%2-SN=Bl#5=DkVYx&!qo
ze}OEq>4-hgkFdewT!{^f3|XnNwV;~2pg{dqNQ__o-*r>%g#ekuvT8cIKS4kxmyj~L
z&3C*2PQ|XDJ7N}5p(R3#Lak(GLvtFgB8isiKEX(DuNQZRn}?UzsjZnR7yO&Dr8iRJ
zZe|GvQmwVCCTCm?yK<)0&g5jvz3g$W-zrfWC5IU%D;k|`LWl>>v(%2O_~eor&;Iwv
z0?1qGXRa>T{1x!<G-K&XJrl6p2TX6?#?q{9<MhNa?Y?MHOwAOxN#+S%=55+iu<UM9
zTn#x-945TvbbOe?2{J1p7|1Q0tCpVA0IQ~t%yXp<U0(mQjNseO2Dj%v)z-mgqCOn5
zUO5CzUftsd-fKiwibG6M-;R>BQQ~%!csPXpzQ9mwr1~8Nx$^y{a}owix6FGn4?io(
z@n?`3xl4WwJ2{qajgE=JAN*!Au!e4|IxeG#+byWde3Bm|<y1rlXgEz2<tX$d5>mdz
zVXt?q2DLN4Rkk<uKfOG?J$?P!c}r1(D34AMcEK2!kX=zrs%lCxLEs{lI^$0)p9n|D
zP^p3_&F{d&?=ErJtS<MXh=Ah_SWo$!<HX}?io-0zL4RKEnRcg{XzqiN(`Yb;AotN|
zdP2Z{)tbXpw8lE604ldWz`ta2y1iZ|%XvSG@S2ueU%kxsH{tC1V+~{!J>sgpnX6%!
zb-oUIb}bm51}^x%HA++~bkuI><h#Pa>n*=)TQoALnx?cE1>$2eaQ)M#=C7H-*)1>W
zm2}HO8UtOKFCD_J84scK7c*`=T)68)u8qmS_gI<pXbZ*s-elz#^bn}IWqJ_VBP9iC
zA0O)2ko-p({@Y^T&jMytxE`xNqp%BRLl`9ozJ{xt@E5_<Z8Zb*IX((_OHvrbp7BO@
zLFaN|(}I1`adCVS_jRHbnge?G9gK4#gc)rVzVb@~)(Q4s%Ze@n6^CLpe{CeHktPln
zu>T?_ioO1tWhcwQRs9#qG1fjvxocvIRPZ-B))oUggJTTep6IzZt=mp&wsFVS-pU88
z>uK0np2@_<=Ma#qay-?Lmc(Dr4nsN@IvRPGmx%x4K$ONgEobmvFy!<!8~p;w4R*1T
zaNr&!X{1Gsbq+yPIRn68#pJY6hfLPsJyFRut(*Z!(%>b`-H`^NRT{WrH)m(2zCf{7
z3Mm6{ty)Hk^X9B7hiQMftNH7LoeV)f%wIw=>E$cta@Bv+yp!d+xpWdrGd`^^>kB#e
zHa8s%d8(iC4dZ`7TE^6r*2fz&pzE#=VGH5U!AiCn40LJR%0N_#c!UMNYoMg<qeYCt
ze^}9UnbEhBDN$o_-Oz;mqZ`n@SN_8!6Gr4MXw5p{ZF<pAir(nsX!ftOVI5{r-=*#l
z`4(QWxbaS5=#Pa=*`YO<UZ|h^V=N*B<w*fD`D@onf>Tw`$8!R@er&2Q4Xid6%*ev&
zNt9?$a=Vwv^s!W)Zq2+-lxVxP@Ly2*5$!q@RhNWv{<8GoiIvV)GpC8B1DLMa^lcj7
zI1^YAn?j~aZy)`Ds*T{w9fo9bZ^5%`(Du}u|K?0BA&K6OL7^dbAQL92E>_f<P?x-x
zjZx5&k3muSNJvkvzHTNIi(x!Y+{47JAyzi@zrz>h7{*%p4af>Cm2q*dSm@2ce1U6c
z5n*bGn-L7Y&=Fy;6h9;cH6(0h(Qkpp`Pk(dW(2fEt$YPSCVz${w<=YomMkXkRTm8k
z`6yT}Vf*eumH3<wCvKkwBH70YVv%ohV!XJXrX~#Sb+B83H^SQr#c7PMs;XR?LP0sq
z1+GA@iQ%c3>6mZC+oW;$J9r}f4GlX4t6cVuj)ll~#o;!e0o`qJHG~I&Gl<#H82{Kt
zm8cIEXNJV#u{ilZi}1FYTwhL37^=ea;o<iDZR}w4kqF%_dCL~Bmr^@^Iy8_o@oj%^
zA;EHK9g#yuA!>q=h5sdj@do;P!sIsn<Hj+1y+nUj=cl>h{jE?m1Mefhqw;kK_2~)k
z<Mjm98M=x7{2Br!1d<=-GmuMtR(vOQW9baw3{i`53?)Q!<1Mq3icP0Oc4Omkv66rL
z5WLgX!xwGPJXbvi)DYPxjI{KjEWKSXxJ^|My3;)?i{>9m<~K*!PGhY%ro2*9ejc%H
z&#`{BDZ1HN4>=7NK>&ydnrCh>hIo)nWkKfh{l*r~LG^%=M64qgq3Cm}@#&zaJh9#+
z3g~@gN}k$fqK}ugMwWgK*l8Tekz8snrXvwJjjO@y<a+ovB=`5pME;Mrjv@h?j;2W(
z<kYvOYt}68u+Uu)9egOPT6&S$;t3+3j7UHI<0~0Sr_1i`3(3n*;q4z;4CK^Rimw0)
zOJV8VB6z#G@ihmgj+(&1TCi?soDDAEQmjVLL;q6DO9QU6VABeBuk*~c2~n$gTeGun
zE#%g-2~pO5*|ojhO_X}38L{2XNTC^V5+Rw<5?39Z`20H-0phB^iEHpcMX>#kq#lT1
zG3R)({B(M(mSV-W+rM$Kp$6g>)Ts&^uqyMDLTJ$@>P#FKat(h^yptz_k8JBf603aR
zDMH!`hk_UNiGB3iamiI-8Mja%LVC0-md2Acr)h>`Tr5dUL)q21`njD17Qk9L4K{8J
zq(1dDmi``3Y3}3^LV)q}{O!NSg6nDO8&YYp==b^|$AfV4Py|C)$#+qa@8E%Or~~5&
zp*oms2MZAnU9tyUVd!X#k<C~EQK>bvUGbxb)*WGaa4b-867Vf6LmlPT4x)tU_w>Bf
zi~*}o$k63T7#c}%nI(@aQ=vvpNk?MIs&e0g60s7mQJmjC^S~hP^pWE!UPLBD7j^^7
zv3@{R;K*WA&CMHM3(%7UEi?a|r6Wk&6?+}mX}OPtIRJx4z9#e2F<|QFU?w<74WCtg
z*OD?c|AJ@69#@#>R4~X?7vHIa=2MU#kL&#DDlt#?G*BvkgTzaM<FdO6pThx$ELWBD
zEcN&MN6H`f_Em2gOO1iu+e8w`{DvQ2?FtS6nV*>FZ5{^0Qg=wrzbfd1GquziBw2fU
zW_#mQ_I_VApm}H06e-s%%O2i@idGEc@^B?oTC`N>%(HoUYiC%7TxrTeBK-jki)_yK
zRaeP&|CNst8^p$4o&xx88J+*BcLM^fbJFr=I0f&#tX{Tw8|`#&1;meaH;JkvO5<H)
z&{U4;atf7ii=K|^xHq#SO55`zXh6<a>7l;fA{-lG@zb<ma#~G*&Z%Z^Tus2cVowW{
zE~@sll1Zxz53HD$MmaPz{#9w8s0W?WEB<T3q4m^mPq3Jj$x&E3Z)7$htp;8To=uS4
z#b^yKX0Q$#i(ji*duTTndsUp)Y7Rmw5fe!kS){kzkB0$JRRwuysqhh^{>bSm)25Ce
z8<Y%+^$qPPD*nhO@I0ttB$0)(z(0)<Je4(8;#NNBV~Uc_eN_56XlyG}X=~g;0JgsL
z%1R>G*&_+mu&hUO`)yxmeZhsr-IpRRi7=4?NPmZhZ~V-C+TO5z><t<$p(^;w_Wn%c
zBQG|PII%d<vKQDz?CRI+-AR?a;Vu)(F+WpB0`U8?D>hVBC5E4yn4jo0QNRdMO`+Nk
zNA$kzmdcLGE?QH)2Kts>6~$F6$k4mhExO<iZz-ydqn2~`#9!_9hTYg6i4q%!8$}#@
zh3hicOL>I{4UjwUdovM9dCsjDh!qI&*GM#H(Nit?w~J9|NFN}Cr)vO$hrS_%->YM^
zD0iwzH*u*-n*#kzf`_a-r;e4R8QKR|4v!GvlX?DkTu@D#fnK$xEKU<WuBtHIl2MhS
zNqt4`Kcy6%(a*^>;aYuL1BH~yjBo?IW~jD{cEiv4&=kwrG`)JGC%R^g%hduwP+eJ>
ze8Rh@6oPZfQJ!^^cMbmlPfc<jOMHfoazhFsjJ0<7^@52m=sFw(kj{;vs?Vyw-!&<Y
zDU%N9=5qF_5Hd*qr*M`(jM2XDoBC=JE6RJUwt)PNx(wfR&H}!BxRIWQV{DLbgwE84
zwH~@#qOOvrw1|M{J3in^!v{037!HMgXV4)Hw&mGLP_k2(uC}-XE~m=|dL%0h6W`DP
z0X2#H*^~}w_aL4eBb+#07;yL%DShO0cH>{K`BA%?h#KDSiRJyTR6e=S7bw}~8(JM0
zSrP1U3$YG^8~C_;m|5q<C&`87OppSn7a3e8`xjvar9)Z|iLlzn8yxd6M%2~zj6D~1
z)jjjcE4URSDDgvG4U!=KEKpN$Kujo3Qn@(Lea0wOOdj;|B|@3`&u(Z+28#6V8!c%A
zdfxXkhCn&JUK92BtdN}HJ*&Yt?RcyxZ$-)<rwtX!3$JBSq&IbFpD_>n%(v~B6}}CX
zu@il4)&T_oWaaP&%Z4`4Gs{QjSBeZPNSCqZCuRy&O-E294pYm-t|%(*Nj5(K3cBs;
zrl?I6r_~I$hi;|VRt{y@;}stx+VMcQ_Sr&gtpt`6fOB=2Ocv;H^;nMej}%avT#8^&
zFke;*Yr;KaTC1d&P-k?Zhj_sLF2NUxMUkyb-e49yW<hrdS{TFj7^{W3kj`3dynm@?
zEymY4><RMFFCQ3^ul<uGV%whNkRjZnH85yMl0`hqPiem82zd*RDRTEwAw*Qmjc7YU
z7se${@=wlGv_{IXl;}nH6iW&1rC<dDTX&x$CD`|S%{<QZ9j9oiUF2V<3Pg_Y)RIlT
zgwb%)A$3<LLJZ4FI&-0a+448bxR&`-=JAA5wJG8Id-pnf!+Kv;jOo*Au%Ii6oxzZV
zWU#q|1QLvX!<2I^SdbUgjFnA?E=r_+n_)AhGPso!-@gNd5;QCxigq{yy3=$Gpp2Ql
zBcFf%9G%?*$3@TyS_ZvrmUy}<(77cbXPHgv0h$v@y?KW`-a(@BuFY;__HUWGTlO}R
zug!wQYw6!?w|<xRLESplu|afMIRrW~|Cv+pVHP}rGymBTW<*@Ktu?m8Um5uEUj@e_
z=u>CF$PD%d1fV>&B0XM@=%v228b`$qV(xz$ay-uJvKGx8glT;(X)f{Zi{EfI_}RL*
z_$Y9Ha5nm7VH@HiSzsgho;6DGDP8oQJ9P?UPwR+$N7)r?jIY#*!CUXhqQF;N33*ZR
zMo5O*NG+cuGBQLZ?tyF(g3{$p9@`B2GNir!b?c0JCK0rND!_l+E9(+NihwMZy!031
z9<}4(kNm;=7{Oru{$2cFx|F==KPn9Cx~~m%Zq-nRn58)B)Cgc*0!_)Gn7!QST-$I7
z12GjPHjYUpIP1-H4JMY!akk)Q^u%GJ{aDwQoUppZ%daRw3k=h#@0UTU8FoaI;Z9jm
z&HZ|~O<etx@Zz=-Yq`(opK&kuy+cO|avu-8Lgh=lVIEpET4w$6aN@#jN3!(k%!BDE
z@pKF++?6Bj!~kfTFt)&MC}0K%m9w!G!^JrdJia*x>U((XC#HRR9KF__^cDjB8TS|I
zeOpXyWa=a<`E(YOM+rRTf32{VIsZ!}Xy>DGenVcL%`SJYIGkSM1-0X<*^PTM?^;W|
zlgj9N_BAs~;m)q|H8ZOUt}_c_W|3!E*w6C>1lj3~2$RyBQNmLBI`L(-B84hiMf2qc
z1lf!>F7`oCrMwz7v#%9OxVn3Q_cS1HGX5e1*Qb6lUn!eT52y=@0P=Eq@8GaYS)1o6
z&<S$xGzC|e!hV+$;KD+kQdfszg;ogPkh4e$Y8M2*od-g)Ky?h3+tfc*P`RidHte8d
zP<T9xGU4r?+=X`5p{L3vFrE1bSl`uC2`W+!|EXYKA^E*e^>RUw6V+n=un-cF16Q0K
zZFfa8<Cv8%<uw<C4Z@#5K!~UR%Vo4^Pxp(LvlC3O$(6g<<)|Rf$h|B}f5eX1>3U`+
zv-^{Q19Pu|-nPN#!{f#0+2lhjx5!~IH)ZC1`LS$LkdfOMM#C+;CW1ePFUs$+LAD#~
z@!ykkwZobrgddyHG%K-7)*0znwFMTt4oFiNSQcn%VWK@eT+hB<9Amh#PwkncD`QTs
zah6^&m#=j&=d2nHldut_$y3#P$UaUxZJEO@a21*CqOOHbVNz@qMs)(EpRN}?v%}@H
z3`5|&6*)55g=d9gz|(4IhHCfF3VOnVGf)#7RiUx&Du7y{4;U?-oK|X<$tpY}QoE+D
z_-|Z*u2$QFt{<wYfirM8aW>@jUlXfo0A63iM6nFa(sW4IG-w>Pvh<y*>)<m984lU1
z3<3gIF@!*=52;e`u?<X9W!;>Mh&L=(<oi1*-v#~wrR$}?W1w#P=U+3Jm+wUO>^GHL
zCQORbc@wD_RD=f`n6Z!9*SDloWc?7wh^D4JYIG@M8mWTObAcoRDfAbDMTsXw5U%hK
zzF|-2=-+(TT-$;+ne%r>;i^!_$MOyHk=&Z=2m&+F>1Z4~_FmE-IlZa0KEktK-l+(k
z?q4pc2hL4QRu-pTi=AAr@P%QQR}Y@G3|-n6XTsS(Q!$UTc#elW#rLwdNc&zr+=tpb
z$em_DF>A=Pxq9#p?U=gNu45yM2NbiMX2S1sFpfbnOMUY%bL%g?P<9PmirurbEYJUh
zB##=+jyl2;|Mtavq1sH7+d8cLewKv#mc`}}$@VoNc)HDcwC8v9=Acvy>AL8T;e%Kk
zO2<s%^!vO_&~QR)P;LR%e4F)5E0Cc;fRmKayxlCNw3@tRMS9yQ8Y?RB`Y--AeJ4%-
zMb2aXMQ;@Z$2L0AOvz9{7fW70aT`TN{U%L4%+jUB)yEcC^CjXBru{-;?@AtaKD%NP
z4>Ncl#rNMRmxDTYWhVpAjr5qZYD}p$0jK8*2ujOIk&lWb0raj{^20uALtML-dU|v)
z?`%%YiNi3vvdpAuk>e)2s)Z5M#9lmA$0{qwMRAXf7!TVC`sxEK_bO+HK{@IJGbkUK
zRe$&C5~uq$x(;aw)SxV=#??dYISXb+%ewBkb%Am|t#r7EP$KVdEP)OJiWXH}5K-ME
zK6^`8iTy-(uu<Mcuy$iv4*BOLd0&BesC8A&nz?U2VSJe0V|wA^VS5%ht|En)txv52
zA+2SU;XjwyAoaV2!G0k&!$?$UuW6$>{uDEdW*!R=I-x;FHM6!-fn5_-fPr&WV%9fG
zL;ByGXGFK5!~6%uV@DYinoCnR72lK*5UVPpI^!Fydh`1N>+LUvn%9OE`tAKxN~yx(
z<3PRf!yV)O30%u}>nhvghU0{WXEaUlr0Px#VDV9!9Q6#VR?PS#cw#l9!a|&F2#;q-
zwgMOZq5&6NpK2P=U9wP@V=KcUx;4<h2Xq;|4L5D7?c)!ViMiVpfkPRc>E@Lxr-#n(
zROszq2JNS{4D7cG!#^5*pB0FI4eX6NI3L~JK2IfiHb4snM{>NIE|>-PAd+$#g$@0I
zfkyro$GKy0qwMvDA`XPtuA|GSFk8+xhxsAi&siQ&BWn;%xZEB{^5@KEHy-|O52vsH
z{Pe9it3hM&i}%Hh$7poquBLW>6q^OO1$+<mIt2`H7@m1WdUR<HNOHe|dArx7j_SW!
z?qVIMSs{Mlta<oq*MnAPdQ@%NN%k$RYrbGMtlk#90d*x2apOC|qYN1)f!(A1d$}@u
z^-{5KLe7w*!%@#Za7Tk0Xb-c;s32mBtz*4?tPxT`Jizch`M%)l_hmFr^jxfyjrlIR
zObD7COHWS{<(1O0FVV5+FTv%-Do2LVC8uvg;M*jslKCdU372CmCQqpCw%cb&cg<YA
z0VH+hs~?WKrFK(1k-6gSzQF)sdgb%kOx}j^TO&wmC5ra)tDV0AlZ@yf<UUCy-1&Q|
zc>6~XKz1T=I)5XJaootMl~>ShY{PETyj$!_U8ir;n%8|D$Ng>LTr>!~JZ1>gRQNYN
zGYZ~-;0_Od^LKTAy!XfA6?Ss6%#G-JJ$Huo$)c`6=WYYv$gBi6LqMs6UPnuZlGW@G
zfFP#d=Y63w4-+5*DvNi%ZA&fPA#QJp6!!I+XPD^Cji+vrM*Z&2{Y6voH1;=^HVeD1
z;ydT_CBr(5)!Gj+d3g|294ze)CUI3J{AkOkgeB)u@AV-7+>4SRl~;-0KJaNAh;Zy-
z*$-kb7{~5*mV_R8cRn+jVbxCM*j#roehQZr7TlplVjf6xqI_+_PT_nMxQSqYq;AE(
zrJ>}oM%2fVWJ@YCY$S2-H~p0`3n3Z&QaNhmn6!R9Vb%!ol~DV1JdDBH_{EyiWBkVl
zj!Af~X9*W-mOmjJ&l~C+->}tTy%4T_xKDBwx7*zOZz6coYbTCM!WR>WZPeWM9nU^8
z)$H%l>6`d0Yi)?XZbT-hNZW+Rk&gkA?mSU7T+YJ=>-dG0-B^X0E6>01H?tbt2TxLT
zq(E@JWGTjR6qAL^+xSUJ5=|z1$KexWXz<06%MLkZr)%Z|LcE?Ycthp!n7vI2z{LM1
z{@0ZxiLXlx4zL(DYX*<dVl?XP3^wr0kRy@QR*Wj<*n&N&5{V;TWj35}f>WI(NoSmW
zXLaRmyT`xleKy)|TL`oxQ;J)|ZR7QlGE-M?N^pO|E>5r2HmW9$T}8ifG@%qzWN&gl
z06ASMJH1>huAnU{TsN!tM>meceCXo6>`#_9kA;tKj(-*5k43Rh5Pof!ksM$I(Eq|)
zN*>cPbSsGokZdpKS4t0vi`GK`eTQOFdyXSfl*}--Q!satyrr<zP7dDNHTvjJK2uXD
zUP0W;(=y5*rmDx0q*I*vcQkSMIqVU5>hN7LGFDzyqXKPty)=-L4d3ei4Vq&j_?d%$
zirzcJ<k#!w3cm1LII|L1WQ9t(U{`pHig(B`au@NFNo(Y`kJMfxEdUJ=7N%|9OXB|L
z94?d9WFY4#0y&3ts(8mokPFB;81WXSH|mLSk}?;KLXi%a?Uw0-0MXEjHSyx@cB1Ww
ze}mgUp+^FF^dUR$!xr&PATQI(b>AQCxh``uCr+K@bayfD_xtpe>A#>_%ygP_B46p#
zcoDjOoJ4wkT&qa2Bmcv_pDSV0TSeFS1DSo&d|`2)qfSrX$vwTrbRx0kv|_wgscWfk
zai?E<vs{wc3ga|P+1H#`6l9j}Mdp$w>IYgb_hcVHo@f!ryg+u05?dmx8WQirmX`HU
zEIM-m>*1cT+G>2kp5CWF-a+!`RLhY>6?%C7(fnisDI{LsM+)32K@@b;N-38I38Hdk
zf@eWSA`)09ZLPJxi+5NudWdQ)_7gM8nbP-)=gbLpX_u>jJ#elrHas*tD#T=tv55aM
zoE~D30}V;S(BTo*FFZ?S<%mV3&Kgey1;eB5{w^q1%gtXBOTJyG@4^%PPcmT|F-E8L
zlr93d+ei%o^Ki`(r=N-&XX(XeUFG4j7Kpc{S3bnsIk5`#YpA3?96!3S9(VmP`d!7_
z?LJ0k^Ivp|1L}e`WblryHMpjC;iM{1Uj2%}F)JSZ&)%&^qZ%?`0~;V*qg4Ze*gM|Y
z7PY<Hqna$P>L!|oL)eg-x*aB?v>Oc|rrPQcFqBvBze&)26=2~JD(#LFY~k(q*B83r
zvjd^xbGwRo-!q_bo2QdSXHLW1+5_XEFvIBTCJJEp#u&g<<9XGIlun)U-;-WkcqkHH
zr~!<+nAd%VeR962aZ5;n47dzsl2fG42HAzlkgRTG7lD5y9sglCE{ydDfbo1259EU+
zwRaoFn+z^JG*@X~T>>vCJ(?P}ake-qe^EZM(%<L)q2N5Rh3utmuU8~HJ)a1wPfLje
zFKN8Am2+%oZLMec-s|cXvvT-NFPiKd^~v3=8T;g`iTLfNQPa5z6jN90UIg^-%I^a}
zcDa9%macMcn1&f+%&GV_EP$R?D}V}6RxzhODne73BF9@+@Lmz7K0KMpR`{r=`T`%t
zKh*qFW!%Cyi^oDGuv#itz*IoOI#%tNmXFA?7aNve+$Tc!J6R00$b*MV!Q^2CmM^1_
zu*dn&Rg3O+dfqnuDSPZHHO3e}u^NUXSw2Z1yVt~-boMJ|cg`yIQlpWkr3p>!OH${7
zlZfwQp8(IzsJ!G9ApkxbLNW5!7-g3rl^WQIE}_B~Eg`L|BC}-wT;ek16FxdxqjCxu
zuNa!_TIoh|4`AnEosk#5f}b_;nswv{C$VHb-4sU7$G|PU^JE#30wV=Sb$aB+^309u
zdGXCs*N8(z=}}TQp+NHnhD>V4K5a73s0we+nu0)ck-#eGynX{IPIktkQ>a|&f4*L%
zatZBHk-b=MH($=L8L8j)FT@iUqHm#|e?lSlKNi$M48CeJDvauG9~X1Yb)WTclasBD
zL!xP4F{<I2Rvs`iq_C^4=grUk?)2>QZTMj`W2W6DggFNJo54Yn3kZ3iOB%q175E2g
zChns_!27J%5syro2*vpOwMi->ZiDzp9n=(?4;Ud;9}gWOZ?r`yq-!ENX7`^8$BI8>
zg~VvW2Uwr)nG=uhK4R}%oZd)R!w8B6C>t?K;|LSGsa)KVsd^G)Lm<vm7cO(BWt@XU
zS@gjioa`JtJK{J4`0UQ`1l+blL)ceXcY74uy+H}Vp_0}1R@CN=_EeL6D=EAs!*Iea
zjH*9D2NvZmUjp-v;XcX+n{3;{(+JK8o}rTx#&~LxBDtUf5^H^g;!c=f_&c4zKp7{Q
zxX~Sn$9Krz0sV+bia07O>Zs3q--|q_Nx~VcSba8&*jfm^1vNF|M!{QQB!FUccoC3u
ziZr~tp`gV9Yl>vBfO37v_Kx_D8aE0tQ3a2>z4|ciD)cqTZSy2DtWlHdxe4$u*k(UN
zH8M=E+lLS`lKF+WJtGYb8j^oKkJpt#3v_=WBn9izKNfbSj9}&U-lm#ofuftZyA{!r
zn15oqoIAWkT$%-)6PLH}_3V1F^s+&@_w)>ud&M<Ub)L?ZojWQpj$JrGq=}yzsi54u
z2n0T+hyKt$cG)9OT>dZj{<N_Gx4Jwia<%bWN?JQay+XY@*jWfZ{wo!!wFs$T5f$BP
zGE$Wt*kAQ~9h#_OUitCrihE!QZQG{QdR`97@66kzB|@PIk;zwK>NXl?W-g&-b^zmP
z9qMKRnhTmo_C7&>mZDIY19r;iuz1NVlb7fx!@KBw67olUd0R$)HhI*a?<R(^QV2DD
zQI>PZZ03WzMn6=3l16}^EoB=T#i0!JyAvB3A!!!5(Q*02^5e&ReSoJ9?JmTMfk6d7
zQ}pRdw8eOd^wm-H+L2I_)CnSqi>eX&2HkbG;=D`v^4Pv<3FI02ztm*|W#n5?LhW76
znW8{^4V~=N0-Za8UfRtJl}G!NWl&kEXD#2Vx|d~t=wc&$x}5OO)LS2zqP<0mvyrhF
z8j95Vzr?8nqH1)g(H?u)=y;s}gQuuhlDe)B{Mes|s44F+bsibrV5O{)d0%f`#qzNq
z!A7!Ej)Od7T|cl_y8haA$tO7Rj&83p{Tsr`qJiM>i`Z#;M>iB5$R^tU_o9_Z_zZ#S
z2z<+%NI!Y(Bj6{_w`(@30J9{rrQyKR_&}}|^_{B7(SS?xr~F(J9%_!3zCUz^bF#CL
zzbFt`0X0Tg+6k;HPh<jpaM4s&mW(5|#_*&0dijiXJK@q-s-_ULCIBj30XM|BNfSdw
zJiNA3rRsgWpgMXiu9ugUn|9v8HQA8h?ad2l$Ko#bh~!(>b@Y*p?ayDL%Nq;sfek5o
znx_Egv|@~77Wz=FH~7Ys6xz)FDm9INp+B0A+z!aus~-p-3Ch*Y(18^Psx~$=>mx#K
z3=Ke>XAgy8dE^emd2B)(sb7tBu;Psvbj10i-1UwDuz_y1M$0ScsxKG60kC%VZpLlN
z((o-hN@s$hy3Q1uUPvi-rznEKTU27;Oz&wg5*;p7un-~|ZLt6Ff|^Vdq!|l=yCRYw
z^`m2Wh{-zy_7{q?>0PkW#VOhVG7_WbqU|E_YSIXC<lvw)Ej$lHxLhqPUkp^H5!)7@
z-^VEM)PkYE(eYC((O{%-d0n&MPuX~O%9fIE6jKE$o)@r@JNI%;u2|U)m`Gzn%U{S0
zp2zkki4<+soo`%4b}HGt<8@bwpDViXo-@`zqx)C77TlqFQgj1BlDYv&YKI=yz#E|_
zC7D*IWna7NM407@vz8P!!@GL3Ze^^yBC<_`^H^WU8Ik*{W2zV1Bv(%;I*7>o!edp#
zb)<uyYbz$hR}D49x7_HL0Nx4-Z*NB%^tCKcSMF%Sq>+%3g6=fcjfA;^F5iLruEX|L
zk|;~+1kIs?L!bXjr~A$M^)LwAsitISq0I1cPg{S24Q77>?@(vc0ak#>h-}YMGDQoc
z6ed57a~4&FC84dj9k{MfO<Yw_S&cUpv*>6A0@InkDMgmEu@R)!Xu0iUC?FHIG6>2E
zQ??aMs@ywDLWPO*f>o4}OBkg=EisuxmS&<ff(c|oTmBj;Nu`3;H>M7B5ww3o?}A@J
zVkw&RNrEyoF0q}y&o&O%71EmdYn~8gs69Z>t!EUN%D%ZfL90!kB|JuK^okXZ^;-6g
zOinM`GGwwZGJ|+O>|`40!!_;3>?TNj>Sm+#3=9jakC43L$H6Gli3zvgE4#}_384v9
z^tGyRPcm&MKU_69IYZrgnDEU|n=sji|LI~Ov#aq^TWu13`}8Jx{^;3-uZ*kvN&Tzw
ziIe>sw`A;{%r?50E&#r2a(ccHRH}>;30~29>8h95_KU7Xc-KIh#NP4!%Uj)FL-vlo
zsBZ}qTn0S0F+O_i*OQZ?)~@b1*R3KSN)d6nTJJz3)`EIW>qkv~v`6XtGQZH8&0>pm
zQrlBZC_+lSy&^D^kwO%3nk$wVV|4b&b@PO^rn4l~3lQ<MZJ{`UcO%#lu6id!CYU`g
zt3nfE{=7{c4tAbu1Kv@0q5lh3?5!XVfer?~Fb!2Pc)R^Lw%qx8UO!exG$R1jOI<)e
z*dQTCjbkkMJ~7qq6c-t=4{xx8eDw+)6|)<8Q;#n6k?g(Zc8$f*lYrN38TVFd@GW9x
z;<j!Fk!M=#Mz*H|Y40Bwe=u(GGY~zN?~0)x+68>~BHO~~!PQKqyI0A;J^c&Lj!q;s
z^!kqGgCMd<HKI2v)sK)XRmh!DxKPS?A7zJj$cVbmM&SQ(S5-c!H(bc!j|jRiAw_Dy
z$&r5qC7=}0r$2$cv(`-}36(GR8xcRKVTGMDKdFpMlHih9rE_Hm`KG{ql1U9njk8kw
z`utw_xh}Of;EO2qI%27Es&WiV)t5Nt(T5LlUI1N8rNV}acUyeU?r`8VE-gA}u;4sI
zIW!tKoGO_;0-cJ}hLLqJ#~zv^E7rSqfvjxjKG*nYJm(D3dq~cIdcW5NTvks`=a<T4
ziO&*wUD4kEr*{Ow*49;i7CgS%KvaT|8j#b%iJwOrS_+2d>xAS#8M`QClU}4LS^ACu
z7`WDA2!fYUQG&N3(F>s9kms`Fm@t|L0x1-SG~lc&FW3por^QpT`LRp55EJaM<A!hd
zvAm)ZM`_Q}n$Wv(g<SWN*uFoO<{^1tQ9)>pyd!OR-VLVy_^0yz)5FTD3;&$JXW`gj
zjJE8LUME`R7JPY9<%2TsyHOk+*9b1<!grIue_0+rA-Z(VKGWcD$V8x<L}LNlg*6wf
zvnFm>2$TU{@M0G8=*>GWoG_Y)_S<v$tX`OS4}B(6;DxA|2Ug0fL?N0E7Y#JT!w;f7
z`{avC0z-enr7gu7v_pc?PF3m_b#o3bv)1&49@_TlMQySWM~(2b-ptbUh|}~6S0~ap
z!C5<BFI;_m-KT0kji>BEvNd=6PqvLZfcUb>>GW)wEcVW<)l1q&9gu8eSF5||d0C{n
zYo$;L7XAx}aHj;3WO|gLE;=DD|8Xx8hielaW1rhxOhzymxOQSP7KgWQ%<mjDvaZ+!
z0(nF7e@QOE3U>gQ$8<-?4a;iHop*P)sQMy{HRZ0!Za*=)kkCpir~3L(V37|<7f3HU
zO@$s&FgmQo3HM!TpbnO?vrHcup2K02OfG?`vMfW9Y1ZNmxCEd<3B7Q{*AGK8QM$u_
zp9wwu4-tJY`TD3Bq4ThK=eKb!Xh6srW_ocxp4BS<#QLHAu}{+>#-_4C_F);8_&=ks
zXSnCyax#!p&m?7>{o))Om$*OOFGlC}U8MQSP)L51oEZTEnrbU&)}?cwoN$zWe#eLR
zVR9V{6Nbx;G9-gMBJ51)2wTbXsTw6o6#dJjydva$>FgS^9@aRJ3LccrhW7xxgKG<g
zf+K8vLW|x69~g-QA85ba#zUK-_mv8890!&&al;1DIibKgi?o#nIBKOg2#T}~xt;XI
z?Q{tVSW>mQ4eC>3*fNRznI?j_$A|wMD5LJP+!x@u7Sw0?3xcvEkUI-u0;dBZ19xv?
z(rYPu0^(3jhXj~x1JDiAnjYAvV$g&;mR?2We{%BF3mh=ru<Yn10~}j$=sgDocvQWF
zZ_<e1V11BVCaI+x`8<(8(Dh_rTjD^{@hDO!KYYDl($5?OO^De6(h8UNbX$^~*biok
z^wILcuVLedUULN@s&61BvBKw4yj5H6T3G9KovWi#Ga9qL;rfp8oKRPk|BxmV&i{{I
z%MlXlvy7IyBUL~KE*y)8*i$1qP&WqI^r`^^B#U0j)MM-7P>bTB8a*uP9}3ZN;-~bV
z8H&E>gNTf3NR!Rt%Fo@W=n@v^HZ26~JPZh(VD?FPoRaKQluAf8ltxfJFi8AIUvE>N
zH{ih?+#bdaz}6_vqbE3}sh11K_k^-$(lX&ivZflh>)mRSjK29SD;+`Cn^o0Il_`A3
zzxnJ-hZ1#)d-XzHVjbHL(1DZ~fRv=V?xc%|If=ikxT3za!|Yjk#Oo?<z}utxLetZt
z$PIeV*VQhWQc(M9o&36^`Hq=uv-ff?BoWt=RS$J7hqYZ>0ci<l>(S2psK=<wk#l&(
zv9oPW6WR+4<)7K;9yz_)zkL+hzx|(aeEw$~H}2!aVNBeiy&&W8cYf|Hy>b7~IG#JN
zQl9$4Zn|OwEh)PGGY)inMv8&zEI5aBxNSIi{?5w2yUW|Xo#m)uP1`AAP854$A`~GF
zbg?n%Xs010-)Wj0>Mr@Ez}+T<+&1I6EKPZAUK+6Ka6;)hMS0l%!re7NXWI8ylFhEW
za^Vyh-cS*W4`$RU?|Ysc{h0h}vKP^3YN8-?Lo#VpMJnvsp(&4bWoX6I*jtarOqK|S
zA~Bi44BDL5G=UF>5Xw-M6=SHTiv^8B+Ne1Q)5zC@yW!)+$w(avngt8-pJk(A`Y({n
zZg$C2q%2qcq89!P@Tt@QrjWYEZ%qpAh_^+sXikzkY9UM<zM{5AgNAj2TX#=*VTVSA
z&L_<j_g2&TXsvFr-P+7B-A66{CMTS=_r#*L)GJyb%-ahz+qs{}U&#@xH8Y!d%v-5I
ze1i<syW_jhGg?_g=J)suje3r7YZ75eJ*OJe#1)Bgsj^a%L(C<aAnelHO9H@-Dl%M6
zf}v*~D8(>=u}%dqI{FoPr-)(-DEP&zQYV)LY8br3ebt8<TG_R<+B9_RV$liXMHA6!
zpeR%N3MwROoZJ;U`{+sV#*D=D#C#Jod|~qkM>FZ!40FhGJUHNp*EeYDaQ(qzZR21i
z(4Tb!D+efrq2~d1vHUTNBznqi5%PLC$O9pI=HmC7jH%<ooG*;`Wb(nZtcuV~TSydM
zg3e?kIZNc$#iD+7@OVT32jex}inj5y^aU~|s4BHq{NF$ps!+g)kY$CfF?mx0Og(7q
zX$hjBjs!l1psyhT+@CVT!TkzHu^>@hK7+7E5<G`6QE>9}abN45C2~9I9>X|US>TOs
z+?E=Q`luNQkSMz50|v-dzQa!}E06~>yB|;`5z!2l`XUkR-7?A4e=nX)i@u&&3AIFC
zAmo>C;`rHul56aVv@SyY6QM#FJ`En?=I4XSY`$+`*0x`FfJa{q>T0>*K@ABiG#=U<
zmE;FGF}~M#f%tn@V%Jh-Cfr?g(4)v1-1^(`V$v%dc<f@PTo@>=-=JXPI9R;u2#`f-
z#C&x#qn@R2E5Hk5gvo-@@8k@mzL^7d_Oy&q2FGZ?gpnx<W)<gJFxqdPA)Ub$3k>?u
zdDa>WcShzJI=j0%X)L%kRMO68fmWgbWIk#aLl_M?G%GC#*hlT((-pq?L&KT={)j28
z+gn|4k4M_iNHV<TNo0Gkt=vS?yRF>UpO4oL-;H{^Jy%$JpbY{Y9JY!Po}U$tzm)-#
zXG4rcmGoS#Hb#)D?b}5Ovs+fnR42{5mn$<j^#{2Kt4q|1tMzNwTIvIeb0F+Su>xux
zb|3c5Kt{?TZOsH98w&SVkt2W?h~r(Q|6oyO-l@er=<k0<afSC98Km>|`6$WeSPe&c
z>^?@?M6V=PU5+TdUAA=2ezjx+#CI<^lS^K%XtCI^PC0M1S0f~TDEpV||8+OpOSruy
z?Y~#{N$4~h|JS`ts!fAfldC5<*VGpTvKu}3NB_bS>edH+@9Z;S1S(urrr*!x`<p+*
za7WLpN2pMh9<P_{t%h7(=e!rEg03FhoK8(WkT3mRPn6byecmf1g7IwS9J~Ho?n<?W
zZo$`)yPXp!;nKT~neVX(m2TF0-=79&|K%%?v|pm$@IJ7;%fcWLVD)0CnMrpGx&J~{
z?y6jpQn=1nE+O*R__(ck?-?aN-ux<aT?gu8HVPpVYZ$9*Hg)s!diwY<2rkPEoagrO
z^Twn4%E5u&dKtp}#+b-vrCM?GRgpt^h8h<AB*aZv{H<J7r#MB;Cds-;E~8m_w5mn+
z*8}2bJLEcO$`rU{rcB!mUlKqXCjxW2J}<0^n*Uz8*C_M+oEUYyLU*ZbHgiY)87*As
ze^rN*98>YDP`@Ii`6Q_MWXj95P+9Nc_YG=GXR)6Vwe_Jgu{Za3*LHIa!fIvLZnu5m
zzaM8B&lZ0H53_Z0blKYFce;nOw!ndT)k{@bWaV#ko?0`$1!orToK;QyaYp*94{p$*
zmfc$nz@MvZYHL+eV^LBJPmij*v#*clLax)lJ1^K92~h!ukYh^kG~fEY1|EKme+_S`
zRg(4W%t|GBTxT5q^A7Dl)x(714O4B@wT{YBgfp|JLFmURc)lCo2vxH#EPYCG40^iq
zcR6cXw(DJKSi&uISNn+Kzj`D#k13lRgG}w3B-T`SUcoh`7}2+F#;$@1mbFi#Nv=#Y
z5DY=_^f}817tZ2{xOO_=|Hp&o*c0%2!|Z%(pt%~Vt<;>>BzrJ}K?!p%;vkkM8M8GU
z_=pqp>Ctv_!6qfpGg?`njci*8*KGH5#_=I?Qo9+OzzH#%b^wN911A}x!%~bBxNj<H
z%R`CCH$ma_45_PZfsN<m<SXfy(nGWH8O2>ns`>sRL4)`dLjA#H@>L>q3MpxKRQ<xc
zVqhMo|6D`jn+lX-zh$lMgHszk$bPNDd>`oz-8c6Y$iAI9cel!)XQgXyP^#vR29$4n
z?}<h3dfijfXX-z>UrltNQ#cqP>>-SmoN6pH9XBGJfyVRki1=|C&HgrigjzyUW^PMr
zmvUaEb@}bBw#BeHTk~^I8~M5~y(e;Vd)$gaq=dlA@SkW(%d?_q4X9IG;_a_>Zw+Vb
z9q_}Fp_)vE_bk8=*8j997>czmK-BH|?+1aXbB=STt`e*|7Wd|@oLN9J`;SnBIu-pp
zZqCE&luxV<kD;skfC8o5Gc?StRk7s|ef|t~cK#MJmw_W0Y70r_5*d(qv3k71_<l^2
zQ4PCNOYNNx0u1md(jLgamwevtg$<;nh9|ACuAtMJtT@Of(zRZ0sPu#CDa^%pEvhgU
zETfo;vLJTg0VWhOmPt@*!2=aq!4l=aGDUExSgo~osO`g~Qa!b}@3}{!05#kY<lY_2
z6${gO3uNGbWSmc9h)W$ONrq6(ac>c|=5U$gImRh6P|LRuAf1Lyx|~<aDB@&b*r?PM
z)P~g+houFw!KaleIL<Hbdc|*Uj<xTw6<4X*zA1-Icpc9%Ie#*Y97}dSGaAu^YV=FT
zNSJ$8SO${i@q7^XqTjqMZYML^U;Zv|g!7sF3La<aoF(=}^`kxwpY;v38mOt!MDrT_
zkn^<(XjeOA<@fQN_eWy*zN3Or8PuL$KfLH!xf{$3H{@z2i6#7zmKfuEdpVtZgT;#$
z+iM8x?|oMzMLhl~=QH|cwX8L2uhp$@J*|@dH2*oYNg7`3CZQM5uusjxCjGlXzEZ^^
zJIBtAZn{S6ddaSFT3apgF@v*nty1S#Ww0mX5l_d<HH6IYh4&h=Y)`3v?#oXE%&m7Q
zapddYqTg;{)yADbZ`uUBmcNSoZDNCORcdy7jb3FmX8>8w-MVeuD$K0a)74rsn$|4W
zm)&fLb?hxv1&%hHj5Z0?3s*0fwauG1%F-Wj7&AA&bp=RPFIu-$%XHg2v|i<Pq~JG`
zNUR($t<<DUx@NALw*zf5AG{JXn$#FGyV>lPFCsSU?K%#7mI-32V&pe6RL=FAm#gb#
zHmf-3up8woiNX4&F4m@DY&b6LTlKf>s{@1AU5cA)OmE9-mc1{v3#}Whi*1$(L3fZQ
zfH7L<f7MIZE|#hQCY`QAu^g=U4>6}!ILqC7%&F<Xs>~|o-%0}$-^_q9t2K)x=S!V-
z>gMa!{59Zke(P*!F=zR~%~vg&?OXQha^_EETD2OP=B=w{=C#TW8VqZeZXMI0kA34M
z|3bu4z<*dqEDGjq_0p?cG<9v<v<!r@b)RypU1eEs_S&@8QBQQOT(5rlmAChbtfq_a
zikf7&n*8OxM_JnQGkjLZb?cZ>k^BRQxv%sb9ccIRT~~u8vvAKeCE_$KuYa|vgGh8i
z4iJDjg2a{<*Uv%tVBWa7g}|4lf4(Q?+;5G$C~>Z*J7~`1e+uC44z5LtfVp95c8>M#
z&H;2{>hz|#H~0~=*@y^I=Qs{mKoRt?6(fX1&|$YIiy+KZ`I%#6k(|BcaqjT>hV3uC
ze~aB{9yS5pW-*w;lJrp!;DXYD!+vF=aI26|<im8hkcp=J>QsmM;wV1N*f{0glCCz;
zs<l{skhk6;TD*TVA={EMMr4Two8xz06BHA}#LS4BvsI;k;PXDEE#;0MOH>fY)k?`j
zNyMSwdBDg>4_F10=h#g)PJ!yDwiH#mq#dko16$|tFOZ=%|K;RK(6QLNvm>+p52%__
z+R{<@$v|*`nfys?a&?L|B0e54D~$lwjSd6(4a1|$;X)TKh_pf)Oyr)@%vS<oGdyEe
zW&-<RC1!p6(!LE5xyR)cxzhT4DW<vGV{mPldJu&BE*8W13aQy+s(${|QmoXeR*!XC
zGB#!KWqpTC+OcL<-Aepjqt1E*D4egUDMtt0hcDE<lVbIA8))+8A&?Syi^O6eCHq6S
zOgiu_&r#-Ignjioo%==c)-9_qjD0dNy+KpO;4Iw$!YsdJtgL(?<1z(kbhz@&stMS_
z=Yvj4xV6m2dS#W?+H3I}LUNBjo6N5?9kNFA$JtTbI(ANtxuw;izaE5z%7TPRiD?EH
z|8Bd2rJ6r5JMax`zA&%eKyvfh`4?X~@<Bqk8aNxhWhWMEVXv?Y#|Gs+Z+G<XU+&JX
zN|_M6dowz>oGOfasQLR5lY8bmr{zV9P19N(UCFQCwJw&xq6e={TQ0h4{bKW0ery}$
zz!Cn<UF-Cq%ul$wpcR+M3M+A`pp{v2GojxsTCz)1dN#)Ok-|Wwwcy+{NnUbmN9i2N
zmwuAY$t;yqZ^wb}evruq(8XR#(3Li2(MsptR{M(2N9FBUS%C0m2meL(y-ofzp6#u?
z-9r%p{W=n2e!nv7zde=+rAF_!PU=7S)oX#YtyB8Vx~%8b)`LZ6bF59BZq-|6-8i-$
z%Osr$T_rFM7khk#+-%m;(J94K1PO!RG#P1DJPxbk3lS8>`B?!2_-G2ZnQ=Wa2sos_
z^5%W@OsrNUhge->${EXI+>tBoCjL~5I4YWONeA7dOAp<f2WoLD>R-%?xyk0@ofP=f
z^c48-=?VxA>(m=nRg)Kl!dkI4FuzN5qwJK&$wQSUKOKM>RTK(<a&b&yzqAt!ikco?
zHZ-EbRN1_Zw{Z|G=t8$Z-zp($APgJJiI4XYk3;`#l<AKBNa-^JQ5QYgtTwPFb^QU?
z;xLqR$iM{`k7@W1@vd9TpBuC7!0tT#syzv5`SRm+gqa0ZOJe9Ld;h-ToI-Y0oXJ_<
zwF(XI=^Wp#?IS~NXc_}tzpTI+u4YKqF~gKeJ;_T(*_tH;KJlb7EJV|vO<UOs)b;N+
z%nQw6uX|#(dXZ9q3g5|WdTypO_C8(0z($#Wq!lQlmo9YX+lZIY!Ym}e#&W8Dc-P5)
zLFAm>#J_5`#J8k!8guo)v?ru0p#4Llz?I;tj3*g_i^4;$6CB!3MD*2M4I{9QV_y#$
zYlyqa`BVRu{sA^BLEY%ETUN6HOIs4lTBgCTb#seqF8X}C(w=DWg)zU52T$tz{#r}s
zOqUEOwbyz3mu+x8iT`F8LR)iD{<aar42eK5ub)w-A9wOPIZS;eWArNFs>9RX+EJqw
zf^^<2>O+j?vh=$K4&xEJ2TunQn<Eo)0l{iq9v2246DC$`F5PW_(zK0l&Y2JwSvTYn
z`IcS#Bad7(+#`sNi&)<1zI<QhY+Nuzo-G^RNc>6`;wf-y09p!q$%4itX_SV`8INcq
z_0PNWl-5ZvxDT`3J#`vwC7z68r?S1+>@`XXjjbBHhv%7}ecpqBY^%W{iPWD57O$JK
zWmxtV$M{-|VeO)Ey+z~Z|Lf`;V1x(ScD=T}@7lI)+qP}nwr$(Cz5A|h+urx=_kaJ%
zNlu$|nx^;DW|DT=nQQK+b$fk-fUZV3GB01#URWT+tZD_kfeFIQ3hI0q6a0!?eO>u7
zXwe|k3nhlyA1@n7NtUx+Bu6FlugMRQkuBgKWvWdPMaqzvP1#Fpo25d_O0LhoaXt_?
zNcKC9kOUc>yfH0&ZAZ~YWh{BaJBg^*RNs$tjd?L*t&9eAJTew=T<|~`fNAaDL|`6L
zXXeBGF^K1lx&AETHQ4W9x|`&rJ7So5R7O><%s?_X{fVZdW_L(2S4*iFBLb3e@qj4`
zV)A(7DZxeK1FP`~31cB*mL^@rF-~M>@a8FW3T0AS+pa`34{_r7ei2_h7T_C`T8S?|
z%u3i{zJ=4|c^XZYHLg~2tdM;X4Q@~>C_GuRrAMcrIo{{r18Z?gS+c^n2@QA^%w(us
zFVf_(U(%ZOfn&RP;w3>|&-wTmX(5dQnIqSA+iGlUic_8sc=8nPi+R0Y&lj2%lTUei
zy*pMe>mU909W(>F;hM*MRQ|U{dX8BMj+Z(e)~cMp6dRCGe<^auC#=Acv&_2m`2_kk
ztn{^kloY#h<kBx0tdu6jVpO1}Z?%Xc1sB@}k=h<eZ>>TVz04(M-Cla0vmx-Uk6gIj
z3~GC8Dk;=M#z;_9@qL`(8s}0y`3N-Xa+a3}uas_$^^4d!IJkr7+r&Eb^NNS<%^1Bc
ziQTYI65!pZL(0PLb7KU<5P*i4S$b;!$R}W~=*G;jkmiz*1=g_DqB4z=F-Yh^bb*{4
zHedQPhnFaRe)yxEwUTC9l#2@R7Dr6N?m-b2%WPI}T(ZWh1!sfO(x)Iegxq{{ki{pD
z&kqivl6o<ArAW4PUxy^Sf;C2N@$2DBEH)nVKuO=wKeT`hD9Y9{)@z58<9I5m2!hi3
z8neH{I>sI@vyOA%C<F^;mmG!5HnJHCck%VV;$`Vh)|_@03bHwpNFX|qMfyq(DOe!M
zoyD^TN#rr1>sBWIp(+Qqtg)=pZH;xy1mA_WyQ-vLr*Lb7R)gX!g2bGuHA&N|@zJ4}
zwl{9daTx@xf$gWV!`lKg@=IsFLf}3v?DBED3}70A<U6i6Se^A=1|TMN2&q%X35?!j
zr~>eea`8&hy$nBf`>Vl15nS{DoXy~GW9aaLt(Gy=p=)2xtTiK9vaq$vfy;VphIF^f
z?$(}<>|rvrMaG*Bf&z6$5uR=^O2|Qgnqy&9fWU3Lz)D!X(i;H<mr|MHHy8laa9B9r
zQ}6PcKDSTL*!@xy6-6D7<-Ej6zH0PBcNXmiHxqL$^H&C5r*Mc9xF@g<KiqS>ROMVl
ztb4wF$}y2|a~@JDD}7_BV#cz|Xu0Z>(xd!zVZtq}!^clv9P1Ee0$ec^R)jF6^(TTP
zVv5oQlO%<-c;d++DbKyK!mN&Xs&Ff`RzN#{L?-pX7X;pLTgYY6KIbw-YRBClSV9)U
z>!9}>Dhtu8S_kzyGiuoC_bnK)<u9~KkOX`Xm0&OIhg!X0v1GaJ*yY%5NG>3Hd*e&Q
zDLCdRtUL)A{6t@ME!wiOqb9+84gFZIP|ivO1ruXP$8+-glOK>^eOE*1Z8`}!qy&wY
z^Z>eU?%HA?7rbwR%g$0nEbestYffZ^y6sT4QqHp3b3<E`-hA5$^I38yYuoX}jf6nz
zY0ZE&Je@%SK+qnKS<1%H14(<Gxw3MV(relkr#s}~JiYq3dhM~3bL{hqJBMZPRuas%
znLKn_C-K^~^=(%&3AcUr2ePh9w6sd68;Z9V3B7X*@LAlsrM;F<_gIE^CpB5_tQ?h6
z*y~IbL&ISY*8NylXO78k<Je(?%~@FkCtxunc;&~+JzTdZb74{Yo_&+=DVjHA#>`%l
z0NBF1t8pAxHgMe3z-H06m?&*8(PNTYTSZNzO3MnOdfyET53FEpNgy&9_~^tGF5b;4
z_o0Q0-<Ek3r)wy7EnrK8dSmCRMua-SqRBMM<}`})n?%P%sGzr`0{g6)!L|q*uQ3@4
z`J1zM_`omplggTV2?mH<mZOJK>shr-u_Qyb&ax%Q1M#BEfxJ#|q$ArCv)V>wsyXA@
z<i=lD^iGF6c@>aH5^5vk3{oNQ{$S~{LNi9PYPmVhlV^<hL<ruCQ~sR0?$2aisI0kW
zvqV+O_n$QeoOK*Gno=JC>LQ9o4L?jRJ`B#+l0;PdW%0kq-_n$mj<33F&V_7@>yTQU
z1i2VSS7TelEsoUB^6fwRwhytgzQ8MQ|FDe^>fOQKwih<?#yi<Bl&>z|w$yCoX1%Y#
zTn?X@*H0n^kl2uHs!g||GnJ)wax4Y5@na68+@a1D?S8`4Lzqbm(V?BWNo*`*7~Ko_
z4Eq531R+de;IHjDvZncqO+(D^Gc+n#D7KqWjmNVOcZeOJD)Z{2hcUb{zB%8#0|jvS
z<-hFzU~;{s%jk@&zha37B|tZ#D%$h=;DT0>62<6@FN-*Qmby@J0?bOrT76f@7?Cj5
z=*H4!aK2=+IXH43kNh>P)@-s8tG4}@7!F$pRKrLA7w0pd3u16#ju*A0smMKn)RYZN
zrfc2mHqBoHfVfCKlk=*-Vx@tOES)f*nSbZ1;+wX`KA_M=|DU05v2JGLF=CIdnml|c
z>%BV0*f~kaLLpIF18JpE>cY7s+8dHQ86*(azDg{>l4t6+#AX(D5{!TeXplwab@e^{
z;}tSMzs59q59Il;*Fme-a~iK?2D@Z=PKtL=SNFH?=ken4YaJW9*=riZKQoPro8G+b
zZJqDuj|ajO1Wh1ZI(m-Z%zkxb5lKmx?TU+_Ul$Ps-RtC^=wq}4UBG6HgdUffJe69P
zIW@{OP`MZ=e&S^`Ezs^~L3_-HPB>N5NU@bejj2jaun-3>GF;jk1BMM2EmkqC+ZA?6
z^xWF1MoDWkTdaE=HAUic2Gkq*)bufo3@we&7!XZLm&{r**CACqmh~6z#Ah<qz^0o(
zAOk=~7w67Tr!t0ob`%><s>7%Cnh8;zX4R^1;er4;F4un<a@in-dVKfJ@1&(0HJ{Hd
zYY^Q%d*l~4-l*Qul>U5_Yck1+*fnXc61q~md5*J{RkZ{sJfV3))0oN$a_uDZ2w8P%
zQe~-EtI*&@KS2#71lkYVkvTircGSa8g=jXdTda7A!NjVzX_vcXx^}esjm|qgHS4|T
z7~rna3hCT3TBC3Dh=LP(-3aRZbk`9Y*zjJ~2-mW|3YUO3{7@e6MOWS|SagAHRH;9Q
zn&3@G{o(DmpgR6+iIckJ{a6p7jMNoS2xz8M=3@)L#y}}QJb9M$s8icx4DVQ7y_bbD
zS{-v5{}6(3Q!FEVCSIHKIA8o(`fRmqp7w<8IiG<gDUIE3k0#I$g>UEjhg>wbeTGeX
zMDKOXS%a792go1Nly=Aj;|)kh+8Wlb9pThXMKR{iEkA<s5i4~$7_Q0pBxf@Y&}1h%
zvm_jhn_B7!hVZT;lm$+tIyy~S{<KF;c~VWZ24seovY?-$IEdsSI~q-^Kru!ubL}+r
z)oI?GN@wbte|uj5)mz*+xVu{-$K!WF>2&?Z5*LGQ*>IbgT8Z@h=$v@AK9c--(K2UH
zF@~Mq1i8c?peyQb3^B{!VL4(u8*@pk6;TA1$(W9p&`(G@+N7{J!n!134~(-2Vs^Oq
z2)QW0QSR_bC9k$=xwh@P&FQ$AHm}vr>%zPXBI-1b-?DC#lJ)5>`(<(<VH}*0j!19V
z2P(NGBV7s`gUgJizEDlB+)Hh9nz(gjELreWFs&QaVjhP3+l+EW-vv6ogSh8vPuc{N
z%^)Z7I5cV5s$KWEs5hmDlPXUb1ahG&nbaPF2bp`sC$RrcQkOwT?A&^CYJ`u$%TEh0
zwu0Cn@fK1KpzGWA3=dx=hv4idxu<a3>y!}9dJ8j8o^t6@v$;|{$1<O8bnb2N>X>}>
z7{2NllW&m4=}<qk5{Uo~sk3{z@@$fAE4}|tpMSH|%bTk5S|Bo$T>W%_CL1uT@*co3
zDYa!$ejj{Xz2llBeg`NEYlzh1BIhZ2msyg1n}DKy-@RyAluNJGl?23Iraeo_Q_0ic
zE%|iPYEhcY)ad$fv|}xIKu8c?)(RtH&}#kTX|)2^E4M{b<4&S<vBxr|vv>RQ)Z87*
z7I4{KwPsNVF>}6QA=gpxeWQ-!tl@fBV}Y8$;;=}0u<n9=-w#9Io>UKvvL2&eRLZ7y
z6zm-UWmfUyRCAAO9;20`S+?C0%dyu#sd*?_v}(=zGQsqQO;VD3;8n{Ux&mJ2SvGgK
zqTZxoVOI5vx%Rj%^xmbPEADKf#*NV_f7P2=S`;YeaNriTvfBN%3aEH`BdG)Vh{_`%
zUcPd!!PgmC%DcXDP7o}H?K>^L3Z}3^eIq&qq0*JAvflr$_I78f5>gyfAA%Fl(TBy#
z=Ir{@QkUC}XeCSJL1vz~AgvpxYdM8~?Zf%+565EMNCyPT{*tuK@}^6d;FQ$NlF`Tb
znQt^}!LX4Jt<T8}pWB?_r|P0nsfrDYWlm6{yJq6KkuBB)50B5W;5+&*FipJKz_U4D
zqj>#@V=*!I*Utk3l4gZGmVt82bUM~PLl1qVYxgM}B@lRLo;0kxPdxni1_ou-h{T?X
z3HsQx^H^=7=Ic-6WTJjUOLS)OPED)%WqOF=@a_2f^(r*Zk2_?bndZ(KD?!J^MT}@$
zx0=}#Qr3A>R@E&Y-9M+Dj;^M<*FGA_M^L00sk{3JzP`L&UD-U)Y)Kcd_s_JrF7~rD
zoYif0TK|K|fWIlmIxO-ZxH*eaHL%Lb^o~Gb86)stfG-#V&iALBBWzkOMkS_}d&uVB
zOrABWRqGWl*E*F}hImENDKZznwXGhtch;=06TmRD>k263#EdG0i>AwPHNDO8ajBz=
z4t-tcXM123FpAzx8XwSC_ujnI!E_fP<m-Va<OnU!o|NE&{-a5Ce&THd7*(YV8wxYP
z&jBm8%lg6meL-OqS+fx;;T?iz*4q&r2&Kz68|M%kpO{Y``_h4118%$=e)I=SDXJJs
zKP0?+2m#G>+_t~}dp%3SA4dJ!f&+}Ch-dBq3`+#MW54NTTz0RPv0P8v%>n?xV<*<>
z?cSj0xFw{47j4z1bUMj~{J5yj(^a){cq1ZpxWh_&G>Od=t$&2ak|sav(SD5Z=|xli
zBJ#ntv&=7=Z;RCZ_S9Ln^+rb3o_-^xW~r8})VRc{ft}&V*H@)qmw+#d;7Vk**rLuZ
z_Y`{MtqIKS5Mg1lFRq(g)mYZCu6_tbf96(2iD+H(Br)p`LbymsALx9HEd+X$IN@j^
zvD0YU%zJvIdD&HaoYZo4C*8K?P4w@7z>(|6y^dL4#0w&nqn&YOAqy|3m=cz0)K81n
zO;T>|SZTLcS?13+=oVNA;V%_Vfdw#7Wq`XdjGJwou8chA2;5+taoUyhK^y>EI?XR0
zG0SR5gB<sc&+-WQi~Qnr*U4*~5NzCQSHYP#$s{EjS1#4W3;On8C+(WW3`j5F8T5U@
z7NUa=^h<1=l3%x)8U1img{)3$kr<|I7D+3A#ISb{bvHMqct`~;=(XU?k$srP4biF_
zCMH{KO*YMx0s}e=>D$d{UB0KAEFY|yABKTldimvzd@Qb@uW2b<pMNJdnR9^CuBMo>
zCVXpxwtoDAdU?WqbKAVyJtjWcv-Y?mdYy=W@w~1iKYh5+;k=nU?Dt90pnLCUvBkI<
zKXt$G2DbO8vwe9UMHX?x^Yk%df`@7#&xOopO+)wfq2qc6rgcr?lxsA3F4MOW`qi*`
zh-jTnBlB#eBYmX_o^-}qt!hqkuacK!4@QF;&g4p2*@=9J-~=0!Gk*Q~0&1Bw2-%mu
zWw#?DmE9bCUcdjJ!(6(^x<h|VSJtno_pXb?#lvY+pKcCWt^VLt)8^xD?{4<?zfiZx
z&E1cht3qb;TR=*#-)RZbaRUnKT0?)$UgSCbKpPvT6f`STyn0R$^E`OC{-Jn7JKN0~
zw8vH?S~8H#=+;eVUi&z=c)R{kY)&}-4F%49z(zx*f(UWRpT>;<!QdwwK)7%SODL%K
zh|@~{1O)+BHa8lWuV|yPsd5;GPJ1(Om-tz&G}|wc(AhMWBQ@&rta3vz+fM>t8Vb78
z2wN&DI**V}7#B}vx&AnC-og9;j-W5Pkb2@>%7~{OBD(5lw*LD#Oz$lF6$rl4B4Ks0
z^#RqGuTfAVi>iHb9ou!GKAmyI;!0;$H%IhUyLY*d9FJ?R5ro5}bmJgxBWUR~%#Ey=
zwajVt)Y{}S<aBHvR&(-n&eN%!rOPk?XQU}SS_jr(cd+`z5h!fR=0hUm-ne3dH-FTt
zxr(NopxlcZ2Pwj~vdeCLNo9_#V3)hjE<QM`I7Grc0kkXdmu!uWNkS@ly_7cwYQ>y|
z95C<<CjA+hPLq;7<1So;Co5X#tcgosjn)Z*8|1A`l28r7UA4(9jp~_5_bWdYag8Nl
zwJ#XL{}nikXe<~;5-R;!wr#7tTN4ps#_p_E>)xHS<zeuRmY0471`uJ_#pi^!nq>Cl
zfSKs!w8njSK5q!5SHX;1_TE@AIqyq4^W$!zZjW5<K7aUIGoIhZfKgHT!X*bpr(8_>
z+$|g!RaffzIazrTH8u_7G6ergUvY8-x0lSa66+hsXmUG$>PR%IUF*KRSd{W2(&gaM
zWBO+#$n;R+WBQKuL!?^CQ(v=L6JxM~NVr+sqy>$~&}4;df$aC;BIRu(j)2_|35&p9
zV6%u{P{y43?TfFpJ9R#Ol`H&5Qa;-VjgxZpS(BTp=8DAl9smL>z62U1H6fgk4jZrp
z6N;ibho83w>;$8;Q-JwEjR7=_Ze#`UIkD7fS+>HvHdIwHdMKlSYeoRY(4Ahfyai>|
zXxpQ7t#Y@vKg(J`#A^uWrg1{c?CS(eP+FXL9<|W*N1TGD^$sY!@>O$ke>Wk%s{S_;
zEU{$MPGwt{gMkVTPl5lt#z(IGCthI#vMiPalpC*$&BeNiB0Jx|mbb?USsCdE4vg~!
zLCrQXz~4qwp&%XSBJ}j)elr#{i`NV{!KhA*MpcmtI0AYSAewlp<9}I|+vJLLM0;c*
zP$iamhj;;NbQ+PRa=HY)j>DmIOBh*>Lits2*#>j%R?l+RVx9Z`ox^3S*8qvUpugxR
zNCmAls7bLQG$cf}-vIVN1f2gxjkb~ARosP(!2buu{hOL@SG;r*+{Jr&Da#7sHqh2u
z<VHD!I6`vuh3@n}1htVJ2rl?hAVivc;cXJK<N3!lmWOs@{F$*Yv!~!*_V?p0eOSd|
ze;Hlk5;;|G5636^(!VDA4!UkTJNg>3&{u1AAd}UUnzDpHh^Fcuk6&ME+06gin!&8a
z8P@w>#U8dNB=SCk9NLT{_9fUWWoJc+#F`u)C86aX;kU&-{<;Xi8jBAM^+!-5l~8R_
zS5!Qmvc1OK|E3#J0L}YFa>lbHE3#7v%^8W`H-Vqo;U)(+<vqoE9$MdCtC5}vA|aCz
zo<_2i8~Kp^{$)@f?^X<xv*b6|`$_Jb=g%%by&i)^bGFZLdoUXFhSWSLiwr2FzIZ{4
zs7)<bYSi}si&2hWKgXumtk<I6*Ic3tMq=LKv5OkrJQGR1NoRR!=YzC*UzzXN1*=>1
zw#qN38&4Se7Ob2j7)j9?Fx(BSdO7FyD{{HWo?yEz^^A*Wb3IA`xcJxi4+rHdK}L2+
z;g5KUc_}E1H++)%*CfvHhC*zj_gNoV!(Tb3Q!9230c8+50{l<Oqs%UHW8#Kk;2|f#
zC6Xn!igmYgD~5;rlSmkR{(A5(5)&e<T=@|0yT<-D4sBH2cZ$0<Y$y`NaEazZfwlT6
z>$h3BQF_i#5HwcoZnoF<-&ZXZ+y_1!1O7)nq`N5C24Qj|WokbNw^&6yZ~<{_*dPAW
zOHJ~qhPc>u7jra(#d>9aF&R#)Z1Es)P=YaBkb*eF>X7>eSR~;bVo;a`xCWL2h-+D(
zG`MpAU=>iOnuvlyJ6W+A7I6e6EgzA{eX|gh-mQcr{BRhKfN?@dcm{>ZiaSg&K=`wS
zq9^0aI|_$eM9^z`AYSo$ZSiNKw+prdTaZXmdno8J;84K0S@i!U#au=K(Aq?ZzNGiX
zu0Lo^*{f#Kqvw5Ww%{hi&*6e(gFpJoWb0h_0{(-CEj;~T@OluivNEPN|2jVX2MIF>
zh)uV<kIa9<RT`Ak)~!c$8gNWx^6+F!;KfSqbvB5*YwN2rM!d<&Q<WO5BDiM4l>Qg(
z>=~S`DtWB<&NHz5c^=5J>~(NCcS55cc?S;0+VxnB=)1l%#I6YM|3Sgv=Sdqn)G+l8
zxrG}Oe45uw_9vi+Y@mXdRPG=3h>5}In3b>rh_T;~phEWdy3%FedG&5k_Xg446``*^
zx)Zpg+W<OumG4Iq>m_8R9Ah6+!|CpMilr!I!<@dQPgaimisOM-{U6n-@QUgR62R0F
zL5=B3Z+RLuh)n~bDZgR7^<_h$$(#z#{pFIXBC(Cak6<IFF48+pZ9)xogQ<%Ue!WzL
zR9VWDmw!M1Hog9yv?fsX&DEVLvL-MSh-(uA=%L0?n>FVqw4^33-K-t&naisu0Ra1_
zwnQj>YQ2<Q)2(~@0Kn!8AQ6f<sydSVfjskdubXr0%g8dB2g8uy2$w+d1A{;sO`>mo
zDjNjN1Wb`s!;0c(7ux^}&UH2hf|sS$ol1CGBp<Ul!sQm~6W?LW5PJWyvg|I&tE&E3
zy#laN+!B2DnWsp(_6kH;eY}O_oF1+xTl)g_V#Bw;h8GQVF_EJ$M9cr?KY4nZu?$DS
zmWO6dEW^tJ-#09H;nL6xm<1+}IElUAe9=l{Lj+MdCz;$)qx0FpOmAJuy;Iz=InSYS
zHfVAXQAPx61fvg541Lv4bYE?|=KdS7r!TR$3hHcLM`6z}WuR9oLH~+wpk}8o#@Ok%
z3KzZYb^v8W6?vQNl1u_4Qad*Z^^`e@B%~md(O9gUC~m&zUuU`&Ch>QKfIXd9d7mVQ
zGq7qfOZh`#hsX<E%{??oFZ>%_o|Z*bY|GdI7aOORlRu1SsqmcRreFxP5|{VTnGZ0#
zbw+vid@QgUtwdHQLn+%w`kVqn%R6d*D_VPt^2lQ?TgU-acANY}N!jS2{Y3Ey?>y;e
zDQ24?_kjJjtDhe!G_iLIth18CxdaA?JB!$DKGrV?!nv;kd(E5d$D?FMUW4!I>HrxO
zM42`v2uSu3RS!)g=vrF<T|<LWn6Hc9g`A+2{r=BUbra2>RbAJ^Qg(F#_)3b(nsUu1
zlL9Fnk%@L~Wb)O&K_bEhqmkKb&*==+^H^x~rb!;EEG!5~c4#JN<Z`CuZe;rTX9d*H
zDFECqTM$3gQY8Bhk|>P0uHPVvZ}_`0LE*u0xNYmyk~yk<1<N<J89Mu;e@WO>0r7zi
zEPzz1{c8X*Xn1o%P_+)4&Z!#$^&G1yPwtS^z-S6z;tKejn-i|7Dos5j&o@F1yIjlF
zLvQ1h#~SX!H_+8SBn^Hu>T#5Zq#MFT=oVh_{A^|$gYdeGUi7A}O!WD&L#QvE&iR+}
zFsi)0#srjagjN8ew31cK^`BSr(~H9Je}l3EPwb|L?mUzVmjTZFy-rmlTDJBofyeov
zK;4q)=M|Bzn3m=Wm=4QoIaG@_KL~73Ye~BfHQNXA^SO~Nbf}JB{(wntWv^kcDG%?g
zw1=)wJMv((`4f<l^E!pGEm-ULfTKjhi^evrB;x&-o*S8r;AD$&KriKrH0EG#Zt2v3
zIfMH%#tJ^HK%~<*NA@7vIpp(xUEkizYqO8#LxK~xKO3fz&gd_~S_xiaU2#REGV_x2
z8{Y^r(5C|b&Nug;7cue0n%-lqq22&xX2y@$!p(2QZ&+V#i^>hRJ)CCMgq1c#3&1}9
zpy;-?DZHg2kZ#8Zu7?`l_b>hjAEBntjlf&8BfAHy_rpm20uGd{g7sBs>TDqBvg;%v
zncEM6H-WR(GdmDSq3bMTXO5-i@s%)Dy*|9{BXCUL53PGM0gi75m4p)vpVNZ9HpLca
zmh;#hJVMlk6U)}SDCg`6JEa-d{2{`%(wYPk%gmzQ2xYwj8<V_o;yiVm7xFvsoSv1s
z9jE=;4;hYo``Ye6r{pgL+4{fRBCBbiClr=`<JpFivoTKQ)88ihV$65fRqb~SX@Un?
zLpZjwN$1ofZ1`zD17}kEiOL2L5+RL$q{d+!H1Gs|-v5S2letGa*;`xK2f2(Pi_8ue
zQ1NB#M|#1eq*eYf;N}vyO?wD`X><YG)k|G4sND38f|5J(@`>D^LX9cuuIr<d#qqo7
z9X5K;u+7Y`qRcemj9_;PjV$=cH8lL1%<uIt3-`3&84pg%NO*SxFvhUe>F$qA<!Qrf
zZ{}ChH?=4cpXScTWbIqM3Hh<2z+Cb#N>ka3O6J44j5G^M-77DuI?pvX+oM#*p4g#T
zmD;D_(}3mB40@D*4kZ{>P0qtN7{ZD59%RNAvHN1Ig_?E@jIUGA3X{e8hPj6#LOu*D
z_o29edui&gg%)zIDN3V*M`HcyEd;}D^_hau_G{Ky3aQLNs;1&-PusJ74=B)ztxC@=
zq9`rsjO1zrCV6U}Uj|k`+zCya96|lSVW=IO@9fY&I95L_Fy%<Cp~|h(h^+7mJqT{C
zd*f6UqJwFkmuHJ&X;TnK=&kA2^nV_IZK&jGJ%DehORp@V(mmUZG|Rdf|C2$0d!99t
zNwO&rZzC4!iP+N);>1<YLpKbFvN#%9VVQdnOr+D$a0!Pag=Z1apfRoSf(JQ!m8%ik
zgk~OF>M40v9%{IeS?azbuI9ZulxvbvX}6g*l5qk+W)gWc1}U}J26At246lQQ6=^e|
z|2ZIjFB(t)1FHlZiuMBIGo+Pxsl1@V9D8ggN!nXM^sm8@WAXEe0{3O0G5Ba)WXYzE
zhe!N;qfA|B8*?94v=?Ur=GxrC6Jd#it)J5+%Vb2EBTbR+QftYI*HZHe@|V34g;t@d
z0olx847@JXoD-YL+{h}4UOE+oridCW(u`^1thjcm&RX`25?m0IVM|UCzx=TqN+Ml}
zMv$P2l-^Ba+$m(CN{>$u8xx?h*%W_najerksZaU1hcV2f-OcOa@bYtY@D$~8qbq=c
zIpv=g78=V$pYo;5?|uZD%q<C#HRnB<)+?;yQ3$85wSdgnETD+7fA!vd2=h|i3|kTN
zjYw5}qqv~rKI^rlSU%j2XhB3X%`T_W<a)B%e8qE^2)HyJ1^NZ#cSxBuZHbk-`P*ph
zZlPfF(~eD)r^wy<C<zl?^j`3B`mJj#L=X}G26T%Lbg_w~a1Ls%A<)NVPL?`4EZOrg
zW$jl4m|SdDQ2qdrDQaX3XoJT{MoyVlD<=40iDC57=5KKcq^kJb(z|8ida9oaj5l^{
zYFay0tfdaKM$zRd|N3TPWQ;zbo@5fTR`KvLo)@6-pzH`?#&S>XMt2$nIvsUjUd^DT
z2#JLZKEmS}mJZ?DuYR|M^0$lA6MHB`I{Uy*AfTXvd=qX`Laqb85+mgGbC{K#rJXG?
zBbBfg2L5=ABDdXwet<HHEoI!MD=AoFQ=avWxHZo{Tj7>={y~Kg{?YOtgARIZ*HGAF
zxjb7W{vp%bG8YsiSIY?m7tAXR(vFpD2yXAz73xc5ZcgY$eh9Ti^<hx55+M>>z*}CR
zdkF8vx3Gp`QNKQf58*Xl6ch{n@FLI8K$XfXu;a0idg0eH^eQcQk83~swj$u{%@IQU
zLlIzVG`8J0JZ6FyVgFE@njXvQ@fJK(l0869Jg(hh-LCjjVW#>hWMqyNs@(5C)>k>f
zP6A1i4*w5#23p2>U`R&uq<o2d=|tSkUf)pedwF`{3EH>{z^}>5P5LO1!I+Hbzzzvl
z0kF3=ZGY$)3DjAXL%b9ifL{S(g`#r5!*y(odE{t;dv^Q2T_0#)#^r(I3P;B8CbsKF
zN@{3;+`n?4YWlq>H4wcl!zR4HxZ|K>w)AK><_3H8N<gEwiu{FPpHok;6bVN1Mh@`G
zf2hBQ>xv-pwnf^<PaE7mM?NC#I!hH2qOtx+O#dOoo2`*9!I!uQ-n&t?UP$`kpHbqm
z1I@PIvGmO{Ne0qC-INR6kWgJEf1*!p#`&e;h@2Dv1ZKY^K?Z<|YA10Ar6u5?rSYfZ
z`@ctVujA|Ln8Pf{gD?6ZhOF#LuT&B331m*FWLA%QESkNVTGEZpNsYEKEzOEZ8~m_g
zu{P1Tx9eIdSrI}WV}xWBb&i7va7-gjDq>A9x5T;{4uBQ-tF;k|;5t=_gL9l78A(V-
zL#Knb4{WqTIEJDc*I7lH0to^2(y7><Ej(uGrsg35eKJB~`!IA3P7t@b)7bFJ62WGV
zhpZ(pl!VnL20n_;n=9V0`_q3y`V7SM24hKMTAo62xZ$;^QJERIJm2LAbrvl7hifhY
z>5F26Xl8Ri45u4CL=|lim)|wZCsKxio{&1wJ_jl2&WHb=Lx6>T5|Rp4zQNF$G!EPH
z!&{V6cxaTbv+>6K1JsbnYOP0e0$2hGH3loTws6EcOnxG$f>qQ&^J|y~FLC$mro2$h
zS^)7Y0G%TNt6NC=y)(^6dU|WM$LFyrL$}q;Lj?@Ztcv6L?z7JNxu?pi=lpvwR1%tB
z*G1i;m{y8{MLJJ6Vq|->?QE8Z$@s1?*K*JCig=Zk^?l>{<QbhZAts<1w;ubFb9ZSo
z$mq+-NX76%n{tVu{zqx2KD4I|N=4r+WIZ{`@IG26_~-HW;V4-JOdK?KxuX(KBwxD#
z(nscz<l8mq8RCev)Ju|m6*fShvzYp0%o|ovXS6#S#JMOoxxx1#Yzh-;FOT|WTndx$
zF8g|nN)Bw^{P0=eQ_j(0NZKRAtIdtxa2%2v&;}R7LI27jIU#?)sEKt2@w>-tlxHt~
z6c2|mR-B-nP(ze|Ns$3J)SUM|*(R$KX7cuq9`<NHjuVe^9^WHo-ffZ6<RWhm*of{f
z(VN@gRcEC1<x9;f`NFwAg{{7k>SGP51|PA}G*!t2@ch;KlW6oz>of=_Z1mUYkWPly
zSudeSa)iv45Q!*kPw-EHJ8OMyoua5yI>Kg%6@@??)`b`v!&<V+Y1|WEUigo3(scAT
zEvnDY4!V^~T1U1kv!&2&{s-F>^QsCee9de&f<~|A=%hJY#mn~8_p~}Uy(6;gHVi|F
z4!4wEe>&@8mFKo%DfJ(n1Z8(m3cCAKj8VZ68$RKk{xOk0!l;B%_3Prdgu$tJhVAXu
zUpxfp;#Y;iwH&;qGSdV2&uU>*7DoWf!0ZeY$iT_`8HDy*P9uqSa8Xf&s$>H#vWz-e
z*)TL20B%#jt`{7@!G@9<8mb*roa42SMvG#TdLmUM2(y&i>TetD;RN338M3rK%;YsV
ziW)YHs*;TiUJGFr22gl@GBi_y&*@}JBS$FgR6_@Da9Nfpk<F40aQyig$nM0Q?V42R
zW9iA6=5J%x!{OZ-@-M|tCq6VA>@Jc(G5j~HXHOUpVkqzSnc>cU=PSt$B{;X?ved%;
z3Ikb6OWj1~*ZFh5xY^`aMu?1@RRzD3z*@$alc%GNobZ}^|4Eb5B?ZC#PuMQR+<xbT
zJH9zQ@Nm+Dn6;z7%}}BH&;)d_&HYuVeH&oLVrv@!)IG3(k#r_5VHovV9{ro<<=enq
z<AwFP4ON>&b8F+1Oy>refvb9$tXLOlY7+=ItW`OXT}fPOL|H`+$7aKd>1J|0o74d#
zX5uQcO#Hn)Ogu+68;F+YsfjE0YZYCM$2lZ`Ba}01x+bv`X(&RW##0ZP@W8+A!otG=
z^oG}f*%TB`GB=2cpx<krR5<$DbZEhOTN$>@^wdjQD}bbvhH`{XuBJcHo~m0cLvx^s
zdJ3Mcn<ZG&&7?MIw1n6;@VAwekN$CVA6bpe!t<@ByVYHY9$9W@Di1i8m7j!)i0AEp
zW%AoaUfI*p9*x89jS{HzMGp-dlL>$1RyZ3;Vey}N47TmIHgV6p$2myhokxW9C)LLs
zZ+p98@q*TNTF+4*+MFO#JztI};)T93PTV>GFx>oMiZC2}i?9CeNa6yN+Xz&74`%I?
z{b7kP%pLHr;Q?HHb(fC95Blef5(ka_4s8z=cX01WO=l^wH%7?(g7g>epRgVc_&DQF
zDoLA9`It0&6A-P{(6_r>6q?Om+o)&*bevk_iC5dA0f*yK!9M)`ArJMGat!eBT!|*^
zo$Fi+yAoLBrChRrhx6awNtt2{_F>K)`1SBfEbiswJX*ax?L0&(%5v%BKx8W~AIG1?
z5zK@zVTZHClDT9E5)soG-Pd9>&^1BpqIW?rn+hJU2kC;r!=|LyGCtj0?SJIm=2OoS
zySh0#dU<+Z3hsko`$=!6CK_>zOG3A#0`NL}TJ-B8+-#e;;l|lU<qsy@ZWd|4BhWMb
zuUqz21hfuP?$ACz#11^u6B8H6)q9*nlc*4sCabGK`ir&hf(oa!hN~Lb(}@rl%&M%;
z@9k<|KV{B>txObEk|d0UGx}ONo?EDY3=oEWWdq5h_v)%T)XoeWZ7MxH8X!7i(V6~s
zLTZ?vrKhra4hy2`eXIPYRS2<Q6cM(7qQ1EQ%cD>aUEC-5K~;MItD~g$s!=z&7Sxyh
zeRtU9W~VmZ_&w+OX=9=G`np4dwqTfIURHDN6~OAq?32Z2uMsEe2>bh~c5@KM5kpzX
z(DS-cXM`ID7K6HiA?s`-wC+}%TMaXmGU;kfZFT~txKi^dcQW?MG|Nc-hc;@6T3e4z
zihhdUIRPZz?+oxf73^|!VfQ3mbSjOR?aO?MSZYt_@sxaKKU-p(KKiTn$@KADAy+!l
z-8=d9v5s#mVF|QPY@{ifN6U@c_z7v8oa|gV&UbGe1}nB*#dEG#^xe_$HBpy8XL-|h
z-l}y$O3AL8|NduTsxdUVIMGioh391qcy%O~p*rgk7nuoQ;@QdV0h6vGv44ZSwsdo}
z^f~$1r?0WO;S3JJB&2EyJtVk0uY|W<z}Vy2A^v!bM;PANy<spyVG%37dJP)@o2!}(
zB&(G7-PoZ2Z<uf@xu>;^n^<2?N$&$Cz+nZ}!kbcEe_;?)$zgiIepuWZzWrzuM*#=D
zWer#P_(yTPYoy8B=;$}mZ9^1sMJ~uoq4fUJWPtKl4qKmxXEU=ojWgGC01t^qUNFxz
z?yJFG+`tIqWJ#CzX;!^9b291$aYI!tW+u@$A{UveVne|fsm#e?);hNy4Rn^Gt9)qe
zACM2-n?b0>%~p7-m=_naR9P&p4cnF_AA}o4>HymlO0h*9aJ~b4z)tGaRez$bV0i#I
zcpg0$Umod0;D&&Q4@biS(t_+wS5|N=;AE!z%xUa~=PlyLW-VS27mQ4U`eknjkpTM$
zN)7kdVhP{$$NakpP0M8yl?BkM+Kb?iQ4ReYf7DZVX*K~h;JW!1)5GJ^E!`Gaxks2j
zox`<|UEUNM4@T4rzRw$IS-ZvZgsP0TT}ySGM@S<jU<0|4e3z!%*lt8z&^UD%lvOP0
z(`XqpuOHb0U=XH9xXF2Y=I7OVDl}21$K&oxP87amr3IF54`ycP&23e8CpR*)=KfV@
zt)Z@dlGZF#PxH8H{Sn5TxJO@_*4@gR(&G><XVfjR<o>Z%i`$eg3bzApAHUHr884Q9
zN+)F=FN>JppY9dA5~*DlxdI^E=brC37awxBa~ofBl)aSI*JY1UmrZ=Vd>y=gZVfnm
z$${wRoKuX;Xs`0?=yNCp+RBYrH^+ZCADo%&X^gT4L56fFrGLK=gCoLVIDddb`%Mr>
zn-dH%3o5@YFDLEX+#222O%i>qI6UV5e$Bt&Is97wsU{&nj6>%Q%lA5a3>qr7WGnyV
z_f%p=yV$T-o_g;*7Cu%57r51O(M37b?brfE*XY_9{{_z$!=(S3hjo3d;JS1!J7<Rw
z-1Z&TI^%f}IOM;e6!zeH%uIBJvMY-gjkT-#ciSpqSJGepX%>M{6p?xyqQ0=20a12i
z79E~y$mJDZ^G8M{qwb3bJ4a@0H87sodFKzGM0|>4(nuDW?!$iJ#ssaJB1`}^pd%Uk
z40=2JG8cJskfGK_y|3}^<5|bx4|mK%7qb7BifAbB@T?}X1+*meui2Jqt^Z<CpYA>#
zhW$oMX)M0b6w<WT6jHOb4Qf__36Hr<U{6Npq&Gv6LB-HkqCn2Ryn%mL29yvsMrc>2
z<1<5!)>S2y>S&`;6ocgP`G_1%^@h;xYV*@3Mt16BWvcou%+p+qwnx`uc+0dAn;adT
zvQPImkiQ0V?53j<<gMy@c4VRV8vxAl>u%bRea3+Wb6#Q5;v(DFu3y|w0RGt%rQ2b@
z3~=%xWbOfXk5JPDw~zx(m{@4+52t<yH`vv&o&}*=1|qU%(<$)%yIvfD4ThKrKoodc
z6Z0hfB$54~zJ<g`ivdJZaC?E@Cxq^q1!K?XA|^fbDInG(dz>M+0+i=E+s=K75PE-~
z@egcnXYrg&?p&i;&;a|S-HGn5Txn3=dm>i$v}w|KS?8xy>q&AS@wu5kXj1^2MEAhb
zjAJ$&xp*V~zDb_!P#gTcz-^ajG0^TC_}qNJikb<{87(_}{sf)g7IPqKCJqi7^bgM_
z`RTy^y%;9Q?#w;A#4P|2UV4yblU+(*pGv`3&q{hVyT59*Tpxy-o8!(_BCzep6qr(W
zS3p)5tS~_uZ`B-3zKhB#s!Gtm8ATWu)GQu-j(CInq&2t4BE#E=At(1OE^4yIxw(0u
zsUh4;pYbv!j;n%*tYfitYoueb7KSji(*W6iTwFXnsnIWg$Y{h_xLg)d_yS;p9=yGO
zVSP^hcK6#;FC<fl-f&#>9>_A`U3%*Uc|MqYVnBBfsFVfxKMW|O=Yc)Ho+)WN0;2~E
z>cJ0K+P^je(I@A7qc=yiQH;(YrAlbk^F*;XA$eYLONOXCc3$H{wRyvL4FBnAJ~Fc8
zQIO<I`*9M7y&Pmo=ou|mH@p&K_wsN_J9gjjI~_22nG)NGMxB)SOJcL0$(1KKjfZC;
z!PV-gXX(>Y$18TUkr4NRh;@E=N^Tam>=kcUNQZ&cPm}KI7|1QQzE!jb$kmynn@hTQ
z&K>)}<<65uV)669Q8+d*bsBEtjenPwuBhlLKCOMnpMb|Sl9+}^_cUwa`aS&Fcvt9(
zkXMxcbOP-?Awe+|hl69Imv2P49W(e^mk7C^Pl6D9SemWt=r)PfhO?Q+_yX&x&DOaR
zs|y58=}ByX^?+T&E)fWs`|(cmE)t8D+qqC2fb7x9$Z1_dGgPLY<tV)utx=#6P=6a%
zy<whc>O&a4ZISsM_CG^5wATMSWRnQ}bJXWgM8KCq<;ntANS$?P-O>ONtW<2nPu?X-
zdbf9U(1I<2r@ioZoX0)XH=)~3cktnRb*Vy<Pfg>wZvB3}xIN_JGhYc!Xcsxy9k888
zAk0L07uh;EncFKcVK23X3}ZpK!7EVuJfM#ZVgd)}6_{hxASbt112!+v!dgJ`;mPRn
zMV;EghwPFn-izMpd+r9K&&Eu}9a$hU(GmB`Cq?NXCt%Lz8j|jKJC%`B5S^7mO;{E!
zp2a^bmAM<-Y@(~z#*7+1uyKntKraoqpr;mqjVR0~gLGg^FIcC?0B7RtM~BOPXg7i?
zx`w>hU?t&*Bhner7}Qlp;5QqN66rXeG*YEvLM-2V{$N)4Q`^MqL3zL7pGcxs|1muu
zk(CwcE@FH7EUzT;u7L{q<(8Oj)Mr4x6Q#kM-t->NgkuY&IK6<8`}HWmPiP%k`lAzZ
z2MDOf;PGPvAPFA<*BASA1O<+%?Fo?Fey?8iydI2cU7v8hY2EKzzkl#c>=Ac1C4ip$
zg;^+JbbQs*w5JrK+OH$vY*;8lk6Jq4HMV)Vz3(+QFgr$p-15oKWq=AzN{-`2=)kWk
zphH%LUAdiZ<3mVGTXVL4nXv7OQOF5Cu}PchjrVwPx(R&<-^jfHxoRC)h$_ICedI#e
z_qdrXVQw4P%f108&oMAfgE0J~GR#3pFp>LUsL~Cu2zW{;0cobWkeXIEYuiGA`^8?%
z#d$oYao{cz1s42<qvQfbpCpcm6=&sCnB_zE{<5@lO}rllxH69O<AaIpGQYTbYQe#W
zkez-Qk_^1Yt+;?g;LfzsMS>G!Rsa>9H7Q%9gJy9XEqD~2MZ1au#jL`!Vsgr%<8WxE
ze&TRFm}8!K;Z33kW%QKw!RXlWjlN!{+}<fMC9k?Gxw3k2u%i|QHEp<=0?FZo7}w=O
z;0TYRUbEVf>6O5Cpl-rY2fRkB!PlD^okL~<@rIb4B8)Dnn!b0y9${i+nzT}cV8OL7
zL%MJch%(A6;g1=ri;jR<)K9OB%5HIhPh9diwR5mc^@JweseC@fpv*P{?HR`WJNfB9
zM$pTj-4g{cK=qh&skbK`5u<~cT(U$SQEu;#<(w0+MRMG`cZ_($@`IbA%ieT)&pni&
z8OiK+1|;a*#73K^<fkOe(%?iB@uy-j%+aIk&!(hRzC4zdhX(eXvI&^LTn2ETpUh~g
zPpTnbD2d25KLQKc=)|=#R1ACN#@nW^zW(BTqAk4F1!z9VJ1Y16idanbZ|=)6c0UIE
zxj4iLCrF4bD{cvw?I5*c?(Jyfb$h*(Ch4-8)+wo&D*LeW9zzdQQIz*f<ayH5gt(nK
zvI9wh&iS)3j_fR>Cp#yY4cUSe(-bqg&FB3=pV8ZRc<?&kLEAq?6xeUIY12*<fHH9R
ze)-G%Xse3xZ;W>%B^tVZ(CX`;Us7CRlM3Z*+OzSs8;fPwi&5sBU@Cp|#1&qfW!xax
z1u(K)Tm$S8d5I2$_K5l$Z}$GS11$T;VZc`GpC9`G+Xzm6_pepU!C|Tc#WLVKJ3^JJ
zy4A9}5;0pEKGc$tiZ1t(mIo=zLkFiv7kea@dn`|#Qp{skRbC<+XytC`mA{T59k5!J
z+6(ja6s>fpks4J9;p@oks>~TO#WI1_f?Pc)$)GvX!|-ycy;6;DEy)8dO99k|*fT_U
zoeETiuI^j^h<Ry0EUS{pz^QmmK&-gR)a**s^uly?Wb1mJJY!TnV_eQyj-LK-m91Kr
ztZIkpD#_M$IC+NEJi)CNxRIB+wL5u=)jY+n6u1$WxivfeLZ_ZJE@v%APny3H+mcn?
zFkLO#x*jLb997R8mot~6C(hrCC~acGxzNN4*%)vvZ7+8FPiV$XSsFFD&Y4+UN2j);
zm5BgMneXt_m9#KvZD?+x0a6!vyndyw%-UO6IcS5_N1tpzYHM;Wmeh>6Aoeq6y3M)$
z3e#HAPX8;s{T1r{3eo>7Ok0`t{}t;0SE#Sag<M)Q67pYR*!i`0dM_HDD8Q65LD%Wf
zlPj;ZUKBi$zX|hgF8m@odH2eqdrL+4%~Tiz)gO$78_sxdB4=df%!9+va^_?Gkus}F
zW;W5<9ZB1;_mrTN_^!uw7R`z4e#5B&$#E7}nc8(pTksoAI90*g4lBp7nj=^J>SKM9
zBRDsioAQ(`IPMng>fo(~+KHC`sAT`6YWY=d|EgsFN7ZBHn4{{*MZe%!kK~w>(}Zcs
zmA4QOWD7`r$h?%3)a~D*8P{fMRO>pcqrg*|ebn+s1*9(eFv~$*Ihvf*jTZM?C*nIC
zX(BD@j)|)WO%VE+6I`dw<w#1h51QS-bxY)Nx`noEFe#xMwM*!4LVTNjSV$?&F=2K8
zpQ=9kbkwOCc-1+m=X}pxE=&>M-7eUf$g>v6M-}q1;Mc<_(eRZR3fAr7a7bNJ@hL7B
z5?K_cQxX?#R2(8?uR3uhZ<j=q<AeI16h?F*8^h1&RL~9!n+Jquk2!F#nU17Z5f`Xd
z=mDim#*a;>7rkmTtY%F)1#Nj>c<2bCOETaPKY6##O<H(+*>1c2ftQy81VRBu0RRAi
z0Pyyy(f%;pL@LGs04Plb06_me`hS<=fdA|nIhq(ao2Xa_o0wYIS~y$S+0t4%+1dX8
zL7W_xK6efQ08C>b01*Fggx|6_VEs3=je&)&vWbno^>3*Em4kx)=PaP#HTbtY0R;Tr
F{vTaTPH6xD

literal 0
HcmV?d00001

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index e06e3688ad1..5250bfcff4e 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -127,7 +127,7 @@
                 "name": "workbook1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Tailscale Operations workbook for Standard tier - device inventory, user roles, auth keys, DNS configuration, audit activity, and tailnet health overview."
+                  "text": "Tailscale Operations workbook for Standard tier. Nine tabs covering an at-a-glance KPI hero row, audit activity overview, an actor + device drilldown (Investigate), embedded hunting queries (first-seen actors, off-hours changes, key-expiry-disabled devices, never-expire auth keys, outdated clients, dormant devices, subnet route exposure, SSH-enabled devices), identity (user roles, status, last login recency, role escalation history, orphaned users), devices (OS / version / tag distribution, devices needing attention, full inventory, subnet routers), credentials (expiry timeline, never-expire flag, CRUD events), admin audit (action heatmap, actor x action heatmap, recent 100), network and DNS (current snapshot, tailnet policy gates, ACL change history), and pipeline health (per-table freshness, ingest rate, operational events). Driven by data polled from the Tailscale REST API."
                 }
               }
             ]
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 515946da2f7..5bcdc249d94 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -63,11 +63,11 @@
     "email": "ccfconnectors.county118@passmail.com",
     "_email": "[variables('email')]",
     "_solutionName": "Tailscale (CCF)",
-    "_solutionVersion": "3.0.4",
+    "_solutionVersion": "3.0.5",
     "solutionId": "noodlemctwoodle.azure-sentinel-solution-tailscale-ccf",
     "_solutionId": "[variables('solutionId')]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-    "dataConnectorCCPVersion": "3.0.4",
+    "dataConnectorCCPVersion": "3.0.5",
     "_dataConnectorContentIdConnectorDefinition1": "TailscaleCCF",
     "dataConnectorTemplateNameConnectorDefinition1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition1')))]",
     "_dataConnectorContentIdConnections1": "TailscaleCCFConnections",
@@ -4376,7 +4376,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -4404,10 +4404,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4420,23 +4420,23 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -4492,7 +4492,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -4520,10 +4520,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4535,23 +4535,23 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -4607,7 +4607,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -4635,10 +4635,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4649,23 +4649,23 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -4721,7 +4721,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -4749,10 +4749,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4764,32 +4764,32 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "NodeName"
+                        "columnName": "NodeName",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -4845,7 +4845,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -4873,10 +4873,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4888,23 +4888,23 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -4960,7 +4960,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDeviceKeyExpiringSoon_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleDeviceKeyExpiringSoon_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
@@ -4988,10 +4988,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5002,32 +5002,32 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -5083,7 +5083,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDeviceAdvertisingSubnetRoutes_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleDeviceAdvertisingSubnetRoutes_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
@@ -5111,10 +5111,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5127,32 +5127,32 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -5208,7 +5208,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleUserRoleElevated_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleUserRoleElevated_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
@@ -5236,10 +5236,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Users_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5252,23 +5252,23 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "LoginName"
+                        "columnName": "LoginName",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -5324,7 +5324,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleSplitDnsModified_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleSplitDnsModified_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
@@ -5352,10 +5352,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5368,23 +5368,23 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -5440,7 +5440,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDnsNameserversModified_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleDnsNameserversModified_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
@@ -5468,10 +5468,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5484,23 +5484,23 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -5556,7 +5556,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleMagicDnsDisabled_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleMagicDnsDisabled_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]",
@@ -5584,10 +5584,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5598,23 +5598,23 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -5670,7 +5670,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleTailnetLockValidationFailed_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleTailnetLockValidationFailed_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject12').analyticRuleVersion12]",
@@ -5698,10 +5698,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5714,32 +5714,32 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -5795,7 +5795,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDeviceSshNewlyEnabled_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleDeviceSshNewlyEnabled_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject13').analyticRuleVersion13]",
@@ -5823,10 +5823,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5839,32 +5839,32 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -5920,7 +5920,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleUnauthorizedDeviceConnected_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleUnauthorizedDeviceConnected_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject14').analyticRuleVersion14]",
@@ -5948,10 +5948,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5964,32 +5964,32 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -6045,7 +6045,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExternalDeviceAdded_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscaleExternalDeviceAdded_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject15').analyticRuleVersion15]",
@@ -6073,10 +6073,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6087,32 +6087,32 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "Hostname"
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -6168,7 +6168,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumUnexpectedExitNodeEgress_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscalePremiumUnexpectedExitNodeEgress_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject16').analyticRuleVersion16]",
@@ -6196,10 +6196,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6212,32 +6212,32 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -6293,7 +6293,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumLargeOutboundTransfer_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscalePremiumLargeOutboundTransfer_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject17').analyticRuleVersion17]",
@@ -6321,10 +6321,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6337,32 +6337,32 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -6418,7 +6418,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject18').analyticRuleVersion18]",
@@ -6446,10 +6446,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6463,23 +6463,23 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -6535,7 +6535,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject19').analyticRuleVersion19]",
@@ -6563,10 +6563,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6580,32 +6580,32 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "Src"
+                        "columnName": "Src",
+                        "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "5h",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -6661,7 +6661,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject20').analyticRuleVersion20]",
@@ -6689,10 +6689,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6705,23 +6705,23 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SrcNodeName"
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -6777,7 +6777,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumPostureIntegrationDisabled_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscalePremiumPostureIntegrationDisabled_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject21').analyticRuleVersion21]",
@@ -6805,10 +6805,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6821,23 +6821,23 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -6893,7 +6893,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumNewPostureIntegration_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "TailscalePremiumNewPostureIntegration_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject22').analyticRuleVersion22]",
@@ -6921,10 +6921,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6935,23 +6935,23 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "ActorLogin"
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
                     "enabled": true,
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
+                    "lookbackDuration": "1d",
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "groupByEntities": []
                   }
                 }
               }
@@ -7007,7 +7007,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -7092,7 +7092,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
@@ -7177,7 +7177,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
@@ -7262,7 +7262,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
@@ -7347,7 +7347,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDormantDevices_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscaleDormantDevices_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
@@ -7432,7 +7432,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthKeysNoExpiry_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscaleAuthKeysNoExpiry_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
@@ -7517,7 +7517,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOrphanedUsers_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscaleOrphanedUsers_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
@@ -7602,7 +7602,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleSplitDnsPerDomainChanges_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscaleSplitDnsPerDomainChanges_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
@@ -7687,7 +7687,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDevicesWithSshEnabled_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscaleDevicesWithSshEnabled_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
@@ -7772,7 +7772,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExternalDeviceInventory_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscaleExternalDeviceInventory_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
@@ -7857,7 +7857,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOutdatedClients_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscaleOutdatedClients_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject11').huntingQueryVersion11]",
@@ -7942,7 +7942,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleSubnetRouteExposure_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscaleSubnetRouteExposure_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject12').huntingQueryVersion12]",
@@ -8027,7 +8027,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumNewNodePairs_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscalePremiumNewNodePairs_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject13').huntingQueryVersion13]",
@@ -8112,7 +8112,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumTopTalkers_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscalePremiumTopTalkers_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject14').huntingQueryVersion14]",
@@ -8197,7 +8197,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscalePremiumExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject15').huntingQueryVersion15]",
@@ -8282,7 +8282,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscalePremiumBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject16').huntingQueryVersion16]",
@@ -8367,7 +8367,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumPostureInventory_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "TailscalePremiumPostureInventory_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject17').huntingQueryVersion17]",
@@ -8452,7 +8452,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleStandardOperations Workbook with template version 3.0.4",
+        "description": "TailscaleStandardOperations Workbook with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -8466,11 +8466,11 @@
               "kind": "shared",
               "apiVersion": "2021-08-01",
               "metadata": {
-                "description": "Tailscale Operations workbook for Standard tier - device inventory, user roles, auth keys, DNS configuration, audit activity, and tailnet health overview."
+                "description": "Tailscale Operations workbook for Standard tier. Nine tabs covering an at-a-glance KPI hero row, audit activity overview, an actor + device drilldown (Investigate), embedded hunting queries (first-seen actors, off-hours changes, key-expiry-disabled devices, never-expire auth keys, outdated clients, dormant devices, subnet route exposure, SSH-enabled devices), identity (user roles, status, last login recency, role escalation history, orphaned users), devices (OS / version / tag distribution, devices needing attention, full inventory, subnet routers), credentials (expiry timeline, never-expire flag, CRUD events), admin audit (action heatmap, actor x action heatmap, recent 100), network and DNS (current snapshot, tailnet policy gates, ACL change history), and pipeline health (per-table freshness, ingest rate, operational events). Driven by data polled from the Tailscale REST API."
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"97a71946-815e-4519-a889-a10d455eafd6\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\\\"><svg width=\\\"40\\\" height=\\\"40\\\" style=\\\"margin-right:14px;flex-shrink:0;fill:#3b82f6\\\" xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><path d=\\\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\\\"/><path d=\\\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\\\" opacity=\\\".2\\\"/><path d=\\\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\" opacity=\\\".2\\\"/></svg><div><div style=\\\"font-size:22px;font-weight:600;letter-spacing:-0.5px\\\">Tailscale Standard (CCF)</div><div style=\\\"font-size:13px;color:#94a3b8;margin-top:2px\\\">Comprehensive visibility into a Tailscale tailnet on Personal (Free) and Standard tiers. Audit events, device inventory, users, credentials, DNS and tailnet settings polled from the Tailscale API. Scope every panel with the time range below.</div></div></div>\"},\"name\":\"header\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"9505e7fb-6622-4014-8686-14f8432cf042\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"1a6c8fea-a005-4fc4-a09a-4e99bb459744\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Devices\",\"subTarget\":\"devices\",\"style\":\"link\"},{\"id\":\"9b499cf5-007a-4e78-a541-94edbd5963ed\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Users & Identity\",\"subTarget\":\"users\",\"style\":\"link\"},{\"id\":\"29accdba-1ce7-4b56-a054-fa69eced7886\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Credentials\",\"subTarget\":\"credentials\",\"style\":\"link\"},{\"id\":\"10a5ef86-e291-4ec9-804b-1d95a35b82a3\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"DNS & Tailnet\",\"subTarget\":\"dns\",\"style\":\"link\"},{\"id\":\"b75f9e0e-7135-4ec7-8d82-13505b3f1f31\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Webhooks\",\"subTarget\":\"webhooks\",\"style\":\"link\"},{\"id\":\"77485d43-6f26-4ad6-afce-e76e4710820f\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Audit Activity\",\"subTarget\":\"audit\",\"style\":\"link\"},{\"id\":\"99788080-b885-4220-9190-ca3546528cfe\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">At a glance</div>\"},\"name\":\"div-at-a-glance-a23e75\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union (Tailscale_Devices_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by DeviceId | summarize V=toreal(count())                              | extend Metric=\\\"Devices\\\",            Order=1),(Tailscale_Users_CL   | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by UserId   | summarize V=toreal(count())                              | extend Metric=\\\"Users\\\",              Order=2),(Tailscale_Keys_CL    | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by KeyId    | summarize V=toreal(countif(isnull(Revoked)))              | extend Metric=\\\"Active keys\\\",        Order=3),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange}                                                   | summarize V=toreal(count())                              | extend Metric=\\\"Audit events\\\",       Order=4),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange} | where tostring(Target.property) == \\\"ACL\\\" or tostring(Target.property) == \\\"DNS_SPLIT_DNS\\\" or tostring(Target.property) == \\\"DNS_NAMESERVERS\\\" or tostring(Target.property) == \\\"MAGICDNS_PREFERENCES\\\" | summarize V=toreal(count()) | extend Metric=\\\"DNS / ACL changes\\\", Order=5)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-97c91b94\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity over time</div>\"},\"name\":\"div-activity-over-time-cad2b2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events by action\",\"visualization\":\"timechart\"},\"name\":\"q-b6555f0f\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top actors</div>\"},\"name\":\"div-top-actors-8776bb\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Top 10 actors\",\"visualization\":\"table\"},\"name\":\"q-91e46bcd\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by TargetType = tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Activity by target type\",\"visualization\":\"table\"},\"name\":\"q-226763e3\",\"customWidth\":\"50\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"group-overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory snapshot</div>\"},\"name\":\"div-device-inventory-snapshot-9aebf5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nunion (base                                                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Total devices\\\",       Order=1),(base | where Authorized == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"Authorized\\\",          Order=2),(base | where IsExternal == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"External (shared)\\\",   Order=3),(base | where KeyExpiryDisabled == true                               | summarize V=toreal(count())                                      | extend Metric=\\\"Key expiry disabled\\\", Order=4),(base | where UpdateAvailable == true                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Update available\\\",    Order=5),(base | where array_length(AdvertisedRoutes) > 0                      | summarize V=toreal(count())                                      | extend Metric=\\\"Subnet routers\\\",      Order=6),(base | where LastSeen < ago(30d)                                     | summarize V=toreal(count())                                      | extend Metric=\\\"Stale (30+ days)\\\",    Order=7)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-2c8bcfb1\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-c08880\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by Os\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by OS\",\"visualization\":\"piechart\"},\"name\":\"q-8435df72\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by ClientVersion\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by client version\",\"visualization\":\"barchart\"},\"name\":\"q-95a9414c\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| mv-expand Tag = Tags to typeof(string)\\n| summarize Devices = dcount(DeviceId) by Tag = iff(isempty(Tag), \\\"(untagged)\\\", Tag)\\n| order by Devices desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by tag\",\"visualization\":\"piechart\"},\"name\":\"q-7e72903f\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory table</div>\"},\"name\":\"div-device-inventory-table-d1a89d\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| extend DaysToExpiry = iff(KeyExpiryDisabled == true, int(null), datetime_diff('day', Expires, now()))\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, LastSeen, DaysSinceSeen, DaysToExpiry, KeyExpiryDisabled, Tags, AdvertisedRoutes\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All devices (latest snapshot per device)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysSinceSeen\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":60}},{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":30}},{\"columnMatch\":\"UpdateAvailable\",\"formatter\":11},{\"columnMatch\":\"KeyExpiryDisabled\",\"formatter\":11}]}},\"name\":\"q-d7892cab\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routers and exit nodes</div>\"},\"name\":\"div-subnet-routers-and-exit-nodes-a6fbe2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\\n| project DeviceName, User, Os, AdvertisedRoutes, EnabledRoutes, Tags, LastSeen\\n| order by DeviceName asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices advertising routes (subnet routers / exit nodes)\",\"visualization\":\"table\"},\"name\":\"q-50b65ee3\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"devices\"},\"name\":\"group-devices\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Identity overview</div>\"},\"name\":\"div-identity-overview-9335d8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\\nunion (base                                | summarize V=toreal(count())                                | extend Metric=\\\"Users\\\",             Order=1),(base | where Status =~ \\\"active\\\"   | summarize V=toreal(count())                                | extend Metric=\\\"Active\\\",            Order=2),(base | where Status =~ \\\"suspended\\\" | summarize V=toreal(count())                               | extend Metric=\\\"Suspended\\\",         Order=3),(base | where CurrentlyConnected == true | summarize V=toreal(count())                           | extend Metric=\\\"Currently connected\\\", Order=4),(base | where DeviceCount == 0       | summarize V=toreal(count())                                | extend Metric=\\\"Zero devices\\\",      Order=5),(base | where Role in (\\\"owner\\\",\\\"admin\\\",\\\"network-admin\\\") | summarize V=toreal(count())          | extend Metric=\\\"Elevated\\\",          Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-fb41aa51\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-4b2298\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Role\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by role\",\"visualization\":\"piechart\"},\"name\":\"q-69fb1d2d\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Status\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by status\",\"visualization\":\"piechart\"},\"name\":\"q-d026cea9\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">User inventory table</div>\"},\"name\":\"div-user-inventory-table-79802d\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| project LoginName, DisplayName, Role, Status, UserType, DeviceCount, CurrentlyConnected, LastSeen, DaysSinceSeen, Created\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All users (latest snapshot per user)\",\"visualization\":\"table\"},\"name\":\"q-bd4b15af\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"users\"},\"name\":\"group-users\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory</div>\"},\"name\":\"div-credential-inventory-3dbcc1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId | where isnull(Revoked);\\nunion (base                                                  | summarize V=toreal(count())                  | extend Metric=\\\"Active credentials\\\",    Order=1),(base | where KeyType =~ \\\"auth\\\"                       | summarize V=toreal(count())                  | extend Metric=\\\"Auth keys\\\",             Order=2),(base | where KeyType in~ (\\\"apiAccessToken\\\",\\\"api_access_token\\\",\\\"apikey\\\") | summarize V=toreal(count()) | extend Metric=\\\"API tokens\\\",          Order=3),(base | where KeyType in~ (\\\"oauthClient\\\",\\\"oauth_client\\\")                  | summarize V=toreal(count()) | extend Metric=\\\"OAuth clients\\\",       Order=4),(base | where isnull(Expires)                          | summarize V=toreal(count())                  | extend Metric=\\\"No expiry\\\",             Order=5),(base | where isnotnull(Expires) and Expires < now()+7d | summarize V=toreal(count())                 | extend Metric=\\\"Expiring within 7 days\\\", Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-7f141013\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credentials by type</div>\"},\"name\":\"div-credentials-by-type-20d5b3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| summarize Count = count() by KeyType\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by type\",\"visualization\":\"piechart\"},\"name\":\"q-dfb3fbc4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked) and isnotnull(Expires)\\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\\n| extend Bucket = case(DaysToExpiry < 0, '0 expired', DaysToExpiry < 7, '1 within 7d', DaysToExpiry < 30, '2 within 30d', DaysToExpiry < 90, '3 within 90d', '4 over 90d')\\n| summarize Keys = count() by Bucket\\n| order by Bucket asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by expiry window\",\"visualization\":\"barchart\"},\"name\":\"q-09938e1d\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory table</div>\"},\"name\":\"div-credential-inventory-table-0ccb53\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| extend DaysToExpiry = iff(isnull(Expires), int(null), datetime_diff('day', Expires, now()))\\n| project KeyId, KeyType, Description, Created, Expires, DaysToExpiry, Revoked, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All credentials (latest snapshot per ID)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":90}}]}},\"name\":\"q-0660a92f\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit log: credential lifecycle</div>\"},\"name\":\"div-audit-log:-credential-lifecycl-25cd5f\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, TargetType = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Create / update / delete events on credentials\",\"visualization\":\"table\"},\"name\":\"q-667d6168\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"credentials\"},\"name\":\"group-credentials\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Current DNS state</div>\"},\"name\":\"div-current-dns-state-b054f9\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Dns_CL\\n| summarize arg_max(TimeGenerated, *) by ConfigType\\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastUpdated = TimeGenerated\\n| order by ConfigType asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"DNS configuration snapshot (latest per config type)\",\"visualization\":\"table\"},\"name\":\"q-b72ff334\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet settings snapshot</div>\"},\"name\":\"div-tailnet-settings-snapshot-a457cb\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| top 1 by TimeGenerated\\n| project\\n    ['Snapshot at'] = TimeGenerated,\\n    ['Device approval required'] = iff(DevicesApprovalOn == true, 'On', 'Off'),\\n    ['Device auto-updates'] = iff(DevicesAutoUpdatesOn == true, 'On', 'Off'),\\n    ['Device key duration (days)'] = DevicesKeyDurationDays,\\n    ['User approval required'] = iff(UsersApprovalOn == true, 'On', 'Off'),\\n    ['Users allowed to join external tailnets'] = UsersRoleAllowedToJoinExternalTailnets,\\n    ['Regional routing'] = iff(RegionalRoutingOn == true, 'On', 'Off')\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Current tailnet settings\",\"visualization\":\"table\"},\"name\":\"q-99cf0545\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS / ACL / Settings change history</div>\"},\"name\":\"div-dns-/-acl-/-settings-change-hi-b18656\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\"\\n| extend Property = tostring(Target.property), ActorLogin = tostring(Actor.loginName)\\n| where Property in (\\\"ACL\\\", \\\"DNS_NAMESERVERS\\\", \\\"DNS_SPLIT_DNS\\\", \\\"DNS_SEARCHPATHS\\\", \\\"MAGICDNS_PREFERENCES\\\", \\\"SETTINGS\\\", \\\"TAILNET_SETTINGS\\\")\\n| project TimeGenerated, ActorLogin, Property, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Tailnet configuration changes\",\"visualization\":\"table\"},\"name\":\"q-47218d2a\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"dns\"},\"name\":\"group-dns\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook inventory</div>\"},\"name\":\"div-webhook-inventory-ca6406\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Webhooks_CL\\n| summarize arg_max(TimeGenerated, *) by EndpointId\\n| project EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All webhooks (latest snapshot per endpoint)\",\"visualization\":\"table\"},\"name\":\"q-d2585638\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook change history (from audit log)</div>\"},\"name\":\"div-webhook-change-history-(from-a-040d0e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"WEBHOOK\\\" or tostring(Target.property) =~ \\\"WEBHOOK\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Target, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Webhook create / update / delete events\",\"visualization\":\"table\"},\"name\":\"q-303ec591\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"webhooks\"},\"name\":\"group-webhooks\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit volume</div>\"},\"name\":\"div-audit-volume-2dac6c\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h)\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events per hour\",\"visualization\":\"timechart\"},\"name\":\"q-6831105c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor and action distribution</div>\"},\"name\":\"div-actor-and-action-distribution-e6ef51\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Actor / Action / Target heatmap\",\"visualization\":\"table\"},\"name\":\"q-2d0d578e\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent activity</div>\"},\"name\":\"div-recent-activity-a8f996\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type), Property = tostring(Target.property)\\n| project TimeGenerated, ActorLogin, Action, TargetType, Property, TargetId = tostring(Target.id), Origin\\n| order by TimeGenerated desc\\n| take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent 100 audit events\",\"visualization\":\"table\"},\"name\":\"q-03fb31a7\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"audit\"},\"name\":\"group-audit\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailscale-related alerts</div>\"},\"name\":\"div-tailscale-related-alerts-a0f1ca\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Alerts by rule\",\"visualization\":\"table\"},\"name\":\"q-ffba1ab4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Severity distribution\",\"visualization\":\"table\"},\"name\":\"q-bf9342b0\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent Tailscale alerts</div>\"},\"name\":\"div-recent-tailscale-alerts-45f843\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent Tailscale alerts\",\"visualization\":\"table\"},\"name\":\"q-dfb44602\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"group-signals\"},{\"type\":1,\"content\":{\"json\":\"---\\n\\n**Tailscale Standard (CCF)** | Polled from the Tailscale Site Manager API every 5 minutes (audit) / hourly (state). For Premium / Enterprise tier tailnets that need network flow logs and posture telemetry, install **Tailscale Premium (CCF)** instead.\"},\"name\":\"footer\"}],\"fromTemplateId\":\"sentinel-TailscaleStandardOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"7b05a598-5120-43f4-bf5d-576c2a7ff28d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\\\"><svg width=\\\"40\\\" height=\\\"40\\\" style=\\\"margin-right:14px;flex-shrink:0;fill:#3b82f6\\\" xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><path d=\\\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\\\"/><path d=\\\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\\\" opacity=\\\".2\\\"/><path d=\\\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\" opacity=\\\".2\\\"/></svg><div><div style=\\\"font-size:22px;font-weight:600;letter-spacing:-0.5px\\\">Tailscale Operations (Standard)</div><div style=\\\"font-size:13px;color:#94a3b8;margin-top:2px\\\">Single-pane visibility into your Tailscale tailnet on Personal (Free), Starter and Standard tiers: who, what, when, where, and what changed. Scope every panel with the time range below; the Investigate tab adds Actor and Device pickers for drilldown. Premium-tier panels (network flow logs, posture integrations) live in the separate <strong>Tailscale Operations (Premium)</strong> workbook.</div></div></div>\"},\"name\":\"header\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet at a glance</div>\"},\"name\":\"div-tailnet-at-a-glance-04e62b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DEV = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nlet USR = Tailscale_Users_CL   | summarize arg_max(TimeGenerated, *) by UserId;\\nlet KEY = Tailscale_Keys_CL    | summarize arg_max(TimeGenerated, *) by KeyId;\\nunion\\n  (DEV | summarize V=toreal(count())                                            | extend Metric=\\\"Devices\\\",         Order=1),\\n  (DEV | where Authorized == true                                               | summarize V=toreal(count()) | extend Metric=\\\"Authorized\\\",      Order=2),\\n  (DEV | where UpdateAvailable == true                                          | summarize V=toreal(count()) | extend Metric=\\\"Updates Available\\\", Order=3),\\n  (DEV | where SshEnabled == true                                               | summarize V=toreal(count()) | extend Metric=\\\"SSH-Enabled\\\",     Order=4),\\n  (USR | summarize V=toreal(count())                                            | extend Metric=\\\"Users\\\",           Order=5),\\n  (USR | where Role =~ \\\"admin\\\" or Role =~ \\\"owner\\\" or Role =~ \\\"network-admin\\\"    | summarize V=toreal(count()) | extend Metric=\\\"Admins\\\",          Order=6),\\n  (KEY | where isnull(Revoked) and (isnull(Expires) or Expires > now())         | summarize V=toreal(count()) | extend Metric=\\\"Active Keys\\\",     Order=7),\\n  (Tailscale_Audit_CL | where TimeGenerated {TimeRange} | summarize V=toreal(count()) | extend Metric=\\\"Audit Events ({TimeRange:label})\\\", Order=8)\\n| order by Order asc | project Metric, Value=V\",\"size\":3,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-4e9d7cff\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"9794e9fd-916b-494d-8e72-af63d2f4c6c7\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"71cf49db-33c5-4d4b-920a-2ec0c6a258dc\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Investigate\",\"subTarget\":\"investigate\",\"style\":\"link\"},{\"id\":\"5c56bb37-2053-47a0-b6fd-9539768c144d\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Hunts\",\"subTarget\":\"hunts\",\"style\":\"link\"},{\"id\":\"d2004ded-07f8-446a-a720-f0a63d1d9dda\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity\",\"subTarget\":\"identity\",\"style\":\"link\"},{\"id\":\"f23b3e14-1511-4a29-bf5e-bd65e55dbb40\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Devices\",\"subTarget\":\"devices\",\"style\":\"link\"},{\"id\":\"724f8352-e21b-45a6-9029-39dc92693c05\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Credentials\",\"subTarget\":\"credentials\",\"style\":\"link\"},{\"id\":\"8400ec64-e118-44e0-ae29-84afe94b8e0e\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Admin Audit\",\"subTarget\":\"audit\",\"style\":\"link\"},{\"id\":\"b7e04861-edfa-4426-b6be-f1481ca569b6\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network & DNS\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"cfbc96e4-8585-4d89-8f65-8344c8cc6eb2\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Pipeline Health\",\"subTarget\":\"pipeline\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit activity over time</div>\"},\"name\":\"div-audit-activity-over--546688\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Audit events by action\",\"noDataMessage\":\"No audit events in the selected window. Widen the time range; remember the Tailscale audit poll runs every ~30 min.\",\"noDataMessageStyle\":5},\"name\":\"q-effcd498\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Who's doing what</div>\"},\"name\":\"div-who's-doing-what-52144e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Actor=tostring(coalesce(Actor.loginName, Actor.displayName, Actor.type))\\n| where isnotempty(Actor)\\n| summarize Events=count(), DistinctActions=dcount(Action), LastSeen=max(TimeGenerated) by Actor\\n| order by Events desc | take 15\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Top actors (by event count)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Events\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"LastSeen\",\"formatter\":6}]}},\"name\":\"q-34c77fa9\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend TargetType=tostring(Target.type)\\n| where isnotempty(TargetType)\\n| summarize Events=count() by TargetType\\n| order by Events desc | take 15\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Activity by target type\"},\"name\":\"q-4b3b709d\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent admin events</div>\"},\"name\":\"div-recent-admin-events-87c9e0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Actor=tostring(coalesce(Actor.loginName, Actor.displayName, Actor.type))\\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\\n| project TimeGenerated, Action, Actor, TargetType, TargetName, Origin\\n| order by TimeGenerated desc | take 30\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Most recent 30 audit events\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]}},\"name\":\"q-5e7d6306\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"group-overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b83a25c1-da18-49a2-a444-6517f13d891c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"SelectedActor\",\"label\":\"Actor\",\"type\":2,\"isRequired\":false,\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where isnotempty(ActorLogin)\\n| summarize Events=count() by ActorLogin\\n| order by Events desc | take 50\\n| project value=ActorLogin, label=strcat(ActorLogin, \\\" (\\\", Events, \\\")\\\")\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":\"value::all\"},{\"id\":\"a9cf7907-f201-4725-a072-a8bd34bef74e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"SelectedDevice\",\"label\":\"Device\",\"type\":2,\"isRequired\":false,\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| order by LastSeen desc | take 100\\n| project value=DeviceName, label=strcat(coalesce(DeviceName, Hostname), \\\" (\\\", User, \\\")\\\")\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":\"value::all\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"investigate-pickers\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor activity timeline</div>\"},\"name\":\"div-actor-activity-timel-5ec305\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where \\\"{SelectedActor}\\\" == \\\"value::all\\\" or ActorLogin == \\\"{SelectedActor}\\\"\\n| summarize Events=count() by bin(TimeGenerated, 1h), Action\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Actions over time for selected actor (or all actors)\",\"noDataMessage\":\"Select an actor from the Actor dropdown above, or leave on 'All' to see total activity.\",\"noDataMessageStyle\":5},\"name\":\"q-32d40848\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where \\\"{SelectedActor}\\\" == \\\"value::all\\\" or ActorLogin == \\\"{SelectedActor}\\\"\\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\\n| project TimeGenerated, ActorLogin, Action, TargetType, TargetName, Origin\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Events from selected actor\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No events for this actor in the selected window.\",\"noDataMessageStyle\":5},\"name\":\"q-a742f6fd\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Selected device timeline</div>\"},\"name\":\"div-selected-device-time-00bead\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| where \\\"{SelectedDevice}\\\" == \\\"value::all\\\" or DeviceName == \\\"{SelectedDevice}\\\"\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| extend OnlineNow = ClientConnectivity.endpoints != \\\"\\\" or ConnectedToControl == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, Expires, KeyExpiryDisabled, OnlineNow, Addresses, Tags, AdvertisedRoutes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Device summary\",\"noDataMessage\":\"Select a device from the Device dropdown above. Defaults to 'All'.\",\"noDataMessageStyle\":5},\"name\":\"q-11094dc8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend TargetType=tostring(Target.type), TargetName=tostring(Target.name), TargetId=tostring(Target.id)\\n| where (\\\"{SelectedDevice}\\\" == \\\"value::all\\\" and TargetType == \\\"NODE\\\") or TargetName == \\\"{SelectedDevice}\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| project TimeGenerated, Action, ActorLogin, TargetName, TargetId, Origin\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Audit events touching this device\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No audit events recorded against the selected device in this window. Tailscale tags device events with Target.type=NODE; the audit feed only emits NODE events on create/update/delete, so quiet devices stay quiet here.\",\"noDataMessageStyle\":5},\"name\":\"q-ead106ce\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"investigate\"},\"name\":\"group-investigate\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">First-seen actors in the last 24h</div>\"},\"name\":\"div-first-seen-actors-in-ce38d9\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let recent = Tailscale_Audit_CL | where TimeGenerated > ago(24h) | extend A=tostring(coalesce(Actor.loginName, Actor.displayName)) | summarize FirstSeen24h=min(TimeGenerated), Events=count() by A;\\nlet historical = Tailscale_Audit_CL | where TimeGenerated between(ago(30d) .. ago(24h)) | extend A=tostring(coalesce(Actor.loginName, Actor.displayName)) | distinct A;\\nrecent | join kind=leftanti historical on A | where isnotempty(A) | project FirstSeen24h, Actor=A, Events | order by Events desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Actors who have NEVER appeared before (30d baseline)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"FirstSeen24h\",\"formatter\":6},{\"columnMatch\":\"Events\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}}]},\"noDataMessage\":\"Every actor seen in the last 24h has appeared at least once in the prior 30d. Healthy state.\",\"noDataMessageStyle\":5},\"name\":\"q-9ba7b85e\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Off-hours configuration changes</div>\"},\"name\":\"div-off-hours-configurat-3c3787\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Hour=hourofday(TimeGenerated), DayOfWeek=dayofweek(TimeGenerated)/1d\\n| where Hour < 7 or Hour > 19 or DayOfWeek in (0, 6)\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetType=tostring(Target.type)\\n| where Action !in (\\\"LOGIN\\\", \\\"LOGOUT\\\")\\n| project TimeGenerated, ActorLogin, Action, TargetType, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Admin actions outside 07:00-19:00 weekdays\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No off-hours admin changes recorded - healthy state for an organisation working business hours.\",\"noDataMessageStyle\":5},\"name\":\"q-721ee490\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices with key expiry disabled</div>\"},\"name\":\"div-devices-with-key-exp-dfe9c1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where KeyExpiryDisabled == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, Tags\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices that will never re-authenticate (high-risk drift)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No devices have key expiry disabled - good. Disabling key expiry creates devices that never re-auth, drifting from policy.\",\"noDataMessageStyle\":5},\"name\":\"q-8a8e2fb5\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Auth keys with no expiry</div>\"},\"name\":\"div-auth-keys-with-no-ex-b11207\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked) and (isnull(Expires) or ExpirySeconds == 0)\\n| project KeyId, Description, UserId, KeyType, Created, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Active keys that never expire\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6}]},\"noDataMessage\":\"No never-expiring auth keys - rotation hygiene is good.\",\"noDataMessageStyle\":5},\"name\":\"q-1372740c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices running outdated clients</div>\"},\"name\":\"div-devices-running-outd-bcd077\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where UpdateAvailable == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Tags\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices flagged update-available by Tailscale\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"All devices on current client - nothing to patch.\",\"noDataMessageStyle\":5},\"name\":\"q-ecebf1f7\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Dormant devices (LastSeen > 30 days)</div>\"},\"name\":\"div-dormant-devices-(las-761156\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where LastSeen < ago(30d)\\n| extend DaysIdle = toint((now() - LastSeen) / 1d)\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, DaysIdle, Authorized, Tags\\n| order by DaysIdle desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices idle 30+ days - candidates for retirement\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"DaysIdle\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}}]},\"noDataMessage\":\"No devices idle 30+ days - inventory is fresh.\",\"noDataMessageStyle\":5},\"name\":\"q-fb6c1fcc\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet route exposure</div>\"},\"name\":\"div-subnet-route-exposur-289c42\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\\n| extend Routes = tostring(EnabledRoutes), Advertised = tostring(AdvertisedRoutes)\\n| project DeviceName, Hostname, User, Os, Advertised, Routes, LastSeen, SshEnabled, Authorized\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices advertising or running subnet routes / exit-node duty\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No devices advertising subnet routes. Pure mesh topology.\",\"noDataMessageStyle\":5},\"name\":\"q-9533b081\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices with SSH enabled</div>\"},\"name\":\"div-devices-with-ssh-ena-285238\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where SshEnabled == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, Tags\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices with Tailscale SSH enabled (Tailscale-managed remote-shell access)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No devices have Tailscale SSH enabled - no SSH-via-Tailscale risk surface.\",\"noDataMessageStyle\":5},\"name\":\"q-735368fb\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"hunts\"},\"name\":\"group-hunts\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">User inventory snapshot</div>\"},\"name\":\"div-user-inventory-snaps-9dc96c\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let U = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\\nunion\\n  (U | summarize V=toreal(count())                                                | extend Metric=\\\"Total users\\\",        Order=1),\\n  (U | where Role in~ (\\\"admin\\\",\\\"owner\\\",\\\"network-admin\\\",\\\"it-admin\\\",\\\"billing-admin\\\") | summarize V=toreal(count()) | extend Metric=\\\"Admin-tier users\\\",  Order=2),\\n  (U | where Status =~ \\\"active\\\"                                                   | summarize V=toreal(count()) | extend Metric=\\\"Active\\\",            Order=3),\\n  (U | where CurrentlyConnected == true                                           | summarize V=toreal(count()) | extend Metric=\\\"Connected now\\\",     Order=4),\\n  (U | where Status =~ \\\"idle\\\" or LastSeen < ago(30d)                              | summarize V=toreal(count()) | extend Metric=\\\"Idle / dormant\\\",    Order=5),\\n  (U | where UserType =~ \\\"shared\\\"                                                 | summarize V=toreal(count()) | extend Metric=\\\"Shared (external)\\\", Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-5689d9e8\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-de67ec\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Count=count() by Role\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Users by role\"},\"name\":\"q-0c47912a\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Count=count() by Status\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Users by status\"},\"name\":\"q-e8c20a69\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Count=count() by UserType\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Users by type (member / shared)\"},\"name\":\"q-2c51776d\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity heatmap</div>\"},\"name\":\"div-activity-heatmap-ca6a21\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| extend DaysSinceLogin = toint((now() - LastSeen) / 1d)\\n| extend Bucket = case(\\n    DaysSinceLogin < 1, \\\"Today\\\",\\n    DaysSinceLogin < 7, \\\"This week\\\",\\n    DaysSinceLogin < 30, \\\"This month\\\",\\n    DaysSinceLogin < 90, \\\"Past quarter\\\",\\n    \\\"90+ days\\\")\\n| summarize Users=count() by Bucket\\n| order by case(Bucket==\\\"Today\\\",1, Bucket==\\\"This week\\\",2, Bucket==\\\"This month\\\",3, Bucket==\\\"Past quarter\\\",4, 5) asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Users by recency of last login\"},\"name\":\"q-350e118d\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Full user list</div>\"},\"name\":\"div-full-user-list-136aac\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| project DisplayName, LoginName, Role, Status, UserType, DeviceCount, CurrentlyConnected, Created, LastSeen\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"All users (latest snapshot per user ID)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6},{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"Role\",\"formatter\":11},{\"columnMatch\":\"Status\",\"formatter\":11},{\"columnMatch\":\"DeviceCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"name\":\"q-cee23d3c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Orphaned users (active but no devices)</div>\"},\"name\":\"div-orphaned-users-(acti-56d6f8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| where Status =~ \\\"active\\\" and DeviceCount == 0\\n| project DisplayName, LoginName, Role, UserType, Created, LastSeen\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Active accounts with zero devices - candidates for offboarding review\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6},{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"Every active account has at least one device - good hygiene.\",\"noDataMessageStyle\":5},\"name\":\"q-83fcd942\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Role escalation history</div>\"},\"name\":\"div-role-escalation-hist-bd8df4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"USER_ROLE_UPDATE\\\" or Action == \\\"USER_ROLES_ASSIGNED\\\" or Action contains \\\"ROLE\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetName=tostring(coalesce(Target.name, Target.id))\\n| extend FromRole=tostring(Old.role), ToRole=tostring(New.role)\\n| project TimeGenerated, ActorLogin, Action, TargetName, FromRole, ToRole, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent role changes\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"ToRole\",\"formatter\":11}]},\"noDataMessage\":\"No role changes in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-f6c8358a\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"identity\"},\"name\":\"group-identity\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device fleet snapshot</div>\"},\"name\":\"div-device-fleet-snapsho-939675\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let D = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nunion\\n  (D | summarize V=toreal(count())                              | extend Metric=\\\"Total devices\\\",       Order=1),\\n  (D | where Authorized == true                                 | summarize V=toreal(count()) | extend Metric=\\\"Authorized\\\",          Order=2),\\n  (D | where IsExternal == true                                 | summarize V=toreal(count()) | extend Metric=\\\"External (shared)\\\",   Order=3),\\n  (D | where UpdateAvailable == true                            | summarize V=toreal(count()) | extend Metric=\\\"Updates available\\\",   Order=4),\\n  (D | where SshEnabled == true                                 | summarize V=toreal(count()) | extend Metric=\\\"SSH-enabled\\\",         Order=5),\\n  (D | where KeyExpiryDisabled == true                          | summarize V=toreal(count()) | extend Metric=\\\"No key expiry\\\",       Order=6),\\n  (D | where array_length(AdvertisedRoutes) > 0                 | summarize V=toreal(count()) | extend Metric=\\\"Subnet/exit-node\\\",    Order=7),\\n  (D | where LastSeen < ago(30d)                                | summarize V=toreal(count()) | extend Metric=\\\"Stale (30+ days)\\\",    Order=8)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-366964fc\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-396d03\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count=count() by Os\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Devices by OS\"},\"name\":\"q-0c8f5988\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count=count() by ClientVersion\\n| order by Count desc | take 10\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Top 10 client versions\"},\"name\":\"q-af1c45cd\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| mv-expand Tag = Tags to typeof(string)\\n| summarize Devices=dcount(DeviceId) by Tag=iff(isempty(Tag), \\\"(untagged)\\\", Tag)\\n| order by Devices desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Devices by tag\"},\"name\":\"q-c3a0ef5b\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices needing attention</div>\"},\"name\":\"div-devices-needing-atte-f04a47\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where UpdateAvailable == true or KeyExpiryDisabled == true or LastSeen < ago(30d) or Authorized == false\\n| extend Issues = strcat_array(pack_array(\\n    iff(UpdateAvailable == true, \\\"needs-update\\\", \\\"\\\"),\\n    iff(KeyExpiryDisabled == true, \\\"key-never-expires\\\", \\\"\\\"),\\n    iff(LastSeen < ago(30d), \\\"stale\\\", \\\"\\\"),\\n    iff(Authorized == false, \\\"unauthorized\\\", \\\"\\\")), \\\",\\\")\\n| extend Issues = trim(\\\",\\\", trim_start(\\\",\\\", trim_end(\\\",\\\", replace_string(Issues, \\\",,\\\", \\\",\\\"))))\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Issues\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices flagged with one or more issues\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"Issues\",\"formatter\":11}]},\"noDataMessage\":\"No devices need attention - all updated, fresh, authorized, and key-rotating.\",\"noDataMessageStyle\":5},\"name\":\"q-dc5db84c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Full device inventory</div>\"},\"name\":\"div-full-device-inventor-b70642\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, KeyExpiryDisabled, Tags, AdvertisedRoutes\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"All devices (latest snapshot per device ID)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"Os\",\"formatter\":11},{\"columnMatch\":\"ClientVersion\",\"formatter\":11}]}},\"name\":\"q-7f7e7a9a\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routers / exit nodes</div>\"},\"name\":\"div-subnet-routers-/-exi-b082d6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0\\n| extend AdvertisedSummary = tostring(AdvertisedRoutes), EnabledSummary = tostring(EnabledRoutes)\\n| project DeviceName, Hostname, User, Os, AdvertisedSummary, EnabledSummary, LastSeen, Authorized\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices advertising subnet routes or exit-node capability\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No subnet routers in this tailnet - pure mesh topology.\",\"noDataMessageStyle\":5},\"name\":\"q-5004df25\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"devices\"},\"name\":\"group-devices\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credentials snapshot</div>\"},\"name\":\"div-credentials-snapshot-fd464a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let K = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId;\\nunion\\n  (K | summarize V=toreal(count())                                     | extend Metric=\\\"Total keys\\\",          Order=1),\\n  (K | where isnull(Revoked) and (isnull(Expires) or Expires > now())  | summarize V=toreal(count()) | extend Metric=\\\"Active\\\",              Order=2),\\n  (K | where isnotnull(Revoked)                                        | summarize V=toreal(count()) | extend Metric=\\\"Revoked\\\",             Order=3),\\n  (K | where Expires < now() and isnull(Revoked)                       | summarize V=toreal(count()) | extend Metric=\\\"Expired\\\",             Order=4),\\n  (K | where isnull(Revoked) and Expires between(now() .. ago(-7d))    | summarize V=toreal(count()) | extend Metric=\\\"Expiring in 7d\\\",      Order=5),\\n  (K | where isnull(Revoked) and (isnull(Expires) or ExpirySeconds==0) | summarize V=toreal(count()) | extend Metric=\\\"Never expire\\\",        Order=6),\\n  (K | where KeyType =~ \\\"auth\\\"                                         | summarize V=toreal(count()) | extend Metric=\\\"Auth keys\\\",           Order=7),\\n  (K | where KeyType =~ \\\"api\\\" or KeyType contains \\\"oauth\\\"              | summarize V=toreal(count()) | extend Metric=\\\"API / OAuth\\\",         Order=8)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-79398bc0\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-15f665\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| summarize Count=count() by KeyType\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Keys by type\"},\"name\":\"q-23e6618b\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| extend Bucket = case(\\n    isnull(Expires) or ExpirySeconds == 0, \\\"Never\\\",\\n    Expires < now(), \\\"Already expired\\\",\\n    Expires < ago(-1d), \\\"<24h\\\",\\n    Expires < ago(-7d), \\\"1-7d\\\",\\n    Expires < ago(-30d), \\\"8-30d\\\",\\n    Expires < ago(-90d), \\\"31-90d\\\",\\n    \\\"90+d\\\")\\n| summarize Keys=count() by Bucket\\n| order by case(Bucket==\\\"Already expired\\\",1, Bucket==\\\"<24h\\\",2, Bucket==\\\"1-7d\\\",3, Bucket==\\\"8-30d\\\",4, Bucket==\\\"31-90d\\\",5, Bucket==\\\"90+d\\\",6, Bucket==\\\"Never\\\",7, 8) asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Active key expiry distribution\"},\"name\":\"q-7484d1a0\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Active credential register</div>\"},\"name\":\"div-active-credential-re-c27539\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| extend ExpiryStatus = case(\\n    isnull(Expires) or ExpirySeconds == 0, \\\"Never expires\\\",\\n    Expires < now(), \\\"Expired\\\",\\n    Expires < ago(-7d), \\\"Expires in 7d\\\",\\n    Expires < ago(-30d), \\\"Expires in 30d\\\",\\n    \\\"OK\\\")\\n| project KeyId, KeyType, Description, UserId, Created, Expires, ExpiryStatus, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"All active credentials with computed expiry status\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6},{\"columnMatch\":\"Expires\",\"formatter\":6},{\"columnMatch\":\"ExpiryStatus\",\"formatter\":11},{\"columnMatch\":\"KeyType\",\"formatter\":11}]}},\"name\":\"q-4b27a750\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential CRUD events</div>\"},\"name\":\"div-credential-crud-even-e455b0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action contains \\\"API_KEY\\\" or Action contains \\\"AUTH_KEY\\\" or Action contains \\\"OAUTH\\\" or Action contains \\\"KEY_CREATE\\\" or Action contains \\\"KEY_REVOKE\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetId=tostring(Target.id), TargetType=tostring(Target.type)\\n| project TimeGenerated, Action, ActorLogin, TargetType, TargetId, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent credential create / revoke / rotate events\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No credential CRUD activity in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-777693bd\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"credentials\"},\"name\":\"group-credentials\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit volume</div>\"},\"name\":\"div-audit-volume-de29a2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Events=count() by bin(TimeGenerated, 1h)\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Audit events per hour\",\"noDataMessage\":\"No audit events in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-f5eee265\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Action heatmap by hour of day</div>\"},\"name\":\"div-action-heatmap-by-ho-c8bd5e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Hour=hourofday(TimeGenerated)\\n| summarize Events=count() by Hour, Action\\n| order by Hour asc, Events desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"title\":\"When are admin actions happening?\"},\"name\":\"q-c6f45d95\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor / Action heatmap</div>\"},\"name\":\"div-actor-/-action-heatm-d820ba\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where isnotempty(ActorLogin)\\n| summarize Events=count() by ActorLogin, Action\\n| order by Events desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Who is firing which action\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Events\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}]},\"noDataMessage\":\"No audit events in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-06c13b3b\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent activity</div>\"},\"name\":\"div-recent-activity-63b210\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\\n| project TimeGenerated, Action, ActorLogin, TargetType, TargetName, Origin, EventGroupID\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Last 100 audit events\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"Action\",\"formatter\":11}]},\"noDataMessage\":\"No audit events in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-07a25a40\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"audit\"},\"name\":\"group-audit\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS configuration (current state)</div>\"},\"name\":\"div-dns-configuration-(c-5f2e1e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Dns_CL\\n| summarize arg_max(TimeGenerated, *) by ConfigType\\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastSnapshot=TimeGenerated\\n| order by ConfigType asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"MagicDNS, nameservers, search paths\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSnapshot\",\"formatter\":6},{\"columnMatch\":\"ConfigType\",\"formatter\":11}]},\"noDataMessage\":\"No DNS snapshots in the workspace yet. DNS polls runs at ~30 min cadence.\",\"noDataMessageStyle\":5},\"name\":\"q-d6a6a358\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet settings (current)</div>\"},\"name\":\"div-tailnet-settings-(cu-e03b16\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| summarize arg_max(TimeGenerated, *) by TenantId\\n| project DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn, UsersRoleAllowedToJoinExternalTailnets, LastSnapshot=TimeGenerated\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Tailnet policy gates\",\"noDataMessage\":\"No settings snapshot yet.\",\"noDataMessageStyle\":5},\"name\":\"q-0622cfc3\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS change history</div>\"},\"name\":\"div-dns-change-history-9dd376\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend TargetProperty=tostring(Target.property)\\n| where Action contains \\\"DNS\\\" or TargetProperty has_any (\\\"DNS_NAMESERVERS\\\", \\\"DNS_SPLIT_DNS\\\", \\\"MAGICDNS\\\", \\\"DNS_SEARCH_PATHS\\\")\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| project TimeGenerated, ActorLogin, Action, TargetProperty, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent DNS-related admin changes\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No DNS changes in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-a132ff6a\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">ACL policy changes</div>\"},\"name\":\"div-acl-policy-changes-ff0e68\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"ACL_UPDATE\\\" or Action contains \\\"ACL\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| project TimeGenerated, ActorLogin, Action, Origin, EventGroupID\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent ACL / policy file modifications\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No ACL changes in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-94818c53\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routes & exit nodes</div>\"},\"name\":\"div-subnet-routes-and-ex-eef47f\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(EnabledRoutes) > 0\\n| project DeviceName, User, Os, EnabledRoutes=tostring(EnabledRoutes), AdvertisedRoutes=tostring(AdvertisedRoutes), LastSeen\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Routes currently being served from devices\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No subnet routers active in this tailnet.\",\"noDataMessageStyle\":5},\"name\":\"q-61a792cd\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"group-network\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Ingest rate per table</div>\"},\"name\":\"div-ingest-rate-per-tabl-24e5f6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union withsource=Table Tailscale_Audit_CL, Tailscale_Devices_CL, Tailscale_Users_CL, Tailscale_Keys_CL, Tailscale_Dns_CL, Tailscale_Settings_CL\\n| where TimeGenerated > ago(24h)\\n| summarize Rows=count() by Table, bin(TimeGenerated, 1h)\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Rows ingested per Tailscale table per hour (last 24h)\",\"noDataMessage\":\"No Tailscale data ingested in the last 24h - check the connector card under Sentinel Data Connectors.\",\"noDataMessageStyle\":5},\"name\":\"q-c6fd0143\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Last poll time per table</div>\"},\"name\":\"div-last-poll-time-per-t-49b051\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union withsource=Table Tailscale_Audit_CL, Tailscale_Devices_CL, Tailscale_Users_CL, Tailscale_Keys_CL, Tailscale_Dns_CL, Tailscale_Settings_CL\\n| summarize LastRow=max(TimeGenerated), TotalRows=count() by Table\\n| extend MinutesAgo=toint((now() - LastRow) / 1m)\\n| extend Status=case(MinutesAgo < 60, \\\"Fresh\\\", MinutesAgo < 360, \\\"Recent\\\", MinutesAgo < 1440, \\\"Stale\\\", \\\"Very Stale\\\")\\n| project Table, LastRow, MinutesAgo, TotalRows, Status\\n| order by MinutesAgo asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Per-table freshness\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastRow\",\"formatter\":6},{\"columnMatch\":\"MinutesAgo\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"TotalRows\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"Status\",\"formatter\":11}]}},\"name\":\"q-a02e37a8\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Log Analytics operational events</div>\"},\"name\":\"div-log-analytics-operat-630749\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"_LogOperation\\n| where TimeGenerated > ago(24h)\\n| where _ResourceId contains \\\"tailscale\\\" or Detail contains \\\"Tailscale_\\\"\\n| project TimeGenerated, Operation, Level, Detail\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Log Analytics operational events touching Tailscale tables\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"Level\",\"formatter\":11}]},\"noDataMessage\":\"No operational issues recorded in the last 24h.\",\"noDataMessageStyle\":5},\"name\":\"q-b492f150\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"pipeline\"},\"name\":\"group-pipeline\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"margin-top:32px;padding-top:16px;border-top:1px solid #1e293b;color:#64748b;font-size:12px\\\"><strong>Tailscale Operations (Standard) (CCF)</strong> - Microsoft Sentinel content from the Tailscale (CCF) solution, Standard-tier surface. Tables polled from the Tailscale REST API: audit, devices, users, keys, dns, settings. Filter every panel via the time range above; the Investigate tab adds Actor and Device pickers for drilldown. For network flow logs and posture integrations, install the companion <strong>Tailscale Operations (Premium)</strong> workbook on a Premium / Enterprise tailnet.</div>\"},\"name\":\"footer\"}],\"fallbackResourceIds\":[\"Azure Monitor\"],\"fromTemplateId\":\"sentinel-Tailscale-CCF\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -8481,7 +8481,7 @@
               "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
               "properties": {
-                "description": "@{workbookKey=TailscaleStandardOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Standard tier - device inventory, user roles, auth keys, DNS configuration, audit activity, and tailnet health overview.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Standard); templateRelativePath=TailscaleStandardOperations.json; subtitle=; provider=Community; support=; source=; categories=}.description",
+                "description": "@{workbookKey=TailscaleStandardOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Standard tier. Nine tabs covering an at-a-glance KPI hero row, audit activity overview, an actor + device drilldown (Investigate), embedded hunting queries (first-seen actors, off-hours changes, key-expiry-disabled devices, never-expire auth keys, outdated clients, dormant devices, subnet route exposure, SSH-enabled devices), identity (user roles, status, last login recency, role escalation history, orphaned users), devices (OS / version / tag distribution, devices needing attention, full inventory, subnet routers), credentials (expiry timeline, never-expire flag, CRUD events), admin audit (action heatmap, actor x action heatmap, recent 100), network and DNS (current snapshot, tailnet policy gates, ACL change history), and pipeline health (per-table freshness, ingest rate, operational events). Driven by data polled from the Tailscale REST API.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Standard); templateRelativePath=TailscaleStandardOperations.json; subtitle=; provider=Community; support=; source=; categories=}.description",
                 "parentId": "[variables('workbookId1')]",
                 "contentId": "[variables('_workbookContentId1')]",
                 "kind": "Workbook",
@@ -8564,7 +8564,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumOperations Workbook with template version 3.0.4",
+        "description": "TailscalePremiumOperations Workbook with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion2')]",
@@ -8680,7 +8680,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.4",
+        "version": "3.0.5",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Tailscale (CCF)",
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json
index 4604d91f4f9..906a5b57f50 100644
--- a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
@@ -7,7 +7,7 @@
         "version": "KqlParameterItem/1.0",
         "parameters": [
           {
-            "id": "97a71946-815e-4519-a889-a10d455eafd6",
+            "id": "7b05a598-5120-43f4-bf5d-576c2a7ff28d",
             "version": "KqlParameterItem/1.0",
             "name": "TimeRange",
             "type": 4,
@@ -51,10 +51,43 @@
     {
       "type": 1,
       "content": {
-        "json": "<div style=\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\"><svg width=\"40\" height=\"40\" style=\"margin-right:14px;flex-shrink:0;fill:#3b82f6\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 512 512\"><path d=\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\" opacity=\".2\"/><path d=\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\"/><path d=\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\" opacity=\".2\"/><path d=\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\"/><path d=\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\" opacity=\".2\"/><path d=\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\"/><path d=\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\" opacity=\".2\"/></svg><div><div style=\"font-size:22px;font-weight:600;letter-spacing:-0.5px\">Tailscale Standard (CCF)</div><div style=\"font-size:13px;color:#94a3b8;margin-top:2px\">Comprehensive visibility into a Tailscale tailnet on Personal (Free) and Standard tiers. Audit events, device inventory, users, credentials, DNS and tailnet settings polled from the Tailscale API. Scope every panel with the time range below.</div></div></div>"
+        "json": "<div style=\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\"><svg width=\"40\" height=\"40\" style=\"margin-right:14px;flex-shrink:0;fill:#3b82f6\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 512 512\"><path d=\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\" opacity=\".2\"/><path d=\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\"/><path d=\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\" opacity=\".2\"/><path d=\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\"/><path d=\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\" opacity=\".2\"/><path d=\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\"/><path d=\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\" opacity=\".2\"/></svg><div><div style=\"font-size:22px;font-weight:600;letter-spacing:-0.5px\">Tailscale Operations (Standard)</div><div style=\"font-size:13px;color:#94a3b8;margin-top:2px\">Single-pane visibility into your Tailscale tailnet on Personal (Free), Starter and Standard tiers: who, what, when, where, and what changed. Scope every panel with the time range below; the Investigate tab adds Actor and Device pickers for drilldown. Premium-tier panels (network flow logs, posture integrations) live in the separate <strong>Tailscale Operations (Premium)</strong> workbook.</div></div></div>"
       },
       "name": "header"
     },
+    {
+      "type": 1,
+      "content": {
+        "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailnet at a glance</div>"
+      },
+      "name": "div-tailnet-at-a-glance-04e62b"
+    },
+    {
+      "type": 3,
+      "content": {
+        "version": "KqlItem/1.0",
+        "query": "let DEV = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\nlet USR = Tailscale_Users_CL   | summarize arg_max(TimeGenerated, *) by UserId;\nlet KEY = Tailscale_Keys_CL    | summarize arg_max(TimeGenerated, *) by KeyId;\nunion\n  (DEV | summarize V=toreal(count())                                            | extend Metric=\"Devices\",         Order=1),\n  (DEV | where Authorized == true                                               | summarize V=toreal(count()) | extend Metric=\"Authorized\",      Order=2),\n  (DEV | where UpdateAvailable == true                                          | summarize V=toreal(count()) | extend Metric=\"Updates Available\", Order=3),\n  (DEV | where SshEnabled == true                                               | summarize V=toreal(count()) | extend Metric=\"SSH-Enabled\",     Order=4),\n  (USR | summarize V=toreal(count())                                            | extend Metric=\"Users\",           Order=5),\n  (USR | where Role =~ \"admin\" or Role =~ \"owner\" or Role =~ \"network-admin\"    | summarize V=toreal(count()) | extend Metric=\"Admins\",          Order=6),\n  (KEY | where isnull(Revoked) and (isnull(Expires) or Expires > now())         | summarize V=toreal(count()) | extend Metric=\"Active Keys\",     Order=7),\n  (Tailscale_Audit_CL | where TimeGenerated {TimeRange} | summarize V=toreal(count()) | extend Metric=\"Audit Events ({TimeRange:label})\", Order=8)\n| order by Order asc | project Metric, Value=V",
+        "size": 3,
+        "queryType": 0,
+        "resourceType": "microsoft.operationalinsights/workspaces",
+        "visualization": "tiles",
+        "tileSettings": {
+          "titleContent": {
+            "columnMatch": "Metric",
+            "formatter": 1
+          },
+          "leftContent": {
+            "columnMatch": "Value",
+            "formatter": 12,
+            "formatOptions": {
+              "palette": "auto"
+            }
+          },
+          "showBorder": false
+        }
+      },
+      "name": "q-4e9d7cff"
+    },
     {
       "type": 11,
       "content": {
@@ -62,7 +95,7 @@
         "style": "tabs",
         "links": [
           {
-            "id": "9505e7fb-6622-4014-8686-14f8432cf042",
+            "id": "9794e9fd-916b-494d-8e72-af63d2f4c6c7",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
             "linkLabel": "Overview",
@@ -70,59 +103,67 @@
             "style": "link"
           },
           {
-            "id": "1a6c8fea-a005-4fc4-a09a-4e99bb459744",
+            "id": "71cf49db-33c5-4d4b-920a-2ec0c6a258dc",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Devices",
-            "subTarget": "devices",
+            "linkLabel": "Investigate",
+            "subTarget": "investigate",
             "style": "link"
           },
           {
-            "id": "9b499cf5-007a-4e78-a541-94edbd5963ed",
+            "id": "5c56bb37-2053-47a0-b6fd-9539768c144d",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Users & Identity",
-            "subTarget": "users",
+            "linkLabel": "Hunts",
+            "subTarget": "hunts",
             "style": "link"
           },
           {
-            "id": "29accdba-1ce7-4b56-a054-fa69eced7886",
+            "id": "d2004ded-07f8-446a-a720-f0a63d1d9dda",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Credentials",
-            "subTarget": "credentials",
+            "linkLabel": "Identity",
+            "subTarget": "identity",
             "style": "link"
           },
           {
-            "id": "10a5ef86-e291-4ec9-804b-1d95a35b82a3",
+            "id": "f23b3e14-1511-4a29-bf5e-bd65e55dbb40",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "DNS & Tailnet",
-            "subTarget": "dns",
+            "linkLabel": "Devices",
+            "subTarget": "devices",
             "style": "link"
           },
           {
-            "id": "b75f9e0e-7135-4ec7-8d82-13505b3f1f31",
+            "id": "724f8352-e21b-45a6-9029-39dc92693c05",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Webhooks",
-            "subTarget": "webhooks",
+            "linkLabel": "Credentials",
+            "subTarget": "credentials",
             "style": "link"
           },
           {
-            "id": "77485d43-6f26-4ad6-afce-e76e4710820f",
+            "id": "8400ec64-e118-44e0-ae29-84afe94b8e0e",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Audit Activity",
+            "linkLabel": "Admin Audit",
             "subTarget": "audit",
             "style": "link"
           },
           {
-            "id": "99788080-b885-4220-9190-ca3546528cfe",
+            "id": "b7e04861-edfa-4426-b6be-f1481ca569b6",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Security Signals",
-            "subTarget": "signals",
+            "linkLabel": "Network & DNS",
+            "subTarget": "network",
+            "style": "link"
+          },
+          {
+            "id": "cfbc96e4-8585-4d89-8f65-8344c8cc6eb2",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Pipeline Health",
+            "subTarget": "pipeline",
             "style": "link"
           }
         ]
@@ -138,15 +179,552 @@
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">At a glance</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Audit activity over time</div>"
+            },
+            "name": "div-audit-activity-over--546688"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\n| order by TimeGenerated asc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "timechart",
+              "title": "Audit events by action",
+              "noDataMessage": "No audit events in the selected window. Widen the time range; remember the Tailscale audit poll runs every ~30 min.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-effcd498"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Who's doing what</div>"
+            },
+            "name": "div-who's-doing-what-52144e"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend Actor=tostring(coalesce(Actor.loginName, Actor.displayName, Actor.type))\n| where isnotempty(Actor)\n| summarize Events=count(), DistinctActions=dcount(Action), LastSeen=max(TimeGenerated) by Actor\n| order by Events desc | take 15",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Top actors (by event count)",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "Events",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "blue"
+                    }
+                  },
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              }
+            },
+            "name": "q-34c77fa9",
+            "customWidth": "50"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend TargetType=tostring(Target.type)\n| where isnotempty(TargetType)\n| summarize Events=count() by TargetType\n| order by Events desc | take 15",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "piechart",
+              "title": "Activity by target type"
+            },
+            "name": "q-4b3b709d",
+            "customWidth": "50"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Recent admin events</div>"
+            },
+            "name": "div-recent-admin-events-87c9e0"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend Actor=tostring(coalesce(Actor.loginName, Actor.displayName, Actor.type))\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\n| project TimeGenerated, Action, Actor, TargetType, TargetName, Origin\n| order by TimeGenerated desc | take 30",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Most recent 30 audit events",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              }
+            },
+            "name": "q-5e7d6306"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "overview"
+      },
+      "name": "group-overview"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 9,
+            "content": {
+              "version": "KqlParameterItem/1.0",
+              "parameters": [
+                {
+                  "id": "b83a25c1-da18-49a2-a444-6517f13d891c",
+                  "version": "KqlParameterItem/1.0",
+                  "name": "SelectedActor",
+                  "label": "Actor",
+                  "type": 2,
+                  "isRequired": false,
+                  "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where isnotempty(ActorLogin)\n| summarize Events=count() by ActorLogin\n| order by Events desc | take 50\n| project value=ActorLogin, label=strcat(ActorLogin, \" (\", Events, \")\")",
+                  "typeSettings": {
+                    "additionalResourceOptions": [
+                      "value::all"
+                    ],
+                    "showDefault": false
+                  },
+                  "queryType": 0,
+                  "resourceType": "microsoft.operationalinsights/workspaces",
+                  "value": "value::all"
+                },
+                {
+                  "id": "a9cf7907-f201-4725-a072-a8bd34bef74e",
+                  "version": "KqlParameterItem/1.0",
+                  "name": "SelectedDevice",
+                  "label": "Device",
+                  "type": 2,
+                  "isRequired": false,
+                  "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| order by LastSeen desc | take 100\n| project value=DeviceName, label=strcat(coalesce(DeviceName, Hostname), \" (\", User, \")\")",
+                  "typeSettings": {
+                    "additionalResourceOptions": [
+                      "value::all"
+                    ],
+                    "showDefault": false
+                  },
+                  "queryType": 0,
+                  "resourceType": "microsoft.operationalinsights/workspaces",
+                  "value": "value::all"
+                }
+              ],
+              "style": "pills",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "name": "investigate-pickers"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Actor activity timeline</div>"
+            },
+            "name": "div-actor-activity-timel-5ec305"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where \"{SelectedActor}\" == \"value::all\" or ActorLogin == \"{SelectedActor}\"\n| summarize Events=count() by bin(TimeGenerated, 1h), Action\n| order by TimeGenerated asc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "timechart",
+              "title": "Actions over time for selected actor (or all actors)",
+              "noDataMessage": "Select an actor from the Actor dropdown above, or leave on 'All' to see total activity.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-32d40848"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where \"{SelectedActor}\" == \"value::all\" or ActorLogin == \"{SelectedActor}\"\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\n| project TimeGenerated, ActorLogin, Action, TargetType, TargetName, Origin\n| order by TimeGenerated desc | take 100",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Events from selected actor",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No events for this actor in the selected window.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-a742f6fd"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Selected device timeline</div>"
+            },
+            "name": "div-selected-device-time-00bead"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| where \"{SelectedDevice}\" == \"value::all\" or DeviceName == \"{SelectedDevice}\"\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| extend OnlineNow = ClientConnectivity.endpoints != \"\" or ConnectedToControl == true\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, Expires, KeyExpiryDisabled, OnlineNow, Addresses, Tags, AdvertisedRoutes",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Device summary",
+              "noDataMessage": "Select a device from the Device dropdown above. Defaults to 'All'.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-11094dc8"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend TargetType=tostring(Target.type), TargetName=tostring(Target.name), TargetId=tostring(Target.id)\n| where (\"{SelectedDevice}\" == \"value::all\" and TargetType == \"NODE\") or TargetName == \"{SelectedDevice}\"\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| project TimeGenerated, Action, ActorLogin, TargetName, TargetId, Origin\n| order by TimeGenerated desc | take 100",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Audit events touching this device",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No audit events recorded against the selected device in this window. Tailscale tags device events with Target.type=NODE; the audit feed only emits NODE events on create/update/delete, so quiet devices stay quiet here.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-ead106ce"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "investigate"
+      },
+      "name": "group-investigate"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">First-seen actors in the last 24h</div>"
+            },
+            "name": "div-first-seen-actors-in-ce38d9"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "let recent = Tailscale_Audit_CL | where TimeGenerated > ago(24h) | extend A=tostring(coalesce(Actor.loginName, Actor.displayName)) | summarize FirstSeen24h=min(TimeGenerated), Events=count() by A;\nlet historical = Tailscale_Audit_CL | where TimeGenerated between(ago(30d) .. ago(24h)) | extend A=tostring(coalesce(Actor.loginName, Actor.displayName)) | distinct A;\nrecent | join kind=leftanti historical on A | where isnotempty(A) | project FirstSeen24h, Actor=A, Events | order by Events desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Actors who have NEVER appeared before (30d baseline)",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "FirstSeen24h",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Events",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "orange"
+                    }
+                  }
+                ]
+              },
+              "noDataMessage": "Every actor seen in the last 24h has appeared at least once in the prior 30d. Healthy state.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-9ba7b85e"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Off-hours configuration changes</div>"
             },
-            "name": "div-at-a-glance-a23e75"
+            "name": "div-off-hours-configurat-3c3787"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "union (Tailscale_Devices_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by DeviceId | summarize V=toreal(count())                              | extend Metric=\"Devices\",            Order=1),(Tailscale_Users_CL   | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by UserId   | summarize V=toreal(count())                              | extend Metric=\"Users\",              Order=2),(Tailscale_Keys_CL    | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by KeyId    | summarize V=toreal(countif(isnull(Revoked)))              | extend Metric=\"Active keys\",        Order=3),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange}                                                   | summarize V=toreal(count())                              | extend Metric=\"Audit events\",       Order=4),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange} | where tostring(Target.property) == \"ACL\" or tostring(Target.property) == \"DNS_SPLIT_DNS\" or tostring(Target.property) == \"DNS_NAMESERVERS\" or tostring(Target.property) == \"MAGICDNS_PREFERENCES\" | summarize V=toreal(count()) | extend Metric=\"DNS / ACL changes\", Order=5)\n| order by Order asc | project Metric, Value=V",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend Hour=hourofday(TimeGenerated), DayOfWeek=dayofweek(TimeGenerated)/1d\n| where Hour < 7 or Hour > 19 or DayOfWeek in (0, 6)\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| extend TargetType=tostring(Target.type)\n| where Action !in (\"LOGIN\", \"LOGOUT\")\n| project TimeGenerated, ActorLogin, Action, TargetType, Origin\n| order by TimeGenerated desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Admin actions outside 07:00-19:00 weekdays",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No off-hours admin changes recorded - healthy state for an organisation working business hours.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-721ee490"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Devices with key expiry disabled</div>"
+            },
+            "name": "div-devices-with-key-exp-dfe9c1"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where KeyExpiryDisabled == true\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, Tags\n| order by LastSeen desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Devices that will never re-authenticate (high-risk drift)",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No devices have key expiry disabled - good. Disabling key expiry creates devices that never re-auth, drifting from policy.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-8a8e2fb5"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Auth keys with no expiry</div>"
+            },
+            "name": "div-auth-keys-with-no-ex-b11207"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked) and (isnull(Expires) or ExpirySeconds == 0)\n| project KeyId, Description, UserId, KeyType, Created, Capabilities\n| order by Created desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Active keys that never expire",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "Created",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No never-expiring auth keys - rotation hygiene is good.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-1372740c"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Devices running outdated clients</div>"
+            },
+            "name": "div-devices-running-outd-bcd077"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where UpdateAvailable == true\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Tags\n| order by LastSeen desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Devices flagged update-available by Tailscale",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "All devices on current client - nothing to patch.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-ecebf1f7"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Dormant devices (LastSeen > 30 days)</div>"
+            },
+            "name": "div-dormant-devices-(las-761156"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where LastSeen < ago(30d)\n| extend DaysIdle = toint((now() - LastSeen) / 1d)\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, DaysIdle, Authorized, Tags\n| order by DaysIdle desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Devices idle 30+ days - candidates for retirement",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "DaysIdle",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "redBright"
+                    }
+                  }
+                ]
+              },
+              "noDataMessage": "No devices idle 30+ days - inventory is fresh.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-fb6c1fcc"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Subnet route exposure</div>"
+            },
+            "name": "div-subnet-route-exposur-289c42"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\n| extend Routes = tostring(EnabledRoutes), Advertised = tostring(AdvertisedRoutes)\n| project DeviceName, Hostname, User, Os, Advertised, Routes, LastSeen, SshEnabled, Authorized\n| order by LastSeen desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Devices advertising or running subnet routes / exit-node duty",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No devices advertising subnet routes. Pure mesh topology.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-9533b081"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Devices with SSH enabled</div>"
+            },
+            "name": "div-devices-with-ssh-ena-285238"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where SshEnabled == true\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, Tags\n| order by LastSeen desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Devices with Tailscale SSH enabled (Tailscale-managed remote-shell access)",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No devices have Tailscale SSH enabled - no SSH-via-Tailscale risk surface.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-735368fb"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "hunts"
+      },
+      "name": "group-hunts"
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">User inventory snapshot</div>"
+            },
+            "name": "div-user-inventory-snaps-9dc96c"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "let U = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\nunion\n  (U | summarize V=toreal(count())                                                | extend Metric=\"Total users\",        Order=1),\n  (U | where Role in~ (\"admin\",\"owner\",\"network-admin\",\"it-admin\",\"billing-admin\") | summarize V=toreal(count()) | extend Metric=\"Admin-tier users\",  Order=2),\n  (U | where Status =~ \"active\"                                                   | summarize V=toreal(count()) | extend Metric=\"Active\",            Order=3),\n  (U | where CurrentlyConnected == true                                           | summarize V=toreal(count()) | extend Metric=\"Connected now\",     Order=4),\n  (U | where Status =~ \"idle\" or LastSeen < ago(30d)                              | summarize V=toreal(count()) | extend Metric=\"Idle / dormant\",    Order=5),\n  (U | where UserType =~ \"shared\"                                                 | summarize V=toreal(count()) | extend Metric=\"Shared (external)\", Order=6)\n| order by Order asc | project Metric, Value=V",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
@@ -166,71 +744,200 @@
                 "showBorder": false
               }
             },
-            "name": "q-97c91b94"
+            "name": "q-5689d9e8"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Activity over time</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
             },
-            "name": "div-activity-over-time-cad2b2"
+            "name": "div-distribution-de67ec"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Count=count() by Role\n| order by Count desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Audit events by action",
-              "visualization": "timechart"
+              "visualization": "piechart",
+              "title": "Users by role"
+            },
+            "name": "q-0c47912a",
+            "customWidth": "33"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Count=count() by Status\n| order by Count desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "piechart",
+              "title": "Users by status"
+            },
+            "name": "q-e8c20a69",
+            "customWidth": "33"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Count=count() by UserType\n| order by Count desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "piechart",
+              "title": "Users by type (member / shared)"
+            },
+            "name": "q-2c51776d",
+            "customWidth": "33"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Activity heatmap</div>"
+            },
+            "name": "div-activity-heatmap-ca6a21"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| extend DaysSinceLogin = toint((now() - LastSeen) / 1d)\n| extend Bucket = case(\n    DaysSinceLogin < 1, \"Today\",\n    DaysSinceLogin < 7, \"This week\",\n    DaysSinceLogin < 30, \"This month\",\n    DaysSinceLogin < 90, \"Past quarter\",\n    \"90+ days\")\n| summarize Users=count() by Bucket\n| order by case(Bucket==\"Today\",1, Bucket==\"This week\",2, Bucket==\"This month\",3, Bucket==\"Past quarter\",4, 5) asc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "barchart",
+              "title": "Users by recency of last login"
+            },
+            "name": "q-350e118d"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Full user list</div>"
+            },
+            "name": "div-full-user-list-136aac"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| project DisplayName, LoginName, Role, Status, UserType, DeviceCount, CurrentlyConnected, Created, LastSeen\n| order by LastSeen desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "All users (latest snapshot per user ID)",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "Created",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Role",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "Status",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "DeviceCount",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "blue"
+                    }
+                  }
+                ]
+              }
             },
-            "name": "q-b6555f0f"
+            "name": "q-cee23d3c"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Top actors</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Orphaned users (active but no devices)</div>"
             },
-            "name": "div-top-actors-8776bb"
+            "name": "div-orphaned-users-(acti-56d6f8"
           },
           {
             "type": 3,
             "content": {
-              "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize EventCount = count() by ActorLogin\n| top 10 by EventCount\n| render barchart",
-              "size": 0,
-              "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Top 10 actors",
-              "visualization": "table"
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| where Status =~ \"active\" and DeviceCount == 0\n| project DisplayName, LoginName, Role, UserType, Created, LastSeen\n| order by Created desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Active accounts with zero devices - candidates for offboarding review",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "Created",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "Every active account has at least one device - good hygiene.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-83fcd942"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Role escalation history</div>"
             },
-            "name": "q-91e46bcd",
-            "customWidth": "50"
+            "name": "div-role-escalation-hist-bd8df4"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by TargetType = tostring(Target.type)\n| top 10 by EventCount\n| render piechart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action == \"USER_ROLE_UPDATE\" or Action == \"USER_ROLES_ASSIGNED\" or Action contains \"ROLE\"\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| extend TargetName=tostring(coalesce(Target.name, Target.id))\n| extend FromRole=tostring(Old.role), ToRole=tostring(New.role)\n| project TimeGenerated, ActorLogin, Action, TargetName, FromRole, ToRole, Origin\n| order by TimeGenerated desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Activity by target type",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Recent role changes",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "ToRole",
+                    "formatter": 11
+                  }
+                ]
+              },
+              "noDataMessage": "No role changes in this window.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-226763e3",
-            "customWidth": "50"
+            "name": "q-f6c8358a"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "overview"
+        "value": "identity"
       },
-      "name": "group-overview"
+      "name": "group-identity"
     },
     {
       "type": 12,
@@ -241,15 +948,15 @@
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Device inventory snapshot</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Device fleet snapshot</div>"
             },
-            "name": "div-device-inventory-snapshot-9aebf5"
+            "name": "div-device-fleet-snapsho-939675"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "let base = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\nunion (base                                                                 | summarize V=toreal(count())                                      | extend Metric=\"Total devices\",       Order=1),(base | where Authorized == true                                      | summarize V=toreal(count())                                      | extend Metric=\"Authorized\",          Order=2),(base | where IsExternal == true                                      | summarize V=toreal(count())                                      | extend Metric=\"External (shared)\",   Order=3),(base | where KeyExpiryDisabled == true                               | summarize V=toreal(count())                                      | extend Metric=\"Key expiry disabled\", Order=4),(base | where UpdateAvailable == true                                 | summarize V=toreal(count())                                      | extend Metric=\"Update available\",    Order=5),(base | where array_length(AdvertisedRoutes) > 0                      | summarize V=toreal(count())                                      | extend Metric=\"Subnet routers\",      Order=6),(base | where LastSeen < ago(30d)                                     | summarize V=toreal(count())                                      | extend Metric=\"Stale (30+ days)\",    Order=7)\n| order by Order asc | project Metric, Value=V",
+              "query": "let D = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\nunion\n  (D | summarize V=toreal(count())                              | extend Metric=\"Total devices\",       Order=1),\n  (D | where Authorized == true                                 | summarize V=toreal(count()) | extend Metric=\"Authorized\",          Order=2),\n  (D | where IsExternal == true                                 | summarize V=toreal(count()) | extend Metric=\"External (shared)\",   Order=3),\n  (D | where UpdateAvailable == true                            | summarize V=toreal(count()) | extend Metric=\"Updates available\",   Order=4),\n  (D | where SshEnabled == true                                 | summarize V=toreal(count()) | extend Metric=\"SSH-enabled\",         Order=5),\n  (D | where KeyExpiryDisabled == true                          | summarize V=toreal(count()) | extend Metric=\"No key expiry\",       Order=6),\n  (D | where array_length(AdvertisedRoutes) > 0                 | summarize V=toreal(count()) | extend Metric=\"Subnet/exit-node\",    Order=7),\n  (D | where LastSeen < ago(30d)                                | summarize V=toreal(count()) | extend Metric=\"Stale (30+ days)\",    Order=8)\n| order by Order asc | project Metric, Value=V",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
@@ -269,238 +976,165 @@
                 "showBorder": false
               }
             },
-            "name": "q-2c8bcfb1"
+            "name": "q-366964fc"
           },
           {
             "type": 1,
             "content": {
               "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
             },
-            "name": "div-distribution-c08880"
+            "name": "div-distribution-396d03"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Count = count() by Os\n| order by Count desc",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Count=count() by Os\n| order by Count desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Devices by OS",
-              "visualization": "piechart"
+              "visualization": "piechart",
+              "title": "Devices by OS"
             },
-            "name": "q-8435df72",
+            "name": "q-0c8f5988",
             "customWidth": "33"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Count = count() by ClientVersion\n| order by Count desc",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Count=count() by ClientVersion\n| order by Count desc | take 10",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Devices by client version",
-              "visualization": "barchart"
+              "visualization": "barchart",
+              "title": "Top 10 client versions"
             },
-            "name": "q-95a9414c",
+            "name": "q-af1c45cd",
             "customWidth": "33"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| mv-expand Tag = Tags to typeof(string)\n| summarize Devices = dcount(DeviceId) by Tag = iff(isempty(Tag), \"(untagged)\", Tag)\n| order by Devices desc",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| mv-expand Tag = Tags to typeof(string)\n| summarize Devices=dcount(DeviceId) by Tag=iff(isempty(Tag), \"(untagged)\", Tag)\n| order by Devices desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Devices by tag",
-              "visualization": "piechart"
+              "visualization": "piechart",
+              "title": "Devices by tag"
             },
-            "name": "q-7e72903f",
+            "name": "q-c3a0ef5b",
             "customWidth": "33"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Device inventory table</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Devices needing attention</div>"
             },
-            "name": "div-device-inventory-table-d1a89d"
+            "name": "div-devices-needing-atte-f04a47"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| extend DaysToExpiry = iff(KeyExpiryDisabled == true, int(null), datetime_diff('day', Expires, now()))\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, LastSeen, DaysSinceSeen, DaysToExpiry, KeyExpiryDisabled, Tags, AdvertisedRoutes\n| order by LastSeen desc",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where UpdateAvailable == true or KeyExpiryDisabled == true or LastSeen < ago(30d) or Authorized == false\n| extend Issues = strcat_array(pack_array(\n    iff(UpdateAvailable == true, \"needs-update\", \"\"),\n    iff(KeyExpiryDisabled == true, \"key-never-expires\", \"\"),\n    iff(LastSeen < ago(30d), \"stale\", \"\"),\n    iff(Authorized == false, \"unauthorized\", \"\")), \",\")\n| extend Issues = trim(\",\", trim_start(\",\", trim_end(\",\", replace_string(Issues, \",,\", \",\"))))\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Issues\n| order by LastSeen desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "All devices (latest snapshot per device)",
               "visualization": "table",
+              "title": "Devices flagged with one or more issues",
               "gridSettings": {
                 "formatters": [
                   {
-                    "columnMatch": "DaysSinceSeen",
-                    "formatter": 8,
-                    "formatOptions": {
-                      "palette": "redBright",
-                      "min": 0,
-                      "max": 60
-                    }
-                  },
-                  {
-                    "columnMatch": "DaysToExpiry",
-                    "formatter": 8,
-                    "formatOptions": {
-                      "palette": "redBright",
-                      "min": 0,
-                      "max": 30
-                    }
-                  },
-                  {
-                    "columnMatch": "UpdateAvailable",
-                    "formatter": 11
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
                   },
                   {
-                    "columnMatch": "KeyExpiryDisabled",
+                    "columnMatch": "Issues",
                     "formatter": 11
                   }
                 ]
-              }
-            },
-            "name": "q-d7892cab"
-          },
-          {
-            "type": 1,
-            "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Subnet routers and exit nodes</div>"
+              },
+              "noDataMessage": "No devices need attention - all updated, fresh, authorized, and key-rotating.",
+              "noDataMessageStyle": 5
             },
-            "name": "div-subnet-routers-and-exit-nodes-a6fbe2"
+            "name": "q-dc5db84c"
           },
-          {
-            "type": 3,
-            "content": {
-              "version": "KqlItem/1.0",
-              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\n| project DeviceName, User, Os, AdvertisedRoutes, EnabledRoutes, Tags, LastSeen\n| order by DeviceName asc",
-              "size": 0,
-              "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Devices advertising routes (subnet routers / exit nodes)",
-              "visualization": "table"
-            },
-            "name": "q-50b65ee3"
-          }
-        ]
-      },
-      "conditionalVisibility": {
-        "parameterName": "selectedTab",
-        "comparison": "isEqualTo",
-        "value": "devices"
-      },
-      "name": "group-devices"
-    },
-    {
-      "type": 12,
-      "content": {
-        "version": "NotebookGroup/1.0",
-        "groupType": "editable",
-        "items": [
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Identity overview</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Full device inventory</div>"
             },
-            "name": "div-identity-overview-9335d8"
+            "name": "div-full-device-inventor-b70642"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "let base = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\nunion (base                                | summarize V=toreal(count())                                | extend Metric=\"Users\",             Order=1),(base | where Status =~ \"active\"   | summarize V=toreal(count())                                | extend Metric=\"Active\",            Order=2),(base | where Status =~ \"suspended\" | summarize V=toreal(count())                               | extend Metric=\"Suspended\",         Order=3),(base | where CurrentlyConnected == true | summarize V=toreal(count())                           | extend Metric=\"Currently connected\", Order=4),(base | where DeviceCount == 0       | summarize V=toreal(count())                                | extend Metric=\"Zero devices\",      Order=5),(base | where Role in (\"owner\",\"admin\",\"network-admin\") | summarize V=toreal(count())          | extend Metric=\"Elevated\",          Order=6)\n| order by Order asc | project Metric, Value=V",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, KeyExpiryDisabled, Tags, AdvertisedRoutes\n| order by LastSeen desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "visualization": "tiles",
-              "tileSettings": {
-                "titleContent": {
-                  "columnMatch": "Metric",
-                  "formatter": 1
-                },
-                "leftContent": {
-                  "columnMatch": "Value",
-                  "formatter": 12,
-                  "formatOptions": {
-                    "palette": "auto"
+              "visualization": "table",
+              "title": "All devices (latest snapshot per device ID)",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Os",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "ClientVersion",
+                    "formatter": 11
                   }
-                },
-                "showBorder": false
+                ]
               }
             },
-            "name": "q-fb41aa51"
-          },
-          {
-            "type": 1,
-            "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
-            },
-            "name": "div-distribution-4b2298"
-          },
-          {
-            "type": 3,
-            "content": {
-              "version": "KqlItem/1.0",
-              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Users = count() by Role\n| order by Users desc",
-              "size": 0,
-              "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Users by role",
-              "visualization": "piechart"
-            },
-            "name": "q-69fb1d2d",
-            "customWidth": "50"
-          },
-          {
-            "type": 3,
-            "content": {
-              "version": "KqlItem/1.0",
-              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Users = count() by Status\n| order by Users desc",
-              "size": 0,
-              "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Users by status",
-              "visualization": "piechart"
-            },
-            "name": "q-d026cea9",
-            "customWidth": "50"
+            "name": "q-7f7e7a9a"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">User inventory table</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Subnet routers / exit nodes</div>"
             },
-            "name": "div-user-inventory-table-79802d"
+            "name": "div-subnet-routers-/-exi-b082d6"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| project LoginName, DisplayName, Role, Status, UserType, DeviceCount, CurrentlyConnected, LastSeen, DaysSinceSeen, Created\n| order by LastSeen desc",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(AdvertisedRoutes) > 0\n| extend AdvertisedSummary = tostring(AdvertisedRoutes), EnabledSummary = tostring(EnabledRoutes)\n| project DeviceName, Hostname, User, Os, AdvertisedSummary, EnabledSummary, LastSeen, Authorized\n| order by LastSeen desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "All users (latest snapshot per user)",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Devices advertising subnet routes or exit-node capability",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No subnet routers in this tailnet - pure mesh topology.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-bd4b15af"
+            "name": "q-5004df25"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "users"
+        "value": "devices"
       },
-      "name": "group-users"
+      "name": "group-devices"
     },
     {
       "type": 12,
@@ -511,15 +1145,15 @@
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credential inventory</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credentials snapshot</div>"
             },
-            "name": "div-credential-inventory-3dbcc1"
+            "name": "div-credentials-snapshot-fd464a"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "let base = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId | where isnull(Revoked);\nunion (base                                                  | summarize V=toreal(count())                  | extend Metric=\"Active credentials\",    Order=1),(base | where KeyType =~ \"auth\"                       | summarize V=toreal(count())                  | extend Metric=\"Auth keys\",             Order=2),(base | where KeyType in~ (\"apiAccessToken\",\"api_access_token\",\"apikey\") | summarize V=toreal(count()) | extend Metric=\"API tokens\",          Order=3),(base | where KeyType in~ (\"oauthClient\",\"oauth_client\")                  | summarize V=toreal(count()) | extend Metric=\"OAuth clients\",       Order=4),(base | where isnull(Expires)                          | summarize V=toreal(count())                  | extend Metric=\"No expiry\",             Order=5),(base | where isnotnull(Expires) and Expires < now()+7d | summarize V=toreal(count())                 | extend Metric=\"Expiring within 7 days\", Order=6)\n| order by Order asc | project Metric, Value=V",
+              "query": "let K = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId;\nunion\n  (K | summarize V=toreal(count())                                     | extend Metric=\"Total keys\",          Order=1),\n  (K | where isnull(Revoked) and (isnull(Expires) or Expires > now())  | summarize V=toreal(count()) | extend Metric=\"Active\",              Order=2),\n  (K | where isnotnull(Revoked)                                        | summarize V=toreal(count()) | extend Metric=\"Revoked\",             Order=3),\n  (K | where Expires < now() and isnull(Revoked)                       | summarize V=toreal(count()) | extend Metric=\"Expired\",             Order=4),\n  (K | where isnull(Revoked) and Expires between(now() .. ago(-7d))    | summarize V=toreal(count()) | extend Metric=\"Expiring in 7d\",      Order=5),\n  (K | where isnull(Revoked) and (isnull(Expires) or ExpirySeconds==0) | summarize V=toreal(count()) | extend Metric=\"Never expire\",        Order=6),\n  (K | where KeyType =~ \"auth\"                                         | summarize V=toreal(count()) | extend Metric=\"Auth keys\",           Order=7),\n  (K | where KeyType =~ \"api\" or KeyType contains \"oauth\"              | summarize V=toreal(count()) | extend Metric=\"API / OAuth\",         Order=8)\n| order by Order asc | project Metric, Value=V",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
@@ -539,95 +1173,112 @@
                 "showBorder": false
               }
             },
-            "name": "q-7f141013"
+            "name": "q-79398bc0"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credentials by type</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
             },
-            "name": "div-credentials-by-type-20d5b3"
+            "name": "div-distribution-15f665"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked)\n| summarize Count = count() by KeyType",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| summarize Count=count() by KeyType\n| order by Count desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Credentials by type",
-              "visualization": "piechart"
+              "visualization": "piechart",
+              "title": "Keys by type"
             },
-            "name": "q-dfb3fbc4",
+            "name": "q-23e6618b",
             "customWidth": "50"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked) and isnotnull(Expires)\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\n| extend Bucket = case(DaysToExpiry < 0, '0 expired', DaysToExpiry < 7, '1 within 7d', DaysToExpiry < 30, '2 within 30d', DaysToExpiry < 90, '3 within 90d', '4 over 90d')\n| summarize Keys = count() by Bucket\n| order by Bucket asc",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked)\n| extend Bucket = case(\n    isnull(Expires) or ExpirySeconds == 0, \"Never\",\n    Expires < now(), \"Already expired\",\n    Expires < ago(-1d), \"<24h\",\n    Expires < ago(-7d), \"1-7d\",\n    Expires < ago(-30d), \"8-30d\",\n    Expires < ago(-90d), \"31-90d\",\n    \"90+d\")\n| summarize Keys=count() by Bucket\n| order by case(Bucket==\"Already expired\",1, Bucket==\"<24h\",2, Bucket==\"1-7d\",3, Bucket==\"8-30d\",4, Bucket==\"31-90d\",5, Bucket==\"90+d\",6, Bucket==\"Never\",7, 8) asc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Credentials by expiry window",
-              "visualization": "barchart"
+              "visualization": "barchart",
+              "title": "Active key expiry distribution"
             },
-            "name": "q-09938e1d",
+            "name": "q-7484d1a0",
             "customWidth": "50"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credential inventory table</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Active credential register</div>"
             },
-            "name": "div-credential-inventory-table-0ccb53"
+            "name": "div-active-credential-re-c27539"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| extend DaysToExpiry = iff(isnull(Expires), int(null), datetime_diff('day', Expires, now()))\n| project KeyId, KeyType, Description, Created, Expires, DaysToExpiry, Revoked, Capabilities\n| order by Created desc",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked)\n| extend ExpiryStatus = case(\n    isnull(Expires) or ExpirySeconds == 0, \"Never expires\",\n    Expires < now(), \"Expired\",\n    Expires < ago(-7d), \"Expires in 7d\",\n    Expires < ago(-30d), \"Expires in 30d\",\n    \"OK\")\n| project KeyId, KeyType, Description, UserId, Created, Expires, ExpiryStatus, Capabilities\n| order by Created desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "All credentials (latest snapshot per ID)",
               "visualization": "table",
+              "title": "All active credentials with computed expiry status",
               "gridSettings": {
                 "formatters": [
                   {
-                    "columnMatch": "DaysToExpiry",
-                    "formatter": 8,
-                    "formatOptions": {
-                      "palette": "redBright",
-                      "min": 0,
-                      "max": 90
-                    }
+                    "columnMatch": "Created",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Expires",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "ExpiryStatus",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "KeyType",
+                    "formatter": 11
                   }
                 ]
               }
             },
-            "name": "q-0660a92f"
+            "name": "q-4b27a750"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Audit log: credential lifecycle</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credential CRUD events</div>"
             },
-            "name": "div-audit-log:-credential-lifecycl-25cd5f"
+            "name": "div-credential-crud-even-e455b0"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"AUTH_KEY\", \"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, TargetType = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action contains \"API_KEY\" or Action contains \"AUTH_KEY\" or Action contains \"OAUTH\" or Action contains \"KEY_CREATE\" or Action contains \"KEY_REVOKE\"\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| extend TargetId=tostring(Target.id), TargetType=tostring(Target.type)\n| project TimeGenerated, Action, ActorLogin, TargetType, TargetId, Origin\n| order by TimeGenerated desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Create / update / delete events on credentials",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Recent credential create / revoke / rotate events",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No credential CRUD activity in this window.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-667d6168"
+            "name": "q-777693bd"
           }
         ]
       },
@@ -647,71 +1298,120 @@
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Current DNS state</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Audit volume</div>"
+            },
+            "name": "div-audit-volume-de29a2"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize Events=count() by bin(TimeGenerated, 1h)\n| order by TimeGenerated asc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "timechart",
+              "title": "Audit events per hour",
+              "noDataMessage": "No audit events in this window.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-f5eee265"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Action heatmap by hour of day</div>"
             },
-            "name": "div-current-dns-state-b054f9"
+            "name": "div-action-heatmap-by-ho-c8bd5e"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Dns_CL\n| summarize arg_max(TimeGenerated, *) by ConfigType\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastUpdated = TimeGenerated\n| order by ConfigType asc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend Hour=hourofday(TimeGenerated)\n| summarize Events=count() by Hour, Action\n| order by Hour asc, Events desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "DNS configuration snapshot (latest per config type)",
-              "visualization": "table"
+              "visualization": "categoricalbar",
+              "title": "When are admin actions happening?"
             },
-            "name": "q-b72ff334"
+            "name": "q-c6f45d95"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailnet settings snapshot</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Actor / Action heatmap</div>"
             },
-            "name": "div-tailnet-settings-snapshot-a457cb"
+            "name": "div-actor-/-action-heatm-d820ba"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Settings_CL\n| top 1 by TimeGenerated\n| project\n    ['Snapshot at'] = TimeGenerated,\n    ['Device approval required'] = iff(DevicesApprovalOn == true, 'On', 'Off'),\n    ['Device auto-updates'] = iff(DevicesAutoUpdatesOn == true, 'On', 'Off'),\n    ['Device key duration (days)'] = DevicesKeyDurationDays,\n    ['User approval required'] = iff(UsersApprovalOn == true, 'On', 'Off'),\n    ['Users allowed to join external tailnets'] = UsersRoleAllowedToJoinExternalTailnets,\n    ['Regional routing'] = iff(RegionalRoutingOn == true, 'On', 'Off')",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where isnotempty(ActorLogin)\n| summarize Events=count() by ActorLogin, Action\n| order by Events desc | take 100",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Current tailnet settings",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Who is firing which action",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "Events",
+                    "formatter": 4,
+                    "formatOptions": {
+                      "palette": "blue"
+                    }
+                  }
+                ]
+              },
+              "noDataMessage": "No audit events in this window.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-99cf0545"
+            "name": "q-06c13b3b"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">DNS / ACL / Settings change history</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Recent activity</div>"
             },
-            "name": "div-dns-/-acl-/-settings-change-hi-b18656"
+            "name": "div-recent-activity-63b210"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action == \"UPDATE\" and tostring(Target.type) == \"TAILNET\"\n| extend Property = tostring(Target.property), ActorLogin = tostring(Actor.loginName)\n| where Property in (\"ACL\", \"DNS_NAMESERVERS\", \"DNS_SPLIT_DNS\", \"DNS_SEARCHPATHS\", \"MAGICDNS_PREFERENCES\", \"SETTINGS\", \"TAILNET_SETTINGS\")\n| project TimeGenerated, ActorLogin, Property, Old, New, Origin\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\n| project TimeGenerated, Action, ActorLogin, TargetType, TargetName, Origin, EventGroupID\n| order by TimeGenerated desc | take 100",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Tailnet configuration changes",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Last 100 audit events",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Action",
+                    "formatter": 11
+                  }
+                ]
+              },
+              "noDataMessage": "No audit events in this window.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-47218d2a"
+            "name": "q-07a25a40"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "dns"
+        "value": "audit"
       },
-      "name": "group-dns"
+      "name": "group-audit"
     },
     {
       "type": 12,
@@ -722,126 +1422,157 @@
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Webhook inventory</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">DNS configuration (current state)</div>"
             },
-            "name": "div-webhook-inventory-ca6406"
+            "name": "div-dns-configuration-(c-5f2e1e"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Webhooks_CL\n| summarize arg_max(TimeGenerated, *) by EndpointId\n| project EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions",
+              "query": "Tailscale_Dns_CL\n| summarize arg_max(TimeGenerated, *) by ConfigType\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastSnapshot=TimeGenerated\n| order by ConfigType asc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "All webhooks (latest snapshot per endpoint)",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "MagicDNS, nameservers, search paths",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSnapshot",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "ConfigType",
+                    "formatter": 11
+                  }
+                ]
+              },
+              "noDataMessage": "No DNS snapshots in the workspace yet. DNS polls runs at ~30 min cadence.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-d2585638"
+            "name": "q-d6a6a358"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Webhook change history (from audit log)</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailnet settings (current)</div>"
             },
-            "name": "div-webhook-change-history-(from-a-040d0e"
+            "name": "div-tailnet-settings-(cu-e03b16"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"WEBHOOK\" or tostring(Target.property) =~ \"WEBHOOK\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, Target, Old, New, Origin\n| order by TimeGenerated desc",
+              "query": "Tailscale_Settings_CL\n| summarize arg_max(TimeGenerated, *) by TenantId\n| project DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn, UsersRoleAllowedToJoinExternalTailnets, LastSnapshot=TimeGenerated",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Webhook create / update / delete events",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Tailnet policy gates",
+              "noDataMessage": "No settings snapshot yet.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-303ec591"
-          }
-        ]
-      },
-      "conditionalVisibility": {
-        "parameterName": "selectedTab",
-        "comparison": "isEqualTo",
-        "value": "webhooks"
-      },
-      "name": "group-webhooks"
-    },
-    {
-      "type": 12,
-      "content": {
-        "version": "NotebookGroup/1.0",
-        "groupType": "editable",
-        "items": [
+            "name": "q-0622cfc3"
+          },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Audit volume</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">DNS change history</div>"
             },
-            "name": "div-audit-volume-2dac6c"
+            "name": "div-dns-change-history-9dd376"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h)",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend TargetProperty=tostring(Target.property)\n| where Action contains \"DNS\" or TargetProperty has_any (\"DNS_NAMESERVERS\", \"DNS_SPLIT_DNS\", \"MAGICDNS\", \"DNS_SEARCH_PATHS\")\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| project TimeGenerated, ActorLogin, Action, TargetProperty, Origin\n| order by TimeGenerated desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Audit events per hour",
-              "visualization": "timechart"
+              "visualization": "table",
+              "title": "Recent DNS-related admin changes",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No DNS changes in this window.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-6831105c"
+            "name": "q-a132ff6a"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Actor and action distribution</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">ACL policy changes</div>"
             },
-            "name": "div-actor-and-action-distribution-e6ef51"
+            "name": "div-acl-policy-changes-ff0e68"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\n| summarize EventCount = count() by ActorLogin, Action, TargetType\n| order by EventCount desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action == \"ACL_UPDATE\" or Action contains \"ACL\"\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| project TimeGenerated, ActorLogin, Action, Origin, EventGroupID\n| order by TimeGenerated desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Actor / Action / Target heatmap",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Recent ACL / policy file modifications",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No ACL changes in this window.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-2d0d578e"
+            "name": "q-94818c53"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Recent activity</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Subnet routes & exit nodes</div>"
             },
-            "name": "div-recent-activity-a8f996"
+            "name": "div-subnet-routes-and-ex-eef47f"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type), Property = tostring(Target.property)\n| project TimeGenerated, ActorLogin, Action, TargetType, Property, TargetId = tostring(Target.id), Origin\n| order by TimeGenerated desc\n| take 100",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(EnabledRoutes) > 0\n| project DeviceName, User, Os, EnabledRoutes=tostring(EnabledRoutes), AdvertisedRoutes=tostring(AdvertisedRoutes), LastSeen\n| order by LastSeen desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Recent 100 audit events",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Routes currently being served from devices",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No subnet routers active in this tailnet.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-03fb31a7"
+            "name": "q-61a792cd"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "audit"
+        "value": "network"
       },
-      "name": "group-audit"
+      "name": "group-network"
     },
     {
       "type": 12,
@@ -852,76 +1583,125 @@
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailscale-related alerts</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Ingest rate per table</div>"
             },
-            "name": "div-tailscale-related-alerts-a0f1ca"
+            "name": "div-ingest-rate-per-tabl-24e5f6"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertName, AlertSeverity\n| order by Count desc",
+              "query": "union withsource=Table Tailscale_Audit_CL, Tailscale_Devices_CL, Tailscale_Users_CL, Tailscale_Keys_CL, Tailscale_Dns_CL, Tailscale_Settings_CL\n| where TimeGenerated > ago(24h)\n| summarize Rows=count() by Table, bin(TimeGenerated, 1h)\n| order by TimeGenerated asc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Alerts by rule",
-              "visualization": "table"
+              "visualization": "timechart",
+              "title": "Rows ingested per Tailscale table per hour (last 24h)",
+              "noDataMessage": "No Tailscale data ingested in the last 24h - check the connector card under Sentinel Data Connectors.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-ffba1ab4",
-            "customWidth": "50"
+            "name": "q-c6fd0143"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Last poll time per table</div>"
+            },
+            "name": "div-last-poll-time-per-t-49b051"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertSeverity\n| render piechart",
+              "query": "union withsource=Table Tailscale_Audit_CL, Tailscale_Devices_CL, Tailscale_Users_CL, Tailscale_Keys_CL, Tailscale_Dns_CL, Tailscale_Settings_CL\n| summarize LastRow=max(TimeGenerated), TotalRows=count() by Table\n| extend MinutesAgo=toint((now() - LastRow) / 1m)\n| extend Status=case(MinutesAgo < 60, \"Fresh\", MinutesAgo < 360, \"Recent\", MinutesAgo < 1440, \"Stale\", \"Very Stale\")\n| project Table, LastRow, MinutesAgo, TotalRows, Status\n| order by MinutesAgo asc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Severity distribution",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Per-table freshness",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastRow",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "MinutesAgo",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "redBright"
+                    }
+                  },
+                  {
+                    "columnMatch": "TotalRows",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "blue"
+                    }
+                  },
+                  {
+                    "columnMatch": "Status",
+                    "formatter": 11
+                  }
+                ]
+              }
             },
-            "name": "q-bf9342b0",
-            "customWidth": "50"
+            "name": "q-a02e37a8"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Recent Tailscale alerts</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Log Analytics operational events</div>"
             },
-            "name": "div-recent-tailscale-alerts-45f843"
+            "name": "div-log-analytics-operat-630749"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\n| order by TimeGenerated desc",
+              "query": "_LogOperation\n| where TimeGenerated > ago(24h)\n| where _ResourceId contains \"tailscale\" or Detail contains \"Tailscale_\"\n| project TimeGenerated, Operation, Level, Detail\n| order by TimeGenerated desc | take 100",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Recent Tailscale alerts",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Log Analytics operational events touching Tailscale tables",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Level",
+                    "formatter": 11
+                  }
+                ]
+              },
+              "noDataMessage": "No operational issues recorded in the last 24h.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-dfb44602"
+            "name": "q-b492f150"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "signals"
+        "value": "pipeline"
       },
-      "name": "group-signals"
+      "name": "group-pipeline"
     },
     {
       "type": 1,
       "content": {
-        "json": "---\n\n**Tailscale Standard (CCF)** | Polled from the Tailscale Site Manager API every 5 minutes (audit) / hourly (state). For Premium / Enterprise tier tailnets that need network flow logs and posture telemetry, install **Tailscale Premium (CCF)** instead."
+        "json": "<div style=\"margin-top:32px;padding-top:16px;border-top:1px solid #1e293b;color:#64748b;font-size:12px\"><strong>Tailscale Operations (Standard) (CCF)</strong> - Microsoft Sentinel content from the Tailscale (CCF) solution, Standard-tier surface. Tables polled from the Tailscale REST API: audit, devices, users, keys, dns, settings. Filter every panel via the time range above; the Investigate tab adds Actor and Device pickers for drilldown. For network flow logs and posture integrations, install the companion <strong>Tailscale Operations (Premium)</strong> workbook on a Premium / Enterprise tailnet.</div>"
       },
       "name": "footer"
     }
   ],
-  "fallbackResourceIds": [],
-  "fromTemplateId": "sentinel-TailscaleStandardOperations",
+  "fallbackResourceIds": [
+    "Azure Monitor"
+  ],
+  "fromTemplateId": "sentinel-Tailscale-CCF",
   "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
 }
\ No newline at end of file
diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json
index 75474e04e9d..98ed6467276 100644
--- a/Workbooks/WorkbooksMetadata.json
+++ b/Workbooks/WorkbooksMetadata.json
@@ -10600,7 +10600,7 @@
   {
     "workbookKey": "TailscaleStandardOperationsWorkbook",
     "logoFileName": "Tailscale.svg",
-    "description": "Tailscale Operations workbook for Standard tier - device inventory, user roles, auth keys, DNS configuration, audit activity, and tailnet health overview.",
+    "description": "Tailscale Operations workbook for Standard tier. Nine tabs covering an at-a-glance KPI hero row, audit activity overview, an actor + device drilldown (Investigate), embedded hunting queries (first-seen actors, off-hours changes, key-expiry-disabled devices, never-expire auth keys, outdated clients, dormant devices, subnet route exposure, SSH-enabled devices), identity (user roles, status, last login recency, role escalation history, orphaned users), devices (OS / version / tag distribution, devices needing attention, full inventory, subnet routers), credentials (expiry timeline, never-expire flag, CRUD events), admin audit (action heatmap, actor x action heatmap, recent 100), network and DNS (current snapshot, tailnet policy gates, ACL change history), and pipeline health (per-table freshness, ingest rate, operational events). Driven by data polled from the Tailscale REST API.",
     "dataTypesDependencies": [
       "Tailscale_Audit_CL",
       "Tailscale_Devices_CL",

From 7c3ee1f3764881ca8ecd2eaf10ebc032925621fa Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 19 May 2026 12:34:32 +0100
Subject: [PATCH 16/27] feat(tailscale): finalize 3.0.0 for upstream PR
 submission

Brings the Tailscale (CCF) solution to upstream-ready state. Net-new
content (analytic rule + 5 hunting queries, schema additions, workbook
rebuild), reviewer-feedback compliance (mirroring v-shukore comments on
UniFi PR), and the ARM-TTK fix the V3 wrapper doesn't filter.

Net content additions:
- New analytic rule: TailscaleOAuthClientCreatedWithWriteScopes (High,
  Persistence/PrivilegeEscalation, T1098/T1136) - flags OAuth clients
  granted any :write scope.
- New analytic rule: TailscalePremiumDerpRelaySurge (Low, CommandAndControl,
  T1572) - >75% flows fallen back to DERP relay (NAT/firewall failure
  or evasion signal).
- 5 new Premium hunting queries leveraging 3.1.0 promoted columns:
  CrossTagFlowMatrix, DerpRelayPersistence, OffHoursFlows,
  TaggedServiceFanIn, UserMultiDevice.

Schema additions (carried from earlier dev iterations, now landing in 3.0.0):
- Tailscale_Audit_CL: EventType, ActionDetails (previously silently
  dropped by DCR streamDecl).
- Tailscale_Network_CL: 15 columns promoted from srcNode/dstNodes
  (SrcUser/SrcNodeName/SrcOs/SrcTags/SrcAddresses/DstCount/DstNodeId/
  DstNodeName/DstUser/DstOs/DstTags/DstAddresses) plus traffic-shape
  flags (HasVirtualTraffic/HasSubnetTraffic/HasExitTraffic/
  HasPhysicalTraffic/IsRelayed via 127.3.3.40 DERP detection).
- Premium DCR DNS consolidation: 3 separate streams unified to
  Custom-Tailscale_DnsConfig_CL (under Azure 10-dataFlow limit).
- All 5 Premium network analytic rules rewritten against promoted
  columns instead of dynamic JSON traversal; gained Host + Account
  entityMappings.

Workbooks rebuilt:
- TailscaleStandardOperations: 9-tab forensic UX (overview, identity,
  devices, credentials, admin audit, network, DNS, investigate, pipeline
  health).
- TailscalePremiumOperations: Standard tabs plus Network Flows + Posture
  tabs with traffic-mix area chart, DERP direct-vs-relayed pie, exit-node
  tag breakdown, posture provider/health pies, beaconing-candidate table.
- Investigate-tab pickers use explicit __ALL__ sentinel row (the magic
  value::all additionalResourceOptions does not reliably substitute).
- Positive-outcome panels use noDataMessageStyle: 1 (info/blue) not 5
  (critical/red).

Reviewer-feedback compliance (v-shukore on UniFi PR):
- Solution_Tailscale.json BasePath -> Windows path
  (C:\\GitHub\\azure-Sentinel\\Solutions\\Tailscale (CCF)).
- SolutionMetadata.json support.name "Community" -> "Tailscale (CCF)".
- firstPublishDate / lastPublishDate -> 2026-05-19.
- Version pinned 3.0.0 (was 3.1.28 across dev iterations);
  ReleaseNotes.md collapsed to single "Initial Solution Release" row.

Hunting query polish:
- 14 descriptions normalised to start with "Identifies" (consistent
  with existing 8 that already did, matches detection-rule convention).
- 5 new Premium hunting queries gained entityMappings + version: 1.0.0.

ARM-TTK fix (47/48 -> 48/48):
- Package/mainTemplate.json: stripped 7 unreferenced variables
  (_solutionVersion, dataConnectorTemplateName{ConnectorDefinition,
  Connections}{1,2}, dataCollectionEndpointId{1,2}) and 3 dependent
  unreferenced parameters (resourceGroupName, subscription,
  dataCollectionEndpoint). Legacy artefacts of the single-card CCF
  template pattern; Tailscale uses the Proofpoint TAP multi-poller-
  per-card shape (guidValue + innerWorkspace) which does not reference
  them.

Tooling for future rebuilds (gitignored, not for upstream):
- .gitignore: added .local-helpers/ exclusion.
- .local-helpers/finalize-tailscale-package.py: idempotent post-build
  script. Auto-detects the wrapper-bumped Version, pins it back to
  target (default 3.0.0), strips unreferenced vars/params, repackages
  Package/<target>.zip, sweeps .DS_Store.

Package regeneration:
- Removed stale Package/3.0.5.zip.
- Generated fresh Package/3.0.0.zip.
- Package/mainTemplate.json + createUiDefinition.json regenerated.

Verified locally: ARM-TTK 48/48, KQL validators pass, no privacy
leaks in source files.
---
 .gitignore                                    |    3 +
 ...caleOAuthClientCreatedWithWriteScopes.yaml |   52 +
 .../TailscalePremiumBeaconingDetected.yaml    |   19 +-
 .../TailscalePremiumDerpRelaySurge.yaml       |   51 +
 ...TailscalePremiumLargeOutboundTransfer.yaml |   13 +-
 .../TailscalePremiumMassFanOut.yaml           |    7 +-
 ...ePremiumSubnetRouterThroughputAnomaly.yaml |   14 +-
 ...lscalePremiumUnexpectedExitNodeEgress.yaml |   12 +-
 .../TailscaleAuditLogs_ccf/Tailscale_DCR.json |   10 +-
 .../Tailscale_tables.json                     |    8 +
 .../TailscalePremium_DCR.json                 |   62 +-
 .../TailscalePremium_PollerConfig.json        |    6 +-
 .../TailscalePremium_tables.json              |   76 +
 .../Data/Solution_Tailscale.json              |   15 +-
 .../TailscaleAuthKeySprawl.yaml               |    2 +-
 .../TailscaleDevicesWithSshEnabled.yaml       |    2 +-
 .../TailscaleDormantDevices.yaml              |    2 +-
 .../TailscaleExternalDeviceInventory.yaml     |    2 +-
 .../TailscaleFirstSeenActor.yaml              |    2 +-
 .../TailscaleOffHoursConfigChanges.yaml       |    2 +-
 .../TailscaleOrphanedUsers.yaml               |    2 +-
 .../TailscaleOutdatedClients.yaml             |    2 +-
 .../TailscalePremiumCrossTagFlowMatrix.yaml   |   41 +
 .../TailscalePremiumDerpRelayPersistence.yaml |   37 +
 .../TailscalePremiumExitNodeUsage.yaml        |    2 +-
 .../TailscalePremiumNewNodePairs.yaml         |    2 +-
 .../TailscalePremiumOffHoursFlows.yaml        |   40 +
 .../TailscalePremiumPostureInventory.yaml     |    2 +-
 .../TailscalePremiumTaggedServiceFanIn.yaml   |   36 +
 .../TailscalePremiumTopTalkers.yaml           |    2 +-
 .../TailscalePremiumUserMultiDevice.yaml      |   43 +
 .../Tailscale (CCF)/PREMIUM-ENDPOINTS.md      |   11 +-
 Solutions/Tailscale (CCF)/Package/3.0.0.zip   |  Bin 0 -> 77845 bytes
 Solutions/Tailscale (CCF)/Package/3.0.5.zip   |  Bin 66176 -> 0 bytes
 .../Package/createUiDefinition.json           |  206 +-
 .../Tailscale (CCF)/Package/mainTemplate.json | 2729 +++++++++++------
 Solutions/Tailscale (CCF)/ReleaseNotes.md     |    2 +-
 .../Tailscale (CCF)/SolutionMetadata.json     |    6 +-
 .../Workbooks/TailscalePremiumOperations.json | 1906 +++++++++---
 .../TailscaleStandardOperations.json          |  194 +-
 40 files changed, 4092 insertions(+), 1531 deletions(-)
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscaleOAuthClientCreatedWithWriteScopes.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumDerpRelaySurge.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumCrossTagFlowMatrix.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumDerpRelayPersistence.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumOffHoursFlows.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTaggedServiceFanIn.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumUserMultiDevice.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Package/3.0.0.zip
 delete mode 100644 Solutions/Tailscale (CCF)/Package/3.0.5.zip

diff --git a/.gitignore b/.gitignore
index 2c7b098fd9d..a5172aa0ec4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -354,3 +354,6 @@ Hunting Queries/DeployedQueries.json
 
 .arm-ttk
 
+
+# Local-only helper scripts (not for upstream submission)
+.local-helpers/
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleOAuthClientCreatedWithWriteScopes.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleOAuthClientCreatedWithWriteScopes.yaml
new file mode 100644
index 00000000000..1acfe79d43c
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleOAuthClientCreatedWithWriteScopes.yaml	
@@ -0,0 +1,52 @@
+id: 7237a848-30f2-499b-9ad5-024aea1288bd
+name: "Tailscale: OAuth client or API key created with write scopes"
+description: |
+  Detects creation of a Tailscale OAuth client or API access key whose granted scopes include WRITE permissions (anything matching ":write"). Tokens with write scopes can modify tailnet configuration, manage devices, write ACLs, and revoke keys - high-value adversary targets. Compare against the recent actor history; revoke immediately if unexpected.
+severity: High
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscaleCCF
+    dataTypes:
+      - Tailscale_Audit_CL
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Audit_CL
+queryFrequency: 15m
+queryPeriod: 15m
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - Persistence
+  - PrivilegeEscalation
+relevantTechniques:
+  - T1098
+  - T1136
+query: |
+  Tailscale_Audit_CL
+  | where EventType == "CONFIG"
+  | where Action == "CREATE"
+  | where tostring(Target.type) in ("API_KEY", "OAUTH_CLIENT")
+  | extend Scopes = extract(@"scopes\s*-\s*(.+)$", 1, ActionDetails)
+  | where Scopes contains ":write"
+  | extend WriteScopes = extract_all(@"([a-zA-Z_]+:write)", Scopes)
+  | extend ActorLogin = tostring(Actor.loginName)
+  | extend ActorType = tostring(Actor.type)
+  | extend TargetName = tostring(Target.name)
+  | extend TargetId = tostring(Target.id)
+  | extend TargetType = tostring(Target.type)
+  | project TimeGenerated, ActorLogin, ActorType, Action, TargetType, TargetName, TargetId, WriteScopes, Scopes, Origin, ActionDetails
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: ActorLogin
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: PT5H
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumBeaconingDetected.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumBeaconingDetected.yaml
index 422ab6163cf..194f9881724 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumBeaconingDetected.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumBeaconingDetected.yaml	
@@ -25,21 +25,34 @@ query: |
   let beaconPercentThreshold = 80.0;
   Tailscale_Network_CL
   | where TimeGenerated > ago(lookback)
+  | where HasVirtualTraffic
   | mv-expand t = VirtualTraffic
   | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)
-  | project TimeGenerated, Src, Dst, Proto
+  | project TimeGenerated, Src, Dst, Proto, SrcNodeName, SrcUser, DstNodeName, DstUser
   | sort by Src asc, Dst asc, Proto asc, TimeGenerated asc
   | serialize
   | extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)
   | where Src == NextSrc and Dst == NextDst and Proto == NextProto
   | extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)
   | where DeltaSec > 5
-  | summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec
-  | summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto
+  | summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec, SrcNodeName, SrcUser, DstNodeName, DstUser
+  | summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto, SrcNodeName, SrcUser, DstNodeName, DstUser
   | where TotalFlows >= minFlows
   | extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)
   | where BeaconPercent >= beaconPercentThreshold
 entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: SrcNodeName
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: DstNodeName
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: SrcUser
   - entityType: IP
     fieldMappings:
       - identifier: Address
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumDerpRelaySurge.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumDerpRelaySurge.yaml
new file mode 100644
index 00000000000..0a67b705d5a
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumDerpRelaySurge.yaml	
@@ -0,0 +1,51 @@
+id: 0a1c8d12-e7d3-4890-8b89-8d6dbc1be2f0
+name: "Tailscale Premium: DERP relay traffic surge"
+description: |
+  Identifies when a source node has more than 75 percent of its recent flows falling back to a DERP relay (Tailscale's IsRelayed flag, traffic via 127.3.3.40). Sustained high relay rate indicates direct WireGuard peer-to-peer is failing - causes include NAT/firewall changes, a network blocking UDP 41641, or potential evasion attempts. Operational signal but useful for spotting policy drift. Requires Tailscale Premium or Enterprise.
+severity: Low
+status: Available
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+queryFrequency: 15m
+queryPeriod: 15m
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - CommandAndControl
+relevantTechniques:
+  - T1572
+query: |
+  let minFlows = 20;
+  let relayedPctThreshold = 75.0;
+  Tailscale_Network_CL
+  | where TimeGenerated > ago(15m)
+  | summarize
+      TotalFlows = count(),
+      RelayedFlows = countif(IsRelayed)
+      by SrcNodeName, SrcUser, SrcOs, SrcTags=tostring(SrcTags)
+  | where TotalFlows >= minFlows
+  | extend RelayedPct = round(100.0 * RelayedFlows / TotalFlows, 1)
+  | where RelayedPct > relayedPctThreshold
+  | project SrcNodeName, SrcUser, SrcOs, SrcTags, TotalFlows, RelayedFlows, RelayedPct
+  | order by RelayedPct desc
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: SrcNodeName
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: SrcUser
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: false
+    lookbackDuration: PT6H
+    matchingMethod: AllEntities
+    groupByEntities: []
+kind: Scheduled
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml
index cc9b9f60ba5..cfd89a96d1c 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumLargeOutboundTransfer.yaml	
@@ -22,9 +22,10 @@ query: |
   let bytesThreshold = 100 * 1024 * 1024;
   Tailscale_Network_CL
   | where TimeGenerated > ago(1h)
+  | where HasVirtualTraffic
   | mv-expand t = VirtualTraffic
-  | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)
-  | summarize TotalBytes = sum(Bytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), SrcNodeName = take_any(tostring(SrcNode.name)) by NodeId, Src, Dst, Proto
+  | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), Bytes = tolong(t.txBytes) + tolong(t.rxBytes), Pkts = tolong(t.txPkts) + tolong(t.rxPkts)
+  | summarize TotalBytes = sum(Bytes), TotalPackets = sum(Pkts) by NodeId, SrcNodeName, SrcUser, DstNodeName, DstUser, Src, Dst, Proto
   | where TotalBytes > bytesThreshold
   | extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)
   | order by TotalBytes desc
@@ -33,6 +34,14 @@ entityMappings:
     fieldMappings:
       - identifier: HostName
         columnName: SrcNodeName
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: DstNodeName
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: SrcUser
   - entityType: IP
     fieldMappings:
       - identifier: Address
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumMassFanOut.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumMassFanOut.yaml
index b8e2815aebb..5695dd4f8ec 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumMassFanOut.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumMassFanOut.yaml	
@@ -23,9 +23,10 @@ query: |
   let dstThreshold = 25;
   Tailscale_Network_CL
   | where TimeGenerated > ago(15m)
+  | where HasVirtualTraffic
   | mv-expand t = VirtualTraffic
   | extend Src = tostring(t.src), Dst = tostring(t.dst)
-  | summarize UniqueDestinations = dcount(Dst), SrcNodeName = take_any(tostring(SrcNode.name)), TopDestinations = make_set(Dst, 25) by NodeId, Src
+  | summarize UniqueDestinations = dcount(Dst), TopDestinations = make_set(Dst, 25) by NodeId, SrcNodeName, SrcUser, SrcOs, SrcTags=tostring(SrcTags), Src
   | where UniqueDestinations >= dstThreshold
   | order by UniqueDestinations desc
 entityMappings:
@@ -33,6 +34,10 @@ entityMappings:
     fieldMappings:
       - identifier: HostName
         columnName: SrcNodeName
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: SrcUser
   - entityType: IP
     fieldMappings:
       - identifier: Address
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml
index d7c9815f2e3..70723c50128 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml	
@@ -25,14 +25,14 @@ query: |
   let recentTraffic =
       Tailscale_Network_CL
       | where TimeGenerated > ago(recent)
-      | where array_length(SubnetTraffic) > 0
+      | where HasSubnetTraffic
       | mv-expand t = SubnetTraffic
-      | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), SrcNodeName = tostring(SrcNode.name)
-      | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName;
+      | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)
+      | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName, SrcUser, SrcOs, SrcTags=tostring(SrcTags);
   let baseline =
       Tailscale_Network_CL
       | where TimeGenerated between (ago(baselineDays + recent) .. ago(recent))
-      | where array_length(SubnetTraffic) > 0
+      | where HasSubnetTraffic
       | mv-expand t = SubnetTraffic
       | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)
       | summarize TotalBaselineBytes = sum(Bytes) by NodeId
@@ -41,13 +41,17 @@ query: |
   | join kind=inner baseline on NodeId
   | where RecentBytes > BaselineHourlyBytes * multiplier
   | extend Multiplier = round(RecentBytes / BaselineHourlyBytes, 1), RecentMB = round(RecentBytes / 1024.0 / 1024.0, 2), BaselineHourlyMB = round(BaselineHourlyBytes / 1024.0 / 1024.0, 2)
-  | project NodeId, SrcNodeName, RecentMB, BaselineHourlyMB, Multiplier
+  | project NodeId, SrcNodeName, SrcUser, SrcOs, SrcTags, RecentMB, BaselineHourlyMB, Multiplier
   | order by Multiplier desc
 entityMappings:
   - entityType: Host
     fieldMappings:
       - identifier: HostName
         columnName: SrcNodeName
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: SrcUser
 incidentConfiguration:
   createIncident: true
   groupingConfiguration:
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml
index e95fe6c50f1..4826adbaef9 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml	
@@ -24,14 +24,14 @@ query: |
   let recentEgress =
       Tailscale_Network_CL
       | where TimeGenerated > ago(recent)
-      | where array_length(ExitTraffic) > 0
+      | where HasExitTraffic
       | mv-expand t = ExitTraffic
-      | extend Src = tostring(t.src), ExitDst = tostring(t.dst), SrcNodeName = tostring(SrcNode.name), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)
-      | summarize FirstSeen = min(TimeGenerated), TotalBytes = sum(Bytes) by NodeId, SrcNodeName, Src, ExitDst;
+      | extend Src = tostring(t.src), ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)
+      | summarize FirstSeen = min(TimeGenerated), TotalBytes = sum(Bytes) by NodeId, SrcNodeName, SrcUser, SrcOs, Src, ExitDst;
   let baselineEgress =
       Tailscale_Network_CL
       | where TimeGenerated between (ago(baseline + recent) .. ago(recent))
-      | where array_length(ExitTraffic) > 0
+      | where HasExitTraffic
       | mv-expand t = ExitTraffic
       | extend Src = tostring(t.src), ExitDst = tostring(t.dst)
       | distinct NodeId, Src, ExitDst;
@@ -43,6 +43,10 @@ entityMappings:
     fieldMappings:
       - identifier: HostName
         columnName: SrcNodeName
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: SrcUser
   - entityType: IP
     fieldMappings:
       - identifier: Address
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json
index 204b891b03c..ad29d608675 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_DCR.json	
@@ -16,6 +16,14 @@
             "name": "eventGroupID",
             "type": "string"
           },
+          {
+            "name": "type",
+            "type": "string"
+          },
+          {
+            "name": "actionDetails",
+            "type": "string"
+          },
           {
             "name": "actor",
             "type": "dynamic"
@@ -351,7 +359,7 @@
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
+        "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend EventType = type | extend ActionDetails = actionDetails | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, EventType, ActionDetails, Actor, Action, Target, Origin, New, Old",
         "outputStream": "Custom-Tailscale_Audit_CL"
       },
       {
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json
index cc66f067d17..91ab32a73b0 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscaleAuditLogs_ccf/Tailscale_tables.json	
@@ -19,6 +19,14 @@
             "name": "EventGroupID",
             "type": "string"
           },
+          {
+            "name": "EventType",
+            "type": "string"
+          },
+          {
+            "name": "ActionDetails",
+            "type": "string"
+          },
           {
             "name": "Actor",
             "type": "dynamic"
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json
index efc87a67749..64ca601323a 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_DCR.json	
@@ -16,6 +16,14 @@
             "name": "eventGroupID",
             "type": "string"
           },
+          {
+            "name": "type",
+            "type": "string"
+          },
+          {
+            "name": "actionDetails",
+            "type": "string"
+          },
           {
             "name": "actor",
             "type": "dynamic"
@@ -274,11 +282,19 @@
           }
         ]
       },
-      "Custom-Tailscale_DnsNameservers_CL": {
+      "Custom-Tailscale_DnsConfig_CL": {
         "columns": [
           {
             "name": "dns",
             "type": "dynamic"
+          },
+          {
+            "name": "magicDNS",
+            "type": "boolean"
+          },
+          {
+            "name": "searchPaths",
+            "type": "dynamic"
           }
         ]
       },
@@ -318,22 +334,6 @@
           }
         ]
       },
-      "Custom-Tailscale_DnsPreferences_CL": {
-        "columns": [
-          {
-            "name": "magicDNS",
-            "type": "boolean"
-          }
-        ]
-      },
-      "Custom-Tailscale_DnsSearchPaths_CL": {
-        "columns": [
-          {
-            "name": "searchPaths",
-            "type": "dynamic"
-          }
-        ]
-      },
       "Custom-Tailscale_Network_CL": {
         "columns": [
           {
@@ -427,7 +427,7 @@
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
+        "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend EventType = type | extend ActionDetails = actionDetails | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, EventType, ActionDetails, Actor, Action, Target, Origin, New, Old",
         "outputStream": "Custom-Tailscale_Audit_CL"
       },
       {
@@ -472,12 +472,12 @@
       },
       {
         "streams": [
-          "Custom-Tailscale_DnsNameservers_CL"
+          "Custom-Tailscale_DnsConfig_CL"
         ],
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'nameservers' | extend Nameservers = dns | project TimeGenerated, ConfigType, Nameservers",
+        "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = case(isnotnull(dns), 'nameservers', isnotnull(searchPaths), 'searchpaths', 'preferences') | extend Nameservers = dns | extend MagicDNS = magicDNS | extend SearchPaths = searchPaths | project TimeGenerated, ConfigType, Nameservers, MagicDNS, SearchPaths",
         "outputStream": "Custom-Tailscale_Dns_CL"
       },
       {
@@ -490,26 +490,6 @@
         "transformKql": "source | extend TimeGenerated = now() | extend DevicesApprovalOn = devicesApprovalOn | extend DevicesAutoUpdatesOn = devicesAutoUpdatesOn | extend DevicesKeyDurationDays = devicesKeyDurationDays | extend UsersApprovalOn = usersApprovalOn | extend UsersRoleAllowedToJoinExternalTailnets = usersRoleAllowedToJoinExternalTailnets | extend NetworkFlowLoggingOn = networkFlowLoggingOn | extend RegionalRoutingOn = regionalRoutingOn | extend PostureIdentityCollectionOn = postureIdentityCollectionOn | project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn",
         "outputStream": "Custom-Tailscale_Settings_CL"
       },
-      {
-        "streams": [
-          "Custom-Tailscale_DnsPreferences_CL"
-        ],
-        "destinations": [
-          "sentinelWorkspace"
-        ],
-        "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'preferences' | extend MagicDNS = magicDNS | project TimeGenerated, ConfigType, MagicDNS",
-        "outputStream": "Custom-Tailscale_Dns_CL"
-      },
-      {
-        "streams": [
-          "Custom-Tailscale_DnsSearchPaths_CL"
-        ],
-        "destinations": [
-          "sentinelWorkspace"
-        ],
-        "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'searchpaths' | extend SearchPaths = searchPaths | project TimeGenerated, ConfigType, SearchPaths",
-        "outputStream": "Custom-Tailscale_Dns_CL"
-      },
       {
         "streams": [
           "Custom-Tailscale_Network_CL"
@@ -517,7 +497,7 @@
         "destinations": [
           "sentinelWorkspace"
         ],
-        "transformKql": "source | extend TimeGenerated = logged | extend NodeId = nodeId | extend FlowStart = start | extend FlowEnd = end | extend SrcNode = srcNode | extend DstNodes = dstNodes | extend VirtualTraffic = virtualTraffic | extend SubnetTraffic = subnetTraffic | extend ExitTraffic = exitTraffic | extend PhysicalTraffic = physicalTraffic | project TimeGenerated, NodeId, FlowStart, FlowEnd, SrcNode, DstNodes, VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic",
+        "transformKql": "source | extend TimeGenerated = logged | extend NodeId = nodeId | extend FlowStart = start | extend FlowEnd = end | extend SrcNode = srcNode | extend SrcUser = tostring(srcNode.user) | extend SrcNodeName = tostring(srcNode.name) | extend SrcOs = tostring(srcNode.os) | extend SrcTags = srcNode.tags | extend SrcAddresses = srcNode.addresses | extend DstNodes = dstNodes | extend DstCount = toint(array_length(dstNodes)) | extend DstNodeId = tostring(dstNodes[0].nodeId) | extend DstNodeName = tostring(dstNodes[0].name) | extend DstUser = tostring(dstNodes[0].user) | extend DstOs = tostring(dstNodes[0].os) | extend DstTags = dstNodes[0].tags | extend DstAddresses = dstNodes[0].addresses | extend VirtualTraffic = virtualTraffic | extend SubnetTraffic = subnetTraffic | extend ExitTraffic = exitTraffic | extend PhysicalTraffic = physicalTraffic | extend HasVirtualTraffic = array_length(virtualTraffic) > 0 | extend HasSubnetTraffic = array_length(subnetTraffic) > 0 | extend HasExitTraffic = array_length(exitTraffic) > 0 | extend HasPhysicalTraffic = array_length(physicalTraffic) > 0 | extend IsRelayed = tostring(physicalTraffic) contains '127.3.3.40' | project TimeGenerated, NodeId, FlowStart, FlowEnd, SrcNode, SrcUser, SrcNodeName, SrcOs, SrcTags, SrcAddresses, DstNodes, DstCount, DstNodeId, DstNodeName, DstUser, DstOs, DstTags, DstAddresses, VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic, HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic, IsRelayed",
         "outputStream": "Custom-Tailscale_Network_CL"
       },
       {
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json
index 0c5fa871db8..e00d83fc569 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_PollerConfig.json	
@@ -268,7 +268,7 @@
       "dcrConfig": {
         "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
         "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-        "streamName": "Custom-Tailscale_DnsNameservers_CL"
+        "streamName": "Custom-Tailscale_DnsConfig_CL"
       },
       "auth": {
         "type": "OAuth2",
@@ -310,7 +310,7 @@
       "dcrConfig": {
         "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
         "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-        "streamName": "Custom-Tailscale_DnsPreferences_CL"
+        "streamName": "Custom-Tailscale_DnsConfig_CL"
       },
       "auth": {
         "type": "OAuth2",
@@ -352,7 +352,7 @@
       "dcrConfig": {
         "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
         "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-        "streamName": "Custom-Tailscale_DnsSearchPaths_CL"
+        "streamName": "Custom-Tailscale_DnsConfig_CL"
       },
       "auth": {
         "type": "OAuth2",
diff --git a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json
index 24b04a9d5d1..5ab2dcabcf2 100644
--- a/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json	
+++ b/Solutions/Tailscale (CCF)/Data Connectors/TailscalePremium_ccf/TailscalePremium_tables.json	
@@ -19,6 +19,14 @@
             "name": "EventGroupID",
             "type": "string"
           },
+          {
+            "name": "EventType",
+            "type": "string"
+          },
+          {
+            "name": "ActionDetails",
+            "type": "string"
+          },
           {
             "name": "Actor",
             "type": "dynamic"
@@ -409,10 +417,58 @@
             "name": "SrcNode",
             "type": "dynamic"
           },
+          {
+            "name": "SrcUser",
+            "type": "string"
+          },
+          {
+            "name": "SrcNodeName",
+            "type": "string"
+          },
+          {
+            "name": "SrcOs",
+            "type": "string"
+          },
+          {
+            "name": "SrcTags",
+            "type": "dynamic"
+          },
+          {
+            "name": "SrcAddresses",
+            "type": "dynamic"
+          },
           {
             "name": "DstNodes",
             "type": "dynamic"
           },
+          {
+            "name": "DstCount",
+            "type": "int"
+          },
+          {
+            "name": "DstNodeId",
+            "type": "string"
+          },
+          {
+            "name": "DstNodeName",
+            "type": "string"
+          },
+          {
+            "name": "DstUser",
+            "type": "string"
+          },
+          {
+            "name": "DstOs",
+            "type": "string"
+          },
+          {
+            "name": "DstTags",
+            "type": "dynamic"
+          },
+          {
+            "name": "DstAddresses",
+            "type": "dynamic"
+          },
           {
             "name": "VirtualTraffic",
             "type": "dynamic"
@@ -428,6 +484,26 @@
           {
             "name": "PhysicalTraffic",
             "type": "dynamic"
+          },
+          {
+            "name": "HasVirtualTraffic",
+            "type": "boolean"
+          },
+          {
+            "name": "HasSubnetTraffic",
+            "type": "boolean"
+          },
+          {
+            "name": "HasExitTraffic",
+            "type": "boolean"
+          },
+          {
+            "name": "HasPhysicalTraffic",
+            "type": "boolean"
+          },
+          {
+            "name": "IsRelayed",
+            "type": "boolean"
           }
         ]
       },
diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
index 08066805d99..edd83d9d060 100644
--- a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -3,8 +3,8 @@
   "Author": "noodlemctwoodle - ccfconnectors.county118@passmail.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">",
   "Description": "The [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.\n\n**Data connectors in this solution (install the one matching your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on **Personal (Free), Starter and Premium** tailnets.\n- **Tailscale Premium (CCF)** - Everything in Standard plus network flow logs and posture integrations. Use on **Premium and Enterprise** tailnets for full coverage.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the scopes for your tier (see the README in this solution).\n3. Copy the client ID and client secret (secret shown once).\n4. Note your tailnet name (e.g. `tailb094d7.ts.net`) from the [Keys page](https://login.tailscale.com/admin/settings/keys).",
-  "BasePath": "/Users/tobygoulden/Source/_Personal_GH/Azure-Sentinel-fork-tailscale/Solutions/Tailscale (CCF)",
-  "Version": "3.0.5",
+  "BasePath": "C:\\GitHub\\azure-Sentinel\\Solutions\\Tailscale (CCF)",
+  "Version": "3.0.0",
   "TemplateSpec": false,
   "Is1PConnector": false,
   "Data Connectors": [
@@ -13,6 +13,7 @@
   ],
   "Analytic Rules": [
     "Analytic Rules/TailscaleNewAPIaccesstokenorOAuthclientcreated.yaml",
+    "Analytic Rules/TailscaleOAuthClientCreatedWithWriteScopes.yaml",
     "Analytic Rules/TailscalePolicyfileACLmodified.yaml",
     "Analytic Rules/TailscaleAuthkeycreated.yaml",
     "Analytic Rules/TailscaleExitnodeadvertisedorapproved.yaml",
@@ -33,7 +34,8 @@
     "Analytic Rules/TailscalePremiumMassFanOut.yaml",
     "Analytic Rules/TailscalePremiumSubnetRouterThroughputAnomaly.yaml",
     "Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml",
-    "Analytic Rules/TailscalePremiumNewPostureIntegration.yaml"
+    "Analytic Rules/TailscalePremiumNewPostureIntegration.yaml",
+    "Analytic Rules/TailscalePremiumDerpRelaySurge.yaml"
   ],
   "Hunting Queries": [
     "Hunting Queries/TailscaleFirstSeenActor.yaml",
@@ -52,7 +54,12 @@
     "Hunting Queries/TailscalePremiumTopTalkers.yaml",
     "Hunting Queries/TailscalePremiumExitNodeUsage.yaml",
     "Hunting Queries/TailscalePremiumBeaconingCandidates.yaml",
-    "Hunting Queries/TailscalePremiumPostureInventory.yaml"
+    "Hunting Queries/TailscalePremiumPostureInventory.yaml",
+    "Hunting Queries/TailscalePremiumDerpRelayPersistence.yaml",
+    "Hunting Queries/TailscalePremiumTaggedServiceFanIn.yaml",
+    "Hunting Queries/TailscalePremiumCrossTagFlowMatrix.yaml",
+    "Hunting Queries/TailscalePremiumOffHoursFlows.yaml",
+    "Hunting Queries/TailscalePremiumUserMultiDevice.yaml"
   ],
   "Workbooks": [
     "Workbooks/TailscaleStandardOperations.json",
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml
index 47f3c118375..b9b3e83fc9b 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml	
@@ -1,7 +1,7 @@
 id: d64e7f6f-4eab-7a5d-cf4a-3b6e8aafbcad
 name: "Tailscale: Auth key sprawl"
 description: |
-  Actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context.
+  Identifies actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDevicesWithSshEnabled.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDevicesWithSshEnabled.yaml
index a84947a623d..fde464a26fd 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDevicesWithSshEnabled.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDevicesWithSshEnabled.yaml	
@@ -1,7 +1,7 @@
 id: c3d4e5f6-7890-1234-5678-901234560044
 name: "Tailscale: Devices with Tailscale SSH enabled"
 description: |
-  Inventory of devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity (no SSH keys needed) and is governed by the SSH ACL block in the policy file. Cross-reference this list with the SSH ACL to confirm only the intended devices are reachable as SSH targets.
+  Identifies devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity (no SSH keys needed) and is governed by the SSH ACL block in the policy file. Cross-reference this list with the SSH ACL to confirm only the intended devices are reachable as SSH targets.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDormantDevices.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDormantDevices.yaml
index c510a59837b..2ab88f565e6 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDormantDevices.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDormantDevices.yaml	
@@ -1,7 +1,7 @@
 id: e4d5f6a7-4567-8901-23ab-cdef12345004
 name: "Tailscale: Devices not seen in 30+ days"
 description: |
-  Lists tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation.
+  Identifies tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExternalDeviceInventory.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExternalDeviceInventory.yaml
index 6c0978535a0..6fce5a0e915 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExternalDeviceInventory.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExternalDeviceInventory.yaml	
@@ -1,7 +1,7 @@
 id: d4e5f6a7-8901-2345-6789-012345670045
 name: "Tailscale: External (shared-in) device inventory"
 description: |
-  Inventory of external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. Confirm each entry maps to a documented collaboration and that the corresponding ACL restricts the device to the intended resources.
+  Identifies external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. Confirm each entry maps to a documented collaboration and that the corresponding ACL restricts the device to the intended resources.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml
index 545df8d85f1..de917c1d588 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleFirstSeenActor.yaml	
@@ -1,7 +1,7 @@
 id: a91f4d3c-1b7e-4f2a-9c1d-0e3b5f7c8d9a
 name: "Tailscale: First-seen actor making configuration changes"
 description: |
-  Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights.
+  Identifies actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml
index 0df6a5d895c..60e0b91791c 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml	
@@ -1,7 +1,7 @@
 id: c73f6e5e-3d9a-6f4c-be3f-2a5d7f9eafbc
 name: "Tailscale: Off-hours configuration changes"
 description: |
-  Lists configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity.
+  Identifies configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOrphanedUsers.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOrphanedUsers.yaml
index 291ebd4b71e..e58252d2216 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOrphanedUsers.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOrphanedUsers.yaml	
@@ -1,7 +1,7 @@
 id: a6f7b8c9-6789-0123-45ab-cdef12345006
 name: "Tailscale: Users with zero devices"
 description: |
-  Lists tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records.
+  Identifies tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOutdatedClients.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOutdatedClients.yaml
index edc1b13e09d..06026b74b41 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOutdatedClients.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOutdatedClients.yaml	
@@ -1,7 +1,7 @@
 id: e5f6a7b8-9012-3456-7890-123456780046
 name: "Tailscale: Devices with outdated client version"
 description: |
-  Lists tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security and feature updates regularly; a device showing UpdateAvailable lacks the most recent improvements. Use this list to plan a fleet update, especially before enabling new ACL features that require minimum client versions.
+  Identifies tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security and feature updates regularly; a device showing UpdateAvailable lacks the most recent improvements. Use this list to plan a fleet update, especially before enabling new ACL features that require minimum client versions.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumCrossTagFlowMatrix.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumCrossTagFlowMatrix.yaml
new file mode 100644
index 00000000000..03c18902fde
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumCrossTagFlowMatrix.yaml	
@@ -0,0 +1,41 @@
+id: a8978f27-3c85-4c29-a45a-c4a5e43fef2d
+name: "Tailscale Premium: Cross-tag flow matrix"
+description: |
+  Identifies network flows pivoted by source-tag x destination-tag over the past 7 days, treating untagged user devices as `<user>`. Highlights which tagged services interact - useful for ACL validation, detecting unexpected tag-to-tag traffic, and spotting tag-to-same-tag loops that can indicate worm-style propagation or service-mesh anomalies. Order by Flows to find the heaviest tag pairs; sort by DistinctSrcDevices to find broadly-used services. Requires Tailscale Premium or Enterprise.
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+tactics:
+  - LateralMovement
+  - Discovery
+relevantTechniques:
+  - T1021
+  - T1046
+query: |
+  Tailscale_Network_CL
+  | where TimeGenerated > ago(7d)
+  | extend SrcCategory = case(
+      isnotempty(SrcTags), tostring(SrcTags),
+      isnotempty(SrcUser), "<user>",
+      "<unknown>")
+  | extend DstCategory = case(
+      isnotempty(DstTags), tostring(DstTags),
+      isnotempty(DstUser), "<user>",
+      "<unknown>")
+  | summarize
+      Flows = count(),
+      DistinctSrcDevices = dcount(SrcNodeName),
+      DistinctDstDevices = dcount(DstNodeName),
+      FirstSeen = min(TimeGenerated),
+      LastSeen = max(TimeGenerated)
+      by SrcCategory, DstCategory
+  | extend SameTagLoop = SrcCategory == DstCategory and SrcCategory != "<user>" and SrcCategory != "<unknown>"
+  | project SrcCategory, DstCategory, Flows, DistinctSrcDevices, DistinctDstDevices, SameTagLoop, FirstSeen, LastSeen
+  | order by Flows desc
+entityMappings:
+  - entityType: CloudApplication
+    fieldMappings:
+      - identifier: Name
+        columnName: SrcCategory
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumDerpRelayPersistence.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumDerpRelayPersistence.yaml
new file mode 100644
index 00000000000..30e94f9bbfe
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumDerpRelayPersistence.yaml	
@@ -0,0 +1,37 @@
+id: 20457fba-08e2-42d7-b972-fbe9acf583c8
+name: "Tailscale Premium: Devices with persistent DERP relay usage"
+description: |
+  Identifies devices that have consistently fallen back to DERP relay (IsRelayed = true) over the past 24 hours. Sustained relay usage points to NAT/firewall misconfiguration on the device's network, a tunnel-blocking middlebox, or in rare cases deliberate evasion attempting to obscure direct peer-to-peer paths. Useful for proactive network-hygiene investigation and capacity planning. Requires Tailscale Premium or Enterprise.
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+tactics:
+  - CommandAndControl
+relevantTechniques:
+  - T1572
+query: |
+  Tailscale_Network_CL
+  | where TimeGenerated > ago(24h)
+  | summarize
+      TotalFlows = count(),
+      RelayedFlows = countif(IsRelayed),
+      DistinctDsts = dcount(DstNodeName),
+      FirstFlow = min(TimeGenerated),
+      LastFlow = max(TimeGenerated)
+      by SrcNodeName, SrcUser, SrcOs, SrcTags=tostring(SrcTags)
+  | where TotalFlows >= 50
+  | extend RelayedPct = round(100.0 * RelayedFlows / TotalFlows, 1)
+  | where RelayedPct >= 30.0
+  | project SrcNodeName, SrcUser, SrcOs, SrcTags, TotalFlows, RelayedFlows, RelayedPct, DistinctDsts, FirstFlow, LastFlow
+  | order by RelayedPct desc, TotalFlows desc
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: SrcNodeName
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: SrcUser
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml
index 5c2a4122934..f1709e06371 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml	
@@ -1,7 +1,7 @@
 id: a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb
 name: "Tailscale Premium: Exit-node usage patterns"
 description: |
-  Summarises traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise.
+  Identifies traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml
index b8c9b6be3cf..e4a8500e422 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml	
@@ -1,7 +1,7 @@
 id: e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe
 name: "Tailscale Premium: New src->dst node pairs (lateral movement candidates)"
 description: |
-  Lists tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs).
+  Identifies tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs).
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumOffHoursFlows.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumOffHoursFlows.yaml
new file mode 100644
index 00000000000..9419376a05e
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumOffHoursFlows.yaml	
@@ -0,0 +1,40 @@
+id: 622ce88a-0838-4bbe-8a00-ab8ac8377f41
+name: "Tailscale Premium: Network flows outside business hours"
+description: |
+  Identifies network flows occurring outside 07:00-19:00 UTC on weekdays, plus all of weekend, over the past 7 days. Filters to virtual/subnet/exit traffic (drops DERP-only keepalive noise). Useful for spotting unattended automation gone wrong, scheduled exfiltration, or unsanctioned after-hours access by humans. The TaggedSource column makes it easy to separate cron-like service traffic (tag:backup, tag:cron) from human user activity. Requires Tailscale Premium or Enterprise.
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+tactics:
+  - Exfiltration
+  - CommandAndControl
+relevantTechniques:
+  - T1029
+  - T1071
+query: |
+  Tailscale_Network_CL
+  | where TimeGenerated > ago(7d)
+  | where HasVirtualTraffic or HasSubnetTraffic or HasExitTraffic
+  | extend HourUtc = hourofday(TimeGenerated), Dow = dayofweek(TimeGenerated)
+  | where HourUtc < 7 or HourUtc >= 19 or Dow in (0d, 6d)
+  | extend TaggedSource = isnotempty(SrcTags)
+  | summarize
+      Flows = count(),
+      FirstFlow = min(TimeGenerated),
+      LastFlow = max(TimeGenerated),
+      DistinctHours = dcount(bin(TimeGenerated, 1h))
+      by SrcNodeName, SrcUser, SrcTags=tostring(SrcTags), DstNodeName, DstTags=tostring(DstTags), TaggedSource
+  | where Flows >= 5
+  | project SrcNodeName, SrcUser, SrcTags, TaggedSource, DstNodeName, DstTags, Flows, DistinctHours, FirstFlow, LastFlow
+  | order by Flows desc
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: SrcNodeName
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: SrcUser
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml
index 8181369fa0e..15b14198492 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml	
@@ -1,7 +1,7 @@
 id: c3d4e5f6-7890-1234-56ab-cdef12345032
 name: "Tailscale Premium: Current posture integration inventory"
 description: |
-  Lists the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise.
+  Identifies the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTaggedServiceFanIn.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTaggedServiceFanIn.yaml
new file mode 100644
index 00000000000..ec1e49bf559
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTaggedServiceFanIn.yaml	
@@ -0,0 +1,36 @@
+id: f8d4e7bc-3450-4c55-84ac-90e6e9c6b8fe
+name: "Tailscale Premium: Tagged services with broad inbound exposure"
+description: |
+  Identifies tagged services (devices with non-empty DstTags) ranked by inbound diversity over 7 days. Baseline: a tag:plex serving the household typically sees connections from 1-3 user devices; a tag:db or tag:internal that receives connections from 10+ distinct users or 3+ OS families may indicate ACL drift, credential sharing, or unauthorised access. Sort by DistinctSrcDevices to surface services with the broadest blast-radius. Requires Tailscale Premium or Enterprise.
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+tactics:
+  - LateralMovement
+  - InitialAccess
+relevantTechniques:
+  - T1021
+  - T1133
+query: |
+  Tailscale_Network_CL
+  | where TimeGenerated > ago(7d)
+  | where isnotempty(DstTags)
+  | where HasVirtualTraffic or HasSubnetTraffic
+  | summarize
+      DistinctSrcUsers = dcount(SrcUser),
+      DistinctSrcDevices = dcount(SrcNodeName),
+      DistinctSrcOs = dcount(SrcOs),
+      Flows = count(),
+      FirstFlow = min(TimeGenerated),
+      LastFlow = max(TimeGenerated)
+      by DstNodeName, DstTags=tostring(DstTags)
+  | extend ShortDstName = tostring(split(DstNodeName, ".")[0])
+  | project ShortDstName, DstTags, DistinctSrcDevices, DistinctSrcUsers, DistinctSrcOs, Flows, FirstFlow, LastFlow
+  | order by DistinctSrcDevices desc, Flows desc
+entityMappings:
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: ShortDstName
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTopTalkers.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTopTalkers.yaml
index f1ed6deff0f..8d4d8455275 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTopTalkers.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTopTalkers.yaml	
@@ -1,7 +1,7 @@
 id: f46a9bb0-6acd-9c7f-e16c-5d8abbcdbeca
 name: "Tailscale Premium: Top talkers by bytes (virtual traffic)"
 description: |
-  Ranks tailnet src->dst pairs by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise.
+  Identifies tailnet src->dst pairs ranked by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumUserMultiDevice.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumUserMultiDevice.yaml
new file mode 100644
index 00000000000..ee35cccb8ba
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumUserMultiDevice.yaml	
@@ -0,0 +1,43 @@
+id: daac10bd-d842-4122-90cc-9957256f04e3
+name: "Tailscale Premium: Users generating traffic from multiple devices"
+description: |
+  Identifies users (SrcUser) generating tailnet flows from more than one distinct device in the past 24 hours. Normal for a user with phone + laptop. Useful for spotting account compromise (sudden new device for a user), unauthorised device enrollment, or device sharing across users. Cross-reference NewDevicesToday against Tailscale_Devices_CL.Created to confirm whether each device is genuinely new vs long-known. Requires Tailscale Premium or Enterprise.
+requiredDataConnectors:
+  - connectorId: TailscalePremiumCCF
+    dataTypes:
+      - Tailscale_Network_CL
+      - Tailscale_Devices_CL
+tactics:
+  - InitialAccess
+  - Persistence
+relevantTechniques:
+  - T1078
+query: |
+  let recent = Tailscale_Network_CL
+      | where TimeGenerated > ago(24h)
+      | where isnotempty(SrcUser)
+      | summarize
+          Devices = make_set(SrcNodeName, 20),
+          DeviceCount = dcount(SrcNodeName),
+          OsTypes = make_set(SrcOs, 10),
+          FirstFlow = min(TimeGenerated),
+          LastFlow = max(TimeGenerated),
+          Flows = count()
+        by SrcUser
+      | where DeviceCount >= 2;
+  let devicesCreatedToday = Tailscale_Devices_CL
+      | where TimeGenerated > ago(24h)
+      | summarize arg_max(TimeGenerated, *) by DeviceId
+      | where Created > ago(24h)
+      | distinct DeviceName;
+  recent
+  | extend NewDevicesToday = set_intersect(Devices, toscalar(devicesCreatedToday | summarize make_set(DeviceName)))
+  | extend HasNewDevice = array_length(NewDevicesToday) > 0
+  | project SrcUser, DeviceCount, Devices, OsTypes, HasNewDevice, NewDevicesToday, Flows, FirstFlow, LastFlow
+  | order by HasNewDevice desc, DeviceCount desc
+entityMappings:
+  - entityType: Account
+    fieldMappings:
+      - identifier: FullName
+        columnName: SrcUser
+version: 1.0.0
diff --git a/Solutions/Tailscale (CCF)/PREMIUM-ENDPOINTS.md b/Solutions/Tailscale (CCF)/PREMIUM-ENDPOINTS.md
index 0e25abb8c0a..a4d182b0957 100644
--- a/Solutions/Tailscale (CCF)/PREMIUM-ENDPOINTS.md	
+++ b/Solutions/Tailscale (CCF)/PREMIUM-ENDPOINTS.md	
@@ -19,13 +19,20 @@ Endpoints that gave 403 or are explicitly Premium-tier features. These are NOT p
 | `/user-invites` | needs WRITE `users` scope | 403 with `users:read` | Tailscale requires write scope to read invites (PII concern). Audit log captures invite events (CREATE/UPDATE/DELETE on USER_INVITE targets) so we have visibility without granting elevated scope. |
 | `/acl` snapshot | `policy_file:read` | 403 with our scopes | Audit log captures full ACL document on every change (Old + New + Actor). Snapshot is redundant. |
 
+## Aliases / paths that 404 because the data lives at the canonical name
+
+Some external references (third-party MCP servers, blog posts) use names that Tailscale's API returns 404 for at the exact path - but the data is already available via the canonical endpoint, which the connector polls today. Don't add new pollers for these:
+
+- `/audit-logs` -> canonical path is `/logging/configuration`, polled by both Standard and Premium audit pollers. Returns `{"logs":[...]}` with `start`/`end` query params (verified live, May 2026).
+- `/network-flow-logs` -> canonical path is `/logging/network`, polled by the Premium network poller. `/network-logs` is also a working alias for the same data.
+
 ## Endpoints that 404'd on Tailscale's API (tier-independent)
 
-These paths appear in some references (e.g. third-party MCP servers) but Tailscale's actual API returns 404 - feature may have moved, been removed, or never existed at that path:
+Genuinely missing paths - no known canonical alternative:
 
 - `/services`, `/services/*` - Tailscale Services (newer feature, may require enablement)
 - `/contacts` - tailnet contact info
-- `/status`, `/audit-logs`, `/log-streaming`, `/network-flow-logs`, `/nameservers` - alternate paths used by some clients
+- `/status`, `/log-streaming`, `/nameservers` - alternate paths used by some clients
 
 If Tailscale ships these endpoints in future, add as needed.
 
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.0.zip b/Solutions/Tailscale (CCF)/Package/3.0.0.zip
new file mode 100644
index 0000000000000000000000000000000000000000..08b165c1c3bdf9033f74245b9aeb3375ec612007
GIT binary patch
literal 77845
zcmaI6V~nj^)HK?*ciXn@-i_V1ZQHhcw{6?DZQHi(?%U@*=lybT^5rJ$&wAFV8ug4Z
zla<sgSqWeeWB>pF2!Kk1dd+?+?*(}nKmg(gNC3p2r&fAq)`~_}ww8L1MzrP*Hr5wj
z7Aotab2rb&DknEr9Gb#lI*<n(_0vc&y%;bc8KXvwWU+-!h$C?#ae(#h-=CLf;R|hT
zpb)VUJP!UekA-DzZ9kv3^X>0^a;oo}2MOj`Wo;^|<SxEPZ5yjuvh-h*OGBpqmOcvY
z*{!AuE~FQk&5IRm&K8f(m0K%}GYj@dvev$&3KI9TM~TNP-!^}Oo}7lCZp*i0&r_pd
zH<?+_Z}7Z$_`8fvc^|%QKCt*^jlT-_1^CzPV4$TOzmq)W%>PzJ+j_9hc@00(b2F`H
zvte?5r<rH5%}PT5Cccb|A_IsAr_o|xni$@s;ti0+;HYBkVd2*5r>VZY#;dB{asMXy
zEybeJ@2eLhSVJwc?D-ea%Rl?|p2Gi#XPf1c;T%1N@zTIB`cvYg4w0K>Ml@aR>pG2v
zsPW4-_IN@Qr_(8O)zQi;-sQG<Mm~ePf<(q;k^<P|aNssEH3UWpW6E<-c;t8R9v77C
zpV<wu$>(Z@qpWIAK4Yx~TH4H1qXpZ=H7rH0IZZ(q+s5nkzjuffMVGIlOgTz}-9lr}
z8pEAWMQKsy*dy0tmxZM|ltsnpBP=$y$wbSkF?+)v;<9={exEvb&)t@`ahIbrEYiLH
zj&H#Ca95UAkJyorOzcpHT7&x^y&(e%<}8DPJrF(AzUbh{d`<Mgdp70fBjgt4AD?G$
zZ`sf>sCJV>6!Gnbwx1*K@|G|Jdd~(X6&I^%EYDJ#{rMr91rJi2PTVF3RA{bMDXew6
zzj+R(i&oiTaE{yL0-W&}O?NA}G6|DoCKQ%vJttY|(W>au{@645@55}2@K1@9ybeHQ
zwwmfskxqxm;CEUxFE0e6A_bxW?Lxq!Am(iQtNVaRRaM4?l%M;66~1h6<Q`~*Nhm2t
zp`Bw;<YiK(qz${)3_&k@ZmGfwW}U<}kqDr5A^wIr+T=*ztjNOp(A3Dh39G??$uoYm
zoW|C9+ft@a?@&@gB=eeKPJOK4L!a`JKK%S-;(u-gngn+hf|mcY%H&U`#ms2+>$jN@
zMEEG>GKj5yUfE3*JN~4oMZ_?4Z~USFlq%*g<zpu3Ot|Ws^<Z|s!R3g7$eu2U;!U>N
zj41*_lICWY;LD|vlGFSnX)BlZ+(l>3wUVZFx5oKWtbFOtS4vA!%Mca>z1-hP*4p@9
zM`>T&JJ~$Yt-K5Ss7N=nWs=VXSi|@`G+L6ea0=A~<}EO&N-E9vzM4vCi&bXUR!W(x
zM><SGg?nklNauu@W<>T!oI{ew!2P#3jTQ~0lGiqSAIe-#zGg~ViyKOJe{yrQWM@>d
zQWwP*e-i*vH=uANn1+-Gu9ABrHpU%n9szAxiQm&wyq2xH7hX2Fm{-1)s99WJ!CADY
z&6X~vTfv$|9!*WnjO=Y5?YpTId6;ckDG#*Ui;mn|*Sl{e3Y5}cH=*8GOQgA&i9M99
zZY`!a1~*wOoZ)aUuHks8&bx57Lqu}+<G>o-TA$x`P|bHTUpG<iX>kxAxHT*BT#M%_
zrnsy_yEfBIwig^c)ohuaaS2x%<YZ#b1wX1AG}mjbZ!M;^S8H3jG$=ELyR6ITGKo6U
zO}1Z_S%OjgL!$K`3D*w^(LW?5o7gNa=j*P*xtHqoMhg}to%zdW>yw;)Nm9l0B__Al
z$N%YY{$Cvm|4}rf-CQ*>U&qDeXAV&<V4F2w#wu4wJ{T7-nOR*gIWn)|I6G^1nw#cR
zZ*6)5Z6%&)r@1tj?`i#`!{r_HrV2(p$nAL%Xv>S_A0ailERRXERV-<h&Xx6_P}P*@
zn5>pC%>E*o?wzrN?bW!`?Tnie_gCeAT~**9-L|~`cOEXNH&;>r=x}!k<rm7t1W@d!
zzgjwrB#%jbx|;fL51XZ-E{8EO$D5gFZYofPeI4!XzAi3>ZpjJE>YQM94O;y-mdo@J
zE95r9ewIeJS6BawtNahQ`5!JkSsI#^?Ch@nSHVe5rAvg>1EmI^A>FbmbaVq2@munC
zc8Q7+yQrR=Za|(k54gmxVnzU(bv4S04$&Wqg#1iPn%NO%Pb`_5e$x4FZg7>xLDG;v
zfN<V`9+vX#D91a0(k)?MwOG|18}cvV&fW8al?KZ(l~G_}>_DcBn_#^Cy;xJf4mn!N
zB3U`8p=@uUSIpx3O4-5b*32zNt{Z3bOkEV0G5d`N)@CCy1MJ(iZA=_)eqA(;KG03~
zDp@s;>dE;A==6A}BTEl*xXuP^2zn1kq87@YRgOq9$wvCULiMLw{o(G-N|*e;!`56Z
zO2<Y8Wq$#^XcPONSFvhmIe6YQm4hloOgV$qn*uCBpOPd~--mSGGJH!u-YIL^I;bJ<
z>7~=XmVzqY!|pJ>uO#Sx7Y>&vm(wj{3*r#bBE6JU`2jp_{|jK<`40dt{VxEzil7@@
zB>W6EKTJK}xiXg}q%moW)f}gRr>t|%Ik??@(=^BU2+aPc=k9+!cmJcn`;UU?hvJvW
zPtQi_N)F4@#->^R#>-i%N>qW>IYy2b$fv#kdhh=SWcv@u^#jEF2N<$mE2a#cYYETv
zQ|^55U!Q~j%4Pm3H=#wn9A!CtKKN%EUzDt)<^%~iJohVuzb;09#_e;JSH{Efvn1>e
zS3nQ@f4A#lFZIg9p`IXMb}>MzMiXey^}aLnZ~f1DE=T`cPgchNtY^2k8Hj8<Ep@A5
zWJ-d{K_veb#KWHPbKJpJ$-~}W6?ta|t%i&&NWl(HyMb&uVLLwmkAfGe96OT>bDGT0
zFaMq}GP3_p*#B2ULlw&d4)8SH!&nb~-`4IFf?$V%C6-_(!vH0b1{hy&R>r?4AS>g)
z6EG^a+u$2OXJU&u^70AOdY_PvH?Zu+#us`hAOpfc;Ea{uG&^Szxl5&J5uJv~>Vzp=
z8KvGob%G+St72OicByE8-FK)X_DJLBhisG%O`dL^Sty^BfPKX*H{4_KQq;xNmt<(6
zIv+t=rf2$S6__iqCL2{Zt&d(Ps|*HAG1i1C%erVTT1ZV%+HD@$gs832bThLDYOGNW
zD`%l-VUDxE2qDOVd1jyBg&LG8poRfcK)$a1dsWdYNnA~SZpAuZg{b4mY(IApIvY;&
zb9TwRk^t8RHfIioV~jVPP%O6s224KTk~+uI{6LV>NK9;jl{4S!Qpq_+vy(<-)dZ4L
z^xu-rAJPS!SH-cp`x@8Ss!q%+LprB3oFA5PV^=66Bl?)Ui*nEesZ9#$f5civ(<{DN
zH$iG|C*@z%Th0}&f+3-c$~l_=8Y#HYD^N&?3-qvoOd8{Lm@yxczf-4&n9cnL`g!3i
z+8oQXDfNG(w3%Xq;x~ezK|miSB-BsWl_nZviR$7v%a_pMTfK2qJTwAPhy%_8oo=Hl
zA5)LX$}jLv6O=H&{{{l(IHT1JMNtil%|ouy<9?|e!e8&r5&OG-%#jmMib5<KlYf;r
zsQUJr=y*1FPX$8HgPWpc5Ob+Nqb(-iT=tj(17*LU)qpR-rx7cy<=&JxkKyO0b*>BD
z-V_jdnI?A)V`25VC_3MBf=eiNrrbyx&(9y#7LICkYWID*P-ypkX;ooSTerF7nBNo*
zSe84~q<xOgwPssl(Br5^CZ%-Fh=F`i(r&7kgd3kFt%VuC<<7F;*eU11!YnJ*53nda
zsUmEJb*bOu2tq_Bwpq4h%t$^W=Q6uT&7;kk*+#AHE`o<CT;G(RFJ~1BSY}p<qu3uW
zE;54NJ0kIq{?vc<|CWe8lq$X|mvmrjlOSx3an1UzuI9lO?2qk)Ml(0JFF9W-@t3uh
z;l-SJ!Tb?tp`tN;sC>=#S*f12k2~iye@a?nJGQ`D>74mrxw%QWz^T$&@{SDw;9n?9
zjr2pRlg^xtnN39o>xg=-g*Nam!gZ{IN){|X^-s8{m5X!x_j4|IqH<Oy&x>%%KrGxn
zI56rC%|(q|>QXiqI1AR1GbI$KV_sQ1EzFgqe*Xyj0T~R>l}gY_+ORq`)C13#H7Z!Z
zhm<tsFP^hlwd9|2RjO1A?}<%l{tRCEe+CcDHU)K&5t|oWbQ<|KQ-Z-|McsfoNtz|c
znWfyGsWLhBRI(*Z^UtDw>Is6{xC{R*8C%Qh^3{c76(H`c3ig3u<GIB}r~<#DJ%g{@
z?;%*=Tl$gpBHZ)dG$&djZo};d5Lj;(1JU|s$@>Cy0z4aj3R%7a10h+5z{82|^h;x@
z3IVQ3Kt*N1=L`Mql#;wAPA(#CkI|d!ARp|LTuacKGl@k9O>Jlm6-$RsZJ_8cfDhC3
z#3i+&HJ)RSb@j0$#`DcL;XxP4vZDzz$g7BZN+KAxeaFjMCm)#(s(lT>&k$Wkwl`HL
z&GyCXtSmj>NCCSt36G_Op#POOR8$nxS*&K$WIETrw(y6Iv<+6G?m{j)Q-F|xu+@>>
zmR{vqfe~c4i0M3-BUG8F)==Q8F_BLmuqsGxGSD3?jd1-&`cfBpWS?&ahm^?i7pc0s
zM6%wiV0^rxn9`j-D95zLTO+HmHkb|IaS+Ga7tBl_j9>4a6oCV(8*Yl3otXl@U%V(^
zPR{A>YzCQwv7H2I9JfT^9@{*rt>a+Tp#87O29A268(DFgC-e}d6i%O!o1^Sm<vcU=
zZ!9-7F?&?6#012T`|FYF;`9c1qcHToQ>0?G^6Mh8jGQ4N5FL;e1ZKL`QQ$v+WWUpD
zFTW=4GsE2A55$wkQv3*Y<W%`m&@W;+q-nsI8N4K%jl({tgOg6R2;;mRw^Jo+_U?~Q
zjc80RW|Y#aJ6XwGpDf+j_I0jEm%iax;H{b$>+|D}l3&xGZuU1NyQ|aJX5F-|IoXD3
z@{K0AD!)1$@?{><zZSQwe0-j_QcjGoPv-EPi=W@t`^)J9+Dh>{>mQD;9SrVzFFG5m
zrfIhx`F!fAH`iLvQ*G8v&^k3fn)|<4yFJ}qs=YQcceh=JRlr+1>E`LOBR=&kI@a6Q
zu%4fvF+cfjJQ>+jo~zcl+|N6hJl}Vd4c-g3`0i|SbS~%Jju$MaWzxH+d3`*Oy;@CE
zviY)Fbkwh{Bce0U=f#E@)gLqWm&9<qI_jsYuB`cdI9=Rrwy&S6&L`u;o$Hr*QnDx3
zE2p17hi;Yd-mIREFQ;yEmU+A0xOrR8rlsl54pu|nfg^m{=g+TpkMWGjj<#s3__#K=
z)3dMQn|8P;%D15(PwSnl-(SC8%p*=6_Po9v?W4^cZ5*E`_B|rD*ZbR=zQInM`_{Uy
z;fLzKhQD}%@3Wr7boIRWHI{kZo=UHutA|>oGka+}-aDgDxp1GW;W)9E;(OoKwy(l3
zLv5YikEZBML~LjyoA+;%tv9h@c-bImU8xOE3Z^L{5ZP&kRse8et~+RF1~DJ5pN+{p
zHz;6t-UZwrt9cuus@?a$J^_OdZ_0eW^_H^xS7yE_teyhDDm}nlpe(Vsco0KsU#JD@
zq1Uc#echaGVXai=eC#LOVJDXF^*=VxA10lFU1@So<#dp;Y9VAi*x609wSRxx7@jb&
zpGIB(bk_MSc*l6zdAjeIa^u4amid%KugPe|?BeMFPc3TR+9ox7=<?QYI`6dphHJKa
zX72FfK|LnKqe47Bd3m(fw-4KocKg=)(~%&+M)~X`w#*=axzcr{jWty{$^5GcjJ9{F
zi(dfK0#9uv@P3nH6s5h^E|`TG9dK+dH+-heA4N9@jExn!!bA&{v0`oHnKhAVxQ=^}
z)v7@E-1{u0>6)UblKlmc2}#?hv3rf>@Eujz+n@s#Bmm1|H+5WIU^!s~_)j`UQFRX1
zNPlHTYLoROz4+MHS8bW246WkEyQ>AvX|<9lC(M_m%q$%X7S{E70~xRe&x)yE)2Rv!
zQp2$>^)fBaG&q*DlC+&cCsTAo=yxOYbocKOWfVs?mQ4-|%OkzNzZGu&SdKVRZ-gFO
ze8DUi;amzjYbwnK3=|yj=u2tkw?6x%8GW9$Gl576Y}tcmm5ptw$=qgIaPv~;zMkTC
z%+vgGDZUBpZb;Q&?f^l9Yv}0`F&in-_0aGo2YUyTm0e|;03$je#3CQab`y1Y94|f6
ziBo3Cq}Ul-18Frd)a~#RxuvgU825y4Io4Qy>bk`98AcvxO0~DpkLgyRvhbyuxQ5cM
z*EP;aX$m$QD(L}-<<!qWhC3MPGsvx|)tfKUbumwZ5|W1r#>K_g+13Q_YD-Zs()rah
zSfo2?tIH!8V@rQT+oaLyG$L1Np@3Jd0CPCBAgXRSW|6{xvT;XZ%X&og2fE(XqlxvA
z7AKoP6}W4_KxP#-%`x_>C59_=2hJ+WIH?c@F-yu+0!uGIg#p_OtQ?QA3Nt0|@6me|
zM~0lGf58du7Z#A890N}O0x&)+;C>|R7)Dmqr1r^obt)t|zxADjoxZ}7TjcSDOGM5y
zXCFbeRsjb6n`PNfGc6P@QWCs3V7xalDQuQ47>q`3|20toU~Km-K_OiNOH!CSdp#_4
z|2xh!@SC}p0>=PdYH>WmDFB_{MyZ7Wr5mY*FJ+2<(s7LC;|m^M5@L#8h6Xx+v|`5I
zXe1Z7^B;pF1|>0b_YIsRYXUb{mw~!rA^p>Hw)r4RYYTVCbyDLoq*$LhWt0Ne5fz1F
z=w}}Op28>LWGK^!lRL5us{+z2o7F~L6n<wHM#`e4cN=$yxD&@y#Y0JT1QPXi4+wdI
zMWmTGfVnR}QT|QvTx3ORz+9dxi@&>fSXH+OimshV^sgfWG7Lhll_B^<OEiGF{F2b9
zf*1aa?hyL=n~a9Q%Dsx$+^W1Q@bR$DaN-m)-;!*FwWFZU6Tm`UIL~w95H|F`d;fSu
zIR-{L67`(JTS`hY`&d10KYmkw%XO?8=CvO2EIl28d~(iSE$xhJ7zRMYW1QPca<1N*
zpL9nd7VMyt*~Q21k?5g0YY}>fgSv~Y+(t<ZSmpZCL9#5_gr$gyeZ<xLdZR@Yq?pw~
z3KrNl5>EoX>!vQ%Ki(&)6yUaEY@7*Df%9hqj{&0A!=Y&Of1&cgxmg@Sw$s$Xm`a4e
zKt4g(>a*^iD_PDq)-*7^nASwQ5#=-)QEtPdZ7;6zBrTkC(Wyg#Z3N<HLHC@*@sWt=
zEVHZtCNV9{0#quh0tWQBScSYr^P^WzROrarAhWP&IxeCd_B%cS;1+>MMmJrFpbBsn
zA_8dG@un2|RV4u>3sNTQ9*9B?(5>HYZTxOgu)^Uh4_4Qk7Sy7WfzcwH;!=fhCb^8<
zgT0&+x~)xk^YdpqQMa^mQ$-au9-{vGr~<kkHZojU!JqpmPu`mh;mEkqVi3`a2aPC*
zuu*4^&q36|1J+A%<o;!P#D!P%8wNfLNf<Ibkx~o<9-rMk&<Wf@_!lQ~0)aDs79>tK
zVP{`)nLSdQfl^_0q*SJB16}CzBTPqi^dj5Fy{Ez3z1Q+X?bhtyavWS-+XA=Plvt5~
z;!WK<bHRCkn!5)tSJ||LQXQ(uhg)@qPA1gV8+AY(ckxoiA@$xjLw$GLFqM&uEbxGg
z+LRE<HzS3ZA(ET5IX%?W4-C*w2_iqRlc{25KVwU;z}_S6ot(i9Fbv;KQ_WeC)V6_l
zYOOS`(rMz7>9P$VPD{sn4N@zMU`Y;OHF8sidR<I16TWYSwCkSsi>Z;QnV{$*_!^La
z6J%BlK^dPW*>Fe++M3^C!cED{I=i`ANldJlQrXQ?0&UC&`fI&SlSzWkl`q~QAqkPN
zJ3W!GO=P#~9AGXVe5nV}tX8JasNVd6+As0se}9L^{G~-r%4xWT2RgAajE>;hwV*=C
zuv|aM9wXRvhQN!31y|@sb;d;AmK&-9LpLA+jDBH-D)KcjAaYRPV73xW-G9Zqkm}6~
zl%WRdRm94F@bZ6AHHmiEQk}mwCPXKFooO9U)eb9Z&WJM{WEN6po(R)RTL*v8-*xjo
zRh2B^uUsShSbgY}3OmCl!W&rfuk$1r!6&MtC>CC7m~5ciQDAsIg(;wdEL^4${WzbT
zv_y^Al?~icBz%a-PFq70bqTL;4?!bj5zkf!Jd<IW?tfb$X9a>85Es_t3)Mzv->(hY
zn()N4h#|v5HqOVruhsjcAw(EJ8ZdVb5P>gH97<;%)E<~%$!|x0e-9CR*{l5HGdxsN
zL2jt*!J>aSJgtHZC6g2>W1WDKJz-$<R|LucGnn8#F<WBfZ@u@#4)JhNLOvA#{4z8g
zE(oX%F3RIHW^O<{%GP8EtzV(*08youT~pyA@IG-pX)yrbdIBN1JUt-vx?Mf}?#xP*
zfvRcVd-H(=CxEGcp)8Q|9rI#mCRh|(x-`zR4v37Y>`~yjAV98AfhRyyRkS~Zw@o}d
z&T-_>RQK;n0Swh#Ly-0Kr$$$EqX-r1dIGiCi(WgFH=9eK-c(aVtKGy?m_k?fIdTCR
zCIXFVBvSfn+zW5FzpFidt}6#%{P7H>YW*3tt*#NAf1zH&#N{IZnVg@e51Hp!mqZ!U
z$Vqc)!sno?nCNa1BzH_Pc0en@(={kEY36L@Lg7^htm8Q9#*9YYI(Gi76@)uV81TEO
z#rtO+mKFy7F>Kp+q~;`Rl{m$w!!`l0Qv=gp=jKDfv$&d`W~5|-wN(4PCGcW@l}6_q
zl;uVXj5H@$h+rDn*%sQ8P6<x3$SCHkJ7I^SKo^aT!W48A<&Zoy%?~lmGF*gAAP&+e
zt(MG92NIQd%p4Pp|Jd4b&Ph-kq+4xo)I<^F?dIV3QHc!Xtz4*1zQg{z5rG}W0$eNN
zxx|%z1neDmQ)F`W1JM_QGb*Sd0`^6ujJi&i<vMmjkp>ZAo~xzbxv^3W1vt+@VkMbK
zB-NOdZ$g;`J5+d75q5|rE#5WLZTUfWO>weHu;Zxx$-U`HvL*uobyI2Dq`xQsPz+Ah
ztq4A2qyinp@Ru-$i?R3N!At~}>XHW?2zD9VbC7KQU%)iew?ec0?HFWy67`5EIUa=I
zuyyCMpx%30_={wG)6{Ep3}A52j4FjjuO33osM?R}3<VHXI8BwQ?^=MgVr@$>G8^x!
z!XnpZl|tW`m+G@#-Hg?8SJg6?*dyUrzG(94XnLQlQ$+150^m?Hlc50WWM>($5NU(!
z%2(dyT9opo((?#O=*-kNa24@MzIxhyG8!LyB~lO^m8+%-b-xaT*js@PdfGO-s`BFC
zDydUM<odhB2bMH=%4UWWzc%O*7#mSUVwrB<#u;RIyJT!agkV8ME^L^nVmbZj`C{Ut
zI(Ik{{RO*douR#hAPA=#;P)uKsEISZTjT!U=X_z3UgivQjXb+IMz4JXuBnCybP?pK
z0JjExD0FZU2~1;jz{DNYCv}4MS~SP*Rd;AD^($eQ=A(i+e&wJ~)Z?w7@K;<FsIRPa
zTnIX~2L77@uAzY3Ma${R(yVBaqiP^46z-5WHB=ZLU;}FJ_w*GHX82V6av4Er1xa*d
zWEZHuXyVYj=KgnPyO7WL+~s$Y+!E2R&z>zKtaKf#_Cp@7SCd`}K0O%M_{7}Y4j`^W
z@hF3T4}woa3JQy{`|jULS%`@q=1cNlF++Q)8<?uyeMfG&yG9`~Wbk$z)dxc8>bb<k
zjhy!HZ$7ra2!HN7$tk|&M*J9woF~Vs#Sv0)Q8^%Rjk=8y4>~};F)V;(kTrphBwmbV
zVA_Uki1=4x^`j(o_PcA>_*nqykl0~5XX$#w6_6&vb!JMoZU!OS24$>1Y*d$k;@Drd
zZ@v;%l&Aph79a=~5DZxU=84Pg$|!-AjsYkD!lAfNr3g`}MoXJ~f$Axu&kB5`P?}}i
z(o(m9JcFmhHaWC6;dULd+3&IyA^O0abCl$T#qWpynb<?)c4hSxyL$Lc)IPwy!<GaR
z+4-Oi%kF_U!~gR_Xn&5j;fwN$^Mn*R69{J@)3=HoDAN}K<pToh&aX-oga3ipC**|)
z0Q-*GvDX~8>*6^s8Uz3FL>crN+^^C-XmDtoEA*kM`XQxEj#ZU}afGVe4MF(F_LbgJ
zsD~c0m!B3-f*U4m%wWa0sMm#GHj;<1XsE9rm|+Dv6zP?Q87H!zkY@mQaOF=#9F!~R
z9ev3Rd|rxeFMWYnObT;H=)^CgH**9?DuS0kxCJQ040yA74{}8}hxc-k8{sa<hKdk2
zBl+><b_&{-)+K!~vY^H)96H5YmC3rYEa{L+e!UCG+VX<VxyetZa@w-L462G?Dkvi|
z$3ny+VgIJ(d<L*ccP-Fq93O1Ue;HU{yYK61ZU@eCDAIs*3+Rn&&Es1IT;HmRsKe=N
z<aHKdTI_uFz!N|TA*2!$0uPXUBF%>rO9Jg6d-JI4T#&K8=Y}2h=k%qvU__4#vmV!z
zz!Y{<#%aQal?MkZ0_T+mic=DWQ_2%4MG?!%<<IcCsvk*3)R7rodA;*JWe~gAkxKUH
zcKg-1zff@`n&JB{V2?0_Pn{mIOb9>GSjw)*1}hI{6QWxFt(V$Xt@Z>?ddB&f%Ag9Q
zEff7~`vu~OXDS8Ojp?U+s9P$BkIM~ezfyC7QA01*AI$^Zr|>es3+qh`CF@3YK`0Vv
zUz0CkWdFj%$rCuK%que>Quh{kEyI|J^a10P+F}PmNpr`w4vnx={nxb|5oQsDlEJH|
zS1w<dJLMJ4R`;~acL4WTh8?!=-0`+uiEF?`NtG-}hM(hrL4N461HO5J=~r|D&l|Kt
z>&MD|R*N%djqRXG*xsIVwJgycyEa7=0hV%jcW4Tx+>E|PX>A^~3yT|cI5gDN!htgJ
zZFLbhYDC(KF#&_k-n77HY-cj~8S(KYP_qAk)81)7e2cMWVnI!sI6aFPA`ARE_;?s-
z{Ue6rAIs!>GGq)nC4z!ZWJS>Kz)aVT6%`7j+3D?OuhBHZ*2?#J_^z03MRZR;C|!4`
z?gG^v{axqB{1*IM>Mq3hk?`3%rno|_=%o?~?dYbRJn1;m#tx4;d|;8i%{+@)?oTAC
zh6<ifpg^KSv>*XP>u+$JFzV#aMmn_R*BN9<aA-P74>$l+tprk(y+?MW15m!?wa=`D
zOH-qO7zavKT7+Y}6P18x{BP6-dqlp;?$3&iDH(ff9x9B>jP)sE4{0|_w2lM9mQUm>
zfFgpH>cq{rUsUTE$f*)e@49obn0z69haTsPq8+w;-DzLZsGE)|=GS<4)-6<x$Mb)g
z-@6tfoez<;?nt>>Z;rv!F~V(XsL*`3_R`PCKy`h3?V92aw{G*!VaBvgsM)c!?4QGQ
zi~hFYGx?X5xwYPqw%Je4@^8U99y)vBJKbxJmeZ|b9gl$$VVJ8R;(rdZO(d34%b;#h
zt5n&g_~dJrdg)MiiB%aslKTW`w)zU?i<R3)h;E^ife%V(*MRqWjvu<$9=en6ioRwW
z)P50sTj$ml-uATvNr39!vS3dW1e6i-!E;p=J>Pe{1B@#TKr>DzUuTYWf7{$1LX3mn
z1-!`&jjI>}jDnng!z6)6=W1i(4#GrJx5e)9g>3Q*e3i%bhF?2TYuzdbc@9$M=;Ix}
z`g>rFEB|JEW=T5#dbR51i98(272TXB*Zb};EF{ayRHf|F|4SF`Trf7B`vHflGoyCJ
zozRj}uLv+@NP9r713#uY@XBPdZ;%?!CK1ek)RWdA?>Xwu&rM#t06q91fO{#Lm@P<0
z9EG5CkS)s9tVly%rxKoY%=M1%R%qIK5W|I}JUe9_OC>Z;qOf<Np%m2xu8BbjIV+*;
zbU{5MKaK(eFHMF;@##R`ax<g$htPbt_oeQW4q93xi6#a$`{A9!(yHihl0Zod!WaQg
z>8%3<VW>d)*gFu|Tu^l@<8YlgKP~`!O}WNxJ7-KcAz*|@^;HarU?*qDFR+}l0L+$i
zD8X2}Yb9`f7alyY?!KQ}V=lcEm8M;Z_G;@TJ%F-!j+XnfBJQiUK8k3MYWJ~k>$We+
zdax>1%-tp`B(M71$PaTp_7*0p;GGNmt5o+z1G@sZKW=#mPWZw3_!<eI!UR*~(4l=3
za&v%V4u)p;!yzPH2ZbCiVQajY^NkO4Dlfi9ZNwO2m)QoRv^naD1f%_^lu)QO8L4t=
z8~7aEs!G?uh88pL&3{FFTdHMjVm!{%7Bfi_d3tX2KbrfhYoK#aQK&Vl8yVgrp=J`H
zscZCiTRTE?ehpaaZ*waLbw-bwXuk#`(l?TJL@3SUV95?jnoKxmAJX^3*TSjZ|KuBz
zmf#K;6cVMqw6rQK%gTeh#Jk9u);}zQX(2SKYK0lk<IA)rmsjLKhYKr1QDAN#c|jXZ
zKxEoX4cAB;R&-%01ujhwKkI$1U*d(^41t;<ddv*l@hPRyYnF_?>S<9s#PB90SH2D^
zBsu=tA!O6_e(VS)l=b<cYUGyM`aNJ|jo<f3yRt`u5*Db@J!)BYE)>zWF$9&D{?(xS
zsB*BO0@8#KC&$1wpS6_;-n=v25~*Sttus<~gc}Es7avREsNYNPLTNO>Uk<V|t;((V
zCw3%axHjg<+8}w2B;i5mLH3I~NdNeVKqj}}67I5*qc@}Na5KWEHC^?aYk|9AQ+YZ{
zI!))uX01Qkh3T`)+Faz=sq=gTyE!6>;kx1Nekzi8*5*ycqxti5)59Pyy)$3JXC-s%
z+y=h73+AlI`(bMC$7hZl1+RZzYU6EpUH<+Ut#h<Et}^K|%hr0ZzTJj<U;nr}-Ryj_
za|!m@#?isqdFqnv_GEktsl2tmHn-W>-nMuE@4Ow|(cNk{zdotFpSrmW(TTc@cmE#g
z_VaF(InGq5=i#&Z;(h<P&3r!0)ARmv-Sal<Y-iwgu96|c88=;YiP9i*dbpk9Y;SA-
z{5ah>?eywiZ?9sLp<SEQe%AG7v}xwue#RPB@j7W<&2Huz4$yvoIlF&3DC6VmEQvS4
zyMm|xx|FVN56SjP$xQKRZuz=!^s(`7lUeh>E~xOPTPU7h>%2OC-!Eq<nhtw@ogd{X
zn(dt3WQx9K@V0?JU;Dz!S%<WE@8UzBe#3izMxXLnBl8P-1hvw7KUgj9+U~~O=X3&V
zzqxwmExLBy=;l1JRh0p|Ht}kwYa;4fJx%56&cNwxW!{P!)@gHcpnuuGZ`rAh$&KeN
zrWf96LC^zsrSG_J`;BHX)4iRZd1F`1?0XG;y4d|T!`XEf`Th)!p44Cd^%<h(17{%k
zUfi(y>#g|;V}qi`&h=RcduXp7Vv^Rhy&v#swU?zqOYD1;;hcqDXFB}WrFx!i9d@VD
zw@AcG%yo#6`*L?D$IBh?vpY6-c&C7?>!-8lWBirLPQd!~J?HVKB|7gTlU|Sgk@?Hh
z4X$C@mb*`S!R-56*lN{t+b7q?(B}Nj)1zuexMzh>M*jYCd)O#R6yMRO3(BoL)Mm-X
zH%XaBpdq){WG8EeM!Fec#ULHx(j=QGq*7`$b>L$;mx^#yxus=>o)omWrW%(cqPhxm
z+U?(x_DERJbD8AgnY;gEXCoVO-y+W|V}JNkye{ipRy#|*b{Wmyw9#ams-dF2YL!yN
zg8v0;exGY7%c?V8Yh&prr|@_mE}P?Nl_hZ6Swg2RQbLLTvqJe+XdE5eEbXEH3Y25@
zh7tgB$$>uJIF7HiMPXgxaukbt+pQdv_m>nvKQdMbU<P?qgM#@Wu0aJ?!ow)ktomW+
zi}Vh+wy0`$<DGA^&iio_!=IGknD~ImpWDTRXV9ez@n8ZtExT{hlv*d(A6yhz!;jTr
zd@B7n^o2)4a0FCSvr$N{;I`6}WJ?&2E2-uTY-JzI1&FPYmH!3<BmGuazH7=-ic!~a
zKzA3_07v0Q8v4PtUdw`u=u&X19nf<k7i~Te9`i}4ojiLC5j2uu)sH!?dQkR%wWdk6
zCv8bFkN92BbSJbdUEI(Ap7I-$+wx(IMV3;0k?3~>V<_~}=m41*@X9m8z@=oi@Jufi
zZ58e_fmrk;yIxSV^T*T9;Vkz^A#LPN&Q8=N5cJhUTA2}9wonG=Pm|I|&{r|%Rv+!7
zEZPd!wstZ<O3b1EUkz%te+_Cq<$$gJFe$ZTmaO`12LG*dh>#BFSmU0P`cnVxHgZ={
zRo)j+$v4;(X4gIpddoq$?&ugWp|7Ekgf7`7>|_A;j8!mV^v|ecK(EHGQtZ8C6WX+t
zdPssfK<&B~h2;lX{Qo>^a@M{_HGS9#`YD=-91+SoZ1kQgzYw{>ZhDs;xz!bj(f)QK
zRBlqFgx(oT;UEfY1NT?&U=bh^o><6kh7mc1<MT%z{+PlRt6B8f!@m=eH#L+1^hX#d
zP_51Rx^t?JzN5talkGBWz$+CMse?TvVu8>=>0ZgQU?r!iAmM;*!$$4c5vk2^hQ29j
zr<Le|9~*htzO7_JOuiEnBT6tc{E`wQfEgZ+6u>(Z9rU2b$jUs5Tc}wo7+4Z&4wNK5
ze+KL@SYT@*0o~OE5=fq{>w<ovOYb~#iE#D}6(aV$f*-)oel#xnEPt1Oh};^-hk?0t
z##P{UOE<JPj^Iwdm6cVHav^h@+8e|o<!2F9iu?0k+(GV4qw13IPjh(!tuTRVh~?CO
zWdYo2hN&Pu2xQCn@>fAnLjvbc7pJsh+|^X5SrqqYQpofCSkf^KLFCj^fU3T@OQ5Yu
zdpfJm+bUQFCoNr!8N*17{317~tey$No!XYz`nq*gCGx2AsMz%n{YG=hNn8aBZODYV
z3B)BJ0fnvmHet2$iIGk{2|A1LO0HQYH$Yx#esI-S0gAVlGDIw?JYf$WFjk=jASD|O
z<-2pXM|F(=Ll0M(rl4!L)hkmet6!KD!q&weFpPea;z{*WFi8~?ScE~C@tvUbL~NA&
zuNob9K`1N(KX*2}YAQEv^dpd;<$Z$8OF1)d`SgdRBt}b^F3j{UQOI@vIq{hxVo`}B
z9q4@h@5oGQHz_@Rsx>O9_fb1k93hwf2DqG|LhgnI{z?IgKC=-vad&EHS5;dfH{i<)
zsNrT^oo+wg@}=deHA|W@ptV#QSzo>~dVHrcrrcXqN(^e;MMIZzj|h23B+LU;QvI*_
zdsVm|)qB^b7(*}q6*0y@N|GcC%%r5PC8@9@1bzdRLb#bsna0e2jAj0vt+JfLg<$mG
zdqL$j=9A@u9s1A`cEzh|a42eWNR0i$L@bi9nyPNsu!gxgK|+46+!7DZ*{S>RTa+%s
z+!JWLY2vE5y|k<bM>7g383zoxy=3&{0ihb|_lXkQ+3wZNJ*_rt>AW@$KY416GzNyt
zp3U|{1RJ*Jcz4m&6@aLf72U3h<uQhq+pnLKzH?Eysqq4e2(&9hhz?vTM%kw7>WkFJ
z2a(f_xXtO&XJvsvJhAy9a~RV`)h{w2XLh#iA0mH?V{~Ee%Yd466WXrB0E&%;#g#sm
zYlbz3J>A|@3_C<^;`l$_@+5I%P_1ONv!szEZJw?@Y-ald`WU?{VL*2n3D1wU+~KDe
zgIM0^Z;~HHixUnBO|JDG$d}&LoT?BhcoD!pLf(%C00YE$tRPO>-y<*3l@(^`C@d?X
zFglTlPPX=VWE_X0Pd|nrevBB!hm=Sgb2V0<90EIsIap81-&lI&rdn+{=s83_{F@@k
zT@N+cj|o@fWOCw}$@)5hkhI<?ibG26T`jb4OQS-V&6POJ?m~=tfpPtVAzyp)^RvH(
zPrH1<lwFw%GXfo&lp2+^nOwT+cEQfxbK1oY1gi)!5%4!#oCd~kE)!+lX;p{*>hii6
zU3H@wZ!INdhtO=4?Pv78Vo>v<0cTV*ra9th?1-B2eSO}bv4oe~8UbG7ImEKPix_B7
zRC;Lt_<lF?-zBlsmUa+sHck8JsA(r(G_OdP08%&9GCe|B!W*XgE?btIgXM=6Ujl-}
zBppaVvi5{jz_yNF$U@HU=>uYnHq6dnpl5(%zCoDKW6YNpC8JVn3{8qAg8HLZn+CsP
zzcku)-4>f~#`J<a9ARLY|1|ko^0+w~|4G&k<_$h~HGxm3rq{!A8xB%#aSfx5aabCT
zgW5qvir?k@9Zzv9aRhOpT)8EUvLaL9!x*r{VN0);-;f03h_)~zxL-iw(0A!d2;K#-
z*egRjv-8<9gm9=&uJ)x_f}3p(<ts+gMo0|Q=XTwFD1(&?G(c-d8x|hr0|I^pMDZuv
zQkoen9wsk>l?6dT$a2<YOSyh)r4Xh&Xn4#1=$BrarM6qt=XYLS3}B|6<sbR4gVhGA
z{ZzA$Dz$p{zY+W*YZG^`?}>b0HM5r*ng%pdgrFwHzL~OXkYy>mQ7Rj(_JZ)SFd!H(
zpTs*SV!%OmD*`PAQN)G;iR3H{|K|5?rH_ET-t|XJPOQ&*Bbi0zKe7_iUr|Cn;!aVV
zIR$3}RK#y+2Mf`y4n2)?ahqgB7w}QIZ-+EBg&2Yu?PPRGjWTwX^a0U|!%p~O(eY|s
zPcweCP!j{p*TdN+fuJ~miwY*~j=FL?_Enc0v&Hm_rBdcj<CXw1<?bHw`-SF>sXW1y
zKQf;Zb=Jv5JSbG$1PG&Lw)^x_eF>a<@*<DMlIxw;x!%Uf@83$)P=o)zup$uoE!$ip
zh|mAGz`)mMPFk**6AEeOfCI+AuP!Qp+jb5I64Lb!8;XC|b65cBq7N=OCv2D#6X@@N
zR4_MaGEMY6i2Z^<lInFZgW>`z5u&&)CqyelE0XG0={>Jg=@zvFkO+y2nM=8E$L(_w
zX`zUnU3Ta1(6<$)i#fpUNj2>8_MQy5G)cCU@6Z`?Q&T4|rcUW#Q*~2`@uy$qX|p&@
zQ!%W&AcY~r7U5H>J!BHUjS-`mC|98^ih%3!FozkKTPZRqW}ov>EzO<YSnI=@Yepwm
zgO*-`sba!+Sg1blq7nf!)PJq|j<awl?jr&!IGh)W5dk)hn6ZVCM#mT*T!k}0=L`WZ
z7b%Pv)Z3p|IeU0$1f<NYO*F<-a)G(O7*m8{_d0M`1TuKfzV=iu1`+E~)l{a`Afp=Z
z5NJyA38ivm%~;{-B}%=VUiRX5qC=j&g&HL~tk=JjhPF#P^M{^t67x6BoM8Kye|k^S
zgNcY#lf^G*J(E~unN`6jKCkRH?->80yVu@DF~llWk{y!jp+YFJx0IIr{$wWUqeK_p
z&Ybu7qeE2*<Dl!Gk-A;)w%5Eo=FF2h68_>Kvpl;H?LgYHiQ6B#g^bmfDog@P>K*c)
zvum%`Y+CtY@C$Cb5RlNNI_mV2-&IREaDJR#Of_(34%;pFNObBpqmVz2UbJpXuFu3Q
zE=F7;p4e5ZORO&{=6icYC~5bzOidZ`Ni_IM%iQCx%eToS|IvZU6A7b3@tIC>(<IAS
zi}F3NPNq8yfLB6EhLT3f>!!_9NrpC9&HOpJd~+1wbE6F>YK~gz9a`y9Et!X!#Y3RJ
zSbGOJyHKAjG3hVQPdEMO4apY88#<NVc<4cI^Uo=nQ(C7F=*3&NWkQ-qPl0KZEkE$=
z!m6M8Hr}85s^jKn+QpA?rF+i^Z)>IPpDTr;?7}{uTqwSMxURw~8S6<AbobKRWK115
zNKC#YNZryGor=Bh)<>Rh1B=pAosy#Ib~@M6t6yil_f4)Z)F?cq4T=xF=XWSP-4=GG
zyUCc^AFmlyZ}s$@3-Z(5vOL|Iv*4RF+OyCwor(_<f2un`{@{)8H!nO(c+q`%N_)|1
zj&=X@<$M3!!!I}a&AaqEF*)x#2)py=nalEXAKk9;X3b(EMW@hX^9zg2C?Q6(C)l!R
zp^o_^r2{{u8z4&e!uf<#MCueMZaQrYkr~Z75Vg|jLamX!hLVbwpbp7)LaLR%au@#c
zd1b9KBNo2Xyv<kMBub}#L?6DB#kD)-E!4*AAfyX_l_N@UMWfnwML1~qw(1ifp$yHn
z0qSJc(Vg~DvNN57rR%|!NtEHcbgFVUjX1zf{nl89L#yc`n-^~ak>T~@hF6kOQ4C;y
z$0MoMP|EY~DiLZnzLZysUi^@iy)Y7IJ}mVj7Ye8Lyu%0_axh{~E9skq)jR8<?hUDm
z?;x0!b*smVlY&>HuOglgSGM`<^CD+Q?dA5VNxN}VjC<*FzUz&XU!O%jjV|lk+nqnT
z!&R=fhmg(F&abDNv+*43Gm&fR&e!*i6i<2&o67V0aF@^NY-)*S=PUQ4^rzK7*Qno@
zHQkeR*;|_ycrGR{&zrZ4fY#UJ594G8J}a0%@wKO+&(BU_pBb!d7`UU(@~5aR&TE)$
z@0Y_B-qPpj53CcFcgHObmi7DjqwD%<ylpofTFj&4XtJy1rFN`+gX1^Hx!MS2uj3Xc
zc@ezpiu&^Q_37-X%&qn3_Re$n`-8mA3n%y^vU}(Ad#`Rg&&3e$^iQ{T2kw)`=xW|*
znX0$?`EX9Rr`<1r{q3uVHjkIrkkznOm+<px>F4L8;`aiY7wNIHX92Ibip_KHF1{{I
zgSQOVY`)A51I$gVO`iJ~-2LaLnySlgz_!eqrt9~B+lud6pXl9=VlO0BRh^loMwu+H
zv-i((hAIV<8t7~9YlF9_;m`5_xR6J~8}Fs&cYQ9xjLfXo`|;J;bcy{-*N;LCHt>LH
zSbu0-XbjF%2PgxOC}>1hU+{jeYG}t=u+R6-RY*J+ap0G(812t;_{#nAtrj02Up<bF
zvu&T0$76cd1|RWso?M^vtlmr@tPmHO0X=Ho@R<w$CN6B<EF4Y2^~8s4?0RkB`^OG+
zpJz_5`b_|BXjAuv<UkYZzIj|YxV2)mnQtr%cNpomeXgI*DtxEjV7x7#+|>?S)4{t6
ze80e`O{#)z;IH|MPAi|A#V|Xovr{hJtJk~xtu}aIZFHgsTStb)2RJyrJJVA%_g)OP
zd{hwW3TGn6K6Mzeqx77||4%lK^(PxQ*Tt{rEIBBG+O*^8QWb%%vbwT^DN_%72!KU+
zwZOvDP@CHW+Q;pb*Iep*zZ_7o)k3PjMGyzgII@6nqGbeSq_pv}kmlAxu_Q8CTiNQL
z4(#w7Lv5-ODETqAsyGVVjmn}$iMhyGEG5N5fup9!2+{H4wxer;*6nlg%X~TE`t(`M
zTg6=bfS*{<t${EAt_-B17oFHoyPs8b(iuilP6aDcGP4NiQPXSu#*;qVQ^cjBau=Hp
zW!a4EqK?p%JIf;j75^FMC-RTvgTb)?71V&=`AGLq_>G`S^o78f#pvbs7rJb;SM*#U
zKRRsXXH}g^-;w5xr0ouWxd7Y|r2X(n&&_+(o?e-L(>w0-&$vPj(&aDTy<=!z+kwKq
zG#&KUFo!bbqC|lBMYstle1gIMU@<XcU|B(09t;lGZC~2pI8G-jDl05)nZ?JJeFUf8
zjVUH(T~1q$^qr}$U@9l}cq`YCz;M)RGDf#_D=Ix{9WMc(O|i(su}Fj@RDYbEE0{vQ
zz8!JioDYHFkR^E}n%sIt@_)clKXEehGCP%zX)}1k;4)72DQO~e6K^1Y09n6+Z6I;)
zaw9hBhir>5$6l~W8zpfj6~qtLd;b$bi?&Nqa`uWRT*UfwKa`ebAH3`96kO+gLMSws
z11=9d5K;DfPE}MGt4@p>c)~><M1D~ptR;{&bpxtkstj#Ho<9dcEwFvqQ`mlU&!lOt
zsu@3?CTkpjj~-y_Xh^utaS(>F)00oIDz#4WAlq@8mb$(+hsCMOn@okS*jW$_+BD+A
zv}m*=y;6-vRis14m|?o>2!og6YYoV?1`8`(FV2I)n3vX#O^6p4%brAuLDSy)V{DlC
z{jGd>9}vwJS&-=6Io^|+vHH!G8|lN*jzQ=y+V+?z-XrVv7UDMLOdsM9yy}=J0c-Hn
zHBh=Ff+iTg`~kr+u#804LAX&!h92#&Uea8TV9kVS5zKDnB(u3Hc~+%Vr^GNF<tSdT
zJ{x>tgVxZ*4HW$^yqt(%rwYUk<%Mp%?6cFcQ8%1p5I1iILRAqu8lNto-D5t;Hms?p
zRc_HL>i_THT09EIc`SW?&i=v#eIP#QFnd^fL>CQYd(Ao0twu$FL|>GPCZRPnii225
zt+&L0q_{$IVCIZV7`k}rRUAF?KM6JrBW)yqy=9U;6~)5jKnqTEBl8IJn+w_=i8bb%
zhS3E9c<pj%Z$-@eGNScp_AmR3g6=z*<!V;azx!`vwpBvpxxce-Pz8d1oP#fBL9Bkm
z9Z3{NleYzpuvADl+=q*R5Sr~ht<a@Q68qS^)+*L-<JgUC3-Fe5K&P-Os&B<JSxb8b
zK^Fzv@t3jczp_Buajpo0ZopCUA4@LO!?@M2>0dZ*4OJgVybh~OiOh44p7MUA#Dmqa
z(>i1eaB4HREa7aCc-6J6x3V>;5T6WTX*i6${IBvu`aVYjWfB&+>^gEMWsHT&1QZ5w
zw3K;)GaI+f1B!}?umVuI#?!v;3d?>K9kXa<_Cx+aia{bTWjn?9CWo@+SPpT(CB<k#
zqQBPiKu7qg<irD&R25R9MV$v&<R2QaCsH2}pDCbnC(+PR!f}VL_O<|A-GW%i*M|wn
z3&1rEb604_4t8+^Ms{}<ln`m#<r2GCS)E`gTCM{i-iFV}k1APhBz?NB(|DJZ)a{f8
z1Kgq-OgE16d*`j`-5PVv_=O~l2kJyjJcVDFAwPKx>_kgzyFrQ`Rxl5wC8vpi=<7Xj
z+XjQ=NI&Z+MDs&ktxj`FB)=m3w+i(<fGbu`G?yYOqv=;_P65)%^y*$a{wLptu=A5|
zGn5c(W8QY-jL+dMw}(EdnVqywZK%XxJcKbM;3HDz{wT1sf4Vo!a7W$l-HPKPik<m!
zB6xe;Vf05=43V8TmRFROqFlqnq-fiaC!;P7DbuQNVkE~g(w#q$gMVBI-RcBf*<7rO
zlymL^OG^McYs(s%;U62~!tgtO^mo&2$zAcp9Q3XV3RFsv4pJ}r7qK)Vi)`#n0d#v&
z4acWUP!7O$0GTHZTwmhl-j@PLfkxCWQQfNP*>bFw@ZrqBlD=U$;u52$bu3)b8oHHn
zyaxK!MeY=qHRr*HCT7;L;4!U9FiD@HgLquf5`x-ni%_tcHQr2kQ1M%#0YfWTqj~m?
z$^0`bNtr{0XN)HF*xh5kZ4;T+`;5%e#3VDr|HRrB@{_9O&QXcKeyj&p=pkEj0b6hX
ztKuS7u5Xo?%}xvEYPq)sC|NxD3<I&`EI%c3JRCqUeUf|x+zpKXa&6mUd_m|7G>qgE
zk~~KS{cjpV_@NtNix*(gxT2*IY-Vkpp@kO0Y>g>@0~AKW=429*zwC;^Ul1okJMp-x
zl`d5ME?WJC)sCU)QJ8&OTm$)v^jznP?)HV$j)`!Y*v*dhB-r(knY}u9dSqp5UhFy&
zgim%1amIH9lY1D?>2qb-QmpKc*%ZhTGN`4-{E#Jk`kXhYCE1z(^&D2Rg6U2Hav)KK
zAy-D{6^~sp*?&w2r;Uk#O~`DYEe^EM@Obt;B;U&Oe0<dDbz<5&xBS|Bx|u3jFlBO#
zVnfMy_do1btV2{ut1%U(Pdh0XpUp%0<jpsjPDw}EQuz=(fuWW>5-B|$?lnY56vn{d
zdwTI$AW}mG#<0-It_9dAv^xxxVhlr0wl3eA(hODxgT(nU`u^%2I{5=kmVU=ZJLXN`
zT!ufHHhITWwrFBE;&RQTmg44M$5?AK&u#((Yhr6;NPT0*PY2GVocN6(rznjm2hdx$
z04%m?yTM`1{OBFwVCr8?^BYN^2bJd&MXgjl0H|$fN?^nVA>srx5FSp5x136F;$?nu
z0KF;ulttRO9F)dTlQ_q;3E2S%Q5I2B6aonlfthvOZrTvoRMSEDu>5BZZaU6)a3%Ce
zHJYhb;<-9on)p6cK|6D|A7{C~4t$FOJBk%JB_UB75sPp`$QAKCZMA8&PvL+}j@Zy<
zrOSLgsF-cq|9_!2kY%l$i1dRjM7V##_aB*8#{m17lkfm>|F?A8($+ueHeXxbQ9!Ec
zhug*sBI#*hpgPF>3@)Z_`~Qc%cMOuO>)t-gwrwlRwr$(CZFSkU?W!(z*>-gqU9K*h
zQ}_Km?|)`uB4$3$m-j<vp2)}@apL4&`>eIE-@1;o<p@08c@HKCf?C9z@P*PakR0pB
zLd(2^BuoMdz4&Ma0o34-9nbQ>u2(wbqYP5ZR9H+*5NMtJYUMh=;SKz#=BLICH3%JK
z9qsX#CeXABfIY-SOW;Xar8~1;Sx^#7^TCjD=0c5^Zn;acv9AgX1S41H?>!L%rFU2p
z7?I=ry|a}DJ07=yPt&ZM?QoUb88_*outnKtf2#7`Y|Z2|(`LSIDs<y$Y8QRAIuStB
zwELSki?+`>KdUUXQSqi2uJI-Ji#-aNu!9@GcggeGO?-W*3@h^-=>3Bf#E4h4zGvvj
z8;jzT!%tqAy6i%QTpZ`~&Wu3`5UmKoU-N)-F;z#5=D>x}{*p31Q;ANj`#Y~9bvTK9
zU`2IJ<w3<~t=-6X34N?<KqM2%QJpe{%xY}x0E42|EME$DfC3pl$a0s9Xv*{3hni@Q
zTsb`#_rjX%2{EmAjWRv=R|YcaT+YGK6J5L65*FuG!;ik7-H;dRhfy2?CoeN1aJx)B
zAMMUf9hS0j7JYTUWdb9%rshd258l17jNe!j_*z5J?9FL31P6X;Et_*}u6=;OQ5(1%
z4ge-yG1rzC`<E3MRa9*yvGWiWRqbZCGU@~djq|phRGAppmPV64&H91|vh!)eO})9E
zWIv=vPby2jM)+I>esXZPr<H2Q2OUnuRH5rS&h@U-tC`v?iwHSHbN2`_ba<6n0|R<T
zUtNVsZ|FYSiydnXMiLopIsY2r`dntef--bM$MuJe)&eWsuxd*uZlXpNegzR+!vW}}
zYl*!$nPR!K>hY7J@fPQ2kZSH*bn^_SxhT^4`%YUT5e>{el2RtlMvf&=0^XwWwn~dj
zz%-b|9iraUpb-wj#1Mide%Jr5<kAoRifIj^gwfrH3JB)#*%xAYXLr7)Q=W1<wRz`I
z=c%CB6+@5_a=4ed-cP|Z8~~h1mHj{HI+TtzKbQYky3VtQH}?fIRLMvb_Qs@&%y*!p
zfhu4Wksa6e*xioLcN!2q<RDA>iN!8Z5Je#$N9ryO)w>HBK9G(i7-5hArbs;7Pv!_V
zbCr~#^qv3_9}ajNP6jxtnf>utlet%gamDgMnJL>HgPN+imQXCf#5)8+2^A2|IQfJX
z9Q*}dAE#vt=RZ1V3icxC(J$oR;Lu;avwsZgSU8j!)bN~LbM2=~&(b1L<Bu#lIzZmE
z7mqY3x<u1K&U(X0MiajQnFX-}F2qKmu{V&PfM*=YgG7F-W66!<Bkvu_7u6Vzg-viR
z`^QMJkWkeAAlL}&ClQmCBwHq>`28{winPpiG_NGB<i2jP*lDrs-sEvHjjRw`h6_!m
zp=R2Eotx=p#XMK>$Z<H$6p)&sd+J>)j$`A5mbx5sMb>m^RiB|X44{&@t0I(bi3(8h
zgGoaLLLGfX{&28l1VT)1?z10<(%>w;*5#Ik{$ma27!*1s>O7l~B(o}PSA)v-#hq7j
zW7o%bB{40;bKA1Mas<cLWj6xpg(gzANf^XQs(0v~1R5TkGt3}<1@r9(kc1`43uA>N
z1q9K4Q)1wdEwspKeH597$bJ<u@p7OgO(9Azoep|s0*ypcMTL?jAus(Mh4}AeW)7#d
zcs@!dYibHZBoiS`zW3Ce3D##NYlJ@;V#ln8h~}hk80=JF^Fr183dpeR!&(J8H5vr2
zBX0=)7BlF=m}+EVoB<%e5L+lh3}OYVog0>@kP!1gxNJ2a;WRVsE=Tjg_ohYu2ecEN
z5es!j8W#UAXa~gdU(jyUl<7a99TuI~f@EZGa}N;kXI11+oPI^Q0+dBaJUlj-k&w&)
zV92yfSfqna{{d{IGE^er6%m^<3!Yzm%{6R;;X~xr4RA(U5bA2=zVx96LQKRx%w$u@
z%#8IgAGx8iL2<|$wY)*VS{04;#0n9)z!I>%%r6~=WucJuxXgE8Y17%TEEb<@HNRse
zTEQQGKGP}b!f~ToixP~|4i5|rSl?hGi%`L6(-qLFyBgV|I~X|$_5aR>izM0JNf`|u
zM~BrS8PRyxs@Q5GjS~EQ*sZsFjU-uG7MGjF#A%)LSVb1LtQuS?6;<J-DWEA&mr-j5
z8!hH#6~L$^R9snP-<{Xr?O6m48R7>lq~L0I^*XPyHdh#)TVQQziIifoGo&%KgHLv2
zY{qVMTStjw)TUp=da`7BssgCZIS`X!lAsO1cWd8&D#}m8l)hPY*V;se;{H_g9pA#|
zUkkKJbhYY!fAucnI{UFlbsZeA^tD+Ml2n6CsZb)HBHAvVb8mc#_2P6&B{bZGT(qAQ
zQ(^qQm+pj}*kIg`w*N`+qio=?cux(PhcCvp$i4GgM{_(&n3$MMDq&&%geYOEk#f&G
z?uZ;H2F?*pI|&7#%!A-o;tUpMx<y5km_?Nq4p0XCFetHy`>pwr=MhI|7e}(0Spo8d
zZ9~x}p@BQCkxl<@(Df^;c8IFCy3kXpgH!2cQ=_9@QOv4fVZ844ca3;iEsm@lTSkO6
zXRoT$eub}mMaq`i%%pXw(K41umC`R2u}|fLoDzx`F*(K{99(TSv#}*dEP@)LJ2lPU
zFfEc3cZ9N;BXC!eD8m`?32z`^3K8u*5(9H%X?PzP8|@}nYpX~E7|joImbs%&!|7E<
zvglh)G5ixZ#}=}Ga$*v}z?s}kLFCzhRTB(u3uPH*&Bxn|JXPmO0i3fl9Qp3OUd0Sv
zy)VI`xcomRX#N(tIO>sY(|4|JE&}F7Ct(z61v!=dm3D2+>2&52#|C~oSvx!3V>^Yx
z261Y79=x~!HJp^WRBFzSCK6rUJ6CR9N$EN0vqN#MdXI~x@*{j$UlaT>Fwtk&FMnB0
zPv3ZvnrS^GFV1z*>oA?ARyZVa(gV|y?GrCJ7B`^ndZ1Kq6Mi38-ojA%$yGwi=8q6I
z2|8Sr=xOAr&Gtb^-&yr*X<Oiro|1v}Y&p8sqhBTM=_GmQAGLeu<8(q>bGl!_zjT4T
zqwDhkn1LVQPxC2sPjQ%A5}J?PCjE!z<R1BvQ?-$>%!5JIS?RF#Nq|*6{6Bic2KK9v
z${M5T-LFYK%)fLQlbjCFffo#X#e6F#ZcY1_uMcq|UNi>M*Pn*>t9ND8<8L+k(qSd<
zEk)JhkjH6v4huZTVIPT@{W^33ZMw5$c+_7mbSnaX3=nkNSoJ-B2UG&l{gSxjGF4Rj
zb8KN*b^5`3CH&=#?(|8HI=lPLO7;cZ#QOh-l_dDA8Usq=a(ZOZBzPB`Tezk&_cWc4
zMf>8qKydc2rNQpzWD+@z`bqPLRvj4qjcOK?OrJ^zc$`d^YV~6<&Q~2Rf+W>YXyDUp
zTv~w_s$JE07|q~6yyFW#-AsehHz_$*qeKH_!Hmr|u^Pgh$?9)z=S!E&Rcwl7DsLb|
zJDgsFIppFd)1xR0_%k1;`oeWDygy_m_W7g5q;5HwBpb1qcSq}j(LwB+lN8eZhm-8a
zJWQf?QthOX*a5xOl@z{DQp<G&vadXivg*Y97kMq>8J~4guF8OsA5ahD<q6Qq?C&8e
zmhAYXbYE&O%I&@ObTI=`MW>vObJF0rP#YC;$2@GH?s=<f^9wO~LI3+RR0CKQLePyl
zLf1=CYZYDI>&8AJO7K~a!9aDqNP$K{bv$Sd<)v^UY*&^UpxU8G#sFPusfX2@S;EZ-
z<0P&nh-My_Gy^y^c)wMln`Wu|tI4n!O}|J!E@}ORC-XS=!LodbqwY4xD&VojlH*)k
z^)%!sjE*eCuBA5)k!$*X9p9z)TaO0(5LlWx#J1#qwh(Nfx{7w)cp><_k(P&F>grG3
zn7E!V^0N$@;D7N)-uQp<NBNahSYEAv@kgS7p{0!f;*TKT_@ffjzxZQF7dumx<~cUY
zmIXA|jR>8?itk^X+R|1~DK52A6$1?oo9eTw!tePyF~$CsRS4@{OKC&a%wM^_>>G=(
z=BT?KrP+^UaHXQ?BYs^HEna3P94)s}K(Z94zAXTI5-wm>B4bV(3zQ??21~*p25e)u
z!f|fgpMBpy75Z0UW+J5+3-U$^RThO`wDJtZvJt(i6t-lxfr$yxbz#to4vAP!WyPbh
ztVT}H)dWUE1${N;om=LA@W(2?juq3N{8>+lHgZk(M^Q6IFNVru$SS$CzfN_Oaw~KG
zb^e-I|NPwZ7A>ijwGf%SXJ~AdVx2V&wotrS<NdSgmeIMWpN%?Ip|d^xoZj{0p;u&D
z<bNv`|68&6|3R@R>J*ctTV36>8SH4yq!^HXM=@IV4M|Z<ei;+i?CEqd`_n!#0<mg~
zBQ+bg{9nDoaQO6AG-12U`A9PjGPB!BF0WnY27s(PXN#L<Llva2R;H*v9IH^98If)5
zw}iKmb>~YnG3IPfd=)CuX<n&dZGO_LB8$rq>bCh(=4>d0a8qD{*sFqvdt+N!-@9(`
zH|y4KvIyBv=bpj_BkF&FlbA4zEr0a?Zwf}67(5CS6@Qo5*UCMBSY{|~@5S)*89`sp
z0sff(cEyU44i<q`zBim|0ffv9zMJBk=?B#RU#Ljogjj6m2d{~L)r@~y`8S_Osdbx1
z7$7X3zf(lo|B4!xK05C0-v8(t!mpLPnF)n3+F|d?jy#;oD->g4wj`bfc*BFL!?sU+
zmjTapNCq&a>ralupZH1X#^HH=!<TWBRL6~D)+doSB?I|;Lh~bVawFn8Ah=#PjTato
zI*?l~<f+Rktsd*9B{aQ8W!=o<en%|0dpmJv!U(~ApK1-{(Z7)qQKv}#Rl%Ena{Yv$
z%dbmxuF&E(<?S|nn#~uM8C&I84Km<hKjHM^Zd2hK77Lh`#l)^>irfhr)|VJLZjELI
zwN&{35IH14rTq_7%f8#}W9X({_omp1ARj%Z67H8@Da5Kcl#gcUknp2UsV%S&G%2ZU
zA{d0vVeCm0aEQ!RWdo+T)5sg7G=tYRcchRv5gGf)TgLyW6S=AP7^cC1gpHAm#kt$;
zAL)hW|Ca9B9#{|wnlnuY+O@N{6)mMPk2yVj!*)KsB|d|fd8QC5$l^BmnS4H>;v4$i
zckeBBB<-n*Dfo340~6+3uJo+g(1{o7^>kw1my!C~ft5lQu8S~oQ60ieBs&|d1IN$#
z!2qd$^Z|lBS4u%e4}m98NCjzlsWk^j#DXe?0h&UXnFz}I<fsf$kojXE3V4Df?{If2
znr;?|g%($aiAsgt_mC)U%W*bPpJH14+jM6dx(W#WU*<H~*^o@n7#)<4e$R9W9j~>G
z%>a}|OqiO?L%*q%&omEQ;EZblxotHTXhwkOD(0xZ_Ot8L;7}lnBU_fWoiF{5-iuq&
zR;`%3?h3JnWs^uhB{c^Ib(c7ocLCYSAVWUTr!Bq`%6<1BWgwqQPzo6L`4u$L>@pp>
z5a9j=4C_x-P7)*1t1k%LZHkf<RHz<5@Ox8LC7JF*R{+e9*KSW&mfaauw><VtZAou<
zvgbk|&A{zP(zs-_j}MJJ;``+hN$$FOxZ_4Vn>ozxur0Y#rFu-<D6A4t3+V+xWd{TT
z(?4F)WUabR4GsWgeIM~A8iFBaX5q$hIruF(qYju;p)i!|q*8q!mh$o6zN5|;H(9->
zJBbqK6M#LIbiU$K$gVs9g~dI`zw!l~)=2-k-8QR#_sIHCi8(#etMLLWPw1!6i^M#4
z`v!v}f1zWg{gHMpHLF5?mXau&$2&a}o2pqz0nQJMP;cI9J$W3Syq>sW4Zd)ktqfEo
zL2kJb+mb?pb#d^yLu!ShZ^44>YiH_lRdRlD)M&)K_rxMqI2yNRmh}OfC+e5XwJ@{|
z;*kYKLEU7mtP%yBUp@(BxPqEkB&9Ms!8)k@Fyn-{a@qO7^yM2;?n&0V@%#+OS3D~K
z<$`#tRy;YbFW2}^v|t@(n)*jRN723BKaKbi-;Ma?Kd;%D=V(>_Q7TNl1Wl$*yyQ{b
zA(RTociU1bI;}Ldxlf46SERsV^~iYpf^%n(r`KMgLV#u@9jhSdOWB8jQ0hq`6cqIF
z_qFvkqkQsaoh!zok|NdFaVmjBcVT9H9Ef1S>B(S*ihGKBzozg4uHm~_oXz^bd+||L
zq>&E#Gql!-bxi6GQ%(s`34Lj3v+#erD6txJ+<#O)dBd`&$@(lF*E*cdn98tFl;K}k
z*>ahZM%acLGF&G#H3D}xHukqc=+lli9Na5Vpss}nPUJIBl7{N2Q5j<ROM!_!C(}tU
z3;q#FX1K8LqgW6?4+il?%)4$ygTigwxcx>b?cqb?$I1dL4J6z_Q$$d80Ex9g4MAM>
z$^S|g6ytPo7T#3WG!D+x;CD7Bo28KL;qzkHbn<Z5#7#vv0&pQQh9l^_#BQ$Nefau<
zr~m20pU$zyGbSVx7RUZ&Z-|s&m9NZ<O__;;`XXyutP-RxEp5&`&pBVm!I4~p6rvQa
z$V+&ODE6JYb=_VZ>J@v%?rS9%tgGJf(h)PWgh^2Uhn37K{vTGd?q@0q1&hW1VkKvs
z|4&vDgKGnXxmezsqUz}hanRoDP`OxK>#yaUJ>5y0Cg*99=fa4}XtHq)TcD#;31t~F
zI=CQ5Qx3%3OeWtN%gW~Uc@-U5hB|i3Xp{$A#Iu%DLp-s+wxEkNoNFRGsoX8p22>X>
z1G{#G><>c3-a`=*{BimjgpLF+;AWyoft(1CP@HjftcZjsbDlV(!XI&e0nh*PlBWOi
zk~xn5<t4XkKEZI=up{7{;JAp#fH^z)VT>ud<(mHdYX%HL4{X*a94iLMeq>wvL-7|&
zr>dE_(e&w(cs=}G=Rk=;#}l3j^+S{-93o42DW;Y(o~8C=0d`^35&!DKC>fl>mgNd+
z6$TS9U+O&b?Z5}jD{RcH3uzfl4}BwQtZewx`oX=b&!6NY*{eMS6f&7j+GZS-I2gzK
z#0z91$1%EOEC?Xzc8$t^pCF@a66ws8LKncG8n3_s-q(bZixQ0}e?1d0na?H+PM2*v
zL*_Jo6Tb^*N>p-^JpIGmBudUvAsa`MnxyrF$Dvxw;X>JeXF$Y(>+T1m40}EA=x2bE
z)L7sQ=N37&|1I4{>dh3Z|7wjEp4dn}sh#=D`^N-fz}m?peO+T3MM5xYT%R1(-yD-E
z-_dh>+>XL(Nr+%Le}5Fm`x3taEL&n-W=fByLg|#Oj7O&5!@!hg3{yV=;ojkwWdsh=
zA!Nf}Qkj_sU=s&A8f(N9Vu<?SjrCS_!<Mw)?zj&PZo(u1m1{pZj`m5Ss8fFUfU!^?
zz}2Hvw{yygQbr9uM-Iyz=kz%c183y9%?e8?GUW%dnqptZjEYdcM|lT=GUcFEqO4y8
zeM{pw_IPNKDAm4tvklq`$@~lFuS1do!>|07uJdwG0M8x+%hcHj5-t>SI$aEap0YKs
zKX6*>dwdW59|)*340lK}$wXJ!YlU?^&`SGYFjlY2;DUyl4I;!GR}Nv2JYElBMb4et
z1hB3KA7ab>M*HwU5~pNhg?_Wi1J)oswghtZu4?Fb0Moc+#vnG=cc=k^KJvLgR94TY
zo4}k@15@2k;Un<_9ITbS(b8XkPll=n_=Kl&@8a@C7q?<!tqLWd9^DZlD}%$=);W}|
zjw7kU(%by@H&$cm9Bji`pvbAa9|&77GLgC-M@iQTJ$RRH8_hcHyND=rhLf|$vY2@K
zsNl=i&iyrQyI))Vo8JOc`vA92Fp1Jq{WXk(7L+rax(PVl*;9P97_{tYMJ`z!+%}OV
z7e$VMczSG$#^g~j7PL;TJWY!7ct!8;<6|4dd}(W@4Y7^~-2L^33W`E-x$6p)$$QaV
z&_*4s)WC{~4pSyI-D00kdzL>8rwec42LAv|&h_F(h>$lE%Gm>QG~IEV#gkluckVqB
z*0jXv(a`;lf=X}}2+qr8&UVX(ww0OXHng+3|LjpFlmYF=gDV^c{AXTWaU~(4yQ5=i
zoHP3;QlGnIQ9@xO*XPpfN0t#>T%5iFMLpk@Oxp9DE+Ng;i|0H?&PzYJguZ!P$iKAZ
z?od1#ske&lqj^>aE8`751t@&cWaoqJAz`-T8GEd{vxidVHUZd{*$`h36=;|kDt&Bn
zx?Rp63PY_dN~Sxqb4PODGzgf=7FNaJ)me*zhD9csMN_M+As)>v3h2d9F?xX9_kgTF
zIcNs|d_i{Jg!W7)hpKF4l?7Hm$sxBUr~JjioM`6RYn`SR?3QFi_x^k|?sD$Wt{njT
zpfJNgpZYba{+YR2L#GxX{7}9l43S^D{|`DT@Qp(5Q~nfVaQm2CelQLE#K<C;fdHU?
zOsd~&c_jTyPL^*UL+6)fegEA0A96A)ev{<aH@T^?H7NK&-|~$^npWNzw2jPmO}bP*
zplS=;1=~K;u?bYREWLl@kZb}9PYtTC0FBc-rdJ)R&$_?R9Jmb2-{<p{X%&*5CGe}%
z!KdY=^vs~j|B$@mQ&YRX6#UwlKCm}>UjP<$f*$=#`38U<(9~SIZ$R@|uJ|r|IrGn<
z|BVHBl!2sngX+7?aIfn7_)J<<K;?73@C__<XZk;f!}+td&t6ptr4s?aX#@Zphssx!
z_x|SgR?l?H{FN=LZ{Mf4%s)%r`d<dq-Y-8X)1~s&pzSPOwz<0n1VvpC;xG-Oe}SlC
zlgO|m_2<y$gv`P2Fb-sPBHr4p2{lx2sII6{HLXgP`_a$m<+X1n^M_J!_0Pq{z{UyP
zU()*P(*R)s7kra47vwPtB-04}$xc>XHEuWC#U=G+wbeO|aSk){?2LMV<%sKwv^i*r
z{j1$+OGnXalL}VJEnaOoN_`*SX^tZ%8EhP*Y3=l@xgMS7d)m_%ve#Luc>{{#yyL9P
z&Qd=DCpokz&YCz<{w)KbOcIj9mhMg#eVPS*G7Aq&p7O-~s;1m1=)z01gNK31t%5k{
zFVtAlr(HaJxOu;$C(PGh>g()MIrESb#yGXWR9q6;-uDZoXstvwThUezx?ELx?G(sk
zDk=F*u;Yup))>G{dJ1^TJJ>q~KLUzAYo2KsmZ@jopylq7O413hd+AS0Xv}ORK4U<<
zqtoFd%I~PMwG;Jz6_G+05#nSKr%lTwr$v=DJSEvIm29nm?1{h<WWo@)Izz+j^l`9|
z>N^M<My09woTUZ97}_lOX`sTzTWAXkPoLVHvAzi)IUDTXeK3q<q}`^H<2VX`r%#Mi
zcR0S5%gjDOQ(O|8B$_2ZUaN22%)Z_Y9UQOS$n{4&EcXjrgO1{uS_8XQgF<Z#G#E*C
z{CS?=-Nc6Bb1wa`@b=`rAt^)ZY0r&#MCEbkG7ktu{5=j=8`N%HlS}*{t;wtB?e}su
zV}VVMRZp?0(Pc%b;znPi$eKqVnHA(6DnJToiW6uA3n8YfCn{}{lsy%D%W7LsH1U$m
zVr!FyxNupyKc<Q-GG<SlNt$ya0<rxTGzqbf=;#HY#;t<IFsAMqy5@6Ry;};N`-LF}
z!SLe~Wm0Lz4}vw?`Wh~Gm1W35tC`w|`~;2db;-^6KsX{_S&%?zeK;~afa6+L0&^(z
z**%I0D(=mMM>@lK+?q5nrLCQ#mx=-?g2)~~cT@mbGu%m|-0x%>3e@oR&ze9+Zh62@
z6WEa+vk}j&a024Hj%%bORM1k^^^(106anU=A>w`>l!H5SmMv|EufSvPUW5Slet?0k
z>^QzJY?ZkNrQFGyc{UirfFe@K{_t6bE@5J(BWE+6vOux0bHZNouuux#=3OvkOwAkN
z6i-<#s^!zLETYz=V^yek4U7(MdEC{So4KHCrn%P*#~o;2EX{{N)3paOJN$*;<V^yx
zU=nerBzjH9gAAPPN#^h7nu7Wm>9hk~#71nu#Ker5`l%vhc{}WG@;;>3(xV9V>0XpY
zrO*B!pZ*1~DRs>`ovh<}qrvf*XA}&b*R_>lKMIUDxU=9RGrDOFU*K;SUCBgQZ!sZ2
zTH9qJEl__^e1br&VYt9SAuV9V+8?J&RJcPmNQH_#+ti$wT49gbWh*|p<5I$HDebh#
z*SisARyL1ZEze&n=W^a3NnQw5X=$q5;TGETEdGksp1~1^BVGQW+!-gCOY~>m(<$6*
zWa(cCIONVbCzb7;H6uI=5%tCw7oM2xOy{1LWbT-*cDF5yOM_i~ixNv|OEj^2xD}pY
zhE8#p!^efaZ6i}Ef=o6TeJLFlP-?<ipAb-R5f-K&Pv1{5VD-5i1X10iRXRMMIM>N=
zGSFDzKu7W2oA(mSyQOfOR;P#)dY@YQ&KLKCwbf2smDcDVX{vwy42bCs5y3%(w#N&E
z$bTR|%2|gOji$~5M%8dBG`rUG&W2&XGh8mRG~spO%WrSfD*=VBh<IDLzs`U8x>cVZ
z2g9Z~;<c&EAT={D=Ao-&l7ivxTdaULJ(_s|Gm^dzcG-CZ7R3ql2<zxmP(bi;=m*cc
zA`0lX;dN9~A+C9c>D7~cZVm9$E3^#wII~;Y&2ODHSos3}%i7L^!@^3`N+3Lt6;uf~
zNbQ(2mrnFBh|p`52A*5@QMi2hWNq;4;{~?16G3lbfuyfV|J@Q?`oPmm7*JRdQ*E$5
zPDqOtA&AFJMfVd^km-j5?3~4^4j9Nh7uTR)$e5#gQ;1_|*pTzrF6D0lNt+|`0l?6P
zdK<j+Q5Hv8*vJWxU=iG}O=#$B&CAfxu&+xVVv7*@tR>3BbRXj7%djELMo;V~TOVR8
zp-1pXVP(O93w_DLVLNIcVrO~ql{05RD2D!J7~PYw{;hswiKbU@Pr|6D1VICFQkdqP
zX!CWrWIsi|V8iD#E=eu;_v<ixOvNrThbygeR>Jf2=g$Dy&Dx_KZfpJ-?;7Lt<83f2
zGno4og-&Rc_$*A2T_Z>%8|kAk5L8g%!<VTw)fwoh5?+5+W$T8gy><pp8Kd){3mwn)
ztiL)g;NO)$r7_eb=I}C{%MmpWTm>d{2cXT&k)p3H{7o0JkJiaS(DfsL^IW>)Q);hY
z|LXaVVS+|h>{iZlAC(y1!!7^g0P;oQ)yoodTF|-7sEhRn4ajPjW$0fdSI1(nOdGxV
z>NnGwb$N@^#M1myiARZ>F$R-GgDL@bdj*r|+u!evwWBX4DuMwu0&NModQk%E_I`uf
zdaou{d!+*Ir}2K{pPEvQw_u-|m8Hj^c=cLXU~(-mJo>QgFJLJ5qaNLDn4J0>GNb1z
zT>3^P->6agQ_7H6oSN;|Cc&zE*_i#89B<uyUeeq)uuts8-^@JbqhDQeX7PNFXwywO
zI%eiJ{GQ;6{UE*Qrd@Gna$}_wZC9eY9c(x(m-1+f8un}odrIrZf$dz%w&fM5X@d`-
zy7I!gRY=ZqBn|mz6iGXC-M9#inh#)G_AtfyHQsUN1PK)S<7TtTYzSqVct&{*`)Wu5
zN*5%_RM*x(i8zm{AAS_0^3LV}zk$8ut0Po~;T_oi4w(ReZ`$W}X)ni(&*>HYpQ~7%
zyR|$&_5g=Br_XJ)Il}WRdeg)7{i{?Ry+-x)Pkn9A(<{AKAA_b|4doi%pk5A()Hfi2
z1IDHh>fZtV?O-|npw0K2p6*<5{q32B$v0K~?GT>DpZK7OxRAc6*%NWm8bY3PUn~4O
zoRCdXx%nH%8{=pjxxKNo=`Xf?1}=UIdy63U;7opqTBKrw3U=UoUd4SwN_$I?wb5T3
z6cnH7GlU9Gwk?(4y=`ClJsb`WxKgiRUjYJQZ59?$-^$B&gx+nPw6dGkM1*=$wR@hs
z06~Iel4S@GE)aS1PUTaxgQzJ5LokPEBFd&-8yFeM)!3MUZrTsrP&#LDw;^}EABIf1
zUYCv&q)7v!n8j*78B?S~Q7=eJP4Gs$GGeJ>I(XSN>@U9z_cSY_C%>-FE+=ViMM0=y
z*CXscq2$uW81++{CrCGc6*%f6F{5l#rLg%Y*bvz)gUBVx2mUfe@8-YNsjrE6XQ0v`
z>IJ{;f+`!%CUk6Nfn@0g%d@dC*kR~Jq~p1EM%+=PMlycA(}Z%u2=a?f-VZ#FU#Rc%
zA+$+Ja0f2JBzld8m|t8aZ6~^b7j?LVD6(Mn(?IeowplC=JUQ3XAYTR%#SDW*>H(TZ
z#1=J3uKfd4<PeB#3tR;_laMUxV5;~<JdXE#auae^i(cSe4YYg*vMc}u8FwpMj9iXI
zJ9)Er4MXtFCc=uZF3KqRuX%5uc-s&QIP@U7`WbGy@M?@O><^GAqlmA@4lCY5D{zox
zTgS`LT5>1K+Pk2uk2@n7T99U3Fuxg2X(C2-s-S7@?g)<Tid(}SVLxFn^}}0m15=;~
z_Trnv?Gj?xsX=T2y>f<wI*MfA|MbmKY&m86#cJn6@%Zrz$OC!h_2~9Vp;s@eVg)n(
z3NTOgMpmAZs6Alq^8}Xk>B<`pfA3I7u$Pa^^pYZoKbDZ8!#%$*R#Y&9Md@Sfdtl&4
zkizVf`f!-qanCa;>-P|S_yQb8GCE6Fo)UPIY_@~jSTypaI$vSxkS6%$V^xJy9d~p@
z&%}NuujLXJ4!n-kMp<bWsS+hI{#ZP>c5SlcL{HKZwC7cZV7PtBtD~j}*3Zy_7_AC)
zK19-iGx(AQyk%eOYKbWgc~j0P13-G{*nt)GBNgTIBM+A8-$r^^v5)i?U-S@L;^?H|
zgDLv8jjpClkL0G*F1Q3M`jLSA!1h}jA@Wt-u@7VIwTK{$OdHqa95-nysF*;YZCgL6
z_9v_@AHen_n9efbpn38N71k(AXVp!gF)dHu`*!g0Ze(Etmdoqy#pHB?K=&v$1sX64
zv5icfO$LG7$a_hffk!`!zl&NkEek5-HktxuteH`i#mRuwN;MU#W&Tse0jNii3VA-=
zN0#ig%Q1!P9k|eWP-tjNgLEkHCy-nPoIaecCMyL?dArCw^L8#ogA_a1^00n9&W{$;
zbWsK8!38lnf06=M6mGxKm_i-vSgIJ8NL7|WT>sobH@3%BR8d#(Wm=Y^%IB2}VFVVO
zS{0sR<}}2+U0J&>SL!mRG!A9{pdds7P7lp-Cqik;8eQ}K2tqBMM41~9h|?K#wI-Et
ze<<LVds=Y_zz2{B)TZ{r64(zjqbjk0P&V#$A@2J{i+mrPH!!gM*5MNpRbSXzJwj^x
z+6XiYOxk^Q0bq4JyMjT9==xn6DB&0EQn(pZB>oXja%)1ub~m?`)i)dxQ%7*^&)d0M
z>oga<RED|Ra<R$9bONNer|`6&9wL)0S-)ttf6benD9znIFcc<P2c<<1fNSd)97e>X
z)sL$?3r=!$96JCf0nQ{Pi+Y$O{|Pv()0>b#x#&b*<v`<i;N!DJyXZd`^9Dn3Jz!Yg
zgZppqQBnxq^EfoOwZ_JHW(n!ijr5W-xXy2gM@W7|c-&Y;CxCPLs-yIt-B*vkjtre>
zIRY|sk)-1^3nGu@cDdnWc^<y~7EuHKK$t!L{z2kJTTTN5%+GFqoe8~x=$?+;%*hc3
zn>IEUNgsUf5g@8m;RiiDNIysv?H(bAzvDQzkZs-9&Z4;X8^fgBlcTY1CUz`Nu`4#z
zGas%nEY+F)InE&s__`4N9)rj?r)|&cTO^szHDaX64byiB7ReJdOZ{npXX`q9-4W}Z
zN}r8S^04Hc{1F+x3AHx4eNoL*#ajc0RP`n#3H3@%0TJ{S(Af~@D3HJIi-gtiqX;-q
zgs5&#vx>A`yO3UzL&*e1O{3Sojzx2}v)fy#0uCm%e}pFFi4!&aqrZoeBG0eZFX!aA
z)!N-|Gz+R(k<&DR3Jsw~krNFjB1Da|1Q6%www^su*ql8;TzuL^gU8;f$R9Oe)DzuZ
zqD_S-x+lD+NQH->wbwwQGp?}L0Dbc9u4<$dAdHe5`+)FIwB-}@ZWne5U(M0qBY2(S
zU++5~tiLZDJpp)aEWMY<5xZt}mgn@w2D$*^%Zy=i*CM8+SN;A8bKSELc|74HSnZo3
z`r1!v(-FEU(7HhfHgNodBWJf7t0tErgFQ&!###?X2=f#IOPtSU?)VD_?YN~~nTQXu
zhItP@gL%&8V8GWPL`Msu#L&)=f?&U)eM8+wQHRc)K-ibacONnR_L6`@b76QALkNh;
z{3oWcYh<boUf<F+RAZr}ld%MDBF{c=&j=||Rt!p_`xtoBC_t>rgM9v^p;<||(U4VL
zyWOOYY*$Be;rQLp`vra;C^ShlWEsZ%JW~{wP-5{=QXqTFxCCW?(r!^<<CA$Z<Z53R
zi!g+y&AMS4y!<+3CCTumJ$sh1*2R<<CZ2_~n^#0_bzHhzkz7)@CW~_9@R^sW$aQ{R
zk4%_12>12R$NAxoK{6c2p=Q&*1v}N#w^_UZe)QRr;qwXs?h)Bzbh)*~_!Lui71iP3
z+U$)s<=2B-TcT}vS>zbhftm3}Y;tMSl#0jr1m7P-fBh)t2QB5wF|xrymI(^r^Y8A_
z)&g$VpatL0!`%0ec3uiQ2ym3^&gnKC^0VI>2OLbwHEmmjb*S_<dwF)A!#=$=7GGM1
z)&qHTYM)>dIv`WV+gC+~#vd|JH*Yi~z-IR~GoI713UcV_zQP@A+b(&+;j4wncj%)h
z*k_p5Ixt2EFur_f_Mv(<Am7Iekb)P%qBm9Bz!b1FeL{<3wVCWHU*rfTts!~$>djd#
zAK)83)l}S7dfuh@J={GEV~1zNZ<~*%l@EAWXj}>CZ`0G#rw_~e1An}E`+R(!UDCdj
z{n}t$@qO;6+~_U{8d<yIGkHc|giqPE>YkJMOi+T#8~HXprHG%u^%C53E8vmOPbWdq
zu9<m$;_!`;a>r1P{Iy^VuZ>YonJB@&!cDJ+*(yn%R9e%78@Mt3;5`1Fg6wXHaX#e^
zbj(ubOvCSrcfEoGc{IDleBW{Jdj#8?r7@wN7D+Z;I51Myp2D3pXtf|0Ux_@-&%etj
zj_xU5n7N)yG35pN0(+(Qz)skTw}isWRxKF>!zYN<8~VV@Fg|Fj67Cj+r5>hv-RD!5
zz^>}*-Aij=k7JCrksBvTzstQdTEVNA<?=`Mhs==e<>9IB*IU6WLSOcltvn;tl#5WE
z(BEl<WQkWS&>9j@ZQGboFyKxaK&^WcN-p=1hE+~g`}-%&dB->uYSe+YWHFrV!9FbL
zHWt$UYJ@R`%cDuiEx)WvvP5U!EuicIc;6hoe7x@74yP}7A8YYSRo+W&x&2XA;`9dr
zm8)Rb79_uKY3bF4Ad+&SjUw{JO;^GintRjc+#{_pk=%ieFp=0(sfaE>1{jEJZ^{E3
z2r&obcLWqaw+TaY(Q$21p?InvctqB+_2dX32lVf>sZKGF+Ng8|*T6&l=8zscYsllV
zsH^KYHUw9ry^#v1mZuBPzg<uUB=Uh>^>o1XR$)%K0Vmo(hH>@GUp=OC+&z~|bya*W
zbDeD&eyjRWmiYU9X|utV5%ZH<{Xm1fL%SEus9j{hc-2@m&o1%ta53$d(}UAk(_ofe
zAN)dqaJ$)zAmnu;ZNHXAckF@R`Y>%PPSIK+*lZ%I!vt{oTC75%mLlEUw(ZiDue^b0
zh!z1|+!8IX-`Q6BWcFnIae7zraunABCf{l+GBX4Nxj3U)5}yGU(}k$fd@|UciZGO=
z7n$YIZGByYShYecXD+2!essbi_-BrH?m)f^cpB_I))(4|QxL)Ihkn6mcH!u0G!V?d
zn@GG3PtmAW?G85I_C?$^=gCdh6N}VO!FaJf5I%;vgAnofRWo|7g3(Ea-i^MI=qv)_
z?$&9egMTiTU_P*|t^qjiD(o63VC`9+$oOjO^XCry26LrIZ{J{gEKzxS!MfptMI6y8
zX7lyyokT*i7O!990Q^yV90Dosl&0-ZU2g*Mzp0h%YCs6kD2SGzVUN>un+`Qs(-c8G
z_c7yRXM=g_*|jwl%rq26l=%aGh9mO$A;Jv=7JeEL&=R6u9D}f>@l16mKaP9N@HP%u
zGV2mmY;;HS`k_yWPa?tLvpYb~5{O`H%Zauaux(5*Ife>Q>Ek=e-tuvY@D;*3n9UzC
zDjCq_COvd<!nLUR7AIqVq?;AJ|FOB)Y$G`;Hlr(AOWt{wg>6=`zKE$qoI_{1YM+ZH
zS|2!TmsIV@-nv2G1g9V5KNl%yW-y93bcrD@jz?r;U{*6vpkh{Q0#OEh?@fd)Epm`{
zV_zUD*Iz+ZTD1CGNcuI)EFK7++30JMZ-FR(7YLF)flG)u$_DAJe}F3M{nB?J3=Edy
zp<wDA;_4lwSuyQj;jSM>XncE=cF#M+&<ZC%Y6V`$2rn{+1oWAk^7MVJZP@a-nzl8k
z#&Kr}wJ0|(B*8j+KG0(;4$Tm1o8iH8Rbs5qN_ZZif3asCK-ijYx|oBTy{b3K<rmUL
zrrtw?KT2%2WeWA7f^W-*E@K1<7l}h%6J=PD%s_ci*+YZV8+|U}_Bk@z^pzoeA;d8C
z?Nao@;@Y#`miFmvXIS@9<mUE9Sp1nVwSy_1^qn8SaY`_%AYMn7Hb_fiMyNZ;_Dxn6
zC-TW*zZMyXN!@ehE-ikwH*wW7I-XoquUkFEL)Eb7MrhC!ypDq(3f4_yCj^6_JD|!n
z)2(eJAwEnK>H0!T4FmTsjLz`EpXJZ=8ug1;F<T=Hq%FouHi??hRyPE4@1~}KRTG8y
zA&lM+qb6Dy#i^?%`bzUdqw=GY1c#@Jq)EHCnZ~$T=jfn<WTksgrZbF27>z*{IgDn%
zKn?l4DUH{7&^9>2wm436DP7WKZcP`zk$PU2^NdANf>ooEG%Jjo1mHGgF$zU5J<O2Y
zH!!I#UGmQ?pSGw=v1B+poj$HlQ8fRAV%c)x)P1!E7@}c<Jr<)%jxbs<?jlUcRsG4O
z4LQ%-C%+DTC<CsfHRm;)R~G@pA}vy3KT|ec@{`tBOJ;rp<w%cWWD#PwT|28;WOS(z
z>;&<|@GMbe;+=IwS{@Awkm*_s>s%gfj1T;?mO-rmo>%@6kds?+L<zyfWGiuuh$N?q
zH5%qBaMw)O|K#Nbor8L5Jdz8{j|FAr=#2afr2-{@rVk8`l3#L-Ch5DdFL0NH33+}u
zxVMoD5&>|07Crs<V<{gbB0v|9-_K`YWAM}Q`6!OlSN+^$WRIgulMex*_o!5Tf!@(m
zsl9Ix7Vopb>Dlf3uEY8MownOCzKDH9?cN<7WxSV(y6n}>0wp`t4*bypr^v^o2!P&t
zD1h7_QP4WpXU53a_qH}^&Evw@(Vkk>nI()KwdByX2UEY5AnMKTJj@9t;>+T#rsA0>
z%J&5)K&liQ!`~AP9ivA+*TWKB#d(D~Xn%ss4+$KcyjVDi*VGK+UU`1{0o*N_FuKNF
z16h=8<;hY;Y5Q?1BfhGwiqE+CSHTIfFUS&(PyQ`j(AX8~`i+qQ*Z3?wS|SL03@<Me
z(3eX1$mw7Z2nY8ugY_!0htuGxi7?M**e{8h2NLE_BDQz>fZ9<-2!k(DXhP)*7Zz7I
z$HZF~N9;#Cq%;5N3a6EL%s$U#`W@={gXWkcqw`EPURvp{u=pWVx+hpL_=7^{SS#Nv
z>j@Tn5Ko&DE!~-P39zMIo%-7MG=h7;u0UU}UV`~6T$_-ty|;c~V#EE37Y^unw+FXm
z_vRASJs_{fT9{O{YkFkSU~0i^et5joU{Zu5F?yfzl{f6QfP=t_*<qgJ%^!q7u2;%s
z41={)PM=$mGr?FSdpGv-FL;9jT`X5*lcZmA&4=gpfNOnec%rKjq5Dxn{<(AmA8~P2
zNF%?Y9O7WeA_y48U=Pe<X}r{vWh!8@4C|+;vwN_BgSkIgy<+ZC>HsCFRB#4<N3tK<
z49R=Wwjx7=W`$I&34N_r*${1ZnUkt;GApmKlaACsrPg#y@g&h)<8}W^glvylSulW-
zrW_CM#o=!n=V@eI>bmJ+xEF!jNKz7{i0^rLy~$}2`u+6kNU;lv>7U?h_6pqn>ILzZ
zslUd+hwy8$81>QQekytP=mDk$1lb-E#bi?I3^VXO7Z<Co3Y4E#YQG1Y3#mXFd_6`0
zri9QR8A;$hkV@bkmEAx-Fsp2<jHr+w+Tv4!tEZ4%?DMrGnYG;gN35=|<36oR5D5jF
zyJMdDe3Th!*~{BC3+sf4ohdbYe!W(!vP}x@9wJV4E^iQzWTE5l<N@+^%@-<NGMxa~
z9@u^82I5&fl};(M5Rmj8$Ta*h^rU?EGM(`{1bwzDiHi0gPG`a%sH99B(xZjHy!M5(
z0|IAc7blm#H|8!F`88I<%xwT!wdQG)6sZiXItn$vr9+TCv3K&#t9y#gX}@zDn>O}A
zY66MoRtj;lQ;aNnrS>^n^sL&D72DcLZTA&hJD6;{;tlPkOiB3VZQY-(-)orWS-?>G
zlhaunceSfduJF&)X8ZG=J@}V$E5Wi?kG#ES(90gvVRdi#D*P3%qo~>$<GO7xrYL$@
z2jKIKr`OI?$cA`&L^j<PYF~DDYU-A~2J6xR{&(JdLQszIu+XXjvm@Zw3;q=BzsxJy
z-u}DI{76s_8lIRY{)TW;9K$Azc}uFps;W@0pe`Bm1bTAh>*vyKNC-g}4JWn)uQZ{1
zBAnQ6s*H63<c#{CcaPD@wU}C@=4utE&s(>_l|~VrF)c+VpC8VAqab2vIhR2)06NOR
za@2P}6>#)~7mO0=gJe}B?-aPHRzW3lHcii}Yr!5AG>xi;g5r6VXL42Bd55Oa#*Rqs
zYX-KTJk+M2h&5J7Vhufw1MQixW^#o!QYxOpW^%%?$zH>J9(FpRuv1Dhi<&vo#p={8
ztoyUgiwi>;E=<x)C}9jXFUO)qb7ttBHB$>=4Cg=Gw5;BNuXf%R&CI|-w?xxZmtS+;
zw6cXz<BKP?Q8AKSVfE6!<Gu+-Z$;?5>7TeiYhoW-X;ZSMKT|6SIJ2!=TK|sw?gxSW
z^LNfv?JYIwTKmGK39ZTp7LEdaq!d6w4}gzJ#`~jkYuWDzruNc!W!sM!rZ(s=|8rq+
zWa5&I7w6*?)NaRUgv!QsMwmCLY_{^5>gQYh6n-Qn_kxj#$$s-Mz6VhG#0IJ)T-V6V
zO$0b6Uo~2RC~1X>ixnJhaiDYj)11`;Y-g3C@Cgl*G(|7IPJJ2UiKP+E5ZQ4GXGN>Z
z4R#(gw!>hywj2XX3dR0X-@uAno6Evc8C~!dU@LRl+VrZIKvx49<&KgR$!yC4$-m$n
zAWM)&wD1NAC<2jbbMfO!%)Vy?NDXisuN?6Y52WwWVNCA0@0`b=;a9_+bLToZ(7sgS
zAq4t!oVy}y828WIcu<*j1mij3XihkhV^)%ggi<Kw$UT}i0LNb7<4_t|OGBX84{PlZ
zp;Jggubh_<40kFvh(`BN(d|Za<#<VlnVTw5^tse>SCR;BE|aLC5f@B#wO62XNt(0Z
z3jNq=z6fji0xlXT!*1JWeQWMzbrC)bRfaCuY&PDqL$uUx9{4ABTYvvJhrf!`nOkbg
zE*g>t*z?PpZ0ssh&WdL2=T!S(7+G^@VVLJ_EBZA^f6Wg&6FL{{3u(~<@^Ud6=2Fc+
zsa;EH`6*Gt>h8tPrK2O$V1YBrS5nIg=|kNg%W3~!R?tp=n^JWyOe@xp&ZpM>;FRtR
zt5Zc|a4r2FQs7qlotNN!zaO-2R7hdEQ7u@yb7&;ne<y`)uY@<`{wdZA+Gb%{E$Y-u
zC0x}~0zej@!;buNA(%CUxjLS=lh5ACw$ECp5|ul@FL<{e!f-#=9*PSG315<RQue|0
zqC>Y?9kptISWDc#Wuu&Bz$s#Pys<qr9?F6ec)xGS%b~J0gco-$25Rw}_o19_gk=+n
z2*vihyW%;2436K!;hOw;P)g?}{Sv^6XuO1E!3DMKL^WwA<fC>DZ}^KA&cd$9Who^m
zP<U6v_Vez}CN5v_cc!Y5UzwQ`vH^Pe6q+?lAxgIkW#y{L0q)nC3r&I0F$WCA53WM_
zL5gum%6l4|=os}L9=RCrfog{0=kRT}X~gr6RkQSHn^b>ragCD{nA`>5Wy~lR^Bs~M
zScq5PsDhY;Vs7e18vU~v44W*RTH#!>Pqe5cVI^jbcEuE44zce?D7RfxJPt)AeM1l1
zH;-jhm1f|`+k#3-zhCvx$#L}q2*s3|819KqF``hEzQ=rz7Ew>BnbvkzO{sxhvn{01
zTFXrkuhKZLkYcCEf>rs5e+ChdXOnVE%_`BZkaAW}-jw%2K(sfsK;Au&k0>5z<#gF(
zk{y&;$thVaTDMxZsN<?+IJ#O+FXk%L3z~sHK~%>Xh~&p&DU>?(O8Wr}kJ^YlPdjQ<
z7qUe`FSg@eURL5VARcbA|5+J;sK%haTaFSQb~<9J%+w9U6w{(<{uA{aR{>lj<}D4n
zo~6*v%k^X2&e$<H!Kx1mX?08}tSJ1?K*r1DonLIZyJ0^$vbJ+n4yBUfnJ@t*Vg^=t
zsZ<$rG?hfw7PHTmVzs->R%)%C)ZxtpTL|X#@vByMo_nMir}*z%Gt%5Tb^lvhTRopL
z{;7h;EHxc`?WP}xS+WS`{bm!<=A={57^j2#GJAUFe*<Fek~562MSQQIB<eV8SG8K^
z{A7~VM)q|ndMBY=D@!AXe@$E83>aok95^Sl5wv>zLf5uML$MxQ+vOE!oSBhEY<aqT
z-_xpqDHZ^ztF_A$&9sE9dq30_0&LrCqEmy#R#;!k6=C>Ol^f=K#}!~O3y<qxq)pH~
zC3f<UXeYT%QKvP&Q`Qw<I|u{bxFZ|66Uha7R)ZqP!WSA=1IXGJ?eCJS;$<DkdPDrB
zwL&5>ud1`-)<&hM<9gYm;JvC=*?$@4P-AAI-lp9e*rF%6DxydQGfjc{ugr>XDQ3~S
zd8<X;OBMamRV!xk3v=OL#c|OKIG9ALpAeld8O}Zh1kh~>K8ONILgKQR>gKC=gl{oC
zpqS=*>V1Y%gW#i%ukW=5qK&Bdbye3)m|6wD2H4~q4|b0bR-Fj-pCtK?u*=vUegm=D
z3nFJ3zhHUHGf`sI%m%ocX^I;(i(5(LYKCg$$;r`5aw6tF3}0~8+#fCvAHGd?O#<p!
z9}kz0&!bu1xsJrqXnZai<y{m<;N61@pMQ0Ce!BWRy&T=1FOPOj_HN~D>G{1rAEH~c
z7oh&me+k+H=XV;oc6ldT0^}4@y>H_SFB->*-?!KvnBc7@uR*TfZpLD!t8rJI1Sdo*
z>1E*|)034m35lBI+oB#o^7kp^ft$fn792-kROdRgwts>X2EvU1uHXaq#J+G8@a~&0
zEQqRgOkQilGW?spV&eFbS*U={K^o$uF#{h^L03+z!J}5*Kx>-YHz@+$zW+do8jdbE
zUIfFQqgaIndLSF6cAy&AzSjca^Y5A?F7V-Kb<fW6Tns;&=xF_@{o%XjFsh#g`dL>$
zP<sw;pUYzZkti@FvI@X%lCKwP9Xy-GYpMerT|Z!gYVo`qf!o?;P~Zs!Wjp?+`cN?8
zom+DVH~Cy#z`7`@9NhC*g}{i)<bddNYL{5MEgec`bHD6BJhI!>+L_zdgyGD;79sey
zhx^{@-`k-?>-%<#1$*XWH%~kW2aZJmF~kzgc>|uRJ3JW1>|DS+%7RM+U-vF1W|lU2
zW(JwU?kwizZ-SQ%H;bi&KRP)04JMtxql*&yv4C{p_2;!x=$wR58d%5TU^E^?N~1Fu
z#G_0A{8D#!#-$gt{m#7I<<&p%_U6;^_%*KG<)7j#m!pfD7vZw|s8#N}IJ5XJ&T?Tl
zUkaR#zb{l>2ii(kjeQ6^;7lG2Zk0nKn}hs&@$!SPbTL6+-=vy5%9%fcy_B=(yy)Gi
z<oE-?HkSwRx3=QU;+fminV-aBg0e(+ATtGuhXab9!AJ*<{!(O*!Hs07@n5Uu;3QfD
zGvu?Aw5M?4gMv3kPiEUtf$Bu14s1P!%+~p?TUe^v;fm11LAg3$*J#_MpI`TigD=i1
zd;qZ{q2cwL$|y&YhEuVuTl+*Ze*%BK+gW>3v?Tg?@18vaiuOS(us2GZe=&(ATett+
zP&wHeZSGnHeZBz3nR%TXBp&$?EYKsPJL?w=7z79y=r)VDE>|dXNBoGk8DO>@34<mb
z*lc*5gW(xL#Qr}>y2kL#x}ICxwr$&*+ID-_#?-dWncB8(n^W7i@%4GX|NF<evXgyQ
zl9iQ8g^v<Wcq~=k^fj=$_Zts?G0Oi^n#l(`&80Yarx7y|_~tlWyI<ZJB&cHttLY#l
zFfw8bUYiOg;TD|KP?JyGB>m~^EUF58Dy_0k)e#y_KIHn^LCUQ+CRlh0^4?K9!nh_V
zJ<ua0(O{(YA>Zt)<3nQu0JJSrcw0Oh14en-&SH1cMoqm4D&{&0J}u=45=B{LDhgBy
zzXK+wk+2!eI(?RJv^ss&-L&fd)^2N4d<4~QMPt4?6jGn}!S#P%$yhP?DOf+1JFSSi
z)u9K+WGw4IkVLz@L8K5^a*4b_E(`MEpE~C+@?jjqL5{a5asCKZ_?W3j%nX#NkQ{=H
zFXP~oNY)R(TV=+3UD4w`g@v;yl0IR(wI~C+8ALm7w^5q&^P0I*(o$MKQ#RO{UzT;A
zLuG?!kh%4v+GgF3GgCTt?o0yMFi~xvD~q(YSe--0Uco!Fr!~uc8aUB4*n|Sj`2pM5
zqJ^LT<dDueqf;BM0Fo}Cm~0el=&rkUu%#mBtcO;bilQ1j3%5%-KH{>*t7p~W3D3A@
zG$J2_$>==ZO_R;Mu!HK23eEK$7{BSa9i^6-XvK4i6S2cS{E_kWq#F;##Nnk1nK0ty
zlhIxG^oqq_BZA`@uZ^OHXWfD$3qr|3JJ)|&T1@zr$q0>vF@ypJq?5i}a)QMalyFUi
z2v1Tp7N6~;3<80sFy|$NWIQf`eWyuXaE^BtH!<Q=9%RIeEP2y%bD~2)d&dJH7W-SZ
zC45DX1#(9fdKl5IhjqYDB+ert+`Nl$rK+bE>Bi3Sw^huqzUj3O-ZaBt;Sj7b(tYj^
z`Q0OOc~bX(rh{_>k`U3|qj5ixBSSz9#fnY9Q)fg<P;=Qq2xzQ~2^^R1s<8@iWWc#<
z@P3VR*ylX%n%p!MVeIK}koA{pG#yrJTbg4fneT;x>$8Vx3>_3}!BlG-xXWgqNwqQR
z7{B89;ca!6Q^tk4k%RXy)y3rG-e>fg;?C*Aqz<L^LTIiw*OwM*6Pf-ra+1*{S9gg_
zb(~Y!<eUA=`1;|ga9NX%b%5@?E$3D&r(iO<9L_$O-u@vzfMz5vI?@gTqyW3e50;$;
zfuqd>)Y><q=#=MSi^Qdh9mmU6E2|>l*}xE*Isw2Kj@ixwKr_?Z21(qzuNG(Aj2NJ@
zHC*6jm{>%{{`W?^2<V`}hn16n_txC|&{xleFV5Jb^v7|{KyOur4b7%*kiDoddqw2%
ze=yq)Zmy4C`-hwL^G=%Pcd%Ho^abo<r90$}-*~3;>1A~MVmFk~;53>_sEJS*+Cb#p
zocaHTpBK+(`<v6gl#@`AKsgGIez4<|IEX>iI6a3bKa)Q^&n`F$<^59d$X>%B#(S^G
z2ny)s8Q~6Fz?eETeI8eIu7Q~b@NI%ub@wg>&R&K}97%<tw~di>ifsOQ9&)Tn3|H*!
z3LTLV4pWz}a`yves`-ljel9`t;y!2umi%X#(K@Rcpwr2sA+LT3cI@}HrY=imt?Q-M
zGgGFhZv?NVLmMUVVLQI9u=g&=UtU#<>So2rnoIb<I`~76&^$e~Y%Rf0zPW9WVq#KF
z{zqazhiG%#L_?334`@0>on;s(MnbyjvFiX5+s&8DtYX_|w6iTF+O~El>m_|V8YdZy
z-X_!FOy9=Btq=W4gajhtYoI{8M*tIi8YsvLZNlC9t+-P?`?Dah!}k`fiU;Re^ODK}
zxSN9tnGrO`@~n`Z%-~T6L0=qQELJM`7VX%RF%7Ks+=oMSR~Xi?qB%OMPs<y~<L#4-
zKfLb#ImbfuA)4Yv%%oaFi<%RBMi-CPuDmWg&eHp?)?g}#zQ~&C=R<3c3%YTvFh4ip
z;+vLU1)?h!HV|D}1*T}1?nXy~HNi(A+A_@4QAoT!x8pjdX1{|2&|TqG9v5gq42uoh
z{VEASEa43zCZpwK2gqJzCyqg)_4nVbLSm+cenpw@!j%2qQl;@k|2E6Hp8iQ_CqIrC
z5yAMN3MiCB8(m2M{o(+PoJ7}!drBP%n{8%!&qUVmC*kdoVls6P?*-|NAID)0&as?C
zh%?sKj8)k6Mz-z<OKPkwq}^%X4>&)A9r}9P+G$_vWBduIj(!&zi)+Yg9fkB{RoGT}
zG=`makZN9&Ry(=sdS2a@FZ83<*$#40_sNsZ=1tGg6FmU9r-s<~<cuo<!q)c7h3g(R
z;!~9P<vgssuR9d7AR<sx1|p1eX(@iS*;C9+y2APE9Nlp_DfD!N=U%Gw6g=HAhqU+a
zr`M~0H9dM?HCZvch8^$6Xdn~O83TR$6;VagHK`Gu=b;MJ3jnjRxR1PxF%ZocClFpN
zjM}bRHVtz5<+?u$%GD*ti+lW@Zhy0r!SFB{J=qL18@UTwO<VOv8@NQP-J;JTDJ+-)
z9W1;m6qfx`Y;S80W_zT;lf?+b_AX2=IBtCZniE>`Ys&UL0qLBkIwLn(yzpBn0>`3Z
zJKjNz{9!hiaO-ZQK^?uH!}$2eMxlfN{v@bH8h|hR_CJ0B|J4Cq^F0gTb}g?q#*&F%
z#gT9b1UlTaA~vg9_$P$rp&jl^zTbQ3E1Re|t7_*V37g1yt}!8dz5x5u%`*#oh1pj<
zr4I7O=b*JJN?GZ0a4Sj}%u>C8HGCGU77C5AzEQi~AJZ$glY_cWQvJ{LRC><f(*Nib
z+dCE8VLPL^`@j!-eA|XyPSGg^Z7`Vd`+rXr1e_l5n8o5UMLrnzfmD5jyPCIYFN^ON
zxyB0Zk<d-vgc=-Ya<V^ZL>^KIw6l=rLhA`ocdsg-nOEsE?^Bpz&VJ}joH}FsF|c*9
zR`umRfIc9s1n&zZ7v580$Y^Foz=%Jg$l~nGDv(4#n=x^>R9SS0u{D}ZS;U4~%1=*v
zW%A}^a9*Lw2ZAA_+MLf38I9X6Cew!7%u%7>RFhK&M7>x*Q9g=Gz(JhP?t+O5J7x^D
z_IVZ@s+%RYgp$Sh`tf9=+&|EL<1Qr3N5{Y;je$%wi@VHnO^~6<0VKF)(|0L)*`(8>
z35G-G3Aw9Tv<n6$8Q`gz!dZAZ@fP~kMC9&YR=P$&2*&)fac3#t-N?nwSG+bv6hO?-
zhs{U80PL9K15;gnn)i^~*@l&-S=;Et+9F<pOv|4AsfF6Tn)wdE0Cc8h;sH%-r<6^j
zN_O#&{r<+(=q+Y|_PXmiwy|~<db)Z=Z=+K)-@Raa+BRh>r&nF6y64mwq7Ha@NU8d{
zg<@61ELIo>t?oNF{l$oIqr<rkgn3>-+Mm&4rl!kz_#U?&$9pg%$XC|24C;&W;1Kzv
z?tJ<QpEv2R%+Hj-=2EAho>4qDlp!pkv=`k=Upf~5L~(E^bfdJE4Ze&vFu02Nla^zy
zbTusUA|2B(YJ7Yk%liorPgmcN5FtE2STTmC1-FGV`)(haCRf|~8>yQWpc)DoKhK^b
zP`Xx|ISi<3Y<5MyVEmDQ!sG~Kgyy0YhPRv)ELR&g<lpiZQ0XhHl>*RW{q!}A5Pe=3
zA&?b+o1`*55Y<nXk_!WL77tv?-X`tqswz`>yAP6+8oj|Br0}0{0u?UNcT_rna-3j)
zwl7MA4#;)>2)}rhKLjQbHp3o3CzL$R5h*lA4vBnnKI@u}-*NROt+3z{D}bCth$9v}
zjro6+RHAgX!ABdOHT2{T6bL?2f_Xv3{R$!L(y)uc=?Iq)18`Qu`@w=}cSd6M7Sa`?
z>?m6-y4ak|tIEEQ!UvF>4v5vYW%gz(#nTZkQ*lnnGV}jQVj=n`g7whNB8ox~aAlbL
ztUJK!Xe)V687EqVun1mc$To`|-xFHI2SL5o?_I8X23!&^L_2tfm&6AeGMDVI7X@sL
z=6b#rXwG2P`7jYKU<@M*fMS0Q2!DD!hxe-b%e%0YC+nf+l7YL3wiQ<9y?2ooQl=W9
zS_NXg21~yAv=v|e%4(}1x%6YwNY(#LT4=@3Ev-x+PxHggD~BmOi%%$LZyUdoT(Ua-
zZ1pcE2X&hiTKez36;d+?S6rg@FYoj(*GZOS#QXm1g~?zn%gEpB>v=hb$O~>3lCE}a
z!9=UQ@-{T0!v>g>(_Uv`BgfV9-4RILT}+~A2>$Zz>hkq-c}DkLV@XW=*h#X@hsR33
z!XBszFH7D*W~zz%ApQg)7!u@fu<etrjh_jsad2;!mr{nKo~7LPVv`nO`sEE`Feva#
zkQWQlO%VlNo*l`fG3ElYJJ8^pLEs&73CRz#r`(MhByh<nnq}aa92sABEoaCw2Wb(E
zal?OW$a28J+ru;+jKqo<T#G45k^<amDryeum{MwwvF^`AF0tRj5KUaEj|aO;zd5rG
z@2Ve&D1dx<QiW((B}uh$@HZLdj>SFth65MBVW%(!1sKb;G|5+@360H88-Ru`5vO;H
zrolir&apty81SzVB6TN}WIJGZ@D3BbmuOxjU>8ulo)b$=3Zk_w*9AO|&g6!H#BvBh
zESZdvJA6Pxay^@1L?R4(E5i(bakiFb%Z@4qzayCJ{x+EebP80EgB^Y2c;`B#A6w}c
zC?+D;7e{qa!zuA3SsVuO+RIaavw|~j*t-{x@rq5Q1k(6WmXx*!kN4(ylz!ar_bfHL
zWY!Q;CZhvB>?ww2ZN5uh)xa6;q7Si-`jgh&cNkax_YVf>DO{zg!bYp1F)%HI0QgO!
zUH<zA54W${-nZT?lLxs^x}X2&6Ykb-;9G0-H_IC&RnUhMgbunJZv`@t=gbClD}VLf
z?*{CEn@LvI_;G60!~wZQI8s(EEj=s@sW1D6Roo$ZQLZHUr2(9W8DerB{`Z^CKg`Mj
z2g|V?3*w=II%ruiv8c)KQ6?tm{)w^?iWYhiz%6D_^ct1wAITAHZM;34Z~@g+kIIAA
z2jV|Z+?g3CN_0qS9AYfte0`%N%yeO82VS+PRDN{CZX`7yz4ff~pkPG#%(%tO(rCHi
zVAX-`>E|o?ARz#8;!Q(%kML`yEf~=UW+H#zZ`Yt}qbje^Phbh~)yD<%_ewR`;B$AR
z>MN1D)(*~K>#v=4)c&R)dy(k=XRlptg_T5A*kBnn2Bd0`T^^HQYq{z~gWjelv5$R_
z*3{@-W>DS#o+S|7rE!?x3T<kl>Q18SiR<*HsoF#Sbzxe_XYdh&3?1*Es`B5YU*l21
zZRIJijEHE*$}$-#AIQ4DWH+7U$zc4qLXGnX*%n<6!+cgi&ZLEPoqcPtHUG_#4;(}t
zb6veeT1@h5+$4h4j$a@&!y!gJw_fIlBu~JFZ73Fu+Qw4%HV}9~WB_P;mD*e2%mxQ(
zZ9uBg2ksTqB<Z5FWP~E=#&;sZRzWFD=q!WP0Ya76Yt3`cMdTREk|$Y`x<H>dl+~j0
ztx&)FYKS7KL^<1vP5%ZV-N0zc?ZV?O>+EPkMgZo@GU&h5X}v`2S*Dx$g|#N$duY>}
zlHYuHDqV(Xq*{O)e~|Yq4N#RRMC0-iU5BW4hV=bNh!s8lC}6m$`Fh1!thu}*zRD`V
z<`84a7RL~aR7E$)pgQhiBVQ$7qe-X{YHs}HP6)XwSbHSpJmb+aphDbh)_?gJn&b6?
z;3V;JN*}Hjg?uiQmd1xqNW-jJCa%CFhhRwsPx%O@GD^PD|23BR_Lm(J=ffQrMGu&E
zx5;9^K|C(-4HZXLIFSPZp}g%tgSkC&4ayycqGvCAa<)7!SBHP$Fq1P@bW9>@^lc^i
z*KrafU^1B2VGJEv6454>!&FQOfY*ghKhSJmIWl*wbV6UJ943eaL4k{dFw|3wfrhIS
z%bp#pl41Ofq&XjTYw3-l(*y#_O9EHfuBlvog$SA<2>%=sK!5o?jkUsZ=GEW3j5bKN
z2?B~50t;8!+lzn$s*~1mV6)t${Uyi(WwXjfzz){zGLlUSrmh1Xuml4|*W&KD@S`?t
z@2_(6Lz(^;wy<~DZ+IF~Qdpx69E1$_v&;xfmd^TUxBY45b!iAb)HMI_lPgq@V{y1g
z$C%P6oW&U;$m&tX@B6M?x%j)Q+S?-}plhqMFXzkg?x%Ce>lx}Q-cZBg7TQ<(+iYup
z_H6^LipS_$6Ff+YTv|$DOfx}KlASpgnHc+fsu5!TpItQyJqH}6bFxUwB-<Y`+9L~-
z-wd1e7t`cc@VqSy@#)o~GEX8v5wP`Qcu@)`UK5DkaC#7(dd6<d1zf8x8{k-XvcNXJ
zHeRolCMh0T0R9=4FtDDs*y>)%mpCrqwahlhh4v(tj*qRDl38_*KHCVDYToLx0c~)C
zQR&?;;s@lG8R&bx)1C;SVjKC!0Uvbzspz~2w4-Pd_Y)sv%IMQP)>14WW3+G{r#mtD
z%Y)q0u2vZfEL3?{2^sDE2*-~;1?)YeBlt-N;Q<Kn-R<3Qtv;2GWPudiG6+8nSkg`a
z2$6NvHFeV`aQwZ~XgAPk(dRa{zpjLj0?@%<lG;KYp!gpgCxiiXAPgFR?v#p0Qex|V
z&%*-dv?@fv4$}7D^?_&^ga|Feg0V1y-Tgl$VU$py|L}UPR^K6TsV$^ru*Ne$2n9q-
z5Ctr8Ozkt2q~~4Vz|Z^*nA9B*D3h6D;|OgI@PLggTAEBea}}W|`m;n`@z=hG>!r~A
z1<!<YGIdscMvQtb;6k+!C%kyS0LTd{caRe%S!Vd#??3uFO0c|Y9~C(m$FAE1Y;ma1
zF?LYEl7=ao^vUD?DP1579KJ&Zte~VoXkYLM5i1x&S1lfw3bTjAPUw;Z(HY|`snMic
z<g$Sj6Z*-9&$kDKqRvY(TI<OH^a02%*6N|0D>Ng`ZPcZ}C|pxC*a?bo<1DdNw~dX}
zgB#8{L2|!9io@u@>xYv3J~VCGe$wq?128Xms*T_%R>DfVC=_~96H6y=_WwB4^D6t`
z8v^2F0i6;JKC`{np@(LplweT~UINco$dRg{e{af{v7mDkSj4?QesgNr>}gexthHNC
z_6Nw2h2K!x30(kU!TUalqY@#KC>&&?cR9&PCwgmpjDYWyDSiYI`(!9m1Tp~LP?!ck
zgG9pC-mMkVc<Jzl8HNb(-v?z%3YYzN?^sq2>N`2$Uu_g$8V24n<=2ScnQ4JfA$|-$
zvHNoTU+fD0L+kxvpnao-z<xCJ3L@fs>!vkaMEV`MUGuW&{$2$lWM^pq@A4VeG((~|
zV078cbswg)Hu|QbdQ4Q=x-OCxm#Gw$M8t7_g+=z4QwRa0LOqz>_|=nkU>c&qg5jjl
z!u^e@rWa+dFr&${#n4ZsRmb>6a;!MY1;q_1L=hu#t&6qJWmq=)Rcc|VrU~VNjmQ!|
zb8a8t2XY8tpDSoem|mGxlq2*F-6KHbl&L%FGFy_aQmPIXw5XKGf;J3bqfIvCp!1p3
z%r@uRHj#$Ch||5ToyGU-<ww*H8DmA8OzXXPgSgQ8-CNvPS)0uEM;5>|fbS0#Bd|C8
z8I8nYfJGK6w7nQWPUqCKHNeb%#Bv?R+l0))#vDXXNirFR9Hg*3^7ItDujfms=}MGd
z?RvGwQR2O!5VXf$p8U|Hm+Ss3c#j=p;vwcU&;7pSsavu0zu+3u`3Wwnt-l}zg*v(J
zKLxivbgC`k0{5Tb`cUkQxu*UFu}+UWR}gyHe6`{neEGM+u)_>^{Sa<l&$k7n(fs2=
zG>Z|lO{RvAJe(c&AU3|^XpYz|EidB;Esf)145;ABEYRL-<c#GbxULJO3ii`4DPF&F
z(25TcmXM)14R~sd!nv`#Ks;#sXRpiG*?lfqM?syoiuPGRa*+2qOjcHxz?Y=JWZl>J
zh^g)#rK;7hO2)>GD0B=Z%x^@|F_1`&SkQOWityEq){!Oxg^;K}LbF3!SSu-(>ggN5
z4(j0G#?O+9@Z0cVhX;2`@gj3xkXo~9@;tV?=5i9k;8mUaJr{@&Zp3{T%efD#Y{JJs
zkd1u#ccVe0j3qlpZ}NHvi#+qHBV4W_Zg?BP`nt>ZaS;M+By-jrdtZq3F^%kVxR2T#
z?w9w%cNcntHzOqsjet=JkY!hNy~8Z75GgV-k)Oa(|MO&~-5*a5g#MQ-|KrINKc1Xk
z>ko~HL-FIu2au@Mj?_FXh7PM(1nf+$|9LXgiZ(c0GmIgVx#5kuolqCk&T-!A^+X8d
z!np#pVHF4gnR~6v?;FF`PJr1Zn6Y6f6a>3YbwoTE4)x*Hkxj={3&Dk%>$uf;nTHK`
zcqH+eS{2o^j@1GC^X&D59oU4)!5UU_EvPp?a;l@=htg7~eN>-2+kk5LD4Z7`p-KRh
z3V*@@*m*u7n9CdUD!*v2gMh5Rk<Rx~-IHIiUmX+McmUyXXZdZ{329e%(blf$oT#U}
zu+KnPx!(^T;vy5viNqO4c`%Qhq=cB?n@lQG;=#D8Ysb~F7ui3LJ1+p3Ep<;J)%S**
z4&ok?{zB0T&iE24q7yJh#wTO1t|M+m9C2`5gvhkrV;G8}nSf0H9|=N1Ar}T6lTDw)
zn=yuWsr^?Y7fs8krV7K=$$(qQ?omX{{>*I`YJcbIl)0byNh;EIc=d339kN_v5KY6g
z83={EuQS`LNBD7>DjQKG(@UQrDVNs8pYc4=l^RF`YbF78Ke67Ma8@oqyoBE)__g<c
z@yKO@4+rnpGS`AXC4?y7OV;lvF8CcNkl$HM6KIBeR9>$IN#x2kD6cPwkFu}URR}@3
zu-SU@;Y%Tz9Gzfq+#19d4o)|1_qLntfPo2-!8WwLb!;vXL9#JHpTU6{fBXXJ=0Csi
z|JNBH*$xgy2ZM>^@N<$4tdqff3=w4OY0t}~^`<_6-%8j0JeL2LZfh3|rX6Oh!*uHn
z`$q2WL8~&clK}%&roOi{nKfoEQ$YV^0cgmKxCk-_vUO%}Xr34~0XeP$Ti|XpjP(Z7
zi2Q|2g2k`CstC;B0^}TZ%aYqwd^fm{Q|pI24yM2|#1N+I(Hqo@4agmSzCW?r=z`fm
zp#@CVa1>9%LQ)4pbF9T1m{J;{DtDf)DC&ttsw`G$nS0yWWLf!ohP<h}4@L-}AM$i%
zOck(!x)Qwty58<S9*zSae-P;w!d{PLBfrBPc#EkZE^GN7{6e9PQw>77arVhGutg0E
zx+O1B{%VB+bAn>N;p{{*@xy8k?ivHc`%gi>*O0y~8B-(I-v@e*6gqu&4P@SXSihR0
z-?DFN*hA>0T6%kafbciXO-;~n&+;MN>#jk@_{*<QFM8bBg5j?JUa!F}o(hK=`2erO
zXfM59+mldG`?ldf!LT?RNBRs;Df<4>c;{#<m_`O!1q0nC#^!ZalvXj27khU{KiiLP
zLS}jw-W2}f6cqN<$x5MclBysK?V(?4*-`wo)aFwd4N9FbS*}My6pSF`gu#7Ps)x#n
ziY|qmR;9GXh-I59#|x1=MgzEyT4i11NeWm$grt7nwqjd>n0MCwpd@h#hbeavo7IkU
zUz2wV*^RHicnL!o_RKIsoe0~*N<%JxtH~`!Dwd2Fn+9jC=U%LKsVIa-G&|x=DQ%$Q
zhKHw<J7Ov?BziNEPLgz{v+Dwk);EkyNby>4`LXDA8|xm6KgeK4xsZXeSE1ZX41Q+z
z1pOPprH7kq98#YW&i>b<oY+TH#I7_k$jcJJNcA^QC()*mm`m>qq}Cm?>4LmC!?k;?
zGwp|OJof#E#MOv*gzRMbvZ%CvHrH;hyW;^C5KB2omWysTb6tRECnEC}Uf`sFsEhwC
z{#=-lBcyEfN*oTgPrhCdXC?~ksy-=~dFD_5v&84lpLmAbxwk}^e;xeHL$=i1{5Gq!
zL2%Joe|Z)2tgZ2zw;+3>^cwn6S7kEwH|(Mc8iV2t$RnS{qO;y~BH>xv(B;*r|BNZX
zbFue$8Q&|m*W3;LW|iK5rW3UTYk+v%gup4@0Pc9)qpjB5^Of48Ql~c?%*!<n;R&q*
z_cIg#X)@ysKgl^qnj`Y%v-eiJoQ?5nGxF*6)5(Jt`$H`9M+DrD{iBeP(-`;W#&ylv
zoiES?Mof(<Q|#WDs?<9%RC>2Ak#<jf!QZm-rNm@R!56CB%(#VHq>7m+4KFfj*2)_x
z<sa{c1X6<RuM{-SH?TIwnsEdDtdFj{xZn)0Od-vpRA%?JjZy0{X4G4jfBq7z6cR#(
zzd~an%H*_I_V+6Gd3dUP*h?wvD%q_T{$e~r!yxmmnH4ktJVxf0@UIX?vVa#e<NND;
z0&EE919=~LC5(KoG=bx8mO-)(MHp4BrE@Hl1r^OJ9jW<?UEhJ6Q4MTSV;Tc1gqZPs
z)mLU|UV)-2NVGG-dW9An!)SWk5fhuqd^j%i<LeOglHoT3PE$5nKa(AlB{3>l$Gm25
zHvG$HYP6%O=!*C{c@WH%08Sv+%)JmUszJoLji#{N)T<vp2>-$8-&43X4TsZEV4eaa
z_kOyyCC{#2jW{TSONMSwm*=pWX;`)QevPyzKXY#v>_`6H3hVLvM7w~R$bRr{?VSq9
zn40PdEvLzzh9&m9QKDtj0nbIG^Pfu&MY67{2QjWvg9&Fh4}Zkd-Uo&4vwnjF#dv$h
zgsq#V7koAKUK(pS5*Mj#8vjUxM5voTTLuM43X89#W4s9amnr#AIBT(s#D~tvfN)0l
zRgS+X1Dv1IwbhLR(&`y&d_{zgH`6rg(F7d2xvzpiXZB)RZ-P={6x}r{k#`F!`_DN^
zz`@N2>U8$HXXD%UqAslLx!u$Qy2>Y&JG9wTwY?4Zoe|gvdb`{<p=YHl{TBvxvC6>j
z(iT?S89Z?j?8Z$v8q|n8JK%6)A(Wz8^rAxLU?C|3pb4=bXs38gk)+43N&WTunj>Po
zN3OtF<k0w~{`SJuVsb=`z#Eg)?ge`jj94?L&3<E`zV=L9Xu#P^;pss%$^vG=j&PV_
zc$Af%N}&ctIGLhR8pV?cp43@VxZ_2V)NM*-U6Q4}7+?)|q-jhCCZ*SRx_8BD8KWmP
zpM$U+G!9ln*<6Rx|K$I9OMfTLy^Mtii<!7kal!^;z|~}tr7$yUL0TNbp<X;%XS%WD
z5R%QAFB;B1RT1Ri`4tRqkeheUpN*#w2C9Km1p+BRfR}DEfAMZqRnLjXC3?4xiqP5l
z-LcmzQ+5prssB7re2T$UOQpNh3y$DD%5}4rNj`D{LVMLd67s@;-wTlNZuzf(;ayRI
zv~3meauogIiv#B?&M4QO+NE2|*>#t^p+?`U58}nz&F4`23;^kI{As~mL_Zb_j0$%%
z>LwwAyl?iZs|!p__r$KhIQyS^*4kh7vY9z!hcb-vpl`JXK~DEf^`#nFlU3ztW}GGW
zbn}`nF$f6pqz*`<s{pFNg6U%(ESp5tuzMfZsIIRhTBtwLu=Kz_pXS-v)$y|`k<o~G
zaRQr*Eo)M-3M?iIZlJA0IO84RjSK5>nIO;RsVX^k`K?-)F98l}8|_y68f*46=v`|e
zJ*&qZ&e1gfyh1w-s9tBRZ~{9BC)9K%^gnu01GTH8he#ovnD38G3OWz$hvgdB2QtNB
zqtu>Fr`3R&70zkOP`O(W-HGF|+DhUt9v3Ex06>1(1)IYNh&p~df;nP#6h_l(SyW?N
z;r%es0xEJ^l6nhQSpjus!)z4qiMnyglW;p0Z*537aX%iD-3u$r(BbInZfn@U=$!4j
zjztQt3p#x?v(Vu0{DdZE41Q#YA=Mn94r*<Xa9+sh*<n;d%P?f9Jmqt%WTY~G%Q&dw
zDu(VwwP(nM=?R<nK+FFkI^FdrqWc=H^)Y|SF2(3SfVbJ-5)r3Z??1r1VCOEw&$8&c
z>Q2CJ)$t$TwbIcESzCr#<S<{vQ1VAq;jIl;nw%K2U9eVwHf{oGA>U|r{oPu1^FjzC
z8*4L9HZA1ekA?X;sJ=_&EbhQO$Nwgwl6qysg(;|skItb_Gk~RmE*X&fLdl{aPIgo=
zgZfm7BTAd|+cHJer|y&X>-Au}4@6EyBJIm6@JKtC_Dc)Wojg#=MxzVqg(miwQ|F$K
zr`x#IPu|bP=+r(l7oV8nR&6<nl0*h+w=bp5T9QH(cUrkOXll(e8Y=&=Cz=U&60WJs
zT>C-l7Z0z&AL#Ka4UsM2(4uT%f!n$wH$ZC|Bif0%dmw?HlR0?%Y5*@-iGIe)H<Rwu
z)W!-YQKafDp9?ru>;UnNl}mgB$DvM3Pc0RdadW!FLWxL?JVCx4a%3BA3@<>s`U0~~
zlIje8V8qIVg{8&9#(GZubuKx{d#1~>ckcVUtByF{MAW~Eq<sxa>SNRffYO>|)4O`I
z&|NrasMvKl5VD%{ch>Xh22#yd>{Uz#;&(iF>wa6aoLN=)?sy3c9GGh0FqJXU_&m$d
zKIn=_dN^GdwCc~c`zbwj9R>%rah8oJCJKUm2|u)0)GQ*EPMMif(r1ANJ@e9}pV@!W
z*$5zHZMy#Nh1{7-`2b!*<SShrZ~CfBM7QiT?&lER|6p(H{eOvl*1yiHAJ}{K1AAMY
ze@?Pp{SWrKZM~)Xm_R+$C-7T=d7j7O^Mk~sJnBBL>ke*$>Fe%H+F)kBaxmd7+)UQ8
z3cQQPzTfvHElDf)HP1U7C*=-Dum@F5_(!DKM%^<R%TjoD(7sg^N_4I}JI7dKZnW|I
zfpT?sS-%)Z)=4Oz2v#UXpHOV4X^2a<+&D2xmeI@y6Ez$r+?);LAQ$?+e2a`}J!U~9
zrUF=L3tJRQ4Ev2nvc188Gd>l7V9L(a+b;MxXr9tcJ`NbY-#Nx*SaeXnvb?7)jwC~b
zyPOIP!x9;H4{!7d{XKsC70N2Mae<q2`td#(_)e0!!&L)g7?6e#MiKE3F9!6NCf=zm
zXcAFEw{2hN04nM(5oNdlIz;5p-1Lso17*zS)>pYRr4sz_ev$*2&|ERe#N#!wz{Jid
z8M=l|;v;ntwg$n4QmB0}#l*I~(L2yciXBhXlfMtHzt+ZgyB<zcyAZfXterk2N+%jT
zRSvruq<Jzk*xW2IsP*BCoAJpd<(^`#B0v&E<c#@@l%lCOtgP@Lo0%6^UZ;*>hZBf=
z?a~1!S(=FC1&r;3F@`p>Y;9=W4G+#`oTchQXi&CFb4_1+`}DMrrsW#j%oJav@Qp~X
z8LiDrIn263OzkIwjOsx+gQ&Z?f^`&&-j%bVWsGu6-01T7P&ONcd38Xt_za|2&_obH
zg!rQ6_NK18TF>dz*250RMweW#WcT1EDCMrJQ-_!MygxfYKzom_Br5uT^xk+zemg*F
zxR}fHAVT-<1++DOO-;e}G3b9DW0DVhdpsUZRK(f!CX8DnSuiz@(!$D966$~A!;pl9
z5O&;XW<%WQME2T$*Vm|3RPU_ED=w-_O|hH?xz^0H{oRb+s$8b=ED*3b=@MR8%(ztV
zF>8bj(jFlLv0e)FDM2aqYVA8M8L2;nzldi<mZ>C2sv@==JQXvL{X=^R%F(c3rFt`y
zlQ>9ES^5uC+{Z5HC7kxy?L+^ORyc1f5p15ZJZ3nMGse@lFQb&(d2y|2I#8oZ8ZcL(
z-9TGj{_z?o`27L-J8@5O_C?O0`JK(RaIpgwR5M_EDS?jgr>Ta3xUnKpcXZgqSo0M<
zqv$QHxPCyUwlD!3g8a5exzKLDIJm%Q&|SKDV`g}NZJ#%sSFm8^6Z8?}WltFz0e3BD
zewU@D*%b2Kd6}RrcHJht6T7Xti#_U<I`*ZL@~{1oVBY6B$xje$ZW2yHRiPlz545Kj
zVJJsT4jY%?#&L51g{dj&+P+SyT`+LrZargs9XR?Z<6HgO#VQEH=gr54SHLGy1b5U1
z5fSk)%yacIw8l|hUlg^JC_7WIW4p`(ydAg$>>KrRP}g&^(2Y=g$|*|C`qHVxz&`a{
zu~CiD?NJ+&U_s&KAN^6(#U3vme30@L6HS1iA+SNpwV0n0uWo`{+!>9^V-4$BjRx=G
zS>l_|n;xQHT1>yXYDYf%ltddwb3Sf!en+V^R<s=LVgyyE#X0fox@XZw?wp$HzjN2B
zRfd1f=bWEI{g`wgDdIhQ27vSuhL3m62h1m{L#uKZ>qCl8)FIlhc^uxk;Mj^R2H)Cf
z*8-Iy@->S_Lt`2rz2vF#{+Uwau2s}QLYF6u<@UpVy_V^VX;K4^Fz*Mw$Ug}F`)2}@
z5cXE=CI&C(ppJZ8!Zh}_T(ADNB&5Gm%QeQQ#@viW{``wbY!}J=c<{6|UE)z)cC-EG
zb-&#X56X3*GbRJ-c2`Vs-WtMVTdg1j0ug$m!#^QWw+2#|GPT1LDWxNg0~Udz=1bO)
z;(N=bPm`;p@BhV$wL|MWa=Tp{mQc}WAmQ%^*rBhNK_b})1-B(Jnx|`67r=9-f()dK
zrmrtZf1|<yY=I#0cx|{6Zp|;OOhMEr5us-Y@RFXU4Qe~0|JD4oha%epr|ZN>L7yxI
zu!_4dwL2oxcZ%e0r<_BkJE7APggW8KV|hqP$+?~QJ)mwN=$f}09+`wNIo4~sbJ9(;
zMSo`T%nKKW4zRmq&SV`s3SaSO#z6x!BnsUOOT{61C_u+-y0-LnfT~=p>+pBY*`|Aj
zwOF?^TP#hj<<8kZu0Po3tUp~Vx2vGwa$ZO4OTHqc;vy!ZNWI*30pCkr3ykShS{yWD
zzE8?^!mP(_Pvj})+cgPV{GQ6zuX)b!9I$!#jnoU*HT<69J5kEcYbLm@K9Z_0F;Mle
zPHt=elu@N$v$brUVy0)`7!$c=y$i;6zUf-A0O_$j*>VZB|At*fAU>1U_z#S_+{j6#
zrV$b!pQ}0#*S6IVjs}7*p?sBHj`X-LwdJ!iK)zFZ{!F-PtK!~Dw1%TXt;=Y!-5q<+
zbH;|<qrvjYGe)|*DiwklJBDN5KDFvh8!%hOY0XokX2i%5le$$UG;prhuwB*E{^(ou
z$3A0*RF$M)^Yg#YyzUK&eAa=_(x_;ab{FT|A;@*Z8TNO>?Lw%z@m}|ph#$okA;Grg
z%s-aV-n4dZU2H1n;e>=}Y+nxSTG@Zgg%MHNwrFneQtz%(??(Ry6;6+KodC5oop=w@
z?^)l2?^?JZg1qQeMAVk+Qn6=y%ku3R@@n$d@vYj)Hh{hwv*-W`uE+h38w94DE*!j7
z*ZCP~<~p>`=FJK=-$3$%t(n0q#uE+}cbHgvHu7j{dL?pS2xn;CTmI7uuc0)E>a>jO
z$Y_S|$jkAzUF#D2I*j`it=v$dc8*@PY+;$=ROE5TLD9yp9u<+o66pr~O>hDnE-o<2
zvCp{xEs2W-%Srtl(oZIBPh^iR>p$@)5Q1;MsIX+j-=b@Nr%IcVTl5j#K~3a?s8)1R
za74Dehmk2}b7SlA64S`{{q>1LIB9W2(h(F_`-39?W&QA5TJa-hhOF<Ax}P&}XR$9&
zcz+$`NkD$*Sp`YU2s5Sd^HvH+U-yZ!@$Y9Z=*-zdpqe@2M`;K+b^EF1qgWKD2o`h>
zG+@ln85Q)6#I;2VR(XJVJEM|9LTy-^`mg4M)!s3*71H#T5et;^R%=!Ur;;i(CyZK|
zMVW;Oe?>ye*NHL>?Gt-!DN%xp1Ss|26-BwhtlQG_m}YIKrZNe(q!^_A-$85X3*W{s
z&}A%xU28I({yI2#eAtW!e@cHD*s(j2F%|02<7_I&NFX5HC#J8to`!CBY`1!dXiO%0
zyGxbhv|{F)R=@n|0>r)}5pK}`4KEjn<r`E`u+w2@HvUm=fx`HEsCkn^?DT!C{*LY<
zmsVJ4R2069i%T9TsIcc%0NOKDbs(;5I&j@EDsK?Kj5S75(gTYP{3$!wmPpDGYXvot
zlkXZD3GFdZf5`hmUFPc#8!|Ps51A3pch?8?M*61BmMt)ngo*A)0E6b9oS$6#0HF3M
z>ZuAr6iATJ;xIFwons7H=?x*pvcCOwH88{0dt(NK!u`$a82c>~X5G1Zg$SW@29zBz
z>C92XKuKho_p^u<OwT8GAF_SRrcpafo*{AOL;bU!>P_9I;YUTj07XafRb`AmDua$!
zIXTol9f{8vmqiQHX7c5!;==Sj#>3CVJzyg+pc6No8nxWerc}`g7Q8U(?-Jt1a}05s
z8&DZ=+My_y{D$R9&|&(O=%3F3Dq$E2?+HEu2^}cLB2^4DrPImIvV9q@yPh-j2R7Q7
zmIL)I>%V1}BalJet0%7dS5NPNgRdRd1@Q$aFi%Xo4oJFE6=8hXvnlPSxgCYB!vkzd
zcPBLBs%sGDo*9{kPFXXG{%a+^a4nS5Un@aLNsND>%gP3&mNA|c)C${}X#TE@f0aGt
zqxEEqmC?x`XW==bD&b2(5Y0HU83wXq)Bn<HYICDN(w`=Ua5$DPd_<-d=Cw43WpE?0
ze@XqrS2ZB2x_R}Z&3|&f5wNc1v-Nb6`<0Yx^w%m~fK09>gyx%!v6S=e@~QU(2FUCT
z^6CXqH4yfr#fb=3kBF12ZO#gFW)Nmtzjsb!LW3Ef*Ju?~HwKmVT}*iow2?LUiIrK&
z(y>D0x`|fLxr*CYYNR)&mIoEXdaqF59R&)O-LY;#T&rv0%I!7pB0(21i2XT>LWU?M
zy4+ML>@2=Vv$#@ZvspPXkBi$RsZkSl&t=zk8b@13eB>pyN&{gR=ym7KC>RWBZ4YFx
z8B#KT;{4{F!ak$Qv#3bXPP2R#=4|6SFHsMl6UFGeR6s%W?&J{;PK_CAqUQq>V#j4D
zJy_DWkXDW@6v>hQ%P9xSs~aMwOMbJI{atO7O|fK=-Ku@gg6%=QVU0lb+^j_B(%xv+
zofc9zT&nOSJXv~|b(IvaJ~)qbv+MZA)(zza`ox_w^q$~#TwT|^Y(>gMBWF!%6-*|t
z$PK4Utiu|sS;d0P6J^K%NkRh!N@*oZ#&kl~zUYzh%RA7*!xAJ!mHg%5{9nWKb&oH)
zn3&v)^C=vIm53o4p$aavb%_+zF@vcQj}sxoOK<v`aCpwaOl|*E8P2!Wb#pGW4458P
z|4FFk0;3v1!jrIcrHaIJlrS+JVStD#0hf1A?D+Elvb574GMCu*pPg{O`7b_x(=xqq
zMK{$3n)usGX^4Bicv?r!I7Nx#^FZb<qcP!x@K+E;8MGKaPmvzTIy+_)&bCJ^{?Z7L
zKPwxp#}=v2pf~-5VnQ|u-(aEm;Eno(t>ynFC5jf@od)m2F`koP?slmwg5SIgU#$*_
z20c8ylA*4J9Ig(%&XmYL#DRWS8ug9d9Tw~Pi`Dc%$GCzbEC&492!4%RkZ2LKaHF;L
zQLIpXl;~JqjDh*<>FR0LHMbx1LmncMhs6y}=EL`DEfB(oEl%Y#SdL0aT>&@BK6rpg
zPjf4XH>LLA+!($^>FK9%qZ-u{fxrMBFKlg(>8;=+hK+EekNB5daa9!AX(dB*ypzIG
zW320RAbGMxn?k@jnK=}=$T7`TA|7E1>C(7=gmAVpqSFBF(eCHuFe;$TH0JCC5Wu{(
z3-$*Wr>G7w?=uj?RXsPMh6|=j`c1W-3+6Ruj2o$92qvpk^jqiO{E?#eWUvfC<BPm;
zHRv*bNH&p#KcU!0m5q%)FUK5n{*O)+4~&=`s`RTa*{$%g!9BsIg^%4<E^UJ!6iGk*
z)T!)?+bq>^At-a@dBlbhnJ~FiMQbedpN>f~+@cR2GG}{-T8)YnyMYVB$lqOAqc};b
z11K6t8(v8IfJ<uI`idB_b=8Qt90rEd(I1WmyUk(s%p*-5LLmeBUF$=Y#Hr-rO|X%~
zj{G~R>UmAw<`Yc}<)kp**2pdUfMFJN0v|yo+JUPnEy}YS?wiqxqHw~-obmcT8fKw`
zI4V0LmtwK1wzo|m<cq!!+@4krNKkh+%C)bphzb)_;57@9Z^26+)`&3$;qLV6;K?9U
zMG8g)kCzG`nRgb;Z^W`6PR{rKsC!RgK})GjDgE9}EC!61(gtRL%NvuaXU;!fGfqyg
z@96kL+Df$o_oW2xv(;2@UZX2%&=6&$S%Il=g6tw-B?MrSoe1#D?Lu090zM%h@(aZ-
z<Lp`|?h9RkE?7|}6`4cBZ^9=9BuQ)tQJ$d`Tdn}~Yhb3rhDxLxb4q5`%@>QYHHDc)
ztU4Rq*dVT&K>~NIHk;s^laYySM*DPNTqseIzGOJ2P<DC9^S)4#2sdlcf)^}PJPoa7
z(e-t*w(Rh(yW@PoO(GlyID+^E(Ga8|--iWJG|(-8aI+nd*TD}f5L!nqb6kx*q^|9X
zqNYNr)MDP~m30K${o60n*xU%|CNCPXfW(sCWW;Eap8rk0=K1_m{#}RxK0WjCx73$D
z;OT$k3-XwUH$Hmo02h)rcN7D|PnLih60-Rht4f!|9<H9Y+l=^!RfAe3u7zvC&&#s{
z|I>q-9D!}|(T&v6PtTU%Aj2jSj6d^!rU&(EQZ~<i#Ni+-(C@5mulXGT3<W7t2$XDa
z2ym~n4s-?=nt14)mt?Hjw!LucO*F?bSFju)s@#ARh{qqgKb%L22o%FX=$(Aw{*TH5
ze`yBj)};m^X2b>rHQI*}g7O6DbyRK#*KAns28!A+u>&OgJ#eU}N3D$x7-ukkDZpPc
zn$o{5UegjR<-}q0BUD%$Vm-r)k$qBskaBS;!(=G>5!&1Mq@4&cf?M1UiI)88(N{9$
z?e9r31y9H}ayyj>ja{z@k3`r%h_0gvQ(|+P%u+*=SlVBH5u9m;*ohuo3^xc}8db|Q
z9<a*ujNYi-!gjk->z$8TGUhFK3HXHAGUU{zNP4m&XcEOsg(|#8pCZli&{jK;0AnO7
zlUp=GC2kvpkQhk?&A;C(PbkF7EvD%8Nw|)YnilGjuQ=7xSsr#oK@-!Vy`AErga<h1
z_V-p@de)pYpJ^RaOCGy&_>hoX_&n}Kg+zjjx1wGDIB73CTfFQN`vcP<UPqySk>MH!
z?-Pd_7T?asI0%iJOCr2~9R#F@fag82Fx6}N*UsQ`5?%h<sfSi?==(bI*}_$Yyu|G6
zNebxEqSj5ho;3iiiJ<%;A--^JoRhELJi1nB+cqP(#D#6XM^Jxo#`5Y4`PIm7yw_&Z
zQBtK)S%6itJnlk!O_d)>3CIeowVdG~bDYm=hJ?hFYxow1fD|l33Xh=}Y2Tb(-S*y5
zu?~>dM$r*zz%OzrR*y{OP}km~uyML_O1bgFF~&JTh-+^9Bg1=E`MS*d^#u;ws`m#B
zVJN9;m&~`*RsG}H^eu2L&7@4=V7F}*^-#GLNuVO94>1<s>y+lBkT3FfM>*U-624V-
zcCjCv$gg2v4dfDy%HSLlmBtU*0E|{AWS)nR*z;)xBW~pQwScsC|Lu(_VOc!vc1&=W
zL7k#)u!f7}g}4Gm6$sGd*Z^BT;W&TPFH-Sov!M!z-rD*aH)&3KL{i!&H1b5-5u4KH
zw=byQ;F|N+Y{Y~Qk!B?^wLr^w&}3uOBm2X`EFS}F9xJ$aa2n3-mV<;lWyi4<L8Ug+
z^`p;;EaJSIi`Oe;o6k_jd0sW0+oC{Af&I=k;7jeTqWL4}0y!8%fNG}pl@|hsgvx$u
z<dHT0(_U*^nwio+b#^72qu&c3?)UYbW`x?$7m9W}c;w829Z8S;eC5WDm~;A)DXkv}
zkJKgsDoDk4Nyyd~J_EjxSB(=>P-upqq9VB;c~68v#ChCHW$_C^CWod~4<P0wSh@^k
zD=si79tf6*;m34O<cH-4ZHB^V_h2np!+SPzES&`hM5ZYm&cy>;9&Bp%6X;jaIT~3n
z5Q`U_)YeJ|7qwbckAAc)p{$UA(W-@7ZUirglVF%xw`iunJ6if))iGsM$^W~!!^Dfe
zCP{5`xLqPqhq}V9;+Q!W%Mz60Y*P$xV0#1y?~PtR*%MAxHd2nBEJ6Ch4F1`URGDX*
z9__^7uUWKh;a0)^hnEyxs8V0>Zv@iuaGh+(C^io#cIQHkTC}?BU^nSsI2Q(jiQhZn
z^@(tkZ+{~IA0~F5R-a}~n|7v<>oN*6GRF5tjUs;@T(neik!K_@7T+Z%N)K&STK4;6
zPe<+OOJ+=&VqMrw?-p`OKJ7C>$Oqh0B&|#=Jq7E^Yd5-_<p30nEUVz_^+X=gj$gKx
zM(NL`4_Kj&jg9Ua7(Ei!AAWMwdD<VKA8oWvf(b5;Y^7|=w_S{H*&DBHaC<|imi04C
zP!X6B0?RD=5_;v7+tZJ^d38r)Dq!cQ*jsl&nuTFzS4637p0VqT8R(P7Cf&Ntcd*3`
z#j5KZ;o(vIW4Y=6=C$eiRV{G)y=0?E&auCayb0T&bFs>#uq9yQ6y%H-e>+%VbH1d@
z>4n!3aA5gRm@k@><1QU5?b&lA)WUYOui#kf+i15KF&$R!k)50Ca<N8ATmJ6quanx6
z$f@ZUpBVzZbk?uPc*Lx<`9AoW$Oxj)Hy(oykL^=KWrw86oHEX#dgW%uG$@(bRkm-2
z@Hp>uHDRRP8Kt5vlihI`r@^f)3dgV7;efR2vVM@_OTel1b7oX#n9{my4HBMV=hIzt
zkPXuk%1K18a%zosQR32)=uXiUM?vxh8y9g$h4g>RwRc@ureKT+i!Tq{=SWdsJ{a#@
z`65)p;HRkpcyyV&P73dr;Zvi=2D5mM9j{Mh)Ntl(8TfvB`#8F~VZ(~1tDQZauU=j*
zZ42n@7s41TFl~XOk0i#SLXhurw#kW!O6_3I;O|dL<oMN3u}tHKraC6o2;4#5TJg?E
z&ylJXkod`Vr?TLY#0K1%defDR(;ZPk(24%lw&6#zx8hkFhxm~P@-5lA!198(K{>*h
zj<iDY(!zq^E4D<#UCD&3m;x~=<)NvXnD=bivTeGLSdg`pahB7@nSpALvg|b$1xm5x
zDbA2L2i_!yw2;>lEHGO-%0M5g_Zl<{QA<YKqti*7er%KBnZHDh#~A}Fbe4WE)zTsR
z(eOK@QYgWTp{V2Dt_)$A^WcC*$QY$`^BrqB%4iA=`HfH@epFv0O1hQIEb7&*g}bg{
zvs4L0{~$e{vqQF2iLc_0VFv4wPQR#AWmm!M-q$*JWCrW7labPi-pH*f!l*Rw%k$f|
zjYW63dCLro;Wxw-L$Ty$SoMcv35k(aw}pECY$jy>On+g-Qlyh&3Mr5Mq9I)Qr$j?f
z_VNc3g_U<)wK@sLMZDNGG5F>XMSD;p5cs^OqE?M`Vj0vpSnz;~H4{}IHDeMcf~mz5
zN-{a6i3ieNMzT!d23S}dW8SUv{bmg=x`4$K3~dCs04Kt6FylV(6`i1Q;X=%Z$Oz+u
zaFG#PEPX2wNl4VtE%<U*I0Hp>7+Lk8Q77$oPNIFTWY|rL*g1;qEaz)MqjB$MORlLg
z=^oU3dpH;pxEg5?B)tT{2vf`>8Vx;aF|WG!Paz8ro%9<O3F9jhKvHb13{ZI0w)>pe
zh@s_B2#J)w){2%ock)~_i^iDl1+zVr<Kb-#iuy{^r!1_rTq1sn<dTzlaG=ak&h239
z#xoB_ovTO>O6zr@{DFTq<eNEMlRv&3qBMmy5&0vT`X|8CdyT#qZWLA*ATh~^prEh;
zPr?<$x&ic?{avo%pJnIHIpk_ra6*64$ehzXCbVezyl0J`C4PR~%fdm{s3d0{QQe@?
zeUf{4y6ii4n}us_?rMCAxAwnLa*v_0Jz-0?N#Tr^nCjaf)-s=Ja0%ZXcA!VpfYK1C
zgnRcF4j8h`wHgomy`kt*WvD2s)j_SlbZ<S~LC`Q6=O|TXG)bMQ1C$h}o<eiSOMr7)
z<qOhSE>bmS6wI84(#I1nZok46Owl^Lq0ydmmYiz@++3w9&Qb32M#->7*+e~Bcb!{E
z_p{^5Mcar}1p;Q-(%F`;s-~qEsE;9sHasb(%e6hUOHK4$TX%Juv12h>SI^-NXt(Be
zQ~(t#dPQFMGiS5fppqf?HP)+6=D`UGf60?v<1~CCyzc$XQB@NABqw9hXN-2q@Bt+=
z1)J;X?PP^ZesxHdbtPv*`4A0eghh+2SbmFK-9xhtezrpI*ZQqQ@$WvJYF_lyr-#OR
zIlO?lTcWyKVA--@zbNbSecuE3q^;2?Z{DQv%Krm}KzhH8o7N96ZsWvKCV=Wq!UoXI
z?!*=?y}kn3_tTjqm)83iD&qrC8MnLjZl~9O$*Bf5RvA~DgH|gaBe9%ff-lif$}N82
z8e{Ce^5>oR-mUXitJ=xdOEoKpG!dCc)=CG{wc@r5FrH4RxSMB6v=F7vY~aqOv~7~I
zz+8Dc$*W3v@e?MaT3oKJ%2oCDGJ26Vq=P>%DcKE6)~onShVQDG<+qCSv$5N1)_|lO
zSi=EG`L2c?PI;|H{c9v&#JbZ=zENG$TFK|pq_#EIIV8{5D2#qA!$rsm=XPql(P@}f
zqq5dceMyIm9LMMq$~-=Vk>uWTk9!`wx9T4JR%<uw`J`Fg7sr#FOuD%3#P?WSIlGMi
zU9RMNAwN^kqx;Az#uodcKF_v3{T4B;RFaJ_pGIc3jnG9e%(WdKxueRxL4hYz3tl?$
zA+k2b#!7bLNB*{t?y4sTc9YVxjr@U?thI)cq|vLjjrL1si4l6o&Tl?n$h606;CJxj
z)YP%K&Ku2UFK+>GH}AZ}RT^%<Uw^y&U&}o1&OYD$x~j}4EVQfueE;?Q=5pQ(aIVzN
z<?o+<+lPx^c7FGG&cY>$6F1J8F8J!EInxh;SxOJRm}DTbgR$4>#tf$^{@_xsK^`T6
z-D^_Berl(xSU}sm=e67IR=3_W_o=Lj9YvW6o7DS4Y4ccV*)Z|_Juc40*%J&bq>Dnj
z$!lFBZ;P0XnS3M|&*%H@rL%%-tU5Yb#(kdPh8I8sGOu_vA%eG%DGFvQo!`oe85r^6
zYcqgm+CR6+Ij^Nbv=_Ax!~reCso@I2amUC~rm-YPVPAwMkU`jbGkxUh{Z7wJXU;y%
zWX~&i5`L}D`Q-kgOwX`ww5QA*kC{h@u4lmr^$ahyk^UHQ2X4(=rVdsKjz^d~9rJYj
z-}46dtwEz{c3<``a4~RWayKkn{;sFLPHY3+?9?i~e3baRFaLZb>6lJiIG#jgSMQ<u
zcoxZ>6x%<MXVTtXld@#tKSnO)rV<+BhmqAE$!)Z)(0dt)%yDVAv09531?PI)ld#h2
zSL?lc@8$9Uc>_|nipBAHs9Y3@v{mobs!x9Tf4m#?;ybdoLl~W%uGXUU;&LqyV!HQS
zU97rl9~h@W14e91ViP~s%{mJzJd4=cx-K0#@td|$YZ{HpKCj-?^2|$j_@=mSKazFB
z$6Eve2i9;Zb`C44{Im$Y^Ch`c9bZp;sh9eCb5P^eyssJ;&Zg?8b81&;*PwV>^jKrK
zW_|8qTQv5;7+QT83XR=zRCHb&!APYAl(wL!$z7Z>mr!({<l>&ezoHH~@qYT$JIpdX
z+RZmj4$7L$EH)jRFf?47$`n^}G|s}|U^6(jsLaH*ZA$P>Ark+qUSW8@>Ki6^mgWgd
zvp%zBw2XT51!wiRleYH0ToNHOSj+~bdA_bb0WL7rd8OW~=IxiF*6D`4;Ep?n6J&a+
z`DYV&0O!yrM++ZK16RgLiaq^}&n_gJ!$9joE1UTIqey4<i|syucmy*$#HTlWNV^$*
zQRJg*kjJJTzmfsp&SCL#I_y75Wv`Dh@y=`@1P7`6KV8dFUT|`HmUE^9;67>@!N#=u
zGd9G*T#Oioi!F3`!=1g!4XIY^5Be`T{s1206cTY|5K}s}si-cC>Rr>UxAWet+uoDJ
zJ>uHKwHVCit~V3;;$($l6-Gp9I+GMJknUH*nTh;#Q0(i+vk#ZImp8v(-rPn$?fByM
z`u)}2S4l}c{&4oUtMkMYDtLKzbN=hs>$AIGZ|D5*^SStK9GX=1_Xt&;Fr;vow}l>r
zpwdT<OuAeG**VszQLWbogVqc7cRf3Qug(HFnoAH|TNgzooAUL+pu$^u$7RnY#4_|N
zJGgSvf&*)L410<Vn8G%Y%mJ|kTtKhY5*k=GXJgm223FsY=<L2312$-9#?Wnas-1rG
z1q&{>2`A+Lv8f-tuN#i3^Y1$6gGPIB6n^kY=k(ACKFdKpa!XHqbh^ONeLm>L=`#QM
zBgrcx+ROSXMGot6a$iSC!(;=`9fwhgpU_!dnzN>S);Hh<t*X)P*7|$3c#;{IGlAFG
zy8?QB9Oie0rw1${G~GkH8XA~|e9xlNI+oU<w2r0qT7x$S`CQ$|r<`oC#hyOBqgZP5
z5|fr0u{{1%<-CbMlRgBAkDc_BG{Tc5m%Sr%`&wg^R&?LE4+%B*orouN)V5dHCnjbd
z8itD`94xV1LW3-f8U%}p#$_SW5`ApK%ZRXqRuu(Io-^Y8Z}hM)Qj&pe+c!Lu!ES*X
zZxOq4xXrK<cCL!}8=yA**1)V(8!uS+Asr)P*9@nB4Hkg&gO?*)#}5P-&>P)erI}Bj
z%|m1X(f-Eag8gthCwWm`mjE%=3<eOtb$zfLlqJrF?rBEGPxzb?evT9HjqvX{C9kCD
zd-fA+NynpKFhrifgA(uSs(`q{WR$2j8nVc3GBD)tnExq!mb&W+t|l8Crx+Urm2fc0
z<zkf|h?eSFo?~1D8gzhT>>|WL*Vj}?MME+7!5Vq_JZ}E%VYkVPKI>koCSn`v%CKmo
z?1OXuLq?^>>uuu&>$2XvLv{vBbQV~BpT*YfDo-NY9m2g*eyEEN^;W&oZsg-w`4w9B
zNi}C(IY$)vdLwt`m6^nt0>wZT5Ou-vQL<3PWkWn_0fZDb4>%2smaR#8$7aQ|VhOOo
zo%Tm~olJ>Udo}f;5#C5K9`A_=G>e&sabD(RxeczMy+*e-s5bX%`7^O59447(-a+Fp
zx8PxdDd~Ybc~eIwCAk(oKu+~mGCBG^;&D}8>(+aUp|l$9MyD6&RX~dP%TIpbxz6xi
zv~<E<<FgWQYR3eD`Gl3u&wn}j>9s5k!o~-+&?7Ng_D8@OIDHXO`W)Lf75h;U1{n}`
zp+EHouqnzyF7Qd5RIo^r&dufR9Xq?edL!(_G=-XIB893(A%ozlLuMjk(U;jTmK~s9
zHKnAS7}(Z(%OKJuw0fj;G<xnme@joVoO`%aSg7*Ft;Ar=eSt{Fl9jTF)&GXD2`1(=
zJ<GOD_rZbM;8zJeuz~G9VE$~MzMBZ8Ijru059J_h@EeBIw&gtq790t%%O~dA<6~<&
zj?D;GhqwiUZw)5jgCuwfb$Jt5!#u=uGS7^G>(Z9}^B=f{p*?u=MU0wQ#g|uS|Hk%z
za2*TA;>#;43$t{`#}ia_U72zli4~!Tjn`rRY18~)K3vMi1{E6x!Nh;_`t=ZG^=YpR
zeSaOUs@G?ei7k<F{Yvsr{SVnm|8>uHd#}d^#uj)jNWNAhP!?P1&o9m^?LX3ysMP89
z>J57Zhgwz%)nzR5_j}m>v?xnIgv>h{l^;(2kwrl|P|T2m8jDw{Vt*!n|1(MDKU0N?
zYaq37e9E69?s+wTyu3z}4h#5#{~9=)ffwbuhGK}U-=oo}RcbZ8QpNvIL~7ajFL1Tc
zu)tP_PL@Ir8Xuk?PP8AQi7emp{?r4W8@BQXO@94@noj)(jaYrjhdB>QsWHbAS7w#S
z{(uqM=g0h&)TmqBhvub658j(mECOu*|MQ=UFkI(O!&R!dQnb@l3*X`<c7cx&s2zP#
z_V0&pS&aH==6($~C$b7v3q#&lW*=d7Ad~T7^TXn#%nPuE1KrSvw&4Ju`R)3OjW8{+
zhj%4mARBt8;x{;18hu49>PHo4Ib=$#6ys=c)8ykGH}RYuO>uP&8Ok*lMr|Hgo{wfw
zToMER<PHWpf-}C-6%m&eDFkL1GfHF{2sv>)!vF<cmrU861{9E8W@JG&jgkU|Xp*1C
z@o0>l;KIp(iRYu#YGGDv;G5F+h?OWUJEqh`5;Bkki4LTGWMop`pJ^iN=6tSPXj&o>
z_lXuovHo-mJXG=w_$e@kiP$h&A_RRRYlg-!@_7^>T}z?uP)j^+L`jB<zyk@zh157=
zh<+^|LI6IO9$2&<N=CxBNRvz9J4-(o{sk!8o@n7QMTgqQ+nCj?G-A@iz_oEJC@rQr
zRD*aTg6b=22P?E;>PwUP+p#7wI|7Zh42kxn%q~0&enk14K)%%yLHR9}L_yrY;1lkk
z-6SmO)7u#w665lx9$pdt{*V8^y)W%<8%YxU-oGM8yFDg%2oeCn%eFkNlH@9_U6xj|
ztKPh>dU_xZkz<lz6Qos|9?x&zh&+G<kO`g=>5~1rRT7X#WFjLn?qJPQWnXz)P6;o@
zz;VU`{T1!_2|0!<rEUTbfy}#_6r?;AG~?IiHTsFbdeLFGj2h9K?G>IQHUYxN$o%nX
zG#)SDR(`<O(`huD!&|NZdqqS<AAtU~F4IEA<pnf7Ku<%}^_P%h^|i<Nzhc*0(f3re
z&<*i<IHA1--Cc5ntKj2Tnr;TRC(2twn*WA#s)`Y$YcR*(svGOriCe)9Gd7~o^{WDS
zR>DFDyZ~zwMgAxldw|>ciyAE8n1-VQO!Vo>;P8{S44##?2`@uzoE+pOV0&KZr5byx
zFnzGB?%$?v9Ag_~C)Gm$dHReaDA-TR-m;&D5NjGtHeGE;e2JRqwuR9<`WcT-KAfq6
z1Pp~sV(3DnzboDsS;VxbjD<z5w{kk#QJnoVPDYC>)~tFHa8iZ)fdC|Q{RaXLH!~av
zG`|M@0g7FR1CeB5IS`1L73eU40W!N9APFC&fkyH4_aY%I7j31#(!SC<kFXvZ@K^8j
zcduyji~8zMu2TL!d-aRXAB6C#>WMGa-Im_mQWyR;Zm2>+0=9{4p`zgitdi*ZPR}VF
zNlun@{JfZs?JZ+cTrwZ~Y8LqmuME0;!#t3~&AYC_-u*>BVf;i1OxZ?d!a)>TtvCU%
zs4{69rlV4sq^c6d8pOai)4;=zWXoG{G>VwoOZn+2tcGZk>Bo4F_;Qlr8IJx=ZNLa}
zs<*1l(qCV!x<M~$M5FHk+3!V(!bf~@hEF(-4w=$#`g^i0jcO;a(n)9^SA9w%mp~Dg
zn^6c|iBylsX~`!L*vE<ZL^&o-=r3jdkv*x8-3hF23=6Hh$UsttlD&%?wrTa)Nol}m
z8buFd>3mVK?tf(nw!lOU!OJ0ootJe|(+1tN%%yUaj8l9ijzwHxJ6F(1W{wQi(v~O?
z6^ltIUST=gphePOTzl~V1YCawZK!3KUHD+dmWf7n6;<PMeV|%bk9HA*nJnf5UP=Nr
zABpxb8DlzH#94y_wfn}ym{jJ`l+4}HXBIa*^9&!ob=)ETnU+cl?q*ai(+^xYcQ}~`
zlMHG2U{z<iNHtsaf^K_#{p<=imaVw4k^y2AmPS~`>WqDvBaL5YV#-$dZT6O!!mk8W
z8Jl<tD<5shtRS7f*>YRGuF<k=({P%hWAww8Z?rmX&vrXuXm^=$b){JnLroIV!OX-A
za!mCyjIV=#ENDjHqnEVkYigqesC*vz`7?sqZ969Z`^tyN8i<)06w#B`XAtYkjL>ZJ
z0rD@<AxQnkY1*1MDL94EI(Ap{s%<*DS9Yt%rZUl|1g%stHy5L^b~K7pXNKJv^E0M2
z`9N%B^X1s^G8_eeyn-3;CI&sNFHv<H%rc%UCSm?6!VcVz=JRM=GzD{O@0UBc1^xMe
z&f}QW(PBW|RpciH^D}i6;vOyllo1bR!^!8D=Bp5P^CkDFp<VwNk0vqgiuWU2kN5ZY
z_4{T$n%y<<n=}9f+7Q{LAEG~KQxlc}Sc3m&aAIsf@#(vt+pT(=Sazr0@tUoA6PmW0
z^`2pO;W7OUf81E6S?}RHYz>=I?-JSqf58T^Xx~kLFgFu)&6z*Yx$1QKhGPDv)va44
z^T+gWBl(*Hg-}>M22IPU+X)oC1d5(+O4y8bCp74w@S<ZR!{0Q`x<hwYjJn#g?N+C5
zZ?<mwgCs9V@+V3E#2;h$PCfYVV~wv})zZ^s_w0HL-m&IpTsmVn{h(v3+rtiJV>?}o
z9#O|>!-p|FgSAyn5i6!x?d!3@ANA{LXWj7Nt~#fB@km$RART>^Bc`d-i)}A=&@;?>
zi@U}w^SmgX%R)cDj62^e$&*KT-`v2IqrgCy6rhK~I|;e0h&-S_yzJ4%>~O$%UBS&l
zt!0(BvjEMxH&_QfV7@7Wn?wdOeo5{JQ4M~$bNq?rKB)^Hv(@2aZpHKK<i>+bF5@G^
z#HFm0Og{hya|cc`98Bi_L#KniEqKk;lrA$>GD^af0ul#!-vSJqddzTt82M-JLLUS!
zEiRS0%nP@<%*MTk+cCqwrThn)`spLIL*!V-UZ>{-z0fy$R=aOFJ;yh?LB}@Su-)|S
z(DB+{hdHJNqtP#k|5@H`4M%1H^jUr+dHLS$qq82oyX5Wz49G=a>K0{QCGcZ^z7>Me
zwY<>j`F*3=^je1FJADJ#FW0aG&-B`^-Rk<@ZlRWro&xY;{%r~DEw9z?_nRHVHd{@@
z>A0rRZ{r7OHG7?Q*8^_W-!1GvEkqKwEYySac?rC}jTK-6-!MC2*8qC!8g2)~i_mo8
zh**Bl_uU=uHFvX6ZFJ^U3Dlw8>^B3;F|3wl8IEiBP!tM`zTa*It(M>KJLYboK9iy;
zvp~ynmZhiKcEWD6WgCHQ0WP-Ow$U>I@Mh2VdUm_l^vu?7VLp{}vlrm@@^4FE?}9iL
zcx}fBEDKLbU>Yt+0Y=wx!=UH%yMY<(7WNbBi*mve-4$SW)8{2n_d5ZIbZyHB{Llrc
z?Ka?IKQKZISSHVHwR`>cZlUJsj>x~F_lpAVBz|-m<lUCp_M5&Dv@M{3oleW>dhO7#
z9KYvz9lzhh5V6OA95XekP78<J2-Ei^@O!;(tK$To(Q(_R;dqv7^x?7rT5daDtM8k(
zx8w7|^G7KlpUQ8_U=I6UuN^o>x7Ed4rwhkBY{SMk9mnf>UOVX9JBC^KHvL3>n^dqT
zzTPU}f6p)#j1Tx8nEcpT;DE<<3G<{}n*L4lx-?8DXxsgr#L8gR?6dP<GIg_42Z+^6
zXN#;1SUnrZ{B(1j8B_Q$5VHE1tT2}t@!k1<D64y~Goq@%H?DsB65srvstT{T?`im<
z_?N5l&4A!3aHuC0>WeWA4r)u+fq-mU(wI#tL76M{ErZDN_nmx!k3sz>*M@U_5P8Z#
zl1$1V%~kxCfxL+aJb%ZN?IU^v^EuOv%$5B{%y`uEMo}$$+6vXZ84zrrFdJf0ni_c}
z5#lDl0LhqD$jrYGw|Uxgqn)EnS{~|r(Qlvt8x<voWAlbpC#*_4w>F3@1<AWi<?me0
z@1j#1S(^Q7BYZ{2YF<a6l8*IqgdD-ws*D@7%69=g&ZO-Ez>N+mWe%5t-YahF_Hg?Q
z@SB<UA@T#3?Q3<o`62ko43}ywv&_eUdl-gd&ySDI8UaqFhQ9K3ll&h-Ukt;_MT`#H
z4~P*BBEFFN44s`{UlHD#{FSeSFTg4;Kx9>wlwIpDru1@_hQ9DOKnf0_JWed1Cd=Ng
z-hJ~af^7fv_3oXZ=Xbm?e7<q>C&ef!s>WVYj4dg<fgKE^<+R(~y(ewVmBC?U?T^XQ
z(roI&I0u_1C{v;h0F`RutXL@mjR8!$7ikR1uc)KU88KdwSun;BxLGcih>b{-+0Z=f
z%oxH`v9FO8C<sH(cY4n_ZN;yH=tWHYh*dap=UTM8$A$)NXkbI5Wm}FD>>K6e45u3<
zHx-X)C7ZHxSLKziYUFGf!}a9N87jxeoU>woN(m4Z8HJKES<5S9wGJWC#m8vMgHA~W
z;G~$%s9bf^Oct8TSX(BrDb2N*qXkXJ>vTf5$5fGvcpi;^MF$*aeL9rFPAk<bE*#*r
z*YbL8Y1;!ljnkp}MiT4;z&WSz6ZWABWzL)Zj@k29`o_=c8W2U#sBvgX!Xi=l4BHy4
zt<mjxz2H!AWT%(Gfz&`-R{m_&R7uT)$dvSRghA!(%r&2;>REx_w}Ot}Zkp|<%s-TR
zYAEs#$uFPM*0ft^>VCKB+AYsAd>1X+J=Zo|$8n5y%j$$y)9>~yZv$uQ8@}O;O`;~h
z)TEs}<14}~%Q#t6*}GuriKcL$$wrhvMU~YINufvYSWeMTx9u2!#KbQ03#zTIFcndn
z@>`^^pl^B72bv}l?M9U;G!m2G)7#sV_wR3S*&u8t{JnAlf*NBOt7(o&mj4q!Lh|i$
z-tB|v{wxUH#b}=BPj*kR666%XA3eDry5t9CFgH9_TKM_$BiuVtuyrEW%92XViBgER
z2MX^s&DJ3?B|D-KxJCcWP{gkkKY5)H2@83V5I(bLpy<1l!2CHhSG)*%qGcq8!3fh!
zlHC+;fYB(mSkp9-Q<Cn6om+nvO=&hKnyC)67LiflehJVg_yy3y7eHW190c&6xjRaZ
z`5KC=rtLds*V((q^BX$cdu8M`WwW;B<_{$CDVH9(hBsuCyBw#Uw0w>P7_FDVkXECK
zUL6VDjsq8J=x32|x9qgr^TJNg>=>bKT87iHTZU_*qj|UQH=TYEcAQ`fcA9zP<oIdn
z;g$^b4r<z{OU1|tP~>;zsx}#ZH$h{$#ZQ3bxG~i%56sHpaCUVQhF2uO`_A#M#PRz4
z)IC?0SD>WG3AvQ#6@-iL9IMh`n*G4_cgz;#&{%O#vle9+b&7F?i(2ZuF`3}E`{e|;
z>_c=9WayM;ujGky7=r~(rdWz0CjY`<5YX{fSOFK^0%p-jc*$wYWeKt&7tUf+^6Uh)
zyklTZa%QZNi&)gztx3*#shy}MytQiRWJP~}IO91yYw1F<4402t0kGjm7ele~)wd3T
zMYy5g^npc}(Os0d1GcTJvD^YZ5|;Z+q)?T4?mFRQ6qBwqo_mdp-LlM{<9mm~U2n#+
zN}Oua;=(Vy2j*3Rr?L)KyBXL-iw~D)v_54ut%kc2)<03L%2cJ!IdYl%7Q6I~^5GfB
zjHKAW3h4Hv+<3+vBq=1|-eKX0d6p&TxSlI{nF+SNi$yCwA`OO>(Bl{nBnyOPGlv0;
z98E?KBp45&1HKoXv6$*CfF(5+ly*0K00nd3#t{MLH%L+-WBTF;{s=K=9j6o5x6C$W
zb)L-dkcqTZ*dB84zlXX!4v+UXpR_w)KSRsxrRlzzt}}*DW_Urf>+hyY42o~uAg8j3
zXgpifsxhe#>dA(5JLBU@Hww8R82fmfS3Op1Dhr4RjbVANhXDUNOX&ymdzi0+3u>Bv
zmDKCW;&!t-pF0RKNcm>}H~CLsND1b=I>wXjPUb^-1wfEah{`rpmE3gY-Qu$!pNKso
zY9Ee+xUU!v+z%o$K=tT{^Iy)di3<pXnZMwZ073yz0-uBQ0ilrN-PplM-Xq0zrScxy
z+$SlTvAj=Tb=TlIby#G2C`u0UH4z7HoNk0WNBwb(IVHR#ox*fBgwC)xbspyUKvU|M
z-9&|o(0#Yl@3x+?(0!SfOo%4o@Q&xET3R<gDYamv{fws9>~uQ^A~gI2&>bU)QRur5
z1^RjBK3s;s2EpfJcpHU4`ab8{G%UHOG!92zlMXWV^!GQ!>QT8~420*hV%A8zx_fqh
zedjmE>63p!pzuq-zx?sy15?xSKQBLhOf_>GYVKE)5)OjYvJw=+{<WCLLq8y9=cQ>H
zRu6s>JOXeQ_E6nEty{wU&qSsBL^d#ZkqS=Xn1x{iTYl$GhB3of+!d5|`ippowJT_u
z+Oi6<d1BbHtsroE&)5l&tNEA&^*MMTywZuN9HXU%TqZKGqrpqg7=9S^yxmla-Kjx=
z(T9RcZ5R5!RCOmS`cNr%;8pL%m!D&zsr%t*#A@0A1{zq&0<)Q5WfD>uz$6BUo1Za7
zRJggjcd28xj!p>CoAQc^^9gj~E{cF3V&4?0fz*o0^>H!^U2A5UHMS`1N41NrlFk|=
zr0aGAJM6cfF9|sjRiqdZnM8c|OQN|L$>79e5&`Wn`j%yzyJn<#hJ<zK22GHV_03y7
z%=+ObK+R5!gvHEq8FXAMa+)L{uJQB^RM*dVi&J`D;mN5xb*WNl806>(Z*nkXgogvu
z?=PVjtBkcNso;xTi&97xxoD}c<Ww4D7R`B0v4=Y#-uO`&)mR<Pt!BsWIHvb}(OldY
zv&DpFq0U!~TgoZ$js|u#`krrgc8%^k;}kU6J$Az<d_%ke7Ph;?%6oJ_3^&;j8Z#v7
zK|dKkAbD6&tv#=Y#||Li`6Oc5*yj<M;xudEci;v6&<Z=x7{9ai9!VuRm2WU!1I5Iu
z9>-bd1lKDgH#RzL%WAa`6~~k1y(U8cE9)K3V7(VU;yxUw;bdN^(DW&A%0x#@Fk$)C
z-4F#a-7+yE0qf96#SnpNn*T-*3hYu^q=1U<vtT})(E=QgKrU2@T(MD`sB&k4{{u~`
zUZTyFWRv{TliCZ&XVAi$YY?Ka-}bD~d&Z2$jjGP9-Xn^(HfU>uw>Io<&vWcUr9AFz
z=04nxg2~-{P{}*)RDs-@C{SctaZe$siA<~5V@jz+3{R%L>>ebyD$KnWElYdXI0Q05
zlii!-<Z9mp-{bP7Q9gH;u)K1O;25ZXTBOBa@I<>$trw9Y&45=YSC|TD4Acic_!O}0
zZXLBouhne!&93!)$xuc!dUNv=;YF@j(}>3L0IOmHC2HBtT|1TSj1m<S1U_q3D0d?g
zjz-c)m-2uatd^LMd1@lKbK*fjBOPIYc#pbKHP|Q<(F*NfhOUt|q1s%yC_~t&b<8Er
zR<qp=`%me`#51oe{Fjn9-#wQehXNv^OU$e&JFg{x3utd7?G4)Az=Z5=Z)g5WpVT>Z
zH^`_fCBXf(yL6<wtcf3K)Ze0zm^7CK_fs|}>2UHt%#@wv7OiDck=B&?N9ohyJof;w
z6U`&()9MBp2B}Gz)di8)l1r4EuHt6y&KGf#Tb1gHMT*q5cXhLLrTGk%`GmPCu%}F)
zG<rxP12#yTyFQrdY?J6-pEOsqrzm`ihz5m9W7oh^-9v+LeNO^yKDln1CmBu&^Au;`
zvI37A9f1v!5!1;?CE!69nbfN7?Q&s0O-S>fJr`!H-R=3k;29_5!xVC}VV_pn)r%HV
zBak!NonSXNYVjsrN1$MLX|4xNfGPXv;zgD-VbUC#`(XYxsl@2w5waP=nol5RdQPWj
z*}QU3E`eCH`OSO?c5i$upCV?^=08Tz^=#8^t26d}Lmxxji{HxUz#SzOo|v^k*fm})
zd>-3tS)EQ>oop}vd7cxQPqGyb0(U-kr)61fSUwxx(D2;0Ywy~pZp(u$*~o5&6EEP&
zI99Qg@vc8Cyw3qmlnnb-p<E-$kN28b%yai+<hu`CkWn}6@P;&EEC@cAHiqw>wjRSa
z4oaK%c=Idt#{b8HR&$g);O{+d{Ykxx(@mv&E#p30dlvKQHn11R$JsT*CS+b@)@UnU
zrb}vO-xgNj)JUtkk7PZ4cUFE8W2B7tK%$U^M^Jz90<~$jOst{iKVP!)b}?dF1u_B_
zQ6EVL&6s)yn;BNK?YalXK_)t9IWy<`G)w^5$QtKiYRUCk<2q`3an=+PyyR1t=vWV1
z8GXXPXiO?2G@s8C#T%J&wF|j8+gQ`Acdc79nX;-m<@FT;r=lt6MptVredJB-`669(
zAs?t01a{MJK4WA1<!m}|C+OnEjvQ0b5fC-eav;*#=wqUIcS>AhgLVg@-fxGyws~zy
zUY4jM)0)V<fWt8{*C0zNIa)$(4%B<s^(cG7Enxo@%u?f0!ILKn!+zw>@Myy|ozx)S
zCn;JMa49X31zD!Cm4V14z~TsmhwwT90L{?zdwFk@=R`xOsUko$<zCh_lv(fpk6IQZ
zZEs+Eqwjb9(Ajq&WhRi2XD|75bAEk$efj?U_S4nb$;Wdk4WX*l&F#s}&Bc!&&d+iU
zaV41Vf;PvNkCO%^6F0d@MngWp+gUWmFPnD19Qk$pc9>cw%D(y#+_P7kMOLyEi5bQ4
z-%_k4Plt$mAYvIGE2vUM9NC5`xGBB&fDCFr+sYd5ifymkY<1lyO>B}>HdkdekzRgx
z40ue}C=!l>V7}ZffTyaXtqtDV=rw!o&TjHF(*nLbE#E8G#@)s>K<@}3>fB4V>3luh
zZK~n!sQzsVmR$rZ&1Lt9U?o#jgvOaem#=!eO<~^6OYyqdQoIGDeG1kFrFb_hz8mC=
z@1`HIRRl{L61_{X;Ic_$a*Id4T?A_d59uB37Il|xBu>0JXNFD@thN0sHUevo9(olK
zPf*Q))&1_auz$COX1m>MJK;0d8?EoQ02jV*?%F`R15fA@Bkkp(Tg!#xGQxVJa9rqy
ztsa(0eF|Io<9>>atGVv0q^UU%#GZvk6D?B&sPY{xIyJbV<vA^HHLLj{e5mmk47Fmp
zVDBjFeMgh-B8X8~VM>9#9hA>2ie!obc>%(^V=V6tw>&Ric*j$-SD-BoLgp7CzR86|
zawIrRyaeD2-`i`tW)Qae-@PO>F*lPSp!#LJz$fKb3=g{DJq+w&gr?&<-&%43)D-I3
zagBE`Y8Nx&A!S!&HQq%WFKBEaD~E7PS?daXpwIkQ?!|!Er-6(iBJOZ(uuK4HQZ?%E
zP?N^cE`hbjOi@y%4j}?7hf*w<wTzKPF6pS)64r7tadUER(w`4qOFcO98wf;gTuIv0
z=-;;h%4}YE3jO3~vtT*`B67=>rEEk#UoC}$&0VeTD5RWCbKutQe5MI%fI_njoa}K#
z^Y74AJWbH}MLOB4YE)k$St-3D2654jPq77v0gVE$5m$<f!`l<FfhDJz+^wN>^}Uwg
z?>f&|{Gfg>Nv3cfaa8X9!qt$XwbAdG?L&+a-%s5MMY#!0VTr@0Cvu7yrT+{+G+TJk
ztVvTYS9Nm9ia077ln=)YJ3+_oxzCpj$f+V`A|julGEbk5N=_Iti;V^_B15BZc5VM)
zQ`Ib2hi1&kNdr-Ur7Yz`jc{t9Xq?R=v0-uuK5l*<b-4I}Qx{c!h-^}bXeMQa@I)5B
zr_Bu!XR$)qcIR*~@wq{!+hm4lnWp21cIzoEzQSClGWbgGzT0~rhs>VN0%}zUL29|V
z*Gn4<Ywz3$eW&fXJ2Usb%b0t4me18~y)+kR&d~dA2QlD!doL!UR2o(jd+$54QN~dq
zId2G!x2WzgM7m)1%|I8;vjDF6Z++<a3`OvA*54F5u_v$Dp3uF^@8_<dV{>Vtb5{GZ
z0%B2%gu%@Vkr*AH9lZ^q!}|%ye@6x~XA9o&+=)!L$H(R-c?3SlNn+&<%$bDW$(Cw4
zjvOWFwW7#3bBRzPZr(nuhjBU-E`Z`q#s@G`FJc2ouP%W1y*%N=<?a68O~wacGVb)6
zy>8!o&ZP#{HW^#3u-)E`lh}@Of|pn*If@^+#TZvF;(3eFyUn28wz_J&RLeZ1523uW
zmIj!vl((HJ<LM10hk52$3)bpn1k~B*zD=ALD72?Hxh0Gjudx`FzFkMOvy4vJc&Rm{
zi@%q&>?JLm7XG1#UG-IQtN4A^4qH`iNG^ai*??T^YO>&5)M~muC;LKLPAmIHEUDJc
zK2JYtr$)Mm6#1H_(U&S*B$Tj#sU4^5_?By~gsIQzlHvQ93ZY~c+`&!;v+{`hK$2UH
z8T@5;TFu>*S$ryr$0->PaodXS5!pCfM*q&2(!GS9iRY<2vW&1vJ(@+bb@?tOTDc+{
zNj(i^wT&c1FR8UH@7y<4dxIvP%pG_h#D|)-1p>>-Nu0*pK6<Dg-`I6pKdcoGEO@OI
zj3iFq?zo-jOcGP=9XY-JbjHgbub{t!Ul+cC&5gimwfehe0Jn?I%ZSn-0pGqm|BteW
zyOU2Je_Gb&5*w8@fd03q*XPA3z(T9*^ItCCJw=G0y1u(yv#_La;@UOS8C_ksX8Iuz
zOCF&oaR#h97-?V_Gu)>5OGIl825Ax4CoPKT<uFy`0@^%0uhZ$Yd(FQ8l*StADpDG3
za__$zZ62#E8y3F*f`?OIJ;B9B25V&af!%X=?Gdv!kxv=pV!iKvzAAW)Sc7UA_1S}j
zHwOTeA|Cx9jJ8l$6s%TSL}ft?T)Fwm1fZ3V&us-kVCR)+&k7IN1<li`;R(Tg$IMc`
zTT-LYW2p&v61M(>F^CMW+xPR8vk$Y_^HNO0-r}Cm;t#F#3}{o^XXSXTJbD++hOk3@
zca}q>UkAYiq~?H^4i*KD2Ut5D>va5k(c!)wIxWBVys;p{#En^OC_Dbq%xGlL!0@}a
z+24&3fBWOV8%|oXX|uqSblBxMRLp0Q#Uu%T(#WJI4^2|>!oLn8TAPYli0=nOZ@|%L
zQ>OPkWtnAe*I8~wOOtaw?oDX6J*(Mo_Ma~e;1ZCKD)jkzXuC8MX}j6Ct-TBXk0(Lv
zW#rlxX>_&{tr_%8xaJozm3uDEmWkR2MrqK25n;(7@ncEWDplc0O4e2l>DUpy>9}^w
zb<C#}y(#2Mp*wl=UEF>o?}iUIs00j$cMFC&q$29mqUt>;shv8BjZ9CY;u)>b4y;{^
z8fTMr%}=KkuEeiF(6sb%jo_J$gBik7BR{)$Ll3s1Ms5N$bY8jhfhY^eeL;`2Se$d0
z5aaGea97Z;bU_n&oiSY<Rv8{_7n{a6Wkq5peU5bq8lFwzipwclK$7hs4{&YKHq&S{
zq6NNbip2kEngr!5&-H^zX`Qe<>GRue+ikX<aaE6x+}A$lM<O8xdNRP>^9|7jsKCMq
z%x2%(bzF)#r)$!JkHN&9%#~4U@yQe(z&&(1sU?pV^N8n3lAgW`9?m$K!$j-MDx2y4
zft9m*JBsdsJ%TTLhflAAJBrO1i^3mW0YA2w1s6Qw+bJC0fL`{O+}ImqPP~&53<MWx
z^nat_L`1>y&r?pB4uJZIV+4pf^d86^Zl+#im>jkw;0-Z*9SO;{z0iBk`3LY4rzsJa
zCNZVAHf?I~rbf^Ao1I-F>!xxNlOwKXcoydm1@UIeUsRVER$)hkr87GsCepoiCl9PX
z9W=ZBaPsr{&H42&=hruBOgp}~xq5%`@s^Lo9{+su<Hc#_32k_Oa((*K?bXT0pKc0q
z_`4DO)=o_-*82^bI$=vemLD-Y2vwCna%R$U4rJ?GqpsDo!?68~<6Tcq-;29|?`DYx
zcVw`poJ_?=7@9$Q*Lm4@l42RwrB1G#_29r+9>bqv4Wh7#O6Gt_0v@1-I6~oY6p(S`
z55uA7a_#I>69xomYr@cTx>na~J!8h@CKH7Guj|Ia$A&xcjo=R>2tub5eiL!<+2Hgf
z2woMSo`$7oIvr~Q-HS;tj?3cbzmd8!3|``i5;>$F(C~FsY4{|ZMdKtZ@g9TKxjSnv
zW_=A>(6-!8&-R|w<B3;bRw`blcSY6fQ$c2gAOx$uv2rcGtArn+=HJqodEERYSbk?w
z@*mDWX5!?zW`%{yFJaYk(eXIchVk+Gpm=uVl7Q7*K)iNJo<H(t=6!$*j<Iper-bJ0
zLX;z9b5ZWgraX)1>r4sFbyGI8Q?ifolN<jsoXruBXKn~gS^1W$rsVxqQNWI7O2#^f
z8P}hZ^;af0XlbTA2ks=9aDyqae<AEX7db9Zc@bZO82kVye5Dv`bt(cjK;`WG`by;F
z7J=Yfg;zJ9f*+8=t1}U2NS!L;ZXxKoNM?xtRlSzchevBzMQh(;NH?x#fu(NW(&nrk
zkVE{<>cHDb9w6px#XL3Ma17{&Qv+i=952RiXUwtY4CF?%e7`imt{5>+F9rVPo~vAg
z36$Zg_zZVm`Q<r}rUq}gW9cQmHP=<a!j<#h?FXY`FrM%>gBB>8fDpm5v&xqmQ;QOV
zr3NKQQ{^a_tFLSnHbx@Fh#tvk@@1M6($El-aeEWXqV47^!!<m9n=p|3kEX?A!zN-E
zFv5q&gm_5_NhNKgZDxT7h_j8)wK$OR%v&iycaLWjc$6h)6k24@sKf>3&S=t9IZF17
z7DvgQQPCqAP3FFGOLzyLXq6S<6!<HbbmfpzC9ITJWr=A~PR@0q5o7ZKizr`;He#o1
z0^mcypHe?-#3Dc*xVM=@3qz$!JOx1&A*Q8hzo3vV?@$Truw(S{<M~SH^{g&T&Q_0y
ze~<_xxhYRqiRS<pnt_1PeMz{KKpKSW4I2bmYWUC9;33Atpm$T?T*){vV2Z;PRdo^-
zDaBD$e33bpk}e_M<^`?Q<f>gwoQhkk30J$CSIAtNS;fIoNv>PWDuykF`sey%j~b_;
ztA~R*Pa=D%!@=Gr{0Pm*!}sko-ed{lu0~3ih+lN_to%iFb_^}?BBDf;2E)?p>_`6A
zGP#`cKDZ08*-M(o|F@%u>}ccRgvvEyu4Ly<U`(DMt3bcmdW%HlIT35rB@ndGKVU%4
zXg(;Xy0F}-anGdOeY1}xiLlV;6Not$Vn`G(jFnO;QK+J9I75`KT-oet7SnOO8cB=4
z?>~tahZk6%8C%izc&fq?`n>@JC6nVEfDDn-u4!anl~5|z`jI4CR*R#?dr+x>)zRQ>
zM0E~YCL?zaIS`r4h8gGRo8y9^F(b@U0h`zRN_ld5%tNr@iTu;?eBpg2z>-r6Qkh0`
zo;Kja$;U<rr}G}GPtejCJJsZEU=%ED;hN!L5!FZ1TSQ}Wq%$aOj#{LW4V`(!YCmV`
zfl6`)m*kj%hWs0GC(+m)!6gMqwL~y*?+o5rVew4b&$3Mo`1|oqkNedGma8aI6<$F{
zr&jn$3XRt&hrh`yCSETlpC{4%<W0emaut0^9+>3OGVRLBz?3T(89Og4N)m>iHZOQp
zSbL(#3XCB@gJ#Iq?v?ItOmNe9TqWNQSSzjXku;mA66nL>gpU(w^aA{JsnL)p(<T+n
zDA)0meA?E4vJI>wCRiL!fRD>?CX$vB6$?AykBUl&XjW7ZuxFC+o}nLu2t>G<Cl}|S
zYPh1RzfMu?@8<8-!T@NGE(}o6!<G!d>5dW#=3|9@|5gftdI0{SbO5@1!Ax>+a-5_D
zq=ud3s_IP3YMwmi=7A@Qc_d}`l6geS0?Yb#IAb1D$K$+4q*_zbMS4DK+7nC1|IY|$
z3+fS$kri=)F-&m@SjN)6Lgq>!t4Xsev@1!wgCWQ#jHP%<rY^unK3skzF~SFXGR0Wr
z4y~%KC(e`Lp2Rb+;X_+C1S{pnc%d=UR~kOoF<_izV;_Nji=ACDG;m{jkLf$L<Q{gz
zpu3=__P>99uH5qZ9USObHj&_ANnLM&bIue8DrcPoI@&U>nYH@!GR!J9b~efFaL#HD
z%LF;)STomI(U!Q3_2k1pH6hdJna-0+QowfQ5<=_fS6Y2asFb%ew9)Y}I&<g;8ZvM=
zs;E3y^;@=Bb$ncWo8J0Z#;nMhq<_}oO5jq?OC^W$!^4~viiHb!o`#{s_4yz4Rn4qc
zfhH7Q&(hcOa95w_n$hr$elYPich;%TC7tLP9#-gYnBW8-V;A}qf1z1Vs3*;_!qt+S
zvT?I=%CdBVtRp^aT$A2QvnF#L0`EZGMkI=zA?<pUlOriMz`D)&18KK6xb)!`LC!+0
zR7*b2HsYglVChq@IqY;Xn~qB4QvMC_gO#ZDo-eP$<G-kW!VfU40?VVa+&oK+{X88M
z>$QJMUlwRb36jWuq_-BQPH)E<X($n6x$f;)tBeDpcAQ}~5&@R88pm4I*)PM{aX}?e
zLr;w3{Pl&I>4(QzW~hcf8plP8drh*#Jhg?pEbmjn=O^(o-m`*ilVnoaEzUR>D^kx(
z*i)oEPZa?)Wmz(mu|LVX$Cf0X6Q$*8N#Oj>L0C(~!k^E6Zk(T8lZ2H{vPEI^U6d52
z=HEn1lKFcBeMG(tgZrK7TTee-XH=~sy^6GqWop+fsm?nel}39?(-cZ`B4jHEAE|;j
z<TVsyagvB5?L3?fzT%&bPN)p{5gO%GUZS(*!i?BFYy;C9hStBRVp<I<Vlao02N4gi
zZ5Ms!G4ZQJwk+GIpVCPcu{BNA0w$3pBW<^c>W)_NX~O3v4Z;mi@^^5)&3GN@5Cd(&
z^aIgs?cklMia4c&s7~M#MfK*GET)(PY%rfs<Cl#FO`=er3*u0R%cnt8iZn#hp@tw#
z^3dM{gB~L=NbEFj-}CiVSgD+(*s6RnwH=Bu+Iw<cN4nMT$E6;4{Q5Z%cR6`$5WJ}j
z-bQ3<bseTS0R0CeGwq{?<m~HMi0T0J2F&?*?C73mI#8KcST=qzn?<vwqld70qMkN&
zITyVYUMKlMxMDU5$C15HKBYWBUMX5Y9k!|iK^*=OS?M<7;uLWPC!QFCq#APHV{X!$
z=py09n2v1eZIrNYe-fG_xaQ28T5=85$mu9r__X%oXc$ar;V_X+^fqlJ3NWsglXG91
zt<zL&&mdO?6Ya(GH2Ef$_{r?Z7JT{6wO<()A*aaFIog&aD=z51mK^oxL>}G`!@zs+
zMgghNEK4lCJV;b}y}Q`Gk?49DN&9HhJDQ!F=j}Va{P6bTN3MV<s5InC3fWA4SC=;*
zKV6>}I0Ai-iw_^qf4n~Vcyak5nXW8tpOmpHn+33%<nl|k4e*c6Tu75TVLg`DiC|-%
zQTksRftL4^+7}t)1|bFE;dK!k3!1#S;Rk>KnVN`Y6igQXH!Y;_bozW<aR`MnU#w3Q
zQc$b&zpK!9!%*GfO^RQV-lBA4w8U~qTN~KgfYt`KHf$$og}cecOf}K8s4~OK<Btdq
zDN@rKQRO_8pVF-4xo5m6c&76t|0JKXT}89sP#0(085AO;a!yVZ{@S-)OcB>a*p~;u
z@Q@^%#g0o-VUgRp>Aq;GSK67|9{Iq$R)QFT7{nU{-e>v{j?yHcWz{@)<`cjcnDGV!
zu_nQY;3Qbjf;Cwu_RnjFzG*qnIGZUo9%C^Irqo_e0`U7_w&M}YOhBoC;q>}u%lgxj
zfE2%J5L|Sxh;ZbNR!RaOYm0s!PS8R1<Ssg94rP@|bPsI}F?N+Sh&9go<5OwvnCh3(
z{^T`jn@kt;7HGkMX>&5~o1y_@K@=@4$Kg$2l2MRqgnoe!LXu~>gaC}Hae(C!rCkt0
zW|qoHlOIUgnJa#e1ti2>oKVl;&G;g|AuDo3=~fgvbeCI6Kvex<hRZH>ExT5Es;@A5
znQPfis+!7I#mQ%pH|?O=ai4K<n)lHiIe{bkFdup`k<Kh<)%9dH!jMhg(O?~ocGK)Q
zy`7NRTY&6RfU_!}!<yV)bF94Zvw~w{vlPN6lhLw`QYyPlxJ<wUN&~xv*_@bP+&5O1
zZ^;n=k$m9|Fh6vTt$NbheRPMFIIZL3<dx9y_n7;h6?wTea!U7|o*i1PCoSbS9ZqRv
zk=k)fdbt4&V?+saXuWJAk>XT~K0r$KiW52dcS_@|!0t8sf}pgWj??YSv<ilz^yPIt
zpGA|qH|fzyuqGyzt64A}F2+?-IX!(_ecj-V(M3v}^OTF`%VFus@$02y((VY_f}tZH
z7dSw`!FVwX0VV2;D~KsGDYBerhq*q#`AAN#E?zQiMNK3@uhH~o@So2CmZ|b5wCWo>
z@--rs$g^j&=&*Dx6?B-u(p3%Kpqh43sd|&1b@FyNg42U&2&~T3#ZCA!bScoOhX--{
z(U;&AeTvqHcs|71P>7-gzGcjGU<6|x&bV9I&_ma2=4mz?jz)fTKY{Im0k{t?53I&M
z!i5cni*Xz1JXQ;7;y6Nz#t=2exfo(K>p;y(CGS96^oy+(!(nTMu#FnY`@EL=yVgiB
z_v+O;h+BYKj8%sPp~mGUDL;(BHcWhw-lTJgI|S@kOle31`Ni3s3LvaxSY3HLhEYU`
z)7RgTSh=GS-tp;`M2X^WM<@S<yZUo98N%23?TEI8E&Ujbr)WI5@HxR?hu=s*=12Qi
zz9>p5{&x(L=-8z_gqO}82q=p_b<Rm}sc|x$j(B|!<APrrh8QYt^hZ&@F$S6#%o=RS
zhS<D1qaR;?n;g~tLURAam45V+9Kp9&wGgYvCV&3|G>_t9<wbI1r5p63`nzfbo}Tal
zM-ba`lxy}i^Y_>6DF4hgrlb-_OZKOJnO+$e#XGf;xbiiCth=ZkC;)ooPKUpwyJ4HQ
zZI~ARZ#oOmN3+-i4-VZHAaEEnoLn37_PnUpUZfwgeiL|$8C*08lrL($_Y3hkjTbd~
zzwy|m+@52L3*V;0zNo^#;+`Mzx?sZ~2JrH`2k()WnGGq2j`08OpJHH;VUP0%HpMgn
z;48FyL_p)H+kD!g9)G!eMWn%xmG~+qV@S#-!Q_QNN@r8JQ;|jjt{RMd&M5=KuYG~(
z=@`?|A|^5cCzQ91hd>wRY2M))h65W(IB-phuw%iPHPR1U_!2mo2a^nG&BH3Cq$>4#
zViK#rqS_|p^Ww8$3PN=-@nGkVZyo?0$MwrTa-e_zoi$5!N#$+%nY$PRLlcXgR<z^z
zdkn~1H{mKl-cY^k$(0SQIH^L)i-kHcH&@ALrxfHB21v2tUnRaj$3Uyc=s5R)ucy;!
zHix%dyYh;Nyrcm5*SdV>6hs1WhuV}?WF|TCYVyLki(=PX(f3re&<%lc_Sjn-@FkQ|
z1s^9Jx*6D>D6vtR|AzBHiV-AoljEM$jdf)ER`6PkTo<~2RRHfU=7VUa173hNi6Va#
zj6Fa_{6!5G+)Tq!0Veu%WpMaOTL#Zc+k}(`8z%>O3D}+&dZ{{?YU3U(tNXX98^_oN
zuWj`Z!0CU+5fs-v<tW%sLom$^CitwjBfdmSblbv&D*73ZPClHefdmW%B0O}V(ccyC
zi&t^lQ^vxgN>w=>?I_Ov87HE}6>C<#2{@@X_doy=isS<UhwHEp1e#xi{s7tA!+}Ur
z-yaA>%*1dYz@&ko2Lh1Vm+mlt<9rs}O{>9^u#Os_6i<II-X7(0m-JWKS6VKxY2IgG
zN#E%i7SZGvHNTYbAN+lmUlN@^2+2y-6JM&kEoFD4F8rh1P-$5LwuzjyqTvSorRe%j
z&t4u$bxi5_c^MMh+s350WIp!QEb<p#8FcxEc_4?IcU^-g{)>FV_=yq-vyD72Kx79X
zPM|A_^G(BaRO0;6C}N5g<^IzN4benizfQ`QccpNcN;v)1Ph{@Q=o#Ik>7qXx#)DvX
zwsIFqPWx#-rcCeaX`&5AC#aXHn(b;7xFE03f)JH!5tY%yXar(7%F+D*BzzQ`W01l}
z_ypezjD%sPZ+@G=;J+<U+d{7CcgeINuU#^L(T|ntF(uzTp9O(Xg^68`8_9zIYMXzx
zyRhiL+Pww{zz9DsDz1-xnqh&hh(3DVaNp#C{74N|W6T;BD4=scyY+G05Na;5j+n+S
zFqR%>p?`7H22O&`5opJvTNE)5yPHHOJ}qwYxVX3V1X5H77a_}r{n0eB`~ig^*>P0L
zD0KMDnI@KW?tp*r4r{72WqU1gb>^lu<~WE7l+;`x7pf$4*lfVH*#lLMU!H)NX&W&r
z$O0d=`Ei~6uo#Z!nD7oy#c70YjB%WL<dC<BtyK5JEC~jgMC9#a!U|8HOs8lp<W@r1
zy;<;&#SmSwlg$zbn|k`BqFv(XnCwf1Z#9J^nglG19DcC}^iN9n1@LTAO>u<Jv>4&f
z(NJMmNt9XzTgs`tq2;EHd(JD@uu6Ms<fvoWT--k~ZK4#fyahz5))Lh?H5stal!74X
z%K>!V0)!5)0RMSLftReasIwbIcd<^@rdR`?4?Cn<!y?r5EQgB`TA%<DxF3>rG}!k@
zzdwv=(9;ov1RNJWUnD-?&G3$<Ap|@u;@AoSwh<~*Wb9+-KKWpb<|LbaO1*etrM#I(
zLocWk6C;!!+(B%i^cYgjX(bMrwdeZ$<m~73!db4$pYt@DJ}^%>HuS|A-B<n>VB;*9
z<B0UX7}h$0PvHfbF_2pFb)98U9l_V;k&C;_#oggz!QF!E#R=~2?!kfuw-7wIb0N3~
z3+}GL-F<oA{cr77?e0uX&ph4doUZxUUB5o(acLgMTt|+!bYpJV4rB5Tt@9vT_|N(5
z7N2<X0@_o1R@OD|vWn1a?GJ{QBu0Oe)vg<6S!%enUjjOZbPXCSMy6o3E_{41*A7Cs
zOkU;XgI{pde+94J@u81I_rRX=e(npA-?Xz@BqtZBovm;<WkS#I3I`0t^BA$-onGTo
zh&X?zy$orf{anpHMAPY=PrKmsJ<|+MbZW`rH*EU#r{&i|-z6#2dogR~?|Y9y849Gm
zodbU4amDt8GpgwCVrGAwWP_vM{GrUe^kzgiC!jqpKEDMvWKrbfsk`gB1Yi^w{5I%m
zPa1T0_*&1x!-O})%owi?CLEn9!|ShLb#qfX$2Pp0N8YR<qBE?xVAZ-g!fS^ER_NWT
za_}5scnq$lMh(3nVG}4=Fi#DqEKMob(A@UumF)cak~R&v(Hxau?YVH(Gt=#*#B2i{
zQ~CdRs(Rr&w5#eAx~;v^=rp!FKW=I|Zfe%8`AEjwaevF(bnM{RuwLTZ@wcO9VXAsz
z$+9Efw_|*LVP(3yx#_R3{?YBnS?_g-XUD0-{0g|H`NPSx@%YrfVg1AIM@LO_g`tyI
z_O0jK@#$GWhw!Pd-%4fkFC!<XkC_yO`%D}MTr!B$`c~hw6f!DLTUbc5n}S3}r@8dz
z!8vKgCQX&E*LrEWOZAX#2n$-9#p%zD`Ww{rCcHluHacu}??UOtR;`s)Eo=&Xp1RNb
zZ7jk&77hbGy2SIN%cAENhnehl%x9z1wO{7n9@!Npf_3#>jMF0E8tx{-bbaZ@mSa#F
zxa~7OrW~8UHn{`)XH;$VoxEO~Kyon}nz#Gx(a0^&e_}K!;2N#iw7WCa{NF>j{uv#3
z<d$|19DW)iu`7yG=6ddZ3+z4=9?6;uS363Y3r8k<zx2ziy&wkqZL2&NI>MEvzq3s*
z$J173*}Twj!59@fXC;X34SNF1d(|NwM<#fqYl3Hx#!*AbVD<kV+@AR`p8qgj`uyL{
z^2&nxj<O%Y`sr?KWA+@GxKHhW8=kr@BxcO^F{QPYwKq2G-ThYpo&Oo2VESwkRb#@c
zl9JH|9_&J#Eid1u?}}vCMCw#*R(&^asOx)YOB&E*X*`#7KW?Jyi*HBj@gHTO>&t6L
z>hK?Bqw5Q{BenRCa?thlv?DeAk8;uVO|v7_`j7I^^@Z4xD*Z?K==#pvkxKtZ1uXfV
z*^vr=sMKw<^VRgK{mywc4Lf)+tIvlrELdGuZY$Psau^A)ar;w=Bi5d#;LbKSzr1MU
zO`lh@clVK8U`#yyO<lGivQJm2%k;9!>MY0iZlz?6cP!21b~h1mthh<NkEZ;A;h2=&
z=Z0P-DE+C}CqCY_^C6IX@TN%C$LX0mmk}EMi{nJRR49jOR8HU{K7r81m0X8x(D3P8
z^>hlB;bi24Cm+{ZTA?-QC)+>wPn~aj$L|QL3a|iNC@3gIC@k#;1FR01{sAf|D1y3=
z=cCum)xyNxLd!<V!qUdk#@)urk<Hf4$?;U!&TR#fw(-o&v3@FLEB*BSro_Xsb!S;Q
z+rbDZ_^Bb;+?NtN2{Rd>kO-b_%Us&17j+04&UL$>U>LS>W!B4eciJC>07AQae7Y_Y
z*a=r2wSSCBjeDUljaODH1hll-iA1{@U6c(;tNnRtF2QywaDD!<zV_{YC#<xxzZmy=
zZAbn>uie|5impDfNmKfzW!UzyStzhV>yllN+J7#Vz=n>=f6gpZQ@-LeDf!fF55V%I
zxRhHl%uKL`b0e*N`**1cD(VA*Kg>_s@{FOfcc94kr{b45ZAO3ItxSCC`+*F*%mZTv
z|1{(un)Q{Z3hzwUj5AuU?@b5_1N)bn^9`1()@nV+wg5DkuXo08apRkkx>5E7c>t8v
zfT9xl^IW&g!*DCA`Sh6uL3_3tUwF5T*Ajn(pz-jWaohL%`<ibH1KMAN)tdNTj+pOQ
za12nu(b1(kRXV~r_67Bde=R^3W+1gx<N8US3C<Tl*8-EBGkYZJ{?o?$8~I(%=E7rA
zhcDaM>I2iO<tD@y;&Z!xB#+qK!zHL&JIs!8*D3UH_wdk@j<9jMtUU?b79!pDC1gAB
zr!!vT|I&@WSn*BbFA80gWAE1sly1q6iqmgvy*zQeVUd-%T7RL>osSVo%QE$6qf#rn
zN3~7xcgl^$Pf|Ce+M<@p$zaSELow(~$dWU|&=m#oTIa`92FznN=DuMmY~f;qOyTvj
zW3sib=u&xLpNzw-Qim*(F?1=9ewVWqAdzraK*t1M&V?GvkLQx{+@4TOQ-zp)UYcr%
z6tEQK=ByxMK}mSfDZU7wzfe$%DvC%I5zFc!T7rtV9HIg<+~qN1FORC}auSAHqtya*
zw6+&ydQa-a2XTztUgi}`Op@WJ$p~RllzcmwF3gY3BO>cnmGGbn$Gky+_CQ0alZu+<
zi3!_9(ZmW}vdw_-Z%+B<!MkFmvZ%wDfd)}<FM<R+nd$@=E5peRSTh9?eHk!1M%D)C
z?T19MV7Q6JP3XLH=WzB)s4%1x{G$u7kONdleENb_Bw$n!j;*QGCIJe)>y6W{QBYXs
zS9)1l$wG?!0-A{tYl)@)587qz%}EVH_0-f^DjnSX)govHdSoN?mnAX`A)={h8zgs`
z$+d)~%p81obtW<UFkvzY*4#cO3oNg?AHROHc&;rP4s5AWY=vbIrJ*S_UDIX)Xb{HX
zyKs^}Ych_7B0<|C<&jxa9<1#DlBG{j(XO>dT=|XWR^ck%cT$9*f=F}6F7_-x%SZ4!
z%e6~VE(Z_^_((osxna{ih}`YZi+Ray8T4mj&~Iby^ZB6j(8cLSq`i7s&ieh4l^7iu
z#y}K_B`UNpQB`PeORY8xE9X?9I|5`{`o4>p=%O|nF6_i<BGMW5^L>_rI<x-WT8j3R
z0D<qZLN-(zZuGm?Wu5I2&#Ki|ucQ-CRQI8`Z&l;lx(|`$cOTruu(Q?di1J#j<kphB
z)&n|OWU^d;gS;UOkS6+-iLhJ3Vw17fRT4L$<ErlX3$XpFeBb-7c9KEimQDR98^3eR
z+H{8>!FWwM(yF$~d}fI9$x$7}nuP@H_wie0j<dM;*8r$;MOuH-jNs;LTn?*4x7jRn
z<Y`!sq@U(7)>|cFxqnK6*C_afU|{QE$_U%1$NDG?7N4Cz38r_01~Z)nrkADLxL)ei
zm43Io#>WgD3YKA6ZH>0thU#`A1}*dJzm8H$<V8}JZCjd{CBz#&-6B+!5fmRBC6Wd0
z6f%i2(W-tiEUUauRA2htKX9Hy-Ip0$2?#gdkw&3G!`$V;X(9ONQCX_uS{AI$MIF*B
z+M1=n)i}Hv)YdTlHb;Ro(3p!RkOxFHTU~c<{N&#-6LMaYH#BSKY+9n~xAu5>(;gO<
z2erWEOWICSYl5jx(Joz5s1H3K#FGC4WVbNqIe$j*L-3ngZ=PCzW7Ro5ijJ=qX?y%b
zx>7gdR*S35q?HSWf`MS=&%#O4fe$MdCfBcMQ3j$LKTsvKI^Jk=zhZ1>la2<ZQ^;@$
z*=d<W69aVeMA6XP4MWZ}kDF+yrn@dt<1^z~_xHN<HoGzVHo*j2PG~y{BqFAstBGsx
z>o!)tsui*vW)@vx*YF;L0TBGX2o7VYa&hJB;Mbyo?(OlapmyGizz(+u-~IWhEe>DX
ze#ee=qK@_a)XMj}SJsRtB?A5*|5|!cVXT|%=?P7pkK^{RjSW+}`e+i(AOeSa06pwK
zTNy5c8ZK;hdV`VhNoNk@Jh+AmvA(YbcZGWG73s7?sr}CAVL?#nL3J<TOmV0NX&8J&
zo!$A(J733Jroy{yWc}!iPnZS-E#J$C(}Im6>-WmlEM@Z0ryJ%8#dC8^J-NkMpOImk
zc)kJ-y$d#j31pZJ^ms0g=1+d`a_;3_ZxP4VPi9eB9}EhTa&%z49U*on2=pVS1=MXE
zQ*Hz2{mBZhV%9AQqBbd1iCVvawXKs%lJdVHaPx5tzP5fYrj^_{^lkGzL!^&i?N_+&
z+@OfUa1{CBj@n%@RK#_lB1enxu0l($Li^@r#qyF1ZnBSe$16^C5@+={M{vhYs>jZY
zg|g*qx?MCQFkSQQvqJbmu=Yn;6DtG%ye6f}j^N%#eXiy(>oMGD3&)WbR#@uKh@v^|
z^r!4l%ZNg`3K@)q%UMWn8(=7DR;FMO&+?*;MXazZhG#io2Y(vJr5TgHybWaDfz?|D
z+|)_3!eY_wt-*4&rrP<7%#YBYpiMRo;5SeI<0l3P6gp=$f&KLZE&XR(=m<EyJ#gu`
z^tA7|>*(dMtiq*R@rc1`jZC<;Q1fn?p%u^U4uGCI=U*B31(y*(!&O5~ro@FEEGp`U
zSfs}YF8h7o3|qu*(P8|6sy-H#O9gsry5$P%K=h;{iVce#pv^dRMTQs2(4Zp!#tmni
zs~fadGx#MEU%&WR4#k9ihPs3<*&3b!9wo;m79(*(0Q+2Cm$g9CHf7)Dc!dqXGVG7$
ziuzhH_!kWZEm4#23xj`BIn%!Mnh3HYc|fl5>m1CO&gOFPBekdJord`={5$bt_&3E`
zXy2Kw{MeFGpSA9Z*f0;pHx+QS6z;I8lw?Nt49LjGIH^|pK|+hx9?g=z>t#~#Xle71
zXvJc_2C8e0ga#y}HC(r6?`Td5_}$_iSI6@dle2~m^(CV@ysfaA#@J@t7`@WRcoRwP
zJIW@bDN=lLtcvW(!{av`I%f(09HHO%<nXKg5|*J0#`y^>Ozmc)KXEv0AzjU%NPJX8
zk1Xg_#uq7U%41$;;n;5#=cvyk*|g}A;Uobt2V|t8^^2RqQO7+DAuKkJ551`IflyMI
zb48a*-K{_IB>Hyf#`=SWjDMDUoV0WdoD?NpFx!R~J)|%MP0wpDsxMv7G`Pi54UCRC
zWxle$zyAAa9!Xw9`{s5s2{*+%ing%KKyLJQ>nv&IegdyXjpH1R2@Ivc%Wd2L5g0!g
zh4+}qb08X~mm1u)1UInko+`yiVK_|t#<)H#z@&+cYNCgw9uG$hc;MuSQ`f`;N%%=0
zR1_bJMtJ`$lJPr#(BpZsUTc0YBJMa-3X+R6YHLx^D16O=RLgiZ5U#fB%;gy}UvWy#
zJ_a-_N>g?yt!93{F9J3jzvOuAXwF)%&T|3k<CEaSHQ$`rCw7D$rAzLAmLa3lUbVe^
zt(OW!a`WLWR}jp*&r=|;r#Fqq#*_*OwZUm>g&IbxY{FUPT}*S7DStS%mn|2fsj>-0
zKK75uVnPf~fP$W^{~C%z5B?nu%17u&zwjgkgOLM=-QrWM>0?z9QgCpVK9%E5S8+#c
z22_xtuL_rvMH*uEbYjNl)%vNbf&1H&nnu4ZvLHKr2JutA8DqilS7bpEv(jg|=bO4f
zhj9I5jAVzR%4VnfMq?+I@BR3)^~hM_xu<SdID6T91QKaDxE-g2zP&}aZrhKl@x`0n
zE&8h^pJ9b}S$xBse6*OQ`p;!@qDgIt*##*%83|rTD0xO#3IwVpo2=ZjcD=BT(UnBq
z)OY1xo+Jm9V^g&?5ulFi8@}geYyIQb5e}wX3LQqWL#_o6DY-k)xU^v;d0X25hz3Xz
zLNP>surMV{`={AGBCyI)Q4RX=D+sxVcVv-185dK43nW#ekb#WJFnB{AA@FQ4W-v-r
zuvvXSbFRGVEWe|ym-o4c$;b~8j=iDQPfu7iUXJjAgqO=#GW#>)yBRSsrvm-x2q=6O
znsFh(M0T26WuU4X^JJD=(!ly3dn|U&*s2i_z4bVcTP4k|X}1}&M*zdM5;=n#as)kf
zUoxLF+MQzzc0_u{ZM_Zd)4!6uL}_SbfOVG#=cyelXJTiDrMxA-IKmItyQN;AR@89r
zl7qpq<@`aTrUvSALa!u=cW4IJIO|{BFGwB`CM=6nwFy3`YP5>CX#}wFKRtvuDXNTq
zA1028#@?5CDy{3k+Y4Vl{y=HBSS&n$v24y*92&WaPl<3qpH2&D6dd)!vA<f@R-eb>
z?C$#qN_XT+wubeIhgnPiFN&2}tpXA~)H!CmwLF+=0`^;4@+mn9B4I^vM;=y;on&KM
z0L5~2KDYV%Zk7x(grjX#y>qeF$Jy)nVXr0J?FKj}x?eho;EcH(0{w`^(A)GC0aVP7
z7yHmdBOsmxA`p&V($!Gn2*XGWHx(>Zw}T@@t|yp6;9DU48=5HxbpHyQkZqzn6srM}
z4ONG@Oi_1hjn#CqNj*bkrKm$f^u#DYy<#H~m!~ULJK3q}hK*qjKSMuz^58CZzYt{}
zU~ei6|KUu&HI<73XBl|!KjbBG!y*4hx#>TVp0YJi22pCEjpm5CLS;)jS#%Gn7Y-5%
zlWPM6oH?mgN+64<ifK57EMlaytGFkVK-Ii##ObE|L$83mLlgo(^I-4vT@du&`4bG@
z>VJ9UPWaMYZHx>tJ=6NEVKfwrn03*!E)m0hTAJW1?8@FU4l@#e{})hwkbpNdWWfzp
z+|0CIj@UesOv7U=_wg~*n9W&p{nBZcM}^IplP8cls*qTDjQM8S+PsmUA*6)&dfC}I
zs0M>Zh&g1MI(E~uT~hcr>)pL0Jbc8z!cG{NkGjMtbYoeiAG?@@Kb5t{8CAOf=)$P2
z6PKo>nS77=MYpU{QWqeC01GGDuO~$VOK_F%v-S04iz{h|>k*$WKUh#kjL~XC(Ivoo
zQGo)+E8GdDGq`i0bMibwiWFuSijD8@Ea6Qf8=_*I3<5#|%XVW6E^W!b$VP!kCTp~|
zr9ysVTfPb;0$W~q!zmg^!j#@<tU?CIGj4=r_xlVLi%@EPnl2IZV_L^8uU+>8G_$2N
z7@Sd^f6YibnxF8PRBSn2nx;j9JtV{qavE_49-ei^_&yfSOo6H-3S6l)1{&Dtgk&Um
z{Y7Ps1-)+lUA9OQ0$8AI<Zwqp9PGmAYK$J=XqX)R!32a6wt#uq?CyQwAINDW4EV$V
zRVKt=Lz+fRO^@%R*72uYaB8{CIFqyMI8{nWf|U`Vvq&$6Cqip9QxV2^(2!x}idjh=
zFYa5E0gv$m9n-XH%%Z4~@mgw03ouaq&`)vGmz$b8dj%K2JXV1gj^3Gq!z$+Tw~fiI
z6B?)LIGO$B(?wIdPB>3SSpBbtpO}e+F^o@}iJxeMrq(!WIn$ZSVY;{&b;plr`{jn&
z;2{hd0Qi`R<$4VzBMJY{5_dVd(JXFLUuH=Jee=K991~k6dgFini!7ZwkvXuY!}y%N
zRWwWA4KL2Hgq9}tQAe|p(I*aZSz&iaI>cEk^`#08X^9Efj7MKOYT2G;ANEzvd@Yco
z9|S&MKR)Tmo?8w907=@u?~mX|ZTwlDp#*;7$-jib1VNp7Psu33%f4MdYtoCxE-CDu
zD!*xH!nrx2EyYgKOy@NhoFlxc_-xJFLguf8vC(z%cFEAm<ooOY9MCzh8ilg`I-guf
zaL~O$?N=rqHa+NxdAtP<Zk;0NtFnEo@TywUw`e1RBT4c;C$YHJQz-(_UT>nO64rti
zQbfoaG;+r>f<h7~l53{uF!S)c2g`e6H>EMfO1KsLr_EO=hC>2=a3lKO2rDz22xSjB
zfA3MR|9iV-is3?(E)zi5>XNRJ^C>oN1><ka31F3K6L(vBfF5U-gZ5l18R?pM&GL<?
zu?<*ExOOdfpH~%_FRM|R$!Nda>S1FWT;1=r2tg*bTySx1>%Za=xmGt~n$32=ow8i*
z4vxP^=5nl*XxA%7!GI85FGRKr_xtMY283r?6LwIQ56-Y~^NMoGr<>3N2e*MZ7venF
z)b!$+p$NgeAr8oQr{|}2e?%*f^5-pvmpV;~>6Xd$Gva$PY7Ak*rNJ8N2G@*~1>TXQ
z{N)@iq?^=CczHd%drJMoWH5rP$|6X13d_V;$;O>7SV5AZg0t8oktW^*%)>kYCK7+6
zXq)8A5t_L?Z2kw&^U<2A$r2Ss*ltF4=xff#CFcE>>BV^#JR)NXldHG&g@478Gf#0E
zJ!oTY{+Ljt7Zq{Ak%)e<bys<jaw^|aQ_i`zq{H?2KGThgs<waNgU=D+e%>w8GJo~z
z#s{~VGE@;Z9&qzY61#W{n7j1hAC&+RSZNsoWIpr8g`5~FEV#k+m1t7&wb(eNo2W6N
z8MNRB&EPXeSGk*#EO#EQz3<foM8z&C{=Q}|4GCF}3E5UAKbTboUpRlHTC?IaMZ(z=
z3OmX1MR^_jEkP+*?B|hSx5hJPDr=)sOAiacc_Pwj%5lyWdFE1bDMj+My^ilR0f^SM
z^g2fD@bpI@yqR`Z#qF31oTBDg5kH7iI-}*5Ws9q1r>*R41p-*xBq-CJM1c335rEVj
zeQrJdrSb*nf~t-?&@UbeseNXP!lt*5_Awd=sKv^X3S@+MkG#+_DYRGRs%tFKF-T~o
zBf^o-+f~I1$NQzM)?rOaYJ)6PJs&LaML%sdY~|4Sxvne^b*nE*VZ}<J7%nVm|IxfZ
z5We4+S@y(4?bG6yEh~;z(8P<BVy%2nxQq&`Ox&VN@xMb|Lud@rN10D5m*Q&lm(GkP
z<Be0Z3e^)7CID_M)XAgF&%i?g@3MO>Bqma=pMFW8HGD@Z$9v3fTbJkEn@28Ve4;Pj
zTO~ja(@(MUpJ@E|T78LxO$H_P-_JfBX#au{;w}?=SaB69yjHe1<k$OGq!^wD^d4HD
zKFJS^C#M4blA+4~Y5%_I=ns5rYlwsp=-4bu2^VV$2;$*CcvsG|l|EqyzAUOPIEN^S
zXoib^M+U*zy8^J+5Ary#hNm9S0A$%_4IUdx5zlXEX5p+NkK4OMZ4K|~g3m?T>E#gJ
zo9(0|T!R-VYieth<KA{c+>iz3tXMg{z8%~`h!LbQ$+=)bO7ja#&{O^!Is};DFo@$R
zf3aIXYb;1I<Ir*u67qB2Grz4AIPYgt7BqE!XHZH!oz$dr=pTMMNnFG-GE`U%t<7s}
z98?M0hb<-A$BXJ2nSGj%8SF5n@U$IPysk|##vUt%&Lz*fvK-5CbYgRSHRS%{x&klo
zJr9>sbw0FPKS$m$5#YLxJFCP6f{SCIXGQFr%!*jrMP$h+a1N>%j;yMs0$R#E%1N_@
znugGMQ8ignhasyK8IJ96K%d975}K+Y5aJ~9m$awi(y5Ej4_#h{?THjs9lY!zw%NV9
zzC;Q4b<W@wR+k$$qdtS1B*qSCgRo(Lf~n{lO7wjGB~aho#jVwzsjW~|7TbE^gWJqt
zsIBQ!`+F_Yc7#=F@mYpQEJpjXG||MkpJV0JXzfO;#r{$P&RY#?GgWpkCM_)=mcxrV
zzU8wUj>K5qOHlQuf=x{s8>i6rY%HyrHOgx};+A8wCJ^uaKA-w8L%7??);j}m1avzR
zhCEle$Ouza&%1C7YlyG^8d@9^;;eF9|An$o+?KWpojj{!Qtyl+)5I1|^4lOgJC%NZ
zVE1zg6zVs)Z;o@I4y7?i!dl{?wal2GhP;xeCMXRXzM00IvAJo~%y3jDLmf#y6Sk4i
zAvZz5DTzJ7RrXT_UWS~a^q~jM318WmMJ9MvpjJLXSdY2Uf@*ORcFr6=^GQcaWI{8X
z@Ksdl+^Afenvh9wqv;uj3$xV@HjjW5&7}eJT^3@-_sfK(%!IPvp+^#I_uzTzVlKq+
zt81y{>ihI7Q|7VO&}DVK-k!=aZs<+izhSE9{SFL!QH83Qh!*o5HWYSoFv2t1rY)`L
zJ?*IZq;t8x)H`2h@tZi<9Kg7Q7?L_RS1pL6h8MAO`;|v5IvBSh*|GV{?iv~<Wtp7%
zm*8a#F4m#2a=Z4;2qW1h7|0LFNsa+cVVs7VN6i(fMP+u~kt`W~D7gWio1$Vh5*P$c
zDdOtFz6k4X(-BBnUV8WfWB>yMgle&|s`Wu$3@ooG3<e8@b9aY&{%!roZ&azd^BN$%
zyJ9*iS@LTW52ipY-YBNEhj+eoH0;8re)a}f7HxvlIbEd&!TZTz1+|LoR(<&ajg25l
zQUN7Q+CMw5Jgg{OW3$XRw>$%RHJdA~uMgT@R~I2dUm-#oWNxJIO&y&*u~GxT<c3=O
zy)wJ6j>kH39xx5RPoouuaI<?8@M_d|_UXqBkx)sy+l*(6Ph)C<5b+|l6vQ(Ddi7xx
z-Z<)rbAfH&7;3FIY#=d{JHTcmblii124(x#zWu^SvW&AcK6&W`G59HUse*EMjT>?6
zMhBR~;zN0TO7hu(j{=`gxjK-P&}V}Tzw@jjUX!oJqvDcZ$N#OcAexC=*%CJ(jI=T+
zr8YaXNe|wZYSdkDa}mCW`@(000%pjE1U`LNrByTs=c84rD*EkSamejuUe2~!g{{M!
z1x7TQiSIZ}8KcpU|FR|4FsV<1tj|EI)6+~{SxS?7y+atMaPZoC(Z`EbGN6Zx@CS*+
zz&<ff@BWI>MgoI5;c$?(?SZ&?8&BSP51&~Ojoy@`gbgd^c5#Bn_s`{F{h}gGgvn@P
z7h7R8;EQVX@92hy&$z!_iU-8kXr&7SdgPAjjCeW@Ik}E*H{+Z?MKjtJwbGQ!4W5&f
zHI`uB7P$RQZdodH8hz%^q<y{VdQ_#%?JCWWj9R<nDiqa;T}a9-<L@Xq{S8ES)*8A5
zF>7U>xsJobNKnd?YB+QM1&JkPF;xUFJ0tDx_nNA?!SV8@@-C`iV;_H>>Su2n)<zn+
zx`+XZfXBt-_C$x6V!fd6@)ayvV>49|*L!vV%@vnm!z0(`;Xp^4S(Wo#RVG%$xm`A~
zqmWPt`Hj)>Axtu`qnlkG&^JYk+GAEyV5i+9k?ub$4%?B2&h$NVSIgcA%)b&yrKqN$
zLCiHWKW_fbPuy=cbJ$MT7u3%3o8u$>jAA5@t}!m|Z*D6w`7abv!Gx+-VP*80V#9J=
zp(66P-*AOVP&Cow+6U67X_13hJ@d(MQ|RIJzEED%eUXTsh=cedHF=>>#gpd>-KS^Y
zGUY;WgM*|N61=id;gT2*jLXXLAJbZOM|AoNA+|7WlYA0Q!=YQkssFM~P-CEIiEY7D
z_A4+4%CZU>f$Sykp7&9l7#Lpn5sMCU*4A>np8TgEo1ekhs>}UNzBtv<+Nu$bP-4I0
za2e$mZhDc@M9@<^_imolv;o9?>(dI;7_R~cqM%RzmeheqR#&=e7UyL*IvWqd_<UJM
z_U%-$Xa?W49ewP**>x~xTVF|_Hx#GD`=BJ^%FYdz89@RqTqwkXLO#Booc00HudSPJ
z$ax`rihZ6dz`7Q#=Ny9eNi>8+k<YeAfA+6Ji3q{hmbNjsCFGx(JO?o}Vyp1i1qN=i
z@`BdaD<XNXy~SCc)xjQNnE`ao?HJfgf%rXmG%$DLUp**FiIXi6X{!ByPTS^G^s1>u
z;?^3vg~m`lE|vDrwy@Emcs+V?<Gi?<aK6VmU);>xC7Gr(!G?|a>N2D?LRQ~#rZ+?t
zt_~<=^Jo(^YCO4#lm9rx$dWVmeWFn71}7QkS^VzAdxbqc1-dxjelGl6T+eUm?e|eF
zC<#rGiZIP@5uIsKEQ=n+52<hVro(pLqt#`!?ysJr9U-}9>M83GuTwoMYknF_Y)ltn
z@lB<>>th3s5(Xn2>(oo_zdNm7z!AF|vMQarkoFPQ6fCWS=vMa~h=aHJyf(x_hfZq6
zrV&*Coyw*i=4nRXvbH&|cHrc@I>BI~F18Jw{?q-k&&7!Q(P87wLj#U{4O(aXDc%}+
zdrAue%x`E$G_G^GZhN5AXhlWHO03lkQlkcD`)-@$9kz(z$&salFdMR~L;ZlB<QI)W
zSU>+O?|WSPfDWkMA&2SkiDa(yZbCC7@Lig3-ui7in{Us&r;jRRXOcdh-7%%te)zo)
zYFz&p#7Hp7V|82HY%FgwEv20d(ee4mFgRIs1;R&>T>GMf+xf&-DeQP0cg{6aHoGEP
zTo<IsFRtTEA~sWMf=hjrf?A_FqSJe~4zgP}Q*v2@db9k_&Nyz7WocTuzJv^2yTnlS
zc}9kdzr+tUojJA`DJrB?F|lWHdSAJRtMs00ZHw>?oj#~%*dCNxfQY9`u&Y=1@^;eO
zuwd!9?=LVAKb|MqWbRO{miX01;J~0$SoP+vf#az76+>WceZ}aUz7<~e&}4Jb`QkGp
z3M?p1?y36k*;|i%xnygzsjrUZ_79%~9^{bqrVK`oe!U766pc*HjO0dP-uuFp6v)BD
zgs`B60OW8zvM8<~<e<@ll6_%3oahPLFPN4M2ivmcmB-H)ew8_$sJCdQ9(L`R#zb~&
zFMzjJm@^{Zp|P?IpNF#V0=4ifR1wZ|eFKwA5^PJP-Se8XARxvDE8f9=iWN7L_fwE7
z`lQp2P;x7*oVh_ae+~0vb>#BG>92_JYDb4vU__D<7|^q6xJZ>CayVimxwgpOKQG*a
zkA{MTglotc^v)c3^}1nphoe`i8Rp<HYf&OOivokKd61`spl;*`>K`g^Q#ez~K;C0x
zoAvcgGsyRZS}x#b(kOTTY-OT$_5=<vXU(>d`8~<CQWr0vAXLRsM%aDdeGANyvwJMC
z0#o7b0Ec}$5yajwW%FdC9~z{k0-{OX-%k2B?5uj}Nt2vYtJjbh$h>>*k_}qhyJw%0
zyoN%J&)MeA0<G-4umb)`7!Yo=H$<G>$b<n!;Q+v@J)A``U<ESLfCHcPg4DFvFvdxH
zLs+9kz0^0#f{f>{n6wjeX5gf11|0%=)N*SvcvuVUzshw#R@>DXelE1N$}poFj)X#J
zH+j=>tv%*<SIrv{D;RS#=M|A;v@SwFo&1XWI%B{tSKC)UY#ThoT%c&=O|;>NcZ)Y8
z;3L(Ff=)_&8@_JEXQN;CvQPJJ<R_AKMeb)I{P`P)-X=<@Uj=e2^eK59wh)v}csHSE
zut|p*q?s_J-;1h&6&Oc%%4N4ebfcm;%rzHGyvo~|Or(6tGwQ8d;VK+Z1HRsAg3M+$
zJG>H%36Xd-xp;jJuc-xQW_LK){!mhuhSC?Sv~(54a$_!;z@ua1t66Q$$#_`A*FxZ5
z|B=Rnt{m=$<|(5$DZ^F=R0hSdA@jVa+;s=2`M)EHek?C+MSRSheG&Rqmu4x+&Q)Wy
zk-#`c6fy=RphvtWYU15?k_?!;p8rBEdaBAw$w@ohG1iC&-BC`WmRuw~-~DEB5i)*#
zl@%zRqi)Zc4<sMOtsM^d#~B$^si}b;0m8m^<_mS(&h%8-jHJGQ@_Dv=Aa4iHQ~gTc
zX0Kc6bAA|{xm30?J4+Df>z$C7oNqsl<HrmC_sqT?bQz?o01bl+`#;&2DzgTIKIXt#
zbyR35nj0i2tPl3(e_cf(|MlfyV&kZ3;oxll!NdGF1M`2n|G&_g|Lq>~5%m89(x@uH
T!T*;b%*P%6@%Cef{%HRP^E6Ls

literal 0
HcmV?d00001

diff --git a/Solutions/Tailscale (CCF)/Package/3.0.5.zip b/Solutions/Tailscale (CCF)/Package/3.0.5.zip
deleted file mode 100644
index d4391e580d09a10b08a5da210724806e04de8d36..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 66176
zcmY&;Q<x^p(r(+fZBN^_Ic-kcwmEIvwr#t=wr$()v-aNWzc{y<6)z&=si!I;6=gud
z(13t|pn$x6s&(FtHc*Q2fq+U<fPgUnS^eW^V(4t5W+7@~YGG^PY++~1VCiIMd!_5;
zgv*ieBamAl<3^nb!{xcENjbr#9YJR29ZzUBE~UFxL&v#5h715g1ro_vlUedf`7nQx
zs_6ip3M#<!N=?$(u2dyQHiH0t{Op*s`@CZD&-QCRLxZh%0^?CRk@jk8J@J!*$sYoP
zRb@c#Rf9-W#oWu-+E7497&Nr7r*P<TGg9RAemX=ORhFV`md^Rzo+yAZ&iK31Zw-64
zvP9T~3&(RwB^}4+X_b7G*Vzil?*=Y9S!=F4Tm7xFn5jT8Y~&iRe}^9wXjQ5iXHx2m
zqc5gOV0<Td+%?94&M`8`-H@zGHdErQ70$-e_-sJtM-BtEj>6}$gd!68!I)&L2}cb>
zt|FOq9!bd^{(EN-R#l#6>IKFSKcm};Z_f2bd2F+UWOQhn!p_xzfrZ28(ez|5^{A7B
zhe?bpz2p7HZl{dH((NVP)xD_`meCOnqkk6*o)g|Sf@#^K=0sV}Ao!0BQc;8aA=j7i
zO7%3Y)+F+*#?Qyj4=7{0Z+7JEJNbM4ncA}rBf}Eo!*MfL5EiC8GK3ZV{lnnb3}P=g
zm&fPZ-ip^A`e$g-*gGp>9<;9f91)rkFlq3Ly7UaXq*dj!=uomGOsCmk<iQaA&XwJ@
zNcaeJx%-(Yz6G(oCD4(}KKhD9%4`)wDOBx+7;B>a(<o`+Bkp~4a{$gbQaPxy+$=Zj
zlOhpI$1w)zm_3CGp1*{ZNpNm)8S|N78Js6097Y4pd)_Rdxg96Qi4QW23*&SO#8kQO
z;b1}zF$`m2!T@5FF=rL5r_%UZkoJ3sl6w%ZIs~;EtwbKzU6xmbRQTrb(19>CkCnGZ
zb;62^L1s4eSgc7D6vD5%s6R@ovD1qtE3eX*2{vJy)J7yqFOQ;EkM_NRA$wjz^K_!=
zuhOybQ>?4oP8sp#HG8i<XFjtbvq1NjF4p`ZE{z9?7|J>@67D*%&fWlmK}=!!vbrl!
z=?nve!5mjP1$%&cN(pFZC*!O}wJ1XOC`7$L9wts$=r}=HPbchSGdg!B-3;UAe8%<~
z9AMxMr`YmX|2R2XAMy3#$kXVJt+=Je=#VSx)x@O)OHZgZhdQi;b>7HI8Lr(S`6TWf
z8|PR5t%n{K-aTgHe7?y!0hv89Wkhe1E$~KRX^CRcgN{OxbcZ>nCh?M9mzzT5gxrVS
zq9KT$agd^67i(%6-c)g>CvoCA%2zNpkbFTvj@V%(<4lY~ZjP>ql7L6yHKl#QB=`;n
zgpcC{8ML3KEIc<(<d0P;8CR2Ze2#Bi9TV)$qcJEsOfUgOBG|WdZ}fAoZycX&mK<6~
z@3Wz`bN`Lk7bpW=l2IU`7)GE$FMx_|Wv<kJ5cu-?y9luK7fI{Ku}ZYZo;f5{ZF&a|
z;qB#y7KIG;H5MlN5fg!6ez$f;2@4#2oZ;7evNo|#&A9w_XCctlpkM!!k|px@cbL^#
z=2_DWuEQ#i4V$H14xk36?$7M`MA7TOY5LS>%vXmCXj5{)2{}ZGyA~~>*OQfYZPyuB
zyns^5vvQ}zrkPB9!4~a7=Zk2}$gg%gf+`jezxvD@z7^E;`{<z)*HV|AjrSivyLg(F
zat*N(knFKwRGHqyWwJ&%P0BYtQ?N)*uyNkBJkT>7pc79JlHCbmxuEAEtp#E+87;1f
zU+0pvl=!`S`cX9#N9nN2qSM<_GHF{}AZ8WIRJqMRxFgn&wNSw+1macFk=c1X0^j91
zepc+ZO858x^|HH6yv+T!BuXu=!iQ-Qt&`LQie4uv5HmU_WkSOy^S{RZav`8a&F<sD
zx6E|-?pFrCMi&j23AmSN{$!^@`0*Lmn|pFqgl9f;7hOD|YU%ma?f7jF1b}g9wSu6k
z$gN*Y>rXTAU~N)|WZqvWS1a#%+8|s$p{B!MH!J?+N8Ot#O&HF05#nDHUL(Hr;#?DM
zUi5CYe~UqK_;tR8`Lv+wqG^$ril>%()~s`!7zJ}}b)x{AFeqo8^FE9Wf%~B$(YN)U
zOqz+OVqal7rJuwtv@X-w_2-3vd^j-GO+%Gu>5h}6eNo-Rob69v2q*C&_UD*|Zg(^6
z-aI8@Z}I!v>k|_A;5M^tIKAu4%mrJ8PrZZw?X3>h=@szLan`uyEM~&+0_J)7ejZu)
z08GziW_y9=ZM>EPZ+bPdxHk^6X!<<8czyXoP61CBap|E#&|9(@mAXWZE^iQ#R}J1H
z27^gWiBsxA=M`VI`OHvZV(UqdF1YVRS9yKhtZ#RufIXc{;lttgI8E}5MNip>-)y?I
z%h#sl&Q5Ji&fW*j!IE?p(nXEHL$d`}6?Qi&yC&{u_xYW}DCfJ|wVyEv6sYRWXc>Yn
zT_*M2r8QmR!Yz)Vk?1mmsv0GsBBE5fn(=8hO>Ik&v*ar)7x&Y`MpFxi+Rks^<J30?
z4<dg49n`6)42t#@^&E`Y*--2$X$^r!;Yw4@xk+6@Cn#cWxY{3gwoEL@;izn~K9$h5
zV~pY}3J7!9Eq3tJCk;nz%~jxr*p;)MZ$Hb8lR@~&mEq5l;n!xz_?E2HVwdQMm~XCZ
z!O0H8<%W^6xRr>Xq{|@TnVZ{>epm{fLEvKSh|RWKVy5@)b+FUrYLDGeyWrYt$f{d8
z6wQ*Fc^<E49_}Lh4h@g<#<W^G+`G$JA8|@O->i(Die3rsCyW4+`KBqe?n0q#AU?LG
zn$~G$v+l+iaY<efkMPzoC(mXVNtm4)x!5`+K^D;QXd}`r-dI*lMWPqbyP^-!TbzEM
zoZ0F#St;%ET(4}qy7~C_^ABJ+sn+@f@3x+7Ws|fS0nM8T(;puH<g2uglrPwpk0tN8
z4dmy32UcRvip5v^byc3oa)u!|gER{FO1&-K3*~D%7B%I>j^(AW2v?nmx;N$%H4N1V
z$C3u&w^h5XFM*L+Z)=V`Xy6Lu$x9&bVnSD>B6J7*tc`f5OARnelal%HSbl9mpPqf4
zggSJFx3$%6myLtE>rv$Km(3KWTH&><M1JFquE7K8p>3{)L)hKl|HxOzJzsf*bTJ0;
zJd}ehbRrmlR$l`?9N>1OmI8-RQ9U#2YXzELxzl?qZ<5a(25O=%6*fHny8l{NLhL@l
ztb^>Y1@hV*0%NwwjxQuy+s}rH*VP$NvW{k~Z`7{9ruj*EK7XYz7t#wFqkrV(>mLVk
zDz^`hIna@Xu)n`wq9%fujBTXk*v*&l&m+&b521nthPg3#bE60i3i|r`&U=1L)N_5m
z1o5;mf%_;=rn*w?6uJsyaA8;gNAkY}icy#b#UVkq;722mBUi}POY5Y5lx7tf#o1ZS
z%cf~^MH-Mb2p$AJ9jQlMN$D$(XHhLeZrE3u|4wA<83>)!%hA<QMzgRO)xdCH`SJa5
zix?b)j~v7j)vjgLu_&|-VvQ0X)uXjM1Z5Br7NM0C+v!fpe!^NI{e3CYGA}%HhLSZ_
z%eibS$30aQq%8T4x+BG*$}Q3tZm1X&2M6M*Nuw%WK_X^u2j#=&{S^y*Q@D7#&eNkD
z9rG*QrEIQp`w_8xj+XMp!P1$plt;a=QxncX&w!@Es-DUzaGEf4_!o@k#!z<rWvKH(
zXjE>4ZB{<%!LnTVm}}ba<+J@60bL5Q_r@uL?%9!WZ;je}vuTvK_Uy^V-@4o=KA;_s
z$h?DGSN=rvN%It0J;Gwp$l1Fs651^}y2X0aTbDEn8df-o1Kha@B{1hAl0-H|!khAe
zj){uGv0`ah^Wrjvl;UV1MDlQ;2vU$qe+buJD$wufZJ;J>be{emZu_4*fH8I%ainkw
z-@G1nA%;x<ZL=Dg*mE@~ep-`?+@jT<Ol{HgnwRIEJamT>iKAH>QS7>YJ=|;nU7Em4
zp2Re+LLw5kcEySxp9su5T1A+(g{6Ms2tYe7rq!_)Pubj|(40T5p7STSmsN~MkvaX_
zRM&^BT!x10Ypeo!fSWw$ArEH3wFq(>x=m>dBki9CD|35y%?1+RpWY)J_eb&lndrd)
zHIB=R62C5mz5yGDlHQaoRZNQb+ePHGzeSKr(7!vUMUQ*q*R&Bogb<gDbr6%w7$|a%
z+FaEOT0>H7nxJAww<Cc#WtsbiW@5eZW6^-ABxA055Hod3O=wQ5t1Y~mzAcEFLP#_H
z2{cQT0$oA$mV9%*F@N&eo9Errk?XD%otdQno*=RX-*)fvvdh?(Db5KlRFF^=(}z+Z
zy%g?*ds34BUqON%u$=cKQ%9wE)KPQH`(|@i`$**yk}y_@{0bE51P}251Ci1vA!Xep
zam@MsYTzq{OrZ7h6IPU;%P>*|1XeGobdA-g{R;)Rm|80G0(B?;rIh)6YTOPn$d3JS
z!F$O)9?a8zVT<XtyC*=G3(eJ-!vy~(7y}JUiF5J1xvTM?9-zwpyaBF$2`XV?bZcYu
zx34IBm5G2{m}wmai`43ZN*(o>gm61pb3_g()@>$9So13^o7%gKyJvgt=ShZ3gJ9J1
zOMohnG>+<N=yozfIn}V_@jU%IT+=+|w>WL=g`KmBRjn&Xt!klz*l@5KTg6!%O(J!t
zsa7D}gJsmpgM~PR7`I7lG`u+m1URfTcyhylI^`{{xyZ})y>`%<dZzzbC6+nxl*33$
z(}JPTx_=HW>qW?^`UZ$n1l*Pt7#S+@(4e=5Fp!CKhM~ow>@jElR^n$s0KZF}3D$Si
zV<2(|*YE}vEb2nUkYTiHW?!Ud*Y87VEhMJo#Irb5JnD0@d0N&yiQd_hERQF92Do-s
zI_UKR=OPdtHzHevAbmTKAWRd6t+)cUY~dn!5Bi>MgwN(^2`^A!?(N7>X*44C1UL|w
zVUvzL9YpCSc!r~8@$Ixyya0qalypSv21C3YMp4cASXEasS)}d_-fK8`UXT9HSJiKl
zdD<9y<+`wi#4n^)h=HK5XzSG(hBnsGg8b9l&{?;-UYFZWGsA?7__0*U-Gw<GEM9~@
zi#paKI(x^+IC;!`;TC&5AI?<l7Kx{LWLVO|kXR)z$+^B@Dg<Ql?*0=@K6KRd`E2+x
zJ49<-huam}2%N_Zr51AAPtWxEz)HAsc~9OLll<n|@1*eAw|NKBk{`l7)wm9`nu8$S
zXAI{In28f4j~*bQb3-j`nSCi07nTh2ESIbw;){SR*X@rP&@F;Kb`;PyxWHU~s;P4z
z#;6b-fpvt|nTg^71z_n)VvJ&KQO~T4$MY#H8;CiIzaKh4Nu>((U1{Fsnn^Jvl1Hi~
z^hOlAG-1-H6S`@Q7Qc)o08qqBBD9pj-*bV|vUKHZpON)DK=a;oM?v-d$kHhf;Km6e
zsLq9BLa`n~z8Y~6&B8RIu4s8Ze6{!eU+@`|)iAM<H{o$;fA2hutVS+Vz$iOlQ`l=#
zjE%2cOv!22yWrp&bn#_};e<MZbK%ilQ+$FSQJCFX>Qts4upY?(^@W)4UoL8PK-)R-
ziDsXA`nbc6aB4Qzl(&VcMLH<>!bDjsPIuii)P-(Z8AsK?&ZG{p>Jg_E(Vx}OP$9uy
zb}W!$e|cbbGx|MW4CAOYtWNaIuC~B>5Xkc|Csvs{7xOWmk(1Y+3{{m32KzzqoBr~U
zFo9!=-n4yxA*X`9puUD1du{%3l?Ype=GZ_Oqi9-K;6kd#s2BtR@T`yQ+@12YqF(JU
z^3hVi#5RZ=I8Yq9yd-jb&jk%j2MpMgD)bYRmBUw}_Bs)pXM3VJYS#xCxmj&3q$E?i
zoz^qe--(Oa?O**H%MHos%qA%8Ddwpc8OshvFD>BCK#RcpB-N8X+ss2^xeB9l9_eNN
z9uX~Ah!s)J91P{XSS9q415Z}d+agBd{+$?#nk#HUb>qr(0+@d;EFV(LqR=xlL}A5B
z4JH+!%9tLi9oAj<UGFg!uIj;ejLH=V2xKUE_`_g#^ygd1$dY%Hs>Znm>y8fNJDIDy
zPswmC6mf)M8I8447hSp6QtePs4XwbUG+U5E?hv>W+M;xw49LbAsZT9EvLzSuE9jlw
z?;8WCwlnMz%j3~FEKH17z=$AGGTDTc;z4-7t~&^DbW%VNx~QJ&zsY8uRk1Dob{7ai
zG<=?lP!G$BHtj6=k#IGB(P_Jr6$=-stF=d`eOe}_c`wTs+Rg9zFkG#-zS2Wq*}r6R
zLy>lr8LuEgozEKDD<1{kx8vg|lX&T0`F(?9uYX3~xUeG^hp<v+Zi$X27bD1HAIrOw
z5nlT3>94=&)_|>Goc_wfYx!FvNBg}6amikAe<4?p(C9NF3@-(Hl1)8^xURPxHD22)
zD|(MG;X_?sL}ajJ!TH%B4^)x#**tLly#+PK7#5<cDu-!uC?>|2Zt1Bk-}HM9!bn0x
z>P&?lJ;Gix#2F!aZ2V<vnJaZt=}YccldX{4T@=Hxv39*jTd$P0UX#pwpImee#X>@r
zSTSro<8qd8H~AjX9KA^}fg1Sq@W7ypu`zqQDVBx&lF}kva(>)#$HV}q&+V5Q{idJ#
zffjdXQPV$vN{ZH8E9)oKx=Hsisn4G+vyc0WBA&QHo^?`jJsL_qzf-R)*AF9}PWB0G
zr4*?<#KLGJUoUBdSxrh@rYyjr$KNK}&7=Klshp(HH+Ej*-Eq~i^pU-q-byVib!enZ
zThR`zF%cDSD{N%)C#2=@J6e!?!ZMenPiSeGICfpRdH?A>1;2o%rV?(ID@{Fr>!KY1
ze-f!aN8<IN9?{T{{|KEVG)yTt$g;ukvwC76vH7DGo~(ti+($%QiO_F3c_Qg%Jf_Yc
zd5;Qq9==<XN97d<+F7*QtJ870w*wTY>B3NOQtm>IT0^d4D>~r$P=q6clZ#trY!uvV
z>4JP_q6yXEHnJB})P@*bl3xd<HB|0GZSS-MU@VnYs4)}5+EN}y8Z=%<&y7;4-k~u@
zL(ywm8=A#hhQ$-~wPK|8-8G@6Cr&APL*U|`tRb`6wg53m%!gdT;&<P5<{V-c{+Ufx
zWP;T=Rz70#RqL09a;&4_&J6|*a(B#=tsztlOD^_04N6?=S5l$G1mYj4C;KYTPH^|8
zdy|TS+}Ef>?P&JT@mz!1#bwjK*AWs`Y~{zlt+!z8a<h2#uHjcI8Na<{@fCdexxz3P
zVHamd?4@9S`z^f7<6`2D59UM3*~gVGOq4whzFnhdxq4t!@(_m?t0lo+73fSfF>`Vx
zoYUs#HF8N$RHlGm(J72^^}kK;VNZ?OTUUq_Nn`KoZp7ix!I2_}K())~>)k_oeK!=d
zlKhkaL|IjW4*K$wt2y)OD2sEPaDosi$-e!BS9c`kXC6ubi&v7*JQHVJC&yD;Z0`i}
zJ#X=?C@vG#Y0MEwniJvC&2FU91NoPD3YB`|C(ChQEw`$bvUH)b(PXvb-|7+{AA_Lp
z99<o}XDa;HjA-Jfrio(C&<RDyyY)AZ*d4zd0w#lXJ!|P=Dzns>v@QABfyi!9iYxsc
z+wp1U_sY*yE2MO-T#;Qdl+A=1xQ!MX6v8nHtefVyQ^cnpp8ovAC<n)MmmPisKOR|G
zY^zo@Y;<%>klEvrTTm5M<YHLv5t3N9(A;hmzo>ee!`$nK(FaU8I_kFDW$emU{VApw
zKK#w`0mgxXJ+H1Y6!q}?88Mrzpc?-knlB4Mm5}&8rv<u?k_&0$4dc|B=z!;i+F>{~
zbMpPMxyTw(68z<*SK|+{tr@giJ0G1H)k99-J1hOS7Q61surL)m!s#Ow<jYGsKXjIB
zCVfIxO+-Wik3ms)AaQh)L2ZnSa}Q8&%tNY3fJbFWQ0<`c-u2K>=wX*Ut-$mlS+hVu
z;;KS)=}3=KM?aJL5Y7WzzkvT?4YmR4(W%@5ate!d7|6v_(9bn$4hbYHk4Pq@kqMVJ
zusoV`O-SKEVv=2&6x4p0w@fMSGlbYcm#DfDrjqi;m8!bOF%J=E%2Jd%f776w3=mzZ
zhN7TzA0wgTJAx;MCTj2*QEBJM&7fQ|BIM<__?LAMm6m`vp>5FRv0lTXP(FkWT6g}W
zWsd=VrlS}Y+qZ|cFz)<$I4o6T<C*yQe&YIFOcRriHfC^(5Vtn?vC3ZAZa8i1i!^IU
zlj`Zv_gct|j7ca|bZA=;`sDj+WSuGd^19hPvAN?*omtM8K%i%c_DOWejsAe1E;v(E
z>9f7*C6h$IO22BRwQf~EREO2}s-%UFO5Fy{!d1(vu0Zal63nv9BPD_wb!O+Po?~TK
zXX7gc)kXA?jsl8%RS@YsW_BonptS@dH}v9+Q>?pV(8#CxP8C@jQ@D}|H~jGU@&ioR
zD#S0ksr6}9<9_H38kd;t`o@@g*%N0PnJr$>6MLj!M@p*N6!$u6mc#PbI7UiWFMY<7
z?0EUo0YFIA!HdSR=iZesdmoGEN9i9y?`|p3K({<w`X#N&5pLLaQaPFy%95dh81y-7
z{x14zGLeQyr_lDp0lN2tKb3=drK|#DxUf%Bqf;+xB`Kb)vQ;kD=z-B~lFX)c9M`)S
z6dZ(PgTp7ycleNZF28lC`pFZV>6vBzKss1etxk%)vT;w4>1p>F$yg@<oQ2)>O%%7t
zyg(h=zvvCBUX~%*qK+qbZOyrH?FbEPzJARL*H15{3DP`taqknE|5l_Tdk7(<_bsHZ
z3yVBo88|!n#xhcQ)lHDz92;Qds@pC{D*)9Sl9cdcRU?b5yPXFAGn?Y9T9gr-2bt}U
z#BrnHTG9E5K6C%En09J#z_TzfgnjoK4u3n_zx>t)=lFhCnLuUFi^^QeI7OcKD>tXJ
zl0!nZ>4oM1(Yn=n+R>yyO+Y-?NdGR6-Sqw>(oU<IyOiI><ZL)D@^NCYYc?tCL}6z4
zc62InCpTd0Qdqum0s>@&YrbWS6alC`BSIv256*4d`mA`f`~8qtzKH_7R9J{OnXbYJ
z8a@|C+lDM>TW*Hm!|}a=U(K}8Yhh3KUaj;<$_mxeWr4JjI?%4XF-MjOo0V&G5w(y%
zVlx%884>D1{T({1Tjn7mQx@4K({W1PjSsf_EBI$^!)%(Ddwt_Z<wT-32RSk9j5T+B
zS(AcZ{*OwyP0gxunHt&!bf11EX96!xbiC*%m!*~W<akfe_4Ub_`wWAP_u(?}OSnJ<
z71_6wTZlpg?TsCGeQHH@Pq8DdKCQG_qab5SR@@pOXMH(<4tIB%M-Hs4vqMbS9p@C8
zqpu>;or~@Bw!cZu@cZ)ZsCnb}%6m=3u6|+tLcX1|`FzQBJ9lXa!dyPCMx^o4;~<Mm
z{t8z%<q9f|_lF<@G-*$+rtm)<A(qJ?Ip#?drxfJ1i9&Fhi*(kSf+;?I>_+J8wnEi_
zRAJq%G5kZi*_Z~yG`M=#v<H&{Z4yUW$nQmJcJl7HZcCk=<1Ms5F*gsIWh!WmA&kur
zUP1sCIa1uTvo0Fp+U%qtaayZr0h0W$MB{Kqj&T&T<`gAOX-Gs1yi7@uo<d{)$O<a3
z{6dQtLBr&ueeQcO*61H8?8t5+nn@g0NrFkts~nfv2W-7XM9L<+yzOQZ-Qe#V)E(#2
zkazLg$OY(Z5^wzoZcm!b1qu-c<MOv|l9w+ce_92oB-(Y!&qfx2cxH)r>wXfCI0$BI
zs(I1$X{TerI|S$1H4CgTax+K$#l5d($t7q*HqDRFUsz;RrH<9nm5V_}Ph(Wh(u2R<
zFw0w$-Vl$3Pbf$ut<YzWsIO*bNzv@)T+kBvJukPT@JwS{#|&}3967*|HP8gr6~fjH
zX+Dqx^2GZIsWD_SA8Wqq^j7CU7Ko)R-r-ZtQVKdGc)WZ*9d54gD3=4=bi%Hp*{~<E
zIk%>rtb0TTaVc55Vp1<7o8TGd-KA_xN8HZb`A&(W*EMOhNjL%)a~@YwuHE19KOf73
zW)kW(RXVuL-Z545ViAjnP5fUEZ0aOWFiOwf3|4mk%n)sEw!yaE?iB9wy}p7!77<VV
zEjnruV|$7bmq~BneUfq(P8RtEbQFx22?amtLs7nsoYkJ+q3`5+1^V=9<2PQxzBvEZ
z)|PtJ?%cdU&L$$j`ci)>psdW^^j2${mNwSCO4RyD@X_ov?CaWnsS{g%f3Mx-ei17E
ze}i2ohsBTW10W#NXec1$e+IiYh8DJ}CN}og|BQG4JJP-Mu~ONPY`lH>LRaZ3jhI~D
zr3IF+KS3f2Z(NPrwU%^kO{izZ0Bty20{=7p@cGi}$uKXOa`|g_Z10zLb9`~T^UI_2
z%;Tf;&kiG0^;fE$P9m@#kD%3x5Yr=~tLtm#6|ifa7{m~C%bmz+yv-o~U%PMlYUM3P
zb(|w<mr*j24SbPy25dMRytpge9hdJNE$DR)9ZDkkTgW@_bM9F=mrjtMyBSav160V_
zpP#QlBw;H~xEftV815RYbz=iC(r5pPF{by>3(g@ZotYi>%~|M?rSt6{g!&sqre<K#
zWrhoPAf~t3`C_XuU>AHeC@7_!Cq+z^4URgw*^#@uOhB_f(mMyJ<zGHtBH+7EEV>Og
zCRXHbA#-{xL}=C<NCFqSxnD$L*)01S{ZH$_72<Ys^P~Crp8;2KOYaM$J-D6_9vAI<
z_J5qTUGG}wl{0t?$aii}75y8R9YE3Ehv@S4u!zEt64R*ckrlxW?GzCLwb76S1b1dc
zF^?v#IGO;Cqwo{8Qg8UrvV&~lZ$7yBGhj-ih*0eLYG^vBk3NT<t=~wvMRWn5G2$zW
zZQ_d(6nCfizm#^IAgf;2kRxb-)b?(6F7?IrgO@2b7V@n!0-fg16b4=3@T{x+$T0pu
zU^;Az^&BE{k@3@{#w++E`)dOIf~L9;mxFWHVjPZYsAuS{wX^-^1GPY3@y>E=mw{ZF
zX<$6u1vYzOSrL{%Xc+}&^JeX!AP};#bg#L226dLo^5-531%8r3LTGf5ytRfz9Q!k3
z6Zil;;?b_x5<q7jT=*tg^jTNR&L_an{u~7FXTD${Vq^8kDKmq-sb|pLi2rfX6^V^7
z66aQD#>KAEglP6pTx9X#Tbz5;uuqc%w!!F7PCJ*(`I!{ccp(uV+1LVd1s{trCIR-W
z{q4bRcoP8snd*8?REZrd37eHQcHjeJ>7B*W@lSTQPVB1PRc4Zl(S1#Evq48zLHor<
z@>K~PQE%%MoGw5e&P1QdLKA}lvZ1xX@R9O;-==(bR38nGMCe^<3`j{KA~>bJo<EMo
zga^mOx)m>1YbBr;HC)24J6M&PfUR0~jScJO4;S3%D5eM5TMFHnIzK&&r<3seVm^>G
zo6y_A0Y|#-_!AnOnjWcg`4N$l7GtKkM>iVxV{Y7Sd42w@8$#R)2YP~REu@Mih}cmk
zLyHm*>~O+ULSGDKYe<fO%T&HhzA#A26TX`G2haGC|2sU;rqpSd^BHvWL<Jn*OH9Vl
zgBwYEFMho}d(>Gd%bTX(tW~%W8uNYprPfFOrB-I5?gNt#*$M-J=5i#)%Ca8Bic!7m
z7uNb=mzzjbUPXo9QzO#sl6fb#)svkiS3MUxs+XHv?Mm4Tpkc1|D*45&vaM@n=<DA1
zVM(vi=s7d_pLq^(Gd?x8DmWUcpH$RrVLvCyK)hTR(7DtxFnv?af=?Bg3es2#L)egi
z{A^+dkBYwzBj8Z)vbbFxHGIgC(@K<qcLgrGX$bz7UP>0p#YNHbH&DsbJooeR8t8tW
zuH&pIZu^qvlDQvP-R<v3#eMu57Sn@Q^54~oUD}!booqJSN95y`T7P!Rk}KVJ=+rZO
z8aK^xx*O_OHYtmCF0Tv|Mmw8JA8O=Z*1NQ6|GGWJ&7N#&-E~!l%x`vS=k|BH*le4S
zyLly>0#;cj<q|KGp|8~@mcEW{J=_Rap7p!eZT3CsW8E%hh}_sZR*ttkl^oS!p?$Wi
z83Q(#ge+{gZKig&LfLN`628Q%^*3rSQ=<7Av}=|C(&?<vQI009zli}6Yu3MMJ-RmB
zxo^&$YXP0nf$r*v|6tgl&2(x}0RWu<?5>T)W8L2kz3M(<mOeV$R|nGVc8eKDrao@H
z)^Xpywe2tGYUnQy?yYZdU6pg)>^JO@`?~aGj~=b<U|p3#|Cs6I33795_DD^>RC557
zWkx$T|F%oY?5usB_(0#J#ickKtTZiF1{`c{{hN+XZKRuX;{2J;&f$j|3~8r_>q_jd
z59v%dO{v1=%1roqI#9u*Ep@MtBWX5h<7>~Cr3DZ5QZJirAGLo2Ya>o{>64C+x4N;r
zI!ghaRYjT{I7Mqa^eec4t^3OEFX?tI84%5xgRSoW<5d4Q)a(B^zu~sGR{mpsg(>5h
z!6UgA@BYQ|W2Vk@_Eay^?Ilu+#r!`SKV<${`A@p5f1BdVt3E1FYA7L?_%Z4Ws5+%~
zb%jvY;Ih822;`QbHQUb)7{!1_OrTWZIooIC2AL7m0vviqBA#DveQS+WC!>$AEAO{`
zi?wQ&Q0<o;!I|v#$}z&$zAl{Xl_ab^HKzLeW$Z^vLKZ&pcrW6j(Ps}0ekWbN(6+5t
zk}q?GYGNo}|E7udM(_=FV$c45;%X}kV&|hf-rXhVv{)Fh@I}aRSsZ~ecVwcS$Y(td
zPd80y0D4d>o*&Z};~lifl>d3h(^+)LB*1X8zeUMvwb)}7fSlpB{{zm-m4<$#m@%i^
zT`|Q4)U0fAm@(rHt8ifOKNb;=e_34qWx4!67P5arN~XAM=`0R$=KhIj5;cFUo#_|D
z?>;m91qsR6zm|z1|KN06HOTQ>Ffm9|snBv+vU`V0-Jx2&1{c0@ldSXWp0;acgM-F2
zdC@U8#^WChv41i8{>6aK`X2@<=l?Je$Zb=sx;vC?)8v%5uX+cLuqL>tk9N&CLl(~T
zbAuweLl*{(5D@eNojB>Uj!$+qAswpxDIgmQ@FuoxEfbReP~mp#{FB5+&i~mP<owrO
z^uPA-M*lB~dc_o)T%ipXhmN-_Sz~Aa^EUpkuJr%t+G$U7q4?+d?G6JmuB2nV|Khs=
zHmxvc>?ukYdcV6P3#Jbr>(UPPhf%V||IK;g|8fp!N+*-oJ8!4N=?VeYSWy0NC73z>
zTL~1U|E+|F{S7>h9gR8JOevJ<O;q^p0gx(-^8X$`3)jEO6aP^T0jVE`G%)avgkqQF
zaG~+Vd$nAz#o%#)b))_P-)Ngu*{xo*dAefnu~U|D1XKQ!@ufbJ(_V{3vgiua{^0dB
zQ*^t~Cm7k#jGa_%p^^d{+Kpq80pF;@^89{8QT{TqS{3iuyu;)=p3|;iuMpeN97t6e
z6o6rJ!9u0IQbI>-(N*!{CY6|Uam>GoYJqh`Q2sK>w#lmh^a6eT0>?M83|mlz0HKv+
zGnHp8lG#vI)V@Jf``-EG7__VRhHg91`~bnQ;?-%42&%feSZG~HG;wZ_C$@GBH^JUa
zJt>_Kx^{W9ul~j$o*YVGk_oQ#8xoX$;(9vovWDG6bKE!aa$mi>`!mF-xLjgw>tAj9
zfV@jun~8=5_tu|^R<p|!Mgy8o&m<qU#dSf@|AhaupTlm_e)oy)#x>Pjr&xWa<XTH*
zkr(ifu@^H%SN(s4lIc6Xkj5G1zK<cxt4v>GHnY$63EGt^rZ=mVo!+4T^E$waDe}9#
z#(y)nh*&2)@Xu}LpA{5}?O@?Ba=IM)XJ3QyihD={h%-;w!aQPw@BlA|9Gz8hw(z<N
zpwV*U%<iJ8gpd~RYGp_Vgr``}s%N3xTK1KO0OPrs-Ap|Bd;ut7pq0)5@YB^!0(@tv
zZk}AF)~Z;&jzaG$Vt>(fc!?%<h+U04{})kCvt`DD-9;=dRkv&BLT#dRm1**0q|!HC
z)h*g_VRNuM$ME@YzEu&mrG80JAc2dS%~Zn|abx*p#Qu9F0eh6?o7xPSiS_lKWAF0>
z-A%$*jv)@1xZZyl0RLkEXtvbqvAcMbMXl$|u>iC@W{AEVV=rGO+Il1=YTs9hhAs!k
zto~ym{eKpOCZ9<sOBfK3<C-;O*VEWIPy|N8W!$<mg^7bYm}^{e)_7=;#2Dm4!BU8a
z4yZPBO^Pm6K^F$C#8)Tx?P&_}Fk}Ps#nF@XVSkmxdM*s~nu63oGy^E=aQJyD!^hue
zke!_ty&mVH@m#n2=wNR3nC+9i)5w(1t!&s+O~pZ$4d>ULm@VYOq^xAdikdZLCjxQ;
zKCCIK>FE=fO<625BpZ5J6Jq=3S_z{IWfNJ#4@5Q5Tb(O_0<@EMiKHtUT>Za|p%f0S
z%@v}T3GWJP!BR1bB4YNFAD)QSNFG;cnz?6GRS7%~V-l2fl#Alr&(V~_f2jlgJOMsC
z9C8ATpOMH7r`L1Sfh4$GQ1l=vuu(=IXR^)FRxbp`eFX7NDdbD);^_xV5CKV|FyyR&
zO5uB6cH8>l_3?u)&id&cWG#^yd=$n!>36tieyx(?Vt@`dqR~4rc)38+ojbEbsLnVU
zvw4}~r#wEyX!v@wmaTs|X*zkp=st^cv7uVYbS`&Sd4f5K+j1}J4obRwLN0|#@TZE!
zT~^}roD@?6l$lJHR(nG(xkCYt0+Khh!JpaBad`r2nu7P%K$}<*0ei?t;4wB$8Z(Fr
z?_t9)(OBJ5h3Y9IK~$X84i=d!fy=eUUJ5$1&3YcJU<CM)H4~c^$8>yr$X9=aIx*Kz
zo{N=_fUh0C%fv15vwhvtXP1Aj+kSWx;vk|&?D$k+QC@FpZdGL-n0E8oZexQU)c82D
zS`yv}q=5#tZ0kaHC+-E^Jp%wMwjnq-+Z*CnvGrW9qS|&>8<CSQSB&Z{HmhDQ^zR)G
z4r@5grxzu!t<O*AU!dPzgnBwH*E6>A78hG9dn>dLZR)Mh+8h$UKVHk$uUo3*Uz|5P
zEH1I1VgcJ53cWd8+0q}n_K;uum9YS)b*$W#Z>U~x-y6T~s(Hp-p6!+Q51t37hiC8E
zCV;2OP1SaJ+|0}KFyQNSa!I1~>3PuiqDA>ahuyL|alyfCv&_%KTz$rNeb%m;&z5zj
zqk3cwfLZCZfH1>Id%0B_wxIOUHfNoUr<t9pU>HUatwmY7_jWh;`kB@YK2ue7m$!Iw
zgHxTzh-k)vVbgu}s$av6h?#mrIF(51`8>PIvfWd@d$1zd8e{&EztueOeDW-E(s0-J
zVO;mOC$D<Lzq`{C@(P#sQW4=qQ~m8(;^X^rq+y+-R1Vsz^n=)%$EFz{ecCkg`pfg~
z`l<PCxuGXV)x7nic*6cHC&uN}IEpI@nsbQb8)3J8V7jefcKEu5FlHbI&rKfGJx8kc
z8BqGZCO2s*ki|Z2yS>>&$RBd`D+>N5cR_q$^4$~3-mH&e@8}QBHuUEqC*^j1NB4F7
z()G6RM#!T8mua=7*(TP^=uWk1CVNGn6|&q;GuvLhsyj~iwZ*|F%DZ2+NUZJ2PzR*@
z`lv+m^f=~j&|Ip6*u5`5ocfgxme%8w+|5-cWSoWg*PwZVI3W%GdRdeF`pd~^^vB8G
zm9|WFq+^w8R^q`*hs-#6xL@;@k3JHk$!zrGmwuy5R03>Gbhq{b{x5LvON3B@_R!{M
zd?m+Nh#?A46!$+VOtw}Rf$sctAhRR5v2k+2_$<mn+S*ikLn3iv0OEk&Xa=2)=XeqP
zz`wF3L1jTYVMO(koUfB_lhlPbJS|q5i}eQmTcy9p)Nyx+t1I3?_GXKKN!;Ri(QOn*
z>qHV?PfuT~g5|kW$<Yj~!pL>$gpP&k%-+Y^Mq<Q1<+c;0uFHhH%`*i^&IP?{IK**R
zY6$yqYJ#U3Wy)Ok8Zo|50_h@BgE`4XufrB`BS(aD-K(hG6>;x%GLzy6cZnWl3JU*7
z#;b!wiN=sUXa6m+9bf$+wB85{z(g@eNdS<zYYR(Y(xbJt4&BK_9iK?t0_vz8K*$=u
z?@Yyu+~6tj%!PO<EvU+NUwQn?6uNi>^U1d1`Q|AJ9Q=jvvlZ&hbPyfv0a|=#I*xsF
zBmV9fzmQ!(Fy9vItpj@`HXp8r?t1ZaeI$UZ0JDD~R!({JO<YDr?(x&n(i{Zw@!E3o
z0`XW+CGC}Y<9u+n`PY#KL&NH>hg_lm2FnKMLC5#4ZiDr71Q(^6fNv7tO_acXV21{K
zN$|#I4DAGqCPNTF<V(mpOZ=LQ9`gXW(jV^a;&6W8@IZ~0tNTDAepzuKL8SyRcGnwl
zn9q}jUI-0nhw?P7A==<RN$xz2AzVWaiIi9c*L@fsL>N*>*dw_&jk=~3b0$_xz=QuK
zzALj*CIvCVW!hff&)UPijuZU(2}V;43~pFCA3Cmbs%sAE*{C@pB;!2nBV7%i!&Euy
zv*$zUHl`!|0-^YVkj3eahr?>!ADZzA3>e!vjJroP7bz;d42iKoMfDkN0SMUG7IM^t
z1s5kGpDjZF<#?nz{6TMkC_^E#{$P;#6@`b=#}4vj;|4~0+880S5;h&68%|DFLY|_4
zwZXo=9x+bZ`G@wSnm*mhokzP&i-16HupSz)N;1(~r3+pOf1k`8NiDfgD%NN6Jkkm?
zMB@E{I>Y|^VdGBImwr{OZXr7>BK-+Pd#`<tYfnXu`7Dd-ZvFdDoN@&NP_+Wl6=68q
zq7Rz1(l9vDP!WXe!JGYCb`)VqL{%%0EI;fW3n59v@}D@R3kINkTWQ$ou+`$SC#<2x
zj>tIpY?*pyk0x(>0!rL0YATbiXt<8>5yNrti!_P9-WKFp67GW_XtGU&;X*`(KEW%w
zJ}bC__ftQWpSWMJZ+iy*eD8vasR(0xKs$DQgWCK4(6MQm_W9Ngf9mS_Cb1OuOGt+?
zgLOBbK<+Z>XEB4bFWm#$0BE<c!g7zDf>TXo-+^^1?|MX`S_OVWSTsJ2$_<>ulIUjK
zdh0Ypqe1y{1l>-GQC$9L2GAdp)%ZgKZy)}>S$@PjPauo9g<#l7&QSV$O@wN+$tTz=
zXgH(!C%^=WBiOD<1VbCw#MZf*<$!ji=w=WRHXQFu%^ix7p5PYt0F*A}$zU3h8SpT^
zJA`Exa<GB6;OQ?EZc{HShvVPEX7NX-Xmk=ojQI>LpCPj`7GVAuQwmOVqUQ-*R3K`c
zeETqX{vyWy<yJxHA5eL8AZz9`15>oNP!wo}*_p5|`Buk$pKi>@e`9N)S5dtwo37x0
zb!Cn{9V!+MiWu+vgE<Sb=gl4qQxUg9c{3*!8_K2;o{)r+w7DGh9Y)>8f`OgLQ+uLA
zT$d6f4TiNwDeW7<CX+>gBmMJ5-Xnrlh>d@oL_D3vi;Byy<~eL9Q-+%PN2V;A-jXTu
znY^(_&;RME{9Rlt=f<3g|JhuSH{wK{XP$2t{~48^Q~?5U$I$YCpn2~v?*|@15{210
zs49S<mhD_0Y9<sEtmRRk72C>2vJ3c0$kNOUmMlw%A$UfF;p?7y><h)%#)czO=UX<=
zcYrUT<B)&162$u2JG4LL_iov6IXn!Im{q)sSSdpzzg23A_&F^6c_a;~phT3d?_`yY
z^?4FYxLg5-6RfF&<M&5z^BY3dq~4f(Fas#F_mDKxy*zT_ua?IX*yg0VBoNpn^L=+{
zNXZV@wHmSPE5R0kPDdSAp1iYl<3WQ8t;hBrYEv^fURyKyG#SDycG`g-Y62s7)85v`
zDTi+q=8tg%$vjC_frNBk;2tC>T23K{qaApl3LfrP==SZOuvc^*`@E5A$9aDcOicoa
zC>z{<T92qe&_iyBfI_JAH1o^QIcmy4x$rCvxIp3-$!9Jh&#H$}k97@7Q6|~@94`SA
zPdWE)IqGp&Sw17mtt_w-l@EVCYwI|x6%1i`%jDXcnwl0+KkdSfAu6DHw!*4SD44M{
z>kMU5yY=H5#uWcgZ;1PBFw5*Isn3n8D{l;Mkp6a2^K{0H_0*x;V>7p(l&Hxp{v)n3
zfuSA&M?R+>WF#UCW*Ff?#g(&;6qCdiL!`Fp2lxn$!kqDX<SzgT(kn`lWsYbqfmC@G
zqo067x=dmz*664m#hy%S%4astpqK}7<oZRpn(w>su+H^($M^V>*c+vce)=0<NZ4wm
z?lWv}YTSw0S5kjEUS^1nTH5XIbf-HKdY4ziO0Rh^qI`~5D_#dQ-4ZQ<=2b-_eI)^%
zyrY#g%vh%!wj&WJs)k{w9svak&ZvuACR~)k5J3Yl5vc4H^y=D%?1L)?r!Oa7haMAb
z4)*lTE_ay{9mp!vd;CpLFJLPAz|!T$Pbgm)do}a0ZB6CmcXzGP+%ETJefJcyj_TeI
zqdrO-yxb-J`3LdclX?HmFXYiNR8pow0vmUa7?0Z~3wV+e?q<XBd1WRFIZ-E#zZgX*
zq|IKApGpdtS1Gh=`1nZ)fEK_RII%va`xiNLy))nCt9{kcOzlPjQZ9`CmelbWZ7Sv7
zS0Aany)Yau9!05!>kxg8W2lH|4e_-7l|7RSD&O!o#aaM<VnDZRMu>DwbJO7oJ*89X
za)*Bx_~=o2XEzjv?}i6*9221`y<-$UZ{A3tfq%Oa6+XzNrpilzKp;|$1pPT0TySDN
z)K5K9Tgw|B67QTm4{;INOv!KrwIv1*=4x+<FcG6E8Z7v04<>BD1?GkThv2xFa(z(0
zd}8ct{$5fd0(e@^#X1-dtdgd+x;WuqO(vp6fo{aVCkCAcf^e~Y!0vOjv>r~C=A3C}
z6OSsJguo;8*eoYWchFCU>u7))z700puarM+pywJB{Eeq?))@qMJ^*0t&3VWgLJT+%
z2dqMGXA!m}xnFe#4+yRe-wFPMOMCVE>MBfvpw>DnVW09N;I&w~jqXIU=a4ztbZ|X>
zJ`*PjbLVL+)W13z(w=x*PoDxfdjy=KHwL)G0*)3R9xn-5@;t5qrp|yv6Fasg!QUYu
z16kP-kRtY`mAi(9d}uKJs;SR}q!Xo`DnDsw$Px*&z`@+@(}<PTTaEpO_7YBBbQpml
z7w`Ee&*gFqWq0F^sfwxNRw0Z!$<zcbA(`}%zlmf>m{W#e4&r%UTHGzM+{bRT`{wNH
zaaXjNL#>#GnW=mET%n==$o-VRKedOHc>eL|FWs+)6s#X4-gPG+e`fWWz=MiBQKS&p
zy|LzEr<7?zu<oR|TG%(d8`LX$$`vc&Z^hzr@IETp+YbqE&oWjlB&ACOI^(Gaw?mkU
zf^DA!p1(2nCb139-leWD!|3fd5xPz>9l~O@kNqBN*+SN^-|1Y8AMM(IcIyv?Ms~c3
zzKWT4r<)lVKSqw^+8&geW9}o}M{JR`r$-p6r#yNPYylE;K$Za2?aIRYOM4?D4SPiJ
zy>GEcoBHincE9NC^aA>Kof}ZN;#y4#xpCl+6Wcb6=OHwTY2Cp5P!u8iBpWL=iT`mh
zd8XhXJyU>y!1TADx5?=M$G`EBwI_X_Je#j?tw|D5-_|W7Y2tz+j^M2KXRyZlR!R6r
z`0_a^J%ZYCOa!BUvTe-bk>;n-J|l(vaHeb)IkMb~%IKn^mKcP^3lZ^`#?%caKFKu@
zo*$=KPunSyL+R$LNLbV?vE!H|wH2s%jZFdPvIGsCWN@ZCntv*1-zA|dOU|GQ%2sM#
zD@s%D;F*;z7Tn-&f&*%t4@1c~TG-53UE@H*w=vyCTVXWdwJ{1g1Ob_Cq1JE#Tx~b^
zbb)7YIRYX6(LP$BfvPc#x5<4<6G?CUDS0_P5tKXFe*G57M{+1XFikdm$AM9bL;95I
zi6Vz3K9+PU^HoAM5B-e*1bUzFm+Yni(CpvR)5NI65QIX5iwW7(yCipi%7Wb=ul0O*
zd|}nH#m=(V3tm4K=f93VbNlD1@jQ^+qV;xRfqTK3;ILtAcgz$O&a9vr;xiGP4ZE;y
z0n~?zd=36o;XBd`QfAc4BIjxmx~l3Wf6Y)B3t_ItmZ0zpR&ONZBR3)c0#Lt;42s`<
znLbe%8(^46ql}flY1D@%-ZZ2|EfbyOqt`|#=R_}C7B{J=S@MdQyrk}3Oq*JvA?S}-
z45bX~lpz?Cja>H(52dB_{BOpAQ#i~2K<yPD+9w|}33;7kk@+e(MWk0dl*oLEU1Xg(
zH2T>_5B|9=ev-Qs9$XTBq{V2N_l28h_mrREUUoe6Pq;*v-MdBq4(Ioe2ElJQ4T=~u
zwnZgkcoUIkWY&l9S9yCf_Hp2KAVHLq?TMn%DWg0-MIwv1=TRT9e`k3k4%dkY$CV?d
zA_@O(q)G$bAUQ|o7-T#aFQqCiWlqRPUn&<RrZ7>Cyz6((HC`YhPX}Bm0z7hlS36!l
zrEt-F+?QlBC*eB)*Qmrh3{O+qGh6YlGAu0X;J}=Du9lN9(Nnn7?i4Zy{>mrJpCf?0
zBcY|zr!OryiL;kT1w2$(+K0xj^9Yxg&c1t+1Acd9-@+g5D~q;!|C{Sv4(jN1HF@&z
z^`BlX6=i{APFbz<Q#h|E8aMen_675kGoq^2zT3B+z<_}7_u-msoCH<4W?o<RJS0k%
zGD?&L%MToaP8+?!KG8k6d=O_JEw|`}^hmXfNiJG1_z_cdyyN~bzpu$P8rwTdV&v!M
z0Y5Snm)2gz4MjwyS%Y-+(1mmHV!4G5{TFflqGVtS_l+!iw#OrtcABo@uMGJdOlDfk
z5i1j=MDDpilbMg58h(d_Z2{cr_b#DQLZp2z&%3f<Js6CpC<vE5iAez_$}k`EtW|{c
zl%`Y5gn2Z|67h_BYE<D^=xW4+fh>`k?u*J84f_gZ)D$y%`k%YB*c{3I>SaJO3P-6J
zuw?;<n0?^AQ{41EMtwD(c$%7qofYVSI$aiFiH60T$jBXVF5+W^l_T60V}CR7%>`Ko
z_62=ISAK%zqx+eirz}RoOf)KPIeIjIP2jGk&pHBFU>=TTLBEXJG1T`Q*GZFn_Xp7X
zK%|q>dvKTSbd)r!escxrvEsFd!Y?ackYCiq6tpiWe1adzX201~lrd_O0EJR7fs4_+
znhfIm!=-D(kBkblk!SeqQ^Swm*O&`-1GM=>1y&H+3lFnCkIa8u<C=#-kUqT8!2CIp
zsHCsQ|C|l{USp}bVQBk+R?i7+BU<q*EA!xD(O5T1Eu_mg{iRE}SsStLa|R)%O^1~j
zV+sz8;?;^?NEafZD-=0+CNzVw?snOwk>t6E=-8qmn9!3XhAqw-lyN3hKZW}|mTc3k
zn`_sZBh!Z2q<JE58X|R&zITZM(|0L}EFcVlF6MjYtSx&(_vG;_!d?9MW>~wlB&;mc
z$Iq`>$XE3zaeE(}-rregQGZ}U#1p9&gW!Rl_x|)ba2bDUubT>+m*;VJ0NqY$46_OZ
zrbQ_t5;cUHC_64NlI`c83+%&8xzpWf)lW0bw0uv;ebRS;($|u?YjA1-@<`)f4~nF&
zhr+;$wa;i}kS<1IJ;pXwdRa6u5ZM=6j01Mk-4u26un%V;7ENA4o`(A%azfAHRoXnm
zfd#l<jt(u2i(5s3WBG2x6?utU9tAoKDYB>>y%Efhd?Xdc6rz(==R<O7$tjr&e4Lrq
zjFSDs>NPMZN-VV@jN4zP;zTRMFhy%Gn|ec9+GPdFNE!N2a>QG(D5AR|zmuN8F(gxg
zp92fxAc5qw_gz18fDaiZfpTAgAN7(xe}X)P{$ACDefU_Sfeo3gI!P+h!Ii!=89*`A
zjPkSP*wCeD5>EL1MMa9Fty=>5LhevXjAE2jpee&BW;oImQd*hZoTa<0%hAQ5s(4{=
zV0!$n-bFU>8hPN^kLK0d1V_-V?JrhB={0uAXYFPm8li6)yV3El(d}?eyAO{SL(9%H
zO@BR(q}lgU=AWFnbf&MR@Rn6$(ScO#zSUu2^?%E++2e*lU<dJ*VQ*Lu_{1Pztg=p7
zp1de_S<o;;q;fv}f9%~;cjVpQF8bKEjgHx|ZQHi(if!BMj*X6OJL%ZAlb!qiKhN6F
zTKf&`gH=brgBo=(Yt$Guulc#Ylb^WF#HNiHXS8biSMD|t?3cjuUR61|%ma%~kpU{}
ze~$ELj8s{}lh;PahB1*h+1Obm*)vv1fgLbb=`*C1Au7ARM;?@eU)4jhU^aJ?(>TYX
z;E^3kv-0mFnf`LfAC&u}(n=<FJZpegg-RfA90H~JJ8jIbO^FVX*GW9Z1L>|t&%{F(
zKnbh^Cq;`*&{3E`gN>{a&PR5Ma#Uq%u)#^2_aiO2;$T8c0F=8eHsE?JHi8$`7LTxd
zRc55I$#A8i0wBvn?+qC=BdM<z^!~G2!+9H&s|REC=BiTv3i1)~R4ea>TN34-v$lM5
zCU$k_Yr&)P!|$oiD7)3&+_k|jHtXTB)zcg<y5n(jw%qs6mjMFYnwLBNy<8~b&^kN2
zeh0eMA8&iyCjOzrZB*ONCVK|@t(I<`)n>!1&6eY{p+QsYg~FPw-L19d-%p6ocYYp@
ztL^+9oF!H6`eFJt6MK4_YxbLXniqRTRvqj0T$}TbXQg%K3;b-}_WU1Shc46??!EZ;
zQ8j#Q)0W0QdT*rfw=bPv5A{;rK9?T)XIEDf)069Wg7a)=DV+^oWkP&g>zM3MMGWeM
zn@j76Z&mA3RnDvBO>%O>IgUl22L-yk9hSn~O^>a!JZH@~=Ir{FQ?lGV-IcZOc?5Fe
z7kgq2u1+Sdc6=fDUaVF**`Y_n;(K?-OBg&2^+Q2QdEM5Ha$P*xn;MM|&3k~hQyv|i
zE&!u^?D49w@wCTVX<(c_=q6X;MVQ+%%zEBBV$S#w=v7iL$!lP<9q8lbFZ@RP%35L0
zY;)a%b;66c2HbJ0t!y^(%ACuv+Ka|THx-U7y7s5D!H(tSL+$V2R;gg~GL5>w#G7lW
zAc^UakzyNZ>pKS=hT-0e6vFIS_v3)!cG}>C-}a>FTw~8WHD{;${o%02(c$Sl@Ar(>
zJj}@U2Ox(F&2V-m*pmaC6`U4V;X!$ww3qEMeEQffuGZlVYl}JewV&SfE6358hY-+`
zX}eYqQX|UhySx-Uth8f!-(D7TCw=_YguvULgL+1=ZAnO|%0;Q~k0_=;gg*NA!l={a
zY-lmN%--2zPasf={eV~`iQ`-DVo@~5Wx16{$bOj@)?!cRN<UVo<R}-be@0K9M)tYr
z_T(%0Cs~l4{s|y^ib4MAjqBY~%54;Rzk(0P>m-Yp_ZJ!McfJ3Li2#Uw^lNokb2EMT
zQ4oqau04+s8}gwfMtb}Dnh-E~?!?-*eG%+(v+uq_n22DruL%A=mk0$G=YL1QZ2a?o
znbK3yr=YeJvB~v_;D8T2+UW@Y&-8aht-)B3wh`qvL>rd5y3QCGkn}_*v>>$pj;si|
z=G@7&7GDuBb^Kl*tcA&EJ<A{(K_EqP_{So8FgK)B;}=;8v4n^siYKL%RcJ(_%qZw_
zk2^_bJGt=}pw^ZULQf)JQo<RG_?ozBOcWOUk}iOiPT<ZNN}NP#KOY#Hu@c>bg>+{h
znlAi^3?3XE4<H@^{n1JGm#UY)$X!ZC!UCNH!2JKocgy5;x=GElg-CI9imq<358Ou(
zjXYd{h?#Ze6$BA*T*x@62u8Z#+rrrfY7KYjl|V>{mGjkw$QYa118V5Q*x<)tT7`F0
zWZnHM`r{q0!jBY_p0mPV<D-El<SE*Vu)vo^t}`#RM*4eyIz0Y#LlWZ)Ff|v5zuGPU
zTtI;IGGCXlW1K_CdJQ=6CZ*%KTQm@^v7IJ#oh9IJAclv@EJHyuMl)9PDB~f3#67Nv
z6$k%g)XZWOg@KJEcuq4H!u?kuqFb6d%%4NK$!5OziNTX~!X60ZZKk*&wY85sF0?)c
z1BDTI0%fs$nN$(rmPu!&hi+#X4Cd^6if3_0{T*rK-Zv<*!rx^PsJ{H!bOfUF^^Viy
z=TEttZ9grYaXTG(U3L<H;US|X%H#z86o~txjN;@=`PW`_j1Uhb*JUeixrs9d^8NnN
zM-SQ|hB1Uv7)xldE~c%`<Z0q=1K!;<IEG|nM;TIau(R_J7VqJ+etqQ9!8D?1HS+PA
zKr+HS(fl3ib`+upqq%_t4RMt9=^S2=rEdt*8ZpZ%l!4cc1G6zG&iicF|8aE&$pQrM
zLoS@}|GWbpGozBh<;8NYc|Gt?&(Ja9gE}w;<^?L#8y^8?W``c|@pn_!5<=Xr`0V2Z
zItnGpbCz?Z4-w1t*5kaJtcZ>uh3+?XvJ3}>^U@Sfo<t?a#*j03c$0t=x(dhceW47l
z9O@l<{Zjpm`3!k?VC+FMhyhRJ!`ps~8Ni-A^n$LEcPrPJ!9aF$7MvN@<pX_x0kILB
z8Ar$ie$?r0CYliiOar~BM6?hcr|{(g2UU<b2x9&4<r|)G^*gV0t>2kKuiztqvn}it
zQeivVm|Qb>3#_0S1l%tB0yw{fy3WAM+2sy^{A0Ii@SgLnN|?7eihIx;37OgE**0vU
zc5Ua7nz<_%N-;?4l1<7*f<k!D)(13FW|k-nsQ31S&@(axCVO$r^<+(TCP(td0^fK;
z*kqJIR16Si`ZULuI2jKy|0bb(499=6y9C0kMTZ1?!Z6Qfrr4TqA~jd`;S`2s#&<d!
z4E13Nyv+U#@XbQ>`+;lZ!Ip3~XbFXw;4-`7FO((Ur$SG~*^pXNAeipl7_SPJbIFsv
zuMuOye-gzq&6I>51#J_Z^6-oCFO$#Dqgs}u^kE2+6avoG;oWoQQ8LoZ+f@Y+F@m7C
zAn_X;Cb~HGEkl0C?5a(=!@6i<6<`IL)!s~ldQcVFIrkVL3KF+DFaI8~XXz<{8u$qI
zd_IXL$?3|Uao6vR3G1W9u&SX9X*>lvM;h$?S;FA51C(cpZ~oTY|D>>j@k_tTOD00W
z1gw%-R+{8~_g5ORNJ|#24x&*<7EYLoMT?bY;iT7=`m+BM!}?_$Oeem7xL-a8HI2b$
zguE~l3CE;}yF}8Zb2g*N$=xQ;#G_&*3--~*fV$v=34a+tM!zkrBA8^YhjOp<9{O`7
zw7CzPF4<X9K0vRnfyAz?p)^l`j@X_TZ3UBsM|b}5#{C$Y{JN2+z#^>}rS=Lobqpbd
zQ}BrWJJR$M3dPXw6TWljaO@eKMMY^(txln^M>I7I*mzy+S}IfD(O+kn$e^z{He$#Q
zD<_snV?s*I90{&YH1TopUc=0r+l;vsO_8z9>(aLw(e#`rp?}MUe3O*6BH4*zfNA7r
zQ44o%g=o2&E*LzSUSC&N*B0{gG1&@b7id6G4!aE)38|LzD=HROBXoQjkpwpn*{3AJ
zY5uM_!mXo|cN8X$2rVyy?yjtGj+}|d_wm+#v~}W!)>^?f+!wI#RZ4IG_5-#+509(!
zOe<AZFHA5Vm03C}-H6Va!jgJzS{QBWuhLJsLiJ3nFXqWbX26SZlG@}q>U0EreIoyL
zD0G{{W;&4J$jjQG<!?K6ej6QS*;*yA5r(t&+BqAUdjYl}9Hg!_wHpC99N*Ab4l(Hr
zcCzT!6gpE5&pX<BLfbXxv@&~ko0>N(lsw@~H%Kdc@u5!PyqUKPagu1{RasmuID)A(
zz~H1DzEcQ5QZuVg3srbLY^}CT3P6rt5v~Vi?pet7kLZ+5pIx|oci?d8B&zAgE0c8K
z&A8<R8Tig+<;%WvS<?UHvP=Tl8d;?qOcl<sKM#zS3VU5wjICFS!e&U{zYe4m2AsoQ
z{UqLPHe{H|VkPm6Z|5d53p#;)VY+#3Gka8IW#iCjBzqG#aO799ts_4vN2CI*)8IlU
zNH|4Rmd8`XO3VEyCX>#p=>vi+GmD!_qu#dUpW+WEpnEM;5OhFFh_7fJT0R=9708Wf
zl|PppFZ@cWfTE}tp$c|j=)J#uUmF#v{g)H>6C018YmR^El9l|I8Sm+~zzs?_GKvD+
zxm%^2@|i#5C&Age!yT9quCsTYy>}P?Koj`7A$wu5{n=p_vhWVNZipk=o9~PF{b#@H
z@hA@gyA!^mErC3tP+Pf2j_mAG#cH%m3_r}H&Q=045HHjZ!y$UKBx1WZ!@*KlYy{G}
zaKWF;e4sASno(K~+^dmwp9P-bZcGe=3>!m!YLdAyKKkUxl_?SFYjB}`iDs1#ob4PA
zoX{b|2)KMZ6GJ0(p;SgAJYyQO9U|?)yk()59P5xcU6;dDL^L{%zo;nyNu>`dA6_#S
ze(z-FV9ke=lZQ(A=lv?FssTN#lP6;sgW`_2SAeP$Kj&4hpHXq1v3-s2o?pb%>!)$3
zkrNq4t!qZ7=V<xOJ)Oqir7tQ9|KThURvD1_OL_B5s6%G-30vlL2)SlxLy%k>?SN9r
z9c&rcX)~j6iv&Gd8D-m-L=I^*%H<&(?#&hZ$eO-%b(9S#5<RIx5$n$h?7TL~8ak;*
z3e%;&-3tF==-ANYd1F7pyzZY8Ym3fm#k3;%xnGyjA@|WGw|USwqVQGrcIL~Y$Wkoo
zv+W<nzYblFAPIUwB^CS(|L~mY4YJOri*t;YpTGZ3g_l7qF#(ZngPKY?7#?l1Hgo;_
z*%Hy>P)oNOvixl35iF`R=;qcF+eE*iqP!|F_LHaBlEI&Nv+eiI{1?7kziiQ{J6M+T
zbYJi#gLKc0gM~65jr-+z(QG-KU;e>NLxgcFh37jk)g1=0U-hqE;mmAAryQ;%GNUW-
zLKXa<rqU42y$?APQAurk(3{PY4j0URUfyey^h0=Ue9FTv;@`=Z;Kt88*g(Q%+(Ql6
znAqVx$F@!SEVHN0j-cM{o~Q1^NtSbPg%=4OkEp_oS_aP3B_@{NJ*E*hgm`%IEL{1$
zVTPgVs;tog?1vG12nxLBoQy<vSdDlYh6g|wYV{F3QT%amL2yB==7GHzRME$Xy2I1D
za!!!DPhDpYm~DSXG_Ajy;4u%E2=JxDUd6YS()Jb`@uX39&>OX4X-}L?#!|8u15Jzs
z6W!fWKGmdA)GV9GUIL_19BtnLugNQ=fN)!H;Ijn0&5pUpJ1cJ{Ee7o!7W?g#c6}vR
zesc78snxP%U$=YUXYC3vHOrDyK>jcDUIVo?U(Y6P-2Akv^_|xVsV0UBt7-Y>uDNrn
z$z1G4$WOJ%991o<N5b+I)LAHX7(Y*R9$1pc!iSDO869&s(!ch~j#BhbUXpXCW4s{&
zG`iE&RW2Wh3lGdjXHt_4HJNF~_w}kD5qmVVzG^T4NpwFu>VuSOdBRCbEU%IqbsPW{
zs~`32m(&eI)h=N5Rc~lf%kq_c@qXS2tY+aOxP3YX2@yae`u(wJABZaV%w4-u{WYvU
zirlYJ93=}<(+m~4`WMGXE3-6kol5sKqTOhbd?_9FC0FXNT|azlz;^Xd-cq{0ULHF8
zW@vo7=bogCu2TN|q4E97tG;S5J{_v6hWC74*qR5<rHI-ec!~y*FomqgNa4N<$xYn(
z^AA{ur@9_+3HT#{>se4ERj#>8Ta~sfeU@uk*+BU(=+~+5@xm=k*?`d4JWtpE)8-iz
z<%rd|`(S5=VjpXvpXiWAoBo^G<l$n>O_YuUP|2+5jvnFZw5qBtYNFR1K2fnV8#R$V
za-G9eRh<4F7d6a7UTHDQ#78)e+>Xrq1Q?-L9`&kg{h-(ynt>!*Ms3c@JHGEUNM^Tr
z98l^&^k#dgX)2^yt3D87BH97QH;6iac3-M_0)6WyK6|h$a=EEie&h1nJofEEj0uAo
zyy8=fMt!=hv|E~VZ1_vSeia?yxZK5w(-ikaI1wPIeN`Rwcl5f~<L&U!x<x3){mQoJ
zad-vKr?9H!@nZ1c?J<pJo$b8y4a0Y{wbdp@>)uuQUHi@J;S(6}7m<Np`^lWWtnuOU
z?D{OlbK|%6TU8e6Z(ko3TX$`>GH))s&2K3GI&5}zQKmngEm!hE-x}n1vp9UnX&XIl
z4G7lf>wfCiQ#(nU#=o-u_{e!_^YrGkSTpOacUQYo89DNP+dcHVKR7K~_j)tzcGa$M
zrN?br8a-)cv0LcoY5Z-@ZhPFaM8KYDzNxl%ei*gbW*K&rhW>at-+xl>yJ68R7h5?s
zSyn3?C-zOouHT<6eEcTX0?pNyJQPmv++&tT)502XqniJ^y)&rigneT-#KTc!UT=$Y
zZ2K*h>l^EQZSlsBnM*ChH|Mtk=T(nwUuF#v{h1}(p1-<HL60%$Za>2ADu4UD75M_(
zj5RN^=1YT{=0A{{bDGy;VayvupZq#Ko?h2{tTpxJsT<cnluTP)<cGOjn1}F&!0>i)
z0g%@khUPko$42h!h~kFgvD{_AJk!PMZ->es=cT4igmSp%?DlqRh<SaFSVN&t)0U(=
zroOyTtt<vf*SAdQS73fl*{D|<n|e<pR_^u%7ecRjcnxYzEOyaHdsk`=vbd_-P2r_i
zYnj&?)I2eIPmPX#&>!7P1>!BvMw_5K-yx0E(LU^T@9}smi6=i{=x;ZAIJ(!@(x=Bs
z&=J<6PeWG8BE%E~TNN$Ji?_SIp^v-k$EuPkQBF1LsnHwj&654Zf$p`-E{5<l=HsD*
z&l*mMVU8lxe>eWSCk~svGo;J4b6up4Vlrq*S#Ui)0srp%i--DSBjj@YJ%r<4O{`%B
zfebU~XSc)*-XDk)TG+)zG{Q7Khku9*7rW0Qjit^kEzKZ&RMAzaj#nGUB?yCPAmn#l
z#3F&68S5hI5<01-R(!{fHPX8#8|%jl5J{p7bqvlgk*=e?`cwLH*uGn%(UdRvDT=$I
zBs8A&h5iV?L>gDu#(=zxCH~a!WrBedTs~Fw&I4X^>x^H4Y4bpq9WHYIau9t|T#10u
z1P;x=40!@$TmkX*3%?rgD$$_zDN3E`&(4a%GAWb2E3jn1yzj%ql~d*>u_7Z;=vsHD
z4R9Yg(0i3(UFWNkU)}!if~&0RX$zUf#`%|T919shJbq)k2=sKj=K<`Xm=ei_EGd4>
zz1-edI-hFALfnv)pEva)>2d00R6Kdq%3_a~;9mOJ{XCt$F<46ui7Vc7v8h5*>boso
zggO^yqd|}*KBuQ8G@Q%L+#BpHJ%ek58-J)8+Qk=^Dq&z_57KRCd*g`mqGo#dH>is4
z9$({}h>4F!*ILpC<sGXNE!)+gl^{Zo*)Gx#xWxz5F5<65Zn(DN?h&6n!JDj-W^t4$
zl}Qcs=|9#=d6cZ9Z8E{?A*s!%BJMlL>E{Er{c{6lSTRjn0c=znOr%Ilmj98P_IAKc
z19D<H{-ZUNEo39Ic&eRnQb{zQQ4?%+Up)Ds1zu=cFh&Z$etGQ@N(7HQx4W|`g-(|a
z5wV6pcwlcm#)ieR*%Y&RmF&8l`00xF-pP#Jr$K-g3iLPbs@6iF??Bk-#KDVUuJd`5
z^ENRF+f>--LVo(ZV+IEC?a4}Qyvp4UGx_eai_C4mJ}*8ZR1Xs&&daQ9sc{1C>E4ON
z$ok+NG4lt^lZ#2|Uvob$p}8_IzTi^sYI$*sUzktx$fpk2+=P6EbH+1@--Ig*wwhdP
z%*l{%f*HpHE|qhVR>;Ghey|Vm1%cpo*^aS>41gC&Ij=CrWjf(n<8Qi4nq1eoH&vu-
zdk$$J^7WtH{LTX<-cWzW^Z&b<C-5bL>gymxxc-3P`9qF?r5Vwd;lL8fH8lZ!m(G+s
zAS=E_57p6n2ENO#4aoq-y?O)Um{pOE8Jv0S9*}Nnc?xb=cHb!g*QD|k$f)uU(&8HP
z5ri7jWkBloRDBI}n1nD+z$wDwkvH2e>14gWF|bGyzgk4+rhfAL8IDQ@2T)#;oB*Y>
z&wM|4hkdEW%>Ro;{v#k?{u!oPs9dXpXL_cT@uXc?<kGUIDrMj{{7QHlSYxHM#>2eu
z=RZxsmAmWbtjT&myX?R7`Qx&MS;y=u0Y*U`%x#2$niK+I5>&v18T{c9dO-zf_=P=9
zy2EQw%|YIeR;V91-FE{WDAxM}VTT}TWh9$W&9eL}CJV8eGw`)^S&#j_p%xA7sdS95
z9l|Qs^*0e?3?{U(!ib4FYkMQlQbx)tR*l)#GWDXOiAXCAU9vKRC~HQ=3RcZB<?Q!5
zBg0wm3PPBDRQbWhVfN7HE`qICRyQHVM%foJvo8la#SzPe&hbI&yUF3d!%Js~jaHG_
zHD>Py4d{#GyyTcL*PMbBYmbr7t8?M~Q`A?3BAxL<`wn$}ICU}&mk*i4QHKrNOG`kz
zDGS-!DDD+ILm$441btR;Noo8(!G|9jCV&qYzj^;9#dY_mU$T3eGAQhdvB@!RZF@HH
ztPYM8`><V}WqAvBCoK8oZQNk&v5NSw|LgWL>!6`lyPc$AvUIl(j1vQiruI4&bsB$C
zex5^1Cw-f_-6kP4n>$~>L4N@#UhaV9p>zW<T9qh<QcnB1gk(n}k7xT#epfj&h|9q7
zVavqYP^lbe(h8XsQ;Pux<x%&ScGlIl%_wXJ<-MuE%A&t#S@AtNYLX(S;}(**s`7xg
zl#SGENNp0wxG0Cf9QnK(-D$DCVLIrkh<V9-APm0&e07BU%o4`+?ouj;6OVwoL*hqP
ze86sg9obf7iXI#Q+Ofyx9yi?Kfs!RMnFJkL*2}>PCTzZ&I243O+<spVFZegd;Kz5S
zARc=|<F+CZvpzsY>LrZN;yD22jm_Dj0V!;gaN*-b)1Sk?Fdv$Q*!Cw)>@w&d$`vZx
zS|LX@%BIEJ=fq5-hl@8~;VZzv#x~Mq4ci9MG^YOjS`X;1Qq(m<^WV=@RJ$Zh>EK;m
zGk=|!)HR|7etB8gqtRX9%1C-{SzmvleFh60$94IpT)UrJ+2@yAiH;fbWjv4%#Dgy*
z4-+q90{$8!KL#+}+pA4i_g%5TBE}Wu@zCmIc$17tU$aDst~VqXc_Q?96O}miKmB&4
z(kKv{f+K^pN2120zZ%y;Z(+=gI`i6Ver`2^Y<hz)if+<i#RGv3+<8AE)?scnQoVC2
z{{09qgOgkGT>;-<%xv{ca5p@LUcO<**$GN=rxQlVc{J^-TrG76umpk3PR>bk#s@%G
z*6K1KqC&^)wU^35h%p)=t^&mamp+1>pWBu?^1$Np<00rWq=QdKYtw8am;D#u!p!ZS
zj5hvHP*C$P;M#~Qn5y!cp7=K>@XjD@H5mHRPyI~dUU=%K9k;=tdwvk!#qu-)Gg~N<
zWt?V0%w?+*99Sr2s|>yxX(i(ctFjQJW~%a)kL5qDDBg4``BfCDM4}Z_S=X~}oiJH)
zW;h(yzy$C^Ps4XMNff^wJAn2gVAv1FVoRlj=X5qENtM{AOR~;j(c#9E*;JBe8j-9v
zSh8c>mSfQztz&Z(Ai@y-yUXlePz5`pJq;hG{N#sB`;KOX9KVfc%L5$9>2~dp0~<(;
zZC?Py1-8;qdI<vnBi4!2TA;#$qBN%aG$wYiz2hYEDBN*l-c~$+Y}Q~BoisWEd23OC
zs@CQIK>*XbuS5%0t#9+Sfk%!hIfyWXgm#O}FFLV$T<m|+RxMlG0A=xf7|n;&U?5Nq
z@FGN-?se<+$07(oy(v^z+m>{bbm}Yp5a1a3i1(V0a|M85wV3$8#7E1QBhHsvxLvGP
zJD#=R_2VlHD>Y|{PMgnzZT<Y0a8dTC%@QGnF^!3{tAHw^gTk_18Bm@vKy&Ee6VSx6
zfrGO44E=N^n)U9b5nHAufJ%A|IKqGpy3)_PeNk@YI+T%`sD@qQou>2hB|^BH*4b-z
zkW)0^eBj}I8-}yU^=`o46!covmi-B*Tj0-_SGL=Wl)Xyrp`n2oBDCG+<^2ad(&;i%
z>-^q;f|7ti0~9Iz*PpdDIvfOHy+$P1-agll8RxeJ3e1J){Z;Am@%@~6%<3^T@%6sR
zR8g9Ea%602qmY}C9B*x&pKv_;n2g&Ntt&BSbl43hU?I#@d$DzJ4PPQ3uNy+jol{-g
z$~P;Z`71j}4m@!v-kE%+e!+vzKTwOR-J9{UlE}3nn{|^OEpKX{4H@QMr%9Caw4<{*
zx||*yZu$mv<e19~STJOOF3BBO!KeZ+oXfT+1A-~xHssHt7WFaW{V4ZP9huI-<e?c`
zp5f`E%-UE<hw@*J*Y-z3857NxeXo?n3GUoPS2hCSKi@&NaM$s3Zmyd{k|s$p?z+R0
z3QhgRgY_)xHVk?>9*cblMlkY!D4l3y(ojO~BD^Qgk)*8I)iqwH`~Z?J=SeA-i7Elb
zBgN>14Y1ghuC0cv#YD5?b&M<vGI!BQLbIu2`~b@Tv1Z{U-bpmj9B!||$mqA?93I`I
z(l{=K_fTOV5xQ)ghcnG3HcdC_Y&6qpv*&}BSfT+Mc@b(h3q#+&uYV5B;^=Ura4n&D
z<UU}mXda1i{VF~+P07m2z(Y;^;Y9DcTJ5@T;EkuShb(AU80B!IdUo&I7)_#l^<(I_
zwcj8Mg2sLFS%l_7FK}p%1HoEbUG;X?25T?ZL7~ngkoi0buTR^ir4n^bmVlnr`v;+$
zXIdOeWFI3%(E$GKw(~VJy%SF7*ca{P<S5Fmxyo@kISiM`xs~?r&thZ4s~uv9DBX`h
zi@0~<SBI%;;{xG<E7L(jE|Xw{1Yt2LO<YDNThzguEv158l8u2Ppg#k^W?!{fl6bj^
z$6a8ZDfu6Ga{A8w23Qbj(OLfI&P=kUtzKfGIVlEvl*XFF__j7fd8Vx5F5%@Fe(-MY
z<se@od4D6aWRH<XrR8qK9bSdQc!ZU|85zdhKa4DohAY@c?3<BssM((h(2fpVwWjUM
z;{3;v&HltpXTOOn7ochP10f3s3^3lXkot@9h~`ZN^CNPJ%r%K;oV@Q7P_%hO@_poX
z&HEz|tE!&r;=TX88UyAMX<J7AN0Ny%h<L^T2C(Ej*6JB^Q5lR2$2uSc=8rXz#WA8(
zVZR3U6>@F^{v*i%p8qAu>>vMIlC9%?OR@)@Z%GE9{U1rz{>A(sNw&4|za*JbsR31{
zGdWwY)G=P)Xk8m=&}1a1lGJoeA~UEIOoK2z{m^7dcoeY>qp=D`IQ?jJi4O%W6`b1G
zc8SsieLgmAck({?b1t4iL=smhl9LL8x+DT>V_B@=?h|YG@hXma`+|PsR7Nh$$<Y#r
z|9Wv(L}z)MR=D3_pISSTe`8GUd_!y#-U|_>H@H32Gt8F=;dVL<KFRfxstCpUkbmnw
zB30+eh9<Dw!E(}rDB1^CrqIm5{&;y`$SG?Cf?(l~ZfA11GX5mO#1YzG<dhbyA^G8C
zS`mtpVhyQ<5j#0l;uMO8vvua}9#grg^Atmclm`nFdi+n>?>W&dss0K2P{t3>%lj&a
z2w7Ur24nTdr0&eYt3PsgA<&2UEmS`$jEGBH9j2rosPPX>wq~z3+WL+`-U)~ar}M(E
zNUNx}8OZZZW3DBWfp%w=4PbETy&xuJAfKG4133hcwDZLHDPSBte|x-<2RrS14x2i?
ze>Z&5$~ZXX7u4HdMP3u2b5K5_T{BL%2XA@GyYHS}kw0(lD5qoR@f>pHiW2`%U)G0t
z@sBS%=Ksf+_3ix+U*-hG^WVNq{BvWEzL}>EQ?s#8bxRgaee*UMCt~?TifXv6RqIvQ
zs3HN3?%+0+nrr?|rkSxL--tEG1>0C{A$obNkm6urFqQqpz3y}5sSU)H`QQvLDNyLw
za|)Nl?D_)MHM)FZJ3&bACATED21Q9NgKYontdr4@%?I!=l7pDXUDZLxA$3J`W>vU`
z)(CMrQ(~IW;7p^rkIO+sz9*pXA=qQvG%EfjWw+8%;0yag{DhbjV^i-*@cd6SGHYY2
zY7yMLLxci<^#k7s+4DUGZ|5sWAJt*994I+|Fy!u{2VLs~{S5Sp=KD;zrW6kQabl3V
z0yfyC=Yv}Ot~LRdfQ!L`GSF=Vo^u}uQj+bJG`^Z`P?FB~ezOp8fjr!SwxcaYJnW{x
zG{G~he@_a&SVTGQlB#<joIyGJG)>2iS^=sY%HGziHUW8>fa%<0bfoi6<%&bm6)}uO
zuv2v}YpLtSSR(3mE;}#{oK#baHR}BACzUG_8kouG2qIU3WCT@M85w8l<ja<IU;gsu
z8RUIrt~nifp<87!^q8AqMq=<O0SkM35!}q{E@QvdN&(74!_jT#^_oGS*QTeVC{7J~
z<ZW@{8PCu5;jnM7`~#?=(8t=7lMe&rP_sDTlhwYD@}8FtZAj?mkX{9xc<Q4W=JXE>
zxz|(RY%WTZcEgdlw}BVft-62czPcphjNd_qYRv9jtrFWERTfpTx8SMRD*-y`jS-;C
z=rxT`ZSWp}V$sNp?<wkpeWyhYY4#^+{h99Gzle_P@f*>3gJXOnI%ayQOUdDqe-NFK
z58XGSGoStk(e*d}gXjuhzY*OwjkdxvG~{NXn|^!3JSOZ=F^!X;|G?+;;1B5?XWf}y
z2QQQRkVpKE7R(ZY2hsutjQHXfU&T=5$&n*31=_n%UMDv_+vTJ6>LZj(aNDIeTqnah
z53`B45D-T0?EScSLD2+#z40HV?$>YB63Ft1^w*%3%JX|G(+IaMYef9NzDD0f{y}u~
zOr60gVSkM4wLB(Tu1AX2VYS?AX%t0Aw^v`FF{(YHgt`pS6>4LYbgF1%fKT@EH7Z}k
zH%MqhUtGQ~p{W9-YMxZMkE=!6^9{1cxG_k)45pF5W`^NFQ((aOd%ZLW@Rlbj?2=m>
zKUmo+G9K$3`y%@(pNiI}=%vdu$P{hD&cULp)56xvn{1xZVxVoJVMjIOl-Si^d|&oK
z(*T}xK9vMxTxXKmimQ`caD`mKz)GxTrdp=+rDfUv!n%nz*GVKgT*HV#T3TqGBudOc
zZ;jEsotq$ORQE{f$<UO4nUrP-3qs-u+VVYHK1K#PDn#I_`X*}S^<V={_hjhBrHBGs
zKR#DR$CG|ZMSbBS_9Q~cuV*o_&?~RCPY(&%g(Zkq!`zDN;{A`55Lmh<RS4&mN|y&Y
zk~lN<NHq(~+V1WZ?Sw=^n+DC)`L*Ks4}ZVWQz1()+wd4|n}n?w6WtD%3&sOf(x@M|
z;*-MnlbEUlPsOzHDXS-1da}>yzsy<@^1XK2%q;vLL)t^nusBwruIW}stRR_*QWP5M
zHMJOO(w1b6b9nP-3ciB(6DK3#XC>@>)gHhgHJ%~c3G79y41VS9;DBori`dIa<Z+>C
zRYpK0C~<4PJd+fzADU5|P$=`015J^vlcVO1`7gH6tfMz=>pmJB_C2<km`*7M2JII|
zP(<Jr%D4hIu0$+;AJYoOLF`FT^5zb~AlI{+ns)0{q=pf+6-n`gf8VGQoxguY<{u>(
zLEdlNRJM>wGV|@jH^`^vvluV&Qst9rB9l*bU@Z(NT`AhHNBl!U8y$V#%~*)%mO>4u
zOFw_!v>sx^2~qm0!=q%k32pBDUmy2>ecb;aeVm}ge|((R|MYRz|C^61HtVOI6#7>=
z)i;HJNbzLM3~z~HR@=VCv(4g)Lt`m8$P!WH8yih0M~v$r!WY;;+uFik%xtYCt~H!<
zJ!*(ui21JL3tA}Wxzd5yq*>Z@3oiuxu&8GLD^|uvW)sczi0m4FhLrJey3KIJP!`>F
zB~Y$%s=>|UQFsk_jvf1P17a9%IP5I&IvNSWRgN-iW=#Wn9P?cpM)F4oCwV{qE+8X`
zxenihYJ7rK@2qimItqMOtRupk5Mu6zu|)O!!NtO+Y2)-y_vo<SzJhGu7_WsuLWq77
znCRTh)*K%fhJZY!a$N7>kz|EyB!hG(T%(3~?Q%+@0vGIE{fL0<`p(kH`&{njpn2e`
zggh*vBqV3PE73@`saye3KBpRNf?M;CVOQa+N*s$_!`zQo@xf!)$3R9A?Ya5c3>z8w
zq`gTJUBcf*Xb{<6F>V;#my<f1yhe99dA>p!HDTPVn|yttZsXxU1+>9t$MGnyn@v<A
z5iv{M$HDgzpf@~*1d?A0BYiuuGAn$WDEAQS5GK`aXvFf<1>`7L>sdWD+S)$ZKK=M8
zgr56(@m>QwD{Deq0fPuAd(PX)HXs+Pl)Z7Y(!H9Hp=Sxl<a?#Zm=5FY+o{Jf`w^|^
zlzx|}aLMl!6%+jV@XN*xU6@=H`^@jLwpoC+jYEm1*Y9Ry!m+@DIOf2eVV*zRUyooL
zlI5rpi13X6s5Z3~GWy=7jV(>&Kv@HSYYXL(Dv8s|w^>?MFqkCKcv@o-TU<{vC|<~)
z)UNwnQ11ae5dQz<>&d@T!@`ycg?4W)`t#;(lZX^5h@UQKh0H=@;x&S=)LjbW`?`Q$
z36E6L$K5i6<vqer1UcwDbP=LGsooER5;^TodeZ^={E&U;HfDFdkm^(SJ>#7VX`s4h
zg%vOUNy{MjK-pfvq>v*U!2)-{)E_DjKsl$#*`OA7T#+w8=yqaW4sy;%W56s7K+ir3
zW_Zu1f|cIexuBhLCP$nhDo0AR3jbvi+fl6fW*X+u$Ygp)7ugUPX_Z-%`*@hjh=Z_J
z6!}qtX1I;S96q57rW|YQJ^?9!A^<Tz9vowErEx(QBIL6lspD>ao1V~F5<WHCs3;hd
zF4DbY+B6WLD^>&PzP{hwpI1GA7RqIIi$#D>wSgAOt7O`|$KcnPCK7~H-n4%&t7#(<
z*e-n@u%GT?Bau#h2LK`B)%b>EG=N)u@x_C&G2)RxqE7e*797GcFnEVd81ThnOMIVp
z$FSd_=kK+rqJ?-2+tqhM@k@>R4qg;yuA18f+r0H>m<EzJ3VD6T1mfdyrU#hebpM_`
zn`7m+m+%eYrbu@I3>xl6%INo5;_vu+@$c|lv^j3sKp?P~xcY)?Nvsxsqd`6Ec=<Vp
z^6$+#D<vN*X6r_aA?XU+he47eiy1b1PqWP$A|!6%<X?^Ep5rqF#j4R`!V~~XRgph)
z!cD}0w(Furk?7rdMTQ8P_fktlg`$u)++uJG(Lz#$N~wul0<>~4U{Sfe7n39Mrh;AU
zC{3$;*t&>wCdF|mNmWFd_CV$s47c+5Wu6hWLBFZNs(>7`lHcMK)=kAW%^*bSk)UsC
zLSS<NH^Vc7vDx<*UV2jJ&#9?2nYmJ`d3f^dQzj2eFSKcli`(n3@3!+4!P=$~!3i#i
zCs0!&e&r3Tm^Ea1X7LqHh)nDR;to*2>|0uPfF3T2y@2nvar%9N_8rtTGP-Ao99N5}
z$D-s{h-Wqdvrmr7jL3Z#eH-F4Uhm<QITjeBSfJuhE2;)!;CLKRBwF72Q^xt*38lGP
zAEuDV!XI}Q=tT)90#K#fmRqt$N#!B>W}e>UfUg|xPXpXXAvgK!f27@_)cziEx+W*_
zI#TID^hquXp%XRfIoXsB62got65K}+K8Hr(lpB%u_dLp81UATph$&V#9k=*?1ff9d
z-G92zf9jgZV<En~&)FOw6efY+HJH&BqXXoAT_HS1+z*ICnU7Jn62(5vrDDi3T!-*`
zT%#X7&i7)MB?2qq^Ql`ixPGii-9}*`3$3!*5c%v2OiALvwGgR)rns<-qHN?7HL<5`
z)E8v_CM&@ls!w-LyE(*kMmcF@)Ae`<AEYYF$#Oz)PDNV_<KphGHHG}~pF8;d{krJc
z%2kpT!t)myp(1^P2LWNb0L<PbO<YI33!3aH2h=1h*nR$DowaLeq14<#4o;+c_M@iO
zMd_b6XZWY`j5l2mu^77YBwlTPswn4Qk90cN2L9hUIVaOWV>neRi+N&c;Rlb%jtQsg
z9+_83#0|r|Pr{wL0IOv&M&ax8v+Tx2Hz0VqygbKcO_p<W>gfBfoV>=@jnCrmDWLui
z&1FYO{ik}*U=0_n{*Q{4klKf#IylV}F|N82OVU5W9<#_B`9hvO{c7cj{ZfUULlN(J
zY$-C637VnZJTvVZl`>HIFZ^i2MAnnEbMU?B?_kUlPysxM=un2HhhCOYruMOCnQYit
zz2UrM-2Yaf(^uAmk>xI?5W|F*VQ*i@Z|ETqL#gse1>lMZJ*A)5Z5sHi)t){v??ICT
znk>icGq_q5l<CdraCE|Wn?rfMfcSAAzv}PpR|~obe_@cIvnRpz>JKqdFfdnPuW8Sg
zU9ZoVLdz^J+)LCYqS21Z-X`<bmmUKGE74lrMhz^4RSKyJ+x4nhnMEI1EOR%k@liO^
zOC`0e^}t`=PS~M2oP}m6Qb5xLEJr$c-@T-@)XPzrQmFuEIsqQv*3O!G5s&F@EcpEW
z>7+rdg0W{IK_)R3?+bm?FFF_v(7@Y+&^+SL(aQ!wHCT-Cb$GQvz34l2#Z7^|c8N7M
z%GYe~v-|>(l>FiUxhJ`6zLx1W2~+U`+1$?>8OZ;}(FpqDdoj(A&+LV(<V-3}B<hYE
zkR`DMKfKWA8^eWgV?>&O0LJ<LPP>hjM1$IEz_K&f){um_C{h9JI<@iwpH5lU$D@UF
znh~1jSw{t%2sch?ZiekH?bSSXCOs0)C#qMYDK=<ALnxfp2oV(j^6pfZWH$k88(6MH
zVGBD^61@%@_2QCQeux@#qZq}I?MxCC0%4%IN(h!x3t=IgYCPh><<i!?B>^WNsRD2N
zC;^@h8>53au|uf#9II!LvLQRwQIv;ua<sB)JuINHo744`UXYF#0dAvXX0OX^#p4T_
z+HwPk1m3<01%eOiY5W120TI{+2kwjuR~nFHE0FF_xvrFNso(+8-`9YRMWR)V2|KT%
z-9<KqGB{dNH^k@e+c!3jVLZ_UY&VO{K(0}k0yrF)-l$l{AP-C`v^ET|6W9h57alud
z>i#pmMP#zJ;=EKwD-@j@_84vY5FK)t2d(tKxSb-)^1}b*cIpHs1w3cebF6|H-`uX|
zT%z(HZl`7Q&F#phQqG4*Q*8c=+Yz{djMD!ZV(%xVm11gc2->K0-Qg=8gHRgVA(r(9
zgFBhhjqwIKul3Hxk?kT~$@b!*Py;cA<{&_@9iu#&^7UlJN$D+W#Pecvgj*(y<7YAD
zBO91j<?)b6x)ZF{GEWpa9}uYhRa9y-(<9f~mE?KH?#@%N&IVnrJ0x!}-?2KF?!9b&
zntoY+&`2fGY1X_Bi!g$XKeOG>*q=aEsJI>DNzo6gGClhTbT?FRJb?=EefJePZjfdW
zzy!+#t2hi_MmwV@JC2{Ds?#uccxJ_ehaheJqTbSNtCJfG4#DTkI`_Fp4=5!ru&1aq
zUfW}pf{{J_8pm;Bg4$tRJPG-u;Ox0AO8PST`L8?vB}W?OiOofK^G@l-TG5`o;ujR&
zg_BQCs#O39Pq<oC(t%#KOpHsHR&H@Br6(r!j(yYjoNP7NWDtxWyJ8bomi1bh#oQWn
zvJ|NleafCqteTf4qsi+#ze`33=ExWXVBV`zDJtizEN?;6C`h~(zV4~&WWSKsA3@Y8
zIio`I0G_u+uH9HwUr-Ozmo!z$Ursb%8#B~2i~I$z4Wx0sTT(X-QZ$2Kpy>QjNNsZu
z<G;^Vfj-17yjl_eDBX`&9pCN7SKYq{=T1lOKm%xgejB-kcSM!Dh>;x{*X}>31Q4hE
zLhIj%hbE?b0|%h>K9#bRH}l#iShr(e@}gOia`+XHsbA`$LG^K<`sx(@Ns9LM57dKG
zKLxZc0_=WmryR-?o=`q}m3*nc0;ui*)OpKR*tL!0{$FSp0A%w-ZOgBeM*!2B{?1v-
zqrT-=$?T`p;ncs6flb|s^#&y$>T6$v7J!f%^)*1rN1E6h4QKnmk5LPs%-SPTR}3wG
z^HQ&!O5Q1x0d`)N-#F3t8z(*j^4HQVOVnQdO0J?7p0Gzb)qernRJ+Ye4;HBnjL_qS
z+ZF>2nuvb*2olZFT$P`ss7D2r=;GN>&KZ2ArwF+z6}B!m5l{2qd2@+9nj~byQ7OV*
zp34{%I+=GJZ!(j-h8$%U5R2xg3&az7kurFBK>wu4DtWl|vfN~eaeWLH3j0J&l+I<<
zZA@GT`kjT(mc!0&@8gCLq}Eq7DYH9?%&3cUnOM@V82VrJzazw_PvzozC57I9M<pBJ
zJ4`W0s4TO$EVk5-j}tTbL;wCAtb9k2Ek!ODiy?>4%++pT*iY0oo!oI&SAw7~@qKnE
za<UaWU|@h7+An_F61Uwll1&Q%4IL}mGd7t=6SH8WhK7!gFfl^&lbnC7C@DooZUcIX
zvpxc|{Eplhw1gkHyP~FO0+VWhuuV8xi5F{m0M6Ek?@P{p34{J8v6fBeM%jRPk@YT7
zG#>Lm!>9(1AdHeg+w_>HIUW+yNyBd&*Nh%oV%lkwTETxiv)=2B_XhzZloR99_KOsJ
zF#Qe@j3zx7U=cX3OzvyT_=}(*4ygugp*B7MtmaRAV!S>rfj7OJH9GkVj{hsIfBYTx
z#}P8vIKi@DSlDq*(_UPe_~v}~(wr$snmN(hvC%Y1FPp;?MZCjaO;b_SQp=Wn_j{9?
z5TGiD(D$_K&CO?t>%!$rYdw11&}l7rO6Lkr=}%FAtLh_$5vx+OMMmXNM~J=EPvB^l
z5~=Ztask<r=NV^17-A?@s=N6ta&U#miQC~}g^{CFO`#(K(-JO|d-Wx~sJKDg<|;=x
zwjY?ARt-7Y_kkYC_LNTJFJS3R1~E+$lKqt~#I$V@;y&polq5YJ77v@zyJalcwAbaP
z$Z<5PsWYY*bjBJr-Z3nrL{=^}yt~47mrbC_b%X)_g@RB*1{cQ&%DCGjR`4T|yhaol
ziJt4hC#$u(aW!B?6^XW>QY!(s>}0h~OA;^folK)^yyUk=Q3N11{#?_*Mi(Fh9fba<
z+Ohbg%p5&`r>0lfOdqA9t(*6!FIu&$&aVzuaDOenR_pNtX)@aF?I4}s-o;SCj<Oe7
z`ME9y@2u?*F(VBH5`|G};8Q;!XF=Nwt(!eKQ_CPYAyA<?NsNyt^xlG>T>NP$m&Okg
z9G~>A(;3+abtYdxQ62cp;p{^<4IgmKHA$hOp%-PNxbye1*73Jg&7tex4ZQ81*3ww?
zEaO<4H?(lb-;vo;1dd??oXxs<=`fj`Mhrvu4;)r6Kpz$CNqMO*mc*XBhw|!A6PnM3
zRnWBBhQjv7{43XCY_cmTW;OTPW=)M<EOo1Zjaz29$g#wNQg($!+L&aC3U-F$yMr3<
zT?7HmS;~<-)$2=7cRj6_bBgbq5@7H~!z=2>IAdp|6Ut1fbV_R9u$5LmDk;`PaVYcj
z^NW*`jz*J?w&2Xy>j^`Y7er8gzP`)y1+jj-Ob#|-AMUP=>AdS4?!qpY4z<eLI=T3;
zImoUQyi;a{%~w)VQ{z3MO!hbFXyyvN4`zm;OEYkB@vURmdj=R7`O9idMcdvd6pV~z
zHExNUis1J@@YEs^;OD)J^dQ_;$Y%EtkUH^$;W{8b(vI{~!21Rp3Va0Hdh+dEhk&dP
z&EBk<f&B%M>D3h5mdB**gW}nIABS;|(=yMQzigZ{Iv*<heh)SSZ<*vXa_QO%hqql8
z4eZ63PzNi<8tNQnti0S6BWh!brrL&i!!%nK4JqxHHnyR<*h&iWqovr&y;r;Gl3zM<
z^CK&%4aBkh&%UXqDZOxHHG2T5mM*rT=S~W;n`yAF9BE~#fF}fL<x=S#GQ~0vTp@*(
zbC%AL%`LXc(X_o&)ih(<k~+om5p!E##ULGajgI3y&-c<)KBCxGeIHfk2)&1N><+;S
zX;c(wGeZdfCa-c^|H|uhzp}#>$MF5?&I92-%0;!zOn&eqyV%%k-kj%?#M56t>GGB}
zGZiEwGZaF`39PTm*nDf)QU$-JI;9&=9MtnRH$edcM*0ELO|62wa4GnXAcQZ@lUOJ1
zyB#n=L2W>3SWSrs8A`6P8VNS=GXh*&$6lgUo}dB@ZJf6D44mk!4)P`l`7dd;26{Kd
z0~gSnc8GHCHpYd0i>b|9f-HTZI^ML`B!P5Y3xCc-Y7DuHELT!ljr>t79{ftY=YpiU
zVQ<W$jcZa0dmj$=Y?9tzlc%Kg+*M9^K0Taw+G0#vN9Q@%uY+QC%1+Lc&FK45^*ePp
zTl3<UX6%#6^4HR0_Y&35hWNh+ZtCp|+4sK&I8P=euly4Kl7o+7NL*!qT;TY)t9AC1
zSkc^VqDO564)FMNY3uj6pK)$&Vr+H#>~_)Eh+ROAP-M{Ya0RCMEi|(8g18Q?^mxZK
zw(u$2l;M0vTGo^{&6VXcNHWs3u2XKLO`IT8L%TwI@A3si829WTq%4y!5IChBzmP^a
zXhwX`CAI4Z6Qt2m<x<csSVd=wpnNsPK(Cl^>O~KN%>5-KHSyXrtOnMTCRkypoer;x
zK=D%T&j?38rYqUi+4lZbec9a^AVr2`sls1=*HjBi0q6Z*c@MN^PWBgrCp1v~b{+`3
z`Lu+%Jm59ucE&%oXPjkA%aikvn^bqo$N7*OcBXGCuKh6s)^5^Ao?~^rWxR~Q-G`U4
zc_eh46W33T&E}5*KRAlRi{7iO#8;aa^w`wRi^?fp9w929ynS5t`RmlRr!R|7uHu92
z&5P7}sd?|wxUITt1t*_+gtJfX-rdK*ku*#)-S!>&aSslMuNrqB$tlg={Xgpq#_N;)
zSHpiEms4&FL+(qaB)X5#f2Z`6=5j3H`d!>512CY&%Zv8C!caajI-N|)x!)^n)#eq)
z&-h#o2adFpMZ=oHh9Z|hmU!RuM+@bY$@V2$pDc?L4zAG9$pLeQ3p>0{oh0uh*aiD$
z04tSt0F|#<C`Igj6zUMW4o__JCOo=_cHJ5J;$?z#R)stjE0%|8Kd}mG#c*sGHj;wZ
z18vAse&Np+x|Motv^@jh>-I+Jg{iCc-32;yWsuHOhz%umE$dA*b#Eu$>s_C=73^#C
zS6ZB-;0RT(sa=7^KvKCDDL#3bi3FhbD)A*`Le2ExPyNy1o*VUY%|_BE`M|Be%?2GA
zkRS5}C62UIo|0ry@}^|qoBMnTPBC-3mwiOni-QyntPAWu>o0kwX(WcxaCeJ+G%cLE
zP+Ubp8mz3Z=Ip8$`=|wk?i)Xhz_AB};a~0=Lw6&K4kC1bsMAojYCDCmgVJM8>1oYZ
zGg{tG^7eXMZsU`ik9{0k-lEg2`umh-sp-DCwDrPMCFj&?lp|VR^OLvHxiqvN+6E`q
z0scSBUn?;}L|N6ozZr}+a80jgmCiQ*U+m7my6ArS1*kO;uI}Gj4gk+=K<^MRiOM7L
z<}k7C>XC}tPbKeHgm#NX60G>sfI8)$3NbSm*D9KL07dq0_;bU=2Q{^g=laZ%uz_b^
zu4UqfM$Cpq(D)cRyHFdZjcl%*DMkT{fL-49WJ4zedQ6zc0gYC`R_a3VitwBwri;G=
zyGqJ?V6<{$_rrl(doVp(0#viB54}_*e@L@SHknwX>GDE@G>K2;Ce7S~7WgV!fcV8Q
zSqXK1K2a4~$9JOz9Q;zMIWM0Ou#=^CVGk<cT4IsvFQM^qKj#3K88cyOFRO{CzazwU
zmh4533n8IO34gsowFH(&*m(ob8SyS4kd%YY=Jh{b-RcG92)@ku^D~ecUUh)Sec>1H
z7zn=2_Z3n&`@c<c1-m3jZyGh)fFiE2oYTw)CJ(S2-Rd{^9}E?CEv7EgQT5y2HFrUq
z5oT#58RMQd3fDY(=|O<goNs-%_fslKt<t%U_J;>X=d*HYI@(y|{%%AknXC9J%XQ6}
z9cyyDIAtm5T1}0r?q(+)W&7}Rz9fQ}!e;xV;D6$H_^1i@kz~^B-Td=|gW~n!`K#qW
ztj$TVMNhyVrK7qL(?Ne{Ke%Fk8_wkE1$7!-m+*wc<Y`?>B>(dro!e1z&S}on_nHUA
z{gA{lGJlaHsW|_W^+rBU!$qWHV+Uy;@tH$G;GhM!j>|0uOPWNND-m=jZA6{@b_E}=
zSV(<Kn2UI$sSUg#YN&F;*7aO!P$wA2Gg=Guo{jEja2Y|7#o%RP9Zf~l(&jVRHM22%
zc?Z3&_!V1SyWGP_X#8eCV0y^V^cXWIZbyHP=P_@ij~;0E@OWviIOP`p;p2xOF;en`
z8cMwcU;OQxJ-tf1G`X`tQN3A{uvlDE%c#7;ANX>;7Blrp=(%;B*Nvw4+We<2od+YJ
zmoH(5v>qQmSB>ei>ggf`Bs-xLCUtIyCIR{Q>Ow(QdBjg0UG3UzQO^Ssb&UP7z?2m5
zylq*9qXrKF;{S)MZwidF>)MWO+i4oxMw2v2W83D$P8-{{ZQC{`X>7Z(zj@yO>_3`0
z*eCb$TGzGL&gri9C1E}W$~-Qja4wnESdV?D(BM3%2+;-B^;U%3kK9h!U&;aJ*5rV3
zpunhxOmFu+_Xn_ULsCCAqmn>%PZt<hN${uwtSb^(&8aZL-lz{5F;e#)pwOnbAyQ`m
zAST@3aH3p76NI|eIQ>l-0dHYw9WY8o@#gv0mUpUD%02?KZllW9WD#+rI%rUzV8oFA
z#MLnM6g0?@lv;EgPM!}%l;nLhwvW1D<m)KEA25sk;|6(;jg-#jOgLC-sBp3?jzVW3
zd5R#A*sshcjv9cOGHS?mMrod)$hPzG`$Z(1m2&B+{2|a&Vh1sh;sy?^&SWJO%q5gE
z@BRiteTky)Uc=5v8!RXqfv_GLSxobpww{KG7*KiB>fmt0IsyHw;A@H6=dqRBpV>N3
zSQZidmj@FuR8qF&BN^j-t^8bB-CRIbr7nypE^<U6XzlE+wES(V{ruSefKII_{G|kN
zOM*4t)}#Yjag$JOHt$SJ8}@3z5`+xfYnpe>=DmD55n!ivRp#81miuL2Lc%KW<27~=
z$Rc|Cu6Kl;iRnpPZI~NyqW2%Hxsm}z<_tmreyJT{>fR|#dn|$VA&Y{gm%MhfR&PCX
zkM}5N6ZY3pEv?*zm-uSiNiDTajb1owJsUCVsTqrI$vpoZ-BwuZ0VxZ@&Hx>;N_5Sl
znVO-Xo6X9gevDCievsxe8@i}FG4atZ{*hl(Sg-A0W1W!-V5&$^@XTf8uc3EzQ8&Aa
z&wuIbCx6-oY#ebb=F#v2aow$@JHowpnT2%tMsWBL<edNtx|-A!yB+voPG6>aBF7ay
zjmMvGCtXMndAp|R(jl{0iDObaD)3y6p^qCvnLYq%npBPboYG9dSD>~q+)^QIy)5j~
z%8#nB^=oquKFeG7=VS%Xq|vbo0|%y=zHlEG?sad0Z#}}DuP(lx!pzMiIGEY{d#_h-
zo71J0Z`Zgh?sVG`TL*(k21IWV`~+Q{?p9y?P*~r6oG|PGHLE6)1vZa(3NGgB4C*PS
zLLKu)BzauYRo6yj>L2_$Un$7sQ8QB*1-f{%ocaT7ti~qI?8>tP1kj?!ti~4zBAxZR
zS%2|Q0VTe0a^A7TEef!Sn*>WR^so4eo$~?`W!assv*m7*vd$GB1FHPpI_(Yo{Do`T
z(`9awK<?r-`b*=SU~A@9@1^1+RUPV?ayR+rr$lRJTE!NTW{tnTwW3WH&6ErUjcoJ!
z|0!l}kY+9UA4HKJ?XjG<&8M|4ydGUTtO+yC`eLENaTIFD%2-SN=Bl#5=DkVYx&!qo
ze}OEq>4-hgkFdewT!{^f3|XnNwV;~2pg{dqNQ__o-*r>%g#ekuvT8cIKS4kxmyj~L
z&3C*2PQ|XDJ7N}5p(R3#Lak(GLvtFgB8isiKEX(DuNQZRn}?UzsjZnR7yO&Dr8iRJ
zZe|GvQmwVCCTCm?yK<)0&g5jvz3g$W-zrfWC5IU%D;k|`LWl>>v(%2O_~eor&;Iwv
z0?1qGXRa>T{1x!<G-K&XJrl6p2TX6?#?q{9<MhNa?Y?MHOwAOxN#+S%=55+iu<UM9
zTn#x-945TvbbOe?2{J1p7|1Q0tCpVA0IQ~t%yXp<U0(mQjNseO2Dj%v)z-mgqCOn5
zUO5CzUftsd-fKiwibG6M-;R>BQQ~%!csPXpzQ9mwr1~8Nx$^y{a}owix6FGn4?io(
z@n?`3xl4WwJ2{qajgE=JAN*!Au!e4|IxeG#+byWde3Bm|<y1rlXgEz2<tX$d5>mdz
zVXt?q2DLN4Rkk<uKfOG?J$?P!c}r1(D34AMcEK2!kX=zrs%lCxLEs{lI^$0)p9n|D
zP^p3_&F{d&?=ErJtS<MXh=Ah_SWo$!<HX}?io-0zL4RKEnRcg{XzqiN(`Yb;AotN|
zdP2Z{)tbXpw8lE604ldWz`ta2y1iZ|%XvSG@S2ueU%kxsH{tC1V+~{!J>sgpnX6%!
zb-oUIb}bm51}^x%HA++~bkuI><h#Pa>n*=)TQoALnx?cE1>$2eaQ)M#=C7H-*)1>W
zm2}HO8UtOKFCD_J84scK7c*`=T)68)u8qmS_gI<pXbZ*s-elz#^bn}IWqJ_VBP9iC
zA0O)2ko-p({@Y^T&jMytxE`xNqp%BRLl`9ozJ{xt@E5_<Z8Zb*IX((_OHvrbp7BO@
zLFaN|(}I1`adCVS_jRHbnge?G9gK4#gc)rVzVb@~)(Q4s%Ze@n6^CLpe{CeHktPln
zu>T?_ioO1tWhcwQRs9#qG1fjvxocvIRPZ-B))oUggJTTep6IzZt=mp&wsFVS-pU88
z>uK0np2@_<=Ma#qay-?Lmc(Dr4nsN@IvRPGmx%x4K$ONgEobmvFy!<!8~p;w4R*1T
zaNr&!X{1Gsbq+yPIRn68#pJY6hfLPsJyFRut(*Z!(%>b`-H`^NRT{WrH)m(2zCf{7
z3Mm6{ty)Hk^X9B7hiQMftNH7LoeV)f%wIw=>E$cta@Bv+yp!d+xpWdrGd`^^>kB#e
zHa8s%d8(iC4dZ`7TE^6r*2fz&pzE#=VGH5U!AiCn40LJR%0N_#c!UMNYoMg<qeYCt
ze^}9UnbEhBDN$o_-Oz;mqZ`n@SN_8!6Gr4MXw5p{ZF<pAir(nsX!ftOVI5{r-=*#l
z`4(QWxbaS5=#Pa=*`YO<UZ|h^V=N*B<w*fD`D@onf>Tw`$8!R@er&2Q4Xid6%*ev&
zNt9?$a=Vwv^s!W)Zq2+-lxVxP@Ly2*5$!q@RhNWv{<8GoiIvV)GpC8B1DLMa^lcj7
zI1^YAn?j~aZy)`Ds*T{w9fo9bZ^5%`(Du}u|K?0BA&K6OL7^dbAQL92E>_f<P?x-x
zjZx5&k3muSNJvkvzHTNIi(x!Y+{47JAyzi@zrz>h7{*%p4af>Cm2q*dSm@2ce1U6c
z5n*bGn-L7Y&=Fy;6h9;cH6(0h(Qkpp`Pk(dW(2fEt$YPSCVz${w<=YomMkXkRTm8k
z`6yT}Vf*eumH3<wCvKkwBH70YVv%ohV!XJXrX~#Sb+B83H^SQr#c7PMs;XR?LP0sq
z1+GA@iQ%c3>6mZC+oW;$J9r}f4GlX4t6cVuj)ll~#o;!e0o`qJHG~I&Gl<#H82{Kt
zm8cIEXNJV#u{ilZi}1FYTwhL37^=ea;o<iDZR}w4kqF%_dCL~Bmr^@^Iy8_o@oj%^
zA;EHK9g#yuA!>q=h5sdj@do;P!sIsn<Hj+1y+nUj=cl>h{jE?m1Mefhqw;kK_2~)k
z<Mjm98M=x7{2Br!1d<=-GmuMtR(vOQW9baw3{i`53?)Q!<1Mq3icP0Oc4Omkv66rL
z5WLgX!xwGPJXbvi)DYPxjI{KjEWKSXxJ^|My3;)?i{>9m<~K*!PGhY%ro2*9ejc%H
z&#`{BDZ1HN4>=7NK>&ydnrCh>hIo)nWkKfh{l*r~LG^%=M64qgq3Cm}@#&zaJh9#+
z3g~@gN}k$fqK}ugMwWgK*l8Tekz8snrXvwJjjO@y<a+ovB=`5pME;Mrjv@h?j;2W(
z<kYvOYt}68u+Uu)9egOPT6&S$;t3+3j7UHI<0~0Sr_1i`3(3n*;q4z;4CK^Rimw0)
zOJV8VB6z#G@ihmgj+(&1TCi?soDDAEQmjVLL;q6DO9QU6VABeBuk*~c2~n$gTeGun
zE#%g-2~pO5*|ojhO_X}38L{2XNTC^V5+Rw<5?39Z`20H-0phB^iEHpcMX>#kq#lT1
zG3R)({B(M(mSV-W+rM$Kp$6g>)Ts&^uqyMDLTJ$@>P#FKat(h^yptz_k8JBf603aR
zDMH!`hk_UNiGB3iamiI-8Mja%LVC0-md2Acr)h>`Tr5dUL)q21`njD17Qk9L4K{8J
zq(1dDmi``3Y3}3^LV)q}{O!NSg6nDO8&YYp==b^|$AfV4Py|C)$#+qa@8E%Or~~5&
zp*oms2MZAnU9tyUVd!X#k<C~EQK>bvUGbxb)*WGaa4b-867Vf6LmlPT4x)tU_w>Bf
zi~*}o$k63T7#c}%nI(@aQ=vvpNk?MIs&e0g60s7mQJmjC^S~hP^pWE!UPLBD7j^^7
zv3@{R;K*WA&CMHM3(%7UEi?a|r6Wk&6?+}mX}OPtIRJx4z9#e2F<|QFU?w<74WCtg
z*OD?c|AJ@69#@#>R4~X?7vHIa=2MU#kL&#DDlt#?G*BvkgTzaM<FdO6pThx$ELWBD
zEcN&MN6H`f_Em2gOO1iu+e8w`{DvQ2?FtS6nV*>FZ5{^0Qg=wrzbfd1GquziBw2fU
zW_#mQ_I_VApm}H06e-s%%O2i@idGEc@^B?oTC`N>%(HoUYiC%7TxrTeBK-jki)_yK
zRaeP&|CNst8^p$4o&xx88J+*BcLM^fbJFr=I0f&#tX{Tw8|`#&1;meaH;JkvO5<H)
z&{U4;atf7ii=K|^xHq#SO55`zXh6<a>7l;fA{-lG@zb<ma#~G*&Z%Z^Tus2cVowW{
zE~@sll1Zxz53HD$MmaPz{#9w8s0W?WEB<T3q4m^mPq3Jj$x&E3Z)7$htp;8To=uS4
z#b^yKX0Q$#i(ji*duTTndsUp)Y7Rmw5fe!kS){kzkB0$JRRwuysqhh^{>bSm)25Ce
z8<Y%+^$qPPD*nhO@I0ttB$0)(z(0)<Je4(8;#NNBV~Uc_eN_56XlyG}X=~g;0JgsL
z%1R>G*&_+mu&hUO`)yxmeZhsr-IpRRi7=4?NPmZhZ~V-C+TO5z><t<$p(^;w_Wn%c
zBQG|PII%d<vKQDz?CRI+-AR?a;Vu)(F+WpB0`U8?D>hVBC5E4yn4jo0QNRdMO`+Nk
zNA$kzmdcLGE?QH)2Kts>6~$F6$k4mhExO<iZz-ydqn2~`#9!_9hTYg6i4q%!8$}#@
zh3hicOL>I{4UjwUdovM9dCsjDh!qI&*GM#H(Nit?w~J9|NFN}Cr)vO$hrS_%->YM^
zD0iwzH*u*-n*#kzf`_a-r;e4R8QKR|4v!GvlX?DkTu@D#fnK$xEKU<WuBtHIl2MhS
zNqt4`Kcy6%(a*^>;aYuL1BH~yjBo?IW~jD{cEiv4&=kwrG`)JGC%R^g%hduwP+eJ>
ze8Rh@6oPZfQJ!^^cMbmlPfc<jOMHfoazhFsjJ0<7^@52m=sFw(kj{;vs?Vyw-!&<Y
zDU%N9=5qF_5Hd*qr*M`(jM2XDoBC=JE6RJUwt)PNx(wfR&H}!BxRIWQV{DLbgwE84
zwH~@#qOOvrw1|M{J3in^!v{037!HMgXV4)Hw&mGLP_k2(uC}-XE~m=|dL%0h6W`DP
z0X2#H*^~}w_aL4eBb+#07;yL%DShO0cH>{K`BA%?h#KDSiRJyTR6e=S7bw}~8(JM0
zSrP1U3$YG^8~C_;m|5q<C&`87OppSn7a3e8`xjvar9)Z|iLlzn8yxd6M%2~zj6D~1
z)jjjcE4URSDDgvG4U!=KEKpN$Kujo3Qn@(Lea0wOOdj;|B|@3`&u(Z+28#6V8!c%A
zdfxXkhCn&JUK92BtdN}HJ*&Yt?RcyxZ$-)<rwtX!3$JBSq&IbFpD_>n%(v~B6}}CX
zu@il4)&T_oWaaP&%Z4`4Gs{QjSBeZPNSCqZCuRy&O-E294pYm-t|%(*Nj5(K3cBs;
zrl?I6r_~I$hi;|VRt{y@;}stx+VMcQ_Sr&gtpt`6fOB=2Ocv;H^;nMej}%avT#8^&
zFke;*Yr;KaTC1d&P-k?Zhj_sLF2NUxMUkyb-e49yW<hrdS{TFj7^{W3kj`3dynm@?
zEymY4><RMFFCQ3^ul<uGV%whNkRjZnH85yMl0`hqPiem82zd*RDRTEwAw*Qmjc7YU
z7se${@=wlGv_{IXl;}nH6iW&1rC<dDTX&x$CD`|S%{<QZ9j9oiUF2V<3Pg_Y)RIlT
zgwb%)A$3<LLJZ4FI&-0a+448bxR&`-=JAA5wJG8Id-pnf!+Kv;jOo*Au%Ii6oxzZV
zWU#q|1QLvX!<2I^SdbUgjFnA?E=r_+n_)AhGPso!-@gNd5;QCxigq{yy3=$Gpp2Ql
zBcFf%9G%?*$3@TyS_ZvrmUy}<(77cbXPHgv0h$v@y?KW`-a(@BuFY;__HUWGTlO}R
zug!wQYw6!?w|<xRLESplu|afMIRrW~|Cv+pVHP}rGymBTW<*@Ktu?m8Um5uEUj@e_
z=u>CF$PD%d1fV>&B0XM@=%v228b`$qV(xz$ay-uJvKGx8glT;(X)f{Zi{EfI_}RL*
z_$Y9Ha5nm7VH@HiSzsgho;6DGDP8oQJ9P?UPwR+$N7)r?jIY#*!CUXhqQF;N33*ZR
zMo5O*NG+cuGBQLZ?tyF(g3{$p9@`B2GNir!b?c0JCK0rND!_l+E9(+NihwMZy!031
z9<}4(kNm;=7{Oru{$2cFx|F==KPn9Cx~~m%Zq-nRn58)B)Cgc*0!_)Gn7!QST-$I7
z12GjPHjYUpIP1-H4JMY!akk)Q^u%GJ{aDwQoUppZ%daRw3k=h#@0UTU8FoaI;Z9jm
z&HZ|~O<etx@Zz=-Yq`(opK&kuy+cO|avu-8Lgh=lVIEpET4w$6aN@#jN3!(k%!BDE
z@pKF++?6Bj!~kfTFt)&MC}0K%m9w!G!^JrdJia*x>U((XC#HRR9KF__^cDjB8TS|I
zeOpXyWa=a<`E(YOM+rRTf32{VIsZ!}Xy>DGenVcL%`SJYIGkSM1-0X<*^PTM?^;W|
zlgj9N_BAs~;m)q|H8ZOUt}_c_W|3!E*w6C>1lj3~2$RyBQNmLBI`L(-B84hiMf2qc
z1lf!>F7`oCrMwz7v#%9OxVn3Q_cS1HGX5e1*Qb6lUn!eT52y=@0P=Eq@8GaYS)1o6
z&<S$xGzC|e!hV+$;KD+kQdfszg;ogPkh4e$Y8M2*od-g)Ky?h3+tfc*P`RidHte8d
zP<T9xGU4r?+=X`5p{L3vFrE1bSl`uC2`W+!|EXYKA^E*e^>RUw6V+n=un-cF16Q0K
zZFfa8<Cv8%<uw<C4Z@#5K!~UR%Vo4^Pxp(LvlC3O$(6g<<)|Rf$h|B}f5eX1>3U`+
zv-^{Q19Pu|-nPN#!{f#0+2lhjx5!~IH)ZC1`LS$LkdfOMM#C+;CW1ePFUs$+LAD#~
z@!ykkwZobrgddyHG%K-7)*0znwFMTt4oFiNSQcn%VWK@eT+hB<9Amh#PwkncD`QTs
zah6^&m#=j&=d2nHldut_$y3#P$UaUxZJEO@a21*CqOOHbVNz@qMs)(EpRN}?v%}@H
z3`5|&6*)55g=d9gz|(4IhHCfF3VOnVGf)#7RiUx&Du7y{4;U?-oK|X<$tpY}QoE+D
z_-|Z*u2$QFt{<wYfirM8aW>@jUlXfo0A63iM6nFa(sW4IG-w>Pvh<y*>)<m984lU1
z3<3gIF@!*=52;e`u?<X9W!;>Mh&L=(<oi1*-v#~wrR$}?W1w#P=U+3Jm+wUO>^GHL
zCQORbc@wD_RD=f`n6Z!9*SDloWc?7wh^D4JYIG@M8mWTObAcoRDfAbDMTsXw5U%hK
zzF|-2=-+(TT-$;+ne%r>;i^!_$MOyHk=&Z=2m&+F>1Z4~_FmE-IlZa0KEktK-l+(k
z?q4pc2hL4QRu-pTi=AAr@P%QQR}Y@G3|-n6XTsS(Q!$UTc#elW#rLwdNc&zr+=tpb
z$em_DF>A=Pxq9#p?U=gNu45yM2NbiMX2S1sFpfbnOMUY%bL%g?P<9PmirurbEYJUh
zB##=+jyl2;|Mtavq1sH7+d8cLewKv#mc`}}$@VoNc)HDcwC8v9=Acvy>AL8T;e%Kk
zO2<s%^!vO_&~QR)P;LR%e4F)5E0Cc;fRmKayxlCNw3@tRMS9yQ8Y?RB`Y--AeJ4%-
zMb2aXMQ;@Z$2L0AOvz9{7fW70aT`TN{U%L4%+jUB)yEcC^CjXBru{-;?@AtaKD%NP
z4>Ncl#rNMRmxDTYWhVpAjr5qZYD}p$0jK8*2ujOIk&lWb0raj{^20uALtML-dU|v)
z?`%%YiNi3vvdpAuk>e)2s)Z5M#9lmA$0{qwMRAXf7!TVC`sxEK_bO+HK{@IJGbkUK
zRe$&C5~uq$x(;aw)SxV=#??dYISXb+%ewBkb%Am|t#r7EP$KVdEP)OJiWXH}5K-ME
zK6^`8iTy-(uu<Mcuy$iv4*BOLd0&BesC8A&nz?U2VSJe0V|wA^VS5%ht|En)txv52
zA+2SU;XjwyAoaV2!G0k&!$?$UuW6$>{uDEdW*!R=I-x;FHM6!-fn5_-fPr&WV%9fG
zL;ByGXGFK5!~6%uV@DYinoCnR72lK*5UVPpI^!Fydh`1N>+LUvn%9OE`tAKxN~yx(
z<3PRf!yV)O30%u}>nhvghU0{WXEaUlr0Px#VDV9!9Q6#VR?PS#cw#l9!a|&F2#;q-
zwgMOZq5&6NpK2P=U9wP@V=KcUx;4<h2Xq;|4L5D7?c)!ViMiVpfkPRc>E@Lxr-#n(
zROszq2JNS{4D7cG!#^5*pB0FI4eX6NI3L~JK2IfiHb4snM{>NIE|>-PAd+$#g$@0I
zfkyro$GKy0qwMvDA`XPtuA|GSFk8+xhxsAi&siQ&BWn;%xZEB{^5@KEHy-|O52vsH
z{Pe9it3hM&i}%Hh$7poquBLW>6q^OO1$+<mIt2`H7@m1WdUR<HNOHe|dArx7j_SW!
z?qVIMSs{Mlta<oq*MnAPdQ@%NN%k$RYrbGMtlk#90d*x2apOC|qYN1)f!(A1d$}@u
z^-{5KLe7w*!%@#Za7Tk0Xb-c;s32mBtz*4?tPxT`Jizch`M%)l_hmFr^jxfyjrlIR
zObD7COHWS{<(1O0FVV5+FTv%-Do2LVC8uvg;M*jslKCdU372CmCQqpCw%cb&cg<YA
z0VH+hs~?WKrFK(1k-6gSzQF)sdgb%kOx}j^TO&wmC5ra)tDV0AlZ@yf<UUCy-1&Q|
zc>6~XKz1T=I)5XJaootMl~>ShY{PETyj$!_U8ir;n%8|D$Ng>LTr>!~JZ1>gRQNYN
zGYZ~-;0_Od^LKTAy!XfA6?Ss6%#G-JJ$Huo$)c`6=WYYv$gBi6LqMs6UPnuZlGW@G
zfFP#d=Y63w4-+5*DvNi%ZA&fPA#QJp6!!I+XPD^Cji+vrM*Z&2{Y6voH1;=^HVeD1
z;ydT_CBr(5)!Gj+d3g|294ze)CUI3J{AkOkgeB)u@AV-7+>4SRl~;-0KJaNAh;Zy-
z*$-kb7{~5*mV_R8cRn+jVbxCM*j#roehQZr7TlplVjf6xqI_+_PT_nMxQSqYq;AE(
zrJ>}oM%2fVWJ@YCY$S2-H~p0`3n3Z&QaNhmn6!R9Vb%!ol~DV1JdDBH_{EyiWBkVl
zj!Af~X9*W-mOmjJ&l~C+->}tTy%4T_xKDBwx7*zOZz6coYbTCM!WR>WZPeWM9nU^8
z)$H%l>6`d0Yi)?XZbT-hNZW+Rk&gkA?mSU7T+YJ=>-dG0-B^X0E6>01H?tbt2TxLT
zq(E@JWGTjR6qAL^+xSUJ5=|z1$KexWXz<06%MLkZr)%Z|LcE?Ycthp!n7vI2z{LM1
z{@0ZxiLXlx4zL(DYX*<dVl?XP3^wr0kRy@QR*Wj<*n&N&5{V;TWj35}f>WI(NoSmW
zXLaRmyT`xleKy)|TL`oxQ;J)|ZR7QlGE-M?N^pO|E>5r2HmW9$T}8ifG@%qzWN&gl
z06ASMJH1>huAnU{TsN!tM>meceCXo6>`#_9kA;tKj(-*5k43Rh5Pof!ksM$I(Eq|)
zN*>cPbSsGokZdpKS4t0vi`GK`eTQOFdyXSfl*}--Q!satyrr<zP7dDNHTvjJK2uXD
zUP0W;(=y5*rmDx0q*I*vcQkSMIqVU5>hN7LGFDzyqXKPty)=-L4d3ei4Vq&j_?d%$
zirzcJ<k#!w3cm1LII|L1WQ9t(U{`pHig(B`au@NFNo(Y`kJMfxEdUJ=7N%|9OXB|L
z94?d9WFY4#0y&3ts(8mokPFB;81WXSH|mLSk}?;KLXi%a?Uw0-0MXEjHSyx@cB1Ww
ze}mgUp+^FF^dUR$!xr&PATQI(b>AQCxh``uCr+K@bayfD_xtpe>A#>_%ygP_B46p#
zcoDjOoJ4wkT&qa2Bmcv_pDSV0TSeFS1DSo&d|`2)qfSrX$vwTrbRx0kv|_wgscWfk
zai?E<vs{wc3ga|P+1H#`6l9j}Mdp$w>IYgb_hcVHo@f!ryg+u05?dmx8WQirmX`HU
zEIM-m>*1cT+G>2kp5CWF-a+!`RLhY>6?%C7(fnisDI{LsM+)32K@@b;N-38I38Hdk
zf@eWSA`)09ZLPJxi+5NudWdQ)_7gM8nbP-)=gbLpX_u>jJ#elrHas*tD#T=tv55aM
zoE~D30}V;S(BTo*FFZ?S<%mV3&Kgey1;eB5{w^q1%gtXBOTJyG@4^%PPcmT|F-E8L
zlr93d+ei%o^Ki`(r=N-&XX(XeUFG4j7Kpc{S3bnsIk5`#YpA3?96!3S9(VmP`d!7_
z?LJ0k^Ivp|1L}e`WblryHMpjC;iM{1Uj2%}F)JSZ&)%&^qZ%?`0~;V*qg4Ze*gM|Y
z7PY<Hqna$P>L!|oL)eg-x*aB?v>Oc|rrPQcFqBvBze&)26=2~JD(#LFY~k(q*B83r
zvjd^xbGwRo-!q_bo2QdSXHLW1+5_XEFvIBTCJJEp#u&g<<9XGIlun)U-;-WkcqkHH
zr~!<+nAd%VeR962aZ5;n47dzsl2fG42HAzlkgRTG7lD5y9sglCE{ydDfbo1259EU+
zwRaoFn+z^JG*@X~T>>vCJ(?P}ake-qe^EZM(%<L)q2N5Rh3utmuU8~HJ)a1wPfLje
zFKN8Am2+%oZLMec-s|cXvvT-NFPiKd^~v3=8T;g`iTLfNQPa5z6jN90UIg^-%I^a}
zcDa9%macMcn1&f+%&GV_EP$R?D}V}6RxzhODne73BF9@+@Lmz7K0KMpR`{r=`T`%t
zKh*qFW!%Cyi^oDGuv#itz*IoOI#%tNmXFA?7aNve+$Tc!J6R00$b*MV!Q^2CmM^1_
zu*dn&Rg3O+dfqnuDSPZHHO3e}u^NUXSw2Z1yVt~-boMJ|cg`yIQlpWkr3p>!OH${7
zlZfwQp8(IzsJ!G9ApkxbLNW5!7-g3rl^WQIE}_B~Eg`L|BC}-wT;ek16FxdxqjCxu
zuNa!_TIoh|4`AnEosk#5f}b_;nswv{C$VHb-4sU7$G|PU^JE#30wV=Sb$aB+^309u
zdGXCs*N8(z=}}TQp+NHnhD>V4K5a73s0we+nu0)ck-#eGynX{IPIktkQ>a|&f4*L%
zatZBHk-b=MH($=L8L8j)FT@iUqHm#|e?lSlKNi$M48CeJDvauG9~X1Yb)WTclasBD
zL!xP4F{<I2Rvs`iq_C^4=grUk?)2>QZTMj`W2W6DggFNJo54Yn3kZ3iOB%q175E2g
zChns_!27J%5syro2*vpOwMi->ZiDzp9n=(?4;Ud;9}gWOZ?r`yq-!ENX7`^8$BI8>
zg~VvW2Uwr)nG=uhK4R}%oZd)R!w8B6C>t?K;|LSGsa)KVsd^G)Lm<vm7cO(BWt@XU
zS@gjioa`JtJK{J4`0UQ`1l+blL)ceXcY74uy+H}Vp_0}1R@CN=_EeL6D=EAs!*Iea
zjH*9D2NvZmUjp-v;XcX+n{3;{(+JK8o}rTx#&~LxBDtUf5^H^g;!c=f_&c4zKp7{Q
zxX~Sn$9Krz0sV+bia07O>Zs3q--|q_Nx~VcSba8&*jfm^1vNF|M!{QQB!FUccoC3u
ziZr~tp`gV9Yl>vBfO37v_Kx_D8aE0tQ3a2>z4|ciD)cqTZSy2DtWlHdxe4$u*k(UN
zH8M=E+lLS`lKF+WJtGYb8j^oKkJpt#3v_=WBn9izKNfbSj9}&U-lm#ofuftZyA{!r
zn15oqoIAWkT$%-)6PLH}_3V1F^s+&@_w)>ud&M<Ub)L?ZojWQpj$JrGq=}yzsi54u
z2n0T+hyKt$cG)9OT>dZj{<N_Gx4Jwia<%bWN?JQay+XY@*jWfZ{wo!!wFs$T5f$BP
zGE$Wt*kAQ~9h#_OUitCrihE!QZQG{QdR`97@66kzB|@PIk;zwK>NXl?W-g&-b^zmP
z9qMKRnhTmo_C7&>mZDIY19r;iuz1NVlb7fx!@KBw67olUd0R$)HhI*a?<R(^QV2DD
zQI>PZZ03WzMn6=3l16}^EoB=T#i0!JyAvB3A!!!5(Q*02^5e&ReSoJ9?JmTMfk6d7
zQ}pRdw8eOd^wm-H+L2I_)CnSqi>eX&2HkbG;=D`v^4Pv<3FI02ztm*|W#n5?LhW76
znW8{^4V~=N0-Za8UfRtJl}G!NWl&kEXD#2Vx|d~t=wc&$x}5OO)LS2zqP<0mvyrhF
z8j95Vzr?8nqH1)g(H?u)=y;s}gQuuhlDe)B{Mes|s44F+bsibrV5O{)d0%f`#qzNq
z!A7!Ej)Od7T|cl_y8haA$tO7Rj&83p{Tsr`qJiM>i`Z#;M>iB5$R^tU_o9_Z_zZ#S
z2z<+%NI!Y(Bj6{_w`(@30J9{rrQyKR_&}}|^_{B7(SS?xr~F(J9%_!3zCUz^bF#CL
zzbFt`0X0Tg+6k;HPh<jpaM4s&mW(5|#_*&0dijiXJK@q-s-_ULCIBj30XM|BNfSdw
zJiNA3rRsgWpgMXiu9ugUn|9v8HQA8h?ad2l$Ko#bh~!(>b@Y*p?ayDL%Nq;sfek5o
znx_Egv|@~77Wz=FH~7Ys6xz)FDm9INp+B0A+z!aus~-p-3Ch*Y(18^Psx~$=>mx#K
z3=Ke>XAgy8dE^emd2B)(sb7tBu;Psvbj10i-1UwDuz_y1M$0ScsxKG60kC%VZpLlN
z((o-hN@s$hy3Q1uUPvi-rznEKTU27;Oz&wg5*;p7un-~|ZLt6Ff|^Vdq!|l=yCRYw
z^`m2Wh{-zy_7{q?>0PkW#VOhVG7_WbqU|E_YSIXC<lvw)Ej$lHxLhqPUkp^H5!)7@
z-^VEM)PkYE(eYC((O{%-d0n&MPuX~O%9fIE6jKE$o)@r@JNI%;u2|U)m`Gzn%U{S0
zp2zkki4<+soo`%4b}HGt<8@bwpDViXo-@`zqx)C77TlqFQgj1BlDYv&YKI=yz#E|_
zC7D*IWna7NM407@vz8P!!@GL3Ze^^yBC<_`^H^WU8Ik*{W2zV1Bv(%;I*7>o!edp#
zb)<uyYbz$hR}D49x7_HL0Nx4-Z*NB%^tCKcSMF%Sq>+%3g6=fcjfA;^F5iLruEX|L
zk|;~+1kIs?L!bXjr~A$M^)LwAsitISq0I1cPg{S24Q77>?@(vc0ak#>h-}YMGDQoc
z6ed57a~4&FC84dj9k{MfO<Yw_S&cUpv*>6A0@InkDMgmEu@R)!Xu0iUC?FHIG6>2E
zQ??aMs@ywDLWPO*f>o4}OBkg=EisuxmS&<ff(c|oTmBj;Nu`3;H>M7B5ww3o?}A@J
zVkw&RNrEyoF0q}y&o&O%71EmdYn~8gs69Z>t!EUN%D%ZfL90!kB|JuK^okXZ^;-6g
zOinM`GGwwZGJ|+O>|`40!!_;3>?TNj>Sm+#3=9jakC43L$H6Gli3zvgE4#}_384v9
z^tGyRPcm&MKU_69IYZrgnDEU|n=sji|LI~Ov#aq^TWu13`}8Jx{^;3-uZ*kvN&Tzw
ziIe>sw`A;{%r?50E&#r2a(ccHRH}>;30~29>8h95_KU7Xc-KIh#NP4!%Uj)FL-vlo
zsBZ}qTn0S0F+O_i*OQZ?)~@b1*R3KSN)d6nTJJz3)`EIW>qkv~v`6XtGQZH8&0>pm
zQrlBZC_+lSy&^D^kwO%3nk$wVV|4b&b@PO^rn4l~3lQ<MZJ{`UcO%#lu6id!CYU`g
zt3nfE{=7{c4tAbu1Kv@0q5lh3?5!XVfer?~Fb!2Pc)R^Lw%qx8UO!exG$R1jOI<)e
z*dQTCjbkkMJ~7qq6c-t=4{xx8eDw+)6|)<8Q;#n6k?g(Zc8$f*lYrN38TVFd@GW9x
z;<j!Fk!M=#Mz*H|Y40Bwe=u(GGY~zN?~0)x+68>~BHO~~!PQKqyI0A;J^c&Lj!q;s
z^!kqGgCMd<HKI2v)sK)XRmh!DxKPS?A7zJj$cVbmM&SQ(S5-c!H(bc!j|jRiAw_Dy
z$&r5qC7=}0r$2$cv(`-}36(GR8xcRKVTGMDKdFpMlHih9rE_Hm`KG{ql1U9njk8kw
z`utw_xh}Of;EO2qI%27Es&WiV)t5Nt(T5LlUI1N8rNV}acUyeU?r`8VE-gA}u;4sI
zIW!tKoGO_;0-cJ}hLLqJ#~zv^E7rSqfvjxjKG*nYJm(D3dq~cIdcW5NTvks`=a<T4
ziO&*wUD4kEr*{Ow*49;i7CgS%KvaT|8j#b%iJwOrS_+2d>xAS#8M`QClU}4LS^ACu
z7`WDA2!fYUQG&N3(F>s9kms`Fm@t|L0x1-SG~lc&FW3por^QpT`LRp55EJaM<A!hd
zvAm)ZM`_Q}n$Wv(g<SWN*uFoO<{^1tQ9)>pyd!OR-VLVy_^0yz)5FTD3;&$JXW`gj
zjJE8LUME`R7JPY9<%2TsyHOk+*9b1<!grIue_0+rA-Z(VKGWcD$V8x<L}LNlg*6wf
zvnFm>2$TU{@M0G8=*>GWoG_Y)_S<v$tX`OS4}B(6;DxA|2Ug0fL?N0E7Y#JT!w;f7
z`{avC0z-enr7gu7v_pc?PF3m_b#o3bv)1&49@_TlMQySWM~(2b-ptbUh|}~6S0~ap
z!C5<BFI;_m-KT0kji>BEvNd=6PqvLZfcUb>>GW)wEcVW<)l1q&9gu8eSF5||d0C{n
zYo$;L7XAx}aHj;3WO|gLE;=DD|8Xx8hielaW1rhxOhzymxOQSP7KgWQ%<mjDvaZ+!
z0(nF7e@QOE3U>gQ$8<-?4a;iHop*P)sQMy{HRZ0!Za*=)kkCpir~3L(V37|<7f3HU
zO@$s&FgmQo3HM!TpbnO?vrHcup2K02OfG?`vMfW9Y1ZNmxCEd<3B7Q{*AGK8QM$u_
zp9wwu4-tJY`TD3Bq4ThK=eKb!Xh6srW_ocxp4BS<#QLHAu}{+>#-_4C_F);8_&=ks
zXSnCyax#!p&m?7>{o))Om$*OOFGlC}U8MQSP)L51oEZTEnrbU&)}?cwoN$zWe#eLR
zVR9V{6Nbx;G9-gMBJ51)2wTbXsTw6o6#dJjydva$>FgS^9@aRJ3LccrhW7xxgKG<g
zf+K8vLW|x69~g-QA85ba#zUK-_mv8890!&&al;1DIibKgi?o#nIBKOg2#T}~xt;XI
z?Q{tVSW>mQ4eC>3*fNRznI?j_$A|wMD5LJP+!x@u7Sw0?3xcvEkUI-u0;dBZ19xv?
z(rYPu0^(3jhXj~x1JDiAnjYAvV$g&;mR?2We{%BF3mh=ru<Yn10~}j$=sgDocvQWF
zZ_<e1V11BVCaI+x`8<(8(Dh_rTjD^{@hDO!KYYDl($5?OO^De6(h8UNbX$^~*biok
z^wILcuVLedUULN@s&61BvBKw4yj5H6T3G9KovWi#Ga9qL;rfp8oKRPk|BxmV&i{{I
z%MlXlvy7IyBUL~KE*y)8*i$1qP&WqI^r`^^B#U0j)MM-7P>bTB8a*uP9}3ZN;-~bV
z8H&E>gNTf3NR!Rt%Fo@W=n@v^HZ26~JPZh(VD?FPoRaKQluAf8ltxfJFi8AIUvE>N
zH{ih?+#bdaz}6_vqbE3}sh11K_k^-$(lX&ivZflh>)mRSjK29SD;+`Cn^o0Il_`A3
zzxnJ-hZ1#)d-XzHVjbHL(1DZ~fRv=V?xc%|If=ikxT3za!|Yjk#Oo?<z}utxLetZt
z$PIeV*VQhWQc(M9o&36^`Hq=uv-ff?BoWt=RS$J7hqYZ>0ci<l>(S2psK=<wk#l&(
zv9oPW6WR+4<)7K;9yz_)zkL+hzx|(aeEw$~H}2!aVNBeiy&&W8cYf|Hy>b7~IG#JN
zQl9$4Zn|OwEh)PGGY)inMv8&zEI5aBxNSIi{?5w2yUW|Xo#m)uP1`AAP854$A`~GF
zbg?n%Xs010-)Wj0>Mr@Ez}+T<+&1I6EKPZAUK+6Ka6;)hMS0l%!re7NXWI8ylFhEW
za^Vyh-cS*W4`$RU?|Ysc{h0h}vKP^3YN8-?Lo#VpMJnvsp(&4bWoX6I*jtarOqK|S
zA~Bi44BDL5G=UF>5Xw-M6=SHTiv^8B+Ne1Q)5zC@yW!)+$w(avngt8-pJk(A`Y({n
zZg$C2q%2qcq89!P@Tt@QrjWYEZ%qpAh_^+sXikzkY9UM<zM{5AgNAj2TX#=*VTVSA
z&L_<j_g2&TXsvFr-P+7B-A66{CMTS=_r#*L)GJyb%-ahz+qs{}U&#@xH8Y!d%v-5I
ze1i<syW_jhGg?_g=J)suje3r7YZ75eJ*OJe#1)Bgsj^a%L(C<aAnelHO9H@-Dl%M6
zf}v*~D8(>=u}%dqI{FoPr-)(-DEP&zQYV)LY8br3ebt8<TG_R<+B9_RV$liXMHA6!
zpeR%N3MwROoZJ;U`{+sV#*D=D#C#Jod|~qkM>FZ!40FhGJUHNp*EeYDaQ(qzZR21i
z(4Tb!D+efrq2~d1vHUTNBznqi5%PLC$O9pI=HmC7jH%<ooG*;`Wb(nZtcuV~TSydM
zg3e?kIZNc$#iD+7@OVT32jex}inj5y^aU~|s4BHq{NF$ps!+g)kY$CfF?mx0Og(7q
zX$hjBjs!l1psyhT+@CVT!TkzHu^>@hK7+7E5<G`6QE>9}abN45C2~9I9>X|US>TOs
z+?E=Q`luNQkSMz50|v-dzQa!}E06~>yB|;`5z!2l`XUkR-7?A4e=nX)i@u&&3AIFC
zAmo>C;`rHul56aVv@SyY6QM#FJ`En?=I4XSY`$+`*0x`FfJa{q>T0>*K@ABiG#=U<
zmE;FGF}~M#f%tn@V%Jh-Cfr?g(4)v1-1^(`V$v%dc<f@PTo@>=-=JXPI9R;u2#`f-
z#C&x#qn@R2E5Hk5gvo-@@8k@mzL^7d_Oy&q2FGZ?gpnx<W)<gJFxqdPA)Ub$3k>?u
zdDa>WcShzJI=j0%X)L%kRMO68fmWgbWIk#aLl_M?G%GC#*hlT((-pq?L&KT={)j28
z+gn|4k4M_iNHV<TNo0Gkt=vS?yRF>UpO4oL-;H{^Jy%$JpbY{Y9JY!Po}U$tzm)-#
zXG4rcmGoS#Hb#)D?b}5Ovs+fnR42{5mn$<j^#{2Kt4q|1tMzNwTIvIeb0F+Su>xux
zb|3c5Kt{?TZOsH98w&SVkt2W?h~r(Q|6oyO-l@er=<k0<afSC98Km>|`6$WeSPe&c
z>^?@?M6V=PU5+TdUAA=2ezjx+#CI<^lS^K%XtCI^PC0M1S0f~TDEpV||8+OpOSruy
z?Y~#{N$4~h|JS`ts!fAfldC5<*VGpTvKu}3NB_bS>edH+@9Z;S1S(urrr*!x`<p+*
za7WLpN2pMh9<P_{t%h7(=e!rEg03FhoK8(WkT3mRPn6byecmf1g7IwS9J~Ho?n<?W
zZo$`)yPXp!;nKT~neVX(m2TF0-=79&|K%%?v|pm$@IJ7;%fcWLVD)0CnMrpGx&J~{
z?y6jpQn=1nE+O*R__(ck?-?aN-ux<aT?gu8HVPpVYZ$9*Hg)s!diwY<2rkPEoagrO
z^Twn4%E5u&dKtp}#+b-vrCM?GRgpt^h8h<AB*aZv{H<J7r#MB;Cds-;E~8m_w5mn+
z*8}2bJLEcO$`rU{rcB!mUlKqXCjxW2J}<0^n*Uz8*C_M+oEUYyLU*ZbHgiY)87*As
ze^rN*98>YDP`@Ii`6Q_MWXj95P+9Nc_YG=GXR)6Vwe_Jgu{Za3*LHIa!fIvLZnu5m
zzaM8B&lZ0H53_Z0blKYFce;nOw!ndT)k{@bWaV#ko?0`$1!orToK;QyaYp*94{p$*
zmfc$nz@MvZYHL+eV^LBJPmij*v#*clLax)lJ1^K92~h!ukYh^kG~fEY1|EKme+_S`
zRg(4W%t|GBTxT5q^A7Dl)x(714O4B@wT{YBgfp|JLFmURc)lCo2vxH#EPYCG40^iq
zcR6cXw(DJKSi&uISNn+Kzj`D#k13lRgG}w3B-T`SUcoh`7}2+F#;$@1mbFi#Nv=#Y
z5DY=_^f}817tZ2{xOO_=|Hp&o*c0%2!|Z%(pt%~Vt<;>>BzrJ}K?!p%;vkkM8M8GU
z_=pqp>Ctv_!6qfpGg?`njci*8*KGH5#_=I?Qo9+OzzH#%b^wN911A}x!%~bBxNj<H
z%R`CCH$ma_45_PZfsN<m<SXfy(nGWH8O2>ns`>sRL4)`dLjA#H@>L>q3MpxKRQ<xc
zVqhMo|6D`jn+lX-zh$lMgHszk$bPNDd>`oz-8c6Y$iAI9cel!)XQgXyP^#vR29$4n
z?}<h3dfijfXX-z>UrltNQ#cqP>>-SmoN6pH9XBGJfyVRki1=|C&HgrigjzyUW^PMr
zmvUaEb@}bBw#BeHTk~^I8~M5~y(e;Vd)$gaq=dlA@SkW(%d?_q4X9IG;_a_>Zw+Vb
z9q_}Fp_)vE_bk8=*8j997>czmK-BH|?+1aXbB=STt`e*|7Wd|@oLN9J`;SnBIu-pp
zZqCE&luxV<kD;skfC8o5Gc?StRk7s|ef|t~cK#MJmw_W0Y70r_5*d(qv3k71_<l^2
zQ4PCNOYNNx0u1md(jLgamwevtg$<;nh9|ACuAtMJtT@Of(zRZ0sPu#CDa^%pEvhgU
zETfo;vLJTg0VWhOmPt@*!2=aq!4l=aGDUExSgo~osO`g~Qa!b}@3}{!05#kY<lY_2
z6${gO3uNGbWSmc9h)W$ONrq6(ac>c|=5U$gImRh6P|LRuAf1Lyx|~<aDB@&b*r?PM
z)P~g+houFw!KaleIL<Hbdc|*Uj<xTw6<4X*zA1-Icpc9%Ie#*Y97}dSGaAu^YV=FT
zNSJ$8SO${i@q7^XqTjqMZYML^U;Zv|g!7sF3La<aoF(=}^`kxwpY;v38mOt!MDrT_
zkn^<(XjeOA<@fQN_eWy*zN3Or8PuL$KfLH!xf{$3H{@z2i6#7zmKfuEdpVtZgT;#$
z+iM8x?|oMzMLhl~=QH|cwX8L2uhp$@J*|@dH2*oYNg7`3CZQM5uusjxCjGlXzEZ^^
zJIBtAZn{S6ddaSFT3apgF@v*nty1S#Ww0mX5l_d<HH6IYh4&h=Y)`3v?#oXE%&m7Q
zapddYqTg;{)yADbZ`uUBmcNSoZDNCORcdy7jb3FmX8>8w-MVeuD$K0a)74rsn$|4W
zm)&fLb?hxv1&%hHj5Z0?3s*0fwauG1%F-Wj7&AA&bp=RPFIu-$%XHg2v|i<Pq~JG`
zNUR($t<<DUx@NALw*zf5AG{JXn$#FGyV>lPFCsSU?K%#7mI-32V&pe6RL=FAm#gb#
zHmf-3up8woiNX4&F4m@DY&b6LTlKf>s{@1AU5cA)OmE9-mc1{v3#}Whi*1$(L3fZQ
zfH7L<f7MIZE|#hQCY`QAu^g=U4>6}!ILqC7%&F<Xs>~|o-%0}$-^_q9t2K)x=S!V-
z>gMa!{59Zke(P*!F=zR~%~vg&?OXQha^_EETD2OP=B=w{=C#TW8VqZeZXMI0kA34M
z|3bu4z<*dqEDGjq_0p?cG<9v<v<!r@b)RypU1eEs_S&@8QBQQOT(5rlmAChbtfq_a
zikf7&n*8OxM_JnQGkjLZb?cZ>k^BRQxv%sb9ccIRT~~u8vvAKeCE_$KuYa|vgGh8i
z4iJDjg2a{<*Uv%tVBWa7g}|4lf4(Q?+;5G$C~>Z*J7~`1e+uC44z5LtfVp95c8>M#
z&H;2{>hz|#H~0~=*@y^I=Qs{mKoRt?6(fX1&|$YIiy+KZ`I%#6k(|BcaqjT>hV3uC
ze~aB{9yS5pW-*w;lJrp!;DXYD!+vF=aI26|<im8hkcp=J>QsmM;wV1N*f{0glCCz;
zs<l{skhk6;TD*TVA={EMMr4Two8xz06BHA}#LS4BvsI;k;PXDEE#;0MOH>fY)k?`j
zNyMSwdBDg>4_F10=h#g)PJ!yDwiH#mq#dko16$|tFOZ=%|K;RK(6QLNvm>+p52%__
z+R{<@$v|*`nfys?a&?L|B0e54D~$lwjSd6(4a1|$;X)TKh_pf)Oyr)@%vS<oGdyEe
zW&-<RC1!p6(!LE5xyR)cxzhT4DW<vGV{mPldJu&BE*8W13aQy+s(${|QmoXeR*!XC
zGB#!KWqpTC+OcL<-Aepjqt1E*D4egUDMtt0hcDE<lVbIA8))+8A&?Syi^O6eCHq6S
zOgiu_&r#-Ignjioo%==c)-9_qjD0dNy+KpO;4Iw$!YsdJtgL(?<1z(kbhz@&stMS_
z=Yvj4xV6m2dS#W?+H3I}LUNBjo6N5?9kNFA$JtTbI(ANtxuw;izaE5z%7TPRiD?EH
z|8Bd2rJ6r5JMax`zA&%eKyvfh`4?X~@<Bqk8aNxhWhWMEVXv?Y#|Gs+Z+G<XU+&JX
zN|_M6dowz>oGOfasQLR5lY8bmr{zV9P19N(UCFQCwJw&xq6e={TQ0h4{bKW0ery}$
zz!Cn<UF-Cq%ul$wpcR+M3M+A`pp{v2GojxsTCz)1dN#)Ok-|Wwwcy+{NnUbmN9i2N
zmwuAY$t;yqZ^wb}evruq(8XR#(3Li2(MsptR{M(2N9FBUS%C0m2meL(y-ofzp6#u?
z-9r%p{W=n2e!nv7zde=+rAF_!PU=7S)oX#YtyB8Vx~%8b)`LZ6bF59BZq-|6-8i-$
z%Osr$T_rFM7khk#+-%m;(J94K1PO!RG#P1DJPxbk3lS8>`B?!2_-G2ZnQ=Wa2sos_
z^5%W@OsrNUhge->${EXI+>tBoCjL~5I4YWONeA7dOAp<f2WoLD>R-%?xyk0@ofP=f
z^c48-=?VxA>(m=nRg)Kl!dkI4FuzN5qwJK&$wQSUKOKM>RTK(<a&b&yzqAt!ikco?
zHZ-EbRN1_Zw{Z|G=t8$Z-zp($APgJJiI4XYk3;`#l<AKBNa-^JQ5QYgtTwPFb^QU?
z;xLqR$iM{`k7@W1@vd9TpBuC7!0tT#syzv5`SRm+gqa0ZOJe9Ld;h-ToI-Y0oXJ_<
zwF(XI=^Wp#?IS~NXc_}tzpTI+u4YKqF~gKeJ;_T(*_tH;KJlb7EJV|vO<UOs)b;N+
z%nQw6uX|#(dXZ9q3g5|WdTypO_C8(0z($#Wq!lQlmo9YX+lZIY!Ym}e#&W8Dc-P5)
zLFAm>#J_5`#J8k!8guo)v?ru0p#4Llz?I;tj3*g_i^4;$6CB!3MD*2M4I{9QV_y#$
zYlyqa`BVRu{sA^BLEY%ETUN6HOIs4lTBgCTb#seqF8X}C(w=DWg)zU52T$tz{#r}s
zOqUEOwbyz3mu+x8iT`F8LR)iD{<aar42eK5ub)w-A9wOPIZS;eWArNFs>9RX+EJqw
zf^^<2>O+j?vh=$K4&xEJ2TunQn<Eo)0l{iq9v2246DC$`F5PW_(zK0l&Y2JwSvTYn
z`IcS#Bad7(+#`sNi&)<1zI<QhY+Nuzo-G^RNc>6`;wf-y09p!q$%4itX_SV`8INcq
z_0PNWl-5ZvxDT`3J#`vwC7z68r?S1+>@`XXjjbBHhv%7}ecpqBY^%W{iPWD57O$JK
zWmxtV$M{-|VeO)Ey+z~Z|Lf`;V1x(ScD=T}@7lI)+qP}nwr$(Cz5A|h+urx=_kaJ%
zNlu$|nx^;DW|DT=nQQK+b$fk-fUZV3GB01#URWT+tZD_kfeFIQ3hI0q6a0!?eO>u7
zXwe|k3nhlyA1@n7NtUx+Bu6FlugMRQkuBgKWvWdPMaqzvP1#Fpo25d_O0LhoaXt_?
zNcKC9kOUc>yfH0&ZAZ~YWh{BaJBg^*RNs$tjd?L*t&9eAJTew=T<|~`fNAaDL|`6L
zXXeBGF^K1lx&AETHQ4W9x|`&rJ7So5R7O><%s?_X{fVZdW_L(2S4*iFBLb3e@qj4`
zV)A(7DZxeK1FP`~31cB*mL^@rF-~M>@a8FW3T0AS+pa`34{_r7ei2_h7T_C`T8S?|
z%u3i{zJ=4|c^XZYHLg~2tdM;X4Q@~>C_GuRrAMcrIo{{r18Z?gS+c^n2@QA^%w(us
zFVf_(U(%ZOfn&RP;w3>|&-wTmX(5dQnIqSA+iGlUic_8sc=8nPi+R0Y&lj2%lTUei
zy*pMe>mU909W(>F;hM*MRQ|U{dX8BMj+Z(e)~cMp6dRCGe<^auC#=Acv&_2m`2_kk
ztn{^kloY#h<kBx0tdu6jVpO1}Z?%Xc1sB@}k=h<eZ>>TVz04(M-Cla0vmx-Uk6gIj
z3~GC8Dk;=M#z;_9@qL`(8s}0y`3N-Xa+a3}uas_$^^4d!IJkr7+r&Eb^NNS<%^1Bc
ziQTYI65!pZL(0PLb7KU<5P*i4S$b;!$R}W~=*G;jkmiz*1=g_DqB4z=F-Yh^bb*{4
zHedQPhnFaRe)yxEwUTC9l#2@R7Dr6N?m-b2%WPI}T(ZWh1!sfO(x)Iegxq{{ki{pD
z&kqivl6o<ArAW4PUxy^Sf;C2N@$2DBEH)nVKuO=wKeT`hD9Y9{)@z58<9I5m2!hi3
z8neH{I>sI@vyOA%C<F^;mmG!5HnJHCck%VV;$`Vh)|_@03bHwpNFX|qMfyq(DOe!M
zoyD^TN#rr1>sBWIp(+Qqtg)=pZH;xy1mA_WyQ-vLr*Lb7R)gX!g2bGuHA&N|@zJ4}
zwl{9daTx@xf$gWV!`lKg@=IsFLf}3v?DBED3}70A<U6i6Se^A=1|TMN2&q%X35?!j
zr~>eea`8&hy$nBf`>Vl15nS{DoXy~GW9aaLt(Gy=p=)2xtTiK9vaq$vfy;VphIF^f
z?$(}<>|rvrMaG*Bf&z6$5uR=^O2|Qgnqy&9fWU3Lz)D!X(i;H<mr|MHHy8laa9B9r
zQ}6PcKDSTL*!@xy6-6D7<-Ej6zH0PBcNXmiHxqL$^H&C5r*Mc9xF@g<KiqS>ROMVl
ztb4wF$}y2|a~@JDD}7_BV#cz|Xu0Z>(xd!zVZtq}!^clv9P1Ee0$ec^R)jF6^(TTP
zVv5oQlO%<-c;d++DbKyK!mN&Xs&Ff`RzN#{L?-pX7X;pLTgYY6KIbw-YRBClSV9)U
z>!9}>Dhtu8S_kzyGiuoC_bnK)<u9~KkOX`Xm0&OIhg!X0v1GaJ*yY%5NG>3Hd*e&Q
zDLCdRtUL)A{6t@ME!wiOqb9+84gFZIP|ivO1ruXP$8+-glOK>^eOE*1Z8`}!qy&wY
z^Z>eU?%HA?7rbwR%g$0nEbestYffZ^y6sT4QqHp3b3<E`-hA5$^I38yYuoX}jf6nz
zY0ZE&Je@%SK+qnKS<1%H14(<Gxw3MV(relkr#s}~JiYq3dhM~3bL{hqJBMZPRuas%
znLKn_C-K^~^=(%&3AcUr2ePh9w6sd68;Z9V3B7X*@LAlsrM;F<_gIE^CpB5_tQ?h6
z*y~IbL&ISY*8NylXO78k<Je(?%~@FkCtxunc;&~+JzTdZb74{Yo_&+=DVjHA#>`%l
z0NBF1t8pAxHgMe3z-H06m?&*8(PNTYTSZNzO3MnOdfyET53FEpNgy&9_~^tGF5b;4
z_o0Q0-<Ek3r)wy7EnrK8dSmCRMua-SqRBMM<}`})n?%P%sGzr`0{g6)!L|q*uQ3@4
z`J1zM_`omplggTV2?mH<mZOJK>shr-u_Qyb&ax%Q1M#BEfxJ#|q$ArCv)V>wsyXA@
z<i=lD^iGF6c@>aH5^5vk3{oNQ{$S~{LNi9PYPmVhlV^<hL<ruCQ~sR0?$2aisI0kW
zvqV+O_n$QeoOK*Gno=JC>LQ9o4L?jRJ`B#+l0;PdW%0kq-_n$mj<33F&V_7@>yTQU
z1i2VSS7TelEsoUB^6fwRwhytgzQ8MQ|FDe^>fOQKwih<?#yi<Bl&>z|w$yCoX1%Y#
zTn?X@*H0n^kl2uHs!g||GnJ)wax4Y5@na68+@a1D?S8`4Lzqbm(V?BWNo*`*7~Ko_
z4Eq531R+de;IHjDvZncqO+(D^Gc+n#D7KqWjmNVOcZeOJD)Z{2hcUb{zB%8#0|jvS
z<-hFzU~;{s%jk@&zha37B|tZ#D%$h=;DT0>62<6@FN-*Qmby@J0?bOrT76f@7?Cj5
z=*H4!aK2=+IXH43kNh>P)@-s8tG4}@7!F$pRKrLA7w0pd3u16#ju*A0smMKn)RYZN
zrfc2mHqBoHfVfCKlk=*-Vx@tOES)f*nSbZ1;+wX`KA_M=|DU05v2JGLF=CIdnml|c
z>%BV0*f~kaLLpIF18JpE>cY7s+8dHQ86*(azDg{>l4t6+#AX(D5{!TeXplwab@e^{
z;}tSMzs59q59Il;*Fme-a~iK?2D@Z=PKtL=SNFH?=ken4YaJW9*=riZKQoPro8G+b
zZJqDuj|ajO1Wh1ZI(m-Z%zkxb5lKmx?TU+_Ul$Ps-RtC^=wq}4UBG6HgdUffJe69P
zIW@{OP`MZ=e&S^`Ezs^~L3_-HPB>N5NU@bejj2jaun-3>GF;jk1BMM2EmkqC+ZA?6
z^xWF1MoDWkTdaE=HAUic2Gkq*)bufo3@we&7!XZLm&{r**CACqmh~6z#Ah<qz^0o(
zAOk=~7w67Tr!t0ob`%><s>7%Cnh8;zX4R^1;er4;F4un<a@in-dVKfJ@1&(0HJ{Hd
zYY^Q%d*l~4-l*Qul>U5_Yck1+*fnXc61q~md5*J{RkZ{sJfV3))0oN$a_uDZ2w8P%
zQe~-EtI*&@KS2#71lkYVkvTircGSa8g=jXdTda7A!NjVzX_vcXx^}esjm|qgHS4|T
z7~rna3hCT3TBC3Dh=LP(-3aRZbk`9Y*zjJ~2-mW|3YUO3{7@e6MOWS|SagAHRH;9Q
zn&3@G{o(DmpgR6+iIckJ{a6p7jMNoS2xz8M=3@)L#y}}QJb9M$s8icx4DVQ7y_bbD
zS{-v5{}6(3Q!FEVCSIHKIA8o(`fRmqp7w<8IiG<gDUIE3k0#I$g>UEjhg>wbeTGeX
zMDKOXS%a792go1Nly=Aj;|)kh+8Wlb9pThXMKR{iEkA<s5i4~$7_Q0pBxf@Y&}1h%
zvm_jhn_B7!hVZT;lm$+tIyy~S{<KF;c~VWZ24seovY?-$IEdsSI~q-^Kru!ubL}+r
z)oI?GN@wbte|uj5)mz*+xVu{-$K!WF>2&?Z5*LGQ*>IbgT8Z@h=$v@AK9c--(K2UH
zF@~Mq1i8c?peyQb3^B{!VL4(u8*@pk6;TA1$(W9p&`(G@+N7{J!n!134~(-2Vs^Oq
z2)QW0QSR_bC9k$=xwh@P&FQ$AHm}vr>%zPXBI-1b-?DC#lJ)5>`(<(<VH}*0j!19V
z2P(NGBV7s`gUgJizEDlB+)Hh9nz(gjELreWFs&QaVjhP3+l+EW-vv6ogSh8vPuc{N
z%^)Z7I5cV5s$KWEs5hmDlPXUb1ahG&nbaPF2bp`sC$RrcQkOwT?A&^CYJ`u$%TEh0
zwu0Cn@fK1KpzGWA3=dx=hv4idxu<a3>y!}9dJ8j8o^t6@v$;|{$1<O8bnb2N>X>}>
z7{2NllW&m4=}<qk5{Uo~sk3{z@@$fAE4}|tpMSH|%bTk5S|Bo$T>W%_CL1uT@*co3
zDYa!$ejj{Xz2llBeg`NEYlzh1BIhZ2msyg1n}DKy-@RyAluNJGl?23Iraeo_Q_0ic
zE%|iPYEhcY)ad$fv|}xIKu8c?)(RtH&}#kTX|)2^E4M{b<4&S<vBxr|vv>RQ)Z87*
z7I4{KwPsNVF>}6QA=gpxeWQ-!tl@fBV}Y8$;;=}0u<n9=-w#9Io>UKvvL2&eRLZ7y
z6zm-UWmfUyRCAAO9;20`S+?C0%dyu#sd*?_v}(=zGQsqQO;VD3;8n{Ux&mJ2SvGgK
zqTZxoVOI5vx%Rj%^xmbPEADKf#*NV_f7P2=S`;YeaNriTvfBN%3aEH`BdG)Vh{_`%
zUcPd!!PgmC%DcXDP7o}H?K>^L3Z}3^eIq&qq0*JAvflr$_I78f5>gyfAA%Fl(TBy#
z=Ir{@QkUC}XeCSJL1vz~AgvpxYdM8~?Zf%+565EMNCyPT{*tuK@}^6d;FQ$NlF`Tb
znQt^}!LX4Jt<T8}pWB?_r|P0nsfrDYWlm6{yJq6KkuBB)50B5W;5+&*FipJKz_U4D
zqj>#@V=*!I*Utk3l4gZGmVt82bUM~PLl1qVYxgM}B@lRLo;0kxPdxni1_ou-h{T?X
z3HsQx^H^=7=Ic-6WTJjUOLS)OPED)%WqOF=@a_2f^(r*Zk2_?bndZ(KD?!J^MT}@$
zx0=}#Qr3A>R@E&Y-9M+Dj;^M<*FGA_M^L00sk{3JzP`L&UD-U)Y)Kcd_s_JrF7~rD
zoYif0TK|K|fWIlmIxO-ZxH*eaHL%Lb^o~Gb86)stfG-#V&iALBBWzkOMkS_}d&uVB
zOrABWRqGWl*E*F}hImENDKZznwXGhtch;=06TmRD>k263#EdG0i>AwPHNDO8ajBz=
z4t-tcXM123FpAzx8XwSC_ujnI!E_fP<m-Va<OnU!o|NE&{-a5Ce&THd7*(YV8wxYP
z&jBm8%lg6meL-OqS+fx;;T?iz*4q&r2&Kz68|M%kpO{Y``_h4118%$=e)I=SDXJJs
zKP0?+2m#G>+_t~}dp%3SA4dJ!f&+}Ch-dBq3`+#MW54NTTz0RPv0P8v%>n?xV<*<>
z?cSj0xFw{47j4z1bUMj~{J5yj(^a){cq1ZpxWh_&G>Od=t$&2ak|sav(SD5Z=|xli
zBJ#ntv&=7=Z;RCZ_S9Ln^+rb3o_-^xW~r8})VRc{ft}&V*H@)qmw+#d;7Vk**rLuZ
z_Y`{MtqIKS5Mg1lFRq(g)mYZCu6_tbf96(2iD+H(Br)p`LbymsALx9HEd+X$IN@j^
zvD0YU%zJvIdD&HaoYZo4C*8K?P4w@7z>(|6y^dL4#0w&nqn&YOAqy|3m=cz0)K81n
zO;T>|SZTLcS?13+=oVNA;V%_Vfdw#7Wq`XdjGJwou8chA2;5+taoUyhK^y>EI?XR0
zG0SR5gB<sc&+-WQi~Qnr*U4*~5NzCQSHYP#$s{EjS1#4W3;On8C+(WW3`j5F8T5U@
z7NUa=^h<1=l3%x)8U1img{)3$kr<|I7D+3A#ISb{bvHMqct`~;=(XU?k$srP4biF_
zCMH{KO*YMx0s}e=>D$d{UB0KAEFY|yABKTldimvzd@Qb@uW2b<pMNJdnR9^CuBMo>
zCVXpxwtoDAdU?WqbKAVyJtjWcv-Y?mdYy=W@w~1iKYh5+;k=nU?Dt90pnLCUvBkI<
zKXt$G2DbO8vwe9UMHX?x^Yk%df`@7#&xOopO+)wfq2qc6rgcr?lxsA3F4MOW`qi*`
zh-jTnBlB#eBYmX_o^-}qt!hqkuacK!4@QF;&g4p2*@=9J-~=0!Gk*Q~0&1Bw2-%mu
zWw#?DmE9bCUcdjJ!(6(^x<h|VSJtno_pXb?#lvY+pKcCWt^VLt)8^xD?{4<?zfiZx
z&E1cht3qb;TR=*#-)RZbaRUnKT0?)$UgSCbKpPvT6f`STyn0R$^E`OC{-Jn7JKN0~
zw8vH?S~8H#=+;eVUi&z=c)R{kY)&}-4F%49z(zx*f(UWRpT>;<!QdwwK)7%SODL%K
zh|@~{1O)+BHa8lWuV|yPsd5;GPJ1(Om-tz&G}|wc(AhMWBQ@&rta3vz+fM>t8Vb78
z2wN&DI**V}7#B}vx&AnC-og9;j-W5Pkb2@>%7~{OBD(5lw*LD#Oz$lF6$rl4B4Ks0
z^#RqGuTfAVi>iHb9ou!GKAmyI;!0;$H%IhUyLY*d9FJ?R5ro5}bmJgxBWUR~%#Ey=
zwajVt)Y{}S<aBHvR&(-n&eN%!rOPk?XQU}SS_jr(cd+`z5h!fR=0hUm-ne3dH-FTt
zxr(NopxlcZ2Pwj~vdeCLNo9_#V3)hjE<QM`I7Grc0kkXdmu!uWNkS@ly_7cwYQ>y|
z95C<<CjA+hPLq;7<1So;Co5X#tcgosjn)Z*8|1A`l28r7UA4(9jp~_5_bWdYag8Nl
zwJ#XL{}nikXe<~;5-R;!wr#7tTN4ps#_p_E>)xHS<zeuRmY0471`uJ_#pi^!nq>Cl
zfSKs!w8njSK5q!5SHX;1_TE@AIqyq4^W$!zZjW5<K7aUIGoIhZfKgHT!X*bpr(8_>
z+$|g!RaffzIazrTH8u_7G6ergUvY8-x0lSa66+hsXmUG$>PR%IUF*KRSd{W2(&gaM
zWBO+#$n;R+WBQKuL!?^CQ(v=L6JxM~NVr+sqy>$~&}4;df$aC;BIRu(j)2_|35&p9
zV6%u{P{y43?TfFpJ9R#Ol`H&5Qa;-VjgxZpS(BTp=8DAl9smL>z62U1H6fgk4jZrp
z6N;ibho83w>;$8;Q-JwEjR7=_Ze#`UIkD7fS+>HvHdIwHdMKlSYeoRY(4Ahfyai>|
zXxpQ7t#Y@vKg(J`#A^uWrg1{c?CS(eP+FXL9<|W*N1TGD^$sY!@>O$ke>Wk%s{S_;
zEU{$MPGwt{gMkVTPl5lt#z(IGCthI#vMiPalpC*$&BeNiB0Jx|mbb?USsCdE4vg~!
zLCrQXz~4qwp&%XSBJ}j)elr#{i`NV{!KhA*MpcmtI0AYSAewlp<9}I|+vJLLM0;c*
zP$iamhj;;NbQ+PRa=HY)j>DmIOBh*>Lits2*#>j%R?l+RVx9Z`ox^3S*8qvUpugxR
zNCmAls7bLQG$cf}-vIVN1f2gxjkb~ARosP(!2buu{hOL@SG;r*+{Jr&Da#7sHqh2u
z<VHD!I6`vuh3@n}1htVJ2rl?hAVivc;cXJK<N3!lmWOs@{F$*Yv!~!*_V?p0eOSd|
ze;Hlk5;;|G5636^(!VDA4!UkTJNg>3&{u1AAd}UUnzDpHh^Fcuk6&ME+06gin!&8a
z8P@w>#U8dNB=SCk9NLT{_9fUWWoJc+#F`u)C86aX;kU&-{<;Xi8jBAM^+!-5l~8R_
zS5!Qmvc1OK|E3#J0L}YFa>lbHE3#7v%^8W`H-Vqo;U)(+<vqoE9$MdCtC5}vA|aCz
zo<_2i8~Kp^{$)@f?^X<xv*b6|`$_Jb=g%%by&i)^bGFZLdoUXFhSWSLiwr2FzIZ{4
zs7)<bYSi}si&2hWKgXumtk<I6*Ic3tMq=LKv5OkrJQGR1NoRR!=YzC*UzzXN1*=>1
zw#qN38&4Se7Ob2j7)j9?Fx(BSdO7FyD{{HWo?yEz^^A*Wb3IA`xcJxi4+rHdK}L2+
z;g5KUc_}E1H++)%*CfvHhC*zj_gNoV!(Tb3Q!9230c8+50{l<Oqs%UHW8#Kk;2|f#
zC6Xn!igmYgD~5;rlSmkR{(A5(5)&e<T=@|0yT<-D4sBH2cZ$0<Y$y`NaEazZfwlT6
z>$h3BQF_i#5HwcoZnoF<-&ZXZ+y_1!1O7)nq`N5C24Qj|WokbNw^&6yZ~<{_*dPAW
zOHJ~qhPc>u7jra(#d>9aF&R#)Z1Es)P=YaBkb*eF>X7>eSR~;bVo;a`xCWL2h-+D(
zG`MpAU=>iOnuvlyJ6W+A7I6e6EgzA{eX|gh-mQcr{BRhKfN?@dcm{>ZiaSg&K=`wS
zq9^0aI|_$eM9^z`AYSo$ZSiNKw+prdTaZXmdno8J;84K0S@i!U#au=K(Aq?ZzNGiX
zu0Lo^*{f#Kqvw5Ww%{hi&*6e(gFpJoWb0h_0{(-CEj;~T@OluivNEPN|2jVX2MIF>
zh)uV<kIa9<RT`Ak)~!c$8gNWx^6+F!;KfSqbvB5*YwN2rM!d<&Q<WO5BDiM4l>Qg(
z>=~S`DtWB<&NHz5c^=5J>~(NCcS55cc?S;0+VxnB=)1l%#I6YM|3Sgv=Sdqn)G+l8
zxrG}Oe45uw_9vi+Y@mXdRPG=3h>5}In3b>rh_T;~phEWdy3%FedG&5k_Xg446``*^
zx)Zpg+W<OumG4Iq>m_8R9Ah6+!|CpMilr!I!<@dQPgaimisOM-{U6n-@QUgR62R0F
zL5=B3Z+RLuh)n~bDZgR7^<_h$$(#z#{pFIXBC(Cak6<IFF48+pZ9)xogQ<%Ue!WzL
zR9VWDmw!M1Hog9yv?fsX&DEVLvL-MSh-(uA=%L0?n>FVqw4^33-K-t&naisu0Ra1_
zwnQj>YQ2<Q)2(~@0Kn!8AQ6f<sydSVfjskdubXr0%g8dB2g8uy2$w+d1A{;sO`>mo
zDjNjN1Wb`s!;0c(7ux^}&UH2hf|sS$ol1CGBp<Ul!sQm~6W?LW5PJWyvg|I&tE&E3
zy#laN+!B2DnWsp(_6kH;eY}O_oF1+xTl)g_V#Bw;h8GQVF_EJ$M9cr?KY4nZu?$DS
zmWO6dEW^tJ-#09H;nL6xm<1+}IElUAe9=l{Lj+MdCz;$)qx0FpOmAJuy;Iz=InSYS
zHfVAXQAPx61fvg541Lv4bYE?|=KdS7r!TR$3hHcLM`6z}WuR9oLH~+wpk}8o#@Ok%
z3KzZYb^v8W6?vQNl1u_4Qad*Z^^`e@B%~md(O9gUC~m&zUuU`&Ch>QKfIXd9d7mVQ
zGq7qfOZh`#hsX<E%{??oFZ>%_o|Z*bY|GdI7aOORlRu1SsqmcRreFxP5|{VTnGZ0#
zbw+vid@QgUtwdHQLn+%w`kVqn%R6d*D_VPt^2lQ?TgU-acANY}N!jS2{Y3Ey?>y;e
zDQ24?_kjJjtDhe!G_iLIth18CxdaA?JB!$DKGrV?!nv;kd(E5d$D?FMUW4!I>HrxO
zM42`v2uSu3RS!)g=vrF<T|<LWn6Hc9g`A+2{r=BUbra2>RbAJ^Qg(F#_)3b(nsUu1
zlL9Fnk%@L~Wb)O&K_bEhqmkKb&*==+^H^x~rb!;EEG!5~c4#JN<Z`CuZe;rTX9d*H
zDFECqTM$3gQY8Bhk|>P0uHPVvZ}_`0LE*u0xNYmyk~yk<1<N<J89Mu;e@WO>0r7zi
zEPzz1{c8X*Xn1o%P_+)4&Z!#$^&G1yPwtS^z-S6z;tKejn-i|7Dos5j&o@F1yIjlF
zLvQ1h#~SX!H_+8SBn^Hu>T#5Zq#MFT=oVh_{A^|$gYdeGUi7A}O!WD&L#QvE&iR+}
zFsi)0#srjagjN8ew31cK^`BSr(~H9Je}l3EPwb|L?mUzVmjTZFy-rmlTDJBofyeov
zK;4q)=M|Bzn3m=Wm=4QoIaG@_KL~73Ye~BfHQNXA^SO~Nbf}JB{(wntWv^kcDG%?g
zw1=)wJMv((`4f<l^E!pGEm-ULfTKjhi^evrB;x&-o*S8r;AD$&KriKrH0EG#Zt2v3
zIfMH%#tJ^HK%~<*NA@7vIpp(xUEkizYqO8#LxK~xKO3fz&gd_~S_xiaU2#REGV_x2
z8{Y^r(5C|b&Nug;7cue0n%-lqq22&xX2y@$!p(2QZ&+V#i^>hRJ)CCMgq1c#3&1}9
zpy;-?DZHg2kZ#8Zu7?`l_b>hjAEBntjlf&8BfAHy_rpm20uGd{g7sBs>TDqBvg;%v
zncEM6H-WR(GdmDSq3bMTXO5-i@s%)Dy*|9{BXCUL53PGM0gi75m4p)vpVNZ9HpLca
zmh;#hJVMlk6U)}SDCg`6JEa-d{2{`%(wYPk%gmzQ2xYwj8<V_o;yiVm7xFvsoSv1s
z9jE=;4;hYo``Ye6r{pgL+4{fRBCBbiClr=`<JpFivoTKQ)88ihV$65fRqb~SX@Un?
zLpZjwN$1ofZ1`zD17}kEiOL2L5+RL$q{d+!H1Gs|-v5S2letGa*;`xK2f2(Pi_8ue
zQ1NB#M|#1eq*eYf;N}vyO?wD`X><YG)k|G4sND38f|5J(@`>D^LX9cuuIr<d#qqo7
z9X5K;u+7Y`qRcemj9_;PjV$=cH8lL1%<uIt3-`3&84pg%NO*SxFvhUe>F$qA<!Qrf
zZ{}ChH?=4cpXScTWbIqM3Hh<2z+Cb#N>ka3O6J44j5G^M-77DuI?pvX+oM#*p4g#T
zmD;D_(}3mB40@D*4kZ{>P0qtN7{ZD59%RNAvHN1Ig_?E@jIUGA3X{e8hPj6#LOu*D
z_o29edui&gg%)zIDN3V*M`HcyEd;}D^_hau_G{Ky3aQLNs;1&-PusJ74=B)ztxC@=
zq9`rsjO1zrCV6U}Uj|k`+zCya96|lSVW=IO@9fY&I95L_Fy%<Cp~|h(h^+7mJqT{C
zd*f6UqJwFkmuHJ&X;TnK=&kA2^nV_IZK&jGJ%DehORp@V(mmUZG|Rdf|C2$0d!99t
zNwO&rZzC4!iP+N);>1<YLpKbFvN#%9VVQdnOr+D$a0!Pag=Z1apfRoSf(JQ!m8%ik
zgk~OF>M40v9%{IeS?azbuI9ZulxvbvX}6g*l5qk+W)gWc1}U}J26At246lQQ6=^e|
z|2ZIjFB(t)1FHlZiuMBIGo+Pxsl1@V9D8ggN!nXM^sm8@WAXEe0{3O0G5Ba)WXYzE
zhe!N;qfA|B8*?94v=?Ur=GxrC6Jd#it)J5+%Vb2EBTbR+QftYI*HZHe@|V34g;t@d
z0olx847@JXoD-YL+{h}4UOE+oridCW(u`^1thjcm&RX`25?m0IVM|UCzx=TqN+Ml}
zMv$P2l-^Ba+$m(CN{>$u8xx?h*%W_najerksZaU1hcV2f-OcOa@bYtY@D$~8qbq=c
zIpv=g78=V$pYo;5?|uZD%q<C#HRnB<)+?;yQ3$85wSdgnETD+7fA!vd2=h|i3|kTN
zjYw5}qqv~rKI^rlSU%j2XhB3X%`T_W<a)B%e8qE^2)HyJ1^NZ#cSxBuZHbk-`P*ph
zZlPfF(~eD)r^wy<C<zl?^j`3B`mJj#L=X}G26T%Lbg_w~a1Ls%A<)NVPL?`4EZOrg
zW$jl4m|SdDQ2qdrDQaX3XoJT{MoyVlD<=40iDC57=5KKcq^kJb(z|8ida9oaj5l^{
zYFay0tfdaKM$zRd|N3TPWQ;zbo@5fTR`KvLo)@6-pzH`?#&S>XMt2$nIvsUjUd^DT
z2#JLZKEmS}mJZ?DuYR|M^0$lA6MHB`I{Uy*AfTXvd=qX`Laqb85+mgGbC{K#rJXG?
zBbBfg2L5=ABDdXwet<HHEoI!MD=AoFQ=avWxHZo{Tj7>={y~Kg{?YOtgARIZ*HGAF
zxjb7W{vp%bG8YsiSIY?m7tAXR(vFpD2yXAz73xc5ZcgY$eh9Ti^<hx55+M>>z*}CR
zdkF8vx3Gp`QNKQf58*Xl6ch{n@FLI8K$XfXu;a0idg0eH^eQcQk83~swj$u{%@IQU
zLlIzVG`8J0JZ6FyVgFE@njXvQ@fJK(l0869Jg(hh-LCjjVW#>hWMqyNs@(5C)>k>f
zP6A1i4*w5#23p2>U`R&uq<o2d=|tSkUf)pedwF`{3EH>{z^}>5P5LO1!I+Hbzzzvl
z0kF3=ZGY$)3DjAXL%b9ifL{S(g`#r5!*y(odE{t;dv^Q2T_0#)#^r(I3P;B8CbsKF
zN@{3;+`n?4YWlq>H4wcl!zR4HxZ|K>w)AK><_3H8N<gEwiu{FPpHok;6bVN1Mh@`G
zf2hBQ>xv-pwnf^<PaE7mM?NC#I!hH2qOtx+O#dOoo2`*9!I!uQ-n&t?UP$`kpHbqm
z1I@PIvGmO{Ne0qC-INR6kWgJEf1*!p#`&e;h@2Dv1ZKY^K?Z<|YA10Ar6u5?rSYfZ
z`@ctVujA|Ln8Pf{gD?6ZhOF#LuT&B331m*FWLA%QESkNVTGEZpNsYEKEzOEZ8~m_g
zu{P1Tx9eIdSrI}WV}xWBb&i7va7-gjDq>A9x5T;{4uBQ-tF;k|;5t=_gL9l78A(V-
zL#Knb4{WqTIEJDc*I7lH0to^2(y7><Ej(uGrsg35eKJB~`!IA3P7t@b)7bFJ62WGV
zhpZ(pl!VnL20n_;n=9V0`_q3y`V7SM24hKMTAo62xZ$;^QJERIJm2LAbrvl7hifhY
z>5F26Xl8Ri45u4CL=|lim)|wZCsKxio{&1wJ_jl2&WHb=Lx6>T5|Rp4zQNF$G!EPH
z!&{V6cxaTbv+>6K1JsbnYOP0e0$2hGH3loTws6EcOnxG$f>qQ&^J|y~FLC$mro2$h
zS^)7Y0G%TNt6NC=y)(^6dU|WM$LFyrL$}q;Lj?@Ztcv6L?z7JNxu?pi=lpvwR1%tB
z*G1i;m{y8{MLJJ6Vq|->?QE8Z$@s1?*K*JCig=Zk^?l>{<QbhZAts<1w;ubFb9ZSo
z$mq+-NX76%n{tVu{zqx2KD4I|N=4r+WIZ{`@IG26_~-HW;V4-JOdK?KxuX(KBwxD#
z(nscz<l8mq8RCev)Ju|m6*fShvzYp0%o|ovXS6#S#JMOoxxx1#Yzh-;FOT|WTndx$
zF8g|nN)Bw^{P0=eQ_j(0NZKRAtIdtxa2%2v&;}R7LI27jIU#?)sEKt2@w>-tlxHt~
z6c2|mR-B-nP(ze|Ns$3J)SUM|*(R$KX7cuq9`<NHjuVe^9^WHo-ffZ6<RWhm*of{f
z(VN@gRcEC1<x9;f`NFwAg{{7k>SGP51|PA}G*!t2@ch;KlW6oz>of=_Z1mUYkWPly
zSudeSa)iv45Q!*kPw-EHJ8OMyoua5yI>Kg%6@@??)`b`v!&<V+Y1|WEUigo3(scAT
zEvnDY4!V^~T1U1kv!&2&{s-F>^QsCee9de&f<~|A=%hJY#mn~8_p~}Uy(6;gHVi|F
z4!4wEe>&@8mFKo%DfJ(n1Z8(m3cCAKj8VZ68$RKk{xOk0!l;B%_3Prdgu$tJhVAXu
zUpxfp;#Y;iwH&;qGSdV2&uU>*7DoWf!0ZeY$iT_`8HDy*P9uqSa8Xf&s$>H#vWz-e
z*)TL20B%#jt`{7@!G@9<8mb*roa42SMvG#TdLmUM2(y&i>TetD;RN338M3rK%;YsV
ziW)YHs*;TiUJGFr22gl@GBi_y&*@}JBS$FgR6_@Da9Nfpk<F40aQyig$nM0Q?V42R
zW9iA6=5J%x!{OZ-@-M|tCq6VA>@Jc(G5j~HXHOUpVkqzSnc>cU=PSt$B{;X?ved%;
z3Ikb6OWj1~*ZFh5xY^`aMu?1@RRzD3z*@$alc%GNobZ}^|4Eb5B?ZC#PuMQR+<xbT
zJH9zQ@Nm+Dn6;z7%}}BH&;)d_&HYuVeH&oLVrv@!)IG3(k#r_5VHovV9{ro<<=enq
z<AwFP4ON>&b8F+1Oy>refvb9$tXLOlY7+=ItW`OXT}fPOL|H`+$7aKd>1J|0o74d#
zX5uQcO#Hn)Ogu+68;F+YsfjE0YZYCM$2lZ`Ba}01x+bv`X(&RW##0ZP@W8+A!otG=
z^oG}f*%TB`GB=2cpx<krR5<$DbZEhOTN$>@^wdjQD}bbvhH`{XuBJcHo~m0cLvx^s
zdJ3Mcn<ZG&&7?MIw1n6;@VAwekN$CVA6bpe!t<@ByVYHY9$9W@Di1i8m7j!)i0AEp
zW%AoaUfI*p9*x89jS{HzMGp-dlL>$1RyZ3;Vey}N47TmIHgV6p$2myhokxW9C)LLs
zZ+p98@q*TNTF+4*+MFO#JztI};)T93PTV>GFx>oMiZC2}i?9CeNa6yN+Xz&74`%I?
z{b7kP%pLHr;Q?HHb(fC95Blef5(ka_4s8z=cX01WO=l^wH%7?(g7g>epRgVc_&DQF
zDoLA9`It0&6A-P{(6_r>6q?Om+o)&*bevk_iC5dA0f*yK!9M)`ArJMGat!eBT!|*^
zo$Fi+yAoLBrChRrhx6awNtt2{_F>K)`1SBfEbiswJX*ax?L0&(%5v%BKx8W~AIG1?
z5zK@zVTZHClDT9E5)soG-Pd9>&^1BpqIW?rn+hJU2kC;r!=|LyGCtj0?SJIm=2OoS
zySh0#dU<+Z3hsko`$=!6CK_>zOG3A#0`NL}TJ-B8+-#e;;l|lU<qsy@ZWd|4BhWMb
zuUqz21hfuP?$ACz#11^u6B8H6)q9*nlc*4sCabGK`ir&hf(oa!hN~Lb(}@rl%&M%;
z@9k<|KV{B>txObEk|d0UGx}ONo?EDY3=oEWWdq5h_v)%T)XoeWZ7MxH8X!7i(V6~s
zLTZ?vrKhra4hy2`eXIPYRS2<Q6cM(7qQ1EQ%cD>aUEC-5K~;MItD~g$s!=z&7Sxyh
zeRtU9W~VmZ_&w+OX=9=G`np4dwqTfIURHDN6~OAq?32Z2uMsEe2>bh~c5@KM5kpzX
z(DS-cXM`ID7K6HiA?s`-wC+}%TMaXmGU;kfZFT~txKi^dcQW?MG|Nc-hc;@6T3e4z
zihhdUIRPZz?+oxf73^|!VfQ3mbSjOR?aO?MSZYt_@sxaKKU-p(KKiTn$@KADAy+!l
z-8=d9v5s#mVF|QPY@{ifN6U@c_z7v8oa|gV&UbGe1}nB*#dEG#^xe_$HBpy8XL-|h
z-l}y$O3AL8|NduTsxdUVIMGioh391qcy%O~p*rgk7nuoQ;@QdV0h6vGv44ZSwsdo}
z^f~$1r?0WO;S3JJB&2EyJtVk0uY|W<z}Vy2A^v!bM;PANy<spyVG%37dJP)@o2!}(
zB&(G7-PoZ2Z<uf@xu>;^n^<2?N$&$Cz+nZ}!kbcEe_;?)$zgiIepuWZzWrzuM*#=D
zWer#P_(yTPYoy8B=;$}mZ9^1sMJ~uoq4fUJWPtKl4qKmxXEU=ojWgGC01t^qUNFxz
z?yJFG+`tIqWJ#CzX;!^9b291$aYI!tW+u@$A{UveVne|fsm#e?);hNy4Rn^Gt9)qe
zACM2-n?b0>%~p7-m=_naR9P&p4cnF_AA}o4>HymlO0h*9aJ~b4z)tGaRez$bV0i#I
zcpg0$Umod0;D&&Q4@biS(t_+wS5|N=;AE!z%xUa~=PlyLW-VS27mQ4U`eknjkpTM$
zN)7kdVhP{$$NakpP0M8yl?BkM+Kb?iQ4ReYf7DZVX*K~h;JW!1)5GJ^E!`Gaxks2j
zox`<|UEUNM4@T4rzRw$IS-ZvZgsP0TT}ySGM@S<jU<0|4e3z!%*lt8z&^UD%lvOP0
z(`XqpuOHb0U=XH9xXF2Y=I7OVDl}21$K&oxP87amr3IF54`ycP&23e8CpR*)=KfV@
zt)Z@dlGZF#PxH8H{Sn5TxJO@_*4@gR(&G><XVfjR<o>Z%i`$eg3bzApAHUHr884Q9
zN+)F=FN>JppY9dA5~*DlxdI^E=brC37awxBa~ofBl)aSI*JY1UmrZ=Vd>y=gZVfnm
z$${wRoKuX;Xs`0?=yNCp+RBYrH^+ZCADo%&X^gT4L56fFrGLK=gCoLVIDddb`%Mr>
zn-dH%3o5@YFDLEX+#222O%i>qI6UV5e$Bt&Is97wsU{&nj6>%Q%lA5a3>qr7WGnyV
z_f%p=yV$T-o_g;*7Cu%57r51O(M37b?brfE*XY_9{{_z$!=(S3hjo3d;JS1!J7<Rw
z-1Z&TI^%f}IOM;e6!zeH%uIBJvMY-gjkT-#ciSpqSJGepX%>M{6p?xyqQ0=20a12i
z79E~y$mJDZ^G8M{qwb3bJ4a@0H87sodFKzGM0|>4(nuDW?!$iJ#ssaJB1`}^pd%Uk
z40=2JG8cJskfGK_y|3}^<5|bx4|mK%7qb7BifAbB@T?}X1+*meui2Jqt^Z<CpYA>#
zhW$oMX)M0b6w<WT6jHOb4Qf__36Hr<U{6Npq&Gv6LB-HkqCn2Ryn%mL29yvsMrc>2
z<1<5!)>S2y>S&`;6ocgP`G_1%^@h;xYV*@3Mt16BWvcou%+p+qwnx`uc+0dAn;adT
zvQPImkiQ0V?53j<<gMy@c4VRV8vxAl>u%bRea3+Wb6#Q5;v(DFu3y|w0RGt%rQ2b@
z3~=%xWbOfXk5JPDw~zx(m{@4+52t<yH`vv&o&}*=1|qU%(<$)%yIvfD4ThKrKoodc
z6Z0hfB$54~zJ<g`ivdJZaC?E@Cxq^q1!K?XA|^fbDInG(dz>M+0+i=E+s=K75PE-~
z@egcnXYrg&?p&i;&;a|S-HGn5Txn3=dm>i$v}w|KS?8xy>q&AS@wu5kXj1^2MEAhb
zjAJ$&xp*V~zDb_!P#gTcz-^ajG0^TC_}qNJikb<{87(_}{sf)g7IPqKCJqi7^bgM_
z`RTy^y%;9Q?#w;A#4P|2UV4yblU+(*pGv`3&q{hVyT59*Tpxy-o8!(_BCzep6qr(W
zS3p)5tS~_uZ`B-3zKhB#s!Gtm8ATWu)GQu-j(CInq&2t4BE#E=At(1OE^4yIxw(0u
zsUh4;pYbv!j;n%*tYfitYoueb7KSji(*W6iTwFXnsnIWg$Y{h_xLg)d_yS;p9=yGO
zVSP^hcK6#;FC<fl-f&#>9>_A`U3%*Uc|MqYVnBBfsFVfxKMW|O=Yc)Ho+)WN0;2~E
z>cJ0K+P^je(I@A7qc=yiQH;(YrAlbk^F*;XA$eYLONOXCc3$H{wRyvL4FBnAJ~Fc8
zQIO<I`*9M7y&Pmo=ou|mH@p&K_wsN_J9gjjI~_22nG)NGMxB)SOJcL0$(1KKjfZC;
z!PV-gXX(>Y$18TUkr4NRh;@E=N^Tam>=kcUNQZ&cPm}KI7|1QQzE!jb$kmynn@hTQ
z&K>)}<<65uV)669Q8+d*bsBEtjenPwuBhlLKCOMnpMb|Sl9+}^_cUwa`aS&Fcvt9(
zkXMxcbOP-?Awe+|hl69Imv2P49W(e^mk7C^Pl6D9SemWt=r)PfhO?Q+_yX&x&DOaR
zs|y58=}ByX^?+T&E)fWs`|(cmE)t8D+qqC2fb7x9$Z1_dGgPLY<tV)utx=#6P=6a%
zy<whc>O&a4ZISsM_CG^5wATMSWRnQ}bJXWgM8KCq<;ntANS$?P-O>ONtW<2nPu?X-
zdbf9U(1I<2r@ioZoX0)XH=)~3cktnRb*Vy<Pfg>wZvB3}xIN_JGhYc!Xcsxy9k888
zAk0L07uh;EncFKcVK23X3}ZpK!7EVuJfM#ZVgd)}6_{hxASbt112!+v!dgJ`;mPRn
zMV;EghwPFn-izMpd+r9K&&Eu}9a$hU(GmB`Cq?NXCt%Lz8j|jKJC%`B5S^7mO;{E!
zp2a^bmAM<-Y@(~z#*7+1uyKntKraoqpr;mqjVR0~gLGg^FIcC?0B7RtM~BOPXg7i?
zx`w>hU?t&*Bhner7}Qlp;5QqN66rXeG*YEvLM-2V{$N)4Q`^MqL3zL7pGcxs|1muu
zk(CwcE@FH7EUzT;u7L{q<(8Oj)Mr4x6Q#kM-t->NgkuY&IK6<8`}HWmPiP%k`lAzZ
z2MDOf;PGPvAPFA<*BASA1O<+%?Fo?Fey?8iydI2cU7v8hY2EKzzkl#c>=Ac1C4ip$
zg;^+JbbQs*w5JrK+OH$vY*;8lk6Jq4HMV)Vz3(+QFgr$p-15oKWq=AzN{-`2=)kWk
zphH%LUAdiZ<3mVGTXVL4nXv7OQOF5Cu}PchjrVwPx(R&<-^jfHxoRC)h$_ICedI#e
z_qdrXVQw4P%f108&oMAfgE0J~GR#3pFp>LUsL~Cu2zW{;0cobWkeXIEYuiGA`^8?%
z#d$oYao{cz1s42<qvQfbpCpcm6=&sCnB_zE{<5@lO}rllxH69O<AaIpGQYTbYQe#W
zkez-Qk_^1Yt+;?g;LfzsMS>G!Rsa>9H7Q%9gJy9XEqD~2MZ1au#jL`!Vsgr%<8WxE
ze&TRFm}8!K;Z33kW%QKw!RXlWjlN!{+}<fMC9k?Gxw3k2u%i|QHEp<=0?FZo7}w=O
z;0TYRUbEVf>6O5Cpl-rY2fRkB!PlD^okL~<@rIb4B8)Dnn!b0y9${i+nzT}cV8OL7
zL%MJch%(A6;g1=ri;jR<)K9OB%5HIhPh9diwR5mc^@JweseC@fpv*P{?HR`WJNfB9
zM$pTj-4g{cK=qh&skbK`5u<~cT(U$SQEu;#<(w0+MRMG`cZ_($@`IbA%ieT)&pni&
z8OiK+1|;a*#73K^<fkOe(%?iB@uy-j%+aIk&!(hRzC4zdhX(eXvI&^LTn2ETpUh~g
zPpTnbD2d25KLQKc=)|=#R1ACN#@nW^zW(BTqAk4F1!z9VJ1Y16idanbZ|=)6c0UIE
zxj4iLCrF4bD{cvw?I5*c?(Jyfb$h*(Ch4-8)+wo&D*LeW9zzdQQIz*f<ayH5gt(nK
zvI9wh&iS)3j_fR>Cp#yY4cUSe(-bqg&FB3=pV8ZRc<?&kLEAq?6xeUIY12*<fHH9R
ze)-G%Xse3xZ;W>%B^tVZ(CX`;Us7CRlM3Z*+OzSs8;fPwi&5sBU@Cp|#1&qfW!xax
z1u(K)Tm$S8d5I2$_K5l$Z}$GS11$T;VZc`GpC9`G+Xzm6_pepU!C|Tc#WLVKJ3^JJ
zy4A9}5;0pEKGc$tiZ1t(mIo=zLkFiv7kea@dn`|#Qp{skRbC<+XytC`mA{T59k5!J
z+6(ja6s>fpks4J9;p@oks>~TO#WI1_f?Pc)$)GvX!|-ycy;6;DEy)8dO99k|*fT_U
zoeETiuI^j^h<Ry0EUS{pz^QmmK&-gR)a**s^uly?Wb1mJJY!TnV_eQyj-LK-m91Kr
ztZIkpD#_M$IC+NEJi)CNxRIB+wL5u=)jY+n6u1$WxivfeLZ_ZJE@v%APny3H+mcn?
zFkLO#x*jLb997R8mot~6C(hrCC~acGxzNN4*%)vvZ7+8FPiV$XSsFFD&Y4+UN2j);
zm5BgMneXt_m9#KvZD?+x0a6!vyndyw%-UO6IcS5_N1tpzYHM;Wmeh>6Aoeq6y3M)$
z3e#HAPX8;s{T1r{3eo>7Ok0`t{}t;0SE#Sag<M)Q67pYR*!i`0dM_HDD8Q65LD%Wf
zlPj;ZUKBi$zX|hgF8m@odH2eqdrL+4%~Tiz)gO$78_sxdB4=df%!9+va^_?Gkus}F
zW;W5<9ZB1;_mrTN_^!uw7R`z4e#5B&$#E7}nc8(pTksoAI90*g4lBp7nj=^J>SKM9
zBRDsioAQ(`IPMng>fo(~+KHC`sAT`6YWY=d|EgsFN7ZBHn4{{*MZe%!kK~w>(}Zcs
zmA4QOWD7`r$h?%3)a~D*8P{fMRO>pcqrg*|ebn+s1*9(eFv~$*Ihvf*jTZM?C*nIC
zX(BD@j)|)WO%VE+6I`dw<w#1h51QS-bxY)Nx`noEFe#xMwM*!4LVTNjSV$?&F=2K8
zpQ=9kbkwOCc-1+m=X}pxE=&>M-7eUf$g>v6M-}q1;Mc<_(eRZR3fAr7a7bNJ@hL7B
z5?K_cQxX?#R2(8?uR3uhZ<j=q<AeI16h?F*8^h1&RL~9!n+Jquk2!F#nU17Z5f`Xd
z=mDim#*a;>7rkmTtY%F)1#Nj>c<2bCOETaPKY6##O<H(+*>1c2ftQy81VRBu0RRAi
z0Pyyy(f%;pL@LGs04Plb06_me`hS<=fdA|nIhq(ao2Xa_o0wYIS~y$S+0t4%+1dX8
zL7W_xK6efQ08C>b01*Fggx|6_VEs3=je&)&vWbno^>3*Em4kx)=PaP#HTbtY0R;Tr
F{vTaTPH6xD

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index 5250bfcff4e..7a365b1194c 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.\n\n**Data connectors in this solution (install the one matching your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on **Personal (Free), Starter and Premium** tailnets.\n- **Tailscale Premium (CCF)** - Everything in Standard plus network flow logs and posture integrations. Use on **Premium and Enterprise** tailnets for full coverage.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the scopes for your tier (see the README in this solution).\n3. Copy the client ID and client secret (secret shown once).\n4. Note your tailnet name (e.g. `tailb094d7.ts.net`) from the [Keys page](https://login.tailscale.com/admin/settings/keys).\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 22, **Hunting Queries:** 17\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.\n\n**Data connectors in this solution (install the one matching your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on **Personal (Free), Starter and Premium** tailnets.\n- **Tailscale Premium (CCF)** - Everything in Standard plus network flow logs and posture integrations. Use on **Premium and Enterprise** tailnets for full coverage.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the scopes for your tier (see the README in this solution).\n3. Copy the client ID and client secret (secret shown once).\n4. Note your tailnet name (e.g. `tailb094d7.ts.net`) from the [Keys page](https://login.tailscale.com/admin/settings/keys).\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 24, **Hunting Queries:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -191,13 +191,13 @@
           {
             "name": "analytic2",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Policy file (ACL) modified",
+            "label": "Tailscale: OAuth client or API key created with write scopes",
             "elements": [
               {
                 "name": "analytic2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when the tailnet ACL/policy file is modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet."
+                  "text": "Detects creation of a Tailscale OAuth client or API access key whose granted scopes include WRITE permissions (anything matching \":write\"). Tokens with write scopes can modify tailnet configuration, manage devices, write ACLs, and revoke keys - high-value adversary targets. Compare against the recent actor history; revoke immediately if unexpected."
                 }
               }
             ]
@@ -205,13 +205,13 @@
           {
             "name": "analytic3",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Auth key created",
+            "label": "Tailscale: Policy file (ACL) modified",
             "elements": [
               {
                 "name": "analytic3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a new Tailscale auth key is generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not."
+                  "text": "Identifies when the tailnet ACL/policy file is modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet."
                 }
               }
             ]
@@ -219,13 +219,13 @@
           {
             "name": "analytic4",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Exit node advertised or approved",
+            "label": "Tailscale: Auth key created",
             "elements": [
               {
                 "name": "analytic4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a device starts advertising itself as an exit node, or when an admin approves one. Validate the device and operator - rogue exit nodes can intercept tailnet egress."
+                  "text": "Identifies when a new Tailscale auth key is generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not."
                 }
               }
             ]
@@ -233,13 +233,13 @@
           {
             "name": "analytic5",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Mass credential revocation in short window",
+            "label": "Tailscale: Exit node advertised or approved",
             "elements": [
               {
                 "name": "analytic5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when five or more API keys, OAuth clients, or auth keys are revoked or deleted within one hour. May be routine rotation, or a typical cleanup pattern after credential compromise."
+                  "text": "Identifies when a device starts advertising itself as an exit node, or when an admin approves one. Validate the device and operator - rogue exit nodes can intercept tailnet egress."
                 }
               }
             ]
@@ -247,13 +247,13 @@
           {
             "name": "analytic6",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Device key expiring within 7 days",
+            "label": "Tailscale: Mass credential revocation in short window",
             "elements": [
               {
                 "name": "analytic6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies tailnet devices whose machine key expires within the next 7 days and where key expiry is not disabled. Surface proactively so renewal can be scheduled rather than forced during an outage."
+                  "text": "Identifies when five or more API keys, OAuth clients, or auth keys are revoked or deleted within one hour. May be routine rotation, or a typical cleanup pattern after credential compromise."
                 }
               }
             ]
@@ -261,13 +261,13 @@
           {
             "name": "analytic7",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Device started advertising subnet routes",
+            "label": "Tailscale: Device key expiring within 7 days",
             "elements": [
               {
                 "name": "analytic7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a tailnet device begins advertising subnet routes (subnet-router capability) not present in the previous snapshot. Unexpected advertisement may indicate a compromised node expanding reachable surface area or an unsanctioned admin change."
+                  "text": "Identifies tailnet devices whose machine key expires within the next 7 days and where key expiry is not disabled. Surface proactively so renewal can be scheduled rather than forced during an outage."
                 }
               }
             ]
@@ -275,13 +275,13 @@
           {
             "name": "analytic8",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: User role elevated to admin or owner",
+            "label": "Tailscale: Device started advertising subnet routes",
             "elements": [
               {
                 "name": "analytic8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a user's tailnet role changes from a lower-privilege role to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review."
+                  "text": "Identifies when a tailnet device begins advertising subnet routes (subnet-router capability) not present in the previous snapshot. Unexpected advertisement may indicate a compromised node expanding reachable surface area or an unsanctioned admin change."
                 }
               }
             ]
@@ -289,13 +289,13 @@
           {
             "name": "analytic9",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Split-DNS configuration modified",
+            "label": "Tailscale: User role elevated to admin or owner",
             "elements": [
               {
                 "name": "analytic9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when the tailnet split-DNS configuration is modified. Split-DNS overrides per-domain resolution within the tailnet - an attacker adding a new domain mapping or changing the resolver IP can hijack DNS for that domain."
+                  "text": "Identifies when a user's tailnet role changes from a lower-privilege role to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review."
                 }
               }
             ]
@@ -303,13 +303,13 @@
           {
             "name": "analytic10",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: DNS nameservers modified",
+            "label": "Tailscale: Split-DNS configuration modified",
             "elements": [
               {
                 "name": "analytic10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when the tailnet's global DNS nameserver list is modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device using MagicDNS resolution."
+                  "text": "Identifies when the tailnet split-DNS configuration is modified. Split-DNS overrides per-domain resolution within the tailnet - an attacker adding a new domain mapping or changing the resolver IP can hijack DNS for that domain."
                 }
               }
             ]
@@ -317,13 +317,13 @@
           {
             "name": "analytic11",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: MagicDNS disabled",
+            "label": "Tailscale: DNS nameservers modified",
             "elements": [
               {
                 "name": "analytic11-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when MagicDNS is turned off on the tailnet. Disabling MagicDNS changes DNS behaviour for every device and is occasionally a precursor to wider DNS hijacking - verify the change was intentional."
+                  "text": "Identifies when the tailnet's global DNS nameserver list is modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device using MagicDNS resolution."
                 }
               }
             ]
@@ -331,13 +331,13 @@
           {
             "name": "analytic12",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Tailnet lock validation failed",
+            "label": "Tailscale: MagicDNS disabled",
             "elements": [
               {
                 "name": "analytic12-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires new node-keys be co-signed by trusted signers; errors here are the only direct signal of a node-key injection attempt."
+                  "text": "Identifies when MagicDNS is turned off on the tailnet. Disabling MagicDNS changes DNS behaviour for every device and is occasionally a precursor to wider DNS hijacking - verify the change was intentional."
                 }
               }
             ]
@@ -345,13 +345,13 @@
           {
             "name": "analytic13",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Device Tailscale SSH newly enabled",
+            "label": "Tailscale: Tailnet lock validation failed",
             "elements": [
               {
                 "name": "analytic13-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when Tailscale SSH is enabled on a device that previously did not have it. SSH provides authenticated shell access over the tailnet using Tailscale identity, broadening attack surface if unexpected. Verify and confirm the SSH ACL covers it."
+                  "text": "Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires new node-keys be co-signed by trusted signers; errors here are the only direct signal of a node-key injection attempt."
                 }
               }
             ]
@@ -359,13 +359,13 @@
           {
             "name": "analytic14",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: Unauthorized device connected to control plane",
+            "label": "Tailscale: Device Tailscale SSH newly enabled",
             "elements": [
               {
                 "name": "analytic14-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). With device approval enabled, persistent entries warrant review; without approval, persistence may indicate a node-key injection attempt."
+                  "text": "Identifies when Tailscale SSH is enabled on a device that previously did not have it. SSH provides authenticated shell access over the tailnet using Tailscale identity, broadening attack surface if unexpected. Verify and confirm the SSH ACL covers it."
                 }
               }
             ]
@@ -373,13 +373,13 @@
           {
             "name": "analytic15",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale: External (shared-in) device added",
+            "label": "Tailscale: Unauthorized device connected to control plane",
             "elements": [
               {
                 "name": "analytic15-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies new external (shared-in) devices joining the tailnet that were not present in the prior 24-hour baseline. Each shared-in device expands the trust boundary - confirm the share matches a documented agreement and ACL scope."
+                  "text": "Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). With device approval enabled, persistent entries warrant review; without approval, persistence may indicate a node-key injection attempt."
                 }
               }
             ]
@@ -387,13 +387,13 @@
           {
             "name": "analytic16",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Unexpected exit-node egress",
+            "label": "Tailscale: External (shared-in) device added",
             "elements": [
               {
                 "name": "analytic16-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a specific source may indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise."
+                  "text": "Identifies new external (shared-in) devices joining the tailnet that were not present in the prior 24-hour baseline. Each shared-in device expands the trust boundary - confirm the share matches a documented agreement and ACL scope."
                 }
               }
             ]
@@ -401,13 +401,13 @@
           {
             "name": "analytic17",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Large outbound transfer over tailnet",
+            "label": "Tailscale Premium: Unexpected exit-node egress",
             "elements": [
               {
                 "name": "analytic17-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a single src-dst pair transfers more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Requires Tailscale Premium or Enterprise."
+                  "text": "Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a specific source may indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
@@ -415,13 +415,13 @@
           {
             "name": "analytic18",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Network flow beaconing detected",
+            "label": "Tailscale Premium: Large outbound transfer over tailnet",
             "elements": [
               {
                 "name": "analytic18-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when flows between a src-dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). Signature of C2 beaconing or scheduled exfiltration. Requires Tailscale Premium or Enterprise."
+                  "text": "Identifies when a single src-dst pair transfers more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
@@ -429,13 +429,13 @@
           {
             "name": "analytic19",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Mass fan-out from single node",
+            "label": "Tailscale Premium: Network flow beaconing detected",
             "elements": [
               {
                 "name": "analytic19-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a single node initiates flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation. Requires Tailscale Premium or Enterprise."
+                  "text": "Identifies when flows between a src-dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). Signature of C2 beaconing or scheduled exfiltration. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
@@ -443,13 +443,13 @@
           {
             "name": "analytic20",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Subnet router throughput anomaly",
+            "label": "Tailscale Premium: Mass fan-out from single node",
             "elements": [
               {
                 "name": "analytic20-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handles 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate exfiltration or scanning. Requires Tailscale Premium or Enterprise."
+                  "text": "Identifies when a single node initiates flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
@@ -457,13 +457,13 @@
           {
             "name": "analytic21",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: Posture integration disabled or removed",
+            "label": "Tailscale Premium: Subnet router throughput anomaly",
             "elements": [
               {
                 "name": "analytic21-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise."
+                  "text": "Identifies when a subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handles 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate exfiltration or scanning. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
@@ -471,16 +471,44 @@
           {
             "name": "analytic22",
             "type": "Microsoft.Common.Section",
-            "label": "Tailscale Premium: New posture integration added",
+            "label": "Tailscale Premium: Posture integration disabled or removed",
             "elements": [
               {
                 "name": "analytic22-text",
                 "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic23",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: New posture integration added",
+            "elements": [
+              {
+                "name": "analytic23-text",
+                "type": "Microsoft.Common.TextBlock",
                 "options": {
                   "text": "Identifies when a new device-posture integration is added to the tailnet (Jamf, Kandji, Intune, Kolide, Defender for Endpoint, CrowdStrike, SentinelOne, etc.). Unexpected additions may indicate an attacker establishing a control plane or bypassing compliance gates. Requires Tailscale Premium or Enterprise."
                 }
               }
             ]
+          },
+          {
+            "name": "analytic24",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: DERP relay traffic surge",
+            "elements": [
+              {
+                "name": "analytic24-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Identifies when a source node has more than 75 percent of its recent flows falling back to a DERP relay (Tailscale's IsRelayed flag, traffic via 127.3.3.40). Sustained high relay rate indicates direct WireGuard peer-to-peer is failing - causes include NAT/firewall changes, a network blocking UDP 41641, or potential evasion attempts. Operational signal but useful for spotting policy drift. Requires Tailscale Premium or Enterprise."
+                }
+              }
+            ]
           }
         ]
       },
@@ -515,7 +543,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
+                  "text": "Identifies actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
                 }
               }
             ]
@@ -543,7 +571,7 @@
                 "name": "huntingquery3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Lists configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
+                  "text": "Identifies configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
                 }
               }
             ]
@@ -557,7 +585,7 @@
                 "name": "huntingquery4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
+                  "text": "Identifies actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
                 }
               }
             ]
@@ -571,7 +599,7 @@
                 "name": "huntingquery5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Lists tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
+                  "text": "Identifies tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -599,7 +627,7 @@
                 "name": "huntingquery7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Lists tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records. This hunting query depends on TailscaleCCF data connector (Tailscale_Users_CL Parser or Table)"
+                  "text": "Identifies tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records. This hunting query depends on TailscaleCCF data connector (Tailscale_Users_CL Parser or Table)"
                 }
               }
             ]
@@ -627,7 +655,7 @@
                 "name": "huntingquery9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Inventory of devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity (no SSH keys needed) and is governed by the SSH ACL block in the policy file. Cross-reference this list with the SSH ACL to confirm only the intended devices are reachable as SSH targets. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
+                  "text": "Identifies devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity (no SSH keys needed) and is governed by the SSH ACL block in the policy file. Cross-reference this list with the SSH ACL to confirm only the intended devices are reachable as SSH targets. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -641,7 +669,7 @@
                 "name": "huntingquery10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Inventory of external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. Confirm each entry maps to a documented collaboration and that the corresponding ACL restricts the device to the intended resources. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
+                  "text": "Identifies external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. Confirm each entry maps to a documented collaboration and that the corresponding ACL restricts the device to the intended resources. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -655,7 +683,7 @@
                 "name": "huntingquery11-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Lists tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security and feature updates regularly; a device showing UpdateAvailable lacks the most recent improvements. Use this list to plan a fleet update, especially before enabling new ACL features that require minimum client versions. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
+                  "text": "Identifies tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security and feature updates regularly; a device showing UpdateAvailable lacks the most recent improvements. Use this list to plan a fleet update, especially before enabling new ACL features that require minimum client versions. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -683,7 +711,7 @@
                 "name": "huntingquery13-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Lists tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs). This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Identifies tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs). This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
                 }
               }
             ]
@@ -697,7 +725,7 @@
                 "name": "huntingquery14-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Ranks tailnet src->dst pairs by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Identifies tailnet src->dst pairs ranked by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
                 }
               }
             ]
@@ -711,7 +739,7 @@
                 "name": "huntingquery15-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Summarises traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Identifies traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
                 }
               }
             ]
@@ -739,7 +767,77 @@
                 "name": "huntingquery17-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Lists the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_PostureIntegrations_CL Parser or Table)"
+                  "text": "Identifies the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_PostureIntegrations_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery18",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Devices with persistent DERP relay usage",
+            "elements": [
+              {
+                "name": "huntingquery18-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Identifies devices that have consistently fallen back to DERP relay (IsRelayed = true) over the past 24 hours. Sustained relay usage points to NAT/firewall misconfiguration on the device's network, a tunnel-blocking middlebox, or in rare cases deliberate evasion attempting to obscure direct peer-to-peer paths. Useful for proactive network-hygiene investigation and capacity planning. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery19",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Tagged services with broad inbound exposure",
+            "elements": [
+              {
+                "name": "huntingquery19-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Identifies tagged services (devices with non-empty DstTags) ranked by inbound diversity over 7 days. Baseline: a tag:plex serving the household typically sees connections from 1-3 user devices; a tag:db or tag:internal that receives connections from 10+ distinct users or 3+ OS families may indicate ACL drift, credential sharing, or unauthorised access. Sort by DistinctSrcDevices to surface services with the broadest blast-radius. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery20",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Cross-tag flow matrix",
+            "elements": [
+              {
+                "name": "huntingquery20-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Identifies network flows pivoted by source-tag x destination-tag over the past 7 days, treating untagged user devices as `<user>`. Highlights which tagged services interact - useful for ACL validation, detecting unexpected tag-to-tag traffic, and spotting tag-to-same-tag loops that can indicate worm-style propagation or service-mesh anomalies. Order by Flows to find the heaviest tag pairs; sort by DistinctSrcDevices to find broadly-used services. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery21",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Network flows outside business hours",
+            "elements": [
+              {
+                "name": "huntingquery21-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Identifies network flows occurring outside 07:00-19:00 UTC on weekdays, plus all of weekend, over the past 7 days. Filters to virtual/subnet/exit traffic (drops DERP-only keepalive noise). Useful for spotting unattended automation gone wrong, scheduled exfiltration, or unsanctioned after-hours access by humans. The TaggedSource column makes it easy to separate cron-like service traffic (tag:backup, tag:cron) from human user activity. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                }
+              }
+            ]
+          },
+          {
+            "name": "huntingquery22",
+            "type": "Microsoft.Common.Section",
+            "label": "Tailscale Premium: Users generating traffic from multiple devices",
+            "elements": [
+              {
+                "name": "huntingquery22-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Identifies users (SrcUser) generating tailnet flows from more than one distinct device in the past 24 hours. Normal for a user with phone + laptop. Useful for spotting account compromise (sudden new device for a user), unauthorised device enrollment, or device sharing across users. Cross-reference NewDevicesToday against Tailscale_Devices_CL.Created to confirm whether each device is genuinely new vs long-known. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 5bcdc249d94..c653f22c2b6 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -28,20 +28,6 @@
         "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
       }
     },
-    "resourceGroupName": {
-      "type": "string",
-      "defaultValue": "[resourceGroup().name]",
-      "metadata": {
-        "description": "resource group name where Microsoft Sentinel is setup"
-      }
-    },
-    "subscription": {
-      "type": "string",
-      "defaultValue": "[last(split(subscription().id, '/'))]",
-      "metadata": {
-        "description": "subscription id where Microsoft Sentinel is setup"
-      }
-    },
     "workbook1-name": {
       "type": "string",
       "defaultValue": "Tailscale Operations (Standard)",
@@ -63,21 +49,14 @@
     "email": "ccfconnectors.county118@passmail.com",
     "_email": "[variables('email')]",
     "_solutionName": "Tailscale (CCF)",
-    "_solutionVersion": "3.0.5",
     "solutionId": "noodlemctwoodle.azure-sentinel-solution-tailscale-ccf",
     "_solutionId": "[variables('solutionId')]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-    "dataConnectorCCPVersion": "3.0.5",
+    "dataConnectorCCPVersion": "3.0.0",
     "_dataConnectorContentIdConnectorDefinition1": "TailscaleCCF",
-    "dataConnectorTemplateNameConnectorDefinition1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition1')))]",
     "_dataConnectorContentIdConnections1": "TailscaleCCFConnections",
-    "dataConnectorTemplateNameConnections1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections1')))]",
-    "dataCollectionEndpointId1": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]",
     "_dataConnectorContentIdConnectorDefinition2": "TailscalePremiumCCF",
-    "dataConnectorTemplateNameConnectorDefinition2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition2')))]",
     "_dataConnectorContentIdConnections2": "TailscalePremiumCCFConnections",
-    "dataConnectorTemplateNameConnections2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections2')))]",
-    "dataCollectionEndpointId2": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]",
     "analyticRuleObject1": {
       "analyticRuleVersion1": "1.0.0",
       "_analyticRulecontentId1": "668b43fd-cf28-961a-85af-957850df5027",
@@ -87,150 +66,164 @@
     },
     "analyticRuleObject2": {
       "analyticRuleVersion2": "1.0.0",
-      "_analyticRulecontentId2": "1e7249c2-1a9d-05fd-45cb-c859eef5b8ae",
-      "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '1e7249c2-1a9d-05fd-45cb-c859eef5b8ae')]",
-      "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('1e7249c2-1a9d-05fd-45cb-c859eef5b8ae')))]",
-      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1e7249c2-1a9d-05fd-45cb-c859eef5b8ae','-', '1.0.0')))]"
+      "_analyticRulecontentId2": "7237a848-30f2-499b-9ad5-024aea1288bd",
+      "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '7237a848-30f2-499b-9ad5-024aea1288bd')]",
+      "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('7237a848-30f2-499b-9ad5-024aea1288bd')))]",
+      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','7237a848-30f2-499b-9ad5-024aea1288bd','-', '1.0.0')))]"
     },
     "analyticRuleObject3": {
       "analyticRuleVersion3": "1.0.0",
-      "_analyticRulecontentId3": "6b052c8d-5de8-eab0-1956-69a297765a32",
-      "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '6b052c8d-5de8-eab0-1956-69a297765a32')]",
-      "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('6b052c8d-5de8-eab0-1956-69a297765a32')))]",
-      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6b052c8d-5de8-eab0-1956-69a297765a32','-', '1.0.0')))]"
+      "_analyticRulecontentId3": "1e7249c2-1a9d-05fd-45cb-c859eef5b8ae",
+      "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '1e7249c2-1a9d-05fd-45cb-c859eef5b8ae')]",
+      "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('1e7249c2-1a9d-05fd-45cb-c859eef5b8ae')))]",
+      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1e7249c2-1a9d-05fd-45cb-c859eef5b8ae','-', '1.0.0')))]"
     },
     "analyticRuleObject4": {
       "analyticRuleVersion4": "1.0.0",
-      "_analyticRulecontentId4": "f42f2906-c8e6-23d0-e48c-0620e50d5510",
-      "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f42f2906-c8e6-23d0-e48c-0620e50d5510')]",
-      "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f42f2906-c8e6-23d0-e48c-0620e50d5510')))]",
-      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f42f2906-c8e6-23d0-e48c-0620e50d5510','-', '1.0.0')))]"
+      "_analyticRulecontentId4": "6b052c8d-5de8-eab0-1956-69a297765a32",
+      "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '6b052c8d-5de8-eab0-1956-69a297765a32')]",
+      "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('6b052c8d-5de8-eab0-1956-69a297765a32')))]",
+      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6b052c8d-5de8-eab0-1956-69a297765a32','-', '1.0.0')))]"
     },
     "analyticRuleObject5": {
       "analyticRuleVersion5": "1.0.0",
-      "_analyticRulecontentId5": "f817e2fa-6fa0-fc25-5369-cef9b58771af",
-      "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f817e2fa-6fa0-fc25-5369-cef9b58771af')]",
-      "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f817e2fa-6fa0-fc25-5369-cef9b58771af')))]",
-      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f817e2fa-6fa0-fc25-5369-cef9b58771af','-', '1.0.0')))]"
+      "_analyticRulecontentId5": "f42f2906-c8e6-23d0-e48c-0620e50d5510",
+      "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f42f2906-c8e6-23d0-e48c-0620e50d5510')]",
+      "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f42f2906-c8e6-23d0-e48c-0620e50d5510')))]",
+      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f42f2906-c8e6-23d0-e48c-0620e50d5510','-', '1.0.0')))]"
     },
     "analyticRuleObject6": {
       "analyticRuleVersion6": "1.0.0",
-      "_analyticRulecontentId6": "b1a2c3d4-1234-5678-90ab-cdef12345001",
-      "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b1a2c3d4-1234-5678-90ab-cdef12345001')]",
-      "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b1a2c3d4-1234-5678-90ab-cdef12345001')))]",
-      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b1a2c3d4-1234-5678-90ab-cdef12345001','-', '1.0.0')))]"
+      "_analyticRulecontentId6": "f817e2fa-6fa0-fc25-5369-cef9b58771af",
+      "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f817e2fa-6fa0-fc25-5369-cef9b58771af')]",
+      "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f817e2fa-6fa0-fc25-5369-cef9b58771af')))]",
+      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f817e2fa-6fa0-fc25-5369-cef9b58771af','-', '1.0.0')))]"
     },
     "analyticRuleObject7": {
       "analyticRuleVersion7": "1.0.0",
-      "_analyticRulecontentId7": "c2b3d4e5-2345-6789-01ab-cdef12345002",
-      "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c2b3d4e5-2345-6789-01ab-cdef12345002')]",
-      "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c2b3d4e5-2345-6789-01ab-cdef12345002')))]",
-      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c2b3d4e5-2345-6789-01ab-cdef12345002','-', '1.0.0')))]"
+      "_analyticRulecontentId7": "b1a2c3d4-1234-5678-90ab-cdef12345001",
+      "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b1a2c3d4-1234-5678-90ab-cdef12345001')]",
+      "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b1a2c3d4-1234-5678-90ab-cdef12345001')))]",
+      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b1a2c3d4-1234-5678-90ab-cdef12345001','-', '1.0.0')))]"
     },
     "analyticRuleObject8": {
       "analyticRuleVersion8": "1.0.0",
-      "_analyticRulecontentId8": "d3c4e5f6-3456-7890-12ab-cdef12345003",
-      "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd3c4e5f6-3456-7890-12ab-cdef12345003')]",
-      "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d3c4e5f6-3456-7890-12ab-cdef12345003')))]",
-      "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d3c4e5f6-3456-7890-12ab-cdef12345003','-', '1.0.0')))]"
+      "_analyticRulecontentId8": "c2b3d4e5-2345-6789-01ab-cdef12345002",
+      "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c2b3d4e5-2345-6789-01ab-cdef12345002')]",
+      "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c2b3d4e5-2345-6789-01ab-cdef12345002')))]",
+      "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c2b3d4e5-2345-6789-01ab-cdef12345002','-', '1.0.0')))]"
     },
     "analyticRuleObject9": {
       "analyticRuleVersion9": "1.0.0",
-      "_analyticRulecontentId9": "b4c5d6e7-1234-5678-90ab-cdef12345010",
-      "analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b4c5d6e7-1234-5678-90ab-cdef12345010')]",
-      "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b4c5d6e7-1234-5678-90ab-cdef12345010')))]",
-      "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b4c5d6e7-1234-5678-90ab-cdef12345010','-', '1.0.0')))]"
+      "_analyticRulecontentId9": "d3c4e5f6-3456-7890-12ab-cdef12345003",
+      "analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd3c4e5f6-3456-7890-12ab-cdef12345003')]",
+      "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d3c4e5f6-3456-7890-12ab-cdef12345003')))]",
+      "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d3c4e5f6-3456-7890-12ab-cdef12345003','-', '1.0.0')))]"
     },
     "analyticRuleObject10": {
       "analyticRuleVersion10": "1.0.0",
-      "_analyticRulecontentId10": "c5d6e7f8-2345-6789-01ab-cdef12345011",
-      "analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c5d6e7f8-2345-6789-01ab-cdef12345011')]",
-      "analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c5d6e7f8-2345-6789-01ab-cdef12345011')))]",
-      "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c5d6e7f8-2345-6789-01ab-cdef12345011','-', '1.0.0')))]"
+      "_analyticRulecontentId10": "b4c5d6e7-1234-5678-90ab-cdef12345010",
+      "analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b4c5d6e7-1234-5678-90ab-cdef12345010')]",
+      "analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b4c5d6e7-1234-5678-90ab-cdef12345010')))]",
+      "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b4c5d6e7-1234-5678-90ab-cdef12345010','-', '1.0.0')))]"
     },
     "analyticRuleObject11": {
       "analyticRuleVersion11": "1.0.0",
-      "_analyticRulecontentId11": "f8a9b0c1-4567-8901-23ab-cdef12345020",
-      "analyticRuleId11": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f8a9b0c1-4567-8901-23ab-cdef12345020')]",
-      "analyticRuleTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f8a9b0c1-4567-8901-23ab-cdef12345020')))]",
-      "_analyticRulecontentProductId11": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f8a9b0c1-4567-8901-23ab-cdef12345020','-', '1.0.0')))]"
+      "_analyticRulecontentId11": "c5d6e7f8-2345-6789-01ab-cdef12345011",
+      "analyticRuleId11": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c5d6e7f8-2345-6789-01ab-cdef12345011')]",
+      "analyticRuleTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c5d6e7f8-2345-6789-01ab-cdef12345011')))]",
+      "_analyticRulecontentProductId11": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c5d6e7f8-2345-6789-01ab-cdef12345011','-', '1.0.0')))]"
     },
     "analyticRuleObject12": {
       "analyticRuleVersion12": "1.0.0",
-      "_analyticRulecontentId12": "e9f0a1b2-3456-7890-12cd-ef1234560040",
-      "analyticRuleId12": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e9f0a1b2-3456-7890-12cd-ef1234560040')]",
-      "analyticRuleTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e9f0a1b2-3456-7890-12cd-ef1234560040')))]",
-      "_analyticRulecontentProductId12": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e9f0a1b2-3456-7890-12cd-ef1234560040','-', '1.0.0')))]"
+      "_analyticRulecontentId12": "f8a9b0c1-4567-8901-23ab-cdef12345020",
+      "analyticRuleId12": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f8a9b0c1-4567-8901-23ab-cdef12345020')]",
+      "analyticRuleTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f8a9b0c1-4567-8901-23ab-cdef12345020')))]",
+      "_analyticRulecontentProductId12": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f8a9b0c1-4567-8901-23ab-cdef12345020','-', '1.0.0')))]"
     },
     "analyticRuleObject13": {
       "analyticRuleVersion13": "1.0.0",
-      "_analyticRulecontentId13": "f0a1b2c3-4567-8901-23de-f12345670041",
-      "analyticRuleId13": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f0a1b2c3-4567-8901-23de-f12345670041')]",
-      "analyticRuleTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f0a1b2c3-4567-8901-23de-f12345670041')))]",
-      "_analyticRulecontentProductId13": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f0a1b2c3-4567-8901-23de-f12345670041','-', '1.0.0')))]"
+      "_analyticRulecontentId13": "e9f0a1b2-3456-7890-12cd-ef1234560040",
+      "analyticRuleId13": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e9f0a1b2-3456-7890-12cd-ef1234560040')]",
+      "analyticRuleTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e9f0a1b2-3456-7890-12cd-ef1234560040')))]",
+      "_analyticRulecontentProductId13": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e9f0a1b2-3456-7890-12cd-ef1234560040','-', '1.0.0')))]"
     },
     "analyticRuleObject14": {
       "analyticRuleVersion14": "1.0.0",
-      "_analyticRulecontentId14": "a1b2c3d4-5678-9012-3456-789012340042",
-      "analyticRuleId14": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a1b2c3d4-5678-9012-3456-789012340042')]",
-      "analyticRuleTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a1b2c3d4-5678-9012-3456-789012340042')))]",
-      "_analyticRulecontentProductId14": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a1b2c3d4-5678-9012-3456-789012340042','-', '1.0.0')))]"
+      "_analyticRulecontentId14": "f0a1b2c3-4567-8901-23de-f12345670041",
+      "analyticRuleId14": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f0a1b2c3-4567-8901-23de-f12345670041')]",
+      "analyticRuleTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f0a1b2c3-4567-8901-23de-f12345670041')))]",
+      "_analyticRulecontentProductId14": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f0a1b2c3-4567-8901-23de-f12345670041','-', '1.0.0')))]"
     },
     "analyticRuleObject15": {
       "analyticRuleVersion15": "1.0.0",
-      "_analyticRulecontentId15": "b2c3d4e5-6789-0123-4567-890123450043",
-      "analyticRuleId15": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b2c3d4e5-6789-0123-4567-890123450043')]",
-      "analyticRuleTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b2c3d4e5-6789-0123-4567-890123450043')))]",
-      "_analyticRulecontentProductId15": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b2c3d4e5-6789-0123-4567-890123450043','-', '1.0.0')))]"
+      "_analyticRulecontentId15": "a1b2c3d4-5678-9012-3456-789012340042",
+      "analyticRuleId15": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a1b2c3d4-5678-9012-3456-789012340042')]",
+      "analyticRuleTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a1b2c3d4-5678-9012-3456-789012340042')))]",
+      "_analyticRulecontentProductId15": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a1b2c3d4-5678-9012-3456-789012340042','-', '1.0.0')))]"
     },
     "analyticRuleObject16": {
       "analyticRuleVersion16": "1.0.0",
-      "_analyticRulecontentId16": "c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f",
-      "analyticRuleId16": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')]",
-      "analyticRuleTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')))]",
-      "_analyticRulecontentProductId16": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f','-', '1.0.0')))]"
+      "_analyticRulecontentId16": "b2c3d4e5-6789-0123-4567-890123450043",
+      "analyticRuleId16": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b2c3d4e5-6789-0123-4567-890123450043')]",
+      "analyticRuleTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b2c3d4e5-6789-0123-4567-890123450043')))]",
+      "_analyticRulecontentProductId16": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b2c3d4e5-6789-0123-4567-890123450043','-', '1.0.0')))]"
     },
     "analyticRuleObject17": {
       "analyticRuleVersion17": "1.0.0",
-      "_analyticRulecontentId17": "d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a",
-      "analyticRuleId17": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')]",
-      "analyticRuleTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')))]",
-      "_analyticRulecontentProductId17": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a','-', '1.0.0')))]"
+      "_analyticRulecontentId17": "c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f",
+      "analyticRuleId17": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')]",
+      "analyticRuleTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f')))]",
+      "_analyticRulecontentProductId17": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f','-', '1.0.0')))]"
     },
     "analyticRuleObject18": {
       "analyticRuleVersion18": "1.0.0",
-      "_analyticRulecontentId18": "e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b",
-      "analyticRuleId18": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')]",
-      "analyticRuleTemplateSpecName18": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')))]",
-      "_analyticRulecontentProductId18": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b','-', '1.0.0')))]"
+      "_analyticRulecontentId18": "d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a",
+      "analyticRuleId18": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')]",
+      "analyticRuleTemplateSpecName18": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a')))]",
+      "_analyticRulecontentProductId18": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d2e3f4a5-2b3c-4d5e-6f7a-8b9c0d1e2f3a','-', '1.0.0')))]"
     },
     "analyticRuleObject19": {
       "analyticRuleVersion19": "1.0.0",
-      "_analyticRulecontentId19": "f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c",
-      "analyticRuleId19": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')]",
-      "analyticRuleTemplateSpecName19": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')))]",
-      "_analyticRulecontentProductId19": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c','-', '1.0.0')))]"
+      "_analyticRulecontentId19": "e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b",
+      "analyticRuleId19": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')]",
+      "analyticRuleTemplateSpecName19": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b')))]",
+      "_analyticRulecontentProductId19": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e3f4a5b6-3c4d-5e6f-7a8b-9c0d1e2f3a4b','-', '1.0.0')))]"
     },
     "analyticRuleObject20": {
       "analyticRuleVersion20": "1.0.0",
-      "_analyticRulecontentId20": "a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d",
-      "analyticRuleId20": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')]",
-      "analyticRuleTemplateSpecName20": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')))]",
-      "_analyticRulecontentProductId20": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d','-', '1.0.0')))]"
+      "_analyticRulecontentId20": "f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c",
+      "analyticRuleId20": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')]",
+      "analyticRuleTemplateSpecName20": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c')))]",
+      "_analyticRulecontentProductId20": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f4a5b6c7-4d5e-6f7a-8b9c-0d1e2f3a4b5c','-', '1.0.0')))]"
     },
     "analyticRuleObject21": {
       "analyticRuleVersion21": "1.0.0",
-      "_analyticRulecontentId21": "a1b2c3d4-5678-9012-34ab-cdef12345030",
-      "analyticRuleId21": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a1b2c3d4-5678-9012-34ab-cdef12345030')]",
-      "analyticRuleTemplateSpecName21": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a1b2c3d4-5678-9012-34ab-cdef12345030')))]",
-      "_analyticRulecontentProductId21": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a1b2c3d4-5678-9012-34ab-cdef12345030','-', '1.0.0')))]"
+      "_analyticRulecontentId21": "a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d",
+      "analyticRuleId21": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')]",
+      "analyticRuleTemplateSpecName21": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d')))]",
+      "_analyticRulecontentProductId21": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a5b6c7d8-5e6f-7a8b-9c0d-1e2f3a4b5c6d','-', '1.0.0')))]"
     },
     "analyticRuleObject22": {
       "analyticRuleVersion22": "1.0.0",
-      "_analyticRulecontentId22": "b2c3d4e5-6789-0123-45ab-cdef12345031",
-      "analyticRuleId22": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b2c3d4e5-6789-0123-45ab-cdef12345031')]",
-      "analyticRuleTemplateSpecName22": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b2c3d4e5-6789-0123-45ab-cdef12345031')))]",
-      "_analyticRulecontentProductId22": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b2c3d4e5-6789-0123-45ab-cdef12345031','-', '1.0.0')))]"
+      "_analyticRulecontentId22": "a1b2c3d4-5678-9012-34ab-cdef12345030",
+      "analyticRuleId22": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a1b2c3d4-5678-9012-34ab-cdef12345030')]",
+      "analyticRuleTemplateSpecName22": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a1b2c3d4-5678-9012-34ab-cdef12345030')))]",
+      "_analyticRulecontentProductId22": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a1b2c3d4-5678-9012-34ab-cdef12345030','-', '1.0.0')))]"
+    },
+    "analyticRuleObject23": {
+      "analyticRuleVersion23": "1.0.0",
+      "_analyticRulecontentId23": "b2c3d4e5-6789-0123-45ab-cdef12345031",
+      "analyticRuleId23": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b2c3d4e5-6789-0123-45ab-cdef12345031')]",
+      "analyticRuleTemplateSpecName23": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b2c3d4e5-6789-0123-45ab-cdef12345031')))]",
+      "_analyticRulecontentProductId23": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b2c3d4e5-6789-0123-45ab-cdef12345031','-', '1.0.0')))]"
+    },
+    "analyticRuleObject24": {
+      "analyticRuleVersion24": "1.0.0",
+      "_analyticRulecontentId24": "0a1c8d12-e7d3-4890-8b89-8d6dbc1be2f0",
+      "analyticRuleId24": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '0a1c8d12-e7d3-4890-8b89-8d6dbc1be2f0')]",
+      "analyticRuleTemplateSpecName24": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('0a1c8d12-e7d3-4890-8b89-8d6dbc1be2f0')))]",
+      "_analyticRulecontentProductId24": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','0a1c8d12-e7d3-4890-8b89-8d6dbc1be2f0','-', '1.0.0')))]"
     },
     "huntingQueryObject1": {
       "huntingQueryVersion1": "1.0.0",
@@ -317,6 +310,31 @@
       "_huntingQuerycontentId17": "c3d4e5f6-7890-1234-56ab-cdef12345032",
       "huntingQueryTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('c3d4e5f6-7890-1234-56ab-cdef12345032')))]"
     },
+    "huntingQueryObject18": {
+      "huntingQueryVersion18": "1.0.0",
+      "_huntingQuerycontentId18": "20457fba-08e2-42d7-b972-fbe9acf583c8",
+      "huntingQueryTemplateSpecName18": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('20457fba-08e2-42d7-b972-fbe9acf583c8')))]"
+    },
+    "huntingQueryObject19": {
+      "huntingQueryVersion19": "1.0.0",
+      "_huntingQuerycontentId19": "f8d4e7bc-3450-4c55-84ac-90e6e9c6b8fe",
+      "huntingQueryTemplateSpecName19": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('f8d4e7bc-3450-4c55-84ac-90e6e9c6b8fe')))]"
+    },
+    "huntingQueryObject20": {
+      "huntingQueryVersion20": "1.0.0",
+      "_huntingQuerycontentId20": "a8978f27-3c85-4c29-a45a-c4a5e43fef2d",
+      "huntingQueryTemplateSpecName20": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('a8978f27-3c85-4c29-a45a-c4a5e43fef2d')))]"
+    },
+    "huntingQueryObject21": {
+      "huntingQueryVersion21": "1.0.0",
+      "_huntingQuerycontentId21": "622ce88a-0838-4bbe-8a00-ab8ac8377f41",
+      "huntingQueryTemplateSpecName21": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('622ce88a-0838-4bbe-8a00-ab8ac8377f41')))]"
+    },
+    "huntingQueryObject22": {
+      "huntingQueryVersion22": "1.0.0",
+      "_huntingQuerycontentId22": "daac10bd-d842-4122-90cc-9957256f04e3",
+      "huntingQueryTemplateSpecName22": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('daac10bd-d842-4122-90cc-9957256f04e3')))]"
+    },
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "TailscaleStandardOperationsWorkbook",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
@@ -544,7 +562,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -579,6 +597,14 @@
                         "name": "eventGroupID",
                         "type": "string"
                       },
+                      {
+                        "name": "type",
+                        "type": "string"
+                      },
+                      {
+                        "name": "actionDetails",
+                        "type": "string"
+                      },
                       {
                         "name": "actor",
                         "type": "dynamic"
@@ -914,7 +940,7 @@
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
+                    "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend EventType = type | extend ActionDetails = actionDetails | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, EventType, ActionDetails, Actor, Action, Target, Origin, New, Old",
                     "outputStream": "Custom-Tailscale_Audit_CL"
                   },
                   {
@@ -1022,6 +1048,14 @@
                       "name": "EventGroupID",
                       "type": "string"
                     },
+                    {
+                      "name": "EventType",
+                      "type": "string"
+                    },
+                    {
+                      "name": "ActionDetails",
+                      "type": "string"
+                    },
                     {
                       "name": "Actor",
                       "type": "dynamic"
@@ -1459,10 +1493,58 @@
                       "name": "SrcNode",
                       "type": "dynamic"
                     },
+                    {
+                      "name": "SrcUser",
+                      "type": "string"
+                    },
+                    {
+                      "name": "SrcNodeName",
+                      "type": "string"
+                    },
+                    {
+                      "name": "SrcOs",
+                      "type": "string"
+                    },
+                    {
+                      "name": "SrcTags",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "SrcAddresses",
+                      "type": "dynamic"
+                    },
                     {
                       "name": "DstNodes",
                       "type": "dynamic"
                     },
+                    {
+                      "name": "DstCount",
+                      "type": "int"
+                    },
+                    {
+                      "name": "DstNodeId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DstNodeName",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DstUser",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DstOs",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DstTags",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "DstAddresses",
+                      "type": "dynamic"
+                    },
                     {
                       "name": "VirtualTraffic",
                       "type": "dynamic"
@@ -1478,6 +1560,26 @@
                     {
                       "name": "PhysicalTraffic",
                       "type": "dynamic"
+                    },
+                    {
+                      "name": "HasVirtualTraffic",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "HasSubnetTraffic",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "HasExitTraffic",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "HasPhysicalTraffic",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "IsRelayed",
+                      "type": "boolean"
                     }
                   ]
                 },
@@ -1736,7 +1838,7 @@
           "email": "[variables('_email')]"
         },
         "support": {
-          "name": "Community",
+          "name": "Tailscale (CCF)",
           "tier": "Community",
           "email": "ccfconnectors.county118@passmail.com",
           "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -1831,7 +1933,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -2469,7 +2571,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -2504,6 +2606,14 @@
                         "name": "eventGroupID",
                         "type": "string"
                       },
+                      {
+                        "name": "type",
+                        "type": "string"
+                      },
+                      {
+                        "name": "actionDetails",
+                        "type": "string"
+                      },
                       {
                         "name": "actor",
                         "type": "dynamic"
@@ -2762,11 +2872,19 @@
                       }
                     ]
                   },
-                  "Custom-Tailscale_DnsNameservers_CL": {
+                  "Custom-Tailscale_DnsConfig_CL": {
                     "columns": [
                       {
                         "name": "dns",
                         "type": "dynamic"
+                      },
+                      {
+                        "name": "magicDNS",
+                        "type": "boolean"
+                      },
+                      {
+                        "name": "searchPaths",
+                        "type": "dynamic"
                       }
                     ]
                   },
@@ -2806,22 +2924,6 @@
                       }
                     ]
                   },
-                  "Custom-Tailscale_DnsPreferences_CL": {
-                    "columns": [
-                      {
-                        "name": "magicDNS",
-                        "type": "boolean"
-                      }
-                    ]
-                  },
-                  "Custom-Tailscale_DnsSearchPaths_CL": {
-                    "columns": [
-                      {
-                        "name": "searchPaths",
-                        "type": "dynamic"
-                      }
-                    ]
-                  },
                   "Custom-Tailscale_Network_CL": {
                     "columns": [
                       {
@@ -2915,7 +3017,7 @@
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, Actor, Action, Target, Origin, New, Old",
+                    "transformKql": "source | extend TimeGenerated = eventTime | extend EventTime = eventTime | extend EventGroupID = eventGroupID | extend EventType = type | extend ActionDetails = actionDetails | extend Actor = actor | extend Action = action | extend Target = target | extend Origin = origin | extend New = new | extend Old = old | project TimeGenerated, EventTime, EventGroupID, EventType, ActionDetails, Actor, Action, Target, Origin, New, Old",
                     "outputStream": "Custom-Tailscale_Audit_CL"
                   },
                   {
@@ -2960,12 +3062,12 @@
                   },
                   {
                     "streams": [
-                      "Custom-Tailscale_DnsNameservers_CL"
+                      "Custom-Tailscale_DnsConfig_CL"
                     ],
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'nameservers' | extend Nameservers = dns | project TimeGenerated, ConfigType, Nameservers",
+                    "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = case(isnotnull(dns), 'nameservers', isnotnull(searchPaths), 'searchpaths', 'preferences') | extend Nameservers = dns | extend MagicDNS = magicDNS | extend SearchPaths = searchPaths | project TimeGenerated, ConfigType, Nameservers, MagicDNS, SearchPaths",
                     "outputStream": "Custom-Tailscale_Dns_CL"
                   },
                   {
@@ -2978,26 +3080,6 @@
                     "transformKql": "source | extend TimeGenerated = now() | extend DevicesApprovalOn = devicesApprovalOn | extend DevicesAutoUpdatesOn = devicesAutoUpdatesOn | extend DevicesKeyDurationDays = devicesKeyDurationDays | extend UsersApprovalOn = usersApprovalOn | extend UsersRoleAllowedToJoinExternalTailnets = usersRoleAllowedToJoinExternalTailnets | extend NetworkFlowLoggingOn = networkFlowLoggingOn | extend RegionalRoutingOn = regionalRoutingOn | extend PostureIdentityCollectionOn = postureIdentityCollectionOn | project TimeGenerated, DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, UsersRoleAllowedToJoinExternalTailnets, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn",
                     "outputStream": "Custom-Tailscale_Settings_CL"
                   },
-                  {
-                    "streams": [
-                      "Custom-Tailscale_DnsPreferences_CL"
-                    ],
-                    "destinations": [
-                      "sentinelWorkspace"
-                    ],
-                    "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'preferences' | extend MagicDNS = magicDNS | project TimeGenerated, ConfigType, MagicDNS",
-                    "outputStream": "Custom-Tailscale_Dns_CL"
-                  },
-                  {
-                    "streams": [
-                      "Custom-Tailscale_DnsSearchPaths_CL"
-                    ],
-                    "destinations": [
-                      "sentinelWorkspace"
-                    ],
-                    "transformKql": "source | extend TimeGenerated = now() | extend ConfigType = 'searchpaths' | extend SearchPaths = searchPaths | project TimeGenerated, ConfigType, SearchPaths",
-                    "outputStream": "Custom-Tailscale_Dns_CL"
-                  },
                   {
                     "streams": [
                       "Custom-Tailscale_Network_CL"
@@ -3005,7 +3087,7 @@
                     "destinations": [
                       "sentinelWorkspace"
                     ],
-                    "transformKql": "source | extend TimeGenerated = logged | extend NodeId = nodeId | extend FlowStart = start | extend FlowEnd = end | extend SrcNode = srcNode | extend DstNodes = dstNodes | extend VirtualTraffic = virtualTraffic | extend SubnetTraffic = subnetTraffic | extend ExitTraffic = exitTraffic | extend PhysicalTraffic = physicalTraffic | project TimeGenerated, NodeId, FlowStart, FlowEnd, SrcNode, DstNodes, VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic",
+                    "transformKql": "source | extend TimeGenerated = logged | extend NodeId = nodeId | extend FlowStart = start | extend FlowEnd = end | extend SrcNode = srcNode | extend SrcUser = tostring(srcNode.user) | extend SrcNodeName = tostring(srcNode.name) | extend SrcOs = tostring(srcNode.os) | extend SrcTags = srcNode.tags | extend SrcAddresses = srcNode.addresses | extend DstNodes = dstNodes | extend DstCount = toint(array_length(dstNodes)) | extend DstNodeId = tostring(dstNodes[0].nodeId) | extend DstNodeName = tostring(dstNodes[0].name) | extend DstUser = tostring(dstNodes[0].user) | extend DstOs = tostring(dstNodes[0].os) | extend DstTags = dstNodes[0].tags | extend DstAddresses = dstNodes[0].addresses | extend VirtualTraffic = virtualTraffic | extend SubnetTraffic = subnetTraffic | extend ExitTraffic = exitTraffic | extend PhysicalTraffic = physicalTraffic | extend HasVirtualTraffic = array_length(virtualTraffic) > 0 | extend HasSubnetTraffic = array_length(subnetTraffic) > 0 | extend HasExitTraffic = array_length(exitTraffic) > 0 | extend HasPhysicalTraffic = array_length(physicalTraffic) > 0 | extend IsRelayed = tostring(physicalTraffic) contains '127.3.3.40' | project TimeGenerated, NodeId, FlowStart, FlowEnd, SrcNode, SrcUser, SrcNodeName, SrcOs, SrcTags, SrcAddresses, DstNodes, DstCount, DstNodeId, DstNodeName, DstUser, DstOs, DstTags, DstAddresses, VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic, HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic, IsRelayed",
                     "outputStream": "Custom-Tailscale_Network_CL"
                   },
                   {
@@ -3043,6 +3125,14 @@
                       "name": "EventGroupID",
                       "type": "string"
                     },
+                    {
+                      "name": "EventType",
+                      "type": "string"
+                    },
+                    {
+                      "name": "ActionDetails",
+                      "type": "string"
+                    },
                     {
                       "name": "Actor",
                       "type": "dynamic"
@@ -3445,10 +3535,58 @@
                       "name": "SrcNode",
                       "type": "dynamic"
                     },
+                    {
+                      "name": "SrcUser",
+                      "type": "string"
+                    },
+                    {
+                      "name": "SrcNodeName",
+                      "type": "string"
+                    },
+                    {
+                      "name": "SrcOs",
+                      "type": "string"
+                    },
+                    {
+                      "name": "SrcTags",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "SrcAddresses",
+                      "type": "dynamic"
+                    },
                     {
                       "name": "DstNodes",
                       "type": "dynamic"
                     },
+                    {
+                      "name": "DstCount",
+                      "type": "int"
+                    },
+                    {
+                      "name": "DstNodeId",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DstNodeName",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DstUser",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DstOs",
+                      "type": "string"
+                    },
+                    {
+                      "name": "DstTags",
+                      "type": "dynamic"
+                    },
+                    {
+                      "name": "DstAddresses",
+                      "type": "dynamic"
+                    },
                     {
                       "name": "VirtualTraffic",
                       "type": "dynamic"
@@ -3464,6 +3602,26 @@
                     {
                       "name": "PhysicalTraffic",
                       "type": "dynamic"
+                    },
+                    {
+                      "name": "HasVirtualTraffic",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "HasSubnetTraffic",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "HasExitTraffic",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "HasPhysicalTraffic",
+                      "type": "boolean"
+                    },
+                    {
+                      "name": "IsRelayed",
+                      "type": "boolean"
                     }
                   ]
                 },
@@ -3775,7 +3933,7 @@
           "email": "[variables('_email')]"
         },
         "support": {
-          "name": "Community",
+          "name": "Tailscale (CCF)",
           "tier": "Community",
           "email": "ccfconnectors.county118@passmail.com",
           "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -3870,7 +4028,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -4153,7 +4311,7 @@
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-                  "streamName": "Custom-Tailscale_DnsNameservers_CL"
+                  "streamName": "Custom-Tailscale_DnsConfig_CL"
                 },
                 "auth": {
                   "type": "OAuth2",
@@ -4196,7 +4354,7 @@
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-                  "streamName": "Custom-Tailscale_DnsPreferences_CL"
+                  "streamName": "Custom-Tailscale_DnsConfig_CL"
                 },
                 "auth": {
                   "type": "OAuth2",
@@ -4239,7 +4397,7 @@
                 "dcrConfig": {
                   "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]",
                   "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]",
-                  "streamName": "Custom-Tailscale_DnsSearchPaths_CL"
+                  "streamName": "Custom-Tailscale_DnsConfig_CL"
                 },
                 "auth": {
                   "type": "OAuth2",
@@ -4376,7 +4534,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleNewAPIaccesstokenorOAuthclientcreated_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -4404,10 +4562,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4432,11 +4590,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   }
                 }
               }
@@ -4461,7 +4619,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -4492,7 +4650,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleOAuthClientCreatedWithWriteScopes_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -4506,13 +4664,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when the tailnet ACL/policy file is modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet.",
-                "displayName": "Tailscale: Policy file (ACL) modified",
+                "description": "Detects creation of a Tailscale OAuth client or API access key whose granted scopes include WRITE permissions (anything matching \":write\"). Tokens with write scopes can modify tailnet configuration, manage devices, write ACLs, and revoke keys - high-value adversary targets. Compare against the recent actor history; revoke immediately if unexpected.",
+                "displayName": "Tailscale: OAuth client or API key created with write scopes",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, Target, Origin, Old, New\n",
+                "query": "Tailscale_Audit_CL\n| where EventType == \"CONFIG\"\n| where Action == \"CREATE\"\n| where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n| extend Scopes = extract(@\"scopes\\s*-\\s*(.+)$\", 1, ActionDetails)\n| where Scopes contains \":write\"\n| extend WriteScopes = extract_all(@\"([a-zA-Z_]+:write)\", Scopes)\n| extend ActorLogin = tostring(Actor.loginName)\n| extend ActorType = tostring(Actor.type)\n| extend TargetName = tostring(Target.name)\n| extend TargetId = tostring(Target.id)\n| extend TargetType = tostring(Target.type)\n| project TimeGenerated, ActorLogin, ActorType, Action, TargetType, TargetName, TargetId, WriteScopes, Scopes, Origin, ActionDetails\n",
                 "queryFrequency": "PT15M",
                 "queryPeriod": "PT15M",
-                "severity": "Medium",
+                "severity": "High",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -4520,18 +4678,25 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
+                  },
+                  {
+                    "dataTypes": [
+                      "Tailscale_Audit_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
-                  "DefenseEvasion",
-                  "Persistence"
+                  "Persistence",
+                  "PrivilegeEscalation"
                 ],
                 "techniques": [
-                  "T1556"
+                  "T1098",
+                  "T1136"
                 ],
                 "entityMappings": [
                   {
@@ -4547,11 +4712,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "PT5H",
+                    "enabled": true
                   }
                 }
               }
@@ -4576,7 +4741,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -4592,7 +4757,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Policy file (ACL) modified",
+        "displayName": "Tailscale: OAuth client or API key created with write scopes",
         "contentProductId": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]",
         "id": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]",
         "version": "[variables('analyticRuleObject2').analyticRuleVersion2]"
@@ -4607,7 +4772,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscalePolicyfileACLmodified_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -4621,13 +4786,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a new Tailscale auth key is generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not.",
-                "displayName": "Tailscale: Auth key created",
+                "description": "Identifies when the tailnet ACL/policy file is modified. Review the diff - incorrect ACLs can silently expand blast radius across the tailnet.",
+                "displayName": "Tailscale: Policy file (ACL) modified",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) == \"AUTH_KEY\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend KeyDescription = tostring(New.description)\n      | extend Reusable = tostring(New.reusable)\n      | extend Ephemeral = tostring(New.ephemeral)\n      | project TimeGenerated, ActorLogin, KeyDescription, Reusable, Ephemeral, Origin, New\n",
+                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, Target, Origin, Old, New\n",
                 "queryFrequency": "PT15M",
                 "queryPeriod": "PT15M",
-                "severity": "Low",
+                "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -4635,17 +4800,18 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
+                  "DefenseEvasion",
                   "Persistence"
                 ],
                 "techniques": [
-                  "T1098"
+                  "T1556"
                 ],
                 "entityMappings": [
                   {
@@ -4661,11 +4827,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   }
                 }
               }
@@ -4690,7 +4856,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -4706,7 +4872,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Auth key created",
+        "displayName": "Tailscale: Policy file (ACL) modified",
         "contentProductId": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]",
         "id": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]",
         "version": "[variables('analyticRuleObject3').analyticRuleVersion3]"
@@ -4721,7 +4887,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleAuthkeycreated_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -4735,12 +4901,12 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a device starts advertising itself as an exit node, or when an admin approves one. Validate the device and operator - rogue exit nodes can intercept tailnet egress.",
-                "displayName": "Tailscale: Exit node advertised or approved",
+                "description": "Identifies when a new Tailscale auth key is generated. Auth keys allow unattended device enrollment into the tailnet - confirm it was expected and revoke if not.",
+                "displayName": "Tailscale: Auth key created",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n      | where Action contains \"EXIT\" or tostring(New.advertisedExitNode) == \"true\" or tostring(New.allowedExitNode) == \"true\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend NodeName = tostring(Target.name)\n      | extend NodeId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, NodeName, NodeId, Origin, New, Old\n",
-                "queryFrequency": "PT30M",
-                "queryPeriod": "PT30M",
+                "query": "Tailscale_Audit_CL\n      | where Action == \"CREATE\"\n      | where tostring(Target.type) == \"AUTH_KEY\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend KeyDescription = tostring(New.description)\n      | extend Reusable = tostring(New.reusable)\n      | extend Ephemeral = tostring(New.ephemeral)\n      | project TimeGenerated, ActorLogin, KeyDescription, Reusable, Ephemeral, Origin, New\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
                 "severity": "Low",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -4749,18 +4915,17 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "CommandAndControl",
-                  "Exfiltration"
+                  "Persistence"
                 ],
                 "techniques": [
-                  "T1090"
+                  "T1098"
                 ],
                 "entityMappings": [
                   {
@@ -4771,25 +4936,16 @@
                       }
                     ],
                     "entityType": "Account"
-                  },
-                  {
-                    "fieldMappings": [
-                      {
-                        "columnName": "NodeName",
-                        "identifier": "HostName"
-                      }
-                    ],
-                    "entityType": "Host"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   }
                 }
               }
@@ -4814,7 +4970,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -4830,7 +4986,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Exit node advertised or approved",
+        "displayName": "Tailscale: Auth key created",
         "contentProductId": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]",
         "id": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]",
         "version": "[variables('analyticRuleObject4').analyticRuleVersion4]"
@@ -4845,7 +5001,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleExitnodeadvertisedorapproved_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -4859,13 +5015,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when five or more API keys, OAuth clients, or auth keys are revoked or deleted within one hour. May be routine rotation, or a typical cleanup pattern after credential compromise.",
-                "displayName": "Tailscale: Mass credential revocation in short window",
+                "description": "Identifies when a device starts advertising itself as an exit node, or when an admin approves one. Validate the device and operator - rogue exit nodes can intercept tailnet egress.",
+                "displayName": "Tailscale: Exit node advertised or approved",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n      | where Action in (\"REVOKE\", \"DELETE\")\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\", \"AUTH_KEY\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | summarize\n          RevokedCount = count(),\n          TargetTypes = make_set(tostring(Target.type)),\n          TargetIds = make_set(tostring(Target.id)),\n          FirstEvent = min(TimeGenerated),\n          LastEvent = max(TimeGenerated)\n        by ActorLogin, bin(TimeGenerated, 1h)\n      | where RevokedCount >= 5\n      | project TimeGenerated = LastEvent, ActorLogin, RevokedCount, TargetTypes, TargetIds, FirstEvent, LastEvent\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "High",
+                "query": "Tailscale_Audit_CL\n      | where Action contains \"EXIT\" or tostring(New.advertisedExitNode) == \"true\" or tostring(New.allowedExitNode) == \"true\"\n      | extend ActorLogin = tostring(Actor.loginName)\n      | extend NodeName = tostring(Target.name)\n      | extend NodeId = tostring(Target.id)\n      | project TimeGenerated, ActorLogin, Action, NodeName, NodeId, Origin, New, Old\n",
+                "queryFrequency": "PT30M",
+                "queryPeriod": "PT30M",
+                "severity": "Low",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -4873,18 +5029,18 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "DefenseEvasion",
-                  "Impact"
+                  "CommandAndControl",
+                  "Exfiltration"
                 ],
                 "techniques": [
-                  "T1070"
+                  "T1090"
                 ],
                 "entityMappings": [
                   {
@@ -4895,16 +5051,25 @@
                       }
                     ],
                     "entityType": "Account"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "NodeName",
+                        "identifier": "HostName"
+                      }
+                    ],
+                    "entityType": "Host"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   }
                 }
               }
@@ -4929,7 +5094,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -4945,7 +5110,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Mass credential revocation in short window",
+        "displayName": "Tailscale: Exit node advertised or approved",
         "contentProductId": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]",
         "id": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]",
         "version": "[variables('analyticRuleObject5').analyticRuleVersion5]"
@@ -4960,7 +5125,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDeviceKeyExpiringSoon_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleMasscredentialrevocationinshortwindow_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
@@ -4974,13 +5139,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies tailnet devices whose machine key expires within the next 7 days and where key expiry is not disabled. Surface proactively so renewal can be scheduled rather than forced during an outage.",
-                "displayName": "Tailscale: Device key expiring within 7 days",
+                "description": "Identifies when five or more API keys, OAuth clients, or auth keys are revoked or deleted within one hour. May be routine rotation, or a typical cleanup pattern after credential compromise.",
+                "displayName": "Tailscale: Mass credential revocation in short window",
                 "enabled": false,
-                "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(6h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where KeyExpiryDisabled == false\n| where isnotnull(Expires)\n| where Expires between (now() .. now() + 7d)\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\n| project TimeGenerated, DeviceName, Hostname, User, Os, DaysToExpiry, Expires, LastSeen\n",
-                "queryFrequency": "PT6H",
-                "queryPeriod": "PT6H",
-                "severity": "Medium",
+                "query": "Tailscale_Audit_CL\n      | where Action in (\"REVOKE\", \"DELETE\")\n      | where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\", \"AUTH_KEY\")\n      | extend ActorLogin = tostring(Actor.loginName)\n      | summarize\n          RevokedCount = count(),\n          TargetTypes = make_set(tostring(Target.type)),\n          TargetIds = make_set(tostring(Target.id)),\n          FirstEvent = min(TimeGenerated),\n          LastEvent = max(TimeGenerated)\n        by ActorLogin, bin(TimeGenerated, 1h)\n      | where RevokedCount >= 5\n      | project TimeGenerated = LastEvent, ActorLogin, RevokedCount, TargetTypes, TargetIds, FirstEvent, LastEvent\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "High",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -4988,32 +5153,24 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
-                      "Tailscale_Devices_CL"
-                    ]
+                      "Tailscale_Audit_CL"
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "InitialAccess"
+                  "DefenseEvasion",
+                  "Impact"
                 ],
                 "techniques": [
-                  "T1078"
+                  "T1070"
                 ],
                 "entityMappings": [
                   {
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
-                      }
-                    ],
-                    "entityType": "Host"
-                  },
-                  {
-                    "fieldMappings": [
-                      {
-                        "columnName": "User",
+                        "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
                     ],
@@ -5023,11 +5180,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   }
                 }
               }
@@ -5052,7 +5209,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -5068,7 +5225,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Device key expiring within 7 days",
+        "displayName": "Tailscale: Mass credential revocation in short window",
         "contentProductId": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]",
         "id": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]",
         "version": "[variables('analyticRuleObject6').analyticRuleVersion6]"
@@ -5083,7 +5240,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDeviceAdvertisingSubnetRoutes_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleDeviceKeyExpiringSoon_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
@@ -5097,12 +5254,12 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a tailnet device begins advertising subnet routes (subnet-router capability) not present in the previous snapshot. Unexpected advertisement may indicate a compromised node expanding reachable surface area or an unsanctioned admin change.",
-                "displayName": "Tailscale: Device started advertising subnet routes",
+                "description": "Identifies tailnet devices whose machine key expires within the next 7 days and where key expiry is not disabled. Surface proactively so renewal can be scheduled rather than forced during an outage.",
+                "displayName": "Tailscale: Device key expiring within 7 days",
                 "enabled": false,
-                "query": "let recent =\n    Tailscale_Devices_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where array_length(AdvertisedRoutes) > 0;\nlet baseline =\n    Tailscale_Devices_CL\n    | where TimeGenerated between (ago(1d + 1h) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where array_length(AdvertisedRoutes) > 0\n    | distinct DeviceId;\nrecent\n| join kind=leftanti baseline on DeviceId\n| project TimeGenerated, DeviceId, DeviceName, Hostname, User, AdvertisedRoutes, EnabledRoutes, LastSeen\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "P1D",
+                "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(6h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where KeyExpiryDisabled == false\n| where isnotnull(Expires)\n| where Expires between (now() .. now() + 7d)\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\n| project TimeGenerated, DeviceName, Hostname, User, Os, DaysToExpiry, Expires, LastSeen\n",
+                "queryFrequency": "PT6H",
+                "queryPeriod": "PT6H",
                 "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -5111,19 +5268,17 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "LateralMovement",
-                  "Persistence"
+                  "InitialAccess"
                 ],
                 "techniques": [
-                  "T1021",
-                  "T1556"
+                  "T1078"
                 ],
                 "entityMappings": [
                   {
@@ -5148,11 +5303,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -5177,7 +5332,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -5193,7 +5348,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Device started advertising subnet routes",
+        "displayName": "Tailscale: Device key expiring within 7 days",
         "contentProductId": "[variables('analyticRuleObject7')._analyticRulecontentProductId7]",
         "id": "[variables('analyticRuleObject7')._analyticRulecontentProductId7]",
         "version": "[variables('analyticRuleObject7').analyticRuleVersion7]"
@@ -5208,7 +5363,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleUserRoleElevated_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleDeviceAdvertisingSubnetRoutes_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
@@ -5222,13 +5377,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a user's tailnet role changes from a lower-privilege role to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review.",
-                "displayName": "Tailscale: User role elevated to admin or owner",
+                "description": "Identifies when a tailnet device begins advertising subnet routes (subnet-router capability) not present in the previous snapshot. Unexpected advertisement may indicate a compromised node expanding reachable surface area or an unsanctioned admin change.",
+                "displayName": "Tailscale: Device started advertising subnet routes",
                 "enabled": false,
-                "query": "let elevated = dynamic([\"admin\", \"network-admin\", \"owner\"]);\nlet recent =\n    Tailscale_Users_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by UserId\n    | where Role in (elevated)\n    | project UserId, LoginName, RoleNow = Role;\nlet prior =\n    Tailscale_Users_CL\n    | where TimeGenerated between (ago(2d) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by UserId\n    | project UserId, RolePrior = Role;\nrecent\n| join kind=inner prior on UserId\n| where RoleNow != RolePrior\n| where RolePrior !in (elevated)\n| project TimeGenerated = now(), UserId, LoginName, RolePrior, RoleNow\n",
+                "query": "let recent =\n    Tailscale_Devices_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where array_length(AdvertisedRoutes) > 0;\nlet baseline =\n    Tailscale_Devices_CL\n    | where TimeGenerated between (ago(1d + 1h) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where array_length(AdvertisedRoutes) > 0\n    | distinct DeviceId;\nrecent\n| join kind=leftanti baseline on DeviceId\n| project TimeGenerated, DeviceId, DeviceName, Hostname, User, AdvertisedRoutes, EnabledRoutes, LastSeen\n",
                 "queryFrequency": "PT1H",
-                "queryPeriod": "P2D",
-                "severity": "High",
+                "queryPeriod": "P1D",
+                "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -5236,25 +5391,34 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
-                      "Tailscale_Users_CL"
-                    ]
+                      "Tailscale_Devices_CL"
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "PrivilegeEscalation",
+                  "LateralMovement",
                   "Persistence"
                 ],
                 "techniques": [
-                  "T1078",
-                  "T1098"
+                  "T1021",
+                  "T1556"
                 ],
                 "entityMappings": [
                   {
                     "fieldMappings": [
                       {
-                        "columnName": "LoginName",
+                        "columnName": "Hostname",
+                        "identifier": "HostName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "User",
                         "identifier": "FullName"
                       }
                     ],
@@ -5264,11 +5428,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -5293,7 +5457,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -5309,7 +5473,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: User role elevated to admin or owner",
+        "displayName": "Tailscale: Device started advertising subnet routes",
         "contentProductId": "[variables('analyticRuleObject8')._analyticRulecontentProductId8]",
         "id": "[variables('analyticRuleObject8')._analyticRulecontentProductId8]",
         "version": "[variables('analyticRuleObject8').analyticRuleVersion8]"
@@ -5324,7 +5488,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleSplitDnsModified_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleUserRoleElevated_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
@@ -5338,12 +5502,12 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when the tailnet split-DNS configuration is modified. Split-DNS overrides per-domain resolution within the tailnet - an attacker adding a new domain mapping or changing the resolver IP can hijack DNS for that domain.",
-                "displayName": "Tailscale: Split-DNS configuration modified",
+                "description": "Identifies when a user's tailnet role changes from a lower-privilege role to admin, network-admin, or owner between consecutive snapshots. Privilege escalation is a high-value attacker objective and warrants prompt review.",
+                "displayName": "Tailscale: User role elevated to admin or owner",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_SPLIT_DNS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldDomains = bag_keys(Old)\n| extend NewDomains = bag_keys(New)\n| extend AddedDomains = set_difference(NewDomains, OldDomains)\n| extend RemovedDomains = set_difference(OldDomains, NewDomains)\n| project TimeGenerated, ActorLogin, AddedDomains, RemovedDomains, Old, New, Origin\n",
-                "queryFrequency": "PT15M",
-                "queryPeriod": "PT15M",
+                "query": "let elevated = dynamic([\"admin\", \"network-admin\", \"owner\"]);\nlet recent =\n    Tailscale_Users_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by UserId\n    | where Role in (elevated)\n    | project UserId, LoginName, RoleNow = Role;\nlet prior =\n    Tailscale_Users_CL\n    | where TimeGenerated between (ago(2d) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by UserId\n    | project UserId, RolePrior = Role;\nrecent\n| join kind=inner prior on UserId\n| where RoleNow != RolePrior\n| where RolePrior !in (elevated)\n| project TimeGenerated = now(), UserId, LoginName, RolePrior, RoleNow\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P2D",
                 "severity": "High",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -5352,25 +5516,25 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
-                      "Tailscale_Audit_CL"
-                    ]
+                      "Tailscale_Users_CL"
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "DefenseEvasion",
-                  "CommandAndControl"
+                  "PrivilegeEscalation",
+                  "Persistence"
                 ],
                 "techniques": [
-                  "T1556",
-                  "T1568"
+                  "T1078",
+                  "T1098"
                 ],
                 "entityMappings": [
                   {
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
+                        "columnName": "LoginName",
                         "identifier": "FullName"
                       }
                     ],
@@ -5380,11 +5544,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -5409,7 +5573,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -5425,7 +5589,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Split-DNS configuration modified",
+        "displayName": "Tailscale: User role elevated to admin or owner",
         "contentProductId": "[variables('analyticRuleObject9')._analyticRulecontentProductId9]",
         "id": "[variables('analyticRuleObject9')._analyticRulecontentProductId9]",
         "version": "[variables('analyticRuleObject9').analyticRuleVersion9]"
@@ -5440,7 +5604,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDnsNameserversModified_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleSplitDnsModified_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
@@ -5454,10 +5618,10 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when the tailnet's global DNS nameserver list is modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device using MagicDNS resolution.",
-                "displayName": "Tailscale: DNS nameservers modified",
+                "description": "Identifies when the tailnet split-DNS configuration is modified. Split-DNS overrides per-domain resolution within the tailnet - an attacker adding a new domain mapping or changing the resolver IP can hijack DNS for that domain.",
+                "displayName": "Tailscale: Split-DNS configuration modified",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_NAMESERVERS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldServers = Old.dns\n| extend NewServers = New.dns\n| extend Added = set_difference(NewServers, OldServers)\n| extend Removed = set_difference(OldServers, NewServers)\n| project TimeGenerated, ActorLogin, OldServers, NewServers, Added, Removed, Origin\n",
+                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_SPLIT_DNS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldDomains = bag_keys(Old)\n| extend NewDomains = bag_keys(New)\n| extend AddedDomains = set_difference(NewDomains, OldDomains)\n| extend RemovedDomains = set_difference(OldDomains, NewDomains)\n| project TimeGenerated, ActorLogin, AddedDomains, RemovedDomains, Old, New, Origin\n",
                 "queryFrequency": "PT15M",
                 "queryPeriod": "PT15M",
                 "severity": "High",
@@ -5468,10 +5632,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5496,11 +5660,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -5525,7 +5689,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -5541,7 +5705,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: DNS nameservers modified",
+        "displayName": "Tailscale: Split-DNS configuration modified",
         "contentProductId": "[variables('analyticRuleObject10')._analyticRulecontentProductId10]",
         "id": "[variables('analyticRuleObject10')._analyticRulecontentProductId10]",
         "version": "[variables('analyticRuleObject10').analyticRuleVersion10]"
@@ -5556,7 +5720,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleMagicDnsDisabled_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleDnsNameserversModified_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]",
@@ -5570,13 +5734,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when MagicDNS is turned off on the tailnet. Disabling MagicDNS changes DNS behaviour for every device and is occasionally a precursor to wider DNS hijacking - verify the change was intentional.",
-                "displayName": "Tailscale: MagicDNS disabled",
+                "description": "Identifies when the tailnet's global DNS nameserver list is modified. Adding an attacker-controlled resolver as a tailnet-wide nameserver enables broad DNS hijacking for every device using MagicDNS resolution.",
+                "displayName": "Tailscale: DNS nameservers modified",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"MAGICDNS_PREFERENCES\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldMagicDns = tobool(Old.magicDNS)\n| extend NewMagicDns = tobool(New.magicDNS)\n| where OldMagicDns == true and NewMagicDns == false\n| project TimeGenerated, ActorLogin, OldMagicDns, NewMagicDns, Origin\n",
+                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_NAMESERVERS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldServers = Old.dns\n| extend NewServers = New.dns\n| extend Added = set_difference(NewServers, OldServers)\n| extend Removed = set_difference(OldServers, NewServers)\n| project TimeGenerated, ActorLogin, OldServers, NewServers, Added, Removed, Origin\n",
                 "queryFrequency": "PT15M",
                 "queryPeriod": "PT15M",
-                "severity": "Medium",
+                "severity": "High",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -5584,17 +5748,19 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "DefenseEvasion"
+                  "DefenseEvasion",
+                  "CommandAndControl"
                 ],
                 "techniques": [
-                  "T1556"
+                  "T1556",
+                  "T1568"
                 ],
                 "entityMappings": [
                   {
@@ -5610,11 +5776,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -5639,7 +5805,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -5655,7 +5821,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject11')._analyticRulecontentId11]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: MagicDNS disabled",
+        "displayName": "Tailscale: DNS nameservers modified",
         "contentProductId": "[variables('analyticRuleObject11')._analyticRulecontentProductId11]",
         "id": "[variables('analyticRuleObject11')._analyticRulecontentProductId11]",
         "version": "[variables('analyticRuleObject11').analyticRuleVersion11]"
@@ -5670,7 +5836,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleTailnetLockValidationFailed_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleMagicDnsDisabled_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject12').analyticRuleVersion12]",
@@ -5684,13 +5850,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires new node-keys be co-signed by trusted signers; errors here are the only direct signal of a node-key injection attempt.",
-                "displayName": "Tailscale: Tailnet lock validation failed",
+                "description": "Identifies when MagicDNS is turned off on the tailnet. Disabling MagicDNS changes DNS behaviour for every device and is occasionally a precursor to wider DNS hijacking - verify the change was intentional.",
+                "displayName": "Tailscale: MagicDNS disabled",
                 "enabled": false,
-                "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(1h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where isnotempty(TailnetLockError)\n| project TimeGenerated, DeviceName, Hostname, User, Os, ClientVersion, TailnetLockError, TailnetLockKey, LastSeen, Authorized\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "High",
+                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"MAGICDNS_PREFERENCES\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldMagicDns = tobool(Old.magicDNS)\n| extend NewMagicDns = tobool(New.magicDNS)\n| where OldMagicDns == true and NewMagicDns == false\n| project TimeGenerated, ActorLogin, OldMagicDns, NewMagicDns, Origin\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -5698,34 +5864,23 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
-                      "Tailscale_Devices_CL"
-                    ]
+                      "Tailscale_Audit_CL"
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "DefenseEvasion",
-                  "InitialAccess"
+                  "DefenseEvasion"
                 ],
                 "techniques": [
-                  "T1556",
-                  "T1078"
+                  "T1556"
                 ],
                 "entityMappings": [
                   {
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
-                      }
-                    ],
-                    "entityType": "Host"
-                  },
-                  {
-                    "fieldMappings": [
-                      {
-                        "columnName": "User",
+                        "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
                     ],
@@ -5735,11 +5890,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -5764,7 +5919,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -5780,7 +5935,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject12')._analyticRulecontentId12]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Tailnet lock validation failed",
+        "displayName": "Tailscale: MagicDNS disabled",
         "contentProductId": "[variables('analyticRuleObject12')._analyticRulecontentProductId12]",
         "id": "[variables('analyticRuleObject12')._analyticRulecontentProductId12]",
         "version": "[variables('analyticRuleObject12').analyticRuleVersion12]"
@@ -5795,7 +5950,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDeviceSshNewlyEnabled_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleTailnetLockValidationFailed_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject13').analyticRuleVersion13]",
@@ -5809,13 +5964,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when Tailscale SSH is enabled on a device that previously did not have it. SSH provides authenticated shell access over the tailnet using Tailscale identity, broadening attack surface if unexpected. Verify and confirm the SSH ACL covers it.",
-                "displayName": "Tailscale: Device Tailscale SSH newly enabled",
+                "description": "Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires new node-keys be co-signed by trusted signers; errors here are the only direct signal of a node-key injection attempt.",
+                "displayName": "Tailscale: Tailnet lock validation failed",
                 "enabled": false,
-                "query": "let recent =\n    Tailscale_Devices_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where SshEnabled == true\n    | project DeviceId, DeviceName, Hostname, User, Os, ClientVersion, LastSeen;\nlet prior =\n    Tailscale_Devices_CL\n    | where TimeGenerated between (ago(2d) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where SshEnabled == true\n    | distinct DeviceId;\nrecent\n| join kind=leftanti prior on DeviceId\n| project TimeGenerated = now(), DeviceName, Hostname, User, Os, ClientVersion, LastSeen\n",
+                "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(1h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where isnotempty(TailnetLockError)\n| project TimeGenerated, DeviceName, Hostname, User, Os, ClientVersion, TailnetLockError, TailnetLockKey, LastSeen, Authorized\n",
                 "queryFrequency": "PT1H",
-                "queryPeriod": "P2D",
-                "severity": "Medium",
+                "queryPeriod": "PT1H",
+                "severity": "High",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -5823,19 +5978,19 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "Persistence",
-                  "LateralMovement"
+                  "DefenseEvasion",
+                  "InitialAccess"
                 ],
                 "techniques": [
-                  "T1021",
-                  "T1098"
+                  "T1556",
+                  "T1078"
                 ],
                 "entityMappings": [
                   {
@@ -5860,11 +6015,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -5889,7 +6044,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -5905,7 +6060,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject13')._analyticRulecontentId13]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Device Tailscale SSH newly enabled",
+        "displayName": "Tailscale: Tailnet lock validation failed",
         "contentProductId": "[variables('analyticRuleObject13')._analyticRulecontentProductId13]",
         "id": "[variables('analyticRuleObject13')._analyticRulecontentProductId13]",
         "version": "[variables('analyticRuleObject13').analyticRuleVersion13]"
@@ -5920,7 +6075,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleUnauthorizedDeviceConnected_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleDeviceSshNewlyEnabled_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject14').analyticRuleVersion14]",
@@ -5934,13 +6089,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). With device approval enabled, persistent entries warrant review; without approval, persistence may indicate a node-key injection attempt.",
-                "displayName": "Tailscale: Unauthorized device connected to control plane",
+                "description": "Identifies when Tailscale SSH is enabled on a device that previously did not have it. SSH provides authenticated shell access over the tailnet using Tailscale identity, broadening attack surface if unexpected. Verify and confirm the SSH ACL covers it.",
+                "displayName": "Tailscale: Device Tailscale SSH newly enabled",
                 "enabled": false,
-                "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(1h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where Authorized == false and ConnectedToControl == true\n| project TimeGenerated, DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, MachineKey, NodeKey\n",
+                "query": "let recent =\n    Tailscale_Devices_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where SshEnabled == true\n    | project DeviceId, DeviceName, Hostname, User, Os, ClientVersion, LastSeen;\nlet prior =\n    Tailscale_Devices_CL\n    | where TimeGenerated between (ago(2d) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where SshEnabled == true\n    | distinct DeviceId;\nrecent\n| join kind=leftanti prior on DeviceId\n| project TimeGenerated = now(), DeviceName, Hostname, User, Os, ClientVersion, LastSeen\n",
                 "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "High",
+                "queryPeriod": "P2D",
+                "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -5948,18 +6103,18 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "InitialAccess",
-                  "Persistence"
+                  "Persistence",
+                  "LateralMovement"
                 ],
                 "techniques": [
-                  "T1078",
+                  "T1021",
                   "T1098"
                 ],
                 "entityMappings": [
@@ -5985,11 +6140,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -6014,7 +6169,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -6030,7 +6185,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: Unauthorized device connected to control plane",
+        "displayName": "Tailscale: Device Tailscale SSH newly enabled",
         "contentProductId": "[variables('analyticRuleObject14')._analyticRulecontentProductId14]",
         "id": "[variables('analyticRuleObject14')._analyticRulecontentProductId14]",
         "version": "[variables('analyticRuleObject14').analyticRuleVersion14]"
@@ -6045,7 +6200,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExternalDeviceAdded_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleUnauthorizedDeviceConnected_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject15').analyticRuleVersion15]",
@@ -6059,13 +6214,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies new external (shared-in) devices joining the tailnet that were not present in the prior 24-hour baseline. Each shared-in device expands the trust boundary - confirm the share matches a documented agreement and ACL scope.",
-                "displayName": "Tailscale: External (shared-in) device added",
+                "description": "Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). With device approval enabled, persistent entries warrant review; without approval, persistence may indicate a node-key injection attempt.",
+                "displayName": "Tailscale: Unauthorized device connected to control plane",
                 "enabled": false,
-                "query": "let recent =\n    Tailscale_Devices_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where IsExternal == true\n    | project DeviceId, DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags;\nlet prior =\n    Tailscale_Devices_CL\n    | where TimeGenerated between (ago(2d) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where IsExternal == true\n    | distinct DeviceId;\nrecent\n| join kind=leftanti prior on DeviceId\n| project TimeGenerated = now(), DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags\n",
+                "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(1h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where Authorized == false and ConnectedToControl == true\n| project TimeGenerated, DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, MachineKey, NodeKey\n",
                 "queryFrequency": "PT1H",
-                "queryPeriod": "P2D",
-                "severity": "Medium",
+                "queryPeriod": "PT1H",
+                "severity": "High",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -6073,17 +6228,19 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "InitialAccess"
+                  "InitialAccess",
+                  "Persistence"
                 ],
                 "techniques": [
-                  "T1078"
+                  "T1078",
+                  "T1098"
                 ],
                 "entityMappings": [
                   {
@@ -6108,11 +6265,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -6137,7 +6294,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -6153,7 +6310,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale: External (shared-in) device added",
+        "displayName": "Tailscale: Unauthorized device connected to control plane",
         "contentProductId": "[variables('analyticRuleObject15')._analyticRulecontentProductId15]",
         "id": "[variables('analyticRuleObject15')._analyticRulecontentProductId15]",
         "version": "[variables('analyticRuleObject15').analyticRuleVersion15]"
@@ -6168,7 +6325,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumUnexpectedExitNodeEgress_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscaleExternalDeviceAdded_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject16').analyticRuleVersion16]",
@@ -6182,12 +6339,12 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a specific source may indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise.",
-                "displayName": "Tailscale Premium: Unexpected exit-node egress",
+                "description": "Identifies new external (shared-in) devices joining the tailnet that were not present in the prior 24-hour baseline. Each shared-in device expands the trust boundary - confirm the share matches a documented agreement and ACL scope.",
+                "displayName": "Tailscale: External (shared-in) device added",
                 "enabled": false,
-                "query": "let baseline = 7d;\nlet recent = 1h;\nlet recentEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst), SrcNodeName = tostring(SrcNode.name), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize FirstSeen = min(TimeGenerated), TotalBytes = sum(Bytes) by NodeId, SrcNodeName, Src, ExitDst;\nlet baselineEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | where array_length(ExitTraffic) > 0\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst)\n    | distinct NodeId, Src, ExitDst;\nrecentEgress\n| join kind=leftanti baselineEgress on NodeId, Src, ExitDst\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n",
+                "query": "let recent =\n    Tailscale_Devices_CL\n    | where TimeGenerated > ago(1h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where IsExternal == true\n    | project DeviceId, DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags;\nlet prior =\n    Tailscale_Devices_CL\n    | where TimeGenerated between (ago(2d) .. ago(1h))\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where IsExternal == true\n    | distinct DeviceId;\nrecent\n| join kind=leftanti prior on DeviceId\n| project TimeGenerated = now(), DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags\n",
                 "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
+                "queryPeriod": "P2D",
                 "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -6196,25 +6353,23 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
-                      "Tailscale_Network_CL"
-                    ]
+                      "Tailscale_Devices_CL"
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
-                  "CommandAndControl",
-                  "Exfiltration"
+                  "InitialAccess"
                 ],
                 "techniques": [
-                  "T1090",
-                  "T1041"
+                  "T1078"
                 ],
                 "entityMappings": [
                   {
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
+                        "columnName": "Hostname",
                         "identifier": "HostName"
                       }
                     ],
@@ -6223,21 +6378,21 @@
                   {
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "columnName": "User",
+                        "identifier": "FullName"
                       }
                     ],
-                    "entityType": "IP"
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -6262,7 +6417,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -6278,7 +6433,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject16')._analyticRulecontentId16]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Unexpected exit-node egress",
+        "displayName": "Tailscale: External (shared-in) device added",
         "contentProductId": "[variables('analyticRuleObject16')._analyticRulecontentProductId16]",
         "id": "[variables('analyticRuleObject16')._analyticRulecontentProductId16]",
         "version": "[variables('analyticRuleObject16').analyticRuleVersion16]"
@@ -6293,7 +6448,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumLargeOutboundTransfer_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscalePremiumUnexpectedExitNodeEgress_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject17').analyticRuleVersion17]",
@@ -6307,10 +6462,10 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a single src-dst pair transfers more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Requires Tailscale Premium or Enterprise.",
-                "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
+                "description": "Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a specific source may indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise.",
+                "displayName": "Tailscale Premium: Unexpected exit-node egress",
                 "enabled": false,
-                "query": "let bytesThreshold = 100 * 1024 * 1024;\nTailscale_Network_CL\n| where TimeGenerated > ago(1h)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), SrcNodeName = take_any(tostring(SrcNode.name)) by NodeId, Src, Dst, Proto\n| where TotalBytes > bytesThreshold\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| order by TotalBytes desc\n",
+                "query": "let baseline = 7d;\nlet recent = 1h;\nlet recentEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where HasExitTraffic\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize FirstSeen = min(TimeGenerated), TotalBytes = sum(Bytes) by NodeId, SrcNodeName, SrcUser, SrcOs, Src, ExitDst;\nlet baselineEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | where HasExitTraffic\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst)\n    | distinct NodeId, Src, ExitDst;\nrecentEgress\n| join kind=leftanti baselineEgress on NodeId, Src, ExitDst\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n",
                 "queryFrequency": "PT1H",
                 "queryPeriod": "PT1H",
                 "severity": "Medium",
@@ -6321,19 +6476,19 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
-                  "Exfiltration",
-                  "Collection"
+                  "CommandAndControl",
+                  "Exfiltration"
                 ],
                 "techniques": [
-                  "T1041",
-                  "T1020"
+                  "T1090",
+                  "T1041"
                 ],
                 "entityMappings": [
                   {
@@ -6345,6 +6500,15 @@
                     ],
                     "entityType": "Host"
                   },
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "SrcUser",
+                        "identifier": "FullName"
+                      }
+                    ],
+                    "entityType": "Account"
+                  },
                   {
                     "fieldMappings": [
                       {
@@ -6358,11 +6522,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   }
                 }
               }
@@ -6387,7 +6551,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -6403,7 +6567,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject17')._analyticRulecontentId17]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
+        "displayName": "Tailscale Premium: Unexpected exit-node egress",
         "contentProductId": "[variables('analyticRuleObject17')._analyticRulecontentProductId17]",
         "id": "[variables('analyticRuleObject17')._analyticRulecontentProductId17]",
         "version": "[variables('analyticRuleObject17').analyticRuleVersion17]"
@@ -6418,7 +6582,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscalePremiumLargeOutboundTransfer_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject18').analyticRuleVersion18]",
@@ -6432,12 +6596,12 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when flows between a src-dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). Signature of C2 beaconing or scheduled exfiltration. Requires Tailscale Premium or Enterprise.",
-                "displayName": "Tailscale Premium: Network flow beaconing detected",
+                "description": "Identifies when a single src-dst pair transfers more than 100 MB over the tailnet within a 1-hour window. Large bursts can indicate data staging, exfiltration, or a misconfigured backup. Requires Tailscale Premium or Enterprise.",
+                "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
                 "enabled": false,
-                "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n",
+                "query": "let bytesThreshold = 100 * 1024 * 1024;\nTailscale_Network_CL\n| where TimeGenerated > ago(1h)\n| where HasVirtualTraffic\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), Bytes = tolong(t.txBytes) + tolong(t.rxBytes), Pkts = tolong(t.txPkts) + tolong(t.rxPkts)\n| summarize TotalBytes = sum(Bytes), TotalPackets = sum(Pkts) by NodeId, SrcNodeName, SrcUser, DstNodeName, DstUser, Src, Dst, Proto\n| where TotalBytes > bytesThreshold\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| order by TotalBytes desc\n",
                 "queryFrequency": "PT1H",
-                "queryPeriod": "P2D",
+                "queryPeriod": "PT1H",
                 "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
@@ -6446,22 +6610,48 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
-                  "CommandAndControl",
-                  "Exfiltration"
+                  "Exfiltration",
+                  "Collection"
                 ],
                 "techniques": [
-                  "T1071",
-                  "T1095",
-                  "T1029"
+                  "T1041",
+                  "T1020"
                 ],
                 "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "DstNodeName",
+                        "identifier": "HostName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "SrcUser",
+                        "identifier": "FullName"
+                      }
+                    ],
+                    "entityType": "Account"
+                  },
                   {
                     "fieldMappings": [
                       {
@@ -6475,11 +6665,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   }
                 }
               }
@@ -6504,7 +6694,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -6520,7 +6710,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject18')._analyticRulecontentId18]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Network flow beaconing detected",
+        "displayName": "Tailscale Premium: Large outbound transfer over tailnet",
         "contentProductId": "[variables('analyticRuleObject18')._analyticRulecontentProductId18]",
         "id": "[variables('analyticRuleObject18')._analyticRulecontentProductId18]",
         "version": "[variables('analyticRuleObject18').analyticRuleVersion18]"
@@ -6535,7 +6725,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscalePremiumBeaconingDetected_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject19').analyticRuleVersion19]",
@@ -6549,13 +6739,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a single node initiates flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation. Requires Tailscale Premium or Enterprise.",
-                "displayName": "Tailscale Premium: Mass fan-out from single node",
+                "description": "Identifies when flows between a src-dst pair recur at a regular interval (80%+ of inter-flow gaps cluster on the same delta over 10+ flows). Signature of C2 beaconing or scheduled exfiltration. Requires Tailscale Premium or Enterprise.",
+                "displayName": "Tailscale Premium: Network flow beaconing detected",
                 "enabled": false,
-                "query": "let dstThreshold = 25;\nTailscale_Network_CL\n| where TimeGenerated > ago(15m)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst)\n| summarize UniqueDestinations = dcount(Dst), SrcNodeName = take_any(tostring(SrcNode.name)), TopDestinations = make_set(Dst, 25) by NodeId, Src\n| where UniqueDestinations >= dstThreshold\n| order by UniqueDestinations desc\n",
-                "queryFrequency": "PT15M",
-                "queryPeriod": "PT15M",
-                "severity": "High",
+                "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| where HasVirtualTraffic\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto, SrcNodeName, SrcUser, DstNodeName, DstUser\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec, SrcNodeName, SrcUser, DstNodeName, DstUser\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto, SrcNodeName, SrcUser, DstNodeName, DstUser\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P2D",
+                "severity": "Medium",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -6563,20 +6753,20 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
-                  "Discovery",
-                  "LateralMovement"
+                  "CommandAndControl",
+                  "Exfiltration"
                 ],
                 "techniques": [
-                  "T1018",
-                  "T1021",
-                  "T1046"
+                  "T1071",
+                  "T1095",
+                  "T1029"
                 ],
                 "entityMappings": [
                   {
@@ -6588,6 +6778,24 @@
                     ],
                     "entityType": "Host"
                   },
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "DstNodeName",
+                        "identifier": "HostName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "SrcUser",
+                        "identifier": "FullName"
+                      }
+                    ],
+                    "entityType": "Account"
+                  },
                   {
                     "fieldMappings": [
                       {
@@ -6601,11 +6809,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "5h",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -6630,7 +6838,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -6646,7 +6854,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject19')._analyticRulecontentId19]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Mass fan-out from single node",
+        "displayName": "Tailscale Premium: Network flow beaconing detected",
         "contentProductId": "[variables('analyticRuleObject19')._analyticRulecontentProductId19]",
         "id": "[variables('analyticRuleObject19')._analyticRulecontentProductId19]",
         "version": "[variables('analyticRuleObject19').analyticRuleVersion19]"
@@ -6661,7 +6869,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscalePremiumMassFanOut_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject20').analyticRuleVersion20]",
@@ -6675,13 +6883,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handles 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate exfiltration or scanning. Requires Tailscale Premium or Enterprise.",
-                "displayName": "Tailscale Premium: Subnet router throughput anomaly",
+                "description": "Identifies when a single node initiates flows to 25 or more unique destinations within a 15-minute window. Sudden fan-out is consistent with port scanning, lateral discovery, or worm-style propagation. Requires Tailscale Premium or Enterprise.",
+                "displayName": "Tailscale Premium: Mass fan-out from single node",
                 "enabled": false,
-                "query": "let baselineDays = 7d;\nlet recent = 1h;\nlet multiplier = 3.0;\nlet recentTraffic =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes), SrcNodeName = tostring(SrcNode.name)\n    | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName;\nlet baseline =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baselineDays + recent) .. ago(recent))\n    | where array_length(SubnetTraffic) > 0\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize TotalBaselineBytes = sum(Bytes) by NodeId\n    | extend BaselineHourlyBytes = TotalBaselineBytes / 168.0;\nrecentTraffic\n| join kind=inner baseline on NodeId\n| where RecentBytes > BaselineHourlyBytes * multiplier\n| extend Multiplier = round(RecentBytes / BaselineHourlyBytes, 1), RecentMB = round(RecentBytes / 1024.0 / 1024.0, 2), BaselineHourlyMB = round(BaselineHourlyBytes / 1024.0 / 1024.0, 2)\n| project NodeId, SrcNodeName, RecentMB, BaselineHourlyMB, Multiplier\n| order by Multiplier desc\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "P8D",
-                "severity": "Low",
+                "query": "let dstThreshold = 25;\nTailscale_Network_CL\n| where TimeGenerated > ago(15m)\n| where HasVirtualTraffic\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst)\n| summarize UniqueDestinations = dcount(Dst), TopDestinations = make_set(Dst, 25) by NodeId, SrcNodeName, SrcUser, SrcOs, SrcTags=tostring(SrcTags), Src\n| where UniqueDestinations >= dstThreshold\n| order by UniqueDestinations desc\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "High",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -6689,19 +6897,20 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
-                  "Exfiltration",
-                  "CommandAndControl"
+                  "Discovery",
+                  "LateralMovement"
                 ],
                 "techniques": [
-                  "T1572",
-                  "T1041"
+                  "T1018",
+                  "T1021",
+                  "T1046"
                 ],
                 "entityMappings": [
                   {
@@ -6712,16 +6921,34 @@
                       }
                     ],
                     "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "SrcUser",
+                        "identifier": "FullName"
+                      }
+                    ],
+                    "entityType": "Account"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "Src",
+                        "identifier": "Address"
+                      }
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "5h",
+                    "enabled": true
                   }
                 }
               }
@@ -6746,7 +6973,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -6762,7 +6989,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject20')._analyticRulecontentId20]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Subnet router throughput anomaly",
+        "displayName": "Tailscale Premium: Mass fan-out from single node",
         "contentProductId": "[variables('analyticRuleObject20')._analyticRulecontentProductId20]",
         "id": "[variables('analyticRuleObject20')._analyticRulecontentProductId20]",
         "version": "[variables('analyticRuleObject20').analyticRuleVersion20]"
@@ -6777,7 +7004,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumPostureIntegrationDisabled_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscalePremiumSubnetRouterThroughputAnomaly_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject21').analyticRuleVersion21]",
@@ -6791,13 +7018,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise.",
-                "displayName": "Tailscale Premium: Posture integration disabled or removed",
+                "description": "Identifies when a subnet router (gateway node bridging the tailnet to an on-prem or cloud subnet) handles 3x or more its 7-day baseline traffic in the last hour. Spikes can indicate exfiltration or scanning. Requires Tailscale Premium or Enterprise.",
+                "displayName": "Tailscale Premium: Subnet router throughput anomaly",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n| where Action in (\"DELETE\", \"UPDATE\")\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Action, Provider, Target, Old, New, Origin\n",
-                "queryFrequency": "PT15M",
-                "queryPeriod": "PT15M",
-                "severity": "High",
+                "query": "let baselineDays = 7d;\nlet recent = 1h;\nlet multiplier = 3.0;\nlet recentTraffic =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where HasSubnetTraffic\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize RecentBytes = sum(Bytes) by NodeId, SrcNodeName, SrcUser, SrcOs, SrcTags=tostring(SrcTags);\nlet baseline =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baselineDays + recent) .. ago(recent))\n    | where HasSubnetTraffic\n    | mv-expand t = SubnetTraffic\n    | extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize TotalBaselineBytes = sum(Bytes) by NodeId\n    | extend BaselineHourlyBytes = TotalBaselineBytes / 168.0;\nrecentTraffic\n| join kind=inner baseline on NodeId\n| where RecentBytes > BaselineHourlyBytes * multiplier\n| extend Multiplier = round(RecentBytes / BaselineHourlyBytes, 1), RecentMB = round(RecentBytes / 1024.0 / 1024.0, 2), BaselineHourlyMB = round(BaselineHourlyBytes / 1024.0 / 1024.0, 2)\n| project NodeId, SrcNodeName, SrcUser, SrcOs, SrcTags, RecentMB, BaselineHourlyMB, Multiplier\n| order by Multiplier desc\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P8D",
+                "severity": "Low",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -6805,25 +7032,34 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
-                      "Tailscale_Audit_CL"
-                    ]
+                      "Tailscale_Network_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
-                  "DefenseEvasion",
-                  "Persistence"
+                  "Exfiltration",
+                  "CommandAndControl"
                 ],
                 "techniques": [
-                  "T1562",
-                  "T1556"
+                  "T1572",
+                  "T1041"
                 ],
                 "entityMappings": [
                   {
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
                     ],
@@ -6833,11 +7069,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -6862,7 +7098,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -6878,7 +7114,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject21')._analyticRulecontentId21]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: Posture integration disabled or removed",
+        "displayName": "Tailscale Premium: Subnet router throughput anomaly",
         "contentProductId": "[variables('analyticRuleObject21')._analyticRulecontentProductId21]",
         "id": "[variables('analyticRuleObject21')._analyticRulecontentProductId21]",
         "version": "[variables('analyticRuleObject21').analyticRuleVersion21]"
@@ -6893,7 +7129,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumNewPostureIntegration_AnalyticalRules Analytics Rule with template version 3.0.5",
+        "description": "TailscalePremiumPostureIntegrationDisabled_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject22').analyticRuleVersion22]",
@@ -6907,13 +7143,13 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a new device-posture integration is added to the tailnet (Jamf, Kandji, Intune, Kolide, Defender for Endpoint, CrowdStrike, SentinelOne, etc.). Unexpected additions may indicate an attacker establishing a control plane or bypassing compliance gates. Requires Tailscale Premium or Enterprise.",
-                "displayName": "Tailscale Premium: New posture integration added",
+                "description": "Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise.",
+                "displayName": "Tailscale Premium: Posture integration disabled or removed",
                 "enabled": false,
-                "query": "Tailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Provider, Target, New, Origin\n",
+                "query": "Tailscale_Audit_CL\n| where Action in (\"DELETE\", \"UPDATE\")\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Action, Provider, Target, Old, New, Origin\n",
                 "queryFrequency": "PT15M",
                 "queryPeriod": "PT15M",
-                "severity": "Medium",
+                "severity": "High",
                 "suppressionDuration": "PT1H",
                 "suppressionEnabled": false,
                 "triggerOperator": "GreaterThan",
@@ -6921,17 +7157,19 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
+                  "DefenseEvasion",
                   "Persistence"
                 ],
                 "techniques": [
-                  "T1098"
+                  "T1562",
+                  "T1556"
                 ],
                 "entityMappings": [
                   {
@@ -6947,11 +7185,11 @@
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "lookbackDuration": "1d",
-                    "matchingMethod": "AllEntities",
+                    "groupByEntities": [],
                     "reopenClosedIncident": false,
-                    "groupByEntities": []
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
                   }
                 }
               }
@@ -6976,7 +7214,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -6992,7 +7230,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('analyticRuleObject22')._analyticRulecontentId22]",
         "contentKind": "AnalyticsRule",
-        "displayName": "Tailscale Premium: New posture integration added",
+        "displayName": "Tailscale Premium: Posture integration disabled or removed",
         "contentProductId": "[variables('analyticRuleObject22')._analyticRulecontentProductId22]",
         "id": "[variables('analyticRuleObject22')._analyticRulecontentProductId22]",
         "version": "[variables('analyticRuleObject22').analyticRuleVersion22]"
@@ -7001,42 +7239,704 @@
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject1').huntingQueryTemplateSpecName1]",
+      "name": "[variables('analyticRuleObject23').analyticRuleTemplateSpecName23]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscalePremiumNewPostureIntegration_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
+          "contentVersion": "[variables('analyticRuleObject23').analyticRuleVersion23]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject23')._analyticRulecontentId23]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Identifies when a new device-posture integration is added to the tailnet (Jamf, Kandji, Intune, Kolide, Defender for Endpoint, CrowdStrike, SentinelOne, etc.). Unexpected additions may indicate an attacker establishing a control plane or bypassing compliance gates. Requires Tailscale Premium or Enterprise.",
+                "displayName": "Tailscale Premium: New posture integration added",
+                "enabled": false,
+                "query": "Tailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Provider, Target, New, Origin\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Audit_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
+                  }
+                ],
+                "tactics": [
+                  "Persistence"
+                ],
+                "techniques": [
+                  "T1098"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "ActorLogin",
+                        "identifier": "FullName"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "1d",
+                    "enabled": true
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject23').analyticRuleId23,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 23",
+                "parentId": "[variables('analyticRuleObject23').analyticRuleId23]",
+                "contentId": "[variables('analyticRuleObject23')._analyticRulecontentId23]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject23').analyticRuleVersion23]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Tailscale (CCF)",
+                  "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject23')._analyticRulecontentId23]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: New posture integration added",
+        "contentProductId": "[variables('analyticRuleObject23')._analyticRulecontentProductId23]",
+        "id": "[variables('analyticRuleObject23')._analyticRulecontentProductId23]",
+        "version": "[variables('analyticRuleObject23').analyticRuleVersion23]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleObject24').analyticRuleTemplateSpecName24]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscalePremiumDerpRelaySurge_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleObject24').analyticRuleVersion24]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRuleObject24')._analyticRulecontentId24]",
+              "apiVersion": "2023-02-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Identifies when a source node has more than 75 percent of its recent flows falling back to a DERP relay (Tailscale's IsRelayed flag, traffic via 127.3.3.40). Sustained high relay rate indicates direct WireGuard peer-to-peer is failing - causes include NAT/firewall changes, a network blocking UDP 41641, or potential evasion attempts. Operational signal but useful for spotting policy drift. Requires Tailscale Premium or Enterprise.",
+                "displayName": "Tailscale Premium: DERP relay traffic surge",
+                "enabled": false,
+                "query": "let minFlows = 20;\nlet relayedPctThreshold = 75.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(15m)\n| summarize\n    TotalFlows = count(),\n    RelayedFlows = countif(IsRelayed)\n    by SrcNodeName, SrcUser, SrcOs, SrcTags=tostring(SrcTags)\n| where TotalFlows >= minFlows\n| extend RelayedPct = round(100.0 * RelayedFlows / TotalFlows, 1)\n| where RelayedPct > relayedPctThreshold\n| project SrcNodeName, SrcUser, SrcOs, SrcTags, TotalFlows, RelayedFlows, RelayedPct\n| order by RelayedPct desc\n",
+                "queryFrequency": "PT15M",
+                "queryPeriod": "PT15M",
+                "severity": "Low",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Tailscale_Network_CL"
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
+                  }
+                ],
+                "tactics": [
+                  "CommandAndControl"
+                ],
+                "techniques": [
+                  "T1572"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "SrcNodeName",
+                        "identifier": "HostName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "columnName": "SrcUser",
+                        "identifier": "FullName"
+                      }
+                    ],
+                    "entityType": "Account"
+                  }
+                ],
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "groupByEntities": [],
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "lookbackDuration": "PT6H",
+                    "enabled": true
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject24').analyticRuleId24,'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Analytics Rule 24",
+                "parentId": "[variables('analyticRuleObject24').analyticRuleId24]",
+                "contentId": "[variables('analyticRuleObject24')._analyticRulecontentId24]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleObject24').analyticRuleVersion24]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Tailscale (CCF)",
+                  "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('analyticRuleObject24')._analyticRulecontentId24]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Tailscale Premium: DERP relay traffic surge",
+        "contentProductId": "[variables('analyticRuleObject24')._analyticRulecontentProductId24]",
+        "id": "[variables('analyticRuleObject24')._analyticRulecontentProductId24]",
+        "version": "[variables('analyticRuleObject24').analyticRuleVersion24]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject1').huntingQueryTemplateSpecName1]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleFirstSeenActor_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_1",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: First-seen actor making configuration changes",
+                "category": "Hunting Queries",
+                "query": "let lookback = 14d;\nlet baselineWindow = 14d;\nTailscale_Audit_CL\n| where TimeGenerated > ago(lookback)\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize FirstSeen = min(TimeGenerated), Actions = make_set(Action), Targets = make_set(tostring(Target.type)), TotalEvents = count() by ActorLogin\n| join kind=leftanti (\n    Tailscale_Audit_CL\n    | where TimeGenerated between (ago(lookback + baselineWindow) .. ago(lookback))\n    | extend ActorLogin = tostring(Actor.loginName)\n    | distinct ActorLogin\n) on ActorLogin\n| order by FirstSeen asc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess,Persistence"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 1",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1)]",
+                "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject1').huntingQueryVersion1]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Tailscale (CCF)",
+                  "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: First-seen actor making configuration changes",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject2').huntingQueryTemplateSpecName2]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_2",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: ACL policy churn",
+                "category": "Hunting Queries",
+                "query": "let bucket = 30m;\nlet churnThreshold = 3;\nTailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize EditCount = count(), Editors = make_set(ActorLogin), FirstEdit = min(TimeGenerated), LastEdit = max(TimeGenerated)\n    by bin(TimeGenerated, bucket)\n| where EditCount >= churnThreshold\n| order by EditCount desc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "DefenseEvasion,PrivilegeEscalation"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1098,T1556"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 2",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2)]",
+                "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject2').huntingQueryVersion2]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Tailscale (CCF)",
+                  "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: ACL policy churn",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject3').huntingQueryTemplateSpecName3]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_3",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Off-hours configuration changes",
+                "category": "Hunting Queries",
+                "query": "let businessStartUtc = 8;\nlet businessEndUtc = 18;\nTailscale_Audit_CL\n| extend HourOfDay = datetime_part(\"hour\", TimeGenerated), DayOfWeek = dayofweek(TimeGenerated)\n| where DayOfWeek in (0d, 6d)  // Sunday and Saturday\n    or HourOfDay < businessStartUtc\n    or HourOfDay >= businessEndUtc\n| extend ActorLogin = tostring(Actor.loginName)\n| extend TargetType = tostring(Target.type)\n| project TimeGenerated, ActorLogin, Action, TargetType, Target, Origin\n| order by TimeGenerated desc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "InitialAccess,Persistence"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 3",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3)]",
+                "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject3').huntingQueryVersion3]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Tailscale (CCF)",
+                  "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Off-hours configuration changes",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject4').huntingQueryTemplateSpecName4]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_4",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Auth key sprawl",
+                "category": "Hunting Queries",
+                "query": "let bucket = 1h;\nlet sprawlThreshold = 5;\nTailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize KeysCreated = count(), KeyIDs = make_set(tostring(Target.id)), Reusable = make_set(tostring(New.reusable)), Ephemeral = make_set(tostring(New.ephemeral))\n    by bin(TimeGenerated, bucket), ActorLogin\n| where KeysCreated >= sprawlThreshold\n| order by KeysCreated desc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "Persistence,CredentialAccess"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1098,T1136"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 4",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4)]",
+                "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject4').huntingQueryVersion4]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Tailscale (CCF)",
+                  "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Auth key sprawl",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject5').huntingQueryTemplateSpecName5]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleDormantDevices_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2025-07-01",
+              "name": "Tailscale_(CCF)_Hunting_Query_5",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Tailscale: Devices not seen in 30+ days",
+                "category": "Hunting Queries",
+                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where LastSeen < ago(30d)\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, DaysSinceSeen, Tags, AdvertisedRoutes\n| order by DaysSinceSeen desc\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "Discovery"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1078"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5),'/'))))]",
+              "properties": {
+                "description": "Tailscale (CCF) Hunting Query 5",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5)]",
+                "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryObject5').huntingQueryVersion5]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Tailscale (CCF)",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Tailscale (CCF)",
+                  "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Tailscale: Devices not seen in 30+ days",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
+        "version": "1.0.0"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryObject6').huntingQueryTemplateSpecName6]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "TailscaleAuthKeysNoExpiry_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_1",
+              "name": "Tailscale_(CCF)_Hunting_Query_6",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: First-seen actor making configuration changes",
+                "displayName": "Tailscale: Auth keys with no expiry",
                 "category": "Hunting Queries",
-                "query": "let lookback = 14d;\nlet baselineWindow = 14d;\nTailscale_Audit_CL\n| where TimeGenerated > ago(lookback)\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize FirstSeen = min(TimeGenerated), Actions = make_set(Action), Targets = make_set(tostring(Target.type)), TotalEvents = count() by ActorLogin\n| join kind=leftanti (\n    Tailscale_Audit_CL\n    | where TimeGenerated between (ago(lookback + baselineWindow) .. ago(lookback))\n    | extend ActorLogin = tostring(Actor.loginName)\n    | distinct ActorLogin\n) on ActorLogin\n| order by FirstSeen asc\n",
+                "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked) or Revoked == datetime(null)\n| where isnull(Expires) or Expires == datetime(null)\n| project KeyId, Description, UserId, Created, Capabilities\n| order by Created asc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Surfaces actors making their first configuration change in the lookback window. New legitimate admins look identical to compromised credentials - review whether each surfaced actor is expected to have admin rights."
+                    "value": "Identifies tailnet auth keys that have no expiry timestamp set. Non-expiring keys grant unattended enrollment in perpetuity and should be rotated or replaced with ephemeral, time-bounded keys."
                   },
                   {
                     "name": "tactics",
-                    "value": "InitialAccess,Persistence"
+                    "value": "Persistence,CredentialAccess"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1078"
+                    "value": "T1098,T1136"
                   }
                 ]
               }
@@ -7044,13 +7944,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 1",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1)]",
-                "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+                "description": "Tailscale (CCF) Hunting Query 6",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6)]",
+                "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject1').huntingQueryVersion1]",
+                "version": "[variables('huntingQueryObject6').huntingQueryVersion6]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7061,7 +7961,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -7075,53 +7975,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+        "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: First-seen actor making configuration changes",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Auth keys with no expiry",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject2').huntingQueryTemplateSpecName2]",
+      "name": "[variables('huntingQueryObject7').huntingQueryTemplateSpecName7]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleACLPolicyChurn_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscaleOrphanedUsers_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
+          "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_2",
+              "name": "Tailscale_(CCF)_Hunting_Query_7",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: ACL policy churn",
+                "displayName": "Tailscale: Users with zero devices",
                 "category": "Hunting Queries",
-                "query": "let bucket = 30m;\nlet churnThreshold = 3;\nTailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"ACL\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize EditCount = count(), Editors = make_set(ActorLogin), FirstEdit = min(TimeGenerated), LastEdit = max(TimeGenerated)\n    by bin(TimeGenerated, bucket)\n| where EditCount >= churnThreshold\n| order by EditCount desc\n",
+                "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| where DeviceCount == 0\n| where Status != \"suspended\"\n| project LoginName, DisplayName, Role, Status, DeviceCount, Created, LastSeen\n| order by LastSeen asc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change."
+                    "value": "Identifies tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records."
                   },
                   {
                     "name": "tactics",
-                    "value": "DefenseEvasion,PrivilegeEscalation"
+                    "value": "InitialAccess"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1098,T1556"
+                    "value": "T1078"
                   }
                 ]
               }
@@ -7129,13 +8029,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 2",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2)]",
-                "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+                "description": "Tailscale (CCF) Hunting Query 7",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7)]",
+                "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject2').huntingQueryVersion2]",
+                "version": "[variables('huntingQueryObject7').huntingQueryVersion7]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7146,7 +8046,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -7160,53 +8060,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+        "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: ACL policy churn",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Users with zero devices",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject3').huntingQueryTemplateSpecName3]",
+      "name": "[variables('huntingQueryObject8').huntingQueryTemplateSpecName8]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOffHoursConfigChanges_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscaleSplitDnsPerDomainChanges_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
+          "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_3",
+              "name": "Tailscale_(CCF)_Hunting_Query_8",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Off-hours configuration changes",
+                "displayName": "Tailscale: Split-DNS per-domain change history",
                 "category": "Hunting Queries",
-                "query": "let businessStartUtc = 8;\nlet businessEndUtc = 18;\nTailscale_Audit_CL\n| extend HourOfDay = datetime_part(\"hour\", TimeGenerated), DayOfWeek = dayofweek(TimeGenerated)\n| where DayOfWeek in (0d, 6d)  // Sunday and Saturday\n    or HourOfDay < businessStartUtc\n    or HourOfDay >= businessEndUtc\n| extend ActorLogin = tostring(Actor.loginName)\n| extend TargetType = tostring(Target.type)\n| project TimeGenerated, ActorLogin, Action, TargetType, Target, Origin\n| order by TimeGenerated desc\n",
+                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_SPLIT_DNS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldKeys = bag_keys(Old), NewKeys = bag_keys(New)\n| extend AllDomains = set_union(OldKeys, NewKeys)\n| mv-expand Domain = AllDomains to typeof(string)\n| extend OldResolvers = Old[Domain], NewResolvers = New[Domain]\n| extend Change = case(\n    isnull(OldResolvers) and isnotnull(NewResolvers), \"added\",\n    isnotnull(OldResolvers) and isnull(NewResolvers), \"removed\",\n    tostring(OldResolvers) != tostring(NewResolvers), \"resolvers-changed\",\n    \"unchanged\")\n| where Change != \"unchanged\"\n| project TimeGenerated, ActorLogin, Domain, Change, OldResolvers, NewResolvers\n| order by TimeGenerated desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Lists configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity."
+                    "value": "Reconstructs the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended."
                   },
                   {
                     "name": "tactics",
-                    "value": "InitialAccess,Persistence"
+                    "value": "DefenseEvasion,CommandAndControl"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1078"
+                    "value": "T1556,T1568"
                   }
                 ]
               }
@@ -7214,13 +8114,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 3",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3)]",
-                "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+                "description": "Tailscale (CCF) Hunting Query 8",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8)]",
+                "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject3').huntingQueryVersion3]",
+                "version": "[variables('huntingQueryObject8').huntingQueryVersion8]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7231,7 +8131,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -7245,53 +8145,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+        "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Off-hours configuration changes",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Split-DNS per-domain change history",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject4').huntingQueryTemplateSpecName4]",
+      "name": "[variables('huntingQueryObject9').huntingQueryTemplateSpecName9]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthKeySprawl_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscaleDevicesWithSshEnabled_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
+          "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_4",
+              "name": "Tailscale_(CCF)_Hunting_Query_9",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Auth key sprawl",
+                "displayName": "Tailscale: Devices with Tailscale SSH enabled",
                 "category": "Hunting Queries",
-                "query": "let bucket = 1h;\nlet sprawlThreshold = 5;\nTailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"AUTH_KEY\"\n| extend ActorLogin = tostring(Actor.loginName)\n| summarize KeysCreated = count(), KeyIDs = make_set(tostring(Target.id)), Reusable = make_set(tostring(New.reusable)), Ephemeral = make_set(tostring(New.ephemeral))\n    by bin(TimeGenerated, bucket), ActorLogin\n| where KeysCreated >= sprawlThreshold\n| order by KeysCreated desc\n",
+                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where SshEnabled == true\n| project DeviceName, Hostname, User, Os, Distro, ClientVersion, LastSeen, Tags\n| order by DeviceName asc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context."
+                    "value": "Identifies devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity (no SSH keys needed) and is governed by the SSH ACL block in the policy file. Cross-reference this list with the SSH ACL to confirm only the intended devices are reachable as SSH targets."
                   },
                   {
                     "name": "tactics",
-                    "value": "Persistence,CredentialAccess"
+                    "value": "LateralMovement,Persistence"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1098,T1136"
+                    "value": "T1021"
                   }
                 ]
               }
@@ -7299,13 +8199,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 4",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4)]",
-                "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+                "description": "Tailscale (CCF) Hunting Query 9",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9)]",
+                "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject4').huntingQueryVersion4]",
+                "version": "[variables('huntingQueryObject9').huntingQueryVersion9]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7316,7 +8216,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -7330,49 +8230,49 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+        "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Auth key sprawl",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Devices with Tailscale SSH enabled",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject5').huntingQueryTemplateSpecName5]",
+      "name": "[variables('huntingQueryObject10').huntingQueryTemplateSpecName10]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDormantDevices_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscaleExternalDeviceInventory_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
+          "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_5",
+              "name": "Tailscale_(CCF)_Hunting_Query_10",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Devices not seen in 30+ days",
+                "displayName": "Tailscale: External (shared-in) device inventory",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where LastSeen < ago(30d)\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, DaysSinceSeen, Tags, AdvertisedRoutes\n| order by DaysSinceSeen desc\n",
+                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where IsExternal == true\n| project DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags\n| order by Created desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Lists tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation."
+                    "value": "Identifies external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. Confirm each entry maps to a documented collaboration and that the corresponding ACL restricts the device to the intended resources."
                   },
                   {
                     "name": "tactics",
-                    "value": "Discovery"
+                    "value": "InitialAccess"
                   },
                   {
                     "name": "techniques",
@@ -7384,13 +8284,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 5",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5)]",
-                "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+                "description": "Tailscale (CCF) Hunting Query 10",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10)]",
+                "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject5').huntingQueryVersion5]",
+                "version": "[variables('huntingQueryObject10').huntingQueryVersion10]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7401,7 +8301,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -7415,53 +8315,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+        "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Devices not seen in 30+ days",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '1.0.0')))]",
+        "displayName": "Tailscale: External (shared-in) device inventory",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject6').huntingQueryTemplateSpecName6]",
+      "name": "[variables('huntingQueryObject11').huntingQueryTemplateSpecName11]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleAuthKeysNoExpiry_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscaleOutdatedClients_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
+          "contentVersion": "[variables('huntingQueryObject11').huntingQueryVersion11]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_6",
+              "name": "Tailscale_(CCF)_Hunting_Query_11",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Auth keys with no expiry",
+                "displayName": "Tailscale: Devices with outdated client version",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked) or Revoked == datetime(null)\n| where isnull(Expires) or Expires == datetime(null)\n| project KeyId, Description, UserId, Created, Capabilities\n| order by Created asc\n",
+                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where UpdateAvailable == true\n| project DeviceName, Hostname, User, Os, Distro, ClientVersion, LastSeen, Tags\n| order by ClientVersion asc, LastSeen desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies tailnet auth keys that have no expiry timestamp set. Non-expiring keys grant unattended enrollment in perpetuity and should be rotated or replaced with ephemeral, time-bounded keys."
+                    "value": "Identifies tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security and feature updates regularly; a device showing UpdateAvailable lacks the most recent improvements. Use this list to plan a fleet update, especially before enabling new ACL features that require minimum client versions."
                   },
                   {
                     "name": "tactics",
-                    "value": "Persistence,CredentialAccess"
+                    "value": "DefenseEvasion"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1098,T1136"
+                    "value": "T1562"
                   }
                 ]
               }
@@ -7469,13 +8369,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject11')._huntingQuerycontentId11),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 6",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6)]",
-                "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
+                "description": "Tailscale (CCF) Hunting Query 11",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject11')._huntingQuerycontentId11)]",
+                "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject6').huntingQueryVersion6]",
+                "version": "[variables('huntingQueryObject11').huntingQueryVersion11]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7486,7 +8386,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -7500,53 +8400,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
+        "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Auth keys with no expiry",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Devices with outdated client version",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject11')._huntingQuerycontentId11,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject11')._huntingQuerycontentId11,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject7').huntingQueryTemplateSpecName7]",
+      "name": "[variables('huntingQueryObject12').huntingQueryTemplateSpecName12]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOrphanedUsers_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscaleSubnetRouteExposure_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
+          "contentVersion": "[variables('huntingQueryObject12').huntingQueryVersion12]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_7",
+              "name": "Tailscale_(CCF)_Hunting_Query_12",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Users with zero devices",
+                "displayName": "Tailscale: Subnet router CIDR exposure inventory",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| where DeviceCount == 0\n| where Status != \"suspended\"\n| project LoginName, DisplayName, Role, Status, DeviceCount, Created, LastSeen\n| order by LastSeen asc\n",
+                "query": "let exitRoutes = dynamic([\"0.0.0.0/0\", \"::/0\"]);\nTailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\n| extend SubnetAdvertised = set_difference(AdvertisedRoutes, exitRoutes)\n| extend SubnetEnabled = set_difference(EnabledRoutes, exitRoutes)\n| where array_length(SubnetAdvertised) > 0 or array_length(SubnetEnabled) > 0\n| project DeviceName, Hostname, User, Os, SubnetAdvertised, SubnetEnabled, Tags, LastSeen\n| order by DeviceName asc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Lists tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records."
+                    "value": "Lists every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it."
                   },
                   {
                     "name": "tactics",
-                    "value": "InitialAccess"
+                    "value": "LateralMovement"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1078"
+                    "value": "T1021,T1018"
                   }
                 ]
               }
@@ -7554,13 +8454,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject12')._huntingQuerycontentId12),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 7",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7)]",
-                "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
+                "description": "Tailscale (CCF) Hunting Query 12",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject12')._huntingQuerycontentId12)]",
+                "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject7').huntingQueryVersion7]",
+                "version": "[variables('huntingQueryObject12').huntingQueryVersion12]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7571,7 +8471,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -7585,53 +8485,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
+        "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Users with zero devices",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '1.0.0')))]",
+        "displayName": "Tailscale: Subnet router CIDR exposure inventory",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject12')._huntingQuerycontentId12,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject12')._huntingQuerycontentId12,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject8').huntingQueryTemplateSpecName8]",
+      "name": "[variables('huntingQueryObject13').huntingQueryTemplateSpecName13]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleSplitDnsPerDomainChanges_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscalePremiumNewNodePairs_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
+          "contentVersion": "[variables('huntingQueryObject13').huntingQueryVersion13]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_8",
+              "name": "Tailscale_(CCF)_Hunting_Query_13",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Split-DNS per-domain change history",
+                "displayName": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Audit_CL\n| where Action == \"UPDATE\"\n| where tostring(Target.type) == \"TAILNET\"\n| where tostring(Target.property) == \"DNS_SPLIT_DNS\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend OldKeys = bag_keys(Old), NewKeys = bag_keys(New)\n| extend AllDomains = set_union(OldKeys, NewKeys)\n| mv-expand Domain = AllDomains to typeof(string)\n| extend OldResolvers = Old[Domain], NewResolvers = New[Domain]\n| extend Change = case(\n    isnull(OldResolvers) and isnotnull(NewResolvers), \"added\",\n    isnotnull(OldResolvers) and isnull(NewResolvers), \"removed\",\n    tostring(OldResolvers) != tostring(NewResolvers), \"resolvers-changed\",\n    \"unchanged\")\n| where Change != \"unchanged\"\n| project TimeGenerated, ActorLogin, Domain, Change, OldResolvers, NewResolvers\n| order by TimeGenerated desc\n",
+                "query": "let recent = 1d;\nlet baseline = 7d;\nlet recentPairs =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | mv-expand t = VirtualTraffic\n    | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n    | summarize FirstSeen = min(TimeGenerated), TxBytes = sum(tolong(t.txBytes)), RxBytes = sum(tolong(t.rxBytes)), FlowCount = count() by Src, Dst, Proto;\nlet baselinePairs =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | mv-expand t = VirtualTraffic\n    | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n    | distinct Src, Dst, Proto;\nrecentPairs\n| join kind=leftanti baselinePairs on Src, Dst, Proto\n| order by FirstSeen asc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Reconstructs the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended."
+                    "value": "Identifies tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs)."
                   },
                   {
                     "name": "tactics",
-                    "value": "DefenseEvasion,CommandAndControl"
+                    "value": "LateralMovement,Discovery"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1556,T1568"
+                    "value": "T1021,T1018"
                   }
                 ]
               }
@@ -7639,13 +8539,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject13')._huntingQuerycontentId13),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 8",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8)]",
-                "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
+                "description": "Tailscale (CCF) Hunting Query 13",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject13')._huntingQuerycontentId13)]",
+                "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject8').huntingQueryVersion8]",
+                "version": "[variables('huntingQueryObject13').huntingQueryVersion13]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7656,7 +8556,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -7670,53 +8570,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
+        "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Split-DNS per-domain change history",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '1.0.0')))]",
+        "displayName": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject13')._huntingQuerycontentId13,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject13')._huntingQuerycontentId13,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject9').huntingQueryTemplateSpecName9]",
+      "name": "[variables('huntingQueryObject14').huntingQueryTemplateSpecName14]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleDevicesWithSshEnabled_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscalePremiumTopTalkers_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
+          "contentVersion": "[variables('huntingQueryObject14').huntingQueryVersion14]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_9",
+              "name": "Tailscale_(CCF)_Hunting_Query_14",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Devices with Tailscale SSH enabled",
+                "displayName": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where SshEnabled == true\n| project DeviceName, Hostname, User, Os, Distro, ClientVersion, LastSeen, Tags\n| order by DeviceName asc\n",
+                "query": "Tailscale_Network_CL\n| where TimeGenerated > ago(1d)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(TxBytes + RxBytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), FlowCount = count() by Src, Dst, Proto\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| top 50 by TotalBytes\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Inventory of devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity (no SSH keys needed) and is governed by the SSH ACL block in the policy file. Cross-reference this list with the SSH ACL to confirm only the intended devices are reachable as SSH targets."
+                    "value": "Identifies tailnet src->dst pairs ranked by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise."
                   },
                   {
                     "name": "tactics",
-                    "value": "LateralMovement,Persistence"
+                    "value": "Exfiltration,Collection"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1021"
+                    "value": "T1041,T1567"
                   }
                 ]
               }
@@ -7724,13 +8624,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject14')._huntingQuerycontentId14),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 9",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9)]",
-                "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
+                "description": "Tailscale (CCF) Hunting Query 14",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject14')._huntingQuerycontentId14)]",
+                "contentId": "[variables('huntingQueryObject14')._huntingQuerycontentId14]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject9').huntingQueryVersion9]",
+                "version": "[variables('huntingQueryObject14').huntingQueryVersion14]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7741,7 +8641,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -7755,53 +8655,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
+        "contentId": "[variables('huntingQueryObject14')._huntingQuerycontentId14]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Devices with Tailscale SSH enabled",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '1.0.0')))]",
+        "displayName": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject14')._huntingQuerycontentId14,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject14')._huntingQuerycontentId14,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject10').huntingQueryTemplateSpecName10]",
+      "name": "[variables('huntingQueryObject15').huntingQueryTemplateSpecName15]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleExternalDeviceInventory_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscalePremiumExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
+          "contentVersion": "[variables('huntingQueryObject15').huntingQueryVersion15]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_10",
+              "name": "Tailscale_(CCF)_Hunting_Query_15",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: External (shared-in) device inventory",
+                "displayName": "Tailscale Premium: Exit-node usage patterns",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where IsExternal == true\n| project DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, Tags\n| order by Created desc\n",
+                "query": "Tailscale_Network_CL\n| where TimeGenerated > ago(1d)\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| extend Src = tostring(t.src), ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(TxBytes + RxBytes), FlowCount = count(), ExitDestinations = make_set(ExitDst, 25)\n    by NodeId, SrcNodeName = tostring(SrcNode.name), Src\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| order by TotalBytes desc\n| take 100\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Inventory of external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. Confirm each entry maps to a documented collaboration and that the corresponding ACL restricts the device to the intended resources."
+                    "value": "Identifies traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise."
                   },
                   {
                     "name": "tactics",
-                    "value": "InitialAccess"
+                    "value": "CommandAndControl,Exfiltration"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1078"
+                    "value": "T1090,T1041"
                   }
                 ]
               }
@@ -7809,13 +8709,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject15')._huntingQuerycontentId15),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 10",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10)]",
-                "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
+                "description": "Tailscale (CCF) Hunting Query 15",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject15')._huntingQuerycontentId15)]",
+                "contentId": "[variables('huntingQueryObject15')._huntingQuerycontentId15]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject10').huntingQueryVersion10]",
+                "version": "[variables('huntingQueryObject15').huntingQueryVersion15]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7826,7 +8726,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -7840,53 +8740,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
+        "contentId": "[variables('huntingQueryObject15')._huntingQuerycontentId15]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: External (shared-in) device inventory",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]",
+        "displayName": "Tailscale Premium: Exit-node usage patterns",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject15')._huntingQuerycontentId15,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject15')._huntingQuerycontentId15,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject11').huntingQueryTemplateSpecName11]",
+      "name": "[variables('huntingQueryObject16').huntingQueryTemplateSpecName16]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleOutdatedClients_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscalePremiumBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject11').huntingQueryVersion11]",
+          "contentVersion": "[variables('huntingQueryObject16').huntingQueryVersion16]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_11",
+              "name": "Tailscale_(CCF)_Hunting_Query_16",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Devices with outdated client version",
+                "displayName": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where UpdateAvailable == true\n| project DeviceName, Hostname, User, Os, Distro, ClientVersion, LastSeen, Tags\n| order by ClientVersion asc, LastSeen desc\n",
+                "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n| order by BeaconPercent desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Lists tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security and feature updates regularly; a device showing UpdateAvailable lacks the most recent improvements. Use this list to plan a fleet update, especially before enabling new ACL features that require minimum client versions."
+                    "value": "Identifies flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise."
                   },
                   {
                     "name": "tactics",
-                    "value": "DefenseEvasion"
+                    "value": "CommandAndControl,Exfiltration"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1562"
+                    "value": "T1071,T1095,T1029"
                   }
                 ]
               }
@@ -7894,13 +8794,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject11')._huntingQuerycontentId11),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject16')._huntingQuerycontentId16),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 11",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject11')._huntingQuerycontentId11)]",
-                "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
+                "description": "Tailscale (CCF) Hunting Query 16",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject16')._huntingQuerycontentId16)]",
+                "contentId": "[variables('huntingQueryObject16')._huntingQuerycontentId16]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject11').huntingQueryVersion11]",
+                "version": "[variables('huntingQueryObject16').huntingQueryVersion16]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7911,7 +8811,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -7925,53 +8825,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
+        "contentId": "[variables('huntingQueryObject16')._huntingQuerycontentId16]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Devices with outdated client version",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject11')._huntingQuerycontentId11,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject11')._huntingQuerycontentId11,'-', '1.0.0')))]",
+        "displayName": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject16')._huntingQuerycontentId16,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject16')._huntingQuerycontentId16,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject12').huntingQueryTemplateSpecName12]",
+      "name": "[variables('huntingQueryObject17').huntingQueryTemplateSpecName17]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleSubnetRouteExposure_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscalePremiumPostureInventory_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject12').huntingQueryVersion12]",
+          "contentVersion": "[variables('huntingQueryObject17').huntingQueryVersion17]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_12",
+              "name": "Tailscale_(CCF)_Hunting_Query_17",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale: Subnet router CIDR exposure inventory",
+                "displayName": "Tailscale Premium: Current posture integration inventory",
                 "category": "Hunting Queries",
-                "query": "let exitRoutes = dynamic([\"0.0.0.0/0\", \"::/0\"]);\nTailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\n| extend SubnetAdvertised = set_difference(AdvertisedRoutes, exitRoutes)\n| extend SubnetEnabled = set_difference(EnabledRoutes, exitRoutes)\n| where array_length(SubnetAdvertised) > 0 or array_length(SubnetEnabled) > 0\n| project DeviceName, Hostname, User, Os, SubnetAdvertised, SubnetEnabled, Tags, LastSeen\n| order by DeviceName asc\n",
+                "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| project IntegrationId, Provider, ClientId, TenantId_Provider, Status, ConfigOverwrites\n| order by Provider asc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Lists every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it."
+                    "value": "Identifies the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise."
                   },
                   {
                     "name": "tactics",
-                    "value": "LateralMovement"
+                    "value": "DefenseEvasion"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1021,T1018"
+                    "value": "T1562"
                   }
                 ]
               }
@@ -7979,13 +8879,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject12')._huntingQuerycontentId12),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject17')._huntingQuerycontentId17),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 12",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject12')._huntingQuerycontentId12)]",
-                "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
+                "description": "Tailscale (CCF) Hunting Query 17",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject17')._huntingQuerycontentId17)]",
+                "contentId": "[variables('huntingQueryObject17')._huntingQuerycontentId17]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject12').huntingQueryVersion12]",
+                "version": "[variables('huntingQueryObject17').huntingQueryVersion17]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -7996,7 +8896,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -8010,53 +8910,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
+        "contentId": "[variables('huntingQueryObject17')._huntingQuerycontentId17]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale: Subnet router CIDR exposure inventory",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject12')._huntingQuerycontentId12,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject12')._huntingQuerycontentId12,'-', '1.0.0')))]",
+        "displayName": "Tailscale Premium: Current posture integration inventory",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject17')._huntingQuerycontentId17,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject17')._huntingQuerycontentId17,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject13').huntingQueryTemplateSpecName13]",
+      "name": "[variables('huntingQueryObject18').huntingQueryTemplateSpecName18]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumNewNodePairs_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscalePremiumDerpRelayPersistence_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject13').huntingQueryVersion13]",
+          "contentVersion": "[variables('huntingQueryObject18').huntingQueryVersion18]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_13",
+              "name": "Tailscale_(CCF)_Hunting_Query_18",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
+                "displayName": "Tailscale Premium: Devices with persistent DERP relay usage",
                 "category": "Hunting Queries",
-                "query": "let recent = 1d;\nlet baseline = 7d;\nlet recentPairs =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | mv-expand t = VirtualTraffic\n    | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n    | summarize FirstSeen = min(TimeGenerated), TxBytes = sum(tolong(t.txBytes)), RxBytes = sum(tolong(t.rxBytes)), FlowCount = count() by Src, Dst, Proto;\nlet baselinePairs =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | mv-expand t = VirtualTraffic\n    | extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n    | distinct Src, Dst, Proto;\nrecentPairs\n| join kind=leftanti baselinePairs on Src, Dst, Proto\n| order by FirstSeen asc\n",
+                "query": "Tailscale_Network_CL\n| where TimeGenerated > ago(24h)\n| summarize\n    TotalFlows = count(),\n    RelayedFlows = countif(IsRelayed),\n    DistinctDsts = dcount(DstNodeName),\n    FirstFlow = min(TimeGenerated),\n    LastFlow = max(TimeGenerated)\n    by SrcNodeName, SrcUser, SrcOs, SrcTags=tostring(SrcTags)\n| where TotalFlows >= 50\n| extend RelayedPct = round(100.0 * RelayedFlows / TotalFlows, 1)\n| where RelayedPct >= 30.0\n| project SrcNodeName, SrcUser, SrcOs, SrcTags, TotalFlows, RelayedFlows, RelayedPct, DistinctDsts, FirstFlow, LastFlow\n| order by RelayedPct desc, TotalFlows desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Lists tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs)."
+                    "value": "Identifies devices that have consistently fallen back to DERP relay (IsRelayed = true) over the past 24 hours. Sustained relay usage points to NAT/firewall misconfiguration on the device's network, a tunnel-blocking middlebox, or in rare cases deliberate evasion attempting to obscure direct peer-to-peer paths. Useful for proactive network-hygiene investigation and capacity planning. Requires Tailscale Premium or Enterprise."
                   },
                   {
                     "name": "tactics",
-                    "value": "LateralMovement,Discovery"
+                    "value": "CommandAndControl"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1021,T1018"
+                    "value": "T1572"
                   }
                 ]
               }
@@ -8064,13 +8964,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject13')._huntingQuerycontentId13),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject18')._huntingQuerycontentId18),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 13",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject13')._huntingQuerycontentId13)]",
-                "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
+                "description": "Tailscale (CCF) Hunting Query 18",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject18')._huntingQuerycontentId18)]",
+                "contentId": "[variables('huntingQueryObject18')._huntingQuerycontentId18]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject13').huntingQueryVersion13]",
+                "version": "[variables('huntingQueryObject18').huntingQueryVersion18]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -8081,7 +8981,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -8095,53 +8995,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
+        "contentId": "[variables('huntingQueryObject18')._huntingQuerycontentId18]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale Premium: New src->dst node pairs (lateral movement candidates)",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject13')._huntingQuerycontentId13,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject13')._huntingQuerycontentId13,'-', '1.0.0')))]",
+        "displayName": "Tailscale Premium: Devices with persistent DERP relay usage",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject18')._huntingQuerycontentId18,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject18')._huntingQuerycontentId18,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject14').huntingQueryTemplateSpecName14]",
+      "name": "[variables('huntingQueryObject19').huntingQueryTemplateSpecName19]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumTopTalkers_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscalePremiumTaggedServiceFanIn_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject14').huntingQueryVersion14]",
+          "contentVersion": "[variables('huntingQueryObject19').huntingQueryVersion19]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_14",
+              "name": "Tailscale_(CCF)_Hunting_Query_19",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
+                "displayName": "Tailscale Premium: Tagged services with broad inbound exposure",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Network_CL\n| where TimeGenerated > ago(1d)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(TxBytes + RxBytes), TotalPackets = sum(tolong(t.txPkts) + tolong(t.rxPkts)), FlowCount = count() by Src, Dst, Proto\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| top 50 by TotalBytes\n",
+                "query": "Tailscale_Network_CL\n| where TimeGenerated > ago(7d)\n| where isnotempty(DstTags)\n| where HasVirtualTraffic or HasSubnetTraffic\n| summarize\n    DistinctSrcUsers = dcount(SrcUser),\n    DistinctSrcDevices = dcount(SrcNodeName),\n    DistinctSrcOs = dcount(SrcOs),\n    Flows = count(),\n    FirstFlow = min(TimeGenerated),\n    LastFlow = max(TimeGenerated)\n    by DstNodeName, DstTags=tostring(DstTags)\n| extend ShortDstName = tostring(split(DstNodeName, \".\")[0])\n| project ShortDstName, DstTags, DistinctSrcDevices, DistinctSrcUsers, DistinctSrcOs, Flows, FirstFlow, LastFlow\n| order by DistinctSrcDevices desc, Flows desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Ranks tailnet src->dst pairs by total bytes transferred over the last 24h. Useful for capacity planning, identifying data-heavy flows, and spotting unexpected volume that could indicate data staging. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies tagged services (devices with non-empty DstTags) ranked by inbound diversity over 7 days. Baseline: a tag:plex serving the household typically sees connections from 1-3 user devices; a tag:db or tag:internal that receives connections from 10+ distinct users or 3+ OS families may indicate ACL drift, credential sharing, or unauthorised access. Sort by DistinctSrcDevices to surface services with the broadest blast-radius. Requires Tailscale Premium or Enterprise."
                   },
                   {
                     "name": "tactics",
-                    "value": "Exfiltration,Collection"
+                    "value": "LateralMovement,InitialAccess"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1041,T1567"
+                    "value": "T1021,T1133"
                   }
                 ]
               }
@@ -8149,13 +9049,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject14')._huntingQuerycontentId14),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject19')._huntingQuerycontentId19),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 14",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject14')._huntingQuerycontentId14)]",
-                "contentId": "[variables('huntingQueryObject14')._huntingQuerycontentId14]",
+                "description": "Tailscale (CCF) Hunting Query 19",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject19')._huntingQuerycontentId19)]",
+                "contentId": "[variables('huntingQueryObject19')._huntingQuerycontentId19]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject14').huntingQueryVersion14]",
+                "version": "[variables('huntingQueryObject19').huntingQueryVersion19]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -8166,7 +9066,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -8180,53 +9080,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject14')._huntingQuerycontentId14]",
+        "contentId": "[variables('huntingQueryObject19')._huntingQuerycontentId19]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale Premium: Top talkers by bytes (virtual traffic)",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject14')._huntingQuerycontentId14,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject14')._huntingQuerycontentId14,'-', '1.0.0')))]",
+        "displayName": "Tailscale Premium: Tagged services with broad inbound exposure",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject19')._huntingQuerycontentId19,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject19')._huntingQuerycontentId19,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject15').huntingQueryTemplateSpecName15]",
+      "name": "[variables('huntingQueryObject20').huntingQueryTemplateSpecName20]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumExitNodeUsage_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscalePremiumCrossTagFlowMatrix_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject15').huntingQueryVersion15]",
+          "contentVersion": "[variables('huntingQueryObject20').huntingQueryVersion20]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_15",
+              "name": "Tailscale_(CCF)_Hunting_Query_20",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale Premium: Exit-node usage patterns",
+                "displayName": "Tailscale Premium: Cross-tag flow matrix",
                 "category": "Hunting Queries",
-                "query": "Tailscale_Network_CL\n| where TimeGenerated > ago(1d)\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| extend Src = tostring(t.src), ExitDst = tostring(t.dst), Proto = toint(t.proto), TxBytes = tolong(t.txBytes), RxBytes = tolong(t.rxBytes)\n| summarize TotalBytes = sum(TxBytes + RxBytes), FlowCount = count(), ExitDestinations = make_set(ExitDst, 25)\n    by NodeId, SrcNodeName = tostring(SrcNode.name), Src\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n| order by TotalBytes desc\n| take 100\n",
+                "query": "Tailscale_Network_CL\n| where TimeGenerated > ago(7d)\n| extend SrcCategory = case(\n    isnotempty(SrcTags), tostring(SrcTags),\n    isnotempty(SrcUser), \"<user>\",\n    \"<unknown>\")\n| extend DstCategory = case(\n    isnotempty(DstTags), tostring(DstTags),\n    isnotempty(DstUser), \"<user>\",\n    \"<unknown>\")\n| summarize\n    Flows = count(),\n    DistinctSrcDevices = dcount(SrcNodeName),\n    DistinctDstDevices = dcount(DstNodeName),\n    FirstSeen = min(TimeGenerated),\n    LastSeen = max(TimeGenerated)\n    by SrcCategory, DstCategory\n| extend SameTagLoop = SrcCategory == DstCategory and SrcCategory != \"<user>\" and SrcCategory != \"<unknown>\"\n| project SrcCategory, DstCategory, Flows, DistinctSrcDevices, DistinctDstDevices, SameTagLoop, FirstSeen, LastSeen\n| order by Flows desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Summarises traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies network flows pivoted by source-tag x destination-tag over the past 7 days, treating untagged user devices as `<user>`. Highlights which tagged services interact - useful for ACL validation, detecting unexpected tag-to-tag traffic, and spotting tag-to-same-tag loops that can indicate worm-style propagation or service-mesh anomalies. Order by Flows to find the heaviest tag pairs; sort by DistinctSrcDevices to find broadly-used services. Requires Tailscale Premium or Enterprise."
                   },
                   {
                     "name": "tactics",
-                    "value": "CommandAndControl,Exfiltration"
+                    "value": "LateralMovement,Discovery"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1090,T1041"
+                    "value": "T1021,T1046"
                   }
                 ]
               }
@@ -8234,13 +9134,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject15')._huntingQuerycontentId15),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject20')._huntingQuerycontentId20),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 15",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject15')._huntingQuerycontentId15)]",
-                "contentId": "[variables('huntingQueryObject15')._huntingQuerycontentId15]",
+                "description": "Tailscale (CCF) Hunting Query 20",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject20')._huntingQuerycontentId20)]",
+                "contentId": "[variables('huntingQueryObject20')._huntingQuerycontentId20]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject15').huntingQueryVersion15]",
+                "version": "[variables('huntingQueryObject20').huntingQueryVersion20]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -8251,7 +9151,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -8265,53 +9165,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject15')._huntingQuerycontentId15]",
+        "contentId": "[variables('huntingQueryObject20')._huntingQuerycontentId20]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale Premium: Exit-node usage patterns",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject15')._huntingQuerycontentId15,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject15')._huntingQuerycontentId15,'-', '1.0.0')))]",
+        "displayName": "Tailscale Premium: Cross-tag flow matrix",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject20')._huntingQuerycontentId20,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject20')._huntingQuerycontentId20,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject16').huntingQueryTemplateSpecName16]",
+      "name": "[variables('huntingQueryObject21').huntingQueryTemplateSpecName21]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumBeaconingCandidates_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscalePremiumOffHoursFlows_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject16').huntingQueryVersion16]",
+          "contentVersion": "[variables('huntingQueryObject21').huntingQueryVersion21]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_16",
+              "name": "Tailscale_(CCF)_Hunting_Query_21",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
+                "displayName": "Tailscale Premium: Network flows outside business hours",
                 "category": "Hunting Queries",
-                "query": "let lookback = 2d;\nlet minFlows = 10;\nlet beaconPercentThreshold = 80.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(lookback)\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Proto = toint(t.proto)\n| project TimeGenerated, Src, Dst, Proto\n| sort by Src asc, Dst asc, Proto asc, TimeGenerated asc\n| serialize\n| extend NextTime = next(TimeGenerated), NextSrc = next(Src), NextDst = next(Dst), NextProto = next(Proto)\n| where Src == NextSrc and Dst == NextDst and Proto == NextProto\n| extend DeltaSec = datetime_diff('second', NextTime, TimeGenerated)\n| where DeltaSec > 5\n| summarize DeltaCount = count() by Src, Dst, Proto, DeltaSec\n| summarize (MostFrequentDeltaCount, MostFrequentDeltaSec) = arg_max(DeltaCount, DeltaSec), TotalFlows = sum(DeltaCount) by Src, Dst, Proto\n| where TotalFlows >= minFlows\n| extend BeaconPercent = round(MostFrequentDeltaCount * 100.0 / TotalFlows, 1)\n| where BeaconPercent >= beaconPercentThreshold\n| order by BeaconPercent desc\n",
+                "query": "Tailscale_Network_CL\n| where TimeGenerated > ago(7d)\n| where HasVirtualTraffic or HasSubnetTraffic or HasExitTraffic\n| extend HourUtc = hourofday(TimeGenerated), Dow = dayofweek(TimeGenerated)\n| where HourUtc < 7 or HourUtc >= 19 or Dow in (0d, 6d)\n| extend TaggedSource = isnotempty(SrcTags)\n| summarize\n    Flows = count(),\n    FirstFlow = min(TimeGenerated),\n    LastFlow = max(TimeGenerated),\n    DistinctHours = dcount(bin(TimeGenerated, 1h))\n    by SrcNodeName, SrcUser, SrcTags=tostring(SrcTags), DstNodeName, DstTags=tostring(DstTags), TaggedSource\n| where Flows >= 5\n| project SrcNodeName, SrcUser, SrcTags, TaggedSource, DstNodeName, DstTags, Flows, DistinctHours, FirstFlow, LastFlow\n| order by Flows desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies network flows occurring outside 07:00-19:00 UTC on weekdays, plus all of weekend, over the past 7 days. Filters to virtual/subnet/exit traffic (drops DERP-only keepalive noise). Useful for spotting unattended automation gone wrong, scheduled exfiltration, or unsanctioned after-hours access by humans. The TaggedSource column makes it easy to separate cron-like service traffic (tag:backup, tag:cron) from human user activity. Requires Tailscale Premium or Enterprise."
                   },
                   {
                     "name": "tactics",
-                    "value": "CommandAndControl,Exfiltration"
+                    "value": "Exfiltration,CommandAndControl"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1071,T1095,T1029"
+                    "value": "T1029,T1071"
                   }
                 ]
               }
@@ -8319,13 +9219,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject16')._huntingQuerycontentId16),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject21')._huntingQuerycontentId21),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 16",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject16')._huntingQuerycontentId16)]",
-                "contentId": "[variables('huntingQueryObject16')._huntingQuerycontentId16]",
+                "description": "Tailscale (CCF) Hunting Query 21",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject21')._huntingQuerycontentId21)]",
+                "contentId": "[variables('huntingQueryObject21')._huntingQuerycontentId21]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject16').huntingQueryVersion16]",
+                "version": "[variables('huntingQueryObject21').huntingQueryVersion21]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -8336,7 +9236,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -8350,53 +9250,53 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject16')._huntingQuerycontentId16]",
+        "contentId": "[variables('huntingQueryObject21')._huntingQuerycontentId21]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale Premium: Beaconing candidates (regular periodic flows)",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject16')._huntingQuerycontentId16,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject16')._huntingQuerycontentId16,'-', '1.0.0')))]",
+        "displayName": "Tailscale Premium: Network flows outside business hours",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject21')._huntingQuerycontentId21,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject21')._huntingQuerycontentId21,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryObject17').huntingQueryTemplateSpecName17]",
+      "name": "[variables('huntingQueryObject22').huntingQueryTemplateSpecName22]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumPostureInventory_HuntingQueries Hunting Query with template version 3.0.5",
+        "description": "TailscalePremiumUserMultiDevice_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryObject17').huntingQueryVersion17]",
+          "contentVersion": "[variables('huntingQueryObject22').huntingQueryVersion22]",
           "parameters": {},
           "variables": {},
           "resources": [
             {
               "type": "Microsoft.OperationalInsights/savedSearches",
               "apiVersion": "2025-07-01",
-              "name": "Tailscale_(CCF)_Hunting_Query_17",
+              "name": "Tailscale_(CCF)_Hunting_Query_22",
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Tailscale Premium: Current posture integration inventory",
+                "displayName": "Tailscale Premium: Users generating traffic from multiple devices",
                 "category": "Hunting Queries",
-                "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| project IntegrationId, Provider, ClientId, TenantId_Provider, Status, ConfigOverwrites\n| order by Provider asc\n",
+                "query": "let recent = Tailscale_Network_CL\n    | where TimeGenerated > ago(24h)\n    | where isnotempty(SrcUser)\n    | summarize\n        Devices = make_set(SrcNodeName, 20),\n        DeviceCount = dcount(SrcNodeName),\n        OsTypes = make_set(SrcOs, 10),\n        FirstFlow = min(TimeGenerated),\n        LastFlow = max(TimeGenerated),\n        Flows = count()\n      by SrcUser\n    | where DeviceCount >= 2;\nlet devicesCreatedToday = Tailscale_Devices_CL\n    | where TimeGenerated > ago(24h)\n    | summarize arg_max(TimeGenerated, *) by DeviceId\n    | where Created > ago(24h)\n    | distinct DeviceName;\nrecent\n| extend NewDevicesToday = set_intersect(Devices, toscalar(devicesCreatedToday | summarize make_set(DeviceName)))\n| extend HasNewDevice = array_length(NewDevicesToday) > 0\n| project SrcUser, DeviceCount, Devices, OsTypes, HasNewDevice, NewDevicesToday, Flows, FirstFlow, LastFlow\n| order by HasNewDevice desc, DeviceCount desc\n",
                 "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Lists the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies users (SrcUser) generating tailnet flows from more than one distinct device in the past 24 hours. Normal for a user with phone + laptop. Useful for spotting account compromise (sudden new device for a user), unauthorised device enrollment, or device sharing across users. Cross-reference NewDevicesToday against Tailscale_Devices_CL.Created to confirm whether each device is genuinely new vs long-known. Requires Tailscale Premium or Enterprise."
                   },
                   {
                     "name": "tactics",
-                    "value": "DefenseEvasion"
+                    "value": "InitialAccess,Persistence"
                   },
                   {
                     "name": "techniques",
-                    "value": "T1562"
+                    "value": "T1078"
                   }
                 ]
               }
@@ -8404,13 +9304,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject17')._huntingQuerycontentId17),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject22')._huntingQuerycontentId22),'/'))))]",
               "properties": {
-                "description": "Tailscale (CCF) Hunting Query 17",
-                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject17')._huntingQuerycontentId17)]",
-                "contentId": "[variables('huntingQueryObject17')._huntingQuerycontentId17]",
+                "description": "Tailscale (CCF) Hunting Query 22",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject22')._huntingQuerycontentId22)]",
+                "contentId": "[variables('huntingQueryObject22')._huntingQuerycontentId22]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryObject17').huntingQueryVersion17]",
+                "version": "[variables('huntingQueryObject22').huntingQueryVersion22]",
                 "source": {
                   "kind": "Solution",
                   "name": "Tailscale (CCF)",
@@ -8421,7 +9321,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -8435,11 +9335,11 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('huntingQueryObject17')._huntingQuerycontentId17]",
+        "contentId": "[variables('huntingQueryObject22')._huntingQuerycontentId22]",
         "contentKind": "HuntingQuery",
-        "displayName": "Tailscale Premium: Current posture integration inventory",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject17')._huntingQuerycontentId17,'-', '1.0.0')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject17')._huntingQuerycontentId17,'-', '1.0.0')))]",
+        "displayName": "Tailscale Premium: Users generating traffic from multiple devices",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject22')._huntingQuerycontentId22,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject22')._huntingQuerycontentId22,'-', '1.0.0')))]",
         "version": "1.0.0"
       }
     },
@@ -8452,7 +9352,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscaleStandardOperations Workbook with template version 3.0.5",
+        "description": "TailscaleStandardOperations Workbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -8470,7 +9370,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"7b05a598-5120-43f4-bf5d-576c2a7ff28d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\\\"><svg width=\\\"40\\\" height=\\\"40\\\" style=\\\"margin-right:14px;flex-shrink:0;fill:#3b82f6\\\" xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><path d=\\\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\\\"/><path d=\\\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\\\" opacity=\\\".2\\\"/><path d=\\\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\" opacity=\\\".2\\\"/></svg><div><div style=\\\"font-size:22px;font-weight:600;letter-spacing:-0.5px\\\">Tailscale Operations (Standard)</div><div style=\\\"font-size:13px;color:#94a3b8;margin-top:2px\\\">Single-pane visibility into your Tailscale tailnet on Personal (Free), Starter and Standard tiers: who, what, when, where, and what changed. Scope every panel with the time range below; the Investigate tab adds Actor and Device pickers for drilldown. Premium-tier panels (network flow logs, posture integrations) live in the separate <strong>Tailscale Operations (Premium)</strong> workbook.</div></div></div>\"},\"name\":\"header\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet at a glance</div>\"},\"name\":\"div-tailnet-at-a-glance-04e62b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DEV = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nlet USR = Tailscale_Users_CL   | summarize arg_max(TimeGenerated, *) by UserId;\\nlet KEY = Tailscale_Keys_CL    | summarize arg_max(TimeGenerated, *) by KeyId;\\nunion\\n  (DEV | summarize V=toreal(count())                                            | extend Metric=\\\"Devices\\\",         Order=1),\\n  (DEV | where Authorized == true                                               | summarize V=toreal(count()) | extend Metric=\\\"Authorized\\\",      Order=2),\\n  (DEV | where UpdateAvailable == true                                          | summarize V=toreal(count()) | extend Metric=\\\"Updates Available\\\", Order=3),\\n  (DEV | where SshEnabled == true                                               | summarize V=toreal(count()) | extend Metric=\\\"SSH-Enabled\\\",     Order=4),\\n  (USR | summarize V=toreal(count())                                            | extend Metric=\\\"Users\\\",           Order=5),\\n  (USR | where Role =~ \\\"admin\\\" or Role =~ \\\"owner\\\" or Role =~ \\\"network-admin\\\"    | summarize V=toreal(count()) | extend Metric=\\\"Admins\\\",          Order=6),\\n  (KEY | where isnull(Revoked) and (isnull(Expires) or Expires > now())         | summarize V=toreal(count()) | extend Metric=\\\"Active Keys\\\",     Order=7),\\n  (Tailscale_Audit_CL | where TimeGenerated {TimeRange} | summarize V=toreal(count()) | extend Metric=\\\"Audit Events ({TimeRange:label})\\\", Order=8)\\n| order by Order asc | project Metric, Value=V\",\"size\":3,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-4e9d7cff\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"9794e9fd-916b-494d-8e72-af63d2f4c6c7\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"71cf49db-33c5-4d4b-920a-2ec0c6a258dc\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Investigate\",\"subTarget\":\"investigate\",\"style\":\"link\"},{\"id\":\"5c56bb37-2053-47a0-b6fd-9539768c144d\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Hunts\",\"subTarget\":\"hunts\",\"style\":\"link\"},{\"id\":\"d2004ded-07f8-446a-a720-f0a63d1d9dda\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity\",\"subTarget\":\"identity\",\"style\":\"link\"},{\"id\":\"f23b3e14-1511-4a29-bf5e-bd65e55dbb40\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Devices\",\"subTarget\":\"devices\",\"style\":\"link\"},{\"id\":\"724f8352-e21b-45a6-9029-39dc92693c05\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Credentials\",\"subTarget\":\"credentials\",\"style\":\"link\"},{\"id\":\"8400ec64-e118-44e0-ae29-84afe94b8e0e\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Admin Audit\",\"subTarget\":\"audit\",\"style\":\"link\"},{\"id\":\"b7e04861-edfa-4426-b6be-f1481ca569b6\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network & DNS\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"cfbc96e4-8585-4d89-8f65-8344c8cc6eb2\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Pipeline Health\",\"subTarget\":\"pipeline\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit activity over time</div>\"},\"name\":\"div-audit-activity-over--546688\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Audit events by action\",\"noDataMessage\":\"No audit events in the selected window. Widen the time range; remember the Tailscale audit poll runs every ~30 min.\",\"noDataMessageStyle\":5},\"name\":\"q-effcd498\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Who's doing what</div>\"},\"name\":\"div-who's-doing-what-52144e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Actor=tostring(coalesce(Actor.loginName, Actor.displayName, Actor.type))\\n| where isnotempty(Actor)\\n| summarize Events=count(), DistinctActions=dcount(Action), LastSeen=max(TimeGenerated) by Actor\\n| order by Events desc | take 15\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Top actors (by event count)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Events\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"LastSeen\",\"formatter\":6}]}},\"name\":\"q-34c77fa9\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend TargetType=tostring(Target.type)\\n| where isnotempty(TargetType)\\n| summarize Events=count() by TargetType\\n| order by Events desc | take 15\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Activity by target type\"},\"name\":\"q-4b3b709d\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent admin events</div>\"},\"name\":\"div-recent-admin-events-87c9e0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Actor=tostring(coalesce(Actor.loginName, Actor.displayName, Actor.type))\\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\\n| project TimeGenerated, Action, Actor, TargetType, TargetName, Origin\\n| order by TimeGenerated desc | take 30\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Most recent 30 audit events\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]}},\"name\":\"q-5e7d6306\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"group-overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b83a25c1-da18-49a2-a444-6517f13d891c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"SelectedActor\",\"label\":\"Actor\",\"type\":2,\"isRequired\":false,\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where isnotempty(ActorLogin)\\n| summarize Events=count() by ActorLogin\\n| order by Events desc | take 50\\n| project value=ActorLogin, label=strcat(ActorLogin, \\\" (\\\", Events, \\\")\\\")\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":\"value::all\"},{\"id\":\"a9cf7907-f201-4725-a072-a8bd34bef74e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"SelectedDevice\",\"label\":\"Device\",\"type\":2,\"isRequired\":false,\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| order by LastSeen desc | take 100\\n| project value=DeviceName, label=strcat(coalesce(DeviceName, Hostname), \\\" (\\\", User, \\\")\\\")\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":\"value::all\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"investigate-pickers\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor activity timeline</div>\"},\"name\":\"div-actor-activity-timel-5ec305\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where \\\"{SelectedActor}\\\" == \\\"value::all\\\" or ActorLogin == \\\"{SelectedActor}\\\"\\n| summarize Events=count() by bin(TimeGenerated, 1h), Action\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Actions over time for selected actor (or all actors)\",\"noDataMessage\":\"Select an actor from the Actor dropdown above, or leave on 'All' to see total activity.\",\"noDataMessageStyle\":5},\"name\":\"q-32d40848\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where \\\"{SelectedActor}\\\" == \\\"value::all\\\" or ActorLogin == \\\"{SelectedActor}\\\"\\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\\n| project TimeGenerated, ActorLogin, Action, TargetType, TargetName, Origin\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Events from selected actor\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No events for this actor in the selected window.\",\"noDataMessageStyle\":5},\"name\":\"q-a742f6fd\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Selected device timeline</div>\"},\"name\":\"div-selected-device-time-00bead\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| where \\\"{SelectedDevice}\\\" == \\\"value::all\\\" or DeviceName == \\\"{SelectedDevice}\\\"\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| extend OnlineNow = ClientConnectivity.endpoints != \\\"\\\" or ConnectedToControl == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, Expires, KeyExpiryDisabled, OnlineNow, Addresses, Tags, AdvertisedRoutes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Device summary\",\"noDataMessage\":\"Select a device from the Device dropdown above. Defaults to 'All'.\",\"noDataMessageStyle\":5},\"name\":\"q-11094dc8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend TargetType=tostring(Target.type), TargetName=tostring(Target.name), TargetId=tostring(Target.id)\\n| where (\\\"{SelectedDevice}\\\" == \\\"value::all\\\" and TargetType == \\\"NODE\\\") or TargetName == \\\"{SelectedDevice}\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| project TimeGenerated, Action, ActorLogin, TargetName, TargetId, Origin\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Audit events touching this device\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No audit events recorded against the selected device in this window. Tailscale tags device events with Target.type=NODE; the audit feed only emits NODE events on create/update/delete, so quiet devices stay quiet here.\",\"noDataMessageStyle\":5},\"name\":\"q-ead106ce\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"investigate\"},\"name\":\"group-investigate\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">First-seen actors in the last 24h</div>\"},\"name\":\"div-first-seen-actors-in-ce38d9\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let recent = Tailscale_Audit_CL | where TimeGenerated > ago(24h) | extend A=tostring(coalesce(Actor.loginName, Actor.displayName)) | summarize FirstSeen24h=min(TimeGenerated), Events=count() by A;\\nlet historical = Tailscale_Audit_CL | where TimeGenerated between(ago(30d) .. ago(24h)) | extend A=tostring(coalesce(Actor.loginName, Actor.displayName)) | distinct A;\\nrecent | join kind=leftanti historical on A | where isnotempty(A) | project FirstSeen24h, Actor=A, Events | order by Events desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Actors who have NEVER appeared before (30d baseline)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"FirstSeen24h\",\"formatter\":6},{\"columnMatch\":\"Events\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}}]},\"noDataMessage\":\"Every actor seen in the last 24h has appeared at least once in the prior 30d. Healthy state.\",\"noDataMessageStyle\":5},\"name\":\"q-9ba7b85e\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Off-hours configuration changes</div>\"},\"name\":\"div-off-hours-configurat-3c3787\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Hour=hourofday(TimeGenerated), DayOfWeek=dayofweek(TimeGenerated)/1d\\n| where Hour < 7 or Hour > 19 or DayOfWeek in (0, 6)\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetType=tostring(Target.type)\\n| where Action !in (\\\"LOGIN\\\", \\\"LOGOUT\\\")\\n| project TimeGenerated, ActorLogin, Action, TargetType, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Admin actions outside 07:00-19:00 weekdays\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No off-hours admin changes recorded - healthy state for an organisation working business hours.\",\"noDataMessageStyle\":5},\"name\":\"q-721ee490\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices with key expiry disabled</div>\"},\"name\":\"div-devices-with-key-exp-dfe9c1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where KeyExpiryDisabled == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, Tags\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices that will never re-authenticate (high-risk drift)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No devices have key expiry disabled - good. Disabling key expiry creates devices that never re-auth, drifting from policy.\",\"noDataMessageStyle\":5},\"name\":\"q-8a8e2fb5\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Auth keys with no expiry</div>\"},\"name\":\"div-auth-keys-with-no-ex-b11207\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked) and (isnull(Expires) or ExpirySeconds == 0)\\n| project KeyId, Description, UserId, KeyType, Created, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Active keys that never expire\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6}]},\"noDataMessage\":\"No never-expiring auth keys - rotation hygiene is good.\",\"noDataMessageStyle\":5},\"name\":\"q-1372740c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices running outdated clients</div>\"},\"name\":\"div-devices-running-outd-bcd077\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where UpdateAvailable == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Tags\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices flagged update-available by Tailscale\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"All devices on current client - nothing to patch.\",\"noDataMessageStyle\":5},\"name\":\"q-ecebf1f7\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Dormant devices (LastSeen > 30 days)</div>\"},\"name\":\"div-dormant-devices-(las-761156\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where LastSeen < ago(30d)\\n| extend DaysIdle = toint((now() - LastSeen) / 1d)\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, DaysIdle, Authorized, Tags\\n| order by DaysIdle desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices idle 30+ days - candidates for retirement\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"DaysIdle\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}}]},\"noDataMessage\":\"No devices idle 30+ days - inventory is fresh.\",\"noDataMessageStyle\":5},\"name\":\"q-fb6c1fcc\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet route exposure</div>\"},\"name\":\"div-subnet-route-exposur-289c42\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\\n| extend Routes = tostring(EnabledRoutes), Advertised = tostring(AdvertisedRoutes)\\n| project DeviceName, Hostname, User, Os, Advertised, Routes, LastSeen, SshEnabled, Authorized\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices advertising or running subnet routes / exit-node duty\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No devices advertising subnet routes. Pure mesh topology.\",\"noDataMessageStyle\":5},\"name\":\"q-9533b081\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices with SSH enabled</div>\"},\"name\":\"div-devices-with-ssh-ena-285238\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where SshEnabled == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, Tags\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices with Tailscale SSH enabled (Tailscale-managed remote-shell access)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No devices have Tailscale SSH enabled - no SSH-via-Tailscale risk surface.\",\"noDataMessageStyle\":5},\"name\":\"q-735368fb\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"hunts\"},\"name\":\"group-hunts\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">User inventory snapshot</div>\"},\"name\":\"div-user-inventory-snaps-9dc96c\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let U = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\\nunion\\n  (U | summarize V=toreal(count())                                                | extend Metric=\\\"Total users\\\",        Order=1),\\n  (U | where Role in~ (\\\"admin\\\",\\\"owner\\\",\\\"network-admin\\\",\\\"it-admin\\\",\\\"billing-admin\\\") | summarize V=toreal(count()) | extend Metric=\\\"Admin-tier users\\\",  Order=2),\\n  (U | where Status =~ \\\"active\\\"                                                   | summarize V=toreal(count()) | extend Metric=\\\"Active\\\",            Order=3),\\n  (U | where CurrentlyConnected == true                                           | summarize V=toreal(count()) | extend Metric=\\\"Connected now\\\",     Order=4),\\n  (U | where Status =~ \\\"idle\\\" or LastSeen < ago(30d)                              | summarize V=toreal(count()) | extend Metric=\\\"Idle / dormant\\\",    Order=5),\\n  (U | where UserType =~ \\\"shared\\\"                                                 | summarize V=toreal(count()) | extend Metric=\\\"Shared (external)\\\", Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-5689d9e8\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-de67ec\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Count=count() by Role\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Users by role\"},\"name\":\"q-0c47912a\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Count=count() by Status\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Users by status\"},\"name\":\"q-e8c20a69\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Count=count() by UserType\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Users by type (member / shared)\"},\"name\":\"q-2c51776d\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity heatmap</div>\"},\"name\":\"div-activity-heatmap-ca6a21\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| extend DaysSinceLogin = toint((now() - LastSeen) / 1d)\\n| extend Bucket = case(\\n    DaysSinceLogin < 1, \\\"Today\\\",\\n    DaysSinceLogin < 7, \\\"This week\\\",\\n    DaysSinceLogin < 30, \\\"This month\\\",\\n    DaysSinceLogin < 90, \\\"Past quarter\\\",\\n    \\\"90+ days\\\")\\n| summarize Users=count() by Bucket\\n| order by case(Bucket==\\\"Today\\\",1, Bucket==\\\"This week\\\",2, Bucket==\\\"This month\\\",3, Bucket==\\\"Past quarter\\\",4, 5) asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Users by recency of last login\"},\"name\":\"q-350e118d\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Full user list</div>\"},\"name\":\"div-full-user-list-136aac\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| project DisplayName, LoginName, Role, Status, UserType, DeviceCount, CurrentlyConnected, Created, LastSeen\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"All users (latest snapshot per user ID)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6},{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"Role\",\"formatter\":11},{\"columnMatch\":\"Status\",\"formatter\":11},{\"columnMatch\":\"DeviceCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"name\":\"q-cee23d3c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Orphaned users (active but no devices)</div>\"},\"name\":\"div-orphaned-users-(acti-56d6f8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| where Status =~ \\\"active\\\" and DeviceCount == 0\\n| project DisplayName, LoginName, Role, UserType, Created, LastSeen\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Active accounts with zero devices - candidates for offboarding review\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6},{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"Every active account has at least one device - good hygiene.\",\"noDataMessageStyle\":5},\"name\":\"q-83fcd942\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Role escalation history</div>\"},\"name\":\"div-role-escalation-hist-bd8df4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"USER_ROLE_UPDATE\\\" or Action == \\\"USER_ROLES_ASSIGNED\\\" or Action contains \\\"ROLE\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetName=tostring(coalesce(Target.name, Target.id))\\n| extend FromRole=tostring(Old.role), ToRole=tostring(New.role)\\n| project TimeGenerated, ActorLogin, Action, TargetName, FromRole, ToRole, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent role changes\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"ToRole\",\"formatter\":11}]},\"noDataMessage\":\"No role changes in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-f6c8358a\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"identity\"},\"name\":\"group-identity\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device fleet snapshot</div>\"},\"name\":\"div-device-fleet-snapsho-939675\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let D = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nunion\\n  (D | summarize V=toreal(count())                              | extend Metric=\\\"Total devices\\\",       Order=1),\\n  (D | where Authorized == true                                 | summarize V=toreal(count()) | extend Metric=\\\"Authorized\\\",          Order=2),\\n  (D | where IsExternal == true                                 | summarize V=toreal(count()) | extend Metric=\\\"External (shared)\\\",   Order=3),\\n  (D | where UpdateAvailable == true                            | summarize V=toreal(count()) | extend Metric=\\\"Updates available\\\",   Order=4),\\n  (D | where SshEnabled == true                                 | summarize V=toreal(count()) | extend Metric=\\\"SSH-enabled\\\",         Order=5),\\n  (D | where KeyExpiryDisabled == true                          | summarize V=toreal(count()) | extend Metric=\\\"No key expiry\\\",       Order=6),\\n  (D | where array_length(AdvertisedRoutes) > 0                 | summarize V=toreal(count()) | extend Metric=\\\"Subnet/exit-node\\\",    Order=7),\\n  (D | where LastSeen < ago(30d)                                | summarize V=toreal(count()) | extend Metric=\\\"Stale (30+ days)\\\",    Order=8)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-366964fc\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-396d03\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count=count() by Os\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Devices by OS\"},\"name\":\"q-0c8f5988\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count=count() by ClientVersion\\n| order by Count desc | take 10\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Top 10 client versions\"},\"name\":\"q-af1c45cd\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| mv-expand Tag = Tags to typeof(string)\\n| summarize Devices=dcount(DeviceId) by Tag=iff(isempty(Tag), \\\"(untagged)\\\", Tag)\\n| order by Devices desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Devices by tag\"},\"name\":\"q-c3a0ef5b\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices needing attention</div>\"},\"name\":\"div-devices-needing-atte-f04a47\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where UpdateAvailable == true or KeyExpiryDisabled == true or LastSeen < ago(30d) or Authorized == false\\n| extend Issues = strcat_array(pack_array(\\n    iff(UpdateAvailable == true, \\\"needs-update\\\", \\\"\\\"),\\n    iff(KeyExpiryDisabled == true, \\\"key-never-expires\\\", \\\"\\\"),\\n    iff(LastSeen < ago(30d), \\\"stale\\\", \\\"\\\"),\\n    iff(Authorized == false, \\\"unauthorized\\\", \\\"\\\")), \\\",\\\")\\n| extend Issues = trim(\\\",\\\", trim_start(\\\",\\\", trim_end(\\\",\\\", replace_string(Issues, \\\",,\\\", \\\",\\\"))))\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Issues\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices flagged with one or more issues\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"Issues\",\"formatter\":11}]},\"noDataMessage\":\"No devices need attention - all updated, fresh, authorized, and key-rotating.\",\"noDataMessageStyle\":5},\"name\":\"q-dc5db84c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Full device inventory</div>\"},\"name\":\"div-full-device-inventor-b70642\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, KeyExpiryDisabled, Tags, AdvertisedRoutes\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"All devices (latest snapshot per device ID)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"Os\",\"formatter\":11},{\"columnMatch\":\"ClientVersion\",\"formatter\":11}]}},\"name\":\"q-7f7e7a9a\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routers / exit nodes</div>\"},\"name\":\"div-subnet-routers-/-exi-b082d6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0\\n| extend AdvertisedSummary = tostring(AdvertisedRoutes), EnabledSummary = tostring(EnabledRoutes)\\n| project DeviceName, Hostname, User, Os, AdvertisedSummary, EnabledSummary, LastSeen, Authorized\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices advertising subnet routes or exit-node capability\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No subnet routers in this tailnet - pure mesh topology.\",\"noDataMessageStyle\":5},\"name\":\"q-5004df25\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"devices\"},\"name\":\"group-devices\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credentials snapshot</div>\"},\"name\":\"div-credentials-snapshot-fd464a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let K = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId;\\nunion\\n  (K | summarize V=toreal(count())                                     | extend Metric=\\\"Total keys\\\",          Order=1),\\n  (K | where isnull(Revoked) and (isnull(Expires) or Expires > now())  | summarize V=toreal(count()) | extend Metric=\\\"Active\\\",              Order=2),\\n  (K | where isnotnull(Revoked)                                        | summarize V=toreal(count()) | extend Metric=\\\"Revoked\\\",             Order=3),\\n  (K | where Expires < now() and isnull(Revoked)                       | summarize V=toreal(count()) | extend Metric=\\\"Expired\\\",             Order=4),\\n  (K | where isnull(Revoked) and Expires between(now() .. ago(-7d))    | summarize V=toreal(count()) | extend Metric=\\\"Expiring in 7d\\\",      Order=5),\\n  (K | where isnull(Revoked) and (isnull(Expires) or ExpirySeconds==0) | summarize V=toreal(count()) | extend Metric=\\\"Never expire\\\",        Order=6),\\n  (K | where KeyType =~ \\\"auth\\\"                                         | summarize V=toreal(count()) | extend Metric=\\\"Auth keys\\\",           Order=7),\\n  (K | where KeyType =~ \\\"api\\\" or KeyType contains \\\"oauth\\\"              | summarize V=toreal(count()) | extend Metric=\\\"API / OAuth\\\",         Order=8)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-79398bc0\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-15f665\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| summarize Count=count() by KeyType\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Keys by type\"},\"name\":\"q-23e6618b\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| extend Bucket = case(\\n    isnull(Expires) or ExpirySeconds == 0, \\\"Never\\\",\\n    Expires < now(), \\\"Already expired\\\",\\n    Expires < ago(-1d), \\\"<24h\\\",\\n    Expires < ago(-7d), \\\"1-7d\\\",\\n    Expires < ago(-30d), \\\"8-30d\\\",\\n    Expires < ago(-90d), \\\"31-90d\\\",\\n    \\\"90+d\\\")\\n| summarize Keys=count() by Bucket\\n| order by case(Bucket==\\\"Already expired\\\",1, Bucket==\\\"<24h\\\",2, Bucket==\\\"1-7d\\\",3, Bucket==\\\"8-30d\\\",4, Bucket==\\\"31-90d\\\",5, Bucket==\\\"90+d\\\",6, Bucket==\\\"Never\\\",7, 8) asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Active key expiry distribution\"},\"name\":\"q-7484d1a0\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Active credential register</div>\"},\"name\":\"div-active-credential-re-c27539\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| extend ExpiryStatus = case(\\n    isnull(Expires) or ExpirySeconds == 0, \\\"Never expires\\\",\\n    Expires < now(), \\\"Expired\\\",\\n    Expires < ago(-7d), \\\"Expires in 7d\\\",\\n    Expires < ago(-30d), \\\"Expires in 30d\\\",\\n    \\\"OK\\\")\\n| project KeyId, KeyType, Description, UserId, Created, Expires, ExpiryStatus, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"All active credentials with computed expiry status\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6},{\"columnMatch\":\"Expires\",\"formatter\":6},{\"columnMatch\":\"ExpiryStatus\",\"formatter\":11},{\"columnMatch\":\"KeyType\",\"formatter\":11}]}},\"name\":\"q-4b27a750\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential CRUD events</div>\"},\"name\":\"div-credential-crud-even-e455b0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action contains \\\"API_KEY\\\" or Action contains \\\"AUTH_KEY\\\" or Action contains \\\"OAUTH\\\" or Action contains \\\"KEY_CREATE\\\" or Action contains \\\"KEY_REVOKE\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetId=tostring(Target.id), TargetType=tostring(Target.type)\\n| project TimeGenerated, Action, ActorLogin, TargetType, TargetId, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent credential create / revoke / rotate events\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No credential CRUD activity in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-777693bd\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"credentials\"},\"name\":\"group-credentials\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit volume</div>\"},\"name\":\"div-audit-volume-de29a2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Events=count() by bin(TimeGenerated, 1h)\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Audit events per hour\",\"noDataMessage\":\"No audit events in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-f5eee265\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Action heatmap by hour of day</div>\"},\"name\":\"div-action-heatmap-by-ho-c8bd5e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Hour=hourofday(TimeGenerated)\\n| summarize Events=count() by Hour, Action\\n| order by Hour asc, Events desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"title\":\"When are admin actions happening?\"},\"name\":\"q-c6f45d95\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor / Action heatmap</div>\"},\"name\":\"div-actor-/-action-heatm-d820ba\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where isnotempty(ActorLogin)\\n| summarize Events=count() by ActorLogin, Action\\n| order by Events desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Who is firing which action\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Events\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}]},\"noDataMessage\":\"No audit events in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-06c13b3b\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent activity</div>\"},\"name\":\"div-recent-activity-63b210\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\\n| project TimeGenerated, Action, ActorLogin, TargetType, TargetName, Origin, EventGroupID\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Last 100 audit events\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"Action\",\"formatter\":11}]},\"noDataMessage\":\"No audit events in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-07a25a40\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"audit\"},\"name\":\"group-audit\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS configuration (current state)</div>\"},\"name\":\"div-dns-configuration-(c-5f2e1e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Dns_CL\\n| summarize arg_max(TimeGenerated, *) by ConfigType\\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastSnapshot=TimeGenerated\\n| order by ConfigType asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"MagicDNS, nameservers, search paths\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSnapshot\",\"formatter\":6},{\"columnMatch\":\"ConfigType\",\"formatter\":11}]},\"noDataMessage\":\"No DNS snapshots in the workspace yet. DNS polls runs at ~30 min cadence.\",\"noDataMessageStyle\":5},\"name\":\"q-d6a6a358\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet settings (current)</div>\"},\"name\":\"div-tailnet-settings-(cu-e03b16\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| summarize arg_max(TimeGenerated, *) by TenantId\\n| project DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn, UsersRoleAllowedToJoinExternalTailnets, LastSnapshot=TimeGenerated\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Tailnet policy gates\",\"noDataMessage\":\"No settings snapshot yet.\",\"noDataMessageStyle\":5},\"name\":\"q-0622cfc3\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS change history</div>\"},\"name\":\"div-dns-change-history-9dd376\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend TargetProperty=tostring(Target.property)\\n| where Action contains \\\"DNS\\\" or TargetProperty has_any (\\\"DNS_NAMESERVERS\\\", \\\"DNS_SPLIT_DNS\\\", \\\"MAGICDNS\\\", \\\"DNS_SEARCH_PATHS\\\")\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| project TimeGenerated, ActorLogin, Action, TargetProperty, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent DNS-related admin changes\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No DNS changes in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-a132ff6a\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">ACL policy changes</div>\"},\"name\":\"div-acl-policy-changes-ff0e68\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"ACL_UPDATE\\\" or Action contains \\\"ACL\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| project TimeGenerated, ActorLogin, Action, Origin, EventGroupID\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent ACL / policy file modifications\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No ACL changes in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-94818c53\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routes & exit nodes</div>\"},\"name\":\"div-subnet-routes-and-ex-eef47f\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(EnabledRoutes) > 0\\n| project DeviceName, User, Os, EnabledRoutes=tostring(EnabledRoutes), AdvertisedRoutes=tostring(AdvertisedRoutes), LastSeen\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Routes currently being served from devices\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No subnet routers active in this tailnet.\",\"noDataMessageStyle\":5},\"name\":\"q-61a792cd\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"group-network\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Ingest rate per table</div>\"},\"name\":\"div-ingest-rate-per-tabl-24e5f6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union withsource=Table Tailscale_Audit_CL, Tailscale_Devices_CL, Tailscale_Users_CL, Tailscale_Keys_CL, Tailscale_Dns_CL, Tailscale_Settings_CL\\n| where TimeGenerated > ago(24h)\\n| summarize Rows=count() by Table, bin(TimeGenerated, 1h)\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Rows ingested per Tailscale table per hour (last 24h)\",\"noDataMessage\":\"No Tailscale data ingested in the last 24h - check the connector card under Sentinel Data Connectors.\",\"noDataMessageStyle\":5},\"name\":\"q-c6fd0143\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Last poll time per table</div>\"},\"name\":\"div-last-poll-time-per-t-49b051\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union withsource=Table Tailscale_Audit_CL, Tailscale_Devices_CL, Tailscale_Users_CL, Tailscale_Keys_CL, Tailscale_Dns_CL, Tailscale_Settings_CL\\n| summarize LastRow=max(TimeGenerated), TotalRows=count() by Table\\n| extend MinutesAgo=toint((now() - LastRow) / 1m)\\n| extend Status=case(MinutesAgo < 60, \\\"Fresh\\\", MinutesAgo < 360, \\\"Recent\\\", MinutesAgo < 1440, \\\"Stale\\\", \\\"Very Stale\\\")\\n| project Table, LastRow, MinutesAgo, TotalRows, Status\\n| order by MinutesAgo asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Per-table freshness\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastRow\",\"formatter\":6},{\"columnMatch\":\"MinutesAgo\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"TotalRows\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"Status\",\"formatter\":11}]}},\"name\":\"q-a02e37a8\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Log Analytics operational events</div>\"},\"name\":\"div-log-analytics-operat-630749\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"_LogOperation\\n| where TimeGenerated > ago(24h)\\n| where _ResourceId contains \\\"tailscale\\\" or Detail contains \\\"Tailscale_\\\"\\n| project TimeGenerated, Operation, Level, Detail\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Log Analytics operational events touching Tailscale tables\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"Level\",\"formatter\":11}]},\"noDataMessage\":\"No operational issues recorded in the last 24h.\",\"noDataMessageStyle\":5},\"name\":\"q-b492f150\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"pipeline\"},\"name\":\"group-pipeline\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"margin-top:32px;padding-top:16px;border-top:1px solid #1e293b;color:#64748b;font-size:12px\\\"><strong>Tailscale Operations (Standard) (CCF)</strong> - Microsoft Sentinel content from the Tailscale (CCF) solution, Standard-tier surface. Tables polled from the Tailscale REST API: audit, devices, users, keys, dns, settings. Filter every panel via the time range above; the Investigate tab adds Actor and Device pickers for drilldown. For network flow logs and posture integrations, install the companion <strong>Tailscale Operations (Premium)</strong> workbook on a Premium / Enterprise tailnet.</div>\"},\"name\":\"footer\"}],\"fallbackResourceIds\":[\"Azure Monitor\"],\"fromTemplateId\":\"sentinel-Tailscale-CCF\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"7b05a598-5120-43f4-bf5d-576c2a7ff28d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\\\"><svg width=\\\"40\\\" height=\\\"40\\\" style=\\\"margin-right:14px;flex-shrink:0;fill:#3b82f6\\\" xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><path d=\\\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\\\"/><path d=\\\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\\\" opacity=\\\".2\\\"/><path d=\\\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\" opacity=\\\".2\\\"/></svg><div><div style=\\\"font-size:22px;font-weight:600;letter-spacing:-0.5px\\\">Tailscale Operations (Standard)</div><div style=\\\"font-size:13px;color:#94a3b8;margin-top:2px\\\">Single-pane visibility into your Tailscale tailnet on Personal (Free), Starter and Standard tiers: who, what, when, where, and what changed. Scope every panel with the time range below; the Investigate tab adds Actor and Device pickers for drilldown. Premium-tier panels (network flow logs, posture integrations) live in the separate <strong>Tailscale Operations (Premium)</strong> workbook.</div></div></div>\"},\"name\":\"header\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"9794e9fd-916b-494d-8e72-af63d2f4c6c7\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"71cf49db-33c5-4d4b-920a-2ec0c6a258dc\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Investigate\",\"subTarget\":\"investigate\",\"style\":\"link\"},{\"id\":\"5c56bb37-2053-47a0-b6fd-9539768c144d\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Hunts\",\"subTarget\":\"hunts\",\"style\":\"link\"},{\"id\":\"d2004ded-07f8-446a-a720-f0a63d1d9dda\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity\",\"subTarget\":\"identity\",\"style\":\"link\"},{\"id\":\"f23b3e14-1511-4a29-bf5e-bd65e55dbb40\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Devices\",\"subTarget\":\"devices\",\"style\":\"link\"},{\"id\":\"724f8352-e21b-45a6-9029-39dc92693c05\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Credentials\",\"subTarget\":\"credentials\",\"style\":\"link\"},{\"id\":\"8400ec64-e118-44e0-ae29-84afe94b8e0e\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Admin Audit\",\"subTarget\":\"audit\",\"style\":\"link\"},{\"id\":\"b7e04861-edfa-4426-b6be-f1481ca569b6\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network & DNS\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"cfbc96e4-8585-4d89-8f65-8344c8cc6eb2\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Pipeline Health\",\"subTarget\":\"pipeline\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet at a glance</div>\"},\"name\":\"div-tailnet-at-a-glance-04e62b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DEV = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nlet USR = Tailscale_Users_CL   | summarize arg_max(TimeGenerated, *) by UserId;\\nlet KEY = Tailscale_Keys_CL    | summarize arg_max(TimeGenerated, *) by KeyId;\\nunion\\n  (DEV | summarize V=toreal(count())                                            | extend Metric=\\\"Devices\\\",         Order=1),\\n  (DEV | where Authorized == true                                               | summarize V=toreal(count()) | extend Metric=\\\"Authorized\\\",      Order=2),\\n  (DEV | where UpdateAvailable == true                                          | summarize V=toreal(count()) | extend Metric=\\\"Updates Available\\\", Order=3),\\n  (DEV | where SshEnabled == true                                               | summarize V=toreal(count()) | extend Metric=\\\"SSH-Enabled\\\",     Order=4),\\n  (USR | summarize V=toreal(count())                                            | extend Metric=\\\"Users\\\",           Order=5),\\n  (USR | where Role =~ \\\"admin\\\" or Role =~ \\\"owner\\\" or Role =~ \\\"network-admin\\\"    | summarize V=toreal(count()) | extend Metric=\\\"Admins\\\",          Order=6),\\n  (KEY | where isnull(Revoked) and (isnull(Expires) or Expires > now())         | summarize V=toreal(count()) | extend Metric=\\\"Active Keys\\\",     Order=7),\\n  (Tailscale_Audit_CL | where TimeGenerated {TimeRange} | summarize V=toreal(count()) | extend Metric=\\\"Audit Events ({TimeRange:label})\\\", Order=8)\\n| order by Order asc | project Metric, Value=V\",\"size\":3,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-4e9d7cff\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit activity over time</div>\"},\"name\":\"div-audit-activity-over--546688\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Audit events by action\",\"noDataMessage\":\"No audit events in the selected window. Widen the time range; remember the Tailscale audit poll runs every ~30 min.\",\"noDataMessageStyle\":5},\"name\":\"q-effcd498\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Who's doing what</div>\"},\"name\":\"div-who's-doing-what-52144e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Actor=tostring(coalesce(Actor.loginName, Actor.displayName, Actor.type))\\n| where isnotempty(Actor)\\n| summarize Events=count(), DistinctActions=dcount(Action), LastSeen=max(TimeGenerated) by Actor\\n| order by Events desc | take 15\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Top actors (by event count)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Events\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"LastSeen\",\"formatter\":6}]}},\"name\":\"q-34c77fa9\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend TargetType=tostring(Target.type)\\n| where isnotempty(TargetType)\\n| summarize Events=count() by TargetType\\n| order by Events desc | take 15\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Activity by target type\"},\"name\":\"q-4b3b709d\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent admin events</div>\"},\"name\":\"div-recent-admin-events-87c9e0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Actor=tostring(coalesce(Actor.loginName, Actor.displayName, Actor.type))\\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\\n| project TimeGenerated, Action, Actor, TargetType, TargetName, Origin\\n| order by TimeGenerated desc | take 30\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Most recent 30 audit events\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]}},\"name\":\"q-5e7d6306\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"group-overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b83a25c1-da18-49a2-a444-6517f13d891c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"SelectedActor\",\"label\":\"Actor\",\"type\":2,\"isRequired\":false,\"query\":\"let opts = Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where isnotempty(ActorLogin)\\n| summarize Events=count() by ActorLogin\\n| project value=ActorLogin, label=strcat(ActorLogin, \\\" (\\\", tostring(Events), \\\" events)\\\");\\n(print value=\\\"__ALL__\\\", label=\\\"(All actors)\\\")\\n| union opts\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":\"__ALL__\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"investigate-picker-actor\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor activity timeline</div>\"},\"name\":\"div-actor-activity-timel-5ec305\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where \\\"{SelectedActor}\\\" == \\\"__ALL__\\\" or ActorLogin == \\\"{SelectedActor}\\\"\\n| summarize Events=count() by bin(TimeGenerated, 1h), Action\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Actions over time -- actor: {SelectedActor:label}\",\"noDataMessage\":\"Select an actor from the Actor dropdown above, or leave on 'All' to see total activity.\",\"noDataMessageStyle\":5},\"name\":\"q-32d40848\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where \\\"{SelectedActor}\\\" == \\\"__ALL__\\\" or ActorLogin == \\\"{SelectedActor}\\\"\\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\\n| project TimeGenerated, ActorLogin, Action, TargetType, TargetName, Origin\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent events for actor: {SelectedActor:label}\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No events for this actor in the selected window.\",\"noDataMessageStyle\":5},\"name\":\"q-a742f6fd\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"a9cf7907-f201-4725-a072-a8bd34bef74e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"SelectedDevice\",\"label\":\"Device\",\"type\":2,\"isRequired\":false,\"query\":\"let opts = Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| order by LastSeen desc | take 100\\n| project value=DeviceName, label=strcat(coalesce(DeviceName, Hostname), \\\" (\\\", User, \\\")\\\");\\n(print value=\\\"__ALL__\\\", label=\\\"(All devices)\\\")\\n| union opts\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":\"__ALL__\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"investigate-picker-device\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Selected device timeline</div>\"},\"name\":\"div-selected-device-time-00bead\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| where \\\"{SelectedDevice}\\\" == \\\"__ALL__\\\" or DeviceName == \\\"{SelectedDevice}\\\"\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| extend OnlineNow = ClientConnectivity.endpoints != \\\"\\\" or ConnectedToControl == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, Expires, KeyExpiryDisabled, OnlineNow, Addresses, Tags, AdvertisedRoutes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Summary for device: {SelectedDevice:label}\",\"noDataMessage\":\"Select a device from the Device dropdown above. Defaults to 'All'.\",\"noDataMessageStyle\":5},\"name\":\"q-11094dc8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend TargetType=tostring(Target.type), TargetName=tostring(Target.name), TargetId=tostring(Target.id)\\n| where (\\\"{SelectedDevice}\\\" == \\\"__ALL__\\\" and TargetType == \\\"NODE\\\") or TargetName == \\\"{SelectedDevice}\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| project TimeGenerated, Action, ActorLogin, TargetName, TargetId, Origin\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Audit events touching device: {SelectedDevice:label}\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No audit events recorded against the selected device in this window. Tailscale tags device events with Target.type=NODE; the audit feed only emits NODE events on create/update/delete, so quiet devices stay quiet here.\",\"noDataMessageStyle\":5},\"name\":\"q-ead106ce\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"investigate\"},\"name\":\"group-investigate\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">First-seen actors in the last 24h</div>\"},\"name\":\"div-first-seen-actors-in-ce38d9\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let recent = Tailscale_Audit_CL | where TimeGenerated > ago(24h) | extend A=tostring(coalesce(Actor.loginName, Actor.displayName)) | summarize FirstSeen24h=min(TimeGenerated), Events=count() by A;\\nlet historical = Tailscale_Audit_CL | where TimeGenerated between(ago(30d) .. ago(24h)) | extend A=tostring(coalesce(Actor.loginName, Actor.displayName)) | distinct A;\\nrecent | join kind=leftanti historical on A | where isnotempty(A) | project FirstSeen24h, Actor=A, Events | order by Events desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Actors who have NEVER appeared before (30d baseline)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"FirstSeen24h\",\"formatter\":6},{\"columnMatch\":\"Events\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}}]},\"noDataMessage\":\"Every actor seen in the last 24h has appeared at least once in the prior 30d. Healthy state.\",\"noDataMessageStyle\":1},\"name\":\"q-9ba7b85e\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Off-hours configuration changes</div>\"},\"name\":\"div-off-hours-configurat-3c3787\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Hour=hourofday(TimeGenerated), DayOfWeek=dayofweek(TimeGenerated)/1d\\n| where Hour < 7 or Hour > 19 or DayOfWeek in (0, 6)\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetType=tostring(Target.type)\\n| where Action !in (\\\"LOGIN\\\", \\\"LOGOUT\\\")\\n| project TimeGenerated, ActorLogin, Action, TargetType, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Admin actions outside 07:00-19:00 weekdays\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No off-hours admin changes recorded - healthy state for an organisation working business hours.\",\"noDataMessageStyle\":1},\"name\":\"q-721ee490\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices with key expiry disabled</div>\"},\"name\":\"div-devices-with-key-exp-dfe9c1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where KeyExpiryDisabled == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, Tags\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices that will never re-authenticate (high-risk drift)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No devices have key expiry disabled - good. Disabling key expiry creates devices that never re-auth, drifting from policy.\",\"noDataMessageStyle\":1},\"name\":\"q-8a8e2fb5\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Auth keys with no expiry</div>\"},\"name\":\"div-auth-keys-with-no-ex-b11207\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked) and (isnull(Expires) or ExpirySeconds == 0)\\n| project KeyId, Description, UserId, KeyType, Created, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Active keys that never expire\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6}]},\"noDataMessage\":\"No never-expiring auth keys - rotation hygiene is good.\",\"noDataMessageStyle\":1},\"name\":\"q-1372740c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices running outdated clients</div>\"},\"name\":\"div-devices-running-outd-bcd077\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where UpdateAvailable == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Tags\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices flagged update-available by Tailscale\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"All devices on current client - nothing to patch.\",\"noDataMessageStyle\":1},\"name\":\"q-ecebf1f7\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Dormant devices (LastSeen > 30 days)</div>\"},\"name\":\"div-dormant-devices-(las-761156\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where LastSeen < ago(30d)\\n| extend DaysIdle = toint((now() - LastSeen) / 1d)\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, DaysIdle, Authorized, Tags\\n| order by DaysIdle desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices idle 30+ days - candidates for retirement\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"DaysIdle\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}}]},\"noDataMessage\":\"No devices idle 30+ days - inventory is fresh.\",\"noDataMessageStyle\":1},\"name\":\"q-fb6c1fcc\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet route exposure</div>\"},\"name\":\"div-subnet-route-exposur-289c42\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\\n| extend Routes = tostring(EnabledRoutes), Advertised = tostring(AdvertisedRoutes)\\n| project DeviceName, Hostname, User, Os, Advertised, Routes, LastSeen, SshEnabled, Authorized\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices advertising or running subnet routes / exit-node duty\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No devices advertising subnet routes. Pure mesh topology.\",\"noDataMessageStyle\":1},\"name\":\"q-9533b081\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices with SSH enabled</div>\"},\"name\":\"div-devices-with-ssh-ena-285238\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where SshEnabled == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, Tags\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices with Tailscale SSH enabled (Tailscale-managed remote-shell access)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No devices have Tailscale SSH enabled - no SSH-via-Tailscale risk surface.\",\"noDataMessageStyle\":1},\"name\":\"q-735368fb\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"hunts\"},\"name\":\"group-hunts\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">User inventory snapshot</div>\"},\"name\":\"div-user-inventory-snaps-9dc96c\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let U = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\\nunion\\n  (U | summarize V=toreal(count())                                                | extend Metric=\\\"Total users\\\",        Order=1),\\n  (U | where Role in~ (\\\"admin\\\",\\\"owner\\\",\\\"network-admin\\\",\\\"it-admin\\\",\\\"billing-admin\\\") | summarize V=toreal(count()) | extend Metric=\\\"Admin-tier users\\\",  Order=2),\\n  (U | where Status =~ \\\"active\\\"                                                   | summarize V=toreal(count()) | extend Metric=\\\"Active\\\",            Order=3),\\n  (U | where CurrentlyConnected == true                                           | summarize V=toreal(count()) | extend Metric=\\\"Connected now\\\",     Order=4),\\n  (U | where Status =~ \\\"idle\\\" or LastSeen < ago(30d)                              | summarize V=toreal(count()) | extend Metric=\\\"Idle / dormant\\\",    Order=5),\\n  (U | where UserType =~ \\\"shared\\\"                                                 | summarize V=toreal(count()) | extend Metric=\\\"Shared (external)\\\", Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-5689d9e8\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-de67ec\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Count=count() by Role\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Users by role\"},\"name\":\"q-0c47912a\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Count=count() by Status\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Users by status\"},\"name\":\"q-e8c20a69\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Count=count() by UserType\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Users by type (member / shared)\"},\"name\":\"q-2c51776d\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity heatmap</div>\"},\"name\":\"div-activity-heatmap-ca6a21\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| extend DaysSinceLogin = toint((now() - LastSeen) / 1d)\\n| extend Bucket = case(\\n    DaysSinceLogin < 1, \\\"Today\\\",\\n    DaysSinceLogin < 7, \\\"This week\\\",\\n    DaysSinceLogin < 30, \\\"This month\\\",\\n    DaysSinceLogin < 90, \\\"Past quarter\\\",\\n    \\\"90+ days\\\")\\n| summarize Users=count() by Bucket\\n| order by case(Bucket==\\\"Today\\\",1, Bucket==\\\"This week\\\",2, Bucket==\\\"This month\\\",3, Bucket==\\\"Past quarter\\\",4, 5) asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Users by recency of last login\"},\"name\":\"q-350e118d\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Full user list</div>\"},\"name\":\"div-full-user-list-136aac\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| project DisplayName, LoginName, Role, Status, UserType, DeviceCount, CurrentlyConnected, Created, LastSeen\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"All users (latest snapshot per user ID)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6},{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"Role\",\"formatter\":1},{\"columnMatch\":\"Status\",\"formatter\":1},{\"columnMatch\":\"DeviceCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"name\":\"q-cee23d3c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Orphaned users (active but no devices)</div>\"},\"name\":\"div-orphaned-users-(acti-56d6f8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| where Status =~ \\\"active\\\" and DeviceCount == 0\\n| project DisplayName, LoginName, Role, UserType, Created, LastSeen\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Active accounts with zero devices - candidates for offboarding review\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6},{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"Every active account has at least one device - good hygiene.\",\"noDataMessageStyle\":1},\"name\":\"q-83fcd942\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Role escalation history</div>\"},\"name\":\"div-role-escalation-hist-bd8df4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"USER_ROLE_UPDATE\\\" or Action == \\\"USER_ROLES_ASSIGNED\\\" or Action contains \\\"ROLE\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetName=tostring(coalesce(Target.name, Target.id))\\n| extend FromRole=tostring(Old.role), ToRole=tostring(New.role)\\n| project TimeGenerated, ActorLogin, Action, TargetName, FromRole, ToRole, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent role changes\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"ToRole\",\"formatter\":1}]},\"noDataMessage\":\"No role changes in this window.\",\"noDataMessageStyle\":1},\"name\":\"q-f6c8358a\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"identity\"},\"name\":\"group-identity\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device fleet snapshot</div>\"},\"name\":\"div-device-fleet-snapsho-939675\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let D = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nunion\\n  (D | summarize V=toreal(count())                              | extend Metric=\\\"Total devices\\\",       Order=1),\\n  (D | where Authorized == true                                 | summarize V=toreal(count()) | extend Metric=\\\"Authorized\\\",          Order=2),\\n  (D | where IsExternal == true                                 | summarize V=toreal(count()) | extend Metric=\\\"External (shared)\\\",   Order=3),\\n  (D | where UpdateAvailable == true                            | summarize V=toreal(count()) | extend Metric=\\\"Updates available\\\",   Order=4),\\n  (D | where SshEnabled == true                                 | summarize V=toreal(count()) | extend Metric=\\\"SSH-enabled\\\",         Order=5),\\n  (D | where KeyExpiryDisabled == true                          | summarize V=toreal(count()) | extend Metric=\\\"No key expiry\\\",       Order=6),\\n  (D | where array_length(AdvertisedRoutes) > 0                 | summarize V=toreal(count()) | extend Metric=\\\"Subnet/exit-node\\\",    Order=7),\\n  (D | where LastSeen < ago(30d)                                | summarize V=toreal(count()) | extend Metric=\\\"Stale (30+ days)\\\",    Order=8)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-366964fc\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-396d03\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count=count() by Os\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Devices by OS\"},\"name\":\"q-0c8f5988\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count=count() by ClientVersion\\n| order by Count desc | take 10\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Top 10 client versions\"},\"name\":\"q-af1c45cd\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| mv-expand Tag = Tags to typeof(string)\\n| summarize Devices=dcount(DeviceId) by Tag=iff(isempty(Tag), \\\"(untagged)\\\", Tag)\\n| order by Devices desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Devices by tag\"},\"name\":\"q-c3a0ef5b\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices needing attention</div>\"},\"name\":\"div-devices-needing-atte-f04a47\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where UpdateAvailable == true or KeyExpiryDisabled == true or LastSeen < ago(30d) or Authorized == false\\n| extend Issues = strcat_array(pack_array(\\n    iff(UpdateAvailable == true, \\\"needs-update\\\", \\\"\\\"),\\n    iff(KeyExpiryDisabled == true, \\\"key-never-expires\\\", \\\"\\\"),\\n    iff(LastSeen < ago(30d), \\\"stale\\\", \\\"\\\"),\\n    iff(Authorized == false, \\\"unauthorized\\\", \\\"\\\")), \\\",\\\")\\n| extend Issues = trim(\\\",\\\", trim_start(\\\",\\\", trim_end(\\\",\\\", replace_string(Issues, \\\",,\\\", \\\",\\\"))))\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Issues\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices flagged with one or more issues\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"Issues\",\"formatter\":1}]},\"noDataMessage\":\"No devices need attention - all updated, fresh, authorized, and key-rotating.\",\"noDataMessageStyle\":1},\"name\":\"q-dc5db84c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Full device inventory</div>\"},\"name\":\"div-full-device-inventor-b70642\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, KeyExpiryDisabled, Tags, AdvertisedRoutes\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"All devices (latest snapshot per device ID)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"Os\",\"formatter\":1},{\"columnMatch\":\"ClientVersion\",\"formatter\":1}]}},\"name\":\"q-7f7e7a9a\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routers / exit nodes</div>\"},\"name\":\"div-subnet-routers-/-exi-b082d6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0\\n| extend AdvertisedSummary = tostring(AdvertisedRoutes), EnabledSummary = tostring(EnabledRoutes)\\n| project DeviceName, Hostname, User, Os, AdvertisedSummary, EnabledSummary, LastSeen, Authorized\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices advertising subnet routes or exit-node capability\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No subnet routers in this tailnet - pure mesh topology.\",\"noDataMessageStyle\":1},\"name\":\"q-5004df25\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"devices\"},\"name\":\"group-devices\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credentials snapshot</div>\"},\"name\":\"div-credentials-snapshot-fd464a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let K = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId;\\nunion\\n  (K | summarize V=toreal(count())                                     | extend Metric=\\\"Total keys\\\",          Order=1),\\n  (K | where isnull(Revoked) and (isnull(Expires) or Expires > now())  | summarize V=toreal(count()) | extend Metric=\\\"Active\\\",              Order=2),\\n  (K | where isnotnull(Revoked)                                        | summarize V=toreal(count()) | extend Metric=\\\"Revoked\\\",             Order=3),\\n  (K | where Expires < now() and isnull(Revoked)                       | summarize V=toreal(count()) | extend Metric=\\\"Expired\\\",             Order=4),\\n  (K | where isnull(Revoked) and Expires between(now() .. ago(-7d))    | summarize V=toreal(count()) | extend Metric=\\\"Expiring in 7d\\\",      Order=5),\\n  (K | where isnull(Revoked) and (isnull(Expires) or ExpirySeconds==0) | summarize V=toreal(count()) | extend Metric=\\\"Never expire\\\",        Order=6),\\n  (K | where KeyType =~ \\\"auth\\\"                                         | summarize V=toreal(count()) | extend Metric=\\\"Auth keys\\\",           Order=7),\\n  (K | where KeyType =~ \\\"api\\\" or KeyType contains \\\"oauth\\\"              | summarize V=toreal(count()) | extend Metric=\\\"API / OAuth\\\",         Order=8)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-79398bc0\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-15f665\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| summarize Count=count() by KeyType\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Keys by type\"},\"name\":\"q-23e6618b\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| extend Bucket = case(\\n    isnull(Expires) or ExpirySeconds == 0, \\\"Never\\\",\\n    Expires < now(), \\\"Already expired\\\",\\n    Expires < ago(-1d), \\\"<24h\\\",\\n    Expires < ago(-7d), \\\"1-7d\\\",\\n    Expires < ago(-30d), \\\"8-30d\\\",\\n    Expires < ago(-90d), \\\"31-90d\\\",\\n    \\\"90+d\\\")\\n| summarize Keys=count() by Bucket\\n| order by case(Bucket==\\\"Already expired\\\",1, Bucket==\\\"<24h\\\",2, Bucket==\\\"1-7d\\\",3, Bucket==\\\"8-30d\\\",4, Bucket==\\\"31-90d\\\",5, Bucket==\\\"90+d\\\",6, Bucket==\\\"Never\\\",7, 8) asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Active key expiry distribution\"},\"name\":\"q-7484d1a0\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Active credential register</div>\"},\"name\":\"div-active-credential-re-c27539\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| extend ExpiryStatus = case(\\n    isnull(Expires) or ExpirySeconds == 0, \\\"Never expires\\\",\\n    Expires < now(), \\\"Expired\\\",\\n    Expires < ago(-7d), \\\"Expires in 7d\\\",\\n    Expires < ago(-30d), \\\"Expires in 30d\\\",\\n    \\\"OK\\\")\\n| project KeyId, KeyType, Description, UserId, Created, Expires, ExpiryStatus, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"All active credentials with computed expiry status\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6},{\"columnMatch\":\"Expires\",\"formatter\":6},{\"columnMatch\":\"ExpiryStatus\",\"formatter\":1},{\"columnMatch\":\"KeyType\",\"formatter\":1}]}},\"name\":\"q-4b27a750\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential CRUD events</div>\"},\"name\":\"div-credential-crud-even-e455b0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action contains \\\"API_KEY\\\" or Action contains \\\"AUTH_KEY\\\" or Action contains \\\"OAUTH\\\" or Action contains \\\"KEY_CREATE\\\" or Action contains \\\"KEY_REVOKE\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetId=tostring(Target.id), TargetType=tostring(Target.type)\\n| project TimeGenerated, Action, ActorLogin, TargetType, TargetId, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent credential create / revoke / rotate events\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No credential CRUD activity in this window.\",\"noDataMessageStyle\":1},\"name\":\"q-777693bd\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"credentials\"},\"name\":\"group-credentials\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit volume</div>\"},\"name\":\"div-audit-volume-de29a2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Events=count() by bin(TimeGenerated, 1h)\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Audit events per hour\",\"noDataMessage\":\"No audit events in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-f5eee265\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Action heatmap by hour of day</div>\"},\"name\":\"div-action-heatmap-by-ho-c8bd5e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Hour=hourofday(TimeGenerated)\\n| summarize Events=count() by Hour, Action\\n| order by Hour asc, Events desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"title\":\"When are admin actions happening?\"},\"name\":\"q-c6f45d95\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor / Action heatmap</div>\"},\"name\":\"div-actor-/-action-heatm-d820ba\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where isnotempty(ActorLogin)\\n| summarize Events=count() by ActorLogin, Action\\n| order by Events desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Who is firing which action\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Events\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}]},\"noDataMessage\":\"No audit events in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-06c13b3b\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent activity</div>\"},\"name\":\"div-recent-activity-63b210\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\\n| project TimeGenerated, Action, ActorLogin, TargetType, TargetName, Origin, EventGroupID\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Last 100 audit events\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"Action\",\"formatter\":1}]},\"noDataMessage\":\"No audit events in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-07a25a40\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"audit\"},\"name\":\"group-audit\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS configuration (current state)</div>\"},\"name\":\"div-dns-configuration-(c-5f2e1e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Dns_CL\\n| summarize arg_max(TimeGenerated, *) by ConfigType\\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastSnapshot=TimeGenerated\\n| order by ConfigType asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"MagicDNS, nameservers, search paths\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSnapshot\",\"formatter\":6},{\"columnMatch\":\"ConfigType\",\"formatter\":1}]},\"noDataMessage\":\"No DNS snapshots in the workspace yet. DNS polls runs at ~30 min cadence.\",\"noDataMessageStyle\":5},\"name\":\"q-d6a6a358\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet settings (current)</div>\"},\"name\":\"div-tailnet-settings-(cu-e03b16\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| summarize arg_max(TimeGenerated, *) by TenantId\\n| project DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn, UsersRoleAllowedToJoinExternalTailnets, LastSnapshot=TimeGenerated\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Tailnet policy gates\",\"noDataMessage\":\"No settings snapshot yet.\",\"noDataMessageStyle\":5},\"name\":\"q-0622cfc3\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS change history</div>\"},\"name\":\"div-dns-change-history-9dd376\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend TargetProperty=tostring(Target.property)\\n| where Action contains \\\"DNS\\\" or TargetProperty has_any (\\\"DNS_NAMESERVERS\\\", \\\"DNS_SPLIT_DNS\\\", \\\"MAGICDNS\\\", \\\"DNS_SEARCH_PATHS\\\")\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| project TimeGenerated, ActorLogin, Action, TargetProperty, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent DNS-related admin changes\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No DNS changes in this window.\",\"noDataMessageStyle\":1},\"name\":\"q-a132ff6a\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">ACL policy changes</div>\"},\"name\":\"div-acl-policy-changes-ff0e68\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"ACL_UPDATE\\\" or Action contains \\\"ACL\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| project TimeGenerated, ActorLogin, Action, Origin, EventGroupID\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent ACL / policy file modifications\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No ACL changes in this window.\",\"noDataMessageStyle\":1},\"name\":\"q-94818c53\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routes & exit nodes</div>\"},\"name\":\"div-subnet-routes-and-ex-eef47f\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(EnabledRoutes) > 0\\n| project DeviceName, User, Os, EnabledRoutes=tostring(EnabledRoutes), AdvertisedRoutes=tostring(AdvertisedRoutes), LastSeen\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Routes currently being served from devices\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No subnet routers active in this tailnet.\",\"noDataMessageStyle\":1},\"name\":\"q-61a792cd\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"group-network\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Ingest rate per table</div>\"},\"name\":\"div-ingest-rate-per-tabl-24e5f6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union withsource=Table Tailscale_Audit_CL, Tailscale_Devices_CL, Tailscale_Users_CL, Tailscale_Keys_CL, Tailscale_Dns_CL, Tailscale_Settings_CL\\n| where TimeGenerated > ago(24h)\\n| summarize Rows=count() by Table, bin(TimeGenerated, 1h)\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Rows ingested per Tailscale table per hour (last 24h)\",\"noDataMessage\":\"No Tailscale data ingested in the last 24h - check the connector card under Sentinel Data Connectors.\",\"noDataMessageStyle\":5},\"name\":\"q-c6fd0143\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Last poll time per table</div>\"},\"name\":\"div-last-poll-time-per-t-49b051\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union withsource=Table Tailscale_Audit_CL, Tailscale_Devices_CL, Tailscale_Users_CL, Tailscale_Keys_CL, Tailscale_Dns_CL, Tailscale_Settings_CL\\n| summarize LastRow=max(TimeGenerated), TotalRows=count() by Table\\n| extend MinutesAgo=toint((now() - LastRow) / 1m)\\n| extend Status=case(MinutesAgo < 60, \\\"Fresh\\\", MinutesAgo < 360, \\\"Recent\\\", MinutesAgo < 1440, \\\"Stale\\\", \\\"Very Stale\\\")\\n| project Table, LastRow, MinutesAgo, TotalRows, Status\\n| order by MinutesAgo asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Per-table freshness\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastRow\",\"formatter\":6},{\"columnMatch\":\"MinutesAgo\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"TotalRows\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"Status\",\"formatter\":1}]}},\"name\":\"q-a02e37a8\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Log Analytics operational events</div>\"},\"name\":\"div-log-analytics-operat-630749\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"_LogOperation\\n| where TimeGenerated > ago(24h)\\n| where _ResourceId contains \\\"tailscale\\\" or Detail contains \\\"Tailscale_\\\"\\n| project TimeGenerated, Operation, Level, Detail\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Log Analytics operational events touching Tailscale tables\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"Level\",\"formatter\":1}]},\"noDataMessage\":\"No operational issues recorded in the last 24h.\",\"noDataMessageStyle\":1},\"name\":\"q-b492f150\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"pipeline\"},\"name\":\"group-pipeline\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"margin-top:32px;padding-top:16px;border-top:1px solid #1e293b;color:#64748b;font-size:12px\\\"><strong>Tailscale Operations (Standard) (CCF)</strong> - Microsoft Sentinel content from the Tailscale (CCF) solution, Standard-tier surface. Tables polled from the Tailscale REST API: audit, devices, users, keys, dns, settings. Filter every panel via the time range above; the Investigate tab adds Actor and Device pickers for drilldown. For network flow logs and posture integrations, install the companion <strong>Tailscale Operations (Premium)</strong> workbook on a Premium / Enterprise tailnet.</div>\"},\"name\":\"footer\"}],\"fallbackResourceIds\":[\"Azure Monitor\"],\"fromTemplateId\":\"sentinel-Tailscale-CCF\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -8496,7 +9396,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -8564,7 +9464,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TailscalePremiumOperations Workbook with template version 3.0.5",
+        "description": "TailscalePremiumOperations Workbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion2')]",
@@ -8582,7 +9482,7 @@
               },
               "properties": {
                 "displayName": "[parameters('workbook2-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"5c59168c-014b-4a83-8a8f-73cc60997e6b\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\\\"><svg width=\\\"40\\\" height=\\\"40\\\" style=\\\"margin-right:14px;flex-shrink:0;fill:#a855f7\\\" xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><path d=\\\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\\\"/><path d=\\\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\\\" opacity=\\\".2\\\"/><path d=\\\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\" opacity=\\\".2\\\"/></svg><div><div style=\\\"font-size:22px;font-weight:600;letter-spacing:-0.5px\\\">Tailscale Premium (CCF)</div><div style=\\\"font-size:13px;color:#94a3b8;margin-top:2px\\\">Comprehensive visibility for Premium and Enterprise tier tailnets. All Standard telemetry plus network flow logs and posture-integration inventory. Scope every panel with the time range below.</div></div></div>\"},\"name\":\"header\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"c1c44fc1-1b89-45a5-92cb-8e2374d9a855\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"d1147d96-d052-47f7-b048-2b471f6f091c\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Devices\",\"subTarget\":\"devices\",\"style\":\"link\"},{\"id\":\"52c56980-5cfe-456c-a499-9cfd8317ad69\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Users & Identity\",\"subTarget\":\"users\",\"style\":\"link\"},{\"id\":\"9eb1d383-09e7-4aed-af3c-0dbe8c73dac6\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Credentials\",\"subTarget\":\"credentials\",\"style\":\"link\"},{\"id\":\"7cd3279a-4b91-430a-a68d-fb1fa2d74d9b\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"DNS & Tailnet\",\"subTarget\":\"dns\",\"style\":\"link\"},{\"id\":\"e5179782-bc17-42b3-9f8c-c2e0fbfd1f30\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Webhooks\",\"subTarget\":\"webhooks\",\"style\":\"link\"},{\"id\":\"6cce0298-c5ec-4092-bfc8-b84a6764fe62\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"8d8bbfed-b08e-401b-9f62-8eaa597261d3\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Posture\",\"subTarget\":\"posture\",\"style\":\"link\"},{\"id\":\"81d1910b-f903-4811-b762-cabeb7740c88\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Audit Activity\",\"subTarget\":\"audit\",\"style\":\"link\"},{\"id\":\"f685a8e3-878e-4cd6-b6d3-5340d57eb32b\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Signals\",\"subTarget\":\"signals\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">At a glance</div>\"},\"name\":\"div-at-a-glance-75296e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union (Tailscale_Devices_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by DeviceId | summarize V=toreal(count())                              | extend Metric=\\\"Devices\\\",            Order=1),(Tailscale_Users_CL   | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by UserId   | summarize V=toreal(count())                              | extend Metric=\\\"Users\\\",              Order=2),(Tailscale_Keys_CL    | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by KeyId    | summarize V=toreal(countif(isnull(Revoked)))              | extend Metric=\\\"Active keys\\\",        Order=3),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange}                                                   | summarize V=toreal(count())                              | extend Metric=\\\"Audit events\\\",       Order=4),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange} | where tostring(Target.property) == \\\"ACL\\\" or tostring(Target.property) == \\\"DNS_SPLIT_DNS\\\" or tostring(Target.property) == \\\"DNS_NAMESERVERS\\\" or tostring(Target.property) == \\\"MAGICDNS_PREFERENCES\\\" | summarize V=toreal(count()) | extend Metric=\\\"DNS / ACL changes\\\", Order=5)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-b71f9f4a\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity over time</div>\"},\"name\":\"div-activity-over-time-bcc7c5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events by action\",\"visualization\":\"timechart\"},\"name\":\"q-8fc88ccb\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top actors</div>\"},\"name\":\"div-top-actors-bd287b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName)\\n| where isnotempty(ActorLogin)\\n| summarize EventCount = count() by ActorLogin\\n| top 10 by EventCount\\n| render barchart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Top 10 actors\",\"visualization\":\"table\"},\"name\":\"q-93b0d742\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by TargetType = tostring(Target.type)\\n| top 10 by EventCount\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Activity by target type\",\"visualization\":\"table\"},\"name\":\"q-12fbe2ab\",\"customWidth\":\"50\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"group-overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory snapshot</div>\"},\"name\":\"div-device-inventory-snapshot-56b7ce\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nunion (base                                                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Total devices\\\",       Order=1),(base | where Authorized == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"Authorized\\\",          Order=2),(base | where IsExternal == true                                      | summarize V=toreal(count())                                      | extend Metric=\\\"External (shared)\\\",   Order=3),(base | where KeyExpiryDisabled == true                               | summarize V=toreal(count())                                      | extend Metric=\\\"Key expiry disabled\\\", Order=4),(base | where UpdateAvailable == true                                 | summarize V=toreal(count())                                      | extend Metric=\\\"Update available\\\",    Order=5),(base | where array_length(AdvertisedRoutes) > 0                      | summarize V=toreal(count())                                      | extend Metric=\\\"Subnet routers\\\",      Order=6),(base | where LastSeen < ago(30d)                                     | summarize V=toreal(count())                                      | extend Metric=\\\"Stale (30+ days)\\\",    Order=7)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-b8b431c0\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-d18e9a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by Os\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by OS\",\"visualization\":\"piechart\"},\"name\":\"q-acf35833\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count = count() by ClientVersion\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by client version\",\"visualization\":\"barchart\"},\"name\":\"q-29ed4eb0\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| mv-expand Tag = Tags to typeof(string)\\n| summarize Devices = dcount(DeviceId) by Tag = iff(isempty(Tag), \\\"(untagged)\\\", Tag)\\n| order by Devices desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices by tag\",\"visualization\":\"piechart\"},\"name\":\"q-71ed6d65\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device inventory table</div>\"},\"name\":\"div-device-inventory-table-ba97ce\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| extend DaysToExpiry = iff(KeyExpiryDisabled == true, int(null), datetime_diff('day', Expires, now()))\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, LastSeen, DaysSinceSeen, DaysToExpiry, KeyExpiryDisabled, Tags, AdvertisedRoutes\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All devices (latest snapshot per device)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysSinceSeen\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":60}},{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":30}},{\"columnMatch\":\"UpdateAvailable\",\"formatter\":11},{\"columnMatch\":\"KeyExpiryDisabled\",\"formatter\":11}]}},\"name\":\"q-d0f59836\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routers and exit nodes</div>\"},\"name\":\"div-subnet-routers-and-exit-nodes-b80917\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\\n| project DeviceName, User, Os, AdvertisedRoutes, EnabledRoutes, Tags, LastSeen\\n| order by DeviceName asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Devices advertising routes (subnet routers / exit nodes)\",\"visualization\":\"table\"},\"name\":\"q-374f7fdc\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"devices\"},\"name\":\"group-devices\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Identity overview</div>\"},\"name\":\"div-identity-overview-2881ca\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\\nunion (base                                | summarize V=toreal(count())                                | extend Metric=\\\"Users\\\",             Order=1),(base | where Status =~ \\\"active\\\"   | summarize V=toreal(count())                                | extend Metric=\\\"Active\\\",            Order=2),(base | where Status =~ \\\"suspended\\\" | summarize V=toreal(count())                               | extend Metric=\\\"Suspended\\\",         Order=3),(base | where CurrentlyConnected == true | summarize V=toreal(count())                           | extend Metric=\\\"Currently connected\\\", Order=4),(base | where DeviceCount == 0       | summarize V=toreal(count())                                | extend Metric=\\\"Zero devices\\\",      Order=5),(base | where Role in (\\\"owner\\\",\\\"admin\\\",\\\"network-admin\\\") | summarize V=toreal(count())          | extend Metric=\\\"Elevated\\\",          Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-fd38a1c2\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-e6ff99\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Role\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by role\",\"visualization\":\"piechart\"},\"name\":\"q-776b4d9b\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Users = count() by Status\\n| order by Users desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Users by status\",\"visualization\":\"piechart\"},\"name\":\"q-13d1cabf\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">User inventory table</div>\"},\"name\":\"div-user-inventory-table-ddbb44\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\\n| project LoginName, DisplayName, Role, Status, UserType, DeviceCount, CurrentlyConnected, LastSeen, DaysSinceSeen, Created\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All users (latest snapshot per user)\",\"visualization\":\"table\"},\"name\":\"q-5b6e7b3a\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"users\"},\"name\":\"group-users\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory</div>\"},\"name\":\"div-credential-inventory-30455a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId | where isnull(Revoked);\\nunion (base                                                  | summarize V=toreal(count())                  | extend Metric=\\\"Active credentials\\\",    Order=1),(base | where KeyType =~ \\\"auth\\\"                       | summarize V=toreal(count())                  | extend Metric=\\\"Auth keys\\\",             Order=2),(base | where KeyType in~ (\\\"apiAccessToken\\\",\\\"api_access_token\\\",\\\"apikey\\\") | summarize V=toreal(count()) | extend Metric=\\\"API tokens\\\",          Order=3),(base | where KeyType in~ (\\\"oauthClient\\\",\\\"oauth_client\\\")                  | summarize V=toreal(count()) | extend Metric=\\\"OAuth clients\\\",       Order=4),(base | where isnull(Expires)                          | summarize V=toreal(count())                  | extend Metric=\\\"No expiry\\\",             Order=5),(base | where isnotnull(Expires) and Expires < now()+7d | summarize V=toreal(count())                 | extend Metric=\\\"Expiring within 7 days\\\", Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-64bd4801\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credentials by type</div>\"},\"name\":\"div-credentials-by-type-00cf87\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| summarize Count = count() by KeyType\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by type\",\"visualization\":\"piechart\"},\"name\":\"q-32c060b4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked) and isnotnull(Expires)\\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\\n| extend Bucket = case(DaysToExpiry < 0, '0 expired', DaysToExpiry < 7, '1 within 7d', DaysToExpiry < 30, '2 within 30d', DaysToExpiry < 90, '3 within 90d', '4 over 90d')\\n| summarize Keys = count() by Bucket\\n| order by Bucket asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Credentials by expiry window\",\"visualization\":\"barchart\"},\"name\":\"q-43beab6b\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential inventory table</div>\"},\"name\":\"div-credential-inventory-table-adc7f0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| extend DaysToExpiry = iff(isnull(Expires), int(null), datetime_diff('day', Expires, now()))\\n| project KeyId, KeyType, Description, Created, Expires, DaysToExpiry, Revoked, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All credentials (latest snapshot per ID)\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DaysToExpiry\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\",\"min\":0,\"max\":90}}]}},\"name\":\"q-4d271c05\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit log: credential lifecycle</div>\"},\"name\":\"div-audit-log:-credential-lifecycl-f6dfb7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) in (\\\"AUTH_KEY\\\", \\\"API_KEY\\\", \\\"OAUTH_CLIENT\\\")\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, TargetType = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Create / update / delete events on credentials\",\"visualization\":\"table\"},\"name\":\"q-ecc5f778\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"credentials\"},\"name\":\"group-credentials\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Current DNS state</div>\"},\"name\":\"div-current-dns-state-400b06\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Dns_CL\\n| summarize arg_max(TimeGenerated, *) by ConfigType\\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastUpdated = TimeGenerated\\n| order by ConfigType asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"DNS configuration snapshot (latest per config type)\",\"visualization\":\"table\"},\"name\":\"q-12240394\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet settings snapshot</div>\"},\"name\":\"div-tailnet-settings-snapshot-b777cf\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| top 1 by TimeGenerated\\n| project\\n    ['Snapshot at'] = TimeGenerated,\\n    ['Device approval required'] = iff(DevicesApprovalOn == true, 'On', 'Off'),\\n    ['Device auto-updates'] = iff(DevicesAutoUpdatesOn == true, 'On', 'Off'),\\n    ['Device key duration (days)'] = DevicesKeyDurationDays,\\n    ['User approval required'] = iff(UsersApprovalOn == true, 'On', 'Off'),\\n    ['Users allowed to join external tailnets'] = UsersRoleAllowedToJoinExternalTailnets,\\n    ['Regional routing'] = iff(RegionalRoutingOn == true, 'On', 'Off'),\\n    ['Network flow logging'] = iff(NetworkFlowLoggingOn == true, 'On', 'Off'),\\n    ['Posture identity collection'] = iff(PostureIdentityCollectionOn == true, 'On', 'Off')\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Current tailnet settings\",\"visualization\":\"table\"},\"name\":\"q-69053c5e\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS / ACL / Settings change history</div>\"},\"name\":\"div-dns-/-acl-/-settings-change-hi-3efe2e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"UPDATE\\\" and tostring(Target.type) == \\\"TAILNET\\\"\\n| extend Property = tostring(Target.property), ActorLogin = tostring(Actor.loginName)\\n| where Property in (\\\"ACL\\\", \\\"DNS_NAMESERVERS\\\", \\\"DNS_SPLIT_DNS\\\", \\\"DNS_SEARCHPATHS\\\", \\\"MAGICDNS_PREFERENCES\\\", \\\"SETTINGS\\\", \\\"TAILNET_SETTINGS\\\")\\n| project TimeGenerated, ActorLogin, Property, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Tailnet configuration changes\",\"visualization\":\"table\"},\"name\":\"q-bf4dcbaf\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"dns\"},\"name\":\"group-dns\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook inventory</div>\"},\"name\":\"div-webhook-inventory-ac2dd4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Webhooks_CL\\n| summarize arg_max(TimeGenerated, *) by EndpointId\\n| project EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"All webhooks (latest snapshot per endpoint)\",\"visualization\":\"table\"},\"name\":\"q-4f947b64\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Webhook change history (from audit log)</div>\"},\"name\":\"div-webhook-change-history-(from-a-b5a420\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where tostring(Target.type) == \\\"WEBHOOK\\\" or tostring(Target.property) =~ \\\"WEBHOOK\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Target, Old, New, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Webhook create / update / delete events\",\"visualization\":\"table\"},\"name\":\"q-cbd16912\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"webhooks\"},\"name\":\"group-webhooks\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Network flow summary</div>\"},\"name\":\"div-network-flow-summary-4f9133\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let base = Tailscale_Network_CL | where TimeGenerated {TimeRange};\\nunion (base                                                          | summarize V=toreal(count())                                                                                                  | extend Metric=\\\"Messages\\\",         Order=1),(base                                                          | summarize V=toreal(dcount(NodeId))                                                                                          | extend Metric=\\\"Unique nodes\\\",     Order=2),(base | mv-expand t = VirtualTraffic                           | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\\\"Bytes total (B)\\\",  Order=3),(base | mv-expand t = ExitTraffic                              | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\\\"Exit egress (B)\\\",  Order=4),(base | mv-expand t = SubnetTraffic                            | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\\\"Subnet (B)\\\",       Order=5)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-6aeb3506\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top talkers</div>\"},\"name\":\"div-top-talkers-a1283e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by Src, Dst\\n| top 25 by TotalBytes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Top 25 src->dst pairs by bytes\",\"visualization\":\"barchart\"},\"name\":\"q-994f3cfe\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Exit-node usage</div>\"},\"name\":\"div-exit-node-usage-73c3f0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(ExitTraffic) > 0\\n| mv-expand t = ExitTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst = tostring(t.dst)\\n| top 25 by TotalBytes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Exit-node egress\",\"visualization\":\"table\"},\"name\":\"q-0a4f4625\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet router throughput</div>\"},\"name\":\"div-subnet-router-throughput-590dd2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where array_length(SubnetTraffic) > 0\\n| mv-expand t = SubnetTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\\n| top 15 by TotalBytes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Subnet routers by throughput\",\"visualization\":\"table\"},\"name\":\"q-b912a9e0\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Bytes over time</div>\"},\"name\":\"div-bytes-over-time-e5bc09\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| mv-expand t = VirtualTraffic\\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\\n| render timechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Virtual traffic bytes per hour\",\"visualization\":\"table\"},\"name\":\"q-505f4fda\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"group-network\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Posture inventory</div>\"},\"name\":\"div-posture-inventory-09f2f0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| project Provider, IntegrationId, ClientId, TenantId_Provider, Status, ConfigOverwrites\\n| order by Provider asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Current posture integrations\",\"visualization\":\"table\"},\"name\":\"q-46b6e6de\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Integrations by provider</div>\"},\"name\":\"div-integrations-by-provider-539100\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| summarize Count = count() by Provider\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"By provider\",\"visualization\":\"piechart\"},\"name\":\"q-65328ab4\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| top 1 by TimeGenerated\\n| project PostureIdentityCollectionOn\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Posture identity collection\",\"visualization\":\"table\"},\"name\":\"q-c5867d42\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Posture integration change history</div>\"},\"name\":\"div-posture-integration-change-his-dce848\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action in (\\\"CREATE\\\", \\\"UPDATE\\\", \\\"DELETE\\\")\\n| where tostring(Target.type) startswith \\\"POSTURE\\\" or tostring(Target.type) == \\\"POSTURE_INTEGRATION\\\"\\n| extend ActorLogin = tostring(Actor.loginName)\\n| project TimeGenerated, ActorLogin, Action, Provider = tostring(Target.name), Old, New\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit log: posture-integration changes\",\"visualization\":\"table\"},\"name\":\"q-6b24da73\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"posture\"},\"name\":\"group-posture\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit volume</div>\"},\"name\":\"div-audit-volume-73f015\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h)\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Audit events per hour\",\"visualization\":\"timechart\"},\"name\":\"q-b71cf8c3\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor and action distribution</div>\"},\"name\":\"div-actor-and-action-distribution-2156c2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\\n| summarize EventCount = count() by ActorLogin, Action, TargetType\\n| order by EventCount desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Actor / Action / Target heatmap\",\"visualization\":\"table\"},\"name\":\"q-2eddf283\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent activity</div>\"},\"name\":\"div-recent-activity-669c80\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type), Property = tostring(Target.property)\\n| project TimeGenerated, ActorLogin, Action, TargetType, Property, TargetId = tostring(Target.id), Origin\\n| order by TimeGenerated desc\\n| take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent 100 audit events\",\"visualization\":\"table\"},\"name\":\"q-49c1df44\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"audit\"},\"name\":\"group-audit\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailscale-related alerts</div>\"},\"name\":\"div-tailscale-related-alerts-871583\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertName, AlertSeverity\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Alerts by rule\",\"visualization\":\"table\"},\"name\":\"q-40e4f77b\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| summarize Count = count() by AlertSeverity\\n| render piechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Severity distribution\",\"visualization\":\"table\"},\"name\":\"q-5fed33a4\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent Tailscale alerts</div>\"},\"name\":\"div-recent-tailscale-alerts-8e085b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SecurityAlert\\n| where TimeGenerated {TimeRange}\\n| where AlertName startswith \\\"Tailscale\\\"\\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"title\":\"Recent Tailscale alerts\",\"visualization\":\"table\"},\"name\":\"q-0bf0cedc\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"signals\"},\"name\":\"group-signals\"},{\"type\":1,\"content\":{\"json\":\"---\\n\\n**Tailscale Premium (CCF)** | All Standard telemetry plus network flow logs (`/logging/network`) and posture integrations (`/posture/integrations`) on Premium / Enterprise tier tailnets.\"},\"name\":\"footer\"}],\"fromTemplateId\":\"sentinel-TailscalePremiumOperations\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"7b05a598-5120-43f4-bf5d-576c2a7ff28d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":86400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000}]}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\\\"><svg width=\\\"40\\\" height=\\\"40\\\" style=\\\"margin-right:14px;flex-shrink:0;fill:#3b82f6\\\" xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><path d=\\\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\\\"/><path d=\\\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\\\" opacity=\\\".2\\\"/><path d=\\\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\\\" opacity=\\\".2\\\"/><path d=\\\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\"/><path d=\\\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\\\" opacity=\\\".2\\\"/></svg><div><div style=\\\"font-size:22px;font-weight:600;letter-spacing:-0.5px\\\">Tailscale Operations (Premium)</div><div style=\\\"font-size:13px;color:#94a3b8;margin-top:2px\\\">Single-pane visibility into your Tailscale tailnet on Personal (Free), Starter and Premium tiers: who, what, when, where, and what changed. Scope every panel with the time range below; the Investigate tab adds Actor and Device pickers for drilldown. Premium-tier panels (network flow logs, posture integrations) live in the separate <strong>Tailscale Operations (Premium)</strong> workbook.</div></div></div>\"},\"name\":\"header\"},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"9794e9fd-916b-494d-8e72-af63d2f4c6c7\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Overview\",\"subTarget\":\"overview\",\"style\":\"link\"},{\"id\":\"71cf49db-33c5-4d4b-920a-2ec0c6a258dc\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Investigate\",\"subTarget\":\"investigate\",\"style\":\"link\"},{\"id\":\"5c56bb37-2053-47a0-b6fd-9539768c144d\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Hunts\",\"subTarget\":\"hunts\",\"style\":\"link\"},{\"id\":\"d2004ded-07f8-446a-a720-f0a63d1d9dda\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Identity\",\"subTarget\":\"identity\",\"style\":\"link\"},{\"id\":\"f23b3e14-1511-4a29-bf5e-bd65e55dbb40\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Devices\",\"subTarget\":\"devices\",\"style\":\"link\"},{\"id\":\"724f8352-e21b-45a6-9029-39dc92693c05\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Credentials\",\"subTarget\":\"credentials\",\"style\":\"link\"},{\"id\":\"8400ec64-e118-44e0-ae29-84afe94b8e0e\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Admin Audit\",\"subTarget\":\"audit\",\"style\":\"link\"},{\"id\":\"b7e04861-edfa-4426-b6be-f1481ca569b6\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network & DNS\",\"subTarget\":\"network\",\"style\":\"link\"},{\"id\":\"b8506d3d-e615-4775-8c6f-14d9cc7db943\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Network Flows\",\"subTarget\":\"network-flows\",\"style\":\"link\"},{\"id\":\"c98574ec-7a60-4c1a-b4c6-4d24c5bd02ce\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Posture\",\"subTarget\":\"posture\",\"style\":\"link\"},{\"id\":\"cfbc96e4-8585-4d89-8f65-8344c8cc6eb2\",\"cellValue\":\"selectedTab\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Pipeline Health\",\"subTarget\":\"pipeline\",\"style\":\"link\"}]},\"name\":\"tabs\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet at a glance</div>\"},\"name\":\"div-tailnet-at-a-glance-04e62b\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let DEV = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nlet USR = Tailscale_Users_CL   | summarize arg_max(TimeGenerated, *) by UserId;\\nlet KEY = Tailscale_Keys_CL    | summarize arg_max(TimeGenerated, *) by KeyId;\\nunion\\n  (DEV | summarize V=toreal(count())                                            | extend Metric=\\\"Devices\\\",         Order=1),\\n  (DEV | where Authorized == true                                               | summarize V=toreal(count()) | extend Metric=\\\"Authorized\\\",      Order=2),\\n  (DEV | where UpdateAvailable == true                                          | summarize V=toreal(count()) | extend Metric=\\\"Updates Available\\\", Order=3),\\n  (DEV | where SshEnabled == true                                               | summarize V=toreal(count()) | extend Metric=\\\"SSH-Enabled\\\",     Order=4),\\n  (USR | summarize V=toreal(count())                                            | extend Metric=\\\"Users\\\",           Order=5),\\n  (USR | where Role =~ \\\"admin\\\" or Role =~ \\\"owner\\\" or Role =~ \\\"network-admin\\\"    | summarize V=toreal(count()) | extend Metric=\\\"Admins\\\",          Order=6),\\n  (KEY | where isnull(Revoked) and (isnull(Expires) or Expires > now())         | summarize V=toreal(count()) | extend Metric=\\\"Active Keys\\\",     Order=7),\\n  (Tailscale_Audit_CL | where TimeGenerated {TimeRange} | summarize V=toreal(count()) | extend Metric=\\\"Audit Events ({TimeRange:label})\\\", Order=8)\\n,\\n  (Tailscale_Network_CL | where TimeGenerated {TimeRange} | summarize V=toreal(count())                                  | extend Metric=\\\"Flows ({TimeRange:label})\\\", Order=9),\\n  (Tailscale_Network_CL | where TimeGenerated {TimeRange} | summarize V=toreal(dcount(SrcNodeName))                      | extend Metric=\\\"Active Talkers\\\",           Order=10),\\n  (Tailscale_Network_CL | where TimeGenerated {TimeRange} | summarize V=toreal(iff(count()==0, 0.0, 100.0 * countif(IsRelayed) / count())) | extend Metric=\\\"DERP Relayed %\\\",  Order=11),\\n  (Tailscale_PostureIntegrations_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by IntegrationId | summarize V=toreal(count()) | extend Metric=\\\"Posture Integrations\\\", Order=12)\\n| order by Order asc | project Metric, Value=V\",\"size\":3,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-4e9d7cff\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit activity over time</div>\"},\"name\":\"div-audit-activity-over--546688\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Audit events by action\",\"noDataMessage\":\"No audit events in the selected window. Widen the time range; remember the Tailscale audit poll runs every ~30 min.\",\"noDataMessageStyle\":5},\"name\":\"q-effcd498\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Who's doing what</div>\"},\"name\":\"div-who's-doing-what-52144e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Actor=tostring(coalesce(Actor.loginName, Actor.displayName, Actor.type))\\n| where isnotempty(Actor)\\n| summarize Events=count(), DistinctActions=dcount(Action), LastSeen=max(TimeGenerated) by Actor\\n| order by Events desc | take 15\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Top actors (by event count)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Events\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"LastSeen\",\"formatter\":6}]}},\"name\":\"q-34c77fa9\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend TargetType=tostring(Target.type)\\n| where isnotempty(TargetType)\\n| summarize Events=count() by TargetType\\n| order by Events desc | take 15\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Activity by target type\"},\"name\":\"q-4b3b709d\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent admin events</div>\"},\"name\":\"div-recent-admin-events-87c9e0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Actor=tostring(coalesce(Actor.loginName, Actor.displayName, Actor.type))\\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\\n| project TimeGenerated, Action, Actor, TargetType, TargetName, Origin\\n| order by TimeGenerated desc | take 30\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Most recent 30 audit events\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]}},\"name\":\"q-5e7d6306\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"overview\"},\"name\":\"group-overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b83a25c1-da18-49a2-a444-6517f13d891c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"SelectedActor\",\"label\":\"Actor\",\"type\":2,\"isRequired\":false,\"query\":\"let opts = Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where isnotempty(ActorLogin)\\n| summarize Events=count() by ActorLogin\\n| project value=ActorLogin, label=strcat(ActorLogin, \\\" (\\\", tostring(Events), \\\" events)\\\");\\n(print value=\\\"__ALL__\\\", label=\\\"(All actors)\\\")\\n| union opts\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":\"__ALL__\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"investigate-picker-actor\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor activity timeline</div>\"},\"name\":\"div-actor-activity-timel-5ec305\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where \\\"{SelectedActor}\\\" == \\\"__ALL__\\\" or ActorLogin == \\\"{SelectedActor}\\\"\\n| summarize Events=count() by bin(TimeGenerated, 1h), Action\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Actions over time -- actor: {SelectedActor:label}\",\"noDataMessage\":\"Select an actor from the Actor dropdown above, or leave on 'All' to see total activity.\",\"noDataMessageStyle\":5},\"name\":\"q-32d40848\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where \\\"{SelectedActor}\\\" == \\\"__ALL__\\\" or ActorLogin == \\\"{SelectedActor}\\\"\\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\\n| project TimeGenerated, ActorLogin, Action, TargetType, TargetName, Origin\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent events for actor: {SelectedActor:label}\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No events for this actor in the selected window.\",\"noDataMessageStyle\":5},\"name\":\"q-a742f6fd\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"a9cf7907-f201-4725-a072-a8bd34bef74e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"SelectedDevice\",\"label\":\"Device\",\"type\":2,\"isRequired\":false,\"query\":\"let opts = Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| order by LastSeen desc | take 100\\n| project value=DeviceName, label=strcat(coalesce(DeviceName, Hostname), \\\" (\\\", User, \\\")\\\");\\n(print value=\\\"__ALL__\\\", label=\\\"(All devices)\\\")\\n| union opts\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":\"__ALL__\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"investigate-picker-device\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Selected device timeline</div>\"},\"name\":\"div-selected-device-time-00bead\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| where \\\"{SelectedDevice}\\\" == \\\"__ALL__\\\" or DeviceName == \\\"{SelectedDevice}\\\"\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| extend OnlineNow = ClientConnectivity.endpoints != \\\"\\\" or ConnectedToControl == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, Expires, KeyExpiryDisabled, OnlineNow, Addresses, Tags, AdvertisedRoutes\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Summary for device: {SelectedDevice:label}\",\"noDataMessage\":\"Select a device from the Device dropdown above. Defaults to 'All'.\",\"noDataMessageStyle\":5},\"name\":\"q-11094dc8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend TargetType=tostring(Target.type), TargetName=tostring(Target.name), TargetId=tostring(Target.id)\\n| where (\\\"{SelectedDevice}\\\" == \\\"__ALL__\\\" and TargetType == \\\"NODE\\\") or TargetName == \\\"{SelectedDevice}\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| project TimeGenerated, Action, ActorLogin, TargetName, TargetId, Origin\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Audit events touching device: {SelectedDevice:label}\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No audit events recorded against the selected device in this window. Tailscale tags device events with Target.type=NODE; the audit feed only emits NODE events on create/update/delete, so quiet devices stay quiet here.\",\"noDataMessageStyle\":5},\"name\":\"q-ead106ce\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"investigate\"},\"name\":\"group-investigate\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">First-seen actors in the last 24h</div>\"},\"name\":\"div-first-seen-actors-in-ce38d9\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let recent = Tailscale_Audit_CL | where TimeGenerated > ago(24h) | extend A=tostring(coalesce(Actor.loginName, Actor.displayName)) | summarize FirstSeen24h=min(TimeGenerated), Events=count() by A;\\nlet historical = Tailscale_Audit_CL | where TimeGenerated between(ago(30d) .. ago(24h)) | extend A=tostring(coalesce(Actor.loginName, Actor.displayName)) | distinct A;\\nrecent | join kind=leftanti historical on A | where isnotempty(A) | project FirstSeen24h, Actor=A, Events | order by Events desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Actors who have NEVER appeared before (30d baseline)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"FirstSeen24h\",\"formatter\":6},{\"columnMatch\":\"Events\",\"formatter\":8,\"formatOptions\":{\"palette\":\"orange\"}}]},\"noDataMessage\":\"Every actor seen in the last 24h has appeared at least once in the prior 30d. Healthy state.\",\"noDataMessageStyle\":1},\"name\":\"q-9ba7b85e\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Off-hours configuration changes</div>\"},\"name\":\"div-off-hours-configurat-3c3787\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Hour=hourofday(TimeGenerated), DayOfWeek=dayofweek(TimeGenerated)/1d\\n| where Hour < 7 or Hour > 19 or DayOfWeek in (0, 6)\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetType=tostring(Target.type)\\n| where Action !in (\\\"LOGIN\\\", \\\"LOGOUT\\\")\\n| project TimeGenerated, ActorLogin, Action, TargetType, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Admin actions outside 07:00-19:00 weekdays\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No off-hours admin changes recorded - healthy state for an organisation working business hours.\",\"noDataMessageStyle\":1},\"name\":\"q-721ee490\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices with key expiry disabled</div>\"},\"name\":\"div-devices-with-key-exp-dfe9c1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where KeyExpiryDisabled == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, Tags\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices that will never re-authenticate (high-risk drift)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No devices have key expiry disabled - good. Disabling key expiry creates devices that never re-auth, drifting from policy.\",\"noDataMessageStyle\":1},\"name\":\"q-8a8e2fb5\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Auth keys with no expiry</div>\"},\"name\":\"div-auth-keys-with-no-ex-b11207\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked) and (isnull(Expires) or ExpirySeconds == 0)\\n| project KeyId, Description, UserId, KeyType, Created, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Active keys that never expire\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6}]},\"noDataMessage\":\"No never-expiring auth keys - rotation hygiene is good.\",\"noDataMessageStyle\":1},\"name\":\"q-1372740c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices running outdated clients</div>\"},\"name\":\"div-devices-running-outd-bcd077\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where UpdateAvailable == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Tags\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices flagged update-available by Tailscale\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"All devices on current client - nothing to patch.\",\"noDataMessageStyle\":1},\"name\":\"q-ecebf1f7\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Dormant devices (LastSeen > 30 days)</div>\"},\"name\":\"div-dormant-devices-(las-761156\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where LastSeen < ago(30d)\\n| extend DaysIdle = toint((now() - LastSeen) / 1d)\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, DaysIdle, Authorized, Tags\\n| order by DaysIdle desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices idle 30+ days - candidates for retirement\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"DaysIdle\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}}]},\"noDataMessage\":\"No devices idle 30+ days - inventory is fresh.\",\"noDataMessageStyle\":1},\"name\":\"q-fb6c1fcc\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet route exposure</div>\"},\"name\":\"div-subnet-route-exposur-289c42\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\\n| extend Routes = tostring(EnabledRoutes), Advertised = tostring(AdvertisedRoutes)\\n| project DeviceName, Hostname, User, Os, Advertised, Routes, LastSeen, SshEnabled, Authorized\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices advertising or running subnet routes / exit-node duty\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No devices advertising subnet routes. Pure mesh topology.\",\"noDataMessageStyle\":1},\"name\":\"q-9533b081\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices with SSH enabled</div>\"},\"name\":\"div-devices-with-ssh-ena-285238\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where SshEnabled == true\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, Tags\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices with Tailscale SSH enabled (Tailscale-managed remote-shell access)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No devices have Tailscale SSH enabled - no SSH-via-Tailscale risk surface.\",\"noDataMessageStyle\":1},\"name\":\"q-735368fb\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"hunts\"},\"name\":\"group-hunts\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">User inventory snapshot</div>\"},\"name\":\"div-user-inventory-snaps-9dc96c\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let U = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\\nunion\\n  (U | summarize V=toreal(count())                                                | extend Metric=\\\"Total users\\\",        Order=1),\\n  (U | where Role in~ (\\\"admin\\\",\\\"owner\\\",\\\"network-admin\\\",\\\"it-admin\\\",\\\"billing-admin\\\") | summarize V=toreal(count()) | extend Metric=\\\"Admin-tier users\\\",  Order=2),\\n  (U | where Status =~ \\\"active\\\"                                                   | summarize V=toreal(count()) | extend Metric=\\\"Active\\\",            Order=3),\\n  (U | where CurrentlyConnected == true                                           | summarize V=toreal(count()) | extend Metric=\\\"Connected now\\\",     Order=4),\\n  (U | where Status =~ \\\"idle\\\" or LastSeen < ago(30d)                              | summarize V=toreal(count()) | extend Metric=\\\"Idle / dormant\\\",    Order=5),\\n  (U | where UserType =~ \\\"shared\\\"                                                 | summarize V=toreal(count()) | extend Metric=\\\"Shared (external)\\\", Order=6)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-5689d9e8\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-de67ec\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Count=count() by Role\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Users by role\"},\"name\":\"q-0c47912a\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Count=count() by Status\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Users by status\"},\"name\":\"q-e8c20a69\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| summarize Count=count() by UserType\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Users by type (member / shared)\"},\"name\":\"q-2c51776d\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity heatmap</div>\"},\"name\":\"div-activity-heatmap-ca6a21\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| extend DaysSinceLogin = toint((now() - LastSeen) / 1d)\\n| extend Bucket = case(\\n    DaysSinceLogin < 1, \\\"Today\\\",\\n    DaysSinceLogin < 7, \\\"This week\\\",\\n    DaysSinceLogin < 30, \\\"This month\\\",\\n    DaysSinceLogin < 90, \\\"Past quarter\\\",\\n    \\\"90+ days\\\")\\n| summarize Users=count() by Bucket\\n| order by case(Bucket==\\\"Today\\\",1, Bucket==\\\"This week\\\",2, Bucket==\\\"This month\\\",3, Bucket==\\\"Past quarter\\\",4, 5) asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Users by recency of last login\"},\"name\":\"q-350e118d\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Full user list</div>\"},\"name\":\"div-full-user-list-136aac\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| project DisplayName, LoginName, Role, Status, UserType, DeviceCount, CurrentlyConnected, Created, LastSeen\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"All users (latest snapshot per user ID)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6},{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"Role\",\"formatter\":1},{\"columnMatch\":\"Status\",\"formatter\":1},{\"columnMatch\":\"DeviceCount\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"name\":\"q-cee23d3c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Orphaned users (active but no devices)</div>\"},\"name\":\"div-orphaned-users-(acti-56d6f8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Users_CL\\n| summarize arg_max(TimeGenerated, *) by UserId\\n| where Status =~ \\\"active\\\" and DeviceCount == 0\\n| project DisplayName, LoginName, Role, UserType, Created, LastSeen\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Active accounts with zero devices - candidates for offboarding review\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6},{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"Every active account has at least one device - good hygiene.\",\"noDataMessageStyle\":1},\"name\":\"q-83fcd942\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Role escalation history</div>\"},\"name\":\"div-role-escalation-hist-bd8df4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"USER_ROLE_UPDATE\\\" or Action == \\\"USER_ROLES_ASSIGNED\\\" or Action contains \\\"ROLE\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetName=tostring(coalesce(Target.name, Target.id))\\n| extend FromRole=tostring(Old.role), ToRole=tostring(New.role)\\n| project TimeGenerated, ActorLogin, Action, TargetName, FromRole, ToRole, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent role changes\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"ToRole\",\"formatter\":1}]},\"noDataMessage\":\"No role changes in this window.\",\"noDataMessageStyle\":1},\"name\":\"q-f6c8358a\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"identity\"},\"name\":\"group-identity\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Device fleet snapshot</div>\"},\"name\":\"div-device-fleet-snapsho-939675\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let D = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\\nunion\\n  (D | summarize V=toreal(count())                              | extend Metric=\\\"Total devices\\\",       Order=1),\\n  (D | where Authorized == true                                 | summarize V=toreal(count()) | extend Metric=\\\"Authorized\\\",          Order=2),\\n  (D | where IsExternal == true                                 | summarize V=toreal(count()) | extend Metric=\\\"External (shared)\\\",   Order=3),\\n  (D | where UpdateAvailable == true                            | summarize V=toreal(count()) | extend Metric=\\\"Updates available\\\",   Order=4),\\n  (D | where SshEnabled == true                                 | summarize V=toreal(count()) | extend Metric=\\\"SSH-enabled\\\",         Order=5),\\n  (D | where KeyExpiryDisabled == true                          | summarize V=toreal(count()) | extend Metric=\\\"No key expiry\\\",       Order=6),\\n  (D | where array_length(AdvertisedRoutes) > 0                 | summarize V=toreal(count()) | extend Metric=\\\"Subnet/exit-node\\\",    Order=7),\\n  (D | where LastSeen < ago(30d)                                | summarize V=toreal(count()) | extend Metric=\\\"Stale (30+ days)\\\",    Order=8)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-366964fc\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-396d03\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count=count() by Os\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Devices by OS\"},\"name\":\"q-0c8f5988\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| summarize Count=count() by ClientVersion\\n| order by Count desc | take 10\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Top 10 client versions\"},\"name\":\"q-af1c45cd\",\"customWidth\":\"33\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| mv-expand Tag = Tags to typeof(string)\\n| summarize Devices=dcount(DeviceId) by Tag=iff(isempty(Tag), \\\"(untagged)\\\", Tag)\\n| order by Devices desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Devices by tag\"},\"name\":\"q-c3a0ef5b\",\"customWidth\":\"33\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Devices needing attention</div>\"},\"name\":\"div-devices-needing-atte-f04a47\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where UpdateAvailable == true or KeyExpiryDisabled == true or LastSeen < ago(30d) or Authorized == false\\n| extend Issues = strcat_array(pack_array(\\n    iff(UpdateAvailable == true, \\\"needs-update\\\", \\\"\\\"),\\n    iff(KeyExpiryDisabled == true, \\\"key-never-expires\\\", \\\"\\\"),\\n    iff(LastSeen < ago(30d), \\\"stale\\\", \\\"\\\"),\\n    iff(Authorized == false, \\\"unauthorized\\\", \\\"\\\")), \\\",\\\")\\n| extend Issues = trim(\\\",\\\", trim_start(\\\",\\\", trim_end(\\\",\\\", replace_string(Issues, \\\",,\\\", \\\",\\\"))))\\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Issues\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices flagged with one or more issues\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"Issues\",\"formatter\":1}]},\"noDataMessage\":\"No devices need attention - all updated, fresh, authorized, and key-rotating.\",\"noDataMessageStyle\":1},\"name\":\"q-dc5db84c\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Full device inventory</div>\"},\"name\":\"div-full-device-inventor-b70642\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, KeyExpiryDisabled, Tags, AdvertisedRoutes\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"All devices (latest snapshot per device ID)\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6},{\"columnMatch\":\"Os\",\"formatter\":1},{\"columnMatch\":\"ClientVersion\",\"formatter\":1}]}},\"name\":\"q-7f7e7a9a\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routers / exit nodes</div>\"},\"name\":\"div-subnet-routers-/-exi-b082d6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(AdvertisedRoutes) > 0\\n| extend AdvertisedSummary = tostring(AdvertisedRoutes), EnabledSummary = tostring(EnabledRoutes)\\n| project DeviceName, Hostname, User, Os, AdvertisedSummary, EnabledSummary, LastSeen, Authorized\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices advertising subnet routes or exit-node capability\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No subnet routers in this tailnet - pure mesh topology.\",\"noDataMessageStyle\":1},\"name\":\"q-5004df25\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"devices\"},\"name\":\"group-devices\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credentials snapshot</div>\"},\"name\":\"div-credentials-snapshot-fd464a\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let K = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId;\\nunion\\n  (K | summarize V=toreal(count())                                     | extend Metric=\\\"Total keys\\\",          Order=1),\\n  (K | where isnull(Revoked) and (isnull(Expires) or Expires > now())  | summarize V=toreal(count()) | extend Metric=\\\"Active\\\",              Order=2),\\n  (K | where isnotnull(Revoked)                                        | summarize V=toreal(count()) | extend Metric=\\\"Revoked\\\",             Order=3),\\n  (K | where Expires < now() and isnull(Revoked)                       | summarize V=toreal(count()) | extend Metric=\\\"Expired\\\",             Order=4),\\n  (K | where isnull(Revoked) and Expires between(now() .. ago(-7d))    | summarize V=toreal(count()) | extend Metric=\\\"Expiring in 7d\\\",      Order=5),\\n  (K | where isnull(Revoked) and (isnull(Expires) or ExpirySeconds==0) | summarize V=toreal(count()) | extend Metric=\\\"Never expire\\\",        Order=6),\\n  (K | where KeyType =~ \\\"auth\\\"                                         | summarize V=toreal(count()) | extend Metric=\\\"Auth keys\\\",           Order=7),\\n  (K | where KeyType =~ \\\"api\\\" or KeyType contains \\\"oauth\\\"              | summarize V=toreal(count()) | extend Metric=\\\"API / OAuth\\\",         Order=8)\\n| order by Order asc | project Metric, Value=V\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"q-79398bc0\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-distribution-15f665\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| summarize Count=count() by KeyType\\n| order by Count desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Keys by type\"},\"name\":\"q-23e6618b\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| extend Bucket = case(\\n    isnull(Expires) or ExpirySeconds == 0, \\\"Never\\\",\\n    Expires < now(), \\\"Already expired\\\",\\n    Expires < ago(-1d), \\\"<24h\\\",\\n    Expires < ago(-7d), \\\"1-7d\\\",\\n    Expires < ago(-30d), \\\"8-30d\\\",\\n    Expires < ago(-90d), \\\"31-90d\\\",\\n    \\\"90+d\\\")\\n| summarize Keys=count() by Bucket\\n| order by case(Bucket==\\\"Already expired\\\",1, Bucket==\\\"<24h\\\",2, Bucket==\\\"1-7d\\\",3, Bucket==\\\"8-30d\\\",4, Bucket==\\\"31-90d\\\",5, Bucket==\\\"90+d\\\",6, Bucket==\\\"Never\\\",7, 8) asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Active key expiry distribution\"},\"name\":\"q-7484d1a0\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Active credential register</div>\"},\"name\":\"div-active-credential-re-c27539\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Keys_CL\\n| summarize arg_max(TimeGenerated, *) by KeyId\\n| where isnull(Revoked)\\n| extend ExpiryStatus = case(\\n    isnull(Expires) or ExpirySeconds == 0, \\\"Never expires\\\",\\n    Expires < now(), \\\"Expired\\\",\\n    Expires < ago(-7d), \\\"Expires in 7d\\\",\\n    Expires < ago(-30d), \\\"Expires in 30d\\\",\\n    \\\"OK\\\")\\n| project KeyId, KeyType, Description, UserId, Created, Expires, ExpiryStatus, Capabilities\\n| order by Created desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"All active credentials with computed expiry status\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Created\",\"formatter\":6},{\"columnMatch\":\"Expires\",\"formatter\":6},{\"columnMatch\":\"ExpiryStatus\",\"formatter\":1},{\"columnMatch\":\"KeyType\",\"formatter\":1}]}},\"name\":\"q-4b27a750\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Credential CRUD events</div>\"},\"name\":\"div-credential-crud-even-e455b0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action contains \\\"API_KEY\\\" or Action contains \\\"AUTH_KEY\\\" or Action contains \\\"OAUTH\\\" or Action contains \\\"KEY_CREATE\\\" or Action contains \\\"KEY_REVOKE\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetId=tostring(Target.id), TargetType=tostring(Target.type)\\n| project TimeGenerated, Action, ActorLogin, TargetType, TargetId, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent credential create / revoke / rotate events\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No credential CRUD activity in this window.\",\"noDataMessageStyle\":1},\"name\":\"q-777693bd\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"credentials\"},\"name\":\"group-credentials\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Audit volume</div>\"},\"name\":\"div-audit-volume-de29a2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Events=count() by bin(TimeGenerated, 1h)\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Audit events per hour\",\"noDataMessage\":\"No audit events in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-f5eee265\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Action heatmap by hour of day</div>\"},\"name\":\"div-action-heatmap-by-ho-c8bd5e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend Hour=hourofday(TimeGenerated)\\n| summarize Events=count() by Hour, Action\\n| order by Hour asc, Events desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"title\":\"When are admin actions happening?\"},\"name\":\"q-c6f45d95\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Actor / Action heatmap</div>\"},\"name\":\"div-actor-/-action-heatm-d820ba\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| where isnotempty(ActorLogin)\\n| summarize Events=count() by ActorLogin, Action\\n| order by Events desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Who is firing which action\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Events\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}]},\"noDataMessage\":\"No audit events in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-06c13b3b\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent activity</div>\"},\"name\":\"div-recent-activity-63b210\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\\n| project TimeGenerated, Action, ActorLogin, TargetType, TargetName, Origin, EventGroupID\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Last 100 audit events\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"Action\",\"formatter\":1}]},\"noDataMessage\":\"No audit events in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-07a25a40\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"audit\"},\"name\":\"group-audit\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS configuration (current state)</div>\"},\"name\":\"div-dns-configuration-(c-5f2e1e\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Dns_CL\\n| summarize arg_max(TimeGenerated, *) by ConfigType\\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastSnapshot=TimeGenerated\\n| order by ConfigType asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"MagicDNS, nameservers, search paths\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSnapshot\",\"formatter\":6},{\"columnMatch\":\"ConfigType\",\"formatter\":1}]},\"noDataMessage\":\"No DNS snapshots in the workspace yet. DNS polls runs at ~30 min cadence.\",\"noDataMessageStyle\":5},\"name\":\"q-d6a6a358\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tailnet settings (current)</div>\"},\"name\":\"div-tailnet-settings-(cu-e03b16\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Settings_CL\\n| summarize arg_max(TimeGenerated, *) by TenantId\\n| project DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn, UsersRoleAllowedToJoinExternalTailnets, LastSnapshot=TimeGenerated\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Tailnet policy gates\",\"noDataMessage\":\"No settings snapshot yet.\",\"noDataMessageStyle\":5},\"name\":\"q-0622cfc3\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DNS change history</div>\"},\"name\":\"div-dns-change-history-9dd376\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| extend TargetProperty=tostring(Target.property)\\n| where Action contains \\\"DNS\\\" or TargetProperty has_any (\\\"DNS_NAMESERVERS\\\", \\\"DNS_SPLIT_DNS\\\", \\\"MAGICDNS\\\", \\\"DNS_SEARCH_PATHS\\\")\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| project TimeGenerated, ActorLogin, Action, TargetProperty, Origin\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent DNS-related admin changes\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No DNS changes in this window.\",\"noDataMessageStyle\":1},\"name\":\"q-a132ff6a\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">ACL policy changes</div>\"},\"name\":\"div-acl-policy-changes-ff0e68\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where Action == \\\"ACL_UPDATE\\\" or Action contains \\\"ACL\\\"\\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\\n| project TimeGenerated, ActorLogin, Action, Origin, EventGroupID\\n| order by TimeGenerated desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent ACL / policy file modifications\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6}]},\"noDataMessage\":\"No ACL changes in this window.\",\"noDataMessageStyle\":1},\"name\":\"q-94818c53\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Subnet routes & exit nodes</div>\"},\"name\":\"div-subnet-routes-and-ex-eef47f\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Devices_CL\\n| summarize arg_max(TimeGenerated, *) by DeviceId\\n| where array_length(EnabledRoutes) > 0\\n| project DeviceName, User, Os, EnabledRoutes=tostring(EnabledRoutes), AdvertisedRoutes=tostring(AdvertisedRoutes), LastSeen\\n| order by LastSeen desc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Routes currently being served from devices\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastSeen\",\"formatter\":6}]},\"noDataMessage\":\"No subnet routers active in this tailnet.\",\"noDataMessageStyle\":1},\"name\":\"q-61a792cd\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network\"},\"name\":\"group-network\"},{\"type\":12,\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"network-flows\"},\"name\":\"group-network-flows\",\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Activity snapshot</div>\"},\"name\":\"div-flow-snapshot\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let NET = Tailscale_Network_CL | where TimeGenerated {TimeRange};\\nunion\\n  (NET | summarize V=toreal(count())                          | extend Metric=\\\"Total flows\\\",     Order=1),\\n  (NET | summarize V=toreal(dcount(SrcNodeName))              | extend Metric=\\\"Src nodes\\\",       Order=2),\\n  (NET | summarize V=toreal(dcount(DstNodeName))              | extend Metric=\\\"Dst nodes\\\",       Order=3),\\n  (NET | where HasVirtualTraffic | summarize V=toreal(count())| extend Metric=\\\"Virtual\\\",         Order=4),\\n  (NET | where HasSubnetTraffic  | summarize V=toreal(count())| extend Metric=\\\"Subnet\\\",          Order=5),\\n  (NET | where HasExitTraffic    | summarize V=toreal(count())| extend Metric=\\\"Exit\\\",            Order=6),\\n  (NET | where IsRelayed         | summarize V=toreal(count())| extend Metric=\\\"Relayed (DERP)\\\",  Order=7)\\n| order by Order asc | project Metric, Value=V\",\"size\":3,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"title\":\"Activity (selected time range)\",\"noDataMessage\":\"No data in this window.\",\"noDataMessageStyle\":5,\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":0}}},\"showBorder\":false}},\"name\":\"q-flow-tiles\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Top talkers</div>\"},\"name\":\"div-flow-top-talkers\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| extend SrcLabel = case(\\n    isnotempty(SrcUser), strcat(SrcNodeName, \\\" - \\\", SrcUser),\\n    isnotempty(SrcTags), strcat(SrcNodeName, \\\" \\\", tostring(SrcTags)),\\n    SrcNodeName)\\n| summarize Flows=count() by SrcLabel\\n| top 10 by Flows\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"title\":\"Top source nodes by flow count\",\"noDataMessage\":\"No flow records in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-flow-top-src\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| extend DstLabel = case(\\n    isnotempty(DstUser), strcat(DstNodeName, \\\" - \\\", DstUser),\\n    isnotempty(DstTags), strcat(DstNodeName, \\\" \\\", tostring(DstTags)),\\n    DstNodeName)\\n| extend DstKind = case(\\n    isnotempty(DstUser), \\\"User device\\\",\\n    isnotempty(DstTags), \\\"Tagged service\\\",\\n    \\\"Other\\\")\\n| summarize Flows=count() by DstLabel, DstKind\\n| top 10 by Flows\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"title\":\"Top destination nodes (split by user vs tagged service)\",\"noDataMessage\":\"No flow records in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-flow-top-dst\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Traffic mix over time (stacked area: Virtual / Subnet / Exit / Physical)</div>\"},\"name\":\"div-flow-time-mix\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let NET = Tailscale_Network_CL | where TimeGenerated {TimeRange};\\nunion\\n  (NET | where HasVirtualTraffic  | summarize Flows=count() by bin(TimeGenerated, 10m) | extend Kind=\\\"Virtual\\\"),\\n  (NET | where HasSubnetTraffic   | summarize Flows=count() by bin(TimeGenerated, 10m) | extend Kind=\\\"Subnet\\\"),\\n  (NET | where HasExitTraffic     | summarize Flows=count() by bin(TimeGenerated, 10m) | extend Kind=\\\"Exit\\\"),\\n  (NET | where HasPhysicalTraffic | summarize Flows=count() by bin(TimeGenerated, 10m) | extend Kind=\\\"Physical\\\")\\n| project TimeGenerated, Kind, Flows\\n| order by TimeGenerated asc\",\"size\":4,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Flow count by traffic kind over time\",\"noDataMessage\":\"No flow records.\",\"noDataMessageStyle\":5,\"chartSettings\":{\"group\":\"Kind\",\"createOtherGroup\":10,\"showLegend\":true,\"ySettings\":{\"min\":0},\"chartType\":\"Area\"}},\"name\":\"q-flow-traffic-mix\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">DERP relay health</div>\"},\"name\":\"div-flow-derp-watch\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| summarize Count=count() by Path = iff(IsRelayed, \\\"Relayed (DERP)\\\", \\\"Direct (P2P)\\\")\\n| project Path, Count\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Direct vs relayed\",\"noDataMessage\":\"No flow records.\",\"noDataMessageStyle\":5},\"name\":\"q-flow-derp-pie\",\"customWidth\":\"40\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where IsRelayed\\n| extend SrcLabel = strcat(SrcNodeName, iff(isempty(SrcUser),\\\"\\\",strcat(\\\" (\\\",SrcUser,\\\")\\\")))\\n| summarize RelayedFlows=count(), LastRelay=max(TimeGenerated) by SrcLabel, SrcOs\\n| top 10 by RelayedFlows\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Devices stuck on DERP (potential NAT/firewall issue)\",\"noDataMessage\":\"No data in this window.\",\"noDataMessageStyle\":5,\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"RelayedFlows\",\"formatter\":4,\"formatOptions\":{\"palette\":\"orange\"}},{\"columnMatch\":\"LastRelay\",\"formatter\":6}]}},\"name\":\"q-flow-derp-devices\",\"customWidth\":\"60\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Tagged-service flows + anomaly hunt</div>\"},\"name\":\"div-flow-tag-anomaly\"},{\"type\":12,\"name\":\"row-tag-anomaly-row\",\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| extend SrcKind = case(\\n    isnotempty(SrcTags), tostring(SrcTags),\\n    isnotempty(SrcUser), \\\"<user>\\\",\\n    \\\"<unknown>\\\")\\n| extend DstKind = case(\\n    isnotempty(DstTags), tostring(DstTags),\\n    isnotempty(DstUser), \\\"<user>\\\",\\n    \\\"<unknown>\\\")\\n| summarize Flows=count() by SrcKind, DstKind\\n| order by Flows desc\",\"size\":1,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Tagged-service flow matrix\",\"noDataMessage\":\"No data in this window.\",\"noDataMessageStyle\":5,\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Flows\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}}]}},\"name\":\"q-flow-tag-matrix\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let baseline = Tailscale_Network_CL\\n    | where TimeGenerated between (ago(7d) .. ago(1h))\\n    | distinct SrcNodeName, DstNodeName;\\nTailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where HasVirtualTraffic or HasSubnetTraffic or HasExitTraffic\\n| extend ShortSrc = tostring(split(SrcNodeName, \\\".\\\")[0])\\n| extend ShortDst = tostring(split(DstNodeName, \\\".\\\")[0])\\n| extend ShortSrcUser = tostring(split(SrcUser, \\\"@\\\")[0])\\n| extend ShortDstUser = tostring(split(DstUser, \\\"@\\\")[0])\\n| extend Src = strcat(ShortSrc, iff(isempty(ShortSrcUser),\\\"\\\",strcat(\\\" - \\\",ShortSrcUser)))\\n| extend Dst = strcat(ShortDst, iff(isempty(ShortDstUser),\\\"\\\",strcat(\\\" - \\\",ShortDstUser)))\\n| summarize FirstSeen=min(TimeGenerated), Flows=count() by Src, Dst, SrcNodeName, DstNodeName\\n| join kind=leftanti baseline on SrcNodeName, DstNodeName\\n| project FirstSeen, Src, Dst, Flows\\n| order by FirstSeen desc\",\"size\":1,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Anomaly: pairs NOT seen in past 7 days\",\"noDataMessage\":\"No new src/dst pairs - all flows match the 7-day baseline.\",\"noDataMessageStyle\":5,\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"FirstSeen\",\"formatter\":6},{\"columnMatch\":\"Flows\",\"formatter\":4,\"formatOptions\":{\"palette\":\"red\"}}]}},\"name\":\"q-flow-new-pairs\",\"customWidth\":\"50\"}]}},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Egress destinations - exit nodes + subnet routes</div>\"},\"name\":\"div-flow-egress\"},{\"type\":12,\"name\":\"row-egress-row\",\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where HasExitTraffic\\n| extend ExitTag = iff(isempty(DstTags), DstNodeName, tostring(DstTags))\\n| summarize Flows=count() by ExitTag\",\"size\":1,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Exit-node tag distribution\",\"noDataMessage\":\"No exit-node traffic in this window.\",\"noDataMessageStyle\":5},\"name\":\"q-flow-exit-providers\",\"customWidth\":\"40\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| where HasSubnetTraffic\\n| mv-expand s=SubnetTraffic\\n| extend DstHost = tostring(split(tostring(s.dst), \\\":\\\")[0])\\n| extend Bytes = toint(coalesce(s.txBytes,0)) + toint(coalesce(s.rxBytes,0))\\n| extend Pkts = toint(coalesce(s.txPkts,0)) + toint(coalesce(s.rxPkts,0))\\n| summarize TotalBytes=sum(Bytes), TotalPkts=sum(Pkts), Talkers=dcount(SrcNodeName) by DstHost\\n| top 10 by TotalBytes\\n| project DstHost, TotalBytes, TotalPkts, Talkers\",\"size\":1,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Top subnet route destinations\",\"noDataMessage\":\"No subnet-route traffic in this window.\",\"noDataMessageStyle\":5,\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TotalBytes\",\"formatter\":4,\"formatOptions\":{\"palette\":\"green\"}},{\"columnMatch\":\"TotalPkts\",\"formatter\":4,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"Talkers\",\"formatter\":4,\"formatOptions\":{\"palette\":\"purple\"}}]}},\"name\":\"q-flow-subnet-dests\",\"customWidth\":\"60\"}]}},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Recent flow detail (last 100)</div>\"},\"name\":\"div-flow-recent-detail\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Network_CL\\n| where TimeGenerated {TimeRange}\\n| order by TimeGenerated desc\\n| take 100\\n| project TimeGenerated,\\n    Src=SrcNodeName, SrcUser, SrcTags=tostring(SrcTags),\\n    Dst=DstNodeName, DstUser, DstTags=tostring(DstTags),\\n    Vir=HasVirtualTraffic, Sub=HasSubnetTraffic, Exi=HasExitTraffic, Phy=HasPhysicalTraffic, IsRelayed\",\"size\":4,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Last 100 flow records in time range\",\"noDataMessage\":\"No data in this window.\",\"noDataMessageStyle\":5,\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"IsRelayed\",\"formatter\":11}]}},\"name\":\"q-flow-recent\"}]}},{\"type\":12,\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"posture\"},\"name\":\"group-posture\",\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Posture integrations - MDM/EDR providers configured for device posture</div>\"},\"name\":\"div-posture-overview\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let CUR = Tailscale_PostureIntegrations_CL\\n    | where TimeGenerated {TimeRange}\\n    | summarize arg_max(TimeGenerated, *) by IntegrationId;\\nunion\\n  (CUR | summarize V=toreal(count())            | extend Metric=\\\"Integrations\\\",       Order=1),\\n  (CUR | summarize V=toreal(dcount(Provider))   | extend Metric=\\\"Distinct providers\\\", Order=2),\\n  (CUR | where tostring(Status) has \\\"healthy\\\" or tostring(Status) has \\\"ok\\\"\\n       | summarize V=toreal(count())            | extend Metric=\\\"Healthy\\\",            Order=3),\\n  (CUR | where not(tostring(Status) has \\\"healthy\\\" or tostring(Status) has \\\"ok\\\")\\n       | summarize V=toreal(count())            | extend Metric=\\\"Unhealthy / unknown\\\", Order=4)\\n| order by Order asc | project Metric, Value=V\",\"size\":3,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"title\":\"Integration inventory (selected time range)\",\"noDataMessage\":\"No posture integrations configured. Set them up at https://login.tailscale.com/admin/settings/posture-integrations.\",\"noDataMessageStyle\":5,\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Metric\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Value\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":0}}},\"showBorder\":false}},\"name\":\"q-posture-tile\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Distribution</div>\"},\"name\":\"div-posture-distribution\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| where TimeGenerated {TimeRange}\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| summarize Count=count() by Provider\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Integrations by provider\",\"noDataMessage\":\"No posture integrations configured.\",\"noDataMessageStyle\":5},\"name\":\"q-posture-by-provider\",\"customWidth\":\"50\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| where TimeGenerated {TimeRange}\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| extend Health = case(\\n    tostring(Status) has \\\"healthy\\\" or tostring(Status) has \\\"ok\\\", \\\"Healthy\\\",\\n    tostring(Status) has \\\"error\\\" or tostring(Status) has \\\"failed\\\", \\\"Error\\\",\\n    isnotempty(tostring(Status)), \\\"Other\\\",\\n    \\\"Unknown\\\")\\n| summarize Count=count() by Health\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"title\":\"Health status across integrations\",\"noDataMessage\":\"No posture integrations configured.\",\"noDataMessageStyle\":5},\"name\":\"q-posture-by-status\",\"customWidth\":\"50\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Inventory detail</div>\"},\"name\":\"div-posture-inventory\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_PostureIntegrations_CL\\n| where TimeGenerated {TimeRange}\\n| summarize arg_max(TimeGenerated, *) by IntegrationId\\n| project IntegrationId, Provider, CloudId, ClientId, TenantId_Provider, Status, LastSnapshot=TimeGenerated\",\"size\":4,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Configured integrations (latest snapshot per IntegrationId)\",\"noDataMessage\":\"No posture integrations configured.\",\"noDataMessageStyle\":5,\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Provider\",\"formatter\":11},{\"columnMatch\":\"LastSnapshot\",\"formatter\":6}]}},\"name\":\"q-posture-inventory\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Lifecycle (from audit log)</div>\"},\"name\":\"div-posture-lifecycle\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"Tailscale_Audit_CL\\n| where TimeGenerated {TimeRange}\\n| where EventType == \\\"CONFIG\\\"\\n| where tostring(Target.type) contains \\\"POSTURE\\\" or tostring(Target.type) contains \\\"INTEGRATION\\\"\\n| project TimeGenerated, Actor=tostring(Actor.loginName), Action,\\n          Target=tostring(Target.name), TargetType=tostring(Target.type), ActionDetails\\n| order by TimeGenerated desc\",\"size\":4,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Recent posture integration create/update/delete events\",\"noDataMessage\":\"No posture-integration audit events in this window.\",\"noDataMessageStyle\":5,\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"Action\",\"formatter\":11}]}},\"name\":\"q-posture-audit\"}]}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Ingest rate per table</div>\"},\"name\":\"div-ingest-rate-per-tabl-24e5f6\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union withsource=Table Tailscale_Audit_CL, Tailscale_Devices_CL, Tailscale_Users_CL, Tailscale_Keys_CL, Tailscale_Dns_CL, Tailscale_Settings_CL\\n| where TimeGenerated > ago(24h)\\n| summarize Rows=count() by Table, bin(TimeGenerated, 1h)\\n| order by TimeGenerated asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"title\":\"Rows ingested per Tailscale table per hour (last 24h)\",\"noDataMessage\":\"No Tailscale data ingested in the last 24h - check the connector card under Sentinel Data Connectors.\",\"noDataMessageStyle\":5},\"name\":\"q-c6fd0143\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Last poll time per table</div>\"},\"name\":\"div-last-poll-time-per-t-49b051\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"union withsource=Table Tailscale_Audit_CL, Tailscale_Devices_CL, Tailscale_Users_CL, Tailscale_Keys_CL, Tailscale_Dns_CL, Tailscale_Settings_CL\\n| summarize LastRow=max(TimeGenerated), TotalRows=count() by Table\\n| extend MinutesAgo=toint((now() - LastRow) / 1m)\\n| extend Status=case(MinutesAgo < 60, \\\"Fresh\\\", MinutesAgo < 360, \\\"Recent\\\", MinutesAgo < 1440, \\\"Stale\\\", \\\"Very Stale\\\")\\n| project Table, LastRow, MinutesAgo, TotalRows, Status\\n| order by MinutesAgo asc\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Per-table freshness\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LastRow\",\"formatter\":6},{\"columnMatch\":\"MinutesAgo\",\"formatter\":8,\"formatOptions\":{\"palette\":\"redBright\"}},{\"columnMatch\":\"TotalRows\",\"formatter\":8,\"formatOptions\":{\"palette\":\"blue\"}},{\"columnMatch\":\"Status\",\"formatter\":1}]}},\"name\":\"q-a02e37a8\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\\\">Log Analytics operational events</div>\"},\"name\":\"div-log-analytics-operat-630749\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"_LogOperation\\n| where TimeGenerated > ago(24h)\\n| where _ResourceId contains \\\"tailscale\\\" or Detail contains \\\"Tailscale_\\\"\\n| project TimeGenerated, Operation, Level, Detail\\n| order by TimeGenerated desc | take 100\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"title\":\"Log Analytics operational events touching Tailscale tables\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"Level\",\"formatter\":1}]},\"noDataMessage\":\"No operational issues recorded in the last 24h.\",\"noDataMessageStyle\":1},\"name\":\"q-b492f150\"}]},\"conditionalVisibility\":{\"parameterName\":\"selectedTab\",\"comparison\":\"isEqualTo\",\"value\":\"pipeline\"},\"name\":\"group-pipeline\"},{\"type\":1,\"content\":{\"json\":\"<div style=\\\"margin-top:32px;padding-top:16px;border-top:1px solid #1e293b;color:#64748b;font-size:12px\\\"><strong>Tailscale Operations (Premium) (CCF)</strong> - Microsoft Sentinel content from the Tailscale (CCF) solution, Premium-tier surface. Tables polled from the Tailscale REST API: audit, devices, users, keys, dns, settings, <strong>network flows</strong> (/logging/network), <strong>posture integrations</strong>. Filter every panel via the time range above; the Investigate tab adds Actor and Device pickers for drilldown. The Network Flows and Posture tabs use the 15 promoted columns added in 3.1.0 (SrcUser, SrcTags, DstUser, DstTags, HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic, IsRelayed, etc.). Companion workbook: <strong>Tailscale Operations (Standard)</strong> for Personal / Starter tailnets.</div>\"},\"name\":\"footer\"}],\"fallbackResourceIds\":[\"Azure Monitor\"],\"fromTemplateId\":\"sentinel-TailscalePremiumWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
                 "version": "1.0",
                 "sourceId": "[variables('workspaceResourceId')]",
                 "category": "sentinel"
@@ -8608,7 +9508,7 @@
                   "email": "[variables('_email')]"
                 },
                 "support": {
-                  "name": "Community",
+                  "name": "Tailscale (CCF)",
                   "tier": "Community",
                   "email": "ccfconnectors.county118@passmail.com",
                   "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -8680,12 +9580,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.5",
+        "version": "3.0.0",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Tailscale (CCF)",
-        "publisherDisplayName": "Community",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.</p>\n<p><strong>Data connectors in this solution (install the one matching your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on <strong>Personal (Free), Starter and Premium</strong> tailnets.</li>\n<li><strong>Tailscale Premium (CCF)</strong> - Everything in Standard plus network flow logs and posture integrations. Use on <strong>Premium and Enterprise</strong> tailnets for full coverage.</li>\n</ul>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the scopes for your tier (see the README in this solution).</li>\n<li>Copy the client ID and client secret (secret shown once).</li>\n<li>Note your tailnet name (e.g. <code>tailb094d7.ts.net</code>) from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a>.</li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 22, <strong>Hunting Queries:</strong> 17</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "publisherDisplayName": "Tailscale (CCF)",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>\u2022 Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>\u2022 There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.</p>\n<p><strong>Data connectors in this solution (install the one matching your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on <strong>Personal (Free), Starter and Premium</strong> tailnets.</li>\n<li><strong>Tailscale Premium (CCF)</strong> - Everything in Standard plus network flow logs and posture integrations. Use on <strong>Premium and Enterprise</strong> tailnets for full coverage.</li>\n</ul>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the scopes for your tier (see the README in this solution).</li>\n<li>Copy the client ID and client secret (secret shown once).</li>\n<li>Note your tailnet name (e.g. <code>tailb094d7.ts.net</code>) from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a>.</li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 24, <strong>Hunting Queries:</strong> 22</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -8702,7 +9602,7 @@
           "email": "[variables('_email')]"
         },
         "support": {
-          "name": "Community",
+          "name": "Tailscale (CCF)",
           "email": "ccfconnectors.county118@passmail.com",
           "tier": "Community",
           "link": "https://github.com/Azure/Azure-Sentinel/issues"
@@ -8830,6 +9730,16 @@
               "contentId": "[variables('analyticRuleObject22')._analyticRulecontentId22]",
               "version": "[variables('analyticRuleObject22').analyticRuleVersion22]"
             },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject23')._analyticRulecontentId23]",
+              "version": "[variables('analyticRuleObject23').analyticRuleVersion23]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRuleObject24')._analyticRulecontentId24]",
+              "version": "[variables('analyticRuleObject24').analyticRuleVersion24]"
+            },
             {
               "kind": "HuntingQuery",
               "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
@@ -8915,6 +9825,31 @@
               "contentId": "[variables('huntingQueryObject17')._huntingQuerycontentId17]",
               "version": "[variables('huntingQueryObject17').huntingQueryVersion17]"
             },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject18')._huntingQuerycontentId18]",
+              "version": "[variables('huntingQueryObject18').huntingQueryVersion18]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject19')._huntingQuerycontentId19]",
+              "version": "[variables('huntingQueryObject19').huntingQueryVersion19]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject20')._huntingQuerycontentId20]",
+              "version": "[variables('huntingQueryObject20').huntingQueryVersion20]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject21')._huntingQuerycontentId21]",
+              "version": "[variables('huntingQueryObject21').huntingQueryVersion21]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('huntingQueryObject22')._huntingQuerycontentId22]",
+              "version": "[variables('huntingQueryObject22').huntingQueryVersion22]"
+            },
             {
               "kind": "Workbook",
               "contentId": "[variables('_workbookContentId1')]",
@@ -8927,8 +9862,8 @@
             }
           ]
         },
-        "firstPublishDate": "2026-05-11",
-        "lastPublishDate": "2026-05-11",
+        "firstPublishDate": "2026-05-19",
+        "lastPublishDate": "2026-05-19",
         "providers": [
           "Community"
         ],
@@ -8944,4 +9879,4 @@
     }
   ],
   "outputs": {}
-}
+}
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/ReleaseNotes.md b/Solutions/Tailscale (CCF)/ReleaseNotes.md
index 9d06c4786eb..b62de57a294 100644
--- a/Solutions/Tailscale (CCF)/ReleaseNotes.md	
+++ b/Solutions/Tailscale (CCF)/ReleaseNotes.md	
@@ -1,3 +1,3 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
 |---|---|---|
-| 3.0.0 | 11-05-2026 | Initial Solution Release |
+| 3.0.0 | 19-05-2026 | Initial Solution Release |
diff --git a/Solutions/Tailscale (CCF)/SolutionMetadata.json b/Solutions/Tailscale (CCF)/SolutionMetadata.json
index c818a8a0597..d619d1ac7cf 100644
--- a/Solutions/Tailscale (CCF)/SolutionMetadata.json	
+++ b/Solutions/Tailscale (CCF)/SolutionMetadata.json	
@@ -1,8 +1,8 @@
 {
   "publisherId": "noodlemctwoodle",
   "offerId": "azure-sentinel-solution-tailscale-ccf",
-  "firstPublishDate": "2026-05-11",
-  "lastPublishDate": "2026-05-11",
+  "firstPublishDate": "2026-05-19",
+  "lastPublishDate": "2026-05-19",
   "providers": [
     "Community"
   ],
@@ -14,7 +14,7 @@
     ]
   },
   "support": {
-    "name": "Community",
+    "name": "Tailscale (CCF)",
     "tier": "Community",
     "email": "ccfconnectors.county118@passmail.com",
     "link": "https://github.com/Azure/Azure-Sentinel/issues"
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json
index be0dc76cd08..7a3e59eadcc 100644
--- a/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscalePremiumOperations.json	
@@ -7,7 +7,7 @@
         "version": "KqlParameterItem/1.0",
         "parameters": [
           {
-            "id": "5c59168c-014b-4a83-8a8f-73cc60997e6b",
+            "id": "7b05a598-5120-43f4-bf5d-576c2a7ff28d",
             "version": "KqlParameterItem/1.0",
             "name": "TimeRange",
             "type": 4,
@@ -51,7 +51,7 @@
     {
       "type": 1,
       "content": {
-        "json": "<div style=\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\"><svg width=\"40\" height=\"40\" style=\"margin-right:14px;flex-shrink:0;fill:#a855f7\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 512 512\"><path d=\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\" opacity=\".2\"/><path d=\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\"/><path d=\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\" opacity=\".2\"/><path d=\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\"/><path d=\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\" opacity=\".2\"/><path d=\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\"/><path d=\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\" opacity=\".2\"/></svg><div><div style=\"font-size:22px;font-weight:600;letter-spacing:-0.5px\">Tailscale Premium (CCF)</div><div style=\"font-size:13px;color:#94a3b8;margin-top:2px\">Comprehensive visibility for Premium and Enterprise tier tailnets. All Standard telemetry plus network flow logs and posture-integration inventory. Scope every panel with the time range below.</div></div></div>"
+        "json": "<div style=\"display:flex;align-items:center;padding:8px 0 16px 0;border-bottom:1px solid #1e293b\"><svg width=\"40\" height=\"40\" style=\"margin-right:14px;flex-shrink:0;fill:#3b82f6\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 512 512\"><path d=\"M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8\" opacity=\".2\"/><path d=\"M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9\"/><path d=\"M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512\" opacity=\".2\"/><path d=\"M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\"/><path d=\"M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8\" opacity=\".2\"/><path d=\"M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\"/><path d=\"M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9\" opacity=\".2\"/></svg><div><div style=\"font-size:22px;font-weight:600;letter-spacing:-0.5px\">Tailscale Operations (Premium)</div><div style=\"font-size:13px;color:#94a3b8;margin-top:2px\">Single-pane visibility into your Tailscale tailnet on Personal (Free), Starter and Premium tiers: who, what, when, where, and what changed. Scope every panel with the time range below; the Investigate tab adds Actor and Device pickers for drilldown. Premium-tier panels (network flow logs, posture integrations) live in the separate <strong>Tailscale Operations (Premium)</strong> workbook.</div></div></div>"
       },
       "name": "header"
     },
@@ -62,7 +62,7 @@
         "style": "tabs",
         "links": [
           {
-            "id": "c1c44fc1-1b89-45a5-92cb-8e2374d9a855",
+            "id": "9794e9fd-916b-494d-8e72-af63d2f4c6c7",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
             "linkLabel": "Overview",
@@ -70,75 +70,83 @@
             "style": "link"
           },
           {
-            "id": "d1147d96-d052-47f7-b048-2b471f6f091c",
+            "id": "71cf49db-33c5-4d4b-920a-2ec0c6a258dc",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Devices",
-            "subTarget": "devices",
+            "linkLabel": "Investigate",
+            "subTarget": "investigate",
             "style": "link"
           },
           {
-            "id": "52c56980-5cfe-456c-a499-9cfd8317ad69",
+            "id": "5c56bb37-2053-47a0-b6fd-9539768c144d",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Users & Identity",
-            "subTarget": "users",
+            "linkLabel": "Hunts",
+            "subTarget": "hunts",
             "style": "link"
           },
           {
-            "id": "9eb1d383-09e7-4aed-af3c-0dbe8c73dac6",
+            "id": "d2004ded-07f8-446a-a720-f0a63d1d9dda",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Credentials",
-            "subTarget": "credentials",
+            "linkLabel": "Identity",
+            "subTarget": "identity",
+            "style": "link"
+          },
+          {
+            "id": "f23b3e14-1511-4a29-bf5e-bd65e55dbb40",
+            "cellValue": "selectedTab",
+            "linkTarget": "parameter",
+            "linkLabel": "Devices",
+            "subTarget": "devices",
             "style": "link"
           },
           {
-            "id": "7cd3279a-4b91-430a-a68d-fb1fa2d74d9b",
+            "id": "724f8352-e21b-45a6-9029-39dc92693c05",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "DNS & Tailnet",
-            "subTarget": "dns",
+            "linkLabel": "Credentials",
+            "subTarget": "credentials",
             "style": "link"
           },
           {
-            "id": "e5179782-bc17-42b3-9f8c-c2e0fbfd1f30",
+            "id": "8400ec64-e118-44e0-ae29-84afe94b8e0e",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Webhooks",
-            "subTarget": "webhooks",
+            "linkLabel": "Admin Audit",
+            "subTarget": "audit",
             "style": "link"
           },
           {
-            "id": "6cce0298-c5ec-4092-bfc8-b84a6764fe62",
+            "id": "b7e04861-edfa-4426-b6be-f1481ca569b6",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Network Flows",
+            "linkLabel": "Network & DNS",
             "subTarget": "network",
             "style": "link"
           },
           {
-            "id": "8d8bbfed-b08e-401b-9f62-8eaa597261d3",
+            "id": "b8506d3d-e615-4775-8c6f-14d9cc7db943",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Posture",
-            "subTarget": "posture",
+            "linkLabel": "Network Flows",
+            "subTarget": "network-flows",
             "style": "link"
           },
           {
-            "id": "81d1910b-f903-4811-b762-cabeb7740c88",
+            "id": "c98574ec-7a60-4c1a-b4c6-4d24c5bd02ce",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Audit Activity",
-            "subTarget": "audit",
+            "linkLabel": "Posture",
+            "subTarget": "posture",
             "style": "link"
           },
           {
-            "id": "f685a8e3-878e-4cd6-b6d3-5340d57eb32b",
+            "id": "cfbc96e4-8585-4d89-8f65-8344c8cc6eb2",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
-            "linkLabel": "Security Signals",
-            "subTarget": "signals",
+            "linkLabel": "Pipeline Health",
+            "subTarget": "pipeline",
             "style": "link"
           }
         ]
@@ -154,16 +162,16 @@
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">At a glance</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailnet at a glance</div>"
             },
-            "name": "div-at-a-glance-75296e"
+            "name": "div-tailnet-at-a-glance-04e62b"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "union (Tailscale_Devices_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by DeviceId | summarize V=toreal(count())                              | extend Metric=\"Devices\",            Order=1),(Tailscale_Users_CL   | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by UserId   | summarize V=toreal(count())                              | extend Metric=\"Users\",              Order=2),(Tailscale_Keys_CL    | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by KeyId    | summarize V=toreal(countif(isnull(Revoked)))              | extend Metric=\"Active keys\",        Order=3),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange}                                                   | summarize V=toreal(count())                              | extend Metric=\"Audit events\",       Order=4),(Tailscale_Audit_CL   | where TimeGenerated {TimeRange} | where tostring(Target.property) == \"ACL\" or tostring(Target.property) == \"DNS_SPLIT_DNS\" or tostring(Target.property) == \"DNS_NAMESERVERS\" or tostring(Target.property) == \"MAGICDNS_PREFERENCES\" | summarize V=toreal(count()) | extend Metric=\"DNS / ACL changes\", Order=5)\n| order by Order asc | project Metric, Value=V",
-              "size": 0,
+              "query": "let DEV = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\nlet USR = Tailscale_Users_CL   | summarize arg_max(TimeGenerated, *) by UserId;\nlet KEY = Tailscale_Keys_CL    | summarize arg_max(TimeGenerated, *) by KeyId;\nunion\n  (DEV | summarize V=toreal(count())                                            | extend Metric=\"Devices\",         Order=1),\n  (DEV | where Authorized == true                                               | summarize V=toreal(count()) | extend Metric=\"Authorized\",      Order=2),\n  (DEV | where UpdateAvailable == true                                          | summarize V=toreal(count()) | extend Metric=\"Updates Available\", Order=3),\n  (DEV | where SshEnabled == true                                               | summarize V=toreal(count()) | extend Metric=\"SSH-Enabled\",     Order=4),\n  (USR | summarize V=toreal(count())                                            | extend Metric=\"Users\",           Order=5),\n  (USR | where Role =~ \"admin\" or Role =~ \"owner\" or Role =~ \"network-admin\"    | summarize V=toreal(count()) | extend Metric=\"Admins\",          Order=6),\n  (KEY | where isnull(Revoked) and (isnull(Expires) or Expires > now())         | summarize V=toreal(count()) | extend Metric=\"Active Keys\",     Order=7),\n  (Tailscale_Audit_CL | where TimeGenerated {TimeRange} | summarize V=toreal(count()) | extend Metric=\"Audit Events ({TimeRange:label})\", Order=8)\n,\n  (Tailscale_Network_CL | where TimeGenerated {TimeRange} | summarize V=toreal(count())                                  | extend Metric=\"Flows ({TimeRange:label})\", Order=9),\n  (Tailscale_Network_CL | where TimeGenerated {TimeRange} | summarize V=toreal(dcount(SrcNodeName))                      | extend Metric=\"Active Talkers\",           Order=10),\n  (Tailscale_Network_CL | where TimeGenerated {TimeRange} | summarize V=toreal(iff(count()==0, 0.0, 100.0 * countif(IsRelayed) / count())) | extend Metric=\"DERP Relayed %\",  Order=11),\n  (Tailscale_PostureIntegrations_CL | where TimeGenerated {TimeRange} | summarize arg_max(TimeGenerated, *) by IntegrationId | summarize V=toreal(count()) | extend Metric=\"Posture Integrations\", Order=12)\n| order by Order asc | project Metric, Value=V",
+              "size": 3,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "visualization": "tiles",
@@ -182,62 +190,107 @@
                 "showBorder": false
               }
             },
-            "name": "q-b71f9f4a"
+            "name": "q-4e9d7cff"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Activity over time</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Audit activity over time</div>"
             },
-            "name": "div-activity-over-time-bcc7c5"
+            "name": "div-audit-activity-over--546688"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h), Action\n| order by TimeGenerated asc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "timechart",
               "title": "Audit events by action",
-              "visualization": "timechart"
+              "noDataMessage": "No audit events in the selected window. Widen the time range; remember the Tailscale audit poll runs every ~30 min.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-8fc88ccb"
+            "name": "q-effcd498"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Top actors</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Who's doing what</div>"
             },
-            "name": "div-top-actors-bd287b"
+            "name": "div-who's-doing-what-52144e"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName)\n| where isnotempty(ActorLogin)\n| summarize EventCount = count() by ActorLogin\n| top 10 by EventCount\n| render barchart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend Actor=tostring(coalesce(Actor.loginName, Actor.displayName, Actor.type))\n| where isnotempty(Actor)\n| summarize Events=count(), DistinctActions=dcount(Action), LastSeen=max(TimeGenerated) by Actor\n| order by Events desc | take 15",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Top 10 actors",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Top actors (by event count)",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "Events",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "blue"
+                    }
+                  },
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              }
             },
-            "name": "q-93b0d742",
+            "name": "q-34c77fa9",
             "customWidth": "50"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by TargetType = tostring(Target.type)\n| top 10 by EventCount\n| render piechart",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend TargetType=tostring(Target.type)\n| where isnotempty(TargetType)\n| summarize Events=count() by TargetType\n| order by Events desc | take 15",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Activity by target type",
-              "visualization": "table"
+              "visualization": "piechart",
+              "title": "Activity by target type"
             },
-            "name": "q-12fbe2ab",
+            "name": "q-4b3b709d",
             "customWidth": "50"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Recent admin events</div>"
+            },
+            "name": "div-recent-admin-events-87c9e0"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend Actor=tostring(coalesce(Actor.loginName, Actor.displayName, Actor.type))\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\n| project TimeGenerated, Action, Actor, TargetType, TargetName, Origin\n| order by TimeGenerated desc | take 30",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Most recent 30 audit events",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              }
+            },
+            "name": "q-5e7d6306"
           }
         ]
       },
@@ -255,165 +308,157 @@
         "groupType": "editable",
         "items": [
           {
-            "type": 1,
-            "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Device inventory snapshot</div>"
-            },
-            "name": "div-device-inventory-snapshot-56b7ce"
-          },
-          {
-            "type": 3,
+            "type": 9,
             "content": {
-              "version": "KqlItem/1.0",
-              "query": "let base = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\nunion (base                                                                 | summarize V=toreal(count())                                      | extend Metric=\"Total devices\",       Order=1),(base | where Authorized == true                                      | summarize V=toreal(count())                                      | extend Metric=\"Authorized\",          Order=2),(base | where IsExternal == true                                      | summarize V=toreal(count())                                      | extend Metric=\"External (shared)\",   Order=3),(base | where KeyExpiryDisabled == true                               | summarize V=toreal(count())                                      | extend Metric=\"Key expiry disabled\", Order=4),(base | where UpdateAvailable == true                                 | summarize V=toreal(count())                                      | extend Metric=\"Update available\",    Order=5),(base | where array_length(AdvertisedRoutes) > 0                      | summarize V=toreal(count())                                      | extend Metric=\"Subnet routers\",      Order=6),(base | where LastSeen < ago(30d)                                     | summarize V=toreal(count())                                      | extend Metric=\"Stale (30+ days)\",    Order=7)\n| order by Order asc | project Metric, Value=V",
-              "size": 0,
+              "version": "KqlParameterItem/1.0",
+              "parameters": [
+                {
+                  "id": "b83a25c1-da18-49a2-a444-6517f13d891c",
+                  "version": "KqlParameterItem/1.0",
+                  "name": "SelectedActor",
+                  "label": "Actor",
+                  "type": 2,
+                  "isRequired": false,
+                  "query": "let opts = Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where isnotempty(ActorLogin)\n| summarize Events=count() by ActorLogin\n| project value=ActorLogin, label=strcat(ActorLogin, \" (\", tostring(Events), \" events)\");\n(print value=\"__ALL__\", label=\"(All actors)\")\n| union opts",
+                  "typeSettings": {
+                    "showDefault": false
+                  },
+                  "queryType": 0,
+                  "resourceType": "microsoft.operationalinsights/workspaces",
+                  "value": "__ALL__"
+                }
+              ],
+              "style": "pills",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces",
-              "visualization": "tiles",
-              "tileSettings": {
-                "titleContent": {
-                  "columnMatch": "Metric",
-                  "formatter": 1
-                },
-                "leftContent": {
-                  "columnMatch": "Value",
-                  "formatter": 12,
-                  "formatOptions": {
-                    "palette": "auto"
-                  }
-                },
-                "showBorder": false
-              }
+              "resourceType": "microsoft.operationalinsights/workspaces"
             },
-            "name": "q-b8b431c0"
+            "name": "investigate-picker-actor"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Actor activity timeline</div>"
             },
-            "name": "div-distribution-d18e9a"
+            "name": "div-actor-activity-timel-5ec305"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Count = count() by Os\n| order by Count desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where \"{SelectedActor}\" == \"__ALL__\" or ActorLogin == \"{SelectedActor}\"\n| summarize Events=count() by bin(TimeGenerated, 1h), Action\n| order by TimeGenerated asc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Devices by OS",
-              "visualization": "piechart"
+              "visualization": "timechart",
+              "title": "Actions over time -- actor: {SelectedActor:label}",
+              "noDataMessage": "Select an actor from the Actor dropdown above, or leave on 'All' to see total activity.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-acf35833",
-            "customWidth": "33"
+            "name": "q-32d40848"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Count = count() by ClientVersion\n| order by Count desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where \"{SelectedActor}\" == \"__ALL__\" or ActorLogin == \"{SelectedActor}\"\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\n| project TimeGenerated, ActorLogin, Action, TargetType, TargetName, Origin\n| order by TimeGenerated desc | take 100",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Devices by client version",
-              "visualization": "barchart"
+              "visualization": "table",
+              "title": "Recent events for actor: {SelectedActor:label}",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No events for this actor in the selected window.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-29ed4eb0",
-            "customWidth": "33"
+            "name": "q-a742f6fd"
           },
           {
-            "type": 3,
+            "type": 9,
             "content": {
-              "version": "KqlItem/1.0",
-              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| mv-expand Tag = Tags to typeof(string)\n| summarize Devices = dcount(DeviceId) by Tag = iff(isempty(Tag), \"(untagged)\", Tag)\n| order by Devices desc",
-              "size": 0,
+              "version": "KqlParameterItem/1.0",
+              "parameters": [
+                {
+                  "id": "a9cf7907-f201-4725-a072-a8bd34bef74e",
+                  "version": "KqlParameterItem/1.0",
+                  "name": "SelectedDevice",
+                  "label": "Device",
+                  "type": 2,
+                  "isRequired": false,
+                  "query": "let opts = Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| order by LastSeen desc | take 100\n| project value=DeviceName, label=strcat(coalesce(DeviceName, Hostname), \" (\", User, \")\");\n(print value=\"__ALL__\", label=\"(All devices)\")\n| union opts",
+                  "typeSettings": {
+                    "showDefault": false
+                  },
+                  "queryType": 0,
+                  "resourceType": "microsoft.operationalinsights/workspaces",
+                  "value": "__ALL__"
+                }
+              ],
+              "style": "pills",
               "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Devices by tag",
-              "visualization": "piechart"
+              "resourceType": "microsoft.operationalinsights/workspaces"
             },
-            "name": "q-71ed6d65",
-            "customWidth": "33"
+            "name": "investigate-picker-device"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Device inventory table</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Selected device timeline</div>"
             },
-            "name": "div-device-inventory-table-ba97ce"
+            "name": "div-selected-device-time-00bead"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| extend DaysToExpiry = iff(KeyExpiryDisabled == true, int(null), datetime_diff('day', Expires, now()))\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, LastSeen, DaysSinceSeen, DaysToExpiry, KeyExpiryDisabled, Tags, AdvertisedRoutes\n| order by LastSeen desc",
+              "query": "Tailscale_Devices_CL\n| where \"{SelectedDevice}\" == \"__ALL__\" or DeviceName == \"{SelectedDevice}\"\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| extend OnlineNow = ClientConnectivity.endpoints != \"\" or ConnectedToControl == true\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, Expires, KeyExpiryDisabled, OnlineNow, Addresses, Tags, AdvertisedRoutes",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "All devices (latest snapshot per device)",
               "visualization": "table",
-              "gridSettings": {
-                "formatters": [
-                  {
-                    "columnMatch": "DaysSinceSeen",
-                    "formatter": 8,
-                    "formatOptions": {
-                      "palette": "redBright",
-                      "min": 0,
-                      "max": 60
-                    }
-                  },
-                  {
-                    "columnMatch": "DaysToExpiry",
-                    "formatter": 8,
-                    "formatOptions": {
-                      "palette": "redBright",
-                      "min": 0,
-                      "max": 30
-                    }
-                  },
-                  {
-                    "columnMatch": "UpdateAvailable",
-                    "formatter": 11
-                  },
-                  {
-                    "columnMatch": "KeyExpiryDisabled",
-                    "formatter": 11
-                  }
-                ]
-              }
-            },
-            "name": "q-d0f59836"
-          },
-          {
-            "type": 1,
-            "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Subnet routers and exit nodes</div>"
+              "title": "Summary for device: {SelectedDevice:label}",
+              "noDataMessage": "Select a device from the Device dropdown above. Defaults to 'All'.",
+              "noDataMessageStyle": 5
             },
-            "name": "div-subnet-routers-and-exit-nodes-b80917"
+            "name": "q-11094dc8"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\n| project DeviceName, User, Os, AdvertisedRoutes, EnabledRoutes, Tags, LastSeen\n| order by DeviceName asc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend TargetType=tostring(Target.type), TargetName=tostring(Target.name), TargetId=tostring(Target.id)\n| where (\"{SelectedDevice}\" == \"__ALL__\" and TargetType == \"NODE\") or TargetName == \"{SelectedDevice}\"\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| project TimeGenerated, Action, ActorLogin, TargetName, TargetId, Origin\n| order by TimeGenerated desc | take 100",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Devices advertising routes (subnet routers / exit nodes)",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Audit events touching device: {SelectedDevice:label}",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No audit events recorded against the selected device in this window. Tailscale tags device events with Target.type=NODE; the audit feed only emits NODE events on create/update/delete, so quiet devices stay quiet here.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-374f7fdc"
+            "name": "q-ead106ce"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "devices"
+        "value": "investigate"
       },
-      "name": "group-devices"
+      "name": "group-investigate"
     },
     {
       "type": 12,
@@ -424,235 +469,265 @@
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Identity overview</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">First-seen actors in the last 24h</div>"
             },
-            "name": "div-identity-overview-2881ca"
+            "name": "div-first-seen-actors-in-ce38d9"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "let base = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\nunion (base                                | summarize V=toreal(count())                                | extend Metric=\"Users\",             Order=1),(base | where Status =~ \"active\"   | summarize V=toreal(count())                                | extend Metric=\"Active\",            Order=2),(base | where Status =~ \"suspended\" | summarize V=toreal(count())                               | extend Metric=\"Suspended\",         Order=3),(base | where CurrentlyConnected == true | summarize V=toreal(count())                           | extend Metric=\"Currently connected\", Order=4),(base | where DeviceCount == 0       | summarize V=toreal(count())                                | extend Metric=\"Zero devices\",      Order=5),(base | where Role in (\"owner\",\"admin\",\"network-admin\") | summarize V=toreal(count())          | extend Metric=\"Elevated\",          Order=6)\n| order by Order asc | project Metric, Value=V",
+              "query": "let recent = Tailscale_Audit_CL | where TimeGenerated > ago(24h) | extend A=tostring(coalesce(Actor.loginName, Actor.displayName)) | summarize FirstSeen24h=min(TimeGenerated), Events=count() by A;\nlet historical = Tailscale_Audit_CL | where TimeGenerated between(ago(30d) .. ago(24h)) | extend A=tostring(coalesce(Actor.loginName, Actor.displayName)) | distinct A;\nrecent | join kind=leftanti historical on A | where isnotempty(A) | project FirstSeen24h, Actor=A, Events | order by Events desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "visualization": "tiles",
-              "tileSettings": {
-                "titleContent": {
-                  "columnMatch": "Metric",
-                  "formatter": 1
-                },
-                "leftContent": {
-                  "columnMatch": "Value",
-                  "formatter": 12,
-                  "formatOptions": {
-                    "palette": "auto"
+              "visualization": "table",
+              "title": "Actors who have NEVER appeared before (30d baseline)",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "FirstSeen24h",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Events",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "orange"
+                    }
                   }
-                },
-                "showBorder": false
-              }
+                ]
+              },
+              "noDataMessage": "Every actor seen in the last 24h has appeared at least once in the prior 30d. Healthy state.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-fd38a1c2"
+            "name": "q-9ba7b85e"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
-            },
-            "name": "div-distribution-e6ff99"
-          },
-          {
-            "type": 3,
-            "content": {
-              "version": "KqlItem/1.0",
-              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Users = count() by Role\n| order by Users desc",
-              "size": 0,
-              "queryType": 0,
-              "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Users by role",
-              "visualization": "piechart"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Off-hours configuration changes</div>"
             },
-            "name": "q-776b4d9b",
-            "customWidth": "50"
+            "name": "div-off-hours-configurat-3c3787"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Users = count() by Status\n| order by Users desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend Hour=hourofday(TimeGenerated), DayOfWeek=dayofweek(TimeGenerated)/1d\n| where Hour < 7 or Hour > 19 or DayOfWeek in (0, 6)\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| extend TargetType=tostring(Target.type)\n| where Action !in (\"LOGIN\", \"LOGOUT\")\n| project TimeGenerated, ActorLogin, Action, TargetType, Origin\n| order by TimeGenerated desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Users by status",
-              "visualization": "piechart"
+              "visualization": "table",
+              "title": "Admin actions outside 07:00-19:00 weekdays",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No off-hours admin changes recorded - healthy state for an organisation working business hours.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-13d1cabf",
-            "customWidth": "50"
+            "name": "q-721ee490"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">User inventory table</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Devices with key expiry disabled</div>"
             },
-            "name": "div-user-inventory-table-ddbb44"
+            "name": "div-devices-with-key-exp-dfe9c1"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| extend DaysSinceSeen = datetime_diff('day', now(), LastSeen)\n| project LoginName, DisplayName, Role, Status, UserType, DeviceCount, CurrentlyConnected, LastSeen, DaysSinceSeen, Created\n| order by LastSeen desc",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where KeyExpiryDisabled == true\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, Tags\n| order by LastSeen desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "All users (latest snapshot per user)",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Devices that will never re-authenticate (high-risk drift)",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No devices have key expiry disabled - good. Disabling key expiry creates devices that never re-auth, drifting from policy.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-5b6e7b3a"
-          }
-        ]
-      },
-      "conditionalVisibility": {
-        "parameterName": "selectedTab",
-        "comparison": "isEqualTo",
-        "value": "users"
-      },
-      "name": "group-users"
-    },
-    {
-      "type": 12,
-      "content": {
-        "version": "NotebookGroup/1.0",
-        "groupType": "editable",
-        "items": [
+            "name": "q-8a8e2fb5"
+          },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credential inventory</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Auth keys with no expiry</div>"
             },
-            "name": "div-credential-inventory-30455a"
+            "name": "div-auth-keys-with-no-ex-b11207"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "let base = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId | where isnull(Revoked);\nunion (base                                                  | summarize V=toreal(count())                  | extend Metric=\"Active credentials\",    Order=1),(base | where KeyType =~ \"auth\"                       | summarize V=toreal(count())                  | extend Metric=\"Auth keys\",             Order=2),(base | where KeyType in~ (\"apiAccessToken\",\"api_access_token\",\"apikey\") | summarize V=toreal(count()) | extend Metric=\"API tokens\",          Order=3),(base | where KeyType in~ (\"oauthClient\",\"oauth_client\")                  | summarize V=toreal(count()) | extend Metric=\"OAuth clients\",       Order=4),(base | where isnull(Expires)                          | summarize V=toreal(count())                  | extend Metric=\"No expiry\",             Order=5),(base | where isnotnull(Expires) and Expires < now()+7d | summarize V=toreal(count())                 | extend Metric=\"Expiring within 7 days\", Order=6)\n| order by Order asc | project Metric, Value=V",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked) and (isnull(Expires) or ExpirySeconds == 0)\n| project KeyId, Description, UserId, KeyType, Created, Capabilities\n| order by Created desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "visualization": "tiles",
-              "tileSettings": {
-                "titleContent": {
-                  "columnMatch": "Metric",
-                  "formatter": 1
-                },
-                "leftContent": {
-                  "columnMatch": "Value",
-                  "formatter": 12,
-                  "formatOptions": {
-                    "palette": "auto"
+              "visualization": "table",
+              "title": "Active keys that never expire",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "Created",
+                    "formatter": 6
                   }
-                },
-                "showBorder": false
-              }
+                ]
+              },
+              "noDataMessage": "No never-expiring auth keys - rotation hygiene is good.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-64bd4801"
+            "name": "q-1372740c"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credentials by type</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Devices running outdated clients</div>"
             },
-            "name": "div-credentials-by-type-00cf87"
+            "name": "div-devices-running-outd-bcd077"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked)\n| summarize Count = count() by KeyType",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where UpdateAvailable == true\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Tags\n| order by LastSeen desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Credentials by type",
-              "visualization": "piechart"
+              "visualization": "table",
+              "title": "Devices flagged update-available by Tailscale",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "All devices on current client - nothing to patch.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-32c060b4",
-            "customWidth": "50"
+            "name": "q-ecebf1f7"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Dormant devices (LastSeen > 30 days)</div>"
+            },
+            "name": "div-dormant-devices-(las-761156"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked) and isnotnull(Expires)\n| extend DaysToExpiry = datetime_diff('day', Expires, now())\n| extend Bucket = case(DaysToExpiry < 0, '0 expired', DaysToExpiry < 7, '1 within 7d', DaysToExpiry < 30, '2 within 30d', DaysToExpiry < 90, '3 within 90d', '4 over 90d')\n| summarize Keys = count() by Bucket\n| order by Bucket asc",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where LastSeen < ago(30d)\n| extend DaysIdle = toint((now() - LastSeen) / 1d)\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, DaysIdle, Authorized, Tags\n| order by DaysIdle desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Credentials by expiry window",
-              "visualization": "barchart"
+              "visualization": "table",
+              "title": "Devices idle 30+ days - candidates for retirement",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "DaysIdle",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "redBright"
+                    }
+                  }
+                ]
+              },
+              "noDataMessage": "No devices idle 30+ days - inventory is fresh.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-43beab6b",
-            "customWidth": "50"
+            "name": "q-fb6c1fcc"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credential inventory table</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Subnet route exposure</div>"
             },
-            "name": "div-credential-inventory-table-adc7f0"
+            "name": "div-subnet-route-exposur-289c42"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| extend DaysToExpiry = iff(isnull(Expires), int(null), datetime_diff('day', Expires, now()))\n| project KeyId, KeyType, Description, Created, Expires, DaysToExpiry, Revoked, Capabilities\n| order by Created desc",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(AdvertisedRoutes) > 0 or array_length(EnabledRoutes) > 0\n| extend Routes = tostring(EnabledRoutes), Advertised = tostring(AdvertisedRoutes)\n| project DeviceName, Hostname, User, Os, Advertised, Routes, LastSeen, SshEnabled, Authorized\n| order by LastSeen desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "All credentials (latest snapshot per ID)",
               "visualization": "table",
+              "title": "Devices advertising or running subnet routes / exit-node duty",
               "gridSettings": {
                 "formatters": [
                   {
-                    "columnMatch": "DaysToExpiry",
-                    "formatter": 8,
-                    "formatOptions": {
-                      "palette": "redBright",
-                      "min": 0,
-                      "max": 90
-                    }
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
                   }
                 ]
-              }
+              },
+              "noDataMessage": "No devices advertising subnet routes. Pure mesh topology.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-4d271c05"
+            "name": "q-9533b081"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Audit log: credential lifecycle</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Devices with SSH enabled</div>"
             },
-            "name": "div-audit-log:-credential-lifecycl-f6dfb7"
+            "name": "div-devices-with-ssh-ena-285238"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) in (\"AUTH_KEY\", \"API_KEY\", \"OAUTH_CLIENT\")\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, TargetType = tostring(Target.type), TargetId = tostring(Target.id), Description = tostring(New.description)\n| order by TimeGenerated desc",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where SshEnabled == true\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Authorized, Tags\n| order by LastSeen desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Create / update / delete events on credentials",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Devices with Tailscale SSH enabled (Tailscale-managed remote-shell access)",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No devices have Tailscale SSH enabled - no SSH-via-Tailscale risk surface.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-ecc5f778"
+            "name": "q-735368fb"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "credentials"
+        "value": "hunts"
       },
-      "name": "group-credentials"
+      "name": "group-hunts"
     },
     {
       "type": 12,
@@ -663,126 +738,228 @@
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Current DNS state</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">User inventory snapshot</div>"
             },
-            "name": "div-current-dns-state-400b06"
+            "name": "div-user-inventory-snaps-9dc96c"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Dns_CL\n| summarize arg_max(TimeGenerated, *) by ConfigType\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastUpdated = TimeGenerated\n| order by ConfigType asc",
+              "query": "let U = Tailscale_Users_CL | summarize arg_max(TimeGenerated, *) by UserId;\nunion\n  (U | summarize V=toreal(count())                                                | extend Metric=\"Total users\",        Order=1),\n  (U | where Role in~ (\"admin\",\"owner\",\"network-admin\",\"it-admin\",\"billing-admin\") | summarize V=toreal(count()) | extend Metric=\"Admin-tier users\",  Order=2),\n  (U | where Status =~ \"active\"                                                   | summarize V=toreal(count()) | extend Metric=\"Active\",            Order=3),\n  (U | where CurrentlyConnected == true                                           | summarize V=toreal(count()) | extend Metric=\"Connected now\",     Order=4),\n  (U | where Status =~ \"idle\" or LastSeen < ago(30d)                              | summarize V=toreal(count()) | extend Metric=\"Idle / dormant\",    Order=5),\n  (U | where UserType =~ \"shared\"                                                 | summarize V=toreal(count()) | extend Metric=\"Shared (external)\", Order=6)\n| order by Order asc | project Metric, Value=V",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "DNS configuration snapshot (latest per config type)",
-              "visualization": "table"
-            },
-            "name": "q-12240394"
-          },
-          {
-            "type": 1,
-            "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailnet settings snapshot</div>"
-            },
-            "name": "div-tailnet-settings-snapshot-b777cf"
+              "visualization": "tiles",
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  }
+                },
+                "showBorder": false
+              }
+            },
+            "name": "q-5689d9e8"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
+            },
+            "name": "div-distribution-de67ec"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Count=count() by Role\n| order by Count desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "piechart",
+              "title": "Users by role"
+            },
+            "name": "q-0c47912a",
+            "customWidth": "33"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Settings_CL\n| top 1 by TimeGenerated\n| project\n    ['Snapshot at'] = TimeGenerated,\n    ['Device approval required'] = iff(DevicesApprovalOn == true, 'On', 'Off'),\n    ['Device auto-updates'] = iff(DevicesAutoUpdatesOn == true, 'On', 'Off'),\n    ['Device key duration (days)'] = DevicesKeyDurationDays,\n    ['User approval required'] = iff(UsersApprovalOn == true, 'On', 'Off'),\n    ['Users allowed to join external tailnets'] = UsersRoleAllowedToJoinExternalTailnets,\n    ['Regional routing'] = iff(RegionalRoutingOn == true, 'On', 'Off'),\n    ['Network flow logging'] = iff(NetworkFlowLoggingOn == true, 'On', 'Off'),\n    ['Posture identity collection'] = iff(PostureIdentityCollectionOn == true, 'On', 'Off')",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Count=count() by Status\n| order by Count desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Current tailnet settings",
-              "visualization": "table"
+              "visualization": "piechart",
+              "title": "Users by status"
             },
-            "name": "q-69053c5e"
+            "name": "q-e8c20a69",
+            "customWidth": "33"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| summarize Count=count() by UserType\n| order by Count desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "piechart",
+              "title": "Users by type (member / shared)"
+            },
+            "name": "q-2c51776d",
+            "customWidth": "33"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">DNS / ACL / Settings change history</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Activity heatmap</div>"
             },
-            "name": "div-dns-/-acl-/-settings-change-hi-3efe2e"
+            "name": "div-activity-heatmap-ca6a21"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action == \"UPDATE\" and tostring(Target.type) == \"TAILNET\"\n| extend Property = tostring(Target.property), ActorLogin = tostring(Actor.loginName)\n| where Property in (\"ACL\", \"DNS_NAMESERVERS\", \"DNS_SPLIT_DNS\", \"DNS_SEARCHPATHS\", \"MAGICDNS_PREFERENCES\", \"SETTINGS\", \"TAILNET_SETTINGS\")\n| project TimeGenerated, ActorLogin, Property, Old, New, Origin\n| order by TimeGenerated desc",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| extend DaysSinceLogin = toint((now() - LastSeen) / 1d)\n| extend Bucket = case(\n    DaysSinceLogin < 1, \"Today\",\n    DaysSinceLogin < 7, \"This week\",\n    DaysSinceLogin < 30, \"This month\",\n    DaysSinceLogin < 90, \"Past quarter\",\n    \"90+ days\")\n| summarize Users=count() by Bucket\n| order by case(Bucket==\"Today\",1, Bucket==\"This week\",2, Bucket==\"This month\",3, Bucket==\"Past quarter\",4, 5) asc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Tailnet configuration changes",
-              "visualization": "table"
+              "visualization": "barchart",
+              "title": "Users by recency of last login"
             },
-            "name": "q-bf4dcbaf"
-          }
-        ]
-      },
-      "conditionalVisibility": {
-        "parameterName": "selectedTab",
-        "comparison": "isEqualTo",
-        "value": "dns"
-      },
-      "name": "group-dns"
-    },
-    {
-      "type": 12,
-      "content": {
-        "version": "NotebookGroup/1.0",
-        "groupType": "editable",
-        "items": [
+            "name": "q-350e118d"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Full user list</div>"
+            },
+            "name": "div-full-user-list-136aac"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| project DisplayName, LoginName, Role, Status, UserType, DeviceCount, CurrentlyConnected, Created, LastSeen\n| order by LastSeen desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "All users (latest snapshot per user ID)",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "Created",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Role",
+                    "formatter": 1
+                  },
+                  {
+                    "columnMatch": "Status",
+                    "formatter": 1
+                  },
+                  {
+                    "columnMatch": "DeviceCount",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "blue"
+                    }
+                  }
+                ]
+              }
+            },
+            "name": "q-cee23d3c"
+          },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Webhook inventory</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Orphaned users (active but no devices)</div>"
             },
-            "name": "div-webhook-inventory-ac2dd4"
+            "name": "div-orphaned-users-(acti-56d6f8"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Webhooks_CL\n| summarize arg_max(TimeGenerated, *) by EndpointId\n| project EndpointId, EndpointUrl, ProviderType, CreatorLoginName, Created, LastModified, Subscriptions",
+              "query": "Tailscale_Users_CL\n| summarize arg_max(TimeGenerated, *) by UserId\n| where Status =~ \"active\" and DeviceCount == 0\n| project DisplayName, LoginName, Role, UserType, Created, LastSeen\n| order by Created desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "All webhooks (latest snapshot per endpoint)",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Active accounts with zero devices - candidates for offboarding review",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "Created",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "Every active account has at least one device - good hygiene.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-4f947b64"
+            "name": "q-83fcd942"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Webhook change history (from audit log)</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Role escalation history</div>"
             },
-            "name": "div-webhook-change-history-(from-a-b5a420"
+            "name": "div-role-escalation-hist-bd8df4"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where tostring(Target.type) == \"WEBHOOK\" or tostring(Target.property) =~ \"WEBHOOK\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, Target, Old, New, Origin\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action == \"USER_ROLE_UPDATE\" or Action == \"USER_ROLES_ASSIGNED\" or Action contains \"ROLE\"\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| extend TargetName=tostring(coalesce(Target.name, Target.id))\n| extend FromRole=tostring(Old.role), ToRole=tostring(New.role)\n| project TimeGenerated, ActorLogin, Action, TargetName, FromRole, ToRole, Origin\n| order by TimeGenerated desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Webhook create / update / delete events",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Recent role changes",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "ToRole",
+                    "formatter": 1
+                  }
+                ]
+              },
+              "noDataMessage": "No role changes in this window.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-cbd16912"
+            "name": "q-f6c8358a"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "webhooks"
+        "value": "identity"
       },
-      "name": "group-webhooks"
+      "name": "group-identity"
     },
     {
       "type": 12,
@@ -793,15 +970,15 @@
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Network flow summary</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Device fleet snapshot</div>"
             },
-            "name": "div-network-flow-summary-4f9133"
+            "name": "div-device-fleet-snapsho-939675"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "let base = Tailscale_Network_CL | where TimeGenerated {TimeRange};\nunion (base                                                          | summarize V=toreal(count())                                                                                                  | extend Metric=\"Messages\",         Order=1),(base                                                          | summarize V=toreal(dcount(NodeId))                                                                                          | extend Metric=\"Unique nodes\",     Order=2),(base | mv-expand t = VirtualTraffic                           | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\"Bytes total (B)\",  Order=3),(base | mv-expand t = ExitTraffic                              | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\"Exit egress (B)\",  Order=4),(base | mv-expand t = SubnetTraffic                            | summarize V=toreal(sum(tolong(t.txBytes) + tolong(t.rxBytes)))                                                              | extend Metric=\"Subnet (B)\",       Order=5)\n| order by Order asc | project Metric, Value=V",
+              "query": "let D = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\nunion\n  (D | summarize V=toreal(count())                              | extend Metric=\"Total devices\",       Order=1),\n  (D | where Authorized == true                                 | summarize V=toreal(count()) | extend Metric=\"Authorized\",          Order=2),\n  (D | where IsExternal == true                                 | summarize V=toreal(count()) | extend Metric=\"External (shared)\",   Order=3),\n  (D | where UpdateAvailable == true                            | summarize V=toreal(count()) | extend Metric=\"Updates available\",   Order=4),\n  (D | where SshEnabled == true                                 | summarize V=toreal(count()) | extend Metric=\"SSH-enabled\",         Order=5),\n  (D | where KeyExpiryDisabled == true                          | summarize V=toreal(count()) | extend Metric=\"No key expiry\",       Order=6),\n  (D | where array_length(AdvertisedRoutes) > 0                 | summarize V=toreal(count()) | extend Metric=\"Subnet/exit-node\",    Order=7),\n  (D | where LastSeen < ago(30d)                                | summarize V=toreal(count()) | extend Metric=\"Stale (30+ days)\",    Order=8)\n| order by Order asc | project Metric, Value=V",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
@@ -821,96 +998,165 @@
                 "showBorder": false
               }
             },
-            "name": "q-6aeb3506"
+            "name": "q-366964fc"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Top talkers</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
+            },
+            "name": "div-distribution-396d03"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Count=count() by Os\n| order by Count desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "piechart",
+              "title": "Devices by OS"
+            },
+            "name": "q-0c8f5988",
+            "customWidth": "33"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| summarize Count=count() by ClientVersion\n| order by Count desc | take 10",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "barchart",
+              "title": "Top 10 client versions"
             },
-            "name": "div-top-talkers-a1283e"
+            "name": "q-af1c45cd",
+            "customWidth": "33"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| mv-expand t = VirtualTraffic\n| extend Src = tostring(t.src), Dst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes) by Src, Dst\n| top 25 by TotalBytes",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| mv-expand Tag = Tags to typeof(string)\n| summarize Devices=dcount(DeviceId) by Tag=iff(isempty(Tag), \"(untagged)\", Tag)\n| order by Devices desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Top 25 src->dst pairs by bytes",
-              "visualization": "barchart"
+              "visualization": "piechart",
+              "title": "Devices by tag"
             },
-            "name": "q-994f3cfe"
+            "name": "q-c3a0ef5b",
+            "customWidth": "33"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Exit-node usage</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Devices needing attention</div>"
             },
-            "name": "div-exit-node-usage-73c3f0"
+            "name": "div-devices-needing-atte-f04a47"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| where array_length(ExitTraffic) > 0\n| mv-expand t = ExitTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name), ExitDst = tostring(t.dst)\n| top 25 by TotalBytes",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where UpdateAvailable == true or KeyExpiryDisabled == true or LastSeen < ago(30d) or Authorized == false\n| extend Issues = strcat_array(pack_array(\n    iff(UpdateAvailable == true, \"needs-update\", \"\"),\n    iff(KeyExpiryDisabled == true, \"key-never-expires\", \"\"),\n    iff(LastSeen < ago(30d), \"stale\", \"\"),\n    iff(Authorized == false, \"unauthorized\", \"\")), \",\")\n| extend Issues = trim(\",\", trim_start(\",\", trim_end(\",\", replace_string(Issues, \",,\", \",\"))))\n| project DeviceName, Hostname, User, Os, ClientVersion, LastSeen, Issues\n| order by LastSeen desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Exit-node egress",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Devices flagged with one or more issues",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Issues",
+                    "formatter": 1
+                  }
+                ]
+              },
+              "noDataMessage": "No devices need attention - all updated, fresh, authorized, and key-rotating.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-0a4f4625"
+            "name": "q-dc5db84c"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Subnet router throughput</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Full device inventory</div>"
             },
-            "name": "div-subnet-router-throughput-590dd2"
+            "name": "div-full-device-inventor-b70642"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| where array_length(SubnetTraffic) > 0\n| mv-expand t = SubnetTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes), Flows = count() by SrcNodeName = tostring(SrcNode.name)\n| top 15 by TotalBytes",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, KeyExpiryDisabled, Tags, AdvertisedRoutes\n| order by LastSeen desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Subnet routers by throughput",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "All devices (latest snapshot per device ID)",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Os",
+                    "formatter": 1
+                  },
+                  {
+                    "columnMatch": "ClientVersion",
+                    "formatter": 1
+                  }
+                ]
+              }
             },
-            "name": "q-b912a9e0"
+            "name": "q-7f7e7a9a"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Bytes over time</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Subnet routers / exit nodes</div>"
             },
-            "name": "div-bytes-over-time-e5bc09"
+            "name": "div-subnet-routers-/-exi-b082d6"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| mv-expand t = VirtualTraffic\n| extend Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n| summarize TotalBytes = sum(Bytes) by bin(TimeGenerated, 1h)\n| render timechart",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(AdvertisedRoutes) > 0\n| extend AdvertisedSummary = tostring(AdvertisedRoutes), EnabledSummary = tostring(EnabledRoutes)\n| project DeviceName, Hostname, User, Os, AdvertisedSummary, EnabledSummary, LastSeen, Authorized\n| order by LastSeen desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Virtual traffic bytes per hour",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Devices advertising subnet routes or exit-node capability",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No subnet routers in this tailnet - pure mesh topology.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-505f4fda"
+            "name": "q-5004df25"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "network"
+        "value": "devices"
       },
-      "name": "group-network"
+      "name": "group-devices"
     },
     {
       "type": 12,
@@ -921,86 +1167,149 @@
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Posture inventory</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credentials snapshot</div>"
             },
-            "name": "div-posture-inventory-09f2f0"
+            "name": "div-credentials-snapshot-fd464a"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| project Provider, IntegrationId, ClientId, TenantId_Provider, Status, ConfigOverwrites\n| order by Provider asc",
+              "query": "let K = Tailscale_Keys_CL | summarize arg_max(TimeGenerated, *) by KeyId;\nunion\n  (K | summarize V=toreal(count())                                     | extend Metric=\"Total keys\",          Order=1),\n  (K | where isnull(Revoked) and (isnull(Expires) or Expires > now())  | summarize V=toreal(count()) | extend Metric=\"Active\",              Order=2),\n  (K | where isnotnull(Revoked)                                        | summarize V=toreal(count()) | extend Metric=\"Revoked\",             Order=3),\n  (K | where Expires < now() and isnull(Revoked)                       | summarize V=toreal(count()) | extend Metric=\"Expired\",             Order=4),\n  (K | where isnull(Revoked) and Expires between(now() .. ago(-7d))    | summarize V=toreal(count()) | extend Metric=\"Expiring in 7d\",      Order=5),\n  (K | where isnull(Revoked) and (isnull(Expires) or ExpirySeconds==0) | summarize V=toreal(count()) | extend Metric=\"Never expire\",        Order=6),\n  (K | where KeyType =~ \"auth\"                                         | summarize V=toreal(count()) | extend Metric=\"Auth keys\",           Order=7),\n  (K | where KeyType =~ \"api\" or KeyType contains \"oauth\"              | summarize V=toreal(count()) | extend Metric=\"API / OAuth\",         Order=8)\n| order by Order asc | project Metric, Value=V",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Current posture integrations",
-              "visualization": "table"
+              "visualization": "tiles",
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  }
+                },
+                "showBorder": false
+              }
             },
-            "name": "q-46b6e6de"
+            "name": "q-79398bc0"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Integrations by provider</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
             },
-            "name": "div-integrations-by-provider-539100"
+            "name": "div-distribution-15f665"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_PostureIntegrations_CL\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| summarize Count = count() by Provider\n| order by Count desc",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| summarize Count=count() by KeyType\n| order by Count desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "By provider",
-              "visualization": "piechart"
+              "visualization": "piechart",
+              "title": "Keys by type"
             },
-            "name": "q-65328ab4",
+            "name": "q-23e6618b",
             "customWidth": "50"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Settings_CL\n| top 1 by TimeGenerated\n| project PostureIdentityCollectionOn",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked)\n| extend Bucket = case(\n    isnull(Expires) or ExpirySeconds == 0, \"Never\",\n    Expires < now(), \"Already expired\",\n    Expires < ago(-1d), \"<24h\",\n    Expires < ago(-7d), \"1-7d\",\n    Expires < ago(-30d), \"8-30d\",\n    Expires < ago(-90d), \"31-90d\",\n    \"90+d\")\n| summarize Keys=count() by Bucket\n| order by case(Bucket==\"Already expired\",1, Bucket==\"<24h\",2, Bucket==\"1-7d\",3, Bucket==\"8-30d\",4, Bucket==\"31-90d\",5, Bucket==\"90+d\",6, Bucket==\"Never\",7, 8) asc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Posture identity collection",
-              "visualization": "table"
+              "visualization": "barchart",
+              "title": "Active key expiry distribution"
             },
-            "name": "q-c5867d42",
+            "name": "q-7484d1a0",
             "customWidth": "50"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Posture integration change history</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Active credential register</div>"
+            },
+            "name": "div-active-credential-re-c27539"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Keys_CL\n| summarize arg_max(TimeGenerated, *) by KeyId\n| where isnull(Revoked)\n| extend ExpiryStatus = case(\n    isnull(Expires) or ExpirySeconds == 0, \"Never expires\",\n    Expires < now(), \"Expired\",\n    Expires < ago(-7d), \"Expires in 7d\",\n    Expires < ago(-30d), \"Expires in 30d\",\n    \"OK\")\n| project KeyId, KeyType, Description, UserId, Created, Expires, ExpiryStatus, Capabilities\n| order by Created desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "All active credentials with computed expiry status",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "Created",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Expires",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "ExpiryStatus",
+                    "formatter": 1
+                  },
+                  {
+                    "columnMatch": "KeyType",
+                    "formatter": 1
+                  }
+                ]
+              }
+            },
+            "name": "q-4b27a750"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Credential CRUD events</div>"
             },
-            "name": "div-posture-integration-change-his-dce848"
+            "name": "div-credential-crud-even-e455b0"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action in (\"CREATE\", \"UPDATE\", \"DELETE\")\n| where tostring(Target.type) startswith \"POSTURE\" or tostring(Target.type) == \"POSTURE_INTEGRATION\"\n| extend ActorLogin = tostring(Actor.loginName)\n| project TimeGenerated, ActorLogin, Action, Provider = tostring(Target.name), Old, New\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action contains \"API_KEY\" or Action contains \"AUTH_KEY\" or Action contains \"OAUTH\" or Action contains \"KEY_CREATE\" or Action contains \"KEY_REVOKE\"\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| extend TargetId=tostring(Target.id), TargetType=tostring(Target.type)\n| project TimeGenerated, Action, ActorLogin, TargetType, TargetId, Origin\n| order by TimeGenerated desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Audit log: posture-integration changes",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Recent credential create / revoke / rotate events",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No credential CRUD activity in this window.",
+              "noDataMessageStyle": 1
             },
-            "name": "q-6b24da73"
+            "name": "q-777693bd"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "posture"
+        "value": "credentials"
       },
-      "name": "group-posture"
+      "name": "group-credentials"
     },
     {
       "type": 12,
@@ -1013,60 +1322,109 @@
             "content": {
               "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Audit volume</div>"
             },
-            "name": "div-audit-volume-73f015"
+            "name": "div-audit-volume-de29a2"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize EventCount = count() by bin(TimeGenerated, 1h)",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| summarize Events=count() by bin(TimeGenerated, 1h)\n| order by TimeGenerated asc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "timechart",
               "title": "Audit events per hour",
-              "visualization": "timechart"
+              "noDataMessage": "No audit events in this window.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-f5eee265"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Action heatmap by hour of day</div>"
+            },
+            "name": "div-action-heatmap-by-ho-c8bd5e"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend Hour=hourofday(TimeGenerated)\n| summarize Events=count() by Hour, Action\n| order by Hour asc, Events desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "categoricalbar",
+              "title": "When are admin actions happening?"
             },
-            "name": "q-b71cf8c3"
+            "name": "q-c6f45d95"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Actor and action distribution</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Actor / Action heatmap</div>"
             },
-            "name": "div-actor-and-action-distribution-2156c2"
+            "name": "div-actor-/-action-heatm-d820ba"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type)\n| summarize EventCount = count() by ActorLogin, Action, TargetType\n| order by EventCount desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where isnotempty(ActorLogin)\n| summarize Events=count() by ActorLogin, Action\n| order by Events desc | take 100",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Actor / Action / Target heatmap",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Who is firing which action",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "Events",
+                    "formatter": 4,
+                    "formatOptions": {
+                      "palette": "blue"
+                    }
+                  }
+                ]
+              },
+              "noDataMessage": "No audit events in this window.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-2eddf283"
+            "name": "q-06c13b3b"
           },
           {
             "type": 1,
             "content": {
               "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Recent activity</div>"
             },
-            "name": "div-recent-activity-669c80"
+            "name": "div-recent-activity-63b210"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin = tostring(Actor.loginName), TargetType = tostring(Target.type), Property = tostring(Target.property)\n| project TimeGenerated, ActorLogin, Action, TargetType, Property, TargetId = tostring(Target.id), Origin\n| order by TimeGenerated desc\n| take 100",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\n| project TimeGenerated, Action, ActorLogin, TargetType, TargetName, Origin, EventGroupID\n| order by TimeGenerated desc | take 100",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Recent 100 audit events",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Last 100 audit events",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Action",
+                    "formatter": 1
+                  }
+                ]
+              },
+              "noDataMessage": "No audit events in this window.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-49c1df44"
+            "name": "q-07a25a40"
           }
         ]
       },
@@ -1086,76 +1444,816 @@
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailscale-related alerts</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">DNS configuration (current state)</div>"
             },
-            "name": "div-tailscale-related-alerts-871583"
+            "name": "div-dns-configuration-(c-5f2e1e"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertName, AlertSeverity\n| order by Count desc",
+              "query": "Tailscale_Dns_CL\n| summarize arg_max(TimeGenerated, *) by ConfigType\n| project ConfigType, Nameservers, MagicDNS, SearchPaths, LastSnapshot=TimeGenerated\n| order by ConfigType asc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Alerts by rule",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "MagicDNS, nameservers, search paths",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSnapshot",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "ConfigType",
+                    "formatter": 1
+                  }
+                ]
+              },
+              "noDataMessage": "No DNS snapshots in the workspace yet. DNS polls runs at ~30 min cadence.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-40e4f77b",
-            "customWidth": "50"
+            "name": "q-d6a6a358"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailnet settings (current)</div>"
+            },
+            "name": "div-tailnet-settings-(cu-e03b16"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| summarize Count = count() by AlertSeverity\n| render piechart",
+              "query": "Tailscale_Settings_CL\n| summarize arg_max(TimeGenerated, *) by TenantId\n| project DevicesApprovalOn, DevicesAutoUpdatesOn, DevicesKeyDurationDays, UsersApprovalOn, NetworkFlowLoggingOn, RegionalRoutingOn, PostureIdentityCollectionOn, UsersRoleAllowedToJoinExternalTailnets, LastSnapshot=TimeGenerated",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Severity distribution",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Tailnet policy gates",
+              "noDataMessage": "No settings snapshot yet.",
+              "noDataMessageStyle": 5
             },
-            "name": "q-5fed33a4",
-            "customWidth": "50"
+            "name": "q-0622cfc3"
           },
           {
             "type": 1,
             "content": {
-              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Recent Tailscale alerts</div>"
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">DNS change history</div>"
             },
-            "name": "div-recent-tailscale-alerts-8e085b"
+            "name": "div-dns-change-history-9dd376"
           },
           {
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "SecurityAlert\n| where TimeGenerated {TimeRange}\n| where AlertName startswith \"Tailscale\"\n| project TimeGenerated, AlertName, AlertSeverity, Description, Entities\n| order by TimeGenerated desc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend TargetProperty=tostring(Target.property)\n| where Action contains \"DNS\" or TargetProperty has_any (\"DNS_NAMESERVERS\", \"DNS_SPLIT_DNS\", \"MAGICDNS\", \"DNS_SEARCH_PATHS\")\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| project TimeGenerated, ActorLogin, Action, TargetProperty, Origin\n| order by TimeGenerated desc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
-              "title": "Recent Tailscale alerts",
-              "visualization": "table"
+              "visualization": "table",
+              "title": "Recent DNS-related admin changes",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No DNS changes in this window.",
+              "noDataMessageStyle": 1
+            },
+            "name": "q-a132ff6a"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">ACL policy changes</div>"
             },
-            "name": "q-0bf0cedc"
+            "name": "div-acl-policy-changes-ff0e68"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where Action == \"ACL_UPDATE\" or Action contains \"ACL\"\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| project TimeGenerated, ActorLogin, Action, Origin, EventGroupID\n| order by TimeGenerated desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Recent ACL / policy file modifications",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No ACL changes in this window.",
+              "noDataMessageStyle": 1
+            },
+            "name": "q-94818c53"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Subnet routes & exit nodes</div>"
+            },
+            "name": "div-subnet-routes-and-ex-eef47f"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where array_length(EnabledRoutes) > 0\n| project DeviceName, User, Os, EnabledRoutes=tostring(EnabledRoutes), AdvertisedRoutes=tostring(AdvertisedRoutes), LastSeen\n| order by LastSeen desc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Routes currently being served from devices",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastSeen",
+                    "formatter": 6
+                  }
+                ]
+              },
+              "noDataMessage": "No subnet routers active in this tailnet.",
+              "noDataMessageStyle": 1
+            },
+            "name": "q-61a792cd"
           }
         ]
       },
       "conditionalVisibility": {
         "parameterName": "selectedTab",
         "comparison": "isEqualTo",
-        "value": "signals"
+        "value": "network"
       },
-      "name": "group-signals"
+      "name": "group-network"
+    },
+    {
+      "type": 12,
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "network-flows"
+      },
+      "name": "group-network-flows",
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Activity snapshot</div>"
+            },
+            "name": "div-flow-snapshot"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "let NET = Tailscale_Network_CL | where TimeGenerated {TimeRange};\nunion\n  (NET | summarize V=toreal(count())                          | extend Metric=\"Total flows\",     Order=1),\n  (NET | summarize V=toreal(dcount(SrcNodeName))              | extend Metric=\"Src nodes\",       Order=2),\n  (NET | summarize V=toreal(dcount(DstNodeName))              | extend Metric=\"Dst nodes\",       Order=3),\n  (NET | where HasVirtualTraffic | summarize V=toreal(count())| extend Metric=\"Virtual\",         Order=4),\n  (NET | where HasSubnetTraffic  | summarize V=toreal(count())| extend Metric=\"Subnet\",          Order=5),\n  (NET | where HasExitTraffic    | summarize V=toreal(count())| extend Metric=\"Exit\",            Order=6),\n  (NET | where IsRelayed         | summarize V=toreal(count())| extend Metric=\"Relayed (DERP)\",  Order=7)\n| order by Order asc | project Metric, Value=V",
+              "size": 3,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "tiles",
+              "title": "Activity (selected time range)",
+              "noDataMessage": "No data in this window.",
+              "noDataMessageStyle": 5,
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  },
+                  "numberFormat": {
+                    "unit": 17,
+                    "options": {
+                      "style": "decimal",
+                      "maximumFractionDigits": 0
+                    }
+                  }
+                },
+                "showBorder": false
+              }
+            },
+            "name": "q-flow-tiles"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Top talkers</div>"
+            },
+            "name": "div-flow-top-talkers"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| extend SrcLabel = case(\n    isnotempty(SrcUser), strcat(SrcNodeName, \" - \", SrcUser),\n    isnotempty(SrcTags), strcat(SrcNodeName, \" \", tostring(SrcTags)),\n    SrcNodeName)\n| summarize Flows=count() by SrcLabel\n| top 10 by Flows",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "barchart",
+              "title": "Top source nodes by flow count",
+              "noDataMessage": "No flow records in this window.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-flow-top-src",
+            "customWidth": "50"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| extend DstLabel = case(\n    isnotempty(DstUser), strcat(DstNodeName, \" - \", DstUser),\n    isnotempty(DstTags), strcat(DstNodeName, \" \", tostring(DstTags)),\n    DstNodeName)\n| extend DstKind = case(\n    isnotempty(DstUser), \"User device\",\n    isnotempty(DstTags), \"Tagged service\",\n    \"Other\")\n| summarize Flows=count() by DstLabel, DstKind\n| top 10 by Flows",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "categoricalbar",
+              "title": "Top destination nodes (split by user vs tagged service)",
+              "noDataMessage": "No flow records in this window.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-flow-top-dst",
+            "customWidth": "50"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Traffic mix over time (stacked area: Virtual / Subnet / Exit / Physical)</div>"
+            },
+            "name": "div-flow-time-mix"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "let NET = Tailscale_Network_CL | where TimeGenerated {TimeRange};\nunion\n  (NET | where HasVirtualTraffic  | summarize Flows=count() by bin(TimeGenerated, 10m) | extend Kind=\"Virtual\"),\n  (NET | where HasSubnetTraffic   | summarize Flows=count() by bin(TimeGenerated, 10m) | extend Kind=\"Subnet\"),\n  (NET | where HasExitTraffic     | summarize Flows=count() by bin(TimeGenerated, 10m) | extend Kind=\"Exit\"),\n  (NET | where HasPhysicalTraffic | summarize Flows=count() by bin(TimeGenerated, 10m) | extend Kind=\"Physical\")\n| project TimeGenerated, Kind, Flows\n| order by TimeGenerated asc",
+              "size": 4,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "timechart",
+              "title": "Flow count by traffic kind over time",
+              "noDataMessage": "No flow records.",
+              "noDataMessageStyle": 5,
+              "chartSettings": {
+                "group": "Kind",
+                "createOtherGroup": 10,
+                "showLegend": true,
+                "ySettings": {
+                  "min": 0
+                },
+                "chartType": "Area"
+              }
+            },
+            "name": "q-flow-traffic-mix"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">DERP relay health</div>"
+            },
+            "name": "div-flow-derp-watch"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| summarize Count=count() by Path = iff(IsRelayed, \"Relayed (DERP)\", \"Direct (P2P)\")\n| project Path, Count",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "piechart",
+              "title": "Direct vs relayed",
+              "noDataMessage": "No flow records.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-flow-derp-pie",
+            "customWidth": "40"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| where IsRelayed\n| extend SrcLabel = strcat(SrcNodeName, iff(isempty(SrcUser),\"\",strcat(\" (\",SrcUser,\")\")))\n| summarize RelayedFlows=count(), LastRelay=max(TimeGenerated) by SrcLabel, SrcOs\n| top 10 by RelayedFlows",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Devices stuck on DERP (potential NAT/firewall issue)",
+              "noDataMessage": "No data in this window.",
+              "noDataMessageStyle": 5,
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "RelayedFlows",
+                    "formatter": 4,
+                    "formatOptions": {
+                      "palette": "orange"
+                    }
+                  },
+                  {
+                    "columnMatch": "LastRelay",
+                    "formatter": 6
+                  }
+                ]
+              }
+            },
+            "name": "q-flow-derp-devices",
+            "customWidth": "60"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tagged-service flows + anomaly hunt</div>"
+            },
+            "name": "div-flow-tag-anomaly"
+          },
+          {
+            "type": 12,
+            "name": "row-tag-anomaly-row",
+            "content": {
+              "version": "NotebookGroup/1.0",
+              "groupType": "editable",
+              "items": [
+                {
+                  "type": 3,
+                  "content": {
+                    "version": "KqlItem/1.0",
+                    "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| extend SrcKind = case(\n    isnotempty(SrcTags), tostring(SrcTags),\n    isnotempty(SrcUser), \"<user>\",\n    \"<unknown>\")\n| extend DstKind = case(\n    isnotempty(DstTags), tostring(DstTags),\n    isnotempty(DstUser), \"<user>\",\n    \"<unknown>\")\n| summarize Flows=count() by SrcKind, DstKind\n| order by Flows desc",
+                    "size": 1,
+                    "queryType": 0,
+                    "resourceType": "microsoft.operationalinsights/workspaces",
+                    "visualization": "table",
+                    "title": "Tagged-service flow matrix",
+                    "noDataMessage": "No data in this window.",
+                    "noDataMessageStyle": 5,
+                    "gridSettings": {
+                      "formatters": [
+                        {
+                          "columnMatch": "Flows",
+                          "formatter": 4,
+                          "formatOptions": {
+                            "palette": "blue"
+                          }
+                        }
+                      ]
+                    }
+                  },
+                  "name": "q-flow-tag-matrix",
+                  "customWidth": "50"
+                },
+                {
+                  "type": 3,
+                  "content": {
+                    "version": "KqlItem/1.0",
+                    "query": "let baseline = Tailscale_Network_CL\n    | where TimeGenerated between (ago(7d) .. ago(1h))\n    | distinct SrcNodeName, DstNodeName;\nTailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| where HasVirtualTraffic or HasSubnetTraffic or HasExitTraffic\n| extend ShortSrc = tostring(split(SrcNodeName, \".\")[0])\n| extend ShortDst = tostring(split(DstNodeName, \".\")[0])\n| extend ShortSrcUser = tostring(split(SrcUser, \"@\")[0])\n| extend ShortDstUser = tostring(split(DstUser, \"@\")[0])\n| extend Src = strcat(ShortSrc, iff(isempty(ShortSrcUser),\"\",strcat(\" - \",ShortSrcUser)))\n| extend Dst = strcat(ShortDst, iff(isempty(ShortDstUser),\"\",strcat(\" - \",ShortDstUser)))\n| summarize FirstSeen=min(TimeGenerated), Flows=count() by Src, Dst, SrcNodeName, DstNodeName\n| join kind=leftanti baseline on SrcNodeName, DstNodeName\n| project FirstSeen, Src, Dst, Flows\n| order by FirstSeen desc",
+                    "size": 1,
+                    "queryType": 0,
+                    "resourceType": "microsoft.operationalinsights/workspaces",
+                    "visualization": "table",
+                    "title": "Anomaly: pairs NOT seen in past 7 days",
+                    "noDataMessage": "No new src/dst pairs - all flows match the 7-day baseline.",
+                    "noDataMessageStyle": 5,
+                    "gridSettings": {
+                      "formatters": [
+                        {
+                          "columnMatch": "FirstSeen",
+                          "formatter": 6
+                        },
+                        {
+                          "columnMatch": "Flows",
+                          "formatter": 4,
+                          "formatOptions": {
+                            "palette": "red"
+                          }
+                        }
+                      ]
+                    }
+                  },
+                  "name": "q-flow-new-pairs",
+                  "customWidth": "50"
+                }
+              ]
+            }
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Egress destinations - exit nodes + subnet routes</div>"
+            },
+            "name": "div-flow-egress"
+          },
+          {
+            "type": 12,
+            "name": "row-egress-row",
+            "content": {
+              "version": "NotebookGroup/1.0",
+              "groupType": "editable",
+              "items": [
+                {
+                  "type": 3,
+                  "content": {
+                    "version": "KqlItem/1.0",
+                    "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| where HasExitTraffic\n| extend ExitTag = iff(isempty(DstTags), DstNodeName, tostring(DstTags))\n| summarize Flows=count() by ExitTag",
+                    "size": 1,
+                    "queryType": 0,
+                    "resourceType": "microsoft.operationalinsights/workspaces",
+                    "visualization": "piechart",
+                    "title": "Exit-node tag distribution",
+                    "noDataMessage": "No exit-node traffic in this window.",
+                    "noDataMessageStyle": 5
+                  },
+                  "name": "q-flow-exit-providers",
+                  "customWidth": "40"
+                },
+                {
+                  "type": 3,
+                  "content": {
+                    "version": "KqlItem/1.0",
+                    "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| where HasSubnetTraffic\n| mv-expand s=SubnetTraffic\n| extend DstHost = tostring(split(tostring(s.dst), \":\")[0])\n| extend Bytes = toint(coalesce(s.txBytes,0)) + toint(coalesce(s.rxBytes,0))\n| extend Pkts = toint(coalesce(s.txPkts,0)) + toint(coalesce(s.rxPkts,0))\n| summarize TotalBytes=sum(Bytes), TotalPkts=sum(Pkts), Talkers=dcount(SrcNodeName) by DstHost\n| top 10 by TotalBytes\n| project DstHost, TotalBytes, TotalPkts, Talkers",
+                    "size": 1,
+                    "queryType": 0,
+                    "resourceType": "microsoft.operationalinsights/workspaces",
+                    "visualization": "table",
+                    "title": "Top subnet route destinations",
+                    "noDataMessage": "No subnet-route traffic in this window.",
+                    "noDataMessageStyle": 5,
+                    "gridSettings": {
+                      "formatters": [
+                        {
+                          "columnMatch": "TotalBytes",
+                          "formatter": 4,
+                          "formatOptions": {
+                            "palette": "green"
+                          }
+                        },
+                        {
+                          "columnMatch": "TotalPkts",
+                          "formatter": 4,
+                          "formatOptions": {
+                            "palette": "blue"
+                          }
+                        },
+                        {
+                          "columnMatch": "Talkers",
+                          "formatter": 4,
+                          "formatOptions": {
+                            "palette": "purple"
+                          }
+                        }
+                      ]
+                    }
+                  },
+                  "name": "q-flow-subnet-dests",
+                  "customWidth": "60"
+                }
+              ]
+            }
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Recent flow detail (last 100)</div>"
+            },
+            "name": "div-flow-recent-detail"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Network_CL\n| where TimeGenerated {TimeRange}\n| order by TimeGenerated desc\n| take 100\n| project TimeGenerated,\n    Src=SrcNodeName, SrcUser, SrcTags=tostring(SrcTags),\n    Dst=DstNodeName, DstUser, DstTags=tostring(DstTags),\n    Vir=HasVirtualTraffic, Sub=HasSubnetTraffic, Exi=HasExitTraffic, Phy=HasPhysicalTraffic, IsRelayed",
+              "size": 4,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Last 100 flow records in time range",
+              "noDataMessage": "No data in this window.",
+              "noDataMessageStyle": 5,
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "IsRelayed",
+                    "formatter": 11
+                  }
+                ]
+              }
+            },
+            "name": "q-flow-recent"
+          }
+        ]
+      }
+    },
+    {
+      "type": 12,
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "posture"
+      },
+      "name": "group-posture",
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Posture integrations - MDM/EDR providers configured for device posture</div>"
+            },
+            "name": "div-posture-overview"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "let CUR = Tailscale_PostureIntegrations_CL\n    | where TimeGenerated {TimeRange}\n    | summarize arg_max(TimeGenerated, *) by IntegrationId;\nunion\n  (CUR | summarize V=toreal(count())            | extend Metric=\"Integrations\",       Order=1),\n  (CUR | summarize V=toreal(dcount(Provider))   | extend Metric=\"Distinct providers\", Order=2),\n  (CUR | where tostring(Status) has \"healthy\" or tostring(Status) has \"ok\"\n       | summarize V=toreal(count())            | extend Metric=\"Healthy\",            Order=3),\n  (CUR | where not(tostring(Status) has \"healthy\" or tostring(Status) has \"ok\")\n       | summarize V=toreal(count())            | extend Metric=\"Unhealthy / unknown\", Order=4)\n| order by Order asc | project Metric, Value=V",
+              "size": 3,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "tiles",
+              "title": "Integration inventory (selected time range)",
+              "noDataMessage": "No posture integrations configured. Set them up at https://login.tailscale.com/admin/settings/posture-integrations.",
+              "noDataMessageStyle": 5,
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  },
+                  "numberFormat": {
+                    "unit": 17,
+                    "options": {
+                      "style": "decimal",
+                      "maximumFractionDigits": 0
+                    }
+                  }
+                },
+                "showBorder": false
+              }
+            },
+            "name": "q-posture-tile"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Distribution</div>"
+            },
+            "name": "div-posture-distribution"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_PostureIntegrations_CL\n| where TimeGenerated {TimeRange}\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| summarize Count=count() by Provider",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "piechart",
+              "title": "Integrations by provider",
+              "noDataMessage": "No posture integrations configured.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-posture-by-provider",
+            "customWidth": "50"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_PostureIntegrations_CL\n| where TimeGenerated {TimeRange}\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| extend Health = case(\n    tostring(Status) has \"healthy\" or tostring(Status) has \"ok\", \"Healthy\",\n    tostring(Status) has \"error\" or tostring(Status) has \"failed\", \"Error\",\n    isnotempty(tostring(Status)), \"Other\",\n    \"Unknown\")\n| summarize Count=count() by Health",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "piechart",
+              "title": "Health status across integrations",
+              "noDataMessage": "No posture integrations configured.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-posture-by-status",
+            "customWidth": "50"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Inventory detail</div>"
+            },
+            "name": "div-posture-inventory"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_PostureIntegrations_CL\n| where TimeGenerated {TimeRange}\n| summarize arg_max(TimeGenerated, *) by IntegrationId\n| project IntegrationId, Provider, CloudId, ClientId, TenantId_Provider, Status, LastSnapshot=TimeGenerated",
+              "size": 4,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Configured integrations (latest snapshot per IntegrationId)",
+              "noDataMessage": "No posture integrations configured.",
+              "noDataMessageStyle": 5,
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "Provider",
+                    "formatter": 11
+                  },
+                  {
+                    "columnMatch": "LastSnapshot",
+                    "formatter": 6
+                  }
+                ]
+              }
+            },
+            "name": "q-posture-inventory"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Lifecycle (from audit log)</div>"
+            },
+            "name": "div-posture-lifecycle"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| where EventType == \"CONFIG\"\n| where tostring(Target.type) contains \"POSTURE\" or tostring(Target.type) contains \"INTEGRATION\"\n| project TimeGenerated, Actor=tostring(Actor.loginName), Action,\n          Target=tostring(Target.name), TargetType=tostring(Target.type), ActionDetails\n| order by TimeGenerated desc",
+              "size": 4,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Recent posture integration create/update/delete events",
+              "noDataMessage": "No posture-integration audit events in this window.",
+              "noDataMessageStyle": 5,
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Action",
+                    "formatter": 11
+                  }
+                ]
+              }
+            },
+            "name": "q-posture-audit"
+          }
+        ]
+      }
+    },
+    {
+      "type": 12,
+      "content": {
+        "version": "NotebookGroup/1.0",
+        "groupType": "editable",
+        "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Ingest rate per table</div>"
+            },
+            "name": "div-ingest-rate-per-tabl-24e5f6"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "union withsource=Table Tailscale_Audit_CL, Tailscale_Devices_CL, Tailscale_Users_CL, Tailscale_Keys_CL, Tailscale_Dns_CL, Tailscale_Settings_CL\n| where TimeGenerated > ago(24h)\n| summarize Rows=count() by Table, bin(TimeGenerated, 1h)\n| order by TimeGenerated asc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "timechart",
+              "title": "Rows ingested per Tailscale table per hour (last 24h)",
+              "noDataMessage": "No Tailscale data ingested in the last 24h - check the connector card under Sentinel Data Connectors.",
+              "noDataMessageStyle": 5
+            },
+            "name": "q-c6fd0143"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Last poll time per table</div>"
+            },
+            "name": "div-last-poll-time-per-t-49b051"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "union withsource=Table Tailscale_Audit_CL, Tailscale_Devices_CL, Tailscale_Users_CL, Tailscale_Keys_CL, Tailscale_Dns_CL, Tailscale_Settings_CL\n| summarize LastRow=max(TimeGenerated), TotalRows=count() by Table\n| extend MinutesAgo=toint((now() - LastRow) / 1m)\n| extend Status=case(MinutesAgo < 60, \"Fresh\", MinutesAgo < 360, \"Recent\", MinutesAgo < 1440, \"Stale\", \"Very Stale\")\n| project Table, LastRow, MinutesAgo, TotalRows, Status\n| order by MinutesAgo asc",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Per-table freshness",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "LastRow",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "MinutesAgo",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "redBright"
+                    }
+                  },
+                  {
+                    "columnMatch": "TotalRows",
+                    "formatter": 8,
+                    "formatOptions": {
+                      "palette": "blue"
+                    }
+                  },
+                  {
+                    "columnMatch": "Status",
+                    "formatter": 1
+                  }
+                ]
+              }
+            },
+            "name": "q-a02e37a8"
+          },
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Log Analytics operational events</div>"
+            },
+            "name": "div-log-analytics-operat-630749"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "_LogOperation\n| where TimeGenerated > ago(24h)\n| where _ResourceId contains \"tailscale\" or Detail contains \"Tailscale_\"\n| project TimeGenerated, Operation, Level, Detail\n| order by TimeGenerated desc | take 100",
+              "size": 0,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "table",
+              "title": "Log Analytics operational events touching Tailscale tables",
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "TimeGenerated",
+                    "formatter": 6
+                  },
+                  {
+                    "columnMatch": "Level",
+                    "formatter": 1
+                  }
+                ]
+              },
+              "noDataMessage": "No operational issues recorded in the last 24h.",
+              "noDataMessageStyle": 1
+            },
+            "name": "q-b492f150"
+          }
+        ]
+      },
+      "conditionalVisibility": {
+        "parameterName": "selectedTab",
+        "comparison": "isEqualTo",
+        "value": "pipeline"
+      },
+      "name": "group-pipeline"
     },
     {
       "type": 1,
       "content": {
-        "json": "---\n\n**Tailscale Premium (CCF)** | All Standard telemetry plus network flow logs (`/logging/network`) and posture integrations (`/posture/integrations`) on Premium / Enterprise tier tailnets."
+        "json": "<div style=\"margin-top:32px;padding-top:16px;border-top:1px solid #1e293b;color:#64748b;font-size:12px\"><strong>Tailscale Operations (Premium) (CCF)</strong> - Microsoft Sentinel content from the Tailscale (CCF) solution, Premium-tier surface. Tables polled from the Tailscale REST API: audit, devices, users, keys, dns, settings, <strong>network flows</strong> (/logging/network), <strong>posture integrations</strong>. Filter every panel via the time range above; the Investigate tab adds Actor and Device pickers for drilldown. The Network Flows and Posture tabs use the 15 promoted columns added in 3.1.0 (SrcUser, SrcTags, DstUser, DstTags, HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic, IsRelayed, etc.). Companion workbook: <strong>Tailscale Operations (Standard)</strong> for Personal / Starter tailnets.</div>"
       },
       "name": "footer"
     }
   ],
-  "fallbackResourceIds": [],
-  "fromTemplateId": "sentinel-TailscalePremiumOperations",
+  "fallbackResourceIds": [
+    "Azure Monitor"
+  ],
+  "fromTemplateId": "sentinel-TailscalePremiumWorkbook",
   "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
 }
\ No newline at end of file
diff --git a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json
index 906a5b57f50..9aed3bfe696 100644
--- a/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
+++ b/Solutions/Tailscale (CCF)/Workbooks/TailscaleStandardOperations.json	
@@ -55,39 +55,6 @@
       },
       "name": "header"
     },
-    {
-      "type": 1,
-      "content": {
-        "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailnet at a glance</div>"
-      },
-      "name": "div-tailnet-at-a-glance-04e62b"
-    },
-    {
-      "type": 3,
-      "content": {
-        "version": "KqlItem/1.0",
-        "query": "let DEV = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\nlet USR = Tailscale_Users_CL   | summarize arg_max(TimeGenerated, *) by UserId;\nlet KEY = Tailscale_Keys_CL    | summarize arg_max(TimeGenerated, *) by KeyId;\nunion\n  (DEV | summarize V=toreal(count())                                            | extend Metric=\"Devices\",         Order=1),\n  (DEV | where Authorized == true                                               | summarize V=toreal(count()) | extend Metric=\"Authorized\",      Order=2),\n  (DEV | where UpdateAvailable == true                                          | summarize V=toreal(count()) | extend Metric=\"Updates Available\", Order=3),\n  (DEV | where SshEnabled == true                                               | summarize V=toreal(count()) | extend Metric=\"SSH-Enabled\",     Order=4),\n  (USR | summarize V=toreal(count())                                            | extend Metric=\"Users\",           Order=5),\n  (USR | where Role =~ \"admin\" or Role =~ \"owner\" or Role =~ \"network-admin\"    | summarize V=toreal(count()) | extend Metric=\"Admins\",          Order=6),\n  (KEY | where isnull(Revoked) and (isnull(Expires) or Expires > now())         | summarize V=toreal(count()) | extend Metric=\"Active Keys\",     Order=7),\n  (Tailscale_Audit_CL | where TimeGenerated {TimeRange} | summarize V=toreal(count()) | extend Metric=\"Audit Events ({TimeRange:label})\", Order=8)\n| order by Order asc | project Metric, Value=V",
-        "size": 3,
-        "queryType": 0,
-        "resourceType": "microsoft.operationalinsights/workspaces",
-        "visualization": "tiles",
-        "tileSettings": {
-          "titleContent": {
-            "columnMatch": "Metric",
-            "formatter": 1
-          },
-          "leftContent": {
-            "columnMatch": "Value",
-            "formatter": 12,
-            "formatOptions": {
-              "palette": "auto"
-            }
-          },
-          "showBorder": false
-        }
-      },
-      "name": "q-4e9d7cff"
-    },
     {
       "type": 11,
       "content": {
@@ -176,6 +143,39 @@
         "version": "NotebookGroup/1.0",
         "groupType": "editable",
         "items": [
+          {
+            "type": 1,
+            "content": {
+              "json": "<div style=\"border-left:4px solid #3b82f6;padding:8px 12px;margin:16px 0 8px 0;background:rgba(59,130,246,0.05);font-size:14px;font-weight:600;letter-spacing:0.3px;text-transform:uppercase;color:#94a3b8\">Tailnet at a glance</div>"
+            },
+            "name": "div-tailnet-at-a-glance-04e62b"
+          },
+          {
+            "type": 3,
+            "content": {
+              "version": "KqlItem/1.0",
+              "query": "let DEV = Tailscale_Devices_CL | summarize arg_max(TimeGenerated, *) by DeviceId;\nlet USR = Tailscale_Users_CL   | summarize arg_max(TimeGenerated, *) by UserId;\nlet KEY = Tailscale_Keys_CL    | summarize arg_max(TimeGenerated, *) by KeyId;\nunion\n  (DEV | summarize V=toreal(count())                                            | extend Metric=\"Devices\",         Order=1),\n  (DEV | where Authorized == true                                               | summarize V=toreal(count()) | extend Metric=\"Authorized\",      Order=2),\n  (DEV | where UpdateAvailable == true                                          | summarize V=toreal(count()) | extend Metric=\"Updates Available\", Order=3),\n  (DEV | where SshEnabled == true                                               | summarize V=toreal(count()) | extend Metric=\"SSH-Enabled\",     Order=4),\n  (USR | summarize V=toreal(count())                                            | extend Metric=\"Users\",           Order=5),\n  (USR | where Role =~ \"admin\" or Role =~ \"owner\" or Role =~ \"network-admin\"    | summarize V=toreal(count()) | extend Metric=\"Admins\",          Order=6),\n  (KEY | where isnull(Revoked) and (isnull(Expires) or Expires > now())         | summarize V=toreal(count()) | extend Metric=\"Active Keys\",     Order=7),\n  (Tailscale_Audit_CL | where TimeGenerated {TimeRange} | summarize V=toreal(count()) | extend Metric=\"Audit Events ({TimeRange:label})\", Order=8)\n| order by Order asc | project Metric, Value=V",
+              "size": 3,
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "visualization": "tiles",
+              "tileSettings": {
+                "titleContent": {
+                  "columnMatch": "Metric",
+                  "formatter": 1
+                },
+                "leftContent": {
+                  "columnMatch": "Value",
+                  "formatter": 12,
+                  "formatOptions": {
+                    "palette": "auto"
+                  }
+                },
+                "showBorder": false
+              }
+            },
+            "name": "q-4e9d7cff"
+          },
           {
             "type": 1,
             "content": {
@@ -303,41 +303,20 @@
                   "label": "Actor",
                   "type": 2,
                   "isRequired": false,
-                  "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where isnotempty(ActorLogin)\n| summarize Events=count() by ActorLogin\n| order by Events desc | take 50\n| project value=ActorLogin, label=strcat(ActorLogin, \" (\", Events, \")\")",
-                  "typeSettings": {
-                    "additionalResourceOptions": [
-                      "value::all"
-                    ],
-                    "showDefault": false
-                  },
-                  "queryType": 0,
-                  "resourceType": "microsoft.operationalinsights/workspaces",
-                  "value": "value::all"
-                },
-                {
-                  "id": "a9cf7907-f201-4725-a072-a8bd34bef74e",
-                  "version": "KqlParameterItem/1.0",
-                  "name": "SelectedDevice",
-                  "label": "Device",
-                  "type": 2,
-                  "isRequired": false,
-                  "query": "Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| order by LastSeen desc | take 100\n| project value=DeviceName, label=strcat(coalesce(DeviceName, Hostname), \" (\", User, \")\")",
+                  "query": "let opts = Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where isnotempty(ActorLogin)\n| summarize Events=count() by ActorLogin\n| project value=ActorLogin, label=strcat(ActorLogin, \" (\", tostring(Events), \" events)\");\n(print value=\"__ALL__\", label=\"(All actors)\")\n| union opts",
                   "typeSettings": {
-                    "additionalResourceOptions": [
-                      "value::all"
-                    ],
                     "showDefault": false
                   },
                   "queryType": 0,
                   "resourceType": "microsoft.operationalinsights/workspaces",
-                  "value": "value::all"
+                  "value": "__ALL__"
                 }
               ],
               "style": "pills",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces"
             },
-            "name": "investigate-pickers"
+            "name": "investigate-picker-actor"
           },
           {
             "type": 1,
@@ -350,12 +329,12 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where \"{SelectedActor}\" == \"value::all\" or ActorLogin == \"{SelectedActor}\"\n| summarize Events=count() by bin(TimeGenerated, 1h), Action\n| order by TimeGenerated asc",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where \"{SelectedActor}\" == \"__ALL__\" or ActorLogin == \"{SelectedActor}\"\n| summarize Events=count() by bin(TimeGenerated, 1h), Action\n| order by TimeGenerated asc",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "visualization": "timechart",
-              "title": "Actions over time for selected actor (or all actors)",
+              "title": "Actions over time -- actor: {SelectedActor:label}",
               "noDataMessage": "Select an actor from the Actor dropdown above, or leave on 'All' to see total activity.",
               "noDataMessageStyle": 5
             },
@@ -365,12 +344,12 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where \"{SelectedActor}\" == \"value::all\" or ActorLogin == \"{SelectedActor}\"\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\n| project TimeGenerated, ActorLogin, Action, TargetType, TargetName, Origin\n| order by TimeGenerated desc | take 100",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| where \"{SelectedActor}\" == \"__ALL__\" or ActorLogin == \"{SelectedActor}\"\n| extend TargetType=tostring(Target.type), TargetName=tostring(coalesce(Target.name, Target.id))\n| project TimeGenerated, ActorLogin, Action, TargetType, TargetName, Origin\n| order by TimeGenerated desc | take 100",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "visualization": "table",
-              "title": "Events from selected actor",
+              "title": "Recent events for actor: {SelectedActor:label}",
               "gridSettings": {
                 "formatters": [
                   {
@@ -384,6 +363,33 @@
             },
             "name": "q-a742f6fd"
           },
+          {
+            "type": 9,
+            "content": {
+              "version": "KqlParameterItem/1.0",
+              "parameters": [
+                {
+                  "id": "a9cf7907-f201-4725-a072-a8bd34bef74e",
+                  "version": "KqlParameterItem/1.0",
+                  "name": "SelectedDevice",
+                  "label": "Device",
+                  "type": 2,
+                  "isRequired": false,
+                  "query": "let opts = Tailscale_Devices_CL\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| order by LastSeen desc | take 100\n| project value=DeviceName, label=strcat(coalesce(DeviceName, Hostname), \" (\", User, \")\");\n(print value=\"__ALL__\", label=\"(All devices)\")\n| union opts",
+                  "typeSettings": {
+                    "showDefault": false
+                  },
+                  "queryType": 0,
+                  "resourceType": "microsoft.operationalinsights/workspaces",
+                  "value": "__ALL__"
+                }
+              ],
+              "style": "pills",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces"
+            },
+            "name": "investigate-picker-device"
+          },
           {
             "type": 1,
             "content": {
@@ -395,12 +401,12 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Devices_CL\n| where \"{SelectedDevice}\" == \"value::all\" or DeviceName == \"{SelectedDevice}\"\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| extend OnlineNow = ClientConnectivity.endpoints != \"\" or ConnectedToControl == true\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, Expires, KeyExpiryDisabled, OnlineNow, Addresses, Tags, AdvertisedRoutes",
+              "query": "Tailscale_Devices_CL\n| where \"{SelectedDevice}\" == \"__ALL__\" or DeviceName == \"{SelectedDevice}\"\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| extend OnlineNow = ClientConnectivity.endpoints != \"\" or ConnectedToControl == true\n| project DeviceName, Hostname, User, Os, ClientVersion, UpdateAvailable, Authorized, IsExternal, SshEnabled, LastSeen, Expires, KeyExpiryDisabled, OnlineNow, Addresses, Tags, AdvertisedRoutes",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "visualization": "table",
-              "title": "Device summary",
+              "title": "Summary for device: {SelectedDevice:label}",
               "noDataMessage": "Select a device from the Device dropdown above. Defaults to 'All'.",
               "noDataMessageStyle": 5
             },
@@ -410,12 +416,12 @@
             "type": 3,
             "content": {
               "version": "KqlItem/1.0",
-              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend TargetType=tostring(Target.type), TargetName=tostring(Target.name), TargetId=tostring(Target.id)\n| where (\"{SelectedDevice}\" == \"value::all\" and TargetType == \"NODE\") or TargetName == \"{SelectedDevice}\"\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| project TimeGenerated, Action, ActorLogin, TargetName, TargetId, Origin\n| order by TimeGenerated desc | take 100",
+              "query": "Tailscale_Audit_CL\n| where TimeGenerated {TimeRange}\n| extend TargetType=tostring(Target.type), TargetName=tostring(Target.name), TargetId=tostring(Target.id)\n| where (\"{SelectedDevice}\" == \"__ALL__\" and TargetType == \"NODE\") or TargetName == \"{SelectedDevice}\"\n| extend ActorLogin=tostring(coalesce(Actor.loginName, Actor.displayName))\n| project TimeGenerated, Action, ActorLogin, TargetName, TargetId, Origin\n| order by TimeGenerated desc | take 100",
               "size": 0,
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "visualization": "table",
-              "title": "Audit events touching this device",
+              "title": "Audit events touching device: {SelectedDevice:label}",
               "gridSettings": {
                 "formatters": [
                   {
@@ -477,7 +483,7 @@
                 ]
               },
               "noDataMessage": "Every actor seen in the last 24h has appeared at least once in the prior 30d. Healthy state.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-9ba7b85e"
           },
@@ -507,7 +513,7 @@
                 ]
               },
               "noDataMessage": "No off-hours admin changes recorded - healthy state for an organisation working business hours.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-721ee490"
           },
@@ -537,7 +543,7 @@
                 ]
               },
               "noDataMessage": "No devices have key expiry disabled - good. Disabling key expiry creates devices that never re-auth, drifting from policy.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-8a8e2fb5"
           },
@@ -567,7 +573,7 @@
                 ]
               },
               "noDataMessage": "No never-expiring auth keys - rotation hygiene is good.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-1372740c"
           },
@@ -597,7 +603,7 @@
                 ]
               },
               "noDataMessage": "All devices on current client - nothing to patch.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-ecebf1f7"
           },
@@ -634,7 +640,7 @@
                 ]
               },
               "noDataMessage": "No devices idle 30+ days - inventory is fresh.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-fb6c1fcc"
           },
@@ -664,7 +670,7 @@
                 ]
               },
               "noDataMessage": "No devices advertising subnet routes. Pure mesh topology.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-9533b081"
           },
@@ -694,7 +700,7 @@
                 ]
               },
               "noDataMessage": "No devices have Tailscale SSH enabled - no SSH-via-Tailscale risk surface.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-735368fb"
           }
@@ -844,11 +850,11 @@
                   },
                   {
                     "columnMatch": "Role",
-                    "formatter": 11
+                    "formatter": 1
                   },
                   {
                     "columnMatch": "Status",
-                    "formatter": 11
+                    "formatter": 1
                   },
                   {
                     "columnMatch": "DeviceCount",
@@ -892,7 +898,7 @@
                 ]
               },
               "noDataMessage": "Every active account has at least one device - good hygiene.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-83fcd942"
           },
@@ -921,12 +927,12 @@
                   },
                   {
                     "columnMatch": "ToRole",
-                    "formatter": 11
+                    "formatter": 1
                   }
                 ]
               },
               "noDataMessage": "No role changes in this window.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-f6c8358a"
           }
@@ -1052,12 +1058,12 @@
                   },
                   {
                     "columnMatch": "Issues",
-                    "formatter": 11
+                    "formatter": 1
                   }
                 ]
               },
               "noDataMessage": "No devices need attention - all updated, fresh, authorized, and key-rotating.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-dc5db84c"
           },
@@ -1086,11 +1092,11 @@
                   },
                   {
                     "columnMatch": "Os",
-                    "formatter": 11
+                    "formatter": 1
                   },
                   {
                     "columnMatch": "ClientVersion",
-                    "formatter": 11
+                    "formatter": 1
                   }
                 ]
               }
@@ -1123,7 +1129,7 @@
                 ]
               },
               "noDataMessage": "No subnet routers in this tailnet - pure mesh topology.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-5004df25"
           }
@@ -1239,11 +1245,11 @@
                   },
                   {
                     "columnMatch": "ExpiryStatus",
-                    "formatter": 11
+                    "formatter": 1
                   },
                   {
                     "columnMatch": "KeyType",
-                    "formatter": 11
+                    "formatter": 1
                   }
                 ]
               }
@@ -1276,7 +1282,7 @@
                 ]
               },
               "noDataMessage": "No credential CRUD activity in this window.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-777693bd"
           }
@@ -1395,7 +1401,7 @@
                   },
                   {
                     "columnMatch": "Action",
-                    "formatter": 11
+                    "formatter": 1
                   }
                 ]
               },
@@ -1444,7 +1450,7 @@
                   },
                   {
                     "columnMatch": "ConfigType",
-                    "formatter": 11
+                    "formatter": 1
                   }
                 ]
               },
@@ -1501,7 +1507,7 @@
                 ]
               },
               "noDataMessage": "No DNS changes in this window.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-a132ff6a"
           },
@@ -1531,7 +1537,7 @@
                 ]
               },
               "noDataMessage": "No ACL changes in this window.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-94818c53"
           },
@@ -1561,7 +1567,7 @@
                 ]
               },
               "noDataMessage": "No subnet routers active in this tailnet.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-61a792cd"
           }
@@ -1641,7 +1647,7 @@
                   },
                   {
                     "columnMatch": "Status",
-                    "formatter": 11
+                    "formatter": 1
                   }
                 ]
               }
@@ -1673,12 +1679,12 @@
                   },
                   {
                     "columnMatch": "Level",
-                    "formatter": 11
+                    "formatter": 1
                   }
                 ]
               },
               "noDataMessage": "No operational issues recorded in the last 24h.",
-              "noDataMessageStyle": 5
+              "noDataMessageStyle": 1
             },
             "name": "q-b492f150"
           }

From 40c18b8d4b9030ee6e0e200342b32d46404d90cd Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 19 May 2026 12:45:02 +0100
Subject: [PATCH 17/27] docs(tailscale): credit Tailscale for tailnet upgrade
 enabling Premium build

Adds an Acknowledgements section (and table-of-contents entry) thanking
Tailscale for upgrading the maintainer's tailnet to Premium. That access
was the prerequisite for building and validating the Premium-tier
features against live API responses: network flow log ingestion, posture
integration inventory, the seven Premium analytic rules, the five
Premium hunting queries, and the Premium Operations workbook. Without
it the Premium connector would have shipped speculatively rather than
end-to-end verified.
---
 Solutions/Tailscale (CCF)/README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Solutions/Tailscale (CCF)/README.md b/Solutions/Tailscale (CCF)/README.md
index 4907d86e4ac..e4adaa5fb1c 100644
--- a/Solutions/Tailscale (CCF)/README.md	
+++ b/Solutions/Tailscale (CCF)/README.md	
@@ -24,6 +24,7 @@ Microsoft Sentinel solution that ingests Tailscale identity, device, configurati
 10. [Limitations](#10-limitations)
 11. [Troubleshooting](#11-troubleshooting)
 12. [Support](#12-support)
+13. [Acknowledgements](#13-acknowledgements)
 
 ---
 
@@ -340,3 +341,9 @@ This is a Community-tier solution. Bugs, feature requests, and PRs:
 - **Maintainer**: noodlemctwoodle
 
 No SLA - the maintainer responds when convenient. PRs that include tests + a reproducer trip the response time considerably.
+
+---
+
+## 13. Acknowledgements
+
+Thanks to [Tailscale](https://tailscale.com/) for upgrading the maintainer's tailnet to Premium so the Premium-tier features of this solution (network flow log ingestion, posture integration inventory, the seven Premium analytic rules, the five Premium hunting queries, and the Premium Operations workbook) could be built, validated against live API responses, and shipped. Without that access, the Premium connector would have been speculative - the published version is end-to-end verified.

From caabafc25ea5e496d44a889791a80475d0c2b3ba Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 19 May 2026 12:46:04 +0100
Subject: [PATCH 18/27] docs(tailscale): refine Tailscale acknowledgement -
 flow logs, no trial limit

Updates the Acknowledgements section to credit Tailscale more accurately:
they enabled Network Flow Logs on the maintainer's tailnet WITHOUT the
usual 30-60 day trial restriction, allowing open-ended development and
validation against live API data instead of working against a feature
timeout. That open-ended access (not just a generic Premium upgrade) is
what made the Premium connector end-to-end verifiable.
---
 Solutions/Tailscale (CCF)/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Solutions/Tailscale (CCF)/README.md b/Solutions/Tailscale (CCF)/README.md
index e4adaa5fb1c..266838c5e0f 100644
--- a/Solutions/Tailscale (CCF)/README.md	
+++ b/Solutions/Tailscale (CCF)/README.md	
@@ -346,4 +346,4 @@ No SLA - the maintainer responds when convenient. PRs that include tests + a rep
 
 ## 13. Acknowledgements
 
-Thanks to [Tailscale](https://tailscale.com/) for upgrading the maintainer's tailnet to Premium so the Premium-tier features of this solution (network flow log ingestion, posture integration inventory, the seven Premium analytic rules, the five Premium hunting queries, and the Premium Operations workbook) could be built, validated against live API responses, and shipped. Without that access, the Premium connector would have been speculative - the published version is end-to-end verified.
+Thanks to [Tailscale](https://tailscale.com/) for enabling Network Flow Logs on the maintainer's tailnet - and crucially, without the usual 30-60 day trial restriction - so the Premium-tier features of this solution could be built, validated against live API responses, and shipped without development being interrupted by a feature timeout. That open-ended access is what made it possible to develop and verify the network flow log ingestion (`Tailscale_Network_CL`), posture integration inventory, the seven Premium analytic rules, the five Premium hunting queries, and the Premium Operations workbook end-to-end against real data. Without that support the Premium connector would have shipped speculatively rather than verified.

From 7edc476d91ca1ecf7594b14e2b310b7ce0905caa Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 19 May 2026 12:47:43 +0100
Subject: [PATCH 19/27] docs(tailscale): tighten Tailscale acknowledgement to
 generic thanks

Replaces specifics about what Tailscale did (Network Flow Logs enablement,
no trial restriction) with a generic thank-you. The earlier text could
inadvertently encourage other developers to request the same arrangement;
not the maintainer's intent. The thanks remains, the mechanism does not.
---
 Solutions/Tailscale (CCF)/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Solutions/Tailscale (CCF)/README.md b/Solutions/Tailscale (CCF)/README.md
index 266838c5e0f..623098b6abf 100644
--- a/Solutions/Tailscale (CCF)/README.md	
+++ b/Solutions/Tailscale (CCF)/README.md	
@@ -346,4 +346,4 @@ No SLA - the maintainer responds when convenient. PRs that include tests + a rep
 
 ## 13. Acknowledgements
 
-Thanks to [Tailscale](https://tailscale.com/) for enabling Network Flow Logs on the maintainer's tailnet - and crucially, without the usual 30-60 day trial restriction - so the Premium-tier features of this solution could be built, validated against live API responses, and shipped without development being interrupted by a feature timeout. That open-ended access is what made it possible to develop and verify the network flow log ingestion (`Tailscale_Network_CL`), posture integration inventory, the seven Premium analytic rules, the five Premium hunting queries, and the Premium Operations workbook end-to-end against real data. Without that support the Premium connector would have shipped speculatively rather than verified.
+Thanks to [Tailscale](https://tailscale.com/) for the support that made the Premium-tier features of this solution (network flow log ingestion, posture integration inventory, the seven Premium analytic rules, the five Premium hunting queries, and the Premium Operations workbook) buildable and verifiable against live data.

From dff0769568a78e4cbb9570836a19dfde832e412d Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 19 May 2026 12:52:03 +0100
Subject: [PATCH 20/27] docs(tailscale): sync README with current content
 counts and schema

The README had drifted behind several rounds of content additions and
schema work. Now matches the shipped 3.0.0 solution exactly.

Header / tier-comparison counts:
- 22 -> 24 analytic rules (Standard 15 -> 16, Premium 7 -> 8).
- 17 -> 22 hunting queries (Standard 12 unchanged, Premium 5 -> 10).

Table column counts (section 5):
- Tailscale_Audit_CL: 9 -> 11 cols (EventType + ActionDetails were added
  to the streamDecl + transform in earlier dev iterations, README never
  followed).
- Tailscale_Network_CL: 10 -> 27 cols (15 cols promoted from
  srcNode/dstNodes plus 5 traffic-shape/relay flags).
- Added a new prose paragraph in section 5 highlighting Network_CL as
  the richest event table alongside Devices_CL, with the promoted-column
  list so hunting authors know what is available without JSON traversal.

Analytic rules section (section 6):
- Standard tier Identity & access: added "OAuth client or API key created
  with write scopes" (High, Persistence + PrivilegeEscalation) - fires on
  any granted :write scope.
- Premium tier: added "DERP relay traffic surge" (Low, CommandAndControl,
  T1572) - fires when >75% of a source node's recent flows fall back to
  DERP relay.

Hunting queries section (section 7):
- Premium tier added 5 new entries: Cross-tag flow matrix, Persistent
  DERP relay usage, Off-hours flows, Tagged service fan-in, Multi-device
  users (each with tactics + use case).

Architecture (section 9):
- "How three DNS endpoints become one table" rewritten to explain the
  two different mechanisms the Standard and Premium connectors use to
  land into Tailscale_Dns_CL. Standard: 3-streams-in, 3 dataFlows.
  Premium: 1 unified DnsConfig stream, 1 dataFlow (Premium would
  otherwise be at 11 dataFlows, Azure caps at 10).

Troubleshooting (section 11):
- Removed obsolete "current version (3.0.2+) polls with ?fields=all"
  reference. With 3.0.0 as the upstream first release that historical
  caveat no longer makes sense; rephrased as a generic
  transform-projection check.
---
 Solutions/Tailscale (CCF)/README.md | 45 ++++++++++++++++++++---------
 1 file changed, 32 insertions(+), 13 deletions(-)

diff --git a/Solutions/Tailscale (CCF)/README.md b/Solutions/Tailscale (CCF)/README.md
index 623098b6abf..15a4b9014ce 100644
--- a/Solutions/Tailscale (CCF)/README.md	
+++ b/Solutions/Tailscale (CCF)/README.md	
@@ -3,8 +3,8 @@
 Microsoft Sentinel solution that ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via the OAuth2-secured Tailscale API. Built on the Codeless Connector Framework (CCF) - no Function App or container required.
 
 - **2 data connectors** (Standard, Premium) - install whichever matches your Tailscale plan
-- **22 analytic rules** (15 Standard + 7 Premium-only)
-- **17 hunting queries** (12 Standard + 5 Premium-only)
+- **24 analytic rules** (16 Standard + 8 Premium-only)
+- **22 hunting queries** (12 Standard + 10 Premium-only)
 - **2 workbooks** (Standard Operations, Premium Operations)
 - **9 custom tables** ingested via 9-11 polling rules behind a single Connect button
 
@@ -37,8 +37,8 @@ Install **one** of the two connectors based on your Tailscale plan. The split mi
 | **Tailscale plan** | Personal (Free), Starter, Premium\* | Premium, Enterprise |
 | **Pollers behind one Connect** | 9 | 11 |
 | **Custom tables created** | 7 | 9 |
-| **Analytic rules wired** | 15 | 22 (Standard 15 + Premium 7) |
-| **Hunting queries wired** | 12 | 17 (Standard 12 + Premium 5) |
+| **Analytic rules wired** | 16 | 24 (Standard 16 + Premium 8) |
+| **Hunting queries wired** | 12 | 22 (Standard 12 + Premium 10) |
 | **Workbook** | Standard Operations | Premium Operations |
 | **Network flow logs** | not exposed by API | `Tailscale_Network_CL` |
 | **Posture integrations** | not exposed by API | `Tailscale_PostureIntegrations_CL` |
@@ -135,19 +135,19 @@ All tables are Log Analytics custom tables (`_CL`) populated via Sentinel CCF po
 
 | Table | Cols | Cadence | Source endpoint | Tier |
 |---|---|---|---|---|
-| `Tailscale_Audit_CL` | 9 | 5 min | `/logging/configuration` | Standard + Premium |
+| `Tailscale_Audit_CL` | 11 | 5 min | `/logging/configuration` | Standard + Premium |
 | `Tailscale_Devices_CL` | 27 | 60 min | `/devices?fields=all` | Standard + Premium |
 | `Tailscale_Users_CL` | 13 | 60 min | `/users` | Standard + Premium |
 | `Tailscale_Keys_CL` | 10 | 60 min | `/keys?all=true` | Standard + Premium |
 | `Tailscale_Webhooks_CL` | 8 | 60 min | `/webhooks` | Standard + Premium |
 | `Tailscale_Settings_CL` | 9 | 60 min | `/settings` | Standard + Premium |
 | `Tailscale_Dns_CL` | 5 | 60 min | merged from `/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths` | Standard + Premium |
-| `Tailscale_Network_CL` | 10 | 5 min | `/logging/network` | Premium only |
+| `Tailscale_Network_CL` | 27 | 5 min | `/logging/network` | Premium only |
 | `Tailscale_PostureIntegrations_CL` | 8 | 60 min | `/posture/integrations` | Premium only |
 
 **Snapshot semantics.** All `_CL` tables except `Audit` and `Network` are snapshot tables - each poll writes the full current state of the endpoint. Use `summarize arg_max(TimeGenerated, *) by <key>` to get the latest snapshot. The 5-min audit and network tables are append-only event streams.
 
-**`Tailscale_Devices_CL` is the richest table** at 27 columns. The 5 most interesting columns for detection are surfaced via `?fields=all`:
+**`Tailscale_Devices_CL` is the richest snapshot table** at 27 columns. The 5 most interesting columns for detection are surfaced via `?fields=all`:
 
 - `AdvertisedRoutes` / `EnabledRoutes` - dynamic arrays of CIDRs the device offers/has approved
 - `SshEnabled` - bool, is Tailscale SSH active on this device
@@ -155,17 +155,25 @@ All tables are Log Analytics custom tables (`_CL`) populated via Sentinel CCF po
 - `TailnetLockKey` / `TailnetLockError` - cryptographic node-key validation state
 - `UpdateAvailable` - bool, client behind latest release
 
+**`Tailscale_Network_CL` is the richest event table** (Premium only) at 27 columns. The DCR transform promotes the most useful inner-object fields out of the source `srcNode` / `dstNodes` dynamics so hunting queries don't have to traverse dynamic JSON:
+
+- `SrcUser` / `SrcNodeName` / `SrcOs` / `SrcTags` / `SrcAddresses` - src device identity + tagging
+- `DstCount` / `DstNodeId` / `DstNodeName` / `DstUser` / `DstOs` / `DstTags` / `DstAddresses` - dst device identity + tagging
+- `HasVirtualTraffic` / `HasSubnetTraffic` / `HasExitTraffic` / `HasPhysicalTraffic` - traffic-shape flags
+- `IsRelayed` - bool, true when the flow used a DERP relay (detected via `127.3.3.40` in `physicalTraffic`)
+
 ---
 
 ## 6. Analytic rules
 
-### Standard tier (15 rules)
+### Standard tier (16 rules)
 
-**Identity & access (4)**
+**Identity & access (5)**
 
 | Rule | Severity | Tactics | What it watches |
 |---|---|---|---|
 | New API access token or OAuth client created | Medium | Persistence, CredentialAccess | New `API_ACCESS_TOKEN_CREATE` / `OAUTH_CLIENT_CREATE` audit events |
+| OAuth client or API key created with write scopes | High | Persistence, PrivilegeEscalation | New OAuth client or API key whose granted scopes include any `:write` permission |
 | Auth key created | Low | Persistence | Any new auth key (incl. ephemeral / reusable / preauthorized) |
 | User role elevated to admin or owner | High | PrivilegeEscalation, Persistence | `USER_ROLE_UPDATE` audit events targeting `admin` or `owner` |
 | Unauthorized device connected to control plane | High | InitialAccess, Persistence | `Authorized=false AND ConnectedToControl=true` in devices snapshot |
@@ -201,13 +209,14 @@ All tables are Log Analytics custom tables (`_CL`) populated via Sentinel CCF po
 | MagicDNS disabled | Medium | DefenseEvasion | `MAGICDNS_DISABLE` audit event |
 | Split-DNS configuration modified | High | DefenseEvasion, CommandAndControl | `SPLIT_DNS_UPDATE` audit events (per-domain DNS override) |
 
-### Premium tier (additional 7 rules)
+### Premium tier (additional 8 rules)
 
 These require `Tailscale_Network_CL` (flow logs) or `Tailscale_PostureIntegrations_CL`.
 
 | Rule | Severity | Tactics | What it watches |
 |---|---|---|---|
 | Network flow beaconing detected | Medium | CommandAndControl, Exfiltration | Regular periodic flows from a single source over 24h (jitter-tolerant) |
+| DERP relay traffic surge | Low | CommandAndControl | More than 75% of a source node's recent flows fell back to DERP relay (`IsRelayed=true`); signals NAT/firewall failure, UDP-blocking middlebox, or attempted evasion |
 | Large outbound transfer over tailnet | Medium | Exfiltration, Collection | Single flow tx-bytes > 1GB in any 5-min window |
 | Mass fan-out from single node | High | Discovery, LateralMovement | Source node initiated flows to N+ distinct destinations within 5 min |
 | Subnet router throughput anomaly | Low | Exfiltration, CommandAndControl | Subnet-router src->dst throughput exceeds 3-sigma of its 7-day baseline |
@@ -236,14 +245,19 @@ These require `Tailscale_Network_CL` (flow logs) or `Tailscale_PostureIntegratio
 | External (shared-in) device inventory | InitialAccess | Devices admitted via Tailscale sharing |
 | Subnet router CIDR exposure inventory | LateralMovement | Every CIDR currently bridged into the tailnet |
 
-### Premium (5)
+### Premium (10)
 
 | Query | Tactics | Use case |
 |---|---|---|
 | Beaconing candidates (regular periodic flows) | CommandAndControl, Exfiltration | Looser threshold than the analytic rule - investigation aid |
+| Cross-tag flow matrix | LateralMovement, Discovery | Flows pivoted by src-tag x dst-tag over 7 days; surfaces tag-to-same-tag loops as worm/service-mesh signal |
+| Devices with persistent DERP relay usage | CommandAndControl | Devices that consistently fall back to DERP relay over 24h; long-window companion to the surge rule |
 | Exit-node usage patterns | CommandAndControl, Exfiltration | Who uses which exit node, how often, how much data |
 | New src->dst node pairs (lateral movement candidates) | LateralMovement, Discovery | First-time observed flow pair vs 7-day baseline |
+| Network flows outside business hours | Exfiltration, CommandAndControl | Off-hours flows with `TaggedSource` discriminator to separate service-account from human activity |
+| Tagged services with broad inbound exposure | LateralMovement, InitialAccess | Tagged services ranked by inbound `DistinctSrcDevices` / `DistinctSrcUsers` / `DistinctSrcOs` - surfaces ACL drift |
 | Top talkers by bytes (virtual traffic) | Exfiltration, Collection | Highest tx/rx nodes over time window |
+| Users generating traffic from multiple devices | InitialAccess, Persistence | Multi-device users joined against `Tailscale_Devices_CL.Created` to flag newly-added devices |
 | Current posture integration inventory | DefenseEvasion | Snapshot of every posture integration and its enabled state |
 
 ---
@@ -278,7 +292,12 @@ Tailscale's `/logging/configuration`, `/logging/network`, posture, and DNS endpo
 
 ### How three DNS endpoints become one table
 
-Tailscale exposes DNS configuration across three endpoints (`/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths`). Rather than create three tables, the DCR uses a **multi-stream-in / single-stream-out** pattern: each poller writes to its own input stream (`Custom-Tailscale_DnsNameservers`, `Custom-Tailscale_DnsPreferences`, `Custom-Tailscale_DnsSearchPaths`), three `dataFlows` transform each with a `ConfigType` discriminator column into one output stream (`Custom-Tailscale_Dns_CL`). Net result: one table to query with a `ConfigType` filter.
+Tailscale exposes DNS configuration across three endpoints (`/dns/nameservers`, `/dns/preferences`, `/dns/searchpaths`) but the Sentinel UX is cleaner with one logical table. Both connectors land all three into a single `Tailscale_Dns_CL` table with a `ConfigType` discriminator column - the mechanism differs by connector because Azure DCRs are capped at 10 `dataFlows` and the Premium connector is already at the limit:
+
+- **Standard connector** (7 tables, 9 dataFlows): each DNS poller writes to its own input stream (`Custom-Tailscale_DnsNameservers_CL`, `Custom-Tailscale_DnsPreferences_CL`, `Custom-Tailscale_DnsSearchPaths_CL`) and three separate `dataFlows` apply per-source transforms before merging into the shared `Tailscale_Dns_CL` output.
+- **Premium connector** (9 tables, 9 dataFlows): all three DNS pollers write to a single unified input stream (`Custom-Tailscale_DnsConfig_CL`) so the DCR uses just one `dataFlow` for DNS. Without this consolidation the Premium DCR would be at 11 dataFlows and Azure would reject the deployment.
+
+Net effect for the operator is identical: one table, filter by `ConfigType`.
 
 ### Cadence rationale
 
@@ -321,7 +340,7 @@ Almost always a missing OAuth scope. Tailscale returns HTTP 200 with empty data
 
 ### `Tailscale_Devices_CL` is missing `AdvertisedRoutes`, `SshEnabled`, etc.
 
-Older versions of this connector polled `/devices` without `?fields=all`. The current version (3.0.2+) polls with `?fields=all`. If you're on an older version, reinstall from Content Hub then click Connect again.
+The connector polls `/devices?fields=all`. If those columns are empty in your workspace, the most likely cause is that the DCR transform isn't projecting them - confirm the deployed `dcr-tailscale*` DCR `transformKql` matches the version in this solution and re-Connect.
 
 ### OAuth deployment fails with "Invalid Token Endpoint query parameters"
 

From a1221a941217f8e57b2d2f3386fd6caba0d8c68e Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 19 May 2026 12:54:05 +0100
Subject: [PATCH 21/27] docs(tailscale): drop VPN-tunnel-events bullet, sync
 Premium counts

Removes the "No VPN tunnel events" limitation bullet - it framed an
upstream Tailscale platform decision as a missing feature with a "file a
feature request" suggestion, which reads as backhanded in a README that
now publicly thanks Tailscale for enabling the Premium build. If the
absence ever matters operationally, ops can investigate at that point.

Also fixes the stale Premium counts in the adjacent "Network flow logs
are Premium-only" bullet: seven rules / five hunts -> eight rules /
ten hunts, matching the rest of the README.
---
 Solutions/Tailscale (CCF)/README.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Solutions/Tailscale (CCF)/README.md b/Solutions/Tailscale (CCF)/README.md
index 15a4b9014ce..454ab280103 100644
--- a/Solutions/Tailscale (CCF)/README.md	
+++ b/Solutions/Tailscale (CCF)/README.md	
@@ -308,8 +308,7 @@ Net effect for the operator is identical: one table, filter by `ConfigType`.
 
 ## 10. Limitations
 
-- **No VPN tunnel events.** Tailscale doesn't expose per-tunnel connect/disconnect events via API. This is a Tailscale platform limitation, not a solution one - if it matters, file a feature request with Tailscale.
-- **Network flow logs are Premium-only.** The seven Premium rules and five Premium hunts depend on `Tailscale_Network_CL` and won't run on a Standard install.
+- **Network flow logs are Premium-only.** The eight Premium rules and ten Premium hunts depend on `Tailscale_Network_CL` and won't run on a Standard install.
 - **Microsoft pre-built "Network Session Essentials" rules don't auto-cover this data.** Workspace-level ASIM functions (`_Im_NetworkSession` and similar) are sealed and can't be extended from Solutions. To use Microsoft's pre-built network-session detections on Tailscale data, clone the relevant rules and point them at `imNetworkSession` (a non-underscore workspace function that unions Microsoft built-ins with our `vimNetworkSessionTailscale` parser) - included in this solution.
 - **Snapshot tables overwrite, they don't diff.** Each 60-min snapshot is a complete current-state poll, not a delta. Rules that need transition detection (e.g. "SSH newly enabled") compare the latest snapshot against a 24-hour baseline.
 

From 8c334078cd569e3771c17439ab329428d61871f4 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 19 May 2026 12:55:31 +0100
Subject: [PATCH 22/27] docs(tailscale): replace fictional ASIM-parser claim
 with a planned-work note

The README claimed Tailscale (CCF) shipped a vimNetworkSessionTailscale
parser and an imNetworkSession workspace function. Neither exists -
there is no Parsers/ directory, no parser file under Data Connectors/,
and Solution_Tailscale.json has no Parsers section. Only the README
itself referenced those names.

Replaces the bullet with an accurate "planned follow-up release" note so
users aren't led to look for files that aren't there. Building the real
parser (mapping the 17 promoted Tailscale_Network_CL columns to ASIM
NetworkSession fields + wiring imNetworkSession) is meaningful follow-up
work outside 3.0.0 scope.
---
 Solutions/Tailscale (CCF)/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Solutions/Tailscale (CCF)/README.md b/Solutions/Tailscale (CCF)/README.md
index 454ab280103..6ad0011d157 100644
--- a/Solutions/Tailscale (CCF)/README.md	
+++ b/Solutions/Tailscale (CCF)/README.md	
@@ -309,7 +309,7 @@ Net effect for the operator is identical: one table, filter by `ConfigType`.
 ## 10. Limitations
 
 - **Network flow logs are Premium-only.** The eight Premium rules and ten Premium hunts depend on `Tailscale_Network_CL` and won't run on a Standard install.
-- **Microsoft pre-built "Network Session Essentials" rules don't auto-cover this data.** Workspace-level ASIM functions (`_Im_NetworkSession` and similar) are sealed and can't be extended from Solutions. To use Microsoft's pre-built network-session detections on Tailscale data, clone the relevant rules and point them at `imNetworkSession` (a non-underscore workspace function that unions Microsoft built-ins with our `vimNetworkSessionTailscale` parser) - included in this solution.
+- **No ASIM NetworkSession parser yet.** Microsoft's pre-built "Network Session Essentials" detections won't auto-cover Tailscale data in 3.0.0 - a `vimNetworkSessionTailscale` parser mapping `Tailscale_Network_CL` to the ASIM NetworkSession schema is planned for a follow-up release. Until then use the analytic rules and hunting queries shipped in this solution.
 - **Snapshot tables overwrite, they don't diff.** Each 60-min snapshot is a complete current-state poll, not a delta. Rules that need transition detection (e.g. "SSH newly enabled") compare the latest snapshot against a 24-hour baseline.
 
 ---

From 0beedf0e099d748f9fab31179dc1d0147aa1dfc9 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 19 May 2026 13:07:47 +0100
Subject: [PATCH 23/27] feat(tailscale): add vimNetworkSessionTailscale ASIM
 NetworkSession parser

Implements the ASIM NetworkSession parser the README previously promised
but didn't ship. Maps Tailscale_Network_CL (Premium-only flow logs) to
the ASIM NetworkSession schema (v0.2.6) so Microsoft's Network Session
Essentials pre-built detections can be cloned and re-pointed at Tailscale
data with a one-line query change.

Files:
- Parsers/vimNetworkSessionTailscale.yaml - full parser. Unions flows
  from VirtualTraffic (NetworkDirection=Local), SubnetTraffic and
  ExitTraffic (NetworkDirection=Outbound), parsing the "host:port" /
  "[ipv6]:port" / bare-IP forms into SrcIpAddr/SrcPortNumber/DstIpAddr/
  DstPortNumber. Maps every promoted column from the 3.1.0 schema
  expansion onto its ASIM equivalent: SrcNodeName -> SrcHostname,
  SrcUser -> SrcUsername, SrcOs -> SrcDvcOs, SrcTags retained via Dvc,
  DstNodeName -> DstHostname, DstUser -> DstUsername, DstOs -> DstDvcOs.
  Synthesises NetworkProtocol from proto (1/6/17/58 -> ICMP/TCP/UDP/
  ICMPv6), NetworkBytes/NetworkPackets, EventStartTime/EventEndTime
  from FlowStart/FlowEnd, and the standard EventProduct/EventVendor/
  EventSchema constants. PhysicalTraffic deliberately excluded - it is
  transport-layer (WireGuard/DERP endpoints) rather than logical user
  session.
- Parsers/ASimNetworkSessionTailscale.yaml - thin wrapper aliasing
  vimNetworkSessionTailscale. Present so ASIM-convention call sites
  using ASimNetworkSession<Source> naming work without modification.

Schema discovery / why this format:
- V3 packaging tool reads Function: schema (FunctionName / FunctionAlias /
  FunctionQuery), not the upstream ASIM Parser: schema (ParserName /
  ParserParams / ParserQuery) which is reserved for Parsers/ASimNetworkSession/
  central repo. Authored both parsers in the Function-schema form so
  the V3 build correctly populates parserObject{1,2}._parserName{1,2}
  with the actual function names. Without this, the workspace
  savedSearch resources end up with empty names (verified pre-fix).
- Function-schema savedSearch functions don't expose signature
  parameters, so the standard ASIM filter-pushdown params (starttime,
  srcipaddr_has_any_prefix, etc.) cannot be honoured. Users apply
  filters as post-call where clauses: vimNetworkSessionTailscale
  | where EventStartTime > ago(1d) | where DstPortNumber == 443.

Wiring:
- Solution_Tailscale.json: added Parsers: [...] array with both files.
- README.md header bullet list: added "2 ASIM NetworkSession parsers"
  alongside data connectors / rules / hunts / workbooks / tables.
- README.md section 10 Limitations: prior text already rewritten in
  the previous commit to describe the parser; no further update needed.

Package regenerated; ARM-TTK 48/48 verified after .local-helpers/
finalize-tailscale-package.py strip + 3.0.0 pin.
---
 .../Data/Solution_Tailscale.json              |   4 +
 Solutions/Tailscale (CCF)/Package/3.0.0.zip   | Bin 77845 -> 79745 bytes
 .../Package/createUiDefinition.json           |   2 +-
 .../Tailscale (CCF)/Package/mainTemplate.json | 578 +++++++++++++-----
 .../Parsers/ASimNetworkSessionTailscale.yaml  |  10 +
 .../Parsers/vimNetworkSessionTailscale.yaml   |  96 +++
 Solutions/Tailscale (CCF)/README.md           |   3 +-
 7 files changed, 546 insertions(+), 147 deletions(-)
 create mode 100644 Solutions/Tailscale (CCF)/Parsers/ASimNetworkSessionTailscale.yaml
 create mode 100644 Solutions/Tailscale (CCF)/Parsers/vimNetworkSessionTailscale.yaml

diff --git a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json
index edd83d9d060..52ad7fdb74f 100644
--- a/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
+++ b/Solutions/Tailscale (CCF)/Data/Solution_Tailscale.json	
@@ -65,5 +65,9 @@
     "Workbooks/TailscaleStandardOperations.json",
     "Workbooks/TailscalePremiumOperations.json"
   ],
+  "Parsers": [
+    "Parsers/vimNetworkSessionTailscale.yaml",
+    "Parsers/ASimNetworkSessionTailscale.yaml"
+  ],
   "Metadata": "SolutionMetadata.json"
 }
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.0.zip b/Solutions/Tailscale (CCF)/Package/3.0.0.zip
index 08b165c1c3bdf9033f74245b9aeb3375ec612007..0beed8785fe931a46c844a6d7d5e0867ff9eaaf7 100644
GIT binary patch
delta 79039
zcmZ^~b8sbX_l6tW6WbGWV%wP5w(X>2+s?!jXJXsd#C9gOlQZx4y<gR@>YP)x|LW@X
zJomj;b??2ezB^?bBH$7NP?Q0OKnDQ<fdN^vsMm>w&Zlns0t&J#3<rYx_o%I*rJahY
zt%HrBiz$PZv%TG!ueI{p$lTTAk@`;$1&p+mUUe`}t4A(~q-{DV%<M_i`jnBmWf+rD
z+EIV5qqj$QFNV3}Kd8j}lg!$UzlvI29`F8s?(W`B0d&)IqFlf)gmQJ&+Vp(vv2^n^
zhv3D`yI^G%TQ2_G-Wr(|%l33C*!R{g^M1&$YP0$`9uHKe))f92;*5!vCI4#I1ODr0
zRoP6}#WMfL9gh>={IC41Avc1L!o05|O9+!;AD<z4*Lb#v`dkd?4FtorGop`|Bgn-i
z$1gC==42c0I><mjYyG=t;jhQ(vO~`=lMNuEa||aQU`(DfbH&D!KI@&ktS~7Fdo<uW
z{qt<=H$yu+Ym;m`mjVz!%MPuunGl>{QV)(Z6_|h6U-1C^Vly2_?InC>1mH>~zJX`I
zfDi%pz-B01OV;sE-Fma4MIwfq?2L*+_iENGI~%)Oh7SN;D>5mpasQ;6%XGUkhr5gA
zHa?%GKci+D24_UkM*_5*DwC(|`2%ri{Wj(DYh~2xK?-YqG;Xz)caYU^ru8vW^@FeW
zcYe~r20kK7sD|<<b;)PHqZW=$mHF>6;Lp0P?JW1SgLmlQt%vj%PW#+nl-~9QVQDIv
zYd=Lk-jM;kY!h!5ml)+*;+&73jv$^jjc!5XK7?3dPxWg~;ELorSxfF3g$axao_Gj!
zu!erZ|7ocWmt|~-`?IU7_4x>_NKB{RacrLfM@QhM3ms2Ha`}A#hZefYY|>Zx@#>fa
zi`rM&onRX0d5j{Lwj_oQTM_xW-jW?jWVqFG;RmoWjG)DNI#n`4L4KPYBcorBI1!Q+
zWtOlWz0C>E;S_(1YQ@hge8iBMUOzg%^F^{ody=g&KLlbYM37ThL=57%`NtxWP!ith
z{=v&(o)9&^yFB&t;;vFk%HE)tc%(%sT*)CbVdZrnTONm6fBe_BBHM_W5Pb-gAW!#R
zGY+8Q2r3Tm^b0>~Q;^U?W$t;#9_`i|tXWcXHO+1jawcVc?mcwB=SZ24hX=!Pm)ehK
zkT?sWaw>1}tCA@35?e5;7#Krl&4Wx3d07>VE)3`*9Ltz%4-$_$ElE%r<Gw#eX8H9y
zY#*yAN2O002`#A0SUU}`l&SMvqDA``7n?xs1}+Yp@4|Y;`6YY9s-6Vi?+2cm2X0s6
zg)$EP5X6Y{S}0OF^pUx9nWAZ(`8?=1X9JR@Ft2rCFn+DH6MmCDY>1BHaq2n4KWw6i
zX}tx1UgVMDPyZCGvQ1W1Rj{tTS%>~qS&tVrQWhn%6`j%@PCxN6;3VvF3t|sGd6xsS
zx2#H$n5rsHGu!3;sL&f^;Bc+U>bc8ssYLxlnn=UY&K+`?@CF$R)Dk<^bb8w5EH^1A
z^x3p)8af~Js#J;Ctk2)y4Q=&Vxf{Let4OM5*VpiHH9OXPxG%?C7$@5&BR$lSU_Cc&
z)u!8(s4xyU7Qr@crEVGMBlOtTUcG?&#hHf~t<IoQt@c7>>lZz9qWtgXEv5N%o3?y8
z?xt;NhZ|~Q9kgM=yq8VoN4nI>aJP2epqEX>o@vSJ1dBX!zSBQl5gOD*R%`XF&)nUt
z+h4VuKYv$j#4cKyUE96l*g!>G6ni%7rc4rt{If{Kzl)fIUb+=|0%^(kjah|<e!f`K
zR1MnJP0?P6jgNO)zRj8v%XKF%xc79M=e++4k^fhS+rL6CF2FW7QVw;MoEnxqLNdv!
znt0~^G$w4GEpS(Dyl2LWzxGdUR;VM|CJ(l^PxrK=ZOGhS*r|5V{v+gq0rYb02cVMf
zu1~+cp+46kBaMWorEHILu2r~VwZz?Cb5&kfZP-5~NapdoYza@Z<Mq!;2km_4x67{b
zaQB1w_@fQ=-?!E1(jlJi_Mn#+f165O#u0`sx=;ox$cC`@_l_A3mSK5$@xMNH{yU0|
zid^?%MVg8BS9lM=T|d)ZN~*Bf7)7F;4Pn|2u|GWK#teN#4fFCs;9uYG|0}Hdx6tFH
z!N9qIp_@l25^2qAcv-Bb?q1}<DW>U4v|XqGcz%!YQVk74$Ao03`t#el7F~Xj%VXz3
zE8v|?DOs3nb$k&mMz+8C8iB_KV0j;Rc2L!}aneBF-lkYKPU<V;gl1edu^zdsn=L5h
zvjsGk@YpJ8^nTZtTNs3sIk4B8Ua_9lkKQp(_o~`9j2eFT4@xsAm4hqY#qY4Fs3PfJ
z5|1i)|E_C|kcDb3!C{3kw&B&8Gub;`yGA+R%?qvGxIq~v28yH?_|8tvkR9oKRe;zW
z`WA~vFP*=josePn0~h=jBb0S5(j%0QBje+MtEF6ygNqK%;R-E@7@8QsaoaR`Njusu
zZ`$0irRwRGsePmjQFcVqYj|Fa-|{UKqfVw``kmF6UC5B+Rzh2Kjqqy!Uz>Oi|Jn@r
z*Jj{fo4vCIUi}sYi$8U(EhY`CikoA!pwDBi{$5}^U3wh2KQmeb);&UXIsdD~mJ|4|
zl(T-R9hK}LEZYILefM39?{LM7Wo%*eor~<;Kbv^Gihm1JX=_nJ3-s${%YNSA>-;v$
z#>a%@^ni8SD{`Qj>WymJ!@YTRY@iBpYQf7gX+#-&U`h(gGn9}o0X&hatz_hpqQLMw
zAiSNFI57mAe_1G0Q+I!rh*AQm?$v)usln%;9cK(P<QgjcEqHduQavC2JB#h@LA0~c
z|0+8lWjlD>|3}#`tp9AVaTX*pUHkRxf2Z*E>wl-f$3^|m5c-1bA?3T+SUW8fa?;ce
zW5sWA9`^s+=ZF1&`~3Cm-#!C>8~t@Dc`K<<Oxc(6J149Ax6J?FRSWo9OWtzv>9v+{
zUvdMEu)ItSPz)~}?88YmS>0mtH?fUU66pWB{>Q{Wt`+`|Yx?c&3LJ7UoKJR<3to!b
zpeHWI+aL`F;7%0fi%~bT72e-wV|NKRKKv{*R4z4K`16zPELzVH;sH`Ub6K9k6RY||
zy4)TXp@?ctM{q^ulrE*NXy2hGf*VS&pX0t0wTWE2Khx~ncSMnjOHu@kxlpHMU(|l8
zkUAD@$?r{#{&i()A~dE_QtztP4N+ICbs=Gxj7)1@fNi)|p_cL~c8xf8`K)4E;aL>b
z8T#0m0kPQ11K3!JRlUksV&ae;UMKDjn*ts(z21`x@x6q0MPsN(2b;e%>ps;hX(ai-
z+tmNvCIPuDnS$c`+Htg7qxy=F(|r@ZsXqBJ@qbToa|bn5cHdW~mYMF~6>EC{tXk4K
z7s}lKSte_TIyt3RFtV-&Q<2@Zl=H8{q9&d`#go?+N)KQ4*gD2KsVp-*$$zwULMF>?
z^vV{~QNx06p?u5oy(*ba{wv;wutW;{pDwj`|JA}{{g0ND0!MWJ1vDLEx@2XgsjiU{
zwM<*$fPi)B{4Rf>;pC`xZV9f43Q`un2+-EZsizW=`u@ri_G9i092R~5XS)N5ngNA)
zq*71l^>#CEkPUJWCAFRYp}%~lO1z*@Y+Dqj@yU_;T$#*t4NA|Qhk;s*P*a?cH-*$j
z`Jyok)yQ}E*+9B?8!>Lzla)w$bBIINsv!EaRYLYAYw=EiwX*SEolFkA&^w&GO#64H
zEEFWy9|o=D;^FsF<+P#qX7^v!gJW*$^D(RZP(MR)+r6rc&n)}%V?pOlbH1rojhiUO
z7hV*EXnM(dal2Z|dY%4OoWB=8|2-qfh6t{L$EJ_dsM`<+I*%INLGD_il{NZ<SYksg
zs{YR7#N|&N;Bms|Yk@tvnj0(LNCNe<r13!!QGtel#2A8%@gE1~|8)RH&zH)P(^kVW
zxpB-8u`j%93TA0~zJU$rw4mD{DHF#kSIR)WIxw_dF{@bd`%$re(GIu9s{dVmauw#*
zza);^o8DI;u}!sV{$IUXUI-@Ku2R74EFs~Oy2er;wlUk<$-={GW~{A5@Ih)9&pO`d
zDuQa&@4p3W-Wm;RGI7%~TfW3%jh*l6-WsqAS0L_87L)Ipix(DbomH-i?QFt@B}KH4
zrh$8N4Ve)CQTDfpK&F&IE`8JHkA*#QiK=zYA|cXuTZM`x>s1GZ`A0yjMlWU{DZO=}
z%BqSoC=lNj%Pt#ZnTt#eQEndZKL0!G!>Wb_Tc#Xup$l)--(ORiIUC<QW3&?gd%iH7
z>vIaGW>%|EK>rAXokI*rHy?S2{~lR4IoYD1-|h#9w;sL`Vle#`IreTR@|!h<_JDi;
zlR>!lW0^nvk5Y7iSdg)YPg4L@`y<>xxP7M(9PO!g9t!ij|3hLR*-<}Lf|350d7jbY
zvNYWhCQH3!BST8tF{YC!$>>1YRh@yN$q?DqWW%{(QHCyrBz7!T%V^2;CqgIXK(nq{
zMo0*>(96Z_Y*HdUeNtpE_;fBbox#;9tZGZFQwRbto?JH|Dq5zf^+k1)ji;Ox9zCQC
z&5&0v)XNlHm*=bh&~69S9oMW}gP@8Y;~9Cmo0y)Z*;Qnbj=w?ec;H0h*ZtfWO_O}-
zqg1SfNb2=O@J5LCBAi@iHxe<-N3?@9!PG&>W3v5Hb3QG<n>GBT8`ke?Qm<n_2lfv?
zue|32+dr8Ab^s;#i+Zor?a_j(ogDaMeZM3IL=7BjnX+;VPNk-O({V^<I?+s3#6@4?
znOR#YOMztc2%j!K=k`;7^4hQgsp)UTOAhTgrXq)$y;Y(zkflDnFCkt~nWSr1Q)dR~
zBc}p0e3WD^U-WjHuCZqmoCEMuF}d#ccxz5LR<S(+oDRrrtj*6SbIx}i=%9nFzAB%6
z-&%-hZ5Bv|urDXj=->EwGjI2OeSA{TThkSSch%=99b5*h2c7=@!Q-kIy;79!mSjh&
zU~>J4-<cFBtP-v9cvslh-Uk~zE-i}Q20kNs`L>FD>0|~_<kL7OwR{ESb|KhuiJwS&
zLVtJyqw<8*G=VQ1(YDCuxtFpN(8TI>Dnkh9&yjsEy#oeu6OLBQKO#=F>sV#Z0QLsi
zOSpuJ804H$2wHw1S8vg22<aZ?dDYrE(0n@9o#*4k&*=S9@pi^en@@n>)-R*m5?Nq#
z`Yx=kj6i?kzS`M)jzw#zWB$)HPxFgt_qjemw0@8LNE97m_Yhn2X6XL%qubm2-Bgj|
ze(y1L^Uc>zmOs7IeR1;n;PvB3A+=cB`;qTf?)9zCJ?!(m7Rb`)?*wM}FQ%_<-$(CJ
z?Jmdf#=q`4EaP52RwEC+_XmjsGkAGOv4@?f54oFd#|T@#PbUNXRgZD++Q;gzF0%j^
z>)LJo;br|a(U!M91K#0LT<JyH;;Z(a@zJ5p+^=Xg-^(IbEeWE_s@v1o_USx^?9KMA
z2XBu1!xPi?l~ck=g`@MuqcFd{{Wj!x_SajtBa<2HJRN{APw&y(Jk9myqQ4(?sC(nY
z75VBFxnB8p8)+#ohk$Tm8c9m~Dho*dO%(icr`x{t{^sDsH+08!&ku0>_I&eVYJ)x;
z1s}THSZi~8f;x5^TlG6e9;*Ks{s0fX4S0|;F!UAD=HT~yEW3QH8E%o!>1FVF?TkC&
zA$+Wf<Hlc{@3pV*+Q3>v-8s9P=**jn+tR_g9NJ^tXyd~6u|v_h(ioYM$^(?K$sBYd
zYe9LjH$8QKM6n$U;7`auw<zQGT!!5J(FZJYbRLJ^!^jZE*G@nB!!!XTW0BX=1}>DB
zW<u<B>RLw+WKsN~-FBEs2Fvz-(8HBp#0Fid&r#-6HYWY)sB8C{d5$&2?MDBSVP7ea
zAyVG+o$a5#Zm{p&3Hig@4FFFUv<H*V{rrXbc2N8DE%(v84L1Kht6`7Rq1V&JIrzx8
z&iggpMDgz53X^V~OXpjA>=$`q&GtjPI{U^HyZ8j%o3^qHj&IDD-8JE9O2^^{9||Yj
z;w?sPHLV<>&gQI>!BqjYwT<=(Xyu$ln#;kr8(ghnUe>4h))q`)$v{jqgK!p{ntuT9
z`l?cGt}8}M=Zbh&b5%A^>H&3=B^jjlqw;WruL85}U@v2O!qrQ~`|oP%E%(|RyuC(Z
z>~#(JX&tu>AGwGQ#fA*S7q~XDnT1fx(?x{BB7FSZpVE(aN`swo?n8eeNx4Hl*I9~3
zq+jvMvd2~tAI|chUO*haK@KpA|G@`s-0FDX!N2TK?i7l5n&Vw0_6Eq@zR3jJs0uwQ
z&*#(+nR&FzW(E=&iBuc!i1X^-nzyi@AEVf9s$uZ8+@<?SRF>g=d;CzSugvpx5B(wa
zmlRQ7si`7Oc}HHZZ(o0hot#G6&a%sB;R(^Fl+S7v>8Eu-21MY`+>=A2;hLJk!;Na~
zK_OE*`)!zn8R`Or-*O~$7?dZwNvn*wm3vZRV4a3XdOTiZcMY|SQ=bVPrkktJeR+7F
zW2wV!Sr4WLh=EeIMG)=uEsPGc-U&`-Tg3V3?*YiTE(4s@_#+7+!@?^D{Uvg}7YlS4
z;YHX8e7u5PKvyTMk1JQBY&WHUlw5D-PLEe8@s7cSu1&L7R%Ar0Xx58IjuBOJiFmb6
zX-6oIaxc9;sJSt}(l-R8^oka~>BW-Gls#4m>z*`^GwODsB!)SHr5-u7_58`%iMnKx
zzIxbm3o@H4n$W^&gL{!7Rd8jMS)VPoFxJS)jg&HdAYtgLn*;?LW1d--55x$MX>+w8
zd*@{NEac-eGs7RvjO~~&dpX%vZ;$Jhfb6(4)?vgN%MvP@Ka1w6A}TN~_#o)3!JK_h
zQ7_(<zag#LlXvhp;u{YBqPw8FUb|MJDVzSjE5G4ef4|jrwawi)8>|qN6Bx#T^)hQO
zs(3a*07F)2+!-Bj=Y{>=-Z0eh!T^F#$uaUP#|8c}M$C#`bYvcr`}X&hRk+dqcCu7H
zO0?wO8Jkjg)%C?YxF(ayWD3$x8Ew`0RbqX)9L9BI2+*`uJYAX}%mw3l4owM}9$ltO
zfvONITvI>OwJrrtCZ!7Ii<MJYErpUTY%iH50a#TT!BcR_R|!%`SE3Ll#a|G?NG;XW
zq2o0zL&l0b_tHK4WM2dZQFa;$gQ7K>A%dZp=`|33$*7$&hex=M$0KS$DtF#mJR1ne
zvoCW|6?eR|ZX^#;Vl6Yrp**{-%g~Z^^nyTQokPx{vd_hU)CklvGta)o+ylQq3*WS_
z0kfot!%Sq2wX839x1#M^{zRAYhzz_YHo|bBCc~%spWNc{fyUVba^jI`!Me+?5l{4(
z#}tOcJPfGKAz)qP3mV-NMwArSGJW#L?V<?9qJR`OoNpSnCg#XzT~TCCTv`L%b;Ia_
zaGV|&%oM&LTy3yx(E{9V&6#VDI-c?X;OJ}0sZMI5_(S9guKiuQP!Gs;jLCQ8bk^-5
zJIN-|KJjZg%k8_#NS5C69Tonz00;5g;EK)tjh^|Tysi;8`A3QuluAY$lIV1;d+C5a
zM4yK0)K%b3d}Y;2ZdQ3VL~bG36+VfM(GNq`YJ^qP7?7F3*D@5j76xj;1Z47D;Hy>u
z*cEHjsaaFEP^2yhl_@b^rDnMIU`7CZi02Vp{*;Rx=!7F;<kJQQ81VN?md-i|@v>yM
z#ph>A9-vm66YjG<28F&#7lP&!A^24!hG!`K^%n{=L@zxpbRugXj{!=yVf9gsS=X&0
z+`!c~y<u{#Mp>fh6-Z#AgoZm4VE!#%L<q+SYd>S=ntG1br-G(5pGQsgWp#NWLLv*Q
zBPZzbzU(E`JJ((g@H@`rU*yqpZ0zp`k7Z*-W4$rCYS5O|v$fEw70c~HMwU)uxwkG(
z;McP*ai1c^)1%#%QJ_v4)3Daala)n7O(Ucigu6C~cgDPpm+H2Gn`?mp^t8DrNRtE#
zf4Ezc&wy;aF3`+G=fp8BufyXvq^}W!*W$&{zECNrdE^z#IDfrwg}B#D;Smgrv2z<Q
zvYm{lHYbLMq&LHq-P=EV1f*{XJkmCBR#4mSX75l_4N!9WD2<O#rZKIU4M!m{sb)tW
z5)Wy48^)c6N;=PPo1`RxG&5OQp5>+$$B}A`t;?(Ux<*L+md3#cay{Cw+p(V^Qe6h~
zp>Fm&$fCy~aiZTLw1QP!e$_%0#}L8%=uYHgc?hkk5_G7uE!0nLc3C6w5o5=feHUN0
z{ENGB+Hnn{Qy@Ba*QnCLVq;<^Y!9j|@y76{KMm~RFe!YDP+>}dRqW!+F9XBe-r2W9
znXw#SdYMMUrhKRFq(wUqlF4aHNa_j<<q_uB`F~)+Pv6oG8wn#?{pR24w%uAw{W-;a
zBV<EQHI5aCz(ShkWMv|^Ci@EZK|?8!6W~ITf7b>X0o4D+MS;xtkto^H!MWEW%CBfA
zc8+e3SHeZ&C(5*d;QQZa1sX(ngW~=H8lzPBP_yvh=DbZaSs9nch&MJteKreU_}MGF
z#UKJT0yQS>uKpw>k3A)pEJvlcnz>-@U0vCtb$M9N9xY?1VuVas)ksvnJv~PX?~K-6
zkH*yPCV5uMUP~Iv_A{Au-#Ei+IxZ^UWbZF0JE@RZyqNU@y+J>=&yxy1G|5~X>iXKB
zXDDjX<2;HQX{VYRybQ8U7WdJ&&9jvD1>q<S40-G@De-aF91-B<Ts~vpB%wj%YSE>8
z<Tp#&n&*42&F0JYUZS>P5y!F}JYk5F!;_JF7Vp2K^j_M2Dc$RsU4H%gQ<VywHaXhB
zd%g=*p(^?sh%{v<r_BWCtQP*%Zx@ZX2i4^9Fy$7ZCXD?SIWsRivREGsJ5eFguAghn
z?m$e)(JC}!B5SqCWNyPiSQuLX=2wu2Zrl^S(GSlR(-6g$7)==|WieiG7g&KN%?t5`
zQwz!i^tAU-P1-!_n-2Oe8RoAnlh{fpO(#M|j|BD;fOKO{V@7we=!dzd6}2I1#sw!q
z)RfeP68A9t@JfJ9YQPfvw8G$U=Id>J^q4HTHfFp#N>_IKA-qBU*RXN_;5$WX2wcM&
z2GWa?F(Ii&Su|p7XPv=?aWaWP+5FbM_2O$8ls?DFU({mZXaTj#ixiCT0mcVhh(#ol
zzKoY`fV`v)$#R8GhOKnI{-zG`ry3lnK!p-Lx&!_XEtu@c#vq0vZxvo_lc0D1i^4;j
z511YVf?;8;A*i=6s+gKTGm#~&%2Q#&PY5=Q+gBGWBSB|>QJjq@6w0zD5t&usB8e87
zltb-7O-gl4by#~b*_N9vk?7rSc<^bvQ)<Y=08tm^NA-r=vp3|>mAv!N@+N8sV0EyC
zI-IQCPEHm>^mM146rf?{{URg_KaKn;GyP0gkJZT`B_l8kja86?4R@PztPHO@D#*NX
zAn0!i$c(rB<K|t<n~*g``(aZ*Q=B6~#uHA*o&_)kZ`Y$HxA!OGIv3ELy;b30B0kFr
z0feE9&d9K0FDy&D<j?W&n>U!-v<yN+Cqx`USsqqGlg0*bc1{;uZ~IB)*4QeIMtNOx
z6RqR*1%VbNtB(*@90AMcpb8d};})l8)8B9=QldkN9)>zDr|T*Th`L#GWK?Dcv?qAq
zh*a#1XTV+4U}{njr~~&;mX0tpcS$Z10TGBkhj6Q~px$d<=`+ih<N+16>3q>>?u$_;
zI{8%5pFsr6?g-8%YRFL>cu-oOnkIjoqY|pmVZ#{5u_%X}5`|>3zq5eu4hPff;bT*q
zC#QjvchDWzi8$%ff8|quhF{k_8*ppfCz%nn3IHE>y66ddC9DwZnjA+OP(MpI05oB?
zj6f7DyynM74-1&NqCj}W#zBx}MweNMr&jaA42!41HDM!nd1d3Zy0Wut=|E(p;Yrwp
zo*S-$d0`mKdB0rF8GrB*p{*Q-aA;3GflPO{+W(2;+#?7M4l|DhnSK(p_(j@k_(EcN
zLLGM1;b(<73iJN$k3|=h5fl9R1fYV9!j(JB!9}un0-h}&^>k(G_EoB^($0r4_w!VL
z{|%0S;$RDoOVMm#uJWxCBH+X@p>SLE!5mX)O6F=<1J9#i8;wc7j}h8vhV26vwl5al
zS?2}k6R(0m<;xXmK>rNhJE{*SS#QS^c+4L}f$RdFx5c4P<Z&%QH0V!(2_O$mrV$NA
zA_hemky)*fsvI5TL(Me49DxaATQUDATB;%R{@CSEA5A<2m3|<uEb#&7sIP#$1*l&!
z;Bm*x+A+^ffCrdko~$*dg)ro@@rUV*FoEsf`W=bH`A7525x#w{bcooVXI(Ub0R1_^
z$SV=@Q!JC7NZzncQL=COK>u=<13TnS5>sJc*bhNQ7;6Z$U}O^61uW2+TK(RyxhV+1
zp0;?P&-O|M`XL^Yz&mbSN`DC2wX@+hhi1M_i<Visw#GY4IC}3ve=RC#zbFK>6o0A*
z4qD1^EvQ`3R^Sg@Z&BHpkTeOSS}YWb8@g`<G5w@`1A2qYV$q3kfCuFb%g-6)f^>&o
zrXs2M^lu&E6JN+)EKy)-NuI>?iZIBTiDnD#R7<W7ZokLu5Aq<{slc%A&q^haBx7aa
zl{0~>1gxk|EtR$2qal==vF6h-rDyiZSdB1zv&_RifMjDnv>NLv?^`bONncq0@e_7c
zKx=Pb=Dp5U-Y@m08)zQN$3fnEp^To&w<7U?3!!(H3u-|08#X7f<O;Wqc*wM>40r|a
z4yHm8GD!?aKuNokkY!9{g7sJS@T%+Ll(l&f`7)X&6yog2N|+X7Gi5G=Ee)uWx8kCy
zBf^$Ji7LaUsEA{#773T*OBED|=lk9@Ok`o3DvYiByaJb8fRvLXrEHHucR;PzQ*!p$
zHxxlDr2TX;ESFncGqP6<b}Abxk&4~IaLBA(n|Y2!+AaSBU+C!!=a3mO3@Oy9JpW7Z
zs?lwAvYB#xIySh0!csvbyi`7LOufIcf?UWQY9FIKDC7t*l})(z5!8JAvty+Ue17rL
zu-cWeqlhPIKrQd;U8+Pma9A-d0`D*MC7oW;^9KP`2ee}heo`t%oPZ<6;zI7tPIUW&
z%REAoKX3v)mMA6jgIkN|C|j<EIp|%G2l2y_I4hn+_8I1Syh;zpj2&YKmwXoy4f6pZ
zv|TdjSk2xcxCu+w(!UT_YPH@(1{T5tG1sJHFmzjhicxJ19Yu#y%4X6CfbF2sU}1nA
zKEm@0fb}Qttdm#qE0;c23p)8+L@Ba7>0}Fylp$M+fmI@@72#rB>KAykQ}~~e%M3@z
zR4fJM!YvO<iWt1GJl8G1@|4C3^1AKYCo)M}t6uw&yBxa9n4Z8edhXD3i!`>KcHHih
zT8OU!hA!0CfdPvZj>O_(3F`%l`9gZh1t|t4dPW7@^`3;MCMx>OQvLjh)W%YMe}|&C
z0>$u&^Uoh-2?uq}4+p#4MBb3|vwgvqjG#RQqLxY|dJ1GhdRNY68$^<(60~^1*~-06
z0h|gV-MAgl&zdu1VsCT;ubQnnd50!^v^eKLwvBlrUuj1Qyq*)Pi9iT`&o_w2#yWk#
z%rwhc>`;1xKhvdXC@$aOdDDvxjd6XtrsQ)^EaO7@{9QyZv|Y)Yze2K}NZPc4Htjeu
z<7~e#kI2@HZpuKN0i<&<<8%yi+o9L7De+))w7><*w1yQkJBFe4Rg_6tOeY>kNcA_+
zp_3j_t>f$xpB7NPUL9A&GM&=#k~qn!&VW6t*d7UT!Z^jGUS7wm8?RZdv&SS*s8i;v
z&oD)<UgwoOO{~s9JZmvmj!%||v$y|4;}FstWujTD8cVy{94$8alNs}r=*Ag7g+2!B
z5RMMRf6$UsPZ&y7%#YAbNA42K^BDvfR~>-2%VgZ*Ny+=PcXSH=4fg!~{p;QVEsMWN
z;2i)l9yF|2gAivFDuKBnc}>)RK}_<gI=VgRNg$)%p-Q6v3-0H#gy%0}d*c;2NlJa=
z){8uStbI#54kR%efx_VT`Uz<TUY=h{K7;7`gy)heL?X`w^zt*B7re=m6Ph#t$Po)H
z*Z5KpO9UriV(UYi<WX;eZGu!OMLTG^2)`>7k)lUcf^}mdQT~SQMdBFzlk`(`wYAtv
zC_#>1EBEp&$V7V9X_UmBys{u?gOplyoI-i`Oj|X!OQHxNCD<ZEm4FAnVa^G%KWKhb
zT>29mj)B)jEg@XXgQ?5rb3723Pc?-v8vOe12cw-;R*-^1!w~EwDPi@79SBn}Q-0Is
zAK-FgT|M!uQYju9B=+o&+FLc!evKr^-ev_4d9Py4)J`zy&p$t)F53DOP1e1C2Q2GO
zhxOLfzLxLGV;`p2KFwWJWVvGd|1m+j=qRU-Yp-?~`&*lP)16f<FkcA-RK$q4oJWdo
z*;tTuYhlM;Oh%G$c4vB*=-q4JTkCz#r7|T5-=P}8G!6J3&N>EGz~r3l;(r6Cx%zfu
z7%|@Q?TF#~nuKv%s@^jk(J$FFa<Z~_W4aYcl?oPe&t+k;Ua(YFR+=b0@*}K@KfeAp
zh+dy+*DxrL_bc>Hmpb)8TYXU-G<NC`K+7AV3nN!!xZ+h9Gh3tLU#)8tfB`>!AO?{`
zyh-^mX{@^Z_|xYwMF9s?*}897gKgs%sOp5vknH0Mf!PzqA}HQJF^sv@0PhKvV&yHB
zCF|2aZTU4xL}L@|pPBhGeW`er2@@|xR_eEGZYsTwmb6BYB5#0?q|iA|Zx#b?MiVSO
zyGBr?B9GSd74Hwc4;eDu8?a`W9!ryUavC}8+C?|tb_UE2Iid;K<&XVJS*}P&lsv}X
zw{4N+^1c8}p8PV0h&!Cz@!KAG58fC^(jra9dtaN*g%XA~wvYvt!78lW)Ah9o5UfBn
z>Cj=VZ|jMMnuNe)n50$`owk|WQLPVCSy6Nbt993j_IIAY1Fc1zWJ`|e?{CgR&1hoJ
zL8PB=@0-gV*&KyX$X{;tY$=^FWDk2-%{GwVxV9S>*ifkaB(Ne}wXHZBE}dk&<v8CN
ze$Dt$<Y?TBYTI<RQ_vD0Pj}aP_dHU|J8phI4Ql_``2d2LXD2tWQv}ZBiSFF(Yq}Bs
zl=!`E&SiB^$BaVPKTfrAb^C06zKzzoSYLLTcUk7?KU`dO6Fk`8j+Z_nuMWTC_;m@i
z^7ozlX81ju;3H}8y>H(4wg4V8$H-oL^S!ej?i-u)+E_U|?Z^T-%cb`pzX14mt2_p7
zb2D$hMc~c%;d#&da@@54?d^Kuea;K8_BmV6mg7#HEx*iZkUu@%>vZ+=1s<R0L*~67
z*ZeL^HhDX3IJ`FspHDhAUfyQxvvnTxx6FXei);k1^Q6=1z4_CRv$Hz+O<xbrzNcoM
z&I?e#PeV5=!u6e(`uhH$=M@r5c)z5&mmtMFpv(HPEssdPdN`fGbn{4|6ggcSS^Tkw
z*R$uT(_4E9X$xdSUULokz1L&$a~bGy;Gf}#rK@DLI34<W$$$U;agV)J#=0D0-~Gt!
zJG}RC|2?eVi~GrTvH8`Ahcr7UxAk%U`8tbsZ^PrQSepYnXc{pPo)8{~`@|W}7$Q~%
zKxOxb?&qn2clibN9u~AhP2?^O{?r+-_kN08m2|q<^63z4=;^%yJTaY48`@ZWCbL5e
ze=dRt@j$X8T?T~rYxrR0uTa>!bN2A^v;;KKo(OQ6bwVAUdNO}pxW1URgLYuf+_f;m
zPHP00^5Nq*PBY|xa<JTCXS)qQf*^+iHGZq_2tE#vo_a?ed5Ha`ev}9rQ##07oxUI$
zCCz^AGIPhxFJ&v$k8SVX>qGCiR}YgK*-<`~qS=LeOYJeE6tMz_?~fSQN^l!L*FUMt
zwS&h!UNXInIo;XkMKz-INh-7cLEkJynlPv8?$y!w>MN_<!<m@LEp^w6Vith%>~V~`
z=!UH=wFc1k21jqN&E-xvu52?e-W&5Z*Jw2|NS}$~^MBNv4p*<a@C*I;E@?L{8^w+A
zEO9$yr`m62c3JIaGi-{3?JH5$w$d~j9fB6t(1C{X-Cr=;V%>9R%s1?o3TIs)7Fizy
z#6sRkLr!}%Eew|k9Ka&aqh!?6r<#KpMkh!(n>YiQf5}K^im(Vn>%*Awk{-@(qq<jo
zcf|h-Z?`z3U62KOU;GDe6SuG;Tlhg`%r5(ez!4H7+CZ*O5b)T8(bsN$$7P{e-i##(
zMe<c&;UW3reI+kBgIFbu>ju_R#|#KvVB=uhZ++*LwVq(v+UwQd!r0ALx{yV<d1TW0
z!=tkpn&AlcJVucAe@HeYmWW-g;k?FvIh?2xLMS02vHsR3L|0q3R*C+Xo<T~zNe4>Y
zLm`jTe>k@LUygm!JE^$s$C9kAto%kh;DN|m5~$q;HZ|l^1Xy6>Gx0cj=T^ye(hi%$
zEc!EEFDttRQR)`)R0m{{w}@mFW|&fo1e<?ZofThpP(_f)lQY0J)Hw<1%8XN2>Bkv7
zyck=kku-kVLV<~nJi#s@1o?%CZEyR1>dM7tO866)lof=n$Gszzw;AKExz2u%MZMFL
z;M{MF`UWnZ2gqT({TAz$>AUIu!gRu6Ft?3p-cyUg^TsEPi}H*|r1T=R;-CYz?O=xI
z(0lC8i+o%<X?sBb;c-zA!IgzVO0Yu_#p5c63|R;DGmzTCGuDVqCr`IB0B5K*2=z`<
z%ncf<)_U7e<@(DZ5-*LmHi@T)`#|8ZXdnxA=J`*iLBLkF#xH9pK~PG;q|Y9~X<^~n
z>s=7VgxXH~o489WX%Z@-8YIXNZ=o>BqZ_&`ZUrGz2Ki6VXBSrg$u_on?3R7BoxmQm
zBeXFPws*>2BY#4N6$WTyv&8@e6lHraS|}2MW-4fd3)oo%VpjWo8mMF95{iA0DZaL3
zP=~`#CIIpXU5!s=6EjyG2Tw-RndaalGJKE43fJfh*j-&PmCVJ43H(>4?4DEi0GHqx
z88ZJ{<Q4(ZTaLv~)z7#a`@t+ZO5A-fie|4j-q{NdQtxkBr{#6IXNp%pMq|XJqrGAq
zXkcGz$Ibl(wEa^c_%5$-45ra-C<3NlyrD*%DF8jG8F*iQaHv+&T5^P7{ygJDvyuKf
zv#J~<_Y%qbf5`P5W<f0{v;nA>2G+h-Bw)Jct8W{fzxOicK-eA+%N<x#yHoh>&%Mze
z3V2fS4{1$VZHI|D<TNQ|jf;4tET!;ZrNkd-2&sp$-4sL8s!i;m%DLr4<yYPXeGo5q
z02Fse8*+7|xi@ZE+DejScj-*1q_qE-oD5=GC~I03BvVPNdjW>Uuz)d-vDqtL5%#G3
zBf1G#RtlYY4i24W28Spd8>KhAfjA3|&@)fRO$Y|tK)y}w&Wg%a8&k`d7xR!X3md`w
z$*+cEa?)d!Y!?;=7x>gBkV0R1kdyFf0moaTH-t;)36ox9FnHr$J<}<kz?yyhCiqy-
zV`8+E1V@ZYT%CKY&TBa({!`(LKO!)IgPiTJ^ux8R;Y_TRsniR#!X+BP#Uf8qUaJ`9
z73*Tu;>%3fCE>)J#U;2Wn2?%;0KI-EHzO~?c5tRe-dy_qx-Q}~avb3lv~e~>Kt{&?
zv_#Z7{KqeqGH{nmW!q959wI}OmS!3Y>c4@M_;d#hwJJ~7aCI9)>WgnY)A^*d(!yrT
z7Db_D0r0e!?E!S?4e?Ycapn>HpBY>q+f`2H1N}ZHg=N79sAop3W=MP?qf&%laDBjn
zSi)P1+4Ng)-pd}nptE29A<*nVv#WVsA<mb1r1ef7q-!^4fwHjVD*Em4D*D55pQ>zs
zyh|)fSTJ+O^UXe@a1<D#2m^#7%Ccjl9Z+c)0Te-iqRaImbZwDXGQIs7>ww->J+vmg
zaBjgK0=amXXKeX5h%p`A4u*TT5gaEwyIWIAbBQgLGw&r>9y@k@_AD#_p==x7l(c|3
z#KO1AoWk519yrS8axrgA)xRBq@Ije+hoU)q1r;hJUb%>y8^hh^L`O;Y!{z+T$J#^Z
zdA1e45z&B<I8GOc0ZKeqo)QZVR4Urdy|76kYoJ!9^r3EqW5I@v{Z~yAs6vE%7s8z<
z_kuZ!IbF|(n_3~QLXSm&{3rWwUgXo1%JgaM18k~dMaGUn)9vVCOfS~k_vo`6r2&(s
z3D{C<YXSK0%idAHkD+SFnPWR6Lbc4Y1k4sHJUyP+&*GM7*l=Ti$3l?}1;R#!jM7IY
zS@XJQ<8R&S;`fGHikgDV#H?2#{Lp2htu?o4*_n3Llw_)6vFI*SqB-Rnn2x;khP$2z
zV^cQbiE6;HOq4(pUp}y8&J#A3e)G^EAwoNWQFU}12?2vohwL5Q;YBB27@@augz>a*
z+QY`oJpLefMm-0SyP{L*5#3B`XCwyJ2BcW*zdd}w{sA5H55a{W`*x1^b5w4Xxk<%b
z#AuX|*WgRSN4MMPh3Zx>Z5YnY9P_ss^cASO`~BGrHeD~A7xe1A96r0co?zR30xYe)
zU5YlrDNQ078vn17vZ1FSawP+d8DzEEjb1#e1_DVRqX=3@J-sF|b6PAjx{4w|Tuf5Q
z1nkPSD3T7??_LFlneF$MA(R6nD$Ng_pM-h#aQ;#hZKUL2eV&)yhYEQ4U;_+}3=vVW
z00i^}7`51zjlws)B!q(KCN>mhQJY!&P5JuG<x+(1py5rY!!L%JHu~PN@1F$)@t`@5
zHeyO2`zsCBdl{B*)tdF3k<mhc#OlP&^JAmHNA2tekB%{!94VxEseg{*Dr|ZBPOSPm
zyORiV0s;gM!aLpeu@rcS<Far|Q7pMhPzn_r^Z6H(xOZ9y`9m<@=5PC~E*$sU;<)70
zehOogyn`ePES*F0=2Tu+Qm|dcE$D?+IumpY{SUAaxJ7|qH`Ak{s7e$8$_v<uqG;9*
zdAjZ0Z>aBI(e}tN8FQS$(n25%ycR*H5`P$7fLM;O@Zu<h$$Lb4`GIp~CzqkUoF&jO
zeZjROL=UGb_c5KWU6oDZpQC*pkQ5k(6R>cZZGENCyT;Nwy3Lo26@`^a8;nXz##PV{
zH01&@(ud~)3v3G^0E1Nm$O*vT7|+pN%L|D?<#PLpspw8QN5H>sB*goFoz6!=pK_-o
z?`1eMfXVbIFC_UPxo$F|?67jfDMu_pZxV5Dhb<yz%Z!!}Q5qDFmqZ(IkjH(goc3q3
zj@&`TDJ4}Kaz6%OVx#7ZjCwtT6kZt4HB3W#vYXn~*n~WEnK5Ytdfz01#f3ypv(`>r
zSw!cBwY8e^G=4{4)VhW?z<#CT<JHr483OyLgD}C|;Vew-tTp3i3d?uI7fH(M%RqZ)
zvg$2SE7fPs@_^1-&(^hwv2OvBf~e6v8Rc1oa<Gy!0cTjcQi+v-ke$p~ql|%ACMn$@
z&*T-)OlW5uqVvZEpmnn3>650$a$Z+AHgpk<gsoYZgqtp~kFT?e$(<mk4=PcIp2Uv8
zo7J!qgR6SnjQW%`(gVUA_})=W4?TpNeS=lmcS_wQg6@pSf1Z-1s!r)nUt|$qaIZj;
zl$_GT)`f^4J=H8;E+H5@_`G?sc%FOe*BxdYz9>HX6ZpXcELk2Io*_%|wnb_}I2ry+
z#EJ(4+36ql^T{w32H3vt^0$#)YFaplJrG>1-R8GZTY9wZ_b#N2yVKyh63PNo8QX5&
zaAaP}HpgbTDc{nc_%4D%$4yOVwO)tW@pEOsMHy;hPY47(bj5?`ozltage^>C>B_hg
zoq5eo<H-?##7gJnt7aA{$>J0#G#`d7azlxcPkR&6@hiVYx(Wzya*@aC2EJ!K!L|C?
zmtPqC5eRx^uN10}8Ks))WBmDN^Q@>nThhOiq-j-&d>Hh9Ck-&so_BSu<{-?(Rjut%
zO-eU1mRU_pKh(~h!A|C8_CSBAMdqkzQ9o=uKS%Nbi5U*X+iB{(Nx?<}4Sq+ZF6!KV
zQm#IFT16?j3dheA_#RiybN5Aa(o4{J<4gCv-lx)&j5V1@#&^aQFMl5|WcaDU0a6%#
z;z(U7)e3f#64+kF*Xp?Xnou!B?XU*LPibn`pUW?~N6T84FBHG;Jf8#A|M2Huu+|Uu
zZ%NMre}#+vBYgH&CyExad+us?Pp0~Ky8pCT&C5^f{>@5^$femsjFIV1dbS3=vkoDW
z-z{!SdaLHH^XVz^MNe|9d+w3e_w#Y-5lp1!?p=C|cD&#+gvU$$<)d473tmCkY@_yf
zBeh(?i#6}0a-F1j>NIhTikFhLS_Zt*C;*|tTej4Cip`n>&&#g69a|Jr387IwS7tn3
z)Kp#F9@-`EN6or6Q0XHzcWPU!#)3!eI?oEs9!8d67cxoyO_s`1=mli!XFH^k7gsQu
zRGq)L>C$QN8n1kY^EQqR(`D*Ts_Gq@j*sKx5w^ZfB&>BQm;A1YVgPyiUe9tw4q#Pr
z&mS3c3A5K6eMD8Vgy1oaY1_}4Mn8k>d-XZp24!?(B3z(o^ZpvRFc%rWt1hae)tXuk
zFcR!rI)qTjCAf5Zn|~j8(Qg6uZm!BD%46@I*lGwPx-@?g*;t5W{NuIM%4dl~Z@g)F
zf0U!`Td?&|gM9H4_KG|t%Hch%4t&(|_|9x~c7Cw@%zC-@ma+ff=b$8-*yK4qe7o`e
zy!|>pSJnBN`&{Ddx6<DK>9*WG$(Xk(U_ta~{`CB@|M!)$N7I*sBu7r0m`Cp==)I2}
zp+bS<7zJpF+f7$*1$$kW&`bU|7o)tz*WnNPy9(d7<Lr#{XU*Hkm7}=JPJl5D@%DCD
z`BCQdz3TdxvorgNhImDn`y6*wVcg^5^ZonAkph<d<%a!hXO`FPUERi+YusV!t=s9X
zNVlWYMwnmLyJx#I%W<PZwLqLg&1-%AIJf8H&JN7p*2P^L^wWFTN|~oa*y;2X67r#W
zSP}h`+}IyvVc(bPjZ;5APN0?0_$AvbPauci0GAJY1N?R$bno%PR+q;I+=a)~R^SeL
zPxI6G6SV(X@Rhu_w(Ca~US7xR!sF|bu}<lf0an-h=I|Xs-0PAA0n+KocC+TzMbvq?
zgPYgkroz#%eRZ_^-gTPY20j8m2MmJ;oyl?0G<7s8Cxh5B2qD5{2f#2hh<itbWLE04
zPK~(zDC~7#BhVmU?Y;NWj~aS#?)tgYUnvmwEB{@26(8nZ8yVpOeVMZZniR?SS~u7%
ztzlya<o0YEYPGuPb3gqaH@)U)@Tq<2B<mdNN=tBluZx`57&Z67!C`^FJ@{j5WX9NG
zm0$~;7rX1l@{#qb7uY!R%(?YrN6350U^3ux=JR=c05!?nd^u;3D%|>0YSzAa`f%xp
z_c-0Z#$oKpaPtezF*a8JlASV*^CSInOMO6w+NIFxvlJoB*rVN4-`O7FXv!=T77twA
zz;dhL%1w4q0<&q`=U<?(i>pwNcmRV(da=O9*U(rj2!I*-xfV26`QI)D$#go(4Rna?
zGmLDPgbH5LC{tDJ4wWuW^vnI?w~Do$#8}5q2Ok@8x<Hp)lxWN4CS2Fn?5`?dZj|YZ
zYHdy-gV(_n8Yb*sN?W0*>0Z@8&%EK|%iDJ^E)mrewWEqtGno-e@n^>lBA>xqhALZ$
z4WRyG1r#Qf%~uHWsc$j!5>0&FnkBF{=Ny(9lv{<BQG<vXz9cM#l<We3LJ-&`A`8>X
zkH^%pe@}99*i;UuMI#*0mc#LTgMeBv?k@ahh$1dx-Cc2(Q_F?b@de*wrrZJg7NXVI
z#Nf$S;+jd7dCfP@`?8yM;Fnz4!#h(8{c}4Q7VzGBIMBcr%~OaU2N4+i6jJm?K!|QT
zF=JxWKvtW8MKtc$-0i&3si>qWx8hMFCtiL-Yc^)Btm@SyP``tzHr%&ZTMqG1A4qT5
z@@1UjHvCma^<c*J0>NQto%o>2?8M=KR>9X7ik{>j^5D0zTCg{8p?A>y)HOux2aV|s
z5a1AbxmJwvGy5Uvu}t-;>Y#U!ucPyVHv53v!EQR_!f5~M-y-u$IOC8vb#tX_mB*ZZ
z*_mLc;~m<ms>@nKFWaQ@vadX$KEg)QFsH(^*9{(FI}TU?VJ@U`u%y!w$E%Y%gG#?F
zg3(cp!r6vfHF2Vi=RVbAl7S2mHbK1r2yby(PcggeQ`|ZsIaYRC5lE51w{7ihi)GX&
zi03P|%tqLhQzPFPH|pWXZRjlIa%#4u{v0gW9UFnhBoK63vM|=ORY0DGZzVRTo0ocq
zcB2Efpu8GGLq_TQl!Ft)6pSMK^S?-_%OZCYldfrrlFshb6^6ml9MDC`c-o}^e$0$A
z{@hpy0bL!0gg3JF=aKzfb3blj-jX(K;pc$UXP5(VM*)I-Wg6qCoqifVD1v+|*yU_x
z`q?iNAx7!N->$IfSTm_bJd9ama4{pzt(7mwuA`)HhVz#vMW}7lm{~i(CI%#^_6F{$
z(N=%Y@e*YpV@XPQ5ST)Eyfc#m)O-Jz5M)~OZ>OYk2?;1PydpkbBdu(khz*&MPf#6m
z-kV_y|C?~zO8qzCw%Gf>gj;0mzX`YEvi~LARNViQa0}0mW?_WwtvyA%rY)b7>0={^
zW?>U&^Kir3rm)2YJXTGt@+E41LkiHuc>Yc}m%s<O+~)K>Lr>N5z6}01^p>pnL*WT7
zU-&<vxBM7G7KakJHV)rERRa^jyvSY;z5S{7*9@Yk7jUhTvpVWoK>f%@9-c%?1*mI;
z9ZfftD;0ZdRsJh=i>c3nxfm5FkrZ!ueg~)o^~WE8C)GHP<IVOnw_{bs4{odVEJqsm
z#EZX7kdb^a4{>^nd;v*w=9(>vBSzo8mi=0>78B;3IU<vQg<t4dX=vBsuunB@k=LQC
zU`Ewcx=L7Sh+J1i6!veR#Xh3!CyjP6y6|K!=zU2wc=L_8z|S!*csNB2!kvo1ys5kt
zkt#c2LJH|et}Z62oJABSF?5wEHL9ASoFPAHGnrj{f%$>KR8d@u!gm<kuAZM7cT8?r
zk5E11w3R|D{76D1eA}e(gLdC3ksq-|k&w5_BjeA+{}YH~F52!wCOyt8FHCP<?O=O<
z&bNNiP`4aZ#XvsfS}btPQ-D%vAKd>PS^_|#(r2KK6Xsmw?97wjJ!TJ*6c2r%rOz2#
z$MZ1r#liGUTzDR1Vu@$mjh7I|knT1X2Nke9v%-0$g`OkU8WlQgvbyp2{f*0l+vEnP
zO&+n0fSid3fe4H(P-sif6+chS|9>Uno^gKd?&#xwH3zyChRV#Z3C`$SS<zs9PYO@S
zDu;<vqvga6hkb)=RS&|O)0g)PWM<Ds^r{P<;gClgvVU0)D;Q$`B@qwOC!iQ@y^*a`
zB4dk~SG$XtYfgVrM34LfqbyWijCe}7X{sJfce!E@-CF|8&{YDb*n*&#a1z5=X5Zl*
zBb*SZ9{_Ftq=g?$yEgbP<|)&R->+^`Kf7R0+8#Zo{Y5(}fnHo={Hj%qJKf5-AxF;6
zu%$kX+rH%_{?^&jBNsX6H5(@tMtPE23R6qOL~IWYr=-<akP$QYk9zFjKJG%fZy&JM
z)lC0A$9O+zUrRByhA5<-?_@RX!*p_8_6zt24e&Ps=e01W>a`I#(7m!bW!8(0BnC63
zF!MgMV0QEgSJ&<ybjT*1rv>__ALB@4u6V15COIw^1pHUxcNpXggzW2OVSBT#%c4AC
zgg=-#=w>CkSHBG3=}A#UF9xjKg4E-RREE;NZRicmu@z=%$qx2X?~9(8x21hpmO?+F
zP9${*kRj%>a9SQ2%5WN@fAg(RIuqc6CprQ70gEXPyF9v<#3V=pP%_m0^SZvmOtm7E
z8Wm2diR`PH9H%Y&5N+y8e5D1_b~?^G5F_#ZVw>#`-K0R4II0&6>WWt?Q-J5ag~WvO
z1QgQ19wi4%X0+5KE@q-f5k3aPHZzSB^N_2<--Mq$^SRL=d11U!pw>jq_g$Q(o?8|N
zwzVLFy5uQL>b5&zf=r5VlqQYh!g4X5VU9lLlEY*oMpQh3*o<;spwt+adsJ8BsO5lD
z9VL&W#qkzj-KUcI1%`#iBqKfJu!)ZNQpcQqQWq4ecBb<u3o!|w3S5Braz#}5Qkj#Y
z5@Iq0%n-gh^Zm`pcV=aa3r_d^H?&{}9cLS9)B;iBv*ZI{^#7sbo}w!Yx;9WJ>DWof
zPC7O_Nyq8fwryK09ox3mv2EM7)v<Z<eg7Hb{6{zYX0N(gwRcsGn$J7O1h>`P>A}sR
z6}HA+YvVa{dd0dOj2o!}ecT=YylGN_t41BEB0*%lmSTVv8~o$vaauPhcVR5j%fy?G
zT!?7Ug-^-dQxlVv{=8E%JN8)c;#W{?5aO4*JSJFMXf#oV4~e4F*Nwt6PD@4Bat&o>
z9_b*$JNB_?edgL=00jmS(g;CGZ!1rF>PyqKgWV=v_wKDWQuR2A%RByNO$CAOc*T8F
z$vWAy<P^=&fdn`DF4AIW;&ZS+9igeV=qU+?s2m(DcrHHxBF*|fT0c`I1{;G)Co)t*
z0NvMb&9%_G?XD{NzznT%C@3=64XRpvresZ6{S@?__LJra4HQWFv6OfV(E1*>V5axf
zloNWEQkfk7MMFk~RN=vjVDUsplDwx^psl73@)bT(;o=Dy3oVjM0s%*ru1az-?#sQc
zqX^a-QYqIcu4G}RbFw)l)S_bh>}`!8?0fG~PDS?AYFVqbfT$%UF%)lSq;GY$DJu@D
zls-vCtGh|OLjcl{sGFFeUB{m%zRAv4P0_IqeE%Q|h7Q<4UO<HM-*Zn`p1Y%hsVL9-
z9g5|=9)F;gK^rOu#Z`TYbvRs3fMNR+zW$?bc>W0EhxS^2aolL~kHK5HZSe~^kNJ87
z&-L$<E%d~aA*sp|htN1o_KXmrW$LC1LH42F`gT&EC!v7a%yT+8F}Kip<0Hs64VjOg
z8_ZYIm6O>BtUrff?0}v?lDy$|`w%(U)(t^*`6#-r&-87kEt4+=>#O~Nk>gAX-juI)
zow0AQ@!@go-@P|?EQ43>7@np8G-j4W8Y2Cza*H}#W*3G(#0Qp@T2IEQ7hr83znWjD
zOv1ttsQQ?1LBq=awP?=Wo2re^;fbPu^OyFfJxTtCfo9@Uh81_Ru+DOCil2X!bcpSK
z>|<r?6cZ<e0n`b9NrPmgtWu5cvCA6X>}j!fNxlopg8MO!*+7KiZ&rp=-im-wUivnc
zmfJec6`E{*A=(H}F4ha-G3XSdx%`)b>kBoXpYi%fC%&H&<r1V<SbT5;ZaK-+atA6?
zEbR5f+!kM;q{7b27x(mq;Ew6>$;iY8uqMzR>rnB4LAY={h^kt?Iz`8Ja3G@L4+Si#
zeE{Ic0JST?^2X+HMXNAwe`5M(Tkaw!-5rjX<hOYoz1@e+*&V<)9WS*LtmqWHwfgj_
zuMQ`+yZsp~zHjh+2)0{-B3ME^Xn`i2nAf{i2Ct9^S_FnieV4%$x_IT`{_B<jCcifX
zV|NHp5`T(t)Sr3B|6d4>7WKafZu!lZI*o%fYK4mU?GGUqET13<{s%w3FRVKv`JW$l
zKFR$NyUDC>tZ#OdSzdpX5@V05laEW$ju{`wGo*WBQBvf0e#_-x;vIneSHU@bLgeUo
z`N>ky{)7bf^qKv<a@w{5BEIFS?YXM!ThL~?-En@kH))k8-pVBGRYH|6_&h`6P^%|o
zgOm^rGIhc448QYkn!R((uQZXB4C7!iKVU|PA)CL+lS~QD%`7|4{ytZZ(C#0;@--!4
z@P~aTa=^ue?`wt#75`l}!p)SI4H+w^;itPVtRaAUghMBxYYeLk@DeKP!<O}AD2{;l
z)uPod#J1#%97W({|6dr+qI-baRGn=k$KvPrGBE#As`i4Q^E}i=x%~DV@<A<WY&B&p
zu0*7G99%Rufmcz>46jn%#>tT`^OMU8d)^rS(&kQ>A91A`&{=}|V@-PktB_rLby4+r
z{kI~X(g53{Uiz1a8&>@iap<Tak}p4sFvZO%yQ#Q&)OGR5!SHfJ_s4R2Td;gX#zeqS
z>&V~>yQt%|5JLY31t@*XD-Dp~R&S(MAXbhdm6y+-=Jn7xl#ZySFuoYj{}OSb@{&xT
z{#bCmr#p%c)N|XSrJON_7~0dmJSmaqs>?aZfDlwgSTqTSRahN=lUfz`al|7&x9KFh
zAf_^@Fb4qEiBwPSuN%q#*P(j;t1yxU#%ZPY0I%k@w!Y<w5s(@j;*G;i3M=PMBQz--
z;D9_JV(jpQl}RAzi=9oeOQY`HYgn5i14Hmzn;cRy){?aU$clmAw~KnWLWEK2drAKt
z0171<>33~*sN4Og@D;4TxsuQhGGGY?nfNRhVXh8;D@%PbNWX7@?5rAIzX`tluf&r&
zbeEq&@BOHqew5v}+t%qV^JT1KEc=B~21X({wg;B|lWLZ2vmL7VY`D#Yt7GTihdh6b
zZx4IZSw1(*S0Y6lARd~Y=;gKGe|@(Q0(6FG26}sYEv}JJepA9~(B{ynIO$uV+v?j3
z^sJ=AhmdS;B`o=kpu?$?4643qmu%Gj2;*Nl@Y3GCLKZ75ipor5;;_hgC?gGAQ1UAk
z4=Zt3<I|9#O{p-33m1Nz{g^O<h%5?gz4m~--3`USgMT0c=b35fI1}a5{~e6u0{E5X
z<_gGVy`%Cm0j_qTm^5_=@vba0&~^8yg#yJQlG*O&2Y3t`VVoMzM<spe0OosryIfdT
z<JfK#|MYeCuIR<ZRS)EPh*t98n5_+YT7DK*6d1#k==+rQFUk=d`x~KCA@KmqesPAR
zs93_}C{!g{Tw-eakq~N(P*jX$00o8yLyGv~GS-Y*ix)=+y=JaYjKZQAZmL&e5e*iG
zSlllmN(AbUQB(&EyCW+DsGgB;{&XD8HA%ysoG7)ZoY-Py9%^Z*!P1rRDcN=Sd?YdM
z->qBvn8FG90Iu)KMA<ba2A)nGGhPiFy`K$dXDbpBH*Gj!n2F)v6Q{frfp9qG1W4-4
zbL#8~3!~Mto_QsI_mZGnNpy;+(W3x~743ueauF<*NTvdu11{x#2DV9Yi#XkR@b4ux
zxyp(`QV792GdQfefr%CT;act=?21K9eOwNq2IHc`-k^TPzt=N==$jcyMty`?uh-a~
zn?fUnue^}gPwqAEN-i)K0bw@kBDx1pw=CoilaaCD5Z9-};29QRCEGqDL(DDQ>12Ch
zyYj-aQg&J1TV5JIw<6liUC(}S>|Use${Kl&cG{$!bfcCRC#q(7#t<dwM0iwPlvivl
zNp#0zMmy&mY%Lrw5zW1U{CITZZXc*1w4+Y+=x5KYsQZ~Z^bN1yfYQ4|WB-`=MM?Uy
zJM&{z|3@OeNcWbI?1N$khNj!OjQRtz{LJ`Dt=gl6CWqK&dOuC6ZjqcL5nY<sdsCH0
z!M72K4GhI5&VnCoKJbBK-v-KJ-Sq7=*xm^lB$Rb6E(vcG=95=%)rHgE<*3QLTZEFO
zgc)3Yo@Y!3chT++0I+Gz43ADN5Jb%Vd@A*eOxjUVwTEAZ0uFU?ZL&g#D*X_tJKf3?
zV}YgnV{D>O?o|6@|6atXoxMi>GOQ$AANa*a;8sD$eC(oK7gCSSL6q){u_4|n_9m}B
z9_%Vzk^L2YM!PxyL*>DdPc#%_K4`;38*A4?BAHViyEhoS2c&vqZ}<ic-hcZzY}XcE
z_Zoc`f>m=wA4(4AlnqZ!O)Jg43hM}dI-uM8#D!vB$sABz>1NE>Ht_o>eU9|$qGR(j
zQ%w4N$woqG4Qzq|_-NYJ*j>J$4S~rjWio$E-Eq0r-3r*}FlGJ$-qCOfOooICUn6=g
z%BA<dC@&Q>Aeh9t$M64?jnK{iciGsfpTF)-X<sK&3X(ClULxN~kkBH&C%QOD!OU)&
z0PjD3VrgF3JnkXDt=cpTH*hETKPHlaR3<}ZKU<9JP=k)L_EA6Kh$|fbup$J{fg*%v
z^*>ZkxWz~UFR^lT<`D?-q$efTFj1z!^VKwOHAtfm{x4BImbty;q*9iGpwRy-n3dU8
zF}|&1moL`xLE$proR`^k<>qJ%qJ&N{5oNE+ey%(u;DWiKujuipZ2by3bVIXh3!@0C
z1j+Br99+O%Qho+o+@7+QOM>i^+{RF5G(+Jmt2FXw8TIiukO<e)vfm+hAQ&r#sxZ^a
zn3Y=aixJjdM4cbaBr0x_;ef*DnfU9-WX`2Bc4si=B+eYS$~PFt69*KnYWI~PrX6l+
zKY|r&{XON0l`SD58P-uztreia=6ieGC_ArA@VkL7j1l;$@G>L^reAg%)|gUH#N%Q-
zL}4y-5oR?H41{(k%Y(qk>SGGdS-KHynHk>EWR_bdyVdshI=Z6>e1xbP`rN9aKk!h)
zxg98q49urpF{vOpSQ{wSEV7uiPSNl8Gt{)NTs7d<$1Wmjjh0epz7)0UXsRwDcxS%J
znKV8x!E4XfXZ?S8#V@W1{4cMl{{QfbKWG2PEAA@(|9C~#9@3pJuSoCv<rOtrg<jxs
zzu)px@MH~wq0F)xdlOoYuFeZL6~&~LH5cul&~{`(+YwXd8o8A}>}$jud$SUfm;=(a
zcZX?{`p<d_!YGQF|K*CAr5SBz29xBY|Ly4(BBq%>8I*LQt#27`mNf!Cm9t#q-t4%f
ze=6f?EyI|9;nuX5eL=DKiO7cZuW{jaZ|*SpIsM^k?_CNgNngDd*1r7JL_wEtJkC||
z(eC(H_HOOtzDN7h?z1Q5*aWzI8YOfoMtW&$TGEAdR^;=sJ(<`#8r=6^@ig7Y(Cxeg
zK8(~`8(g<ow(6%CJYAo*5MP^~59VH>{_TCh^KE5o5$-&6N_BZLBL-Jo`&_>0t@Cl4
z-9dF+pKP0Lw%J^sRD@4nZ3Jh_oX>fDE_Vg`G{|CRvefbLS$^=oz5&-Aj|a8-J|AwU
zKIR==Y`iWuljQhgW($up8pY0c*PFk(I=f!qPI^x|Uah-a6>YP08q+&2X5O4OZM=Ps
z*<~tUr)}%_Y+Yp_J03>vkFHOg0T&nbFHXpfr~kH=sq+ZZ^~uP^hIC=~zOu5@^L8Fn
z578yA{w`1=yVdYT0jH2CmJFq`6)$g#=b)tWq4GWTvbgo$HajXTgKd3nip&26f9P?a
z0q1;r9E4`s;24XT_0D_ouGud>pB@os^VsLTO<S)ioqP75FC~5YJos-v&(^$a@KGjZ
zrq*9i-kv5BuWh(LW-HSDdyXJ`Aff}|Gw(P9nZSk$p>ezYft}1Hh*mZKkG`JsglMip
z&^H~is*n5N#Sv%Qb%3L{y1nCq&nxBri1BAVAd&tp7dZRVlL>|!{K((0Pum$jeID1y
zg{PN=zs|pwc$bY=r}ORhz8wpA{N-J@0ipwE=CPg}U`pFNM}Qc$YMMO#iHq$4FVnW?
z`2{6a`TqF;ki5;W+*OX7Q$ah5eBU8yO)G;hH+g-f<}|xD$jt9F-{-BCJU2dgZ1z6f
z-Cn;myfCi{$>hxS*~Z{L>JZ`W$7`4yRiKU1#V6VVUGIQ{_e2L%23NW{NqK)2vdTo0
z7z|r#G;P4bUoKUVsJ~X$_7g?1XD!vMnXN^^jg4qPIfu3nO2Pj`^n0W?o5{PHC9kWH
zNzEGn19thV{$CY_XK(8N)EBllVWOQTDtSv&b3bL6ti_<uns2QShW)tu{iAr^r0uQx
zZ6&?m7d|YO5-zzgB9GT{Q_IyU5C2<fpu{0XD_V;4oC$*mewCn3LmI|_dwg5NU~3K$
zxK_t_=bG#C(<E_$pMts_a=o(fFy(lRZ4&3wZ`$VHyE6?Tq2sSC|1-7!akM=2zeD=S
z>x1y@_wJ*zqdo4j*O|E7>rXrIapg7r+wfgnE=CZiHCys&jL_D$Lx`$XTgneI%|6tq
zZWQZs5EZ@e3NiS2RJh;wd#&Rm6tDq$h5>k<Km8X`W0XfV!xqOO*9E;>I|4I<@X~`K
zTwu8F*EQ#^uUw)VaAb)K36YPhMg`Pe21V^Z#d&X2Bd_WVQ|+Jx^ggMV;|9({f?*C(
z_{zYVnmAn{X|ru&ZdB@=ny;_o4zl_DlVYlDZNa*1tY_?RoUDpH!ook&Qt1I^9Yf@<
zZ{ZzL5mWz($WLc^8N6Y&8)XFkZKiY+Z>Dksvw4PGM{VEXMrkw%?h+OICgHQER79A7
z5J5ZspW?$d;`wC?@yQo33{$c#7|&EE`h_;9ILU-pEhG1HvlZH!x;c{H!Z$^p>7D6J
zEvcJaAI88Dpb)m>>jqJs2FT+z|IDjD`l(YxqmhJfyVP@iXTKzQn^al7$4DZ84Ipm=
z2eI|Eq@h-3GW-uZBu=I$%-gIEutfzgE4_8*5?9UI{UKy1v_!*9wWF^M@;=2vjdqhM
zvSZkD>VSNBFf-xHbar}VAQy+_z=>6-2xZKl;sa;H^t64~hUb<FJVP+&NOt7ZW7)k0
z<l*_Ym<q7?j<<`|V&%LIN8shO1jjRjOte#$W9889sv}Oe58uEu*4Y?RK^l(+RpIs5
z;$C1+k7?D(%Zceb`cd-_)HRg49u(kVi6^TK@XNN@G4H}gX{@DH{YfRsMT_HNSeYfT
z$%5cJ{Yut1E=7U>lYHBo*b`f7pQ`VCqh08>KU2+Oc#_xKZvK<24>@nP>ebF2L4?RI
zSXV1J$2mCu6PJV3<^}mw=PV>XeT$e4`XB|NfO=fsW$MeVT9*LcF@40M7xULaqL=^p
z7MpQcQG|>b+2tAjYOJg%&QARDgOl`hZ1?M}a49ahuNnas#3yVq+reO8QgJPsLq_55
z@vGc0t&02Oq`8whW9UN7zjK@B+=e>RqhndFp9r5r(E)+<{%~7BB&%4cGKmK9VFSI_
za%#9DOtc0UJ9l}%G3cVWS}X8OAQ1H`R=eZDM25li7JsZ}2=}8AkkzrK<_o;kdWh2D
zTfX<Yb^t_xwW~L2!HF1Sy!OpQ>AfY~a_O(6E?6!Dxpdv{W5NUgwZebh<<BilprkX)
zl7)1x`^$U;N!fpE3c1vp;0t2)MDu%1s|Q+!L$+0h*UGZFBJ79Y;4zbNOt|JH!Hx2u
zPS1%HGt}i&4xd}&5A0$yb;bIFCSAv-iGtw(ZaD+%JvLWZr{t9&jOABVnmos5G*U{Q
z9Ns&d1S-f@SvZ730i9s=o6P{@sE9(*nV`wz?+_WMFU@Fnl>Ygp8DSn`zBFTU6u(T3
zJBgfi<R(?<7JJ^EHcN*iM(~veXmQgO8}qcK;=YX3l;NZAVA{}4hSoB+P$0SgngWn_
zTBL7&k`tVuMuEbbB<AJ|!Ik+Vt>zX55;P-rTM0o!!a4+$wCD$<tgH_Hu7-|Um}l0M
zW65w>T!_j~oKnz$ZP>|IoBzb=NxyPz9eGoLNfh5x&<3`+y4`;~V*_fx8>0z^%ka+>
zOHSj~p?;|B(J&Ly2Q9P-)k-e_IPKW{6G=9=`QU!G*2=On6A@|-<%z?ExH3$POPm77
zU0`JmYHMX(Q}JhM6y}`cz1IkA4O#A4)5JZ%?k_CFcrRgS4m9CNo)Ur(FY8I~1*8?p
zdmb{{w(C_;RU!X!^+wWvBKDR<UlDr<sdw^P+?;l{ntRk0SP<Nl+g~SuURmUfOWb&`
zT~Tme(G7XB0%KRuq_>B!C6;zV&u%{mAqfr6XCLD*w24;VcLmY^loB8kD*vaHkf|8?
z``lk>n6hsP0UnI`pP~f$9;u=MiEfCM6SbVA_(;1Ht4w|Rzkj4O{dx(+XkAFpw!(#y
z1#LIy2OBx=k-O^gK+dYtEjKMOvn_12Lew7x*!y0~D9A}St6X-Lttl~E8eu7u$qc)+
z+J`#iz{~@+NSiAO)V<|&Gg^m62qTfqc_}4Af=-0CgG9+l9OH(3fwr2QHG`dk@Lh4-
zDSX+mnnjS_f!M4R5hXN`jbR5I{x-b_y{TopzU;Hw7(ESRV48qt^B!;4bfAYf@W~u>
zf{JNccr}7`<cHOd^PBo*vs`8}AMUp#q);c)CJwHB!9$2~KcWvi0$5~={l;F7fOhu(
z3D#QyJ<(=RW_}c&VB|MHcLTn+-I~l%>D-&#Q!JN^a2SOc4#Nl_cF%kT>sfZJ<H<h%
z8>}}2U?{&~SkQW`)Z6BevzresD`X;sl6hW%%>3N{WFt7J^<P3}nUN(mFw3D5nppO@
z;h0OK?;!GqUAmqmU{}}c{dpT@S7CpRs!e@Vo<N4){hgG&&)JuJISyHtlpMn4uZnFk
z?78VIUurNHhaIDOeti-*GD%79P!>hbIE*?eApAen@oD-uy?rF{=zv`9TZ<eI?-m-!
zn1quAEiXq8*C!jW2#sECRm&OQPd3Eo#}e}=CeOB!A}x~YXAh6HB~f9>eBM@jrb$PQ
z?6Wr%QpdqKMKA5je_JyPlM#RWwda&v@HA3qwKT{w_w>~S*&YoWh^kLLxV^LlfH(d8
zHrM7sku-i-84fV^+<M0-rd#}~HtYSMN)l{n=BH=%?wR-p7{ls7yOE6bksxY$3xib(
zBTT4_gcimvI)r=p4QZau1W56)&v<4QS@6+4&81~xa$zK1h?*+%$^kPPOcuENYG*+b
zpmaHu{cx8gj4C126P$%=555Zc{<oP!T8JX7|0!fZ@+hO*mKZc8E73HUv?N8AAEy@H
zb#N~CdsZI7Ha|Rta9O}l&jPUVfFN8bh`fGk-6fXtpK}G#cdfikvr{#lNI2RFF#4fO
zuYoGhUX*b^<a>LKuV={$2j?*L)W<%TmjrEmb8Pfo`Tfwun?OD#$Jk<kQ*tr>_#=8~
z*s)fGn{IK}AEetOjuha5w;QnH)o^W?e&kuFCeW0q?ASMGT8-Q?--qSDsT(x3WnDd?
z#zzEjX2i!+F<qlBf0oYiId^Q*N+OFwsF{n~@}ECJDaOy{H_uP$kQcnHv6Rn)Zf&dM
zRdjSWBc@5QXMcvoP@9<n-i}-yGC?^SX6j=P-~Xn~;5RPB{M>OWgu%23k0R^QO==z|
z!8=l|<yn-1I%H%`G&FPQ<527*6#2I@e|l$W^8He4;(@bm8fVK6!ol6oq>!Rr9k+W$
zDi)zRp^xPk0X`#}t4%s9wO(+>NrKr8mbu7<3U(co1)iPtuLh}K0H^DPrK_teTL^u{
zgcjUNt6|R2Wp<n!DtBR>2-Y5ECepf#wis$7!CL5ulzuAYX7Bx-Vt48u%*F$X%635Z
zCO*P!c&uDiw3-p8D^HuP-~3rYaJL!nFD8nj&ox%E5~`fo%SrR1e@hZHzi(w?SZ+Ok
zc7<Lw)N0BO>CJ2t0>{77Uas|_pj1yOP4|#Mt!%~7m|1@g0S!J~CRqM^drR>nmQ$~B
zWW20P!J|;TI(G=BJ~8{lW9@r-2rD8M=p5HSMnX2x(mPVg$q}TyqDT1sk85kQD&7ro
zWj2atB<L{{zr^FTw#fRN0yZUWnwfD1ZIgYRC+OHHcW5dFpdL)KV{4ofBSG_x?CH$`
z5|#_Uj#*lzNW9%Y(L9b(T5bMjlvUkkj`XPDX_Qqwg<O3^VcXU??Q6gs>62Ecc`vj0
z`_`~f($0Iix(dvqcu>vNBfG4Q#^V=}tdjfOKcAI&W@x&ZlB%m!c!ycY&I*M8LXX*B
z=<(wVJpy6bM&Vi~F9!?vM!p|3tUMVAI#e$QDtGFfBPt%exkrk(?!8+Q6JIis?LRVc
zLbNudYX1GE%oD5R6V`glF`}IH!@=^cT`P;GB76EJ6{dE_w(wcJF!2zHH@WKh*%^tZ
zu&Z4nJ9-8P+`U}QidnHM{7BY(H`T#ypMARq=)BkRC#sY_CGKg)a$XFVJSu2?3mZT_
zG|@iY-E!9@uB*^KC9WyBG^sukcLBr!hV_jWg*Tc3240n%r$9+Kl`x?2Ni~dbW#zw*
zI#T-V_+2FK>Qeb!Ul*eDbx|7?-Xv=t9BsI?%)Y{OWV<)9zE#Zgmewo0_8i?T0K8p_
z7KN9pFFIac=HA&3EJqUe3{9uW?I!NV5Txb4@S_#*eu)BdEdt#aDw`;mDmvIul9qT@
zq8Hsh*pdQns23!#nqM6&EKPkPiw9*eMw+q6#5yv45U~D^AN)0%waJ2hUw4j3ofIZY
z=eOg!6H%G9Q$CrmkyiY=H_`sB3s7_=q*@zvb{4P~)%_2stSg-R0+q(ajA9#(^{Eo=
zVD7V=JM<%T9KA6Ojc04lHG0>ym!Cgw=4&_g$a3;_vW_}S{qgNY=#kC!a0R@^+S)Tn
z@KdU5T20H2c@%3j<G=Ntpl#r1JhIZp@I+I(4v`fhvXNHfgEkcaT!5Z`t~w)LR&O>B
zMAk~fh*b>QU=3`w!*8R5gDxHmCYsu?$dZRBZHh!ky3zbgN^zNW@FTqKh6skq<OGO>
zH}E&|PDJ{4Gwv~1rsf?`r2IeWvMoYKr8FJFlFiEj$0(le0pT>Rs>3R*10t@lSvatn
zxUi{sVS6GB*z7!k69CFUfvW|}nXM*vjAj3jUM39|)|(-7&-Q714~`U?BP&G%EAn2L
z$!`|^<NDVC76v!Zij2|jQ4ncM?3Hd<M$#YcMq({&S*z(Y1JqOOp9@9C9|#GKu@3yU
zu`kc22WP8012a9_$7dSt5tq~9!9O9>xCZCJE;hkYZM?MmLIAJV`{UasHgtA7mn(g{
z2(A<SOvKJg>!5$goYwrNQJ!FrZ8Utr6>&{#`>U=wDz!NOFgimQuozur60>3zdRPN?
z-O8&*j31VD4wL6_%Rov-DGOlbN(64p91hb8&<N(M%q{7DVc3q;4la)5WFX;W`k2f(
zj+;7h#;Q;L?gk=w&C8?V9g|%6pj+m^!)a4aw3B8s8$8-`o@N9g`@r#|V<i)*TZSO2
ztp4b4^du%pK&lwp1-|-*x7a5p+(R27-<uMFFCyA7U4r46SAcR#w_9C^@W`Ev1w=R_
zxSkqS(I?E0(J6#~q=LuIBYDYo96K+@dY1Qf?VnN=?f`6ra75*kEZaI<P}djF$X!W0
zL(q7LP(t8j#Nz+ZPgMK&r_SA`OD->spKx&^7b~^+KvMZG_XfzH4#Fd;MtYiZEL@yt
z1EQ=O#kYyzAq1#(%A>w|N~XftnkEUKnktDQGQSzyBa=Zrwr_*}IQtO2jWRz2U;TYu
z6kKlnv<x_#@Jpoj_8Z;Z(`a$uh2W_zqIBC9sj-*Gg;$?8A<+%}7KsK;rgImp-W>N&
zy5=xdj1Fg3TQo(h#XB+yp>va$a;e;}qf*qS1IgYMbUUS!EYw0$eM@RJ?et<$OY>cU
zh4c7o2#8?Ck&2?*YamIu*4jMPZ;&mZJ>4FmeG8!L^0UpdD(sVY<mF(tHC}|$fb`@=
z$M99?1@Z0G&@e1oe6YEM!W}3aY30(aklGH$-=J06RKC8hYdyL;&nKPadHK|!cBOJl
zmT`Z^actzjQ)c*)=ar;RZSAuR&v$jrHMew|uWNBeW{;Um9U^bE@)och|43>iWD+`7
z7y_i-KL-%^IB;vjCJ5K`*T)miCJ5*C*9R)jcpX2%9)JB1Rus&q%rmXtL~)uyNc;LL
zAwDAh_<cQGE`KGlnuaa*>^6goM}?IZD&B6IRhzrwNQlu3tBXRTyQH(#6Y<*G*isR*
z4HrF0bCbkgYT3wa55H?#lw~fAnY>vhSPX>s)-L}of9ctQ`9MH4=O%5o2f^`LR84WT
zXhNndGJ}-Tng~qlaXqo7SswRS4$q6c9>4e6U3G~?B+VhXpqcCY9REyivXCJkW@I{2
zcO1Z@V!_=ow2u^5m<G)fu_j`1ouq(P^ux?}ZHy+G1!<=lhwyQEX?#S~+I~j7DF)gG
zzp1jJ_l{0oog4JpzTKYT2)~}G+Wv+7TwDGyza^ZO@o&p#`u$BIotU&7J7ttH18fM!
z8%BZe{3_i<efngOP~+cD&cnf4Hs4HH`ZO6G9T@G|K(tB@Yg97D9ctKU^GjjoTaBMR
zbU(3wuY)HjTKrQZh<9?QFcETQJPWYS9s+Ml#sxj3CRYA{<P-DmUvH9x;zPXISZf{Q
zxYW)@$0{NUf@*xVAS1TiZ$Uvy`=;Ce-GTQQuj)ZC$&G=uGh|?_8FLLz9Ilq38Z!>;
zMe$J(md-|U1uoW+x>`lmleqrMg2AW(vv%B*IL_bz`#~^k7vH@<NDRY3;5#tUi%SBL
z?giQN^0<X;PPdF~Uhz{X%kuaBdX1DfZ?9yRf8Y0A8@A8C`G<SuL)48v=h87MMf|q!
zIq5{#CGNx^1TM%fMMgT5j7&sISyK_#2YxwXqkF193L!lSqt5*5&>9JbI|GCNu5_}g
zPQRnMkOWnG$!kq8nr7wo_<8`bF|P)ikVjxvxXn`&AnmA+kU~qJ!MBwOXW3{3cy}@~
z(U9(6oi``c5h4`&<ryvw8Sr`tUb3cW4bhuB9k`1Zt4QoR!bO%51w@<Dl3NzhJ6fj>
z%l|p45U9U2-3*5%Ce8n73zOEh0Ib%t1~Cr8pA9u-Z-<I}Ka>C~VlJTV>t=HOC8(kG
zW@xsT1~?xjY#aYj6R){}|4=I}Jo<rGrH%zIT@TBp1NZY89`)|>(#@K|uDww;YU#+K
zy?5{nBURlb^t(qXTYWAQEV&d7+k7UwX_;rmO>csFMxOsm&0;?6Y_mS_?RY?&sLkLq
zHnHS&gNW?`>q0kbivo<L#T34;xsp__<3wV+QiPq*xTY0fQCc(cuj5fQD$c`<?Y!WU
zQsl}gL${ElEKend?yIt12K}a0;SqLS>piCUtCN!oRS>G`u<~jYnNNiwnnF?ThThMI
zCTWBUp@TrA(3e#<W$Lg?YWgrrf%oy=^c*00{U~U6F}ei@&;US{n)$({w59vO<;3IT
zV1>KYRA)+8(>p6*3wtbk|A<k0^Y!>>MWxzb8i0YW{pPXqt>ZJh!`0drR~(hCYpQDa
z;ha<08HM!{vu$5HvEX!;O1C~vtKkUyaqk<LII1<W-nSg12dN3$t&m}<b?8mvu!QZ4
zS~8;8VN0T0AaXe5_hE-+SR$U=Wt{c}MuMw+OCN0-uHq&_-MD}a0pEdjMNWH#-_4=0
zJ42V|pS`pUZbWbl+Cpt47lG*$hP3A*(HyVp`}R~@%iLv~4y;3()C$65ooyC2x@npa
z^rv+KM*PZO5q<6Y9QLDbr@y)3KG}yb-sldar?i4qf#u6q>r@VbVG`B-D66GJ@Nn~S
z$6!SQV=5`98O?^^9&SOE@nEr$pZ(p*)T$WL_O!KW`>(ydOsbg4pIZwX$*O80;FOW0
z!NwoZ!bwJ0>;vj2C`}Av8JL2D5$q1ekx2We!y1V>v~@E4y0x%6*>69~&SJM9PGD~|
zW444-01Q_jqJ>Gkh&NQX%FGV$wm07D^X{<?@81nX{dY$-(Do{juND+!pi8!ex&jZp
zDm40=5JC(@FX2JQC;w2akRKptG}{F3BJwU_XV_PN^1uq|+O|<U(h;?aY4P8I<q<Lq
z=_;1*gUqn&fot;L3*ST6nOVaxu#YoCaeBPT0UaG+WleA;S(r+nAgCN+-y=mb@+xSD
zf}>Th_-g`n8MS4RgrD_Z-RJHf1l>1%h@HIkHXPq7BeeH>dlgYVmLi|!ZbFOCVx=2~
z3ej1;W2I~y4^&1RkgMxZoLmCEr%lU|#5btu)wj3!U$zI=vF=zVS=^wOGEcw*#6a#{
zfD~R|K#f%yTk2cM9u}`Ju7OL&&2>bcc=Si1`6>(3<s-y;pypZn*cRWr3st*@u2yH4
zQ2u#*hM-8&ca^m^sF=IrJtnCfz}^|=b3J6T800htfzDBq;=nC#xRm8(gy3xJNi`d)
za9qQf$K9CTdy-jE_T9kUhre?8nrVy*AY=4l{^!Y)r1Y63fm3)sg?iVOJ=rjBk>BDY
zSwGRHxTuk<@5>x;AZ~%X%Q?_t^crhv^~6->#yM*Ct?yO}zq@_Iy|FCE&QIHn5Tg`i
z@mkn{E$C7cvUNk_WSS}gaaUG9i2x`eI#uVy6!PYjm$ePmQ><ps+uV#SF-7wRRP#D#
zR8HhWUOY6FQY{7Mg?If*FooV@LSNDh$e{8%(Gi#ZDj3S-Q-nPY8$0!rIK}4oOwTgW
ztvVFHe)P*P5bDz(gQm$_6c`3+noG`KmR}Z$=UMN_z3y&OP<+$<gI0URf2=u<dHX<Z
zsDoNKUWkGuX~;WpWaefal(Pr;H9n70##KZbqHl0xvD+L|Dr`eO4%?RL@vQ_RPpE+5
z5ld{=bw}~=3QFjp)xUp3m9C$^kw5E-xtYmMe>!D6V;5d{%*_?2n{)-aEWCvP9rZR&
z8I^4$vM`+e876pE-03Ci<ag6NK`ic3j1tQRu21G(tMS9qchXjpB^nlBRB@zYCD6)*
zRioHJ#GID!r6+aO<wU{Bkk+Q49Snhx+wP(|ZjU!XMy;^7ABnG4h9qehf^{~NMrT9@
zJL@-ePJ!+Wi`xm5nPAK!^HlAyL29~%JfVJMluHca``yZsPO7&b{H|^IL3qg%hC~}L
zl}(jsSY152&);lcbkXm?@s;^Cx)p@JypIU6|1Eg$&~dTQ#NM~2%1I9oUFiU@%A5m+
zu%xANza&CNI$2u}y_GI@jm?$Fq_4?S)##itIhHqj_DGlen!B;Dxl6*Ve~U4H{?FWL
zbdK->aAKV$B>EVck;KnI>W4&P(S&iXs{A)Lpd+_|`=+tCK-il3)=p0(S0I5;Pc=6W
z_<{e%5yDs-9EAJhbDzV>BH75edN$GwruceCxU6CT?eI=b+>>&?E|1Ca_YT{hP9qn=
z1U&Vet0QT<%(TJGmvPs-P(BBL*w=HRtoDUmY6no>MboPkm^mbqWP&;l_5l=Hlvor=
z@K*^#A)OL$AaqwhIX7Oot*<Dmip%Ik+LphIC1!agsV2TFT}}N+!$@@A#!zIP=(m}E
zVFtq1^&~S0p@x7h=+2(|Syu5>=ju8(Wd5wW+o`nJ@OL-$`+t~Fa2reBHu*ZnV+O$m
zSrWFjgflU?e>%!1I?M8B`^0>O8&CqU1$cyqh@L)!0k}QrqubI6s6UADlolXQ(EaE*
zlFs0&H1!ZCBuS|Sr>9F3&X8y7$xHOGi2}LI%WB3~1fGITe9e!f{dG+Z(R=UhI%7U-
zHITiuXo%SAXs}Q!lz4~n7_h<L<T(o1qpF=((|dE<(tC;XkK3s6ey+;#hV|-qM7EDN
z$Z>@91A)D{avXTIz53EMaoN54-;ZkoH}&Pcdudy7&+vbKt&;8@Zyv#$upPgvrn&YD
zUArU4A}wzv)3>^=N^(!+DG1MbY?Xi8=0aa~U@7;Zk@q0QCU!#I3go$GBXGOIi%;9P
zKsD4~(4`}_h<$JN+e^mg4hme@uc{nchYI#21|)+-?sJi5$ob|up3q(J4~Oi3j_#T8
zw%dZgmv5XsB(U&6^JDOv&^u$92n>P75OMv9R&(VRP>IH`&ZP$}?ka&x1|uq0QVYeq
zgVsMR9?$4$u8)`nyxfJWP-M(e|54D-v~{(=yoUC_ggc?A1rE&$>1~?ZMbE}@|0|IQ
z1X8Ix>9eTo9!CvjQVCv;dHLV3Db#;pNly=IDpTg>m!!9qP{cV)ErEu6(v6meWfgi>
z<Kg|w6J!if&bt2Dclvq2I?Cv-+P=q7>Y{y)9xTI~fXT*ofYIo&i4*!F5h=8DVZ!hN
z&8CQ`i;DvLGA1{9srX}Nghb)o?RP`a9MGY60pZAy@|w%|c!vo4fb3~_(Xo-@DKg_~
ze1ZF~oFK5JswqFQ1!G*Bls?6?XB{cErHV?$LGJ>$_Ya-hYhG)B`rXgNf4C;8{<J(k
zn>v3hK`t6B1lDg!E}EL7TJ7GDDnrxblcm;=1~a{wdDjb$y;a6DPc!NI=9G0gwt(o&
z)_jysu#5VJX?osG5{l@Dda>Riha{zC>y+U@@ojZ1XLQ({RC+}3Aa6Qyi}m0r4}Xyw
z9dxlJ>DtAm)IP!#FCW?~aGz!9_r0l<ZwGJ;MygBu{H8|l-<b8)qW(yBI)bGR1RcM-
z2ox$uy7phF>l`V598$fU9-W1=H~~zA8xs$7vZ0rgm773&yJnIGVtA?-*y-c_!^``^
zhU$|zcT;ZF^VJ{OMt1>($j+_Tmn)heT*{sWx4h^#;vXnlkrcmJqzT5xjzC+M{+x0^
zG6<_D7+yy30ewSQMyC3RGl~alf0CY0#QS3-6Du=3FcZZf;tES@al8L5dH^*>m<2RX
zE<2On6s{Mypr(%B*3DGAK<t`UhoGC`iZ3B{qTZ>XAO9d<wBW;4E<X-7TP~C%&Ar5M
z)!nrjTp+NsM1!?1ZHSF}!Ohd5VwSY=Zv;oQE@9Adc3&Vg?rHj71hT>0iYc4n&v)1t
zwG7Xh`nFmAwR5fL-e}=$v<JMb6tX=zUSN-T_+IAM%Xl1*wKZwSEg6tJKDX;~|2;UT
z%hi6DK{3(vi6PxGMO76A*JJ?~Af~v0l{@p<XA|`V$;Fvcwi5GReAL<~P=$?&#QrfP
z(#)>d=~CoWdFszw4=;tCdoRtiKx%Qw_q+c6`n>Pp-@(LXGJ9L!KTTjoqWDR2!0C;2
zG0LWop>!=Ef<?U1s|?Rm0CHqfXn7}J{^uFV`FSzfDq^b3pK7=OZ6YfPd7^VLeN5;!
z{^eKx<&$@)%C5)Y>N+n&YrpC`i7uAjO)JYA4rtE_>)i1s{$&#T|BUmVhW6B+i3^TS
zSXldKJ$;{tBb3n62ynJ;vd(GkAG7c;-76or>g1fYPd9+*MOBe}b{Lsu61ZBZEM#-m
zS2AF1-D84P{6@5TrcLoU?pVi%pPu*)Z>pM-LIz`3?p3lq<;^=gv)9TVoj#Kev;PkV
zG8c2B(Nszl>ECn(@2XlGynSPG?;?&2lO<!mL5OM%)P^aBGk|PdPh5ovS1DM=izN5H
zb8f48B=)z;mL6znZ+Ua`Y2m6+>5a`gZmWzO#wtiK>q!uQ@G>x34(-n)4~>uwg`B<;
z+eZoSY9$C)iB8&k=BDzd*Gj^C<8<a4$aaJngWwtDgW!qcQ<~l@&w%r2_ai7~2Wv*&
zB;={Q6pOBt0J>OsHm#zsIPTmg-c!e$a)wCk1)||Ryr%EmzTVb19-YSL4M<!DY7Zf|
zvvk8fX_g6LU*2z4>uQ0KxDY=l;c&NLNFFxXI^QeTlEl$pAm}@-{4xmqEd1EAI0bBI
zF?J%4WMksxxxJZsoe!I%An9<&)vOw|JP17gCFcH21im4{ghH|Y5qveFykIwRs}tWw
z<nd;%g-@BYs8v>~jEECI-;ZxYidZhqRfJwV8n<IRwj*7A$F?ExzOxrr<^H7GQzOV8
zv5U-**!%SW-x)(7C@NL5HjXbBDAXwD;V}CzuI8tT{cp%jN_QnP_0M%*CvLPuiR=~4
zfL0}U4WM&Rfn{9cBumFcs+|_~fTC-B(wYX9_aH(5t?dRkJF)LL!PrG)4XPw8wMq9_
zIHa-q7d@Erg^8;dgr|UH(-eG((jfUcidEE%@!hrj9*Kgn2!?QhgbLC9a{+_`A6h}y
zCic#x9w63H^Fv{Z`h8N&yH0v;kLaF_y_|Uq3@8onhfrXMc@g+=?<_2dDCYgI<L#%H
zw>%FC+U9abm2H|i{p=m~)%_uL=O*owhYf+SnImu(&3gmoN&Y+}Nq%<HQ(UBSn;L(A
zXdu4n^<k80RhLgT{qJ9unGhX&s99zOjgt&-S!vwGJcXAv^AN(aSl7`wEcIPES~_oE
z13=W-PXv1&-E7U0+5Me!Q>J+VBT6t&5ZVoSe6)88+I83#hLcYJV;+~^k<qfd2=Noq
zkBR??ybBK3hV_PQNOLn~(^vQx7l5>MOc~!mC6aud7yoZBr&~_C{)dDvMjSKZ(zQ&d
z0M(CSf+^hnT(rPZyI=UT@;psU+N$SX?!fZsJ$0tx_Neq4C?p(hyCFgiQBvW5jw5{>
zu%_6mmgUf5Eyi;fd_u<he{_yX4sC|=Wlb*Zw+vNJ9-v}In<GY;gp7H{m_WETkrM-{
zNq&S2qW8cm_j}C>qT5rJh1{v2HYvO+3bVQ@2^%H)m@4<1w2cqR3zxU_B|l@70no9{
za>8h3A^s}D<un>MR|s`5NGl@vH6`@1hdC`RzYON29AitS`0-~n3Zu->Pea=0QL^!Q
z>M7Cdr2GPtD-y(z1lW2srnIPLG-&5Er*x@u$KOy`HXNUtu`K9wFfqYjXE4QH7)__Q
z5i8S`M!8gfE%6K>Y{8t#ep65#2i&^zN`t_$c=8lkPZf;jy(Ki)<6&RFQ6%3mvIsDh
zubpbD4i4w~IYHRbU5Vx9d1hS@Eer(#l67-|u786Kkpz+qy^Cb1uekqx?(GVp^UZ{W
znsBw=g2;;o`e=zgvTVJgbWWWmbaR42u=rqY`$w4t&Y}E?o({bFZBLy;1YD2cW%>0}
z(0#D5yW6W}69!*8!6E9}Jqexq^(o%?^<m=q=;HBqc=m4eeQ<bLiXvt!zhrX0nc)5%
z+PSi{u`uq02*wQk?-2jPtFy2qJdU@;wO8wuw>%Hwr}hTU_^q$?wcw0J@8+MfRHruM
zb9>4gnbML!P6$4qa3<h6Ld(l@H{Wl;=ZLYTL%Xy#l|7K(giB8WM)Ukbtt&n4AR{1#
zKsqZi8Q*wD))ayuW}d`BG$SNr9kp{aP{669G;%uHQ}>aR*3K<Z`*biQkU=h+?ZZ3I
zpB8l`-xhx{xG=udlck8v>itAqWX)0upK*?@hy!ZdzXXX#<`xJdVj_UPLNJR)NPRij
zRnhwe8*J)=u|0}pnenLZ3m@cDjP#z*fm7YAj(Ba>?UzI^1B><&s)Q(8l|8KdE_aLt
zi~l><kkSc0Flxu%8U93@_#*6~*l_rUyD2n^`0pLp8P?A=M&76>{fUXz@uq2}kp94^
z+-WAf`Y8Rc1s3p+(*M3*6RDvuuS|l#@9EgkTa<c8BA5L~BezbXVw!3m*1Z(Hl83jk
zXm2X_HE!%u#n&W1`S(5!gZe-WL6Ak9b5=`OZk<}WYgSj-A1`E>J=a4=zxOO&tQ-~}
zNzq#`#P34uBF?>NKTE{51w~oz)urOE!VjMR9R7eT65Rn7sx5N!UahuU4BgU^9H)9+
zLx^MR`?G&_Uc|ifw1>^r)Aq42V&^0o!ol$mq^dpA2VqgNPzFwtS6XAUK*B^kiFEYZ
zD4qM7El?DK@It?uUI<9PO|YU;!?8li<prGnm0uC6ahw(}aWO6~H<S>nx<f1fDWQcz
zVwJT4?1KV``3-lNB*pPYy}HhX1N)g+Sf`s$I^SQ2gN#SSh`t&pd5Cb6TgzSZeCvdH
z>JB6%wN3Q_Y4XYH@hZY?luY)&bUF!m$I`ytZ*cDbi{$VB7c;Qz5cdKx{4t5(q}lO}
zfM#U;mE{+|FEu(P%Lk<x-x~=s-<xj&;Rj4O0~bHwJZGaFBbOb(^O=9XDVI(Hc+bkD
zDYo@%&~I{F$F}gJ#9MGZWtkkHhl@zPKkk@PCIqhzE0pu;)@d|smMirUj+Xn}fDZ}4
z299N+(a-dcitdmMycnKp$53<!a63x5OHt#(YWWbVxe$qp`K+euu)R9l{Z;1@9FUe$
zz-$H5)i4|@obXQ5DQpVvagWDYJES^F%ZCyFIXY{bH4<pnE#RQ1Rs3GGD%1zJ8GI~W
zIXy2~8U5Nv(kdo62KLMv7mb9Nw*>3RP%+ag1nZoq(<+>W$G*Omu37onS|OYmIxm+w
z;jEc%k`^xZ-t=_EE3={EnrQP^^SIGr(HiJj>LC7PMHp84oSef4x;v7~mnEVF*!o(h
zv}zW#X&2fUL}~(e==8i^vvR-Q{O$6MT%T}!uc=|OpWqqdU**5&eN(sBOm+rpDe}^I
zsqVhN+K|vi>LTuovk0HYec=V)(Juy42#<fyN?&6Q#;28~gu&+WK?k4g&nzhAwF8xC
zaQfeeVZ%ocbE^d533rX=<ptV467|~Oj{ad%Xfo6WO_j;bUAG-TC~hD+W19;Py}ciJ
zL_vg6KD9#8Z&YW1RLWdEN~0^qOf(TC;#3u&&J`9IRziePm-h5l!6MDm#qLR<V<@q<
z!gd9O(Y;77ax7xX!)zA5xKIR+13*toP$6^@dlD9fV{SQB0^12*mYjP0bgz+({gn0^
z#s!$;{46VG@N9`H99`to?Rh;b(~efX0&Tcpa>JYbXx_9jdTaSpwqUX|WotPr(Ea}S
z;iRrU$<IDxZ2Yy|XfK+W?b<u3TN)6j+UAa-hQev9<c|F^(_U=NBNNqL1cI!raSIpo
zG=yJ@FAgOt{&T)+{Lu8uAS_n++ayuCK$D=sNz>qS_^TZg;~Z0NGnpWTjOSzi{FKKr
zP{p>!?6LznaIxEk@a-xmBx~N%efdEOX}fhOSW)vaCD7vse7eG^%I8q@IDQBX&S78B
zOTTFl&;2)<tm@%-T&0jyU>(uv`ngOQKx5!3t=6<WJ_e0&9Y1PE9EgcWWmD?3s0$c9
zo4MDBqf*2+gkUaA85SrkY+OH2SXe+QuQ_-V<oN?j?+h8D<1@j-eT}O6$624PE^$$^
z<Js3qS5mO0AVDnMEJy4g1Q*ymls=WSt`V6JGFdKRd_}>l63=iqFl&9L%dN5$eZ@d7
zvSod>w~o!&&amolv!x)pEj)wcbnUka%23vrGq$Avd)V$iWx_n=hs!r(2b{y;WFw4X
zd7qkDoo%mgBQRBrxxS!i4}Z-OAPWh-66_C=4ypx9e}*Lf7~jXYB)boBI>KxEbp^J1
zlOSWHNZ~1ETw}i#2vkvf``VMDI}6-xGN-p8R&oB>rKIq^uHW%4JyB9bxX+MpJ*T!(
zxk^b=Y~SB7=V&r~zjgGo2)39!FN;fSlfapx++zMa;6a^=-_ES*gysVVCv8R@jOl4r
zQKv?{Iu_<k>|EF(s7n38%|)k|OEdANcr2mHEu)UsI-6WZ1JH465Hwb@Mm8e<JC{{m
zU6WT$``Tcg3)AJRhGr5g#qo?g11ptC>75D#EAMig3;(mjetq7qTF)1RQ=^%)dZzys
zXP;ojta-7$CiY3NnDuZDOsm(Sn=jz}E6(R@^daoZEA5Y2PMC@7b~Ezi7H{yRej-}B
zxw6ZxeIE#X|5(1y-}%G$OV&m{<U6+p>0QyEu~RxFuGy9@D*2%T|Iy=ST}fQcN!IP1
z(5|&o^E^luS5{XX#<3x2H4?8j4)S5U+(ErxzYy`?`zG(4aJ~1jOC&RAp83pzYYw4U
zaPiGrzk4?m@=!?xRiEz%u`J4Qnu$yE<=&PzHF6yROE`RgYFSEqU!?kWNqDJcQmN)m
z1j*cvWE7f)Uf4etjuLX<6Ssy_Ne2UdA%v4MWK36-&@oHgU$D-chAKK^kFaxVFTGT6
zUbmh**;mX~5go&3D&#7r0r!D%5i4!OkAl8FzNF0}!}6I4=I9L0BH?V(6E3+jr~s_6
zcrGQ7Dyc;&krkU)z@g+a9TwNZLw|AoP()d3%89bcFCVA=qK!_5YXcAp%h%F-#5`k!
zp?)106VSrqeyb#u(`h&;C6vQiHOj@)mdm7wmZ_YTi2s~q#mxPh3{am8i?~&4Ht`C%
z`2BM7mdpoyg7xlklI=a2;QSF*4##ySr#?V(F{5B8FU`Ecw34%wF6pu%IiE9E{ZBCN
z6}Or>G~G+iQ~-J5r8@a9R;eeEenn11NBr`i=2Y-&nQ6?~-+#{He?OAl^DJ?w0pmkw
zq=jcE_Yd2F49P7X__{+@+j1LiF?h2|<!~mir;D!SYmsJ^L54*z1C7JsERj=+*E$AR
z0QdH)>v=@lWl}+L8TlJhR0-|jy?)T|6V<H4N+zhzF(ysJI_yei8-lLJmYNFo?GBOK
z!tX6UXjR4520KymNnYxb#kw?v&*(*!Jc>vr`wwXgtJ*lVp*v~th$cNIqv0MuB4991
z`gVWsXdkY9;-r%^4QvNLt)oD-?79OTlcR9awuuKchCcN1Q^p*vw8hNfJn722fs@P&
zp<~j6Zc3Za3JHc4F><(rI7dtw_AaVf{GOMS05_bn{@u|)8SIjMe=2WI<EH1*G-l(k
z`vHj_5{tAqMM{Wl2`V+S&acZz(SWSdLz)RnyXa273DqR$Ve+)9^4ZJs=T!h+mpkgv
zQre01mX1}I#6I_#npGF7;#otre!t{-6{NvB|4l<FUrbhcP3yVA{ObZ`!8GTstV+RW
z0q#I`^8euInxZr7mf*w_+nm_8GqG(u6Whrb+qP}noY=PQiFLpKu5}*I(>}Yq>U33i
zkJnnQTKb!G2dE>87Sq$_E{`*4J|q)_S!OKdwjWpaX!NY;M;%WDH4I9V8=1vLig2;r
zro~c~LY>DOz_dT#k^rzxhMW!2UHQK2X4+Wn^H+{wvEcr!?w-c<??hz%bt@QLqVbLr
z#V9Mak4n7ZTx}oZUkKgsQHu5G_#^AXE*On__*1mr`(Nj28mja1i9iQ4ZDEaObyJ}n
z?S8Vk@&XJ>Xy`QD91jAGkB5uH>(~AD{X`}6`~CUD<1qFY9uGhajoRyaR^CaWAKEpb
z=B1~r<ICCW`StkzVrjH<qIWB6OV{V^<p|x9Jr89q_SOFyf?smr*1?-}ks)hO>7|<|
zs9+cYXKpDXI<;O`-Uv}=;>MP@-MhFjf!@9ytGkj`y9m!r-HbSq`Q0S*RNxlG_nuZl
z8xPd8$3%ZBsSvRDhUxvoiqY4j_8pevZRKUS-zh~5QgbWgtQC{_Q|$r^@l9kP@5eGk
z9lhUU|Bs7*%b>tTqhQOLO17v5*}zok|7g}3GYYb7b^T(}15t+&4r`$M<024p`M*r*
z|9HHyXVdmr5Fr}Y-ow@UU#(~8f@OC(T6MES(f%R}(Ecd?#TZ+o&)gvQAML@J!PDfx
zkbW776k0|AX!uvVECkKS?~=z@Cw-;z6C|zKbr^pQQnRE<Du)i<)W8#?k=Vfr?%T(%
z-WMN^nYv!LBOcrAYVOQ#YtY;C?*;NQQd6Kmt?lhl9QGmWTS33@Et}8v!{fu?gA*|l
zIb8#wW;;`2aqY_@eoeAr!@)K^iV2(OMDI=gOk?4VxqmUi4T77nl((E5Jy`=Up0T5c
zHtb~$;FGV(#nHmNQ-HC~o{A-ekW}~D3gB7D4d59iq;7Lkn}%@H>(5?z2h$<EiRIyN
zJ)G7o-bv@NYjJVMyY4z}kv-P7H;-@IorVCo@mpMX)mV(Nr3`pxF4<T-6r76~wAFLj
z{C8AA=PY?sQ>snvnzP4Qe;y#7$vN<jcdiz3?^C1F7XsyFtB+YmC#Qx%yI+kM8&7ff
zz$}X12O{Me=kb^S)Q3kIL@6GD>A#jE=VKT+S(5Y@|2;dU4Aa%w))B@@Q>sFnZUGQ_
zyB;m@3Kv>x6Q&4<3O=VyTRzGagM3@5F@1b2A{u}S4In$WOu}#(Nu<xIZ3vIQKz%&4
zmS3kUh+Y5juiWdE7>2qvqfH%w^NAo|s@rHSRp^X0cdLcET?IqS!d4jk_4X+^OAm_i
zn4jOfmzc`{oVB`ayG)riI5f;;cm`lU7zjdU;)vpF8i*MahCD$1K9dK7ti_kH`F+XH
zOJGofy3!Jb&B6yO_Gm18ts!4F@}xL^^|y75B_1v(`WF##tH@&aiWu>4ky24PgO*ri
z<hQE$8qfXs0n@mLhBmTM_5Bhy%3v`0j(+65p;mi>CLz+h%sRT?@{Gh<FZzJQVjVnQ
z-ju=4s*>ozr^k<>p&c{^5w542pwu)C<Q&>Ekv+;1d$h#xIl?vg$-BGPffecF+<}!y
zsgD3vtQEH_eOR)QUo=efo${MLSMuR=n~LG_z_3Wh%CwOo6c4W_M+2gk6dVw>jL@W_
z0@aLwWe!Ibqbd-RmN|V|K!s$HrG;%x@9KY5(6jn81~CcstiA8ZOi%0+9BRzo3^jc;
z5Cq2sy$_&hYd_I0tfr|Ch}Oc-ulYz;WZ)$%9zI7d1+66X8z;6(dwt{Muxq~-dN-k@
zJw7&;u5``2!(iAT2>==$*${e^jJ>DaZ|l+FKja9FwgFo~8odBR)+{zc-HHp&Jf_*2
zI@nknRrKl^9rZy!oQ?qbQE|YN8rxXIQV25N4aZbc=!*a)wX?fbx{VvgkeWxXwW%B3
zeY5u{nd)E_8eayC8QwUU7-vTk<wW>BPQp(^TKa5Cn#-YXnaF$8@HmDW!-$bno`U@{
z14*bGc0zD&XD9$oG5(eKRp`o!eIudkLTvdowC+`Cv`>PgR<CVjWT-*fzzb7=NU_{3
zmrp~=FN#<keSML!LiFE!s4lirh{->~0E8H~ab8<F_esmK<mt6$nvDA?qmUYrlh~Le
zmkNA&zl#eEBc=?a?V`^vL!pIdfa8h;Sx^6{z>IWbViN#3g2|`MaZq95FTLIUN84<p
z>@_)m2$@JJ8obi-I)i#d3x-5+FvS*GnyQbKtt)|?BwtC)9bd74^}zXhln1}0K!jsG
zRy1rbRb;~%-^=)F+*WYup=)zYDYaRC4jb=R=IA_|)@t;OFog2du8$qu)f@)cH`^Uh
zlzo`BSr-DjQU@AdkXHSYZ8|Z4GEb2VDZPZI&^SV9k`0~ee3rGpf=3X(0y|6MPV0~5
zhhkA1bz9ZFNHG0wLb2};e_sP-Etk!RqxwnXy@P)iT?NF6HkryvyTE}9%ZTN%c?GUB
z)mrs-uw?F#aCJQaAQ-+mPR4%bCpWcYS-0M-k68fBi609ja=#t}K#0Mz++f|x;E+NZ
znPb`P1y7=1-;@t<#hoU_Txfq0c2n3^t!wzd>|f(1LG3qha%^Vnc7MBjw9+<PF9Q{u
z3}b0Kcx3dhp!?i|3|2F0X-woVQpLQ12-A9$ei2xOeJ{R_YJmI}0-g2y8O1~cn2`Ys
z^){e$K}DbRMJvg+9{b!MguN^XQ$p^z5+U~0JRJVXKNw2dxv3K1R}1aj0%HL^mJjg>
z(+MLHv+48*$1#VrljV7+3GrzRt6gk@q>C7BUt}@l8uf1Gk6wbXbwRO``ZaX#{BDDH
zZYaseA2(!wF7L9D!-V^pES&CwUaeOp^9-2YPp}Q1SjllgoZ>o6<qQl?@<O3pxk$l$
z!K9zv%r9tv8&LK3v9qvk##{k@vl<Iq$?bO`rwck{(;A2j)Noi<^}KdrF()gj<gK~Q
zgy=DcxmGed*U5i28<u>+Z_64&J1}<5?Q^a2f&H}#9Qs)$T$l!5!@t}9^(7(_1OOt}
z!TjtW_!|(=2l~sF#W<^;jXhU#-|7PHKehj<zHu?GQe9Ak@p@d$GYv;;x&6vY41+s4
zDD4mC4_vIPJd%*_`Mm*I%urjWgvCWG+eq|S+E17TC^R>_-Uac^3Dk<v5G`jS)?A`(
zZ1EUay;!+)J?}d}8@W<LEFt(H)&Qhk439r9=tQ%ibo0on`eNo*gVOK&55m<}gHv)u
z@nD!@Me>sCwvMFf&d1$YwCOr7UT}_JVLrv6HO#Q>79Qkxe*f7WT*($fO-Rl>XCgO~
zA3FqdG|Yd$42%>OejjeM4^rv0t5B^D0W{9Iolu~=ntd6cLxCdxu9UP4YXR6ggC|ZA
zi66sIK{`zw2vceY`%K$27{+IBk)|<!g!TOpOdU5ZiF7Jq;^DpjW5~td{vf*Sil{$7
zkWka-G8%Y+1DpC8-M!bbG|iBkci*|+LFRD-wNl-hmeh{XCPzwduj_w-fW1;prRqBB
za$#o}6S+<Ir_Z>=ZA0w>dmhkv4CATp{yjP4iooC1d$)Eqv_N=?DSb5$CdcpolRyB`
zZ+(g<m`lYnv@qT0faQ3>-IsNueO+RJ>n^A5NXH6nqCFavFx#i+{qe#s_1nwbm^1DA
zi_626`QX^z{`K7GY)^ecWX)x;6zz<O<w*QX;m!n9#+%C@8xCw$FAb1UiAHg;I+?62
zE-zX+Z1wM&b&Cob4^!Tgl~HazE1riQuQp#Zi++^H(?t}uDXm^NIGZYw)j@*QQ_Ib4
z|CflFGSp`)Hx_p^Pma|FrS@G_`GKeLDTk@{=xq)U{5DGNL;mkupFj$}Q0pt_4L6d&
z&c4qPeE4_65X1v7a%8|_g@HHQ&I&KT-}az}`ThdvtJ##Puxn~eO-wu_0xj;gwBe!w
z&L#fx@U6}(FYge|>J}=_+7eE1{1&oe=kdUiuan)PZF6huf5EZ%UvT8RUeJ*PgQFQ3
z9G2<|ox&xqz~I1(y2P*r9{xPtpE~0b=l>30sbd)iAhkkGsjHWC4f<>(XD@VDt6$@w
z>p3(Ar43OcEVIImBSSID<h1D*UkU{aY4IrD#51wfKyS&w<^&!dsgZUK-#d-JP21R;
zz`$`gn~d#G&U-KUHRVezU=>|~&B4^^x4)wm(_j4EKKpOF2{LdVQGo{uHRfF*Ayk}6
zbKqPC(4`>4(4Pl_@JSkwW&ob(v=LDvog~inYQ`!)$Vg#+%=eT%GllC0qaOecC7tqU
zA(6(-ZaI!D(qeH44L_Qo;}8375taytj2zg{>C9<JDPikm!GUGRx=AfFzRW1S#aMDc
z1uZ{w-^&E=lu=)gAl=Z{U~|V!nPrM1O2fhju(pV@M>W7AgA+rv5#Ec%Q^&4WG$2jQ
zKm!*E&c2BGvqza<;Ng9_Z44T_49LNqC3zQ+iU>8lae(22o}`YNiGen5#;6I^_8Qc9
zAnf5YtTIjBK{uuw^Af<a>K;y+Z0^$l>aX=MQ7(V6tYpg@ct*6G!T~xmR+1O^EDP&^
z7Ok1MKh5fl)vo<bjxD?o0v$jvRSJh!y$TKA@nPUqfaR|xOG5Z1ZrErCi@Jf9+=V`0
zyn<k5bC#@NNIf&+jDf`#X^xNW&ygwAA%uJLCJyDxilA`0<D3Gj2_H|XudL6c-`fA~
znQ38v8xr+l=p{XA+y?T`y{E|TA)*3X{WY!er8Pi;%ZcBsILi_aesi+H{<{NLlMo8_
zamJ6n-ZjVz4Iv09hrrN6$WW1WXM{kO8@2h2=V@kA3lbD}XGhIPiBgODC1}jd+CsB1
z(aaBNavWfc?y3@uzl020_B1eT<z@H7@(Z__;zx7UeJ5zye+fdcx|Kem9peW;ij@9`
z3P>ITwjeM=+&30#HQ)%)zcdvc#bEQ>Xjhy6%;l!pRW9|DZ|9<WASc<{BexaOui;bm
z>>GpPf$;c!zsQAiFH)!hw+L{UQ7xg31<M&qS_|Wao<)5i5Iaglc$L>=>u|z7?O!wp
z^n=BIE#@LUAyE*ZOM2GEu%!UjL>GxoT@Ti8TmR<a0Yu>#sUpk4bzq`9Vxs9~MO$Mx
zk!Y!K$?vC*z@MVBOkNqq+BFTOPRG)cK=A2;#5j_$6F8Ai5g@g8miSOdLz;Z=IlC79
z-Grzu;CbQx>JKUq3{tNTxK|{dgLKB_p*L`k7A5)*SV-aRM}japcDexU`q?l^^xn{m
zVzEG#2?sJi1l`}?9z(j-hO_^i7s@!OvSnVVpxFwl^E>>T7*MGoQmr(QHQ$qJZRAj5
z`<C56E!R?e)s<XI=z12eSk@LF(}7h2*20T`FNVrgEGJQSCRQv}J|BRpO5<Fo2`#lO
zd4}Xwbb_k5z$zqTmH|43(a(Yp^qp=7L`VM3<6oAJ=6Kg>Gt!u-Z50}-vDP(5#<p6F
z6r{7Z6kAELH+=N@&<>VUz?(roetLR+ew|;_d^8nPFue9rY>40jTXt4L_2bKvc2R!T
z0^K1#VD!U;e2q50WEkUT0&8#YoU;=qnI`=Suy+a-Q3mktegb%rz3^t%guL1U6DaK~
z{3r`;&;)MLKHdoT>w6b)_n&vwT^LgQkz7s-Wu84G-Juen%<sD7f3o$%bL4s5b>(yQ
zbj`~KgdH(Lr8BZ5PU4+f=+Va30TMJn$d;Y3J^t>nGL08*_H<=%?=`1YXIBaI&uT=l
z9iW9h(N5@$hXbx9T>IumXxjE}AN`&}*qD(2wo!&3N-LGs`Jcp4)&I2o;Z!-`>%ceS
zVmvfb^9P>x7rba!AT#Qqe%BA2ct{vlLKa<P?vk*dCO#aGkZm=7J&i;p%5q4*3s`?l
z$ixtH<8#l;PR{=JrRwn4)qQWMG9xYn`3R*U2=qXSLzo4;r%#8)F8ooiI{NztRV7hI
z`GVB`@i;<BF!oQOl%+04hPNeT9=q-Zxb6xLjS@uaZLwe40Se)f(`nMl!S`A6)UtAE
zWVZM!pq>EP_=<kB$mMxN<7CCa%cyFCx|haSH{sbA>%#NGH{GgV185Me$B252!@kH+
zGIbm2ShEE@w7Fj-i1C_jci1%N{Ia{M-mUHqXgxmuBTK3O<u@~2Ezse7%Xb_ZTz%#b
zG@GH<p&MG=SQu2^j|d90X_aqne~q_c?Z*ykIXQM>Oo<eg`Ewj)y32O@-E^MN-{pi{
z&nHaJ4dBI&kTdQf(J_CM4E9YT)E3caZnlJt>@xtkv76&7nUP~ynmC7;kod}IA2h}s
z&V-n+oH#k|MCyquti#rbJOWaNCmHcW5^e@%@?Ppiu0?cS{Y}k-pne*Jk653MP%8M1
zliH)78`T&`Vp7JSw>t+i9sb%WY(wuTGZyso{dNt!F|6|H_yo~{7=Bz3f3I4B8F1kZ
zs%!<=Yi@4f?qz)6UWMD!Resb2SpgyRm(B%Ui%AW{9#F3sP(`W{Cf5N%=m%a+b@Pw_
zeP44Cd@Q#8|Fct@<q~>Or5YWQx?b4DJ&%~pf=&C3>+E>HPyg4-F=Q^#@^ySjaU^O~
zqvi5726m)lY0;P<5O5V%t~niE^urynt^oHhP)t|dS0j{8K^?|nD%)$yKvx_SE|KB-
z;H6)^i0N5pj|{qw`Vyf84l(h${i+~1X~H=)CSNRP15dfHkv|)beN@e_+S%?*CYG+Y
z?kA_3^Ng@AaX6zZy+4{}Qa?IkA(YHt4JE|t5h9ksW}EICDQQ}7k~tpawjbw!J$ao_
zggxTZ0DVKM0=TWiv=l>x-@E7$8T+i(FWUje_@tu+wYE?9t!i7iW8*I^SJ0+(wcj<2
zR)4PF`!z4<D}hC)S>Q3{ss5-IhSai>PT7iIE~$JyDA1C|y-#ajenR((F{x~cuwH^`
zNX}Gm{o`jFB~uUY+iq@h0+|ia@?3%`5EY?07y~2If^LqX8RcNH@T(N^niafw0FU%`
zMSM+ooYI49L!p`rp^@_8&7)yiE*^C-&9z-pwpKcZSr*lA@_UWpzZ17b;`n#Z3E3Oe
z<xN#K>>*SGMO3)zOq|u{;mz6XGLzFSsz<i09k&1$lke=dPP7J*fFlf;$!B4Qkz*XO
zqZ<>*on{`9X#-7-A^yD#mRTr^eWYQAC(okQVKbwVdyp=k-#V1a{o#+5Mr*N(_MN2_
zXKl^3?9MGG8}Ug}cSto-%GJ19g9&#ThNWS1C)M5}0LlK%wuuR*t@WLaz1pz(Jk+<W
z6E@}z3rUWG30Gxc05t{ZTTZ6s%5<sL`zFK&)n1MfkM3)!S#=UIcvSsarAJh^`7tc}
zUT59~BH7Q-E3ZS?gTa6qSPYe;<+B6}Cx%t!%ZeofXLY>S_O$xCGz{NiTCn%Y8KTSH
z6%A+|lKG8kdJKoN#4PoFccj|<``b(R^BxA@tJ@<`;PdkkC@=!tJVRVX8*AC!Li)>`
z&9;pf-Zs&SxeaeL(6c4Ul*SSh>PeYWEer4qql&&c7I6MHx;imXjb`kb(3jq7m~m%{
zP#xd@Ez{{RSxc7gVyoKhAY%HAacsZ<C8ZBTaiBH-y`$~BTX?}7ca^X;9JOz<<baVk
z!2+@RvHI^`bF2bzE0zApH-U%Z>x3`cFYyvf3bLNn?y%622-EptyQ)k{leyb8M8AT!
za=51rfoM`}|Api;bmlbRt)8<Z5=Rw@I%TiluFhi28o!wp4~sa3<U5dtK>&#kFBkw?
zPEwj!mY<D>)=emYg7X%Xm`p`ceJ8^6wOa~z$9NAZ)|Lk_3k<rwu^+11Esss&Ut*eP
z{?Mg~x{ZMrT*kanK7R*`d$@@60r^|}xPvW7Kj9<)!*PnNZnE`99I*ok5$q3-*&mL&
zV+nyLP4I4d;$lRpY=?@df2(Pp@SshM(fzH_z?m69J+AKR+3*2}h=hg@Zq?choPFn;
zeaaKHVnRfKa6$H%AVFrXik-L<;Owg=w-Q3e0bEqP{VJ14Sx(#uU3c0lv*ij~3TCRQ
zDml$5@Au(;8lSC`I@du9XnYshq5|x{a-wDaWjy>aal(EmH<XmA|GvNf^SqNXb1Om@
z#vy40?a(o#oj+xlB0{F*&r?dBV&B<g2ti~Z6fFUOjsgZ@;{j6*7I2`NjQ3JvbQ{$N
zua7IVsGlb`kamMs-J8IOe&7E7^&q35?OuY`=KdG80d~j~EtO-9s*7@%q2-;3WRY1*
zF!kr$@8GhRhPv|Qo$~7UIG78S0dmCm2l2INiYldWw-M!M$VoJ;2C=v~;(CYBpXh<j
z%$oq7oON%cQ^tAaD~NgiWXXUov2LH)UA93-mL$~QB5gjoUe95~$@%1)6&&KAtV%^;
zvANgB39`Hsj~f4(Iack%e;|Ji!Ap2gh7+9%pefE9%!7xA^M90>m|&kiamWakCY{}~
zgzS<fO65*L^A8QD-rharvGQN4l0lh)r2)vXga-vYEYCH2>b${p;iqA~G;e3vUiFRd
z=*#N`zPNf})-k_zfC2n^@?QW8tmybnc*A~Cp<sSA?&d;G39Ka3cHYl?Jo$)^h^DgL
zDmu;m_x0N?oX|0CFmzbW={-;6t_@Cx^_kIS5qX*^tuR!Q$}ApE%P6BPL16$`f_Vag
z---BZ-F}L+NUYTAa2c{IDT<RB=`a?V!xN6CrVc1v;=c}%91#S`qs4A?EH*gnRMx)A
z?)%gYiIYru{}Sb{?0|lQ&yQ}4q%M<Z*O%mT_`F~zc*Skf4o5s^ELA+372|v<n7LHQ
z`~WLbE&kDHcy4Uwk#p^x_=^ru$L}~aDCqV9^32<Y4mqQc#?XHWhkr~<&{tAd#h5hC
zoHk+*!tw(;ntlK6GwNq1100I*EQgE1&&bu<=i77~C+z3J?Da5s*(ievD%4})$bOQG
z#_n#Xu8AA4351|oy4=o|DJp{J1%)oN=ztzqm<Tr!wAyxe*_}<o;mmJ<<xS*1UG?`g
znw{pgSAn|~Jr>YWH4OZ9jZjzU3M_HIkV^TW+#Y#PA{lg@(E3+azqJeml+~JMn2lx_
z>r|E&V48rin0Z+Xb?eb_OeOHJ{IyK|7eBspc`m+l;x_FVEtGw7>__*t*+6S|V@H(J
zfQFvr#lS<aWD%xxeFosfaDUL$6Wc-#BfanuA0Efs7jEaGmLE~7f!kEgPEwjr<0x;l
zV_<MP$6sI``&h&0=m-Yk4ppj|<N}uN*(f}CW%%2ut-<eb>A(PBgvOM4@yxk=kZ;d~
z@{_;;1JV`!9G(0GIa>n~#1z})kN9Xzuz}HSIbKBW3sO<Gz8K)4$7?HX4jR{e4Csgp
z<lK#%R;=8g{bQ=zHA#s4a1lAk$w(Q(8tF`kBBSHU&}C(`)d})}Kqj=x;o`mZ>u<;_
zP!df;+;>Gjeo8mai8S6m;$-s1ky))wfyTf{yA5MBw7MfGXcmy+>=jwXB>(RwGwlIy
zauD>2PWHGr09J+)1v9O#F9<3c8hDjo4F}lRMa3Z@Q=9h`1N;BG%KZjj=vda628`y6
zFDxs2-LtzV`D-^5!+~dar5FZRpol00)`a*3aG`FKRoO(4VqpfiW)p14l6mn;*P~fB
zE1%1uYm;)Cy1*^R+6YQaMS9H@+`iJmUB?7DJlz1?en#wec5brE03G=@Q=L?S3XYo%
zBgX3~#v@|pL4ui41)>2Jd2p_Nw>d;&w>KtDK3(8^JZ{0(YQUYwtH3~S8Wzk^U#wGU
z#a&Ms$yQJC`kttwaEH5)%V1=Muk$N+RhEV0_%Z7wa%KuM7yQGZG;`zvWv|8`hBo}u
zTWEmbN|r+34;bk$3Tc5CJjlRTVXi8L3V5TVpDZ4uT9UldZfe@1DTA~Lv8numfbRfg
zDFYEPkL0yY7x#bQdifs#BMTwV#SW!7z=gDh&XG}UN4qfu-flQ@IT}1)c)2{kj;HAP
z-)Rc8iF*`#Ow}TrEtq-SO`kSp4E7IMfc-zYp(Z&nqF~a<kOHUH;QAO|B}S)6?~l7@
z%uTVTQ9t2gIRkHENdm6hz+ClGt4*L=vtGK{OWEspemXY*+I)HkwgXL2dKi>3$_qX_
zm%i^vjwNrFPMx2SjOB5k7R90DxF2gN!OlTsE;m8HY%we{<UF6XUfjCXiFQeT_gw*o
zJBOdXkZwPi?e%}U|M_$i>zi=gK?T)wf+BvPL#mU|A=(86A!G&BQ*Ss7^=sXFA;8Ae
zTdotI3T_3`l*55+Rh>3v`@O98Tei!*y$Oe6ox>g-$}9qJOUY%bJVv3t={cc2CuD^n
z*&!^7RmP;GeZ_)15jrfn%G+q%kySuA9~I~o<z_~k5MJ~lu+24k<+`o#KwiHvv(=wK
z#z!K^K|Cba;F#a<a&OFjk^1$HlMydi(U`Fg5tIxWOmyPZQ6F3vTkdSJF|jUzwm3lX
zV1VlDQu1D*3D#(I9v|$DvF~Ik4yLe!=x`qFX>Wh<Vj>dvc*Ywko&O()xg+2;HfV!M
zl$kR0Xz$hhl*sHA{j`wDwjrG#oasDrmOek-^wb`xOV@zJ{9I@h6v3m%r2&=0{IC-K
zTF~sGzP^kFOabnmhI><%0p?%Lw9kBZwQQK$%sT;q@F9qA>X#LvhgughY2Od41-7qv
zhgws3&&5rviwHjP>m}XcZa@db^LV<KZlCRGNT7B5NKOzu&gHQl{ks&RU^CtY#%1KH
z`t#{(D%>Tl*p*21o!@`rAqyf@4=2lQ(@E*Yl;V9?J)9&82Z=IN#4ue(<EG4J6J#-s
z{<gvyy~$=QZ0;sp1~KM~EIyqYG?g`!St@>!DCvO01hs6&swh+%z!)lZ3_(f6IfRh1
ztkK+H^?2dM!>r4`;qT8Hbi^<^D>oaF7Q2C=tJ*OPP3t?12@qzxzD9?NHo3Wp@UDYe
zx=}|4ii{q-W;-tHVQ}ZDWLQzxfsk7Z>q{A~jlbiz-~-S?xmk`+QSi<i#|R|2dwtO}
z{T90g(bXJB6!F3%fN=Z2f5nJ+fU-jN8;G|yk*W1t#Na&t@!Q?y^<&@t3s@JNSVOHv
zsRpd{E_O&*iofExjCns=i%H8el*1!@>Dwx^A=J8CZz?jL7Q#cA&N;v8V#^!rH8v)1
zEYhj_@86(Odrv-KD|_TgLxM5me026~ADFQe(I4QF!F!=d0OWP)6mi_C5RA#HRVD{d
zC>eh)^(3e$-jhj?+z?M!m~#)A#l}u|`Nb{5$1MGe%ScapAX+Ut{fAaLR`iWPw0cAf
zhdtL+m<cS&`46qiPB1z<Nx*U^*8i3DpZtebyN#_d-cK;M>23y?KAb~r>7gixm|N|R
zdh|~K8AO3*f(!K3#5(hv)4EcuEq7baC;v;YnwUHCH|LT#KyDj<RC6g=ZuZNo-h`V@
z03{1)5*77J<u%2OBguweWa~oD-~j=tGLotxr{seXnu?xep;BAbGWuQ79|IieFRJwW
zM8e-oGOn2<meKw?+zMGDm3Lw)rQ3!a0V2$RD^;b-Q`9vd57pQE^Fx6OfIOa4tT|Fo
zL)M)8QF{sl#fHqwgbrA=nRAq2k+_(6;9?PN`rT3G0XI&x&r%sheHokOd<Mo6Gzv1o
z6{B+QEBaGoQ;2sUmNH>a`szogd#rOHmt!eE1p{n+u5_-GKDJSUE+tn*)gO50@G~kv
z%DbA`pC^Z&J$Yv}Y+a*@#zj1s<YeW?QOe7gq!NO|*_U{q4pT56>$O#KV;>CBJ}w>r
zLlx)5<ZT;Ox8WNJeyD|J+W;D_<%IZx;vkWFTI+o6?-5RD9VDpjA43jO7)FJ0ydq93
z{J-g@7G$kF|K_kQAUD+-EWpD%i%s1Ef)tyqqQ&~vW5a5nFzmWL-w!GuA}f6EmVk^u
zz4kxG@9i@6*frU@TS@HDuMXSeIqU5LWc<b-+0`xa;vpKTY!`|o%Rr!nL$>Pf0IgrH
zgfN=IuFnzv<BjyIP4+u)Q1JW92>D|3Hc@^=Jo{t0OJYc?c3Qw=H!NAK6@YOn>_|N@
z!rF%jS|Wx(KXX)xEOgG#0BwskST+9AFnN5*G@%&|!C<Pd_ZcL30&MtZM%T0N;kph4
zTiFk8yA4bZR_LNp3%gZP+kb?O|J}dF=_-8<3z06}^S9<H#mOA~QuR;D`cg#;?I<q$
z_Q|c8McZ=?kAD{m$u8?0Ccx9u@8gJdIVbWuBs!BheTr5!%q=y4uMBzOt|7J1j3zWX
z(O^J4#J5<p)cLpMoe%gbx>4rPU$-hbqCt_l<Ra)QziviJ-kL-te`Jc~69>J>`k=4a
z)4$)!hP?$|(g~;Y`KB2{sFO?ixNMW6YlXyN!IpWrWR%jHId!cG`GCn^G^~Gy1I87^
z%j-^<LAYy*RM`JjHNmqxQw;RXG8<1Jni1(LnqADVqWhRd7+D%$#}e7ORgtjP)X9$l
zH!fQnNOGiO1#kT>i?kzE&$JUB?OgLqBPf=Q=36N7t#XM8gV4{*f8g`w%83C}&%6o%
zBSeHMVf*v+Rj0Rw3k8_gc)bb-V*r*k@Z5nVjlI4LTW(-U0}AM)LC~?^6+Z3*mNf9X
zVXIaz2r%z-*ZoFiyjyEmok)9{Rfk&DfD&l<O=<tGI&ZP$MnfvB*8+)rb*Cl7CE04`
z-J$>Bb}Y2-fgBj&5cY+<j|S9h4`+rq(xn@iwx$Oi&lk5G;9v$M<f6Z$9ZWfQN))Su
z=t8CK0D*w>n?00naQ<(XuMxgy>Br+1RpsL?=&><Zl?vNLRkq;jyhN@TPZu?qPOYqm
z8%Kxioj!^)^4nGE18w8_sR?}P&$Vr&ajT4{6jU3uW{*RDL%L_k`C1{`%1h8mAzjPh
zCGsxuXe(VXKz8N+qAF_dx`%SLWi!FY6#q_kp*lzwNWhHTW%<nPs~=BZC1cz~I%O;9
zlv!btFpLMo@r6}x$*EO@YAx~KR2jrEsvOG&oza|nyDWL<%nyjRl$k_ZP2n$Ymstvb
z<AU-_R{K%VN(9}|MyMIl$o0!v(WCafhqoVtsPRdO0JYZD@<J+a^Lz|9h3X+0HUk$X
zR|6Oy;Q>6xns*lF;UmhmJtss$67j}ryL?q!71bt2F(~8($@Hpdrn7KH%93a3RoQJ6
zgLbFBAa;V6GH<LHq>4wqbWmdSw5Kpe8=Je5nic^Wo?f#J%o5%I*zeVU?Dx;gCjDP;
zSQ!8fko~swH9<xH`9J$zhj%L%7qdxiK2cQO_>cXT+xVb2S7R=+n_EVr?G6Hsf`(`h
zj_o#{m*v44-McMAHW%WfHpAiH`38<AiR4^hAi+!sZ{gLOLdR0}OtXAB(Iu2yYn+&b
z8dvD-In;w#>SPi^3LmKHrNrT{=MR7&KCATnWO?r9i2R<_FZ6Hk`x^tl5~mT8&t~8l
z6e0DGMg;d_xI}C9EhKOB4U#pzJML~C)5lhQyi3frtrH80u_>OFMe}gE1o&15ifZfy
zDU;Z}s{Qndc@q;{f&xrLBXdE~q1}l7``8a544tK)Z$~uP?r%g}Qu+BdyG8&um)fKy
zggdREY~1dbL(=IJz|!Y!^)3I_!@o84OrAjl6)E%+aOxD-W|~{4s>DSG1qrU9@o=}K
zg=C$LP?3V70WT46dp!7b3}3W?wOk|{=CD+aPgszXfj$^9?zirvIZl+%817WK?+!v;
zyDHd(D%e%(uF7b}NW%1Lc~F2`0(_QB;4v8lWZ;T6zjfMYIdri(0zjcQ+L51%0-yUY
z_~xC?26>~JN!xveGZ+YikTKdE68fL?{W}nuUvMHRIpEap8q0?@WmK4L)F#-|q86yJ
z4qI5kS0egxRM*AkD)C;qYc(v3fAPNjkevsFM7WOkzW<y$m1^6ckn97dABQ*Q-@e)&
zJ~Ev2H$8w1_;~t12JEKi)JgI{*VZVZV}BCBL&)m(9|IoEZrwH|#P-))ZV;Ev12W(_
zR10s-9hcrIk4@Rz{Q#CmUCsxaJf4#4bVF0`r%>zXlflF#38m?l`L+kiG6$ncgEMBv
zyM{jw1fEf2MXjBHdHrU~p>95ol~vdNoXSkey20uVGwqnwFcnpD{(Ldo!6nsTpCX9^
zPr`1U0VFawe`ElwF77(okI&W%8utC130@I}x5cJ_S&8VVZw0jEGb$bTdO~y^M!ty_
z+2?*k;2zp##L%;eQ6JlatDK~X%UmTwWgMc5dGCLig6XdS(_;k4dEObUvuULEH4grT
zm*;SZchQ#s<6i1MP!4<qQIu9L9H<yZu45K>ncu`AHbT9F=%@~Hs3Ng2V4`q6=(n@)
z%IQEEpu&OT4yP<g^bjT^PlR;L$!0ttpes_AwsGs%h}!RrKa=B0K@OlvCN-Q5AAViX
zZQI}#<no;W<L&c4ud@X@FMO$(73W)A#Z>dh(({)Ni8Fg!rJa1uqBgd)byqYZHccK+
z>BBIzZPImA$l<ij>XLN_gNs3Cp59mQeonKn*o$K<ONtR;Ne+?ZHiD=}Nlk>{8(JUT
zb9hTt4Va*oGWVvh{R280Z05zvn^RQ4A>>iqhpY}@gV_uY3aN>nU>~zkh;2WdGf$wN
zT*ccvA6{2K!@!>Ul3SzB0T46-I_tt2l}ARzV)1dxQgp6nh?(OOyVqp~XHL+A&y&0C
z4U!&Iq3P=6;Wav4Q+xblb#vQ-jaPzR>?8<bdN<>EvU++D&fr#1U+a7SI2Z}D_Uj>1
zYs4Gi@pwE@8Ef0el)6%vC$vIbOZ&q8YJVX>^h-+Pr5-BvXyu2mwCU}Jz?GG11&urV
zBqep_<P`Inzg+M7ymoiZGEm*qYGkso{1lp4)XHvAT;T~6>b6pXwCaYqkfTy~wh!Er
zPc<FO)cB>3BJIrwsXbT~zYyM$#;mpuMQa9V-KyHp6)?qU%~GgkNO;=}IU<S4+PU*k
ztrbCtZkZ(VDO|RuZ(Fcl#M}&zU`f?3-PX0Q)U~1SP_=s;s;mHfea;AcBP5dwpe_2M
zB2Dr)<5N9ei-4)^xjjmzr1o^-gc5G9iqs#kSOEzP_D%kaUtYtQTt#sxCcW5ccrHNZ
zB1aKfzSsM;z-%znf2y}Pm;(VnTI>QhiEz`4XHFK)-L50?rfS^M=HtXBH;Gtl2OiYz
zqXcrrpxZqCa>uG`+v*?Fj+?;iv#>@+dVkpVLe>5b5kuYYI~qmBkq#(Fod-q;=c~ha
zZQ7*c*j=mFE7`}ZA6gGny&P{_Z+QUOSYN`882Q-!0{CTXL`1~oP_g01klK2AJz-?Z
zU%p%b*Iwm$Y85au=r4-#@cMsglF$52+R5ydOFYRja~7&NaZOug|C&58=@;Z*R_I0|
zFZcLl;G>n!n5Fy$3_$gZZ^QtKTsp{ZvD>QoE4|b1fWqbK#gwj{(w*j8H%$N~t!Ooc
z)PkkjxgnJ&@QKuej;=q0WgADcb#7vO-w<n_FIrY@uTj79tW++yQ@4AI4Cc^yp^5Yz
z?j4zx=X-gszt`8OOfD?nu2k2umnW@#lipd4=62S(c)ImB_2B4a!zq|D!{siqv>>)w
zrum3cuUhdUeh|Ov4z}BJ1nkzlPhXA~>Ue}Y{?nC8LlE4z<gbF;Uc8{}xm|%uaKD8p
z?`htffHFdb;EGVG*7_sclZZ6FDVMZ}v42>)BCW4x)i(jR;@Zvey=`?)^lL{-6Q?ba
z!{s$b+r4zE8AuO>h~Ct88XPoj`Wup`c8$@rZOWI3swfqY#I0K90SpAAvJhzFu(uy@
z+%FL~4j&wshKDJ8419gPb9WePWMO0nU|co@!$q2gt&rZw_V_=o3~A%>Ul&J<nMUaR
zM9p(It_QU{a5mO<*<sX%OJ=4m9;GL=>d`YaMmWI3+dyDjMbU$?*=S4L@tbTvf-r1<
z-EJmdKw&we(-DL;0C457vJ(<Au5Ul)<m-6sv-bjW5*dPG62}I*4Mm?!FK-qp@KY9V
z9b|o`PkK)7f;YWh_{lNs=U~9yvYesEye#KdFaBk8aWFRPRd20ibeEL7c$C(h1-cGa
zA!dkeoX$2vwqETVoy%3Pwt1934`$sMwA~T46GPketmG4(0k$dHBhiDio{VGL!?g`x
z?>yGfEX%c7Ag6NHR&d}8i`k~k^aCN%YL?m++15R~m)N4crSWk+u_0RL-BOdfO`Fy~
zeG3bhDyu`5FHcpgcSaB_*gUgcSNtBU((Tre58kkg2}D;?lU9OMRTd6Q)UMz<a3pke
z7kKLWu~b~J0K{yK<{6&THgs<9n(*0e%|(lWo`pNR%_VA9OO{&7wa@k}L(M&Fws&e1
zm(Q6?-qLjNznNidMs8?vmmZJvHY}Fd^lJNctj}z!)q?{#JWJ*(TfN{5*T-8YPmq)U
zQntqTbQWFet|~YbZY{c3hZF{>v*AC1XtkCjy4SAV0Pd-0S})CmM5d9#O_FqDYZ$0p
zdIt@aS8D!j;+-m-d*U7&<yr;e&}P7OFI_)wyryVnSHI-`G-Mv96Of>hwuO5WtDVZ!
zYF!eAUJWiGXwuedowLT#9kh7x<=aWnr`dd<*~^J)pdm`qed(p(x8Ki9dg)q9_1Q*~
zd(AwN15oU7*oO56Z<r(K#vmCY+iH3V(6+V!&9QbFb0cb(+^C&<IP`Zz+!xWSn2j~7
z_!lD_wAsczcOgFAi|5H!(U$Go)~S`rmKTRM)<?@a-7-~b_8yqGH~tuX4Sz$Mr(UL<
zK`Y_^1!w9!2S-ZkboYBon}gDu)3fd-kgI!Y0pLWemdNc^-p2?mtNK*KkD&Sy=DzVr
z%D;O0SY4gGR$BFgUaw9zGDUKV_($+K>hg!p3-AD)A3NcAfCHBFy*I7_7UIG3K-s{N
zR<bG|-oPDs!!ek~GSaJ9`FVGTwcJ_DCon|bi9C?X9==;+E*Xh!S$Qkqc&cAP@we%W
zfRqnRj=6k>hE7?jILnyVbrW<ZPt&TTg0RObV&9xR$h}Jf?!dVFk)zG7u>It^LInnN
zGW1|;6ZHFKLR~4-;huG5bkh55Md1iyc2#5tGv0Ie!txY6n+l|AlV2h{TY2oq|9Y|c
ze^<cO*FK?e7^FfH=0xG%XO@Y|+b%ga0SqKkwa_}MVWLrpT&0XGH;Qq6Z+s7qp>3F?
z@At{dEe-U;Qrh>;pJKSKg}WSDDTyoIILDC$w%YMkha`CC*2TkSs{$duu@l|}S~F_P
ztU5@^;AuoXy6YW8Z%-t>ZJqa8+mgF(E34iiBQO7nE}M#3#V_m(<ABVhhuuiU0Iczr
zkWvIhui(f~FW@Iqo^MNw-ay#V*acz%t3fC6h@J*fr+*aPJ@I<G%3dDqh5U1sbjWCZ
zG-`V0XO;(Hb0rFCVOi$R78o$={b6$rydwo134Kc-LwLY6;vWQ1ckTd|b<rF=BL;QF
z2)o!-9@EE5N8kw<^xhVUdF4>70B^wsttr>ejVaS376H{>+WQ{#%qo49>9Qd-m6P(r
zq+!XFE2@epUKv_mBUI*B`n0sWGxe>Bf4EM@MPB|{0sfn~Vf3gK2DD`ghOiJtkr_*f
zo6nEGQoVkZgQT7b<54`ZUiLf6Jm(L52};EcgxRH!j#|L(6(@}oi>q+60PN0RP{hC7
z3L_|{s2|AMlixGcEZ^?>`xt@CZzi&R0a2TT-ew&ZIR1HVdre+_K{#ZKjQPtID;ct1
zi^_7oVBr+v1oLp1%n$H-1sCYdEXXGW!@+4}{vAPVoLsL7*l`(3Stha$-zpv%u-ygW
z<(IkR%1QexiIhphXCJ@B0a+sdVv2sm?KrR+1lTca#WZMH-TWrn%n}FPoz9lHAW;i&
zoS(!{x)!;<rDJ(*Mi3~lbj$tPj_8>7vG1(xZS{Fm_?8@G%(lYfC(X9QRsE9GoVCEo
zo))};{=xDH=Jo+a-4F3yP4HI`^AM7U1LtZ#1FL@xjMLNdm9k_;4v_ZrL;PT9{EN8!
z2rP*u@1A8&@$5*gckV{T>sZU@BY_``187s!s0wFz9ANOTQ$WS#ku6&4z%Lv{G>tiY
zW72TiPBw*^Bs*AQE*HLu>(wan4qmq@#t7M;_!X%VlT7qQzd5BTY;`uz#BYkbB>dv%
zZT~qd3`)Dc4?AQd03Zsdt|htA?lNw{U1}-VWK_vVQ)%B3ChL6Llo<F@<jWDecR$Al
zuRuXc0ldmP_gzG=LreM=(a55OgtcMxw#yIX)Cw8*Zp>cL6_%uPpC@^G>MmqXl`PvX
zaR+J*UOrilU_eH<HuMiOhoj-gD^YckTLsCcFgh1?KjZDV0x0}*1xI<Hvz{r{TN1dX
zQ?rw<&TCzh*ncTmoMwx0%w6MTT%o~)Q-tqxgv}*`|AMh{D7Q{Ot7-Zg&Xtc#NhOby
z=mxL#{q%hL`dq0cM!h5dXm^IhWve$pLsZ5NZ&s!V@=0xA#BWE$^v;vNB08jag{`u8
ztQhEB@1(Ps1fU3^hA?K(kNlI?jg@#OYOYcidydRUDv8ZQDu#l#V^w(d<%~?oG683w
z1CW#M=dudO%WGO<5TD0vSD~2jb}IGpB07>i9V45XWRQa|;HFrkNls!4(#5lK&!Ogc
zAst}ox-QfcbR*gki<7gj+;C+aeg0^;h1x^P92D@k1&AY5uRy6scdS*pX3ER)##-15
zoc-qi7_SiZ;jetvdL&ADaD1kOz7dqTK5{x&RC|g1;ap|V|M&i=NLR36B{#^k6q<0+
zKRqkxmA>>bhw1cR1-^|!?Q)Y@>Gu3T>I_fUceBE^lR&w|o4PCv_MhdC&X@Z!u;*zk
z&4<sXd;r2f;hIPzl5+BXuaCBe4YbYM@TCsC!?lcK_>PXL8ep(crjG3$QvvGPL9}XJ
zR@LsZT<3b{3F@+vE}ZU18S2pVYmQB)OBGA}D^ppi5aoZe?y@ncQhdq^u{oaeWB9t7
z)8h1><q_D|#2v{!<VMqGf_ri6`vOQ&R|f3*^#LN-DrY9t&Owxc&XgN@LGEKHxKc`a
zP%?K?9@gDi?4i`7GHv6R<Gn%5UW~fqOo>Gj@+xZV)TXR-`MKtp_l#~_6_h5H8FAw$
z#9@d8Uu-vbSk*woF7Nmy;Q-2B%9}I!w3`CWh#FLZ=8CpsXb$*Ng7&M6OjSFLOoU=Y
zEkM}n8lL~MS*v-4HCk9x*RIthx>{urP5pS&N26<GTzTC@?IOIP9F0&wS7)9A@kCXn
zF1e9^rFw{4LbvAcL8aZ2lz0b%JeC>w^&(cj79jepWo5~I0B`63vZWTA`$C3x>|k2T
zaI3~zbpK>4#P^h2<xpaD&S>EP4XTJU0zkgayBo(6Jil)YOVIazZm5xieTen%G0EiF
z3N<1?4#_*Uf1l%?Fv^$K>>g!0OEyZ*xlzq#LCM@MB6LWz6mCoS+}CjTo71XGe|}qg
zk$e%u*IgVI(<^=lv!C1NlzD15x@K)+YFl8?^cBWx>94+vNsMPp@upl_r;_j<HQ?tx
z|I{r(PBDlg6ll;OD(rZ#r0N^5yWewi-S6lMj{)lBI>*;Vdgp!_vgGJb{Y%0+BGXg2
zGc@s*YjCwLNTRsu2A#g#?4e2LgKDxJU(b^DFw+ftyrE~QN&nFJ39&G70lhC@k3r`&
z!BZ5N4ii8As(Ky`LUObk_f~es2tcdi$O-j?r-fH0=?ZF(`j^f>>@Lzk(f)i1yrRP&
zO`(KrK?FnsPj?z_lP<01{e!dY=pJoWVm-+zKH-+-42re2Zf{%5u-ndn2w)Kp^)~+>
zVj=GzI<(RJ89F*oIV-GaxmG8lOh~wC&kj=GTK;#|m%s<R(nzD1o|^P}H-M4r9Z?U_
zo9Pez<oKTl+GbaYAE^(SxV_=Y{O_<BFkWw;rM<d7XlZg^Z)Xp>BF8PH&lguH2)`F$
z^i8C`laVLXAnLciLx>y=C@yCX4<nx-GybWOlV!~^a?TzKZ`FG<8P}`Yw<bopxA-$&
zE?Q-AcrmR0R2YuR$6w^&HwMffWjp?AQ@|PLiw{AxoPW+ULvWud<D(DX3_*i=Wei=s
z-}OQ6hz#Tpa+FrV4kf}@nSnYzKk9F=+1o@i%L_pup3D6)^4q8wxl1JQ>X^fMo_Te9
z)2rO@iI^+DWxGjj5-XR8BBTcP;@4a$CA?AjP|r4^Q+@||g(gPwzzHCX9ws#cH!QAZ
z`{+@q_t8=GZ@MD|bx_#B__DrZhIAMl6)zs9N$7Iz()m&srqaF63%O%pOfZGb!?J)5
zcju9Wt2Y|$(jj%={V<V8zWI6s@1k6leifaGAI^(V?kRXMZB7CSb;wkH7_tXS%9{Xt
zcTnV_jc9Pyp;!X(aRwmSyC<Yj$v6jB;-sPR*H1g-J*eW5w}r0d(?y=CiaW>B_BTCu
z<<WjfxlRPVcBME(%a^=mj!8?3o3oq^DMNqxK<{N}@g{ab#8F}3CB4c&GYp(f|Fw4c
zu8lZEOB=Q>J^I(^#{jR}re71G{{;C<2K+GxhdV$4*IDoOLk__GWmasj(lhvg(<aNS
z$vZkcxTnLg)=}%S-mF#WQ|825wJk4mx5Mey=J%$T&iQP}sVS#G9l!7s%k;b-71(P%
zndlu9;JH;{Bcf3yjEatdQK9$=^yM}sfWVSTxBcm_?i>Z1DEtc-OGMuwSYugcqfj$C
zl{;2{hmwK2kqIcOB<M&Tb%FHI*bzj6f3qoMXVkm>eZWq$+h-I>DOIg#DO<99zLhgq
zMObkt86+!<d#$jkvZ+9-Bq^P*k<eC!k}9cG&cYl1&*34@y`tUCj&!1+bfN*=!5@Re
zE}}DuJHjQFzEbQ$he79lBvAB)==0T$#_y^UdfuH{R~K-d895}KL8%w4TL^53mmmas
z5+)n=$TbRAELq={Y_E<Y^1-pYyFZi1EGRCJ6?X^?-O=Jisy#{U3L7>_=eo3;Fr$AL
zW5+YIM!0xRW~Pz{$fTc^js)Aq2<$u0BO71y|H7T3XTJ`oRGH~6wo*hXXur+J6BM>7
zp#Rf^a|O80>y@V=KYQmK^rh-j)}ZH$0Urt{(4MS#5r%~zg0!3;_=i)xGE3&T@pnq^
z%&CQ9j_xCDWYgDodItJ{SUk$j`P`2CB!=ne{lRG-weaYpRlzir0DS@)D(Xn4Hqv<s
zMhVlvwZN0K!?U5<N^CD(Krc1PYqkud744PgA0<GtN`ot8vrV<tX+G`AH{BH#2mMLs
zmedO)2X1vh^YnN)YWuhiF;X{}-a>iPy8;y+TY}_f0L9C_x?m`{Shf=_x@&NN5;<kR
zppE!`M@`rO7PIOfGu#0=f-b4IVT;>CaC<Jv)XWy9S>@JMI^S17_MPq!F(&=C)(}cR
ze<5IN@6}uJq_-&3nsTU>^%0z_FKXj-Ka{q3fRr#@zWzmjS4w86F(ko|ahwavNVRb7
zZ0VfYRczc}qtJmB|5p$0=sY^H*{P2CZH;2>`IU97kN6_?d8a$=mOtIN)I8IL6*>O_
zh0~TYhgP#(Y4(*h!xkTd<RoySr|Im9sUE;4NB}oof#qL|-podc?WjNgLj2Z$9WyL3
zF07{abGfA>9C9%U`Q1`YmL_K(zD8_@?OrDtZ!)$f4XCarzqy%4UR#U9^LGjtjV(sz
z<`4POKX9t=zPXD1EbpLhPjVK&M3#pY3zf7-PkPF{9FLV*!f;DV$GC+_NNq{aH2^bh
z*sA66T|DZ6X6emxIRl#V`p+qVFj04lV+13i!jmG|Le*hPvEvDJnqC7=E0|`RK@^8O
zNoEQ1TR8Fs%jlLG!c`b%lWB*UteZk((6%Vr2{sw75APJR!V*MtE@LRd#&THf3&X)v
zmbF5Dnzb_iSWrM?_z?Z&xsla;7htu?R@i)8bL>xbZvEb*1hsnM1zC*CJ^P#Y5xwU$
zVOhUNw;{V;UBhQ02lg34hI{xg3MBl%YH~}2B%Vy*zwqG!sg8FvL8xr^8o^=p!@6Qu
zRbRZKiV}9;UXm&Yl5{+$)-M}`MNf4O3lCy8gYSL4BAtxJLkFn9o=PvyCcqvGz8Hv)
zlw#9)pJ`RZew?XuO9G8N=suo*1Jd^44?$ytwC<+nG3kU~MHRc8vc<`4_@;W+-?2%e
zk@Hq*dKa0xPP5+Ufl1+kLGxb!17Sd(zscv@%bTw^pWa`7{d|3Kc6S+bLztE7_Uqa0
z?bY8tUS6aUVolKB1trInkK+a<ac**d8;^!EgI_#%j6EAY{>e5g*mvk!#!cS($REV5
z?M_yT8mTv`?2qZJrF4ggZJ^FFKGvbiEa4~`EMqmb*m@vd)U>yi4a^nWMz_)G>U(u;
z62=zJ@@f*hSr`U9rfC!#*qjHe%>tyWI!dj{)LO66Yj^VT(@bGYa}8P=j|jSdi)p}O
zLjV<NI;NXWM*-a>253%EKciyR=Zh8jvU|j0g|8?n;w(#-j`g`qIMVF{km|_*q;pF9
zs90MBAl)wHC{KqRjXJS4U#x{kqVp^kd~BjKx${H5JzuOfETnU2Ei#vV9UAebj2Sxf
z#oE}uVyj{WXrWh9=Lt?y#o94{glA#4kcZhqquuVcn}Zk3jW#!1fDgV|&09g6gC+D5
zCGDp}*On{8Wi0D$hT%eY(CT4`)P3m6AGa$Krsj)!C34MqAo?r}npmr<1FEt`=ZzZl
zLCt8kjP<nUhtN^udpv3-e8CQB={+Q;yI4ebP!doetp}CwRY5XUhB5$u;qcTN3`+2o
zm%$5%(lvVt($XPh`60wRsUwkc5*+5dgu>7Dx6#n6e9-C_RuT)&+&G*QU&ar(v-}ey
z58cQoG<-rERGWJ9*qjR>DO|i9UtryfbTP3#q~%H+<6Zgwl+Ff<a0p*%X<dR2`X+yr
zRtz}%7L-g(L~LPS6P^HnBByF(@KBEBv9JmvJ$j0YdFoJG;LNNtDlAg^xI|v^U`CUO
zlv77f?Q_HDW!B}$f+O94Ak@aCFin|${|ZI%g1M{kT>P5HCpHL?uM(Du9Oe7UQ8~oB
zPfl_=QZ8O|;M(rArwLL(p;`t;_Shx=J5-DP92&ohUbZeqHDe-wE0R}CV>;^bX|{kc
zpi|&wrpM03;nx#qgK$pc3^#zTrqMF{-R2A4evsWu=qX&DI9hK0A~B>&t@S(A_931T
zf10=x8Q~@t1eQ2#c@lRKlW9LA2h9!^G#kp4PwN`FB)2$OGAMl<bI{=(y{EriF%WkZ
z;i(h(3}N14cT{nIhY_Byy@rK|rS+@bx_Pj!YF6XWgc><apaQTgbNNtaQW|6=PI{5p
z(m908H~pUM<KhP{U9$W`B%MOIUd$_mp}hF**EfWpoE1v98^FNC>l&Nv;u)e<tv1a;
zy|qt`uTqy~DSTu13VrY6h}m<GlU5xzQmfUyMwD1-djoBMU^d%LJvVjlZwYm;^zymB
zu9tjqrWC!u<!}akvA!1_QD!PuLw)aWY%7nWAadR@I&X23;}PjOwQr(yZjdbCntwJg
zoqWT5@lx8~sC24LeiCg$ZI^D(yh<nDwXk%}^?Fv7Sj8d{<(7d+w2mo;-j=1q?-Pjs
zPP~vQUGSEF<4$?HJw2^%<453Q+(~S_0aGgB-{P9;_&IXiNpEzDd^?kftcjb}4=*m`
z#8M`J>Q2H2(9N#I7A3vDg0=6bGnrjl?_a2l4?tzy={0)YzVVVn4Q#A3uC)g3c0NX8
zIr#)%qM?*i{J=HFSbKGzcmDKlgSXqYZnj>kRXwDCj>!CEtvq15mfv;(<LL_(KjxWQ
zT8LC<Hb`ev+BV6xz+8IzlGl{-;wKD7wK!czrK@S3W%)(gkS_kbBxNs5*{I<!8E03`
ztaGc_KN}xg&1#U;0oJeqQfF7g3a3u3M)hkZZ^Ww8O5RabDz}r@qfYIVS@)1mzD92J
zV-YTYLP<C`Q#;LW)2!*$wPxx|`pC$3j5eXn<3ngk?kzuY&tv;m&4b_SomL~CFpK+=
zcv6zdBW^p%Jr-BaE|Y(kE9G7&&(!s3Ke9@&#hz%)i>*(;MM5hTWFw5Hkr{0xJfauI
z+K#u}QN`XM$CIf6FAwn{S({>Er8x1U^R|zFepF93>?Wya8=VJMYppeuB+Y)kqjz4i
zNQ~$mJHPpSA;TW8!SCS5si|RdjW=7Ze%=ef-A?Bvw$iWz{`%YH|6X?D?(Fm3udC90
z!bHmw!1G_vZ!YIg0nVkmx%~apZ~HjnmmS|d9<y*s;KYq%rVF{cY0UIP5SH?UUTkH5
zAfkh@*LaK>zNYwtOR)xd6a;p!K@pAAOjW*swm+WN>2%t?M&I10vL^N^%2e2-?iWg%
z#|q1af$#5ea4wFXpkpFUB+^V?@9BA4#B40&qlNK&yzhQGDtMXIMkmXp&lBwM0w_S{
z7LPha$QCk1!DyxPQ&|ZEJ)V4R0nkc+pU-V^&g*H2_M+y2_&`f{YB)l$-O;m@sV|99
zXb9H?(g|CCrj1<9==RNY<m|%?_PlZ?;nV6npPWAw=^3U?`6(mEW8~4H>sio3ecek<
zq(4U7fn76~p@UU`;}OPA$2cAT_q@S<d(do|y_Y=;Ty)%+oDIu{zw2qQ6VpI{GrRR_
zKOZIj?!!Nym2^y}Ee@VU*{+^L^ZqQ7GbuKIqLWE`Kbn-a7XD-8Qfw-rA$}NH#z;=1
zZ5O?l(ULj7+HJ1ZqD9WR9`{RFZ5y>lztMlWGC=Nt)UIN&e;!H~c_M8$`t{nAZ~h-|
z2fcWYT;9Qr&Q4ovQF^htmLFn&+V@;ttlDZHn501iMl4HW5<k|?Itvw^MPhB;BON)(
zn~q*@>CNgsx879p%uRQAr`T>kl6Aw!TZDiEYd94%hm}-(T14-BN$ga|*Ah=^B|~cs
z>b#csR^!6iRQ+^L<qGW@luU~*ml=*(pL<xAGW(zpEd!dO%x*a<I<NJAV5GtVN?Xv=
z<Sb5^OQ?LGWaFM8zoH5`@p}4HJB%_s+U;zbY?L*HS*$xY5okCzl_{>2Xq<)3!DjH;
zqBIlNwkg0jxk&u)MwQ|I%Fs>jER7SE7JX)0Z|jZL3y$h>CvEM0IV3`1uviR8^L$M`
z0#abA@oJ-A%lll48mAk7%7Q!Y=uVJ%O3go;zy<gYeR9g-rD@<wKS{Bxzwz0H6m#fk
zU1((!kAD>5tbVcG2Us3K&kphG4Ik2M#<M8$(lxBdrXIhN4&TmU@N)Xtf0D{xAARDT
z*^m)@NZtSCT8=seC%b34WI6!pqlOVoOv{+DAvWe>Vi*p#@W2~?&g@NgNcFlgFkZ6%
z0sM%QOT?8<OzEplNi~^N>zQVwllNrZcAq5n5!W7$#b7qKy_v`xCo2@I&>~9HnamL#
z>3-FnnTSsZ$-aI(`*3-CdGq__&24n19dF!TzrVWsDsvK-Kb-yT>O66U5?-F&od5du
z`t0u4+qrZ2`E2}uHg-*_>U)H$PH0lt%iBT^La6kSJ(Dh9f$Z#SRIfGagF*WRpLabw
zf3Lm;vNe|wTw4=KrI_-y!Jx|9dHZG0#l<qzE8Dqp(t-ou@)-6M8wiDMkjw#z1ROxG
z)est3HfLkkv<8-;OFFx6!GHzYSupgP-CEaZz2Jq*ZQ>Ar^8eiQ9K5gTj;ZnQ8s~#%
zXK)nf;FE{b!$a^{2h^iu>4}F<7aVk-cY1NU?EL(Z#FY`{Wrhlo!}^?#uOreh*}!wh
zp;zK3JghFwSyN}$H;@JGn%?QvjlEht$q3Au;5BxyK(CJ@{I2lp0YeB)_t36}8fKx~
zvnaKOsWnJ{tzl}d-sG)8K3g|BQ%*M6VosmlkuSCR6;nCWV|o0lig^>iCeIKg9(K}K
z(u5~#UG|R5?d#1^TG4&uJ|xuKcfz00QQKZ&otWr(C>Rcsu(8B&2@SH)YY+@3YL|ti
zC3@I|n^DFRt*RU_c+Q9$-{_(tLXyGS*3dnZ!EAwlH{K$<a=6X#CG1=!@i(A0MtfjZ
zYt0wD_#qu5vTKIjzlI3F{=v<Wt>FVg3TVw<zuL+t&gLPCfM|YWbHRK#om+WPT$cbD
zYlZ-b@47x%4z4B6hVE%b#7}sf0)CDY_(q)XIHglb(evyl)|Lm4enA&`f(Iq;H&g<#
zg~>>NQEN73lG~(X$lo#kQ+O@4*Ar4r7C4?`tQAzi!K9Rnz5GD5RM+x5#)YFn2PDQW
zi#VwInhL3?DdrwnBQBrE&7VE2Hl3o++E=QM*d}*nShP{}!MXE8dbQ3Q9sLFCvfjHx
zb_PRq7FdSQVq<pINg~@F!oE^IsEG%)cB9&VY36gV@+*|=lPb=->l~5f>y4b1S7wqi
z1xkP_5Ou-vQZi8_WkVjd03n6N14#p|WtU}s$7aQ|VhFInof;$DPNtSsdo}f;7T!oP
z9<PaTG>egkv0vuaavN+x`^{c`P;2eg@@HaAICL`4+=Iq%ZXv^jP|^Z-@}_}8N=hw%
zx`2}EtrT+fdnDs(yxwc{l|X4XJI!uCE~_9bk}p5`f#*8IchS%ZXN}KFAgLV_7R)EC
zbbkKJ$xp9kYFKQ1Py;<$M$7sLoPpgJWlE1@*`{JXs*GU`2(!?idIOjg6|pYxX*sE|
zNHU+B%iBA4c763m*ol=DH7Sb_s%3J283b1yG7}MlzQTU7>;TVIQ%K5*j%B^Kbjq3*
ztsW^I^}c)0-_q49=N|SH7OH%4DluqtUl8e7uu?X$jBkidFfga-S+;Gu4-UKyewE;X
z4Q%%T<7fNy+(anNVRQ$4C>yy9zoAQQTkca}z|jJBdB<FPd~8j}u^z$KA-7<E@T|_{
zeOL)z!n?c)jA0(~oXl^=z;$WL{`q&D!cZRk@<oE0M8%g^XaB<Te{dZO+TzPAN(;So
z$Hx;?bzPZq8i^61g@xCk|7p_vUp{Qg#yTY%1;NCB^ZNA=*6P!K1?v7f996H+CKFqd
zaqUXVPwfv`N&j`<cKff#I{FrWcrCJgty-WWrqZ8ZoLA+4OM9YHU$<9p*em#`Wu;J6
z#w7o757VCpW$A}dct@@B!^z*Xa*zioW|)I&i&v>+e<ptaGnvbOrV^9Xz}&+2seFp0
z=hgh@<u#ggSRfbt*C63^+$hf#6kTNf9<@fjTCZ!>8vcJGLd(uSfun_gngymhRI(IG
z(0KFwa8mvu>d4A1H>MuQ+_02Cl;zVusP5E$D3ho!`OxP<Db?nf;>xU1wm+bU_W3q{
zB{k|6_n~;{)`R<I<ck2y|Ns1_${4nDr{O47QYo5gs)TQG61yNr2x>=9RQ&tlTNcax
zG;_X&lM_XSdJ99@S79H2VRWF7@nQ1A;H1b4Fogq6*M_$4fSmd5`ihM(EU<@rC1D^N
zo=(MQu(Qha6p5%Gm7nEMD6vvZqQOp+kNe!j@9b!bqjSh`U1Oow=7Ht;Xa>b)W+0#3
z!9YVe<11YeNm&s>V1_=UM5KXG62~J9kkfT3l-+4S4%uZy78KKexKbb&P4dw=k4E1K
zE_@j<@O%_nEsTl{a#PwKu@Z%4$B>$sg>)oAO9xUvGBT+*W@Qm|b3Rrs6fF^m`=lIs
zvHo-mGE~Y8_$knb3Ewc~gbVsa)QmDi&*zbY^m2-}|NrfMYj@j7a_IN{6&)oTlUafS
zz_)Gru2zzFbnUT!6w#hJIb&ZP5CA2{B*7&}Ym~(K?YF95XaL>dQzAW*&#p#7zp5Wq
zU0qKYMU5L#;-Mn&LPB;SvyK>|zoLc^facr-i=Ky)m+~#D@T2fM$$n@41<2c$EApD6
zm)eJ}Vl~T+m?|=Gt!f2TQ8b5Q5z8#7zTkFnz#(jXX_9|`9ap%_jtY${8jiMHC8yH?
z{EGZJ74j|S2&%7WO=QI5({K`w(QXos^ilU7E{Rd~qK8j}-@dSFiLkG@E~kX&Bj7k=
zf&Q9${Dd6Al~T2Vhd}0CPYM#A3aasI^9t=mV7_RuTSSfM&Grh<5gP#EV`Tp5BpQw8
za4X+q@njNzO=nQb1z@j;@aO~3zgJaSsJXm=riW;0sJs3oDb`<mjQ`6wy%udxL=96H
zUk78_TF~7EH@FTyex;d4U~8hiC6w{IoKw~Gpj?9){#IYv#7<lbZkVwVxu)MWz_Sz<
zCg25F<0uM-;m8Nv#$WVc0mn2L=3t^<mj;KQv_<fLEVWE{8DeF5kQadM`+Yx=*i(V&
zz2mh1I`QHd>mWO+?*hovSL{K<ep2?9{j|ih=8(Njms^oQp(dtfVf2n}<H7NVQ$3J?
zp>RnIJgD@WraaFgCM{Jg%uBts!_kJ~?4NQnnxC;@*6V<i2;BDsAR+7D6L7eiVNam>
zHSFDg;<IaiAW}3edjb*D0__JdKxUT%MDjrfXf$8H<OyN%(^mN_X{*fh0P~>%fA!9M
z_lhdN=&ycxmGbiR)h`-<5RX?~ODxnkTX=ITP55qfsX#&jwuWq>rs5i`l4$zQ%qblx
zMwYby>@ywfJJvWqW#0GYGz#W^5p>y#Ss(|0>o;A2z5A1T!uW|2n6in;go7xgTCoH#
zFEXiFc3mejNkk=@If#zClhDUaa@8d`7)DI&rQJFTt0k(W+A-cEz8I%?hJ)Xz4j4gB
z<W{9=^6QIb7wAQW800<h_Iptv@DV%C@Co}dAycxaU*xn5qMfWrN76nn`c$4=0!3JV
zY)0|ulCOG1PDed~z&?(}7G;<?A-`1lNA{&U^2RW`5lpn|Ap=PnN>&yhy0+6{C*=^f
zX&Bv)l=DTOb^n|q*a8y`1TTXOZuYH{s5a=Lr7o2N*-ySm9E&)|b}k{2OdT02r7aL3
zY9=EoUT!*@poMHNuD$pc9=O30(on~LvfHp>`I=Iqx{RoCu{=;Ot4F<v#Z(rvTb@b+
zB_C3HDEpWU=W$x$K=r=yASR_*G$Au@_?7w1PJJstYaMTZe<rDt!kZ}-%k)AI&K(Zs
z!yp6dK3FzsE)vOBH7DC%T|T?Sjpb@?EZISfkEJ1Iu{vctb6~LRl&Wlv-DYQhfhzn`
zK$X&oC$RF~222am>e&si(P>)^$F;3`tzWl#{YGFlT20^eTK&G;X3Ev2Mv;md>CwT|
z#0+u_^)iUB!hg(ZMBsy$H0f)iqXeh|?)mvMg4u4?ZT$D0cac^QGc_opC(X|w=9TK9
z*5n;z3(z1)UsA8RhLQxFTyHIZw{0kD+I3Tr+vu>NY_ussEmh3b#i*<u4&%g_VLQtF
zlqyX<5NqjtIX1lP55wPI!H73wi=Nh(D7p=&Da#d`FnblD2ku3)Sv1P4g1NT$+YQ`;
z!R(ffQ@5$1#Vs{gQNQHW&(u(eTetvFR(v}hjK99LU-e-%Uvi5Y+VuB-(Qq8org%TX
z^>}x8SG}uMqv_2d?#Us5Kr14<^tb4DTGfVW0G8nY8Jy_bPXb!@bF)!x631;-TYjxk
ztwGght=h5NHhiYP;g7Ck+tm)1VQpBHYMam+_zPBuMg4a2gPED2Y0m7Pj#Z_@A8N+0
zIqj-bFn&z`w&dR&D1^d)=`d&-^{OkO=tw9!rXgW5RvplyokBs&lHGS}cC}7dSM<8v
zwB1Il>aI6$`h&;<BL5`GpZH@0`_zH|K2-n4SuH$GZpW=Qpo~?w<H8Z!$%c-cb_W|2
z^<8f}^oZ8$P1qRQw^&`>5V2;6<#vyC{-C>O9CgiuyX=_y$s=8Vd4qKHO@^2zMlY_r
z*g(&+s|{`%v&izIa4ZMy{8Hw8uM|rjVSUquA%~%bCMiG<g>@2gSrNHMdwA8Ni|OHj
z@w$YYg=))6Z>J%ubGw)aJ!G~if}2DJGJZ+!ZlenP@MicE(|uACJf^F|&s>WaR7ux|
zOD<(2!=6iNBbi=*2n^;HjAS^N%>IWC2Wy+NnyF|_X3AtJ-IPKShj`xt4C`9VaC;c_
zXXZk`4LzD%Ds`FXZgZ85dk?o`ihWD?4^;KjPpF5;u#BBnryh3tfz@%EJ*(cS2Ua_5
zxt7;&)&jR*_nUr;8K#B9;V;tuENixgJu?UTG(RE>-+MiOG}eQ%3vNEZfSmV~W>Kn0
z!jJ9wQV2%Z@%!~o(6eeazhTvbdd~v(%d_0jxBaH)Hrj!|U8t3#rvZGBEiHh(;WwJS
zUae)hcB5w1Tb^z8nz#XtTBp@)`@qcx+lBq7xd_6RhWa-7UI1_4Vg}eSu<Ta9Z2`UY
zEUyL6i@xoD!4YwSP7ruoUTbb<p<C!wQ32F_x7MqLPTg`Ej$_q5w}Vfi(CP)vM%ZWs
zy<XkkF4U)rH)R@V)z7l<RJ-+lyVh{6&~*S88(!1u*Z_E~6Zjps*{S(<W4kb)sIl2|
zaQoTP0@&N|oC^JB-3lECPf2K79=rmqcHQfToqDf-9ope`VLzs}D90?&T@H3H`Cb5Z
zuNA_RuIX4|(Dwjpw+Xn|3$4BbER*jwnw?&AyHN9RN9148`b7h`^dDUWdAngZgIZvP
zO$R7otJSdDezR{m^`PVXt)SOI7qN$c93wU9P78<J>L=v|@cW&1qg4-mtK~IqtL{6V
z)q~4_257lk_Zz*ycKt1%7al)K1NlTPDT2A*^E=J3ZnYb2ymi`ey!%a9_*%X0w|&1E
z_S`MQENq*8qP9&s*rlzv4)`xArh@SS&yL9t9R&_}T#qnI%7x+I6st?iu7^#xw-sL*
z%$j|A_Dd>nc47dreCliwl>xJ7W1pY8SE)XKg$)BC%lF9=bBP|`o&AS4yZ0(R>Joh8
z>^D#G&Hw4L@QVAMx*v*vnJnK72p$55T2i6B7{lP8v~(2+$hs+w*^mm9nN;5@h%A2J
z@i*8EYCpL$oU4P#Lk1E#D1$VU@mmG58{hKy9gnt-XbsHAOcpYe_8T$dLC+gSwe)F!
z%VqawK(KYfXoxa3HS$Wr#Z4`MmodwbnJo~vdD3#Nm7`2r7V2!$Z=e8cB_)Sr^M++7
zEGsLwGKee$$-7kM?@Z3`yiprj82xH3d_}`*o=2dR^!0Lx9KrXpiW@Y`cMd$xq-_Jh
zwGJs|4i|ym$uH~Xa0d+V?$rMf1tE)n_O(3R{1AL(ic39~Irc-qJ?Qtvnjan66#|?}
z1#RW4Hu*O~3kLntd5i|z_lOaPMC_3M44s}`T@qfK{F%>$Pr%7fKtxqlgk7sortorB
zx;_uqKnf0_+E1*WCdb_@-+k>doNWK_`R?msCusTo{?qlFKhAqeQ8D&{WNb2j?FKfm
ztVX@rZ0|g1V<rs_OKX2b7N%y?C&t;^FhQvlZ2+i}6KBax5vUAcuX_>3ko<}=%8U}@
z6`6)3bb*^@e2G|(G?)#I!_Jf;JQVv1QGvpK-w*1YCmgoo*W2htOoE7IIPzvjw7bKK
z7OiMuMXTXD^?JB#lv5*|t`*#WRD7bDY>Lud6=%Atkkdg7*ONbEs2m@0&Wio11VGe8
z6q0GO7H7t4>_ec7kI{rXosts3NimyIx$?S^EDV{kHVj}>7;7;@3u<-0)#`g4CW@TL
zvuN}y8sISP)4n8jS}I?0?f@sP7UyeA>h9rboDB3gl3*VI&KZTDu#L)pr8%$lT6QN`
zYLB1NH6W6nQRUErfJGwl8P>H}U8~*lJK?_I$W||dJ;{N#DE-;8p^|EQ5h>~C2%XB=
znX5fc*0UVFZ-lL&S+kpu8Gk6T)X>BqQVSnb*R)+@>R!9%xeed30uMFX9nZDAdcAHn
z8&0e5)Pi=$@z*e>?(zkHXKWHx`6ViC`HjyAmn>yuP2b)*O;0p|`%G1${2{Werbr4s
zdPi!Ae!6T&03-%>Q46TFy2M08Nyu*z!h)9apbs=mB<hVy6R0Ex!LQfX$M4@?U$aiw
zNcel{7#?bjVJs&xCRzMX+yuFI8SD1j=<YP^d-LH;%1^dWuq1MS3g8bO-40!`gR+<z
z9!o9!bomi(ohaBk5o={ZCT1xVqV<8o`!&0<PfW>{Xap|Nf2SzocZ#1pPl$qrJV^*2
zSya%pT}WX57?LZV1YJrQiDfau^pd0(g)3kTLM>J`3FIWh-LP{TOrr^n=0qdaVbmfr
z483n5+62D<TKEEg2rP-i5dJgshVq!NAh@czLEUcGcP{b#fe!ah8F@q6tWCN3Jqdiu
zUyoeE+h>%!7^faJeU1Vc&6mND)*y*q9tpix9WK;<kVeAoveRD2@3%U3%j&zfW7S)3
z!}4r2G;jBUTD=$cTlH`QcA8n^WcX?2<Ax0N7INC?Q^lx%2$1J@)vPutepjNgTH_}`
za$J~lng?d-a5%fV4#O(~;5~D^OL4pbKXp%)<rOF?VnQzDc?IF(E61`l*mf`Uf-SQJ
z88p`1)2v3(MV(+=?xI#2uT3WS?S3)FCHoNF0U0`>(JOi29L8Wll?kR|h{-=O7zA{@
z7G}Ujvw&%TG!#~H#&lVNY^aH|*pNIrK_zP#SW%1_E95*Dd3Gy`abBV)st9YX3L06_
z-|tU(49`k3QB1=XU{nCC_|ZdGtZeqJeP9u~bWiV@cNtwpg*#x&x*W?b&_lA^ry_)^
z%5zr<C!-j2o$=f&T<nfxcj|$^FWmKdEUUt)${Oc?L9QH_R|THZDp>8MU=uYyT%6MU
zl;tEF?owF)NVzH#kviwdRqk7?(htgqrwlV>vVkSg?NPb$lsSk@B;eg(;)q$ACFi)F
zNqL!aw!Mi(E#4z_hE>qx2oEH4gk>Z5L+Cjg5AR7h8bAXq7mYEQ>NJEY9nLB3J`4a9
zjC~t_M+BJPP=-Lp@WuE16JpLPMkik2*iFjnJeuMm<!PzWJ!HzCU0oiA$9tO%+MUgx
zVPy7_aNkVU8N-%YepqV<+sP7x&o{1+(`iHumaR$Fn8XJ4cul&UvT>ygg<KHyeKg97
z9?KP-21K~VusGKPfPa;#^upO4j90=5)$E{uOsZ8mx$Vp@;08hrQoh*#L;e#OQi3tB
zj__oA<Jmx+0T85PqSFnP6*FCRwfN{q$6}3$-iBi@?kk1^cefF_Me*o|vtQ1xhzAIS
zk-uO|0HJ^<f$bnYKq%yR*ETRx*GO|+>8yv=w@HeoEbh~H(=~WT4HlUkijsqDPQ+V(
zFHRQ1o1y$T#+VYm45u)e4xlltO_jSj-qVo!MK@6{BXrMe_1cXm{OG<&QYJ*>{@{kk
zrdpUcUZz^Gl6F?jueI8(J$W?z1kfEJh*3ZA?sN3>)Vsgv{~Cs0kDxT_1L^yksdMP4
zNu{wn@|v`esi(icAx?+B>qSR+E=zWQg*40CXXjTpeq)?I`6mPlcl!Os-_JiVF&+Q&
z;?u`OGPkDWez{k|UXWUrf<oxO=CgPZgv4&Wv~A1jz)yll0M5b=vfC$lOPKwc$aF8?
z1{P0J!6_WmFpOczZ@lp!W*CdBg0G$4JRV@~3Yw<2C_`+P7`9v|4C|dIYy`-E#eD1q
z^)<XFJkyED9Al)0{7qzGLyM=Jv4Vcs@wbyHcB={nMjvt_wQb1z649M1=tH60o@c!m
zJ3qrfQ+I>mkma-i474zl1x7Q$%p|0A3xinj-293mqWbHbdlwpJo9KjidQ)Ceb3TDi
z+(Z%ZLu^lx8Ys2cyFQk^(7C36rdeT=!gf@;$TI1yKtkGHJ9PWK#?vJs$0CaqBO>F7
zuYQ3y7b6**c#I>U9ahhATzlJ$6pxUw3f-Uq64JJL%ez_McSDry#7J1|G?zj9#U!UP
z0C9zfcc8L<##@}w^9o;1yopDJLW3|vM|hRJAtT%!nC`!VUMw@#x}<`CPjV$np=9Ku
zslMc?w8%7?@tk7!H$c2`QyJA*9?hLv%Wc(d|LLN+xG$#jF^xi<%^0_kQ{W9PY-siT
zz;10D-M7Xm7@~V@hfnx{cmqsqcY~St=z3V5ToCFrB=SK&8b6>|SWu}w&xgkjAmI5p
zV$s-V5t-mHE8utNhrPak({DXt{7&b4Bqez&-=Mz+J`>Ak9A}Lsu9t>hY_*z>(`fE1
zj?3x2CPMzJ${kK&zUKkrJ{+gPcvdRW@F{T0L_-WP;RNOF5Ct*ZqGyBzYu`x40D-F6
zf1w8jRw+qRK%ef@a5k9I1RM`QE_8xiu~6%Xa;IVNHyTvEK$@$6yiKxGm$?^^&!CAl
zS0F_FUekB_{u5?2y1G2GW{W6V+oH8CUfXip9l!4GE9LQ~Q}6zI7>;jdx23G%P8rCp
zjSq@cEp92KR8eUa`%Ed7@Zm|-SIvXeTDh@TqGd_z3Wq=?XsUUW8eHv%;CnniHOl8s
zCCjVk2#$gJCrMg=f;kVg``B_3719)VRdR`;fJQ)lV8bVXWjCvcH9C!2t!KBLr%Q%X
zlF@GWC&H6lFDDU=<6F#%4V0+i*0ya_wlzwW4-ojIMWNh`NEjL^o36wGvsf;%0OQm|
zaOcFgA@y{G4&oikM)hFhn}}v;|2FWfqzaYh!bRDKg<3^_T~ce*n(cn?F|C+*<aLex
zk}P?)TzVJ^h={H*vm))hkpRx2z9s8hw7!J_*_-~>?3F(0W9qIEQCA6o`)PaONKH`_
zKT@y1c`h(%CJOGSbWGC0_<xxyTgDcxq(YHawDCvj*TF3F0k9L*BgxnD8W9GmN}1&a
zQRk8gl$*?dqC4|u^H|1KrLtlXB6a0eT`yc|HbP}KU~U5J36m!c@1<wJ8ewx+2QwLM
z9Nn3N<{H)%AD_abK_k-GHn3Foa7ehkM?#wouA9V3hEu{U#TmFP!Q)y-V2xnJbTCp1
zxzj}|v}$v+SeTFF()>q{h1qDfJ3%LW!om13gxqw0(4$#)%})!Z61+2-t#CUxYW^l&
z<w3#j(o72)08_Qm#fvPX!lW@WcftG{LW$AIBV<#AH5)+8_Uo;V<MPZsnE+z7+7Gi4
z?B4iMwjyTGW;Y{j`>yRZ^%47ipv@5X;*YW&xT2)Q1G63yc8!;F+vEBTr`2legY9Lv
z=P8kYc^R$nHuPpAZ&DQ1hQ+ht6)oRudhWJu>NY&sijJ&182cd)#<7g1j5qz;-2WQV
zK*_LPCCW9DY=5tb!z_0{MuB(FA2RxiEnbm&jD_LX!pgAkN$n9V<85K}4zGTR*7*OJ
z(`=4v1N^<iwLgh<ak8j%tySD-b5CPFT?STvaCDTOGb}=?AT>u<Q<zMtmM+cBpk5)3
z@-Bk)^t@^DMU0*@{ymBM%sqnIi|43KtzlyhwczQJmACUDlPZuQu!v?)GN{JHGg!@X
zYE94EGY(S9oYlyj?-MrxWFsq_hpEWxv%+Q6^x~{&Uhs-dos_Zew=nvc?`TX)LsXxC
z&!pguOt{#EoS&{OX*QeItr$#MSDo_ung^$*D(6O*tE_DDI{JJOE;<(v)DJ_q7Sx`w
zvi)K@x%I|q;>C^}6VVZPYNF;qgtIaGMDga7xWpE14v+ev+26L#YeVv~KpdImMCJ(`
zj)=ViSxU&!0&26T*1Mih*%Ph-`>$|+nkbiYmON3v-;2B{9&Na$We(z9lA=Wpm&z2G
zlV##t8Hz{(%#T1=2(RJ*Q0x0aCu?o;lxPT5RfLG9+{&7|GMnxHQOaT^^)0M#^@4WL
zukYHCGUZ6fqnCW@o?TsEUA#ZL{&abI{P9c)L#V6Oy*}=C&;S16>@-smXM*v6E@*YE
z`7mKnQht-`L^R|byq!iP+}Wi0#W1Mi-eG8&C|&d+ykkY{c~-I+i4jHjKa#H{4~K|r
zAbc4g%BfOE9NB_txGA&sfC_3h+R6&%icP;=YqY&b4QwJao9m*QD23040S{>!Mf$@q
zoGmsB;GybhZHw2oI<-!-wVgPB%`}1UR@3*Yxp6l!4KN!5h&=a-ZaSL}cav<mTgrc%
zfaT`FN@CePAXsvUl8`ua=(1UFH%ZL9ekxusor*W7v`@fVBNgv@$#=tS^4(+;8+ovd
zF45Zr3oe_)CpUlOn|ZL7u#n!uYEg69LutgDF=lAx!CKkAVlA*{XrWhs68;3`3|Q@F
zvxVK8E!3LLPP5*B!g8b4%@*Lo5A1C#Xt!VqU7)1B*mrHYFkD7hyBfoVcE8cV6seD)
zD}UInNST_Ob|neTxhMK8Oq%G}!a<d<Xx^y7>pOnE;V-8(--nGFeM46(77O-<vfei|
z=q`d7^-D}Bkky0oaYd4UOwl1vKzMV6>Am5W=gA9icxd(#)TK_y{367Xj7ua(g8jrx
z06w?he$BJPexvtnC1LQn8HXX2FXIJ1F1}*8(+zK7VGFBo*S-3W7F+-&g=Ti#VBL$-
z#nkhVvMZ_>?>vs@)Hjf&L%61_bqO};EB}>SF(CFCAY+J#D;!&YED}HxRE-)uRFpo9
zQ(*NmQj`*@Lp*`CU1=uFYR1SS7c|r?39C6Ddzp8xY|p!{Bo-Xm1q7ltD#<z(`u8<}
zGM(kVLOb=_G@J~9h+K1FDeIAsS4rStW0%WYaw%uS?76l(8)<?npinIXCwmmp_&anK
zkK;6co(#6E7&TCTNLE6xh($cq<5O$_VnDsXE5uX$;_&uFY+%7@#y2YnT?4-n^xE|&
z{QRJHFEUa%_c$sxf8k<CQQPXZ?B+iDi0>xvgeKjDA+f}M(-SpBjMjdJADRs;XjY^t
z7t0#Cq@OrC8kBX%?6<;}*YTb%8Bjw-Ooc~2L1CUb9F-b>Fk%{8hroyote)L=gS`z^
zvsfIOQX|U>A^}TL$cGBy)Id`?9Ytcz;1Imu>^ORN@ja(5y7&<3pb*hii3;J1D1MI{
z8zN3)h0yKJ;9%l+i%d3&4AHRddeC<pkE!t$>N1_eS1Ehe_dX1nJ(-47s}2vT#p+%^
zsVua;Gpiqe)SGp0YwF&2DRnQ8^0~aOm&W4ED0<&*!3W%|@5MlrTE(i=_r4=*MH~f^
z^M+7=i}Ds-q;qQD6m-!n4d9ahR)>y{kOwcL{Y{_~Yx0_{30=GFdTt9kHkJ{(`f@uf
zAQrhu7~DJ&iPZ|&(OVNbyq|#lw^SfAy5Kd>orrXQdvs*46Gz~K8YEU-z>G@xovNu;
z{mAhpy^<ICdL|J%#Leo5%`i>|!URy1q-+2q{Up|a^zs~d--~13T~_b^tTNsMm2s<6
z>$H3RQ%*IovdY+L^qbA?7>R8uCU}8{lB4*ZYm9OB!k;(qy;}>LO{cBbOEv6$+6e8H
zwa~$Tbg8)QOc+mZDAmm~!&<Of$3vjb0k>`9yg;r#y~!P+ym*btsLb_RqMl>5iuy~m
zA#MD<pk_zbtU36H#&<Q)`K{vqtn9X`Tab(ct6YGL@2Z?|#%nd1Up-x*OsA195mTx(
z)8CU#ZB<BnpFCfaF#1Y{3rPucnA)nh>w)8c*-K&SQ@UjMIwp@$G7WEFCBtd4$9<^0
zTdgVl<+d8N?W9?JEQ-e|8Fz8pi0%<pIa@^k&KA-=NzcUh<UO*8uqiESd9ro!E+JZ(
zBpWiHhBn)VbkUQ!w$+vUp>l7~z>}E+&z<;CvNlIxIXQ_Ff7=Il)#D4hO6~iV{DB33
zueF4dq~3E|Uh657#6)^WPOd(k^0dcG$nW6Sd0=66E37vfy=^mqn|bG@p3?9FzJ7Q1
zA4MK_$Dcm_w5ZMnRw}9h?XOR+&hlP>xms6ezg)a~3>QCres?uzVL{@=m2;*uy1Hu4
z^nD<f+(S>{3|MwBa)@rsaGT;U5zRG!7$!+zA2lhWpTSfS3ut}!yjH8#?9_U}V=8Nu
zt4OP`$&^1UZ5}Eu8z#R0hKJLfJ;B3D7OP|hq1*AcZ4t9Fkxv-oe7^5qHY<3AIJe~@
z>a&9v-V6ZHKJn;=Fxo;*Q7~I+9+d?#@YL!{6M#n6KerKvp_>(=Jt;h37c>ulr-mm4
z*Bv8E1ztgpLZ5{u;6d1W_ttG>`R!hi&78fT$(|Qt61Eoid>Vgfre{E#$}Tg<W9HGD
zXgYuu>Uq-)BK>+Bj^WiD^3=g1!SOBTPRBeQ|0i#7-|W{LLFZ{>L4<)D)7VgS{G+LL
zm_h?9XuEcAJ4*b`kN<W!X+@`h%^XjXZWrTFKAuGylN9_(Jd+;XHA%+{|9TtI+*C|M
ze0MwWZ#f#R%k-WlEVIh())#BhlHgnqdlTAC->LO#y{Ah9_zOt9D$MbDXuTv7X|vXI
zot;1aAMOQhej`^l2&1#n)0#og9@qRLrthBf(?w71J)<;ez=*J<kocj0Ue-EM;c-IN
zmUZda61{18Zo{kFkNNbbkZT{^vgG->{Xo_YAG#<6><@0{40A|H<flc^dsvV=bsSr%
zmR8BP8htl(w*AyN9j~f>I-zh$y9PnilFt=_XEqL}2up?h?A;7}Sc(eihN$Sg^k%mr
zEg-iAJxXJ7##}=5yOW21yM}%x6B?`YjOpw!%kb@HzG-|>mLz7%cC13s@N5cGTu#wK
zBA0{Q!?i{0OrqhCCitcy692bm6MSF!UJ#B8^MqwdU(ocLUaj$jvwD2ww)QbU5|S90
z$pAOcw?q@50&^?0YdvS%ektOdu1E_$hGTC$(|W1J#}oJf_t3?ExFSEzXAzH+q<noB
z-k)+Zhk@3aRyNiA150Q1b{O3OdjvasgI}-08;Z^7i^4x$0zWpNhUYxs+X)=rkY4r|
zT-h6AOuXYEbOaY^^natlSa`wl?J1^Adq91}F#^OK`1j-n7t<^;l!r|^ydh?<@<MW5
zzwbZg_yc%}(~yXN3xk-_Tbow3cvY(t1hv+-k#*g75_?BnPVp?x?sLzZ2`?xwP^`j=
z2u)|YM+~HU?TznQembaj{o(lMv+mi|FK1WX#HSq#x|i?IKVI{m*yo>*|9*aw`a&z7
z9bcXNbbWdJ@uzOi4}Uukzm-FiiuwM4s!mu^c*_r&9)ya2N*_2fX)y<~aja3#sk!}r
z^9lRA9-q7ycL86`0txQWVpTbrimiU%4x8JK%f6Km%P=o}aOJcG2afU(_7p1+g>^(S
zdqfiO03C`W)E^8(GKzvhf8cvuI{Vm!0Rh^WFm&o|r|mbMFyqoqIU)b+s($dX<&6U?
z{M`z}e!bOy{~`R~)6VJA30~)*p17r_8XXxN-Sa^&j*9%}e~`Q~3|``k6gi|9QulQf
zX#}J{jYcvm@eZBUxjAdbXMF`)&~&_3$Mql8;)!Qq)(T#gvb^Z^u^_Yh@CephV`XYQ
zi-aE_=ifq~d0c$yEWb4``449wQ-1PXvcg>D7qDu78Si-PYEA!mvr{}fa?)Wn;}CBg
zlE;tiPW=yX!7(;&@sLoRU5KiOY{tud(U7O{Y?UFQx@pK-dPuezKY8&lgXs+Mc<S|m
zDJx!b-H^P!&I`D17?QCLV#L*lWbL)V4H||a&wx9T1FkV7w$HiUXFSK%A<yG0cn06Y
z317;8$66nXfOSwhJ-fOTF}Z~!_(ty4wa4HG6!+?s#~D(mlDJz4S}u|);(ysJWenic
z3R=<1kLc2kvzcS6+qbkjs|Vx|e{)(;8mS$`e6AR$#vhCT{cvbtYzL$H=<Spl)||q-
z5jEd0?e9x^jMGbj@7z;;*I)o;xGKKFomYH+dCsDV#Vc<4^^)A0tBPRZ%6aeg!eQPS
zPgt8l4SbuxBZ5U|RWCIr79|!74N7EHZ7&$Buc#N+hkV6|7P2?>GR-{FP!W?ddlS>5
z^=2%>HGF<68OYsx)8esV1F;Jj;lpD>e3?R0OWSCjY3KvuY+`dQ4rDy_mvYeE;TZ*g
z9%aE9g&OHIs&GM>Gb*cUdr6<sd@q?ZDq6_iRPHM?g?F$;%gg|Wz+d@GS9K}X!b*8n
z7MK>_$(bh9V{CTIJjxfMjacc50C*qpr_jzCu?Ua{?rmn!!ceIcPvD`75Ytq&-|&&H
zu22E%ux0cL;@MK@^`tIL&Q^~Gzmo`mJ-I1QSBhr<7pj4P(S1qyD}fvmE;l?R$Wp_9
zE^qH+JPc+t1<sX>LJNl2->0hSMMVm6ROer0kCdQGh_~5?)^hKvZ4I0}x0ZWcZEIZd
z<}!>b4vy~Sy1}TT+q|oPraiW(a2mS2J6Qcu-d=ilu(y&Qq49Y5x_!l)Od{@oa-?*@
z^NS9iet%J!9YagJh$s=I&am`4`#UdnZ2nGpAKrvm?In%l|M}oP-P>p|rtcatmRz}G
z=#vM?%F%B&-#ig{O2isv2?RCt_vnx_oZS{vU6}5~x?`{0U9*n`fw0i#6Not`VvvFt
z#!BggC{$23m?BD-E?xFDjp^8bUxg&e-*+EGi^B`7&y>w*b3E1I2;FZ0LCfUS_uvhY
zk**ouzPd-Ln(Ie-*|J<572blr3RoTuUPol-plLEP=a2)Dx@?$oj+Pwd6pg9JEPY_}
zd|wGquJ*YPIy@17I-bq_uLM|fN<m7KXvV_^d^rAi*oV`3huJ4+>Wr;_O7hlF3g(t@
zMfb3X$|LD5Vo*8K5wto-BT}h~&MaazpYrR0zT_<al4A-Q@)zQbqmeg+OA3%`!Nb72
zv3PBb##7dxrmI@;_rt3mcPj}j7EvT3yqt_qFYr?Y8n5vk{w6D!cs(C~9Y=TLH#tMf
zW#lDUVC1Jo(v_uwDHbq)GIm}Slt_l2R?k^gI6I=q8jK-8gQm#V?v(DXO>h%`TrJ-Y
zSgXwMfh3zK66nF<gv|*Jasht2^k~R~X_FF0lxqbtp0;yK*#_1S11t{4z{jOH6Gh61
zf`u*cM|mMcG|dYL*f-_zo}wSO5j^3hzM7naisAC2{whVW-|R1c<y;4-kIr?FlfxEt
z!0C<_3T9)4ZU0&bfxZJ?P}l*TzF;OfI2le-0n)%ua#3}vW;sh9GvmM)%{Yp%d%-xO
zW{zcjJD4(ysiRR=B2uns=^{O!72}De{r_hKv<2k|N63nJz!)aD1T14=Tk+<SkX4jX
zHPRJXZ*K_lF=HuzUXqCiu#pcJA4!bx!J16a7r8~VYMY7kIJ_hA)ISWMF6)A&a$~&E
z2<a<zpKDprk6hRXpx<I;mvjwWo8DviP9wR8)v)L)n5q4j?@yImKD&Vf9jhu5JS>Un
zEpX1M<Uqx&b4Ytz#5J>8e_V!HC&o?(xgE?{&S8}xCmd^k>N?Bo5*M+ay!*!{WCl6Y
znam^wY*!{Aw26Kt*{6g^c{4>D?GL>(2SI2c1N$S2%5qho)5)siqkL&{>th<TJZF;p
zS%oWszj9t`Ih4QM&sd^ZxPWJg8%kWA{Z5N2cDW2RAy+(2iq-Bezs?N3VTrjjQJOjH
z)aH^7bOaxNOY}DkaDtz)3H^${(5NTWlIBQbYROgExL6rsSu#M{5T8}9DCNqia;$ye
z9jMueLa|e%-HdXoC&e0Aw;q3>to9n0KHMV6S?Gmoa&tC$K59EwwtB^GC-doKSnw|8
zdw?5OAl7@jybAaKqVkC#M7Ih|kIG{6EKv6Ia8Rs&)$S>Mk)s_YNFw@?SzDYKy&a`q
zL-HBRWp77DVH^;(qZF$lAF!O&I5LXPei=-Uaw35WT4Ee!uP=;DKR8M=Llv~qILd3>
zD~cZGu{GR9ai4NFKhnl{#{#l-f=Q*9IAvU{2|cf1PoDNXmIu&;Maj_m{>ZY2en~tf
zO3TB4lEC?$!DCH63x7WS`S9%Yibz&kMvFr4yGSOc=6hl!$-LY`8<B5=@NR4J){{?H
zDN(BkucAz2k=Qj&s<XyNh2EaZFuBy62-(ukM>^*Xbq;x79O-dn9EY>PmwfB!fLezi
zAyH1=OLVl1n-Lp_EnsrP(EJx=468w(7|bAl<X-s08|y`1xljBuo-K<O>ZfE-jc-j&
zH-T}aypcAWM0rcI_%!C@l0(83PwGC@e@uTJ<q!jH!SDmobY<tAiH<lWgs4j35=HUm
zh|DJ#1MGG-o5U{<4`~pE>P!%aDqKE?G^EI(2s(5q2$S0Nvt!UhI0lK8#^rmuwhBvs
zrIQp(l})C$#V3sMo?O+CZu$Fhp#>hle)hy%PF)%VZ=!;?7MWUJhA9p}@7_uc``|7)
zyE+ykI{>`_Gd3Pux~G{8ROJ;G^&d{B(R5+&eONq^Pn(*Yi&h$|lWZqkFe}}0RO^#Z
z2@jAJisn#<&1z2&hi@WF-9|hdB2M9d#3N&nl0)v<=O(#{&Lua-WMm6(Bgww~L1>QP
zno}hec@0&_$uOD+H230g5RPf$FcD4kI;kZRFfJF9b61kBljPZ+Laq`9+KXpN@J&qd
zlUk7t`0}kwzfvqhMv!GPv@Hl$oRfVmIO<P{JiH(DL;v0%hNMKJEV1zN@S-w*%iYE5
z4Mo%a2--)3-qGmXJZ|5~#fP`&f9C>-oJd2>q>zr}cX`qM`045_#}SxYoPYRu_V=sf
zkLMR3<Zwk{`;>@X=_r6@8Otw`Ho!kNaxP5jn6+4(CxZ2PO6h;02U^xnYFA{8D}*$J
zhv!8+oYUaVhd~GkkjjZzM8VX5=l{Bi6dq5WZ%PiK5$22ei9`x|asIOieLD=*4c?@<
zlk^s)3u7df16td{+7{Hdu(sva!$yBQv6!hOnkH3dSb6jj!6A8SS|Pfahw4`vl|1u}
zCk0P69%sK~L$>Q^_8V&A?AC8{o>3ViCklV%$4;h*b0Tc#0Wdrya<SNdagiAoxt^P@
zi;;RIjk)fTcg%Aoh#rVV{M*p~N<YF;8izEkn(s{m0@wm0cF_@Q91aN%g83|1l~sKI
z{ANF}o%$1wW=fUEn2dr6wHK2B+#if~JY<mxC>5~kou1ur{;(t<!EfpW7u{(*9J!&D
zmH?>IqMrw2G*CUhiH?|mL0M@W-9cST^j#*0#2KaS@#$;rh{~6e_T)8b+DsPn7HGjO
zljfw#YoY>UK{Pd-dYxB+L55)>5&8u-gvf81fB=lDae&nxl~oXr%ruo#2H%skGnf1x
z3rQbWaZD|P*W-)$f-K1qB}<WO&|a)1fv4)<ra0|F)3Pg_rTP+oy%(95braE4HY-jx
zioETHwU+mUlheG9Zpbkl(firJkBM?-Ije3avk|&%@`e^`Xf<ngtKQiPnY{+cE(AEs
z@;R)^^%cj;^C10jlsZfC*ko_CbftvKE_z%_@PN|5YGE`dW*7H^rR7_21mH<N_ir&i
zbcU^Z)ZBe^g|#?;ZQ|q9nNaulnA@J^dASv0O84p=x9>C_HI?6FFrl7Bdc!THa19#9
zh!V!odRapv#i<tkfRySLCvx=fgvL3c+o|;gL21@o^>$CCRnQfsFR$a-G#cN$Nsf-h
znwXR>r{QQYAC*bz<m7Gn^&zi}CQ{;@CtNh24hv6?yO;ETNt+{RbB2z*U*G@%2jls)
z4=7P(TtQ5kNfG5d-Obfm_aiyJJb%fg6%`Q#y+XsA!GFGnn5HTi)2wgo$XAG%B9ETU
zyu*^Yl+a)TQ&%1G3gx7UPSh(~R>|AJ5Ka%GA+S0V4;SIvz@tDX79PawMc=|#^ebu~
z;@JRmLm`TP64=X_$-oHuJe+c~vVo7L*UZvvIv5Uv=xz+l108T1T<%znZG;IMbQj|?
z&~cmw(!^1O6pbNjjAJpxs#SrSlTy}zHg6YO$-Bc=a&8+HlC^m)w0EtLaOPLbRd{Xz
zYB5$FCWI1~m!$YG0^2YS;Ps}QLtG(XzhX*54v}AfoX+S2gry9tYH!DW6j9>z{R<K+
zZ#cv|KDm-8QT%*x{9m}LKS$#M?9S%{S{Ih|V>p_i^58t+1cM!ZOM=Xg_OE<Wlv4al
z3@_1<M_ULhof~+d%zM;0N8-}q@nkaO`8}+2erZ^utN5@tjCzM7po!u1kac+|7O%?a
z$M?^F<AchdNamlo(hpve1K4|A4KaJH^4m9{c@!5*FXWAtEYOSc7hMlLJmEd|AeQAI
zQ|)`|@9*he{yS5dl1l7Nu21zMxiZf4cj}=u<vRqj?xA!b2k3z}8T^v0hHJa7Wjpx4
z$uvY8&3p?yICNQnz@g8uyf)P3c~P#sNH(&6+712r6fPPG<%<e${X%S~^`b)WH}1QX
zS#zv$9=NpI7iIXDU-JW=7i<v50A6LiRZw2R7B$F+JHg!@f&~xm?(XjH&cU7F1a}Ya
z?(QDkArRah{@l5DYG!J>`emKHs$aTJ^~2h0FZcUA0<ZLw0Ow=aPlHb#S44-E!m~g*
zW;w7Y_<JJMSuSgiT(+{|ZF_yx;#+ct?x;ST#CjoSPty4L6UYnIqJ)57Sme2^<Goil
z28Q1ABc=dXT%>d_+@ak*Xf{*}&7(EwqBqqQrkaMxeG<1p*gGGFCouS#c{JdN_p6F@
z1$vE4isn6L3I}N}c5WEDr)szfvHC}u56UrDh5lVU#QQnIuhh}RsM8x(4}S14DlGb{
z@{#LD*!ULf0kxpceE+4x6r?7ua^dml$nVS?8ht>s3jDuBvLemLnxgX=)Y-qNc+;Ez
zF$Vm{7f?)J6A>W;9{|);SjdY|fO(Y3Ye|?NB>Yao9@aa^)Q@haE(j|}xN8_$-V0#L
zOaA`Eb;2CmyDS<VJN~3M4P)i4I4T$BGq1ssaBkCQ!{VH6^P&gQ$(g$;u7Z9AUg?AZ
z1q?VIK+x?mdDrfk;~}~*&(+8T4=AjWd8TSp6|re*5gkAozWQ$~4ECwwd0cXx_sDm0
z4S)BvJM93I|D=D&YdfNq==0YOvf?*I$vsr3P_&G+(po8u`hR=@f*~+OsxNXXIXzKH
zsdQLJVijw<mLg6M3f!nuGb;e|savm9QJW8V{1=K#I4<3=F6!Agya)S)u1(?yjO+It
z!9i6-A8^?{*mi2L6T6cK2(D?1zRgAg-b6Pxu;S+zO27xBrz5#1v3cAzQ0}$|T;^ZX
ze{IA+m%uaS7;tsN)<f~nCBQ`gUzfn>1&!QOiR+1t)<2g(R$~dUhxb<eADe(a5sjCu
z)#oZF#j;10lmB?<<%AW+<U84MJ!XR-^0GraxWXIteaJOB<rnj$M_w2uNdsdz{SQ8a
zhO_nyzTD3J6z*RB-la(*?dfRely`=(6M13cmPx79eM20U=NNZ<+Ktq*0!DI+t-WZc
zsFUwcvDTKTZ=yi2at2jTx2AiYzG{RJvr=_DHdG>9-78{CEit+=<?E}M`~*qx=r~a~
zlK9*5aX&o)Kb0*Hdv|NmseIGJ%_g0G7o^jY5(-7_j!B&auDIstnkrG2U-^$t7FkC~
zmn!ek5S5awl%eqIbJvwV?vQLe@kjE**16Jafzsm^L0JIeeIb`#e^si75S<TFZ(y;>
zh2(V-J5mMh&&pF4g<X0fFvV{=-El@1Zh<sm-{*X2Qyp_u_sD?QPFez^%&ha!LN!b|
z(IF^{<$q^idkHLb9kYhKw)%WDVD#S>%C7V)asT99j;1KWdxskU=?#4N%El7Mg+nkg
zic{;kQ~-^G=4?JNHZX(!SkH4;d|$4fLkN`WFqiOBsWe^rilCU3@YKgR5<@3Do8P?N
z@Ec~_=t6w?xdfh{(GIunRFeE(JQIDLv@xG<PS~F3Ej2tF9HwSqaz_mG{fMG#3oK+u
z%2B?KpZb}6hcCh4R?a9U+;Le$RLT;~?$1+x`3`I(QZ<|{c4tt~iX$Ir*R|ey^47lj
zg+#I-b9H_Nn?~Cy5izvNUs9)qPA#Qm>GNjEy`S9?3W^q9qzq6i?6neFQl)`TK4Q^=
zmo>jD&IyicA5Sqwj#NuV{OZEbjU04x&D9!HQeI}<V9k3!fr%?#l1CQHIZRjaL~ar^
zRRP>JltC0yp^k>3o(D+~sSHo3rI-8?Wb(8NZ;%!E`Yr8DTqRtLh~5Tkf4pPAZz&IK
zGe-t^_r3a*Ug}9UNcC^1n*Q07{0a3qSbmTy4~6jYCYW7w2#?|M$GTmmq!wIt)lV7Q
z7^%#8^8_n)DV`{6UPDMKv)4j#dZr<9F%D1)#3jcrViQ_>!l%0JL(d-MN-Rd6THrt&
z`O7>=X0LU^O>4aET)KwnTmN?W=6oEekZ~NKA%nh?VpQKtEk@wE0sh1A<rUGv3<{}1
zC)Fy%1zYL)P9qyFSNU9nNNG!&q*C;<N0LomLsn6_Z?}hLG$S-^UbkXfe4oJER|#+n
zHHW4wvT2kQ6rs<Jh453OkyJal<d;@Gq@=$z*FMA!Ape)HVu)g^O)fX-w!}p)WwWl<
zvL>sMc-K=#?a4S5&g!50%+J{_J6_(x97Y61;h}tcUeJ%4bYi@I%fhNrFj;=KdzT4h
zZLp0Dkgl0pUlGMo+$`G?n}x7w{Q#V|i?Ynb#!|0W>%Ww@H-ca``yz%H2DYt~ndYDZ
zy!vKl#j;2m!Bg-aWmD-D;gaHX(~0OPfdCL)8EIaS0eV^Ya|yfgHm;J?ccXI^1Ip}i
z^*=`A3-p!ScthH=Hy52g7YGh}j`Xy2$_YZd^>aJljCPc-x0S<~37Q$wmw-|B!67h2
z*mTsmo1fO}B0z#1<H|_1CR{N!Qh=<}NYZ=$G3CUpl;#^J%l#ayW(H44+3$2`o?2uI
zFB7GyK;LWd-BevA25I_`HDl|hnLR?ca{gA7sHNWO5?5$?tJ&<6;(;5GekGBGNTC*K
zsEkSu_NRGh&kPkuG4>gy9l%k`62U(WQQEsE&eWSUBom>Y_nCF^Ix)T%l?*rZJ+Z&B
zbLcB)WjwYy_dta@o_AmxM!5}ze3bs+S6r5e5)IUz>zpV#PW5^Y&FSg=RoDGE>-OtP
z-+eg_jqWO8j(YD_f~A!(W{sNoeQXr(*koCH6{{7;z`o);<8OXK06^-P^T~qJai%x+
z%FIzJx0<DSi<ugU^ca+Z(mkr{Ak6wCGGjF5W7zRmx{Ju9?#LA4esb-vWYU&=DdH;f
zR%O|nrpn26<(a3tJ1;#?P72}7_zw%Sk%szxt=0ecX9e-qI?b_s4g2F{JgbvUG-<@H
z8!}Wcz;E>;xI+-Pt`p7pocfN4o*`y=_!liLR_60X;WuNMdC|ffBbVY}{Z++EPEBd+
z?s{dR6ds!tSQ%QBRCT<vfs+)-3AqMM+S<Txh9;D~kKqN5al4>hJU)^Q3zP^XK9V0D
z3M)|kQ;8xTm%1byjWL^k?tx!IPo+PltO!VvfWIjI)E+7*!5b&8ojR`3G`)4gJ+Q16
z*R~RapWe;n+P#S#bO`76+dpVFKT*sjR0Gm7anRbli1bBTTFfLHkJ0w|`0&x{#%IDr
z|Ls>R$;Jp<-Yn8N@Knps*l1Uo$3k4}D&BDR%dm54aH7f9(YLErhy8-k*2cQNIp-N5
zG9?#v2F-h5?wwrf7@H49J!KYu<?}spmTBt9;Us5EQq*8_S|Iv3SM1Iv>Nu3ZixBR;
z*<r&0s?)hoOFw6KdSmN|+=)5;F)a9rBP)k-Q?zZ^KO^?o$%`+6^pr(qeS!k(>5%zu
zFCI)J0JWDKPqLLbpB(}E^*pqf*U%Q&_B=uge}bBT8W-YB;>;bHeg4C(FM1GlAya|u
zb)KMe{4R+<pyP96zQBxe-9AJ&67Jj&xStDj*rna&Zcgv2N$!qF4J|2MJ?|iW3LlsL
z4&TcB8c$r#@^`c&eAO!Nw%dCNHQoU^Hcdhn{VQuxfYPx6?<Y8N5N;OpDzqL@5K#=m
zsD(J6VY;E|X;y=y9j=@ap}O^*EruXDNK}M9h$8PPHQLl1uF*7t0)6J${_8>jS2g8V
z&-n~C;}l)rpeO~QP}|Kp&a-OT_BNgH#qI!3h#|{O#s^USU@FLiYBw#<hFl^hJiM6H
zs7Kl{`xJIKUePPktLmv2y=1_CMCV~A5qFL(b0M698Tc<wq)!%N!*0zs%{@aEH$`C#
zGY;`KM#}C*j6};A3&Y`W0UIW0O{RKaGsB0F5>Jx1q#p#xY-7Zx2j{x|;plEc(YH(+
z*8w@0&M*0yrp9Fj=V;ZrIO^gTOkGf-v>K*w{u#dm>{P&m&=!dWIpqLBNW7UoAT{b6
z<DYbtulzCg#wxsyQv^?*D<p7sIpG;OhabKXR^PzTT8R&MkyrgGUQztC?_38Vdfzr4
z#Ef6tgELw92oj)2EYX&%@fJD_*>H%X-nnApvlZ*&vVGc&Vva_K`18xfjY>K*6mCUa
zLMhRti7!Yvl)MqGJRbpNg8F0(4U3Udf!xDsXRXcYBunR+`TM%+8HJPfn;tOy(p^NK
zqR&`|1V@k!QOS#-_1K7oj6#`_E^XzO>X;4j>;n?k-I+X}rP?l+P|EM{J0I>b?)qi#
zy_4|6!Q=K`ifu*X)H7$cMMEz%8vVAh4GIw4zAaMdH<plY%>w|DOykxltwKeC?ww7d
zz+2>lkf<)$m4TB~wxlDJE@22Nc(r0Dg_(-H6RA_5E!V1yv-s-Mq`O*KZ=8od!dLI{
zMp>?U1e{wRRA};}hE{M?U6(-LWi^%Gq)Hz}oHMOkP%E+AL&J<0dR}8IE`4(+Yxwn;
zO1TwL_V?8@*et-7wkf<_HGJUlbemd2lLYi={dF?On$6gI$<*QPsp0T3u)7M-zG7Q{
z@=Mv<i6uQn5LwC;S^T3q^RhF>?N;`zSc>K@DFyKvG&nT3rivqqc(NtWh`A)C?bje!
z_;Ix`PgUnxX*Cw&?#W%n%#bkuC6l)K*Ix?*n;9)$K0l!4@9(UItLmduyg$Dhw6wju
ztNpvRWP(R>9j3Up*Qjo*PX6euKl`2zKQD8pJLm~)zfAvGXP$1U8}r3~dFF8E-!5_L
zo{~FSUz}-ayM1nsxwW(Vww>zVU6no4VwdIMll0tte`|N?+fBId%ab|TQkd&t@#ogf
zmUY0$VbBR!fleLRde1^gtDI{6ik{iz!#}~osy!{9m1<(xl(l)Q{Ud$VnPab+0HWjY
zEN9z!67gpP>c}CECZok8?@tr+_N>@e#*tok?v6hl1g!gqwu4^W(9096e3yr5=}Z>n
z7ZWVC2GbYMOe2#4-1tt0KLVj#+-HKh&8a3=BM@8wMBB6mAO1=9TcZnc-!z+@fsM^u
zqv~`N7tXx_T?pc%iyRae1W5f%sZLq4n*V=k$~Ub8mG}tniP=MsKju{SGkfiwQQ%Og
zIGwCrU7&`%ec9ue|E8jASJO%R@JV&R$csJuf*y8s3&&=LQ#*YgP}{9D<@#G}r%JBH
zKI;O0<=3S;>t^=8{Q%b{CXwR*#eRHlY&zkHUC`S-FZxf_%|Ko!(|+O~AxG}Ngt>o&
z=Km0e{!7@F`9~P}&j~XBC6qVvaSU+W;?j2}BNCo+#kv_tuV*@gY?=UE2Q%Yp_h~(D
z^9O58ucmyH&18>hBW`mn8%(GFAv11s4jW9X{~;@Gb9Ea`qyHg0ZgY1VOs)SRCvNjp
z8%(ADAvbRGW*bbY{~<4K^JN=Mq5mPjHuDP`OztKi-z0m-<j=-Wo1<=ZR2BU1%W_`-
zkPgYlnryonnnTruA6!j>nr-BzC%%<<XQEW2C4-`~UEyw3KzHJ*3$&|;-7Hc<X>&TW
z!vKY399Qn)p1U26N9c^ivkWn1xj@=*gUnHu?|6Y#LA3iqJ$~wflAb#A-vMRJVwoqQ
zH6KHv>(+RKlwLbB)5u{BvIyoK3x3VKQ9Q6g(guGRvUsREQLYr*SeFZSpFD#?0kdUm
zon1C8agCvblX?Qt+f`G3lR$ybyZ28BMHvW43@|V-Sg;w(23>29v63+|Ffi(tG(->u
zB#^^U^TptOn+e1-98vd?L@qcj#(@6NITrH#gzW#J5*%YT{!xgU(r7@iGojCi)=8)N
zqcbK>O{Hd6{NJ6KwwaWPJQ&!zVa?17yw(00E|(7DDO6AWYfb>apg!L3amAG-OO~Vd
z7j1=1>Pn*z42up%A+QOb%<C*ALGN>I2T0N28)*m+6<@9JNWgO&3v@Y4z1Zw<%u$ou
z>GrOlMszjSh=a0XLdT16t?>wQa(KJEgiti2+db`t?93?*kdnzQ#G+J*rz$Iaqfik=
z;Dovn<bbk;k=jGWi^rB6*-0@cg5K@l3h!8LgGBx|9kP(V%(#}l8<%1|ewgB-3dqWD
zOT}^_7%Z!yPu_?<EljWeH9<xN??RNq=0w2valM<b5zv(Dq7l<5y?eqZR(n>W4a7T@
zHp>oA9-pRU^#4PEI}2$_O#+F}q)lQKKvI+5+l3<!<vU@YJ+~EzX(o6?hExhonl4=`
z(Vc;oSqYs^Q*v)R3)(cq*?$Nt1iE%JvypuPsG$=5V06~dwX^BC(m#X*kfE(PbEi9p
z0Z75|;JXap2shztKTO~bw>@dee?@K!tnjQvKXk`FJUH}OYbdz7-mgvxT&(<1%LzVo
zR4%`P)b!@!+BZqqJ#NAQ!xJMjr;~|wauN^k=hFGyDo#?^b)%JzZ-e|7v%IVIi|n8E
zychi4$};a1-nCr2h7vX5Bi6!k($$um2?iPpCJYC<r5zTq!7<poLT%U&JNtN)*I5YG
z<_p55e<jS~EaSXrXrkc^0YNBYI%kxMuCmp(x||Z%AaxpC5_E61u^V&6<lxom)Od*3
zcvw=N_V@t^CH@Oy@}*MM0CO;yHp4nx7|w>bNgJdl{^2Dv+(BB^k9MrU)Ik?6^Q>#t
ztci@&>-@l?=u8(RvEOKg`aNauWmuPg&ET9VS+WLphyw-;z6#_^lSBMGgpdzoay&lw
z%x86H+jUr*JCc&>kVcJL1uDWQ^Zw-9wpk~qqm~8VRkMpHP?x3=0&<F{-Tj7ka^yna
zb7{DCLg&zasv~u_vj>;P%5onEv_cntZ7hMq>%NwUk-ZG=`3`<nh|CgXW^nfC9q|;#
zo*Q1)S<tcyMaBiI8g}t>2{WUp-1PVcgoGU9(qpgeG<N0DzEz#g(;rFBc|G5G$qBm`
zoT)%f7<@(d?F8`!9Z(+Y`&1blQHlKA#6{>SRb$8`*Aufk)KNqrUIh_`7F9yhkO$z&
z+wncDgle{IU9AdPh(Fe$t3j3wz0#YVt_}HRsNUPOoAc*uJca0t38Ku+eM8rZyqhY?
zOW&oLubA66;ccm+W&+hyG$oWdh2p+3BFrB57{|JAw}#${0vim2k$>$GwH!hmPocR|
z540d<Qm<@62r@=J8-%Ap*ZV2qtU}0Zhu1`30u5$-WLA2uECvq$ROi(%QPvnde7AnR
zda3yic>lE~U{3lzuG1nBcR`cV#SvvcoW>U@V#ZEvvrjDs4;q_1jgVM~f!vvyAp$Q~
zk5aR~c)tWY0c5n8aQK5USPM!eWBl#jrwy5cvL&JScZ{6i{ym{Vfhb4Gqa$Q;ff*Ld
z29Lk4f9DUWpM0MeUKzWKC?BK907dnITM+C+9gO@K>`+#Zrb)p&^jdpqM*zuuGYBRS
z0e(681Pek?U`}(w=N46rdnvWVfiFl9(`W)sV60fJ0Egj6M0WN&25wVd4>ZRv8K!N(
zmYXL{A+5DO=N0R|Az_k0vKkqxSUt|%7pg1Qn4d&x6t<|{ifV8=!K-5m0(U=rI6S?F
z-P7;sdmY$eq!1O<oNc)?@wH%u7#a0VDr39J{<J{$VjnT=UK}&PX=ZSxLD&%Cc!Db*
zfO|%10zvx}`wOT%{vUfGa9Ll7sb{K(!a<yM3IFDUX&#eD!(Xo4{DF+gIKMnclGwV9
z^IjcGV&#y`s37Zc>yzPAxgUKkmPr{i?fVi4)-Ev;_mzW-WY3$~nnXsMzneL@kQfYA
zl-<e~z4pQ)boQzhj)#Q=Wu?@bkjLJEg{Pe24T!=crRAp_&uzTNY*u}EyE`K&l)nCU
zt78sK06ovttGgpMk)H%Su0l;y&I3&x<KaI6zKvO2!VV#fF-SwQ!7vib&_5SmrMV{T
zL1O%-NG~&a>XbVU?m~5(dX!4=k{ZsDK$J)Q5BL;tku>#?WRpN>P&cA%A%>b*%!)oL
z0B>{h5=Xj4T|T$P)2$xMul;x~P%d8Mvp}p|_?z)!VbQXur0Un)W+ikBqdL3g@2Jkn
zFK+(ZU)`0Y9MC<?=lM>C8E^zFHn}j_@mlT?11k%QK%^<3>l3$J3jPTv?-mt7B9U*5
zKz?O{LH|Zh?B99hW4`10@UzIYLP$s@AlDF2tcp?48QkU^vID8PI5UCHpJzRR4n@i)
zBd`B^Zhi?o_zt-sSfg$J&S0dPy|L^Ss1Bl&Ff1h{$lxZ6oN^70d=YdwDEbm>9qLLi
zXRNke5f0&jQZZtLEn3S2NltS{q?%00Qe%34L%|U(tfMR|A0eO_A~;<^6(BwVL{jUO
zY3d5@Oj?ZZA_R;c#f_4U;VIJS^8=p#QRVt=i)%D)oweREGi=^nE|P+NT@Y&*+<U+D
zq1d^tTvE`Ew8VUA2`7s9o2in$2<}|$Fm9xE`wvWmKv**eu2@R4h?OvGHe4A5of*bh
zs1Q%71hE`<Fo6{zqxR=e!MEzb@18&ADPG9xD0x!NhR*#N;FXxp=z9248yCS8Ik-9&
zWFS;%u<?9uh&HPSuUGThnE-UMy|dK5hd_(=t`Q@BDql8`FL<(sAq&-Ao{$Do940#n
z<PJF5PTJS&s8Tcxw;$_sgj+s(Y0jl6vfT9-vHpXn*_naF;+@T%bI-287w(b*!4BlQ
zfj)3~Ts4y&=mP|)t_A4D4fw{REYrG27M;OpM3Z06lW-X>Qv~#IZ8%qH!g|Exz6&tp
zSwXvFqgNEjy1`wU1tGhX=3TaUq1|n?G^R=c;Gi{!Y}r@sXv89>lI%n+`B|aTEWc*Q
z97YJzSlSMj2KTZ$jq@`gf^ImwXchpA(j{M`MFNDgtE5G>d=^=e18fE=dhP<%;@Xx2
z1rlJXoO0kNd8(MVn<STf8=mfeW(FFdd(nO|qH(uo*HjD;W{^i0zfP4>>#xTo6POh8
z_*?yzhMpjMi$yTC{$tK2+J8!VN&U8e73WO3AFh`Nk|`rGW%L&4EjToNg@FMdrZZ%+
z4B1=za&Au?;ciTWv?|b6k`Tl&c~PIt#9>RcvH9Jfn{k)mUHpEAyW$!|5aMnq=nom?
zXtygQYb6gw;m;f?A8$G-reN&8tcpIl13{6$f?Tnv4GIf76T1UVvx_$vQq4o_?e^}Q
zYf^pNSKUa+OSS`a?_eD<Z_jHG=DN>O=OhjDu)avfFvr&$`M$cJKA9hyVW01ul^Q1M
zAwh941L9QekWb1tb(5xDIA{eaRM=bG{AHqYfx;Kyd@Mdnjd(v*WF^%G>Z#)idXHvx
zaGC2D%UHx`Mlb`BvnEHA${9Eyk`4!H5ENn9IiYy(pfP}BsvuW8%NIRj%a{HkB3zO!
zN-tT#2KLwB*k9boBbj1zm-g^c#<h3q6C`l39HO>lZdpb*j+iMaoshpA=_YYth>3xi
zvs`5Tfb)9-k=eAguZhsB`6H@?4Ho|0Bxwi)DIRb5Zc|AJX|l1~@Ox!p=(q4)9C)~P
z$kKV`OPv4*!N&F}1l){t-W@D?E8(T0f_?ORS7u;f{&QJPfZzx)7X;TpMHfj08ZK2y
zaT!Oya!M6UZh@vNHq$KHE026gva-#c=@aZjspCK$>kaj_)b}Lyd5SrBlI;$aqS^U@
zsyM#NsiI4a_kb4BOSqf)PY-jbW4h}gRSE~=4ge73S=piast~|c3g`Oz$fLO!7{wyX
zpGm8x^Wn7z>>n(V)9|LP`$IEgg*4bA@u7<yjR$F>GI^%@C^q?yRMK}wvBqjpR=p#2
zo(Q=Ky$3X#i+cyZr9Rt%V=c*rjwfZv>Yg{E7-oO@@}2rzl;wjTi}eS*K~oel#>l)Z
zB^>ZOIRqjMMgoe(ims~c3*mK*c7KDs=wu0a{`z#tpk=|SNUeSW*q_wv{lI#e-1}at
ztLNc5yVv{xOdjlDC6aAbR5-<CEM%g%o!C;f;);X@_^hl3ShJn|bnHN;axAl0qa|mm
zB(O9m?D6I|=_FOLeKIl)B%JQZsKzX^hd2OR)1#R7A}m++g$TWsXliuyh$A$VZeLld
z502p9luTn^du`2konXY|1{j@Ae&2ISEF+|&yt9)tYDkJO<0yWv10*;FS5Cyr$>OMr
z-b-2O)CO-j7UlZrKn8fKz`(tR<}=l#pI;0T<M~Q0$R>2}u-Qj`=vy9~wnO7l<cI-A
z4Z=!?F6K_0>f;~gT(tK{wL)K{-GeEW3W~|>r1i;z9?+gWl}L2eC;=N0;b!<D%_()%
zf@b`QXF&i%tA!ZWDQ2nT@w?BZd6PRyAM}X*L0di4-ecW^>*%nYoMk7NC}IGQexp)S
zU&7}b|I!$W$pe~KN75&TTHl6_2nRsU7Rh#8b^IFmsiNQ7lu^~>8y5nBMbj1@9FA6Z
z#?lT)(DE~H;)Lh!-Xs%?527wfydKB9*4Y0&%*pe$4=Z_M@2{TCgZk=)I4GQAi$`L$
za~YjhXpFa2gc90zlD#-?<Sdz*^~hj{eDuJk5e~8ps<zIWncNc<GM;t{Ef-*0<&bnX
zG@wQbBJzt{kj9yz`lf4In{4ai*SaF2J6x<p9A>|9i17!>WdA{gm5~S30?QTZsdPOC
z$u2v_GiTc0Dc+I}K%ZZT(~3Xx&huIRGB}>YurY_vY_`|Sz{{h*CTy+}4qtW4+F-2n
zjh*RC{t16?jxW}T%gLO#-v#u?;Q#tkqkhsKY&ZONPwIeDmxJX+Y(#}8UK3Gq&4v&=
zH5)T;wlWr0_cRRYs~9^tDy3Mm1Im*#%nb5-_3=5oM)~Dk=BDM`?4bGYZydoYF=0Nk
z`3Yu}u#}AP+gCb*X3I$82OXk4%u|Fklx3})7rIk@c&~hPl0yGlVlyB<NRj5CJGdRc
zgWMEyV}!FcB<+k82oIC1VZ3JA`Av$wOcc3$^YzAtt?>kX;fv$AOm8Qm-NQI{HCr>c
zj2JYIWLjs>W0Tj(Y-7;Asw2cL0WqW?%$qg&4r%|EU?uM{>HLB*<>9NWCu%;HeB#&*
z3I-GY^lUfjE)kJ^f)a46UfEFB3Qx7z$H@;>Mte{bdpv%bD&&tIXcR(O@<SqreWh&j
zU;Gf%4x9}{0(s>iBpp|90f~7eCO>ALPZR-KS2>lQoSIkBshGGG0cGx%=EhlJ$@>10
zmgXP$MdTh?3rg+i&~YOWzW5A28uH%ei#|uM@+vn?cu4iWbP2G4IUuQ2FCR!442PL0
z%U+&sF)E90JZ0Z=>&YM#=8>XabE7?!T3;o1w5CPNG?+Mvl3rp|3SI0#miVA#b((Ou
znvo%IFj1{IdYCyg%-2dPMEM6Rc3HjouUmknO^x5A6%y>+v-GNE6~M&A8fk}kk)AFY
zgWccN&(6rE;065B#Y$7GVHw6vMUgE#cd(HOoYJ7P)$u@|YYER&ElZjHol5z*<Nkfc
z-<FO><cWE2{$W+ws&8l8iyyZx7gV=3j_RYii1eWGgd1Z&$tr+~Ua8ESKc^C{MDDIz
z?&Ynn(JLa+JvXJ|tGFn|t1F$xYR7h;c*-h?1CoP;Xau~?=f&HR_5b>*1xZUR{mC(v
zZ3)ecSm%SR)!yLe_WM9g6C1|XZ#{vISwSkiM}jkGtJW7+NV}e0?s-LeSt<uZk)!+a
z(M&LN+=;HE@gtR+7M=7Mny9{o&8IAPKYVn!JVEl9dR?Fue>?2+;w=9hN*#|wO@TIL
zT0Rttp9uKXgiz5PLM*_sD5h(ego3%NP$V1!mPrs8!uh={#@E@kn<sGOXvKHaBWbrA
z7{D=#R_NyP8ooIDJe=k~St_ou!|G}+qJY8{09%7y>u+aff)?9pN}?i9T)yHODy#a*
zP(_h-%#ON*J(25Q))Ra_Y?65$l8wgO_LY4Fc?599XY@7PDQ(g_X8ap=udn&n;I4xY
zyCSU7ltKMFu@O%rG;Q>^n=+f;6eOG#;?v$*$hnzXq~Oh6a~~Q=L!G<C?kB_YM@-mT
z1oHTS80Cp(4)U1qK5Ol~-w1m)ngiu2XvAQXn@Fy(N|muG0<$=w+!kbIg~-RH5c-)L
zON;;xZg7MWnvHGi8zcJ4(XezSe&vMdJk7kZY{~Q0(L7-cE9_e?+1`!<#;}zI&~S+9
z4_XJx&`8yIc4yx=!!{Hv`tJaD|AlrBfq?OmJfyguTAw}cLzQ)C+MLV>1vGz^sI0kM
z)6FEY#PK<PhtXzXvzVsL(#6+G_Yp|(S$TjiGIZkWh)=%sSIv0t@zikka=ZY`2i$}L
z>E%?tzzh-CEw?s9*4)wE{He*SCO8=*ED?kDWXze1P|*<js=+~J%R>C|g~?g<5>=y9
zye3TcT-1xl#I@%}J1bAVPQO<w*LrV(g!5(#US_)dEr3?sfc+@5V|<x~s@3Qy69lY~
z3`H+M=5Ly)75Sp_l~H(8Ja+SKtVcgw8$9g2c}BEdIN+~~LrRUJk=5HsPcl~(+r0|V
z5oacLyba-P>K&Enml|nOgBBwnSlqc~F|6&XXh?%WI;#a@m+hwh@{n^5#0YxozBzU|
zV9gG;I?GmgABNOKBb)1qj#0>=-v9{36(@C_y5roVp?=;FOT5N*SRY-(Scepow9zQo
zN?;<O_o9hKQG@vh8ALMi(m0Z}G3IXIS6w5Cc+>C}ZQ3gGc7`AI7jJIr#K#K#$5^CA
zf-djS&-q~Lx#)p+i5=d1Yn^nRi!zEDq3b>d4z+t-4WU&k6VB{lW3bBgr~o*9`Y$~X
zsscL1kyAvQ05lM-IrXM}&u9leiLi1)Q8!o<vAK3UjM{I{KBTT6)=;)Q;dw?;<=#~0
z2DjzSk+s?S^~vn9&0z6SHpfyjg<O!xWf5$;65&X50Yk}lDnd+fHFnX&#vEXd3)6<T
z7`5-J8WNx?Pgtvff8)5_rT~{t&GO;bx2VyUp}cTeg+6*n(LjPO47XsrN~NDLy9=h}
zC!EUY1601nI)%3M{7Tbct(Zr;`xE5SDd=IM93lOl4Li-(EkBPaH7gyQ9yx8x?6u~O
z<~&~8>g>GW?Yv5OkG_A{`1l3mMn-W`Sr{>ltNe!FT&|1%3u*4Mjt-=I(r|<l)9V)x
z&nRSdpy7NE@aQX(S;sWuv<;Rlq(R+qlP^ldw#Ab`+;$th$B?LaqvT*yJ%*j{hRQxw
zl*AfTm|3l6>WJLfbV`mQ3Pda@ju2HlDLD?FwOogsmsv<@7UnODzU1)U=B=}(g?emb
ze%xZ0vg?QMOAQW#&jzMi{-qoSO)s*Uqa?d2WzadSyGO^IDwP`VTA4F{z}+J<L&22@
z#Jky(<x8iHRtn>5=chf49va1uv+kF>%|LfSZM-8|jRXy^7xv-FXDKYPmGqlZ+I5xM
z=`k@39cU_2hF*iK6j0N-hZ1JV<T67fN-@N+22|c)Y=1nb{cAIIjp2qvu<aO%#;;m9
zvo$@vDKn95EC>&o*CrX1Auc6LQiX{Ge63li@B?-RV5BN{^a#la+vgu?<@cqdgWF}I
z#9xCFmgPFFy%)^P7f<`}ckR(smL=V!R1;#hxs|QtNdJoc$)I*>kl0RrbonOpasu4u
z3-ba>A}FXG=YWMcP>WMT$*SVwEw=8$Nw8B9zi*;m@on=k3kfnrIQe_Yj%9{P00q06
zI;d$EZFDAdsNe|R)|Sq$HkX28IjJDhz&fc0E%|U4)5NzjD;RGAh*!h81V0n`Iqr(f
zn*XIUcm&Q~W523>@z6f$eM7P=cZ)AyRlB`nOfO&&0)Vm;IPO|rfTH5`4m3!H4J(wv
z2^x_V`&}Ir%J^Is4DHQ8s7l5<_G_iH(z*FvG_4@Dgv~s;Dtip;G3cR{HR*T#ow28u
zvymg8MjEnBeJ>4-v(<D!a<||Y5KG=Pw2H#Fz{CV|NWbL2*tFhUSY-rwUeQd&G8kZO
z=fZq6G=KtpW4G{;Tz3dsF23D8n)M}?D1iX4*98;jsT!{xE!by7HSr}IE<A<OY@f0k
z!wrL5Lvme&gxwOPd%jbMbrRHo58V{!01gI7nr*RCbfp<;Hv2~^^Si$6=lKPy84=ON
z1ybF5#oTQC=(+Qn$vi)ZGOsbx=AKFyy(SNF695a4$EQ_}uRaMy|LR9T=QnY3Usw&x
z=Ga;MvxxY`Z5A-LpKK`RSe!X%C>Y;TIjQTu_WA0_wzTRghJ)WqR<m)la;0BOROa@|
z4c?tz5F7>y!Bg38Yg93Ib+o`@bN9Tt^EF#}L3?%Ud&d-na7qh1Z{{?1`t`ug<e86;
z43PLGE-uE+973@&R~}6*Vw}neB&wdp5SQTSFm$>_ov;gic6Mo?*d1L5X+9KJ{)J|J
zm9_UGrl^1a8bmJ%d6tcEDyYa#HT6YO_nE(ViAy82FbA2|u;U04Q|zWeDYD#2PZsOq
z=F*bt>9F7Q1Alktr1YF}h*1q1I_17z5%_9l*Y-(W)B~g*%!&LElp!kBKeuF~id)Bs
z<5v!I5G)9&qUaNxaQ35rfmvJU+}rt^B%UN~<}!KpP}XcmfuAPI{PnSxP_;IYO#$lx
zEv)>+XQ}ekbwAZ4vng$vnZJx~T_@gd%Tz~Om_Z8%6JU`((K<P}v7pW%Qij(q0G^Ge
z&VPl#EgBSH<jEF!Rxgqlz(}w8_XnPv7~0xz8$nFe%0@IVSelrUi_LpN-IcaX8afCW
zMX!<<GsciM{7X1#zPoI?-AOrFT(CO1wxCYd$M+>%r*9YVq;*1pbcRsIGv7)GSmlUF
z)zE-w!JR2Vw=5;`9P<c2qx5xO0hXrLymc`S)=Z<D!n#XhU>=?ht}kd;Uc5me3F}30
zxzrYnfh@zFm1hk1f?cOfdUrup=Qnw_Bl!x91{*Y?tBIfCpsW^oyDoQ%)7GKj;WVLq
z23jw^FB=a$NmW!pvz?P5mC<t@jqkmarq9MQ{<cMlN_h()ZStAs98|jla0Qeo4bX@$
z(&FluC)b6XcbP1Aj%4h$gWjgd43x7b*ro<GyBaXT4I7lSlS*RE|0Oo#Flyk)pnri-
zN+$`fE1t;?vQWIVXdhsCBb5ILN?J9h6GNrTV;pTVetusKwWyien0|JRBFq*Fw;o&5
zEhIr$aGh=Q^~pOvw=h}+WL}9~+q+u2wiH~E^5zG6>vngNl(C?Vzb4%2Wp2I)r>KUz
zIt<;_P7d<i64_vYciFJ07)CUy=VFz7D`%#*^0B>;XrZ;6yUz7-A9uA~=t7ag7lW9y
znh@5n&W2;XqkI69(WRo8bbPgWxI=8!U}O!EDm8;?|1H)3qkrNRur>5CMHE@L)KX!v
z77p9R6-NL`Qa_kksO?d}IHLT1=!kZQ#aJLCSYIj7q4{QK|8YQ&w>|7d<pvW!+8W@Z
zuW_S?(p0mqfCQ(vxz@^wNSRp)8`RfPD@NoupRy3vUS|+d<rBn!hlPel)2{sSq49R`
z+B0%S-Kbd(y}nikOvr|pVM9`s%?f2A7j-@uM<l3u{M^W7#vIqvExW(_+9rGs)+lDB
zTB3TAINe{cabNW^s?9MG<D75NY(nUk>Zxs{%o1=Jc*@C@uzVvnQz=R}%$a!aixTig
z`a>`d?b;$b;suT8_-!?^=l67o!gq>YI=v3eYQC$WbLuu%z$>u)p7Jsts&7lLV)K1^
z`GV|aGPIR>(7+sN^CT9U(;ps|Lwka{HjqOd6D?}pake_L=rWOb#mfT5D%3O*OGK3A
z5rI@XCt<jfLQkodQ65KiE&vgFoFXIJn5WIFSdqWR!!1^wpgkGNPNvt6k#_cP<yhO8
zC91j#FKbmgfEH7+1Ld%yfQnGsrXOz@u9ma}R;nSI-g)({dz0=jeTmymgex||cecN9
zT{DjJ&C1U+avxm}zHEmA598j6SVoP#*pQFvn640O0(g|3VDqqnEN5T?-XpdSEZ~us
zqUJgrcyenN%hjyMxoL?O6(IIjJ6~$ntUa65>w5J=!23nN>S)BquAJRr{e>ybi|eoT
z{zW3Jff467PM`I~@0nRqV9f!VQwRQJN9wY<^s>5+`fYC9EZ21m70Aw=JPbAjS+IZb
z&SDz#Vs(u<vyAcdFswgl&jVizo<7k1yEQ)+eQ$<$?vNw$>;KJf*~-VLL93+d6pU%*
zGQOd=1|--<y||g7&VpHff13-|QBe~3?tMbk&K`4uweml)v5Xd(Spgx=Rq>a^zgCfV
z{#07Sq}NF^<WJ4=5&}dMilbde$UlRu=Q+J75*PQk4^vkHo>i4%@=QYp#x3EySFxr0
z+0(-t#KDdsxhY|lUcd2O=wPQF4LU#fJ_*1SWkBE<5dRg(fBzH6f57C^wxff<_JrYo
srZRz;N&i2pc^w!S_CGEC|6WCbC+MJ`Ifx*fpPx*iFVKHDK>ter2j^8Cw*UYD

literal 77845
zcmaI6V~nj^)HK?*ciXn@-i_V1ZQHhcw{6?DZQHi(?%U@*=lybT^5rJ$&wAFV8ug4Z
zla<sgSqWeeWB>pF2!Kk1dd+?+?*(}nKmg(gNC3p2r&fAq)`~_}ww8L1MzrP*Hr5wj
z7Aotab2rb&DknEr9Gb#lI*<n(_0vc&y%;bc8KXvwWU+-!h$C?#ae(#h-=CLf;R|hT
zpb)VUJP!UekA-DzZ9kv3^X>0^a;oo}2MOj`Wo;^|<SxEPZ5yjuvh-h*OGBpqmOcvY
z*{!AuE~FQk&5IRm&K8f(m0K%}GYj@dvev$&3KI9TM~TNP-!^}Oo}7lCZp*i0&r_pd
zH<?+_Z}7Z$_`8fvc^|%QKCt*^jlT-_1^CzPV4$TOzmq)W%>PzJ+j_9hc@00(b2F`H
zvte?5r<rH5%}PT5Cccb|A_IsAr_o|xni$@s;ti0+;HYBkVd2*5r>VZY#;dB{asMXy
zEybeJ@2eLhSVJwc?D-ea%Rl?|p2Gi#XPf1c;T%1N@zTIB`cvYg4w0K>Ml@aR>pG2v
zsPW4-_IN@Qr_(8O)zQi;-sQG<Mm~ePf<(q;k^<P|aNssEH3UWpW6E<-c;t8R9v77C
zpV<wu$>(Z@qpWIAK4Yx~TH4H1qXpZ=H7rH0IZZ(q+s5nkzjuffMVGIlOgTz}-9lr}
z8pEAWMQKsy*dy0tmxZM|ltsnpBP=$y$wbSkF?+)v;<9={exEvb&)t@`ahIbrEYiLH
zj&H#Ca95UAkJyorOzcpHT7&x^y&(e%<}8DPJrF(AzUbh{d`<Mgdp70fBjgt4AD?G$
zZ`sf>sCJV>6!Gnbwx1*K@|G|Jdd~(X6&I^%EYDJ#{rMr91rJi2PTVF3RA{bMDXew6
zzj+R(i&oiTaE{yL0-W&}O?NA}G6|DoCKQ%vJttY|(W>au{@645@55}2@K1@9ybeHQ
zwwmfskxqxm;CEUxFE0e6A_bxW?Lxq!Am(iQtNVaRRaM4?l%M;66~1h6<Q`~*Nhm2t
zp`Bw;<YiK(qz${)3_&k@ZmGfwW}U<}kqDr5A^wIr+T=*ztjNOp(A3Dh39G??$uoYm
zoW|C9+ft@a?@&@gB=eeKPJOK4L!a`JKK%S-;(u-gngn+hf|mcY%H&U`#ms2+>$jN@
zMEEG>GKj5yUfE3*JN~4oMZ_?4Z~USFlq%*g<zpu3Ot|Ws^<Z|s!R3g7$eu2U;!U>N
zj41*_lICWY;LD|vlGFSnX)BlZ+(l>3wUVZFx5oKWtbFOtS4vA!%Mca>z1-hP*4p@9
zM`>T&JJ~$Yt-K5Ss7N=nWs=VXSi|@`G+L6ea0=A~<}EO&N-E9vzM4vCi&bXUR!W(x
zM><SGg?nklNauu@W<>T!oI{ew!2P#3jTQ~0lGiqSAIe-#zGg~ViyKOJe{yrQWM@>d
zQWwP*e-i*vH=uANn1+-Gu9ABrHpU%n9szAxiQm&wyq2xH7hX2Fm{-1)s99WJ!CADY
z&6X~vTfv$|9!*WnjO=Y5?YpTId6;ckDG#*Ui;mn|*Sl{e3Y5}cH=*8GOQgA&i9M99
zZY`!a1~*wOoZ)aUuHks8&bx57Lqu}+<G>o-TA$x`P|bHTUpG<iX>kxAxHT*BT#M%_
zrnsy_yEfBIwig^c)ohuaaS2x%<YZ#b1wX1AG}mjbZ!M;^S8H3jG$=ELyR6ITGKo6U
zO}1Z_S%OjgL!$K`3D*w^(LW?5o7gNa=j*P*xtHqoMhg}to%zdW>yw;)Nm9l0B__Al
z$N%YY{$Cvm|4}rf-CQ*>U&qDeXAV&<V4F2w#wu4wJ{T7-nOR*gIWn)|I6G^1nw#cR
zZ*6)5Z6%&)r@1tj?`i#`!{r_HrV2(p$nAL%Xv>S_A0ailERRXERV-<h&Xx6_P}P*@
zn5>pC%>E*o?wzrN?bW!`?Tnie_gCeAT~**9-L|~`cOEXNH&;>r=x}!k<rm7t1W@d!
zzgjwrB#%jbx|;fL51XZ-E{8EO$D5gFZYofPeI4!XzAi3>ZpjJE>YQM94O;y-mdo@J
zE95r9ewIeJS6BawtNahQ`5!JkSsI#^?Ch@nSHVe5rAvg>1EmI^A>FbmbaVq2@munC
zc8Q7+yQrR=Za|(k54gmxVnzU(bv4S04$&Wqg#1iPn%NO%Pb`_5e$x4FZg7>xLDG;v
zfN<V`9+vX#D91a0(k)?MwOG|18}cvV&fW8al?KZ(l~G_}>_DcBn_#^Cy;xJf4mn!N
zB3U`8p=@uUSIpx3O4-5b*32zNt{Z3bOkEV0G5d`N)@CCy1MJ(iZA=_)eqA(;KG03~
zDp@s;>dE;A==6A}BTEl*xXuP^2zn1kq87@YRgOq9$wvCULiMLw{o(G-N|*e;!`56Z
zO2<Y8Wq$#^XcPONSFvhmIe6YQm4hloOgV$qn*uCBpOPd~--mSGGJH!u-YIL^I;bJ<
z>7~=XmVzqY!|pJ>uO#Sx7Y>&vm(wj{3*r#bBE6JU`2jp_{|jK<`40dt{VxEzil7@@
zB>W6EKTJK}xiXg}q%moW)f}gRr>t|%Ik??@(=^BU2+aPc=k9+!cmJcn`;UU?hvJvW
zPtQi_N)F4@#->^R#>-i%N>qW>IYy2b$fv#kdhh=SWcv@u^#jEF2N<$mE2a#cYYETv
zQ|^55U!Q~j%4Pm3H=#wn9A!CtKKN%EUzDt)<^%~iJohVuzb;09#_e;JSH{Efvn1>e
zS3nQ@f4A#lFZIg9p`IXMb}>MzMiXey^}aLnZ~f1DE=T`cPgchNtY^2k8Hj8<Ep@A5
zWJ-d{K_veb#KWHPbKJpJ$-~}W6?ta|t%i&&NWl(HyMb&uVLLwmkAfGe96OT>bDGT0
zFaMq}GP3_p*#B2ULlw&d4)8SH!&nb~-`4IFf?$V%C6-_(!vH0b1{hy&R>r?4AS>g)
z6EG^a+u$2OXJU&u^70AOdY_PvH?Zu+#us`hAOpfc;Ea{uG&^Szxl5&J5uJv~>Vzp=
z8KvGob%G+St72OicByE8-FK)X_DJLBhisG%O`dL^Sty^BfPKX*H{4_KQq;xNmt<(6
zIv+t=rf2$S6__iqCL2{Zt&d(Ps|*HAG1i1C%erVTT1ZV%+HD@$gs832bThLDYOGNW
zD`%l-VUDxE2qDOVd1jyBg&LG8poRfcK)$a1dsWdYNnA~SZpAuZg{b4mY(IApIvY;&
zb9TwRk^t8RHfIioV~jVPP%O6s224KTk~+uI{6LV>NK9;jl{4S!Qpq_+vy(<-)dZ4L
z^xu-rAJPS!SH-cp`x@8Ss!q%+LprB3oFA5PV^=66Bl?)Ui*nEesZ9#$f5civ(<{DN
zH$iG|C*@z%Th0}&f+3-c$~l_=8Y#HYD^N&?3-qvoOd8{Lm@yxczf-4&n9cnL`g!3i
z+8oQXDfNG(w3%Xq;x~ezK|miSB-BsWl_nZviR$7v%a_pMTfK2qJTwAPhy%_8oo=Hl
zA5)LX$}jLv6O=H&{{{l(IHT1JMNtil%|ouy<9?|e!e8&r5&OG-%#jmMib5<KlYf;r
zsQUJr=y*1FPX$8HgPWpc5Ob+Nqb(-iT=tj(17*LU)qpR-rx7cy<=&JxkKyO0b*>BD
z-V_jdnI?A)V`25VC_3MBf=eiNrrbyx&(9y#7LICkYWID*P-ypkX;ooSTerF7nBNo*
zSe84~q<xOgwPssl(Br5^CZ%-Fh=F`i(r&7kgd3kFt%VuC<<7F;*eU11!YnJ*53nda
zsUmEJb*bOu2tq_Bwpq4h%t$^W=Q6uT&7;kk*+#AHE`o<CT;G(RFJ~1BSY}p<qu3uW
zE;54NJ0kIq{?vc<|CWe8lq$X|mvmrjlOSx3an1UzuI9lO?2qk)Ml(0JFF9W-@t3uh
z;l-SJ!Tb?tp`tN;sC>=#S*f12k2~iye@a?nJGQ`D>74mrxw%QWz^T$&@{SDw;9n?9
zjr2pRlg^xtnN39o>xg=-g*Nam!gZ{IN){|X^-s8{m5X!x_j4|IqH<Oy&x>%%KrGxn
zI56rC%|(q|>QXiqI1AR1GbI$KV_sQ1EzFgqe*Xyj0T~R>l}gY_+ORq`)C13#H7Z!Z
zhm<tsFP^hlwd9|2RjO1A?}<%l{tRCEe+CcDHU)K&5t|oWbQ<|KQ-Z-|McsfoNtz|c
znWfyGsWLhBRI(*Z^UtDw>Is6{xC{R*8C%Qh^3{c76(H`c3ig3u<GIB}r~<#DJ%g{@
z?;%*=Tl$gpBHZ)dG$&djZo};d5Lj;(1JU|s$@>Cy0z4aj3R%7a10h+5z{82|^h;x@
z3IVQ3Kt*N1=L`Mql#;wAPA(#CkI|d!ARp|LTuacKGl@k9O>Jlm6-$RsZJ_8cfDhC3
z#3i+&HJ)RSb@j0$#`DcL;XxP4vZDzz$g7BZN+KAxeaFjMCm)#(s(lT>&k$Wkwl`HL
z&GyCXtSmj>NCCSt36G_Op#POOR8$nxS*&K$WIETrw(y6Iv<+6G?m{j)Q-F|xu+@>>
zmR{vqfe~c4i0M3-BUG8F)==Q8F_BLmuqsGxGSD3?jd1-&`cfBpWS?&ahm^?i7pc0s
zM6%wiV0^rxn9`j-D95zLTO+HmHkb|IaS+Ga7tBl_j9>4a6oCV(8*Yl3otXl@U%V(^
zPR{A>YzCQwv7H2I9JfT^9@{*rt>a+Tp#87O29A268(DFgC-e}d6i%O!o1^Sm<vcU=
zZ!9-7F?&?6#012T`|FYF;`9c1qcHToQ>0?G^6Mh8jGQ4N5FL;e1ZKL`QQ$v+WWUpD
zFTW=4GsE2A55$wkQv3*Y<W%`m&@W;+q-nsI8N4K%jl({tgOg6R2;;mRw^Jo+_U?~Q
zjc80RW|Y#aJ6XwGpDf+j_I0jEm%iax;H{b$>+|D}l3&xGZuU1NyQ|aJX5F-|IoXD3
z@{K0AD!)1$@?{><zZSQwe0-j_QcjGoPv-EPi=W@t`^)J9+Dh>{>mQD;9SrVzFFG5m
zrfIhx`F!fAH`iLvQ*G8v&^k3fn)|<4yFJ}qs=YQcceh=JRlr+1>E`LOBR=&kI@a6Q
zu%4fvF+cfjJQ>+jo~zcl+|N6hJl}Vd4c-g3`0i|SbS~%Jju$MaWzxH+d3`*Oy;@CE
zviY)Fbkwh{Bce0U=f#E@)gLqWm&9<qI_jsYuB`cdI9=Rrwy&S6&L`u;o$Hr*QnDx3
zE2p17hi;Yd-mIREFQ;yEmU+A0xOrR8rlsl54pu|nfg^m{=g+TpkMWGjj<#s3__#K=
z)3dMQn|8P;%D15(PwSnl-(SC8%p*=6_Po9v?W4^cZ5*E`_B|rD*ZbR=zQInM`_{Uy
z;fLzKhQD}%@3Wr7boIRWHI{kZo=UHutA|>oGka+}-aDgDxp1GW;W)9E;(OoKwy(l3
zLv5YikEZBML~LjyoA+;%tv9h@c-bImU8xOE3Z^L{5ZP&kRse8et~+RF1~DJ5pN+{p
zHz;6t-UZwrt9cuus@?a$J^_OdZ_0eW^_H^xS7yE_teyhDDm}nlpe(Vsco0KsU#JD@
zq1Uc#echaGVXai=eC#LOVJDXF^*=VxA10lFU1@So<#dp;Y9VAi*x609wSRxx7@jb&
zpGIB(bk_MSc*l6zdAjeIa^u4amid%KugPe|?BeMFPc3TR+9ox7=<?QYI`6dphHJKa
zX72FfK|LnKqe47Bd3m(fw-4KocKg=)(~%&+M)~X`w#*=axzcr{jWty{$^5GcjJ9{F
zi(dfK0#9uv@P3nH6s5h^E|`TG9dK+dH+-heA4N9@jExn!!bA&{v0`oHnKhAVxQ=^}
z)v7@E-1{u0>6)UblKlmc2}#?hv3rf>@Eujz+n@s#Bmm1|H+5WIU^!s~_)j`UQFRX1
zNPlHTYLoROz4+MHS8bW246WkEyQ>AvX|<9lC(M_m%q$%X7S{E70~xRe&x)yE)2Rv!
zQp2$>^)fBaG&q*DlC+&cCsTAo=yxOYbocKOWfVs?mQ4-|%OkzNzZGu&SdKVRZ-gFO
ze8DUi;amzjYbwnK3=|yj=u2tkw?6x%8GW9$Gl576Y}tcmm5ptw$=qgIaPv~;zMkTC
z%+vgGDZUBpZb;Q&?f^l9Yv}0`F&in-_0aGo2YUyTm0e|;03$je#3CQab`y1Y94|f6
ziBo3Cq}Ul-18Frd)a~#RxuvgU825y4Io4Qy>bk`98AcvxO0~DpkLgyRvhbyuxQ5cM
z*EP;aX$m$QD(L}-<<!qWhC3MPGsvx|)tfKUbumwZ5|W1r#>K_g+13Q_YD-Zs()rah
zSfo2?tIH!8V@rQT+oaLyG$L1Np@3Jd0CPCBAgXRSW|6{xvT;XZ%X&og2fE(XqlxvA
z7AKoP6}W4_KxP#-%`x_>C59_=2hJ+WIH?c@F-yu+0!uGIg#p_OtQ?QA3Nt0|@6me|
zM~0lGf58du7Z#A890N}O0x&)+;C>|R7)Dmqr1r^obt)t|zxADjoxZ}7TjcSDOGM5y
zXCFbeRsjb6n`PNfGc6P@QWCs3V7xalDQuQ47>q`3|20toU~Km-K_OiNOH!CSdp#_4
z|2xh!@SC}p0>=PdYH>WmDFB_{MyZ7Wr5mY*FJ+2<(s7LC;|m^M5@L#8h6Xx+v|`5I
zXe1Z7^B;pF1|>0b_YIsRYXUb{mw~!rA^p>Hw)r4RYYTVCbyDLoq*$LhWt0Ne5fz1F
z=w}}Op28>LWGK^!lRL5us{+z2o7F~L6n<wHM#`e4cN=$yxD&@y#Y0JT1QPXi4+wdI
zMWmTGfVnR}QT|QvTx3ORz+9dxi@&>fSXH+OimshV^sgfWG7Lhll_B^<OEiGF{F2b9
zf*1aa?hyL=n~a9Q%Dsx$+^W1Q@bR$DaN-m)-;!*FwWFZU6Tm`UIL~w95H|F`d;fSu
zIR-{L67`(JTS`hY`&d10KYmkw%XO?8=CvO2EIl28d~(iSE$xhJ7zRMYW1QPca<1N*
zpL9nd7VMyt*~Q21k?5g0YY}>fgSv~Y+(t<ZSmpZCL9#5_gr$gyeZ<xLdZR@Yq?pw~
z3KrNl5>EoX>!vQ%Ki(&)6yUaEY@7*Df%9hqj{&0A!=Y&Of1&cgxmg@Sw$s$Xm`a4e
zKt4g(>a*^iD_PDq)-*7^nASwQ5#=-)QEtPdZ7;6zBrTkC(Wyg#Z3N<HLHC@*@sWt=
zEVHZtCNV9{0#quh0tWQBScSYr^P^WzROrarAhWP&IxeCd_B%cS;1+>MMmJrFpbBsn
zA_8dG@un2|RV4u>3sNTQ9*9B?(5>HYZTxOgu)^Uh4_4Qk7Sy7WfzcwH;!=fhCb^8<
zgT0&+x~)xk^YdpqQMa^mQ$-au9-{vGr~<kkHZojU!JqpmPu`mh;mEkqVi3`a2aPC*
zuu*4^&q36|1J+A%<o;!P#D!P%8wNfLNf<Ibkx~o<9-rMk&<Wf@_!lQ~0)aDs79>tK
zVP{`)nLSdQfl^_0q*SJB16}CzBTPqi^dj5Fy{Ez3z1Q+X?bhtyavWS-+XA=Plvt5~
z;!WK<bHRCkn!5)tSJ||LQXQ(uhg)@qPA1gV8+AY(ckxoiA@$xjLw$GLFqM&uEbxGg
z+LRE<HzS3ZA(ET5IX%?W4-C*w2_iqRlc{25KVwU;z}_S6ot(i9Fbv;KQ_WeC)V6_l
zYOOS`(rMz7>9P$VPD{sn4N@zMU`Y;OHF8sidR<I16TWYSwCkSsi>Z;QnV{$*_!^La
z6J%BlK^dPW*>Fe++M3^C!cED{I=i`ANldJlQrXQ?0&UC&`fI&SlSzWkl`q~QAqkPN
zJ3W!GO=P#~9AGXVe5nV}tX8JasNVd6+As0se}9L^{G~-r%4xWT2RgAajE>;hwV*=C
zuv|aM9wXRvhQN!31y|@sb;d;AmK&-9LpLA+jDBH-D)KcjAaYRPV73xW-G9Zqkm}6~
zl%WRdRm94F@bZ6AHHmiEQk}mwCPXKFooO9U)eb9Z&WJM{WEN6po(R)RTL*v8-*xjo
zRh2B^uUsShSbgY}3OmCl!W&rfuk$1r!6&MtC>CC7m~5ciQDAsIg(;wdEL^4${WzbT
zv_y^Al?~icBz%a-PFq70bqTL;4?!bj5zkf!Jd<IW?tfb$X9a>85Es_t3)Mzv->(hY
zn()N4h#|v5HqOVruhsjcAw(EJ8ZdVb5P>gH97<;%)E<~%$!|x0e-9CR*{l5HGdxsN
zL2jt*!J>aSJgtHZC6g2>W1WDKJz-$<R|LucGnn8#F<WBfZ@u@#4)JhNLOvA#{4z8g
zE(oX%F3RIHW^O<{%GP8EtzV(*08youT~pyA@IG-pX)yrbdIBN1JUt-vx?Mf}?#xP*
zfvRcVd-H(=CxEGcp)8Q|9rI#mCRh|(x-`zR4v37Y>`~yjAV98AfhRyyRkS~Zw@o}d
z&T-_>RQK;n0Swh#Ly-0Kr$$$EqX-r1dIGiCi(WgFH=9eK-c(aVtKGy?m_k?fIdTCR
zCIXFVBvSfn+zW5FzpFidt}6#%{P7H>YW*3tt*#NAf1zH&#N{IZnVg@e51Hp!mqZ!U
z$Vqc)!sno?nCNa1BzH_Pc0en@(={kEY36L@Lg7^htm8Q9#*9YYI(Gi76@)uV81TEO
z#rtO+mKFy7F>Kp+q~;`Rl{m$w!!`l0Qv=gp=jKDfv$&d`W~5|-wN(4PCGcW@l}6_q
zl;uVXj5H@$h+rDn*%sQ8P6<x3$SCHkJ7I^SKo^aT!W48A<&Zoy%?~lmGF*gAAP&+e
zt(MG92NIQd%p4Pp|Jd4b&Ph-kq+4xo)I<^F?dIV3QHc!Xtz4*1zQg{z5rG}W0$eNN
zxx|%z1neDmQ)F`W1JM_QGb*Sd0`^6ujJi&i<vMmjkp>ZAo~xzbxv^3W1vt+@VkMbK
zB-NOdZ$g;`J5+d75q5|rE#5WLZTUfWO>weHu;Zxx$-U`HvL*uobyI2Dq`xQsPz+Ah
ztq4A2qyinp@Ru-$i?R3N!At~}>XHW?2zD9VbC7KQU%)iew?ec0?HFWy67`5EIUa=I
zuyyCMpx%30_={wG)6{Ep3}A52j4FjjuO33osM?R}3<VHXI8BwQ?^=MgVr@$>G8^x!
z!XnpZl|tW`m+G@#-Hg?8SJg6?*dyUrzG(94XnLQlQ$+150^m?Hlc50WWM>($5NU(!
z%2(dyT9opo((?#O=*-kNa24@MzIxhyG8!LyB~lO^m8+%-b-xaT*js@PdfGO-s`BFC
zDydUM<odhB2bMH=%4UWWzc%O*7#mSUVwrB<#u;RIyJT!agkV8ME^L^nVmbZj`C{Ut
zI(Ik{{RO*douR#hAPA=#;P)uKsEISZTjT!U=X_z3UgivQjXb+IMz4JXuBnCybP?pK
z0JjExD0FZU2~1;jz{DNYCv}4MS~SP*Rd;AD^($eQ=A(i+e&wJ~)Z?w7@K;<FsIRPa
zTnIX~2L77@uAzY3Ma${R(yVBaqiP^46z-5WHB=ZLU;}FJ_w*GHX82V6av4Er1xa*d
zWEZHuXyVYj=KgnPyO7WL+~s$Y+!E2R&z>zKtaKf#_Cp@7SCd`}K0O%M_{7}Y4j`^W
z@hF3T4}woa3JQy{`|jULS%`@q=1cNlF++Q)8<?uyeMfG&yG9`~Wbk$z)dxc8>bb<k
zjhy!HZ$7ra2!HN7$tk|&M*J9woF~Vs#Sv0)Q8^%Rjk=8y4>~};F)V;(kTrphBwmbV
zVA_Uki1=4x^`j(o_PcA>_*nqykl0~5XX$#w6_6&vb!JMoZU!OS24$>1Y*d$k;@Drd
zZ@v;%l&Aph79a=~5DZxU=84Pg$|!-AjsYkD!lAfNr3g`}MoXJ~f$Axu&kB5`P?}}i
z(o(m9JcFmhHaWC6;dULd+3&IyA^O0abCl$T#qWpynb<?)c4hSxyL$Lc)IPwy!<GaR
z+4-Oi%kF_U!~gR_Xn&5j;fwN$^Mn*R69{J@)3=HoDAN}K<pToh&aX-oga3ipC**|)
z0Q-*GvDX~8>*6^s8Uz3FL>crN+^^C-XmDtoEA*kM`XQxEj#ZU}afGVe4MF(F_LbgJ
zsD~c0m!B3-f*U4m%wWa0sMm#GHj;<1XsE9rm|+Dv6zP?Q87H!zkY@mQaOF=#9F!~R
z9ev3Rd|rxeFMWYnObT;H=)^CgH**9?DuS0kxCJQ040yA74{}8}hxc-k8{sa<hKdk2
zBl+><b_&{-)+K!~vY^H)96H5YmC3rYEa{L+e!UCG+VX<VxyetZa@w-L462G?Dkvi|
z$3ny+VgIJ(d<L*ccP-Fq93O1Ue;HU{yYK61ZU@eCDAIs*3+Rn&&Es1IT;HmRsKe=N
z<aHKdTI_uFz!N|TA*2!$0uPXUBF%>rO9Jg6d-JI4T#&K8=Y}2h=k%qvU__4#vmV!z
zz!Y{<#%aQal?MkZ0_T+mic=DWQ_2%4MG?!%<<IcCsvk*3)R7rodA;*JWe~gAkxKUH
zcKg-1zff@`n&JB{V2?0_Pn{mIOb9>GSjw)*1}hI{6QWxFt(V$Xt@Z>?ddB&f%Ag9Q
zEff7~`vu~OXDS8Ojp?U+s9P$BkIM~ezfyC7QA01*AI$^Zr|>es3+qh`CF@3YK`0Vv
zUz0CkWdFj%$rCuK%que>Quh{kEyI|J^a10P+F}PmNpr`w4vnx={nxb|5oQsDlEJH|
zS1w<dJLMJ4R`;~acL4WTh8?!=-0`+uiEF?`NtG-}hM(hrL4N461HO5J=~r|D&l|Kt
z>&MD|R*N%djqRXG*xsIVwJgycyEa7=0hV%jcW4Tx+>E|PX>A^~3yT|cI5gDN!htgJ
zZFLbhYDC(KF#&_k-n77HY-cj~8S(KYP_qAk)81)7e2cMWVnI!sI6aFPA`ARE_;?s-
z{Ue6rAIs!>GGq)nC4z!ZWJS>Kz)aVT6%`7j+3D?OuhBHZ*2?#J_^z03MRZR;C|!4`
z?gG^v{axqB{1*IM>Mq3hk?`3%rno|_=%o?~?dYbRJn1;m#tx4;d|;8i%{+@)?oTAC
zh6<ifpg^KSv>*XP>u+$JFzV#aMmn_R*BN9<aA-P74>$l+tprk(y+?MW15m!?wa=`D
zOH-qO7zavKT7+Y}6P18x{BP6-dqlp;?$3&iDH(ff9x9B>jP)sE4{0|_w2lM9mQUm>
zfFgpH>cq{rUsUTE$f*)e@49obn0z69haTsPq8+w;-DzLZsGE)|=GS<4)-6<x$Mb)g
z-@6tfoez<;?nt>>Z;rv!F~V(XsL*`3_R`PCKy`h3?V92aw{G*!VaBvgsM)c!?4QGQ
zi~hFYGx?X5xwYPqw%Je4@^8U99y)vBJKbxJmeZ|b9gl$$VVJ8R;(rdZO(d34%b;#h
zt5n&g_~dJrdg)MiiB%aslKTW`w)zU?i<R3)h;E^ife%V(*MRqWjvu<$9=en6ioRwW
z)P50sTj$ml-uATvNr39!vS3dW1e6i-!E;p=J>Pe{1B@#TKr>DzUuTYWf7{$1LX3mn
z1-!`&jjI>}jDnng!z6)6=W1i(4#GrJx5e)9g>3Q*e3i%bhF?2TYuzdbc@9$M=;Ix}
z`g>rFEB|JEW=T5#dbR51i98(272TXB*Zb};EF{ayRHf|F|4SF`Trf7B`vHflGoyCJ
zozRj}uLv+@NP9r713#uY@XBPdZ;%?!CK1ek)RWdA?>Xwu&rM#t06q91fO{#Lm@P<0
z9EG5CkS)s9tVly%rxKoY%=M1%R%qIK5W|I}JUe9_OC>Z;qOf<Np%m2xu8BbjIV+*;
zbU{5MKaK(eFHMF;@##R`ax<g$htPbt_oeQW4q93xi6#a$`{A9!(yHihl0Zod!WaQg
z>8%3<VW>d)*gFu|Tu^l@<8YlgKP~`!O}WNxJ7-KcAz*|@^;HarU?*qDFR+}l0L+$i
zD8X2}Yb9`f7alyY?!KQ}V=lcEm8M;Z_G;@TJ%F-!j+XnfBJQiUK8k3MYWJ~k>$We+
zdax>1%-tp`B(M71$PaTp_7*0p;GGNmt5o+z1G@sZKW=#mPWZw3_!<eI!UR*~(4l=3
za&v%V4u)p;!yzPH2ZbCiVQajY^NkO4Dlfi9ZNwO2m)QoRv^naD1f%_^lu)QO8L4t=
z8~7aEs!G?uh88pL&3{FFTdHMjVm!{%7Bfi_d3tX2KbrfhYoK#aQK&Vl8yVgrp=J`H
zscZCiTRTE?ehpaaZ*waLbw-bwXuk#`(l?TJL@3SUV95?jnoKxmAJX^3*TSjZ|KuBz
zmf#K;6cVMqw6rQK%gTeh#Jk9u);}zQX(2SKYK0lk<IA)rmsjLKhYKr1QDAN#c|jXZ
zKxEoX4cAB;R&-%01ujhwKkI$1U*d(^41t;<ddv*l@hPRyYnF_?>S<9s#PB90SH2D^
zBsu=tA!O6_e(VS)l=b<cYUGyM`aNJ|jo<f3yRt`u5*Db@J!)BYE)>zWF$9&D{?(xS
zsB*BO0@8#KC&$1wpS6_;-n=v25~*Sttus<~gc}Es7avREsNYNPLTNO>Uk<V|t;((V
zCw3%axHjg<+8}w2B;i5mLH3I~NdNeVKqj}}67I5*qc@}Na5KWEHC^?aYk|9AQ+YZ{
zI!))uX01Qkh3T`)+Faz=sq=gTyE!6>;kx1Nekzi8*5*ycqxti5)59Pyy)$3JXC-s%
z+y=h73+AlI`(bMC$7hZl1+RZzYU6EpUH<+Ut#h<Et}^K|%hr0ZzTJj<U;nr}-Ryj_
za|!m@#?isqdFqnv_GEktsl2tmHn-W>-nMuE@4Ow|(cNk{zdotFpSrmW(TTc@cmE#g
z_VaF(InGq5=i#&Z;(h<P&3r!0)ARmv-Sal<Y-iwgu96|c88=;YiP9i*dbpk9Y;SA-
z{5ah>?eywiZ?9sLp<SEQe%AG7v}xwue#RPB@j7W<&2Huz4$yvoIlF&3DC6VmEQvS4
zyMm|xx|FVN56SjP$xQKRZuz=!^s(`7lUeh>E~xOPTPU7h>%2OC-!Eq<nhtw@ogd{X
zn(dt3WQx9K@V0?JU;Dz!S%<WE@8UzBe#3izMxXLnBl8P-1hvw7KUgj9+U~~O=X3&V
zzqxwmExLBy=;l1JRh0p|Ht}kwYa;4fJx%56&cNwxW!{P!)@gHcpnuuGZ`rAh$&KeN
zrWf96LC^zsrSG_J`;BHX)4iRZd1F`1?0XG;y4d|T!`XEf`Th)!p44Cd^%<h(17{%k
zUfi(y>#g|;V}qi`&h=RcduXp7Vv^Rhy&v#swU?zqOYD1;;hcqDXFB}WrFx!i9d@VD
zw@AcG%yo#6`*L?D$IBh?vpY6-c&C7?>!-8lWBirLPQd!~J?HVKB|7gTlU|Sgk@?Hh
z4X$C@mb*`S!R-56*lN{t+b7q?(B}Nj)1zuexMzh>M*jYCd)O#R6yMRO3(BoL)Mm-X
zH%XaBpdq){WG8EeM!Fec#ULHx(j=QGq*7`$b>L$;mx^#yxus=>o)omWrW%(cqPhxm
z+U?(x_DERJbD8AgnY;gEXCoVO-y+W|V}JNkye{ipRy#|*b{Wmyw9#ams-dF2YL!yN
zg8v0;exGY7%c?V8Yh&prr|@_mE}P?Nl_hZ6Swg2RQbLLTvqJe+XdE5eEbXEH3Y25@
zh7tgB$$>uJIF7HiMPXgxaukbt+pQdv_m>nvKQdMbU<P?qgM#@Wu0aJ?!ow)ktomW+
zi}Vh+wy0`$<DGA^&iio_!=IGknD~ImpWDTRXV9ez@n8ZtExT{hlv*d(A6yhz!;jTr
zd@B7n^o2)4a0FCSvr$N{;I`6}WJ?&2E2-uTY-JzI1&FPYmH!3<BmGuazH7=-ic!~a
zKzA3_07v0Q8v4PtUdw`u=u&X19nf<k7i~Te9`i}4ojiLC5j2uu)sH!?dQkR%wWdk6
zCv8bFkN92BbSJbdUEI(Ap7I-$+wx(IMV3;0k?3~>V<_~}=m41*@X9m8z@=oi@Jufi
zZ58e_fmrk;yIxSV^T*T9;Vkz^A#LPN&Q8=N5cJhUTA2}9wonG=Pm|I|&{r|%Rv+!7
zEZPd!wstZ<O3b1EUkz%te+_Cq<$$gJFe$ZTmaO`12LG*dh>#BFSmU0P`cnVxHgZ={
zRo)j+$v4;(X4gIpddoq$?&ugWp|7Ekgf7`7>|_A;j8!mV^v|ecK(EHGQtZ8C6WX+t
zdPssfK<&B~h2;lX{Qo>^a@M{_HGS9#`YD=-91+SoZ1kQgzYw{>ZhDs;xz!bj(f)QK
zRBlqFgx(oT;UEfY1NT?&U=bh^o><6kh7mc1<MT%z{+PlRt6B8f!@m=eH#L+1^hX#d
zP_51Rx^t?JzN5talkGBWz$+CMse?TvVu8>=>0ZgQU?r!iAmM;*!$$4c5vk2^hQ29j
zr<Le|9~*htzO7_JOuiEnBT6tc{E`wQfEgZ+6u>(Z9rU2b$jUs5Tc}wo7+4Z&4wNK5
ze+KL@SYT@*0o~OE5=fq{>w<ovOYb~#iE#D}6(aV$f*-)oel#xnEPt1Oh};^-hk?0t
z##P{UOE<JPj^Iwdm6cVHav^h@+8e|o<!2F9iu?0k+(GV4qw13IPjh(!tuTRVh~?CO
zWdYo2hN&Pu2xQCn@>fAnLjvbc7pJsh+|^X5SrqqYQpofCSkf^KLFCj^fU3T@OQ5Yu
zdpfJm+bUQFCoNr!8N*17{317~tey$No!XYz`nq*gCGx2AsMz%n{YG=hNn8aBZODYV
z3B)BJ0fnvmHet2$iIGk{2|A1LO0HQYH$Yx#esI-S0gAVlGDIw?JYf$WFjk=jASD|O
z<-2pXM|F(=Ll0M(rl4!L)hkmet6!KD!q&weFpPea;z{*WFi8~?ScE~C@tvUbL~NA&
zuNob9K`1N(KX*2}YAQEv^dpd;<$Z$8OF1)d`SgdRBt}b^F3j{UQOI@vIq{hxVo`}B
z9q4@h@5oGQHz_@Rsx>O9_fb1k93hwf2DqG|LhgnI{z?IgKC=-vad&EHS5;dfH{i<)
zsNrT^oo+wg@}=deHA|W@ptV#QSzo>~dVHrcrrcXqN(^e;MMIZzj|h23B+LU;QvI*_
zdsVm|)qB^b7(*}q6*0y@N|GcC%%r5PC8@9@1bzdRLb#bsna0e2jAj0vt+JfLg<$mG
zdqL$j=9A@u9s1A`cEzh|a42eWNR0i$L@bi9nyPNsu!gxgK|+46+!7DZ*{S>RTa+%s
z+!JWLY2vE5y|k<bM>7g383zoxy=3&{0ihb|_lXkQ+3wZNJ*_rt>AW@$KY416GzNyt
zp3U|{1RJ*Jcz4m&6@aLf72U3h<uQhq+pnLKzH?Eysqq4e2(&9hhz?vTM%kw7>WkFJ
z2a(f_xXtO&XJvsvJhAy9a~RV`)h{w2XLh#iA0mH?V{~Ee%Yd466WXrB0E&%;#g#sm
zYlbz3J>A|@3_C<^;`l$_@+5I%P_1ONv!szEZJw?@Y-ald`WU?{VL*2n3D1wU+~KDe
zgIM0^Z;~HHixUnBO|JDG$d}&LoT?BhcoD!pLf(%C00YE$tRPO>-y<*3l@(^`C@d?X
zFglTlPPX=VWE_X0Pd|nrevBB!hm=Sgb2V0<90EIsIap81-&lI&rdn+{=s83_{F@@k
zT@N+cj|o@fWOCw}$@)5hkhI<?ibG26T`jb4OQS-V&6POJ?m~=tfpPtVAzyp)^RvH(
zPrH1<lwFw%GXfo&lp2+^nOwT+cEQfxbK1oY1gi)!5%4!#oCd~kE)!+lX;p{*>hii6
zU3H@wZ!INdhtO=4?Pv78Vo>v<0cTV*ra9th?1-B2eSO}bv4oe~8UbG7ImEKPix_B7
zRC;Lt_<lF?-zBlsmUa+sHck8JsA(r(G_OdP08%&9GCe|B!W*XgE?btIgXM=6Ujl-}
zBppaVvi5{jz_yNF$U@HU=>uYnHq6dnpl5(%zCoDKW6YNpC8JVn3{8qAg8HLZn+CsP
zzcku)-4>f~#`J<a9ARLY|1|ko^0+w~|4G&k<_$h~HGxm3rq{!A8xB%#aSfx5aabCT
zgW5qvir?k@9Zzv9aRhOpT)8EUvLaL9!x*r{VN0);-;f03h_)~zxL-iw(0A!d2;K#-
z*egRjv-8<9gm9=&uJ)x_f}3p(<ts+gMo0|Q=XTwFD1(&?G(c-d8x|hr0|I^pMDZuv
zQkoen9wsk>l?6dT$a2<YOSyh)r4Xh&Xn4#1=$BrarM6qt=XYLS3}B|6<sbR4gVhGA
z{ZzA$Dz$p{zY+W*YZG^`?}>b0HM5r*ng%pdgrFwHzL~OXkYy>mQ7Rj(_JZ)SFd!H(
zpTs*SV!%OmD*`PAQN)G;iR3H{|K|5?rH_ET-t|XJPOQ&*Bbi0zKe7_iUr|Cn;!aVV
zIR$3}RK#y+2Mf`y4n2)?ahqgB7w}QIZ-+EBg&2Yu?PPRGjWTwX^a0U|!%p~O(eY|s
zPcweCP!j{p*TdN+fuJ~miwY*~j=FL?_Enc0v&Hm_rBdcj<CXw1<?bHw`-SF>sXW1y
zKQf;Zb=Jv5JSbG$1PG&Lw)^x_eF>a<@*<DMlIxw;x!%Uf@83$)P=o)zup$uoE!$ip
zh|mAGz`)mMPFk**6AEeOfCI+AuP!Qp+jb5I64Lb!8;XC|b65cBq7N=OCv2D#6X@@N
zR4_MaGEMY6i2Z^<lInFZgW>`z5u&&)CqyelE0XG0={>Jg=@zvFkO+y2nM=8E$L(_w
zX`zUnU3Ta1(6<$)i#fpUNj2>8_MQy5G)cCU@6Z`?Q&T4|rcUW#Q*~2`@uy$qX|p&@
zQ!%W&AcY~r7U5H>J!BHUjS-`mC|98^ih%3!FozkKTPZRqW}ov>EzO<YSnI=@Yepwm
zgO*-`sba!+Sg1blq7nf!)PJq|j<awl?jr&!IGh)W5dk)hn6ZVCM#mT*T!k}0=L`WZ
z7b%Pv)Z3p|IeU0$1f<NYO*F<-a)G(O7*m8{_d0M`1TuKfzV=iu1`+E~)l{a`Afp=Z
z5NJyA38ivm%~;{-B}%=VUiRX5qC=j&g&HL~tk=JjhPF#P^M{^t67x6BoM8Kye|k^S
zgNcY#lf^G*J(E~unN`6jKCkRH?->80yVu@DF~llWk{y!jp+YFJx0IIr{$wWUqeK_p
z&Ybu7qeE2*<Dl!Gk-A;)w%5Eo=FF2h68_>Kvpl;H?LgYHiQ6B#g^bmfDog@P>K*c)
zvum%`Y+CtY@C$Cb5RlNNI_mV2-&IREaDJR#Of_(34%;pFNObBpqmVz2UbJpXuFu3Q
zE=F7;p4e5ZORO&{=6icYC~5bzOidZ`Ni_IM%iQCx%eToS|IvZU6A7b3@tIC>(<IAS
zi}F3NPNq8yfLB6EhLT3f>!!_9NrpC9&HOpJd~+1wbE6F>YK~gz9a`y9Et!X!#Y3RJ
zSbGOJyHKAjG3hVQPdEMO4apY88#<NVc<4cI^Uo=nQ(C7F=*3&NWkQ-qPl0KZEkE$=
z!m6M8Hr}85s^jKn+QpA?rF+i^Z)>IPpDTr;?7}{uTqwSMxURw~8S6<AbobKRWK115
zNKC#YNZryGor=Bh)<>Rh1B=pAosy#Ib~@M6t6yil_f4)Z)F?cq4T=xF=XWSP-4=GG
zyUCc^AFmlyZ}s$@3-Z(5vOL|Iv*4RF+OyCwor(_<f2un`{@{)8H!nO(c+q`%N_)|1
zj&=X@<$M3!!!I}a&AaqEF*)x#2)py=nalEXAKk9;X3b(EMW@hX^9zg2C?Q6(C)l!R
zp^o_^r2{{u8z4&e!uf<#MCueMZaQrYkr~Z75Vg|jLamX!hLVbwpbp7)LaLR%au@#c
zd1b9KBNo2Xyv<kMBub}#L?6DB#kD)-E!4*AAfyX_l_N@UMWfnwML1~qw(1ifp$yHn
z0qSJc(Vg~DvNN57rR%|!NtEHcbgFVUjX1zf{nl89L#yc`n-^~ak>T~@hF6kOQ4C;y
z$0MoMP|EY~DiLZnzLZysUi^@iy)Y7IJ}mVj7Ye8Lyu%0_axh{~E9skq)jR8<?hUDm
z?;x0!b*smVlY&>HuOglgSGM`<^CD+Q?dA5VNxN}VjC<*FzUz&XU!O%jjV|lk+nqnT
z!&R=fhmg(F&abDNv+*43Gm&fR&e!*i6i<2&o67V0aF@^NY-)*S=PUQ4^rzK7*Qno@
zHQkeR*;|_ycrGR{&zrZ4fY#UJ594G8J}a0%@wKO+&(BU_pBb!d7`UU(@~5aR&TE)$
z@0Y_B-qPpj53CcFcgHObmi7DjqwD%<ylpofTFj&4XtJy1rFN`+gX1^Hx!MS2uj3Xc
zc@ezpiu&^Q_37-X%&qn3_Re$n`-8mA3n%y^vU}(Ad#`Rg&&3e$^iQ{T2kw)`=xW|*
znX0$?`EX9Rr`<1r{q3uVHjkIrkkznOm+<px>F4L8;`aiY7wNIHX92Ibip_KHF1{{I
zgSQOVY`)A51I$gVO`iJ~-2LaLnySlgz_!eqrt9~B+lud6pXl9=VlO0BRh^loMwu+H
zv-i((hAIV<8t7~9YlF9_;m`5_xR6J~8}Fs&cYQ9xjLfXo`|;J;bcy{-*N;LCHt>LH
zSbu0-XbjF%2PgxOC}>1hU+{jeYG}t=u+R6-RY*J+ap0G(812t;_{#nAtrj02Up<bF
zvu&T0$76cd1|RWso?M^vtlmr@tPmHO0X=Ho@R<w$CN6B<EF4Y2^~8s4?0RkB`^OG+
zpJz_5`b_|BXjAuv<UkYZzIj|YxV2)mnQtr%cNpomeXgI*DtxEjV7x7#+|>?S)4{t6
ze80e`O{#)z;IH|MPAi|A#V|Xovr{hJtJk~xtu}aIZFHgsTStb)2RJyrJJVA%_g)OP
zd{hwW3TGn6K6Mzeqx77||4%lK^(PxQ*Tt{rEIBBG+O*^8QWb%%vbwT^DN_%72!KU+
zwZOvDP@CHW+Q;pb*Iep*zZ_7o)k3PjMGyzgII@6nqGbeSq_pv}kmlAxu_Q8CTiNQL
z4(#w7Lv5-ODETqAsyGVVjmn}$iMhyGEG5N5fup9!2+{H4wxer;*6nlg%X~TE`t(`M
zTg6=bfS*{<t${EAt_-B17oFHoyPs8b(iuilP6aDcGP4NiQPXSu#*;qVQ^cjBau=Hp
zW!a4EqK?p%JIf;j75^FMC-RTvgTb)?71V&=`AGLq_>G`S^o78f#pvbs7rJb;SM*#U
zKRRsXXH}g^-;w5xr0ouWxd7Y|r2X(n&&_+(o?e-L(>w0-&$vPj(&aDTy<=!z+kwKq
zG#&KUFo!bbqC|lBMYstle1gIMU@<XcU|B(09t;lGZC~2pI8G-jDl05)nZ?JJeFUf8
zjVUH(T~1q$^qr}$U@9l}cq`YCz;M)RGDf#_D=Ix{9WMc(O|i(su}Fj@RDYbEE0{vQ
zz8!JioDYHFkR^E}n%sIt@_)clKXEehGCP%zX)}1k;4)72DQO~e6K^1Y09n6+Z6I;)
zaw9hBhir>5$6l~W8zpfj6~qtLd;b$bi?&Nqa`uWRT*UfwKa`ebAH3`96kO+gLMSws
z11=9d5K;DfPE}MGt4@p>c)~><M1D~ptR;{&bpxtkstj#Ho<9dcEwFvqQ`mlU&!lOt
zsu@3?CTkpjj~-y_Xh^utaS(>F)00oIDz#4WAlq@8mb$(+hsCMOn@okS*jW$_+BD+A
zv}m*=y;6-vRis14m|?o>2!og6YYoV?1`8`(FV2I)n3vX#O^6p4%brAuLDSy)V{DlC
z{jGd>9}vwJS&-=6Io^|+vHH!G8|lN*jzQ=y+V+?z-XrVv7UDMLOdsM9yy}=J0c-Hn
zHBh=Ff+iTg`~kr+u#804LAX&!h92#&Uea8TV9kVS5zKDnB(u3Hc~+%Vr^GNF<tSdT
zJ{x>tgVxZ*4HW$^yqt(%rwYUk<%Mp%?6cFcQ8%1p5I1iILRAqu8lNto-D5t;Hms?p
zRc_HL>i_THT09EIc`SW?&i=v#eIP#QFnd^fL>CQYd(Ao0twu$FL|>GPCZRPnii225
zt+&L0q_{$IVCIZV7`k}rRUAF?KM6JrBW)yqy=9U;6~)5jKnqTEBl8IJn+w_=i8bb%
zhS3E9c<pj%Z$-@eGNScp_AmR3g6=z*<!V;azx!`vwpBvpxxce-Pz8d1oP#fBL9Bkm
z9Z3{NleYzpuvADl+=q*R5Sr~ht<a@Q68qS^)+*L-<JgUC3-Fe5K&P-Os&B<JSxb8b
zK^Fzv@t3jczp_Buajpo0ZopCUA4@LO!?@M2>0dZ*4OJgVybh~OiOh44p7MUA#Dmqa
z(>i1eaB4HREa7aCc-6J6x3V>;5T6WTX*i6${IBvu`aVYjWfB&+>^gEMWsHT&1QZ5w
zw3K;)GaI+f1B!}?umVuI#?!v;3d?>K9kXa<_Cx+aia{bTWjn?9CWo@+SPpT(CB<k#
zqQBPiKu7qg<irD&R25R9MV$v&<R2QaCsH2}pDCbnC(+PR!f}VL_O<|A-GW%i*M|wn
z3&1rEb604_4t8+^Ms{}<ln`m#<r2GCS)E`gTCM{i-iFV}k1APhBz?NB(|DJZ)a{f8
z1Kgq-OgE16d*`j`-5PVv_=O~l2kJyjJcVDFAwPKx>_kgzyFrQ`Rxl5wC8vpi=<7Xj
z+XjQ=NI&Z+MDs&ktxj`FB)=m3w+i(<fGbu`G?yYOqv=;_P65)%^y*$a{wLptu=A5|
zGn5c(W8QY-jL+dMw}(EdnVqywZK%XxJcKbM;3HDz{wT1sf4Vo!a7W$l-HPKPik<m!
zB6xe;Vf05=43V8TmRFROqFlqnq-fiaC!;P7DbuQNVkE~g(w#q$gMVBI-RcBf*<7rO
zlymL^OG^McYs(s%;U62~!tgtO^mo&2$zAcp9Q3XV3RFsv4pJ}r7qK)Vi)`#n0d#v&
z4acWUP!7O$0GTHZTwmhl-j@PLfkxCWQQfNP*>bFw@ZrqBlD=U$;u52$bu3)b8oHHn
zyaxK!MeY=qHRr*HCT7;L;4!U9FiD@HgLquf5`x-ni%_tcHQr2kQ1M%#0YfWTqj~m?
z$^0`bNtr{0XN)HF*xh5kZ4;T+`;5%e#3VDr|HRrB@{_9O&QXcKeyj&p=pkEj0b6hX
ztKuS7u5Xo?%}xvEYPq)sC|NxD3<I&`EI%c3JRCqUeUf|x+zpKXa&6mUd_m|7G>qgE
zk~~KS{cjpV_@NtNix*(gxT2*IY-Vkpp@kO0Y>g>@0~AKW=429*zwC;^Ul1okJMp-x
zl`d5ME?WJC)sCU)QJ8&OTm$)v^jznP?)HV$j)`!Y*v*dhB-r(knY}u9dSqp5UhFy&
zgim%1amIH9lY1D?>2qb-QmpKc*%ZhTGN`4-{E#Jk`kXhYCE1z(^&D2Rg6U2Hav)KK
zAy-D{6^~sp*?&w2r;Uk#O~`DYEe^EM@Obt;B;U&Oe0<dDbz<5&xBS|Bx|u3jFlBO#
zVnfMy_do1btV2{ut1%U(Pdh0XpUp%0<jpsjPDw}EQuz=(fuWW>5-B|$?lnY56vn{d
zdwTI$AW}mG#<0-It_9dAv^xxxVhlr0wl3eA(hODxgT(nU`u^%2I{5=kmVU=ZJLXN`
zT!ufHHhITWwrFBE;&RQTmg44M$5?AK&u#((Yhr6;NPT0*PY2GVocN6(rznjm2hdx$
z04%m?yTM`1{OBFwVCr8?^BYN^2bJd&MXgjl0H|$fN?^nVA>srx5FSp5x136F;$?nu
z0KF;ulttRO9F)dTlQ_q;3E2S%Q5I2B6aonlfthvOZrTvoRMSEDu>5BZZaU6)a3%Ce
zHJYhb;<-9on)p6cK|6D|A7{C~4t$FOJBk%JB_UB75sPp`$QAKCZMA8&PvL+}j@Zy<
zrOSLgsF-cq|9_!2kY%l$i1dRjM7V##_aB*8#{m17lkfm>|F?A8($+ueHeXxbQ9!Ec
zhug*sBI#*hpgPF>3@)Z_`~Qc%cMOuO>)t-gwrwlRwr$(CZFSkU?W!(z*>-gqU9K*h
zQ}_Km?|)`uB4$3$m-j<vp2)}@apL4&`>eIE-@1;o<p@08c@HKCf?C9z@P*PakR0pB
zLd(2^BuoMdz4&Ma0o34-9nbQ>u2(wbqYP5ZR9H+*5NMtJYUMh=;SKz#=BLICH3%JK
z9qsX#CeXABfIY-SOW;Xar8~1;Sx^#7^TCjD=0c5^Zn;acv9AgX1S41H?>!L%rFU2p
z7?I=ry|a}DJ07=yPt&ZM?QoUb88_*outnKtf2#7`Y|Z2|(`LSIDs<y$Y8QRAIuStB
zwELSki?+`>KdUUXQSqi2uJI-Ji#-aNu!9@GcggeGO?-W*3@h^-=>3Bf#E4h4zGvvj
z8;jzT!%tqAy6i%QTpZ`~&Wu3`5UmKoU-N)-F;z#5=D>x}{*p31Q;ANj`#Y~9bvTK9
zU`2IJ<w3<~t=-6X34N?<KqM2%QJpe{%xY}x0E42|EME$DfC3pl$a0s9Xv*{3hni@Q
zTsb`#_rjX%2{EmAjWRv=R|YcaT+YGK6J5L65*FuG!;ik7-H;dRhfy2?CoeN1aJx)B
zAMMUf9hS0j7JYTUWdb9%rshd258l17jNe!j_*z5J?9FL31P6X;Et_*}u6=;OQ5(1%
z4ge-yG1rzC`<E3MRa9*yvGWiWRqbZCGU@~djq|phRGAppmPV64&H91|vh!)eO})9E
zWIv=vPby2jM)+I>esXZPr<H2Q2OUnuRH5rS&h@U-tC`v?iwHSHbN2`_ba<6n0|R<T
zUtNVsZ|FYSiydnXMiLopIsY2r`dntef--bM$MuJe)&eWsuxd*uZlXpNegzR+!vW}}
zYl*!$nPR!K>hY7J@fPQ2kZSH*bn^_SxhT^4`%YUT5e>{el2RtlMvf&=0^XwWwn~dj
zz%-b|9iraUpb-wj#1Mide%Jr5<kAoRifIj^gwfrH3JB)#*%xAYXLr7)Q=W1<wRz`I
z=c%CB6+@5_a=4ed-cP|Z8~~h1mHj{HI+TtzKbQYky3VtQH}?fIRLMvb_Qs@&%y*!p
zfhu4Wksa6e*xioLcN!2q<RDA>iN!8Z5Je#$N9ryO)w>HBK9G(i7-5hArbs;7Pv!_V
zbCr~#^qv3_9}ajNP6jxtnf>utlet%gamDgMnJL>HgPN+imQXCf#5)8+2^A2|IQfJX
z9Q*}dAE#vt=RZ1V3icxC(J$oR;Lu;avwsZgSU8j!)bN~LbM2=~&(b1L<Bu#lIzZmE
z7mqY3x<u1K&U(X0MiajQnFX-}F2qKmu{V&PfM*=YgG7F-W66!<Bkvu_7u6Vzg-viR
z`^QMJkWkeAAlL}&ClQmCBwHq>`28{winPpiG_NGB<i2jP*lDrs-sEvHjjRw`h6_!m
zp=R2Eotx=p#XMK>$Z<H$6p)&sd+J>)j$`A5mbx5sMb>m^RiB|X44{&@t0I(bi3(8h
zgGoaLLLGfX{&28l1VT)1?z10<(%>w;*5#Ik{$ma27!*1s>O7l~B(o}PSA)v-#hq7j
zW7o%bB{40;bKA1Mas<cLWj6xpg(gzANf^XQs(0v~1R5TkGt3}<1@r9(kc1`43uA>N
z1q9K4Q)1wdEwspKeH597$bJ<u@p7OgO(9Azoep|s0*ypcMTL?jAus(Mh4}AeW)7#d
zcs@!dYibHZBoiS`zW3Ce3D##NYlJ@;V#ln8h~}hk80=JF^Fr183dpeR!&(J8H5vr2
zBX0=)7BlF=m}+EVoB<%e5L+lh3}OYVog0>@kP!1gxNJ2a;WRVsE=Tjg_ohYu2ecEN
z5es!j8W#UAXa~gdU(jyUl<7a99TuI~f@EZGa}N;kXI11+oPI^Q0+dBaJUlj-k&w&)
zV92yfSfqna{{d{IGE^er6%m^<3!Yzm%{6R;;X~xr4RA(U5bA2=zVx96LQKRx%w$u@
z%#8IgAGx8iL2<|$wY)*VS{04;#0n9)z!I>%%r6~=WucJuxXgE8Y17%TEEb<@HNRse
zTEQQGKGP}b!f~ToixP~|4i5|rSl?hGi%`L6(-qLFyBgV|I~X|$_5aR>izM0JNf`|u
zM~BrS8PRyxs@Q5GjS~EQ*sZsFjU-uG7MGjF#A%)LSVb1LtQuS?6;<J-DWEA&mr-j5
z8!hH#6~L$^R9snP-<{Xr?O6m48R7>lq~L0I^*XPyHdh#)TVQQziIifoGo&%KgHLv2
zY{qVMTStjw)TUp=da`7BssgCZIS`X!lAsO1cWd8&D#}m8l)hPY*V;se;{H_g9pA#|
zUkkKJbhYY!fAucnI{UFlbsZeA^tD+Ml2n6CsZb)HBHAvVb8mc#_2P6&B{bZGT(qAQ
zQ(^qQm+pj}*kIg`w*N`+qio=?cux(PhcCvp$i4GgM{_(&n3$MMDq&&%geYOEk#f&G
z?uZ;H2F?*pI|&7#%!A-o;tUpMx<y5km_?Nq4p0XCFetHy`>pwr=MhI|7e}(0Spo8d
zZ9~x}p@BQCkxl<@(Df^;c8IFCy3kXpgH!2cQ=_9@QOv4fVZ844ca3;iEsm@lTSkO6
zXRoT$eub}mMaq`i%%pXw(K41umC`R2u}|fLoDzx`F*(K{99(TSv#}*dEP@)LJ2lPU
zFfEc3cZ9N;BXC!eD8m`?32z`^3K8u*5(9H%X?PzP8|@}nYpX~E7|joImbs%&!|7E<
zvglh)G5ixZ#}=}Ga$*v}z?s}kLFCzhRTB(u3uPH*&Bxn|JXPmO0i3fl9Qp3OUd0Sv
zy)VI`xcomRX#N(tIO>sY(|4|JE&}F7Ct(z61v!=dm3D2+>2&52#|C~oSvx!3V>^Yx
z261Y79=x~!HJp^WRBFzSCK6rUJ6CR9N$EN0vqN#MdXI~x@*{j$UlaT>Fwtk&FMnB0
zPv3ZvnrS^GFV1z*>oA?ARyZVa(gV|y?GrCJ7B`^ndZ1Kq6Mi38-ojA%$yGwi=8q6I
z2|8Sr=xOAr&Gtb^-&yr*X<Oiro|1v}Y&p8sqhBTM=_GmQAGLeu<8(q>bGl!_zjT4T
zqwDhkn1LVQPxC2sPjQ%A5}J?PCjE!z<R1BvQ?-$>%!5JIS?RF#Nq|*6{6Bic2KK9v
z${M5T-LFYK%)fLQlbjCFffo#X#e6F#ZcY1_uMcq|UNi>M*Pn*>t9ND8<8L+k(qSd<
zEk)JhkjH6v4huZTVIPT@{W^33ZMw5$c+_7mbSnaX3=nkNSoJ-B2UG&l{gSxjGF4Rj
zb8KN*b^5`3CH&=#?(|8HI=lPLO7;cZ#QOh-l_dDA8Usq=a(ZOZBzPB`Tezk&_cWc4
zMf>8qKydc2rNQpzWD+@z`bqPLRvj4qjcOK?OrJ^zc$`d^YV~6<&Q~2Rf+W>YXyDUp
zTv~w_s$JE07|q~6yyFW#-AsehHz_$*qeKH_!Hmr|u^Pgh$?9)z=S!E&Rcwl7DsLb|
zJDgsFIppFd)1xR0_%k1;`oeWDygy_m_W7g5q;5HwBpb1qcSq}j(LwB+lN8eZhm-8a
zJWQf?QthOX*a5xOl@z{DQp<G&vadXivg*Y97kMq>8J~4guF8OsA5ahD<q6Qq?C&8e
zmhAYXbYE&O%I&@ObTI=`MW>vObJF0rP#YC;$2@GH?s=<f^9wO~LI3+RR0CKQLePyl
zLf1=CYZYDI>&8AJO7K~a!9aDqNP$K{bv$Sd<)v^UY*&^UpxU8G#sFPusfX2@S;EZ-
z<0P&nh-My_Gy^y^c)wMln`Wu|tI4n!O}|J!E@}ORC-XS=!LodbqwY4xD&VojlH*)k
z^)%!sjE*eCuBA5)k!$*X9p9z)TaO0(5LlWx#J1#qwh(Nfx{7w)cp><_k(P&F>grG3
zn7E!V^0N$@;D7N)-uQp<NBNahSYEAv@kgS7p{0!f;*TKT_@ffjzxZQF7dumx<~cUY
zmIXA|jR>8?itk^X+R|1~DK52A6$1?oo9eTw!tePyF~$CsRS4@{OKC&a%wM^_>>G=(
z=BT?KrP+^UaHXQ?BYs^HEna3P94)s}K(Z94zAXTI5-wm>B4bV(3zQ??21~*p25e)u
z!f|fgpMBpy75Z0UW+J5+3-U$^RThO`wDJtZvJt(i6t-lxfr$yxbz#to4vAP!WyPbh
ztVT}H)dWUE1${N;om=LA@W(2?juq3N{8>+lHgZk(M^Q6IFNVru$SS$CzfN_Oaw~KG
zb^e-I|NPwZ7A>ijwGf%SXJ~AdVx2V&wotrS<NdSgmeIMWpN%?Ip|d^xoZj{0p;u&D
z<bNv`|68&6|3R@R>J*ctTV36>8SH4yq!^HXM=@IV4M|Z<ei;+i?CEqd`_n!#0<mg~
zBQ+bg{9nDoaQO6AG-12U`A9PjGPB!BF0WnY27s(PXN#L<Llva2R;H*v9IH^98If)5
zw}iKmb>~YnG3IPfd=)CuX<n&dZGO_LB8$rq>bCh(=4>d0a8qD{*sFqvdt+N!-@9(`
zH|y4KvIyBv=bpj_BkF&FlbA4zEr0a?Zwf}67(5CS6@Qo5*UCMBSY{|~@5S)*89`sp
z0sff(cEyU44i<q`zBim|0ffv9zMJBk=?B#RU#Ljogjj6m2d{~L)r@~y`8S_Osdbx1
z7$7X3zf(lo|B4!xK05C0-v8(t!mpLPnF)n3+F|d?jy#;oD->g4wj`bfc*BFL!?sU+
zmjTapNCq&a>ralupZH1X#^HH=!<TWBRL6~D)+doSB?I|;Lh~bVawFn8Ah=#PjTato
zI*?l~<f+Rktsd*9B{aQ8W!=o<en%|0dpmJv!U(~ApK1-{(Z7)qQKv}#Rl%Ena{Yv$
z%dbmxuF&E(<?S|nn#~uM8C&I84Km<hKjHM^Zd2hK77Lh`#l)^>irfhr)|VJLZjELI
zwN&{35IH14rTq_7%f8#}W9X({_omp1ARj%Z67H8@Da5Kcl#gcUknp2UsV%S&G%2ZU
zA{d0vVeCm0aEQ!RWdo+T)5sg7G=tYRcchRv5gGf)TgLyW6S=AP7^cC1gpHAm#kt$;
zAL)hW|Ca9B9#{|wnlnuY+O@N{6)mMPk2yVj!*)KsB|d|fd8QC5$l^BmnS4H>;v4$i
zckeBBB<-n*Dfo340~6+3uJo+g(1{o7^>kw1my!C~ft5lQu8S~oQ60ieBs&|d1IN$#
z!2qd$^Z|lBS4u%e4}m98NCjzlsWk^j#DXe?0h&UXnFz}I<fsf$kojXE3V4Df?{If2
znr;?|g%($aiAsgt_mC)U%W*bPpJH14+jM6dx(W#WU*<H~*^o@n7#)<4e$R9W9j~>G
z%>a}|OqiO?L%*q%&omEQ;EZblxotHTXhwkOD(0xZ_Ot8L;7}lnBU_fWoiF{5-iuq&
zR;`%3?h3JnWs^uhB{c^Ib(c7ocLCYSAVWUTr!Bq`%6<1BWgwqQPzo6L`4u$L>@pp>
z5a9j=4C_x-P7)*1t1k%LZHkf<RHz<5@Ox8LC7JF*R{+e9*KSW&mfaauw><VtZAou<
zvgbk|&A{zP(zs-_j}MJJ;``+hN$$FOxZ_4Vn>ozxur0Y#rFu-<D6A4t3+V+xWd{TT
z(?4F)WUabR4GsWgeIM~A8iFBaX5q$hIruF(qYju;p)i!|q*8q!mh$o6zN5|;H(9->
zJBbqK6M#LIbiU$K$gVs9g~dI`zw!l~)=2-k-8QR#_sIHCi8(#etMLLWPw1!6i^M#4
z`v!v}f1zWg{gHMpHLF5?mXau&$2&a}o2pqz0nQJMP;cI9J$W3Syq>sW4Zd)ktqfEo
zL2kJb+mb?pb#d^yLu!ShZ^44>YiH_lRdRlD)M&)K_rxMqI2yNRmh}OfC+e5XwJ@{|
z;*kYKLEU7mtP%yBUp@(BxPqEkB&9Ms!8)k@Fyn-{a@qO7^yM2;?n&0V@%#+OS3D~K
z<$`#tRy;YbFW2}^v|t@(n)*jRN723BKaKbi-;Ma?Kd;%D=V(>_Q7TNl1Wl$*yyQ{b
zA(RTociU1bI;}Ldxlf46SERsV^~iYpf^%n(r`KMgLV#u@9jhSdOWB8jQ0hq`6cqIF
z_qFvkqkQsaoh!zok|NdFaVmjBcVT9H9Ef1S>B(S*ihGKBzozg4uHm~_oXz^bd+||L
zq>&E#Gql!-bxi6GQ%(s`34Lj3v+#erD6txJ+<#O)dBd`&$@(lF*E*cdn98tFl;K}k
z*>ahZM%acLGF&G#H3D}xHukqc=+lli9Na5Vpss}nPUJIBl7{N2Q5j<ROM!_!C(}tU
z3;q#FX1K8LqgW6?4+il?%)4$ygTigwxcx>b?cqb?$I1dL4J6z_Q$$d80Ex9g4MAM>
z$^S|g6ytPo7T#3WG!D+x;CD7Bo28KL;qzkHbn<Z5#7#vv0&pQQh9l^_#BQ$Nefau<
zr~m20pU$zyGbSVx7RUZ&Z-|s&m9NZ<O__;;`XXyutP-RxEp5&`&pBVm!I4~p6rvQa
z$V+&ODE6JYb=_VZ>J@v%?rS9%tgGJf(h)PWgh^2Uhn37K{vTGd?q@0q1&hW1VkKvs
z|4&vDgKGnXxmezsqUz}hanRoDP`OxK>#yaUJ>5y0Cg*99=fa4}XtHq)TcD#;31t~F
zI=CQ5Qx3%3OeWtN%gW~Uc@-U5hB|i3Xp{$A#Iu%DLp-s+wxEkNoNFRGsoX8p22>X>
z1G{#G><>c3-a`=*{BimjgpLF+;AWyoft(1CP@HjftcZjsbDlV(!XI&e0nh*PlBWOi
zk~xn5<t4XkKEZI=up{7{;JAp#fH^z)VT>ud<(mHdYX%HL4{X*a94iLMeq>wvL-7|&
zr>dE_(e&w(cs=}G=Rk=;#}l3j^+S{-93o42DW;Y(o~8C=0d`^35&!DKC>fl>mgNd+
z6$TS9U+O&b?Z5}jD{RcH3uzfl4}BwQtZewx`oX=b&!6NY*{eMS6f&7j+GZS-I2gzK
z#0z91$1%EOEC?Xzc8$t^pCF@a66ws8LKncG8n3_s-q(bZixQ0}e?1d0na?H+PM2*v
zL*_Jo6Tb^*N>p-^JpIGmBudUvAsa`MnxyrF$Dvxw;X>JeXF$Y(>+T1m40}EA=x2bE
z)L7sQ=N37&|1I4{>dh3Z|7wjEp4dn}sh#=D`^N-fz}m?peO+T3MM5xYT%R1(-yD-E
z-_dh>+>XL(Nr+%Le}5Fm`x3taEL&n-W=fByLg|#Oj7O&5!@!hg3{yV=;ojkwWdsh=
zA!Nf}Qkj_sU=s&A8f(N9Vu<?SjrCS_!<Mw)?zj&PZo(u1m1{pZj`m5Ss8fFUfU!^?
zz}2Hvw{yygQbr9uM-Iyz=kz%c183y9%?e8?GUW%dnqptZjEYdcM|lT=GUcFEqO4y8
zeM{pw_IPNKDAm4tvklq`$@~lFuS1do!>|07uJdwG0M8x+%hcHj5-t>SI$aEap0YKs
zKX6*>dwdW59|)*340lK}$wXJ!YlU?^&`SGYFjlY2;DUyl4I;!GR}Nv2JYElBMb4et
z1hB3KA7ab>M*HwU5~pNhg?_Wi1J)oswghtZu4?Fb0Moc+#vnG=cc=k^KJvLgR94TY
zo4}k@15@2k;Un<_9ITbS(b8XkPll=n_=Kl&@8a@C7q?<!tqLWd9^DZlD}%$=);W}|
zjw7kU(%by@H&$cm9Bji`pvbAa9|&77GLgC-M@iQTJ$RRH8_hcHyND=rhLf|$vY2@K
zsNl=i&iyrQyI))Vo8JOc`vA92Fp1Jq{WXk(7L+rax(PVl*;9P97_{tYMJ`z!+%}OV
z7e$VMczSG$#^g~j7PL;TJWY!7ct!8;<6|4dd}(W@4Y7^~-2L^33W`E-x$6p)$$QaV
z&_*4s)WC{~4pSyI-D00kdzL>8rwec42LAv|&h_F(h>$lE%Gm>QG~IEV#gkluckVqB
z*0jXv(a`;lf=X}}2+qr8&UVX(ww0OXHng+3|LjpFlmYF=gDV^c{AXTWaU~(4yQ5=i
zoHP3;QlGnIQ9@xO*XPpfN0t#>T%5iFMLpk@Oxp9DE+Ng;i|0H?&PzYJguZ!P$iKAZ
z?od1#ske&lqj^>aE8`751t@&cWaoqJAz`-T8GEd{vxidVHUZd{*$`h36=;|kDt&Bn
zx?Rp63PY_dN~Sxqb4PODGzgf=7FNaJ)me*zhD9csMN_M+As)>v3h2d9F?xX9_kgTF
zIcNs|d_i{Jg!W7)hpKF4l?7Hm$sxBUr~JjioM`6RYn`SR?3QFi_x^k|?sD$Wt{njT
zpfJNgpZYba{+YR2L#GxX{7}9l43S^D{|`DT@Qp(5Q~nfVaQm2CelQLE#K<C;fdHU?
zOsd~&c_jTyPL^*UL+6)fegEA0A96A)ev{<aH@T^?H7NK&-|~$^npWNzw2jPmO}bP*
zplS=;1=~K;u?bYREWLl@kZb}9PYtTC0FBc-rdJ)R&$_?R9Jmb2-{<p{X%&*5CGe}%
z!KdY=^vs~j|B$@mQ&YRX6#UwlKCm}>UjP<$f*$=#`38U<(9~SIZ$R@|uJ|r|IrGn<
z|BVHBl!2sngX+7?aIfn7_)J<<K;?73@C__<XZk;f!}+td&t6ptr4s?aX#@Zphssx!
z_x|SgR?l?H{FN=LZ{Mf4%s)%r`d<dq-Y-8X)1~s&pzSPOwz<0n1VvpC;xG-Oe}SlC
zlgO|m_2<y$gv`P2Fb-sPBHr4p2{lx2sII6{HLXgP`_a$m<+X1n^M_J!_0Pq{z{UyP
zU()*P(*R)s7kra47vwPtB-04}$xc>XHEuWC#U=G+wbeO|aSk){?2LMV<%sKwv^i*r
z{j1$+OGnXalL}VJEnaOoN_`*SX^tZ%8EhP*Y3=l@xgMS7d)m_%ve#Luc>{{#yyL9P
z&Qd=DCpokz&YCz<{w)KbOcIj9mhMg#eVPS*G7Aq&p7O-~s;1m1=)z01gNK31t%5k{
zFVtAlr(HaJxOu;$C(PGh>g()MIrESb#yGXWR9q6;-uDZoXstvwThUezx?ELx?G(sk
zDk=F*u;Yup))>G{dJ1^TJJ>q~KLUzAYo2KsmZ@jopylq7O413hd+AS0Xv}ORK4U<<
zqtoFd%I~PMwG;Jz6_G+05#nSKr%lTwr$v=DJSEvIm29nm?1{h<WWo@)Izz+j^l`9|
z>N^M<My09woTUZ97}_lOX`sTzTWAXkPoLVHvAzi)IUDTXeK3q<q}`^H<2VX`r%#Mi
zcR0S5%gjDOQ(O|8B$_2ZUaN22%)Z_Y9UQOS$n{4&EcXjrgO1{uS_8XQgF<Z#G#E*C
z{CS?=-Nc6Bb1wa`@b=`rAt^)ZY0r&#MCEbkG7ktu{5=j=8`N%HlS}*{t;wtB?e}su
zV}VVMRZp?0(Pc%b;znPi$eKqVnHA(6DnJToiW6uA3n8YfCn{}{lsy%D%W7LsH1U$m
zVr!FyxNupyKc<Q-GG<SlNt$ya0<rxTGzqbf=;#HY#;t<IFsAMqy5@6Ry;};N`-LF}
z!SLe~Wm0Lz4}vw?`Wh~Gm1W35tC`w|`~;2db;-^6KsX{_S&%?zeK;~afa6+L0&^(z
z**%I0D(=mMM>@lK+?q5nrLCQ#mx=-?g2)~~cT@mbGu%m|-0x%>3e@oR&ze9+Zh62@
z6WEa+vk}j&a024Hj%%bORM1k^^^(106anU=A>w`>l!H5SmMv|EufSvPUW5Slet?0k
z>^QzJY?ZkNrQFGyc{UirfFe@K{_t6bE@5J(BWE+6vOux0bHZNouuux#=3OvkOwAkN
z6i-<#s^!zLETYz=V^yek4U7(MdEC{So4KHCrn%P*#~o;2EX{{N)3paOJN$*;<V^yx
zU=nerBzjH9gAAPPN#^h7nu7Wm>9hk~#71nu#Ker5`l%vhc{}WG@;;>3(xV9V>0XpY
zrO*B!pZ*1~DRs>`ovh<}qrvf*XA}&b*R_>lKMIUDxU=9RGrDOFU*K;SUCBgQZ!sZ2
zTH9qJEl__^e1br&VYt9SAuV9V+8?J&RJcPmNQH_#+ti$wT49gbWh*|p<5I$HDebh#
z*SisARyL1ZEze&n=W^a3NnQw5X=$q5;TGETEdGksp1~1^BVGQW+!-gCOY~>m(<$6*
zWa(cCIONVbCzb7;H6uI=5%tCw7oM2xOy{1LWbT-*cDF5yOM_i~ixNv|OEj^2xD}pY
zhE8#p!^efaZ6i}Ef=o6TeJLFlP-?<ipAb-R5f-K&Pv1{5VD-5i1X10iRXRMMIM>N=
zGSFDzKu7W2oA(mSyQOfOR;P#)dY@YQ&KLKCwbf2smDcDVX{vwy42bCs5y3%(w#N&E
z$bTR|%2|gOji$~5M%8dBG`rUG&W2&XGh8mRG~spO%WrSfD*=VBh<IDLzs`U8x>cVZ
z2g9Z~;<c&EAT={D=Ao-&l7ivxTdaULJ(_s|Gm^dzcG-CZ7R3ql2<zxmP(bi;=m*cc
zA`0lX;dN9~A+C9c>D7~cZVm9$E3^#wII~;Y&2ODHSos3}%i7L^!@^3`N+3Lt6;uf~
zNbQ(2mrnFBh|p`52A*5@QMi2hWNq;4;{~?16G3lbfuyfV|J@Q?`oPmm7*JRdQ*E$5
zPDqOtA&AFJMfVd^km-j5?3~4^4j9Nh7uTR)$e5#gQ;1_|*pTzrF6D0lNt+|`0l?6P
zdK<j+Q5Hv8*vJWxU=iG}O=#$B&CAfxu&+xVVv7*@tR>3BbRXj7%djELMo;V~TOVR8
zp-1pXVP(O93w_DLVLNIcVrO~ql{05RD2D!J7~PYw{;hswiKbU@Pr|6D1VICFQkdqP
zX!CWrWIsi|V8iD#E=eu;_v<ixOvNrThbygeR>Jf2=g$Dy&Dx_KZfpJ-?;7Lt<83f2
zGno4og-&Rc_$*A2T_Z>%8|kAk5L8g%!<VTw)fwoh5?+5+W$T8gy><pp8Kd){3mwn)
ztiL)g;NO)$r7_eb=I}C{%MmpWTm>d{2cXT&k)p3H{7o0JkJiaS(DfsL^IW>)Q);hY
z|LXaVVS+|h>{iZlAC(y1!!7^g0P;oQ)yoodTF|-7sEhRn4ajPjW$0fdSI1(nOdGxV
z>NnGwb$N@^#M1myiARZ>F$R-GgDL@bdj*r|+u!evwWBX4DuMwu0&NModQk%E_I`uf
zdaou{d!+*Ir}2K{pPEvQw_u-|m8Hj^c=cLXU~(-mJo>QgFJLJ5qaNLDn4J0>GNb1z
zT>3^P->6agQ_7H6oSN;|Cc&zE*_i#89B<uyUeeq)uuts8-^@JbqhDQeX7PNFXwywO
zI%eiJ{GQ;6{UE*Qrd@Gna$}_wZC9eY9c(x(m-1+f8un}odrIrZf$dz%w&fM5X@d`-
zy7I!gRY=ZqBn|mz6iGXC-M9#inh#)G_AtfyHQsUN1PK)S<7TtTYzSqVct&{*`)Wu5
zN*5%_RM*x(i8zm{AAS_0^3LV}zk$8ut0Po~;T_oi4w(ReZ`$W}X)ni(&*>HYpQ~7%
zyR|$&_5g=Br_XJ)Il}WRdeg)7{i{?Ry+-x)Pkn9A(<{AKAA_b|4doi%pk5A()Hfi2
z1IDHh>fZtV?O-|npw0K2p6*<5{q32B$v0K~?GT>DpZK7OxRAc6*%NWm8bY3PUn~4O
zoRCdXx%nH%8{=pjxxKNo=`Xf?1}=UIdy63U;7opqTBKrw3U=UoUd4SwN_$I?wb5T3
z6cnH7GlU9Gwk?(4y=`ClJsb`WxKgiRUjYJQZ59?$-^$B&gx+nPw6dGkM1*=$wR@hs
z06~Iel4S@GE)aS1PUTaxgQzJ5LokPEBFd&-8yFeM)!3MUZrTsrP&#LDw;^}EABIf1
zUYCv&q)7v!n8j*78B?S~Q7=eJP4Gs$GGeJ>I(XSN>@U9z_cSY_C%>-FE+=ViMM0=y
z*CXscq2$uW81++{CrCGc6*%f6F{5l#rLg%Y*bvz)gUBVx2mUfe@8-YNsjrE6XQ0v`
z>IJ{;f+`!%CUk6Nfn@0g%d@dC*kR~Jq~p1EM%+=PMlycA(}Z%u2=a?f-VZ#FU#Rc%
zA+$+Ja0f2JBzld8m|t8aZ6~^b7j?LVD6(Mn(?IeowplC=JUQ3XAYTR%#SDW*>H(TZ
z#1=J3uKfd4<PeB#3tR;_laMUxV5;~<JdXE#auae^i(cSe4YYg*vMc}u8FwpMj9iXI
zJ9)Er4MXtFCc=uZF3KqRuX%5uc-s&QIP@U7`WbGy@M?@O><^GAqlmA@4lCY5D{zox
zTgS`LT5>1K+Pk2uk2@n7T99U3Fuxg2X(C2-s-S7@?g)<Tid(}SVLxFn^}}0m15=;~
z_Trnv?Gj?xsX=T2y>f<wI*MfA|MbmKY&m86#cJn6@%Zrz$OC!h_2~9Vp;s@eVg)n(
z3NTOgMpmAZs6Alq^8}Xk>B<`pfA3I7u$Pa^^pYZoKbDZ8!#%$*R#Y&9Md@Sfdtl&4
zkizVf`f!-qanCa;>-P|S_yQb8GCE6Fo)UPIY_@~jSTypaI$vSxkS6%$V^xJy9d~p@
z&%}NuujLXJ4!n-kMp<bWsS+hI{#ZP>c5SlcL{HKZwC7cZV7PtBtD~j}*3Zy_7_AC)
zK19-iGx(AQyk%eOYKbWgc~j0P13-G{*nt)GBNgTIBM+A8-$r^^v5)i?U-S@L;^?H|
zgDLv8jjpClkL0G*F1Q3M`jLSA!1h}jA@Wt-u@7VIwTK{$OdHqa95-nysF*;YZCgL6
z_9v_@AHen_n9efbpn38N71k(AXVp!gF)dHu`*!g0Ze(Etmdoqy#pHB?K=&v$1sX64
zv5icfO$LG7$a_hffk!`!zl&NkEek5-HktxuteH`i#mRuwN;MU#W&Tse0jNii3VA-=
zN0#ig%Q1!P9k|eWP-tjNgLEkHCy-nPoIaecCMyL?dArCw^L8#ogA_a1^00n9&W{$;
zbWsK8!38lnf06=M6mGxKm_i-vSgIJ8NL7|WT>sobH@3%BR8d#(Wm=Y^%IB2}VFVVO
zS{0sR<}}2+U0J&>SL!mRG!A9{pdds7P7lp-Cqik;8eQ}K2tqBMM41~9h|?K#wI-Et
ze<<LVds=Y_zz2{B)TZ{r64(zjqbjk0P&V#$A@2J{i+mrPH!!gM*5MNpRbSXzJwj^x
z+6XiYOxk^Q0bq4JyMjT9==xn6DB&0EQn(pZB>oXja%)1ub~m?`)i)dxQ%7*^&)d0M
z>oga<RED|Ra<R$9bONNer|`6&9wL)0S-)ttf6benD9znIFcc<P2c<<1fNSd)97e>X
z)sL$?3r=!$96JCf0nQ{Pi+Y$O{|Pv()0>b#x#&b*<v`<i;N!DJyXZd`^9Dn3Jz!Yg
zgZppqQBnxq^EfoOwZ_JHW(n!ijr5W-xXy2gM@W7|c-&Y;CxCPLs-yIt-B*vkjtre>
zIRY|sk)-1^3nGu@cDdnWc^<y~7EuHKK$t!L{z2kJTTTN5%+GFqoe8~x=$?+;%*hc3
zn>IEUNgsUf5g@8m;RiiDNIysv?H(bAzvDQzkZs-9&Z4;X8^fgBlcTY1CUz`Nu`4#z
zGas%nEY+F)InE&s__`4N9)rj?r)|&cTO^szHDaX64byiB7ReJdOZ{npXX`q9-4W}Z
zN}r8S^04Hc{1F+x3AHx4eNoL*#ajc0RP`n#3H3@%0TJ{S(Af~@D3HJIi-gtiqX;-q
zgs5&#vx>A`yO3UzL&*e1O{3Sojzx2}v)fy#0uCm%e}pFFi4!&aqrZoeBG0eZFX!aA
z)!N-|Gz+R(k<&DR3Jsw~krNFjB1Da|1Q6%www^su*ql8;TzuL^gU8;f$R9Oe)DzuZ
zqD_S-x+lD+NQH->wbwwQGp?}L0Dbc9u4<$dAdHe5`+)FIwB-}@ZWne5U(M0qBY2(S
zU++5~tiLZDJpp)aEWMY<5xZt}mgn@w2D$*^%Zy=i*CM8+SN;A8bKSELc|74HSnZo3
z`r1!v(-FEU(7HhfHgNodBWJf7t0tErgFQ&!###?X2=f#IOPtSU?)VD_?YN~~nTQXu
zhItP@gL%&8V8GWPL`Msu#L&)=f?&U)eM8+wQHRc)K-ibacONnR_L6`@b76QALkNh;
z{3oWcYh<boUf<F+RAZr}ld%MDBF{c=&j=||Rt!p_`xtoBC_t>rgM9v^p;<||(U4VL
zyWOOYY*$Be;rQLp`vra;C^ShlWEsZ%JW~{wP-5{=QXqTFxCCW?(r!^<<CA$Z<Z53R
zi!g+y&AMS4y!<+3CCTumJ$sh1*2R<<CZ2_~n^#0_bzHhzkz7)@CW~_9@R^sW$aQ{R
zk4%_12>12R$NAxoK{6c2p=Q&*1v}N#w^_UZe)QRr;qwXs?h)Bzbh)*~_!Lui71iP3
z+U$)s<=2B-TcT}vS>zbhftm3}Y;tMSl#0jr1m7P-fBh)t2QB5wF|xrymI(^r^Y8A_
z)&g$VpatL0!`%0ec3uiQ2ym3^&gnKC^0VI>2OLbwHEmmjb*S_<dwF)A!#=$=7GGM1
z)&qHTYM)>dIv`WV+gC+~#vd|JH*Yi~z-IR~GoI713UcV_zQP@A+b(&+;j4wncj%)h
z*k_p5Ixt2EFur_f_Mv(<Am7Iekb)P%qBm9Bz!b1FeL{<3wVCWHU*rfTts!~$>djd#
zAK)83)l}S7dfuh@J={GEV~1zNZ<~*%l@EAWXj}>CZ`0G#rw_~e1An}E`+R(!UDCdj
z{n}t$@qO;6+~_U{8d<yIGkHc|giqPE>YkJMOi+T#8~HXprHG%u^%C53E8vmOPbWdq
zu9<m$;_!`;a>r1P{Iy^VuZ>YonJB@&!cDJ+*(yn%R9e%78@Mt3;5`1Fg6wXHaX#e^
zbj(ubOvCSrcfEoGc{IDleBW{Jdj#8?r7@wN7D+Z;I51Myp2D3pXtf|0Ux_@-&%etj
zj_xU5n7N)yG35pN0(+(Qz)skTw}isWRxKF>!zYN<8~VV@Fg|Fj67Cj+r5>hv-RD!5
zz^>}*-Aij=k7JCrksBvTzstQdTEVNA<?=`Mhs==e<>9IB*IU6WLSOcltvn;tl#5WE
z(BEl<WQkWS&>9j@ZQGboFyKxaK&^WcN-p=1hE+~g`}-%&dB->uYSe+YWHFrV!9FbL
zHWt$UYJ@R`%cDuiEx)WvvP5U!EuicIc;6hoe7x@74yP}7A8YYSRo+W&x&2XA;`9dr
zm8)Rb79_uKY3bF4Ad+&SjUw{JO;^GintRjc+#{_pk=%ieFp=0(sfaE>1{jEJZ^{E3
z2r&obcLWqaw+TaY(Q$21p?InvctqB+_2dX32lVf>sZKGF+Ng8|*T6&l=8zscYsllV
zsH^KYHUw9ry^#v1mZuBPzg<uUB=Uh>^>o1XR$)%K0Vmo(hH>@GUp=OC+&z~|bya*W
zbDeD&eyjRWmiYU9X|utV5%ZH<{Xm1fL%SEus9j{hc-2@m&o1%ta53$d(}UAk(_ofe
zAN)dqaJ$)zAmnu;ZNHXAckF@R`Y>%PPSIK+*lZ%I!vt{oTC75%mLlEUw(ZiDue^b0
zh!z1|+!8IX-`Q6BWcFnIae7zraunABCf{l+GBX4Nxj3U)5}yGU(}k$fd@|UciZGO=
z7n$YIZGByYShYecXD+2!essbi_-BrH?m)f^cpB_I))(4|QxL)Ihkn6mcH!u0G!V?d
zn@GG3PtmAW?G85I_C?$^=gCdh6N}VO!FaJf5I%;vgAnofRWo|7g3(Ea-i^MI=qv)_
z?$&9egMTiTU_P*|t^qjiD(o63VC`9+$oOjO^XCry26LrIZ{J{gEKzxS!MfptMI6y8
zX7lyyokT*i7O!990Q^yV90Dosl&0-ZU2g*Mzp0h%YCs6kD2SGzVUN>un+`Qs(-c8G
z_c7yRXM=g_*|jwl%rq26l=%aGh9mO$A;Jv=7JeEL&=R6u9D}f>@l16mKaP9N@HP%u
zGV2mmY;;HS`k_yWPa?tLvpYb~5{O`H%Zauaux(5*Ife>Q>Ek=e-tuvY@D;*3n9UzC
zDjCq_COvd<!nLUR7AIqVq?;AJ|FOB)Y$G`;Hlr(AOWt{wg>6=`zKE$qoI_{1YM+ZH
zS|2!TmsIV@-nv2G1g9V5KNl%yW-y93bcrD@jz?r;U{*6vpkh{Q0#OEh?@fd)Epm`{
zV_zUD*Iz+ZTD1CGNcuI)EFK7++30JMZ-FR(7YLF)flG)u$_DAJe}F3M{nB?J3=Edy
zp<wDA;_4lwSuyQj;jSM>XncE=cF#M+&<ZC%Y6V`$2rn{+1oWAk^7MVJZP@a-nzl8k
z#&Kr}wJ0|(B*8j+KG0(;4$Tm1o8iH8Rbs5qN_ZZif3asCK-ijYx|oBTy{b3K<rmUL
zrrtw?KT2%2WeWA7f^W-*E@K1<7l}h%6J=PD%s_ci*+YZV8+|U}_Bk@z^pzoeA;d8C
z?Nao@;@Y#`miFmvXIS@9<mUE9Sp1nVwSy_1^qn8SaY`_%AYMn7Hb_fiMyNZ;_Dxn6
zC-TW*zZMyXN!@ehE-ikwH*wW7I-XoquUkFEL)Eb7MrhC!ypDq(3f4_yCj^6_JD|!n
z)2(eJAwEnK>H0!T4FmTsjLz`EpXJZ=8ug1;F<T=Hq%FouHi??hRyPE4@1~}KRTG8y
zA&lM+qb6Dy#i^?%`bzUdqw=GY1c#@Jq)EHCnZ~$T=jfn<WTksgrZbF27>z*{IgDn%
zKn?l4DUH{7&^9>2wm436DP7WKZcP`zk$PU2^NdANf>ooEG%Jjo1mHGgF$zU5J<O2Y
zH!!I#UGmQ?pSGw=v1B+poj$HlQ8fRAV%c)x)P1!E7@}c<Jr<)%jxbs<?jlUcRsG4O
z4LQ%-C%+DTC<CsfHRm;)R~G@pA}vy3KT|ec@{`tBOJ;rp<w%cWWD#PwT|28;WOS(z
z>;&<|@GMbe;+=IwS{@Awkm*_s>s%gfj1T;?mO-rmo>%@6kds?+L<zyfWGiuuh$N?q
zH5%qBaMw)O|K#Nbor8L5Jdz8{j|FAr=#2afr2-{@rVk8`l3#L-Ch5DdFL0NH33+}u
zxVMoD5&>|07Crs<V<{gbB0v|9-_K`YWAM}Q`6!OlSN+^$WRIgulMex*_o!5Tf!@(m
zsl9Ix7Vopb>Dlf3uEY8MownOCzKDH9?cN<7WxSV(y6n}>0wp`t4*bypr^v^o2!P&t
zD1h7_QP4WpXU53a_qH}^&Evw@(Vkk>nI()KwdByX2UEY5AnMKTJj@9t;>+T#rsA0>
z%J&5)K&liQ!`~AP9ivA+*TWKB#d(D~Xn%ss4+$KcyjVDi*VGK+UU`1{0o*N_FuKNF
z16h=8<;hY;Y5Q?1BfhGwiqE+CSHTIfFUS&(PyQ`j(AX8~`i+qQ*Z3?wS|SL03@<Me
z(3eX1$mw7Z2nY8ugY_!0htuGxi7?M**e{8h2NLE_BDQz>fZ9<-2!k(DXhP)*7Zz7I
z$HZF~N9;#Cq%;5N3a6EL%s$U#`W@={gXWkcqw`EPURvp{u=pWVx+hpL_=7^{SS#Nv
z>j@Tn5Ko&DE!~-P39zMIo%-7MG=h7;u0UU}UV`~6T$_-ty|;c~V#EE37Y^unw+FXm
z_vRASJs_{fT9{O{YkFkSU~0i^et5joU{Zu5F?yfzl{f6QfP=t_*<qgJ%^!q7u2;%s
z41={)PM=$mGr?FSdpGv-FL;9jT`X5*lcZmA&4=gpfNOnec%rKjq5Dxn{<(AmA8~P2
zNF%?Y9O7WeA_y48U=Pe<X}r{vWh!8@4C|+;vwN_BgSkIgy<+ZC>HsCFRB#4<N3tK<
z49R=Wwjx7=W`$I&34N_r*${1ZnUkt;GApmKlaACsrPg#y@g&h)<8}W^glvylSulW-
zrW_CM#o=!n=V@eI>bmJ+xEF!jNKz7{i0^rLy~$}2`u+6kNU;lv>7U?h_6pqn>ILzZ
zslUd+hwy8$81>QQekytP=mDk$1lb-E#bi?I3^VXO7Z<Co3Y4E#YQG1Y3#mXFd_6`0
zri9QR8A;$hkV@bkmEAx-Fsp2<jHr+w+Tv4!tEZ4%?DMrGnYG;gN35=|<36oR5D5jF
zyJMdDe3Th!*~{BC3+sf4ohdbYe!W(!vP}x@9wJV4E^iQzWTE5l<N@+^%@-<NGMxa~
z9@u^82I5&fl};(M5Rmj8$Ta*h^rU?EGM(`{1bwzDiHi0gPG`a%sH99B(xZjHy!M5(
z0|IAc7blm#H|8!F`88I<%xwT!wdQG)6sZiXItn$vr9+TCv3K&#t9y#gX}@zDn>O}A
zY66MoRtj;lQ;aNnrS>^n^sL&D72DcLZTA&hJD6;{;tlPkOiB3VZQY-(-)orWS-?>G
zlhaunceSfduJF&)X8ZG=J@}V$E5Wi?kG#ES(90gvVRdi#D*P3%qo~>$<GO7xrYL$@
z2jKIKr`OI?$cA`&L^j<PYF~DDYU-A~2J6xR{&(JdLQszIu+XXjvm@Zw3;q=BzsxJy
z-u}DI{76s_8lIRY{)TW;9K$Azc}uFps;W@0pe`Bm1bTAh>*vyKNC-g}4JWn)uQZ{1
zBAnQ6s*H63<c#{CcaPD@wU}C@=4utE&s(>_l|~VrF)c+VpC8VAqab2vIhR2)06NOR
za@2P}6>#)~7mO0=gJe}B?-aPHRzW3lHcii}Yr!5AG>xi;g5r6VXL42Bd55Oa#*Rqs
zYX-KTJk+M2h&5J7Vhufw1MQixW^#o!QYxOpW^%%?$zH>J9(FpRuv1Dhi<&vo#p={8
ztoyUgiwi>;E=<x)C}9jXFUO)qb7ttBHB$>=4Cg=Gw5;BNuXf%R&CI|-w?xxZmtS+;
zw6cXz<BKP?Q8AKSVfE6!<Gu+-Z$;?5>7TeiYhoW-X;ZSMKT|6SIJ2!=TK|sw?gxSW
z^LNfv?JYIwTKmGK39ZTp7LEdaq!d6w4}gzJ#`~jkYuWDzruNc!W!sM!rZ(s=|8rq+
zWa5&I7w6*?)NaRUgv!QsMwmCLY_{^5>gQYh6n-Qn_kxj#$$s-Mz6VhG#0IJ)T-V6V
zO$0b6Uo~2RC~1X>ixnJhaiDYj)11`;Y-g3C@Cgl*G(|7IPJJ2UiKP+E5ZQ4GXGN>Z
z4R#(gw!>hywj2XX3dR0X-@uAno6Evc8C~!dU@LRl+VrZIKvx49<&KgR$!yC4$-m$n
zAWM)&wD1NAC<2jbbMfO!%)Vy?NDXisuN?6Y52WwWVNCA0@0`b=;a9_+bLToZ(7sgS
zAq4t!oVy}y828WIcu<*j1mij3XihkhV^)%ggi<Kw$UT}i0LNb7<4_t|OGBX84{PlZ
zp;Jggubh_<40kFvh(`BN(d|Za<#<VlnVTw5^tse>SCR;BE|aLC5f@B#wO62XNt(0Z
z3jNq=z6fji0xlXT!*1JWeQWMzbrC)bRfaCuY&PDqL$uUx9{4ABTYvvJhrf!`nOkbg
zE*g>t*z?PpZ0ssh&WdL2=T!S(7+G^@VVLJ_EBZA^f6Wg&6FL{{3u(~<@^Ud6=2Fc+
zsa;EH`6*Gt>h8tPrK2O$V1YBrS5nIg=|kNg%W3~!R?tp=n^JWyOe@xp&ZpM>;FRtR
zt5Zc|a4r2FQs7qlotNN!zaO-2R7hdEQ7u@yb7&;ne<y`)uY@<`{wdZA+Gb%{E$Y-u
zC0x}~0zej@!;buNA(%CUxjLS=lh5ACw$ECp5|ul@FL<{e!f-#=9*PSG315<RQue|0
zqC>Y?9kptISWDc#Wuu&Bz$s#Pys<qr9?F6ec)xGS%b~J0gco-$25Rw}_o19_gk=+n
z2*vihyW%;2436K!;hOw;P)g?}{Sv^6XuO1E!3DMKL^WwA<fC>DZ}^KA&cd$9Who^m
zP<U6v_Vez}CN5v_cc!Y5UzwQ`vH^Pe6q+?lAxgIkW#y{L0q)nC3r&I0F$WCA53WM_
zL5gum%6l4|=os}L9=RCrfog{0=kRT}X~gr6RkQSHn^b>ragCD{nA`>5Wy~lR^Bs~M
zScq5PsDhY;Vs7e18vU~v44W*RTH#!>Pqe5cVI^jbcEuE44zce?D7RfxJPt)AeM1l1
zH;-jhm1f|`+k#3-zhCvx$#L}q2*s3|819KqF``hEzQ=rz7Ew>BnbvkzO{sxhvn{01
zTFXrkuhKZLkYcCEf>rs5e+ChdXOnVE%_`BZkaAW}-jw%2K(sfsK;Au&k0>5z<#gF(
zk{y&;$thVaTDMxZsN<?+IJ#O+FXk%L3z~sHK~%>Xh~&p&DU>?(O8Wr}kJ^YlPdjQ<
z7qUe`FSg@eURL5VARcbA|5+J;sK%haTaFSQb~<9J%+w9U6w{(<{uA{aR{>lj<}D4n
zo~6*v%k^X2&e$<H!Kx1mX?08}tSJ1?K*r1DonLIZyJ0^$vbJ+n4yBUfnJ@t*Vg^=t
zsZ<$rG?hfw7PHTmVzs->R%)%C)ZxtpTL|X#@vByMo_nMir}*z%Gt%5Tb^lvhTRopL
z{;7h;EHxc`?WP}xS+WS`{bm!<=A={57^j2#GJAUFe*<Fek~562MSQQIB<eV8SG8K^
z{A7~VM)q|ndMBY=D@!AXe@$E83>aok95^Sl5wv>zLf5uML$MxQ+vOE!oSBhEY<aqT
z-_xpqDHZ^ztF_A$&9sE9dq30_0&LrCqEmy#R#;!k6=C>Ol^f=K#}!~O3y<qxq)pH~
zC3f<UXeYT%QKvP&Q`Qw<I|u{bxFZ|66Uha7R)ZqP!WSA=1IXGJ?eCJS;$<DkdPDrB
zwL&5>ud1`-)<&hM<9gYm;JvC=*?$@4P-AAI-lp9e*rF%6DxydQGfjc{ugr>XDQ3~S
zd8<X;OBMamRV!xk3v=OL#c|OKIG9ALpAeld8O}Zh1kh~>K8ONILgKQR>gKC=gl{oC
zpqS=*>V1Y%gW#i%ukW=5qK&Bdbye3)m|6wD2H4~q4|b0bR-Fj-pCtK?u*=vUegm=D
z3nFJ3zhHUHGf`sI%m%ocX^I;(i(5(LYKCg$$;r`5aw6tF3}0~8+#fCvAHGd?O#<p!
z9}kz0&!bu1xsJrqXnZai<y{m<;N61@pMQ0Ce!BWRy&T=1FOPOj_HN~D>G{1rAEH~c
z7oh&me+k+H=XV;oc6ldT0^}4@y>H_SFB->*-?!KvnBc7@uR*TfZpLD!t8rJI1Sdo*
z>1E*|)034m35lBI+oB#o^7kp^ft$fn792-kROdRgwts>X2EvU1uHXaq#J+G8@a~&0
zEQqRgOkQilGW?spV&eFbS*U={K^o$uF#{h^L03+z!J}5*Kx>-YHz@+$zW+do8jdbE
zUIfFQqgaIndLSF6cAy&AzSjca^Y5A?F7V-Kb<fW6Tns;&=xF_@{o%XjFsh#g`dL>$
zP<sw;pUYzZkti@FvI@X%lCKwP9Xy-GYpMerT|Z!gYVo`qf!o?;P~Zs!Wjp?+`cN?8
zom+DVH~Cy#z`7`@9NhC*g}{i)<bddNYL{5MEgec`bHD6BJhI!>+L_zdgyGD;79sey
zhx^{@-`k-?>-%<#1$*XWH%~kW2aZJmF~kzgc>|uRJ3JW1>|DS+%7RM+U-vF1W|lU2
zW(JwU?kwizZ-SQ%H;bi&KRP)04JMtxql*&yv4C{p_2;!x=$wR58d%5TU^E^?N~1Fu
z#G_0A{8D#!#-$gt{m#7I<<&p%_U6;^_%*KG<)7j#m!pfD7vZw|s8#N}IJ5XJ&T?Tl
zUkaR#zb{l>2ii(kjeQ6^;7lG2Zk0nKn}hs&@$!SPbTL6+-=vy5%9%fcy_B=(yy)Gi
z<oE-?HkSwRx3=QU;+fminV-aBg0e(+ATtGuhXab9!AJ*<{!(O*!Hs07@n5Uu;3QfD
zGvu?Aw5M?4gMv3kPiEUtf$Bu14s1P!%+~p?TUe^v;fm11LAg3$*J#_MpI`TigD=i1
zd;qZ{q2cwL$|y&YhEuVuTl+*Ze*%BK+gW>3v?Tg?@18vaiuOS(us2GZe=&(ATett+
zP&wHeZSGnHeZBz3nR%TXBp&$?EYKsPJL?w=7z79y=r)VDE>|dXNBoGk8DO>@34<mb
z*lc*5gW(xL#Qr}>y2kL#x}ICxwr$&*+ID-_#?-dWncB8(n^W7i@%4GX|NF<evXgyQ
zl9iQ8g^v<Wcq~=k^fj=$_Zts?G0Oi^n#l(`&80Yarx7y|_~tlWyI<ZJB&cHttLY#l
zFfw8bUYiOg;TD|KP?JyGB>m~^EUF58Dy_0k)e#y_KIHn^LCUQ+CRlh0^4?K9!nh_V
zJ<ua0(O{(YA>Zt)<3nQu0JJSrcw0Oh14en-&SH1cMoqm4D&{&0J}u=45=B{LDhgBy
zzXK+wk+2!eI(?RJv^ss&-L&fd)^2N4d<4~QMPt4?6jGn}!S#P%$yhP?DOf+1JFSSi
z)u9K+WGw4IkVLz@L8K5^a*4b_E(`MEpE~C+@?jjqL5{a5asCKZ_?W3j%nX#NkQ{=H
zFXP~oNY)R(TV=+3UD4w`g@v;yl0IR(wI~C+8ALm7w^5q&^P0I*(o$MKQ#RO{UzT;A
zLuG?!kh%4v+GgF3GgCTt?o0yMFi~xvD~q(YSe--0Uco!Fr!~uc8aUB4*n|Sj`2pM5
zqJ^LT<dDueqf;BM0Fo}Cm~0el=&rkUu%#mBtcO;bilQ1j3%5%-KH{>*t7p~W3D3A@
zG$J2_$>==ZO_R;Mu!HK23eEK$7{BSa9i^6-XvK4i6S2cS{E_kWq#F;##Nnk1nK0ty
zlhIxG^oqq_BZA`@uZ^OHXWfD$3qr|3JJ)|&T1@zr$q0>vF@ypJq?5i}a)QMalyFUi
z2v1Tp7N6~;3<80sFy|$NWIQf`eWyuXaE^BtH!<Q=9%RIeEP2y%bD~2)d&dJH7W-SZ
zC45DX1#(9fdKl5IhjqYDB+ert+`Nl$rK+bE>Bi3Sw^huqzUj3O-ZaBt;Sj7b(tYj^
z`Q0OOc~bX(rh{_>k`U3|qj5ixBSSz9#fnY9Q)fg<P;=Qq2xzQ~2^^R1s<8@iWWc#<
z@P3VR*ylX%n%p!MVeIK}koA{pG#yrJTbg4fneT;x>$8Vx3>_3}!BlG-xXWgqNwqQR
z7{B89;ca!6Q^tk4k%RXy)y3rG-e>fg;?C*Aqz<L^LTIiw*OwM*6Pf-ra+1*{S9gg_
zb(~Y!<eUA=`1;|ga9NX%b%5@?E$3D&r(iO<9L_$O-u@vzfMz5vI?@gTqyW3e50;$;
zfuqd>)Y><q=#=MSi^Qdh9mmU6E2|>l*}xE*Isw2Kj@ixwKr_?Z21(qzuNG(Aj2NJ@
zHC*6jm{>%{{`W?^2<V`}hn16n_txC|&{xleFV5Jb^v7|{KyOur4b7%*kiDoddqw2%
ze=yq)Zmy4C`-hwL^G=%Pcd%Ho^abo<r90$}-*~3;>1A~MVmFk~;53>_sEJS*+Cb#p
zocaHTpBK+(`<v6gl#@`AKsgGIez4<|IEX>iI6a3bKa)Q^&n`F$<^59d$X>%B#(S^G
z2ny)s8Q~6Fz?eETeI8eIu7Q~b@NI%ub@wg>&R&K}97%<tw~di>ifsOQ9&)Tn3|H*!
z3LTLV4pWz}a`yves`-ljel9`t;y!2umi%X#(K@Rcpwr2sA+LT3cI@}HrY=imt?Q-M
zGgGFhZv?NVLmMUVVLQI9u=g&=UtU#<>So2rnoIb<I`~76&^$e~Y%Rf0zPW9WVq#KF
z{zqazhiG%#L_?334`@0>on;s(MnbyjvFiX5+s&8DtYX_|w6iTF+O~El>m_|V8YdZy
z-X_!FOy9=Btq=W4gajhtYoI{8M*tIi8YsvLZNlC9t+-P?`?Dah!}k`fiU;Re^ODK}
zxSN9tnGrO`@~n`Z%-~T6L0=qQELJM`7VX%RF%7Ks+=oMSR~Xi?qB%OMPs<y~<L#4-
zKfLb#ImbfuA)4Yv%%oaFi<%RBMi-CPuDmWg&eHp?)?g}#zQ~&C=R<3c3%YTvFh4ip
z;+vLU1)?h!HV|D}1*T}1?nXy~HNi(A+A_@4QAoT!x8pjdX1{|2&|TqG9v5gq42uoh
z{VEASEa43zCZpwK2gqJzCyqg)_4nVbLSm+cenpw@!j%2qQl;@k|2E6Hp8iQ_CqIrC
z5yAMN3MiCB8(m2M{o(+PoJ7}!drBP%n{8%!&qUVmC*kdoVls6P?*-|NAID)0&as?C
zh%?sKj8)k6Mz-z<OKPkwq}^%X4>&)A9r}9P+G$_vWBduIj(!&zi)+Yg9fkB{RoGT}
zG=`makZN9&Ry(=sdS2a@FZ83<*$#40_sNsZ=1tGg6FmU9r-s<~<cuo<!q)c7h3g(R
z;!~9P<vgssuR9d7AR<sx1|p1eX(@iS*;C9+y2APE9Nlp_DfD!N=U%Gw6g=HAhqU+a
zr`M~0H9dM?HCZvch8^$6Xdn~O83TR$6;VagHK`Gu=b;MJ3jnjRxR1PxF%ZocClFpN
zjM}bRHVtz5<+?u$%GD*ti+lW@Zhy0r!SFB{J=qL18@UTwO<VOv8@NQP-J;JTDJ+-)
z9W1;m6qfx`Y;S80W_zT;lf?+b_AX2=IBtCZniE>`Ys&UL0qLBkIwLn(yzpBn0>`3Z
zJKjNz{9!hiaO-ZQK^?uH!}$2eMxlfN{v@bH8h|hR_CJ0B|J4Cq^F0gTb}g?q#*&F%
z#gT9b1UlTaA~vg9_$P$rp&jl^zTbQ3E1Re|t7_*V37g1yt}!8dz5x5u%`*#oh1pj<
zr4I7O=b*JJN?GZ0a4Sj}%u>C8HGCGU77C5AzEQi~AJZ$glY_cWQvJ{LRC><f(*Nib
z+dCE8VLPL^`@j!-eA|XyPSGg^Z7`Vd`+rXr1e_l5n8o5UMLrnzfmD5jyPCIYFN^ON
zxyB0Zk<d-vgc=-Ya<V^ZL>^KIw6l=rLhA`ocdsg-nOEsE?^Bpz&VJ}joH}FsF|c*9
zR`umRfIc9s1n&zZ7v580$Y^Foz=%Jg$l~nGDv(4#n=x^>R9SS0u{D}ZS;U4~%1=*v
zW%A}^a9*Lw2ZAA_+MLf38I9X6Cew!7%u%7>RFhK&M7>x*Q9g=Gz(JhP?t+O5J7x^D
z_IVZ@s+%RYgp$Sh`tf9=+&|EL<1Qr3N5{Y;je$%wi@VHnO^~6<0VKF)(|0L)*`(8>
z35G-G3Aw9Tv<n6$8Q`gz!dZAZ@fP~kMC9&YR=P$&2*&)fac3#t-N?nwSG+bv6hO?-
zhs{U80PL9K15;gnn)i^~*@l&-S=;Et+9F<pOv|4AsfF6Tn)wdE0Cc8h;sH%-r<6^j
zN_O#&{r<+(=q+Y|_PXmiwy|~<db)Z=Z=+K)-@Raa+BRh>r&nF6y64mwq7Ha@NU8d{
zg<@61ELIo>t?oNF{l$oIqr<rkgn3>-+Mm&4rl!kz_#U?&$9pg%$XC|24C;&W;1Kzv
z?tJ<QpEv2R%+Hj-=2EAho>4qDlp!pkv=`k=Upf~5L~(E^bfdJE4Ze&vFu02Nla^zy
zbTusUA|2B(YJ7Yk%liorPgmcN5FtE2STTmC1-FGV`)(haCRf|~8>yQWpc)DoKhK^b
zP`Xx|ISi<3Y<5MyVEmDQ!sG~Kgyy0YhPRv)ELR&g<lpiZQ0XhHl>*RW{q!}A5Pe=3
zA&?b+o1`*55Y<nXk_!WL77tv?-X`tqswz`>yAP6+8oj|Br0}0{0u?UNcT_rna-3j)
zwl7MA4#;)>2)}rhKLjQbHp3o3CzL$R5h*lA4vBnnKI@u}-*NROt+3z{D}bCth$9v}
zjro6+RHAgX!ABdOHT2{T6bL?2f_Xv3{R$!L(y)uc=?Iq)18`Qu`@w=}cSd6M7Sa`?
z>?m6-y4ak|tIEEQ!UvF>4v5vYW%gz(#nTZkQ*lnnGV}jQVj=n`g7whNB8ox~aAlbL
ztUJK!Xe)V687EqVun1mc$To`|-xFHI2SL5o?_I8X23!&^L_2tfm&6AeGMDVI7X@sL
z=6b#rXwG2P`7jYKU<@M*fMS0Q2!DD!hxe-b%e%0YC+nf+l7YL3wiQ<9y?2ooQl=W9
zS_NXg21~yAv=v|e%4(}1x%6YwNY(#LT4=@3Ev-x+PxHggD~BmOi%%$LZyUdoT(Ua-
zZ1pcE2X&hiTKez36;d+?S6rg@FYoj(*GZOS#QXm1g~?zn%gEpB>v=hb$O~>3lCE}a
z!9=UQ@-{T0!v>g>(_Uv`BgfV9-4RILT}+~A2>$Zz>hkq-c}DkLV@XW=*h#X@hsR33
z!XBszFH7D*W~zz%ApQg)7!u@fu<etrjh_jsad2;!mr{nKo~7LPVv`nO`sEE`Feva#
zkQWQlO%VlNo*l`fG3ElYJJ8^pLEs&73CRz#r`(MhByh<nnq}aa92sABEoaCw2Wb(E
zal?OW$a28J+ru;+jKqo<T#G45k^<amDryeum{MwwvF^`AF0tRj5KUaEj|aO;zd5rG
z@2Ve&D1dx<QiW((B}uh$@HZLdj>SFth65MBVW%(!1sKb;G|5+@360H88-Ru`5vO;H
zrolir&apty81SzVB6TN}WIJGZ@D3BbmuOxjU>8ulo)b$=3Zk_w*9AO|&g6!H#BvBh
zESZdvJA6Pxay^@1L?R4(E5i(bakiFb%Z@4qzayCJ{x+EebP80EgB^Y2c;`B#A6w}c
zC?+D;7e{qa!zuA3SsVuO+RIaavw|~j*t-{x@rq5Q1k(6WmXx*!kN4(ylz!ar_bfHL
zWY!Q;CZhvB>?ww2ZN5uh)xa6;q7Si-`jgh&cNkax_YVf>DO{zg!bYp1F)%HI0QgO!
zUH<zA54W${-nZT?lLxs^x}X2&6Ykb-;9G0-H_IC&RnUhMgbunJZv`@t=gbClD}VLf
z?*{CEn@LvI_;G60!~wZQI8s(EEj=s@sW1D6Roo$ZQLZHUr2(9W8DerB{`Z^CKg`Mj
z2g|V?3*w=II%ruiv8c)KQ6?tm{)w^?iWYhiz%6D_^ct1wAITAHZM;34Z~@g+kIIAA
z2jV|Z+?g3CN_0qS9AYfte0`%N%yeO82VS+PRDN{CZX`7yz4ff~pkPG#%(%tO(rCHi
zVAX-`>E|o?ARz#8;!Q(%kML`yEf~=UW+H#zZ`Yt}qbje^Phbh~)yD<%_ewR`;B$AR
z>MN1D)(*~K>#v=4)c&R)dy(k=XRlptg_T5A*kBnn2Bd0`T^^HQYq{z~gWjelv5$R_
z*3{@-W>DS#o+S|7rE!?x3T<kl>Q18SiR<*HsoF#Sbzxe_XYdh&3?1*Es`B5YU*l21
zZRIJijEHE*$}$-#AIQ4DWH+7U$zc4qLXGnX*%n<6!+cgi&ZLEPoqcPtHUG_#4;(}t
zb6veeT1@h5+$4h4j$a@&!y!gJw_fIlBu~JFZ73Fu+Qw4%HV}9~WB_P;mD*e2%mxQ(
zZ9uBg2ksTqB<Z5FWP~E=#&;sZRzWFD=q!WP0Ya76Yt3`cMdTREk|$Y`x<H>dl+~j0
ztx&)FYKS7KL^<1vP5%ZV-N0zc?ZV?O>+EPkMgZo@GU&h5X}v`2S*Dx$g|#N$duY>}
zlHYuHDqV(Xq*{O)e~|Yq4N#RRMC0-iU5BW4hV=bNh!s8lC}6m$`Fh1!thu}*zRD`V
z<`84a7RL~aR7E$)pgQhiBVQ$7qe-X{YHs}HP6)XwSbHSpJmb+aphDbh)_?gJn&b6?
z;3V;JN*}Hjg?uiQmd1xqNW-jJCa%CFhhRwsPx%O@GD^PD|23BR_Lm(J=ffQrMGu&E
zx5;9^K|C(-4HZXLIFSPZp}g%tgSkC&4ayycqGvCAa<)7!SBHP$Fq1P@bW9>@^lc^i
z*KrafU^1B2VGJEv6454>!&FQOfY*ghKhSJmIWl*wbV6UJ943eaL4k{dFw|3wfrhIS
z%bp#pl41Ofq&XjTYw3-l(*y#_O9EHfuBlvog$SA<2>%=sK!5o?jkUsZ=GEW3j5bKN
z2?B~50t;8!+lzn$s*~1mV6)t${Uyi(WwXjfzz){zGLlUSrmh1Xuml4|*W&KD@S`?t
z@2_(6Lz(^;wy<~DZ+IF~Qdpx69E1$_v&;xfmd^TUxBY45b!iAb)HMI_lPgq@V{y1g
z$C%P6oW&U;$m&tX@B6M?x%j)Q+S?-}plhqMFXzkg?x%Ce>lx}Q-cZBg7TQ<(+iYup
z_H6^LipS_$6Ff+YTv|$DOfx}KlASpgnHc+fsu5!TpItQyJqH}6bFxUwB-<Y`+9L~-
z-wd1e7t`cc@VqSy@#)o~GEX8v5wP`Qcu@)`UK5DkaC#7(dd6<d1zf8x8{k-XvcNXJ
zHeRolCMh0T0R9=4FtDDs*y>)%mpCrqwahlhh4v(tj*qRDl38_*KHCVDYToLx0c~)C
zQR&?;;s@lG8R&bx)1C;SVjKC!0Uvbzspz~2w4-Pd_Y)sv%IMQP)>14WW3+G{r#mtD
z%Y)q0u2vZfEL3?{2^sDE2*-~;1?)YeBlt-N;Q<Kn-R<3Qtv;2GWPudiG6+8nSkg`a
z2$6NvHFeV`aQwZ~XgAPk(dRa{zpjLj0?@%<lG;KYp!gpgCxiiXAPgFR?v#p0Qex|V
z&%*-dv?@fv4$}7D^?_&^ga|Feg0V1y-Tgl$VU$py|L}UPR^K6TsV$^ru*Ne$2n9q-
z5Ctr8Ozkt2q~~4Vz|Z^*nA9B*D3h6D;|OgI@PLggTAEBea}}W|`m;n`@z=hG>!r~A
z1<!<YGIdscMvQtb;6k+!C%kyS0LTd{caRe%S!Vd#??3uFO0c|Y9~C(m$FAE1Y;ma1
zF?LYEl7=ao^vUD?DP1579KJ&Zte~VoXkYLM5i1x&S1lfw3bTjAPUw;Z(HY|`snMic
z<g$Sj6Z*-9&$kDKqRvY(TI<OH^a02%*6N|0D>Ng`ZPcZ}C|pxC*a?bo<1DdNw~dX}
zgB#8{L2|!9io@u@>xYv3J~VCGe$wq?128Xms*T_%R>DfVC=_~96H6y=_WwB4^D6t`
z8v^2F0i6;JKC`{np@(LplweT~UINco$dRg{e{af{v7mDkSj4?QesgNr>}gexthHNC
z_6Nw2h2K!x30(kU!TUalqY@#KC>&&?cR9&PCwgmpjDYWyDSiYI`(!9m1Tp~LP?!ck
zgG9pC-mMkVc<Jzl8HNb(-v?z%3YYzN?^sq2>N`2$Uu_g$8V24n<=2ScnQ4JfA$|-$
zvHNoTU+fD0L+kxvpnao-z<xCJ3L@fs>!vkaMEV`MUGuW&{$2$lWM^pq@A4VeG((~|
zV078cbswg)Hu|QbdQ4Q=x-OCxm#Gw$M8t7_g+=z4QwRa0LOqz>_|=nkU>c&qg5jjl
z!u^e@rWa+dFr&${#n4ZsRmb>6a;!MY1;q_1L=hu#t&6qJWmq=)Rcc|VrU~VNjmQ!|
zb8a8t2XY8tpDSoem|mGxlq2*F-6KHbl&L%FGFy_aQmPIXw5XKGf;J3bqfIvCp!1p3
z%r@uRHj#$Ch||5ToyGU-<ww*H8DmA8OzXXPgSgQ8-CNvPS)0uEM;5>|fbS0#Bd|C8
z8I8nYfJGK6w7nQWPUqCKHNeb%#Bv?R+l0))#vDXXNirFR9Hg*3^7ItDujfms=}MGd
z?RvGwQR2O!5VXf$p8U|Hm+Ss3c#j=p;vwcU&;7pSsavu0zu+3u`3Wwnt-l}zg*v(J
zKLxivbgC`k0{5Tb`cUkQxu*UFu}+UWR}gyHe6`{neEGM+u)_>^{Sa<l&$k7n(fs2=
zG>Z|lO{RvAJe(c&AU3|^XpYz|EidB;Esf)145;ABEYRL-<c#GbxULJO3ii`4DPF&F
z(25TcmXM)14R~sd!nv`#Ks;#sXRpiG*?lfqM?syoiuPGRa*+2qOjcHxz?Y=JWZl>J
zh^g)#rK;7hO2)>GD0B=Z%x^@|F_1`&SkQOWityEq){!Oxg^;K}LbF3!SSu-(>ggN5
z4(j0G#?O+9@Z0cVhX;2`@gj3xkXo~9@;tV?=5i9k;8mUaJr{@&Zp3{T%efD#Y{JJs
zkd1u#ccVe0j3qlpZ}NHvi#+qHBV4W_Zg?BP`nt>ZaS;M+By-jrdtZq3F^%kVxR2T#
z?w9w%cNcntHzOqsjet=JkY!hNy~8Z75GgV-k)Oa(|MO&~-5*a5g#MQ-|KrINKc1Xk
z>ko~HL-FIu2au@Mj?_FXh7PM(1nf+$|9LXgiZ(c0GmIgVx#5kuolqCk&T-!A^+X8d
z!np#pVHF4gnR~6v?;FF`PJr1Zn6Y6f6a>3YbwoTE4)x*Hkxj={3&Dk%>$uf;nTHK`
zcqH+eS{2o^j@1GC^X&D59oU4)!5UU_EvPp?a;l@=htg7~eN>-2+kk5LD4Z7`p-KRh
z3V*@@*m*u7n9CdUD!*v2gMh5Rk<Rx~-IHIiUmX+McmUyXXZdZ{329e%(blf$oT#U}
zu+KnPx!(^T;vy5viNqO4c`%Qhq=cB?n@lQG;=#D8Ysb~F7ui3LJ1+p3Ep<;J)%S**
z4&ok?{zB0T&iE24q7yJh#wTO1t|M+m9C2`5gvhkrV;G8}nSf0H9|=N1Ar}T6lTDw)
zn=yuWsr^?Y7fs8krV7K=$$(qQ?omX{{>*I`YJcbIl)0byNh;EIc=d339kN_v5KY6g
z83={EuQS`LNBD7>DjQKG(@UQrDVNs8pYc4=l^RF`YbF78Ke67Ma8@oqyoBE)__g<c
z@yKO@4+rnpGS`AXC4?y7OV;lvF8CcNkl$HM6KIBeR9>$IN#x2kD6cPwkFu}URR}@3
zu-SU@;Y%Tz9Gzfq+#19d4o)|1_qLntfPo2-!8WwLb!;vXL9#JHpTU6{fBXXJ=0Csi
z|JNBH*$xgy2ZM>^@N<$4tdqff3=w4OY0t}~^`<_6-%8j0JeL2LZfh3|rX6Oh!*uHn
z`$q2WL8~&clK}%&roOi{nKfoEQ$YV^0cgmKxCk-_vUO%}Xr34~0XeP$Ti|XpjP(Z7
zi2Q|2g2k`CstC;B0^}TZ%aYqwd^fm{Q|pI24yM2|#1N+I(Hqo@4agmSzCW?r=z`fm
zp#@CVa1>9%LQ)4pbF9T1m{J;{DtDf)DC&ttsw`G$nS0yWWLf!ohP<h}4@L-}AM$i%
zOck(!x)Qwty58<S9*zSae-P;w!d{PLBfrBPc#EkZE^GN7{6e9PQw>77arVhGutg0E
zx+O1B{%VB+bAn>N;p{{*@xy8k?ivHc`%gi>*O0y~8B-(I-v@e*6gqu&4P@SXSihR0
z-?DFN*hA>0T6%kafbciXO-;~n&+;MN>#jk@_{*<QFM8bBg5j?JUa!F}o(hK=`2erO
zXfM59+mldG`?ldf!LT?RNBRs;Df<4>c;{#<m_`O!1q0nC#^!ZalvXj27khU{KiiLP
zLS}jw-W2}f6cqN<$x5MclBysK?V(?4*-`wo)aFwd4N9FbS*}My6pSF`gu#7Ps)x#n
ziY|qmR;9GXh-I59#|x1=MgzEyT4i11NeWm$grt7nwqjd>n0MCwpd@h#hbeavo7IkU
zUz2wV*^RHicnL!o_RKIsoe0~*N<%JxtH~`!Dwd2Fn+9jC=U%LKsVIa-G&|x=DQ%$Q
zhKHw<J7Ov?BziNEPLgz{v+Dwk);EkyNby>4`LXDA8|xm6KgeK4xsZXeSE1ZX41Q+z
z1pOPprH7kq98#YW&i>b<oY+TH#I7_k$jcJJNcA^QC()*mm`m>qq}Cm?>4LmC!?k;?
zGwp|OJof#E#MOv*gzRMbvZ%CvHrH;hyW;^C5KB2omWysTb6tRECnEC}Uf`sFsEhwC
z{#=-lBcyEfN*oTgPrhCdXC?~ksy-=~dFD_5v&84lpLmAbxwk}^e;xeHL$=i1{5Gq!
zL2%Joe|Z)2tgZ2zw;+3>^cwn6S7kEwH|(Mc8iV2t$RnS{qO;y~BH>xv(B;*r|BNZX
zbFue$8Q&|m*W3;LW|iK5rW3UTYk+v%gup4@0Pc9)qpjB5^Of48Ql~c?%*!<n;R&q*
z_cIg#X)@ysKgl^qnj`Y%v-eiJoQ?5nGxF*6)5(Jt`$H`9M+DrD{iBeP(-`;W#&ylv
zoiES?Mof(<Q|#WDs?<9%RC>2Ak#<jf!QZm-rNm@R!56CB%(#VHq>7m+4KFfj*2)_x
z<sa{c1X6<RuM{-SH?TIwnsEdDtdFj{xZn)0Od-vpRA%?JjZy0{X4G4jfBq7z6cR#(
zzd~an%H*_I_V+6Gd3dUP*h?wvD%q_T{$e~r!yxmmnH4ktJVxf0@UIX?vVa#e<NND;
z0&EE919=~LC5(KoG=bx8mO-)(MHp4BrE@Hl1r^OJ9jW<?UEhJ6Q4MTSV;Tc1gqZPs
z)mLU|UV)-2NVGG-dW9An!)SWk5fhuqd^j%i<LeOglHoT3PE$5nKa(AlB{3>l$Gm25
zHvG$HYP6%O=!*C{c@WH%08Sv+%)JmUszJoLji#{N)T<vp2>-$8-&43X4TsZEV4eaa
z_kOyyCC{#2jW{TSONMSwm*=pWX;`)QevPyzKXY#v>_`6H3hVLvM7w~R$bRr{?VSq9
zn40PdEvLzzh9&m9QKDtj0nbIG^Pfu&MY67{2QjWvg9&Fh4}Zkd-Uo&4vwnjF#dv$h
zgsq#V7koAKUK(pS5*Mj#8vjUxM5voTTLuM43X89#W4s9amnr#AIBT(s#D~tvfN)0l
zRgS+X1Dv1IwbhLR(&`y&d_{zgH`6rg(F7d2xvzpiXZB)RZ-P={6x}r{k#`F!`_DN^
zz`@N2>U8$HXXD%UqAslLx!u$Qy2>Y&JG9wTwY?4Zoe|gvdb`{<p=YHl{TBvxvC6>j
z(iT?S89Z?j?8Z$v8q|n8JK%6)A(Wz8^rAxLU?C|3pb4=bXs38gk)+43N&WTunj>Po
zN3OtF<k0w~{`SJuVsb=`z#Eg)?ge`jj94?L&3<E`zV=L9Xu#P^;pss%$^vG=j&PV_
zc$Af%N}&ctIGLhR8pV?cp43@VxZ_2V)NM*-U6Q4}7+?)|q-jhCCZ*SRx_8BD8KWmP
zpM$U+G!9ln*<6Rx|K$I9OMfTLy^Mtii<!7kal!^;z|~}tr7$yUL0TNbp<X;%XS%WD
z5R%QAFB;B1RT1Ri`4tRqkeheUpN*#w2C9Km1p+BRfR}DEfAMZqRnLjXC3?4xiqP5l
z-LcmzQ+5prssB7re2T$UOQpNh3y$DD%5}4rNj`D{LVMLd67s@;-wTlNZuzf(;ayRI
zv~3meauogIiv#B?&M4QO+NE2|*>#t^p+?`U58}nz&F4`23;^kI{As~mL_Zb_j0$%%
z>LwwAyl?iZs|!p__r$KhIQyS^*4kh7vY9z!hcb-vpl`JXK~DEf^`#nFlU3ztW}GGW
zbn}`nF$f6pqz*`<s{pFNg6U%(ESp5tuzMfZsIIRhTBtwLu=Kz_pXS-v)$y|`k<o~G
zaRQr*Eo)M-3M?iIZlJA0IO84RjSK5>nIO;RsVX^k`K?-)F98l}8|_y68f*46=v`|e
zJ*&qZ&e1gfyh1w-s9tBRZ~{9BC)9K%^gnu01GTH8he#ovnD38G3OWz$hvgdB2QtNB
zqtu>Fr`3R&70zkOP`O(W-HGF|+DhUt9v3Ex06>1(1)IYNh&p~df;nP#6h_l(SyW?N
z;r%es0xEJ^l6nhQSpjus!)z4qiMnyglW;p0Z*537aX%iD-3u$r(BbInZfn@U=$!4j
zjztQt3p#x?v(Vu0{DdZE41Q#YA=Mn94r*<Xa9+sh*<n;d%P?f9Jmqt%WTY~G%Q&dw
zDu(VwwP(nM=?R<nK+FFkI^FdrqWc=H^)Y|SF2(3SfVbJ-5)r3Z??1r1VCOEw&$8&c
z>Q2CJ)$t$TwbIcESzCr#<S<{vQ1VAq;jIl;nw%K2U9eVwHf{oGA>U|r{oPu1^FjzC
z8*4L9HZA1ekA?X;sJ=_&EbhQO$Nwgwl6qysg(;|skItb_Gk~RmE*X&fLdl{aPIgo=
zgZfm7BTAd|+cHJer|y&X>-Au}4@6EyBJIm6@JKtC_Dc)Wojg#=MxzVqg(miwQ|F$K
zr`x#IPu|bP=+r(l7oV8nR&6<nl0*h+w=bp5T9QH(cUrkOXll(e8Y=&=Cz=U&60WJs
zT>C-l7Z0z&AL#Ka4UsM2(4uT%f!n$wH$ZC|Bif0%dmw?HlR0?%Y5*@-iGIe)H<Rwu
z)W!-YQKafDp9?ru>;UnNl}mgB$DvM3Pc0RdadW!FLWxL?JVCx4a%3BA3@<>s`U0~~
zlIje8V8qIVg{8&9#(GZubuKx{d#1~>ckcVUtByF{MAW~Eq<sxa>SNRffYO>|)4O`I
z&|NrasMvKl5VD%{ch>Xh22#yd>{Uz#;&(iF>wa6aoLN=)?sy3c9GGh0FqJXU_&m$d
zKIn=_dN^GdwCc~c`zbwj9R>%rah8oJCJKUm2|u)0)GQ*EPMMif(r1ANJ@e9}pV@!W
z*$5zHZMy#Nh1{7-`2b!*<SShrZ~CfBM7QiT?&lER|6p(H{eOvl*1yiHAJ}{K1AAMY
ze@?Pp{SWrKZM~)Xm_R+$C-7T=d7j7O^Mk~sJnBBL>ke*$>Fe%H+F)kBaxmd7+)UQ8
z3cQQPzTfvHElDf)HP1U7C*=-Dum@F5_(!DKM%^<R%TjoD(7sg^N_4I}JI7dKZnW|I
zfpT?sS-%)Z)=4Oz2v#UXpHOV4X^2a<+&D2xmeI@y6Ez$r+?);LAQ$?+e2a`}J!U~9
zrUF=L3tJRQ4Ev2nvc188Gd>l7V9L(a+b;MxXr9tcJ`NbY-#Nx*SaeXnvb?7)jwC~b
zyPOIP!x9;H4{!7d{XKsC70N2Mae<q2`td#(_)e0!!&L)g7?6e#MiKE3F9!6NCf=zm
zXcAFEw{2hN04nM(5oNdlIz;5p-1Lso17*zS)>pYRr4sz_ev$*2&|ERe#N#!wz{Jid
z8M=l|;v;ntwg$n4QmB0}#l*I~(L2yciXBhXlfMtHzt+ZgyB<zcyAZfXterk2N+%jT
zRSvruq<Jzk*xW2IsP*BCoAJpd<(^`#B0v&E<c#@@l%lCOtgP@Lo0%6^UZ;*>hZBf=
z?a~1!S(=FC1&r;3F@`p>Y;9=W4G+#`oTchQXi&CFb4_1+`}DMrrsW#j%oJav@Qp~X
z8LiDrIn263OzkIwjOsx+gQ&Z?f^`&&-j%bVWsGu6-01T7P&ONcd38Xt_za|2&_obH
zg!rQ6_NK18TF>dz*250RMweW#WcT1EDCMrJQ-_!MygxfYKzom_Br5uT^xk+zemg*F
zxR}fHAVT-<1++DOO-;e}G3b9DW0DVhdpsUZRK(f!CX8DnSuiz@(!$D966$~A!;pl9
z5O&;XW<%WQME2T$*Vm|3RPU_ED=w-_O|hH?xz^0H{oRb+s$8b=ED*3b=@MR8%(ztV
zF>8bj(jFlLv0e)FDM2aqYVA8M8L2;nzldi<mZ>C2sv@==JQXvL{X=^R%F(c3rFt`y
zlQ>9ES^5uC+{Z5HC7kxy?L+^ORyc1f5p15ZJZ3nMGse@lFQb&(d2y|2I#8oZ8ZcL(
z-9TGj{_z?o`27L-J8@5O_C?O0`JK(RaIpgwR5M_EDS?jgr>Ta3xUnKpcXZgqSo0M<
zqv$QHxPCyUwlD!3g8a5exzKLDIJm%Q&|SKDV`g}NZJ#%sSFm8^6Z8?}WltFz0e3BD
zewU@D*%b2Kd6}RrcHJht6T7Xti#_U<I`*ZL@~{1oVBY6B$xje$ZW2yHRiPlz545Kj
zVJJsT4jY%?#&L51g{dj&+P+SyT`+LrZargs9XR?Z<6HgO#VQEH=gr54SHLGy1b5U1
z5fSk)%yacIw8l|hUlg^JC_7WIW4p`(ydAg$>>KrRP}g&^(2Y=g$|*|C`qHVxz&`a{
zu~CiD?NJ+&U_s&KAN^6(#U3vme30@L6HS1iA+SNpwV0n0uWo`{+!>9^V-4$BjRx=G
zS>l_|n;xQHT1>yXYDYf%ltddwb3Sf!en+V^R<s=LVgyyE#X0fox@XZw?wp$HzjN2B
zRfd1f=bWEI{g`wgDdIhQ27vSuhL3m62h1m{L#uKZ>qCl8)FIlhc^uxk;Mj^R2H)Cf
z*8-Iy@->S_Lt`2rz2vF#{+Uwau2s}QLYF6u<@UpVy_V^VX;K4^Fz*Mw$Ug}F`)2}@
z5cXE=CI&C(ppJZ8!Zh}_T(ADNB&5Gm%QeQQ#@viW{``wbY!}J=c<{6|UE)z)cC-EG
zb-&#X56X3*GbRJ-c2`Vs-WtMVTdg1j0ug$m!#^QWw+2#|GPT1LDWxNg0~Udz=1bO)
z;(N=bPm`;p@BhV$wL|MWa=Tp{mQc}WAmQ%^*rBhNK_b})1-B(Jnx|`67r=9-f()dK
zrmrtZf1|<yY=I#0cx|{6Zp|;OOhMEr5us-Y@RFXU4Qe~0|JD4oha%epr|ZN>L7yxI
zu!_4dwL2oxcZ%e0r<_BkJE7APggW8KV|hqP$+?~QJ)mwN=$f}09+`wNIo4~sbJ9(;
zMSo`T%nKKW4zRmq&SV`s3SaSO#z6x!BnsUOOT{61C_u+-y0-LnfT~=p>+pBY*`|Aj
zwOF?^TP#hj<<8kZu0Po3tUp~Vx2vGwa$ZO4OTHqc;vy!ZNWI*30pCkr3ykShS{yWD
zzE8?^!mP(_Pvj})+cgPV{GQ6zuX)b!9I$!#jnoU*HT<69J5kEcYbLm@K9Z_0F;Mle
zPHt=elu@N$v$brUVy0)`7!$c=y$i;6zUf-A0O_$j*>VZB|At*fAU>1U_z#S_+{j6#
zrV$b!pQ}0#*S6IVjs}7*p?sBHj`X-LwdJ!iK)zFZ{!F-PtK!~Dw1%TXt;=Y!-5q<+
zbH;|<qrvjYGe)|*DiwklJBDN5KDFvh8!%hOY0XokX2i%5le$$UG;prhuwB*E{^(ou
z$3A0*RF$M)^Yg#YyzUK&eAa=_(x_;ab{FT|A;@*Z8TNO>?Lw%z@m}|ph#$okA;Grg
z%s-aV-n4dZU2H1n;e>=}Y+nxSTG@Zgg%MHNwrFneQtz%(??(Ry6;6+KodC5oop=w@
z?^)l2?^?JZg1qQeMAVk+Qn6=y%ku3R@@n$d@vYj)Hh{hwv*-W`uE+h38w94DE*!j7
z*ZCP~<~p>`=FJK=-$3$%t(n0q#uE+}cbHgvHu7j{dL?pS2xn;CTmI7uuc0)E>a>jO
z$Y_S|$jkAzUF#D2I*j`it=v$dc8*@PY+;$=ROE5TLD9yp9u<+o66pr~O>hDnE-o<2
zvCp{xEs2W-%Srtl(oZIBPh^iR>p$@)5Q1;MsIX+j-=b@Nr%IcVTl5j#K~3a?s8)1R
za74Dehmk2}b7SlA64S`{{q>1LIB9W2(h(F_`-39?W&QA5TJa-hhOF<Ax}P&}XR$9&
zcz+$`NkD$*Sp`YU2s5Sd^HvH+U-yZ!@$Y9Z=*-zdpqe@2M`;K+b^EF1qgWKD2o`h>
zG+@ln85Q)6#I;2VR(XJVJEM|9LTy-^`mg4M)!s3*71H#T5et;^R%=!Ur;;i(CyZK|
zMVW;Oe?>ye*NHL>?Gt-!DN%xp1Ss|26-BwhtlQG_m}YIKrZNe(q!^_A-$85X3*W{s
z&}A%xU28I({yI2#eAtW!e@cHD*s(j2F%|02<7_I&NFX5HC#J8to`!CBY`1!dXiO%0
zyGxbhv|{F)R=@n|0>r)}5pK}`4KEjn<r`E`u+w2@HvUm=fx`HEsCkn^?DT!C{*LY<
zmsVJ4R2069i%T9TsIcc%0NOKDbs(;5I&j@EDsK?Kj5S75(gTYP{3$!wmPpDGYXvot
zlkXZD3GFdZf5`hmUFPc#8!|Ps51A3pch?8?M*61BmMt)ngo*A)0E6b9oS$6#0HF3M
z>ZuAr6iATJ;xIFwons7H=?x*pvcCOwH88{0dt(NK!u`$a82c>~X5G1Zg$SW@29zBz
z>C92XKuKho_p^u<OwT8GAF_SRrcpafo*{AOL;bU!>P_9I;YUTj07XafRb`AmDua$!
zIXTol9f{8vmqiQHX7c5!;==Sj#>3CVJzyg+pc6No8nxWerc}`g7Q8U(?-Jt1a}05s
z8&DZ=+My_y{D$R9&|&(O=%3F3Dq$E2?+HEu2^}cLB2^4DrPImIvV9q@yPh-j2R7Q7
zmIL)I>%V1}BalJet0%7dS5NPNgRdRd1@Q$aFi%Xo4oJFE6=8hXvnlPSxgCYB!vkzd
zcPBLBs%sGDo*9{kPFXXG{%a+^a4nS5Un@aLNsND>%gP3&mNA|c)C${}X#TE@f0aGt
zqxEEqmC?x`XW==bD&b2(5Y0HU83wXq)Bn<HYICDN(w`=Ua5$DPd_<-d=Cw43WpE?0
ze@XqrS2ZB2x_R}Z&3|&f5wNc1v-Nb6`<0Yx^w%m~fK09>gyx%!v6S=e@~QU(2FUCT
z^6CXqH4yfr#fb=3kBF12ZO#gFW)Nmtzjsb!LW3Ef*Ju?~HwKmVT}*iow2?LUiIrK&
z(y>D0x`|fLxr*CYYNR)&mIoEXdaqF59R&)O-LY;#T&rv0%I!7pB0(21i2XT>LWU?M
zy4+ML>@2=Vv$#@ZvspPXkBi$RsZkSl&t=zk8b@13eB>pyN&{gR=ym7KC>RWBZ4YFx
z8B#KT;{4{F!ak$Qv#3bXPP2R#=4|6SFHsMl6UFGeR6s%W?&J{;PK_CAqUQq>V#j4D
zJy_DWkXDW@6v>hQ%P9xSs~aMwOMbJI{atO7O|fK=-Ku@gg6%=QVU0lb+^j_B(%xv+
zofc9zT&nOSJXv~|b(IvaJ~)qbv+MZA)(zza`ox_w^q$~#TwT|^Y(>gMBWF!%6-*|t
z$PK4Utiu|sS;d0P6J^K%NkRh!N@*oZ#&kl~zUYzh%RA7*!xAJ!mHg%5{9nWKb&oH)
zn3&v)^C=vIm53o4p$aavb%_+zF@vcQj}sxoOK<v`aCpwaOl|*E8P2!Wb#pGW4458P
z|4FFk0;3v1!jrIcrHaIJlrS+JVStD#0hf1A?D+Elvb574GMCu*pPg{O`7b_x(=xqq
zMK{$3n)usGX^4Bicv?r!I7Nx#^FZb<qcP!x@K+E;8MGKaPmvzTIy+_)&bCJ^{?Z7L
zKPwxp#}=v2pf~-5VnQ|u-(aEm;Eno(t>ynFC5jf@od)m2F`koP?slmwg5SIgU#$*_
z20c8ylA*4J9Ig(%&XmYL#DRWS8ug9d9Tw~Pi`Dc%$GCzbEC&492!4%RkZ2LKaHF;L
zQLIpXl;~JqjDh*<>FR0LHMbx1LmncMhs6y}=EL`DEfB(oEl%Y#SdL0aT>&@BK6rpg
zPjf4XH>LLA+!($^>FK9%qZ-u{fxrMBFKlg(>8;=+hK+EekNB5daa9!AX(dB*ypzIG
zW320RAbGMxn?k@jnK=}=$T7`TA|7E1>C(7=gmAVpqSFBF(eCHuFe;$TH0JCC5Wu{(
z3-$*Wr>G7w?=uj?RXsPMh6|=j`c1W-3+6Ruj2o$92qvpk^jqiO{E?#eWUvfC<BPm;
zHRv*bNH&p#KcU!0m5q%)FUK5n{*O)+4~&=`s`RTa*{$%g!9BsIg^%4<E^UJ!6iGk*
z)T!)?+bq>^At-a@dBlbhnJ~FiMQbedpN>f~+@cR2GG}{-T8)YnyMYVB$lqOAqc};b
z11K6t8(v8IfJ<uI`idB_b=8Qt90rEd(I1WmyUk(s%p*-5LLmeBUF$=Y#Hr-rO|X%~
zj{G~R>UmAw<`Yc}<)kp**2pdUfMFJN0v|yo+JUPnEy}YS?wiqxqHw~-obmcT8fKw`
zI4V0LmtwK1wzo|m<cq!!+@4krNKkh+%C)bphzb)_;57@9Z^26+)`&3$;qLV6;K?9U
zMG8g)kCzG`nRgb;Z^W`6PR{rKsC!RgK})GjDgE9}EC!61(gtRL%NvuaXU;!fGfqyg
z@96kL+Df$o_oW2xv(;2@UZX2%&=6&$S%Il=g6tw-B?MrSoe1#D?Lu090zM%h@(aZ-
z<Lp`|?h9RkE?7|}6`4cBZ^9=9BuQ)tQJ$d`Tdn}~Yhb3rhDxLxb4q5`%@>QYHHDc)
ztU4Rq*dVT&K>~NIHk;s^laYySM*DPNTqseIzGOJ2P<DC9^S)4#2sdlcf)^}PJPoa7
z(e-t*w(Rh(yW@PoO(GlyID+^E(Ga8|--iWJG|(-8aI+nd*TD}f5L!nqb6kx*q^|9X
zqNYNr)MDP~m30K${o60n*xU%|CNCPXfW(sCWW;Eap8rk0=K1_m{#}RxK0WjCx73$D
z;OT$k3-XwUH$Hmo02h)rcN7D|PnLih60-Rht4f!|9<H9Y+l=^!RfAe3u7zvC&&#s{
z|I>q-9D!}|(T&v6PtTU%Aj2jSj6d^!rU&(EQZ~<i#Ni+-(C@5mulXGT3<W7t2$XDa
z2ym~n4s-?=nt14)mt?Hjw!LucO*F?bSFju)s@#ARh{qqgKb%L22o%FX=$(Aw{*TH5
ze`yBj)};m^X2b>rHQI*}g7O6DbyRK#*KAns28!A+u>&OgJ#eU}N3D$x7-ukkDZpPc
zn$o{5UegjR<-}q0BUD%$Vm-r)k$qBskaBS;!(=G>5!&1Mq@4&cf?M1UiI)88(N{9$
z?e9r31y9H}ayyj>ja{z@k3`r%h_0gvQ(|+P%u+*=SlVBH5u9m;*ohuo3^xc}8db|Q
z9<a*ujNYi-!gjk->z$8TGUhFK3HXHAGUU{zNP4m&XcEOsg(|#8pCZli&{jK;0AnO7
zlUp=GC2kvpkQhk?&A;C(PbkF7EvD%8Nw|)YnilGjuQ=7xSsr#oK@-!Vy`AErga<h1
z_V-p@de)pYpJ^RaOCGy&_>hoX_&n}Kg+zjjx1wGDIB73CTfFQN`vcP<UPqySk>MH!
z?-Pd_7T?asI0%iJOCr2~9R#F@fag82Fx6}N*UsQ`5?%h<sfSi?==(bI*}_$Yyu|G6
zNebxEqSj5ho;3iiiJ<%;A--^JoRhELJi1nB+cqP(#D#6XM^Jxo#`5Y4`PIm7yw_&Z
zQBtK)S%6itJnlk!O_d)>3CIeowVdG~bDYm=hJ?hFYxow1fD|l33Xh=}Y2Tb(-S*y5
zu?~>dM$r*zz%OzrR*y{OP}km~uyML_O1bgFF~&JTh-+^9Bg1=E`MS*d^#u;ws`m#B
zVJN9;m&~`*RsG}H^eu2L&7@4=V7F}*^-#GLNuVO94>1<s>y+lBkT3FfM>*U-624V-
zcCjCv$gg2v4dfDy%HSLlmBtU*0E|{AWS)nR*z;)xBW~pQwScsC|Lu(_VOc!vc1&=W
zL7k#)u!f7}g}4Gm6$sGd*Z^BT;W&TPFH-Sov!M!z-rD*aH)&3KL{i!&H1b5-5u4KH
zw=byQ;F|N+Y{Y~Qk!B?^wLr^w&}3uOBm2X`EFS}F9xJ$aa2n3-mV<;lWyi4<L8Ug+
z^`p;;EaJSIi`Oe;o6k_jd0sW0+oC{Af&I=k;7jeTqWL4}0y!8%fNG}pl@|hsgvx$u
z<dHT0(_U*^nwio+b#^72qu&c3?)UYbW`x?$7m9W}c;w829Z8S;eC5WDm~;A)DXkv}
zkJKgsDoDk4Nyyd~J_EjxSB(=>P-upqq9VB;c~68v#ChCHW$_C^CWod~4<P0wSh@^k
zD=si79tf6*;m34O<cH-4ZHB^V_h2np!+SPzES&`hM5ZYm&cy>;9&Bp%6X;jaIT~3n
z5Q`U_)YeJ|7qwbckAAc)p{$UA(W-@7ZUirglVF%xw`iunJ6if))iGsM$^W~!!^Dfe
zCP{5`xLqPqhq}V9;+Q!W%Mz60Y*P$xV0#1y?~PtR*%MAxHd2nBEJ6Ch4F1`URGDX*
z9__^7uUWKh;a0)^hnEyxs8V0>Zv@iuaGh+(C^io#cIQHkTC}?BU^nSsI2Q(jiQhZn
z^@(tkZ+{~IA0~F5R-a}~n|7v<>oN*6GRF5tjUs;@T(neik!K_@7T+Z%N)K&STK4;6
zPe<+OOJ+=&VqMrw?-p`OKJ7C>$Oqh0B&|#=Jq7E^Yd5-_<p30nEUVz_^+X=gj$gKx
zM(NL`4_Kj&jg9Ua7(Ei!AAWMwdD<VKA8oWvf(b5;Y^7|=w_S{H*&DBHaC<|imi04C
zP!X6B0?RD=5_;v7+tZJ^d38r)Dq!cQ*jsl&nuTFzS4637p0VqT8R(P7Cf&Ntcd*3`
z#j5KZ;o(vIW4Y=6=C$eiRV{G)y=0?E&auCayb0T&bFs>#uq9yQ6y%H-e>+%VbH1d@
z>4n!3aA5gRm@k@><1QU5?b&lA)WUYOui#kf+i15KF&$R!k)50Ca<N8ATmJ6quanx6
z$f@ZUpBVzZbk?uPc*Lx<`9AoW$Oxj)Hy(oykL^=KWrw86oHEX#dgW%uG$@(bRkm-2
z@Hp>uHDRRP8Kt5vlihI`r@^f)3dgV7;efR2vVM@_OTel1b7oX#n9{my4HBMV=hIzt
zkPXuk%1K18a%zosQR32)=uXiUM?vxh8y9g$h4g>RwRc@ureKT+i!Tq{=SWdsJ{a#@
z`65)p;HRkpcyyV&P73dr;Zvi=2D5mM9j{Mh)Ntl(8TfvB`#8F~VZ(~1tDQZauU=j*
zZ42n@7s41TFl~XOk0i#SLXhurw#kW!O6_3I;O|dL<oMN3u}tHKraC6o2;4#5TJg?E
z&ylJXkod`Vr?TLY#0K1%defDR(;ZPk(24%lw&6#zx8hkFhxm~P@-5lA!198(K{>*h
zj<iDY(!zq^E4D<#UCD&3m;x~=<)NvXnD=bivTeGLSdg`pahB7@nSpALvg|b$1xm5x
zDbA2L2i_!yw2;>lEHGO-%0M5g_Zl<{QA<YKqti*7er%KBnZHDh#~A}Fbe4WE)zTsR
z(eOK@QYgWTp{V2Dt_)$A^WcC*$QY$`^BrqB%4iA=`HfH@epFv0O1hQIEb7&*g}bg{
zvs4L0{~$e{vqQF2iLc_0VFv4wPQR#AWmm!M-q$*JWCrW7labPi-pH*f!l*Rw%k$f|
zjYW63dCLro;Wxw-L$Ty$SoMcv35k(aw}pECY$jy>On+g-Qlyh&3Mr5Mq9I)Qr$j?f
z_VNc3g_U<)wK@sLMZDNGG5F>XMSD;p5cs^OqE?M`Vj0vpSnz;~H4{}IHDeMcf~mz5
zN-{a6i3ieNMzT!d23S}dW8SUv{bmg=x`4$K3~dCs04Kt6FylV(6`i1Q;X=%Z$Oz+u
zaFG#PEPX2wNl4VtE%<U*I0Hp>7+Lk8Q77$oPNIFTWY|rL*g1;qEaz)MqjB$MORlLg
z=^oU3dpH;pxEg5?B)tT{2vf`>8Vx;aF|WG!Paz8ro%9<O3F9jhKvHb13{ZI0w)>pe
zh@s_B2#J)w){2%ock)~_i^iDl1+zVr<Kb-#iuy{^r!1_rTq1sn<dTzlaG=ak&h239
z#xoB_ovTO>O6zr@{DFTq<eNEMlRv&3qBMmy5&0vT`X|8CdyT#qZWLA*ATh~^prEh;
zPr?<$x&ic?{avo%pJnIHIpk_ra6*64$ehzXCbVezyl0J`C4PR~%fdm{s3d0{QQe@?
zeUf{4y6ii4n}us_?rMCAxAwnLa*v_0Jz-0?N#Tr^nCjaf)-s=Ja0%ZXcA!VpfYK1C
zgnRcF4j8h`wHgomy`kt*WvD2s)j_SlbZ<S~LC`Q6=O|TXG)bMQ1C$h}o<eiSOMr7)
z<qOhSE>bmS6wI84(#I1nZok46Owl^Lq0ydmmYiz@++3w9&Qb32M#->7*+e~Bcb!{E
z_p{^5Mcar}1p;Q-(%F`;s-~qEsE;9sHasb(%e6hUOHK4$TX%Juv12h>SI^-NXt(Be
zQ~(t#dPQFMGiS5fppqf?HP)+6=D`UGf60?v<1~CCyzc$XQB@NABqw9hXN-2q@Bt+=
z1)J;X?PP^ZesxHdbtPv*`4A0eghh+2SbmFK-9xhtezrpI*ZQqQ@$WvJYF_lyr-#OR
zIlO?lTcWyKVA--@zbNbSecuE3q^;2?Z{DQv%Krm}KzhH8o7N96ZsWvKCV=Wq!UoXI
z?!*=?y}kn3_tTjqm)83iD&qrC8MnLjZl~9O$*Bf5RvA~DgH|gaBe9%ff-lif$}N82
z8e{Ce^5>oR-mUXitJ=xdOEoKpG!dCc)=CG{wc@r5FrH4RxSMB6v=F7vY~aqOv~7~I
zz+8Dc$*W3v@e?MaT3oKJ%2oCDGJ26Vq=P>%DcKE6)~onShVQDG<+qCSv$5N1)_|lO
zSi=EG`L2c?PI;|H{c9v&#JbZ=zENG$TFK|pq_#EIIV8{5D2#qA!$rsm=XPql(P@}f
zqq5dceMyIm9LMMq$~-=Vk>uWTk9!`wx9T4JR%<uw`J`Fg7sr#FOuD%3#P?WSIlGMi
zU9RMNAwN^kqx;Az#uodcKF_v3{T4B;RFaJ_pGIc3jnG9e%(WdKxueRxL4hYz3tl?$
zA+k2b#!7bLNB*{t?y4sTc9YVxjr@U?thI)cq|vLjjrL1si4l6o&Tl?n$h606;CJxj
z)YP%K&Ku2UFK+>GH}AZ}RT^%<Uw^y&U&}o1&OYD$x~j}4EVQfueE;?Q=5pQ(aIVzN
z<?o+<+lPx^c7FGG&cY>$6F1J8F8J!EInxh;SxOJRm}DTbgR$4>#tf$^{@_xsK^`T6
z-D^_Berl(xSU}sm=e67IR=3_W_o=Lj9YvW6o7DS4Y4ccV*)Z|_Juc40*%J&bq>Dnj
z$!lFBZ;P0XnS3M|&*%H@rL%%-tU5Yb#(kdPh8I8sGOu_vA%eG%DGFvQo!`oe85r^6
zYcqgm+CR6+Ij^Nbv=_Ax!~reCso@I2amUC~rm-YPVPAwMkU`jbGkxUh{Z7wJXU;y%
zWX~&i5`L}D`Q-kgOwX`ww5QA*kC{h@u4lmr^$ahyk^UHQ2X4(=rVdsKjz^d~9rJYj
z-}46dtwEz{c3<``a4~RWayKkn{;sFLPHY3+?9?i~e3baRFaLZb>6lJiIG#jgSMQ<u
zcoxZ>6x%<MXVTtXld@#tKSnO)rV<+BhmqAE$!)Z)(0dt)%yDVAv09531?PI)ld#h2
zSL?lc@8$9Uc>_|nipBAHs9Y3@v{mobs!x9Tf4m#?;ybdoLl~W%uGXUU;&LqyV!HQS
zU97rl9~h@W14e91ViP~s%{mJzJd4=cx-K0#@td|$YZ{HpKCj-?^2|$j_@=mSKazFB
z$6Eve2i9;Zb`C44{Im$Y^Ch`c9bZp;sh9eCb5P^eyssJ;&Zg?8b81&;*PwV>^jKrK
zW_|8qTQv5;7+QT83XR=zRCHb&!APYAl(wL!$z7Z>mr!({<l>&ezoHH~@qYT$JIpdX
z+RZmj4$7L$EH)jRFf?47$`n^}G|s}|U^6(jsLaH*ZA$P>Ark+qUSW8@>Ki6^mgWgd
zvp%zBw2XT51!wiRleYH0ToNHOSj+~bdA_bb0WL7rd8OW~=IxiF*6D`4;Ep?n6J&a+
z`DYV&0O!yrM++ZK16RgLiaq^}&n_gJ!$9joE1UTIqey4<i|syucmy*$#HTlWNV^$*
zQRJg*kjJJTzmfsp&SCL#I_y75Wv`Dh@y=`@1P7`6KV8dFUT|`HmUE^9;67>@!N#=u
zGd9G*T#Oioi!F3`!=1g!4XIY^5Be`T{s1206cTY|5K}s}si-cC>Rr>UxAWet+uoDJ
zJ>uHKwHVCit~V3;;$($l6-Gp9I+GMJknUH*nTh;#Q0(i+vk#ZImp8v(-rPn$?fByM
z`u)}2S4l}c{&4oUtMkMYDtLKzbN=hs>$AIGZ|D5*^SStK9GX=1_Xt&;Fr;vow}l>r
zpwdT<OuAeG**VszQLWbogVqc7cRf3Qug(HFnoAH|TNgzooAUL+pu$^u$7RnY#4_|N
zJGgSvf&*)L410<Vn8G%Y%mJ|kTtKhY5*k=GXJgm223FsY=<L2312$-9#?Wnas-1rG
z1q&{>2`A+Lv8f-tuN#i3^Y1$6gGPIB6n^kY=k(ACKFdKpa!XHqbh^ONeLm>L=`#QM
zBgrcx+ROSXMGot6a$iSC!(;=`9fwhgpU_!dnzN>S);Hh<t*X)P*7|$3c#;{IGlAFG
zy8?QB9Oie0rw1${G~GkH8XA~|e9xlNI+oU<w2r0qT7x$S`CQ$|r<`oC#hyOBqgZP5
z5|fr0u{{1%<-CbMlRgBAkDc_BG{Tc5m%Sr%`&wg^R&?LE4+%B*orouN)V5dHCnjbd
z8itD`94xV1LW3-f8U%}p#$_SW5`ApK%ZRXqRuu(Io-^Y8Z}hM)Qj&pe+c!Lu!ES*X
zZxOq4xXrK<cCL!}8=yA**1)V(8!uS+Asr)P*9@nB4Hkg&gO?*)#}5P-&>P)erI}Bj
z%|m1X(f-Eag8gthCwWm`mjE%=3<eOtb$zfLlqJrF?rBEGPxzb?evT9HjqvX{C9kCD
zd-fA+NynpKFhrifgA(uSs(`q{WR$2j8nVc3GBD)tnExq!mb&W+t|l8Crx+Urm2fc0
z<zkf|h?eSFo?~1D8gzhT>>|WL*Vj}?MME+7!5Vq_JZ}E%VYkVPKI>koCSn`v%CKmo
z?1OXuLq?^>>uuu&>$2XvLv{vBbQV~BpT*YfDo-NY9m2g*eyEEN^;W&oZsg-w`4w9B
zNi}C(IY$)vdLwt`m6^nt0>wZT5Ou-vQL<3PWkWn_0fZDb4>%2smaR#8$7aQ|VhOOo
zo%Tm~olJ>Udo}f;5#C5K9`A_=G>e&sabD(RxeczMy+*e-s5bX%`7^O59447(-a+Fp
zx8PxdDd~Ybc~eIwCAk(oKu+~mGCBG^;&D}8>(+aUp|l$9MyD6&RX~dP%TIpbxz6xi
zv~<E<<FgWQYR3eD`Gl3u&wn}j>9s5k!o~-+&?7Ng_D8@OIDHXO`W)Lf75h;U1{n}`
zp+EHouqnzyF7Qd5RIo^r&dufR9Xq?edL!(_G=-XIB893(A%ozlLuMjk(U;jTmK~s9
zHKnAS7}(Z(%OKJuw0fj;G<xnme@joVoO`%aSg7*Ft;Ar=eSt{Fl9jTF)&GXD2`1(=
zJ<GOD_rZbM;8zJeuz~G9VE$~MzMBZ8Ijru059J_h@EeBIw&gtq790t%%O~dA<6~<&
zj?D;GhqwiUZw)5jgCuwfb$Jt5!#u=uGS7^G>(Z9}^B=f{p*?u=MU0wQ#g|uS|Hk%z
za2*TA;>#;43$t{`#}ia_U72zli4~!Tjn`rRY18~)K3vMi1{E6x!Nh;_`t=ZG^=YpR
zeSaOUs@G?ei7k<F{Yvsr{SVnm|8>uHd#}d^#uj)jNWNAhP!?P1&o9m^?LX3ysMP89
z>J57Zhgwz%)nzR5_j}m>v?xnIgv>h{l^;(2kwrl|P|T2m8jDw{Vt*!n|1(MDKU0N?
zYaq37e9E69?s+wTyu3z}4h#5#{~9=)ffwbuhGK}U-=oo}RcbZ8QpNvIL~7ajFL1Tc
zu)tP_PL@Ir8Xuk?PP8AQi7emp{?r4W8@BQXO@94@noj)(jaYrjhdB>QsWHbAS7w#S
z{(uqM=g0h&)TmqBhvub658j(mECOu*|MQ=UFkI(O!&R!dQnb@l3*X`<c7cx&s2zP#
z_V0&pS&aH==6($~C$b7v3q#&lW*=d7Ad~T7^TXn#%nPuE1KrSvw&4Ju`R)3OjW8{+
zhj%4mARBt8;x{;18hu49>PHo4Ib=$#6ys=c)8ykGH}RYuO>uP&8Ok*lMr|Hgo{wfw
zToMER<PHWpf-}C-6%m&eDFkL1GfHF{2sv>)!vF<cmrU861{9E8W@JG&jgkU|Xp*1C
z@o0>l;KIp(iRYu#YGGDv;G5F+h?OWUJEqh`5;Bkki4LTGWMop`pJ^iN=6tSPXj&o>
z_lXuovHo-mJXG=w_$e@kiP$h&A_RRRYlg-!@_7^>T}z?uP)j^+L`jB<zyk@zh157=
zh<+^|LI6IO9$2&<N=CxBNRvz9J4-(o{sk!8o@n7QMTgqQ+nCj?G-A@iz_oEJC@rQr
zRD*aTg6b=22P?E;>PwUP+p#7wI|7Zh42kxn%q~0&enk14K)%%yLHR9}L_yrY;1lkk
z-6SmO)7u#w665lx9$pdt{*V8^y)W%<8%YxU-oGM8yFDg%2oeCn%eFkNlH@9_U6xj|
ztKPh>dU_xZkz<lz6Qos|9?x&zh&+G<kO`g=>5~1rRT7X#WFjLn?qJPQWnXz)P6;o@
zz;VU`{T1!_2|0!<rEUTbfy}#_6r?;AG~?IiHTsFbdeLFGj2h9K?G>IQHUYxN$o%nX
zG#)SDR(`<O(`huD!&|NZdqqS<AAtU~F4IEA<pnf7Ku<%}^_P%h^|i<Nzhc*0(f3re
z&<*i<IHA1--Cc5ntKj2Tnr;TRC(2twn*WA#s)`Y$YcR*(svGOriCe)9Gd7~o^{WDS
zR>DFDyZ~zwMgAxldw|>ciyAE8n1-VQO!Vo>;P8{S44##?2`@uzoE+pOV0&KZr5byx
zFnzGB?%$?v9Ag_~C)Gm$dHReaDA-TR-m;&D5NjGtHeGE;e2JRqwuR9<`WcT-KAfq6
z1Pp~sV(3DnzboDsS;VxbjD<z5w{kk#QJnoVPDYC>)~tFHa8iZ)fdC|Q{RaXLH!~av
zG`|M@0g7FR1CeB5IS`1L73eU40W!N9APFC&fkyH4_aY%I7j31#(!SC<kFXvZ@K^8j
zcduyji~8zMu2TL!d-aRXAB6C#>WMGa-Im_mQWyR;Zm2>+0=9{4p`zgitdi*ZPR}VF
zNlun@{JfZs?JZ+cTrwZ~Y8LqmuME0;!#t3~&AYC_-u*>BVf;i1OxZ?d!a)>TtvCU%
zs4{69rlV4sq^c6d8pOai)4;=zWXoG{G>VwoOZn+2tcGZk>Bo4F_;Qlr8IJx=ZNLa}
zs<*1l(qCV!x<M~$M5FHk+3!V(!bf~@hEF(-4w=$#`g^i0jcO;a(n)9^SA9w%mp~Dg
zn^6c|iBylsX~`!L*vE<ZL^&o-=r3jdkv*x8-3hF23=6Hh$UsttlD&%?wrTa)Nol}m
z8buFd>3mVK?tf(nw!lOU!OJ0ootJe|(+1tN%%yUaj8l9ijzwHxJ6F(1W{wQi(v~O?
z6^ltIUST=gphePOTzl~V1YCawZK!3KUHD+dmWf7n6;<PMeV|%bk9HA*nJnf5UP=Nr
zABpxb8DlzH#94y_wfn}ym{jJ`l+4}HXBIa*^9&!ob=)ETnU+cl?q*ai(+^xYcQ}~`
zlMHG2U{z<iNHtsaf^K_#{p<=imaVw4k^y2AmPS~`>WqDvBaL5YV#-$dZT6O!!mk8W
z8Jl<tD<5shtRS7f*>YRGuF<k=({P%hWAww8Z?rmX&vrXuXm^=$b){JnLroIV!OX-A
za!mCyjIV=#ENDjHqnEVkYigqesC*vz`7?sqZ969Z`^tyN8i<)06w#B`XAtYkjL>ZJ
z0rD@<AxQnkY1*1MDL94EI(Ap{s%<*DS9Yt%rZUl|1g%stHy5L^b~K7pXNKJv^E0M2
z`9N%B^X1s^G8_eeyn-3;CI&sNFHv<H%rc%UCSm?6!VcVz=JRM=GzD{O@0UBc1^xMe
z&f}QW(PBW|RpciH^D}i6;vOyllo1bR!^!8D=Bp5P^CkDFp<VwNk0vqgiuWU2kN5ZY
z_4{T$n%y<<n=}9f+7Q{LAEG~KQxlc}Sc3m&aAIsf@#(vt+pT(=Sazr0@tUoA6PmW0
z^`2pO;W7OUf81E6S?}RHYz>=I?-JSqf58T^Xx~kLFgFu)&6z*Yx$1QKhGPDv)va44
z^T+gWBl(*Hg-}>M22IPU+X)oC1d5(+O4y8bCp74w@S<ZR!{0Q`x<hwYjJn#g?N+C5
zZ?<mwgCs9V@+V3E#2;h$PCfYVV~wv})zZ^s_w0HL-m&IpTsmVn{h(v3+rtiJV>?}o
z9#O|>!-p|FgSAyn5i6!x?d!3@ANA{LXWj7Nt~#fB@km$RART>^Bc`d-i)}A=&@;?>
zi@U}w^SmgX%R)cDj62^e$&*KT-`v2IqrgCy6rhK~I|;e0h&-S_yzJ4%>~O$%UBS&l
zt!0(BvjEMxH&_QfV7@7Wn?wdOeo5{JQ4M~$bNq?rKB)^Hv(@2aZpHKK<i>+bF5@G^
z#HFm0Og{hya|cc`98Bi_L#KniEqKk;lrA$>GD^af0ul#!-vSJqddzTt82M-JLLUS!
zEiRS0%nP@<%*MTk+cCqwrThn)`spLIL*!V-UZ>{-z0fy$R=aOFJ;yh?LB}@Su-)|S
z(DB+{hdHJNqtP#k|5@H`4M%1H^jUr+dHLS$qq82oyX5Wz49G=a>K0{QCGcZ^z7>Me
zwY<>j`F*3=^je1FJADJ#FW0aG&-B`^-Rk<@ZlRWro&xY;{%r~DEw9z?_nRHVHd{@@
z>A0rRZ{r7OHG7?Q*8^_W-!1GvEkqKwEYySac?rC}jTK-6-!MC2*8qC!8g2)~i_mo8
zh**Bl_uU=uHFvX6ZFJ^U3Dlw8>^B3;F|3wl8IEiBP!tM`zTa*It(M>KJLYboK9iy;
zvp~ynmZhiKcEWD6WgCHQ0WP-Ow$U>I@Mh2VdUm_l^vu?7VLp{}vlrm@@^4FE?}9iL
zcx}fBEDKLbU>Yt+0Y=wx!=UH%yMY<(7WNbBi*mve-4$SW)8{2n_d5ZIbZyHB{Llrc
z?Ka?IKQKZISSHVHwR`>cZlUJsj>x~F_lpAVBz|-m<lUCp_M5&Dv@M{3oleW>dhO7#
z9KYvz9lzhh5V6OA95XekP78<J2-Ei^@O!;(tK$To(Q(_R;dqv7^x?7rT5daDtM8k(
zx8w7|^G7KlpUQ8_U=I6UuN^o>x7Ed4rwhkBY{SMk9mnf>UOVX9JBC^KHvL3>n^dqT
zzTPU}f6p)#j1Tx8nEcpT;DE<<3G<{}n*L4lx-?8DXxsgr#L8gR?6dP<GIg_42Z+^6
zXN#;1SUnrZ{B(1j8B_Q$5VHE1tT2}t@!k1<D64y~Goq@%H?DsB65srvstT{T?`im<
z_?N5l&4A!3aHuC0>WeWA4r)u+fq-mU(wI#tL76M{ErZDN_nmx!k3sz>*M@U_5P8Z#
zl1$1V%~kxCfxL+aJb%ZN?IU^v^EuOv%$5B{%y`uEMo}$$+6vXZ84zrrFdJf0ni_c}
z5#lDl0LhqD$jrYGw|Uxgqn)EnS{~|r(Qlvt8x<voWAlbpC#*_4w>F3@1<AWi<?me0
z@1j#1S(^Q7BYZ{2YF<a6l8*IqgdD-ws*D@7%69=g&ZO-Ez>N+mWe%5t-YahF_Hg?Q
z@SB<UA@T#3?Q3<o`62ko43}ywv&_eUdl-gd&ySDI8UaqFhQ9K3ll&h-Ukt;_MT`#H
z4~P*BBEFFN44s`{UlHD#{FSeSFTg4;Kx9>wlwIpDru1@_hQ9DOKnf0_JWed1Cd=Ng
z-hJ~af^7fv_3oXZ=Xbm?e7<q>C&ef!s>WVYj4dg<fgKE^<+R(~y(ewVmBC?U?T^XQ
z(roI&I0u_1C{v;h0F`RutXL@mjR8!$7ikR1uc)KU88KdwSun;BxLGcih>b{-+0Z=f
z%oxH`v9FO8C<sH(cY4n_ZN;yH=tWHYh*dap=UTM8$A$)NXkbI5Wm}FD>>K6e45u3<
zHx-X)C7ZHxSLKziYUFGf!}a9N87jxeoU>woN(m4Z8HJKES<5S9wGJWC#m8vMgHA~W
z;G~$%s9bf^Oct8TSX(BrDb2N*qXkXJ>vTf5$5fGvcpi;^MF$*aeL9rFPAk<bE*#*r
z*YbL8Y1;!ljnkp}MiT4;z&WSz6ZWABWzL)Zj@k29`o_=c8W2U#sBvgX!Xi=l4BHy4
zt<mjxz2H!AWT%(Gfz&`-R{m_&R7uT)$dvSRghA!(%r&2;>REx_w}Ot}Zkp|<%s-TR
zYAEs#$uFPM*0ft^>VCKB+AYsAd>1X+J=Zo|$8n5y%j$$y)9>~yZv$uQ8@}O;O`;~h
z)TEs}<14}~%Q#t6*}GuriKcL$$wrhvMU~YINufvYSWeMTx9u2!#KbQ03#zTIFcndn
z@>`^^pl^B72bv}l?M9U;G!m2G)7#sV_wR3S*&u8t{JnAlf*NBOt7(o&mj4q!Lh|i$
z-tB|v{wxUH#b}=BPj*kR666%XA3eDry5t9CFgH9_TKM_$BiuVtuyrEW%92XViBgER
z2MX^s&DJ3?B|D-KxJCcWP{gkkKY5)H2@83V5I(bLpy<1l!2CHhSG)*%qGcq8!3fh!
zlHC+;fYB(mSkp9-Q<Cn6om+nvO=&hKnyC)67LiflehJVg_yy3y7eHW190c&6xjRaZ
z`5KC=rtLds*V((q^BX$cdu8M`WwW;B<_{$CDVH9(hBsuCyBw#Uw0w>P7_FDVkXECK
zUL6VDjsq8J=x32|x9qgr^TJNg>=>bKT87iHTZU_*qj|UQH=TYEcAQ`fcA9zP<oIdn
z;g$^b4r<z{OU1|tP~>;zsx}#ZH$h{$#ZQ3bxG~i%56sHpaCUVQhF2uO`_A#M#PRz4
z)IC?0SD>WG3AvQ#6@-iL9IMh`n*G4_cgz;#&{%O#vle9+b&7F?i(2ZuF`3}E`{e|;
z>_c=9WayM;ujGky7=r~(rdWz0CjY`<5YX{fSOFK^0%p-jc*$wYWeKt&7tUf+^6Uh)
zyklTZa%QZNi&)gztx3*#shy}MytQiRWJP~}IO91yYw1F<4402t0kGjm7ele~)wd3T
zMYy5g^npc}(Os0d1GcTJvD^YZ5|;Z+q)?T4?mFRQ6qBwqo_mdp-LlM{<9mm~U2n#+
zN}Oua;=(Vy2j*3Rr?L)KyBXL-iw~D)v_54ut%kc2)<03L%2cJ!IdYl%7Q6I~^5GfB
zjHKAW3h4Hv+<3+vBq=1|-eKX0d6p&TxSlI{nF+SNi$yCwA`OO>(Bl{nBnyOPGlv0;
z98E?KBp45&1HKoXv6$*CfF(5+ly*0K00nd3#t{MLH%L+-WBTF;{s=K=9j6o5x6C$W
zb)L-dkcqTZ*dB84zlXX!4v+UXpR_w)KSRsxrRlzzt}}*DW_Urf>+hyY42o~uAg8j3
zXgpifsxhe#>dA(5JLBU@Hww8R82fmfS3Op1Dhr4RjbVANhXDUNOX&ymdzi0+3u>Bv
zmDKCW;&!t-pF0RKNcm>}H~CLsND1b=I>wXjPUb^-1wfEah{`rpmE3gY-Qu$!pNKso
zY9Ee+xUU!v+z%o$K=tT{^Iy)di3<pXnZMwZ073yz0-uBQ0ilrN-PplM-Xq0zrScxy
z+$SlTvAj=Tb=TlIby#G2C`u0UH4z7HoNk0WNBwb(IVHR#ox*fBgwC)xbspyUKvU|M
z-9&|o(0#Yl@3x+?(0!SfOo%4o@Q&xET3R<gDYamv{fws9>~uQ^A~gI2&>bU)QRur5
z1^RjBK3s;s2EpfJcpHU4`ab8{G%UHOG!92zlMXWV^!GQ!>QT8~420*hV%A8zx_fqh
zedjmE>63p!pzuq-zx?sy15?xSKQBLhOf_>GYVKE)5)OjYvJw=+{<WCLLq8y9=cQ>H
zRu6s>JOXeQ_E6nEty{wU&qSsBL^d#ZkqS=Xn1x{iTYl$GhB3of+!d5|`ippowJT_u
z+Oi6<d1BbHtsroE&)5l&tNEA&^*MMTywZuN9HXU%TqZKGqrpqg7=9S^yxmla-Kjx=
z(T9RcZ5R5!RCOmS`cNr%;8pL%m!D&zsr%t*#A@0A1{zq&0<)Q5WfD>uz$6BUo1Za7
zRJggjcd28xj!p>CoAQc^^9gj~E{cF3V&4?0fz*o0^>H!^U2A5UHMS`1N41NrlFk|=
zr0aGAJM6cfF9|sjRiqdZnM8c|OQN|L$>79e5&`Wn`j%yzyJn<#hJ<zK22GHV_03y7
z%=+ObK+R5!gvHEq8FXAMa+)L{uJQB^RM*dVi&J`D;mN5xb*WNl806>(Z*nkXgogvu
z?=PVjtBkcNso;xTi&97xxoD}c<Ww4D7R`B0v4=Y#-uO`&)mR<Pt!BsWIHvb}(OldY
zv&DpFq0U!~TgoZ$js|u#`krrgc8%^k;}kU6J$Az<d_%ke7Ph;?%6oJ_3^&;j8Z#v7
zK|dKkAbD6&tv#=Y#||Li`6Oc5*yj<M;xudEci;v6&<Z=x7{9ai9!VuRm2WU!1I5Iu
z9>-bd1lKDgH#RzL%WAa`6~~k1y(U8cE9)K3V7(VU;yxUw;bdN^(DW&A%0x#@Fk$)C
z-4F#a-7+yE0qf96#SnpNn*T-*3hYu^q=1U<vtT})(E=QgKrU2@T(MD`sB&k4{{u~`
zUZTyFWRv{TliCZ&XVAi$YY?Ka-}bD~d&Z2$jjGP9-Xn^(HfU>uw>Io<&vWcUr9AFz
z=04nxg2~-{P{}*)RDs-@C{SctaZe$siA<~5V@jz+3{R%L>>ebyD$KnWElYdXI0Q05
zlii!-<Z9mp-{bP7Q9gH;u)K1O;25ZXTBOBa@I<>$trw9Y&45=YSC|TD4Acic_!O}0
zZXLBouhne!&93!)$xuc!dUNv=;YF@j(}>3L0IOmHC2HBtT|1TSj1m<S1U_q3D0d?g
zjz-c)m-2uatd^LMd1@lKbK*fjBOPIYc#pbKHP|Q<(F*NfhOUt|q1s%yC_~t&b<8Er
zR<qp=`%me`#51oe{Fjn9-#wQehXNv^OU$e&JFg{x3utd7?G4)Az=Z5=Z)g5WpVT>Z
zH^`_fCBXf(yL6<wtcf3K)Ze0zm^7CK_fs|}>2UHt%#@wv7OiDck=B&?N9ohyJof;w
z6U`&()9MBp2B}Gz)di8)l1r4EuHt6y&KGf#Tb1gHMT*q5cXhLLrTGk%`GmPCu%}F)
zG<rxP12#yTyFQrdY?J6-pEOsqrzm`ihz5m9W7oh^-9v+LeNO^yKDln1CmBu&^Au;`
zvI37A9f1v!5!1;?CE!69nbfN7?Q&s0O-S>fJr`!H-R=3k;29_5!xVC}VV_pn)r%HV
zBak!NonSXNYVjsrN1$MLX|4xNfGPXv;zgD-VbUC#`(XYxsl@2w5waP=nol5RdQPWj
z*}QU3E`eCH`OSO?c5i$upCV?^=08Tz^=#8^t26d}Lmxxji{HxUz#SzOo|v^k*fm})
zd>-3tS)EQ>oop}vd7cxQPqGyb0(U-kr)61fSUwxx(D2;0Ywy~pZp(u$*~o5&6EEP&
zI99Qg@vc8Cyw3qmlnnb-p<E-$kN28b%yai+<hu`CkWn}6@P;&EEC@cAHiqw>wjRSa
z4oaK%c=Idt#{b8HR&$g);O{+d{Ykxx(@mv&E#p30dlvKQHn11R$JsT*CS+b@)@UnU
zrb}vO-xgNj)JUtkk7PZ4cUFE8W2B7tK%$U^M^Jz90<~$jOst{iKVP!)b}?dF1u_B_
zQ6EVL&6s)yn;BNK?YalXK_)t9IWy<`G)w^5$QtKiYRUCk<2q`3an=+PyyR1t=vWV1
z8GXXPXiO?2G@s8C#T%J&wF|j8+gQ`Acdc79nX;-m<@FT;r=lt6MptVredJB-`669(
zAs?t01a{MJK4WA1<!m}|C+OnEjvQ0b5fC-eav;*#=wqUIcS>AhgLVg@-fxGyws~zy
zUY4jM)0)V<fWt8{*C0zNIa)$(4%B<s^(cG7Enxo@%u?f0!ILKn!+zw>@Myy|ozx)S
zCn;JMa49X31zD!Cm4V14z~TsmhwwT90L{?zdwFk@=R`xOsUko$<zCh_lv(fpk6IQZ
zZEs+Eqwjb9(Ajq&WhRi2XD|75bAEk$efj?U_S4nb$;Wdk4WX*l&F#s}&Bc!&&d+iU
zaV41Vf;PvNkCO%^6F0d@MngWp+gUWmFPnD19Qk$pc9>cw%D(y#+_P7kMOLyEi5bQ4
z-%_k4Plt$mAYvIGE2vUM9NC5`xGBB&fDCFr+sYd5ifymkY<1lyO>B}>HdkdekzRgx
z40ue}C=!l>V7}ZffTyaXtqtDV=rw!o&TjHF(*nLbE#E8G#@)s>K<@}3>fB4V>3luh
zZK~n!sQzsVmR$rZ&1Lt9U?o#jgvOaem#=!eO<~^6OYyqdQoIGDeG1kFrFb_hz8mC=
z@1`HIRRl{L61_{X;Ic_$a*Id4T?A_d59uB37Il|xBu>0JXNFD@thN0sHUevo9(olK
zPf*Q))&1_auz$COX1m>MJK;0d8?EoQ02jV*?%F`R15fA@Bkkp(Tg!#xGQxVJa9rqy
ztsa(0eF|Io<9>>atGVv0q^UU%#GZvk6D?B&sPY{xIyJbV<vA^HHLLj{e5mmk47Fmp
zVDBjFeMgh-B8X8~VM>9#9hA>2ie!obc>%(^V=V6tw>&Ric*j$-SD-BoLgp7CzR86|
zawIrRyaeD2-`i`tW)Qae-@PO>F*lPSp!#LJz$fKb3=g{DJq+w&gr?&<-&%43)D-I3
zagBE`Y8Nx&A!S!&HQq%WFKBEaD~E7PS?daXpwIkQ?!|!Er-6(iBJOZ(uuK4HQZ?%E
zP?N^cE`hbjOi@y%4j}?7hf*w<wTzKPF6pS)64r7tadUER(w`4qOFcO98wf;gTuIv0
z=-;;h%4}YE3jO3~vtT*`B67=>rEEk#UoC}$&0VeTD5RWCbKutQe5MI%fI_njoa}K#
z^Y74AJWbH}MLOB4YE)k$St-3D2654jPq77v0gVE$5m$<f!`l<FfhDJz+^wN>^}Uwg
z?>f&|{Gfg>Nv3cfaa8X9!qt$XwbAdG?L&+a-%s5MMY#!0VTr@0Cvu7yrT+{+G+TJk
ztVvTYS9Nm9ia077ln=)YJ3+_oxzCpj$f+V`A|julGEbk5N=_Iti;V^_B15BZc5VM)
zQ`Ib2hi1&kNdr-Ur7Yz`jc{t9Xq?R=v0-uuK5l*<b-4I}Qx{c!h-^}bXeMQa@I)5B
zr_Bu!XR$)qcIR*~@wq{!+hm4lnWp21cIzoEzQSClGWbgGzT0~rhs>VN0%}zUL29|V
z*Gn4<Ywz3$eW&fXJ2Usb%b0t4me18~y)+kR&d~dA2QlD!doL!UR2o(jd+$54QN~dq
zId2G!x2WzgM7m)1%|I8;vjDF6Z++<a3`OvA*54F5u_v$Dp3uF^@8_<dV{>Vtb5{GZ
z0%B2%gu%@Vkr*AH9lZ^q!}|%ye@6x~XA9o&+=)!L$H(R-c?3SlNn+&<%$bDW$(Cw4
zjvOWFwW7#3bBRzPZr(nuhjBU-E`Z`q#s@G`FJc2ouP%W1y*%N=<?a68O~wacGVb)6
zy>8!o&ZP#{HW^#3u-)E`lh}@Of|pn*If@^+#TZvF;(3eFyUn28wz_J&RLeZ1523uW
zmIj!vl((HJ<LM10hk52$3)bpn1k~B*zD=ALD72?Hxh0Gjudx`FzFkMOvy4vJc&Rm{
zi@%q&>?JLm7XG1#UG-IQtN4A^4qH`iNG^ai*??T^YO>&5)M~muC;LKLPAmIHEUDJc
zK2JYtr$)Mm6#1H_(U&S*B$Tj#sU4^5_?By~gsIQzlHvQ93ZY~c+`&!;v+{`hK$2UH
z8T@5;TFu>*S$ryr$0->PaodXS5!pCfM*q&2(!GS9iRY<2vW&1vJ(@+bb@?tOTDc+{
zNj(i^wT&c1FR8UH@7y<4dxIvP%pG_h#D|)-1p>>-Nu0*pK6<Dg-`I6pKdcoGEO@OI
zj3iFq?zo-jOcGP=9XY-JbjHgbub{t!Ul+cC&5gimwfehe0Jn?I%ZSn-0pGqm|BteW
zyOU2Je_Gb&5*w8@fd03q*XPA3z(T9*^ItCCJw=G0y1u(yv#_La;@UOS8C_ksX8Iuz
zOCF&oaR#h97-?V_Gu)>5OGIl825Ax4CoPKT<uFy`0@^%0uhZ$Yd(FQ8l*StADpDG3
za__$zZ62#E8y3F*f`?OIJ;B9B25V&af!%X=?Gdv!kxv=pV!iKvzAAW)Sc7UA_1S}j
zHwOTeA|Cx9jJ8l$6s%TSL}ft?T)Fwm1fZ3V&us-kVCR)+&k7IN1<li`;R(Tg$IMc`
zTT-LYW2p&v61M(>F^CMW+xPR8vk$Y_^HNO0-r}Cm;t#F#3}{o^XXSXTJbD++hOk3@
zca}q>UkAYiq~?H^4i*KD2Ut5D>va5k(c!)wIxWBVys;p{#En^OC_Dbq%xGlL!0@}a
z+24&3fBWOV8%|oXX|uqSblBxMRLp0Q#Uu%T(#WJI4^2|>!oLn8TAPYli0=nOZ@|%L
zQ>OPkWtnAe*I8~wOOtaw?oDX6J*(Mo_Ma~e;1ZCKD)jkzXuC8MX}j6Ct-TBXk0(Lv
zW#rlxX>_&{tr_%8xaJozm3uDEmWkR2MrqK25n;(7@ncEWDplc0O4e2l>DUpy>9}^w
zb<C#}y(#2Mp*wl=UEF>o?}iUIs00j$cMFC&q$29mqUt>;shv8BjZ9CY;u)>b4y;{^
z8fTMr%}=KkuEeiF(6sb%jo_J$gBik7BR{)$Ll3s1Ms5N$bY8jhfhY^eeL;`2Se$d0
z5aaGea97Z;bU_n&oiSY<Rv8{_7n{a6Wkq5peU5bq8lFwzipwclK$7hs4{&YKHq&S{
zq6NNbip2kEngr!5&-H^zX`Qe<>GRue+ikX<aaE6x+}A$lM<O8xdNRP>^9|7jsKCMq
z%x2%(bzF)#r)$!JkHN&9%#~4U@yQe(z&&(1sU?pV^N8n3lAgW`9?m$K!$j-MDx2y4
zft9m*JBsdsJ%TTLhflAAJBrO1i^3mW0YA2w1s6Qw+bJC0fL`{O+}ImqPP~&53<MWx
z^nat_L`1>y&r?pB4uJZIV+4pf^d86^Zl+#im>jkw;0-Z*9SO;{z0iBk`3LY4rzsJa
zCNZVAHf?I~rbf^Ao1I-F>!xxNlOwKXcoydm1@UIeUsRVER$)hkr87GsCepoiCl9PX
z9W=ZBaPsr{&H42&=hruBOgp}~xq5%`@s^Lo9{+su<Hc#_32k_Oa((*K?bXT0pKc0q
z_`4DO)=o_-*82^bI$=vemLD-Y2vwCna%R$U4rJ?GqpsDo!?68~<6Tcq-;29|?`DYx
zcVw`poJ_?=7@9$Q*Lm4@l42RwrB1G#_29r+9>bqv4Wh7#O6Gt_0v@1-I6~oY6p(S`
z55uA7a_#I>69xomYr@cTx>na~J!8h@CKH7Guj|Ia$A&xcjo=R>2tub5eiL!<+2Hgf
z2woMSo`$7oIvr~Q-HS;tj?3cbzmd8!3|``i5;>$F(C~FsY4{|ZMdKtZ@g9TKxjSnv
zW_=A>(6-!8&-R|w<B3;bRw`blcSY6fQ$c2gAOx$uv2rcGtArn+=HJqodEERYSbk?w
z@*mDWX5!?zW`%{yFJaYk(eXIchVk+Gpm=uVl7Q7*K)iNJo<H(t=6!$*j<Iper-bJ0
zLX;z9b5ZWgraX)1>r4sFbyGI8Q?ifolN<jsoXruBXKn~gS^1W$rsVxqQNWI7O2#^f
z8P}hZ^;af0XlbTA2ks=9aDyqae<AEX7db9Zc@bZO82kVye5Dv`bt(cjK;`WG`by;F
z7J=Yfg;zJ9f*+8=t1}U2NS!L;ZXxKoNM?xtRlSzchevBzMQh(;NH?x#fu(NW(&nrk
zkVE{<>cHDb9w6px#XL3Ma17{&Qv+i=952RiXUwtY4CF?%e7`imt{5>+F9rVPo~vAg
z36$Zg_zZVm`Q<r}rUq}gW9cQmHP=<a!j<#h?FXY`FrM%>gBB>8fDpm5v&xqmQ;QOV
zr3NKQQ{^a_tFLSnHbx@Fh#tvk@@1M6($El-aeEWXqV47^!!<m9n=p|3kEX?A!zN-E
zFv5q&gm_5_NhNKgZDxT7h_j8)wK$OR%v&iycaLWjc$6h)6k24@sKf>3&S=t9IZF17
z7DvgQQPCqAP3FFGOLzyLXq6S<6!<HbbmfpzC9ITJWr=A~PR@0q5o7ZKizr`;He#o1
z0^mcypHe?-#3Dc*xVM=@3qz$!JOx1&A*Q8hzo3vV?@$Truw(S{<M~SH^{g&T&Q_0y
ze~<_xxhYRqiRS<pnt_1PeMz{KKpKSW4I2bmYWUC9;33Atpm$T?T*){vV2Z;PRdo^-
zDaBD$e33bpk}e_M<^`?Q<f>gwoQhkk30J$CSIAtNS;fIoNv>PWDuykF`sey%j~b_;
ztA~R*Pa=D%!@=Gr{0Pm*!}sko-ed{lu0~3ih+lN_to%iFb_^}?BBDf;2E)?p>_`6A
zGP#`cKDZ08*-M(o|F@%u>}ccRgvvEyu4Ly<U`(DMt3bcmdW%HlIT35rB@ndGKVU%4
zXg(;Xy0F}-anGdOeY1}xiLlV;6Not$Vn`G(jFnO;QK+J9I75`KT-oet7SnOO8cB=4
z?>~tahZk6%8C%izc&fq?`n>@JC6nVEfDDn-u4!anl~5|z`jI4CR*R#?dr+x>)zRQ>
zM0E~YCL?zaIS`r4h8gGRo8y9^F(b@U0h`zRN_ld5%tNr@iTu;?eBpg2z>-r6Qkh0`
zo;Kja$;U<rr}G}GPtejCJJsZEU=%ED;hN!L5!FZ1TSQ}Wq%$aOj#{LW4V`(!YCmV`
zfl6`)m*kj%hWs0GC(+m)!6gMqwL~y*?+o5rVew4b&$3Mo`1|oqkNedGma8aI6<$F{
zr&jn$3XRt&hrh`yCSETlpC{4%<W0emaut0^9+>3OGVRLBz?3T(89Og4N)m>iHZOQp
zSbL(#3XCB@gJ#Iq?v?ItOmNe9TqWNQSSzjXku;mA66nL>gpU(w^aA{JsnL)p(<T+n
zDA)0meA?E4vJI>wCRiL!fRD>?CX$vB6$?AykBUl&XjW7ZuxFC+o}nLu2t>G<Cl}|S
zYPh1RzfMu?@8<8-!T@NGE(}o6!<G!d>5dW#=3|9@|5gftdI0{SbO5@1!Ax>+a-5_D
zq=ud3s_IP3YMwmi=7A@Qc_d}`l6geS0?Yb#IAb1D$K$+4q*_zbMS4DK+7nC1|IY|$
z3+fS$kri=)F-&m@SjN)6Lgq>!t4Xsev@1!wgCWQ#jHP%<rY^unK3skzF~SFXGR0Wr
z4y~%KC(e`Lp2Rb+;X_+C1S{pnc%d=UR~kOoF<_izV;_Nji=ACDG;m{jkLf$L<Q{gz
zpu3=__P>99uH5qZ9USObHj&_ANnLM&bIue8DrcPoI@&U>nYH@!GR!J9b~efFaL#HD
z%LF;)STomI(U!Q3_2k1pH6hdJna-0+QowfQ5<=_fS6Y2asFb%ew9)Y}I&<g;8ZvM=
zs;E3y^;@=Bb$ncWo8J0Z#;nMhq<_}oO5jq?OC^W$!^4~viiHb!o`#{s_4yz4Rn4qc
zfhH7Q&(hcOa95w_n$hr$elYPich;%TC7tLP9#-gYnBW8-V;A}qf1z1Vs3*;_!qt+S
zvT?I=%CdBVtRp^aT$A2QvnF#L0`EZGMkI=zA?<pUlOriMz`D)&18KK6xb)!`LC!+0
zR7*b2HsYglVChq@IqY;Xn~qB4QvMC_gO#ZDo-eP$<G-kW!VfU40?VVa+&oK+{X88M
z>$QJMUlwRb36jWuq_-BQPH)E<X($n6x$f;)tBeDpcAQ}~5&@R88pm4I*)PM{aX}?e
zLr;w3{Pl&I>4(QzW~hcf8plP8drh*#Jhg?pEbmjn=O^(o-m`*ilVnoaEzUR>D^kx(
z*i)oEPZa?)Wmz(mu|LVX$Cf0X6Q$*8N#Oj>L0C(~!k^E6Zk(T8lZ2H{vPEI^U6d52
z=HEn1lKFcBeMG(tgZrK7TTee-XH=~sy^6GqWop+fsm?nel}39?(-cZ`B4jHEAE|;j
z<TVsyagvB5?L3?fzT%&bPN)p{5gO%GUZS(*!i?BFYy;C9hStBRVp<I<Vlao02N4gi
zZ5Ms!G4ZQJwk+GIpVCPcu{BNA0w$3pBW<^c>W)_NX~O3v4Z;mi@^^5)&3GN@5Cd(&
z^aIgs?cklMia4c&s7~M#MfK*GET)(PY%rfs<Cl#FO`=er3*u0R%cnt8iZn#hp@tw#
z^3dM{gB~L=NbEFj-}CiVSgD+(*s6RnwH=Bu+Iw<cN4nMT$E6;4{Q5Z%cR6`$5WJ}j
z-bQ3<bseTS0R0CeGwq{?<m~HMi0T0J2F&?*?C73mI#8KcST=qzn?<vwqld70qMkN&
zITyVYUMKlMxMDU5$C15HKBYWBUMX5Y9k!|iK^*=OS?M<7;uLWPC!QFCq#APHV{X!$
z=py09n2v1eZIrNYe-fG_xaQ28T5=85$mu9r__X%oXc$ar;V_X+^fqlJ3NWsglXG91
zt<zL&&mdO?6Ya(GH2Ef$_{r?Z7JT{6wO<()A*aaFIog&aD=z51mK^oxL>}G`!@zs+
zMgghNEK4lCJV;b}y}Q`Gk?49DN&9HhJDQ!F=j}Va{P6bTN3MV<s5InC3fWA4SC=;*
zKV6>}I0Ai-iw_^qf4n~Vcyak5nXW8tpOmpHn+33%<nl|k4e*c6Tu75TVLg`DiC|-%
zQTksRftL4^+7}t)1|bFE;dK!k3!1#S;Rk>KnVN`Y6igQXH!Y;_bozW<aR`MnU#w3Q
zQc$b&zpK!9!%*GfO^RQV-lBA4w8U~qTN~KgfYt`KHf$$og}cecOf}K8s4~OK<Btdq
zDN@rKQRO_8pVF-4xo5m6c&76t|0JKXT}89sP#0(085AO;a!yVZ{@S-)OcB>a*p~;u
z@Q@^%#g0o-VUgRp>Aq;GSK67|9{Iq$R)QFT7{nU{-e>v{j?yHcWz{@)<`cjcnDGV!
zu_nQY;3Qbjf;Cwu_RnjFzG*qnIGZUo9%C^Irqo_e0`U7_w&M}YOhBoC;q>}u%lgxj
zfE2%J5L|Sxh;ZbNR!RaOYm0s!PS8R1<Ssg94rP@|bPsI}F?N+Sh&9go<5OwvnCh3(
z{^T`jn@kt;7HGkMX>&5~o1y_@K@=@4$Kg$2l2MRqgnoe!LXu~>gaC}Hae(C!rCkt0
zW|qoHlOIUgnJa#e1ti2>oKVl;&G;g|AuDo3=~fgvbeCI6Kvex<hRZH>ExT5Es;@A5
znQPfis+!7I#mQ%pH|?O=ai4K<n)lHiIe{bkFdup`k<Kh<)%9dH!jMhg(O?~ocGK)Q
zy`7NRTY&6RfU_!}!<yV)bF94Zvw~w{vlPN6lhLw`QYyPlxJ<wUN&~xv*_@bP+&5O1
zZ^;n=k$m9|Fh6vTt$NbheRPMFIIZL3<dx9y_n7;h6?wTea!U7|o*i1PCoSbS9ZqRv
zk=k)fdbt4&V?+saXuWJAk>XT~K0r$KiW52dcS_@|!0t8sf}pgWj??YSv<ilz^yPIt
zpGA|qH|fzyuqGyzt64A}F2+?-IX!(_ecj-V(M3v}^OTF`%VFus@$02y((VY_f}tZH
z7dSw`!FVwX0VV2;D~KsGDYBerhq*q#`AAN#E?zQiMNK3@uhH~o@So2CmZ|b5wCWo>
z@--rs$g^j&=&*Dx6?B-u(p3%Kpqh43sd|&1b@FyNg42U&2&~T3#ZCA!bScoOhX--{
z(U;&AeTvqHcs|71P>7-gzGcjGU<6|x&bV9I&_ma2=4mz?jz)fTKY{Im0k{t?53I&M
z!i5cni*Xz1JXQ;7;y6Nz#t=2exfo(K>p;y(CGS96^oy+(!(nTMu#FnY`@EL=yVgiB
z_v+O;h+BYKj8%sPp~mGUDL;(BHcWhw-lTJgI|S@kOle31`Ni3s3LvaxSY3HLhEYU`
z)7RgTSh=GS-tp;`M2X^WM<@S<yZUo98N%23?TEI8E&Ujbr)WI5@HxR?hu=s*=12Qi
zz9>p5{&x(L=-8z_gqO}82q=p_b<Rm}sc|x$j(B|!<APrrh8QYt^hZ&@F$S6#%o=RS
zhS<D1qaR;?n;g~tLURAam45V+9Kp9&wGgYvCV&3|G>_t9<wbI1r5p63`nzfbo}Tal
zM-ba`lxy}i^Y_>6DF4hgrlb-_OZKOJnO+$e#XGf;xbiiCth=ZkC;)ooPKUpwyJ4HQ
zZI~ARZ#oOmN3+-i4-VZHAaEEnoLn37_PnUpUZfwgeiL|$8C*08lrL($_Y3hkjTbd~
zzwy|m+@52L3*V;0zNo^#;+`Mzx?sZ~2JrH`2k()WnGGq2j`08OpJHH;VUP0%HpMgn
z;48FyL_p)H+kD!g9)G!eMWn%xmG~+qV@S#-!Q_QNN@r8JQ;|jjt{RMd&M5=KuYG~(
z=@`?|A|^5cCzQ91hd>wRY2M))h65W(IB-phuw%iPHPR1U_!2mo2a^nG&BH3Cq$>4#
zViK#rqS_|p^Ww8$3PN=-@nGkVZyo?0$MwrTa-e_zoi$5!N#$+%nY$PRLlcXgR<z^z
zdkn~1H{mKl-cY^k$(0SQIH^L)i-kHcH&@ALrxfHB21v2tUnRaj$3Uyc=s5R)ucy;!
zHix%dyYh;Nyrcm5*SdV>6hs1WhuV}?WF|TCYVyLki(=PX(f3re&<%lc_Sjn-@FkQ|
z1s^9Jx*6D>D6vtR|AzBHiV-AoljEM$jdf)ER`6PkTo<~2RRHfU=7VUa173hNi6Va#
zj6Fa_{6!5G+)Tq!0Veu%WpMaOTL#Zc+k}(`8z%>O3D}+&dZ{{?YU3U(tNXX98^_oN
zuWj`Z!0CU+5fs-v<tW%sLom$^CitwjBfdmSblbv&D*73ZPClHefdmW%B0O}V(ccyC
zi&t^lQ^vxgN>w=>?I_Ov87HE}6>C<#2{@@X_doy=isS<UhwHEp1e#xi{s7tA!+}Ur
z-yaA>%*1dYz@&ko2Lh1Vm+mlt<9rs}O{>9^u#Os_6i<II-X7(0m-JWKS6VKxY2IgG
zN#E%i7SZGvHNTYbAN+lmUlN@^2+2y-6JM&kEoFD4F8rh1P-$5LwuzjyqTvSorRe%j
z&t4u$bxi5_c^MMh+s350WIp!QEb<p#8FcxEc_4?IcU^-g{)>FV_=yq-vyD72Kx79X
zPM|A_^G(BaRO0;6C}N5g<^IzN4benizfQ`QccpNcN;v)1Ph{@Q=o#Ik>7qXx#)DvX
zwsIFqPWx#-rcCeaX`&5AC#aXHn(b;7xFE03f)JH!5tY%yXar(7%F+D*BzzQ`W01l}
z_ypezjD%sPZ+@G=;J+<U+d{7CcgeINuU#^L(T|ntF(uzTp9O(Xg^68`8_9zIYMXzx
zyRhiL+Pww{zz9DsDz1-xnqh&hh(3DVaNp#C{74N|W6T;BD4=scyY+G05Na;5j+n+S
zFqR%>p?`7H22O&`5opJvTNE)5yPHHOJ}qwYxVX3V1X5H77a_}r{n0eB`~ig^*>P0L
zD0KMDnI@KW?tp*r4r{72WqU1gb>^lu<~WE7l+;`x7pf$4*lfVH*#lLMU!H)NX&W&r
z$O0d=`Ei~6uo#Z!nD7oy#c70YjB%WL<dC<BtyK5JEC~jgMC9#a!U|8HOs8lp<W@r1
zy;<;&#SmSwlg$zbn|k`BqFv(XnCwf1Z#9J^nglG19DcC}^iN9n1@LTAO>u<Jv>4&f
z(NJMmNt9XzTgs`tq2;EHd(JD@uu6Ms<fvoWT--k~ZK4#fyahz5))Lh?H5stal!74X
z%K>!V0)!5)0RMSLftReasIwbIcd<^@rdR`?4?Cn<!y?r5EQgB`TA%<DxF3>rG}!k@
zzdwv=(9;ov1RNJWUnD-?&G3$<Ap|@u;@AoSwh<~*Wb9+-KKWpb<|LbaO1*etrM#I(
zLocWk6C;!!+(B%i^cYgjX(bMrwdeZ$<m~73!db4$pYt@DJ}^%>HuS|A-B<n>VB;*9
z<B0UX7}h$0PvHfbF_2pFb)98U9l_V;k&C;_#oggz!QF!E#R=~2?!kfuw-7wIb0N3~
z3+}GL-F<oA{cr77?e0uX&ph4doUZxUUB5o(acLgMTt|+!bYpJV4rB5Tt@9vT_|N(5
z7N2<X0@_o1R@OD|vWn1a?GJ{QBu0Oe)vg<6S!%enUjjOZbPXCSMy6o3E_{41*A7Cs
zOkU;XgI{pde+94J@u81I_rRX=e(npA-?Xz@BqtZBovm;<WkS#I3I`0t^BA$-onGTo
zh&X?zy$orf{anpHMAPY=PrKmsJ<|+MbZW`rH*EU#r{&i|-z6#2dogR~?|Y9y849Gm
zodbU4amDt8GpgwCVrGAwWP_vM{GrUe^kzgiC!jqpKEDMvWKrbfsk`gB1Yi^w{5I%m
zPa1T0_*&1x!-O})%owi?CLEn9!|ShLb#qfX$2Pp0N8YR<qBE?xVAZ-g!fS^ER_NWT
za_}5scnq$lMh(3nVG}4=Fi#DqEKMob(A@UumF)cak~R&v(Hxau?YVH(Gt=#*#B2i{
zQ~CdRs(Rr&w5#eAx~;v^=rp!FKW=I|Zfe%8`AEjwaevF(bnM{RuwLTZ@wcO9VXAsz
z$+9Efw_|*LVP(3yx#_R3{?YBnS?_g-XUD0-{0g|H`NPSx@%YrfVg1AIM@LO_g`tyI
z_O0jK@#$GWhw!Pd-%4fkFC!<XkC_yO`%D}MTr!B$`c~hw6f!DLTUbc5n}S3}r@8dz
z!8vKgCQX&E*LrEWOZAX#2n$-9#p%zD`Ww{rCcHluHacu}??UOtR;`s)Eo=&Xp1RNb
zZ7jk&77hbGy2SIN%cAENhnehl%x9z1wO{7n9@!Npf_3#>jMF0E8tx{-bbaZ@mSa#F
zxa~7OrW~8UHn{`)XH;$VoxEO~Kyon}nz#Gx(a0^&e_}K!;2N#iw7WCa{NF>j{uv#3
z<d$|19DW)iu`7yG=6ddZ3+z4=9?6;uS363Y3r8k<zx2ziy&wkqZL2&NI>MEvzq3s*
z$J173*}Twj!59@fXC;X34SNF1d(|NwM<#fqYl3Hx#!*AbVD<kV+@AR`p8qgj`uyL{
z^2&nxj<O%Y`sr?KWA+@GxKHhW8=kr@BxcO^F{QPYwKq2G-ThYpo&Oo2VESwkRb#@c
zl9JH|9_&J#Eid1u?}}vCMCw#*R(&^asOx)YOB&E*X*`#7KW?Jyi*HBj@gHTO>&t6L
z>hK?Bqw5Q{BenRCa?thlv?DeAk8;uVO|v7_`j7I^^@Z4xD*Z?K==#pvkxKtZ1uXfV
z*^vr=sMKw<^VRgK{mywc4Lf)+tIvlrELdGuZY$Psau^A)ar;w=Bi5d#;LbKSzr1MU
zO`lh@clVK8U`#yyO<lGivQJm2%k;9!>MY0iZlz?6cP!21b~h1mthh<NkEZ;A;h2=&
z=Z0P-DE+C}CqCY_^C6IX@TN%C$LX0mmk}EMi{nJRR49jOR8HU{K7r81m0X8x(D3P8
z^>hlB;bi24Cm+{ZTA?-QC)+>wPn~aj$L|QL3a|iNC@3gIC@k#;1FR01{sAf|D1y3=
z=cCum)xyNxLd!<V!qUdk#@)urk<Hf4$?;U!&TR#fw(-o&v3@FLEB*BSro_Xsb!S;Q
z+rbDZ_^Bb;+?NtN2{Rd>kO-b_%Us&17j+04&UL$>U>LS>W!B4eciJC>07AQae7Y_Y
z*a=r2wSSCBjeDUljaODH1hll-iA1{@U6c(;tNnRtF2QywaDD!<zV_{YC#<xxzZmy=
zZAbn>uie|5impDfNmKfzW!UzyStzhV>yllN+J7#Vz=n>=f6gpZQ@-LeDf!fF55V%I
zxRhHl%uKL`b0e*N`**1cD(VA*Kg>_s@{FOfcc94kr{b45ZAO3ItxSCC`+*F*%mZTv
z|1{(un)Q{Z3hzwUj5AuU?@b5_1N)bn^9`1()@nV+wg5DkuXo08apRkkx>5E7c>t8v
zfT9xl^IW&g!*DCA`Sh6uL3_3tUwF5T*Ajn(pz-jWaohL%`<ibH1KMAN)tdNTj+pOQ
za12nu(b1(kRXV~r_67Bde=R^3W+1gx<N8US3C<Tl*8-EBGkYZJ{?o?$8~I(%=E7rA
zhcDaM>I2iO<tD@y;&Z!xB#+qK!zHL&JIs!8*D3UH_wdk@j<9jMtUU?b79!pDC1gAB
zr!!vT|I&@WSn*BbFA80gWAE1sly1q6iqmgvy*zQeVUd-%T7RL>osSVo%QE$6qf#rn
zN3~7xcgl^$Pf|Ce+M<@p$zaSELow(~$dWU|&=m#oTIa`92FznN=DuMmY~f;qOyTvj
zW3sib=u&xLpNzw-Qim*(F?1=9ewVWqAdzraK*t1M&V?GvkLQx{+@4TOQ-zp)UYcr%
z6tEQK=ByxMK}mSfDZU7wzfe$%DvC%I5zFc!T7rtV9HIg<+~qN1FORC}auSAHqtya*
zw6+&ydQa-a2XTztUgi}`Op@WJ$p~RllzcmwF3gY3BO>cnmGGbn$Gky+_CQ0alZu+<
zi3!_9(ZmW}vdw_-Z%+B<!MkFmvZ%wDfd)}<FM<R+nd$@=E5peRSTh9?eHk!1M%D)C
z?T19MV7Q6JP3XLH=WzB)s4%1x{G$u7kONdleENb_Bw$n!j;*QGCIJe)>y6W{QBYXs
zS9)1l$wG?!0-A{tYl)@)587qz%}EVH_0-f^DjnSX)govHdSoN?mnAX`A)={h8zgs`
z$+d)~%p81obtW<UFkvzY*4#cO3oNg?AHROHc&;rP4s5AWY=vbIrJ*S_UDIX)Xb{HX
zyKs^}Ych_7B0<|C<&jxa9<1#DlBG{j(XO>dT=|XWR^ck%cT$9*f=F}6F7_-x%SZ4!
z%e6~VE(Z_^_((osxna{ih}`YZi+Ray8T4mj&~Iby^ZB6j(8cLSq`i7s&ieh4l^7iu
z#y}K_B`UNpQB`PeORY8xE9X?9I|5`{`o4>p=%O|nF6_i<BGMW5^L>_rI<x-WT8j3R
z0D<qZLN-(zZuGm?Wu5I2&#Ki|ucQ-CRQI8`Z&l;lx(|`$cOTruu(Q?di1J#j<kphB
z)&n|OWU^d;gS;UOkS6+-iLhJ3Vw17fRT4L$<ErlX3$XpFeBb-7c9KEimQDR98^3eR
z+H{8>!FWwM(yF$~d}fI9$x$7}nuP@H_wie0j<dM;*8r$;MOuH-jNs;LTn?*4x7jRn
z<Y`!sq@U(7)>|cFxqnK6*C_afU|{QE$_U%1$NDG?7N4Cz38r_01~Z)nrkADLxL)ei
zm43Io#>WgD3YKA6ZH>0thU#`A1}*dJzm8H$<V8}JZCjd{CBz#&-6B+!5fmRBC6Wd0
z6f%i2(W-tiEUUauRA2htKX9Hy-Ip0$2?#gdkw&3G!`$V;X(9ONQCX_uS{AI$MIF*B
z+M1=n)i}Hv)YdTlHb;Ro(3p!RkOxFHTU~c<{N&#-6LMaYH#BSKY+9n~xAu5>(;gO<
z2erWEOWICSYl5jx(Joz5s1H3K#FGC4WVbNqIe$j*L-3ngZ=PCzW7Ro5ijJ=qX?y%b
zx>7gdR*S35q?HSWf`MS=&%#O4fe$MdCfBcMQ3j$LKTsvKI^Jk=zhZ1>la2<ZQ^;@$
z*=d<W69aVeMA6XP4MWZ}kDF+yrn@dt<1^z~_xHN<HoGzVHo*j2PG~y{BqFAstBGsx
z>o!)tsui*vW)@vx*YF;L0TBGX2o7VYa&hJB;Mbyo?(OlapmyGizz(+u-~IWhEe>DX
ze#ee=qK@_a)XMj}SJsRtB?A5*|5|!cVXT|%=?P7pkK^{RjSW+}`e+i(AOeSa06pwK
zTNy5c8ZK;hdV`VhNoNk@Jh+AmvA(YbcZGWG73s7?sr}CAVL?#nL3J<TOmV0NX&8J&
zo!$A(J733Jroy{yWc}!iPnZS-E#J$C(}Im6>-WmlEM@Z0ryJ%8#dC8^J-NkMpOImk
zc)kJ-y$d#j31pZJ^ms0g=1+d`a_;3_ZxP4VPi9eB9}EhTa&%z49U*on2=pVS1=MXE
zQ*Hz2{mBZhV%9AQqBbd1iCVvawXKs%lJdVHaPx5tzP5fYrj^_{^lkGzL!^&i?N_+&
z+@OfUa1{CBj@n%@RK#_lB1enxu0l($Li^@r#qyF1ZnBSe$16^C5@+={M{vhYs>jZY
zg|g*qx?MCQFkSQQvqJbmu=Yn;6DtG%ye6f}j^N%#eXiy(>oMGD3&)WbR#@uKh@v^|
z^r!4l%ZNg`3K@)q%UMWn8(=7DR;FMO&+?*;MXazZhG#io2Y(vJr5TgHybWaDfz?|D
z+|)_3!eY_wt-*4&rrP<7%#YBYpiMRo;5SeI<0l3P6gp=$f&KLZE&XR(=m<EyJ#gu`
z^tA7|>*(dMtiq*R@rc1`jZC<;Q1fn?p%u^U4uGCI=U*B31(y*(!&O5~ro@FEEGp`U
zSfs}YF8h7o3|qu*(P8|6sy-H#O9gsry5$P%K=h;{iVce#pv^dRMTQs2(4Zp!#tmni
zs~fadGx#MEU%&WR4#k9ihPs3<*&3b!9wo;m79(*(0Q+2Cm$g9CHf7)Dc!dqXGVG7$
ziuzhH_!kWZEm4#23xj`BIn%!Mnh3HYc|fl5>m1CO&gOFPBekdJord`={5$bt_&3E`
zXy2Kw{MeFGpSA9Z*f0;pHx+QS6z;I8lw?Nt49LjGIH^|pK|+hx9?g=z>t#~#Xle71
zXvJc_2C8e0ga#y}HC(r6?`Td5_}$_iSI6@dle2~m^(CV@ysfaA#@J@t7`@WRcoRwP
zJIW@bDN=lLtcvW(!{av`I%f(09HHO%<nXKg5|*J0#`y^>Ozmc)KXEv0AzjU%NPJX8
zk1Xg_#uq7U%41$;;n;5#=cvyk*|g}A;Uobt2V|t8^^2RqQO7+DAuKkJ551`IflyMI
zb48a*-K{_IB>Hyf#`=SWjDMDUoV0WdoD?NpFx!R~J)|%MP0wpDsxMv7G`Pi54UCRC
zWxle$zyAAa9!Xw9`{s5s2{*+%ing%KKyLJQ>nv&IegdyXjpH1R2@Ivc%Wd2L5g0!g
zh4+}qb08X~mm1u)1UInko+`yiVK_|t#<)H#z@&+cYNCgw9uG$hc;MuSQ`f`;N%%=0
zR1_bJMtJ`$lJPr#(BpZsUTc0YBJMa-3X+R6YHLx^D16O=RLgiZ5U#fB%;gy}UvWy#
zJ_a-_N>g?yt!93{F9J3jzvOuAXwF)%&T|3k<CEaSHQ$`rCw7D$rAzLAmLa3lUbVe^
zt(OW!a`WLWR}jp*&r=|;r#Fqq#*_*OwZUm>g&IbxY{FUPT}*S7DStS%mn|2fsj>-0
zKK75uVnPf~fP$W^{~C%z5B?nu%17u&zwjgkgOLM=-QrWM>0?z9QgCpVK9%E5S8+#c
z22_xtuL_rvMH*uEbYjNl)%vNbf&1H&nnu4ZvLHKr2JutA8DqilS7bpEv(jg|=bO4f
zhj9I5jAVzR%4VnfMq?+I@BR3)^~hM_xu<SdID6T91QKaDxE-g2zP&}aZrhKl@x`0n
zE&8h^pJ9b}S$xBse6*OQ`p;!@qDgIt*##*%83|rTD0xO#3IwVpo2=ZjcD=BT(UnBq
z)OY1xo+Jm9V^g&?5ulFi8@}geYyIQb5e}wX3LQqWL#_o6DY-k)xU^v;d0X25hz3Xz
zLNP>surMV{`={AGBCyI)Q4RX=D+sxVcVv-185dK43nW#ekb#WJFnB{AA@FQ4W-v-r
zuvvXSbFRGVEWe|ym-o4c$;b~8j=iDQPfu7iUXJjAgqO=#GW#>)yBRSsrvm-x2q=6O
znsFh(M0T26WuU4X^JJD=(!ly3dn|U&*s2i_z4bVcTP4k|X}1}&M*zdM5;=n#as)kf
zUoxLF+MQzzc0_u{ZM_Zd)4!6uL}_SbfOVG#=cyelXJTiDrMxA-IKmItyQN;AR@89r
zl7qpq<@`aTrUvSALa!u=cW4IJIO|{BFGwB`CM=6nwFy3`YP5>CX#}wFKRtvuDXNTq
zA1028#@?5CDy{3k+Y4Vl{y=HBSS&n$v24y*92&WaPl<3qpH2&D6dd)!vA<f@R-eb>
z?C$#qN_XT+wubeIhgnPiFN&2}tpXA~)H!CmwLF+=0`^;4@+mn9B4I^vM;=y;on&KM
z0L5~2KDYV%Zk7x(grjX#y>qeF$Jy)nVXr0J?FKj}x?eho;EcH(0{w`^(A)GC0aVP7
z7yHmdBOsmxA`p&V($!Gn2*XGWHx(>Zw}T@@t|yp6;9DU48=5HxbpHyQkZqzn6srM}
z4ONG@Oi_1hjn#CqNj*bkrKm$f^u#DYy<#H~m!~ULJK3q}hK*qjKSMuz^58CZzYt{}
zU~ei6|KUu&HI<73XBl|!KjbBG!y*4hx#>TVp0YJi22pCEjpm5CLS;)jS#%Gn7Y-5%
zlWPM6oH?mgN+64<ifK57EMlaytGFkVK-Ii##ObE|L$83mLlgo(^I-4vT@du&`4bG@
z>VJ9UPWaMYZHx>tJ=6NEVKfwrn03*!E)m0hTAJW1?8@FU4l@#e{})hwkbpNdWWfzp
z+|0CIj@UesOv7U=_wg~*n9W&p{nBZcM}^IplP8cls*qTDjQM8S+PsmUA*6)&dfC}I
zs0M>Zh&g1MI(E~uT~hcr>)pL0Jbc8z!cG{NkGjMtbYoeiAG?@@Kb5t{8CAOf=)$P2
z6PKo>nS77=MYpU{QWqeC01GGDuO~$VOK_F%v-S04iz{h|>k*$WKUh#kjL~XC(Ivoo
zQGo)+E8GdDGq`i0bMibwiWFuSijD8@Ea6Qf8=_*I3<5#|%XVW6E^W!b$VP!kCTp~|
zr9ysVTfPb;0$W~q!zmg^!j#@<tU?CIGj4=r_xlVLi%@EPnl2IZV_L^8uU+>8G_$2N
z7@Sd^f6YibnxF8PRBSn2nx;j9JtV{qavE_49-ei^_&yfSOo6H-3S6l)1{&Dtgk&Um
z{Y7Ps1-)+lUA9OQ0$8AI<Zwqp9PGmAYK$J=XqX)R!32a6wt#uq?CyQwAINDW4EV$V
zRVKt=Lz+fRO^@%R*72uYaB8{CIFqyMI8{nWf|U`Vvq&$6Cqip9QxV2^(2!x}idjh=
zFYa5E0gv$m9n-XH%%Z4~@mgw03ouaq&`)vGmz$b8dj%K2JXV1gj^3Gq!z$+Tw~fiI
z6B?)LIGO$B(?wIdPB>3SSpBbtpO}e+F^o@}iJxeMrq(!WIn$ZSVY;{&b;plr`{jn&
z;2{hd0Qi`R<$4VzBMJY{5_dVd(JXFLUuH=Jee=K991~k6dgFini!7ZwkvXuY!}y%N
zRWwWA4KL2Hgq9}tQAe|p(I*aZSz&iaI>cEk^`#08X^9Efj7MKOYT2G;ANEzvd@Yco
z9|S&MKR)Tmo?8w907=@u?~mX|ZTwlDp#*;7$-jib1VNp7Psu33%f4MdYtoCxE-CDu
zD!*xH!nrx2EyYgKOy@NhoFlxc_-xJFLguf8vC(z%cFEAm<ooOY9MCzh8ilg`I-guf
zaL~O$?N=rqHa+NxdAtP<Zk;0NtFnEo@TywUw`e1RBT4c;C$YHJQz-(_UT>nO64rti
zQbfoaG;+r>f<h7~l53{uF!S)c2g`e6H>EMfO1KsLr_EO=hC>2=a3lKO2rDz22xSjB
zfA3MR|9iV-is3?(E)zi5>XNRJ^C>oN1><ka31F3K6L(vBfF5U-gZ5l18R?pM&GL<?
zu?<*ExOOdfpH~%_FRM|R$!Nda>S1FWT;1=r2tg*bTySx1>%Za=xmGt~n$32=ow8i*
z4vxP^=5nl*XxA%7!GI85FGRKr_xtMY283r?6LwIQ56-Y~^NMoGr<>3N2e*MZ7venF
z)b!$+p$NgeAr8oQr{|}2e?%*f^5-pvmpV;~>6Xd$Gva$PY7Ak*rNJ8N2G@*~1>TXQ
z{N)@iq?^=CczHd%drJMoWH5rP$|6X13d_V;$;O>7SV5AZg0t8oktW^*%)>kYCK7+6
zXq)8A5t_L?Z2kw&^U<2A$r2Ss*ltF4=xff#CFcE>>BV^#JR)NXldHG&g@478Gf#0E
zJ!oTY{+Ljt7Zq{Ak%)e<bys<jaw^|aQ_i`zq{H?2KGThgs<waNgU=D+e%>w8GJo~z
z#s{~VGE@;Z9&qzY61#W{n7j1hAC&+RSZNsoWIpr8g`5~FEV#k+m1t7&wb(eNo2W6N
z8MNRB&EPXeSGk*#EO#EQz3<foM8z&C{=Q}|4GCF}3E5UAKbTboUpRlHTC?IaMZ(z=
z3OmX1MR^_jEkP+*?B|hSx5hJPDr=)sOAiacc_Pwj%5lyWdFE1bDMj+My^ilR0f^SM
z^g2fD@bpI@yqR`Z#qF31oTBDg5kH7iI-}*5Ws9q1r>*R41p-*xBq-CJM1c335rEVj
zeQrJdrSb*nf~t-?&@UbeseNXP!lt*5_Awd=sKv^X3S@+MkG#+_DYRGRs%tFKF-T~o
zBf^o-+f~I1$NQzM)?rOaYJ)6PJs&LaML%sdY~|4Sxvne^b*nE*VZ}<J7%nVm|IxfZ
z5We4+S@y(4?bG6yEh~;z(8P<BVy%2nxQq&`Ox&VN@xMb|Lud@rN10D5m*Q&lm(GkP
z<Be0Z3e^)7CID_M)XAgF&%i?g@3MO>Bqma=pMFW8HGD@Z$9v3fTbJkEn@28Ve4;Pj
zTO~ja(@(MUpJ@E|T78LxO$H_P-_JfBX#au{;w}?=SaB69yjHe1<k$OGq!^wD^d4HD
zKFJS^C#M4blA+4~Y5%_I=ns5rYlwsp=-4bu2^VV$2;$*CcvsG|l|EqyzAUOPIEN^S
zXoib^M+U*zy8^J+5Ary#hNm9S0A$%_4IUdx5zlXEX5p+NkK4OMZ4K|~g3m?T>E#gJ
zo9(0|T!R-VYieth<KA{c+>iz3tXMg{z8%~`h!LbQ$+=)bO7ja#&{O^!Is};DFo@$R
zf3aIXYb;1I<Ir*u67qB2Grz4AIPYgt7BqE!XHZH!oz$dr=pTMMNnFG-GE`U%t<7s}
z98?M0hb<-A$BXJ2nSGj%8SF5n@U$IPysk|##vUt%&Lz*fvK-5CbYgRSHRS%{x&klo
zJr9>sbw0FPKS$m$5#YLxJFCP6f{SCIXGQFr%!*jrMP$h+a1N>%j;yMs0$R#E%1N_@
znugGMQ8ignhasyK8IJ96K%d975}K+Y5aJ~9m$awi(y5Ej4_#h{?THjs9lY!zw%NV9
zzC;Q4b<W@wR+k$$qdtS1B*qSCgRo(Lf~n{lO7wjGB~aho#jVwzsjW~|7TbE^gWJqt
zsIBQ!`+F_Yc7#=F@mYpQEJpjXG||MkpJV0JXzfO;#r{$P&RY#?GgWpkCM_)=mcxrV
zzU8wUj>K5qOHlQuf=x{s8>i6rY%HyrHOgx};+A8wCJ^uaKA-w8L%7??);j}m1avzR
zhCEle$Ouza&%1C7YlyG^8d@9^;;eF9|An$o+?KWpojj{!Qtyl+)5I1|^4lOgJC%NZ
zVE1zg6zVs)Z;o@I4y7?i!dl{?wal2GhP;xeCMXRXzM00IvAJo~%y3jDLmf#y6Sk4i
zAvZz5DTzJ7RrXT_UWS~a^q~jM318WmMJ9MvpjJLXSdY2Uf@*ORcFr6=^GQcaWI{8X
z@Ksdl+^Afenvh9wqv;uj3$xV@HjjW5&7}eJT^3@-_sfK(%!IPvp+^#I_uzTzVlKq+
zt81y{>ihI7Q|7VO&}DVK-k!=aZs<+izhSE9{SFL!QH83Qh!*o5HWYSoFv2t1rY)`L
zJ?*IZq;t8x)H`2h@tZi<9Kg7Q7?L_RS1pL6h8MAO`;|v5IvBSh*|GV{?iv~<Wtp7%
zm*8a#F4m#2a=Z4;2qW1h7|0LFNsa+cVVs7VN6i(fMP+u~kt`W~D7gWio1$Vh5*P$c
zDdOtFz6k4X(-BBnUV8WfWB>yMgle&|s`Wu$3@ooG3<e8@b9aY&{%!roZ&azd^BN$%
zyJ9*iS@LTW52ipY-YBNEhj+eoH0;8re)a}f7HxvlIbEd&!TZTz1+|LoR(<&ajg25l
zQUN7Q+CMw5Jgg{OW3$XRw>$%RHJdA~uMgT@R~I2dUm-#oWNxJIO&y&*u~GxT<c3=O
zy)wJ6j>kH39xx5RPoouuaI<?8@M_d|_UXqBkx)sy+l*(6Ph)C<5b+|l6vQ(Ddi7xx
z-Z<)rbAfH&7;3FIY#=d{JHTcmblii124(x#zWu^SvW&AcK6&W`G59HUse*EMjT>?6
zMhBR~;zN0TO7hu(j{=`gxjK-P&}V}Tzw@jjUX!oJqvDcZ$N#OcAexC=*%CJ(jI=T+
zr8YaXNe|wZYSdkDa}mCW`@(000%pjE1U`LNrByTs=c84rD*EkSamejuUe2~!g{{M!
z1x7TQiSIZ}8KcpU|FR|4FsV<1tj|EI)6+~{SxS?7y+atMaPZoC(Z`EbGN6Zx@CS*+
zz&<ff@BWI>MgoI5;c$?(?SZ&?8&BSP51&~Ojoy@`gbgd^c5#Bn_s`{F{h}gGgvn@P
z7h7R8;EQVX@92hy&$z!_iU-8kXr&7SdgPAjjCeW@Ik}E*H{+Z?MKjtJwbGQ!4W5&f
zHI`uB7P$RQZdodH8hz%^q<y{VdQ_#%?JCWWj9R<nDiqa;T}a9-<L@Xq{S8ES)*8A5
zF>7U>xsJobNKnd?YB+QM1&JkPF;xUFJ0tDx_nNA?!SV8@@-C`iV;_H>>Su2n)<zn+
zx`+XZfXBt-_C$x6V!fd6@)ayvV>49|*L!vV%@vnm!z0(`;Xp^4S(Wo#RVG%$xm`A~
zqmWPt`Hj)>Axtu`qnlkG&^JYk+GAEyV5i+9k?ub$4%?B2&h$NVSIgcA%)b&yrKqN$
zLCiHWKW_fbPuy=cbJ$MT7u3%3o8u$>jAA5@t}!m|Z*D6w`7abv!Gx+-VP*80V#9J=
zp(66P-*AOVP&Cow+6U67X_13hJ@d(MQ|RIJzEED%eUXTsh=cedHF=>>#gpd>-KS^Y
zGUY;WgM*|N61=id;gT2*jLXXLAJbZOM|AoNA+|7WlYA0Q!=YQkssFM~P-CEIiEY7D
z_A4+4%CZU>f$Sykp7&9l7#Lpn5sMCU*4A>np8TgEo1ekhs>}UNzBtv<+Nu$bP-4I0
za2e$mZhDc@M9@<^_imolv;o9?>(dI;7_R~cqM%RzmeheqR#&=e7UyL*IvWqd_<UJM
z_U%-$Xa?W49ewP**>x~xTVF|_Hx#GD`=BJ^%FYdz89@RqTqwkXLO#Booc00HudSPJ
z$ax`rihZ6dz`7Q#=Ny9eNi>8+k<YeAfA+6Ji3q{hmbNjsCFGx(JO?o}Vyp1i1qN=i
z@`BdaD<XNXy~SCc)xjQNnE`ao?HJfgf%rXmG%$DLUp**FiIXi6X{!ByPTS^G^s1>u
z;?^3vg~m`lE|vDrwy@Emcs+V?<Gi?<aK6VmU);>xC7Gr(!G?|a>N2D?LRQ~#rZ+?t
zt_~<=^Jo(^YCO4#lm9rx$dWVmeWFn71}7QkS^VzAdxbqc1-dxjelGl6T+eUm?e|eF
zC<#rGiZIP@5uIsKEQ=n+52<hVro(pLqt#`!?ysJr9U-}9>M83GuTwoMYknF_Y)ltn
z@lB<>>th3s5(Xn2>(oo_zdNm7z!AF|vMQarkoFPQ6fCWS=vMa~h=aHJyf(x_hfZq6
zrV&*Coyw*i=4nRXvbH&|cHrc@I>BI~F18Jw{?q-k&&7!Q(P87wLj#U{4O(aXDc%}+
zdrAue%x`E$G_G^GZhN5AXhlWHO03lkQlkcD`)-@$9kz(z$&salFdMR~L;ZlB<QI)W
zSU>+O?|WSPfDWkMA&2SkiDa(yZbCC7@Lig3-ui7in{Us&r;jRRXOcdh-7%%te)zo)
zYFz&p#7Hp7V|82HY%FgwEv20d(ee4mFgRIs1;R&>T>GMf+xf&-DeQP0cg{6aHoGEP
zTo<IsFRtTEA~sWMf=hjrf?A_FqSJe~4zgP}Q*v2@db9k_&Nyz7WocTuzJv^2yTnlS
zc}9kdzr+tUojJA`DJrB?F|lWHdSAJRtMs00ZHw>?oj#~%*dCNxfQY9`u&Y=1@^;eO
zuwd!9?=LVAKb|MqWbRO{miX01;J~0$SoP+vf#az76+>WceZ}aUz7<~e&}4Jb`QkGp
z3M?p1?y36k*;|i%xnygzsjrUZ_79%~9^{bqrVK`oe!U766pc*HjO0dP-uuFp6v)BD
zgs`B60OW8zvM8<~<e<@ll6_%3oahPLFPN4M2ivmcmB-H)ew8_$sJCdQ9(L`R#zb~&
zFMzjJm@^{Zp|P?IpNF#V0=4ifR1wZ|eFKwA5^PJP-Se8XARxvDE8f9=iWN7L_fwE7
z`lQp2P;x7*oVh_ae+~0vb>#BG>92_JYDb4vU__D<7|^q6xJZ>CayVimxwgpOKQG*a
zkA{MTglotc^v)c3^}1nphoe`i8Rp<HYf&OOivokKd61`spl;*`>K`g^Q#ez~K;C0x
zoAvcgGsyRZS}x#b(kOTTY-OT$_5=<vXU(>d`8~<CQWr0vAXLRsM%aDdeGANyvwJMC
z0#o7b0Ec}$5yajwW%FdC9~z{k0-{OX-%k2B?5uj}Nt2vYtJjbh$h>>*k_}qhyJw%0
zyoN%J&)MeA0<G-4umb)`7!Yo=H$<G>$b<n!;Q+v@J)A``U<ESLfCHcPg4DFvFvdxH
zLs+9kz0^0#f{f>{n6wjeX5gf11|0%=)N*SvcvuVUzshw#R@>DXelE1N$}poFj)X#J
zH+j=>tv%*<SIrv{D;RS#=M|A;v@SwFo&1XWI%B{tSKC)UY#ThoT%c&=O|;>NcZ)Y8
z;3L(Ff=)_&8@_JEXQN;CvQPJJ<R_AKMeb)I{P`P)-X=<@Uj=e2^eK59wh)v}csHSE
zut|p*q?s_J-;1h&6&Oc%%4N4ebfcm;%rzHGyvo~|Or(6tGwQ8d;VK+Z1HRsAg3M+$
zJG>H%36Xd-xp;jJuc-xQW_LK){!mhuhSC?Sv~(54a$_!;z@ua1t66Q$$#_`A*FxZ5
z|B=Rnt{m=$<|(5$DZ^F=R0hSdA@jVa+;s=2`M)EHek?C+MSRSheG&Rqmu4x+&Q)Wy
zk-#`c6fy=RphvtWYU15?k_?!;p8rBEdaBAw$w@ohG1iC&-BC`WmRuw~-~DEB5i)*#
zl@%zRqi)Zc4<sMOtsM^d#~B$^si}b;0m8m^<_mS(&h%8-jHJGQ@_Dv=Aa4iHQ~gTc
zX0Kc6bAA|{xm30?J4+Df>z$C7oNqsl<HrmC_sqT?bQz?o01bl+`#;&2DzgTIKIXt#
zbyR35nj0i2tPl3(e_cf(|MlfyV&kZ3;oxll!NdGF1M`2n|G&_g|Lq>~5%m89(x@uH
T!T*;b%*P%6@%Cef{%HRP^E6Ls

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index 7a365b1194c..e3a7abb909f 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.\n\n**Data connectors in this solution (install the one matching your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on **Personal (Free), Starter and Premium** tailnets.\n- **Tailscale Premium (CCF)** - Everything in Standard plus network flow logs and posture integrations. Use on **Premium and Enterprise** tailnets for full coverage.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the scopes for your tier (see the README in this solution).\n3. Copy the client ID and client secret (secret shown once).\n4. Note your tailnet name (e.g. `tailb094d7.ts.net`) from the [Keys page](https://login.tailscale.com/admin/settings/keys).\n\n**Data Connectors:** 2, **Workbooks:** 2, **Analytic Rules:** 24, **Hunting Queries:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Tailscale.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Tailscale](https://tailscale.com/) solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.\n\n**Data connectors in this solution (install the one matching your Tailscale plan):**\n- **Tailscale Standard (CCF)** - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on **Personal (Free), Starter and Premium** tailnets.\n- **Tailscale Premium (CCF)** - Everything in Standard plus network flow logs and posture integrations. Use on **Premium and Enterprise** tailnets for full coverage.\n\n**Pre-requisites:**\n1. Sign in to [Tailscale OAuth settings](https://login.tailscale.com/admin/settings/oauth)\n2. Create an OAuth client with the scopes for your tier (see the README in this solution).\n3. Copy the client ID and client secret (secret shown once).\n4. Note your tailnet name (e.g. `tailb094d7.ts.net`) from the [Keys page](https://login.tailscale.com/admin/settings/keys).\n\n**Data Connectors:** 2, **Parsers:** 2, **Workbooks:** 2, **Analytic Rules:** 24, **Hunting Queries:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index c653f22c2b6..7f968c9498c 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -347,6 +347,20 @@
     "workbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId2'))))]",
     "_workbookContentId2": "[variables('workbookContentId2')]",
     "_workbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId2'),'-', variables('workbookVersion2'))))]",
+    "parserObject1": {
+      "_parserName1": "[concat(parameters('workspace'),'/','vimNetworkSessionTailscale')]",
+      "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'vimNetworkSessionTailscale')]",
+      "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('vimNetworkSessionTailscale-Parser')))]",
+      "parserVersion1": "1.0.0",
+      "parserContentId1": "vimNetworkSessionTailscale-Parser"
+    },
+    "parserObject2": {
+      "_parserName2": "[concat(parameters('workspace'),'/','ASimNetworkSessionTailscale')]",
+      "_parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ASimNetworkSessionTailscale')]",
+      "parserTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('ASimNetworkSessionTailscale-Parser')))]",
+      "parserVersion2": "1.0.0",
+      "parserContentId2": "ASimNetworkSessionTailscale-Parser"
+    },
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
@@ -4588,14 +4602,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -4710,14 +4724,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "PT5H",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "PT5H"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -4825,14 +4839,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -4939,14 +4953,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5063,14 +5077,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5178,14 +5192,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5301,14 +5315,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5426,14 +5440,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5542,14 +5556,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5658,14 +5672,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5774,14 +5788,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -5888,14 +5902,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -6013,14 +6027,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -6138,14 +6152,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -6263,14 +6277,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -6386,14 +6400,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -6520,14 +6534,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -6663,14 +6677,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -6807,14 +6821,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -6942,14 +6956,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "5h",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "5h"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -7067,14 +7081,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -7183,14 +7197,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -7297,14 +7311,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "1d",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "1d"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -7420,14 +7434,14 @@
                   }
                 ],
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "groupByEntities": [],
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "PT6H",
-                    "enabled": true
-                  }
+                    "reopenClosedIncident": false,
+                    "groupByEntities": [],
+                    "enabled": true,
+                    "lookbackDuration": "PT6H"
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -9575,6 +9589,270 @@
         "version": "[variables('workbookVersion2')]"
       }
     },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('parserObject1').parserTemplateSpecName1]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "vimNetworkSessionTailscale Data Parser with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('parserObject1').parserVersion1]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[variables('parserObject1')._parserName1]",
+              "apiVersion": "2025-07-01",
+              "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "ASIM Network Session parser for Tailscale",
+                "category": "Microsoft Sentinel Parser",
+                "functionAlias": "vimNetworkSessionTailscale",
+                "query": "let NetworkProtocolLookup = datatable(proto_lookup: int, NetworkProtocol_lookup: string)\n[\n    1,  \"ICMP\",\n    6,  \"TCP\",\n    17, \"UDP\",\n    58, \"ICMPv6\"\n];\nlet baseEvents = Tailscale_Network_CL;\nlet virtualFlows = baseEvents\n    | where HasVirtualTraffic\n    | mv-expand t = VirtualTraffic\n    | extend NetworkSessionType = \"Virtual\", NetworkDirection = \"Local\";\nlet subnetFlows = baseEvents\n    | where HasSubnetTraffic\n    | mv-expand t = SubnetTraffic\n    | extend NetworkSessionType = \"Subnet\", NetworkDirection = \"Outbound\";\nlet exitFlows = baseEvents\n    | where HasExitTraffic\n    | mv-expand t = ExitTraffic\n    | extend NetworkSessionType = \"Exit\", NetworkDirection = \"Outbound\";\nunion virtualFlows, subnetFlows, exitFlows\n| extend\n    SrcIpAddrAndPort = tostring(t.src),\n    DstIpAddrAndPort = tostring(t.dst),\n    proto_lookup = toint(t.proto),\n    SrcBytes = tolong(t.txBytes),\n    DstBytes = tolong(t.rxBytes),\n    SrcPackets = tolong(t.txPkts),\n    DstPackets = tolong(t.rxPkts)\n| extend\n    SrcRawHost = extract(@\"^(.+):([0-9]+)$\", 1, SrcIpAddrAndPort),\n    SrcPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, SrcIpAddrAndPort)),\n    DstRawHost = extract(@\"^(.+):([0-9]+)$\", 1, DstIpAddrAndPort),\n    DstPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, DstIpAddrAndPort))\n| extend\n    SrcIpAddr = case(\n        isempty(SrcRawHost), SrcIpAddrAndPort,\n        startswith(SrcRawHost, \"[\"), substring(SrcRawHost, 1, strlen(SrcRawHost) - 2),\n        SrcRawHost\n    ),\n    DstIpAddr = case(\n        isempty(DstRawHost), DstIpAddrAndPort,\n        startswith(DstRawHost, \"[\"), substring(DstRawHost, 1, strlen(DstRawHost) - 2),\n        DstRawHost\n    )\n| lookup NetworkProtocolLookup on proto_lookup\n| extend\n    NetworkProtocol = coalesce(NetworkProtocol_lookup, tostring(proto_lookup)),\n    NetworkBytes = SrcBytes + DstBytes,\n    NetworkPackets = SrcPackets + DstPackets\n| extend\n    EventStartTime = todatetime(FlowStart),\n    EventEndTime = todatetime(FlowEnd),\n    EventProduct = \"Tailscale\",\n    EventVendor = \"Tailscale\",\n    EventSchema = \"NetworkSession\",\n    EventSchemaVersion = \"0.2.6\",\n    EventType = \"NetworkSession\",\n    EventResult = \"Success\",\n    EventCount = int(1),\n    EventSeverity = \"Informational\",\n    DvcAction = \"Allow\"\n| extend\n    SrcHostname = SrcNodeName,\n    SrcUsername = SrcUser,\n    SrcUsernameType = iff(isnotempty(SrcUser), \"Simple\", \"\"),\n    SrcDvcOs = SrcOs,\n    DstHostname = DstNodeName,\n    DstUsername = DstUser,\n    DstUsernameType = iff(isnotempty(DstUser), \"Simple\", \"\"),\n    DstDvcOs = DstOs,\n    Dvc = SrcNodeName,\n    Src = SrcIpAddr,\n    Dst = DstIpAddr,\n    IpAddr = SrcIpAddr,\n    User = SrcUser,\n    Hostname = SrcNodeName\n| project-away\n    t, NetworkProtocol_lookup, proto_lookup,\n    VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic,\n    HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic,\n    SrcAddresses, DstAddresses, SrcTags, DstTags,\n    SrcOs, DstOs, SrcUser, DstUser, SrcNodeName, DstNodeName,\n    DstCount, DstNodeId, NodeId, IsRelayed,\n    SrcIpAddrAndPort, DstIpAddrAndPort, SrcRawHost, DstRawHost,\n    FlowStart, FlowEnd,\n    TenantId, _ResourceId, Type\n",
+                "functionParameters": "",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": ""
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]",
+              "dependsOn": [
+                "[variables('parserObject1')._parserId1]"
+              ],
+              "properties": {
+                "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'vimNetworkSessionTailscale')]",
+                "contentId": "[variables('parserObject1').parserContentId1]",
+                "kind": "Parser",
+                "version": "[variables('parserObject1').parserVersion1]",
+                "source": {
+                  "name": "Tailscale (CCF)",
+                  "kind": "Solution",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Tailscale (CCF)",
+                  "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('parserObject1').parserContentId1]",
+        "contentKind": "Parser",
+        "displayName": "ASIM Network Session parser for Tailscale",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]",
+        "version": "[variables('parserObject1').parserVersion1]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
+      "apiVersion": "2025-07-01",
+      "name": "[variables('parserObject1')._parserName1]",
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "eTag": "*",
+        "displayName": "ASIM Network Session parser for Tailscale",
+        "category": "Microsoft Sentinel Parser",
+        "functionAlias": "vimNetworkSessionTailscale",
+        "query": "let NetworkProtocolLookup = datatable(proto_lookup: int, NetworkProtocol_lookup: string)\n[\n    1,  \"ICMP\",\n    6,  \"TCP\",\n    17, \"UDP\",\n    58, \"ICMPv6\"\n];\nlet baseEvents = Tailscale_Network_CL;\nlet virtualFlows = baseEvents\n    | where HasVirtualTraffic\n    | mv-expand t = VirtualTraffic\n    | extend NetworkSessionType = \"Virtual\", NetworkDirection = \"Local\";\nlet subnetFlows = baseEvents\n    | where HasSubnetTraffic\n    | mv-expand t = SubnetTraffic\n    | extend NetworkSessionType = \"Subnet\", NetworkDirection = \"Outbound\";\nlet exitFlows = baseEvents\n    | where HasExitTraffic\n    | mv-expand t = ExitTraffic\n    | extend NetworkSessionType = \"Exit\", NetworkDirection = \"Outbound\";\nunion virtualFlows, subnetFlows, exitFlows\n| extend\n    SrcIpAddrAndPort = tostring(t.src),\n    DstIpAddrAndPort = tostring(t.dst),\n    proto_lookup = toint(t.proto),\n    SrcBytes = tolong(t.txBytes),\n    DstBytes = tolong(t.rxBytes),\n    SrcPackets = tolong(t.txPkts),\n    DstPackets = tolong(t.rxPkts)\n| extend\n    SrcRawHost = extract(@\"^(.+):([0-9]+)$\", 1, SrcIpAddrAndPort),\n    SrcPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, SrcIpAddrAndPort)),\n    DstRawHost = extract(@\"^(.+):([0-9]+)$\", 1, DstIpAddrAndPort),\n    DstPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, DstIpAddrAndPort))\n| extend\n    SrcIpAddr = case(\n        isempty(SrcRawHost), SrcIpAddrAndPort,\n        startswith(SrcRawHost, \"[\"), substring(SrcRawHost, 1, strlen(SrcRawHost) - 2),\n        SrcRawHost\n    ),\n    DstIpAddr = case(\n        isempty(DstRawHost), DstIpAddrAndPort,\n        startswith(DstRawHost, \"[\"), substring(DstRawHost, 1, strlen(DstRawHost) - 2),\n        DstRawHost\n    )\n| lookup NetworkProtocolLookup on proto_lookup\n| extend\n    NetworkProtocol = coalesce(NetworkProtocol_lookup, tostring(proto_lookup)),\n    NetworkBytes = SrcBytes + DstBytes,\n    NetworkPackets = SrcPackets + DstPackets\n| extend\n    EventStartTime = todatetime(FlowStart),\n    EventEndTime = todatetime(FlowEnd),\n    EventProduct = \"Tailscale\",\n    EventVendor = \"Tailscale\",\n    EventSchema = \"NetworkSession\",\n    EventSchemaVersion = \"0.2.6\",\n    EventType = \"NetworkSession\",\n    EventResult = \"Success\",\n    EventCount = int(1),\n    EventSeverity = \"Informational\",\n    DvcAction = \"Allow\"\n| extend\n    SrcHostname = SrcNodeName,\n    SrcUsername = SrcUser,\n    SrcUsernameType = iff(isnotempty(SrcUser), \"Simple\", \"\"),\n    SrcDvcOs = SrcOs,\n    DstHostname = DstNodeName,\n    DstUsername = DstUser,\n    DstUsernameType = iff(isnotempty(DstUser), \"Simple\", \"\"),\n    DstDvcOs = DstOs,\n    Dvc = SrcNodeName,\n    Src = SrcIpAddr,\n    Dst = DstIpAddr,\n    IpAddr = SrcIpAddr,\n    User = SrcUser,\n    Hostname = SrcNodeName\n| project-away\n    t, NetworkProtocol_lookup, proto_lookup,\n    VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic,\n    HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic,\n    SrcAddresses, DstAddresses, SrcTags, DstTags,\n    SrcOs, DstOs, SrcUser, DstUser, SrcNodeName, DstNodeName,\n    DstCount, DstNodeId, NodeId, IsRelayed,\n    SrcIpAddrAndPort, DstIpAddrAndPort, SrcRawHost, DstRawHost,\n    FlowStart, FlowEnd,\n    TenantId, _ResourceId, Type\n",
+        "functionParameters": "",
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2022-01-01-preview",
+      "location": "[parameters('workspace-location')]",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]",
+      "dependsOn": [
+        "[variables('parserObject1')._parserId1]"
+      ],
+      "properties": {
+        "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'vimNetworkSessionTailscale')]",
+        "contentId": "[variables('parserObject1').parserContentId1]",
+        "kind": "Parser",
+        "version": "[variables('parserObject1').parserVersion1]",
+        "source": {
+          "kind": "Solution",
+          "name": "Tailscale (CCF)",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "noodlemctwoodle",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "Tailscale (CCF)",
+          "tier": "Community",
+          "email": "ccfconnectors.county118@passmail.com",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('parserObject2').parserTemplateSpecName2]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "ASimNetworkSessionTailscale Data Parser with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('parserObject2').parserVersion2]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[variables('parserObject2')._parserName2]",
+              "apiVersion": "2025-07-01",
+              "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "ASIM Network Session parser for Tailscale (no-prefix wrapper)",
+                "category": "Microsoft Sentinel Parser",
+                "functionAlias": "ASimNetworkSessionTailscale",
+                "query": "vimNetworkSessionTailscale\n",
+                "functionParameters": "",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": ""
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject2')._parserId2,'/'))))]",
+              "dependsOn": [
+                "[variables('parserObject2')._parserId2]"
+              ],
+              "properties": {
+                "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ASimNetworkSessionTailscale')]",
+                "contentId": "[variables('parserObject2').parserContentId2]",
+                "kind": "Parser",
+                "version": "[variables('parserObject2').parserVersion2]",
+                "source": {
+                  "name": "Tailscale (CCF)",
+                  "kind": "Solution",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "noodlemctwoodle",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Tailscale (CCF)",
+                  "tier": "Community",
+                  "email": "ccfconnectors.county118@passmail.com",
+                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('parserObject2').parserContentId2]",
+        "contentKind": "Parser",
+        "displayName": "ASIM Network Session parser for Tailscale (no-prefix wrapper)",
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject2').parserContentId2,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject2').parserContentId2,'-', '1.0.0')))]",
+        "version": "[variables('parserObject2').parserVersion2]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
+      "apiVersion": "2025-07-01",
+      "name": "[variables('parserObject2')._parserName2]",
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "eTag": "*",
+        "displayName": "ASIM Network Session parser for Tailscale (no-prefix wrapper)",
+        "category": "Microsoft Sentinel Parser",
+        "functionAlias": "ASimNetworkSessionTailscale",
+        "query": "vimNetworkSessionTailscale\n",
+        "functionParameters": "",
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2022-01-01-preview",
+      "location": "[parameters('workspace-location')]",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject2')._parserId2,'/'))))]",
+      "dependsOn": [
+        "[variables('parserObject2')._parserId2]"
+      ],
+      "properties": {
+        "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ASimNetworkSessionTailscale')]",
+        "contentId": "[variables('parserObject2').parserContentId2]",
+        "kind": "Parser",
+        "version": "[variables('parserObject2').parserVersion2]",
+        "source": {
+          "kind": "Solution",
+          "name": "Tailscale (CCF)",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "noodlemctwoodle",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "Tailscale (CCF)",
+          "tier": "Community",
+          "email": "ccfconnectors.county118@passmail.com",
+          "link": "https://github.com/Azure/Azure-Sentinel/issues"
+        }
+      }
+    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
       "apiVersion": "2023-04-01-preview",
@@ -9585,7 +9863,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "Tailscale (CCF)",
         "publisherDisplayName": "Tailscale (CCF)",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>\u2022 Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>\u2022 There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.</p>\n<p><strong>Data connectors in this solution (install the one matching your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on <strong>Personal (Free), Starter and Premium</strong> tailnets.</li>\n<li><strong>Tailscale Premium (CCF)</strong> - Everything in Standard plus network flow logs and posture integrations. Use on <strong>Premium and Enterprise</strong> tailnets for full coverage.</li>\n</ul>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the scopes for your tier (see the README in this solution).</li>\n<li>Copy the client ID and client secret (secret shown once).</li>\n<li>Note your tailnet name (e.g. <code>tailb094d7.ts.net</code>) from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a>.</li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 24, <strong>Hunting Queries:</strong> 22</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>\u2022 Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Tailscale%20%28CCF%29/ReleaseNotes.md\">Release Notes</a></p>\n<p>\u2022 There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://tailscale.com/\">Tailscale</a> solution for Microsoft Sentinel ingests Tailscale identity, device, configuration, audit and (Premium) network-flow telemetry via OAuth2-secured APIs. Built on the Codeless Connector Framework (CCF) - no Function App or container required.</p>\n<p><strong>Data connectors in this solution (install the one matching your Tailscale plan):</strong></p>\n<ul>\n<li><strong>Tailscale Standard (CCF)</strong> - Configuration audit, devices, users, keys, webhooks, DNS, settings. Use on <strong>Personal (Free), Starter and Premium</strong> tailnets.</li>\n<li><strong>Tailscale Premium (CCF)</strong> - Everything in Standard plus network flow logs and posture integrations. Use on <strong>Premium and Enterprise</strong> tailnets for full coverage.</li>\n</ul>\n<p><strong>Pre-requisites:</strong></p>\n<ol>\n<li>Sign in to <a href=\"https://login.tailscale.com/admin/settings/oauth\">Tailscale OAuth settings</a></li>\n<li>Create an OAuth client with the scopes for your tier (see the README in this solution).</li>\n<li>Copy the client ID and client secret (secret shown once).</li>\n<li>Note your tailnet name (e.g. <code>tailb094d7.ts.net</code>) from the <a href=\"https://login.tailscale.com/admin/settings/keys\">Keys page</a>.</li>\n</ol>\n<p><strong>Data Connectors:</strong> 2, <strong>Parsers:</strong> 2, <strong>Workbooks:</strong> 2, <strong>Analytic Rules:</strong> 24, <strong>Hunting Queries:</strong> 22</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -9859,6 +10137,16 @@
               "kind": "Workbook",
               "contentId": "[variables('_workbookContentId2')]",
               "version": "[variables('workbookVersion2')]"
+            },
+            {
+              "kind": "Parser",
+              "contentId": "[variables('parserObject1').parserContentId1]",
+              "version": "[variables('parserObject1').parserVersion1]"
+            },
+            {
+              "kind": "Parser",
+              "contentId": "[variables('parserObject2').parserContentId2]",
+              "version": "[variables('parserObject2').parserVersion2]"
             }
           ]
         },
diff --git a/Solutions/Tailscale (CCF)/Parsers/ASimNetworkSessionTailscale.yaml b/Solutions/Tailscale (CCF)/Parsers/ASimNetworkSessionTailscale.yaml
new file mode 100644
index 00000000000..ac12904b67e
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Parsers/ASimNetworkSessionTailscale.yaml	
@@ -0,0 +1,10 @@
+id: 1e9af7d2-4b5a-5067-ad9e-2b3c4d5e6f70
+Function:
+  Title: ASIM Network Session parser for Tailscale (no-prefix wrapper)
+  Version: '1.0.0'
+  LastUpdated: '2026-05-19'
+Category: Microsoft Sentinel Parser
+FunctionName: ASimNetworkSessionTailscale
+FunctionAlias: ASimNetworkSessionTailscale
+FunctionQuery: |
+    vimNetworkSessionTailscale
diff --git a/Solutions/Tailscale (CCF)/Parsers/vimNetworkSessionTailscale.yaml b/Solutions/Tailscale (CCF)/Parsers/vimNetworkSessionTailscale.yaml
new file mode 100644
index 00000000000..31a739d01ae
--- /dev/null
+++ b/Solutions/Tailscale (CCF)/Parsers/vimNetworkSessionTailscale.yaml	
@@ -0,0 +1,96 @@
+id: 0d8fe6c1-3a4f-4f5b-9c8d-1a2b3c4d5e6f
+Function:
+  Title: ASIM Network Session parser for Tailscale
+  Version: '1.0.0'
+  LastUpdated: '2026-05-19'
+Category: Microsoft Sentinel Parser
+FunctionName: vimNetworkSessionTailscale
+FunctionAlias: vimNetworkSessionTailscale
+FunctionQuery: |
+    let NetworkProtocolLookup = datatable(proto_lookup: int, NetworkProtocol_lookup: string)
+    [
+        1,  "ICMP",
+        6,  "TCP",
+        17, "UDP",
+        58, "ICMPv6"
+    ];
+    let baseEvents = Tailscale_Network_CL;
+    let virtualFlows = baseEvents
+        | where HasVirtualTraffic
+        | mv-expand t = VirtualTraffic
+        | extend NetworkSessionType = "Virtual", NetworkDirection = "Local";
+    let subnetFlows = baseEvents
+        | where HasSubnetTraffic
+        | mv-expand t = SubnetTraffic
+        | extend NetworkSessionType = "Subnet", NetworkDirection = "Outbound";
+    let exitFlows = baseEvents
+        | where HasExitTraffic
+        | mv-expand t = ExitTraffic
+        | extend NetworkSessionType = "Exit", NetworkDirection = "Outbound";
+    union virtualFlows, subnetFlows, exitFlows
+    | extend
+        SrcIpAddrAndPort = tostring(t.src),
+        DstIpAddrAndPort = tostring(t.dst),
+        proto_lookup = toint(t.proto),
+        SrcBytes = tolong(t.txBytes),
+        DstBytes = tolong(t.rxBytes),
+        SrcPackets = tolong(t.txPkts),
+        DstPackets = tolong(t.rxPkts)
+    | extend
+        SrcRawHost = extract(@"^(.+):([0-9]+)$", 1, SrcIpAddrAndPort),
+        SrcPortNumber = toint(extract(@"^(.+):([0-9]+)$", 2, SrcIpAddrAndPort)),
+        DstRawHost = extract(@"^(.+):([0-9]+)$", 1, DstIpAddrAndPort),
+        DstPortNumber = toint(extract(@"^(.+):([0-9]+)$", 2, DstIpAddrAndPort))
+    | extend
+        SrcIpAddr = case(
+            isempty(SrcRawHost), SrcIpAddrAndPort,
+            startswith(SrcRawHost, "["), substring(SrcRawHost, 1, strlen(SrcRawHost) - 2),
+            SrcRawHost
+        ),
+        DstIpAddr = case(
+            isempty(DstRawHost), DstIpAddrAndPort,
+            startswith(DstRawHost, "["), substring(DstRawHost, 1, strlen(DstRawHost) - 2),
+            DstRawHost
+        )
+    | lookup NetworkProtocolLookup on proto_lookup
+    | extend
+        NetworkProtocol = coalesce(NetworkProtocol_lookup, tostring(proto_lookup)),
+        NetworkBytes = SrcBytes + DstBytes,
+        NetworkPackets = SrcPackets + DstPackets
+    | extend
+        EventStartTime = todatetime(FlowStart),
+        EventEndTime = todatetime(FlowEnd),
+        EventProduct = "Tailscale",
+        EventVendor = "Tailscale",
+        EventSchema = "NetworkSession",
+        EventSchemaVersion = "0.2.6",
+        EventType = "NetworkSession",
+        EventResult = "Success",
+        EventCount = int(1),
+        EventSeverity = "Informational",
+        DvcAction = "Allow"
+    | extend
+        SrcHostname = SrcNodeName,
+        SrcUsername = SrcUser,
+        SrcUsernameType = iff(isnotempty(SrcUser), "Simple", ""),
+        SrcDvcOs = SrcOs,
+        DstHostname = DstNodeName,
+        DstUsername = DstUser,
+        DstUsernameType = iff(isnotempty(DstUser), "Simple", ""),
+        DstDvcOs = DstOs,
+        Dvc = SrcNodeName,
+        Src = SrcIpAddr,
+        Dst = DstIpAddr,
+        IpAddr = SrcIpAddr,
+        User = SrcUser,
+        Hostname = SrcNodeName
+    | project-away
+        t, NetworkProtocol_lookup, proto_lookup,
+        VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic,
+        HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic,
+        SrcAddresses, DstAddresses, SrcTags, DstTags,
+        SrcOs, DstOs, SrcUser, DstUser, SrcNodeName, DstNodeName,
+        DstCount, DstNodeId, NodeId, IsRelayed,
+        SrcIpAddrAndPort, DstIpAddrAndPort, SrcRawHost, DstRawHost,
+        FlowStart, FlowEnd,
+        TenantId, _ResourceId, Type
diff --git a/Solutions/Tailscale (CCF)/README.md b/Solutions/Tailscale (CCF)/README.md
index 6ad0011d157..38512f55518 100644
--- a/Solutions/Tailscale (CCF)/README.md	
+++ b/Solutions/Tailscale (CCF)/README.md	
@@ -6,6 +6,7 @@ Microsoft Sentinel solution that ingests Tailscale identity, device, configurati
 - **24 analytic rules** (16 Standard + 8 Premium-only)
 - **22 hunting queries** (12 Standard + 10 Premium-only)
 - **2 workbooks** (Standard Operations, Premium Operations)
+- **2 ASIM NetworkSession parsers** (`vimNetworkSessionTailscale` + `ASimNetworkSessionTailscale` wrapper) - Premium only
 - **9 custom tables** ingested via 9-11 polling rules behind a single Connect button
 
 ---
@@ -309,7 +310,7 @@ Net effect for the operator is identical: one table, filter by `ConfigType`.
 ## 10. Limitations
 
 - **Network flow logs are Premium-only.** The eight Premium rules and ten Premium hunts depend on `Tailscale_Network_CL` and won't run on a Standard install.
-- **No ASIM NetworkSession parser yet.** Microsoft's pre-built "Network Session Essentials" detections won't auto-cover Tailscale data in 3.0.0 - a `vimNetworkSessionTailscale` parser mapping `Tailscale_Network_CL` to the ASIM NetworkSession schema is planned for a follow-up release. Until then use the analytic rules and hunting queries shipped in this solution.
+- **Microsoft pre-built "Network Session Essentials" detections require a clone-and-rewire.** This solution ships a `vimNetworkSessionTailscale` ASIM NetworkSession parser (and the param-less `ASimNetworkSessionTailscale` wrapper) that maps `Tailscale_Network_CL` to the ASIM NetworkSession schema. Microsoft's pre-built detections call the sealed workspace function `_Im_NetworkSession`, which can't be extended from a Solution - so to apply those detections to Tailscale data, clone the rule and replace `_Im_NetworkSession(...)` with `vimNetworkSessionTailscale(...)` (or `union vimNetworkSessionTailscale(...), _Im_NetworkSession(...)` if you want both sources in one query).
 - **Snapshot tables overwrite, they don't diff.** Each 60-min snapshot is a complete current-state poll, not a delta. Rules that need transition detection (e.g. "SSH newly enabled") compare the latest snapshot against a 24-hour baseline.
 
 ---

From 35c26ced9e1a128ccc807eef7e7f4ea2d7334341 Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Mon, 15 Jun 2026 12:58:41 +0100
Subject: [PATCH 24/27] fix(tailscale): align CustomTables schemas + finish
 hunt description sweep

CustomTables schemas had drifted behind the DCR streamDeclarations:
- Tailscale_Audit_CL.json: added EventType + ActionDetails (introduced
  in earlier dev iteration but never reflected in the validation
  schema; queries referencing them would have failed CI KqlValidation).
- Tailscale_Network_CL.json: added the 17 columns the DCR transform
  promotes out of srcNode/dstNodes/traffic arrays (SrcUser, SrcNodeName,
  SrcOs, SrcTags, SrcAddresses, DstCount, DstNodeId, DstNodeName,
  DstUser, DstOs, DstTags, DstAddresses, HasVirtualTraffic,
  HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic, IsRelayed).
  The hunting queries and Premium analytic rules reference these
  columns; without the schema update KqlValidation would fail "name
  does not refer to any known table column".

Hunting query description sweep finish-up: two files were missed in
the parallel-edit batch earlier (the Read-before-Edit guard blocked
them and they didn't make it into the follow-up batch):
- TailscaleSplitDnsPerDomainChanges.yaml: Reconstructs -> Identifies
- TailscaleSubnetRouteExposure.yaml: Lists -> Identifies
---
 .../CustomTables/Tailscale_Audit_CL.json      |  2 ++
 .../CustomTables/Tailscale_Network_CL.json    | 19 ++++++++++++++++++-
 .../TailscaleSplitDnsPerDomainChanges.yaml    |  2 +-
 .../TailscaleSubnetRouteExposure.yaml         |  2 +-
 4 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Audit_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Audit_CL.json
index 7c497a5b893..87e3511ef41 100644
--- a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Audit_CL.json
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Audit_CL.json
@@ -5,6 +5,8 @@
   { "Name": "TimeGenerated", "Type": "datetime" },
   { "Name": "EventTime", "Type": "datetime" },
   { "Name": "EventGroupID", "Type": "string" },
+  { "Name": "EventType", "Type": "string" },
+  { "Name": "ActionDetails", "Type": "string" },
   { "Name": "Actor", "Type": "dynamic" },
   { "Name": "Action", "Type": "string" },
   { "Name": "Target", "Type": "dynamic" },
diff --git a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Network_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Network_CL.json
index 2a49931e28a..9f076e31472 100644
--- a/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Network_CL.json
+++ b/.script/tests/KqlvalidationsTests/CustomTables/Tailscale_Network_CL.json
@@ -7,9 +7,26 @@
   { "Name": "FlowStart", "Type": "datetime" },
   { "Name": "FlowEnd", "Type": "datetime" },
   { "Name": "SrcNode", "Type": "dynamic" },
+  { "Name": "SrcUser", "Type": "string" },
+  { "Name": "SrcNodeName", "Type": "string" },
+  { "Name": "SrcOs", "Type": "string" },
+  { "Name": "SrcTags", "Type": "dynamic" },
+  { "Name": "SrcAddresses", "Type": "dynamic" },
   { "Name": "DstNodes", "Type": "dynamic" },
+  { "Name": "DstCount", "Type": "int" },
+  { "Name": "DstNodeId", "Type": "string" },
+  { "Name": "DstNodeName", "Type": "string" },
+  { "Name": "DstUser", "Type": "string" },
+  { "Name": "DstOs", "Type": "string" },
+  { "Name": "DstTags", "Type": "dynamic" },
+  { "Name": "DstAddresses", "Type": "dynamic" },
   { "Name": "VirtualTraffic", "Type": "dynamic" },
   { "Name": "SubnetTraffic", "Type": "dynamic" },
   { "Name": "ExitTraffic", "Type": "dynamic" },
-  { "Name": "PhysicalTraffic", "Type": "dynamic" }
+  { "Name": "PhysicalTraffic", "Type": "dynamic" },
+  { "Name": "HasVirtualTraffic", "Type": "bool" },
+  { "Name": "HasSubnetTraffic", "Type": "bool" },
+  { "Name": "HasExitTraffic", "Type": "bool" },
+  { "Name": "HasPhysicalTraffic", "Type": "bool" },
+  { "Name": "IsRelayed", "Type": "bool" }
 ]}
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml
index ff9112296c9..54afc73051b 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml	
@@ -1,7 +1,7 @@
 id: e7f8a9b0-3456-7890-12ab-cdef12345012
 name: "Tailscale: Split-DNS per-domain change history"
 description: |
-  Reconstructs the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended.
+  Identifies the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSubnetRouteExposure.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSubnetRouteExposure.yaml
index 63366999109..62bd5b7a989 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSubnetRouteExposure.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSubnetRouteExposure.yaml	
@@ -1,7 +1,7 @@
 id: f6a7b8c9-0123-4567-8901-234567890047
 name: "Tailscale: Subnet router CIDR exposure inventory"
 description: |
-  Lists every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it.
+  Identifies every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
     dataTypes:

From 63221a6b83bce4f1f1b2a81f15aa0cb142755ffc Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Mon, 15 Jun 2026 13:04:04 +0100
Subject: [PATCH 25/27] chore(tailscale): regenerate Package/ against current
 upstream V3 tooling

After merging upstream/master (1.3k+ commits) the V3 packaging tool
behaviour changed: variables and parameters the older tool emitted
without consumers (_solutionVersion, dataConnectorTemplateName*,
dataCollectionEndpointId{1,2}, resourceGroupName, subscription,
dataCollectionEndpoint) are now actively referenced by the generated
mainTemplate.json (54 refs to _solutionVersion alone). The
.local-helpers/finalize-tailscale-package.py script's blind-strip
would corrupt the template; the script is updated to only strip
entries that test zero-reference at runtime.

Net effect on Package/:
- mainTemplate.json: regenerated by upstream V3, version-pinned to 3.0.0,
  79 variables and 7 parameters (vs 70 / 5 previously) - all referenced.
- createUiDefinition.json: regenerated by upstream V3.
- 3.0.0.zip: repackaged from the above.

Verification:
- ARM-TTK: 48/48 PASS on first build (no manual fixup needed).
- KQL: PASS (16s, 56 files - schema files for Audit_CL + Network_CL
  picking up the 19 added columns).
- Hyperlink validation: PASS (4s).
- Field Types, Classic App Insights: PASS.
- TruffleHog + .NET-3.1 detection-schema/non-ASCII: SKIP (tools absent
  on macOS, substitution checks pass).
---
 Solutions/Tailscale (CCF)/Package/3.0.0.zip   | Bin 79745 -> 79926 bytes
 .../Package/createUiDefinition.json           |   4 +-
 .../Tailscale (CCF)/Package/mainTemplate.json | 489 +++++++++---------
 3 files changed, 257 insertions(+), 236 deletions(-)

diff --git a/Solutions/Tailscale (CCF)/Package/3.0.0.zip b/Solutions/Tailscale (CCF)/Package/3.0.0.zip
index 0beed8785fe931a46c844a6d7d5e0867ff9eaaf7..e3742df4a100047c23401ee8e0f755d76e55a982 100644
GIT binary patch
delta 71296
zcmZ^~b8shJ_wF6r$;6mRCbsQ~ZEIrN=-9R~(M)V-qKR#PgNbe9<i4Nh{ND4{sZ-T|
zb@f{7T5DJD>V4Ix1J0qEE}#HK8AvEBFfcGUFbj)G-DX?YK~F4jup3DPF!YbRwnmnA
zs;0IMHbyR{3|7web|=2iDyu_v7w7lYikIs&#I!+qP)^p9olr@ebTAxTS%YWlq%y{2
z@#NKCA@{PcyMWp2c=2=e&wuvPD_1mU_}aX^J}xh>w?~7>y1R{Bz%RmVWyRX`bmo2^
zbeu!<WaeG6yn;0ze`;@ikBDP?JQ3}C?Y1($;8(b8%cjE%lc_U-F%mOnV`nL_^81SL
z`MvVj)bFz;fwvn1C;r*mf~*BM%(uck^Pxqg@vyh|h`dVz+bshg2CN36!I~-Ad;4M3
z;(~)GsAhArb$4A<ps&8>)wI0v9&jGNHp{dG4=>W2xkNI&$}dJ7)P893?l(uH!5mZ*
zZwW26ZrP3L>ub)kZUJ?{D>{$QGa2IUpwW#^v*&#m+Sqh|bBfLPoOGA-9^rv0l6{6+
zR(Zz&Y@qFt*`~2m-?Pl<B`Y`dcDNBWB+hlsnKzc!_Viu=>IN)IRO{hcJ?DvTEnZh2
z)2%O}Y6FM{wdgGI1rM<hs!D9`3m31}(XIQm8w#2@F;Oz+MtI1&jh8U&vFwXeM7pQX
zO+S1@A}zfIW{@n@E*TT9UKbpzJ6lT%VPLP?oxClN(jpJ3VVuSZ)^`86niV|^2Vkgb
z8XLZ6y*%3k99+Y9CI|SXhEhDQv7WH*O|@^}a`3EN2)laye_wjS{;1$1_ltJJb<_Fd
z!eVtbF+pw{99s=h5gflfKke=1K}$xpnEg#2)?;b$+xDgA2#v3Kj$l<ou^HEXDmmMl
z7G+QlEji=KWxY&6<kOHP&|=CbzQVb7AtdGVj?D4{hFZwENDS#lZ#$4p5n>eCNWznw
zaiiqY1_x*OfW9mpinp#Q?18aA^-jKF7vH#V{<vYydQe$)I~xzS+OeO&qNr1mPwowo
z)16Th;QTft(6q9_mg47zAMnH~f`#QKDY(NVb2<Bw(VEUrA`sBjI<2chpd+cs0hf%&
zrYgP#_##@p60^0|%IjCbo;2UZjPh`JE^ccx>B~>8<p|mL6&Y>7ibqzJV2kz{%dTvO
z5D1)C1}Mqgh^=DupmxD=K?UAGCV^Mv67bnoOg_jiqljzO!!()8Gy2+7qQ!yQ%EFcT
zEVR?>teHSzKDa2Tll78U^xE;-0+3`Lvl5uVEC+b9dhk{H*)KguZ-h{qa`dV>mUzWQ
zf>4mA22RuCBE<Bs+AmYhP($gY5CppmLDVTiN)HrKwo~%Onu+?POViufv)2+$%<i&3
z(E?0;C6cE>@^ge}UEuz_=s7ryIf~^)BWtd9vNn32ya8()D4JYE10H?9Ug!i5PKQ1N
zEO?JXZnlE7?M*Uu*4QPeJ1a*C<eid^w$Fo`+A+&jB-q$I1O{8!+CQFf1X;n?5mK`X
z)ZZymXSwC1hS%3S9h+I1@t=x17ne3{En_-!IV?}^^-pgz2Z|PLx)2C3R<{y`RfWD>
z;Yb>^lyo75I~aah4D-tN6hf>Vb?IUNRuV{|I*OyXXN<n?6z$2Q#2;IIxwo>*_9jmV
zPw%rNb2{T05Q&q~HE0)4fG5?4wW@|^sw_XwY?t?=!fHT7z_%u==lO+S5eJ675=kiC
z(C6A~gVhy2pSiQ{27caD?3tGAGk?}GbJyk_Bkw$8=W>5P7~?yBz@B+p722Q<c-!0C
zm|WUDUv|*WcCww13{RBq>v4bG@od%;JeMv|&2;C5?pRIO)6>T2v~s_{bt^1BC5SOY
zRcN$RAmO~}1PO>FfjksMwK`Tk`OZgN7{}XlGCed<;5|X7bCd1LR4IGwcHrl3{|H$l
z;`FxlowT??YFHFnX<4>7y$9R~+Ml((-{;HMa~CYlFYWH(ZD1nKianck(#AiB1oNG{
z9q;Q=Cre-3Rr|Yp&veL0%eS3Md3Uu&nPaWkHt>qq2YhU(g{`Z0q&CYpUX^Cp=Xb=D
z?JVmu9}yIw6j6~}ckkQlDlF+@PxoejclUpUWS=zZ7u<cbK9L6+%#43Dd&lUTyLS~7
z4!^ZD-yf;TWSLx^onc;7eY>COXxG6xm;Ul)vb~+r-`!M^X1u)`!Q(!K?L0B@Z|cGV
zuXyvcm3vzZ=!~|b%*JY|hItA~|2A`69sB&Z*MA36ZMFUHNbl8NJ7`0cEkWzFo9q0R
zAae3s;0`w^+zT1(XMoX~J)4fwXV%m8&cW*{*?%f)V4jcsQ~7`Nclo>D|D&IchX=;7
zZngX3go7!1iOOCg;N(N`+h0$O67P@f)e-Ky@$viXuTP#D2*ooUQEBqfS(tK<>+s4h
zYxCX%3|=XfBz0-l4IvW13Nps)=(z&hF$-Z)4OOl1bVXiJu>;LyPspk@`Q4(V62h(t
zqmE1i3-ZPS=1I-)4dY~wt8MMDky2ogK{s(0mi#Vvi$zi;dDp0Tl>A-8tD}lNdrg_g
ze0SN8kT0>_%M+<R3N@1yvt4|!i;dG1VPfzoe&D>e%3LY?n?EXnrqmaG0{X~1O1VmQ
zJBbRSbqgjc_pEU{4p_k+yDZuFD?;5xw=6<za;^vHlV+(c)!d*cjy3HoUb_aW5asi4
zW|;x_NMjnf6E?Kl@ONt_Pigy`Z5-=6HB>!4jE0MH2&Eqx8cr7yH{1)wsFTGF%bJ6^
zVe`LpvF2D*QZ50WNrwixLB}gzNqs+{V7vS~IjOTpoE@h3bY%SQW3Y=Ae{`$bBRa>n
z$+l%wHGGVq>%SxD{_hA-vi~yz#47SGSc#}3`ob8VB)h`m#=)3a5Ia791Fz-B+c)s+
zHEU7ewg=;M4DYt}AC*m8J2k++GD+nBBNKfwaU<d%ncCIU#O^oZiw6Y*XFDkia0Mq8
z8H6uT-i|D<qs|U`S&mMc$(x%vH3XC)DxN3|E3wwY=Y!KfutqNJY!cZ;sM`O^qWA?8
zac8`JtWFg@H#eQM!v*3}Qc~})myD<%{H;wdxrFr61#^HwKZO=qa9yc6al1z#|33kf
zdUK7Glwo2KK{$+t3jb9`xtO|<^pCOu{eKI%*Q28F_vB{(XMu9F|GPlL|1J<B>hBb;
z$AyWT5-~S@o(x|6Q_7Fh|Cw{rf9K54{qLNC>0DhMKZRIqx!a6yTVrd}7J~n;tWkG6
zD_7o54Hhcahu$!`1_vnt!oi(=oy?&glS}LaUe?iS;!Q|?|7qf*YySVUYyTidoOp4I
zr(=lL(d04I?fs51)bFiRn1HZs`0GNEwabmT^$P-fTT)Y~Tu$n=#gB;=PR|hZB^+JL
z@4SsWdMz)szkZW5#s9Er_pkf4phaUUHGHX0aEsItYJcpFX(Qz}fIMzd2otKlA%;s+
z6the9Oc$zzU~2kLNa;t2y68uU)T^3#UDU-&T~HV{BU8JVaWue_B(8IeS51LiHmsRe
zcv4Swf;BQ?_*rb(4%}3w@t-<U#?4Xsau=DUQ6E7*Uhz+b<?KAhd?0+GVmzm0Uu>~N
z5iLBVBC1u|d>gBsf6L6VdnM_es=3AM*3(KXo5S-+7E~a?C?~Je=i3~``p}pjdTMq^
zF6zhJ19fRU<GF;Ud8Vv<A$2Ucl1g`KABEi`Rj6g8t=ch>Qhw*z26DRp(@$1|Wm5pu
zKWRQH9if>0qYdsMG=KRdh_kZkpB&dra`=+}h<}9`DLJbsR!&VWiW-mtQ<iWDs8N)c
z;{HgY{cjQ{+7L5v%h^f5sJQym$0n1GE%{zm!(*-#n)u_+6Ggaq85V<TNU7Q3i~4tR
z@kr(Ffy>Qim>?U}APQ=`ynTQ9Ox1WH;n+5@sM?!r+QYfxeGNE6FFvO7p3kd;`JIVH
zc6!Imcvw3>bs9d)2<jxr>v=W(Sj_VGTt6^EY_AQAISrjYi6PJfUgy8fb{`OvNgXXT
zQX~ogo3iev<=y3Irse&NVWClT`OK<qdT9`hUC~;@{wA8=mT!UCu&pAgq{=k|3BhTO
zUOT;bu&7ieZJ@|qKZae;o?Sl%d2WhHC`RfzWqL{M8JCHuXGli5xvKHM&u148%6vTE
zFLQnf824Fl-np<@Ml%Z`SJsE&dng~m;bG!>{-a0WKY9=wZZttIN54nd+zZ>kCL%`c
z!xyDAx*Pv9AB%)kV)IOSJ>`a&m>!L!+69ZV0=L3d4t@54=jxRh_&spByqi0or`)fu
z$J(XC`JW}$e}rgzA(`;FN=*+F69W$#nv1=-#_X%d?00RMv9=PyyQ#l<L0Lm9NUoLh
zCW`T^-c;J<#e@6B=K}FRRzPp%{1s669{%3A4R?N`$9D~(pn0#Ks~P!HIx{KHd_9hq
z+Hw%k+(+1z^E1YSGrwdoOPW`CR#t;7=a;Qr294*IW;4e_IY6^FofG96n84*%Glmao
z<^M|Sjj6}rH81*EVChxP&4E9lkAqmL-X3F~99uf?cdpjn%xmeUB$3$muQJI3hAw7G
zYgSGw2i)a;WIOxKG|Z6uXP<5Ni$C~73Tq^WlTo4-0X5LMP@)~x{y?Q^)Pox#36kTn
zz$b^xwrCfKcYS}ryUvfa=>;4dzWFaK?AHsUQe-S8|GUIMvi&})gzpBJv%JH_zucpT
zm@M^^zgtq+jxrtAOGYQkt}uL`ar=_gWSV~SB_V3EujuqUMGQJT=7y-9^wb#VQ*p3R
z@5Oq0y~<ACG2)J}JvggGV7cb%V=w!uc2&Np{ot%!ykh_xpwTtfUL>Pt67Yj*o-}%Y
zSh3nBpI{$qN;4ZLM1Zm_0y})<xL5v%mBvnr8%(w22s9i_JJm3qr^wlGx)^qui=8L-
zuk>DeZbg|InanLbV;tq8mNcp^s5&|ZA(GF6{Kq|4Nd{+G$$1fV(kmL`<P@CmQ3j*9
zy3kRzk2#;Sffh^UOu;_dTHIfOn`&Q3UF{I=5t_12Q92Fqt|8l)r)@P8^?V*R#jzrk
zj#h-zCAD1pR?!RHa}gF_s$O#u9LPF^G=7@rbJroCkD-VMbi5I*8?lIRZheX;Kt(6w
zUKIRpnII}Sah>T`DVLDeqtorV<=PE|&Q7{AY5u0x1)iipurl2(<SIwG1Mz-B!n1va
zt+M*}!x~Zv-hyIOe$2KI5(X#QbeyxYS*$WpsKr;_{eNo^RQBERKrgH-(nFB`gI#1B
zr1$mWg5;)9@6YBthldoWLDgr`q}dFPD=~Y1nSbD|_(U$m{E>yP6La_!RiSRH@m7f$
z_%<>!fP0}TlV8zzR9BxuZVMxNa?@w$z6)W_Hk+8IF1>%Z$pDd)a;}r`)Z?l9ys>mv
z?8*`yp<gvF?jcR)5}lhp&909<<<;&LtXFyY`K-LP`OFdlZ8`_{aw@!UQ*+M~<5GhM
zxTE^!Ehp;-tgmJst`59>Yh9dXZQNYHZw6l<fzG$H)A>cE*}1q49k1u+V&-QH6p+^9
zKF)cVfq+h`-RU~=80Y$RR1f`I^Wd8;@cQzm|J=~kJ?T!VA<@!VeO;Xw)8}a3CfLH0
zj)ID+-8XIM#lxeGQuXmwyf141a`sn&^3KxP<77jqYh@p`leNB`&-%UT;p(vS{`Q9{
z;P>cq<agT9#Vl}JHEG5_dcbxs&r>RQb2!1%)z<!c^%%tJaew@_*|sdudC&y=TDW^y
zxBBQLXp^IhT(EKHuzZ>m4YQt9&Nw?;zO{YwLki^EA=vxi?j7_7?)UEKXhpoX{S;N-
z7qq+l#S+mksqU#$G4J;=%9FvFLRCpRAW#ZQn=HLg7rz&O@8)YAeCYIEokQ6GTbI{b
zz3-cLVSZuj7<2&53c%A<Fj^e1P@W5*zHZH9En2cHh1ho?Gy9g#Zp|yj^?C6;xiU9|
zedi_3?hI(XpMAW{lKH#t^3=G&CQ-;pABaedh{tm%gJ295i-^wQ58KyngWysNi1$4Q
z^;46$OG7^BNmg&o4^9lv8}fX#P}9+g4+3<N(wI0J0O>5q0^m5eCkKKc>|W@P5zX(Y
zsguAaUSgwMB0bU7#+y9CdSS%t+d4u3)l0N~6+$1;!iz6C*qo+!mMAW^%^YXyodC}(
zTK;*K_oMV8-zfkt(DGVm12};uL$|J(Fk$G-s|L<Npdi^<-YyV@<&E|A+zAKl>lTsS
z-!n^(XD^xwF#&bbiRnv%wLd!;gCy5)&zT<7A$F=~@5xoh!2~B^nclWs%^b6`OZY8N
zI?piF1(DYYA#z+BdWqI&%}o=vp)h1Z%O1z14ZjSbaewwy(nB9>0U81A8@4;%t0S$(
zTDjk|IF!-4AT*h6`+FGE6E2=mpHbTjd^UPU>?0Qg4IPZ>JMtF>+=~mo=~J!rGWkNU
zf3~pdYjCv=P*O%gQBW-gyb88KrMxOFKQ-0(cKY-qN)OU9V`A>*R+0iLiESE$R&OX_
z;8&cPQVG&x_k)m20UGm`+MZSk?LY6$Y?EC=L+YPgI62qJt!)C*MvJH)zHsdDVB7t<
zW(NYSXJb)vLQcygiPuhKf0HfDv1@z1muoFd{%#kVDr&l5{Nzzi1G^8|?_PEJ@H2SN
z9QH!4S#~Wa5LOa0D}ci}Y9MWsI23#7oC+E5lZ`zrTEF227=S?I9ky&3sA~cl^1vI{
zqPv#~NNM-Gl=#yUu<pnw1YF(`_4hRl&|ULy=GyzNKD&8b5vic9nvGOO2*1f!R-iXA
zb<ui^2WB{$t>Bm76+)1(9fUh7bH!sK#)Z`Ngvw<Ft^d-ZL6c&}_44rd@%6@hIQnjv
z;U@})lNE^E2L#+A3HSD-w=db<a(u#cj^Mbz<mp$mla;$<ME}b^mX2Weh`~j0o$$lR
zp<B2A)U%1>o`ERu%M#e{KgJ5n$eAt)XDu*xiJK_4^4O`x(dfBy77|&8K^n}2zTo8~
zELHgFKO*;@tGM+QZR{B3UK80u-;o2lf2PM89f6~*`U95>*t<vygJz63?~A=q$xP+K
z=UabDDz5P-m(Ov9&s~E>_1h&`4R4lJdkpljI=<48@PQ}!K~f-t9AJ=iYWp@Yi@+1Q
zF259$BqI-!gT>-B85wzW{q+<Qw6&wPzm#Z-5(#$+P7^v?W9P>j!p}!2$=~IUjB)VI
zdTM6s;{uwQ0*QZd4JHw|qnt#R*l>#XE2Q&Y{IszR+1Xl0A0@_wA2GCOnhl|`v-X46
zsWThFNO&)<q>;3ZuP&LuIfD)KmpP4L_%wwzy{o{rDk;aeQD@yl6L>;st}0u3e}1#~
zb^37j*GNXgSLuePd$gk9vQPQ9=tZxP34v{>BGkZ7O>hxd-Nod-T^!xNUw&SAeKNd?
zh{$saztBb%7O&6&7b#4~rVCqwF26<l^QTR12&N+N7s#{5r-p=r;Dj()8T6K6CvBXB
zc#;kq?!$XloPq{2^bd@>gPcL<n27<a-l%0}o_&eA1vuU-Ut}(^>ofK;?=@GmSZ}Un
z+gAa9lJj_E20jxT5rj~a!Q+B=9`X1@<Lp0j;*lD`dP}Y$51$ZkB5VE<X@u((_*cWR
zFW85qOG&*%)?hwWp@~vY8=!}ZY^X`6LOdFzsMcOzCaQnQ<;c=G=%Iz}$$*puPpyef
z))szA=|p+x8^ChZHNay`fy2W(K>OWm*EIuJapall8e0%D=;B;R@|X{)w~;Wk@7MTH
z6wkOD)S)3aLI|_t`i$rJ$wYUS+1NsmTNDR?tL;@mPP3k@Q(xi)FsY}ocI5MYwYF~B
zFQK6f*gt^dlYmRZwOooW4|MxR2G+3YM<a$=B_pl4Ll&_gp`H)+5`Eeha%vy{odgU>
zrin*hp!?IgP1haL+u>ZSXx>%=wbue8_Hu_2AlOrnliJu5>aOCbD=;@QDM-5{|4qQo
z6cWK!T?GF3xBR4n9wOthSItP=z|GVY$YH!KA||*Arp0Rw#EnNT*zX<}sZ7$E70Obi
z9$-DwWEH&WteH~<MM$+WSF#5WScjj0-)bqdQ$*!7qPA8?e+uOwK@&aCPny1c{F9s|
zU3@NbB*#RR9V=T~;Debs5qO?#9xKQc)f^o3OQZ@LVX(zg8BdKf(j?XFv%KaB$km@N
zic6EFO)J<d6wD|h!e!#HKZkfQ4RJ?#4iy=2KwIiURMQigB@E{&O+B+=SOlK|K31PB
z1|}$RZO))kw8w1Y!I$C&KKUm8lIfV7DQ-=A(hYp77@^Pa6X$F<ooO-~N@k4@3B+ba
zEOB(YdloEyMClkk3p|0-d$4!|lVJ*%H%el@xiLp<Ot0C2KuoqU@s_&&M7(0ktuhO`
z^IZK}B*SV}LS(ag!ez1;dG79kF1fq{fwH#p-5aAi1=C^hJt#>4mk5aGXSoZlt`u^p
zvn>Ru><^nnA0lnI(w`b@X7e9nSzOt>acSW_`kR%Qpa}^GGFC@)W;v3{bKiSFSai}4
ze@M~B8mXl>D8u7i@3{73*oo{Z0*w;ma@w;GQ^LJQsio9qjZMV*vT;jVeT5jYbNAC?
z`-Ac4tb7K5)!)tZN<fbBPS6q!)hJFN5({aTla-0ws_Zkwn-zs%PJjz}0n!tB1kl-;
zGakrHID(cf9UO2es`3nRXy@s6e<4yNd^k%b{Mx$bsYybxEAAhlIZ8zcGmS`Q&eJ%R
z6>@Hjd}R{UYcq!_z){gf3L#7<Twx~YaVsQk>LaCcVmhYF3baKzdOUEz8+0@tINKnV
zM~av=E|RJHz4(azx-eOO*il!z9OhFm@hM^|F~Y4gcy0}@;5r^el6SJ9;VwgC^VM^>
z_)O(-{qrZV07sNvabYLm0#DaZMr?T+Sx;X{j7yop&JF#rT!O_N9|*6x6q^+SA2#4d
z*eAle-bF4r1Aq&$(uH8uBsKp!J7sg|==V8m@k8e;5YE74Km`xRNVo!DY7>Abedx5^
zcF}G6@K0f_K8<uEkdrNe8mjwMXjMACYef%7?t#UYPrY+8pzY`gEuiRUFepZbk;RbS
zuwmBS(iuTqAN8E2m8K&ThKI@7p|Rm5WwMXqWkn7C1PXr!=lvw@$7M2pzX-|}U+Kq}
z636WS+F+{W)uRUgi8v6Rke;l=|JKl%wz!@Y87Jf+T<nA*gRERPHG2?Izi9kPvY8Fr
zC5@f>Kr2^VTJu{8ul(Q-=hXJ(iOXI`x6fIon~mewDwnl;Z!dI(EVJFI&^tuIjQdrO
z5Sj<WTL8`HFZ^=|0pd&LapCR1+!U4Rlc3-RFf^ENkA{?3RV>cf+$~=SgB^68t)$U^
zh<rXtb{)PJ+0^uuhqQ!K-WYAK!o<*lyDL*S%Thkj;KUi~Y82_7ESp1wCWQTo15s*r
znjdvZ%#I4PY$%xj{F6IN5Q52gur@xm7W`c@MGU|$+v88nEc*oU-AlrKsj7*++)T*D
z2L9P;=jY7WPT2BMDC9I%Mq5vdxC};h{Ye(FY*yQ{YxJVeBB*;I2QL+~_ecBLqYbV{
z1K%)s`NT~CW(IqZzfCU{Np^?<FE`s?nABSkB6wI?pXislpJx7MnSPcl2RL7$B}1?a
zjpqQ=V59A(9517bj#08_ayachUh#n;aFWvFIa`vN@K8*;ck6vD@KmzJlxqM>=z1<{
zd~;_!u5%8{*?S%VF5<n61Zf~6C^M|s5699j`TaWl>ILq4KZDrF2^mjFmY0>-q_M%9
zh06us+nye^HMUZ#aYE1hyY|7_oM4->)f<rEiYI9K7*x*k<)Fo_*>oLYCnP)?XFJ4k
zI>uQ~kln>rJ}y7KvAU>w+DWxNMi_NY?{kMbOA%aRsX?B$MPyhDEebkZ-<KmI6qvzT
zs@lOr6$}+E!7vQwqZUd=W5+9zV4kG_(Lp9kv)3ArD98NUyl*7}jkt%axegC?UPi$8
z4q29PcrqFap_g=r@hC{L-RP@PFnC79r;~VHgHfqTwO0stblzG$Mo&1lc<s&Zx@?_`
z&EJDo3HH}@keBSd6q?w*&A8o|nV<%@x>gJ63DR!)X&L{pViQ7KH1ku&zM7fRfC>mP
zM`8-eN`3hWO>BQ0X~Zw=!nX|<!F>2|lVyCE=QGA{{3IC5dm)@U6E|R!oyGP?s7Y2t
zV(_B|J1+=C<huq*Ekv^5I!VyP%z)390h)LSI(>iKuf#j}eGw&$wXS8Gnw-^`@e9_;
zp^&b0@fY@r{rpG@`B-CY<|x67&E*TS;lpQExgFvwLRkoj%@=`)ylzIz&teZ>5^oV%
z48?N$^najdP8prZab*QwNTn-ni7FbR1+zoI_lBWS97TayELCq}PD+P%T>|uE!U7j3
zY6#cJVR?QLgCkoa5f8034_Ot89J=(ZWAqh%=-(nYuZ)(${f$TigT9i;bRb2H7%%yk
z^w<k4%JGwyl=P00F)ty8V|Zd`#ts-I5Pz@!enKiP1<i-)iKmJSqa@p6h&%IDQWjtT
z+g=3vD_dl63fc=P;|xM#dK_S(^hBfbaP|08{A!yBmXjtJ@9N;Iw8==+II>zgcv<%e
z&HnM+nio8bT78D%CtO*%Epm1foXiG=n5)1{TxWJuLp7rlRRLKm8^t-OQ<4hDt75--
z9!f!(#|@poQ_*3LzL?_sij8P|A-$>XCBiE(U4QFi8wme2ee;%MU+4y20}Mp4!auV}
zeS-;?c_J&pkxGZ^rsm_<HXx+ncrJ+88O`r)ZNZBh73bKmCr2voqDj<6jwlZeR)zfW
zD_EL_EQ&_?i(2egC8feC0T1mxx#%)VQ@h`<UH92vTe&bP3~M%oH2Hm`<xTP7KC{C*
zjr~A%xyCmmd;Y{hWkV&J#PXR|IH*(zg+QGj5`oe3!Fw|B0!yG)At>w{IE{UX-cGn8
zikr(XSrn4OS<xk%-Ro~Y<mCzvZ(nDrdyIdM{)rJ)v`k2Pm%s)L_ZT<3M|{B}_$Npl
z@PiLsE}LC>|G4XEQij+IbMG)Ki@SlsboMfE;#B#cLNr=mItTd^+<0mn`rRY8x8150
z$*y?xshhqKs7C?e>G(=h-*tY~{s?K$><HNo4CG~R{Ur5LPF)RMNYSJvIhOU%t_YZ%
z?*{M;KWc9($4df~xdL1fY=6tXhRmx5{*sFP>8UBGDUUU_V6OP7R&Rnt(d3(2h{I`d
zK8**4+qR>zU~zIk6R>edZXLPPbcQPU(ED1_yNRd@Hml;1_&p%1_w-1@QFvR=hwLsP
zV!F=$tBg$Cf|YcM1g+$p6oYalg983qcfx~uGWPf^<FqU=x-!cs%%%LB3X9bFS@1y8
zr1hlIx3y&=OuxrPHJ#~{8;nXinc~y-Ef>ZPw4lbyYk;a-Lz(ap_a{1>@N2G{;~wwi
zJm^a8Ka*GWd1|YVmhubrk<$~yZWPPTBRZ{{<T%22DnsD1q7DYM&*PNpP23tLRdc67
zQW91#xCm*$dF3M6W$){Y*OMT_h>M2hImtE4n%c^>mR#nmB2A%Q<F~Xi6H1)77em%U
zt{}ZeFr-M<MK#23qaMem$X$?>5>HUsA|AAPA?=v}`j{#vj)}P9JUb&I>$IA6Z0r@w
zl-lZTg6dvtq=rEq-hLT08J?8}=I6d`B<B>G(b+&?%xNA!>=AF5=JfdoSCVf3k&-}=
zZlnLVLaAe?Xi2l^q@Znb#-$*`-}6qLYfk)04n;3<wVLngc{)F>EOpaqYm~tvXC3&$
zkjkQ7_)c1KL4rHGkQM6aIBRSMo$fS(?*@)e!SfK0!mpHncdc3cO#*KKsL`N7#cHHD
zr%(w1dtLI9r0?wWmv`6U&FzlZ6k1SQe6<$z+)3e!VtjM074+An>RRplNk(W-{PGyl
zgpo-qqxTMzV#?ecP3qrHk&JO}MI&(qFR_uBF6z9f<QUHC2;Hr+A`?fq`Ld)FBw7S{
zLtjA^xG))z)-%$V<j2sL`G2GtlV=e<8_3iEKcvohE)mrvfb?`txif#L1iNy={Z5Ic
z*rIVKo)<%XcET<L>&JW|wc}kSgTw};a;UV(O`;kRFJi-t6M0|I?6A1>J1znPpNo1@
zI1L}JLF0SzW`pTG#IJ{<4OAm*R<#BUk=+nQltalF5>Yf^ENwjy4pTgX&v*)Vsv10S
z1=gLQw-LE9AMnBsZ@A{|8}=3V=$1R13Cxvfu3K*rH!|A0nisA8{E_K_-OWH_4Zg3V
z3E5!9*S8)8QZa9=Cufm;*Kv_u-gC`+UFD5)_7*3T-KlXHs#!1TKquOEXA!Y)I!B8Y
zYClb8a_*Qo%6Oc16f>m)l9`Zv`3DWaB<(1!CX{Rz8;PRmCzRUc<D<DPqo3)V_Vcum
zT2H3hCj?cqL?$s|?u|M11ft9pFOkotpu`Y-R13GUA35<l%Jo)2qzR@IDEEX4e||cF
zX>G33+R##7hD2f<0BHF_^x)*Gjh4MC<)#@`{j2m013n>6?utR>d<Ie6jT<L1kmJaT
z+%FTEJ&-Se6a03I;h0$o@E%hwUR+aMBse~5E2vH)8R_MC*Um@mO(m#E7<($RGPq`U
zQ~hxNX}?2@zW7KA6XEt`31p@>!P7S-C6MEof2NVct(kChZl}iXkRlnAU3%N8kmZha
zM9X9BdD#?AF6#}z<}LW;5O4#XJ387e@4*!VO<JVIIPPoH$+pMP#vC%Ix?72pd%U(9
z0frNZAsrf~&9;_kq(wabEUBGDr(-7facX5tLZu)C45I00+yBhu4uO`D6bhDFJzGkr
zj5xyXR<e!c*Dvi#1lPwa-tnx7S5C|J2TM<@M>*FoOWQ;IHrN{fqRMriuVuSL$JU;>
zhK_<_1ZM3+HDH_j`d+<_OR|Fg$^dJ58^`A$eP1GWxz~rz;$}bxzdmknGso4}@6zvK
zx84*uTmY?i`^@rp;jV21-X|M(i<9T)jSA0*FFx*0uEDF%Jnv7-T!ii=&q3uuhZh(5
z?1acArG<sNn`P~#?gBRh=K^mo-}5-a2H%ix%6;Facv;&=>+kHN81q2h28`N!X$qxh
zixbZTe^t((Y!>RH<(<!qoL9c(omE_ye|QRvd4gO)?p<f7RavLAQFh)_g4($Z?KzD1
zeG9|$Xiv7NY3rb2iz)urCl>xre1-{z4_IXInJgM;<~$(TyeGja-Rq&R>f++%)66AG
zY}(|cF5f`BJ#0VAf8TxEv5Gu&KJtC^@rtu_vA;nbOY)B1Xm6G~y+EEiO>XoRBn0Ge
z`V{)Sk@opdle&AK0-LIQug<QgNc80#b0~uJ9`07rX5D#+^oee{DoP6ta74YSn#g*W
z3DUg<b4a>c*+6oo2G4TNY)><!Et|FR1xde)n8Y_*(2O8Gm^wyFgmA3cIs`SduN+I+
z{5L{w@b!I9vUQP5`ku*<Mpw(XUV*`W2Y6%A=h6mlw5R4Xyfx|?M-S9*geBYUaN`UX
z?SIktmZ#Yp^km+LnF$)03>Zf*@AEm?+UYkN{YwT#r94VV`PMHFetNrszjh@Q3?4KH
zc7Bxh8J~T_*$i4`9HrQQwZRoYWi{${+Ov8&JLMl@>%2a;O%(6qP#Cv!2Bt_rTO4P(
zq0QB$+qyf(<lBTqT|IKL4300%=UvqiY03xUyKf3g>!i8^taEGDeXWfd6usIn7)I+p
zLCK0Kk3%AwU2QU^+btst3)~A0`F~Pkni)j0BE{`HNRRBSWqO`wcQq_L|HrdMu;aVL
znpG!!38a2p1eO3`33>N9R;=&X&E<!wmhR4f3|oAY`{KniuaQv8;{}MqB0|F4pVIF)
zA|d6F?j`Z*>S}!0M&%!FEx#Cu;xu9%2h4Uh5BICZWRIquF3jR?&ej0TKCvbG`vyYQ
z&mTBowF5(9U{hGF&B_)-<cs>ACo8m~9e2{GSDXpJc{sakOe*NzD)qMhoB@pu-d(=e
z_nX7y`lHZgjy06~9{Bj=XIA|7YQ-MNqJT=FtX9)~xqRq5UTINr=+)KQzNvz98gELI
z@2DVn__hKy$v$~74Gy!R98$=?r@WD2mN8m;-h2<o?IPJK|N5}Rp)$T<qbp3T6Q2!Q
z{{k#D7s5fYxRfD~+_jtEhmbjJ@S}9q0wg1Qruravj#sm~HE^6qZwMe-mi}1dPRRE0
z!Pyf<w?>`H+p941x8NbHDTF#1TSWp9xYb4jst%)R-OK55Sja(;W|Vf5^^L9WhYv_S
zFc;*+-XnHXMNuw;><&p#?iS8<HFT!Y7l4fj?+O$_Rpiz|6dn>;G;QaU#`R^SRY(5P
znttXJxh2v&0YrcjGg03h<mV>vzm@bOc)79TS_kjdA@Ed2>Or8s2sy2N_T2gn=0MOf
zTv&%&f?4-L{jb2THYyJ(O#u%GidPs}{EjUo+@|kgU6hiLq`+TMX+bK2SQ#)vM!*J=
z0rxd_AN;kUwX&n1WKxff6^B)%h^)iJalh)YKxhF>jR~55QpqOxxIT*g!-f6VgdIBT
z26IE^i>C4GT?>#fwWj@wdLFBJkuIqSBU(@NsiY<5akm<g4}<D3LiQm>I5v~Vpqd0O
zkgnf0swA92!-S=`uMDhP(@Yhh+6Bc1N*T{XQY1mKGv?XB)Mz!Er9!6ZlImhCo#=|-
z<(F)H)kK+sWLVub92?__2mgK~XTSS-XCHePY>fX)Cb-F7jP5QNQGY`)VRx%U8VlG&
z2TsXOc5hkO$m+~Bjj=JcwS4iK0lK5ExSXhsh`)X+n(1(7mdzGaD5eMSD)5=e=<f{N
z<_pmo>h%B5dxdG$AFd=8oNQ>186qCvYb&du<i+B%a57H7D9k0RqzM!_xq{!E#5VjS
zJjv?=vBV0kBbHzPmJ4>J8=--IBa)}!FI)vz0S8$yS(@I8cU4oSWnJ2rL#@nj%h4R)
z5JE*a0S;*T6E8rwrfwT7yKRtg3`{xtns!9%4M7q0Xe?bQX^)$=I)(=fD=QY$mC$pU
z9fpk-anrd={*t5qCPFQx2oEFUT)Kf_Tuh^r<xj0JkE-^-uVe(_>jg=qzYeR>U(X*i
zH+mvfv|(%^`juR0x1=~!rY~c30Rwk-jdvQM;V+O^n^Rl!imV)MQtFMw5-={ET0a4i
zS}{gI8iJqHNzO!umy-WNum9K^iNCGLv2<ZW<DrMU2LD>$E6T=^KeboLv`ay5x&Y(O
z#^fH0RTr3_loKWuo6_RR>=$}ZZC1C*91v1#Sk1Ek(U23$D)}Iv3tGg@Pz!=Oa@A85
z2za2N&U5|Ze)}a@u%$$uuH^A<uXazYslK><{-6;dp4~D7E>7E6_D<VU?6BRew=v$N
z^tKT~KxE6>B!96cJ0~M|@C+=PJ<c4lwSp0jS1MGo_>a?g-^|Qv8}&3HsRf<d5#0Kt
z>Z;{G#wpZUC4#oJZ8-Q>3f&MjYki_^;1exfe~#Hcx2lPl)DRLu%p4QDgVC-p=ReLV
z2K4qN-Soa7>mW&o+F77SI-?I;S`A;Ip3T5mK`9gWu(3#xf}tV|dUL}bZQ5_ad;N2N
z=Z%JDU(jCD*_a!fvDr#MyZhi5klh*OZG2rLG+}LHzfZ<L=IP(pAgRFaWf`Eo`2v;{
zs#k&(7xI@BO`E2NKSnPq)RaNEeNN|A6FVHnp50s6Rcae;pT-|0%cI4>Fy%`k(<3W?
zX6)39$aVwfe@s>0|81(e2PhCkYfT(L1-5dCtx8!T8fOrnrjMlSe(Tx6=XF11PByyu
z1_NNqctuxOctG}j2FTQ{ktfB8^mwo_u@&1c@!oBpL2mNwD7C2Dp9_%;z?k5MvK6Q^
zkRWB?AH68*rtyU7<;btA{%}oKH8&?!pam&~D)PiRyznX=LL64{d3!E>wpHXKz);Py
z&JDYjRv$Buc0x*){)q$HW^pP}LG09e@Dsn2r~b~Ovll#@3^eA2P@Q!4Tipa{B;pQ&
zzKPP;kCU(-&GYg35Znz~tKlOLT1f<<8}|h7_U=S(?`SI!Q4ZewM3F5q#r#A9YfETP
z0dGJZLm<Q@uzPUU!^V&;M_REj8}UN9tlxen7JX?D8c$xDV6hd?+(`&Rck|R8D^<+E
z5F}O~3j4+*0;pvZITdt6m<c;LaiK!Pu{$B^5Q>1ZPPsxu%-R4Mzi+%ktbC)GObN~C
zoS92G&FPbuR@~)XQ)p7~)xluN*+U~>gnD^U2{|AR$3!}v%FcJlTQJjZkr-&x%sckE
z9g0&dow6wAS`*Z>+6c+_jTXcEvh&T9J_yf4TzrezkNtPq>*`=Elc5vI7isZwf|x_g
zu(#<d7O~Rt5<~CvenlMlr*5*Z6n(D2X3pDbW9Umc;`LcHHF=WnCNP!Gn}&7bmh^ZB
z3_lCP2BcK>f=@h1VSj_o_b4z-ZN9b)pzVIA(t4v)jZ@%+?k>X6L&pH$>bN(!DvePD
z|DMK`rv6845P*d}gP<1Mu$g2dNJ9D%-NcTj^37)29wgtsyi$tP6*LHPN@X?5v@!6E
zeSQD&BOW}*(MC-9ZD+Z`dN#!Jr9>-=D>7P`a;5j`@xE~bXr4YzvSKFw{B`p{3Npk|
z^NX&s1V&wtbaH0K9eiEs8#x!HbHHz3=A@s@q=1j6riK40CI-7Cv_c0n4vvy+f$SP)
zx)h$dPl{%Dza{CD!q))_I(_baC<a9M?wbn8>`%h|Yv42SrXDQBs5uu{w=XbGT+}M$
zH_MP}h7@dTd{pR4s?Q_2Mju~FzC{{$5ea^gpZumQrdywJI<^@bC-y}X2qO?u8TzBr
zl2P&F3<6EL!M+>Fa6<&P6(?!3(7>D;!ex3?B!#ok0H<YN9aNpvQgxtrVgM#iYW|U^
z=M!j=xxrkcwAcqbc}F_?0B$0-3_GTG;sT|qsi!?RuN<UlRSTKXJIwOTX`-fyc#gkN
z#bJX4V&-(4j50!I=&`Ic%ZS#ckj}XHgUoEL)Y;V2sD;=zR<2L%^%3qh!{f^#3lE{R
z@!u{oft1`1V_T@wg>M|2PRI(o9^bmx)><uRCH;w<R^)yR8yDfVK7SvBuyE*Zd|YEW
ztXONcUIT$RK2tQ*I?$UO#|9Ap){-WbxX_)zH;OiJ5pb|>jQ?r_-Gqsm+S`l77kqpe
zM#Vaa*+xWKQ3o&B$%|i%Lnf@3S5x6+2YWXK1voB_GQctG*-ORKv$g#JVzz3Ga0~zb
zU94ZWo_x+^pJZDM8-YE!(1~CEGdf1w5o$x$h%hn))d3SgL%BD01LTx`(}eCjXqU;<
zxM`djW`Z>v(t3c*GI+VuUbZd4Yz-Ggbs-vm<uVUkJ!OtQ82|Vw#Zq;~aQnUm6`vt3
z1rW17?P}h-(8d4k<moDV4%U0jLYl1~D%DFGtiCsd$S&a&yI+Bn7%ZIV8jJC!P67X`
zfki5Caz5+p3EbnmysQZxXfo4O%`nd70F=^1xglfW&7m#W)JvJrL+ko3GVi-*xsXz)
zK=phh3w6<~d|NalJrA2#u5tU7c}%*!3sv`29_C<h;nX47ta!!XXHq8{4saXEpP1oL
zylGGsND1HXXYo3ra9HK?f;fNaX_=tzB~Y->>b%*rA-$L+O{+)ZQ>DLneNsuw{_Zr-
zM^Z?lGk<TZFmzL|{J^NXWxlhibNIBg;1gV+fe#d4rljRx8gqhIV7*7Fy$Ck_-sf&o
z&wLB9dg}1`(3_`tpRv3RY}pqdNEN62Ko!uaKJcvSPYE@!^tim_*0|Z<x>cs-e;2uZ
zu@WP3(dhVrgX>j%pb@F>2_Gro7Ple2QGL_-@R0qaFFDdRb5HC0e!qARAzFR&D!oC=
zD7Jy<ep7Yx3bg&k$qgQBGb*=s&ir<p=8;)yk`PUoCyf8=rf8u8V8JO$g#YQGT<yHb
zjLn1NVbj)4Bt@VFU-NP5|C1_Ztf%LW?3?qVjNKHW^%z*RxN2Bw!Xb22V*d7HJVlOK
z+$erzr9DHs1B1JZYl}frTEl3FXLbCvM6<?cpza;R(<&uSi>-a7ykm@!p3&LHW9N!h
z!tPl<L%j=25A324Ff*NyV$gOknGACZw$Yz_HP<pl;51Zi1{ICsUK0=9hVSl4umbeB
zYhTp)YX6+!7?0jC6xY#ePs{~;7wY}Mu@wFX$0BI~_iirFCCO{*V%TsQ%saz=@|~TF
z6=b{p?d&|m%rj88h{xc~`6Szgr%$wof_i@*lL6SF#4^4*0)Ew9-rl#ab8NSN?^8i<
zww7Z8nL+Lgw~zhLTWOQ2#X8>Zkk@keFW()a-cM_RRRh7Uu0?@U#*6Fq;dyks^W&Fe
z^S=&j86QV)l#;%_paloE^xW9k)S&XST+rhbLD%!cY=rL$A@MWkRQ27X==s<Q!{kaA
zJ@DJd>)f}~BEvu+r_F%(+&)^N^SEAXl7(lyGikyS)3>dDqWa9P%jazq3H15_d)YN9
zFt(ivzgu{=ow)s8L)D?w5Itz-*LCxzEEK-qIU2pWv1;LJw@7p+Igev{TL<L>{u_X9
zb|!3d%iH$Jg`uaL<VxU1QH3AlT<Lim5cHPzoK#L-GWqL%_xg~(WV&-&kV)Z;+3y_0
z(b&f+)U2{__v*l=ha`x6&YXSUpa6k*jJVQvH{3oc3V5*hyJjM}ZLQji%5EIGc(~5}
zt;vn`(?dEfSc-)+w>La{b@6-IoAKbx@jK-lpFWU@+6){N36+0J?8OcED-w(hZ1!9*
zWI^avOkcbiI*ttH%z*jf%vgKe);c?}r=xtdKxbba`r%CUkw+t+=FRL09c;9jJCt@0
zZ1JNxrbnKWvbE=*#!94{ODs;g(Z5m-+D!HObkYrO1c9bbn*0|bGKo>iw=yCxTm}mZ
z&z7NY-o-<S3uoVMP(CWND*(?1{-}0cbXnQ=^+peTW5M8~8ReJl&G(;YZzignrSM-@
z_}JUWg#nMS)fR7j(C^$x=Y+VFaA%hn7*6KaKbM0Y@4qSZr3(mBo&`<02>Vv)|34fH
zw*^Y(878FJm`0$k2715!KPP+aMUPBdDv2euf6in;!3T|n0e4-F*=Y-%-9@Z>6k|=g
zM?~r_48zF|<)x7!s`ZIepc$LkF7kHT!N&U6=3Y0UB1Nimxlo<J%<bCcCTIl4?vvav
zJq-P^&Pqb9%{n-qyNAx-V+@|JVXtB9ioZ+ulU}OWl82&(kawpek$8S$Ou-n(LwP~2
zenwsen3=@%Y+0CHy*~ZiKjIDD4|?3;Z8JWNPV@NHBE@So9GQRlu>Q9JY}g$vZ%g9E
zct?>IYbNlx5>Q5&fJJZ=>kaZKr|yf(>-P6LaZjc|>b0;qbx-NU<k$~%4}?V3{&Z%T
z`^7yH390LxinxTvto_{a{M9{#tBHF4HwjELKn`eZ{t#Tu&S(mCG*AAUAT)*E6`$PI
z7xY68FEcvE4T|Gx+nD<V)jjr!Bw1Bmg#%<=A5r!am~l0tni6ozXwwohUt7aoK@;#=
zVJL%p_Qz?MZ~IMIjoT$h2U3@7QPQ(qi%0iyM8zOaSY~LknKQtkx#@tbwq4_q{&zJq
z5WW%6uP-qWroUcRrw~mNlonm@@CgT+5uOuTp__igUnh_=o3dB^<l;V9|Lb#%N`@Yh
zOjS~Uy<bNSGGd&gNBPMfhnN*p1c<=eYlJ%#ash8-KnLfG6SCK5cA>GK2)g))Y15%L
z813MDywngH^WR}wf;lqQ5Q-++aK@B{fqXQr;Pycu@w2x6bDQGTlWw^t4~C%dJ}{3}
z9i79OPpm^PSBub2<H^OO?=tr%y(|QX+A90U?ulO9jRb9)LMkQ__L*a&Hse-3Jll&q
z^n1&exm%3=209R^skOC)6s=Os*N(%ZXpbH?lG0^PEjuPJBZFUgU+4c``a==!0#id1
zc8PIfW@T}MWIYNvX`)}>;oJpSTK6+Z;?UxLF@!1lZF&iav?{H|NgO1PEIB>YNTUi%
z{L}{L*jJT7f^se(G^0l5gBp!CD?<Y<$rgr&Y%i~@wY$93CB7I@-CZk6ubPe_RfDl!
zf{$=H`bGx3HL^{@Qa-_c*b=cU07QphUVQQ;!STDzo6cj}HoY0^IQ#jf^k{ZLp83i;
z%!@~ujYA!&F)M}{mP@u5E7BLqVP^Slib8wZUWSu4k(WqU2eGBgSlU08ip(0p_{Ys6
zV?}JPVoUJ88sP=WM^$j51?LFN$x3^lzTmp)eep9@^Ac+*2~sK^_z64d2Y~C(lmwKH
z?_qmgXzN`R&ZKJ)E&KhsOf#l@O)+nIGcx|cRaG6GCLN4{a074fMOD(0JxhVLfmv33
zLRZ+mM4>Y!JtKZ!cv8S)>53jC(qPA!5QR1F+PKRZwf5TT7~GDply*>Zg<1^XZ^nu2
z!U@|PUHwu4N4`lG0n41s32ajJ8~6@7og9XCoo*y(WQ{0n@uqdENRjzYQhquJDSD{i
zddv!5`GUyv+w8LB@)&u6f*4@|qCk*Bsa;}#lFDFM^8?{(IhxUinb5#$E0g`DCOMK`
z6ctJJh0Xnmp81oSX;i$(Pj04s(3<O}I_LmajoVxpysVeZN9|(v5s0$-IUmP83_e#M
zrCbDWJB_iEpF&06OH)BTCb8r82U+>10)H&y2K}B|x?mg!mpzJj;A|TN=HVH_PPIDt
zg{lZv*Q8*Hadc;kIA~~VOGgboasB6rVpb+kDAwA&Fx0EDE7rAo*8gUzXev9(wtM&n
zwb{<Dr#CG*f%J}*rH0Qx$XUNH7qSYF`D6ya<<@f*%`F)~sCd~RJDHd4ql2d}^P{eB
z_fjSKEn^iaed}m)QB<V>#D&jiYdX=@ZCn_v|0SuGT>QtAF6tgTVDS83EzmY8GuljK
zq}tdvJbBXc1<IWe4{D~z?J^oF@mO||Ouh(`sq+CZGJkhY?uWT<>3#=wlDi9&7JT>u
zfd4J-pTyc>s*@J`n#wZ5OKi+6T^H(1qUBLFHiNA%8L6!7rw`OfAD%#uJ~e;72&X3V
zqUS$EmHr1&r4##M3M>u3!6pUR6e{i7XB6Y~R?}cHAp&0mnSH*>qq8d}Ocf!vm(*~-
z0;nPRU|m6+KJ+NPDW}_SqMkC%gnb$&_0x0JWbM%-I+!|93H0KcqZh4WJn7ad4LNdl
zMlJPWJoYVz@z>6l9=ZR(Rd}gzD&y2r*xDa()n5#}|H4&AA8^&q{{dJ1!&dEluvLq3
zz00{Sr=st5W_CbH1USH+lqb(`bx0HBC$(*0Z*N|2h!n;GwNH8AXJJ);4UjLdw~LR$
z6e|=$-EKuX(;d#(8-5y*kocFc3WjwTpK!4%;6&VTpHcV%<2s6jz^bC~uvGIF2?v$H
zTbud1IS)yla!D@NoL1{Heo%s~;^=_Dt@QNqvnQ|y9D@5nv3@@voUl&eRsZZ=m9IA6
z3Ly)P{F#AdE6x%(x8c_-m(s#x_y=RP;<<z%j|(klfJ2CjfRHK}n>O<gV`YrzbAX{~
zMnr*i1XC|}_F{$r9hg)s^?w0YM60tGWJF+WeZ5rRyq;M{gbI*@I>6X|Y?fyY@7DDs
z?>>a1BZh=7M2)L2#-DA^)jwiQHjQ_0s13Bq0iUD?sPSfh>to7i$z4X8GE>lILUNgj
zzi(_RCG&d3v`Jo1mM8@ii+pR!C6_hS=U+m<#;Om1ysQ~U4x}(vt`80QN=z*gBI6NF
zqa5u>v?loSxisCa_B)WMB*`pHzqk1F0!e4n6R$P%v<F2?+FUG>f&W@EQKD|dG{QTR
zy(rE_=I=8yo-<j3(%0~e;hV`r&A<sKoCR(>?uk!-_L1$@_y#|bSVs#4Mk8ran3c5B
zBM$K{YK=K-_=D5AFqR=mN}@K3<fGpmk!`z{5hbfal7k1<{!s&DJ9(Vu#;`JZ$MvWL
zVZRVAW@jn~|3ri1HTAseK;u%+MHI#loV&mJePV+0lL@0nJHuAGz+heX^ZNoqPx0T!
zTT$?RzoU@uUs}A1s6@@U$3)TGnv}3E#_YzYIFM#1T-Y<pvx5BC_-*>^=LvJFm1t<Q
zyls7Mjg?yLkUxw8nWZ!`i4-#ms71Z}Xj!L8IM}wVEW0=PduM;gm{bX{;W~RSCfg&k
zMP~hLJ#R=IcQZ|SIP3Ga{d%MS#n(FqSMq&tys<U0J+U#F*qqq5Z6_TY6Wg{Ywlzs6
zww+9D-OTq_|6BLfeRaA{?Y*l`*FI~l?&tHYE$}^O&rikd`BC%tmy$zJ(B&WnzVGne
zu8!tIh;*l&SYSvhp`k)&3X>p{Y;S)WXBZ{me!|g<4VMzZ^bgo@-}P;IqyXagKTsMc
zf}^71z^i2!%U1dHuMjEK-xq&VgVBjs(;j|M`5lyDW%Sln5_y$Tn;ukPprAsj@?%G_
zLbD_Pcw<nctF;XA6Fpqu<_#MUFP2XRfk2h1Np@A~&%0@$4AmZ9sMI{HW@V;#wml)z
zp=SS>Xp181f9q9AL-Er7l<ewlA+Lo*hTyOIT8@TVt8;MMzLl6MPOPZ?Sv2P?Umqe~
ztJ~v1=27hCYnn!vdsM?GMF|m}<HkpbDN!(toh>16toKFwYB=X0r#rN>7YyT43mzI{
zAUpAFaD}-maLOMp?PJOOr<vE2rp%MmkOvWxa385iT*m6xFz<HeDLh~d%iJI}h%ZP+
zfpkEuz<w${##C*u|DER(qm}rT(3t{;s!Mve+}hifoB-555AsR6J{yWf3EY5k0Q!Q-
z3PyV!!xUhf*MxPIW9)Xm(>Gam%zl(?FAnF%PBV%4Q+_%PDImz>6U@YF!%yQ(1NRoh
zUY4-b#-`<}0)1T?>wqbT@tH4ZNMcQ^<93Ql8~oYx@zzO6Dz)XeLWC)3s*_)bw$h7w
z`pj}p`11$|-|p%P0i4=grW>WnpA(EJ*=794*u0+w#fb2Okyk-rBi)@R0-c$`T-8=U
z;QO6z8L3tU5nMX`$)^@hej~jOrt2GfcN`?Pqx0+_PEw^e1jI2|e<#q#^E%FW21i|o
z7~bmJUGOV$$E7cl_zOEY{ULzt9wHg3XeB`?D_szCU}YysI_%uY3PH<DpF*kb6f;_c
zY|ll%)1R`OMP5|jcJ&lDp!ZHH?siN?El4wDUfhzCw8f;WzDMPr^p=*DzWepjs1lJ!
zfjFG(70sIyg&R42yCyEsEY2|I2mdZ$)D&n5rn^^*ek%q*5d9tjrFiwvHiqNR%-4Ed
z82UgS*Azg7{@|A;#Tw_pO28r{02aq@f&oEn46#OZ{$i;<%1n6C2e;Qr)4=mJTkDV<
zk9vvMLAIS5gB$R2^PRo#rX@j_(7yUquP~s_kKnB!G<%$>5HUSZKB%k_dVjWNF8lM`
zuOSsx#QqUzC5pNIOBwdxAjQS>#e$Iq{RQn4!6i`mf|zFBu>3;a;P|qD+9mAQ=+IG^
zYyZCifv@`A0dm~~Q_x#N;jG{WR~#DKFD;s;=79PeX;@4!dHuF<m;tF}k}<5zKL&00
z-v56Lnk0?(BPDq#_7;*zI1jvxxY3j(a-ABp>ld<q@a*so1R8|E5gTnLgk4N>3dAys
zn}IN2Tu~tlSl>7R%K}m|)2flmCyCno$y+&?x)jPu_A45~xZ;Sa_(2SA7OSPVZD}8Z
zJfx`_r(OjpRz;@CJb7UGvUDjNLUHkBJZ^oYl)CW$Ka2KJT-4n>^dtdRwDU|6B~ffi
z;tm%~zZnB<0pPvHOmY2jM47@nXP;LOv_X1BCDntBlT?);W;l*b)g{l%11Y(@HTQ8y
zg|QE!h-VChJ2V6#Wx#`#m`G+yd@q-9WGAo2MO8!$D@LWcGF~p12v+8d7ZHsXdfBo_
z<6th&PHe>red|0V7o#79Krp0(sR)%DEt3u;DmoB|0W@y?q0V}(jl27xf{D4zRlL#b
z^p!Fp+Xg-N1<g7xwm6-tQQAsLsr#PLE`4&@ab7JUG?N00#Qfba(MJsW%gqF~ZJdA$
z4HQ#C(tC@`pHu?-RVbWTU&aK{@sdWjjhsDUKux`~!)lE0U}HxOxxTt1xTImziB`v<
z<TP}G0HE*XVa>R`@-n%ov(WhX>~KSYY2AL{v=5MB4m$i>2rxBh#6k<gc*SPiU7fX+
zi2WgvKNbvd`fPF3)sik7P<$Z=gHDsS`|!7+4qWoOXFuC0Fz=Kn>FEn#TArDW%o>>W
z%=9Ty@TYW8Z}*;tOn8A+98C6QuzqY*F2{;DB?L$i0gX(*BAVs3<?Zh&!1Kc%IQE<L
z9S4Py!>%v@EX(GzFj9F}PCa;hLa?&AxjH3QDDmi7-K4_WbSWlw$uI24r_kf!0n3_A
zwNz~>_jVMt=4>i+(Hu;vSaOY9`n8P2N8#1yI{eSDcwBR}Xv&C)hymAUDUab#?SVf!
z)YEKIfsTxDvDB&*Dnu@J&F6_9w1@69iW4(q{Ne=FkL^b#`@xE@O+J`z5CJhC==_du
zp~&C1#P-_QbbXyzXYlU^?9ttOH!}d+SwYE#umnm)N-0upGFi_$=cv~f=fqsYWf%nq
zNipR*iNxBLC<*mCeK-doQbcL{dgih`EQ?SK;8Nh$amQ4xFP4{pkwh(YX5)e(cRG`4
zNh|Px1t9~+4^Gw&$0{QT<x=Df5URIDPm+*9Zx3NqWDM6Uv_)7}fAfC;)mT9lZDCb_
zyvDJj_$9umb*{Eb@T%9`nq4(O)m@S2uF(2j;b~2+wMAakBKOZ|_4RV4SaB7uv<!PH
z5Ni3oTiIc!)LXVRab4y2xMh&RJhpJTLYI>0yW(zUA;puZ43j@Do+i7=$ecYkVWr@W
ziuycU<3!RSz-ofa+Ci2=HRK(%hDGeoHL%W!8Y1><@2F;Jh~Q<&H{`N5waQNDlqZI^
zOBvCq{3zMvRwag?--z^Z4O>zkr6xui=qaP{gZrD}O_ea-putj2MW}K+0&%$fFj=zC
zVaNXUCId^mWjmp?att*q@RanbimIlyL@z%r86#IUz`oF1Vav*tPHQ@Dq;J{5($V1-
z$00aa03XAY2S5UeV9EM1=*brY;Zc%8d;Ts!)9Eo!yjOS^A4%hb|9rQ_J0@oY=+f_)
zJspo%oWHVB+IS3_9~RQ4oN?|~X_Hq+ZegO;emQELSse4d2~Vm*0qPZ-_vdW>hoEg=
z3)Fd%>tbiB%6$xrmYvX^zZvO9JWF};RY*1vNfi~=Bp=0>9qs>S<X@Vgk`>gW2MOGn
zyO{^GSN|DXY}o3im>64o0=S3?IyOYK%ZVH;3_zxB_qa@s_bFe`rxz4-pkL3s`j97a
zb?wZjSdTqg_DT#zFG7seei!vF8oO>JX7_FyGVqmplzQo+l7-Z(^GuWj)uSh#Dfr^T
zDMqf;H7<A+k98(!{A}5(YulPF`CajSSiKUMkVDdLVq=iL*P{j*1U%SsgrVj|eSJfU
z|1pPOZ);S)98#vaLtQBQf_>~n`Bp$)2R_RYzL$@J#B(~_lc^KF3QUh(Qkl6M&qSkt
zFrOhg`c^UEXnQjY??*H<>{+RTvcFLAqic7_H-W{s+UIFLAah@9DB(xULBgZnPyJB!
z+!5?a+Mz9ZyfzmH%3ra^E=nImqAd^e1}1Tn!0Z{E3dHU_<qs&L|6>l<G8LE+SW0S&
zl6HP9!0)uSCFxR?V0}*goass8u+vEKA+o}}=qVW2iCn<7sd2_+C-X@h3Tpo&4!s!5
zzbfsNI_t!AL9aQHz|Q<ob?F0bNh+o-Id+uzL`MPah`($f*$GmE%J!(g81|N*R#y=I
z2H=U7-|^QK46&cT1`lUgf#+6#w{VSW?=q<2Myl6y4wczoUu-(Z!ym7)=>94VDUSzo
zH;NyBo%^fWD)ZXVHZ)z}QRZ(~X@qFb9IpZfwBe66WEFad!}tdw6?jonNeP+LK6lgj
z=N>9x5Jv@6A)S+kt2;60aX(Z&-K_9joql$le)j9AgyjeJk9&#tG*36gQ!ev#z-^s1
z)3K`JL4+?aJ&f2(LuU{w%lP$j)2*VuTM=#yJW&X0S>l*T7&fS^+-k+}Pr&U`6G2WP
zXRB4cLL{1hw+JZt|3JcR5AS~<p>sV@t+O?X`X5R7M5Y`4G-;%=^iWE-l_ZCQp=8xJ
ztj<2t6s|C+Ii-HY*Zvc&d*Ir%f3bQ-Oq1K5x}^LzJ>$glQ)b|}b-5PSSUS*ycNU!W
ztQTWBO(^%7TwGFs94@K~!$7#YA%S$!hp>A#H(a4;Trx$Z5jr>D@4xZ01s)lrokv$C
z$UsWs&I7{a40`^jKwMJzFtHlEBs8$>Qw<4v|A9ydLRKhm1JOJSvi#Jy;jN|Vz_V`c
zap6TIW)mlUDyi|Du+~$BEX%Lc<4YQDT}gX_bA#fy^Hvh9WRmY@I${giNB?A4afR*|
zNMeXeyHr0F+ljgqI|Bc8*`me^4YlJSBek*V!qzHw3$K#N_b_GU2{ar&*#4~(TE>0e
z#MvL!w!1D3v}I^~urBa4uBuGM%B||9*tPA-xxv46Sy&DerF(9+avoz77%iV7q;%r>
z6mKHbAlZh7zB~*`b3hNLytnXoFK%{rK66>7KVNzMu>1H0u$dA~_Hv&-zwW$Uj+>4D
zsp@R^e=7F!Wo{Y#xL@i%ugTfmw92{1dVKo3cLLM=;PQUg;PCyg^aHdS^z8Pwpw)L=
zX*qH6@m>`-xeM>3=uMy3;{iS!q}VsSBej>;JU3I<6tnY9Og+BNhc4a53C0}R^_r{)
zj-ir`yX8tV04M8UL-MdOoNry@P|dAbj}Neiy6{~m(&kt#!CJr11sZvDT)FlBhE^q1
zklcP6@Y_2RW^%n8?@T;B*|jru*hbr9AH=agZ0)A`doK7HWG4f)v;hZK_gWrqa+_W|
zMb&PslUcWQ!H@B`(RuXQ!?~C1r(43=qm3h?RLTbcyW7n!V`UpJca_@e#rJzULr6}@
z1NLvP6-xi$J4hRym%a7FJpPXK9WEKD_RI5TlHv<zt`4pf2X#5|ZibM1d28{Y1`ehN
zUoL)MCyR~@+3x#{1M}M=QTtva5@AXoNrR{!2a-OhOMUkg8GnWab9bQj`~I%11xPpi
zF?$E_yu{gxD;@gz6Ox<N`d?xrw^4^e?&U0;h;QxISzDC!cP|OUzDp0feM#4ub{!_0
zXeh8UZ%=+tF#2Y0(50Kadm(6N?yA*e1u7F88h<G*>fW|HqwsJB_6(2-$Ie&)p3s;2
zkLe|Ej6KlJddV`sUzVA?2~GR__9x~a*H;0rpBA2ni>u_(zBbwE>j$~~9sM?Iyoh#s
za)YfS!%_pBT)u%BsoFb_MjL=08e`FP^w?WYew%2Ex@~FeVu+I!t4vVR<JZ3Or%&%V
z#iw_?*3%_rY``I@ioSZ8&5;*NwcTm)c6uQ>0Hb7_G2r%BlGAWKPs=FY;vSY8^*iu2
z0Ali2UTX;Ik%|eDiOSmJnx=aT^@4bRUDelaIngxr-}GzT+i}&)^OT6Jx0}?(h_D6(
zZmpkcg?*^|bX{mSbxic5O<B!H?ME%%*aJbN*zNhW^a36FP5U2tQbu${RJd8I(N1$w
zC<0|z^FU?^uugxQNGR=r+(){|_bT96uaExAf7-<^w>x_$tM2p2YGGEbmVK_nGpk4(
zCb8N=kD23#)7kF-$2l$!V`~(W@yxSNxxeL|`}muk(Dv0HN^(Kn&^~07p1U6G?$a<X
zgB|p%*(kJP@gJ6`&5zN6W?LGdy6sCnf)tY&jpMle?F)~*Qp}D)x#6!D!UukDwJ^qD
z#dEI~!w;mC6vL2gK|{A;lf)Z!V|M2Ocg5|C%UpA%5DKFL0{`faM|Gr^{;Yy`=&woh
ziO~-$*7-Eu`o$eAl6*J82?k2Il+93dIn{C3stwL9SC;|%IsAdiKWpslz`AX1W*n}a
ztxG&3BHuMr6Y`aq$Ua#>Dc@b?;!ihr6y3!0Ro}NQq_c}ulH-y|n}|96e7Y>rggYf#
zAZ3~&LCb$m;~_wU1_qrpa?7<*3ytG~^!2xD+ayvlAzTneI|PWGmlZ9I3bWA!BcMZ^
z!a$V2Q5$533Q=Bm<H9Yemc2tJq9n3N%R;?vpab&8$V!uVoh7zy)O+HHa<D%$>BoF}
za_A@@kL}2b-Jk?*B9Q6}Z_D|(b=!`w>z?)m$&&k{Gq(}n{xv8c->=n7kkxOZL!ur(
z_jM!+KeshBfdyo;gQ^lgmu^P`>37G-H3CzEtr0b}$yi7Y{y;t6U!3W2?FI!!2?M79
z8iB$8u*^byY{?Y${e(AVeBe`Au&%)a&Ft>)WKHj`d!IV!P6DVm48P41doi@S?H{JO
zHh)=mSPp6zN+5valWeV%SY{ua0ml#|a(#lhG&>E8$UP+B13gQFD<qxP0OUYCs!hva
zJoBa~dx+Kcm4p1J57G30mPFBf`VT*$!4wr4jP3Z1HzkR=!@+_a0MxCx{HAevP3Vsm
zaW67t57_N5B8SYvql@lqggk!hsKVXnF?XDHBgE%`n%efV#`H-?;V*&CdlRGVKj$(6
zp>aI2QCl^ud6t?}U}|{DnrR3JZH<Er8#18UGWs1cs-ZEYdc<AtRx-YJW=^`%4QJav
zuD%m^G?l%gcR4L{1D<dCn>T~wIBz!nHyp6+!pRPoo*5j`dUmznn9DTagSt}L&I$7X
z`FDjzB*#_A-<0SK^OM>Y?7;`eN~{s32eRE?i$lt-zbKQ<1jxs3TBbNf6LfdR465;l
z;J&4zp$KsO7_u(RBU};tI=!!!EmBciJn{y>uWk~HP7#LU02y!jIVy1UwzYh-b7p5$
z&kVirUn_Z2bJG0Us5w|n(wJ_2BJi=hR4_=gB~;waky|kOsqiGzs^Qbtkx95_*qaPz
zesg@pvNNKdk*rsVF%tM^8jg$PuHbemp?2H-BL_VX>5#UYz+~<I0|yUA{sRX=quFEk
zIa_NvSi|6Cpqh(B=Kqm{g2>c$vY+H&+$9XWE0;K%(IFZF*mtttGTg?*6%=p@X>o+?
z><+GhChY`iH7aOGNe%n$g4P5tH3AF<AK-82hJW<ee-7%?)i&1EnW(gcDm6kNa1`Pf
zN$z#?#5K&eDh6C?Fh8o`7ruDWGTbn4^FP7sh)W{Rp+fS0o4t5l$zTTku3GPT9YtE;
z+qCu6`X`HV>md78;Z-Rksvt`}nTwLpPBsz05{xlJSb5RelQ>!v1D@Dj|Na5j?mx;$
zz@&tF#MYR3BnlA}W7@^d{>jw_IMY!u<~r}PzOUYQo@ZL(8xoNViQ#nF>ZAO$$Wdg$
zp-e+Xdy+OTQ1aK5k~%QScgWYVv!m1?fhs`Ad-NFrXlZna*OSZ`FL3Gc(5FHm<`2>j
z4PfIul-v{l$M@+vvHib%pQqL*-{<s?@B0t$qZ_sa{*Ui7iff=JW<4o1&40eUv{|CB
z(YBbQsvtmIiH2NHhNq;DptRw2;h`SV1c!+v<7JL6rTS$2_SyXI{g(s5jrtLR>T#g}
zizGp>O7}&lupA8N7wnx9NVbvzffNhYKjg8s(Y52dh6TZ6iH}#8T72Yx;?{P~e!>H3
zSWNH%kNqB00;O@QaJwki8`i_jbZoPAZ;<@?1i3ibXRxUwt6^xeXTP;34&CQ7=5zE5
zD0Y96#E?)zaDs?0QVLE4HOnNwj;mT-d<gsyz^Rotni((lL1b^0<Q_~uF_flT4)hB9
zMe<>HNtHs-5uzUEOZr6^e3Ha+XdwX@PFrw3hCDWEiE+EH9R)-CmE{&>6&;y!q{wMj
zL{|nvNWzR$O~%%r9OO>QOkK+zZOWmd&mZ?b%Cpw%A2^Cz)U@Z1B8bR)%L8g6J3>nB
zxCJjy@EU~7yN9}nov)4Xbv!5d<m$K>L|rvsDgSW`;^H;sRf9~qr+)N68Z`yL{~*Zp
zM+idqY2cl;mafD3YoP^BEn0~Ac5vR9QROps!R>xTZ^nscI(naUxb(qD1B)|_Q_@a8
zD3@*0{!J%!$S%DptYGBPDW9G$2he+YbHiKj>SzD<2SU-l?@J48QI=Cw+J*bN4H<_s
z#;Cy0-YGe-nCwP5>_CjZuTG8tC0@BmS(-)8PaS-F#e+WY7sFDsBioa!Vm1lI*PO&O
z4^nx;&9)&VW@^t%>M$P}Cweihr`p<S5G_jb>y(HrcOwRd{8XW|7ICHomfw#wbrF%X
zBF^~|QL*YBj=y1FF;V@FH9RnB0wSIu3Q5N8&3Fj8wy94*kp}D)3#H6~256cdY4a8b
zc~Ys$dl%k*OIDd@iJDV1vN!b8m)x0rX&6TLPCd({sZdf*R17-ph!h5DcEWCuan1MP
zu4G4W2$vu2;HZTXZIF+8n$`Zw9D-o!JZ^&W>I*hMp=I0fNI>PXxk;!pFH|K0bXGc1
z*sjz$gazVSMt_!U)$cn1=>jphBd8VYcR|A`smA0J+nJft;o&Jg?{Zo1Wv6$pDgobV
zdT4%lf*TI=r)DG)?icyqvyjYhW*Zd6JVMDiG`jjb{NoJyJ_t!v{*N;hR5921KhALe
zlQVQKg2loW9ghFx47EQw!yDRV!v8qK^fBNQG&IPh-b60A|3A>M+Vmw;$2{7u1+0}v
zu;CBdMrHJtb@2$4_SiNKK`c^g1~-QdE=H~JZ)Yhsk0>@Ww~DA`a73h*Z#h~NS()5!
z(W|SgP$DVcFsp;D*O{mLALJx?V6*>dkVRcZ{)V<~$BYlE8g?~gQBp7VZwBmn-_Y$3
z+=ZHjgD}2tm$-=++!~V4ouXlC{66m?OeencJSJgEkCmNBJO1F3gSCV+-}{6HEnYsM
z!RZdxJ-S!_Njp;Ss<Usi%v89q;5y<?{CsCyTT%r3)~_Uf=k(!1Aw$WJHO%<m5R9C?
zUp>EhoqOmt41^v$%RluDN9uN6^&!XOd!)JHSCXtsRDn_YlH<%|7&UOr4ix%_UohjC
zqv)tEG&Fr|geWyzG{%pMns`E^IH!DhxXnjE$CPPgk=6a>5bp&#KE@NCMyU}>yKQHZ
z`%{V*{OjYZcS5!fCg8DLEcsjVD#;?ANv1x&sAqGGjU-96Sn{&fb2i8%{&_PzoUZ>x
zqoES6G6BJ8`@$}pr}?j0!5vZF`{;5}(lxL=#?LxACUr-t40vL)JZe$<Dq0jh22Rb>
z`o_~c7M<!<S5t!D66GClTVG1ebX$w&BqdlE9in;ivFA{}0#$Q7WsQnAy@x0B-sF*w
zQtRE?F38}Y%b$D1#3c;@%eefEDTh+0l#RZo0oIRN7XOxi`dr@1*LS^N>bP6GXlnR~
zU+C%|plIEq_`#_4W~PhR@#po5-e<L7vPSts>W-FC@NT&JPE!MfaRKa6PT}=%JJ^wS
zuv_sJpdHLPvo3m6i};{M@3wb4l)9=x?|xJd+`(d?SEqhY+R>waH#YlktX$q>FnpU@
z1W@!iIDDx3`da=oX$)AV;lKDbp0pu%^fu96^ocp%e`1a+|1ih<rz}NUpHF0QXV>ZU
zB{73jt^C8J!gtgvS?yC4f*Z+Q8zTnPaUh!TAkJ*}39fASlN>G$qXW-J2$rUdsA1&#
zbVUB)jGpHcj8}6@qog=k1rTM;vo)YbNv+;V(kqi_c{%Mdb<?dd#%M6Mp&KJoxYabB
z6u&HRKRt|AN2hx!^|dk+i&(cq&I?ke;DxrHznoXJmmAN}p~}2szA1&PkpgmDlxvW!
zkmA_&|MM==<?O$8i)4G2aj3(VnztN&wgk|J&WwW>(OeQk*}P_8Jdl8<u&(->M&mW5
ze73OHW6vep{MnQW5#D%;Y;4^jyi6Do)>^!W{&*8<N#7h3A++SuOwQlT)rJL+JlLTU
zta1%i<7t1BP-P;b(vTJ??=)JJ+}Do0-r|;uN8{+_gm$OjjlB740{WF7v^%^e5S~#}
zu3iYi*1f0SeCt4oVaDT3s>U1^D+2}GkWtRwVgDX=Iih&!NVQi<IL}F#Bth6=?da=n
zaY-#_e(J5Pjp>^WEtzBVBYLG1BzPb&VT!Gt#j)fUZYY~vm<$CNYR_1kL&0RZ=GY%V
z+SMc};i%)}TF{f>se^_X2c#fSHxDU!v9_u2KOKD3TBHG>``U&0(^`eT?;1}==a>C6
zy+=o}P3}0Gd05CcQEYAzWsqx~u;goxMu=qB=P3n@KxJ8re?wqwfzjIN){*n=@QUdY
zQrs+*^Fa%xeK*j4?X*PW(JoW%18w=WV#anmLp>VQ=ujC4n;Jt}m?~!YIYQes_T0pm
zvojCQuRKbq93&W*t%k;|T2g9T@Quu-N_2RKUSna23n%eLp@L(A&NJpIih+`4+yf?c
zhB6v4&Vb?1UuY7ybp1F;*3K!Gwg%N$_y{5l7Ho<m=LkT%TzQn2!QBKN;WUP!NtvY<
zx8TPbwDv@FMPa2labRgT2uZE0eV_-{mV_1Jh{cYH6aR_7lpcj~r4?B7G_mKba~pD)
z^0sg88Dx08Cy|)t%w8Y4&E2gTE`1$H-w6+RSd$aVMK<!46^?II&$hjQh&*c7oNk=2
zr1bklj5ttr@U9!uoi~4SHg*U8^J$z!*E&G2Yc2Ip+nS7j9a-dF)C@W73*7VQ-$=GR
zBXB!RcQoO$xS6kIMvnWU#gnVSCUMU=81eX^0P-Qh>;f!E=#C7s#`tB~DV-k|OK>>G
zmUe92SGtId4HL{KVRk6mzfnRAeIfon=A48qPzb=Sb*o6ZerJ`QVXkoZgue*^s8K5Q
zx8$(n3=??-Ct;dT5-#J!60`#ytIx<zqkPY^<+^!}_iEp(_YcH`s`|86`k|eE|7g@B
zY6QKH_2~{DTBHw@i{uT9>!g}D=)BadL|n%0Sb*-|l{WEe5Qs=Vq4&lBocE~E>JIga
ze`dz742eIooQkTA6FP9@#*|vxTK`@+IjwKbD`*u(ULOxiy_#Orm0jQd*l~`%5449%
z56d^@^GT2+R{D6C-F5Y!ZRvEx<xiSTogis*@sTi_rlhmsHwc>!j>))w4<s0J_-2f;
z%KxjsC5w7-mA|yVC01+E=inXkuM0&)aS$M;ATp)jNp_TP)u?RCNbr|HEMzB6qhKqk
zv5D#D^>M$xbD_SuDaBQ`$5@CdqmOz3jW>PyYu)`brs*1yRmLhDY}e&c2dSM$LYpZq
z>oBpe=}DTZv%_%}jdL3nU1aB2IT3#L*5=mFA>jZ#=-gg2pK#6+2k;rg2-BW{d2PTP
z$2(=?SHL8XdK1+O`jqw*Wwi~~u>jb~b{8A(>(n*iUU6U@f`I0f-K0DbUSB&yfVr4T
z{*_?MVh)PM>CiiX3B$d&)$Rp`6tTx(Kzqxq#18tR2QvGD80fI#u~$(dseDD4VxV{(
z`gp4on|a?wwyOaBSY3LzxarQz!UWvJjY6ObzX?mIvoa+ae20uddqyqvUE1cDtk0c|
z-fS9r6Wl#*<_GdsIP!jIYC@<lL=sgASl~0t9eqVla=81!{bU5WixMUb6}*2BMn!RD
z1NzM16DdH<MQPSzhl2B4(-kGA?x*@W(JS!_v;{#*5I+a{ecH5pvdvGY#SVa(o=sF7
zgwo`4UUtNivM@jE=ZylRjD7rdMd#1VWHm36CohsKQ99ir-c?-*&7VHuoj=j1iQ2Ig
zEgiH*b;B~1{F~ZV;PZk%M}E#o>A)hTR?XID++*H|gSHMcCc$KzVdx}LtRJOBsRTX{
z<79h7B+Qyfu9fjf4`WPDfN@yeX9E0e6t{{eA_8_IGhWrY8zZ{_XBJ4$L+EvgaPdia
z(97DuT2{&%A^&jDylZb$Yg!_hh(aD;b_LwphwT=I?>`Jq{m-=AThh<9en75I8c-S{
zjAISXBRFkS<06z|!L~9so7gk-{PKTUL+Ginw-a!F19&cew7yGj12er_d$;C^YU$DI
z@$)@YqWE{$eD{C8oaJ3SO|Yo?pVAJqGAg$Z|B9tpLJ}0`NKa{9!02p~JE%OrQzg_;
zJmeoIYmbmYKB<1KlRJ!!UY%Xa_x=W0A3D4*ecq?jSb7sPwVl``t<73hwRd$*_x)I%
zCnLRjepSUv9)EsS!1DMBWY`K5N)RpUPt0Px44*&5+Y7gDJ7mn_-?6J_<ruZ4r53Sq
zmF)QMQ*{yRM60_iljzIqA1JZ3lS-&7-1;?foxHP3#cOWORrs}w+4&lu%rc$zBy<fi
zi~3e`fc0WsC61(};mb!(r<;x4ngl9)_f*YD^|F(66D;NhkU~@8Y9eWS+QOhIX>#FF
z{9FbOCi&^1>VXm{TVl=L?D`Uy*7Bu87@fM8)kaBxG;UGg059%~E!e(gpXnMNE3H0q
z+f-tb>zcqCF4OQjdSAICfxi<fsLIS<I$iC}wa7JIj*f^9K5$D0ln!_T?=yIOcXbwj
zkUg%SU(r$kG!$_rinCiX?e(RJILZ3U{aTUzBN@4isl85a{swpo{I{Dwsh0(px@^Dc
z-R*k4`sW}obmE<Qy;5#AZY>EH8oYKpC)eHW#Ae*~JMpTniGm-ho7>}CF+0@A8U9T`
zPJ5`PR(0I!{NdWFCBGrMkJMmpEA7EC!2;dt@d_k1Hw9e(f*Z@g+V6a|g^aOsy#9`&
zUaRiPyR;-w(rtc_LFj+oyKrOLRTXU5erK3kWBkiE*UNuuu2G<dSar+EtH-(JgbC>;
zWP5;mw+#7;?zNlq*Vd-t`{RU*d+=NJYH~PQ5S^pw-w{_G$=cK*9=GrN3dwyUSe+_f
z*b@Mm@t}8DqO~xBcbTKf4Eiu>g=7~a9ln!`!_$Y(x{pV2u!P^AQg8KxSb1Z~5C^5q
zBtnOmfB_E@;|X^%wS`B4>X=Fu*fEw<h}*9fTX&;&1#N^+IzOw4yCI)+f-D>kp%u?3
zdPf-j4_B5~o5wG}$B{bL);W~ng(e6SP|Sc%rz+QHjDf8UT*=X~y9}5}HGx~Od@K|n
zvasw8!d@r?JCx2QJdr7?&t`}|1vaw<0=IX+Dp(f5@*@WzMHq>nNrZ3N2c?iue89zO
zA(i!%W0@ishU9(v>70HR3?t8fHcj_z_dD?ryhA4TFZe!VK0v)P=IH(C4vCDe^#}>f
z-rdS4BLB+a(6M7oJUqt|T7+KU9ljV_5@n#{`I_gpo{Ic6$GwekS=mclQ*ah*bnly*
zZ4w<cC^w#<nc5Px&(QPFxvZUd$ag#mqP0}KK;Iz`sEe&O)+|31*xU`IS?Eh5Oc@oZ
zS&)<OA;?=HsRSk7JO$=|3IL1rd+7<_#Rt@Fd*S)u`a!N+2d-uTE9HW5hU$g9<Y(M|
z(ER;hQ1Z89cLcN}J#C#nz*gi?3B+Y2B)PRH!I4LDZw}|pIQGu&wPGqz(X^^QyMrZ#
z&n&I1#J7%zpIB}0F?Bx?6`McpzLW4rIUx5nTJhct_IXq8P}8(&M!Wm#%E3B7ZB_Nz
z$sDKen!E||DsxA-{%wT)+iMh!ZVbyx&n1r%G?SfMb`=d(rasn6s3?t}i+7xM^!5wp
zUa9jDx)ii$G1CvMGWh&1^22~qM#__8`Y+aS_hNIa?O*Pq@-L+3I96zQ;S}`jB59oH
z!`dXYQSJgtiC7f$lq&ZG=9>EeP_5cKQFgcnbGwO!fB%Va&sXcthJY$JxL?^=THVC(
zE1QpJ*DnJ?(oUyszu`@fkMk&r&UoySH#De5xu<f9Xua%l)D)pQ@K0NQ6q?5$i40t~
z)G%>sW^)r$s)wd=3Aqd>LNH59>&oC`u{4cL25A^HE7^fG2_%Ny?h^vwlFtm@WBBiW
zrP^*kTVBe8u}3gR&~%|VpcoKv6VjA2^UQHBWWiI(@q}EM7Yl?8b?c?_DO&5CuPFGp
z<+;LTH<^8ol2^zack$ybi@o}5oV1%K-aP|E)b>10#5`zP+1r0kMv0v&|E7xG7v}%2
zw923pVH-6Vov4<(9S9BlCQx-;3;hFIp`7}7MRrPVNUbYCw%)pvbe6cy83ZErjKLe2
z;_F8NVL^XG7fF}gT84S|W#P!2^LV;uitl0U49yq?(4x~58Elqcxs!D8;#JJds=U<l
z!LR(D?&MWGs8)*+B>IFCjPM%`=3-rLRJW>PJ_<lRJ*jjfBxeQ0E!3wSzsg!^9F9}D
z2#%-hX-{A8H}Z5I`<r}hn0uIUXl5(i>R3F9W#ozH?Vs8RnN&m4V}-+O>P}w^7w=m|
zB;lJsQM|m;6F=og1Zg;b3)#anO$#LE^_AGr0Ud3JB%i{H&k_AiYg^(I3eE8s-SZK$
z|N0gs5!p3|gYE)gK>rl&kjIO(Qpj1&eE3B4$Q>RS_+-A+6Ne5<?Z`#H-=^lt-F88~
z#4p1tI2!x+<#6=6SmL^!ux`#!zK<Z%oHd|%T&sqbk3c@E=kyv;Nb{%acuwrBp^Mjw
zh=|dBIirpK;*od%H6m0eL>BWLDTAx)@6RHRPSCgC0)}RQ){yMGt)WSlRUCmrdo+$i
zAVOYnlH)h;VeWAdZ*#~_$e`H6Dz9w57fUBI>?kR-?J^D$61gpt`DQ(QI%mCy)@aWp
z`bdI!PnynAUlCzji2M3)FXb^($Yh|H^I|Bb5O?SVfm<I$3{hm6QzhSsAh@LSOF_5D
zP}I!n=D%nIRnwS-k?N-L<rVxKi#U~LI=byt%22^$`bJ5;UT3iD?^_!QC{r5?d@&C<
zp7bv^a;Pv3^52aU^W?veC<pg_e(=Zz3w!RuXq9wQ<F~a_<FiC`RrDDYAnq4X;V-O?
zjBCRO2TEvD;ll;@lhEQXpwm84<A3uf)H))-oTmgP^4se+4E{ySlHnS+qpE4{TewbP
zT~Fw>$hDSl-HlIg@Ugh*gf7>;8#k)#x0n%^8<7g^(gvunC>qCJOhn}A56eAH!#^Pi
zQoQ7UoNm-V{fuPur~U4m)@!7$F7tluIpJg9f>m#9u1xfdVskAV9jIrpXyA))R={I>
z&=0(bO;4?K+RAax27(xWwuMj(HNbSn2Z60edkk|KMl-%!0>wK)wSSImv!@2>lL}56
z5sXDK^&OkQiTW{4^){TMc8j~6NHOEPgWCBrUeTQ+QQ0kl<*(vSCj)Vi1@%BhKRO#z
zuAEx7bGlQ;;#I?Qka(OI`xktU2pGlfH3tH|ZIlba5{Ry^iSou(8nq#*uURR`s@&48
z2kvi~V_^i4R9;6l<EVZxmMDabw(k%Cl1-<EHQ$}D^Eyh)sGDo&Zx$rx)GW#2+&DtZ
zW91X9HVssha=Q`sU-{Tkv*<_%btOs{<iDX$bn5?gn!=pm<v+;Y5bPy1w43N`#si%G
zWwr^Qf~@%hrq9Ed8d(+tT0b+J6JzQN3G2hZ%r@a8{Jj>^PER?7DRN_|<G;*SG(5Fx
zHILELsY)N_r91G3xu}2@^U=%h(0vsj{<7ARAU716f!;Y4(W=zhVB+3(0)O~Yr{u=g
zr`D783v*>~SZi-@CL2@o5m5gf57&-}*2)CS17A=r1j;r$m^W2hGbj@MGOb`YO|?(~
zcHAbp@XY1(2%az%3+d2<jF$(zMsvz{T?)Cn$RIh3E$|bgh3sRu>~T~6)UXcQu)|W;
zoOc&L%iee4+qcWkukr2b`Yw!hGqY~Jd7b$9_w3|tc)Z=DY`->j6rjxY)w8SF)LZun
z*4t@C^qCAr_O73Vw=}<f+gJ?MV_p-0tsX-2*+a$&-?HSHNwc_C*X2VV=|oZ<W_G6@
z%g6UJdws&=8zSb0cM8j<8UCcr<m5<WtSg=O=h{m}XnxX(Car_mHZMeeZ70_0ZI1P~
zBdX<oc=Bs#1+{Ig0Q5jww9d_tTi{DBAh#J{9&}+I)?y&l&b*A)nk*MWEqq3@G@f;s
zA3`$H#6j0jZOKi#AWtyE;pcR6{|bw(TSX@0>pwuPUeOCY^rZ)R6w)*zoosxc)!sX1
z?OAV9X=zv8`n!g|`kn7v*%U9n59Dn&k&mVAd^YE8H9h7*6OaPk30y8uyS}u^P%Xoj
zz%<bFOT=HWhF6dURN(~V{zP+wEOp_(PA}l~laD^6aqZ+g^{Tf0Lkl@F6cuMgww6Jy
z$F0Prb|*-r2~`|5{al=FiOPPHL$dPje!qQve|_*Up0U1tUu9jS^jcuZ<%?=1-n<<<
zXCpL}My|!D0>pF@2O67^o?XsRWw?BCy`M$336*XaSc2?BLc@Uh?}7ov)xVYq&!FUi
zsO5cwsPFf6bQ5gfZ<@E?FkTH+qr1ds?9IU}n_vc?`?ik(<zA5N%tiDEA)lhEU30VG
zVx%RC!okYHk>{+mQ(VCmh|Z!~-l?a5^^MRXm><B|74iBIpXcJaR;Hl>989-$se3Q#
z!89Uq*6ugxpX5C_x-kiGATwv`7#Jp#_tahI1$4i77Zwb=*b#CRaG;H>vLgsFw%JUj
z#t^RLY56qPx#H|tGX__&XBsZ(iw&aG7=At=(47#EnG5R@U}^^|`w-?n_b+c&|Bh4D
z`*h5{J9;=hUA;QGX;uZ1@y@vE;KeaZP|pNVC!9SEjMSoqi^`zl<e(zvZpV#~VFE6^
zm{o-I!#5s^&)O|?jE_zyt`Yo)aLMqV+S9vCE`qWDGUzVG?f1?vJ;9gnM-D#Xo|!7o
zS;tqVUO~fo!&ZN%jJqItKX=f-34uWI@M%Oc{?S$a<i)oocZC_UKCMlBJiBxY2C!Qk
z{oNrN>ouxc2i>JdS(Lhm>Z^0N^<UEE(~S04CTM%ND9UJ+R}-*~Ms+ZDJU~EZ)Xs6_
zmul8w7dG={{UO7K{XaL;Ry7DsW%%|I5<I!E=qnt;4&BWC88TpQN5=_qCOtr=YC=`M
zqe-H)A!W{*kN$uxVwO-XpIJzSU?|zl-zoc>qk>r4ww)(CoZ;(7=@6?uW!%L&v&-OH
z6fQ%db<@9oH01Tce-aXGQ=*#cBJfy_L`Dl}MxPI%3U~9E)Sf3cNau>iX0HiS(hXFl
z9&TBTc1+@^_@7K%ZMEVqsm%a{{H3JL$4Y#$61oP~6+Qu#iH<iRMxn;w`KvGTo0Ra%
ztugCY7-x|5>wK)aK{y$;;<cP&DKlQhL!yOaQ7k<4>Wri+m=c`=C$Z6Uv)p8BIA_RZ
z9IhfK8bzBpWp=+TJn;*=4nkB8w1{2eS_DoY75U8zyQ<AcLCb17Q#OH+8pd+*pgz2e
zn>!iSNzrsZ@U9K*!Nm+ny{X9pnDaTiw;Azw{VDPf_fcbB-p9E)OFpOi4Q;y7jH#T;
z1RK{zh_=o*jOfyRS@fy~m*C%{;_NDavYvx#WDZ(D@s1xdH3WmRlMH9gS}+Gvutoge
zzBGTfP;e(5UWIL5=~DnClwo?o12i-qaki13=t)YxPULukn<JSbF3oLk3Nk?*t?juP
z^hb+z?YWQR&EnNcm>phh;}V$Ee;Yhv(RHr(!AHj~4|f$g9v4y^+UD9A<)AWwSl;yr
z<Vnnz$B``&<|;q@R(u+f#fYrcs$1lQpxtW0-J|ax>{dyFIZzKYJ`qnFV2f|l?OH}-
zfKoSGue^np($P)B>kO=&yWfsZ@c#8Wqgj6kQN&4M<_syVG~<NQmqX95mlyq4gou6?
zAvF2&qC83}BA&G2T4ir#r0Lw{r1etW4K#)gItRO@qzh}?<KFNpK@!@fq;M(&f)%6-
z81x>GA<IFb)<8jwx^jwy)AX7)L7hc$tHhjHZj5=AqIe^mi-_(?*i;OmW@3Z}MQ`7@
zs#IZUZn}PzS#_d0ee!YDVNIgE>3dk(Urujr1a_?HNce!aBY1M3R916)=tUWt{Vdw7
z)9js)i=ev_&@x(69{m|*VX!E|8ERY?YL*keBAGME;LonI2|qki({iyFZ0@RPKW)!~
zZD1{!?uGI*ymD?oPmKDzi<Xc3+UNW0LW#%g_>?Fy+_UdLk3Gqc$T1%fX&_kl@GC74
z;%6v)NxOK1**tWS+RF3`z~M)@{4~$@9*6aa9|=7wWWrHNyv`;(77hXj6pToxH@lZv
zw!Pc%NC44P{?;X_$G_`tMx>k#-tE5z0De~!S?JVffW`N1h@RiIe`M!qV%ZGn{|vC9
zjNe}cogO~}EE2x&>G|6?X<vm-QtyqG%+Y^A<If!q)6+c-#U?|lx32U%YWb-k;=p}Y
z{_jp>%p5{bOT(rd&PY4P<kR!RshycsL?8vtKk4;L<)+M}qpXlbEXCB=cuf6KNdp+N
zgyol3GFcH3TUfn|KH|2GIkBVR&YBl|%<mn23@%0keORSaxF38of|%iFGtEe+{eMR1
zI&o%Ef4$$57ev#SBc&eWDrJIS3eJTRmUsyN#72gAglZfPk$!V@pk*Qm?q}tOw+Hq^
z*?+&#2|x*V&xXD$;3KN9(S^FR=?nhAqJ)Hd8|XczbX4I-=L!)TmOsLVBM{Cra@Qsh
z_EZaN&wo3{uIHJu$u}DLyi;5uli#8~MFw@J28J7YX9QA*JR>S+1n4Rwb+yL5T%#oj
zH|qjbb>$=p@aYZhs@l)J2J^Ys0M(;PMOtULCLvwRV5`{Js^dqeqprQ{c8uKRqkWXt
zp&zQug`s)r##v_7hDUUmr&)(JhQvf7eUDjBnfl!&$WTX7n}23_a{3{@G%I8=1=E`=
zrcBRB`(VzJzZ!b@=01h_A1k=CS8A3X@!`4u#ojpRUu(D|Fq9ytzbc8T0l19;<eD8e
z`teHyX{gfur9Lou2a1KxND`<q1gX4+a4W5$C_yl?E`^#}JPdAP%{xhIKjc2s&te-5
zV2utM1Dga*q{@4?RQ{%LhVP78uCq*inu<C@%L`c%jj9#|lVSEi<l)zEPX87>a!j6f
zskSc8>_G_?(#FxX7~~rU7-+Ddj%?L6XMc&6#8dX3^0Ncuv)_gu)hZ_Hsmd{9$~g`>
z|Fgfvt;1!&FSf|zVWV3kK!)PLZOr^Dv(Oi`zS{|WUG>6mSc>K5JqigWR|;}0iXZYg
zlpkUzlt|)fo8REd1iI9Ar3xPPB%$^YNL<IWRNBjtTak3KOi>>P2JtBQSg@!J6>Xq5
zXDd4lXTr)p_+Al$ujTPHBJK{YR4W!Tk}Mw!CQc~j?C}fbTlT8#<F3E)cm81e`cUa6
zm<@t<J;A)sTxLyW|Ky{;?2k|KWMSqxf410LWqPhbYir2TIlWHakZM&*skCXmE}^#g
zVx4ohdN9G(Dg9QC{&={=u2og36r0#KZB0MgI&EDwo#5ql2~4dr%Kp+dM$A#kE8cY*
zhc9j;IAQq{5%csieuoc_u5jsstleh7396m7wV6RvN}ORQNW-ox`L+0m<ghk8x{6|8
zupS0ssTS#Q5)ECcxiiK)42ITiN~J?3V?JufkGpeOxU`P|X2c&~=<Mj2We<cjl&Gwf
z^TFj8$Qzl`w173I#b3egJ@`#*lY@C|C-Xu-oWeBIJAWxkM-i#fVzgCGu%Ne93Z<wV
z)n}J6&`uKBe{}Nes3x;c%Q$O%CO?goCY*G4e4T}Kb%_J5qk55@|HdL|rZjzKKZTSg
z60KFSvZhkixc9R5Rz<6S)mhaCCeh(=+1yE$B4Bw3SETw|sw$@y=_0u38Zz;r2-;LK
zmY==db4ojJUW;zUi%}$xy>=a%pNA@+@=lZR7w;^1%ipW*xdmR+ybYNC;>5Q3k1H}K
z=$(j=r`kNet26_-H@^f*y6ZhC3`2@$a2@Y1%Xy-~A96Hj3%FdKAiD%NoHfGCdxav1
zNkGjCUEZ~)b7wMnzw(f}zce+4qr3&Ra*wQr4nZ%j)^El+w9+j_Gryz##kGDkMh6Ua
zELB!5i_W<WWQm6+^28rf;f>)?5p%k=WCA`Y$%+r6sym@nuy4}8;{Ph$5rh9|t^%&q
zb@=-LX69$xz#J#Dp35$C<Tjrl^!`|)R>1Tiyd`u;=}G{DUMM0-|Gd$+5`&l}#KcjH
zR3hDYjZCqpK`Af)8$@!-j=mr;DEXzDVs`9A-%Ev|H2%bXxS|ze)flD(x5}hBvOif)
zYbQPM=Hp6SaWYwF%t?boK3HAlx1d9D%5#u2UgOq(xjGIYA__7=hGs(^ii(wF*nv4G
zvE%xRT8&;KP1&n>x03C(n7gT|t1^Oe&V~vp%fB=hJO$q4m6)ex#;%uR)-wu^uykyB
zEHj|yLOJ(Knr3xEjVTzXLMKvQ!PU1YO@6`E&RME7&P8b^RL(`vxwP~=njupR!%v^z
zlj&IC+K{X)=TtW~7gV!V+;X2v0UQOou?4g`3E#)O;dRO+w2!3Vb&ds3r4}*hIZvb(
z51Up?C9zbf{+Qo?Q%kV@Og)Bon>)g<RP%**CvfZ*otmYRPO1sMAfvC5f4$S87}fc?
zI4<`RuC6EsFB|^EDt0yudVD^YQoh!miuZ#9&e?1ED3tDv5=S!NDf3#TfNP->pp+jY
z37s_K(4GA4SEfZzKN`@iG%JEw`S<gD2>s;PFSR0%t`5>aw}qm6ot^Qyo<p;akH0;S
zu*#=!72E*RNJf*$rr)@xohhH~`8^dA5e$|`5zQ*|9H-;ceT5D+>}=eA*RcD7nV2aC
z-=&2Nih3(&vM7~K21#B12C@om|MzN@S`de(JC0Q{3f2V|Q&RVPo|b}^apK9kMgBZm
z$q7rmoqJpLok8cW%kuG#W|5xYGzM3ZPzjq}5d2r12DiA2V30QuN&D!Z1zgm#G`c5I
zm{#fO=R#S^R8nxFqu!Xo`9bvZiRhtYeP$^Q9YPBA;rYh4v5|mRM<=z^iH2+thkT-O
zvag!xXvpfOxI$uOB%yIvaJ~pR1NztC{JozTU;jOWVthRX%b=elhp#|8h%2AxvW$=Z
ztY%B!wY>d^O418|Ny#YE&XIFgNdE6N98&|#W6SKeISb-%d^d#k%XoIm<GNB)&GR%X
zS<A?Muk(GtT-IE5Ya5COSru0(lJAH$Px9C+IUETQt?SE`a!kKAbcKv2T)%5c@x)<J
zwDa)5)9fQ*xprlb93%pKfAnasVGF3?kwsmfE#(47wqrFmzZQjT7Oc&9!Ks`rS~Oaa
z5V)pap%@Yk`aC(-^MoGZg%wW|IQ+M8`FN#7p70<*5$pQ9Lyrh69U@Cong~JRGJX9b
zVv=R^w9fKMvNC>+HkrEuP)#&=YLTJdVwCt*Z{g4J;+VK^aGBNATp&(sr)iUGN{F>#
z3q@d{Ms3=4{sxRufar7Wqr7{{(|z|)v7|KfBMG0|fMB(|ZcW2=->#O)(^zWG_?{C^
z48yp3*@WSgX_9+hgS5+zV*)c_l3N%0zB(=WTu9xJ2ZCAVdJ^UIM*9uXl#mMc+l`@0
z@agv*X(D;8i%zQ}c&)5w!y^4J>{aq`e07SK#O!*5U-B-Og>I4x5~>5#kuv>_I|I~^
zMT;2daxnK2&;uEO1OyhtwpzIMY+%W34X0)L^coT&gw5LCd3eiCRCbShX8Qz#Z-^9r
zPU-v5s2l#-nnBKS|2bdTFwc5pF&|#;5TavHzB=Etj`IX8*Xa$B4o<SdVx{Ve0wt!x
za6_2|WO%=@S;!GVXi`^4TZ=c~;r6tzlIG)a_w>Aj01N{$UxLT7xo>CjmF)wva%sC5
zYpVIzH+;HUUp?=x{$AU0n7OIt@cDWKrz4h%+#CJVpycA2yzz-(@8Hc^(0wnE^33Z3
z#hjZAcTKDp6PCaiuiNqD81#-y3*ogH#4c#YF{wkBlhQ^CC-{~ro{_!%^s*r>B83GY
zm({`#4uPevSdc5w%HGHQ&cBRnM|!(h&{G<?IJM4J#hbb#x1UWKiEfuUs$$5+K`Y_)
zc^|AnE1e(~j;kOUsve*#8w%GbdbmC#7x?L<D?u!H<>K1as5iVmJt|gD8^{7QV&%WM
z1$H{w+`npnDvA+_;^gCG+xb}qhAo=)RN++sEiMIH3!F};v9AV%I^D*`S%iU>A?(?l
z^|o}$m(f^(l?3m#U|OfeusJzBGWg3>Z;U=XR1Kf~$6iBKOqmjjkwUw5@I<J@Hn9B$
zwh8O@e~c!KpRG9&O|14bbmeu{X>WP=L3`*c%YMGG?(dcx@h9tAK)v*;oXQWx<3i`s
zgb~meI9Nl@b)zS0?vlq4PPJme#xy^T4jE~|?a%naWaf^)e>M6I1}AwwdoDG0ssUCi
zXHy%s&({LND_fhNy^&!j4}FO%gNPq4zWTlm(#;go4M_=W%|kLFF*pJ2#Ug<^gbrA&
zG<<w2BkF+&2qHVOPQ!2<_{maG^(!>-3i)wrv$)Mn2&c6KvO45Ll!nib!>E<b^hk-V
zEM&clH+aQ|r`?O!Z<sK5Yr+o~Y32et!1YUQDKg?4V$Q3#!(@7s>;J>kH-?ARHC?w!
zW45tvyRmIMX`IG(a$=*gZQHhO+qRQ0_w!!Y_xJqVXZFmjJ!{RX71_onrHzD=Y{Wn#
z4G(VCJIh9KlEP&~&wR@KVE%Kp0(8%j_FeSuemCZ@wH!@in63Sz#LK!DdGBv#ftSA)
z>5<BXG`zKp4nk-rDYWixNlYl@pt1ME_!a$U_9W(U2^lVh7C1Xyn5LZviIs+*!tbj*
zEbN~$9x#XeSVF%#p;ig+eh}pZe6pyI^mq3fu(yqxt^Bsoos^Y&lfD*+GXO3nTtY%n
zwugNskR$csQ%CXS(r(tCxLSOcnKJ1-+Ocy`bFc1W6!f$<>udL@^6BExCGBYA(5d3k
zkJrgAIvxu9OfQQ1{sSBm;p40YQMr9;NYFzbFeHIrPwWiPBm?|Z3}5J$oswa}`{(Kr
z9qK%>0t++SqOQePg}k`~mhRAq@~9@RKKrHH!|mbX!*r!f=|aCjH2<ahZ)n%FzeXTf
zTG=U59x12#F<gX}5jCTKAFSvzkHBXX%`)cko{`$9^_b<!h>U7~Tb-}WIpq?Tc>Xge
zyRs7#LbsTq!<g%7DHPnR5aDYRxs^cKCOzgvN)+w9BlZ-!sp=9CFxXHMx?oaKs>cVX
z-Cekw%j+JNWVmdW8<z2yYCIzNhKG#8(N;g!zzL&Y+9umj(~A16(Xks-qNfsyD-Fg3
zzyF;GTU#P-U&s|s+@BsbQ6>(>X-B6(_&G#qDDjbA*x(LF-d3q9&(Ap(0R*STFMcNS
zA@`y8)VygKq4gLTR66vpc<3GA5oa&gZS3zCq?girL+8&?AUjIqQ6K#mD;iNrm$Nqw
zot+WF!ImE+@vW~D0Y+}<YeL{EaVi=+rdmslZaZoKS|)rD4rAa{ge#XlGfm%rP&Lpv
z;PBAvpM9vvNZN#c$4m*fyAcK(l`0T>z!VV@0Pe)o)@1-_v57QMV|(K>=95=>pyG1)
zw29yg_NOL^D%8h-t+MKcm(ZZt=qyJfTW;_$ZH;avCTav*tN#m@ucRE+E?*g@C!O32
z0;^2fRjziNr4A@v(B&fSI2m@-eF)t*f3s`4ElKCXy_BGZRDEUj@*S}b9AzDGr=Si)
z@PSiXZZHSrlg;@@gm!%6Q1Z@f#FiHnNXCazA>&1tz8f(yJ$rs7HeHQ5r+pQaj^9`F
zuX=Zrct;SaGbOt!)KNybFnEQcyC^8h7OQDFKX~V=YQ4lff1uR6Tg``hYLa&|{qep>
zfvvi_O~V4^;sgNc1OLO^;=?vI@FZMY=wdWjL=0f7O|wbR$eTVb-nGmJl*4*#F%xt1
zcZvaPi2>B}5x1?u`~Y+xn)7BB7h>gp$M*k!t2e5h*h8Aa)^sxuF4`iA`@~+%V^CCY
z3BDo=0YOor4vU8*)$sncc{*+R?tbEAs<$f3tDb;^2%0K?y^&t<LfE~S;}AA32Oz*!
z@sqUi*)i%mx{UEkT2vuWbE)OzYQKYeNN3e5^GS-q(;TTTDf8LwWt5sUg#<nw%n?me
z9^q*&QIhx_xtaPC2@^FKtg*qA(K{aL@HThcktGzaTJOpsNS<8#5C<v(C94nN%SV;i
zBW0zg_xeUH&ZvnFR9YPmW$vaE06}LT26f(AEMK!uV_R3Jjn4r*%J@85#m=d_pnYk3
z6A%Bsv#`D7%?3h>rgaFpJ<U{_m{wLZ$T$vTil$=8S>!>2g;Zo%2hHDVg97VSl~atF
z#sTOT6_?WShz?IoSg(MV=N;zp=5M!js6F`*86H=NT64JH{8JyJ9g7g*0g-yv9=&$F
z+18J_Ae6Yv&78`aNuO>RbybY5Va>!y3ahymnC&zn!{2zkaI|+Ad4bwAqHZ@RE3D*S
zRE+qZA-%sTV8y&}A6su&+)VZm2v_d#W)%7;`2)d*%C%!F2T%r;y0xptpizqGjhfs^
zZdXBn^eWJ(7G>>OCdBS80A}T9ZI1@%reFwirnZJ(S!?tcYH@nhH%Sibm<CSbf*rZr
zPQ&t*yXXd5OPmTrJd55@kwF(9g+2(n&fwBwDpn<fNlDx!u?Rx}0T;ChwD54}Xp=oZ
z70x?~Rq8Q6Qaw93d5f!<Zt)a(5nT{9q!k3~9CLG{EWp_rRmB*R08Lyxfn~}w`#^W7
zu(LDL?znByAK>3wlxUf>(^4arx1(iYMz4p{>1rC>pJGrG9Kb3#akUoJn$E1x;1<iB
zyq<r=Z=x*H47-1A$ZYS=8>{bfB((K8h1PN&YO<0puHmfE1Yqp7?yST?ahcjz8#E^W
zZLp|Lwf4N4cs1Bx0o(5plU8IIAAdU4%o1^JZn_1po?O4pS#3~^Wh-!EkDp;>GGq?i
z=BiK3i~O1hdF-P()WA}kuta`3I=fx3)CF4KHaW3+yB!`UhihXo*n<2<Rna67IyFc~
zDzJF+#iEiacyEG2$&mi+j6#k5LGOC#nbXSutv+a6k;dUh324yh<T@7~%ZP6^xy<DH
z*v=e;ui0+9z>V)Xuy0J4Ql(_|ho4iPNhRln2<A-BwlE<f5HO~49CgljPyJoH)>;)=
z4mFX+S;P|Tq*&z$d|dl`mGG2?fZ}_J#dXYXXkNJ5frYUKcENUGx`e>wfxgKUlBEK+
zTl(B_aQ*!b7Z~6`%0wMvGpEI>X?1XL3}?3avwWokoeMtu=dy}6@NndCn?R@gB4cW(
zVu3vTEHZe71&#JG)jij#w7s4C>vH5f{dYO)HLV#a>}iV9#kAyFeOGW8>%T6?-XFt8
zo3F!<vl92iVaosC;m_2o$hD~OAK&CSpf#b{1HLe!z`I?<=?sw!&k`j)j(*F+^dAoP
z$mCt{a4v2&dcIQLoOShz1V?%I;$$K*t-c-y>nF#HE92z%c#r0gpo%d_=C2^Rv3@{$
zRyS7~ZwgrkL;hT_gQb0+3@C8^9|ZSa@kz2-3yR_53LXBXVzLuJ=mr&tVRMuSsSo)6
zl$x-lN}-j<-QP={#)j)nOG|!Sa^_*PUZe1U`h`uczK~0xcd}GOA&R)16HUg9Eolcv
z`<6=}!zd&K3%)zG?VpX`Jf6M&r)}D%l%7Jfm)fy6DYB55i+l8QfO+iizyJsJFvw^_
z|7n&@f;e*d*j-gNLyxq#UK~9-cO3v1z-y;vR43vSt!1Wwh=}4;!C4TH>mPb>UF{wP
z#ijA-YQ-0I_DN2G8`wTbaYsyFO3%Yd8a}VlgllyUXD|*tJ@{8AD0``f*Arj9|0%mi
z)%@Z@8HDtK4N%fA5EzuP<d0mSn~#%x*fNxplsk_}nXj603l_}lbl0tb%>pCKH)Eei
zI$oJ-8)y9r<#$Q32n{eL0ZOHw%u1)!%mdlo(5qfDps%*Us50r}HmH~`$swlDU!;}w
zEB8k%Hd#c@p-ofkf+b}rr1UXvVa0^kySTUX_c#H~yBkJo7y&)}E>xYk2em7~%p=dy
z0<i!njeP2cNRl$|9;Ikc6#!dl*p?tI1?<HIgeotqho>b{#My>^N>C7?dkzGK212@o
zlq<;>vT(QIV<>$Eok}2!h$}Tj4oZY-05OXJ19LV0cwYk#l+nJs8k)1DC-MaHyOR6%
zPJKJuH<r(c6(nyBm1phmb1`j?pjiu=Xv11C-$;I;eJlAU7X+KN5C>2`FU!-YN8q7(
zXw29R!e%y<FEIJbrlVXHD|QvGr6st=Mqk(<HD=K*W>9i(?fIqqauK+mV8glQ$Ww!#
zbT%DQDkcnmm(?G!5X$&*6yl1Idm|q7R#=9)-VAs5=cKlC%SRMAk%e>*Mv4k0ZdV<|
z96cj6i)L)KwR~zE%Bro2X88`R%)};oY{gpUz@g_|oc2}@DM{Es`7ero{OkChxD%DJ
z+<-`$G<4Xl`sC6gBYuE>z!w#MIZY0w7wPgNBbYn#@GOgajb9x3_m_#(G;1iH3-reu
z!u8VTG2FHLRbdO-C|@wgoqWM-8*!VT_-n1p2AO}#Rv^|?yUWHDwyq9vOv>M9m*gjv
zlq_xx@4!r#AiBgmO#Siev^kt>Pd5d9U*1YrM>_pVV{AcYA@h$Zb$^O2w2*s(5$(Q^
zGco5DdmmNTYz71WFY&}YF+I>p97X+~GvAC=0^WDr!cPZ+Beaq1kZR<FILVn9p88?3
zp#CQD?J~@=6c~gC@ijODiq_tx&`0brjEwtt`1lgNm1BG8IknkD>wT~^d5JklOY`+~
zqh_Q6m|dSX?FRI+JJa7^cxExCZ8=Uu>#@~8z3(AW!0-rzIycY*h%j(Z96%PLLk1V*
zT0l@UO@F5Q^bqrjXL2}DTy$pRnnb$N%3Sh5X<F8=pf}ZNBQ6jDgk|dinspZ&kf(3Z
z7P9`1>if<lW&fo$J#FiGI(r(((l4Icf^QWrqn`Fx&6iPQTQ$c;v(%mm9+c8-{EC>o
z@^+NEdey0gwYM^;`BA*9=B9hmMEH(DkLn^8?yEh&c942PvvV9cGvy9+(;^Y7`qfok
z3^c(vTQPGP8DKFdIT)7Zs=xy&^Do+!=i?el$Ly54#te%_((bg{57M=4;Q_!9HEDS}
ze$FU%6}4LJO^_^>)lP}j*EaAW@Hco4M7%aG6+11rSfD5TA!!B~Dpx!l0~WFDR80~_
zK`-BpXA%@LcfwG5FePu*S@_ns@6^*taO>y+P;$vXDgXiPF-MDQkp61IAS?Pnu040;
zdI2;?SjfrCO|vWRa7WojUcS<-Ca)K@%zF*~rpO?hdsNymcXuMKTf7eLpA|;&oAEaP
z)nI?~_Wp#idVDQHTmB~K9>*bnbLrxk%+~t)gr`BUri8j}2G9!2(tFtNs^u-dHuEK5
zJ0mc*fVS6Ql4T3c<1)MkdlTK#>&n{J7hz>E?JciOY)rXyg4Z=GO%l#h<wmp$hk<33
zJsSDjBxb0O*HqEz2*PO<*og!|MYCchM%n3+fZk2NCpPaxDDy!ERU7elm4NlHo<i@2
zr%}7^pI!3B6v5n(b*cfh%R-@j_rVf$Rs01FkbYdfkAnJrF!aK;NRs&Hzy!%Z!Z60B
z9lbMesAP$g?0IxU<EDo4NA15M0oKHBWId>S+;1VLQ$MwSXkU?03y1S9We+pZ_+k5Z
zQ6aPRt1n%(gAH<sMGEV#pY2<hx3I;;Ut6vsjcDk6YU?e`tUdbGE@-QKJx64H<s!aP
z;G0GeY~4Zvbt_T1wCe4kaD4*n9)o@PIn@L9u!<$hatVqd6<em&?6-9EWPPkRJK3QL
zIF9<e5)`4ZV3mPb2#LC1W;m*m*2YucRQ(>Zd=?I&P@m6mZ%9s4+tF=E6msBH<6d0&
zRE_f_qjpDl)=LVP^2Sig!a7X9-{N@g08wlBR!94`u%1w^&kAy3x4v2kd?MAyLQUSc
zPc~+!8Qkt+Z4zaT_=OPIg2xwi{53GdEP)w<susv8f5JC4VgR0Wqwr)KFj^d8|1t<x
z(NxBf>apJ$#&r&>8Pz<4Oi=>XA#{#UpbYftQ&kin?DhD|OLk?~4rwXKucCj30mX1x
zd*d%_SM;Ty3{@*T@phH~ti^|U6CHR%-3KRAl~MC$h);PlV(c?2tQ0XVx>|P^e2Pyw
zmAW14sYd$;FXNAfGMp$(A4~1(!{DxyQbe_OzCX>bVW|&#lP;h!zPetSO*|enI<(-D
z2we3qC1~j3^lI;>^hxLoW4*TLK=o~D7?#7RQ17cPY^#L})~8iSvOoM6rHr}6DDGo-
zwA3u%<I?edl*-}s{s8Xd<#qUL7Ibk3dmd`6Yk2|dCx1NFHdt`qOd;Xevr$dS5i5}w
zLq=jCt`9#i#3_Oyera96^3UY_Kt~~xrFU3MX1jXKfi*;7Y(HAQ*<rW_ph|QxS8I0U
z*MGs;H>COTm28N1ASeCx(*l!0To^`ws{?7!M~_nSth}s)9x64IZ3@PolZ-)qTUw%u
zLccylcfP?*t~GhCiw9_Xv7J#MCrR5_>35n(n%`WNgFx3P{0@QS-@)e4>!3ogB^;0I
z4=HG_^e9Va$P??B7>Wu4j3G_*q+n$IL&5R?`W!{i+Rja>!G~@{Wx~MW^bU{2#ge+_
z-~d;O3ohs$pnh6%wfq84mo|N6Tg8*{JoD-^jBl+fYCAYc0cCU>Wpj_B1czuuuQ~rD
zPdk|cv=Ux3$oEoC|0G-U6A1743ZNq2WKrz3#E?Kd{>8HDjD!^gXw8Rm2mWcQp0Vo>
z4N$@^lhYgOpx><Q8klo@4B_$g99(KN>ez(OH~SPO=th7D{tC3fh6*&aQ|csmyzDSB
zy_Dkp<IhI=yH9->^=oZmLhF^9;dq(yx{Qm$ibi@(%JV~*pXy7?q~3YpcO;IJ6ft3@
zf9av7pz_Wh$oN6z0Lg~DAuR^T7S3#tmAIip&My&pf-1;PO&$9Ab52=2SZcw1`JySN
zou4$m(9Aeur7*l=I)MZJqgBR`|Bd{vr2C&Re6TuL35z@VBK(CnDN?*iLMZp_AKwp?
z`5LdJC~U6t$PCefN6BfeYZP7NLv<}4`N4~g>bz-x76w2A^4CUsishY(nvVo13&sA@
zxDSU>HCVE0`M)m13oqc3DCi9%@N<Rrcj4J72h5F{oVn`%V`=0SuE6AZQpW!9ig0^X
zJ1X_f&rU-m>^Xm3YZXN<E@RnNX=neH72PB3@#esmXtASSG02fpJlPW{DHL)=X2rK-
zAoGL&GdmcFQHdoLlXBQ&Bas~CYwXkm;V6+J%VL10TULItkhvnD?eLGvgvh_vtE6P7
z$LeD4=EM9LR#cq43E0OvvbIsVn)C%KhCeaGoW&#FuP2|Cr#hYvXI?JHcoX+K$Ud46
zK(r1tuVkZ}wlcv!xlBKrD-4(8frG|NPDa|6G9Mr+CCuvU>JAB~mNuEzZsoAsPjfok
zL2%N2#1xylEfou^*JkAi38#vR3hOB$$#s!~ykoraE=RA!p!b9D=i2pWEjw6Z^p_<U
zCpD<IQLCz;l11AiGr|)belwi0yPF7Thyaz0KaZkB@IWCIP#^Gvy>We~xst{AJd<|#
zYYEI?m}9!l24xa7Lky2Al(|%@mupz7lx#;amMR*7pyQWQ_9ww9;xUchIvl2koBP~H
z6XAll>>@NBc9+xp2KIPB8Jir@n_MHa_8SLeD<%A70cT44E@oQybMewdXvstGAG&Wx
zF{q&05AXJ%$+@J_Exe045erj&bWNFLdOSb_7FRv<{5*YE+Y3+43E$u9d9B`3hM+k!
zaEHYl`MF+Eu8k<iWxU_~<=}&S<4x6F7uovnyK{ldsNE(~zovaR`7I53#uxNz^WDK=
z?$=bU*%Q5H-6+JyXwY295sf%+s93V^b1GL}s!;yZnpVBO?@Yz#J}}ACcDo<bdIt<C
z!c?p9Uj(n!M@Ft`2M#h9{;t#evP^MfL+UtBpEtrr9k`LuK*I%*A#7I*o##S8!lRuX
z<+HCD!Y;owo!YuJc+vsxUFBltDQev$HBP!IA@&zgGF%>D-^3x34esL;sebp#lFvt$
z(bcVmk)T$feTHq1fW)Xq`Mrn8_W>3ao4aaJgT4JW_%40w=u65)s!3_04*D2B;*9>~
z<KS?j`i68D+L3!*6Nqtkh97u7wlL%(v0lX>Eo6e*cA=%`s`O{ij<mQW^Aa8`q6OLh
zk%Rq<ddx$d)O4rgve?(+4Els6;ag>W^3)>u5AL?m4x1jY@0@V#oN15?Z4hW1wbg%O
zPO4I+L87Ln-~OrBv#`T0WDX?Rc!gBaNi}^HA%mW;A_Rq0(aaJ5jG81zOiQol1BHNz
zR6(VF)9Y_;5gG{#OKaYn3-0${8uRUbprl`-?fNtE=gOp_*FC#?Qm}S2F$`jMSC*!0
z1q_#%Yl(-03myJ4Nu84)fQ3cs-WpFZCye1E%3q6OU#)m8N2pCsuW8|!<7&Xp(-&(u
zQ+9kyfOZ|{=5lsp^VMUtv%Hg90&C8=8gHTnl&m)z`~R%v>y5}726AUaUGw=DX9PR=
zUgqEtI=>{BWzf>6A>d@KE_Aw-z2R+lCZR*`cTF}c&b#Q&MO$qG3g=fjMFiSySuNYb
z%DgQeI4UyC>_+yO2f@;k$!USl+a$^Tf8%t^>d@BU9iDz<0W#!&z6Fqw#pUC9!25N-
zWn-(5&x2Rn`6ss-loMy<bC#A9j_RQf4@%-?bpqY=B=m&2Z6jYpZ7w&EO1TOC-M_uB
zGfj#S?s@(4Enlr|ik*!pLI)=tnQR#j5ILEScx#N7`HnJ8^K+AYld-g4gE<+ejnUnT
zl-~9xITvb1kWscj*C!v+503+@JF!2bn2)2+i`%6I_S^u22&9*2V(WD`c!=}DJAKiJ
zO1+1M%&T&|So(|&B>fD}YO}KH5kJ}gax_l3#PrkZ9(V(SU1!``IMTWMzRd-4-%tC*
z%DhvJc)NW=;%xNpOchQoh}~#M{b=2wLcID(u=TLBuI~;&x_DtU(fw%qiVdQz|6=2N
zWix2>Gb*GSF)gBvk2eD5_sXx>5bRpD@`wtDp)+5~J?Qx_Hte=1C~4OynrtSto-m!J
zuJ)S%1zI~@T4Wgno_gX_WVxg)o5Q25t7b^@9#Z{qBnxy2iEDBK*Bn&XLgl9cIMDOH
z4CHAiWGm@4{74ZyjsA=QbLX|`>&3;R1IsK3MZ8~nYth?eNzDlO?k<d^^%7oO@UWtK
zbLin0ethD6eAA3AYiRtcfr=dWXT)X1lEuNmT$4>GuX_v^^11I)wZot{59}2?Ltal2
zEoAeZw`bGS)yvIJ;4>4RPyxdGc(T?9(YBLRH0+3;tIG!lN3gmV*o$d+szm_;fA|Yw
zousKT2FDt#R*|_kQO_MU;?JPbfzYB^u+No$pAM*%p`5R~y0^M*p4XN6_nXN8&8R0J
z`({4=g&P{TbO~*{JE1=ur{2u9hhy+QR~#Y$!!>htKU|i_l@|TUXm>|d+e)kMcDn-|
zv?{EYZG6p&YBD`P@Yd$U(T*8VIhw&1uvfx|d2Wsel3dO(c}{r)u0LprY>Q*PK6DeX
zT<6cnZuW6p*3^PAed9x4RzkL62h;!?5?eX{@kk<@QVR^m<8BWbn_s~Y*oT5>n6d!$
zs?V|!#NVGG^cyu2v7}DZ-w&3$jcWXm_0qQ?gq<E>!`D49c_+isWKc1>>v!a<jm|3~
zh90Don%-HK3BzbM^x63i;9OW`P!=iN*rT1_>i5+y_Jw8>b027e%9Fe!tL=d7A(<sa
z+=z&D3KJ~#<p{pt1V^!o6B*S$R;z1zhD6v+*X-zUT6NX;1#iT5L%)B*V=O}&7V3WK
zmUz9bVe-PIb#2vF2DNxI*4uH_Z~^bcZm|cHb7XTpD6U?_X-0a9<YVfjo`kW57yOEj
zZ6!QS(lfr-i$_LZ!BIWjXh~qbFmy#FbAWr-_wXkOj;xp%AH`aS^%lpPe+>GN{Qu4W
z`gg^Nc=;9do(P2eA7b{WMQXFbn5dkj(l)*;{+U4e8UszT+jkXaXQcbO;Ue9i(QY6)
zK8kW5E^@r)Wc=3&-v8GL79FOHT6}ea++Urb8|vI`R`Fp=3_!wr(%gS>G1PTf!^&-T
z)$G`xLG*N14wBgp;&FhpB#Z}dD}9jt<5}3bA}ukDd$w1$e9#T-f%t5hljDp+ge?Or
z(i8tRqtu`+geRS1Z<DM7!QlMwunC!0$Kn^$7=Hv7$|w~2qvUnCc5R4tYv;V~@~R19
z7+FXeU1p{Y9RQ10ohd@5Ep-&;`iq$~5CcdQyzK?avBa()1Zx=JC&D9>O`Em-oG*4>
ziolPSa*s#md=YZe)lu$f<9Lob*+d##+r{v&q&8vJajn=N9cD%PU|i(O#lRs#JdU28
z#%H0BH1>EtX^Ipv&}BIhr#6d7sVfk6^cC_K<s6$c0lWg<smlpA@dxIDtVvlvX*Y=0
z|3t18PY#a?>>bV=uBiql8KOx<QkrXkYU{g&?svqir+B7WKZQ+D=1NLACZq^v*VvVO
zpa<Y&&dm8?WAfI>Hd<sw(O|6_evOkMe}7Sg15iwoF>u-P*`$EHT|^of)g*mE%V$##
zGxR-Z;8x{Dc?g}%2WF=W%lo&?uz&?}OpxitifB>3Ys+70gymXe4&Mh9i<WGki6V>)
z`cS9xY4WF&pV#vnJLRg@fQO@(d_7%9%U3SEo&OK4RaP`-BtD~hC==6ut)5jyNU8j)
zlXl^qwezeuLx`s}#@uFoEnk0`K)+m76(3k|tLH0YCt9#4k3b;&(RhsKfPS>8ORb-d
z<#jXsR1~|Jf)=87I{!?DfL%Rvv;g8MCL_F*1pdU|H8<3~-|WFcD7Jn`(hX;jq>Q1P
zu$;zi%uZFkm47x`nu&PS_Ie{x&;v8UHt1=yrO}3n=2caL80y>){ZnT|qRopyfgJda
zHE1>LnT>BhjJ7<#VRupH+fF&I(5f+?u<z14@QS?w3-`F;NcK-v|3@0>i-0WLzs|IQ
z75nM+DqBU;+T?ub>kCF^Y!-cXod>%)i~TCwUs6v)Q<co8aWdo-Uo?hR0gG7l=g4^|
z!zA*S7-k=oDm2oNLC0T&^gDeoToZsfL&DVOPn>6f@=Vpi`b+K1Q76S@>f6lWkQ>-c
z?ymHsS`N-3_lFV1DAI!pV;s9-0BO0J9L5Pb%7Ydu-(Y;)NMJ^MLwDeX&=Q)4aoKY>
zY#!B!g*Iku&ZLyQl;zm_&%N_VNB;qo2MTsrkVH7@V^XBtDoseo>xezGTT9@`g$)aF
zHn*<0+GJ%es(#{U^%e}XL&qT9;H>SIS*^Cs*6wy!9qIT6-a@JSZWjhsC%5g^{{3b=
z=$BhNFSg6NbkJAw?)pmJJ}~eeL)b2s!!fzeJ}B<%yM!H*SXW6Qmk%iJk$sH~p-&6Y
zJE=_9@670Lp@qzUH6QHstO2*ZVn@|-@Ae<=Oc`7@ORo&w)@y&a{C*p}7bBeFZ=#9D
zBKW>r{h^|&G#b<${QJh<Wy7t;=KS@%+6*a(W|$7`yw(kRxOq@zq=uQiC|f3Y83%N5
z8r9?Kba_w*#g`Z-*CRn{Vjj<$2B{i(pVm`cUWhbOd`SAz3Ut0ZWB^7gSm|Zk$ONlc
z0<O}t8+JJnIjm7@WM%ssd@n4)M)BI->_w90RV)6FMYiSUS@z0lEoM8aoYp1E<qLj5
z?WFVJk@7ba@2y%S_Y)=uo-OzzO4vO+(vfn$+GX<ne*zm}&o3*56fY_I^QDkCB(s8c
zp@l2VU$TiatV5)AQULf~v45MVx$v)32Io$EE6J3S6K<`#t3+^d`>fl3I)|0hLEe@2
zsEw!VN{DzrZ=S~K#1wi{y{I2YiHboHPE9);CrM!QA3a3)=|{MfExUx%(^~J~(6q&=
zrfEEuG73%jG=HCi0;#!ylp7&z=&>h=Q*7f8wF_+e><9=RN&qjA$lt78wZK~ptbm(P
zN>j6~xbz%hcA|3mA>eP~0$?K5O8v;Kx5Cm0^Cjz<4ebLfprJqKH&}5bk@QM(>eW7p
zmR~hGcb%JaIt}F(HPh4;wmb!^A5UH(1bd>d2bDzcZ_~0$#dS9$P@!w0v0Z(cw$-%V
z0mzfEm-ECY06spwa6d17D(8RAzqDW-qD*orB%E0%`XN-@10o7X=m(Uc6cCX=L&g-N
z`#kPldot?BrbfupHTvarEj~j(J#H@lco*0Y5WUw6Wtj7;zM0@$NnnsJSF{j3Q8tLy
zwC^~&IggxJcm7_Yt7)B_{uh(#Tv0svE1ek2YF9>s2`Gpk!tGV>XG+W;9%AJZqQmW*
z@D2^`M)BLnd-kJlD*1Ugs>*nE$KMh!Ah_DqZ+4<XQHrxu56Q{qc0DYfHu+idx~;kG
z*>ZSXTgmDi*j*GyIRT|aeQu_@b*M&G%$xPkE;t_PlDv?rxd9<WNIc*%_-X4mCL_%o
zxqmG$0kC3-NLT%W1~L)ggA(p==RTTiOZ<Z4NQ?2|$lJ1^hDNN8R;BEsilv9j%cz<8
z<ANCL_bK?eBs45|WuwOu{i`C9#3c4dmJZgwhk^`;!#}8|-R1^q<MJV!edS|t5FOtE
z@*D!n8OHuy&?Eu$U}|nCrK_s4VQqOuS{vmdMj$P0iWGOZg#mgsqyt}ZO>(k`@R6rh
z+oUL({p~x^k-uNC-B|DE?9`!5<JN>|U;1fSWB&cS?cp=aVMo*Le?UL|KcIincHks>
zplM_B1@tGtoOw(y+A0i(qd2YGM|l`Q+RKchQuwU3t8>Ywo@zQyy;5(RQn&iSOpJk6
zn}bz8XQ_3j-jSy>gyoCLAhOcvyfn*v+rwD7-M*ym8KXZtMzcFycj&R=*3S8zX7j=B
z?p77m=f2#kY_WfWG#keou&aL-mq>XCM5qOpmO{UZMGxHbxHbC|NT7odeVDee)=_+W
zv0hZQ=;Kaw4bHmzBEV%wV`6+}lT!k-icMGgyp&CU+!8EPFZ_DH%q+|B;Aaz~Ue|<H
zxhWEtdGmP+nE4j+pO5Ig8E;3&aA5OXGZ<#l3G8aEJqoTbkzgLeuD}Mpl)b^MIIu&B
zt?ZfMvGwf6OfZxDg<w~Gy@IGncks!AaZ$iS(LJcPvL6c>Tif52cV%{1<e-4CArxl*
z5V4rUl{hdkSF}_$<5t1&a)0L8q<9Lb-5=z`TDFGI-(8Vx+M$%BGn@w7=6xP#3N;@%
z;;<`^x7c!MCr@POuN|Xjw%77H1Z%}?&FSmU$@$D`obD2aep0lF*O9@7GBj&S*Y9>M
z1Q|Jb-9G!;jv?YLjx)^3ga-jJR>73E+~}vVHP~Ni<)vi~Yp$dU8PZbz+VuTP8mhu*
zSfu)Y>go}K=hUVKqcL=Nd{b?%J~|OUvpytSK0sf(=;=uStEGdvdrN7_vFgw62V?|T
z)~O9T|Cd?r)YG(y*nD{pE!Qb-uj@Ga1eXV=6Hoaw2qTno?b(6S%|m3mw(j`%s^<1-
zGnao_;S*3eY27U2$(rdw7+qUF9d#f5<1hrYI`4;Q_2JJqC*z5#c<bH<w3T}Neigzx
z>Q|08+Y11nKwQ;TEkxq};<pcp*k2Vo0532?ZN;9gqf30>3^yu@&EC0tTcQ(!jcJ+8
z{~}VptYuTUTtwG|gknP5DAV4$rP8{h<xskD5~8a7`SzL#eBe-udyyBtlj0|NnsF+e
ztcQS?^=zKRQqy_5vcU5;Rfp)0S1xw6y)bPEUVrB|icMFNM4;0OpF-kIUf|9J2s6B%
zZ-mDK*+5eP0LB`d12bZQjhwgX(J3dD{A$C2Y*Rgce&s2%(NiJR)RPTz?K%}x%kMtJ
zs0OIKcB`Bo^w@mg+eFa&YYa~0CR-c&3GV8H5~>>#%DBM&Z#N}~BFmg?b5lQ?8Tg?)
zYHeL&4KbBs{n0*sxd375cJ~S_IeEAtqghrNySum)aWPX?uz5sy-e89EL0ykN*S@C5
zsAOZ(OI`svY3Pzs$qtu-t;&CEHQE)A(IZsyzl*O%NXV8tZ!^C40PFf~L%18gb5rE;
zw7JMnph!=Yo@_5@@x3Uvk4M@lZtthzk8Eb^5|+cSo-dj(p9ujy3Uh#44s*G2K5jw|
zT0&0aQT!BoYKL5|)V7EyOl_y75|y->cKoT^d_^Ni{EO3l0Z@Gf4)bX^o%yu^@J<oo
z<5lgMu55l}TIq70il&JyM)f`4`b-3eqr%bssjH?fbsZCK+PD@DN0Eg&n)MXLYk+Fu
zlso!4_hF-_(Td$>(GxIn+Ly0r6J&p(C6R)_w`IXo0k=MJMAm&e1Qq9c@>SYgx!MP<
z4)MhnE>S73Bi$5-G_oR-FoUtZnLW*?D`nX-3N&xsNChrg9RK~Z&ZmZ38%}NU7^G>N
zJy`jn(uI%cS!%u9RMzlkdBpgNA+)?<&J0l{uIMJ0Me`UfY8NN~f!+sm@dC&3=zskE
zf%QOdH+n_K-38?C($q*IN)ABStq6sQ*Y;S!J&kR1ATIQ%5pv!XM@brlYkmux;AvbB
zYII;}sO`2yE(?{;OrJhUOsLnVVy+IihWup<ifR=`3C(1tCUwnWy8Z-3vnH_BOtpwW
zzelOT1#85XMh|e1kg%+8Kj&utao*zS1>+{ug~TC?4RG%bJsVx>RLpcxQ|KLJxo6LO
z%@{<pyWD<FQtJ|?LR_<*AtAmj7B;AyHNV;Dnscjn(lvibDOlJ~Zz(`nfve>)#k9;7
zoWxvf01`_%zZkv;=^F_49e&#betV(BZO=MEUU}}BdjPEpvfWA)_W`L@!2aN&kz!H4
z)i^q{yRoi0b9ll6bE+pC>Yo;sLy>vY(|eUg<{KJEiz6fCHHl4ag@=S`v&YwnNR`S4
zOpV%H)p{>1&aC+(#}#eRg<9hdBhm0vlQ=hIZCwQ&Bo%q-*i?;rrXw?aTSw{3E^q_6
zdA;DdF(Bjb343Gx+PMjf!_GpC0>Vjzm)~NFM!9n7U+MOZ-f_gm7vt7`O`6(GYn5A?
zdS=LB@;Z#pS_`GcR6na+<wcivaQo`~#(EtT=#8Ufk;;t=mT)twO~y=7CBob_k(Y~@
z8fQJh{s<?<-FnQ(Upn&+OAw~(1w32r#+{?3T)<{c=Fea3g2XZMPTVaWd2{dZLDJf-
z1-ABCg2ktnNnxH9aAsAejCU%ni`IvlW{wRz0HOaddE*;?IdwC`5mq~^wb{A~8p$8D
z6t^j>zw08ke;wd*$6xO~B)!UQCM*5j8AmF-<(#%ZGoHFatQB@{RdgR*6@P!J>^al@
zH-RRC4-~6Rb_aF=f8i#h^Y^N?l@$-fw!b1+n$@RLXMyHTeMqNeZ2G!mE&9%7SesQ2
zk<SBI5BCbCsue6H`);+`6)Gj=v5nR7n)dgM)f(OV+FhLx8sA0<@fKKj*=C{2Sf|je
z?AFm}Np0`JPifMjn$nu5yd_h#j{h<smIKPEZQ7S)?nTugsw4?`KRAUx?Zfk4UO{G;
z#?Q4ky?!1vW?EbSa*cUGw_ocDM9mDbdpo}Y$n4%CCJh5m4<RRmVGH3|;V?H7svfRk
zy?6sisK#<)>Uep?cl(V#{Z(r5T(;D~;neQWeKPmy30&E@%hTg_0}w@eOnTIAbb&RY
zppKynRto+S_5<@+<-Vi%YK2h3h1$?3S6@v3TK6MZff1}k`&+_L)t*R!cBMEa<eF&Z
zAx*%6A|B<{OjPOLkh2IJMd*@}a9{Fu(QZV6hFx8;KwV4#;<<z0O4977@e^b*V_(OL
z<eIlOriTlo)sS@#DtEK;=(I0^Hee=y)IiBB;k`r=Qf!%M_0;|vkxEwAPdyx#m{;QC
zNuY5Mx_O3UzZT@OYb7tFbZ;9+;MHQ!SrQ!Wl2adrn5_;0^T9;?2w1V`$}c*IOJJ&m
z-nbd;hHg#9KCK<~=-N`bZmX(4!l5o7hn0<nFAx@XhOvNTF#X(&$6o$jf<QnGgsxyn
zkS<^)&|Gd;*4otTfB!xiJKM1E9f&PyJO(z&#6~5N#PW1}RXe@7-9JB0Rii^(kUnVB
zyG5j_(ffOqMD)++p!7ELsij0Odcp9H6geTE#Xmr(($Y$<Dj%$1Fl&XT{0YJf!WiBa
z7Kvtf#Ar_Arr-6+{f~*rg^u}qu;7$B@FsGI$uNAR?=qo6p2)^0XB87t0)ks|*?`g?
z7?Tyq^pk#CA?>b07|8`t-FJZ`Si-+<!Q>=~BV_LU4{`gNgcH{t%0w@FQ-`8M#_!!D
zja_-Yso(g2_Z?hi@--3#Eu8w5imY3xw2qUJWr#92WjYYxc^S>;@MO+=l)E90x;DGV
z`8(qiKi;t4lT*D3f8$W8`eXQPHv`b(PoK&Pw9on@oODUa^mruBx=o@xxXnkh7O9$R
z)GAv4bwiQnZuP94KD*^F9ClWdfx+^hbK`Kb9Rzb6OV+q~t;vY0>!XI;B`zfEdUIp5
zQ%}&i44nO)v7?%_2hZLtS>_Yq$Jng3ZroieBY;Y^QLoZgfbB@<I9ytg#{pos*^QU}
zNVH(rxHFqK%RDun81<cFo_LZ8LmuUsn+{KXl^ev}(2yFcd?kZOJtJa|<tj87JM7tv
zQ2WCl6JoyIxJ8!(TjIco!XXgH&k<)SC(vdX0!KnI1zO;e&()wKlPVZ*K&oZrw680W
z%$-ELpCqo3M@C7770;NGFa=yL2XKvPM^Zv3r;z5|G(+zA1p(vkTq39Tx8PBXuR&Ep
zP5C_OA-6blq1E#~rVIB8YuRM{^?NE_I7sFf(6Rb)JEv1A?tTdF<tpba(z|jhi>oy1
z22}I({qgM1c&L@tH*u`V^KLm7l>LKWF2i@jy{;%I7W-wBj#Sm~3P2*&&C`iy{Y-R4
zFH#_e4=0OA(Soi)%ef;<20g@elh3(%-~<Pf<V{npf?6Y$X7rP5V>Vt3JPP}aZQat{
z@BZ%;kvSo32*3BFvg@9fd?Btn+|UzDz}dk)xk;AaSNwCbkbZ0$RXs(#LFD3vCAaxA
znIPpNt(PgU*3B)a?f?X~3lxHn|5|j>pLi!QFB9t?QR|`V1MoJcd-`?u9)+u9@LHsp
zTyo7H>}nq;ZPYt@G+1s_aguX0EGZh14l3s4nxK8#WSQE6O#brC`Fz{H>hry^R*2_8
zz}@mBDU-`J%czndDbwPqhtZ~26gM*XM0<sx7Q^5W<mits=LCFED!)VK)l#EfnUFCs
zt-F{HH)duOv+6IiVnbZF|FYlG+pGDxGaZ%Ksk=dsLyFkq?@No3g<yULzYqi!K($d0
z7rtW|cilWvgS)apI(+Yc8PAL62~IcsN8X0~7X$_SxASdLxNL}_C{L~h9Q*Zi^(*>1
zX<^)plxXXGBV8az<3w`q^fcY8@!pqhJ(F-#{pg1W`Fk(9tOiWK?UB7?SjH@-Nbc-8
z_E5ohzuFAikj>Ibp8x2^tH(L$9hK(BXX#1WT)}j~UKm}fM#Mc&3F@!JpZjkI1J?Ta
zlOMhTJsDn~$JVNNU<I*&*NX>QbTiHHyIZTjA7XtE8jw5#81>aC^IJT25(Hx}LA^4u
zKj*ajkhaH*Ly<AV!ZSb1IaBM7sac?`of8vfSmMKS-eVq)Z@{pEC@~nALfl78CONnk
zYC+P*1=`8xZTqF%aTg_nZZMfeNfI^^1PJhq5!7?J==xvmWFcg){Zbwv5QCV%{odl{
zT4ka68({OtD9ZK|yCd`dT1ol$2i^3a)@Qi%I@kubM;)`Ib}^Zva<+05rU9~{knGbQ
zH?cbk2|qQ;>dMDnt)hw$vjpM%EB2hQp8Oqf!n{&vSI;TycCDXw1#2PD1UpSN_lao-
zzX%1P5eC7Qv+vF8-B>OI;<(T{Le{bjw#8T5?g50v2`ly(96T^dmgbQx4+cp2qvQr^
zgnFb?G;<h?EO4(Qr1Y$R{fc%%{Z;J941}^h3ZH`oi8j$K<wgJE*TfY1v}$7}7j2Zx
z#_U0lwVYUgY|{|FWzDGpDT|otZiVVBIv32Un=sZVzn8lHE_PF?Lf`Pi;my4Ss-N$1
zuLJg)6x3IL|4nji2QPphZMy{1CKYotb6X&CFcGJE0;fJn0bug($LQ*?d`X9qSpOb~
zY?goM)^@)gfL|h*`AxuNY>E$VmLW%uIJ@Y8HinRe9X7fAPCF&he5{vgRWYweaEuI^
ze+{Adz&eCSliQ?1I^=;R8-<b}vBUhHD+O@7^yt*4xW+`u$yI9BM?i)-n&$NM2(Xm!
z&hYuDF#gFlgkqy<a(s08<BFWT{j*OPbx0Ym9&Y5m>6wY0RY$<yz&+MsUhwgzX#yYN
z6bmwkzteIKd;mtrbj=tHTg~F9a50NS`S6@Z`zlk)y<j|7NLBIQUYyX>P^?fP%D(^w
zvgEHs<sC+GO2<I5XdWwEWLcKSiwHyYI|uayeA=m<18Lht1<~q@X`^}5^wR*z4VNlN
zygc4dE3hh07Jf|G{L)cR`)C(&r2f(>bB9Py@MBOM9v^kqwIAkp8WAF$E9LE43~~6m
zjg6g*80UuEgeR{=uu&i}MatHDmP$ZEDshT)*h7wd5i^lOph&e$l<Vz`&_4>K_qnF4
z@oUjE84mribuz=;<^BQgp8+S$jSe&t0?cSUaiFF}(sLvcD!J=8caMMji9PX5mgoYU
zp-1xvqrHDm8-%H&0H)dB`uL<Zl5}$KFk6JIu$q^tJSQHATLSQ=lU64upV<LDt-avu
zNSSx(!!?Ei55P;tO}{Sf6Sd@QDp#L<+q*jL*fF|7gZ~6%Ohze6NL9AMah#m%cJMUD
z4gqt1CxH+Mz$FPmp&I;$)p+70gE_lFH)|!3+miv4VK~_n`(5)l%z9hW^eXnFUUlgd
zm}O|HtYZ!V=-)kUHGPCi<v5_Js_t)MPPDTcI!TX$7P6|)$Eq2m#kOy}PN3deUv`*3
z-PnUw2mPac-gEP7k41eeckQ5V6;nr;+Fnn;W|$h`l1UvWS0>%bTcSfOT)<O8K?XiV
zk}a0@+rNCJq&=cr3e-;+t&k9x1vy4o5%xpAGBak*b`9-;2{Cp=b7mm2fT+)TSFJ^$
z4>tW2c7x?axjp^7`ZAb9&=V~xpR-C>U7W+%bG*;w&9K7#M5J`#xUM$+JiqmjB;<KY
zGaL4$Wvn#f%7h5XEO2At)OB_4{CAZBM~&tvLzBZmb!34Q&&%!H)4;GiW1VV<N(6QK
zrfeB0wezKxV&-s!loQYsDJ4cW@cXlYnc>bo&JA|_w?;}ES*&g@%Li{EvK-CFw~q_)
zb6G=eY!=FTM~{oJ7BUka7QZH2x0Es_W`P}%oXGp|RQY(!;Z}PV(**U?J&LsZJ4fs1
zAT|FW;|qLLW;dA?W)0<VeZvl|>KmBA+5)*%R_dQ<nZ$mEAd|o!#_|Qz(-)s|e8B_k
z$FXM~4pQ&Yp&G5;xZX(<bw;xnn*=7OD~8mTf7Q6G;XJY2C$%vVC%5ERY^h>rJr%SK
zq~l@Ir>qVIY4K?bFBn)8;dyo}Ejl}DWY)QpsuwwjZ$6l5i&)0HU{tHT|8c3aLK4yK
zK&Ba%%yJI+nt@t%4^jypnV$Z|Bip69)N}p~j!K;VQD|%oVUqao*fQ#lpw-ABxhOLS
zeC5uLehFj>pbvBx!Xx?YlDN+FN3AVEf>=DWddO3S$ik)YS_38I@aiHaRLwWU_!B?L
zVYa2=zcGUcE=y{rwh?0plt4$$Dru<C${+MUe2S^pkpu04$Mqe{ED+;`JYvbe#mL(e
zJv!Rkp51Pb-}e_M7tu_d6B*e2)r+k<GuAhB-p_aUg((RZe!OeT*-1VBwvzjGNZNR9
zO3w7uZ$G$HJH4A}QS0j&RAIEXS044ozqWE=m|qm_mOJv1G@&8k9J~a6LcME%Q!@4|
zGN+qSMG*)qhu9I8cGq0)(yF#}z$&lkP#q-Iv)HDtB&|*j(Cact5vleWcdc5X=4&a*
zolB7_zsGEMBE#byM{ZzV%*wwG&T35pr)K>j7hPb`a_oRSrLFIMfPBwHsp8q87ERYG
zO0Dt~8bdfy<8Z8&+3HWU&hxD}1D21Yur4aJUKsc`b1o2h<1jQ`grs@fui-+>F{$4@
zNXik*$-B4u^`TdQBWQupet9wbr}aouHj{2y#5q+1rHVJI8;N7a7O`>}j-U&wF^p>x
z4fD#mPAj`h_nN7FE!fjm>U<kY9lM$Uo&1a!hl6D^qt-yphA}#=14KD)pxAm)#hYy_
zA)sg0QKU+^m<EwE*^?DgU&4_^sp+s$#E&-@Zak_cYwiV!!_qOBtI~sZ_Ag;W(5@v+
z*a3p%JJ^hy+_Me}v7!+<C?dRUd3V+iT~~}Y8}cvLX?z+Sfdo8(wpfl|6lC3c6O!a_
zS^ySY`v^q2mmW#=)>uR@`?b-VH|HoX18_4H;UUmVR>xmo%og>f(u(QnAH4=!Xct36
zS{2l&=wsN3zmz?;$bt;IiceS|Im)uWDXi1)T5ilT)F;%3c}=<cfyk~*<QHT|9TlLA
zcs#ABG^QA|0%BquFRvFpGe~k11HqIcl=r3eG0Vi_p{u18Ma4b_|B=l~8}N7J4tP{0
z4@Dc(4mjLd<l?F35B7+!QraWmRE-=V*zmNAnT@u)P61tXD&&^_2Le6MNMAEZ`@EU0
zadtTMq<mN7$WVfTq#oU-k2xzJC0h&T|2-Xqj)~ie7QQp%H<rIWrb*Lx2bPG0<x5uG
zs|UX`9Rb<xo4#qgTeJ`YWwY|lVxR%xI{az2FMSA-ts1|oPj57~DJ)6q6@%T>sVZw(
zuE0ZMafqb3e>jH!csI!p{_=?XeLvKvsT5K+eaHmz7PU1ulr#Lw<D7+Bh`L<&d|}+r
zQMnc~h;(j94+O>AD0wu9F?I%@$aW^IFJXefu;cjA5D$&l<~U{_kMJ0|2e{YQA%NZQ
zx9;p9c-t$JYgzvWPO7uGWQaD2SZ-GT7yhK&)665jg<5hOt5x;L9Zz&D!#%C;q$*mY
z{DLK?Phu6z6ts5P>ZG~Y9gr+?&rh7ZcWmDaW6D2zrwL-(3cGJV3T9NS#yoKc3^ZM_
z!J=;?r(MHhv7^K$i#?I@0ee5g?~89Hw==_RV`y~w?-3G(D|=+qq;pQk4`ZbcJK8Xk
zi&~W?$|1_szvQhjf`v|#^p7mnIo^1Do-X@fl4roI*)QS>S7&EWSiOGm45arBVA1FQ
z`k<*Oj?5$)OurK;9BO0=8A@sT`+l{<C_`-oQglIV@ooJ~!a{!L6rfUj_2P(K&cFW%
z7<u}pG?1>7yLgU8$3E9JK)I`7K4o=iK%5XOdqsjN!QPLcWe{Gkdgyv6d&%n3s(osF
zny)c0coIA&yD$P;VE$~0MxW6kcWsbSoF5?OXzb^}nr|7a1v8dkNard|LFd);M=5O9
zQK=<mK|Mh?5AJy95+I>)*BcRm`yBe+YG$0S+5fTpv}C5@mj_=J2=|Yp6;tK6qZvzy
zE|V*fO1jETWQjs^dK<2zS>aeqki!j&-4~{^`6<!UoV@baDb-lIvVuiXcScmC!JrPx
z=u6lqX=nW$;*Pu8XomZyd|8M2?61C-*cTfkg=@Pieo@_I2RJ3awQ5m33b+<jh`vTE
z`_eoJ8R%GezR>*AD8|Rq<BAwF#oGSaPQT#PwjW9P0M4Ev1?S=#j4-@{3`5l)f|uUt
zd6(-}qsJ!By?Vq|rD0y4P5k%a6sP?*Mp$3ya_M>e5C-GH1<nhCx3C~^m}SGF{>7E<
zn=@y6;*vx!Jn(dCo%rd#9MbwV#O<t*xP?NZk^D9ZaCbJR@q+zMJo(=m=JVZPT_=x6
zm$4oaA0)QOWZJ!x0)|-xezg%Kx9WJGVE6%@T?XT)lpTabeYhKP$TJ;3Ld@di5|8he
z09WPgah-caN3*Pv^qFE@ah3QwT^wr^N&+0{=H@Q2rG?GSKPZ$UmY3YNF?-t(ysS1P
z3bXs{via_ybj4U2A(J4UNw%~NCg(jygX<XlkH#?6cUt1Gu;v%I8`tv+NLD;g=ITz`
z;w<91@HptTPr}8VjsKt4ToVdK-Cwy=h!s$INDUuSSj{QZ=c&g-%Rv}tuKQ9wh4aol
z>;O41!z7h@qbL$NIFu{6Seq5_(vp}W281_(wi?q4LX>_RBnnTDwB`7?boG0E$XaG}
zr*lVbI%;BI$4Y<$7H4(H3Ve*6PUpRNB;MA803NF2BpFR?u8<mS?x2Hrbz&0*iw_~P
z*at6W3Uivb!J+&mB>}-V`kL_QG?7(WH##7f#NMNRRjXV$EX|(#BC%?P)hxm*_tVbE
zd+mF%cEA27R~+q)(2CXFX+7EI8}A0Z+cj=;n;%wsdc#7_oxVK{Z(rSIbBkL2JP*CN
zA9%Q0LLaeLS-K-CC0AJAm%{{yT?`ve`^HS_yr)%r@m_N3#g$C;x)<?jU{oXIcL-p?
zhSC_Gs`#lcc;h){sW`HdBx6n@Z~=49mFBX1AfUGR<v48wWrc-28C9E>3A>i(v5MO0
z;lJIQ%)-g*c1jL9r`=)!U~vsu{||aVg}<lCS)4MLQ29Q|#yvxRMHO=5_4KKB7-e|0
z+u1bPC~FF{Sa)n9&~R)jQ(P(0I18JD&ET_tMQJ9kZBu}6a*_DojVi<am7$y5SsEuS
zE&9y1-qstf7aY~&PTJc0a!7>2V6hmG=J}d>1f;-J<JCsLmiM_7HBL8_1$W%hognj+
zntwKd3-BHK<dnlp)4-K}l44hX<FgAX=Fri)(8?wr|0u#){bIWhusnjE9pcp+KBU=y
zjAv2grE6G^O+9`k9lo8z;N|qO|0I>YKKjHvvmqn+kh=fNwH$Q{PIk|7$#ekHM-3yG
zn3gePLu|~&#4sFe;ej`t*_-T;>UCpayk!3a_z@?Uh%23#(pQ_3YBH(TGtEXP@5#FD
zK1u8&u00%!!EA1OGm$q=Rw!1XMU<w0Gnpeg(*3GCGZCK-l70Pn_TlpO^5*x;o7?D2
zJKngxet&iMRpulve>nTw)p_CyCA>VlIsf(R_1WF8w{z$4^V#@q?3z^7_Xt&;(4?@J
zw}l>rQ0XIkCSAS)+1b~qUTf3`gZ2wP?|OFrUVRH>Yc3(UwkDEFG39H6L6x_E^Y+W0
zi;HEbSGIHIqy-1Q<uU9jHV_KiAejRa2{?dWt06S7Y|h56X$>qxmvnaDf&mM(vtZ~o
zyS1*-dcg~q+r%N{|GDWocwf^UQ{&$?&IirT;3&?)Cl9BGhv2ggs7J@r6Azs(IOsm_
z^x|~c`S~M>D<jIw3>6}W^*J4XUq_^2vVrH0L$Ab7cvxMUv!>3hZy*cWHNDfT8+)~Q
zk`b6Q!E5YZfnFa+_+8=G1BMWq?x9@`HOxY}XHjYmQ)`e~!_->6$y<Ybwr+H$oNTbg
zoIbrHUuyF!rgEmo^7vI1^Co^xo*_s)?4+-x2~XC#>>Zig*PElXqWi{weMqRe?}R_0
zqqe=mIx*4nP%s=MVPlEm5*lQo*B}^7)GiB2OZ2b_H=~RtT2(n<@SG7hzR^WPgd~Ht
zt)Y7+gV_RayhV29aGT*v*ttsLZ$NE~_Q0&xnlE_qLpnxe*9^OV4H1C-gPS8;!v};E
z(3-t|wUtkt%|jFc(fr1L=7RZfI=AwoxGn)Q)(im<-*tVk99&DB4c*g>h@bE{1^gT*
z@Qpa%aZ0C>qUYI9tSt{7{emv?1P@BwZ>R)f3zLze)@;fow@Js4zhnHT@LFoGC#0Gz
za6HFYE2w~jNhue5`GIJuuH|=(3rB+vNQ_+;aZvR&6;e@C%ssGwMqECRn?HM4Z8}At
zwXakiu}$vEuxO*`gLCJH^lF_qI{FLNWxaQY><otJEU*lp#m4NalSH;VgngxaP!kVo
z?MAiJ%;#X`S18#hRh)I#IU>o|8#ybl%p_w9lmJyA>Vo5?WTHsQhCFHkLJErqk_KAK
zF3bFm&5CEm5MY6SJ2ghQolGsO_G;=wExeIpJYEywXci+6W53L;<u=%Y_M5%>pw`-}
z<<G>LaOh;7xd)Bk+(L#4p`-=w<V^#Gl$2U@0VUO2DdgzyNXFH8z1Qd~fzobvn%#a}
zRzX%IUw-lf&vl0HqM;Mc8lROwQadIrm`_;g{QQ@bpI*y<)Ueq2pay!hjF$BgI0L&c
z%9I|*vQ5Q&R2jn>5N4r2^#(90Dq>yW({fT_kz_tMm$!H9?E31BuoEjQYEl*<RLkTt
z2(CJ0CL#uXh5cgL0iLU-kdzZ0%X)9=lr=3{JyJUAefOTfrK?xYJ?tqgRQcjmV$kNk
zAkwj5rEFq<8Q&0_U|>$uvuxXR9~^ia{3*c$8`$mx#?SWYxrtDk!{`q9P&RTI{z8}9
zw%n({fTIQM@{YOo_}H3`V?BbeLvF#~S)IxIuoAq4cX<;S!#w0Uncs|o>(Z3{^Y1u?
zp*;BIiv%@^iZ8Fu{)OfL;5rtx#g|u<7JBK9k0+>q>bf%JG!i313k$D7|I?)TzkJw~
zjde;k3WACM=Jo3#tktLe3e^2|II3QsO(wP^<Jy&!pV}X?lK$(y?e<@fb@VOpT4ecJ
zwLnEor9Zzougd?H_C%$=Zm-_3SMX8GN};NZN&e#=raukJ(hs5Vj#}l1lfP%>AP-Q?
zFbCCt7Ozst{!IM+XEK-nOeH3%fw_h4Q~4B0&#U>*%WE|0us|;OuR+4;xKW-fD7wh{
zJ!*}5wO-e%HT?gH2rWDR1dbMJ7MSW#$x<jm<IVHKN%@DUBP+Mun0g>{!&3fGmQVkn
zx>Nh1OrpNzL!SqwRGVXpE3-z~{(v6Z=iB^$mDH$P+=t?&TMzD=kuL%)|Nrx!Dr4Br
zora@SNu_9}sS>`$N$i3gA*dZaQStAGZ&@t&)6DrAPEHgR>MaaqUxj^y(Sbt7hsh6v
zlOiv`6b>|98``=9a^|<|D>lNgz#i_Egn?{$Iu)P6&MMPWB%*#)ewIU_#7Z%V20P7v
z|G&L&?QR=M4*kBrqN8MEGD}bZ__i(I)k^Y?u056_+A}9-?5hI;pv0IYxCCj9k~qKp
zR`m-Fpc{Njq(}1E)kx@9^`ok*>lu!EVSxAS?Ho_%4MDzUfKi+KgK3OrP$BOO=u_11
zTPU1~g|3KFS(ZZJ9%DwaOaqb<s~HA=XwY>|l%x5K24v?MS&&R4r$9qA@usRg8e=C!
za5G@y`6RWP%!&<kliMDV5>3mFDK)VR9!P?+4pjX}s7bwlUtw7{^SN>Xv{WMQawUmk
zebEIP%4r7tHuG*$v0*By5cH|685M$&&yxV@m5j6<Mp5HNlz6BJypWJx$gCrOhUl-T
zAq1c~_rRj(q2#4}iz@sm{7$mpnSTNDw&jYvrs$>ip{rQUawDdS3|y;PK~)sZp;*K+
z3#u=;9UO27TVI;wU&j?Lv!g=eiiV>tSIOyg0KX!CPKA7nIfCjdS`!)Z_%xh^W3-!u
zBYo7phf88qz3AZ+;kPfWS|aR!E3V5a;rR$S&RC$orXD{bM{uQ7ZQvo0dDoMIgr|aP
z{Mx)iI}w;K8tfKPBYLyF!gIt1K=>G$KRSs<qdDBl_gFlcMAI3Rask*YB0Ty4^zT)b
z7HTdppy?r68tSe;Ns9H?9^?P=O|M1U6H&v|#n-`@wia}E!40m1k6&qjrV-ehXm1H+
z{4VEIH9aWTV1~cdS2nQ|*Mb{nY(%c<cMb3?g@p-t0oFK*f?+uF0k`oNJy^go4Td?G
z=+~ve;U{eoJWDMTUWQm%9^?gJ`+na~B=%Hbdha;xzfQb3#yZGO>bn5)^c8#1u%DE@
zWj`(PtT|+F)8$qqP^gK2X;~P(quY3J{NYp&Bw#395(5t^{iZ3;vxrGc6$|rHZ|!ij
zp*Z`eoQ&pYY?$>r;3NX~Jpo9_`u7AJu4dR1XnqZQxA^SZABYqU%bq~Qv_Sg-43OF7
z0Fiu<0UFKMFL^>({Ipg6O4=&(JivTtz+b&H-@T&BFZ!!rUZuQ$Jbm?x#vjDvRo4;=
z_01OE+)5L^8(k`pP=Ku=Td1kH2CF2RzB6-52a1s;?LYfW$NG*n&QF>5eL0PSxnBfb
zwqh2@!TL>CVDJ8<o-lr*1g2~vGT|T!sa7n(%Zp5EmR;A0OcGIvW)7m`?j-balU#KP
z4u%mEdug|h!fJ_sDyepi_lPgXDW2irH>v|hkQ2F8X`1}{V%Y_HQ6UC-54`<e6bO98
zjx&71eoV-e?CBRdErVz$E7Fm)kBdH)Czn7G7MoE#y5y@Kk<(F6Ah3^Pu|*jsPRK7+
z{*isDj=V9<ZUhspddNUhhLV-Vhpz2(*hx8rZ5l@RBjtR5(P!O1rwF#dL<7OgAcLEI
z>m;fTx@f6O<v{k6FA~Qh&as_KNF-B7hDvD*1c;i+NQ#%6&L(If+ly;2zJ&*Fu!J<!
zvFtW%SiYu|s4gRFTr3aN%j!`tVlkD)?3SmJK*@)c9?Cu@!+D%mI8eQBJcvnY7EQ>^
z8-8Vevs2%H3eZ}|8{nTws-*B{O2sn0(1UY_gZVJXfVvNsO`3~DvQ^E=wpW+WE^%YI
znj1@Y5aVNMh*_*o+0Gmo>^h|?TVuD`S)dBP6i}sf;t8z0w*k|Fw0d^KYjoOH!*Ok^
zUhCJbUcV7ojaJily;i^PwwZEusZpe&MtXEGH8F#K97DYf;;Zl<a~cu&;3ZA^n&>D2
zs(^cb{)}L@n{^xiedk@I6~s&pis(u6Gl+SmdZ;yd2iXEN2-26-Yp$Ur0Vmg6%WWHq
zns(h(<Tg5NC>w1`P)ikabulVyhr>8AX4sB0Kcz}j55!tJUycng`@`_}S1{tu*rKQP
zC5mo;!)eNL#U{*NMd*Qh(QFot@~U92?frHGw_q^4rQ_6XYG`pw%~jMdIrTF&6yg>x
z0F)KqP6y+!FYQ--Sk0H*qJ}p8eKZ`$v?<<?a6R7L-Bs^u)o6Nih<kDfAkd1)F8wX~
zomRDB8h|DEe+DP|_LG2?{oHI+o5XQj)s|m>YgB7cwOOlnEVm7x>2LU>>)3X+gJoD7
z7Ny!Iv<Ciy6=G4po%~>CCTN;7yQgDS>F|e|@oP@I>J*G0)4whGHwOx#a5@Z{M!o7v
zC^`~~j%i3(j8zA;Xs1xnvSjz&nq95a)fK%iH*L4ks=DjVoBklOfXF{d@+bZn!9I0=
z;J**mzj0OzPm|kms|_e))$O=&#CEcwBd6WL21R|>+YUXV^?DOF#`Y~%S2skg8DhEJ
zW1T<f?ioj2^WZK!rhf8BSKc5UeUl-kiP4MeE;i7!>}rFX#w@bDC>+Z{JHM1U-z&wE
zM_Au<VaQ=<p-BqRLt&kSTvkNx(H>rZwdi7cIAFXk;bx)QveMgWi0a%f=0OjcZHnL~
zk%5d~lDpfe0zbSN{={^j)C7;|>hLqy;ssUG_2H6B*~qZxQrbwS7XpL11tS>_CbR#c
z!@=6-tY#`&lbJFZN;jpD#3A0d0K>W#Gu$3V{h7JYZ$pnJmr7mcx!YW2<KDx6?U-WU
z68-~K{qz&+Au=pur`4&4oqk|-oMz9ecj|%F4qL9}^_#W8?brRL-(rSo;c)niv_H$5
ztzpm1fj-TT$inwt4~_Mp?1GyQFd*kWrCF3JlJH}Dz7&Gdb^Lz46ZEWF&2L!spx(29
z{qig~^liWCxs7(<Zx?Fi=xG3dA7o1lU~l-1X0KOkS+3ovS@o7@TfHW3K%>@aHQPRL
zv%z*@|7k9Qu%)5CO}-bv8@QMOHViDg)o)usZ#~Ov!SkYTdvHXYpc4e%me-n_S?Crz
zRa5|V->vm(p;Nb<hT~Xu&+Xt-D71P(vk^8LL9bW0w+r>D;!T+bTJ^JkEIie2z2B}i
zTq|@Pz{Q5wv^q8bUh4#Y$8C0MzTMa^%qMDW_8i=PwzL5DHaw?7zgf3J$H7w)+Li~e
z0IOa1`eCQuYln8YUD%JQEy^(qbeDtOOTHIC-D`#Lq-#1>81y}W+HC?Z_Cl-g0L$ci
zjb^9U+%D8S+!6U#w0_Zlz%Bhp7eU@`*v+68SYguv3fO8jthV3mTTVUb_<k$sb<joZ
zAt1*{O}f*<A-DQTc>(->r`>4PL*Ht7P1~ybj%W4YvH@D|*8N5=uw8%4=Y_|Q(m*~@
zONwCb_xw&XtXu6y8*iO99PfS;7QR-m`)%KEhCO%7FbmtJpQvqrlMZ%i>#YO+ONyyr
ze896~@<T^~10L5S%#w0p_&3Gs(z5Ge)9r1=R|d0YpPv1a%A1`SKrEj+TSR5R?Ah4o
zr|wm%PhrDA$nt%%#9X4scW3{h&F;NQkGcfkIQz|0eDi<0EWF~rr|yU1Una{p1A>RZ
zp_WuAFUBx9C@o!o1p=~eN@F&p0%a!Ew+bSQ-*@~CHiOzvt_<huAo7rbL=MUz&1C#m
zf$YY&JbuTcts`0k^D&c!%%uHB%y`iAMo}$&+H%>w84zrpFdCvvO^v*gaB))$;APA*
zWM&J*ZJxATYvm}DmW4W-^cyI^T1m;_*t}uc3CqgLtqdZ63qkTOmH9i9^E+?UMixfD
zS_@y%u$t!)C?$Qp93n^Xy{zH}&GMZCk27i80C25CN}0n&pm*}ix;fkd1H3!+KSV*u
zqJ1q7H$Ma)nc`B9Wsdz2a1Z)@vF1ldc7*_^QbAk!s!jfl(1Jm~bRMI@_B~?6ArU*I
zKSQTySC@o;*Cv1FGvO0(@)HnIRTW{^>XRwFoRzN6gEf$XL#Xx>tEb6vH_LZldkiPr
zKYYIXde{kCe!u^8{pOGJUQ$$yy&xHzOuK;%EUQs(HrqQ7+L%d$!_wLxk%g(*^oeoy
zHcU_|MH>LB<iuGrQv@ml*y~<|F(kjDj54Fdctxgv;Rs#erWs!%)*}sOL*uYBWe5+&
zzCu)>u;2HCdglp;t@!medJ&T#Vi}ISnGx;ou%bmPT3FF)xK6zu?i%IP2&ZcWHx-{~
zCYz#kSH+pGD&%w!!}a9P7%Im{oU>woDgh8R5rt%$ti_qJ8v79F;$t-7PN$><a8k@>
zRIa>#ZX^psW~>bZ*c8TE%+P{b-EXz}UWbVy=kY8W{fY)SO#8GiiJg|pSDZV*Nvp;A
z+LF3^cp4`I{f#8p2Y_=%;U{dPa%s+My_VexmfGW|bPb54XH+?~AYhS5e1>%`R@Z8`
z{7$$pII`8tU{7+OElPj3Y^bE#UPMazIYOs@a(3owkCXK*NADY9D`?j2=3~YmN-Q-r
z@rTsH$J8}#*O<E3u6b_5cdWoejdsU#Ew5g$Tg`^k>N~Zd-EsUijH$bP!5N!GRep&|
zTYlp+!X--?S<|<7PSX=j;6788D1V47t0|H~kKU0QqMt6?5devSUDN_9tu8SUQ4;ch
zTZFKnr99{Z4HJoaqtXN_i9zt|_4V=l_t)2~6E+h5UOI+{8e<sCNsLJr{}VSs?p?;Z
z{WiKg4g21FIFs^|?Gr4CoC5fRN4G;)?4T@WhR0G1KV5!=TPF&(PQ+SSkcn9eg=l@C
z@P5s1>=RS6B^rTC^xr9p_?_Y>&l945U?EQu!bcVrG;J3Wm_LT(iYGyrQbuA~j4-_<
z=|$lR7=uuYRZRjp$#6I9+y>KVLZdm+NOc&shzvvTTZlHnFMt-l00K+mFogfiyrDei
zD+sP?Zcw+|^_@#Rf1ty?Q%2s9HfvLEeoq3Q^4BAm@b($yF2<=xO`oFxM)PHVFr+m|
zqL)WPuT_T&wI8IBaJ%fZ*YW$Uj@`2QuI*U$mfNsA8x76dy`Wa_h5c4N+<={C);Jk{
zTKTvkL%oHZHu_XCDgxyBT{Wvsir<xJtk(DmkQ^7LoaTX9IvmcfuEX$(0C>+F?@}CZ
zz)#&%WqAckikOfKd0s)d_{y<=EDg5Z3%y{=Y(WN%HTN{DQFKu!7?-=KmBwq634Xg@
zjB&|6M0Y@jPH6N>9yo_FSWsnxsTgANPYebD9j}EMaM3Ja8V!Y&oH1RNARB7pEH)&M
zPEg4j238bf#tJ!)MV{S?Vw{)gi7LWctAa*W^!NKy9>cSeOcc{_1sD~704sj<&=o72
zeQO_Bgf89Fd*)q6S5e^(*s?Ciatrj3EcdAhp{nxSRl><A23==7_X-!g<Jg^g;O`4}
zy&lV|aH_J#d5|jy=2d~Gv<g;xDcD4f4;QC2KV><|hPxEjKT@vBM5N9+a+UiQtMr5N
z;VHumnQUMQbbC~8JY^1lA`=OCH<&nLmS)L0u4htSrkrhWVo{6tNS$F7^f<x;$sA$X
z$o&v{j>f}#5{?GY0Lw*VOr|;wVM>Q{O1lpO00m>;#t{MLH<TfeF?{ho|Ad&ciqVM|
zIChh=I*+D!NO@XnbPt*GXIGbp;ql&PgLY^0XBe5iB-}TXb;huNWtJb-+QD|R#NhLd
zE97(<5rbuGk~Jo=K|NlRZl`Qq=|UkF1brWkvZBXwMW+D~t}!gm^#I^sWh%XJb_e5?
za6&aZD3fYcPHsE13%G$0gOo4!|B(L#hLm8;t0O$w-gq`pX8;80nCNsvWyMTaT`fNP
z(Xm(~qPOALi~EXy;lSN(L~c<$`r+)Cvn%2O0%7DY*b+b};7MRRNDmMSIo`DmjMO#K
zTvs~lq4jN&qA82}^xbp~o>7BECWoTrAe$5M){B#c@Mb7KjxnZ$FT*KJrUPgUYg6TJ
zj`uXAe$h>o%Lv``TD^AT2|v0ol9UP2xIehzv8fj3jhCr^7ObS5Rr71Dc56=_4L<>N
zM+jon54`&v{XF&VFZ#cR;nyQ5jru_PzGmtiI%-mB?2f!9EoAEH?{A3Hq3?Rp5uVGE
zT_Mf#_SyN>jo%ojPyPvk!kvD9@%Qr&OiaiBy!iAnk<6_rxnJ&;uotA3rJxY{ulXz<
z1R=3oFKyd@aysyn;1Phcu!HRON!}7>e<m{B%eR5WlT>gD$21IMSn?ZhJct>_;;P_l
zr#FuWn7e|esV&M7n<a)V*9pUV=Ls7Daxou!L46JH3D0yQGRGLHA%7ED*wErBXRM$f
zcKq#RiruP0fzgMYNNpSPzC?7V3i?nex93^!#m>)vFwoT9U^rwsZ2$u;%w&PlOfWME
zDc!;#7Cbk<Vu+~z`sUt+hS?@MA)elpSJa$Opc6My1pE-&Q=|q;E%vUDWiNEDscBZ&
zq_7>8F0xEIE0B=3*ACr&ukmzA$g#*G#fZo_;;Uca&BaItCm!PnXouBv9M|49BgG>m
ztU@<`Xn=&YZQk;3*7w~IB|9+^7CX&l(0(z=sSH3|;o%*qte^1~C-l6+mlJQ|QK8Tv
z%+L{DWpBs`cL%2Xub>ypjI}PQ;FDa5QYaa@XsR!HDlIaNW<00Z{S6Rr+*C$2mPd1^
z)^b~Q+kd)fF7Auzd`zQIXEVkv<P>;A3maO0JwLEp+eY`TaSDd$9^2s)ejwfe6WiTj
z<~_O|mM0g4`V5JD(2vFsC>9n}YR~iGu>%NrK8{#4_E|(GILr$89r|If@AO+w7{Al`
z9!W`_$~Wk*fzQOU8OK>;iR-1I7hA2S<20K4isN#6uZfWVs&a=@nD2RjxDUr^FrJlv
zN;G^5oHEf6157wUc{@Zw47cbRA;H==QZYcFYW82~L4j3Dk`&OV`!t*lrZfS^1CR@y
zAXhBZI-=ZZ82pU}RWFd{DsPkQ)Mf4k<TGeu%@qhyzt{AgzW;<7jjk@wtl1)p*0yME
zi`TZ?cE_)~`$~Dd>D0Tw9){za*=;F*Yq(Pea%<y*B2|l93Mo}oTE#w7N+o=FQuS5y
zAhlL*?3HL)(z?PSPzjo9-lPUs`yu!qk57&Axl_sVsyTvVp#DjcmSD~U?LM|#M1?d3
zUX@&8D4-EgAK35-VA;(oVvSCtR_obq=joE6lw`Eq{fY1-*UL#n<M<Y{Vgn_AYPhv+
z8<lO166FH~K50=XHzN{;M#`oualkB=ODw=RH4)r7@oh*w9ifAGhq6&U*!U)*8QQ-M
zJS(X}rMYlX_F<t`QJ2&jwPw5DdrT`P9(i43za&eZEtejK0wSU-%&bT|ZzO<osBg*o
z7Oih#K=!7;HG8E``k1<FMATJ(0^okyUN}-y)Wna}>u;V5Oqz*;`zalhbTIy3rplJF
zMJuULq!n%aQTlZ-%X|RrMD<AWwY)}zL8?+_c|p{<WCG<Tv*^ye**uo9RjI64gh*X^
zRo4qwnvGDI4Vaq%d&1;N!+Yr&utwP2)xk_g8%KBMpt*)M#mA@cXwZm%G`0;al|391
zF7J`hW`pY{agyPbFiUX;E=%yZ))81E7%?4;ltS)wkqWKa+$<L6<G3{c(PLpYn(a=|
z37>E<J`5o@9rS3HUGvjIsRZwgW-HvzjheqnS9wsdyEM~+2EbHpbnzm~s4!`a%v~`5
zhEQU3@(9@!Va)~*v;BI1tK+ylb5ACKSgrQMYy`VEew3|<8MN8W2;07Edrf`Bz8`2a
z#J%{VYzM9=De=IphlE|@<=pnTe#2?Cn)+aS+3k5sWL`!qybZnC$eR>JwPEpWcty+i
znx4CDo4O4TwxT2J4#s}SgK;dQDdSE5Hut}VG*B|ESBY|sB-`JAYvM4=-H%b=-SdZx
zzG914q#k2o__eSy?0Zss1j~3^SiQrmU!pbsKjt)>quKy}?{Mu;VqKgpDqU+8_u1Uj
zm`|616&xL<=M0OGDoD-I)f6UEs-;VFGpJWcqr8h?Jw0z)d=aCkjDJs}K68(t_To8e
zQ)}3mLoIl^WaaIDe8{8<WC$#x*^>;aG4Tvmvz%Jf^Y)B`lrm>EGUxlmO#s=*3g=-e
z^7^cB88y8)E1DO)VpAt&totpDKIS_blhP2?=QAmIBNHxmA?K%SOPbB5bt?u_)>Wsx
zzUINHsmi(0<ti(iypBF!gp1C_1NFnutp&9wtZcuSPHw$_F`9U>BgaH^1fH6xIS}D&
z%sx@PIVCQ!MVrH;K4|v0t@GNDyetq$COMIL0*51FuRxX(a<qWj?5Xvx=Tr8CYry_1
zoF>YpoFz}x@Ao2aibor+X_<p~m!xQs!=*As=46@pR)!*y0P`ad7Q(AI0Mz<^(8*ex
zJS7@JRTUwBqA9nsrmoCp`+t<OSV?^g>s!5`9rWwFcBD)>67uLJpSovP*H;(s&#pgR
zo*sWZQ^FAHYIU!VyWR7@e>gkMRK%HJybD?#Yd%aEl$77(IuQ+d2XCj*2zNGVelZNH
zxOW&@CQ2852=7?YdY+YRMq)(K{g32p$-^Py8VFy1#)opM)DcIvU>a`9Y(1cYnvJ%y
zg1KVTZ`T@a?@<Gr$js)ts3uC`vthtPnnscSFbrpl%>sC+I$GP}wXIIA(`;=gPBTs5
zyVdl)YHr+3Oash@03y%5qMOd<!`&ns?w0c3CSbXFu##AI4+xeVq9i2F9J*}Q+f5Sl
zuAhp3*Gs43%_;2@u+~V$yI%6$Fq?cg*~CU3ETc>GHo=0+Ch^J5ANgh;tR*a@x3F5&
zT=q~J@n(z}T6wTmwy#(VtQlJ9m4rV*IRjSv*=%9=W(&1uv(v2ipRn9$b+ZMy@B@3>
z3fe7LLKi4$FZNwqE)16u)~?2Iq1|tEFh%NrW9Z5sb}Le*=B8aqLUZnkJ`0m3I<|07
z<tv&uYVi7wUvK!!Y0dXxqekD*)r!S}y`il44Gp@BAV&QX6AEPYpnP1BBvW+A6A<1U
zVR~=4<$3bL8y=dy1a+wsGQSA1B;yjvkzhaZ5`fR`w_o$@u;1uCTS*vvZpL9q<;!?~
zfsc!?818h#TUgk_>f3d%{-XsKKuMvQ9XD9_qI5C!Jf!T3D#kmH<2m&WWa$vDDQjJV
z4f@J|<yH)ceFn%FBH{|i7K;Rs1XZI34;7^k;}lqZj1;9r>JU$0ZC9EJvzjro$OR2G
zOTuc-$6n^0E8Fv~D~Sb1b^(E?jY_hAPKEw`4WLYCxv$Vp{Wc9JLm(p8Tv*C_<l|Km
zIM~?b@|Il6*)V&q?aoG;pb98d%fQJVMKt~noyFrgjh`ojEh|P16q1$DD`F83_4pK9
zfEZ9O@Cxx1zc{=-5gS-=n(@sFLf61=1ig0s2|qum-HVJA&OMHb&0n|}Qq;D8dM&%T
zk3QnN$vdG*H(^LDvETGW4H2WYpW%mQ0}GlJY0Aa2MlR_mj*bRp-7)*Eu;q2Ur%MLZ
zP!Ut%kxx*VXAVcD28@`-)*&z=1FL7Z-C%D+)hrf=rqsx?f=Iwp6!M`$I5p5zPDhbg
zGdKkAH#?5rU3|}}i!MGyIw(YcG*zNP_#%qm<Hm-F(^w&NyE8bL_}wCtO(H`yY`Y%x
z-Ns{Te1*D9r|?zEp7p&CLuOB=A=RqGLu#?Q*H0=7ZSTzL2lZy%+nT!fT}s`{qkJx}
z>!q<cGm74KTkrul>w7T}rB<;j^}X-NS`kNq<h&u&-=e%l7wMeZHw9gPG)n`x<iFLS
z<0It3%V>WS=){`5W@|#%F1w!Ff{u-4gs#5a&I*V{E)oVePefw10(SJ)gbwc~Apb2D
z$c!#{&2uLr-5wp;>%<ZGpazLm7cip|ey3`xRX=ikNw4HZzMe^h4so;kVKa=AfiM9S
zB`F)gNI!`+AiX>X-uL2vn0J@e`#-CU_dsRb>eM>zp8u3n4Xms(b{hR=b2~<2TZ#!@
zprPa_zULZaoW1bp&3o_G!e-NH>-AC%d!IH!du1(jFkLEcI}^s!8%lNa%&-=$*6|Ri
zbHHtzI4_W^Pj7NZC@)@PGAeVumZ;}gt)l)CZAcq`FR0m(HERxk{-N<*4Rn61xIZhq
zt?Cve<G?BxAmh6#C!FzGP3Bim7bw$dq)Wt<D$VrwWK&xe(%vV}*CdR-lHo#9!W^cy
z>g{^qc=l45`jjpizK+QwluW}LSjli&>~S9|?^bIHf4QwjZ98ceAB*B~O2%E>Hllk(
zRn8XCzq5sOPtr4g@jZEuEFx@5i&~y+UA#+(Rwl`Y%%`Evwjo{gWUg&><$kE#8#M4_
z=D>3&K9sD@5m-)6;>6$f!Cm$E!md*LekFfk!D}s{B&qk@me+d9Br%cRk&~-Wr#$WP
z67oCvbskt)-3sfCMsM2;;AY-=si!o&fUn=3{YR0<-SMY?k3TJ{bAgqLDnR?|ldH45
z7htZ|)!8o>?;gX&PoLji%~@EGIC15i>5Q(fnlpVLh$Z*XQ#b>b9gG~J8#COd_)A1{
z4Teb)*hfu@=w~oh!~$C1J+IYjH9NIl@R-UP<toxDY%=A~N}GpD%Z7>Xzv1CDXHW33
zlEo@nLFjgWylq>=tW4w+#yFqvyO+%hULnqHxrqAg;Dt8>0JKj$x*?3VP*W7lR+>j;
zK@2>#`qBiTk@e4Qgkk7rg=kL-57-6G!>Qp3!F9*TQh`^HqtIue33w2;-o14jS$?}0
zWHV>)XR_yon1rpxJ)g!On&}zPrn1Y-@tAq^CYla^V1;_#G=oUL-iBj%HHSQPut;!x
zi@DP=Psjhs8{9Yh^+wQn+E@@_;KnpI6dnI)Y8|G~zzW)~-P?{5fAizN9Zp)&X*0)@
zq}#<fl#geT#v}!Q63?VZcTLjq!oS`|G&dE~5Z~Pn{9BGj>oUD(3CpZ<yY<Cdv?Ms!
z!`_5{cGGuiy;|?-(g6Mf60Zt#d>&daiA370^;~D?kN<~zL7U&ml?}q^Z1l8d(6h%i
zzliC(=lpchQ+v-S4H_^aEGZ;@sF$@)RCt__wPjs8wnT4Qp4;&1_G3Q1DdgHmw=8*n
zZa<K9!-p;k0sDiSIl~-M68ULS^d1)EP94X8R;r~{@~uYS4V`U2HBQH?s-I3MT+*&V
z(6r=ph2WWu!zsd2AwPRJ10R;6Lb@R;IxoH1tw;;VZ9$LHSe!AJ5dH4t;jW=y$%Mx0
zJYzaL%rbntnQt0jlqHFovK^}sG(4Na6qi%9kjUjA_i$~|I+JKPqzS%hh{XS`*#zHz
zSH2g7<H9^)S<)9Yy{1=dJmIV!AGxi4%#Va524*tA&GRkM1gOB=3hi3Y*|uMbIHxPp
zf{)?Y8_%>}YVq*|KEOS6F|No@^I62>Bq?9th4-hN%weE)rj<=K|G?5&y&Xn(z#hTQ
z-r(1(@P=YD`l9epm%xwBr{Osd_;vz+hc~2`{RLO{#uyXtcnBTAMH>CzXfPIDaD01;
zDbpTMA90KTF$exVxxvLWOAO^<lMZi)*{i&eT-WdWPdWYoUg9();=&-N^wy?TEnd~?
z1VOE}ZDd{doy6V|ms328v-{lhX2J`~3lyucB0|%d?hym&UVGzvmY)u)U4J-#{`stX
zcJ<5IRX6cz$Aa$V`}2?2yeIbg=i|ShpQOIfif6}HCqG?Z9)J9)oAblp&ckoz(4=C%
zKcK1;mK5IdL#79zqS6PBOj^u=Y#eLUb82qC-+aRUuE!_u#a+Nxvp|A7v{+S6redq#
zx5MVP<Faoh#4^lFA6z+Y!GWWHJcK>P3PfQYk<1>E1Ux{8;t2Hz!;p-kV9+1<9+%EO
zHeo=3HYN<6dfRFHjVH{wbW={q|GKIld~A8+zzTo2!mwX&^?wLI__TAnbb{A8s3&ge
zsYXWzNB4Zti=!g{`5z>&41<^WB1I1Ah17i=MH&I=Pot5HO1wj7b#Bgon(<j*ffh6!
zuhnt=N40q38JM+#SEVd3dVMU&tUf$~_10LK8qXr(2gv!i&}SYOUpmWg%}f5n*~gTh
zJeRC6SNR33TE;sbyIRvf-s}|5j+}H@%{asxhve}iyHo!ITyTtyTRbFGXBVRCA)E1X
zUo_-tJX>W*sBRjvmL8ISZN^Vt{L5fELp+{(ePGIpms~d_Z?E$Lt{aAAtb-VF^&we%
zZE%BzVaPM!PUL`V42kV?Zuc3_adpV^_zIrE_i)0O^0C&3B48bqPS36`MNDqt2)>bf
zb?q_u0mZ#K<#C48sU+?ef|iS9iuhkPOBn<Bw1QT&@*}!*<80=CnCkW|t<LHJImF+b
z7L-P62Qi;3#;NfKBS1eK8W`KbXg+#7Wrj7U@NPuS_e=Zxk{;vqQs6uHRNpliKpC!z
zuW;uTU!JpQV)2Swe!V2O=BgrCxN_cmy>OU!#uL_NPy^p4@Q7g1S=CF8iA9OULW2@n
zRoe^3>MQDn^&ww>F`|X+O}$Jrk2F-oq|DyLv}nB<i*OB}-%18@_ujO4Y}i2T0!H}o
zm=Is4kkryPT4x&ifH<4jT#Ex4PyMAFba!}0fk#<zMxjRfj4E7E=8Vd!+FsIUG~Y|+
zjEWYrH<kO!OyM1D(K0i@A@EoJ(p6nbwXjlNl?A57cXFnG3H2D8-7=5zg=iyIx*`DH
z2mC3tvqmfe<bive8MH7|D#a6cs3OEP740{Cq^m1bz&dOhy@GhQ6nZ_W3zM_eqrvYa
zLQihW)0N^Gz=dicV02#+{z@Q+gv$*N39{7ipUd0(7!QNlOo4MHqtJpO_V=l3dQp)=
z9M$<3*&`)?=n~>>_Mx@hyJ}klC(o_r9#`8MSG>6lql$y0d%12fs^~WF>Yr(kEh?Ob
zF7FOjf0VbE-W}|%<VR>c9=>j0@g|dqyBsN9@cg2Kr{7;xX2;MHFCt1rsWU9S&i>9z
z9h<*X-iJ3KR(na~_<ugQPxm$&jOn{Zj3rm@82aRY0kU%Ro6R>*M4l3{Mp*(u4gEbj
z<P2xG#Z(ujJF)KAD|grIV?iJ+wD|;Lj)@qg;DxbLIw1-blnthc(xpq6eNAIJ_E#ZE
z^7q{b(c<s|>oa9D+8j@HI70UuK+rNd^*wk)WTb0`x3BI|s^<DpUbZY3M}@bbuL71w
zgVzy%**R#MjLbRYK%_1krktZCM>$1f>M=_n*gW4?!jr3g?t>0b#Gj65bN?#=mYh<M
z(j=PkumK;AKOXksblze137R@%tCGAml!Cb>T+ux&qVh<3ix^anbOf!=(TG&4qBDzF
z&8Pf&pf5R#zvP&LhWv$i<7ng!;gSNRTJSJ`@NO(#Tch!m^{45o7X1D2s>j_*0*gfy
zi3l$zqtgrg6oJNTe22fu3MO99$6v?M-S|z;ka8J$NfsFSX_0hgX<&*4jEtRE1tpT9
zr`2;-70!+*vIb)a(4Z-@wL7J|YZKhWA6Lt_1J)|@dmzasiUfLaIAL=_gIs{0E<GB5
z@?hGegc0RhfsCi^+)}oIHN*gmgE8=NDb7TZGNNE%3;a=D2oX*50s{6;dAz6S$87{p
zxT&uu=b&P^yr{oQQS3MSOF7p8>Z5ZV<m9jg9dNp%g@V~wVcWkJLZI(}7Zi3tr!SaE
z4o-%XRDd+FlU!7ts#(sG$ILkJMKg|nBJ5r;j;NVqS>Fz(%wp<jl$D5-D_Xip&u7JW
zVrl>X83AoUIl>XLA|5b?2`&N4SlCv)xg=y2WmJuHMb_IJf_%(aikD>K0c_;M#YYk&
ze6S`H^hIvbtlDPcJPz+jJoOI)sLQ%wsoWSZG(!4H-RD{s^dlGc0qD0_*(F_n1J|ba
z7{1d;?qM}7x(a4$|K<Br<(AKG;6TT!iUbc!VtNalb1FGdG3y-C-WGAqtkxfwVb+PU
z(?M<rGnR8$CCCZKn!3*Ny2M4SC-45T37J98bS5)N0o#=c2yLQYN%korQr=9_M*BnW
z%s~(u$iV)HqOx4o=XA2__$Xh0n%w%B#w^d7B!5=nO5m@Yms$?xZ}&5nC>Ac@S>lEg
zS7*P|qKaKE15L;kPm^M`yUVXLLvL7O?o5<s&N{WZqyrtn#}fSw1DxPzY(l@{FEr{2
zwWK-Hm|AjGHZE31Se6WsHpFL@D@wUCsvK({cn4}WqEPG<X*Z*s>PfMG2G*^|A1JH6
z#-$Ip2yzyBp_<&BO`eb1j+L!mvD?XfIvEzcOZgt)h82kQo-VJ#{lBPuA_&o~0@I_i
z*gOlA{X85LYqfhyU*u><36h9@WY!iZMsG){*N}Y1a@pIFQ5XkA?I^`+$OkNEHI9s;
zvtI_&qnt>ff|eLZ+3O2`BhwF#(#%i=Z8VPZ8uyB#hk0xbcTwD@oXwB4G2XF&Y@J|I
z=_O7X7i&V#E7+5#J&)x9G+|LPw7x&G?4e&0Pl?j<uq1GPXYg2)&%&Qie?B}ry&{s8
zmeHcn`!14+srjB5Nir|D&_?9jAiUd}y!GVMRZ7$<!mB9LSR{6TO_S=Z@lm0-r!q_~
zH77#0wDXb9c|)B;-WNxD92v*qZ15%DIy#`%;YUc6llKxGE#qdy#$gMX+%Po%MH$0t
z&?g2n2)P&j@Wy)4SMC$PjAzTDh59KORO4Gy(@kI;DQ~3BCQ;tfEIy6-xa5#<#gn=Z
z^&it;M>)hmTQK~8Kr~(1d1s;{P6;8Z61YTByg4HC3B~}soy{ik%fmw&M4>tp#Gwk8
z&mj#dawvih9SXvvcKz%a^bn3gVx@8Up02IJQt2ecQe~5=ZSe_XyeC&Rq+9-eTxfyE
zub(|Jms6Jp!JDYytwpAmmtl$n(7U%%!#=o6&aRGy$PPe%Z@`R=$CmDCCIeM@g+={`
z(`hta*n1xqPvq04Cg-A+#_A;72^Y*tcO2FF<Ws@}WQC$R)M2yQ6U5=0$Wpfv4~K|T
zIPu6Bq~wr$_PI%JqI1cOF&Wvy+eor+e-N4@xaL$zMP5S{ax#qO0nNQQ9E4+<I7~zn
zy-sS01dPjn#pK+TWa}h(wx^J*gn{<rSrU8`Q~ab>WCOl@>(Z|ji;xjynG9_Uf)(dv
zUki@<Qz8%V2mR2$_lF@V(I`tSyga<9%yM_JdPC84KZ5qrpm#JnH;>zQa`EBq`QNz!
zA}7*NGbyAa`CVRgKYqG8%W(we7Uv&6p8fsm_~ZG1#RoZDQP@5uVplo}U|GiUOQa3(
zkByuQlR9QC7UzjzeV$VKU+96BwUgQv8RH5e4dLN=5fA4yc=KTp0s^FRA{J3F_4&VU
zB8A73=bMs4XoUG<ej<^AUY!3dLf;NUb%Qr4?j*fM>B1O^<$%_<u(k!YEv#+1^{~<3
zPAq1BDv72^l^IqZeME3bo|;yOF6N>7l}07ceB(*MQ;o;jFWHdoI-324nmD`l+ni@q
z#>k1nU-_|<DdL<6+j#&C4~bkXc3fnJMXu+j>tdu{Nn@^i<Q?-|38DvL5&t&yztWFz
zl*S=VtLA&tfB?3@h+TBV8izxIgJ3=jR%I1`-#@?E4{WFYgrk{K<uN9sU_$N1BmnmZ
zqa6=fWCBVBta_(sH=I8#2}tmpI>AME8V^TqXr(0ps<i0m!59rxk8h$QW>8idM|V)y
z5`CA+A#p}&dwlv@JEHQXq&;~}nl_Wgyaift%cMD}@|vi?SP)GOr(Wk(V31*$NQ8cW
zfej(@TP7d?qiP&rwMS(Y#3M6J<&?qqB<;*4zsEw-$5k9t%i#6+BEBF?azx2e<QlXW
zYf0d#`nM@gyU?`kN@uCQMDInWW!*$HmCcHijUsQmVXfso;p8;$qZ@JzNA!L+@MEH!
zS<b4P$!vr!o4ldL8d}Yo-KuxCLT0aj0kR7L&a!+Ct8#tCvGP1fKOCjbQam=<8!cTa
zp|Xn}ml8anG_YD2&57B?{a|VN790V1lF$8Hj1Qe*s~$CXA6;QBPMi2RbtcsPJ?6G&
zd0uXXn9{v^$L%|fM@{878BC~Wk=}4iDO`hwF`|Sqv|iSbNO7t~KOm)g#fcn${X3y?
zPUv=OJwZ^K^;W&zQ)v}+Md{1ycs7m3H*b=oBe5nXrORnJ8q7y!QaU+#TYi1WE2D{&
zIOho$&8Ne{ljH6sebVL#+MJ;y?-w{gz`=Mv?E^|w8CMWfW>Q2sPj_>5*8ND1FV9~x
zX+=c@L9fv8X7Hb{A*QJc#x(1H8$0q9BBscrXEX1xWG*E%n84IkhrB{LX`&PL%9d5~
zb})p~gJ=k>&cwq-_%`q;(20cy@p{p>@D=@v+J|^Hz}!%Xq6GFbW->5>J`bndtZd+;
z={2)7n+}G<Ai5jF@<0dN2A4ZlV;f<@2HnND40If)fi!UxAw^?|8sk`h46$lepys5M
zHK5Jg#a8m}u$7$KMulW;UJLDAD<qux)p8Y{TYy@ORfh?o#N{O^K8(ONj01SRDd!MZ
z2-vTf(vU;s7pF7&0AVS^s@mJJA4QZnegA^Q${P;xj!&*6N)$gI9RC-t>d(=50K4<~
zfYya2{TPlWs603iIKg0lhu@MQ^P~MMpA@AO{}RJXbmY+%!b;}`9w_r3HO`T^ba*_O
z40(PJ>zrR2mgp)z><y#d;RtAAI6Y)t9*V`QGWzlT^Z20hCzAOmuJnVK<N)?wS3}Gm
ztNiv2XdcDI(hGTGB@6VT{6*IT4^McHJ&0vF$W;5D`ulsjm;cUxRHmd7dz0%^y-2Q%
z^ZcE9C{6hefvkHd9moNC;7ta<B&*@tu4~y2{%<l3(MB`h0uK&d79eowGc2zSb$MQt
zD=(6btad|xK81@$LiwV?TfY$7X}ze>`;Gf9W!4;PoChxL_C*=~<=6ax=LH*tF@Tp{
zJt#+BW;&o8I>P^d*Z&qB!yEP}dtehx69B$Ky+;Hzj+)IU4XW|Cn^#2X{78$hVlalJ
zY!D1y2&8m6fjbpxB;cyW$mfhQF#OsVn4a`88O~#(5^zF!+jszUVV1-luAn=xCEbB5
ziiaI@#;lND=)q3lU_J~opg9lAl#=Si>ry3FeMO~B$mhj>r{M%1)#2EOl|Sm<13HeX
z7d_-afBV9!C9<UAy8O(YkAR_x#Y$`Har`|3<gMCpl^}1ZUv+t9LoH6Kkn&=p4vfuJ
zu<ewByg~;l*8MAK`*Q@edW42^_gFlcMAI3Ra_Pz|BI1$);NPq2nbQynz#Xbn){z-`
z<n`o*aToc2rq`nFiKt=f0{!f<wK(7lD5VZQPC85@ur<+QqcVP%^Ff*(6mpZ{p7fPX
zWcyn1T8v!hnts;+@6Bho(bNRI0BamY!7v>8fQtBw9xS+-2E!ao^y|{#@RPO(o~4!v
zDGgSZ2YCV5zTfu~aWIv}-8)YEuM;nhu?}9_`YwQf)BlP+Xs&t6QLvwuV44rv!)Lh_
z2^3mlS{C-GqT6_I{NYp&Bw#2I;eiL0e$$laui~VoiiLTRs&+WqP@Mf!PDJxFHq3e*
za1v?mo&Y2S$$J70mtpS-G{1(uTV!wd2O>p$zb6ne6~mqYlQ@Fz2|#*Vy8Qr-^I32=
zEeDT(WE~AaX}*5R-yX&9F6FPJtukF;)BLZ%lD;!DETYOUdVWdrAG|!xFNww<#LG(8
z5)1Xs7P31^6TT^3`dU_itsy6^skjDzDVn}BvzG@-9#h(X_6>>kU2B}5GVl9x8U=H|
z2)b;=ERciso36kU|4BVz{6q<a+2lRXK@`$|mso<Af6vz}yRLiBC+~P=4zLe!HM577
z^P*g3e~V$dlhDU4bCTsa7)DG!quoXdw<W5m%gC9x_+p%5x(<G$8d?ND5wMh|$*(V#
zU91-sVh~J}E96CiWJ2sd!!7K`gjmV`ev#8M$RM(^hi`)szcsq>3Wtvg+fI!yF6p{|
zQ?0#xw~ALUL0omz0|_knSnN@T5f-vGl?P{Esv~a<6CA-@s~$4plqqLr@u6!w9d>XI
zVW)=C{YW`(^lALhDf%rC(?I|9=ZaT$(r?E^4?)*3b?qF;KJ!K5l*BnUJ|{_A=ICFu
z51I2WyU5{L!?IhjT=|+Sqj~Io3xjTdi0Oe8%$EJFiE+vDE)bK2AH5sw``>gg`V8Sd
z?w<cFh4B0+6Si<v&LxlaA_=KRf5LD;*RVeyQ{%_u;lPWF(Mi{wDlM@Y&ECP<0kNM&
zel&a!1bjXrM^tP@wT7h$7F`c%!Aq2eRkDp_Av3Qne;)tF>~oz8A)gP<Pkz3CM7cNp
z)TEz2o+MwKRt3I%I!(Sb+7;gHTl4e5=kb?UpT{Ds=o!;->H~}Ndf%9if+<CglxArM
z_?$LF6em%qFsPKi4!5MqEIYNYCP|8s1G!c#?mQk3EPo$iVvGY0FAIRP1i0xCSXyYc
zRf>V-X-Q15Ud(4bG<cBUq7Zd|31HPIa9U6`6^a3+c}$i9lNo)f=b)mlawVBVVihF=
z%bZV+gJ60*4lbi<DyrD58c+RlMTU_ns7T|Dv5G4G$e3WWD*Y_#z^F+CvSCEK;E~6a
z@p4tB=_=3*Ufba;(+`UbCcDwpVUfqmn#H*C?s#xDC_uO8(qBIx{J&Cv^)Ka@rQd9;
z^W`t)f5AO*D!HXo!Gb?OQ0Hs80>$0An(mY-tN>MZpVWm|1FBqix<z9(qz9+;RZ!9<
z@EMfz^Q<KGV^m<q$OS1)kT(8?$$aocCozs>sYCO$4a2cI46%q?R(ei~*tguNHUpn5
ze>uM#df<~LI^fmP1bAhCm@M!~5eFW(fFqdxKEqpCLBs5pWg6k!MN~fhRj0(KRQr`j
zl(!NHE7AKe5{=Up6O>eN_%8~wW+A3Dm+H6CIENlzR9&H&K?&&^EfUbs%4g$1Ulj^c
z75Tf55><K0%Db6X`32yJrbRW_1Dn=J6LVcP&PdYQcGaym)0HHD{V(bXo=fxLjNfOz
z&y6mVa_TLNp+^D9oz#50sBpw&y4d!7%*>T2b1Hi{{pKGhH_h>Ih&GuTyvHMnyfxcL
z8DUJ8que(sXIW9QWqh_QM5-=rz(IE~qVe?bcbe2obOB&q@H2D~CkU-TrN%vz<qA~7
z<Re$6hf2vGV1NpLY6z&{*959>zG;ovcScl_PFVZYS4pR`)p?lm^a|^@MzI#OygTon
z`@)+z+)9dyRAf-NY&5t`7`RmYx0E3ahiyw{HF6DcF#rQXX2hfXrP}t;Uu2UD_VFTC
zLg`5ZAXD7&WPd1n$ue{j7XM95ee?{L<_;n1b*9`7tOH4Z-dI#~AYZ&dxFuIqi_!|A
zwwPM&vv@~cst@jiVl}X<DV@Pe8gyrR>9Bl&7puqF&}ddj;nI}n#lKnM@3V<b=>>a9
zn+<FXqL1^yDX_ND3-Dy|5~3C8Kd1Ztva+}$WkRuzq%bXSG0P1r<b_$zu&R}YULYn#
z>KciYq8BlLOGXT$=~cvUyr*K*jg_nomb3GCHr@E6nr=KR-*}VFm2az%jjSFnM>Vz~
z%+)L8_{D=>BPG+yR2nv1U~nnDm`q>LUkIG%f6T)!dsp&4jLm6NHYe76g=J#Hy`biU
zFEZDg&<y_2b6E2p*si)#ug6%dIoUuxv$i_Yq_@)xDMPk{H!CVX)>L|zd<y{`f6vN}
zXJyBeQFbg=a_E&CI;BQhdbflUL$AC@L|$LE``|86Ml7#{So;aR$4U#Mwef07Wu0YI
z)WN&QmqrAaX6Xh&x*H@#x?u?^>7`5RCz2u{4GTz!gn)n&OLuqIN;gPJ_vPNd_szX?
z=FMlG&pGq<d(J#F6V+wYd{Y!Xn;<Y&6fkSDlVc!6yoZ;PkX~M@tGO`@eSBG~KO{dH
zbJx|6xy^loLm$T}2Y1%+$<bZz^WRp!GPR0e?29=xOF3}l8gM}59qd}UKDr=IhAqr#
z<&$knC%;lZ4ro&-y$ZPwS?XJu?4a`zqdp{EV8C%L9p!ExG?G9P9JgfcN0L^om-Wjw
zAQ6nOFCIeX2uSEQS;FO=vm$0j_hICOob{c)8YAKIrGG2w#~x=81tBK`CD`^=)qCc7
zV2xp6{LT*OR(LUDG1OquknkRhpNmgA;2c?NN6!Uwa;^I9VYy-3SsA+M>iO`B@LFLc
zSdaM>^BiblI#sE>GOjNaCLANHJQ-oQwk5brXYiv}GE<Um*{8fPMkzOOO-Z$_<wqc{
zUQwxTHm%S#;}sUF2y2!7%(h|lGcnV!?)4j-Jm&*GVg!leHi<B`;+vx%MPd>jDA^5t
zXbbYE=K({I!ddS+=!4qagWX4m)`zxuJ@4Pek`dH>y-6sRGxJ|3^^+d&KAO&IoD;xR
zXmtMBf1I0nlx=!5;!MeMXN&OgCDFcg({}SB4v_NgXu-eUIm^9ZdAhFT5H0riz`~ni
zyRjTF^Fm+GkYn5=m_Q%EWiuzfCL3vaA7YNls#^0h^|_@z2;=eVo|8`!{pBz{*(lz<
zlej(!TF)I2b{!KjYTat@p}nDS%JB<*!<Vhn&ods|4L~ID&&gX4=5u&sLc)FatsTn7
z0-2|{q?E2OKMlsqH&kf3UOyo3f_Yk#(A<)NTbLANcy#ueMwfDE9qF2gGNs}oLydM#
z^5bJ@y&?=QqUB1ltVDx$?K<$*U9}Ei5G##apDRUVR+l;nUjZJYRi^ThTQH1?VvRiQ
zCobJZnmnfwS!<=6Xd8jlctE6d1e)4kEb@2asYfgFrlYI3PkkhEY{N2xwprkiV!H+)
zbdNPWIsQh)1x2f$guEqtQ_vil^gaju3~N-42tT;n<0w1-YxKaoO|(zoyo_05un9kw
z6phd;*^I5+0^2%iTFZ3Y_vi;$qMzkzX#4KvvPmVWk3l@rh`{*S=7VJ$Rj|^xHr{mk
z>hx{_ZU|m?gr)Q|Mr&5xKUQ02&X7Dn)cvQ1U9nagTlwb1?Wl>x$I$Tz@kq5K8aax^
zCgKPV=B}x^<DC)Px=Is$#0gXS?@G_W(!CR%`m$T@)^2-|4w@Zc&6vrgH9g|HR2=m0
z@!U9(1H=HQL|E_dJXTd;2!>>X4j8H@qOQ4dMt^6f?jBoOo#lINA<A3N#nT4}C#5kr
zP~iz0W}!zJIP(cB%e0Fa%jK%#=5mvYhV)JaKnivz6JJXY#TPBc0TD`n=u8LHuoHKj
zb6;D#wVBtj`!YxOVY{G}lMUHY?5eTdKBSeG=%)T1#$k9f)6}S&xc5^g)}VDeZOst}
z{}%~a#EeNz{)l18Ovo5s0k<ZQV!gYdNB%kZH2K2HMp&fqSgQUbF&El|V1N`z0M7<7
z>QlmdMSb6x&(^=b<dWi-3CE}^sJ-7L9XTu+S~Q@P$RU*&5(;{gFXC&}d)=;iwuyfx
zI#ns<>#k1iAT{|tlv;bdwS~^jtxAXllR&N>k*K2Jm7u@GF<K;jTU7-pbI>?K`Esev
z)L*Eod=u!jiP|r|o|~EXAl1-V`f)9|CD2%MRo{KJ>y(m`RbG<qGCjV0yk*QkjHu}g
zaJ;^n_Lf?zcWXXV+ccgTK{TIS2}Pg4ocNZ)gPLQ$j3DeYT|5%6gw9T22La8TYXQa?
zgNXcW7sss=808jn(Hdxm-31`Uvt4>bmWEkQ_P4i?b5{Y>$U)axN;j&S;Ef6&=`B<i
zM}Dq>PMiI#5%<C9luCla4TvG9?L}jXl}$}%Of6?mtFvgs7J`buW5cP_O%yX_U`}#m
zBMr`F%UCwRTVXnUaK+U#=qpO;W)>TK=I%Y>FKV+nFc*2_4&Xlaq5Izt@ba4vD^jId
znYU#woS4VLpLhtZwo{=|ZvM#vdkh7nH4xBlQe5)*Tm+;!Zg%{Rx#XE?ji_tb>iCTs
zJYz%1o!IO6|4JtOw42VI5p|eSgQltAHL(ex(7R<o<4WJYAhK*~WG}MpYyl{KBTQ`S
z0;?}`tADZlv)OpabEa$chZ@2r^8n|0>7hRVf)|0W<HQfj!Uojy-G(VupRHOXkGfA7
zR?`2-fl@G7z1o_mfv@<^e^(b$C#DOKe2;={;(r8zM*;TV0`Gr>i}6Q+_fhCcXf_5O
z_X}i)eIBY93h2h+W|r#_Q@2`39X~HHX@$bNjp1n}Upx$A;Z0BlGuXDF@WvMp!&rD1
zRKesQ8O6efpbF4`1dWAHK@|-Dk#Q`10ji+?k4$3W8&Cz^e`Fd9--jw_1OL!07Jdd*
z(ELYl%HTIp1@%W_y_^-j*hsG{*Xx`NkM+`7d?ZqAgixY0ywiBk{Y|^0HHq=6_@ZJu
zLAf;{C-iBO3DVB@MNYZ(c_zw&DW#{}`ga)1Ad=_FIODKwU9Bl)x9Q4>*8RAW@-DdG
z_z#dE%9{PlE`9s!Le-z}4Nu)vlIZISU4<ROpty50O$n}b17_C@Y@@Ho$=D3ImvAuY
z<8c$nt+#Y37~A?K2Z1`X@mi+;5Y6_?wg$X<USA|8Y)sG1x}F1TEI<f8Vz@ja9r*B|
zse*=13<80$L7a9YCT3_QLM;p+5c^LM2!Te7vPKR_W2Ex6Bk{2IiN%avJm{kDGQZmo
z(mdbG5fEIg*&&5b=czZfPYf>K5bZ+D`w3Ki==SF2`I33!jlzVIWC`};2iobvY`b;#
zGV#Qo)*{KrWACDUltMT&MLrkXtAu@jJ%6o^EH;Bi^;P7E;jEz*2x#c;;fRZ*N||D=
zCqMy+0cdWWt@-YRm&tF3%!4px##@C<7@9vf*E{{B)Jn1HLxlV|l&({SwvZuF7vm!k
z;K0U0`F^$oOSx!SjhcbFzWstteGTVRNU=(k!i{_Uv~r_^?}VPs<W5`0vNNI1<SRX8
z-OtfWqT2R&^t<v~P*%4}rKO|`55CveJ3+unE}sOTCI>#Q-``RIDu~OO`E}g<6ec``
zsg{f5)~wWv`I<H|G0;P0lf()}?b5A$nFIy(QL0x6dk4buziy&BIkCYivYD9l6Tb$(
zaY+0@NW8IvVHHrC=}++qh|_~Cq5hFe?LUR^2je#evwruQ^=|cJknpN&u$C4k+yx3f
zG@d7?a5=co(4NV>M1tRypLqng#YioaF@IRuCJbNZ)#<A)d6WA>YBwj)Oa&{sS9O=Y
zhN~p=tu#Tww|ur3g10Yhe|0tGh#m}DS93H$%u-AsCL<&)9qCj&I3G>Y`RVex@#ST3
ziz?eD6IFApzmdPB&EHjsqK?I2k5B{_S5<a!Fl3w?G{HFi38+8H<K885=XP!>8aJWO
zH*DbdfHksiN{0MMG?3sHpKDx<)#rAW--}7nQYoPQhMjpeuBen_A`aD8A6E2|H#017
z=Rq434*Cr5krdnNIx1;F+yxKb7m*TRu+K&Ktm{;f{i_{s(S0NP>=42@WGCR|PgM5V
zK=Y$BNJc5vn(fufDIrdZ)HA`B4cr?ogJ%>Xi{mN`_@?69vb?FAa}Jaa_J57yZ4T#7
z4OcHEr$y3HVU5hucqU&AoXKInf`(wGhC2b2C5^F{9U$45?`J0S-}%I9`JeiUOT6=I
z=5q>6zN^2y$H@s6Q62F{()<K!^=_)j8Yl3u;<T0PcY6v?K5#-vPi-8cm<wr@*}c2L
zI?<evMX|2a^gLkE>_<fSiSJ8}8*P2BkiI~crbaN~To6MW2@|T~NZ1)e5ygoOHdEP$
zY(B@#mUb<T2;vGWj}P+<qR68D$xCjQr#=rp0z|j&76}hAu1BX6HHm;_Dmz+9e?9bh
zW>wAV0}<b{w94OYdbJ$p&pPGa0u(1buoNX)qYhy@gI3Z+^U}9<og`n-_c5s4TyK=~
zl=FYt+xQ0SB1IGMRJkDf0kbUZvvTRIPyN9ilU2<Q(}E3d13&Mesy+}}gXDdMULmhv
zKe%$sIHGr3AaBn~1w4SON+LC|5eDbjZN(<4emlAYuNICbi?)P;1JM{7GfaA`wT6!;
z9O3dSIN6ZpHFBq#_ty%8y$Ra&M1xHQBB!G3PrNo+cbpNSJ&VQlg_z$_zrfy(=h<Z?
z(d%-_=GcAC1=_~cS}fE$6eB$T!&j}Ll=1^5Pd^~P*-qeA=@0>p>#cI<gi_*vc5PtF
zTsZD9!fvSC8=Y}9|A4=~7sO71O`!H(*kY(gGXF&@#L7(n{HtHi;@Jh4U)!{hpJvU@
zD60XFb5gt0)I$eo*toF9EF-}yVC|*LV9s<(QX>tv^9`J!<SH9xOBJVV7|en5<~>yk
zErPk{0&cIryANcK&q^13r7IPEmSaE3gG2099BvTxmczpTFir6AXKAf72&n8eAlc$m
z<LA{sbczSfIwj40v(JN5P3VOWD0Gj@cgg6o^qM=Jc@%DvPu{=}TycSz#FjPdnzYwi
zp*TgKJbxGl0p2Tfj?xGZsV|l~wxhYwUqZrcz3r#eo&eVp&2zt-?~t?cd#o?vhp>hV
zB2%=YQyy0*k;`vMQNa)urob5%-v@K%DSA^=UP%uA<Kf00iZGc&=pZq~^2bzR7@Io#
zpz^#>#?2V4-^BBFE9(m%H8T28Zd`Fp#&iBxT&kmOJ5%6CSSw*F?i2ps_vw<7Xa~sy
zxEA9(^FZ){S3*VJ(Y+Mq0u6b`=s9#+H#R-a!Z(~=4mAETaLy=Mqz~nHhu8hVS8CKQ
z&nG?VHQS_7s)ZTSqFCDqpRB$m6ed2d<;<DnfEl@~z4H?}Sp$U70iIkRi{J<IBd$LQ
zO4*(pRk_Yi<d!Pg=AXjDLeZnjl3E@}q_6G|d4ZcJocin?HA1_56ZE?nC{NfuN57-7
zl{ZmZT2C!7U$Cf#xs#DONJ^@dX^MkjS`^7_di8^q6<j`n2&rEwLwtEA+i)0EX^1&X
zKg|Gl*?$@OO#NGRz!?9F_^9I;Ysn=vIv|p9G*A9^j^XQc=QA<Dd-bqdbS3eba;@cz
zGZ60xZZyAvbD5f%_XqZgTfeOEN$vM(soZFYl=7hG!aYtklAH0%Ym3Q7{SY(#_sO5!
zn6R+WRUxV>M~0n-bu912xtCCSqpw}~T7!48kqNfncwZ<Zh)X{aVTK9Ng#`0`v?-j`
zayDa28rd^7%_E86%9lm5yJl$OREasdI|Jj;&?({(Ri6U%Ja*q6${O9ydHXUlrdf+A
zYr)nX5-k?)#%LEr)OFNOmIT8BM#QriKiNb6%qmX(dyhn*97d~#5!Y0m^-Tf7c_i4@
zM1r~S{#l&j6Pot|vgWwrtrd&BNV8~})r|PLvKYn0^PTEF+-uf?U3k9?o-^fAAAnnU
znf|u1RIe_p+2HB*v5oQWFw*<ssSQnR{d{c$YdhIo%;3hNP|L7Q5yN{<I{k^d?8rKj
zi7gx=vP=VKQ+3q<r@i73`9t*?3M|(4I?N14PCLfbS^UB@MY6DT;B~}u^Yh0mV%gj&
z(t_EIydq6#mPJmx_@8~Aca@-*JOK{z8M$K9ZllBq@!ZXxsp8$34_2$5E>G)DevUP(
zk8sAbs>k;3{8LNc@F3|Bg*G_R&PYAEOR%Wn*z)-;&g{CB$4-Z|elZ(X2jt^B5vn%P
zW7P)MqmFq0yT(BNTd>&+$M^}A<J8%G3z2}e9pA!A-isbOsukOOddJ1H?o37;*^@i6
z!<I{FO%)VWVzmEcCA-J0gn)VVydy>doxVy%5k}#q`@i{#>@ijS@Awv6M4YNEjKYSQ
JDU9;C_+R;r@?QV|

delta 71200
zcmZ^~b8ukG7d0B&$;8&goY*!dwrx8(v2ADKi8HZn+jb_N*l+Id-mmJb_v%%hzfSe;
zUVH62*sE7JT|)$1K>&&};1C!fARsUx%NF%IvC#R{ZRnsNd%|!asDJO;8d}<^nA$qn
z7`m7;SUKC<o%>oVuaC@KKOU?9^icScmeQ*Z=4tiF1(CEv2ZfnEX<DB$GPeR_GD<t@
z&vpFv=<dZZck&yR_+XM*yYW|1tIOlv-|Oz~?F_&$y&%d3{6Z+#)~ro0#vV(z&T<G|
z%)AR$*RbW{FYK+6S+Q)-rh<KM-7@co{HnI97x8$YGPS1g#}H>stStH0x*qUfKdZ`S
zx-M7vKkj&(_~w7*XAQX#d=%z=9a%=04Ey*D$-BX`J<{i5z-S;CuALEmyc$6+E;)ID
zX*MU@bk{)!`dRDWJqv$5PL~~dqE9w}h|V#bdVn!`&de1XPx@?h?y<t8B<$0G>-5jF
zZTuP9-Cdt#)439W_*r&jh0TQE1e1DrlBvM_!~U8F;1`?eIBqZDGa~?3D)9|G{{@5y
zum?6n;aakef9lqo6)h1l{K?L!D0Hu8&9bwxyJh$QFtj3*!Ws`wtGP^fDs#BISZ?F<
zY5Fs2R$y>O6n!K>%c(MX%AP+Ehc<3guD(`AtsSPY)<@%3Yk3D*4QE=PAXPv3YJcY^
z9c<tuvV>|Ve^Qrx_B(Fj*ixDQ9s~ZY+uF`@Pdj*r0p5B<f9Z6<jjr@|AP7rS$z1y>
z^6`!g;ANY5v$(`4*AnM^^mGLAtZQ@&8uuZ@3VW*Ga01sPH_2LZHz-VCOz^}*po2B^
z6aG)jZMZCBL)@QTU9Hc@U`1j&^^Ri)3^+Ohf4VU6L?l<<2XJVio6IJCl^?H9NU*4V
zmE8%Zah}I0a%oFq=&%)$pX)8zkwk`DEf;<Oo5KiNoM%%dBNXJf$uTne^@tN8Sy5&Q
z8__$Q;2cizx2RV9tis0(nd$YT<GbjRHQJMGjrk!EyCH&{!Xjc2C(S>Wh=h{x&JGS=
zj`D=4`Q7EIpO^NOQd0H@y~HCeO5sY5m<cOy`q=U~)cWJUwiVe%%!KGepaglk_nL74
z6~|C<cxUMRs7*ma3zfMS8T+)`>#$}?&DAt}MaY?y^||-Z{hlLbJ{}$nCtYeko<ZU)
zgvzPB#ji`E#7k_!sA6CYnKchHLF8pszI1(oF2b>lx$z+JsMC@Jl`-!7ZDf{TzsvTq
zhH_l`l#$Sax`MUa@Jg9F&m~%PaCx}})NbP9u=y@*R9sxKH>~MN;4MDz)I4yz8ZVS_
z=!YOiT+~95(qW9uUC0zo>&)jtzd0L_EQfh*2!ru!rJeGd>|;Z86pvHS8UAJyMNI20
z`28Y}6o2-+V2y3Es;Yu@{mnY`r^-gWsFAWLnXTxQ?r{34j{zrPms=2f@ael8kiBhH
zio{e^ahBOG??;8vAOnYMO;*ochD#;tAJRk`hIZkQ!-O};SfG~Jv98n8E@!z#L7~s4
zUDMF{pjV|z#Abc*{%&Zi&&u8CRbNF?HM_BnhpXAK?!$dG=E6AHJ{jqujs)wuWve#b
zu0-|aXmbf{%U0@^fj&ZyZT-~?s9&0Sh|%f{D%EN)M7Dm>GbhUbZr)OwPq$^um*Z~Q
zmUgtMCe}e47R-CqRDP^WoeXzt=M8$*RP33Syg{(UBj-E)(-omXU1Y6R&-&cm&AR<n
z%lUJ$Vl#Hh%IwDO6~_iD;<DJYSvO^pIOLy6D*l_q9Q4Yq$P-9Q#&66jJo59!nx<;d
zwr+~{LTr4z)ADWBlvt@db-}%-+q&TW4~YDKK-~TVa(M~1wV86HtK`(M>=BYlR@KBa
z_q#D+>wJN`YV$oaR{XVpYO6vW(KdOoy?wf;9c@$Q_R>zZgZ3XFmkgj+V?O|uba#FF
zolW(*4jE}AJS}B=oC~eORjXz0_L}SRx@yDzAwe>a#j<5Q&5qaKryaEOo!_py%ER3c
z<KvGv)faE8F{DF0-R(iIF8`8BUB(fHExJ$!D#(Vg|M!g<4whkgb@_jI?EJ43n-#h4
z#fmf&?XU12fV+OCyOdO6u`!B7I~&5Z9b$iY%pWt15jD)KOM(CLe*Zs#HU9;AoHiIZ
z7cg}52t^{TdkwFM)zsaKJUGQPU5mC06#&og5nigHK^T~j>{P!Ooog}V2e~|UAG8AA
z*_4unxz@&)&|+l!n{N<!Yyg(`ac2irZ5t;IjGY~d72~A7GEQj5H52QRtGd~OLOxqS
zV;PUFl16W_w%o!XoXml}-t?OFynghKak^L4wqexpyMIucL8%;E=^lQEMMV`!_p*3Y
z!TWbzYlJLRYY7f3gt1Mp&Ya2K>DqP5`EFil^~O!gFfmXhy});NY9Kq(`MLnHIrJ?S
zk6t=|K|3MC><2FR?Uzv2^+=CUK8}o!L#~!`ISwv5IEQPr^ERnnmFyra+jh2t$4!gx
zaK)(UzYz_mK!0LS$$r(^$8p;-c}Y9oDR0_3sHN)Zm8pHC3{iGO(rb8Lir@Av6r)b2
zVp`1V%PwR{ax0;&x&aVg?f<0!&*47`0{){Q@Gk|uvjtxL76nT`b*(KX4XcWqW3-?z
zVy*r@e7jwG9JoI-S_3vbLUlR+MQO|VAIkp!P!6yixbOXga;c0hjJ|V;o%?4Kk5}=c
zFqO6zCA2`lUN#{6`3GNT(JUJu6Oz*d)@{GYfo7^Vs%anh&#PktRftmyUY1EC%Gd)_
zQc#|ugnS9$iBxSRBaajXhTj3<?WDx{MZo!&g+euT_g9H1C8~S%Us7uD`R6AY!wk8G
z3V+8xJ7cL{jQ%at&dwm(`RKpME=Ji79}oT_1B!oP{cnNI^B|Gw+OJ>#t<cx6|5k{P
zi~64e^#$2O%6GA`c3LLnq^TXnir?Zq9Q;f4!@++<fBpI|(O;L7x04FRlzl0`bF#XB
z%l!YHw1BU*<PFHhr`KA>eaQ_t#_}>XKry^>un#BMVs(qj-@-OZNud9m^*>qsleNPC
zl{Nj&P6ZA*7|tiV$R#huZO{`J<86=z!<{G!x=}Z?72aR6vAcvDAAXh@Dwi5A{Qk*y
z9<65x@c^lwxgt;DiB<g}U2YGHPy|q|>j<u@oYAG!6&*O#L~ujt^>f^JqBfCh_h*`Y
z`;I75aYc&oWiHey*%!5+Dx{7DTk?BTqkmnQnh1@ll+?SbbwkwkT3tvOCL`0jmu<LK
zp_cL)c8xf8`K)4E;dvC*ImXzS0kPQX1K3!JRlUksV&ae;UMKD@n*ts(y&mx7LVPcw
zUC|io(ZS{~&3ZufN*YQ2-!k=omq|b_OQxXszJ3zz)~LQJ<aFPJZ>mpzLj3O#H+N7|
zW%mPRYMJT&J+Zb2tCqCRg);YlX35&6PEP3+jI67{RAhH8<@}pqQ4>#};_2%urH8M2
zY#n2rRF)ZlC;1P!PRL}r&0g7JI%-(ZZIo|WzSkwQ$$!z?5SB=R|D}nlz56c~9_xRw
zoEA7@_%ER85Yr_qD@}Ecl&EFe5(flqNauI?H=G{V&Mm_gQ9;VW7XjKDIrUT`Qr}-$
z!hX!1gTrDR{A_n1Q8S<rk5uXjz1eBT4FYVCgD9!(^pE`IGgaaRg<{*HFpW=-)#u7&
zrfX1o?mP_CVuYIFguE%FHp`ccS*S+7yUzyFz1xU!yPmE_%9}$RxmE?ypRW<JH(85!
zvQ{?UtCPur7kY=2muW9%%0fYM{btZgE*^d_RZbgvZ+8DxJvip3J|DBj5A`z?w;k}R
zGCsHL&yNM2H_iE`S~YH>7+-i<5TfZN>&5MADeHB%s5pNwez7<s$c6~6g2$$h)2Q1J
z2Re@$-9heJp_MiIgIHoyEUNy_<J9GMoyRGkuLbtxT5ha(BMH>clEw!`L<JfG5@QH5
z#(xqp|2F|JdcIVSoVFU4NnrDYA>u%I&lJqk^kNem&S^onK~g4;Rj!nQdTn56r(#yI
zV)0S2e#s8E#;X5aeR2)v*1sf<+ne53A+b%hYW_dGT3!ey+^$lyvxJ0C>Ke;^*v4$@
zrwb2jnX$GK!H20`JR5kUYY3`Ui+{(jduueP$;3^|Z2J-eVvU{e>fRc#3)dj-Ocs;x
znM;=zY@JoEitTK|g(XF_kEVh9a}Ajg|3mgSia@56K`wpE=C_4Ca*3*S%@QHfcUy&u
zW$QHuh51LV8oii-r1aK>Dyu5Wpg??AEW7M4D_mq^h;s9I_xayhAJ#N1*fQmK3tf1t
z{{CoX0y&%CJ7csG{|yj^bA3+1)XZuX3g{nUuycq3>E<Kv@ZTrvCMR1G^xOLY@z%pP
zLJX$ACdc0EM1HfT&>nE_e=-Qyek}8c|51uTEXdfyrzwD{{SodT+`d}~j`mbL4~6;N
z{~<Au?6{vQ!AKu{o@cbUEKPTW$x<)b2r#6y9b-C;l8g?NUDFvTnhcR$OE#Pv7G>x{
zNMgrgwTzZbe<E~J4m9hUWrT!43%y#(&L$<&(<eptf=}l{(-~Zw!m75!I)fna;>mT3
zik2yAeNo+F<0&VF#|SAyGvt*E^)dz5<@xGAwAVp($2BY0AgH3pcurpKCZ=a;23$uL
z>G&Jejt5R8em%&I(KN}IK2F6-h@{>~1aE|BFT%-Xb|VqPd_+4;6HFb1JRv(MHRsdv
z`?HRp^oRAkn$+vq&w+!Z&uj1b!1hljb^s+9UA<T8_ISb7P7eIBzF+bSL=7BjnX+;V
zPNk-O(@98XI?+s3#ARRNxmjB&3s4{#J;JAp&$;u|pS(V7Kx(>(c*UU|$5iA{v%f}E
z2D03ThaTbul}WmOJ#}t?F>)p_!$(Qxg08pMbb~#c;2eOLiph1i&s%fKv4-u5(*c={
zwe|UA&iSqb9dwx0SLJiyTMH4b%>u~~hJFf-@r{o+^Y*~k$0r4&HC-Wi4^W?{bZ{B0
z9(4NK{BhNbUMos>OR^(XFu8uj?@kI7R*BYlyek}NAAk*>lomzr0H2Y(eA`97bTR`d
z@@brtTD}5udk}27#80F>p+7uF<q4^20$(_yZIR7$uVg2niPh^=h7d5GBl})@2MppS
z9IcptM4W2ZvC5nS><zM409-;v406sW1T8<1tGDDdgme${yk_kjXg(e5&hv5VXY_uh
zcspaK%_qQb>zC1Oi7c=+eHYeNMxeiNU+wHY$D%dVG5>p-r};&+`$C^+;~x2uC_2LK
zA-3kt(Ea5{x3~AZsUpYy{$uLao3EWLe|o3;(&Y2u>&LM|YO%IA@W^*7_xe`n9`<=r
z3uNi@cLFo~m($m`@1ysqc30zf<6rk3R&cK#tC5G^`-8-R8N58C*rU#~hup2U6NGKw
zr_%xcs>ir@?GyD^msu{>_1pTRtNLl8ZEt-Byrbi|(#y1^SM7b{<0G57U(ss5S4FN`
z5=2*3w`Z^I(|HU)_E!7$gEz<h(Wz<s>KWmr!tuq@ahTu!K^yWr`|GXSvB`{eo(@2m
zr}t=Xp62@JvcDg7sC)C&75VxVxnB8p2WdGkhk$Tm8c9m~IxBgRDEQ@0w|)8j&B2Lp
z=#J~2AK>=w`R2vc27NRNK6JIY-sbiMb>cR*=68ZTRQ~}Ce}ISH20Ta^82SonbMSjU
zmR&v847bSV^fLIocE+9Z5I)w#apNz|_uAKYZDOsX?w;RGbmmRPZR_A%4ec{-wsB$m
z*rDiLYmCfD<tby6Ip{>zg7RW-dFuX%VmlGQpOAlUQO51L3c35O4_M^rJPy5wks*w)
zpMCU)X#xO}vB+y_0~g9mGa>c{b*-ZZvMB!0UOUVrgJpX^=+SB~VuP;K=P2_T8<YNY
z)Qx-1JjXiXPNRRxu&<QI5Gn7)?#@qNH`w>?g#6*12A(cx4<?`c`AhSip!Vro?&EhG
zZ2o&z!ycz2ucylk@R4tw_v^Ze;@yi1lWv{M7u&!-`(<8Ov;EMX&Vez-9zH?$maQy<
z;~Vo;cTISj(uw%thr%hhc#Bb6O)E#JvpMTza8&?pZKHhxS~(|?=1TDGCRb~im-QLG
zwFMJca!fOWa2A}Je*o^rno@19>z9_!Rq?Los%)OrL+U0=GDz)5<>3Zj1!mj9UdHr<
z>ldKneX*K)+r9P=-hLx7_J#)hw2s@Rk6c8DVnc@E3tXGn%tEN;*%Crw5k7wIPwB@y
zrNPcP_o2T6O1VQm*LjLZq+jvsipO>lAI{3}UUB#aIlw6X2OqR?tK*>u|B6GoQz+h9
zj(3sR8z6K0CKGI<D)gv4pHn|%=Fuvf83+&=iBuc!iu3B<nzyiDoS@ikseR#Vxl8wv
zs4T<#_V}StUzz9Y9{NM-uZl!{t)_}J<sEsov2*hsc5)hNC(ACQg(pOxQa-Cyq@UIS
zSp@#vJvlTQuBjP3+^E(b6f&i=--bz;p)Nr9Ek{C!L3y&9w91HExhEwC)@gX8#{+nc
z-80lOPJJeHm~O7V@a5rsj-?K_Wj&l4AO=d+mO!-Ax4(3l^-gdy+ak_Ke-A*$bs6BK
z#ve%t85UkO=r57$y<DLC5?+Ljz{e}t)zt~><I2@2+fC^oCD)s|+v62VylXI_Yt!tN
z6&cYgn)Tw5V?@<lB3`Xi+7XJQ+zZg_gPI%jD}6&iO0Q_)n_eo}O4(<Hu<l9oIHztG
zN@AEJSniQS+sL1sov2GD>8ppmupqO!rU@;aHn<lVQUzC5nf2Lb3uBF(+)OFcPZ+xH
zCPBgeGS4i_2V#WBw6#`{y?eTH9`f;-nc<IS#&*J&y^`#zx6k!TKz7m@>i~>cV_8B)
z^JmdKRYV1*1s?`|HJG#SDeA?W@;9V)d-4wcM*N3^zvwQguGg-WXv(I)@7izp*57Y!
zLv3p>&IT(4<rIc7V57|1iz=Q?@QbX_xHAUc?hE_9y<w>1r2zz=l4Imoj!XQNFEOij
z(UEyf?mORC*WgC`+sRV-DA9oA-Wi)xc-4)iJGds3$z%%BPZ@31_%&jExg5p~WC+l-
zH9TFKAIt^gc@9kpnI2uH%Ymv8t6Wn*)3vSyPA8=b=8Kh6SS^K;Eo`rtC1F)%1kb=F
zUnNK(U5P@J6n{YkBehghhmO~@3>ho#-b?o!kf93<qU<&j21RQ$Lj(g*%=8)vzhu<T
zn8PDn$Kw$-AeB3BEuIYo<k?rasERw@SvQl1D6v+U<4~U6He_f?I(k7Mu`VFzP}%2V
zKxzbPnVDzbV(x*(&%!tD8?&T{qfBIt^(^$eThaDyf1;~+L<U|H8)3Lmli{=cPj2z}
zK;!HIIq}G}VBHnhh$ny^^Mt~1n1=ziIRvbWd_kj|!ibXMMy5~xq+JxDSQL=LhVxCM
z*2En7tSgGliA!sMyJ;9*5RTL1f|<e>gsTm9En0xvt2uY=QO8praP&3hR3|l2{2}rL
z*ZwYDs0ZXa#^gJ4I_vh3oo170pZc|&=l1={NS5CA9Tonz00%%U8eFrvztJ;4l-D)F
zCjUtBf>Oz7LlT{?buS&zhv?H#ow^SE6JJ@inwwRg4Ut<&c8yP>WAww2wHjd!H3noR
z@U;v@u7!bGFaeo7_p4R_*fnd@nORe}P^2yhl_@b^rDnMIU`7CZi03g}{*;Rx=!7F;
z<kRLCFyQYumJYBELcA*3Yw`J+k_V{O=7jrfj6q?n(S@M-L<oKriQySafBl8R4ADzZ
z3!TW?$76t!ZCHI=W7c(R2sd!OLvNT|t5KFHdJPg-D52rbWd1E*L<q+S>mXz1hI)?H
zr-G(5pGQsgWo>04LLv*QBPZzbzU(E`JJ((g@H@%mUjlfv92@)l!DHDN(OCbOTsLUT
z>e*Uo)r#eIAtOsCvD{l1C-Cc8m$*-n;_1=u$S6>!jA>YF<jKmSp{5bi3&PzP#5-f&
z#!GeEz|FNl=xK9LkR}Nf{&2S>p8?r?U7(qX&WU4M*?`AyNM9!guf>a@eW6lL^T;cf
zasGPW3IW_}rtk=c#n`!x7uin6Q=1dRL(-dJ%I+VWKLXOX1RiOdIIE~_ce8h>sRk%H
zeU!#0r_-2L%!Z?om{hYP4~a*#yba?{LnWOTw@p%#X=bvrJS$DBjw97ywy&<^>lz{P
zTN(!+$n|Ky?!<nENOc*^hq~GCB8#4c#EE`~&`P?-MgS7|SRO)asstVCYzy_1n_bpP
ze8kxCW#7eDEdNU2IPJIw(J2red+Su`V6ibV6Sjv{mUv_M)1L<RaF`T6MyN0)YuLqC
z=mW#t-r2W9nXw$`y-cHFQ@&Go(xRP*$>g*pBy|Ob@(A-A{6DbZr*CP8jf4@c7WsF(
zZMWA`e*#m?e}ru4sm8Ga5m-pGoUBab)@5J8K4>Tfaspf^^6%OpBY^t95>g;Dek4k^
zba3vCi1I7ishy+S<F#;+_^C3j;QQb00}Ud)L2>^8jZrFms9AV$bKa(ztc)vT#6LDc
zeKrf|{Opz8Vi18Eff|!`*S`~z$DR^PR-)2d%>Wmy{p)L6v@Q?p+2a-L)Gr|uRy7ip
zZ%@yW!n>n&H={9idr6*^vNw{3vi(dZ-G7{6H651}aIz0plATmYEMClddxL)LTqG5I
zXp*@&)b+JL&rsB2#Ca4o(oQusco}4yEFEC%m}e;+2*Obs81mR*QsU#TJ0if#xqQaH
zNdnLya<v%JJ@Q*6ZO!vNH)iu?`!7*Du!v*X4xTW?$>GV!JxllBQF^az(M$I`W>;Rn
z{#2y`r%jGF@Sg8NRj7)-i8N&=r_BWCtQP*%Zx@ZX2i4^9Fy$7ZCXD?SIWsRivQ!@o
zJ5eFguAghn?m$e)(JC}!B5Sq8WNyPiSO~-xfcX_9Vi@;CZ}!7;#WX~*B}P+5N?D8-
z+yz#kN%KOWb810(fS&apsY#nhebd3%Bg6caWfEKIr0GP+=#jvFO1e3xF{8Uw^uyfK
zirNr0<C2pgYD(%-iF+7+cs0N#HDH;2T48WF^YykqdQ28v8#CS=r7OGr2;Lz7YZx%@
zAAF}s4S{P|!$5jjGA1O|D2qmn?W{AnFis{hD4XB9zfpW6gVN_X`HNaC94(+$d5MA%
zKEU{p3$chq(wFh7O<vN5WTiqU!&W+9e@ln>Qw<JOphAfr!vX(?7EE?zV-UlTw+b(|
zNzl9hW#N&{2TTtF!LYE_5Y!vGDkh-$GZR_Tsyr1Y{FGqRxP5J@G7@z57sdH_LZK{c
z5|LR2E|O@WNjcO$)TC6$REM<}lWn=#GKt>prU#$4JEev^Ow?uhalPTr>>qOIO5S;B
zc@s4RusYa69ZuG6Cnt*`db+bt3ed3fei4#|pGN+anSQ2gC+g&ok`b7N#wq}Eu;E@)
zj+NncM+KQT4g~!z0h#fRf84xlc@wgRXg_S~XNq$q$auop*s}np;O$1#<j%olT;~FY
zv$rZ7OvGn7A;M5bXJlBh7nY@6^5=N?pEsD>v<yN+Cqx`USsqqGlg0*bc1{;uZ~IB)
z*4QeIMtNOx6Rnet1%VbNs}CT=6-U7GIjDk#<fO%^*>n-kL`rlh(Zf*3<!nPm0Z}(=
zj*QCekoFYs8<C2g@eH_Y8ca<J0(IcQ>GCmV<{rsqq6kEvL%3B~Q11<|^tt6r@_>rk
zbiQab_vNS)oqVe3&me*ocLZk>HRLD`JSeSCO_SfwQ3=%-uwjhjSd_q!Q=*V8_IDQ0
zz2RV5J$!6x^W-#e@(#L_IuR#b`mcQI&+r?X=L2qy2P89sRsrDSPM1AFuY?t1U6bQT
z1M27L2AVM2Mj#3nUh`w4M+MAWQ6M~G;~>Z~qbsb$Q)_u)hQ-t1ny`_3yt46HUD?^S
zbRaU)@FZ+P&kfhXyf8S7<-F)ubH*QhL};r=AspIMPaxBst@gj;k`M^RV9)dq-rxu*
z4!4uE2xUQel1d4g0hc3vH1QBr`hmEz#0Q+?z5?<VpnlbW#~m+g*E}}?9$=1nveuXu
z`XZN&KTKzY3GDRN?@A=jKbmKb@EvfaL&Wwx>!Jw+=+6m8UW<^QVVU$q@`iPal6}kX
zU&(S{hulqKD(nmUA;<`04S^PnOd`901v*o!-}^N;1p(Lxw8aB`c2+Aej_{BK-f`nn
z`a{reoDFX{H1lm*w9L}AHQrgmF?tXCYf(Y_MIoT2_)|S_&{BqLLFIzB1ApLpi^|4?
zq)8anVxds{q5DP<(@)Abpf|W87M%#^LHUQ}=L~W|x<fBhkyL#8w~p`$bg~yq6j)l4
zCo#REFXYTbz-+;tYRUEC?f002K^`PK6&TioS*hfaWUMT_awc$<fK}D0<+9d$G=y?9
z)_fYK^vpgPs}Y88mU*~`kZjCHR%1QoeJf=?=?g1Ae!{K^Xzd@!yw|zP`=$QrZXU|V
zLEe9%jGoH3BJqF=p?8-HYC!ZGHYc#;3b&1T$h4{q0A9hngQ-x2OcKKpP}1%sWEm5g
zVEvUnyz06*Wo;fr&_~mRLYy603DaV1rp#rqr2$p)R$Mf7MA$MYQDxW^6>&_}BH?m;
zse%IWeBZl<i7aeWg|Q8vSKx|E%E^&Zw#T45pw{atIeY9Iil7zJLAn^0%Pp=M+3Oc}
zDjO=1qy=JHps-XB2``lo98>S_c6=`6F13$Q9u#r}n93Gh`v_`2{`rYg20p)dX;|&*
z*m1;@v|8TvyHtsC;ILv^1m0gklyrJk&mRO(9ng+3_(`c4aSDzUiwn6wJJIbAF7pUU
z{=f<JSfZ574{k4AplrJu=3sO|9>xz#;;ecS*=Lvodb~;xCyX6qhgW=;5e@SJA+%jG
z7+B5TA-D<4H`2clS8KK2L<SbZ12Na7W4`FNRE%nC=qNgrQZ|!D0Bnbi1`7l1@DZNq
z0M_rg^G;sHuUz_AEg0l;5v9oTq?0W)Qig0P23CorR)kA&sp#-#XYfBGR~U|wsaOii
zg<Bo~CB-kiusk;{zw(sE3i7(`+b1$fTdQ9Ck-Hqa%b1?PzVzH-<Q8e{IPJRKC$$jY
zFm$254h&eVawHZPOIR;Z%ooy2E=Vyb(K9OGZuBHPHBr%Lmg?t6q&Al7`#Ti96)1*J
zTzvi@OE|1+emLCYCh~@ypY02_WCZOg5VceSNc0rQg!HbR%QlH5O(kgYg0q!-odP%&
zM7nW1pr18o#>C#}1YR{;bMlT%_-Ju1vTe*0`AR!d;PsqPO$0*ld%i(DHrD9_W~N!r
zVn@=O{FyFALvi^I&s$z>Xp9@vH6@?>Vi}jx7w;l^q3ufE{1uY*MAD`Wv}q@a8RrK;
zUmlUI8QqkDIs-`OV8+=P<c>qHV^iYc)@XqXlxYnsW_Aoi>#Hb}vY1Xhj*#kNhfaD#
zwT`n(d|E*DMs-{f%XCV|OX4J_Is^8oVtXXWDdQBAdU+kMZoFo-&OVbsp-!2vKEo8b
zdYxDDG_g7Z@vOyMIX+n;&i=s<jU!0F8)c$ds~StY+8ix5`I8y*jOdRud<uOG))5@t
z7ym&^PCa2LRWUz8HyybvEYD|<an%8MyG+Jyo|L>#dq=0>MX=}Z?_c*1X<7VD0`CBb
z@t|SF8iY8bPzlUU$s3~nOJb5w)zO_nPXZbB4pkEUUvNKHBs_l++Z(UKNmA+q#;uom
z`d9~+bR0-xGy;Xe@AVVX3cNhOlzav;^a(E{Q;0;K3Fzf#G%tCRB_}j#K#o~pxyF}+
zSRyz96I&nBB#(L%Y!jqPDcV8PCHOs|h!j1l60AQK66J5$UL=meKS@7D*IJ9Mgc9WF
zwQ{e{gG{7nokmIA$tw$THc6=g(Qyjpy>o5V*e;18gp^>53{?Ui_=Y(r$o`=DQE}-{
zY&Zs97qx_NEf1zHo6qsU`BYQ*qQS54elXfuWd$iHGz`H`k`h*L*nuzwGv$A}`~zH0
zt*a+~RVu|pgT$WyR(q>PI;fEZ+25+*A@5bJnc58o{rUR`)MZ<rqRECguo$qSI~~?r
zQ~O%JCy#xUV*50AS&`+6?f=^Z>9V7oI<CFiVeD^k?w{_gYJvI6fQlILmWxQyZ5s=+
zZY}KC%gIO*&hAX_61{s3d~3b$xm2bE;k#5Ln5F^W!&%3`3YeUeUHt!mX|BDU8b*wF
zd^=|NzAj<hma6v*NAycpHjSLD?A@4d6;h>wh1_#RSgaQ;m6eqy3Xl94tKzq>zYU_-
zr`in+%H#biz0;LWeOrA|9W-|85J1Ztq6;HeW4P*77&BX=;$N+6l+;Z@AuId1N?`Ux
zu>^|uk2_&*Ex>z1rC51eW!d`dcUyi<64BTM`)6jpOkXNqWx~Wuk(K%_o103nqb02o
zq{y3(q|gOUZx#b?MiVSOdlC~RmN_|%9Cq!Jn{PV<W``WngzU=4L8UBLq$5fmWAEFJ
zNOE~!047g<nM1@KPVV?^kGuzO3?ylhCgZ)YP3J-hLmOMjg34eOR_@uxdIShoAewaO
zu-3PYL_<x&$uLQ+Bsy&~x#L<Nrle|0d>{vre!jhLE_Y;W6ha|?rPZ^gbjFZ9>|rh2
zKz{SaZdhPbq4JZ!ig3-g;&`}plJS<~Vt4p8<3o|7aX+eU%hgUnOME=tUF+TRSS|0Q
z`TZ=Y{bTndh<SE$>n26uT%PF8-M*$9;dhDO+tyrG_jJrCbp7L08&|i__UGGZ9pGYp
z)n(pgnWz77dEHI$V1GMa`iQ(X{Ep+-CD6*>cj24i_iTcXq`m*Xb>G_pc+8w2d+pEn
z&UUzOZp~|B<?Oa23*@Yn-hcc8;NPwC7`V;Ny#1Emd>@|oy|2bi``_Mf7T)K)0BfJ~
zjchsY)Y<Z@oCf)`ll@LtKVRSxc%BcL_kLXWyDHh@?X=<W-Yk4R?bv*Io3YQ<dCcE7
z1GX-+5xg#v&ZhV0&pyu2>*Tk5JvjTGnt3`eLH#}r-K+>Vc3<l2`-7fWNi5<0lImW9
z6!W^QAKUVX<g16%`AfHs6-trQ#gWAydw4y2o;tm?myxzXHsv+fk>7g(kEPEQpvQrK
zh98!$lF{O9=<5~#{rkr~_Hr5PN{D^;BeU=D{>T0IuzoM@C)=gwS0f(M?3~=z$NA@*
zEZY4|kGEoN4(On1#6WmLcpUCiXE<YsSQ%7yf9QUm8hDpqQ14+utJFm9(%?^>@p|uP
z$W=*aTP>ds!G@mRo4^ymbT(~hWAT~H4lVq-1Rlf#$&Pdt5Z<rhgO$HZVe8J>!^_hW
z&_sJGz-876b#&&*{Bh~}V%84YfjM*6!U#L95nRfLkKZ`WkpIcSa)+JmHv9;J99rYI
z_Kx7=@aU;`+>wXaU+PDRpfRO`yxr*wl2Ov^*Df=6()?1kTKx#Ly?bvAz29CxOlo9D
z`BaK#7w#{&$Ba_M3LL#Zez{SC+x)rlNnNfTJnr$5>21vE&OR@y5v5O3ne~s9%R;0H
zbEfWI9gVNPy2d@6iJ9C|ce5mBp*(vMqb|B>YfG&Gw7tR6+iP>V(~T?J%!~KNe9bjl
ziwx3dqWFBNcnAKc;?m*jH5a1OkMEIo)3Q<g5uPP(XY5p4RA!geZZ^ZFINZ4wRc$Lx
zqtPK~VGSK<DBt@9qb=4wch3BW-BRJa3&bMpV}Mx58)?XCpQeT33V~yZ=TS21=~K-?
z>`Ny|IGZ>Fn19JgXNs^0L+its@v<JyUZc8Ke0PKo@c));Tb$7@$pXDE|0mZHx3D5x
z_(5gNuK0$)5fUTXK(0*?@YsXV*KU8uWuaNwiX{j|@>O5uAwl=PmY1ACtP;j`18b>c
z7P`d7!M5N2&MRv@!Lq&ItH1qaFI(wS7U9n$lg@7*ou$wWN3iEHf;8a&Qf48sMC@t}
z=QR$>;Y5`XLJ0|p^|!Ymy4td}O7zit1}XI>9Vl^+ggnmv5oX>03bUuZlZrcjEXmr+
z%5Ss-9*C?Zf!bYQQ$s#Q7TEYqJdWPERdSuQ!{#tc{){&(%5FiFx<x$I0a@fNB3XqQ
zrqm+A<^cNItoVw9DuP6woB_6>&S^+jW}Lc8KhEIM<=8@vr18@>3QTn5DRv1V$S*`}
zd)x0**Df|w!k@sTtRQSX?j51L%@}vhP4;^%>Ybhh=RsrCH*oPhxi4>vV!bkbe|piG
zPB{$bb`Z^bYQONj@d@LiJmV25y$G#3=z#4w{N2ZQ=sj`gMLsE=v^}K%@VG39;L1WF
zCD^5i;&GKjhOC478Axs68EZtQlc!r5fHTw@gnB0_<^~N_YrSKra)W+^#7m>CP2%a{
zJ`gx88pwj3dGV8J&{np_FKahJP)fn1&mO^PVd2^9T@b~D+D`kMxJxT(5-On@B*+kN
zp)f%5=!PMSTS3T_LH^V8*@e}AvW=}CyX63FH?YU-7;OxM?VYmM$e++*l>yq=Y$*T%
zMcLkq7K%imnF`wA5_T4WnAQG(2I_>kgyH~Ximxph)ZwU;3Gx_2jZb9@Gglo4Pe#+3
z=I|pje4oV%*9aZ#t}d8L=5o^n{wq^<&l%tz;1V1oL*{>r+#(=)%dzyS`Wg4felSap
z68FH1qS@<>clMHl)caf3S$SRVx#IPY(HJr5Xs_4?8rYZGadUqGZT}PqzN>2-gJ}#K
zih!vXZ>SMx3O%VAcwc^Ss8-Tia)e<1JmVv?k^VZfsvIQu63P32gxEREf?7^!0|3-Z
z1M5I55-?r&)whk#-+vi%AZ(9^<qoW=-7Wm~``&0D1w5(vhqR`ww!_36a+;K~#$~)x
zmQr}IQsNIZgw&(hZi*pk)h2dO<=k?j@@wycK8Tk)DDI9n<myOsZ``u9)g;O8(wR_6
zY5y@f8N{?u*0d@}rjl0of-e@s0)R1(vDqtL5%#G3BZdiBRtlYY4i24W28Spd8>KhA
zfjA3|&@)fRpO7zX1Nk<!yQ?bKZA>lbFXka(7B+(UlV1(T<fO+c*)A;%F7c^NAcem2
zASdC|I^G(+AzV36nDiQh!5jDLnNINp)*RqB!N+=@5Tl(YIDV<b)w##&yaD8t_|Jqd
ze~Z8X4sy1?(vQ}&hBL8Nr&2G~3YTdFmx??|d97lYSFMXti?1?amxU8^mX_h3U_xpV
z0`&Tw+>E>k+rgQZcys9w>bi)}$#H~J(8k#iWn}EnN<^K*fBaG@19!Pnwk^fsAu>d1
zX{NED{%f#^Pj~pDR^{m$t`683QeS@Kna(Grl@>Nzu_y{H3xKD+Y7d~pXo#mmi8GJj
z|IFa}*r{?dAL#cvEi4N@L_IfRHACVH8I>YL$MpdVVhL|4X47x|^IrDo1)cr+kD|)n
z>}p<Dh=V?lw9(0fbmQhMP!^V4MZXhXMSnEzQ<d$HcZEd>3uexE0c`aVg`>a_MHnCy
zQI?$;?Se|f2%rc86kV<lq3cV;lIiWwScmkk>Y+8^g>wt`5Xi-QJYy@1AjWibyI<V9
zjo>)h+1;8_noDe{oO!Rn^4PKKvu9x;lx?G%k`^$BSoqeMQ<z)B14r3hF6WJ@`gbA_
zJ}6V~P&8++p+bekfyyP^+!*dQCpt>HA1)W@AL|dD7ui<$MnnTb;y7I(1}O1dc}gre
zP^oBt?uAVXSp&5)rH^zY91AvW?7wP~Kouh7yAbX^xfje)%;|bQ{HYbvD)d+)|H;0{
zi+q++nLdquh)q?j$k;Jxx)VK&>BV~c9(|spG+@#+0b5FK4G6%0U-6DwJb|hqXO8WR
z2-Pyn5-?k+@bq|MKaX3cVZ)7GjD;c_3WSXc8KsX*vgUQq#^1ix#qSNZ6g35ziP@+^
z_@T>0TWfC9vODdnDalmDV$oejbH+6=9eL#qcQX&hrfkF$)qrD}D1juta%jn%Cu}PH
z=Al7Cgmwy}3OKrrgn+@PL-vmD@?sD#jL_RS!g$&@?PFtRo_r8Iqh5f>UDGM_h;E5*
zSQxo)*>De599Dh^i;z=vpn)kmk<x-YxcFj-x_PY+NU_*|d-#C;4Lar@f(t+P?E>%T
zsN5QJlZv^B(I_FW0eZqmx7+BY>UJ+}7|x$L=5I3?s{mBp{lRPoo30nm3r6*R4xe3J
zPq6I)0hZSO9z~nrlqQi3jsI6k+0Zi(xsn0K46<77MlT*!1A(NEQ3S2yo?erfIW3kM
zT}6?&n52>k*wq_RBptBDUIm7ko%fa@ltUvb%@3WQgn9OG{!$ceq~u_Io>$#R3V8Wo
z0}PG~5vozK00i_U7`528jlws)B!q(KCN>mhQJY!&E&2Mbl~RQ6py4g2BXq+|8-4HC
z_s@cYc+eb28!@GigVhG>{S3>uYR!7i$Y>#nwTVB^kBtH!wX>T^a4dwxbUP<f;31AH
z!YxIy<R(EWRBX%_=q7RRv<~t|V7|@Yk|bG30i6lDh5iTF2;8E;uUqL+QB)<0l$Wp*
zMbWGs@^m|U-%#JbqV1DmGUhmgrG-EkcrAfWCH^qF1hE`p;l)u1llO@9@&o6}PA)@x
zIZvQrLdUfu#0aM<_c5KWU6W1XpQC*pkQ5k(6R>cZZGENCyTQ^rzRj166@`^a8;nXz
zM#fdp4>aWhG17<U0t;*lNqS<TfjT#U$@C~sqGF{1ChN!@RGd;$wIL5;046qSzR0N8
zb4cNZ;atNsq$j(nJ&i5MBbOPIw%#|1U~wUlv#j+~R~FHEVQsCZJdMTZ%Uaja2H3Au
ze7t(vE<<1+br2?)yPSoIowa7%Okw$s_##PJeHm!)Ojf-mYNh(DSsu_?8`-)RG4?HB
zQV=zO=IJQU5|o3LoC!F?^0i8=1cdBl&N^ib#0p92CV3{WcxFO7;}D%cF0@XTJblvC
zSkCL(=B6&9k+3!EvT)NS_Q_3FF}V}O^kF6H(399Pc(WQ-VsKTDn^B*VMtVS)1K&G}
z>5+$Uvv05}`);YbM9`fP`Oh=5RMjcn>B}sD_>y}SlBDE}9=0w-{P?M6>1r9l*um$`
zi^cQ8Q@`#g<LE{4*`L4<o+Zm8!!u+#-nK|h2q(jTnON~~AUplTem)td!T{UXUH&$*
zOHB*ss0V_JwcGqQYFm%C{oaL?ac>%2S3+4}Dr3jZ8;;CN+2+IyH|1OU6W?V}=(s6h
zI;-_M%#NQc11`!?6MIS^=%FhfJnxiFPA6<(8cSEkmFUcCZW>RHkXY%QeBI0<C0U#z
zh33PsO>QVL@@a2EI)3f9L{|afO)m0S-N5&(C%9fe`||4xe*}VF*(-(WV@9c_`WS!y
z`8+FX&$jepk~FO<kq?9ZV$uK;?L`-I$65};OkCCaF4d%TBV$>TE*lo`9LblM;ZVGj
zrrw(rY$VX&cU<bC&h01V>Z7Msl#;7(@;rg>aos$3Uo<DZ44pT=e9!BBCOyemlX+}>
zXI$~}SH8~hQ-cGfzW9kFb){4**iA}cdllcP<LYZd#Spc_8WcaJsoi|8yyPCQXj#5c
zEZ%uO2de+(&%b1?AM6LVrDy-b6#EC}?5$1|En@fF_1?Zr^~rSqS+SazpVa-El^Bsr
zvxgWX)1CBe4Mt}jLL|Ri+_v;~&0XiyQ{s!B<XHFIBdzb}<MJbzNX^~5^fv8y!Bq&4
zm-@>`x9&E)g0R_U?P4RfT)~Sq@1$~_q<HEyag2(WlC@d}0IxI(p~73X+<J!1ngh?v
zuDcUk6jKSIQ9f5@JYLjPUELnqCGSVgx;{|pBQ<wsTdT%`N9;P!3d|lwmS7h$N&Yn~
z%2MbBWb0=;q>&d_Fqu?cytwJoY494aeuncljt$dg>Q1Wa9hr`g<Kq#wzD*>ocPW=F
z)<iLYJbkYRSdPiDs<`Kmjk$!`YmPsnDp^ACn8vj2=S-uYK@Pn7oNj|Mx-k(hQM7q~
z4P2UwjNerk)zNBAtppee_AMVlDC81cxxLN554`BNfO<Dq<r3wwcTa3Lgb`htzldxu
z#4`T&T5jdD#GyCdvb;ae(e^FaeyBmdd<lC+9unmMyoc34YI%HTwmUmNSbk=`+<42_
zfADiq5>0IJoE^RW@%_C0IzCs``I`G&;_J8C-v8;g(mlzTw<Taf^l1L{{BiL26w{;W
z%VClur%lYG_cHYU$F5MJz)6e(w8ZU}tG9x^u1n|@|C@_Z-qP#v2mM`zZ`(<B#>KPd
z?c?e(5O>wdn1*<JJFNUDbM{_!^UK+p{ZvD|qRV}byQ(nmaq0Q~ee+lWOa5xp{<Sm9
z>-Mg0^V~J=sPxwD>{g`P(P=ZxFYDd2-I?X2QK4EOPNC+tzJ8qB^Ko|<W`Fzgt_}L>
zJ#4ki(;@6^dI|~o$ULlw{z-1^H?pwrOZDa%;OEELN@)C&?Ug5x!*77ghrJ1YdjPus
zcxkK4;{)!(V`?jK2feTPY5WP=|19`QUR&GsqY5vt<8|Tjb=g>_bjkp$>wRnZjv(%J
zS%LuR>~yDDbNe#tBHY2v>u5{ic-X!=+I{~f&2AGPfu940!Gq4^q-dHt8kLhlYz2f6
zK)C8)m>I;qBSJDO_1U0C+<6rCx~~yvkgxXM|L8{zJ-l%J-0iOv2>X@)uDpg1^RA7I
zaEY<P*#S+8WPGC=Y?jurxeIc8z5}&ZUG#a7evg}8b3FLezI>W>0d=h<IKSUT&TEXC
z`{3ZPz~3JHu{|<l?65|#4bF?*^<w!5uwM6W9((58`mrPAy<{*Ma5?k&JU)P$WNy7&
zFh~_{|1LFa-#UA^a>RR_?qBCHc4YYT3(YY$R{x5fGL7>i{c&4;K!)0-(CM=jA<WpL
z-BjP%9^rV(EE5(FT;0HOyWrYQc2EMdX~*ZkzJ3o^p&s!N29NY|fsL;LXe<^4GxT#U
zXs+_VT@I4zbd($D5IJBN*(nJXyrNO2s@NMUU7F~Z`^9e+YdiU613w*nY{cmjLvl%?
zEti{cLtC@Is(`ssrZ1|sIfV>f2UBR6uzNXem7=D5P5&bE4<BFNfqQX@sGg`DRh*j1
zj8KX{J9ZHH4BiS<*=lS6K>gdQFrjR|LXb~=o0*qr;_LP-fwej3u*{&`8mx>OM9lCN
zVJW0!7x)u`z#b7<m{xu~rjGr4l9R)hayTs-;efUrj^7&u)Piw$;WtARaS`k8iu0UW
zF02l8e2<xO2k2XfR$~)`CtryhCROHj-#G89ZrXuga%B(iOfB@!Ksy-Ld+X6a16wpt
zA$}Z0VC+*!(Hj9FhV8_RiA@7pZ2}h2xL<R(^FpVhlBV3MM~$3#`5#)dF>7U2uO@-|
zT}-v%zNOl7h==+>dczj<af;jUR~gmA8P`h$husb0!z!~=heKKgUtcJCl79pMzs<FR
z{eerp!{(>1A!0uO8q=EqhsevdVvL{J4?&M*s!vr1ql0_{gBP^f2iy*J%OMv=`&a)q
znODL&hrFqqD_yHR=Jd<%1Unt?&~8;-);dPn7L}KM<tg<sHj;)p6`s9r@Ce&Uzyb(!
zA&rA2osKwOozyv0`c)B(j%pOn4&0iF6Ky>AnI4l2WPmVWf_h1Ki_?0B*<GLF)(Oe6
zy4Q+8iUhu6Yj0aDqdq}AU$JdA!ls-W`Np_e4?k{0XCaqUvn}=eaKY}x2s9>vpwp6t
zv7W60@+^Eiu{qtm)HAdj1F!|<)fgHwN<W|+oEWBH6gimxMM7N`xto}DLrau&ey6T5
z436f2AwmZ5v`g`0W|Z;g#zF|_>L4V%k!?JW9ORn&aSQX7v|$TB2b?{_9Ev*%5acV<
z7)R~))9^tN<Xge6WGmCpqECbvr5As@#-?M<q!#foW{ttcj5N1az8brUlKwNCzcML8
zZJWl-+5t8(AVIZ1a8Hf4wm8R2lzoCFDd9n23gH2~Gm}#9|KE*zrZxXgN-CF-fI`D7
z;?oV%>W+!nkQw;|)d}al8Mg3$&Z+Ixf1OkGOTGWcI2GCYpK+?V?Ee_2RNVh(oC?p6
zW?_Wwtvy4#p)H@2>0={^W?>U&^Kir30Vr&7J=RRD@+E2(Aq8k+JQou#B=7+)w>f>!
z&@**B^ud44RLP1z6rSMnh5u)!%8xN*aVUXn<M91mH82s(i|qB#+n;KG!ytNg3D+t)
ztD~L;)Q@cD;YqYqfVxK5(R5R}Qn9yI<-bz5nED)=i&23RN%4l~cYsO&)E~cjQjOy{
z-fTZ}JJwYE;I>=ObEI)kz4*%n8OaCp5U01v7mze(ZrGwYV)X56*>4nUF=5`BBQgnC
z_=TR8hV~qe`c%`FcpbV5W>ih3tAv$?$aPgjVgLFi>?6v4(r5=`2v6pM-j`H^H~$eA
z_&LS}52yHraJM2bZz?YZ5UH}8kV5*AtBXl0XAy--3|%EkjjCoSXUI?5OlB8fV18&Y
zRTS5v@EyjstLLZ29g`c@BUH~gZKcpEKavm$-wrAKpxt*$<VS2#B;@V#$oO;d{~4{A
zi*~w@Nl)_13)7p|I@sQy^Q~Vr)GY^9zaSrREfqNCDL^T-4;}!Ep(T*0^ckq*ggG}j
zyYu9CkJ*DH#X}!x>2t=`@jT3YaWFj-m!2n>SmGIX<0Zr~q<f9UK?N+&tZ-gwp%;j?
zMupCrtZw{$e_fd1Ho3uRlgDf$Am`#iAOd3x6xz~r#m`gotq}iTgVi(6uf1J;0QakT
zx57}F`3=E2eJd*(tnX>zDOu$(acZ=jxZ$vGkge)rcys#7L4nNd`G{V1!8084XhZfd
z%V7mW?7xb@gY+rrm$u%>)+v#(CCux+CCqiFzmh<Y`~#ybR9%dCO1EjM9!z(+Vh`P0
z0?g2L0;kx5pqOwH!+B=k(H$ckAOz|MZU3Z&A56PG_%7xt(~RG*Zc;zHU{Bf}J*JJW
z9hE>Yt}%YyD#o2|W!#V>XJ^<_AI5FpavFc@Z0V7Uob#HElM16eNiBt`C1N7BkA_py
z>MO{InfqHkcJKgqq1?9*Snq14|DI!f5OkoWm|8;=QqOm~7WQE}xgm=Vfd9{6<+U)U
z>a`g-(7n1fW!8(0BnC63F!MgMV0QcoSJ&<ybi^i|rv>`E|I4w)T=8}fO>$f;2>7qW
z?=Z-h2-!C)!uDoeS4DZk2){9LFw9DFuYVc7)03izUJh8f1*yjssSKrk+teGFV=K(k
zk{#@&J`g=MZ%g~IEQJQ1P$$AWiFj&M&ou(hTLZ;4kKvfUeDiPd2o@+Y^q4F8voET7
zOqR>SX?biY!)b`|&9{E1M^Ul%$+06@{A9<3V0=d;t%v1|DPNHz-PY-tLzxOCn@(;l
z07JH?&uxQFmh;=c?f*({DA6g%4_Hib*p<<Bm17TF&cFRX;JPspv<aIBY;j?QM<sFY
zq4`&x6%u1kuTwJA{c|E+VWwIUN{tGq)I|2xOpeo*eTX)7HNMgUX(t`$9f*<me!0W;
zn{HAdOB~e;26fddl_|jU-a=x+c>)S)V4so$CNo-U5*IVkqX_>C!wxfz6!Va)!(YRi
zJoAOoAbBAWZxpCCQS*Hdr>W<b#er=-h@dWc3X{6+Zh}mTaFiyE;?i;{o?(tY=8D5)
zB1Tj^f!K_4UZB(%mU~oJ<GAIJQynFbqs8$SU)`sY`2~iB#Uvv=<EV*__)5o|eNq<`
zs&=OHCkrtNp9)-n_)0}o_;Q((q7q^<1k4b=I`cj7XXHDxvc)B*d;S|*u!D}XjWlY3
zDDipn;pn*Vj)o@#ge8p9_V{aE64#GD$sQ-uCh8DBPv?L)ZE6Vh*kg5M$n4iLOt4a;
z3qd}Y4WmjorV@i3{F#`==tg~n^!$AdNg27%I~9u)uSFk0CFMp@LD{Pl!u7=_GgXA}
zSb9T1KNjCKGXq7(J%WX0w38VB#LuejnP-y`bO<q%2$cM``n0#9EK@hkW72*9-exny
zfQzKEvm$po6m-`o5nL_zbl;jwB3lm%!USEs)xpf~@L(odTVu&v1`J6xEKK<P`yhzi
zxA(Dz*&0c>cr<$P;h%&s{R6f<i+wwu>JkqC3yjv0u=r39sCwy{iY-y?Qz$y!C+#r?
zXe!xq$}K?Wf7FVV)%&ZG$h(Z%?5F|*1r17#4?CLG`wOznJ%bWmEzSQ!*gpl=_J3X6
zV3HHt_KD4t<ixgZ+je$r+xCfV+qP|+o!|fI>UyiXy833{?ESr2bFaB(&G8vy1^Wsg
zt8j9Mj)xV?B?EyXOIIhm829Jh*OP~64XadWlvFV@(K^|j5ol4ee)qLS67+xeDyJcO
zYPGJ{SpdN5NQe!^I~eHNoNdZWf~%xY(@^X0k{;mF5vZCOAzde4Cx6K<R8P~g45ECI
zhCl}HA}+#11nj#fuFOABLRD5|3x;7jZzLS5WzvMnL2%YwV;+rE;G^6Afo=GzA6Ym?
z|E;}VP!d0u@_XoBZb$q|&SRm$z;gp-s+EpNG8B-eEO7*h&1la67FMoqst{}+_N#w4
z?R5&GF6)98M$9d2!T1=wT|?%p_YUKoWc73|64UPpgbkp_pDb^<(=kj2vVDhNQ!$2S
z>oaqoWy|PG&hl=5XyiDXiaYJAU2p6gVtjNG_iz8h9n;{QE0()C5S58JiJDM<yTYO#
zhY8?9??-fKS*7)2oOT7$?(w(fjnX7M9FDU89yq-GvQ=~b(Nt|>9#<6YSAeuP&1uRn
zbW{_ca?JSC#SP|1Q@n!X<RdKi6CW#Er`Y5ojTpbfiO6y^ExVcSHCkmO%SA!{df^{V
zAjK%VOrvM~x|SzrMyx}U_llzMah!cF2o6y4%gS)tTM;0XpRt3f<+g!+gDP84ggVNd
zhxtZu0zA!NE^h%h+8<`VFza<mD}Im~?Gmh4RC0I+YB|N&`T#6bBJB0T)SghNq{7C-
z8~^gdiJj2lk&=oHVosty*CXQ&!9?JKRoC&>D>`<70wNpz$e~H>0|EZ@5PSU09{^T|
z8ybZP`%}{o+X@#s>7EGOWdE&`n4Nwsj-Ei?nFOib5Jjhu?X{P0eRUYIy`Aq6@dJa`
zBappPB!N<*Aq!ODr2M|^a#)2V;9?M5s)tO*u%#Oh_rLe_Pz8OV=zGIT;xCbo`m>*S
z{|_{c2Kj$z+RBG7fGVAxBYKsR=);cy6Pi~52=9xJ&KKGpp3LvJolnX@<X#Gk8_S0s
zMYflpQc~P;P0C3b>IuUWS*CPv98#+MuAp2l2JRuy|L8QQZ?IhbZhu*Fnm^!xeSIc>
zuiW+>Lf)0?o%!n9d*Bwiy$L?G4{4Pbo~mT5H3F4x*nEH?QJB>WqCsk?2C2FL3cX<d
zU5j_F`Hd!`l3_eF#uwBm5qQfldE#k-`Pmi6Il&9%NbP}<8(&jm`T*!pLI)fS*!~u<
zFmb{1Q7*>(9Pl_f4S(GOVGVxdV{BRpU1Mln9s*^3=<?o7#Zl1yI@G$wxYh!Z<4EkB
z|3lOO|1oM7J%d!H>a3%=7JpF6K?2GsI|_p@@{yP13OaJhhP0%y)RZwflMoWHaZp+L
z-$gAmy~=c(rbfHXPp>QOd1Cp>TDqWq$Cqh9W((+#H}CVWfp_oMM>pUO+>3Zhvo7gn
z{BUX`sz00>8gi)Q+wWowaWje@N-l17U0ftG5Zt`5gYn$HR!rZ}aS;&Y1V2I)0GE0b
zl>(7+G>N=?!3>Xw#*uVn9l7z<p#Be<7A7yr2poV3(|5M3=s-2UBU;80YlyBr<I9~I
zb)mYFizoz986HE7ZWUh7*Q{2}brSiE$7MQ&CV-(#BFqi|=|X5A3($??`{z)z@S}-j
zgK$`>J;AEEt#535q6emhgnDDsa*;sGxl;>G2?shL4vH8%ykKVG3;1H?knd5ed-oaE
zrOH6z3u=>rOU7A}3?%Rop##j0bbI`Y-a!UhstD}B1DBx?iO%!j=Iimcv(=Y^_4@}&
z&ud`yn_(;dNxY~-cKaLjJ&xJwN8A0nZ=2aRU%@=Vv|k*fXCQ=OePTX1tzq6V+oep%
zf!RvDIdK*|;`TGXKkCb1{@$usjS_7Hduo26lh=a%i((<9GfX|$*O$O14hL}3w?ebk
zx99I&&43Lh-r7!F_8&!qQ70Z!{m?Gmtot3#w|eNMy>o*oR#Y6FmCnd+k@-|k611q~
zUnU-2>aNDCAw!c|X$%t~{5<zHX#^Hk9Nu>80e-(1hK>vSL<-71+t_(7%BwFJg6-m8
zo|nfjm;H&%%Ls6_3&WtUhXW+IGS5QRKOz_LmxxH_xSJp1(rbisXuKYm_M-tXJ{vmZ
z!n>Qs_oDe`ZgciTudZ%-!8by+QijHDZOGCKvN5AU=wC!Xr>*}|jAGm037rXv2U-q@
z(<evA5u`*TE79N(QPGWtQlW<-qo*K2QKL%{U0uhSQEBmD>!8)n_XEVpElOaf`y`f7
zp`nPx{S%`_ApDG?JE7PdS?GcFjC>1b;;C<m8~5czsYK<(mZI{J%fbwnZ-mcCZzC3>
zh;aUG-_ykwP09yyq9_yQ)S4K0I(5!^HE#BOH=dubN<`kZV~1lTMW7^2dnZM}C?|qb
zWnEC^Oj;PNmG>?v1pwSjgYPBL$fL)O10`0q4?8MEFjb-$3$YJ5l@I7yr^GGdbr(QU
zN^A3!6@#VVLUw1dS#*PvD)}O`+`rfqiy8Yl9l{JIL`S@V{YwNlvVQBE8A(Qeg<Egb
z+FqDKB1Ejdku^;1x9mwSG8Bi~sEg<xzT7jDIZQ>xfr8zhjQ~J1EkH_ld`5?vTDdYv
z_rv$(g=MAevc0#xG<@zww3)hJ{bAU=kdu@(@*VB8NxEpqEU!*g&GL=GO3?^$DZ43d
zSecV)PsEINFW6aI+20~t`hxgyX(!yikb!8%oaoTbUs;e3vUKPg-+z@o92p11CM-$P
zl|PuDs0KU}@&cmVTSIdWOX%sF@8>fc4oM5L5~{T7juV?5;#%nZHKlq)a*suHsox(>
zRhk4oMkO}U6`MH<f3y0)295t3ERS>3x6@$#B%qg2*0s1MxKmh2S-V#kPXCmnBK2++
zN|6$#clCLlH5uANeK-V}(aiMd(gK3VI4Gc0zsjN+69uR}{WauwsE==#6*^KG0888L
zQJx$RDmxfw6@_r8JQ%-x6QgqW8vRGVns|HY9~X&J4H^5jhk9E?H9ikkwmZ%Wf3Mh=
zvi5wqr*uR5PxKY_<`4v#8(TifP>AWU9T#=HLl1#?UUmG@VEj?4FYb<a$lz1Z$6=?g
z=(f-3y9fYM!ya=aIg(pGGCe(`H2*HFBk=8jX73XphH)cvNPeT6IcwX<=cDvJ+OLa-
z#m7WG<@3WE5<qHT;Sa*b(6q(v@dj`5PgN_E24Lt;$hGZNLcfM9^9}NhMSx+@Csz6z
z(P>dEfA&Xvsi1}sJNNqkziC6rmjBU)fd3C}*ri{v;Z9*+FH#1SIlfUU--VypD!wne
zG(^tCW|{~aFmY;WUeq$-!Ox}IJO?xQAn<=D=}BZVRSt5*IFB@FDe9i}6OTC~@Qx}&
zaUIA*sn`DF=Y(60Byf|e#%7;GJ?Th@G)$DqaeXz-+YHj_LYx5qfukof_tzYh%2HtD
z`u_y7v$`uMc696t#9F_|T^3sMv$}8G9F2jL(8wpF?N!+>l!y6UFgEoSJ)V`V-@%9P
zsMl<v6oHk%`J9<T3b{%v&Y?>>QrGi{5q(nH>C25~$(?1DM*UWhp9Pa(dRq@V<qien
z#E=zc+ZeLb3ITr^pzTG}`A|)w<EQ8k$$egleug7+PL=TogK;Nurua49p?L0iK=GP(
ze>r^m(YE$8NQu_JGwwLqQexr}9Tn9&esV0{kLS(ui>gHbJIJC~{yz$D!*U?{<!9kd
zsSSkOF2=*;<}z2|Rttk+Jt^`)P_p_M0`rz`_}gZN4*=?{3d<C?x`94NcO?F=P*p>p
zdo{EtZYmhJLq(Cnh4dRn6*vcL1Ety}W|OvQx`P4w+K$zmMx2JYC3vl|GODb%;x-*k
z)nz#EtPeSprq^Xy?YV~R|G$)>dO)}wr^f3IfGZd0OY*n&-Jdzg9&@91l0C)$AK)QN
zFUjr?cu42_10HI$3BAGMpxpD3b7v2MAkDEDdlOiWtt|*Q7ssZTw-g_o(sX7)+7VIY
z8M#$F9cUyNd$SM_n@iU{9Hmd`zv?LnBPnKCcAaX<1G368+szE7$j1H`P!=ktnK2cd
ze5$Q)nP8SZ3Ob#;QtRI0xU7FB<7q9!P;lkeyq|MLzVr>xig4Mqc)ve?l=7PKbhG~{
z1t`r}yA{^H{@YAWTVOoFS^3rB_)qp>{p+z;``hljH}%Bi`els3r3B%vy?I#|+*y&=
z$MzI3xqUoz5U}cLx|yllbq)A3Qg3T?-Dciyn5Or1ec6V8Z+<<Te}}l-|AOV+&e0;+
zed?0x_F{q$sl4^Me$(6F<uZGK=)67MG23dlxjwCon7Y{v$&tC3_xN7v4)SS~#mHi=
z=jOHi;(7nL?R-A0)A#vuJM%H`>}KV0v6%vp;f<RuKFes7I6vHO{q64Re*ZY_JMDb8
z?siqQ&DLqk=)9W!aN4r*_Bmmbsd}HWt>?9Ml>zU38ht#zJ#_}SxTyc|f?T-zAM05<
z&p_SZ44kY8S9YJPtGm4)7qJas-Qwz>{H3znjh>s+2;|F#QaOs(_a*ZXQUwqNo_c_6
zF1?Sf&PvM=TVI=!ip!8MJ+5=W1+N}EfmseH`VvNi^L~PB&YRD-N96ee)<s|Q_IqmA
zzWw)GX}>-<-p8Nwb?;g{q$!!{jrY@!m&v4C8?LXp%8Y>CWAI+Em>}4!2aX^{kl`Xo
zoSuN)tYxq^wScew-iyQ-&LZFs9Wg-l*JH@isI%<`fW5D#qw|W_EA{c1;ZFlVBI8#c
z;M}h_3j`<RnQuU!rYmCRBEE?eS1%iHgKs_QAqTf!=hyvX2PWY8uXp_>kPeKQ$3{w^
zDNWxzK790=Y0Atu4weV3O#8m)4+^Qud+7tt)AG($?YK1^ysOBI0#0LE6#}^4;_;Q5
z*X-UTHGk0jT(Da9-2CFU+5d8Pd;dYyg?Utnr)F=@H-`?8hY9Y#-oxD}gKU(pzEKxx
z`vx7nCp#H4IWx?OD+a0&RVJIopjgvlXaX1iajJ?$|Fg2TpDd0$Z>?F&YAX(DYC^4G
z*Y-gw{69~5uk=<6S$7LS^0pe0#H<N!k~NX9`u|J2c=e|GPr2CHf{JmPtl}w4%lnpL
zv=)OrZ@ITV9P#HI2#DtXkhZrPu$A=wT>P?FPQ2zsk2+b;ORG?)IQpN4L4i$zTD%<Z
zIU5f9w-k8>+%Oi@<JUSmYfC8qtvWj3lXJe?Uz6Acb{gV-*!9N3!<79wu34N@zj=pm
z|G_krn3k`q!f*QE>v(1O|LH16+!%sodvqU@9qV<Mz0Jbm+IZRh(V%Mwc3`_XU5voa
zYPaRn86d4~hv8MLx0Rn{T70P7$T#G`D*HYaV)1Y(aZnEWtcd|`xwwP<N`qF<+*g2?
zDnwoAqP1tc!7n^I`axK3zk#dhaf;*G5sQ=1+rqx>UH;i2Sm_}VP7oaT+u94)cTUkw
z7}BK0#Hi;rqe7}~gW`@q;ym|hQ8)F5X?76&df!wl@q-tkAy7w1yyYOx%^a@aG&wf0
zcPjNxEw?xEhdCI$0m-q|wzeSMHrBKDcTQF%9^nyR>1hdqN({e6#ePZn>?;)$B*I0~
zO#G)`?7&}KrxKn1pn~B_wuKW}>Iun8)Bx2PvII@P1@&itbt*_y;)orW22K>VYvPY7
zm9<CoWPIpAvUX4)TTe@BDrH8)|G+?^6gq<Zt(rhvWYF@mduL8@)$G0BLWV-i)J&AS
z`r1IB)67(;cUdC4hP`JFh)0LBlfI1SXU7I|@t6)AnDvSf#(b$hFgA=YI}h!+I&NvN
zU`)A^ow*H|b{~QHxW28X{LH=+9b$EuxgR5uxVfz%2~0qf9TXLqxiov~@KYTlcd!ig
zHineo#$&<NxC3=KS6DOSTJ`dBV)~B$RD6T=jb*Nfg}9jFDQbfW*~++pAJ=x%aum=M
z@6Hz1<hI(k>L>45H=6CAG_zRll#TYg|2*5F7cEwO+Ige!U^#^wYK0frhbMmVxd`oE
z;4k&gLgF*`@HxOwQeX<mCl%eMzFeyHiJ+Y`$IN=M{~RRx_)hMz7)BIDNQn?#USV&>
z%Zuaf#IL_NNY2LhW+wr@oQjL?Kbiy4DQoOb2#6lA$9fFAjKah7kK{0;iu3!lrHd(Z
z_)0CHYlr&6hAPUVb46}|5RYBa0gmMHXop`UyF{oenHv6S6Rpp3dZaR3v=#>|Z{?sV
z_^PBvE9jg*2>B*XyYtCJhTilZZ@hLG=c@@It7A>Y8+5Jp6b;bfU3v7nbr1op-+V|5
zOvW1Hc5EF<?=Rz2NdLG&LGtLyr0WGw2oeFvl>r+re)mv8lFrP_7Seg{Zwryc<^R(a
z@~AXH7sVO~7xtUi4z&!2ZL1A$m1Xlp*p5I!W2fR7am-6Yn&g3<UX#dYsVXQPzPBfy
z*u-Y*OZ0~TCfz5dNdgf#74$5RSe)Tqk~acSmOsigS+31kl$1OftalDEM6j*0a45L~
z8vfcZn?Z&#5ryJ&0h4FJP#LEmu+Z!{<NF6JgnEko0Si;2`DAL{iRG-LwkX54+43K>
znL8cPLvA#HOPX(3nPw~%4`igK4WE67(ueOdwN}`$go4Nd))n&4iuKJ;b3+o<$dOo*
z#oT<sIJ17I*WM$6182tVD8Xq+Scd|W6#oX7mDR!9)6hw{RHcBx5?8nT;RX|M)$q`&
zyZ~pNTYgcb^IK2u=j(0EtFw_|2{LN<fIcITbws&WO%wM(yMNGN6MY0>xsU{-`ATp?
zJS?YuSKwB}pZSQWJFYju)kS<OHJi!*8Llk}e+<`PQlDgXIJq6HwU5ZF&_Fn;_kU0I
z%A;mo;wSp-ibL{?@5oXV7`lU}yghs^F|`wW_XdCnh^eu^`x!<cO|<$^6hu`4KbwEB
z#H#<>{AVdf30?#UjZpM2!@+_uT`EeD?UN`P5bK6oIZ??;ijQ_kvB)%JTwan;59lQl
zp>`v@+6os*7PjAA9B$^iNA0O6<gO{*bI}kn*+R!CMEfZ~KlWKhgHO3x<*_kuPm9@7
z3rm?yW!k0JJ=G%yWgV(T0c>t0koQ+I%xD~%z>Gw)7NnF2@VnsJ50fOLu#FoF_}go9
z*9~?HBlg5`rtxIMYnOof2II0*MU+s1Hb)$=`P%iK^rlzr`g6|fV)ZnPXYi@F9&z_f
z2YY#fUd(|fDH&&k*CJU)e_Q>&xNBH3%VQ$-;rd8M2y-H7X6HN*033l$_!EBF;X@-@
z95nT@2X?UipU>I~&>Le0VdhWn2|{-FXD<+?{oZ7rQs>d+k$k0el-(%Qa0H4UzGwEw
zX3e~7ok05iKby4~6vZ!e3mT8r2HRXRHuK>Xg)F!*QqLQp**^#0toVm@0n3QYv$7-x
zX1SC?lPex~0QUKGx=uoG=;hlfd^UBxzCZWTc9r(G$l6rL6^W#1Jt!n({m#B*EAfc3
zBxGPN|5R*Cpf614c+)~S+3gtA3mTHS5Q$6khO^0YC!o|xg#Ql$e3=oXvyUPg8<ea2
zXqDsU*+vB#mvEAx;bHIP{AL9#L88@I)o~;YkOGEz{h4F^V)JdA$kU@J|MYTOTM`z9
zF63`_WSMl<%D#F-Aaov1koVE7{x7^&n3U+(-+iZ)!k5u{tK}i)`In!VTzgb3Ky*Xe
z;r+EG;6uNl-L+*%B%Kdhh8=`0ufZ{z@gA?b-TEN7iWm!$>E%_uXExyp%CIKLZZvZP
zFd9rHZ(*=TZiE4mnb^v(O$+x3yD81Rl?W~#{++<YEDJieuerQJL?(>D16EsYUNvY&
zjlm4_SmP`}3@BR(V>{X-4yQ~E^8{t4+=s13`PafOEkqtZ@De&Gd7Rl}O9Y&non)Fv
zQkp8uhg}EjIy9e$lAVvg!v{+)Tpsub;8_SV5g3dE0hT{NrMt{r@n^m;=An&;ac;V{
z3jtd@5lTO7`8`PG)r%tjw|rlp@$DRG(a=1Gp8ELr%CdlsZ?28LE1y5Acr(zq<Tz{W
z8JQSg!Z95r^mrTGU5~iyZ<3u+M{>}h`%P%^8klwrf3oZ|6G#eVHmo~TttKuR0LqB`
zFLi^)_UxM%<b=pTj?9DvO2%8{mG827Ugyp&8c9S^Fg0^=TfU1I2*rfCf|iA89kRl=
zb>@l%;O!lC+{(_L7Wi~2ww&+KSSm9!Z%58fnc!RvGxhN&lz-{7cukA3e|DXUpfD^V
zqDgyolUpW;agSB&xR<0Lju=>y0ET7`{p^Ze1R|HK3uh0OCMefhlTRG&GuYd9U=Hs7
zCPm~O>Nq{CQgLuCiT%uf@$nc~U2QU0sPsZIPZQ1VFwI4-RIutHEO70t|29hf<#4^S
zbai!Q4W+A`)Ph-UGt3>n&WU$J<|?We!Q98lLfCN87DH~rUk@9V(oX~50`xsTDE6f7
zLv21Gsq6&iY~jJpMa0Qf$EX=`xN^7K`Y)UphV+>6{ADCB{$6JxEv3wjyPh&HzFd}|
z7QB~<Wxn_P(;arxSf?pFtT($uaPl|(?N%QGLiLQobRPlO%2pheiRI5QpwXw>1T$cN
ze>q{)a{4`<l!s+GWDJ5wN9O^~)F<{}WV~Zv4{lY&0*(Fl_h{%AYDQ-o85x|ESIj71
zz)4+QcIBrbj?8B9tOOlK(hrR|qb;&AuYg5ClWu05Nz-f}?+H9U#ub)Et{y_YYipbv
zD?$B>^yR}Lfmi1zEx=};<hbx<j72<^Onp>g$JRLg=lgk*7p*SyJ|^+c?Gd5m-Ombj
z6{scg;M$vKHd!5w=O0?JTJHPcVou_fzWHuis=iL)6KXLhI|%kmB|Jw-gYs*~@ijch
zC_?M>?QrqY$oGqyg*y{Yhw|-E<w2ceRK<fQ?^yBPy>A;JG5LcHvi^q+PKwrrRxf<s
zm3v~AenVSNJ4RNpd^uQtbZBK$SLV#Tr9sv0+7`Wv7bP7b@T63~zB(gN7j<_?<iyMZ
zg7&W0vSU~6ioQ}bKTUOTI_5rZX}#AACaaacB_65AbKeY?Jt}E@iyDExG*Q3Z-SRdh
zZmUthB>=bNoSKwhNqYeJLHdo&R)r7hL3$pQ+?OCp7?p59(Ti$0@9OIRe(Ol#v+IAA
zw5Lnyb9-Ba#@kJ0RCJf3d3e0((mMAJ)tTeo%<@sWz*E+s@ZNiTx5(42Xi;>n`ljRM
zW$vBhz<ez6NZ)*x(qZCm3`SDn3p-W`>z@SRmuuzkxl-9ex>nJ_f{?VtwGzGR@xhYh
zcSF7+hSvN^E3h>6i7FYAK_6|wBo*t-@`1zrH*xsSXwD`Z@^iyEGHptjFoVyI^Fc&q
z&QAGsp;lV)XZ4^hs7v0Rm}YIz)m6w=T>pQtV|~&55A0}M!XUQk*pMdC0pdOf;Mk=b
zrDgAnZEQMUcdpgDrMdq8eYa4zrAL~ZzngvBRTh9}Cqjp4u7|_#HQwHlNsO0TQ`=@*
ze!{I-tC{et{}go-FY}p&CYC#f!gZLm7@n1+1`oKo5WuMykf+Xoo86bg4VJyyIBFG(
zI#df?;~;2sc-YNt!AM;f9##4Th}I@ga-<zAxTX-7*#JGp-D!-ZpGrvtOZ))+AnSss
z>oDUQhh}Wq1x6_F%aCmqIxeH`6qamR2|PjabPtT6c2ylwVHp&0h0ex?&ccCC!wugT
zp~qt54w^(7EOfPCKDX7xinSaV*2|*C#QZR1>fJf(=*5;obz~uLWI@~qgqsL5^PM!j
z2Qt&Uc~)kQ^^5^YTVk#DKr@j1?l2N-WzAm8m>r~=X8T?&HvWQ3bc}Q0vyFRuH9b6E
z+Z~+k-8nhe=!m?Yi3s@vp3XV60CKejifrSh-5=`p{&;e~%!<Zl=W?TO7s+{wmj&Nd
zWgUEp$YITA8tn=4+)m942&s&3UO!lK%~h$xzC`Z|Tf}5=kx9yqQ|M(0+;gj_9yNYi
z(K$+)$0-LY9iu3OmMi7IFLyXfFGR&(s5ZBx{fllpS~s*bnwyD$o#kUP>o{TR#1W@H
zCD;?mV_p#h>zM4q3)wmk8bOnKs+~NW)#%ZY`!Xv4-Vcfw6DOGjplTfktG4pf-|S6F
zmH<~Vv<rIojcBz`N_>PgLVPqO1YLr+VY~*xHLnEbknXU$65*CR9S@9jhI2hLs-{a^
z7^hW;_(}tfUqJAZ?L2W_iu0`K?>;!AEZSuyfFZ1yV&2i=gt)zWMeI)A9frh(hY$iK
zB@(|xJ5?Pxn7(iW%#>bV8^7RSM=e!p@dBmsUhfZ*y&OhFQI7UD=UTWp&jm(XH;L~M
z!h-Qr=~P7j<Orrg*_tK`pP4F&!83gr+ar=fJa_B>|33c`y^l6O2VE1qEe@$Lepzug
z;gd+~8!&o!q}Jkk2*p)fLh7+CR%5G(kEl6oMxY%Q6o~-_q|mwx)ND-zB;T@|D#k=G
zsV$kJ*5MwTgwndnOSx1X)Ke;I(*ot}3AmlnN)~A$sD323nRa>6tEKy{Lc@6cq`<*h
zv8N&F_8CYLthcpH4;bX|YtM8<YTu*j^0CgbC>)S==I3IxH(iBM1NG*|#PU|^1@rFL
zQqwP4e6hL!!e9;+j<xcrS4nJ#67Eo|Y^vVhH?*Ezofnc%^Syj(k-O8lB+I$J<JmV0
zJ}EN&$?{9nrne86M;5xf=UZBP%r~?+qH@N~rH&9c+jt6@Pktvi5ikm!C=5%xe-Fa%
zv*Xl-PZF%_Z%ibfPZBKXZwywR^EiHkJpcVItSC?bpvX6^*+O!fg-idrmEfP@e+%A@
zRLI{*tfga#y}Hff;8J3yhlzKXX4mDdIufAwLF*z>>n`hT_eQ?AHMLg8?!d%MQQsxA
zm0311*~9Lc7H69aW29`A3zS6k)vf%ic<bGT`htTu=OSsb2g3GRQcZQVXhx(hHUpQ^
znhZ(?^tzr}Q?E<}C`aT+-A+7u?X9`Q!IR|TUs2EZe@}d;G+W4!jW94Ct2++jQZnOg
z8rnyRE6f0Ai&zsfyH1fqD*9t&zBk1X&H;5$Pk{Njyfr<;Ywf(k-<7lv{ZeH`>l>TC
zxiILn{kT8J7JffhwfzVFy}t5geortX6VP4&U=;kNkU>OJft5POkO?vj<qf64dvTLt
zqCRsvM4)lGoBMRQp2Is^o-sp8OAA7CJ{Y5t%MzVJ{(u}l*78=A^-=3@4>>>-(C6R@
zjGFM$1mvC4B}|BzmB75g77A-h$_Y8FCRXu;;1l~9&|s2`<U_R8RA(LQxZJ@?%OWBQ
z075ptS(Fi58L%KHq5075KylzX!L5E0NOq$q=?WbjZ^2lH5r?Uxufd21c~g8AfTp#P
zT!o2qq^eO-^(1Pzv7k3<#HgF_B#JjU#Cj6Q-otYr2o^&(;76J4!yyLC@B;6Bd)`Jg
zr(HobulysFZ7F!LQ7h%m(<j*-(2ueQuwniFS8%jnF-+Cub0Hn8Qp{)jnVUg)Tk1{(
zgztjrQf#C{!N5qUlsz43edwPnHny+&y9nHqAo|?D9<>R7q$?=o-)a}D>dYsq3vqCb
zm%P>_gK2htudhd3?7M*`_%VnTPRsNpPzUlexX|)<$bD7fc@8Q*?t_d>47hs{V0C3u
z9WGK~K%V~EkRG=e|1Eo(#t^Ng%Ymz8shZfXGeTqqo?o;%J*9OCt+Q?VsN&K|1z-KG
z`EDdUDS6>{d$_c&1;A<}dkFn7;?+=7_I|k7_e%+2Ma0>T3aHq43vO(?8=mW<23(90
zv`>7giPzr2eyNoe9skCyR>uSdNH;)p>cISYg++e2zIL;wx9ez9jb1)>=;#~zA$O|p
z5(nI)m94&4@RwbRM{K@R+_cQI<7c*jJ)<rz)3TY4y4tM|eLJ5}C+jjfjZG|h+`!^`
zLAue5+M|u7#S~E1U5TqUu%obC$-_^nUDHc$D6ARzHgGAM6c?bzci(UTB;<KA%8;#O
zNGsDxVF#)#*TI4`D%`@Z>wPEW|8#QGAPU1&9ai6sq6#R{MN`Qu+|UMiQ6-I#!F1pV
z75cNwr%fI9NKBu`$Z@|un_mMZZ=VJ1uEw@u0MvkLHS@!3X-oIR>&fTmp-OkF>8{l7
z=1&%YE%b@(<1>2Qo#ZXxd91QZ?H@IOp0?xex$2|yJEzmt+7?F~nYDYmdgSSXL)aOK
z<r<^?Ks%}MY>ra5AzrKT80&fe7l=5rHKN|HT%#wcN!#tv5vdKxEu!$movS)h!nhGj
z!uzO^P{E^4%kU&zx9fQAEA&KH`PP1#bR5MkxcUix8+_hF>&jd}N2UMWk+3^`x2E5I
zdL|b<C^}7%Hi8TP%qe~PYq4mqSIuKbnyqEticKfx5p`N6!HLceGb`;3btu})20jB`
z)!)ee4t;j}F}E{8E|_n&Ve}8$qnK%}5Y?6IHtRHY{t;r;gJ`SeB+v-+3C9pcd}B%}
zr&-O$kX|kUm5C65*yx{uo)juobZL8<y7YthzCK1(jFj)~#my8|wNOxssId^^FG%5J
zBTTkI^;4u~da+ClfuTq?2jeJ&gR>Ehq+FVM89v=QXq}voKjr6f+hC{Acbc)=!l~%4
zK7@-?xRD>oZdF;G-t8YeH5WbOo8E$rgaZ%9wUG8I;O`aya#G-B+ag{5Cmt1Q{Vgyd
zdcwDe;FHr!BrC)x@LA1v{)fo?Yv@_FwLjd@Lb|r?RF1TSZDLw{4<PvjOhUSf6$e1G
zY<i%Ye2>D9ko9KPu#0RHOb{F%A99_YAmz<4rP&xt-$2Oh;V4lenfaA8!yz%MH+;20
zx(wQ~2*R%by?6Kd$0q^zEgvE$Z@o>&kE%%RgT6jRWRK;jSGl{elJhv}#^E9~7VkJI
z8^=SHQ3u4DdL$>8AnzH|3Iy>@N;>tOZN9gip$*Ij<|$@3h~=zP&_FSuN0(F{Uw|5m
zGM3b@(tS)GUmOFM%)8sjeDRpCBJ(w7#_MOWjUY|HdB*rQ@23l8hlZ|JSGQ2XMM9>4
zNHU7bdOJkyL&-j)R4%~Y8R~l@bgBgCEEbN|QIh=7Eq<ho`E3;ceEUT;2cl>~!<gIM
zn9h5ONm2IGz}<(hYUGx2oRXBmhw0LjJ6Y*FTLQc2VjB6OJ7=nK!lIznN3vnEU2#bx
zPu~~76nH3ZfwRXk*lF}0XKD4qSnkF#X7;Q9UJ9?LW7EB<JlD=&+l&Cc3~1?A*nu_p
zS`)l&Q{!}oG7)}HRzDdZP)c~F&VeE1%^@#q8>XjN!<N6b6;*1A>aCjJHLG$eANuB@
zsg!2PzaYHlUy33085{PNZa@l=--QOh;$I1%FPBdh_B3qj(og0PTi7=}&qA~6RQ&nV
zue^b&&wLG;rfid=8>DM4JO6<8vIyL-ddKed4^sl-Tkc;p+N%NME%8h{hib!}RKf{D
z<iyFt-a(_YcN@SQy?-YbkjgoWNka7v?kx6NV#|bW$R?oMvpjy4g5?Vp(m!L0&A9@0
z6_0Kpgbv#R1~ye`2l$%!vTvAL813|DQYSL^V1>usT(NsdRuRi1TJh14@8gw`Sx2La
zBG_J`LgvJs-l9(hn-}ooaE@b@m^X2Jvi94IpO#Tb+K88_na31ID_4W8OjtBZ97N1%
z2;O?r)?7{%oD6Af3OhjH2)OL7YT^O=Jc%-DMSTMZymd0f$$MZdb6M0nqcT|8f{?j|
zy0gq~rx0cWu}e(Tbt49885Z&c`ccs?vGAV{tH(NN-u|$Awh@OBr7!3b?L3q=)uQ3`
z31~k5a(vN5QBH2mZ_%v4^yPg-hyw0G`-V?SgeLcYHCIh}c<4$8f>h-m(uV_*mnZy_
z2^eT)Z9Vi>yV*3hR-=;tE1pKztjUSI*{er}+)wewe~Ook(eM##{`z0>G`dE405D=*
zrNsK^Sy4o<!RkkZVlf2quBv=@Ho&9zK?kOB_u=d2+q=C{oI&_Ly)|6ipoamQ$8h8A
zFktS_ul)|EOQfR{>Nx;}Sq$-w&Inn>K$?-=+V~gc0$pyC6O>Nd-Yz2-fka&O+?!)*
zyR7t~thWi*hcI4;0O<D%q3n*uJSqoZo+Z<pRH%6blN9`VcD6wz8l*TRNziu*Lm{0~
z@31}nl)MDt_Wt7NYEGk5X<NQ-=Gc|h<l2Pp3^ny*4I|M78$*D|2BDyteo-de_U#lC
z5P=52E%5HX`+0WBbl2Jj7I?v&y4#tw*a(W7`r{=A1kC2Lw@rbL@wh=qVYY;A9l>lY
zj$dcRWLJ5?T)&vFa3fM67C*P}FyYI02+Tg@@qO7OgdcnYg$2+H<NzABq%){0bpzNb
zadKMW+1c`>GdSQ}J!P2=I*C7zX+_QW2H#VlnYZPcWT3veF=qd>LucG)y%xNW1{EGl
z9Tgfvg#z~|0UbKzmppqRTXc={T1H=9dqy8o!AUz6?w>U|p71{X&Zv%wMmhG-fuO!T
zId<H-K7Hxh_?$j{l#|+^Eq!_KKAJY1bG$!4P14=t!vheq1>GrFJ;QlW<k}N89%Xqi
znX%n{Q<`@wPfl>bZL2J3n+JK_iK*O=O4f@Im(&Gu&!6v}1IOhGD?Vf23enhbMVo=p
zDu&YHzn_A|6&$p9P+c{=0TJR!BpEF7n1?V+#=F4&g64vEG;IH8Y~O^Z!xr?jV)Ohd
zk(nEk4;{c~Lg$QW!aocgOUUULqvp!RuM&e-lSc<!(p?IZ0zz1!q!xzz0I7deGLhNa
z(hxZZ@NyTfMv^f{z9grcZSU@Qdk-6Ui*Q0x3mTpi(%Uk(i<yh(x-69lN~7wc%ciP-
z9y63l!+$&B;rqNLSO1MEJu{@KOp#Ymn$ccL9uIJqS_Y2rq#Y{@&o1(;!NtAI7hnif
z&c6NAfA)RIGREMp+Obbx=AwOp79zuwh{4Kwh~DI}g&p=L5hb*HWkUZ3$*Ksii-QFH
zHZC`Ht@wL(lvv@yO|UU|zEkfC%#l9zJ&)n}0Ur7Z(bMp%b2HUbWY*RA3g@x{Kd803
zxd4#Viaw!DLYL~<yMd6_T1~0qpm&AS=SS=Ip5GRz{_yAM62~MhfQH*=OXpt|&{d-a
z|HeJ>RdY*po81RORaizsiqyvOP?i@H&qm>ix5`A;Sr%>oys|F)c1%`V0a6#pRYT(p
z9nTgqdCXITSl_TiveJrm>PV3Ijyk3@8Z;m`jSk*B*qfHjVk0ElBS5592Tg2Qx^8JX
zt)C#(%ZKI$)Mo|qbALMZ*C7nOk?QgRpQ+L3FD8ApXg|p=N079^;FC`m{vzcl*MTc_
zonytXBg(h4<MRk+Cq{zJ$tPObu<NO+EkH+yX0ir+M4A`K+4JMm+vnn@>Wes6a~`1j
z^~O)O$(<iAs%!iG?S?uShoX1UEkEXi=r@v96!~9fY5ei=W8l_hzcY4ldSUfM!|O<1
zK>skNk*PlXtm2`XU-Ijz_&{7#QdOo0Mv@p<d{Jo~PS53%N39V?A@z&P?vyvV>(xE5
zspGE=Gu3V&yXLiF$QGEAYp~tuPf7sfvmfGBD;`YM%JWc*<zfZG{97z%{X@IK6&xFL
z3`pDZrr4Ml%mOVkMrk|WW=Le)GCD0s&lOzLzNYV05G&NZn6eq(LZ^Lk>&U#RZ@c9`
zJJ-sd%~p;kdoL@698dN)=o4<<w}p*zZpRaCO_~WydIXQ}o%+1XC+7^gIuw8ml8L5I
zEXlShvZ^SkCNn5M5&0Fg+_}#ItEeYX9`>}dm6-R^v({#zDs*fV*6(4F7B<B$mtv=?
zvjCn3SShT$M``Xw5{n~V!G_P<i~hsQ!^!Iuw)Xx@%~gq#7s)}V50a&5n|}JT^}tAG
z@g}cwTu*-R(J7&o-2(YP=fr@EixSc`_%s*48kj(BLMsV*!V3_649IrAm3O|C(@%)1
z?&px2dM`t3|C)M<Zsxu%E6Y1}NY6>@yoqMM6=M7U&Uw#3dTP(chr}c<u3uWuJmzBy
zCAKzkv~97>YaN_0^DRFrpS0=Zo_EYN0_jCp6MuIanPuU-TBt1M05}?|=+U<yF+eH>
z;jLb2Qaw&OH}GI*CIw+lRZ~+*q3kNWN_VEcdFE#K+t^|<W;37;F0sM$FgBY^r9=@f
zXDWHt)Y@U~n^O9guw@u6843(SRcj$OP0^hZjT?xn;bE!-%6SmvK6fu{RgcB~Rol`5
zT02@l+<aO&D^>d90NE$)RZ%0Dg^6apiQ-RQ21YAk1NmfOk+NanGdE%fND<v__z@~G
z$@{Ndl-_h&$rv9T&YXiej$q?p+(W!z+|j&BGy4^pFdiNL_$6#0Er?qL+*Q|NG5=jG
z?k%gB8}<jc$<MTj=G<Xod;S<053iXAx1Wpki(9AZbrT$bLr>))<aVB6xG&8-DeTMh
z%W6X{C<+Jc&lC*KHWcyG7HijM)q1ix+8Y>Mmz94ezQ2V(Yc>bJ4GsEk)Uj-Af;^Wu
zW1sU;OEfqw&V-s(la>d*$7NF9pQK;#P+<@(egf|%6jy8}ZuR0j@Z8=^b+D=P7In%>
zRgv-H7Y7M|c7({4vOGn|rQ-=Z))PCDwNES?eD4Q)VO6eg+I=<roKd@|Oo{!!Pq1CF
z_yVF*rRx)TazR2(avlzIm+`fKRO|)8vnbq^NY%eLe4V&Zk0f$dH3Qp}+%>xP6__U^
zPP27Pq&jGj56QbHrmU%vc@87_QQPlua+3N_5{+E|BI^*P;c3mfC&HmkHGk<ql&?%&
zy}&&AC7Y*VOO=MmE|9FEXN@0j<@bpdj789e3nf$tA72Z>6nIe!v$wEzr}O|~owdIe
zrl~%s#JuaJ=l2O8S=lO>wn54w2EY{PW8e6HKROFb!i#xdc7FWv@|Nc&M%`M;thP-z
zr<;2KVBI_(QFU$6ym;8)3!6Ct&SQA)AUw%lhb76*PkT#>RqoRg9*+#fx4gcLvaIS0
zNM|lDtIdRH*}}}SDyf}hc*@J-uNKI?teJ-4R>ZoGC!nbwDo`_c`Wp$m1_+@qVp^=3
zvwBcCwq#ls(W3?O1t8rJC&v1wAzepop*Uy(`d<q;e2xs3J;m_f@cxW^$7J0wI5sSI
zq{Et9saw9ne>njN%O?~Gjg%rOxA_T|`?)=G(ha{QbkXCP;FoV@y7(!7kKj+^9OR(}
zjoJOho0I2mX4F=_@N!=nd!))T+!>Qz2L^|s=`e(=B}^{*Zyf1ohc?AhwXA>?Yc&SU
zU-1eV>-*`P5FgnL7s#4i*>4-Fo<2duj<rONG71@Uk23;sZXqTGQ4#-+5J2mNRvz%0
z6F{@4C=Y#5L2g!fR}^M(RT4Hz@-bB&FlnC{mKUyQ?N50{FNch4krPHO4-HTeuAtVq
zyMe2RLRb~St1YFAJIZZs{cA8U<roJjo#w-v)hLQKLpuxYSU}3b<8GiptC#W*N~uf~
zL*Qra)tJ_zoYkP2*PPa+%$xW?V%~IoX~DFh%f-L|eV@e;dt)%2*@3UhP#WV@{kzOP
z2)7M&F8fPCb;7MDzbqIOlRICL<xIh7!COLeBLVvT7kSDZ12aEk#rm11>d*)v&)*5m
zj`l_@FW)o!ig0l_7$8|cALRNk#1Mf$+0eUKhU$jv@_T<z2#t3(G|Ysv?H)*8G{{Fw
z?3sD{9jR;jJh6uZ7>wBmb0;9$ENC9dFJ>m_M$n!rm+*EJH`{-Joc4>E&D~xthalwI
z2?k!*?nUU#zhCjrzaInFM;8~s)9Kl_+5g4vWhn}uqx_b|@nM4VZ+Q2{(#FEL3oHa9
z?0;thj&9DwlX2NUme${`Q$O-OgkL%uITE&i8f@V?v)<jMvQ(Eg!)r(C2dUC>0Cp%I
zuW**<C=Czy!@__CuOs@l4$boVbk1NwGY%a&2=(i4weF1c!_2@~0KRl~QVO2&tgI;*
ze(VCVgJ@=G=mv7vRuI2aXIa!tjHm812aTOukoMV7Xb`<z4(pe9egF;fYJn}@Qb<uk
znJ05GsnzGHxX8Mt5+1`mYcV^-PCzLFx6FMoAtOHI4V+mFT-w{=o{HXI=nzvE^qnyT
z%gkqWU)W%u5`@nJ06TU~i#q(RS&x4*oeVVUTbL5OY<13v@~7MhCN!R4o*{)3Y*6&B
zy)*2oHqll1Q;Ffo9anQ$G||5Y&U4H^>kK^6(fX5<Z4=Eij6XAPblwajZbP*GPlpYN
z)<@Z>jndGUS0;wz^K@+ND^5Eimdo+e$g7vAoS|HRb}vH%RB`h(74J{yy~mGVtN5A}
zqzE2h)2k20;s;yAJ7>3s=hdrKxMp{U`*|Tk?Yka1`hRBgVCFLWNQ&Nj!J`Omh&cD5
z{wWpL77%5ARF_J)i8y@qJNgY?EV{c`W09BtZne{D=$3)tINj$ON)*>Hkn^|eD)y7R
zBYeJrrk|MsfR&qU2m`}6n5Onj7mP{4Oc69iR%MOF3=S3fBGTDsqjceGwn$zC!~^+m
zdc`mOG0B2V1;YX%mmhfcPkvRX)^SF>)Wx`@!can}`T@1#kAxNyu~qga-~brDpz#5N
zxFo@-PuH1X@E{8l^K9!y2jz_@*mzWo@FzdWLxhVAU@dpc{i_S=r6-7h#5T<bsM#mG
z*Q*$(Nirqi+UYd#6I1*CpwYb(B#Lj~GInsqA^r_)<ZBAfNwf18KK1CtJM&*YUn(>T
z<}V5{-Vb6#-VfhIf-k5DdQLv)c^mCmxtu`m?}CdhxeQ`}_nb_+V*7vw-4^?8Tq_?^
zf(7RbAlu{+EkZ=<^Lf{lA~9rbM4^ILw_c-ht3s)tV64LD4s@6wI%qr_m2P%mOmvrc
z@Xhc{JC?jBkjqiZU5W|^TFZw(&4o}@%x5i4hxOgr?w>lRz@W600!CYg8oFbp6Yg0C
zxlQ3C&dCHzr&MQI#R&YRqqDYI6TW8sA~st3uS&tC1X`~f!0{ypxh8#G@N~J{{B8Ro
znBpe9GnTpV@W<z&M>JSC#Y-Cm-DXWDP?gNhvoxAg>|`@x5_WYV@_bRDVHH?7RatLe
zH8jEkZQQ;D8oClo8+3PIIPIJC68jQ{Jk(avn+ti+1fVxHxCk<tEg6&CF|UF$k@XZe
zTTVS;rq9R*U_Y(Bj(!E=xG=|p5i(b*3PT(9a(~gl!nmu|pg<ELkka^JKbAjZjMi51
zk|U7fOwm@s0_gdC{&G@RpW<ViH8%d~z}ibDW_$Kd>XrsXX|{Re$YC(rDtY67&9s-=
z@<~Otmx8UVaf+7mHH6<vu8t%s|C>0PzBIiu2}%G8|C%Mr7O4|8IH((aj{bIFpkH9f
zZKdF+l5&47T%2(`2C3NAnq7Ay1}*it5PaO^hGs8Vy01J*A?&mbhbU@3rv`cahRsko
zQ~4f_nZOIB#y;u~ej6|i=6?JolU*~CfTI+ewgK;S`&zCHK&9s{tI@PPIRTDzojC4*
zAB+VgAhRlUS=0xPozFgM#8WC_8G<ntrH=3y6*X;KBrYx@Rn#7S2ypvB(>a5O>iA4@
zbKN4V`Z?>f)+a4VcE0*L=}HQ;7AA^inB|IHf^mW@K<HCC>l%^zAd==0Bvcl@D{+tX
z%vqo7a;YrG+|ZMWY+K*#Z(uQW(60s9Y%2gHcZ6rLoo@Ztfa%Mda>tkT1xM^2Qzy++
zf4lrLcECOgNijk%k@u;c)7kO*H40VDkmn1G`t;8n4!nrKE7AT4;jl)a>`!RY?}-CE
zOVY<sr(@jazc(OjcZo7aisYVB#<lj_LDf{=zV;+&&ioHsOd0L))f|3%6y(0Q4ZGfe
zvQs5RxW`QSwhJmNm7COL#g2nbbM|J#&wEENix7*ci}LvNb_wihifyKUgC10AcpXfd
zPN+U0Fw$mJAsC)kmGx>wYvbY0M9xK>0;*JBT%5FedDN31iYF4PTr%pYZF4E*)U;e0
z_)S$TQB8=K7qY5r>+-7UKaU*eq6~RJ_3&&`l{l_(S5TD_37u0>P}M`ObJ2efouAM9
zHS2}K2r5)_7SD`-;%t*F7`1P<w?saP7IPlXLFo-Tv<rnC|HOHHjlP6kd87j{DhRT0
z-0ntS+!734)K5jrwpRDJv>$^|zE&O!cKvw&%G$_>qHt-DJQVwlpV2CD&H-AxDdmR?
z1IA8TbR}^#r&xA&!@AeY%=5ujTv=SP8ODbp)rh^?*~v!i@`m*O{)NZ;?4NpY!tp-9
zDwWKdedRR^sXc;V#=$ddL-B4Q;HH!auDLh}W?quxFcX*N&AYE?ZsI&%#^&{_V=n7^
zlj`3i=An{Fqg*f%Aay&IQ2;a#zp;HS9w+9)CT)+Tkqia?g^M7e&zz|&rDc+MykeO>
z3sZE)8fD|sUVf|Dx^25~vag)0COm=8Qpi(G2RsJFN3OPyJPY{x_>#1UjL2stnxoM>
zi$t(WPrBsEAOoO<#q%iAB(*3cvg7g#*_B*o!sA=H>8@^{iYdxWIRHpoeDd+?Z`x?2
zI5q$RVfi{bkJwlAaO9sMDiJk2UQi{mf>y&pDX{{^s!1+^ra~rFv|Q!9RQ%5r3r5~g
zF@SwCE#lXxSj8*l5)LZJTC<+;@HcuUh<Em7LJCG%*c~?*o%$u0G7E?E)6E-At2oMN
zldl_73OMrA{X%elJQr%_khE{P(}83~*Xm?{S)^V>1{68q9q}sum{Y>8XQeacp!}J`
zLphe+_bhd&1>r?wpn+v03kcr@56vqX{MoCjZM%)N8hlu#u{)DB(8g5pwo0?eAVR~L
z0mox=l*%b3Xq_+v+&ijo7vO1DNCd=X<nKt3CA3HO2Y^u~0W~ZmN+!t8u_nzUI&4bi
zn*y%JmYNFo9S%`D!k?`^sMRIb2D{Pn$zJM`CA!oEuV}?p+=>V$2T$pXYuea#VY}(D
z@Fu+`V-X&|Bcaew`}YKQwU5@nu`|dR2X{hVHjp4%_uM<D#$aM>lMbm3edrRVjoI61
zN|++JGnDs&WT%)G!^WkD+?2Ln6%q|AW94v$u#Xut?Ojx}`8=<u09-K2`VYs0<<QIa
z18F?DO<SJJGZ;;O9|t9Ri7nDU6e+-RBq-I)x_<U^qJi0E3FZN6@D_eXo&Kr_!bNm6
zIZI;+(*bmV-&jTiPWosr+}}0REzEX#%ZD(Su;wc}C(*sz;h7_@`TdL3UXjA+r6qQe
z3D@i^t^GXnA?w}>G45^V(%yggqHqo%g=@VY+D}qZoR*Gx+n8tys?;kR3S?;Zl1vrn
zp^-yEreJ3|;i<jdo$X)0?yl~}|1rJao!vhUVtwHPI7LvYJg;VC9p!qVT>PtEx;omv
zoIIajkM7PFhug=yH#0Z2z29CA(JcPtBCp20`dxwXi1*#tdyy>AXYMMzbaDpf55i;5
zE`~>?)N0EbAZU$W+i<md6&1wO*|lPJ{-e<>#5GYhAx>a=H_ABSy#e;QqY=}@1@Y)I
z(w$5M6zslXcmY{5__$ZU!?3+AzYO*|CX0ZpZ>FC%V=#THoMR%q3H9XyErHe0`9Agn
zoj)vr{Jiq;*OIz|4T@gYPq*@WG-;0>241qfdNJw(t3eNg(bEPx4**~KuUGj!9<A?M
zw>;*D3x~FLaWwz8ffzVv-dT!L-e{AzI|pR8K8k)Z#8l}r)yc&0v-V?8<EpcvOTG+6
z@Grpw)ch))=L4r@cgUix62DS-@Do>U+YG<@shCs66+`;3tKf)Hf7`<H?b*ew+!Y;+
z8oOMzA{<%osBh0~snOZ->;`Z#P?4iOt?q7<AM_yUT0*^WFPYBv!r?*Vff6zhI;vbj
z%(N%R;MkRh6HTyU!NN2=iU=BMMeR;PrZRIy-@O>&1j3G6$XZMcAFqNIP218z>36gE
zbIVrcU~6F9%0XLYO~w#_iK}{U`g6|b_;U^uP_;O!Bq#<afH+ztoCN>8f=h+*<6{9q
z4}`xD$*E}qn!`XWZB}JnaO?%*<G#7<Dosx0%G~eYZnxMV#El6}$`Gt~IN4&&dUJ_f
zdyJ`THN?%zFVsvdxqhOzPreyC5cJ2qyzbqE9QvO`$t9a5ip>6jK}P-4Kl^=wNQ`We
z+zoxvqk`c3DBq{Dzrd^U08-Wh7d%|}dc`QqO_5m4+%O`KhJsgWvZX^$@?)3(F8}~R
z|Gvn#$up4*o{b?OBDX};z1Kz}LPV!UPGGi=5fS>Vk*<2;k-}w=^Rl=l$5-N}H7JDx
zPrAVo;l#Ia9<)Iu@td$MLQgOvTKHd+rCc05JeI?|tfq~__VxV4#NQMzL^<|<u7sDE
zSP`Bqs6^o?rf?LKiP0a~4b1WJ`NG#r=AXjXi%R^0RT$TI?OzKe#vv;)(z{RGeeF+)
z(cDpqkyZMgl^C0COdm&yu_hFd`4&nHk+@J|6iSSPR${CxT5?oktN|mo(O)d8Nu+9M
zZmz%BG}Bz<>9OfAMo3qj;s1+&n|c}N8Y&mRnpR&F0S<E0Ui@NtesIgVLsnT|e~nrl
zp|1RuQ7=3nrN!zIrvj@VfXX6knECoWH*dM_LHlGVEav88ORILE@fI)JBZ5O;e>D!i
zQe%A0c<`|m4g5|YV%~q<gjl~}G@LabU8?IipfS*{unUiERTZtzTvx+?fEv1jPsc}p
z_Et5?vekwWJ?}Tol!y2~C@OS#Yng3#7Q|M0pKN7!E%LQ|$0b$6tQ0+(3T7P214cNy
zlqk!I@*0u|VJt44C@bv5y-bVp6N!*7?_r9@=sTj~s9;G4?=~L<I&=psr5)`@?T6Rb
zaI+tF(~qgn30>`njeU}Ta$3J`i;IU~n8Nrmf<&cG&^djwmLVsP8ed;T$)goQJri|q
zN)MF)h<_gz@Q{1mp7NB|k0zO~W?3-emd6HIi_94p#_Ui%phBgiVT#RRjc<+V?1u?M
z&!=QeKs4xSR0_tu7a1Nmg(l5s8WRf*?0k5E$GC2ca9KD2L1apQQDFHjJahtijX;Kq
zH!+W-YGqf(sM=Bi=aub9(dO+l1HKG?d8vi?mIa9z^{TSm)vBEgWAaRXSn#SjUKLw6
z%~H5({l#PAtDao<Wv^Ji#xI9EuiDAu@vh{8aJ6saC#d{pxNM`mm%_665ZHi~ZMzng
zxfY~MBrZr<LCOw)hm>tCRnnYnflzsb9Z)tili#-h*7K!BZC7qp;fn)by&p#Z{DFR8
zQ(AT0isiA)W8vfUXuP5#lWm(*l;DRNcGeH6kD#J<&#hXqZwn=O1`M#if&mtOo^xY>
zXXo#)$(-<fH1(Vp%K+0OP9gPz0U`sOcMEr@3=oF1GLJQXa6spc`TA4i8%J}@Ms+M9
zAH64TtlC(C_~Pyxln3Iq+&A2vUA_N!dABUJY}T240-9q>Zw(O@yoB<f<C-*PDoYm;
z{v=VL!ir_F62U|ZP~v+%x~+dt-3~2m`{^gkvIAmZGb-M@(^Ow1_*#^1u^H-t0XC?F
z7f4R#s}7HU`Dcj@_JM^5OLVlWe}JzEbhZj;3CW=a{R+DZNRHfd^$a)B5Z|17<XHv%
zV+&iQWDs2sjc}xB#CDAPW`Px^4&Cb~*O&gp@^t%c9O_|7JwA}caOzKW+nzBS{gp$R
zbrr2%tW5XL;*xHK%h#TD56wB`mpFrklzS2=*Xx#l7x))0(A=S-x%$FYe0^_dZnYQJ
zC#d|cXl_Z~`$2Q-EfHm|1)39y3p7`txkE;CYf6>f(cF@a$#K!QB`tQ$^ljT}Jwy7|
zSV7+kZ?(D6w@-t?uTVE%oTfP!VE)BIxb(o24<3Sx+5>=a^FFc;6~e)&)<!t2_hWk3
zpZc(Wg7W=a^i}#fFxV;UDg!)u>(VjBjaqjhoRf$Q=i{frg+7DSu&d=rPrgFi2Bj~r
zuu>Q~EKRc@^{2rfoPVQdX71ntex8F`idaRdF(O&jEVH(G!r1HA>~`wF;}pj2Ru85g
z{32MG>&43T(_D=+61_W3Rel$rtpYCMfx`@cudM_qH;g+LWf+S*CSAA2m|fD4?`XJP
za@6ZM#uyj&juf)bHQ=M;p}YTS;KSFQK@*ado9ZzpW>3lF19D-Z`|N{@Lqq$;vv7n|
zyKkyht%iTI&v)l16?SI+W9kP24??R+YKXRObOe*lAV=m3DF$=P<3lK0g?-L&FJX~?
zo!umuGW>|Z06>?@Wu}XBrZGD_@@Zi?KDqNn)^-nH(!!Fiz;(xi>lzD}{f)ihy4B7v
zpP=%);<_by?+4edx0sZ<7Pw9%E^u9e>kb*$ttnM@$93y(VUCO5Eos1Grgz&`>lxC!
z<_daOc>m1Lb`Czgzwz1a#M2+_7fbDb(gRLDcnBUp4}jXuJB2w^YKNnled9Cc(|CR~
z%emS}!a4DtxaC}H1IxLM0w0}yzWep-Z<qgjXJa^+?*2J>b~5AUaB%tRV(H;m%S73A
z!>1JKF*D^y{!sB`0!(~4ff)<~*j|{Ls}v{e*vyqvM^8no#cTBLG~Fo)92ZZ2dNeRj
z+MJO)E*!6+S)4A%J9>3R6SSDIU4@+~lQeNiG<sThX5t}4W>W|Kw>lU)jXR!e+bCP{
ztf}LAW9T<!TgUL8I}P3vpYx$Y@O^_PJ%?=VblZ0$gS)`}#vKj&VTKRmdnOUos$hII
z-`6}ofZoGcXX4WW`DV>!Lw1*cj;@Z81`aG6-b-QBU>fWl*2VB#`8+(tE7;u=8rjtv
zg^}G6QM=~C<$iN-)NZx6w<oCluGDTx-ut0;>n$c_t_8Idi3@61P`g8>c56zN9E|K1
zZefm#(k*GQW2SW5R_hs3y4DIx*D5GoUX<<v_hL?PLGiC&u5n#@#K{MLTLq>=OxHRZ
zOee=NbKHQDrw0oLX!S?5JImFwE^03|a|DTtSeWh&zs?=rEVI9oFE{bfl^KC1Jn~8Y
z&3+<3YmKTIH!-__;@?`1!KMGX(Dcr<27}TMP&*J4j{8uOhet74!s<-CP(&}mpaBm3
zB!ZY=1e0^yil$4HM>+X_W;92`Fehi`J@%c?%^P<LUxEY&OP2L$NSHb{YRVBrwrJ!D
z4absPfeZg=h?5Kv5re@vbU0xsNN#gzHyCd;+$v1U)-X%mFs9=v2~W@RzcCGSnz6AC
zOR~VSZSguNoMjS4D>FT8XpC?ZU>GF~Mh|U6;g1|w8Ld%ZB$t|h6a++to$HQi;V7Y^
zd3@~NV*-!Xf1VrABl|x}iictEaSA;N%qon}jtOJ67Osa|d&5}sAHF?dtYwwo6=N;Q
zdp{U!y~UQywZK>+ae=W4jCIHuYfY)LJH}dbiGN&7Yf0-JGt=6(TF;PawO25$cEPlA
zwmkDcx|iQ4mN$EUu~aKP=H!Fzf@&evY99^NItz_)Xt2VzpVPp89HNC&XEU6I23}?&
zn!?n!OE>)9{l?7`#18Ujv^P`is)UJ7=ANP{%YAxE{+#`kLR<9mGAs*1VIaU3UX=D&
z@Pj_l`<6}N4->RXS!^9kSOJBpBKxd3sFLGCI5i9O@dQ?XNI`{tbRCWE;9#JKh8}{c
z1r}Nknp91AFa;4#$8G(QJGC)Zgg{4lHWQ%|j8=>xKw~mAwky-iwLS)9=7M7tc2tEO
z)e!=y_QJ($dv5@0{u{L?0JW_0y8@^sdG7~6t+y_cxfTFQBrX6{0iX^UK&>fN^0T8_
zvKl`w__U;d<&GIXZCkBp2%kDD;8Ul7Pq{fQ^ClzR;U;cDU#>k>dcesCI|X?{^3*vR
z@<gLp4Ag&d&sC-@j{}~>l-Y<p3D6Vs9!BMp4*5@6HM(;f=)u%yf58Kf{?wlk_7Eo?
z6-j!pjy0CqMbsi?cH`Rcx5%Ize?<&1DT}EDTnde|iIOP+f3&41FZsYH+e8~MNZr?m
zUy-Sl;1US0kNhEh11`lMJ+o~gOfZqpgRk)Mbe)pSG0cG;8Q-H(62ctu2s{yc9M9Q7
zd$@y=C~&HPD5Gr@KkyX%`XA!4ztbDy_uyA`FP4E2b?Bo^_jyTp2b1<^@w`t6HNg!x
zpnLJWp*g<1f6`5Yh~+Q`nJ_bx%pB-wUM!EWf09}JCDwBpdC1>1G0LOdzPy?`;kB5p
zovc5>&{&E!;}nSYEX!QViS9^tz|qDlxZ&{ifcAzpF%ihPD2e1tQmC+j=Z-0{2x<Ux
ztHOS9J;rro#Kx{^4J;uIMZAMD6T@G;02+}73N#-xe_dlbrich+eK++6xUPV{vmhf=
zP7p$(Gyuy?jv_i8I?_$d&_aGGx`AC?`?9QNBB%lUhbta~c@mHg(EFLrh>z20SFGj8
z`Uk8?s3`alx%~CUC?3i5P^UAnj!ZnZhSC|Z_(+TR3=}8<O8V5nOK}Gd^*D3Pb8&w6
zN$6^;f7Qm&rR{>T9uZ^hF5IMb_r_S~*I;{Mtjj9DD`Q=f_kI}bdh33fYr$AW;)1aj
zjP;Ni>zYz!cgDKeZu7W!>yk!1X5PAOwVokw?XBRgy@I#q=4nkRU;cp4#jQWObnrdq
zi-oP}fhQmA6|fayYwu`atMbM`Lp55d-QNDnf4CUpkHcDXa=RAIM5L&JH|3jnO}l{a
zyXP+Po`&wylFre>9FN8(FyRm_GXEpPz|0P>q%ND>wur{!FFF~uk*hKhjx)44#4!*(
zs4VkX$#LmHGVOCXH}OQVAgXML*&um>mc`649fp$c!%U#~u|)1fT={`zXM_g`V2Q?T
zf9S?2P=LxLa24ueu49WAD2^4mbb~SEA>X686}qTnK!AS#c7yL>tb4ls0a^vc_0vcD
ztk(*{bv%Ttw{Th9+Z*AU|M2aJa4oC+u7qnz-uoe3>n*lqt_9%|i3`G25UxWeTx&{|
z{2Z>WwZuOzz_p|ej~Q@nTdijZxN6lEe}t=6Ef7~;i0kq@Ms3q=xzBdc%E5iX{@3OP
zpL{Yt=Hw^kMPja6b^gf%<y>lLvywl8?TD#a&WWS|c-l}5^n*rSSAJNBEl^hqam}53
z&0t+e7Yvgx?&J8uSEMobT;U}Nuqx~hrVJ00_qpw&g_O&5hmN5}p4%K#z_UJ`e+)Lq
zR)DQ^Z|O{rEw8W$I97DeLtP??Fm^716j_wP6%V5aOvqSL53R-^GsCrQz3)m(EPNx;
zI}x}5>fujZhYsN)=z?EiDWVMB<d~LW4np7+ikjjyZ1~=SV;v;NqOWfD^0!vq8_CM}
zw(SXJEwBHsFl%Y<`@vc3E~{j|e+AGIi3^}r0Ifp?T5C&|-I3O&tNG)iT1y-9n7P*W
z6?=|ktG0@4)e5qen^(7KfNqRTu?>E?XJqFFomzU;3Zg|sE91!nC0Yr!jw{DEGiZRT
zL3_|Z>+=MQe0C4{lJ(7A47d_0(S|EZeLSEmGuEZYab=%w)l+Oz<_gwDe_ynK`HnvE
zM{W=|^zt|czl6MeDX7JHL9PcNqu6vJoWOZ}IJI@pp1nn0CDvPz(*us7ba&by*#(js
zL(iczHVRHK#&0djKcCJr#!R>ZmyRMr)&rZPO&R4_W*kp5TDon|SfAsWN1?aGmpc4`
z7?><**cAVqT99mPIo5bOe@;z`{UfmCDaNNcv)HZ|4D5&)SZ(o2xwbzBHvcu;7Xw>b
z|D74wvfTH?z}8%d$$Se2CK4A6tYBaV&A`@`EIFHXtzQ2h83J3@jz^8awyxN7L}2w*
z2&`Tpu-yE`P5ZECya7qUFTYP*AHEhZ7lWk-o?3m?3k*gWtbQ~Ye@qN(=Ha;Z*!k7P
z4Z3Bb;r%#<T{gUpf49U;LKkJ`3>wukO8@cYRkcF@dtLqV3LSgBd4oUw{p9TzCwF>=
zc15$VHg|@>sB~uDW7GQF6s0<0?^qR`NhMOrlajF{F_&th9ixn-|2NYb$g_5HFDb{G
z;bbnS@K|O#n?xz*fAYwvT)Jf0l}o%etlYXFG5wBmvK9g)E{GCwEN4RBTYli9>oSn-
zlHJ9O;$+ov7NE;B1=#%9^zvEBs_;sg^*zfR5`J?XO~FX`k0b%woVjt+x|0gK{BGD&
zC@Y)bw8Spg9M|OGTLlkfrEvZbeZ=W=!hBbr-$alpixbUoe_y#*Gh;N7+?<gM56uvM
z!k88w1{DoJf&!@{r<16mog5UsA3qWr`h=5}DJQM*L_7ZArws8h@&-n@pk{-F@b7TM
ztl+7Sls?rl(lY#AD~#}t2|(5t?^Ejg1CaCUkbMEjrS;z#KrYLDPXKbwC9ur50FWYa
z0U!$idC&lIe_hFvgXgpjcV0(EAeS}dQ4`3mEA|`-WMdV9Y!n1CF9Lb(@v$`>f8-Az
zVe@ybTQ4}k>fFFn%dbX3Ac;UWj)XumIjY}~=Xc*Tw0EW-Fv1%X9OA5Gi%mEi%UyUZ
ztY+4#ZYMG+&8$vY&3yaC!7F{;=dgCeXbBy4O{Ah3f5=WnsDY?EJ_?XSfD-R0D3|pA
z|BmTHw<Iz;Q3<1v5LkrYEiahr_MN8>29}}HC`#xV@o*MF1)2_|)rB7<FGFL(Wmq!=
zF5R#k_@-j;jKB?F8$r}xphm)&?-Z@Sk}wtWx%>X}Oi){RrWCk%$P=;)#AOthH`yt?
zD8(<ffBPUK)G}H?mk7~9g{b(lu&LJHsjd5v3hPwDCJ+1bN7;=htWt@0##8qO%oG^1
zMv&1Wv2lk86@#@h+&iAyd=Tg`(o^jP(ms_*g1kn(ebC@F!*Vl}6GB9|eV=>xh$5At
zCfuqwM*=ibq==87?&gwBJj?Z1M>F+V*l>vee-Zw~4M=><i6H1d6j9P((gcZ#KK!O+
zWEtr8H%vgMl<Dv@hTtWWN}tUMKE%bB@bUAYG(PNAB?o2$m?juQ!#{ay>RG<9d;?t#
z&I<ln@Xs~*Ut{qusj)x)Ill_p7yn#Z|DE~gvfTH?Ki6D<%X|y|DH0d_v*4cx%|F+b
ze=NK5&;0g%N5(~$HSke$(XA`?9Jy$76&Gz5Tr_7cdgo5=VCThOG8Ih^JGCfl7F3j|
zX!Gc(D2!?X3K&43KZF019ofBrQ7jNNDpw4eP1lxD%$k`BXq&~$a%E+45;;d9;}CKV
zKqiew?_6lxIIvXN{;2Z6S79QQWjx3rf1lUi0{;Zk$KFJj)+U{?rlB`|_!*LWklZZA
ziuan;s`X~28vambb*fAN1Ef`@0JCB0V`h1t?tGIWEwDav#KS;$`~mkoxD^J^P?#^l
z><k^|EFQq7u&gkY$}*V7V1_dQ35_=5`u&Uun=cF!L(n&MU<ixYulMko8gm)<f5V;H
zhz(7QV9O~J=0l6YBkQxhy>q<F?*q#YgwQRYySB|K9{1Bwyk?DpzIF<VcSIDgxp+<A
z+#ki8|7!1x;w`QJ&J=H1?t7wmYc3dNz6He-i3^HXP`rbtc<V}*{3zbW`;;TYcFS7y
zsIlGF6?=}@uC)r=wF+#PGq$_@e{Kb6&-mGgcfMS5mmYa)A=WC$9g(}%(UH5$@R;Tl
zhc?W~0KM*J!neJ%x{PzeSYAo%!t=jLq!&xEn&)BS!)1CIXigTHqxBsP8hm~X-|MeF
z4@$B+Wma!VOFdZSpxnB`!_J<8KhhcISbgQ?3J&oTO0^^F3oZ9ziG|n2fB#~*vVi2(
z<6wVc6fv9Y_c+$$p>Q!02p(}326h$d6(;8qomd6|Wf^2?N5_tZU}Es89EzX#5Tu=7
zM)SUV-I&n{8+geH>raC?;ET>ttK!gUWnH|?9})BGi^DiDD26nPbRQB-TzW6OYhvBI
z0sIanLD)BSeBB|)hWS%De-4-r;&u_{_L*azi(}s9I5B)0OxUZI2^JQZ@Q5&BYw;eU
zwLeTazeLy<CR|$ooiX9E-1meD*Ib>-d<#q{5*L`Tz=Q{l3D=b@`C-B}HbqAU2A8$r
zQG>y)EA|}0V0#r9Y!_fKXE69P*Wta;;OC*)@5{x5>G7u)VC@1Ae-a*S9~~YHhj+}Z
zogfBAh+yz$%QX>6ppjDU$DD1~{nm%s%uZQd9cmt14pK3sUbU(^eoKYC<{q9qy&J(W
z8M!t(CG3J+Pq<}Vmp`gE@7rQ9?#(deA~M4s&&N<8!c<QLIl*_)4<dK^F<CubU^pK-
zK)0=b@mTpk!oQdpe+uQmk8`K0@xG`d-M*#T;YCqHx_Ci#!;7kZbon~0oM>{&<}}O^
zo0c*;4fDfGGK<qFzgTH6xE<*52|(AJP{05ROa3QIKlmI5gZV=_tWc^AV&w=kdB<8w
zJWF?0TSb<`ERv6xK0tr}f)Pq!L`Hd)+1zz_^aNg^{DQ{Qe}?y^ai<#hNQ<L%i;Okp
z;Eo=AcN$KfSUdh4pF1Ju%`QIsE23K>zEQqqR*SW0GCO!>_S{Th;^Z?&6Q74<o(e?+
zOA!V?=xhXE7JH^*=n(t$;OR27k7bMq439X2?~fyb?zjVXUYD(83Add1y*8&dvEK-E
zvVXXJzrx;we`FHAFH;t&qW!zo|M4T{N$=I@boLNqPaF2sM+Z(i^{*%c>H$pb+yee?
z7HFDIdiPrRcfD62;3Go7?Zvyr_Wls?{4#J~2zY7zcSgX=a^DjIUULT`^DPjtNL(P`
z0s$X10$x|L<cEN_-S{3E7hcw|N6m$|uGn+r!ktxIf4Ea{;heefHSD0_%W<V#<i1=e
zoF05?N!BT#FhSwY(Lv#J5m1Cp#26>oFqD+yQKIogEf`L#@QoYB*oi$U0_`Z=nz%t6
zjpVcnJB`=wxTE7wU!$A1fgVhKNQ7}mhM!>OK7j1u$#B#v`SCa~9EDM1Ft85-B@qKf
z%jj}ne*|3_PU+OMldzI3rGio8!YTgjN%By%3u4F89RvC>z~{t}3ZuFp<kAE7;o`&V
z%ZnT4&wLP>KJ+(da`}&h+c8BlD2L_Y`Df@LX89H9qcLu>nLY$D>Wk1Wp_ygqa5HeB
zt^tk+)3ZQC94;Fx0!|nFYeW9iS-dLl?2muVe}D1z#lM!;e`o%+EcZR}uQeB2GT(xK
ziNpo}D)`qy^RIO!OMd)o(>4B)aj#_!deq!&>xw-`?$uqzy}AYW%9(pzz;5V<gKW9R
zo`ek=?B-rB`$`W$wH)gf?2Fh}_vqM{4D2jM?L>|7fL&bPTr&>`zBn`RwCAVm%~A5a
zf3XZn5;r4L2a3flnzP(Y+_VOzD_`DF=`Lj4j|-pN44NVr_)Q%xRtYI=2WFQYq(vmc
zP|GS!n%G4Lm}3W*$qrIPbcP=&sIzBa*yhvtd1kzDvd9Ro6%U9lYj<r#wr|43?XSre
zS#0qZ%K<WPz_W3xxK7c_iM->lEyr>%e<zy09JOybY{dk0jFk&TcEX16Xl(3EIors}
zZUn*!L7$v*_KXd5+vW}<8{xo>&%tQmqK&OL<tLFt#))vq$VMPL{R+FC`T=}fAZ2X&
zio?=A=KAsM?)AX(_yfEQMzXJHr&tS1;2DO9mVr^qOlQFqwq&-}2XXZcr~243e_;pO
zcfXer99j<Zh+OJERn)fnH0~J}JdY6QctSz~O5yf>1J~gul*B-e$~`S`HT)NkCyo3B
zNrmBu5E0r-mPZ@Sh8E1M*fDW>2TXxESCj{gJm<^-pN4vN3hH@G)U&&IPt@HX^_*Yp
z?2CFXt^dx{b6M_tqMmCmvt_;ofAtiJ3+h==&x59(>q?gVsOJ{DyCVai%i8p)!ROW$
zdye3<w+ejr3h<eCU>AKj#5I|R666=%xpH1E_Dl~ywI1sg*pskl@940n7~OboIQD_;
zd#;Z0Ci--ykbj@JK8&@eC7+%6`CiL+T!JVwB$O#C_^a+G&vGN%fQz@&f4;-x9wbu`
zRbe<u^I{ZKUP+@;xUAL{@uX>B8cY5unevk#Le)%mn<HwCfm}LJoJ6bfMpUQXVK;(A
zGVN7T?C2BOeR);+^6KP2s(()$bB|{bzOtOrc;&g4FDKhf_{&@ajb?O=K%_@TM}yR)
zESd4;tK&KvjeXUqC$XqCe`?a27S#z75gzR@Q=j=2_OrBxe1jNMAHJE`{JVIMbb~o^
zr#>ey3z45opL1UsVv=1bIjXE_4Rnd=DVF<IW@+|uzTr=FRvBGls<YG_3YC>p^~Wge
z_>`s|<k0w$eY#}>eQep-CS!dTMZh^be=n>!%gpe&DZOF(BOQlme_6P~6dP*GN7GTm
zAXk{T(yv0sI0;-32i^e0aY`0qqmVpAbJspXEzQ$SYkJ6@HPaEauVB*+4Rl7$@Ptvc
zYmG+1SC5FV_7-owdi&$6^NXr|@ztgE-<hv2%Y9FLb<Op>%(vjHB5}c23%+{Le05#P
zl4Jaxt+tUzhFF(1f9p{r)~ze{3=wO+x&pD*s|8}s8L^&2X?zeNxK00{!$AN3ViD`y
z@RLu*N1goEyhy}aug*Vt;E0t*w-)F_aw@{cG{6r6rbZ4f&*iHTLFzs)32qp}tjhSZ
z%;xMd%UOv9FJ)g|{e(d0-IrG~6<%<@Iqri4*W!h^@Pn0we^9(DR*3LYR^s&wkwU@Q
zICe|!3k8`=zR0fjmUCwn>{V%&+SRJIEXNx*-skXUXt?*TJAu3sBj7aA7kX-d{N*&(
zo{R2=jhix=%`8=jcbB2zs1eKYvX`S~D~FAfV8Ta+ex+HbbV5n-eFWGQVw=RscdSkz
z!$i@QqzSBmf4wkCJg$=vfe|Ox=W$+(v4sAQ=*a(5VZWk#OOoi)p=Fvu6U^128#T;D
z*`p$eg=(N1B`8Z-p0Kx)q0AvGG-<_x%1}qCu;(%XI<BNtHuS8t4K{Qq!oJWlW6cj{
zAYD;r>(ba2eP)VcYGdw?Aa8f9BQ&nCPsw2rxNKlae>a&Jh227^i*F=Xn{PwMyV-!4
z9;Ho<J=3OstaXlv1z(_{^F4k!o{j@oo9%)F9}fqnHEH(#uwLC82hLde?TG^~um7$b
zcxmqY;lS%|I%K{D2NsD74qR~HL*~G1OO_nH3#{1d9vAUl+JMJQe7CRIb0ogCRm8Ve
z5Z|1MfA6Qk;8#4QN!zlQ3wzTePp!LZ1?(l*oAKm<!`_bxe&bF9AH*5!PkmSi`Mx-s
zd=Tt+16x^nEj#`?PUFu3hU>w)xdT(5%|#fxAnR1P;|?A;|2Bs$!_vsSeqtSZr~LKZ
zDXaDH0_I~mtW-72tersE(nz01JG?3bT(3=ee|I;!P4Qn6bP@XPr}Hec+UR5rrwG~J
z5Xx(s_LdWE6t#KeK4C5Q2GXxVEUWAS%t2jhh1Dj!M~!P;1D&hl)KwF|+Ids0YPBBx
z%|73qqgMf(0fNs??5WSt`G7m1t1ytunJBjc&1R#NLkf8>=Id*prs!*mRj(q*mrM`I
ze<_}7(_F`%v2UDDbesGIxR%e8ZdpVAI(5(|fn%bn>@;x40;>*PhqDLIMT^?(&_(6B
zp!50w!xNE|lUBFbsiP@;XQ38%P_4vFHDGlyc3=v9L&6*|uKP1G#pNj3;d2ikBS*8X
zZ=qFgR8_PvMh6koNtvvTG3kjgD5m!bf7ngl5@5M=z=Sp)_^5msju5K#UYP<S6`1yj
zFl}w|rmnU>Ogq13+ZU!?TK}Cf?XukWglX5@F35ZfOe+!>n6|*Q2aRdhl`Q#T+6{N9
zM@DUzwdYY&+pR119I0)66}7Dw)HY{oixl9))DA3R6!UVqZF=mfg;>4dw#04ge@Dk{
z#fkr+U~*)WCOHEEg)t8LiLKm0=1Ooe&^?}wrYPOnI2RvS?G-kjD#I98B}hR~{1cg{
zB8mCx^MpNXnW2?WI<<<SzS#a1|9tZAV1TA`#v}c;M4oFwSNyXMc%=-JY**b7d==Xx
z*<SHFy*p*~w_hCW7untCXh_M;e>>OIXNgXd4YzS8tr^owWRKyj;+f0RWMms2q8ATh
zXFx^7;EKWWkNiOvT-6Br<trI@`XJp(p`mTyVl{QIl+_OLT7;b&z4+uL&gXyC{qU{u
zKHc;5*;ku8!(dcO73TyhmUgu(@N=w_)Gts-ImF6|ca+nWT-%34qNKume?)w691WQk
zeiXvlpAc;_h?iLX3jycCzzRk>`n~1RI1>GiI+qOpx*uI{tP7H?3)m{WtBo*=ADOLB
z0(X)PoOOfdB?Sh9*IPbpnEj~<rDqO*P_K=0J}D<1I>-dv@m$*`vsPrd@~U(L0WU#g
z6wweBX_?~j0ZbtbM3$Zee=2xb*5t0JDHpgZWEsvyXcLcd-57=KL|>38?xkl`k$a!n
zt~1og9R7e2bizSIIp*R2Y3OsOTX5$i;?DKO+tT{}xbys)b6?zfY5jNR&dYM&6L(&7
zyCd^0xU)!HaOZ+MA2fGfSF+^Cowwd)9~psO*0M)Uptr8r(GzHVe_7vkzs-5vP4MD^
zGqYVd^KGCzrtX<xWqkIBZ1?BGlhsI4&bHFH^GT?2V$5LaGBEM7X>lHUjLD?8yV75^
zYQ()gH`my9!Jey|NwCAM+h$vi*oahBCO)A?EW_1Rg?*$*<9Z*xT*43~41p1UG+i6o
z6af9V>nk?mp36K$e^C0=w1Ut`jg0?L6qV^ITzIh`6<jbq%eGDT!C|GVFxC%;>C4A`
zZldj;l*{a&QXf+qAnVe6^cO&x`DNw~2GTsw80pRsx!E^9)A;v^1^Y$#f@8lbzydcN
z4n-2TIT{C!FgfNk4NO8JhHXK=!xa;8kP}3Y3Ijz9z7_D$fBRFJ-QNDHaVPN_sDwr2
z3YwrqB*}Aa%7TKti%l%E-66(SLYisJ%9Mn00+eK~II{eJya~A81ga)ayJOz!z<cS_
zEqfhGj@NYX8&Q{M^{49ix=878Zc^W&S){l%nA&y}AT?P#dQ0Sp6y7A-69&bY+^weC
zabWAiGCRNde|*6>W{8jL<``-x#zRRrM3uN6jP*%b4u$V5eO>AeYE@VYgtn-7wEp7b
zEh`x^)T{646My6e<&gYMT-!2c3<nUjE*|0+qd_&|i8!D?u_jb}e4!0pUz%WWD(pH~
zuyKEc#sbiFIE<hrATwzE=rg41R$&*Ob&uh^W(;Q@VZI$ZpVoW<nS`oYc5``q$Ih;=
z<^b5--e@&ENG?X_gbvQ&n&!-{&ch5~@IYT$|KjF_5Erlh^NU)>e0lZe%d3xWz%iHC
zu%JQLBCjm?I{9$xKOiAWSopCAm*v+0eoK?ku3mqiKV=rToKUYXlKR|+<s*)q-|=}>
zuS5=ww#*=Xqt<LLxYKOZ7u<=8GnZSZ-d%93U2QJ9Rd4mgtEzwg{m(!D4wWQ76x4nb
z5X?Tc9VzwhL<3ggclAk@m%h9jhacS7M6u@AYhPad8SkO^fS|I;PO7Dc7cNHViJwgC
zo>6}hPrrQmqGrRJfz7|ag*OfzjYjJmlpoxCJJC%PcyGFs@2tvdZT#nLpOhk6-wgtH
z{H6xiV7+IV?B8p=-fQ$R-*-Rx_d{5knZbzO)2!m(ATO{&@heeL#<~Y`T=OsmbnWE(
zTP&33kKk+h?M?OV09y0Szc>2b`k+mZejk6^j!%!`q7Bw;4-XHOhepNqhOe<tUPBQm
zA$~c3cE3~7DpUhz3H~R_iLvyUN%uaqTa`Ae)jO4r(P&i~khI;X^t5^xF4Ir=*Dc12
z?BP934UJOiGD?9zU;<yI??!)7Ib0EUkKR?G*T2qqf1}o|)Rw&8r{A^kcUdSbMXi4)
zO4Djq>R~B*VJUixUI~q{=?gW=6mE31F#Fp^wbG>4Rk^NL?Ru+Isc%<r`iq4(SokZ8
ze#O7W&`&-1_p$O{SgVzzsotwsT5wM!ulh^h*o``LT<iAmfn|9&yEPi3&1M@qrfO&+
zZPqLNj90AJdm{5k?Y)I>-E!cr`_6yt%A;I)hjR2?N|+8n;%Yvu4Bpi1D8BI52a<U3
z1*yKZ;mZeN69qYnRIOTRO}>*5%G^$r)E468r`JngR%^h^4A*wOH~-#i>L4NCN?97X
zlQ(twj$3%A&9w=vfI%SoR^PI5S#80xmCfK|6kBbn)gY`WQRPQ#w$d*i$4!3)6v_+m
z{0utyitlm!H|$~Lmf<fwz`xP)7TG0;CF27*ZKB1bSz)&ZeCBW+2y0<1ksbNe$E7jG
zEr3O5pWE)kTe=$C+2A$`R>h{z&S>>Z%UZD&npnm+1c|r-3%5lTg&8$0rg$B+Zv2E6
zZXxj8mFou>auqEehO!$@7@dETlA7-D{LxRaJ8+%hf}WEvgpQNR!o6Wd_GRqv)F&O5
z)bMdlea`2;=kbNyd-y&k7I4uD1b3Wt3CVkE(b((sn!GnKwO*~=*P6Yisdag$uIYnz
z!>kXQM%(Dnvj(^A-{tB~t=PDEr}x90?_jv`Ah{w5Z@$-|AL-sFxr=`lg`D<dkGY9k
zVfpcS*%WH2TQdgDp4rzL4Wp$s&1PSN1(>eYxluLRdcD;(jeJWT8+sW9x6*f)l)YuN
z+Wmf`qt&aehSu!pRjuE~4rn!cop#rN^{kn1*%9OV8KoXY*O!#ngjH12<fc~b47wUf
zTwT*Uu)!Eqbr>QwvuA&rdd_Vvcl%ilow&86)Ps7X-{7^TR%_L2T2rt0a5KcUzS(Z^
zR?F=7o7H?vEe%343T?*kEF0DJ=AheX)iqwP!CY+VZLL>@f;W1m(W|$64Wru1x6J1e
zmB=W!k-od6>|NMUaiiVTc&&z`gjY2k_5oVAsSkLs+3)fy&$oZ<XM{w~5Q$`zU5~CW
zDRsZYVN=(xY1|y>Q0jUc=3<{~gBmQF487Iv_1pQDTAi)<p9o<x$}K-gD@$$+`bMwK
zn_9QkMG4r2rXI9gTDQ?`8ePL^^L{<wl3y#_^DE(=jIt{rlwJ70Cq8iEo0Ryx)t7zV
z6i)e@=T0Z#H*SB3zlGap4qc8AVG(Xwdp|6<wl*IGZ<^7@R_r<xyWtux@x(gojo25n
zuGk&x#y2dTW4`f*eZAD`m1~V^x!!D-tCec&<ZW!_)?B?ztX6P&7x3?a7QnK|hqcZ4
z&2$2*4fKVZT=#{GNnE|bdP`>lE@v(@;F2a+dRh!bYt?@yZ`b?D9%`(>Rf**X!4A>?
z93!dzzQ8ngb9>jfUxfMX=i8e^o}@m;95=9`#b=@%f4ltOi5!39GnwJ~Il?m{!>NN!
zgT}WdtbII#-%nx53bUvr?T=5=cyZaE&}#Mr4?N4D0js_}@MAelNZw6PYbWJ+A%v0e
znJ||87dL;=p)az#O-hhzj``YT6)}2ctdydN^{gU(o}dQd>>fIUkn+am+`Ne5m9V2w
zFBK&fg=}OM^41?+N@c~q+7T5b@|{sbiXt{u5piZb>Ug86mK<%W5Upe(L_6J}Hs<ud
z89qX)46(2F5;tI%1|Ob`8}gf|MNe+ka<pJbms)=mx~&S05+HU;Vrtu^8-DM8<K_u%
zF-!8|C8=s)Ux=2u;%D}bIqpNeaknTUs`@y}5I^0y9aY3gJki=mh|sKq1^*e6`#-mu
zuc&LfBqa?iMR~okaYgXwNqlZ};kUSzyzr~6`v!~b^hMTXMr)DN-^CgM&zXqtN{(zC
z)esJrKSk{fB@^on%a-@>r?W4%VgUiylajaA0l$-JxaohNPmq?ECXh(I1h0PmdiMVP
z*RLWI@h1GabOswWv0xMrQyGc1QzwLdm$EP&xeph7pik`}<R|$HtZ;Iw!oS+PEojUV
zK@)~Bnl8rlOI?ph`yjQfQ%3iTp%A8zpb(`832!t|`F=QylAL4&Hqn13B;ubmKTl6t
zY8E2uj^2N)5@bBPQouY9awYcW5oKhWCIr(PmTVMB%oji{ku*Bd6P|kz;}%_Z)3F}C
z4{stzCN|gaIhy7D0J880;Sig{KY?yX4z1S*SB<*atah7EPCSoja6jonKK#n6MSVW2
z`C9cLmh*D=C<*UCNbcox>QPqsivV=2V8O`p<)nXIK%&>5gnFk5AJl=FoP_x<r}dsO
z==7=`ZBVb)v}UK?()22tdUpF}quJ+!PLuDjoEA0+sr7X1;*JaIm@~EH_hmgFX^B}7
z#z{_3fcf=q<gzTa-VLX5JjJgt$sKZXmskS}2W4`(y3K-DorEk_ylbs^O*!gb>XKJY
zNp*iXc;%W`2`<@kwCL5U)jrqFoR<ZuX`Jz$7Acl}sG}J-_o0qGytSB+U-wTAHrYpV
zCV5WBn9qg38?nHGBoo)dZ^2(g8C2<HDs+S>gLEj{poDnI5*tcVpa)FxN_lL(oHmCl
z$4t1&?8?7{GJ7yx$}y9qNKaH&HY#N_Eunv(XBYA?cR8vkWNMm_%I6}84<7zC@9`L|
z&&?Y=%IqJ)65*EmbSBPsP%Fk(2clWmTXKh<1l5vT`E^XJxhqVHQHrlaYwis`?6q38
z*EEeoSzT|pWR0y<!xUHM+<jQQ#>!LLWLE2mvZ)jwKV4kXClBXURIrt^KG&_pI!J$A
zuE^u7Z`Ddix(-hmW(4lk7@=B!jp?@6)p)`j#N!6GuNgY)Of1Rc&Prk3u53l(=iP>W
z=sHy7NXOA))8iBeq&SKu-aO!tGlkOPV+$U@`|4p>o*CpA^!1cv_iGc1f=&>8m%-vU
z@*j+TEN1c&&YVq*PIR+YZPQX`Z;F41#95~d-9zerVc`EbYrJ35-dofr)E0htM++Bw
zk>3}=I(_Ie&ESo$*~`t|Kf`7D3TxHKUv*@TdbXw9PMEt=L*Xh2@;=S*9-gHEQ3nEq
z!xIb2ze!d4Ja~Zjm9RpMs(HdHm9TR8)Gl<vOeK|#{a@@KupnjV4Cxd{w(frfR=frv
zkj}DPz@MGO%yi?eCEtE}rrL;Q+i)Dj_e#uxhmp%hh(|wO{(gDGbeKTs5(>IxfIh6T
zJ6Ink6s~x;HZY2}QO4&g%X(;gn<Up0zE}QS^clP)gGIriNF1c(0JMi6HH01@Klbrh
zcg%ISXTihJHWhieYev46mVJMTYN;<#udjFd-PQ}<bbpF`XQ31Dq4W=<JZUWy$Dz+H
zEqYFC7>!Q1b0C`r49<GGBz~_x`!x82^KYk%V)(wUnXz|bcJUy-Ao^thUzL#v<6CC!
zll+(Sn;XB0l|K6m77Ba%{inZOeH55Z{`%?jT}0-#B=_s>5)MMt3SWO@O8=D+%T@)k
z-T#Ila$qOy&*bEb_6C~tRwgB!&@edA<U`%Dd@*CORdBbHjCi(zFznQ8oHu(f*a%R?
zjG-OWH$G$1<(+aNxKJ9(J&}eFYSQ<hW)67Is68%;+=dhi`7npn^5A_Dx{HH8gmOz%
z8HXSpRL=+K>gB<*ZQ+015N4o;4kFQ?0LDUMr4hVDgYD)wbkZ`|-rResVfG?9p|;+%
zR?HZmASZ^d3+o}#rzj0#sl>kC4|AcqCaPH$mBQzUE(({58;Fpu-sSZ{zx8rO$eD5{
zDujsR%GO_UnoEcbDLfn(WQW$T)#}x}7gF+E_$G3Lj)f;}^VWYqTsphuNOpV_EY;*H
zgYv~7M4@NevOLsItY54xWPlp@L7(UZg)E+uBPxc?p@<QA5|;WuHob(4)NMtDtmH<L
zBIcTve7=UGQe&PQNawP%AqZ~~;RmJ0`qRAD=+rySs_}BCx%yssQ^&yuPP-0Xxl)i1
zYWSemH_U1$@9BS@+e%@9PlJ5c2}iUxKo7@5biqvRq3L0R(3v6G?E6~}#4Id`+DpgC
zVgSNCcie!qAA!pz_?ivoH#c~HP#bh!@cd3X{${0cRKCOW8n{h7Sv<$Z!{J;n*}AWF
z+O=A%eW-Ihtlm#d@!vRixPbaznK<`hI9X0mDv{F&7-fIz!4vkH)y$K8go1kAs%=DA
ztV0tO78a^e{gDO=w2}b}B}=$z!L7T;1Iwex438i#vOunCsBKWL$IYL~vGEd`8{3<t
zs~)<S$8`pISl>Vp4f<`PHZWfBLgO|o;J{*wC`zqSYE7or>fN5vtRJf6NrX*J8}3lt
zRNPP`Qb~VHp;(f*tP+<=QmHdMiS%*vpm?gecW)%iqNmHU1aW~DH*bo&lsbxak1nf5
z>s&8f^2UQj_#plHcPoJHs|nJ0DqUUfn~TItnkZg{U88f{F-RZi@CnSa;U-w4*J?ES
z)o$(OilGD<y}kXF$!I6*5mDbCVR#gfM6G%wZ=-**+$7PwTeKIALZumzGBk>Hdd!=b
zCW1_v=%>boZ;n6WbkY%H?mi(K%`P_Xi6~Uhy`^hW5~8{Ap&UR%ZK5t|v>NU1pubNm
zCh7Y)!+t5eQ&=uNjs(Ps9$U<+_(KZ?AO>pE!t@%Y*U%+$+sMsc>2tOx(JlOl#@v2>
z&d+}d<040lcXaA+I_Hit<@@t<(i5ZQ{I^hLhaMHn2?vbjOs|V{)e2G<V0NN<B)WRC
zt!qZ%nLl2alzY&q7Pl1nEA%KytXMgQ+_+V@bJCdhewlU?8Wr|j@FaT{o($N+S?K1)
zjNazB4~t!eE@)HSe5w--8Av1V!V-IUt)hR#g{4iq6pg&Y!YC1z;-a`B^50fNU<((l
z^fC<NCJtRBd||eC^M$#eBhAm<7iO#7?U_CPf}QbQ#3C0i-de;G!9Jti;rV<~=f9+z
zY$(LHH1z~Iz>M4I;)g7y!XzJ=PqFx4;7UxyvxbskFv>XxVpXHr>DB5oc1Fs9SfhV&
zG#w$n8^_WWB4+4ZXYj63uj=h=k9|kf8S1-uEZu=E%1Y8P>uV-H<0o_7Q#V?*PN$vi
zY%kqCFG<XY-U?;V*JWO9gg+aZP&4$lUeDX6ZpVQg(~;d;j=`lfj&(F;^3k8C#y3um
zlA*myv}$DO{C;9JVYz$fn)*y`WU_w~c4R_2F~<3~rHP^6qts()#?jK`J(>I(t?~ak
zrGRSj2k_^f)c!=)#ZjYDTgT_VsC#neQ!|Jgr>Ds}Ln9<^B<fhtxEWQck-R%sgJzkv
zPM*S9Pha<ze~3kRXyy)LL8IrSO`}!CC`RVX6)V4BIBN>EZNn0A@kugBCh&g@Cevz-
zwyq!83NmEQanGFZqhkWNj4aDFOga2~mL;R64`(@J2OqPk3mNNS!{{^FqdqIys6LMZ
zf3u0iF6`=JYtp>fv~ELZ%2~;2t)H>s%t$I%qw6J(b@Dd)eB~~B&L613dA(saUa+$L
zlQ$XZ4w`t0Atw+WgRLfN4wQd8o5g3M<l`h<e2pH5O}*J3<gN4CQM|0ckx^7q8NlI`
zRW}ezkvLi*Z4T6WS2t*RA~j(D;$Ea&nzQ6_2ZO$=dpNY=GaW_&eM(WZ>cC~JisF!E
zbheT!PXgi`fwB<Z<N!cpV3@tMwaH78A*8C{I8CLMH63MMZ2ymxMT>vZYnWc^n_Y9z
zeCmUgiGzgFd&%e9%bTw^pWa`7{d|3Kc6S+bLztE7_Uqa0?bY8tUS6aUVolKB1trIn
zkK+a<ac*)OkA^aXUp#k=JsUm#$u=w4cj#KiP2T#*AH=QgPF9K<sW+<ZkLj$Xbccv-
zpw2Qr)}hKQ;V2p`V>N%Z*m@vd)U>yi4a^nWMz_)G>U(u;62=zJ@@f*hSr`U9rfC!#
z*qjHe%>tyWI!dj{)LO66Yj^VT(@bGYa}8P=j|jSpX~1Gb02OIErkhSj0o^4AXiiZ-
zqhi(Pixv5@d&FXeuP7<vEK8S;^|?zp((MC~>d644b4vTDSX+MtAl)wHC{KqRjXJS4
zU#x{kqVp^kd~BjKx${H5JzuOfETnU2Ei#vV9UAebj2Sxf#oE}uVyj{WXrWh9=Lt?y
z#o951XJNLGhuK1--R`xUgBQ$=HaA;<558H=TS1$HCG-*{?WaT6mMg<$EbDEC;X-%N
z>S2h~edx*`w<~`Vrsj)!C34MqAo?r}npmr<1FEt`=ZzZlLCt8kjP<nUhtN^udpv3-
ze8CQB={+Q;yI4ebP!doetp}CwRY5XUhB5%*@YEU%O7NAJ!3&4dHG2ut(jjE|A;deW
zBaw0v9Ok@)!q4@$(a@`W(CQaf5)01UIGht-#t*o&{1bm858cQoG<-rERGWJ9*qjR>
zDO|i9UtryfbTP3#q~%H+<6Zgwl+Ff<a0p*%X<dR2`X+yrRtz}%7L-g(L~LPS6P^Gf
zr)p&IP>$uXunHnQdWwp9>QGzY%&amhEK>ToL|*b>Mw5t?Q%6tjbHnFl*5$~8Bi(=?
z)W)SSO__gw{|ZI%g1M{kT>P5HCpHL?uM(Du9Oe7UQ8~oBPfl_=QZ8O|;M(rArwLL(
zp;`t;_Shx=J5-DP92&ohUbZeqHDe+xl2=S)I_mLhwtz68Q{ZK$$Iiv!*Ar)ha8Bb4
zH-N6D(K7qp<_q3_kljn@DO{d7T5kR#F{DbZ^*evn_931Tf10=x8Q~@t1eQ2#c@lRK
zlW9LA2h9!^G#kp4PwN`FB)2$OGAMl<bI{=(y{EriF%WkZ;i(h(3}N14cT{nQ5uUHT
zhJ}cw^{d^wd9bc(R^!lw8aYg$0<bJ|`A}w38e}9+dXd=DIfTqN{hsXO;s-8Wviw6N
zokD-OUd$_mp}hF**EfWpoE1v98^FNC>l&Nv;u)e<tv1a;y|qt`uTqy~DSTu13VrY6
zh}m<GlU5xzQmfUyMwD1-djoA?Hrq`-H+AoC33adZ^0~gQmwa)i6urOYa0Yy_z84))
zW-3-geeZ8<E03cfa^5jIZ*h|25$QR#Z=!#6ZjdbCntwJgoqWT5@lx8~sC24LeiCg$
zZI^D(yh<nDwXk%}^?Fv7Sj8d{<(7d+w2mo;-j=1q?-PjsPP~vQUGSFUPI<aLJ*{rz
zN8n@JNo>3UQ!3%#;+pFCIda@dZ*+=$JClg4iJR6BFD~Q6QYL`vPQnJz&91~2CB1*X
zg0=6bGnrjl?_a2l4?tzy={0)YzVVVn4Q#A3uC)g3c0NX8Ir#)%qM?*i{J=HFSbKGz
zcmDKlgSXqYZnj>kRXwDR$oyojJYc$(-*y4x=?fJ<=9yYrh*W1bNM}>pHp#WXTzdMF
z*Oc<&Ck#flI9*4jt7)BO`9<20F8+VKBxNs5*{I<!8E03`taGc_KN}xg&1#U;0oJeq
zQfF7g3a3u3M)hkZZ^Ww8O5RabDz}r@qfYIVS@)1mzD92JV-YSwNjNuCJI!v>tm)OY
zX6j4&$jEk#HlfVpLug6vEkAM3WBXRkgWu|%RwJJ<i~EvzQj*CdZac|67FU1HE|Y(k
zE9G7&&(!s3Ke9@&#hz%)i>*(;MM5hTWFw5Hkr{0xJfauI+K#u}QN`XM$CIf6FAwn{
zS({>Er8x1U^R|zER8KbSCaGr|od;HHtu>S+&3?V3cV4ncjOZOZzxjM2!yd1}@8HL&
zsbO-BH(RZK-V4CpPUj`I(y)I6{`%YH|6X?D?(Fm3udC90!bHmw!1G_vZ!YIg0nVkm
zx%~apZ~HjnmmS|d9<y*s;KYq%rVF{cY0UIP5SH?UUTkF`qJy#5c#Ijoruc(Pu?Be*
z1a_}M5slPLRlb0>Kc3g=blSZ}-`uCNCiW@HRM@2M7fPGQ3d@Fp@9%$ca4wFXpkpFU
zB+^V?@9BA4#B40&qlNK&yzhQGDtMXIMkmXp&lBwM0w_S{7LPha$QCk1!DyxPQ&|ZE
zJ)V4R0nkdH&uwwe>uHGgqUM44KudROI6|=9(X*7PFNslT2-gJC30r@rja<#>_RVzU
z?86N9ymBVt)9O2)oIigQ=^3U?`6(mEW8~4H>sio3ecek<q(4U7fn76~p@UU`;}OPA
z$2cAT_q@S<d(do|y_Y=;Ty)%+oDIu{zw2qQ6VpI5yY*^6A0__o!#|&ubWEo$4xU8W
zuAW2l{w$I+DK>wilSz9&nv}H`{$u1)Y$~B4ei&KCNKT_|7rlR%(ULj7+HJ1ZqD9WR
z9`{RFZ5y>lztMlWGC=Nt)UIN&e;!H~c_M8$`t{nAZ~h-|2fcWYT;9Qr&Q4ovQF^ht
zmLFo;_gr19+G-z|q(K8lEK6b%Ki1AV3l*M4Vr|_c9XZLHj$Uu+&FVh4-c<6;O?P;w
z*ls_Pb;HM7gn)koYd94%hm}-(T14-BN$ga|*Ah=^B|~cs>b#csR^!6iRQ+^L<qGW@
zluU~*ml=*(pL<xAGW(zpEd!dO%x*a<I<NI$q{0G9ThP<wEKZqAsC=Jf<DMbEq6#_j
zdiqp5j50jh?QEKClr@D}tUERlXgD^NDXx@goQ2K7X7GR6qBIlNwkg0jxk&u)MwQ|I
z%FqCRK!CqZ?ktTHmKJ?xTW{-))(ej6aVKr<eK{mTVX#;XNb`J6Jpxi-s_|;0U(5Sk
ziW;XI%7Q!Y=uVJ%O3go;zy<gYeR9g-rD@<wKS{Bxzwz0H6m#fkU1((!kAD>5tbVcG
z2Us3K&kphG4Ik2fY{s)F^3pY|$EF^?k`CX_VeoSL*ng7BULSqpo!O8Pd`R8@<yww9
z1t+^_xnw#3>7#}bOias|u^~3*VqzE$w(!6k&g@NgNcFlgFkZ6%0sM%QOT?8<OzEpl
zNi~^N>zQVwllNrZcAq5n5!W7$#b7qKy_v`xCo2@I&>~8I)0xZ>9qE46otcPF2g$yE
zJo|8YdwKKw<;`t$rX6qGUcbM(`zmu1mp`2S?dm*ng%Vz#-JJjW_4@4Y*W0;s`1x%7
zHg-*_>U)H$PH0lt%iBT^La6kSJ(Dh9f$Z#SRIfGagF*WRpLabwf3Lm;vNe|wTw4=K
zrI_-y!Jx{2+j;wC&&9<u)GOP$a?*kW-|`st6dMSIZIH|Xi3A)#uhkG5ST<*4*R%$f
zp-VcuZ^3{C+F3C4n%!F0XuaTt%WdKi^8eiQ9K5gTj;ZnQ8s~#%XK)nf;FE{b!$a^{
z2h^iu>4}F<7aVk-cY1NU?EL(Z#FY`{Wrhlo!}^?mj;|xqFxkL!$Dvo^Cp@e!%~?}t
z);Ev^?V8@{)s4McJjn>mncy{cuRyPlBmA!L>j6UuP502Qh8kv}+_NaPhN(43tzl}d
z-sG)8K3g|BQ%*M6VosmlkuSCR6;nCWV|o0lig^>iCeIKg9(K}K(u5~#UG|R5?d#1^
zTG4%f<31$R+;_sC&{5l7VV#)hc_<hTlCZJFa0v~v&}$G3CTf?3q$PUTgqu;u60NEn
zFnG?08{g=nAwrVD+SbrLlfi6(H{K$<a=6X#CG1=!@i(A0MtfjZYt0wD_#qu5vTKIj
zzlI3F{=v<Wt>FVg3TVw<zuL+t&gLPCfM|YyV{^fLIGtO0QCyb*8Eb|Bi0`^SSPrfw
z&W7%3M#N8eoC1E16Zl4)?>MDXNzwD{C)Sn+kA6WHd4dNe?l)8dv4zP<QEN73lG~(X
z$lo#kQ+O@4*Ar4r7C4?`tQAzi!K9Rnz5GD5RM+x5#)YFn2PDQWi#VwInhL3?Ddrx3
zSR*c<$IYKTtTvsZ&)Qe2j@Tx5WmvRP^uf9FLwdE&8y)=x>$2XvLv{v3bQV~K&thYC
z)kz}T9m2j+KB$QYwRWT0Y36gV@+*|=lPb=->l~5f>y4b1S7wqi1xkP_5Ou-vQZi8_
zWkVjd03n6N14#p|WtU}s$7aQ|VhFH*z?~W++)k#JReLq{p%&gqF&?jpa5RgNhp}Jg
z)^ZzcLHo^KeNb!d)$(UzO*nKi&)kE?Z*C#Ogiz7~ck-rzLP|<4x`2}EtrT+fdnDs(
zyxwc{l|X4XJI!uCE~_9bk}p5`f#*8IchS%ZXN}KFAgLV_7R)ECbbkKJ$xp9;WolS#
zd{6^DT1LzI2%Lf47iCJ1W7(!+KB|mi4G6Q)pLzqB6cw>9@M$@zut+kWo6Flfc6NRB
zM%am!6*Vb~5UOQz83b1yG7}MlzQTU7>;TVIQ%K5*j%B^Kbjq3*tsW^I^}c)0-_q49
z=N|SH7OH%4DluqtUl8e7uu?XEv5aqsO)xO0=~=dIx(^P#4Stp2femc;0pn-;^xQ-!
z&0%y0d?*{a48NgEZCmbBV8GD=c6rBKdwgt7$FUy4*CDrH@T|_{eOL)z!n?c)jA0(~
zoXl^=z;$WL{`q&D!cZRk@<oE0M8%g^XaB<Te{dZO+TzPAN(;So$Hx<YRCQgMavF&d
zp@oIlp#N#o{9it7%Eme+8wJ6{fAjkF5Z3C`eg*3OIviE6&n6RFl5y=y%1`YNSxNtO
z-*)@2$2$5JcrCJgty-WWrqZ8ZoLA+4OM9YHU$<9p*em#`Wu;J6#w7o757VCpW$A}d
zct@@B!^z*Xa*zioW|)J2YKvE?WPc`p|1+7(f2I<X)WF=r_Njb|r03QA=jAn;bXXu4
z{MR7iblfP<6%<`${T{VOy;`qp)f)bPB0|f~KY^o#ngymhRI(IG(0KFwa8mvu>d4A1
zH>MuQ+_02Cl;zVusP5E$D3ho!`OxP<Db?nf;>xU1wm+bU_W3q{e<d~Q7Wbie>DGh$
zX5@<i%m4rUr^*<%bEn}bRZ=OMX{v;8aT2>AM+j<1PgMN-;ae8V{WNpFhLaOTg?bA^
z*;ip7VRWF7@nQ1A;H1b4Fogq6*M_$4fSmd5`ihM(EU<@rC1D^No=(MQu(Qha6p5%G
zm7nEMD6vvZqQOpolaKq{#P95AilcMLa9v}e*XDuc`Dg~kWo96s+`&LYIO8i_5lLAQ
zLSTkIqeP^EP!h)@43N`xDU{u5Kn~euL>3g&xKbb&P4dw=k4E1KE_@j<@O%_nEsTl{
za#PwKu@Z%4$B>$sg>)oAO9xUvGBT+*W@Qm|b3Rrs6fF^di2I}*d9nU<3o=y74EQO~
zhY8;><%A3RMAVEjL(k`tgY<HWw*UX_eQS5yNOI`+{S_T08<Sar0>HOz`L0%ycXaKs
z6w#hJIb&ZP5CA2{B*7&}Ym~(K?YF95XaL>dQzAW*&#p#7zp5WqU0qKYMU5L#;-Mn&
zLPB;SvyK>lqQ9bs5P;^~1B;%Al9%!=s_>)mJIQ`${sqX}mMij_qL<o-u3|OIjhHGj
zaII<uRZ%pDViC(MsJ`HKaKIsKeQA<^9ap%_jtY${8jiMHC8yH?{EGZJ74j|S2&%7W
zO=QI5({K`w(QXos^ilU7E{Rd~qK8j}-@dSFiLkGKxGtxJ=Of@aV}bsfdi;bO!Ie_A
zfrmimT~7)Uo(ih*Yx4^2L}0#Xuv<ip=*{*D&k-8{;bUa}=p-7A=5Q<DWAS7XO=nQb
z1z@j;@aO~3zgJaSsJXm=riW;0sJs3oDb`<mjQ`6wy%udxL=96HUk78_TF~7EH@FTy
zex;dzMqq2Ay(N_KyPQ+i^q^dW8U9vZ*~Cs<3vQUP5xJ({HNdkJ7AD{YSmP)PhT+Hu
z+{Rz@U;)Q880KK2UzY}lpR`5rEVWE{8DeF5kQadM`+Yx=*i(V&z2mh1I`QHd>mWO+
z?*hovSL{K<ep2?9{j|ih=8(Njms^oQp(dt(WnuJ=ZsWo6hf_U}fT3_n3_Pgxo2ER^
zA|@?WEX+&2wZqYd;_RPtGMb;UVb<$_lL*}R1Rx>n-xF}Snqg0%`8Dj_;<IaiAW}3e
zdjb*D0__JdKxUT%MDjrfXf$8H<OyN%(^mN_X{*fh0P~>%fA!9M_lhdN=&ycxmGbg`
z^wlpKe-MvXT}v#~H(PjfD^2)rbg4i>0k(#0p{C**tdeN@&deztC`OjF|Lijz>pRvs
zKV{zc<unTBei3xpidi5B>o;A2z5A1T!uW|2n6in;go7xgTCoH#FEXiFc3mejNkk=@
zIf#zClhDUaa@8d`7)DI&rQJFTt0k&`q}nmwBfc1?c!q=Ds16uGPUKdlY4YofWf$m0
zg&5>L@b-IAAn*}8&hQEQF(Fg3r(fi>45FQ^NJr8>F8WlSTmnT{Y)0|ulCOG1PDed~
zz&?(}7G;<?A-`1lNA{&U^2RW`5lpn|Ap=PnN>&yhy0+6{C*=^fX&Bv)l=DS@pLPG7
zBG>{G4FoTP3~u(Vlc+Z6qNOgC1KCf$NF0ke$966ukxU&KDy1zDAZjKfDPC?mo1lek
zFRs1#79P0464Fq|vfHp>`I=Iqx{RoCu{=;Ot4F<v#Z(rvTb@b+B_C3HDEpWU=W$x$
zK=r=yASR_*G$Au@_?7w1PJJtXKx-XufPW^blERxQ70dKO56&G9=EEQZ>ONRDX)Y4U
zRy8NvUR^%B#Es=@ZY<eBjE|)uX0bYDJ9A*L>y)Z&jooHvfhzn`K$X&oC$RF~222am
z>e&si(P>)^$F;3`tzWl#{YGFlT20^eTK&G;X3Ev2Mv;md>CwT|#0+wO4D~XIufl)K
zX++?Imo({XqN4<;0`B?wGlJP})@}Uvop+H|5HmF>q9@JIAm)|oq1NObWDC$BNMBN~
zxrUMioLp}$w{0kD+I3Tr+vu>NY_ussEmh3b#i*<u4&%g_VLQtFlqyX<5NqjtIX1lP
z55wPI!H73wi=Nh(D7p=Qrzy)7n=pG7p$G0ovspCCtAe?<_uCEJg2C*Tj#Ia(p~WpV
zS5d#@)X&sVh+DV-P*!|99gM%ev|sgMHD7Xz8rt;t(Qq8org%TX^>}x8SG}uMqv_2d
z?#Us5Kr14<^tb4DTGfVW0G8nY8Jy_bPXb!@bF)!x631;-TYjy7QLRDMX06(>+%|ls
zzu}LrW82jZmSJsJlxmyM8u$xVh(-N&@`IU~plQzRo{m+e!yjtKuQ~0iQ!su^|F-1c
z94Lgs=`d&-^{OkO=tw9!rXgW5RvplyokBs&lHGS}cC}7dSM<8vwB1Il>aI6$`h&;<
zBL5`GpZH@0`_zGd|2|az##t>qO>W1nHlU1Ex8uSQ+sTHGoOTBr6!l$iJM@Uw>rL1g
z+qYO<-4L;6h~;*Vb^f5cXB>6SgS+gQ`pF|*d4qKHO@^2zMlY_r*g(&+s|{`%v&izI
za4ZMy{8Hw8uM|rjVSUquA%~%bCMiG<g>@2gSrNHMdwA7<qKoO_fbqJ7n}ur2N^hqj
zs&l)T2R&rADT13s1~Pt0?rx(B{P1S@6VrWC6FjD?!_Qoc7gR~thf6MHBg39cX(O3l
z2n^;HjAS^N%>IWC2Wy+NnyF|_X3AtJ-IPKShj`xt4C`9VaC;c_XXZk`4LzD%Ds`FX
zZgZ85dk?pNV~TxC_zzU|(@&^}$gqr^R;M0z`hnGPnmw!DsRvd&Y`K=#Z`K00U-z4S
ziy5Yc!{IN|{w!;@hCMR}`ZPZx3*UP^G}eQ%3vNEZfSmV~W>Kn0!jJ9wQV2%Z@%!~o
z(6eeazhTvbdd~v(%d_0jxBaH)Hrj!|U8t3#rvZF_kS#5Mz2P^Sy<V+lxpt#w)mxrz
z^_sW=jasMGZ2Q2?2HS=Gr@08imWKK^`Cb5T;9>^YFtF@azik1%^(?Oi&x^k8!4YwS
zP7ruoUTbb<p<C!wQ32F_x7MqLPTg`Ej$_q5w}Vfi(CP)vM%ZWsy<XkkF4U)rH)R@V
z)z7kj@Kn3?e!JFit<ZG<7aLyF>ev8ytrPeix7n%rc4NCRpQy3fb8!3F(gN7q@SF<$
zX59)M2Tw_8TOPautajb&hn;$_9ope`VLzs}D90?&T@H3H`Cb5ZuNA_RuIX4|(Dwjp
zw+Xn|3$4BbER*jwnw?&AyHN9RN9148`b7hOxAY%f1bMq*H-lPWg-r)2V5`-z+J3Wd
zIrX69`>mkYK^L)yfE*(==}rrW-0COg1@QZwcB54feXHd)ZL97(p4EfP257lk_Zz*y
zcKt1%7al)K1NlTPDT2A*^E=J3ZnYb2ymi`ey!%a9_*%X0w|&1E_S`MQENq*8qP9(c
zI@qPHw+{F(DW-z)0nd)f4;=*#cwCP#OUi}e-xRA$%dUq_x3?8v8O)k}diF~yZ+2n;
zv3%-m5tRY6XJenAx>u<_g$)BC%lF9=bBP|`o&AS4yZ0(R>Joh8>^D#G&Hw4L@QVAM
zx*v*vnJnK72p$55T2i6B7{lP8v~(4J2*|oAjoFY2l$liDDu^t8-|;ut3~E2QGMuY}
z$U_DaIVgiPlkr;xvK!y>_#Kb7j%W?c$4nM7llB`i<3Z0GMYZ&4%VqawK(KYfXoxa3
zHS$Wr#Z4`MmodwbnJo~vdD3#Nm7`2r7V2!$Z=e8cB_)Sr^M++7EGsLwGKegH1j)Np
z=I>0-@4QhPSs49lEqq18YMw`+l=Ss-h#bN9vWgot%Xbbu&ZKPvz_ku3WeyjC-pMcP
z=5PlL@b1+A5CtKN_O(3R{1AL(ic39~Irc-qJ?Qtvnjan66#|?}1#RW4Hu*O~3kLnt
zd5i|z_lOaPMC_3M44s}`T@qe@oBWy2gipZ9Pe4RfRfJuuPp0s4R=Pe9)<6mlq1sQZ
zo+iiLEZ=?YF`R7w@cHiRVJB$${r=PSn?KHbNl`KOf@Ewm?FKfmtVX@rZ0|g1V<rs_
zOKX2b7N%y?C&t;^FhQvlZ2+i}6KBax5vUAcuX_>3ko<}=%8U}@6`6*ABXohAW_*cQ
zk2IJKjl<5AAv_fO3Q>W=e%}x3ohKZ&;@8{gMNEQ-WjOL?Mzp)biWaSCVMVLqI`w+E
zYm`$XoURqzRD7bDY>Lud6=%Atkkdg7*ONbEs2m@0&Wio11VGe86q0GO7H7t4>_ec7
zkI{rXosts3NimyIx$?Sykt__Eu{I1~Qy6P8Lkntkzt!q{9VUvL$FpekD;nT1?bE&_
zc3LW5aqa*otrq8NOX}|7X`Br7H<Dl<0L~eOpRkR}r8%$lT6QN`YLB1NH6W6nQRUEr
zfJGwl8P>H}U8~*lJK?_I$W||dJ;{N#DE-;8p^|EQ5h>~C2%XA**_o?7PS&#=y>EoA
zpjoq<j~Ra`vDDDSA5se+Q`fXzW9nYJ=D7{uu>ub@+8xieyn4NEH5*Q=@6>{J$MM%N
zrtb0uXKWHx`6ViC`HjyAmn>yuP2b)*O;0p|`%G1${2{Werbr4sdPi!Ae!6T&03-%>
zQ46TFy2M08Nyu-15yFC&@}LhiOeE@!N)xCg2Enh_*T?VQUthCM*hu($=@=erjA1M%
zF(z63Puv8#cNy#U+vx5z?0fU!Ov+ETPp~9%3g8bO-40!`gR+<z9!o9!bomi(ohaBk
z5o={ZCT1xVqV<8o`!&0<PfW>{Xap|Nf2SzocZ#1pPl$qlg*-_JA6Zn;v|UJG{uq)g
zo&;S=8Hr^v!t|1)7lkWe3_>kdH3{S-!`-lR8%(1Kjpjrn)nU{kG7P<MA=(7L09yD0
z2rP-i5dJgshVq!NAh@czLEUcGcP{b#fe!ah8F@q6tWCN3JqdiuUyoeE+h>%!7^faJ
zeU1Vc&6mM{kk%lHULFa(Rvj+Xevn4O?XuHe$M3f~cFXF!wqw;>Zo~3yG&FDbf?B;7
z_FMIE19qBO<7D`0<>Q77^%ip4=u^e02$1J@)vPutepjNgTH_}`a$J~lng?d-a5%fV
z4#O(~;5~D^OL4pbKXp%)<rOF?VnQzDc?IF(E61{bG}v}8^nxw31sOEf+|#T^(M6qL
zT<)S)8m~<z`0ai%#wGg@-2oXoq0uXO;2g$aL6r%nVu;B<F&G4NycTA_MYDiuG!#~H
z#&lVNY^aH|*pNIrK_zP#SW%1_E95*Dd3Gy`abBV)st9YX3L06_-|tU(49`k3QB1=X
zU{nBqtoYGGSFCLIt$kn-x^z$PnRgjoMTI+H%eoxPEzm=<+@~Uhs>*X$2`8f%be-|s
zD_rc3V|VI-zc1YNdMvBLsmdDXL9QH_R|THZDp>8MU=uYyT%6MUl;tEF?owF)NVzH#
zkviwdRqk7?(htgqrwlV>vVkSg?NPb$lsSlhOeEmlVB&~bnkDDBo=JI`a<;vRMJ?VV
zb%s^Y;|LEVbA)9h_e1D88V~PDI2u3$EEkP2nd&rzDILx!?LG_u6pVcvM+BJPP=-Lp
z@WuE16JpLPMkik2*iFjnJeuMm<!PzWJ!HzCU0oiA$9tO%+MUgxVPy7_aNkVU8N-%;
zS$<e+2iwUKgU>gvkke^I43@1))|kWw^>|IXow9MI3x!+|^nEnSiXO`qod!g>#;`co
z1Au>(sr16x9gJ7P3DxYNOsZ8mx$Vp@;08hrQoh*#L;e#OQi3tBj__oA<Jmx+0T85P
zqSFnP6*FCRwfN{q$6}3$-iBi@?kk3W19!I(xkd5lhqGVKu80Q+gpt2sO8}vOCxPuC
zJwPbrc-J;CQrAdxUFocc*0)KDrY!E$chfa^MhzC39Ey^IY)-^mFHRQ1o1y$T#+VYm
z45u)e4xlltO_jSj-qVo!MK@6{BXrMe_1cXm{OG<&QYJ*>{@{kkrdpUcUZz@qu#$FG
z&9AlEtvz`(`~=V)A&5~w@a}W;^VGY)=>HmqUyq<P>I3QfnyGW>s7a-<JMx;ekg2D?
zzadVCzUxItcrHtJg*40CXXjTpeq)?I`6mPlcl!Os-_JiVF&+Q&;?u`OGPkDWez{k|
zUXWUrf<oxO=CgPZgv4&Wv~A0O>A+8dM*z;k4zk-Pc}tl6naFf6-v$;>Qo$)4(=d!-
z$#1;zAZ8egtAekc-aH;)?h2ZwwkShvmKe5NCk*SICu{`B#eD1q^)<XFJkyED9Al)0
z{7qzGLyM=Jv4Vcs@wbyHcB={nMjvt_wQb1z649M1=tH60o@c!mJ3qsJKvQ>v;gIFD
z0SvS-lLbaI!OSG2bPI!6@Z9{0A)@;0n|l`;W}E1QczRP_QFA_lPTWKh@I!1*ks2tq
z*t<TKz0kR)rdeT=!gf@;$TI1yKtkGHJ9PWK#?vJs$0CaqBO>F7uYQ3y7b6**c#I>U
z9ahhATzlJ$6pxUw3f-W80TR--dCR+5-*-cl?8Hb|>@=4_`^6-uG5~Rfhj*Z|e#Tpz
z(DMpkPP~ang+hZcLq~X(y&)sq9hmOFf?g~$*1DvEPjV$np=9KuslMc?w8%7?@tk7!
zH$c2`QyJA*9?hLv%Wc(d|LLN+xG$#jF^xi<%^0_kQ{W9PY-sg={J?H)8{N0YDHx)A
zY==+yfp`N<Y<Gj1_vm_9o?H;>GbHjsKN>%vSXfZ0J<o^74j|z9IAYP*XAzm;Fe~79
z=!d<&({DXt{7&b4Bqez&-=Mz+J`>Ak9A}Lsu9t>hY_*z>(`fE1j?3x2CPMzJ${kK&
zzUKkrJ{+gPcvdQZ(eNp7%0xp9FyRE{?GObq+@fcM1Z&?&#Q=e-*?*x21y(6ZQb3>X
z({MJJ(gYk2KrVEGT(MB=h;pZ4@HZM%y+E3)yiKxGm$?^^&!CAlS0F_FUekB_{u5?2
zy1G2GW{W6V+oH8CUfXip9l!4GE9LQ~Q}6zI7>;jdx23Fq;Z7OIt&I<gR4r~Pq*PI9
z75hvnmGI$7)mP1f)LOZ*SE6M}>k5ZJC1|R7lNwy@hv0iWJ~hhcP9@8$<_L~~`X@<R
zf;kVg``B_3719)VRdR`;fJQ)lV8bVXWjCvcH9C!2t!KBLr%Q%XlF@GWC&H6lFDDU=
z<6F#%4V0*V;nucoRJJurln)U2q(!0Jj7S(7DVwgu0kc>xu>j-LL~!TCw;}a(gbv~z
z%0~5I<C}<PX#Y0wtfUH+=E6nUhlN^2T~ce*n(cn?F|C+*<aLexk}P?)TzVJ^h={H*
zvm))hkpRx2z9s8hw7!J_*_-~>?3F(0W9qIEQCA6nfct5C;YdwU6F*X~zj-b&X(kHp
zr*urx!T5ifDqF@Dt)xPcR<!X)>DR$5^8v6E)g#H*@){8asY;pU1ySdc36z`6qC4|u
z^H|1KrLtlXB6a0eT`yc|HbP}KU~U5J36m!c@1<wJ8ewx+2QwLM9Nn3N<{H)%AD_ab
zK_k+C*fy|K_HanJyhlQt4X&HSNrqFxEX5hPEWzViM_`R$#B?xH3c1roDzs{Ivsjpq
z<I?;`kA>N2wmU&5e8R!_FofK6(4$#)%})!Z61+2-t#CUxYW^l&<w3#j(o72)08_Qm
z#fvPX!lW@WcftG{LW$AIBV<#AH5)+8_Uo;Gj^pyoJ(&Pvwb~D}5$xXhQMMvx&}KIy
zZ2PY5HT4nuexS_|_u`MT9k`;T!~?S)5_XN3bKB$k4X4#=>VxfNx92I5c^R$nHuPpA
zZ&DQ1hQ+ht6)oRudhWJu>NY&sijJ&182cd)#<7g1j5qz;-2WQVK*_LPCCW9DY=5tR
ziNh>+KSqIf&mS`SiY;D|dW?nP*TTxM?@8?uEaPoq^$xFoiPrf4nA2>IY6JYe!?iz&
zb#bz&bgfm~XLC<uK3xV@aCDTOGb}=?AT>u<Q<zMtmM+cBpk5)3@-Bk)^t@^DMU0*@
z{ymBM%sqnIi|43KtzlyhwczQJmACVMA(JYQA+U&MPco>+#4}jUa%xS_+cOSQ%AD26
zobMAi0c0a9oQJ8%>$AdT)b!%4XkPG&O`Vjn?zb@dnD1yzN<&ni&!pguOt{#EoS&{O
zX*QeItr$#MSDo_ung^$*D(6O*tE_DDI{JJOE;<(v)DJ_q7Sx`wvi)K@x%I|>XyV0=
z923zIcxs~NK!md~`$X~Pl(@teZ4Qt6pxNKH&TB*RvOpY}<V5BP9FB;+0$EDP(E@6-
zr`EfkPuUZ$0sF6TnkbiYmON3v-;2B{9&Na$We(z9lA=Wpm&z2GlV##t8Hz{(%#T1=
z2(RJ*Q0x0aCu?o;lxPT5RfLFtrrgS!x-y&X|53_fCG{<=Z}oz9(68^>kuv2-$fK8h
z>YiO)UtPREyZ&@}di?QB2}7u>)xAFMcF+I*;p{Y15odz&E@*YE`7mKnQht-`L^R|b
zyq!iP+}Wi0#W1Mi-eG8&C|&d+ykkY{c~-I+i4jHjKa#H{4~K|rAbc5rAIhmxM;zIL
zX}Bq~^?(X$HrmPx=88?fU2C+xM-6NuGn?z8nka?Oh5-+08b$iUFq|zm3*e#ZXl;wv
zwmP*=v$dT#%`}1UR@3*Yxp6l!4KN!5h&=a-ZaSL}cav<mTgrc%faT`FN@CePAXsvU
zl8`ua=(1UFH%ZL9ekxvnFP(}vr?gMNS|b(jddYXgZ1UY?6B~K3j4sjJ1Pd;k#3wg@
z<ePc0mavfC!fH`-*+Xf>n=xi+<-uCnzG5w~W@w>T68;3`3|Q@FvxVK8E!3LLPP5*B
z!g8b4%@*Lo5A1C#Xt!VqU7)1B*mrHYFkD7hyBfoVcE8cV6seDYp(}sbtw@=gn|37$
z&ABJ~EKHi{*up`TuV~(=!RtGIz2PsXHQ$Gg8ht}oD;5j(hO*u_H0UmZ81+j`D3H~I
z@^M9yOwl1vKzMV6>Am5W=gA9icxd(#)TK_y{367Xj7ua(g8jrx06w?he$BJPexvtn
zC1LQn8HXX2FXIJ&J}$muxYG@9VPOlaZ`Zy0j}}}2C52{o++f{{(#6#Ckg_YP81Foe
z=hQclr9-%;taS-C=qvw~TQMN^86abbh$|dhED}HxRE-)uRFpo9Q(*NmQj`*@Lp*`C
zU1=uFYR1SS7c|r?39C6Ddzp8xY|p!{Bo-Xm1q7ltD#<#375euzfHIxszCt_o+ccaE
zfrwmlVJYj8k5@_HU}KldTXHF9!|b`XI~!?&Dxgp;11EbF(fB)b7LVgJex3}rtQa*=
zNLE6xh($cq<5O$_VnDsXE5uX$;_&uFY+%7@#y2YnT?4-n^xE|&{QRJHFEUa%_c$sx
zf8k<CQQPW&we03T`iSo)?}R4ZgdwrSe$x{*M2yych98;@ENE7wDHqEcxul;sIvSL9
z$LzPlme=u~E*VfmMNEZ9K0#rgIUJQ5Fk%{8hroyote)L=gS`z^vsfIOQX|U>A^}TL
z$cGBy)Id`?9Ytcz;1Imu>^ORN@ja(5y7&<3pb*i2REY}Vizt4N8yg}{V};P|&fs9;
zcZ*Cmi44)O?RwC68;_~+73wmb!dEGK*7rUPnLU|?RI3gTsm1DEKdCIVy)&yH)SGp0
zYwF&2DRnQ8^0~aOm&W4ED0<&*!3W%|@5MlrTE(i=_r4=*MH~f^^M+7=i}Ds-q;qQD
z6m-#lEDhk2|5k^NkB|p1qy0^w6KnFCtqEPb?0RksIyROOy83cED<BrRNEqBa5sB3b
z*wI@PI=r8N{I^sfGrHh4&z*>Ldvs*46Gz~K8YEU-z>G@xovNu;{mAhpy^<ICdL|J%
z#Leo5%`i>|!URy1q-+2q{Up|a^zs~d--}~^-d$Gj|Ex0J1C?>BQ|q*Q{!>mhu(Hb7
zY4n@T?HGw|DJFP<hLWTBo@<P8_QIbx@4Z_Kn@y*!*Go0*ecA}^m9@~pbg8)QOc+mZ
zDAmm~!&<Of$3vjb0k>`9yg;r#y~!P+ym*btsLb_RqMl>5iuy~mA#MD<pk_zbtU369
zhsJj`(D|+6{;ce_s#}nZ1FKwsjPI(PaK>vjnO{9!piHNcE)i3zG}GUcO>I?3d!IaC
zlQ8;9h6_mvbC}wyx9fr9*-K&SQ@UjMIwp@$G7WEFCBtd4$9<^0TdgVl<+d8N?W9?J
zEQ-e|8Fz8pi0%<pIa@^k&KA-=NzcT8_vAgYh_ERwYI(AC@h%}+nIs!BpN2NuhIG-B
zxwh4n`=N4g(7=<K1J9lKP_i~hU^zL76Mx$Wch%zyyGrf*mHdGPueF4dq~3E|Uh657
z#6)^WPOd(k^0dcG$nW6Sd0=66E37vfy=^mqn|bG@p3?9FzJ7Q1A4MK_$Dclb{<Nsh
z1y(Am0PU|&uFmpafVo;%XTMy$dkhypeSUW}XJJ9&#FcZVGrGEJ&h&jCmfS;6;S5-I
zFmi})%y66HFA>c(7$!+zA2lhWpTSfS3ut}!yjH8#?9_U}V=8Nut4OP`$&^1UZ5}Eu
z8z#R0hKJLfJ;B3D7OP|hq1*9)wrvr!GLcUh<9xpFUN$Rug*dn6BI>h)7v2m2&_40#
zhA`SfO;IpgX&#jYG4RytOA~-b)<3rqhM}7kqCF`*U>7tGr-mm4*Bv8E1ztgpLZ5{u
z;6d1W_ttG>`R!hi&78fT$(|Qt61Eoid>Vgfre{E#$}Tg<W9HGDXgYv@73z7@3?lt{
z8;;@C9P-q`BEj)3=1#{v9seh9aNq3L8$su3V?l(08`IcObo`^Kb(lf}D`>lRZ#zo-
z&5!?fIB7+v%^XjXZWrTFKAuGylN9_(Jd+;XHA%+{|9TtI+*C|Me0MwWZ#f#R%k-Wl
zEVIh())#BhlHgnqdlTA!P2Z{YYQ3jR1NaL_yeiD`d1$>P5^1y6bDf<({vYlIZGIzH
zHVC7$(bJki&mPzOBBt-2^V3C7?LDJ3XuycDq>%WbUe-EM;c-INmUZda61{18Zo{kF
zkNNbbkZT{^vgG->{Xo_YAG#<6><@0{40A|H<flc^dsvV=bsSrNsg_pBw;FvnbhiD}
zI32I5embFWNxKF?(~{2>f@d}krwB`h{OsKfd{~MK>4vE2y!2+bA}t`d1wBe*amHLi
z^t+RXyM}%x6B?`YjOpw!%kb@HzG-|>mLz7%cC13s@N5cGTu#wKBA0{Q!?i{0OrqhC
zCitcy692bm6MSEP`Cbr?3-g3!Nng<PnqIB(gtK~l<hJ%PKN6A{n8^S)&$mPqpaOF%
zv}-+Q+kPqHoUTX<K89m&Jkxrq#m5u)0Qb<vxFSEzXAzH+q<noB-k)+Zhk@3aRyNiA
z150Q1b{O3OdjvasgI}-08;Z^7i^4x$0zWpNhUYxs+X)<h-jH7Q7hKsJV@$l`A#?;6
zY4m@i!B}{~@$D(5OnX3m#4!TI9QgO-1{c#TF_ec*I=mrfuku22UBB-?<@f`5iPMmX
z3xk-_Tbow3cvY(t1hv+-k#*g75_?BnPVp?x?sLzZ2`?xwP^`j=2u)|YM+~HU?TznQ
zembaj{o(k3=d<qF)h}mP-NdII3%Zx@&p%%Cp4jJ~kN<vtlKMg`o*iGE{B(VJ{PCx5
z&JTY(55JW|lZyHNfT~VdQh3V`nI43SN*_2fX)y<~aja3#sk!}r^9lRA9-q7ycL86`
z0txQWVpTbrimiU%4x8JK%f6Km%P=o}aOJcG2afW85cU)+5QTL_GJ8Z4@Bkf(Bh()Z
zLo$kjL4V+TTsr&MgaHBCm@steZKv%wo-pImO*tX|>#Bb6vE_{eEBxIG!+yQh{~`R~
z)6VJA30~)*p17r_8XXxN-Sa^&j*9%}e~`Q~3|``k6gi|9QulQfX#}J{jYcvm@eZBU
zxjAcp#%Fy6TF`X7R>$=p)#8a~VAcv=m9o6(^|2tc`tS(WTVrKvJd1=MAm`sgpLtw-
z=`6oBFZmB=A5(tvT(ZJk<rlDO8Si-PYEA!mvr{}fa?)Wn;}CBglE;tiPW=yX!7(;&
z@sLoRU5KiOY{tud(U7O{Y?UFQx@pK-dPuf^89#aPFN5g}@p$U>fhj9qa@~-;z0M1`
zZWxlW4r0XBhh*)w!3`RQA<uw2kpr$VB(~4F-Df<<)gjO0D|iOq!wFx?$66nXfOSwh
zJ-fOTF}Z~!_(ty4wa4HG6!+?s#~D(mlDJz4S}u|);(ysJWenic3R=<1kLc2kvzcRm
zs@u1;I;#id5Px%8P#UQn#C)z8r^X+Q0R3=iU~C7Y`RMJG8P=S_yAd_tFYWJ3dW_Rc
zf$!W?eb-<BWw<K7!kt%qdCsDV#Vc<4^^)A0tBPRZ%6aeg!eQPSPgt8l4SbuxBZ5U|
zRWCIr79|!74N7EHZ7&$Buc#N+hkV6<h!(Op^)k&o(ohkTGJ6x#qV;Ah!Zmz;D;db$
zd(+~vVFR%X7~#WXLVTG*QcK%tooVO;;%s7bEe>Qn^_Ozc-QgJp9%aE9g&OHIs&GM>
zGb*cUdr6<sd@q?ZDq6_iRPHM?g?F$;%gg|Wz+d@GS9K}X!b*8n7MK>_$(bg9)MIRR
z%RI^#qK#PTiU4>Y@Tbtu8nFnF2kvcV(85ru6i?uxiV)LOwBPWNuC7o4>#$|?3gX#P
z==G#7OwLx12EUUCJ-I1QSBhr<7pj4P(S1qyD}fvmE;l?R$Wp_9E^qH+JPc+t1<sX>
zLJNl2->0hSMMVm6ROer0kCdQ)ONh7Ght_iMs%;INJhzs6Ty1My@#Zp&Dh`hB<+{PB
zqT9Tyf2KXQsBjv(ygOL^QQls9cd)mTAEEJh__}??n@l3^a-?*@^NS9iet%J!9YagJ
zh$s=I&am`4`#UdnZ2nGpAKrvm?In%l|M}oP-P>p|rtcatmRz}G=#vM3$jZ@gHs3rE
zc}m0@WeEf|^!MnHGo0NPQ(c(u#JXdz++DMe1%a^8<`alHCSs6+7sg8IgeX){Hkcwx
zmo8oQHI3=mUxg&e-*+EGi^B`7&y>w*b3E1I2;FZ0LCfUS_uvhYk**ouzPd-Ln(Ie-
z*|J<572blr3RoTuUPokq=b&jaGUt#3k-BV{a*mc9<rIyn$1Htd^L$?kPp<a44>~*%
ze>$Gc{jUUAa!Nr;lW4}n27EaFc-V*2d5762XzGluO7hlF3g(t@Mfb3X$|LD5Vo*8K
z5wto-BT}h~&MaazpYrR0zT_<al4A-Q@)zQbqmeg+OA3%`!Nb6RyRmp}jmA^fpQfu?
z@b|;39(OAVEEZ8DBD|c8PA~9N1RAgL9sVXOn0P%Oe;r46<2N}&%4OswSzzR+Mbed}
zfhiU+GIm}Slt_l2R?k^gI6I=q8jK-8gQm#V?v(DXO>h%`TrJ-YSgXwMfh3zK66nF<
zgv|*Jasht2^k~R`gK3izMwDv>GM=_`OW6k25Cbd@#=ys=I1@$6h=PSJ@JD$eL^RC{
z2-r8}@t&d|w-G$yroNh-gNotuqW&sHvES@3<y;4-kIr?FlfxEt!0C<_3T9)4ZU0&b
zfxZJ?P}l*TzF;OfI2le-0n)%ua#3}vW;sh9GvmM)%{YpGuzSHcqGpa|eLI*ki>aeg
zRw7caXz3z7pB3YYrTzbB1hfU^2uH|@c)%DYxCAU?VO#O$l8{xDQ8m&PS#NI$@-bs6
zUXqCiu#pcJA4!bx!J16a7r8~VYMY7kIJ_hA)ISWMF6)A&a$~&E2<a<zpKDprk6hRX
zpx<I;mvjw(T$|ow_)a6aht;s?DwwJLm+w!NTRyvi10Aa>5<D!4=`C>1spLS#taC_v
zTf{Z9T7O)IStrI$2e}>0Sk7UUASWDa>N?Bo5*M+ay!*!{WCl6Ynam^wY*!{Aw26Kt
z*{6g^c{4>D?GL>(2SI2c1N$S2%5qho)5)siqkL(9a_eInvpi>#{8@!7fxmKIYB`j@
z-OpH}Sh#>^i5p5>o&8RWDt5UHG$B_!O^Vg-F2BwUy<v&DGf|p3>(u6w4s-+`OY}Dk
zaDtz)3H^${(5NTWlIBQbYROgExL6rsSu#M{5T8}9DCNqia;$ye9jMueLa|e%-HdXo
zC&e0nShpU3pse;9mp<Gg$XV!xYI1Wnc|K}8R<?S@ZYT5UWLWSn<$Hh|Rv^}Uy1WYa
z|Dy7VAVjwcOpnT9^DI#I^KekC)$S>Mk)s_YNFw@?SzDYKy&a`qL-HBRWp77DVH^;(
zqZF$lAF!O&I5LXPei=-Uaw35WT4Ee!uP=;$Og}hEGeZ@$(KyO$+$)M6=CL*0MRA{U
zHb2tFc*g>=b%IHympElytO-4@U{9X*JeCL0ghk2F`u@nWhki*sB}&V~lEC?$!DCH6
z3x7WS`S9%Yibz&kMvFr4yGSOc=6hl!$-LY`8<B5=@NR4J){{?HDN(BkucAz2k=QkV
zO{%lTM}^*=$}qXqoCw*{&PO`u4RsEAUmWRiWE_XH!IymN=zv;>A0bgr-b-|}jGGY~
zhb>@o!_fQ}Welr9pBT&_<X-s08|y`1xljBuo-K<O>ZfE-jc-j&H-T}aypcAWM0rcI
z_%!C@l0(83PwGC@e@uTJ<q!jH!SDlr(R5|!or#V(C4{I-;1Wgg=7`KE7z6BfHk-sR
z4-aV&h3ZTYhbmk?hcu+fp$Iy3C<v3<^|NEpLpTPBmB!_Jy0!{SrIQp(l})C$#V3sM
zo?O+CZu$Fhp#>hle)hy%PF)%VZ=!;?7MWUJhA9p}@7_uc``|7)yE+ykI{>|Z0W&rp
zTe_#23{>S67WE%ar_pp_?|oQ2kx!eNoQqZ(tCMUeTrex$aa8M*PYDl@6^iCihs|nF
z5QlFfOWj6193oEP#3N&nl0)v<=O(#{&Lua-WMm6(Bgww~L1>QPno}hec@0&_$uOD+
zH230g5RPf$FcD4kI;kZRFfJE=lXF*+t&`;0o<gn?2HJ~fN$^cf@snDS4fyh{OTSVq
zLPn5fGPErSR-BW4Eja2=i9Ea?^h5vNABLnvqb#xT^6;WE%iYE54Mo%a2--)3-qGmX
zJZ|5~#fP`&f9C>-oJd2>q>zr}cX`qM`045_#}SxYoPYRu_V=sfkLMSEALMXFVf&Pb
zUFj%*Wf{vakv70THgYaZ>X@}yoF{_yc}nSjp$A&lPHI<Vj4OmRgoo!vJe<?u&4)n<
z2$0H&SVY0p=l{Bi6dq5WZ%PiK5$22ei9`x|asIOieLD=*4c?@<lk^s)3u7df16td{
z+7{Hdu(sva!$yBQv6!iUB$_5wW>|Uj5y2sOYFZ(>n1||D8kIcrjVA?9H6CZbWJ9*=
zX!aXw;_TLMbDmKdBPR-f<;PB@h;t%r=K(N0ByzFXagiAoxt^P@i;;RIjk)fTcg%Ao
zh#rVV{M*p~N<YF;8izEkn(s{m0@wm0cF_@Q91aN%g83|1l~sIy|NLe@u$}r7j%G@g
z$C!+Q3AGoK0Nfvpc06Q}2`Ck?>Ybk5aQ?6)Ai;0y1Q*?DJRG^9m6iag(xRUSV>D1b
zzKM>QL0M@W-9cST^j#*0#2KaS@#$;rh{~6e_T)8b+DsPn7HGjOljfw#YoY>UK{Pd-
zdYxB+L55)>5&8vxHiXD;nScO{s&RnT9+g!PkIXccQwHCYv@@6d9t%kyS8+@&gV*DW
z_<}6S5hY8JYtUY-C4r~v-=;Y2LesJ<ou&E`y%(95braE4HY-jxioETHwU+mUlheG9
zZpbkl(firJkBM?-Ije3avk|&%@`e^`Xf<ngtKQiPnY{*o$Swpp%knv_%Jmh;%JU%o
zaFjYr@z`W<v~;C}$}W0bO7MWvz-nPMCuSG-gQewLa0K8<KKE}iK6Hkydeq!~bcMAz
zZQ|q9nNaulnA@J^dASv0O84p=x9>C_HI?6FFrl7Bdc!THa19#9h!V!odRapv#i<tk
zfRySLCvx<E?}WxVq1&nT1VL%mTlIENrB%=sr7y4J*)$s8yh)CZ#G06tE~nvWFdvmk
z>Ez^X`Sl^Mj3!dzoF`l~pAHL8j=PuiNt+{RbB2z*U*G@%2jls)4=7P(TtQ5kNfG5d
z-Obfm_aiyJJb%fg6%`Q#y+XsA!GFGnn5HTi)2wfQ?8sM$m?Dp!&Ah{sxs=dg0#jEV
z@(SgoiB8ljTUN>2!4OUlq9L$46Au^R+rXnhCl(&W>qXzfSM)1tAL7{nb3-AD64=X_
z$-oHuJe+c~vVo7L*UZvvIv5Uv=xz+l108T1T<%znZG;IMbQj|?&~cmw(!^1O6pbNj
zjAJo>#Hv++nv+u2fHrRzTgkh_R&s6|6_T}iEwp#7kZ|T#%T;)80ctT;9VUblmzSjY
zFap~!4&e2soI_k8V83EYLk^K&oX+S2gry9tYH!DW6j9>z{R<K+Z#cv|KDm-8QT%*x
z{9m}LKS$#M?9S%{S{Ih|V>p_i^58t+1cM!aeoKPPkM^&8Qj}8sOAIg3kw;qyE1es7
zpv-&JI7i~r;qhcL<oP|UbAD-9qO16@H;j6RBcO@l^pJIVC>F2E=*RcZ<AchdNamlo
z(hpve1K4|A4KaJH^4m9{c@!5*FXWAtEYOSc7hMlLJmEd|AeQAIQ|)`|@9*he{yS5D
znUYHEO|DP%BDpfo^LOf@H03)4vhJaDAP4AyHyQkrtcGj5u4Oy;zsWR28_j$RJUDb&
zfWV>8u)H?Z<#|!Ayht{(+712r6fPPG<%<e${X%S~^`b)WH}1QXS#zv$9=NpI7iIXD
zU-JW=7i<v50A6<Wpd5Lb>40+R2>)My|66nnZ`h;kflV+?0Qd^^9ud$uYBrxVsK(!J
zUJ<49BQ3s)!5EUVK`?kBkkaV{?o_0afU6cGpEJt9@M~XSdeX;aIFE@+zzOAT;{nix
zSrT`+g6_bUbO){|9(K$bvqE~I2Rng-`7p?U<~%G@N~#mDOO;sl6_qw2pBJBhh7)*H
zhhraB{-}Eo=s2og^pFGn?F*}x$dZcd@-ufn0){3QE3K)=@%IRjw`#*xg1n)A)#a59
zwK%Cl%8Q9QFg91gwo?l73LT_a_phYw&k@k-5gN|jWAS7XO=nQbr7N$9h)W89f3K=%
zPD3OBcc@NTM`q-a*OM2<UF4g8UW>LTqK2sp^s~p-;(#xplsfo0=`fAJ)<lbq%J^N*
z2Wfgx$W4ZO(pNT-?Q6knF>;-2`dtIOH=o@`Qxot4tZ@_t!*JvSD&jACu;6AI40ABi
zuS<i&Pue1QmRcsHG+0?4<ON{+e&0{T!BiS|?>OzhPP{nAI(TjCy8upq|10*Ox#lTH
z!G2nTX+C5RpXF90P-uy1S=ghBZsWo6hf_U}fT2Ky2Od=VO;et~ij$Tq7Uo5&+TmzJ
zarRF+5zWuoFza=|Nu;@Z0+0|S?+G|uhP@}y{2KOdk-gm?h!pYto<PJ@40{4h;t0AY
z0O@V%_5(Q1XTjaH96XYLbu<8_`T8Y)dlbLBl)sX;%5;HE^S=U1`p(R-h$_G6`6bDJ
z@bWajBpQDZFDqS3EYvq!$nGdj_@;E}YgqxdhMcsf;u`#=X!_2~ULGiUOlkkwHzd|~
zt#N+Jyzk3t6wLi1=&}{FKn~V#x&lx9C-sE!6D1I4llMFaQAl5ZVhLXUJzulzy6!!n
zyyKNQz&^m$%pO|Ki*l9yEr#h%LLaxxNtWYa7%};bb{i?&mZ+jGBWK>?i*btSI{1xh
zXc7EGz*3qfzrI*@v0hY&K`>FSkQW7#39<VOx3C`*VkP_gMNZ2ggUHGrz70nF*66}3
z96ly&J2k$zr0Y(9wf6GeDqg(=an(@|B(UIPu}2w3SjgH`9-Mutj=V8Ua0GL$ddP%R
zrks_<hpz2(*ugo3of<~>Bjvc!r}00h=(j*j1O3yVD_+@2za0}j1YN__wR0f*%omAM
z66e_XoFr|TqkqjlWX`+nB8O)U%WlDP<!i2t=CSuJ47wqIrUz0mTlTjm#wE+UKui{X
z^lq^4f789_GlcuNd;YT&!t<j{*uqgcmps;sB%~Vs3Bv(h!~T3sjUSJP11~N{CtY)@
zw8UmKdk1R=#C{g}(eOPG@cD!sQLz=(8kQzlbUma6FHss+$u^RO%)GYzdHfr*&vhz<
zd_Fio`S}um<=*sDlYaVml6-Mm75MV$H2KnKS9r5;&Cds)$6sE39*eM|XH3Vb4=l>-
zePcQbrW83+nx!4!bJ`41oJ5_%pi=re+>$1<?9{%RBq>G?<XW+~^LRY4{C$LpF%CGq
zEC9|D;HE=hX`$6tDF&9OB{9KzF`xC&;6Z|mLewRHfK{WwX+hOgC<c_~F<A;sX7r_=
zgNnM!m1GWyRg?@Yb3Qo^g6Z)%xQwQ$sA98fJoU>J8Ahg{B8@l3DysM+V}i}9^s}e~
zqb3o^h7s+8M;=qg%T<}Ct3WS!ZHKc=KP)ns>_$_EMII|_7URmh<H6OS0NtKTfBk&$
z|4P+=zm#8=ezUF4m%o(%1^2|M<d#ka3;z5-ov-Bz6nE!px>KgG0#w<3QWs(ksB+!u
z7LC=A9-PuwK}nmyXHd@1vy#-0QGppF7o;>n+V~qL^T89H#5j_r4$adx49Ds)#3F84
z={YH4-*Ttg41BWu<@|E!flr#~fLBWs;FV#2vcM-r9C+LUj$r!x3~yxx4YOO8X@qkZ
zQTg;&of4l??N=UA-bx^>MDM>yG)`AcP*TC+zbMF>g_zP@s^3QA9D00Fb%kaIC8TS#
zNI*j?pN#{3RVYYR<nKO8ROKZr?`B%%7l0$07S&)6Y+55t%yrc`BS~x9RkzwqSCaI9
zzo;j8F3pECexLb1H@Zy9skbnO9t9+KQuFPi!V#0{V%zgEGgqR_sqEqOn}3|#G{?gs
z+GJ|*9*-pQ)@&bTgfUr;a^Iw!Wkt!B@!7Hvsk*cQ2i?Jl#?!;!X;LrI1%P?M&(KAj
zAhZIN8uv_=D^LlOk6f7^DkXn_0V=3}A)ta^6R5uVrZr;U8Bs|(VeM02C7sGv=V8jz
zE3Drd#ahtv?!0^M3vc3ZD=8{ckwM|I(cm&+;8OA5Qid=bwk?^}$Th^p01OD35s&hh
zYTHA9kxeex$BS4Ar6&!5OmWAP{h{b3%g{+!{5LW6(KA?@JA|m$nQ}X@4kUShV^Ph4
zeDMO|mRwOSN-KogVrsR|;vIFVKDZBx)xfT%bOtMF(4Fa}!}0-MtR81Wqgf$^OH-Z~
z|7L~1&n7md7wjc%Hn1^>KF$NDz}iMHz>~#Gh*qHgobLO}%HoQY3B@{+!nC}_EH|u>
z7iKxbs#Y3$ftVDjYa~vJUc@Ya88L{aR}sJQo{CL3R<br&&d%f6bmNa|y78=h<4rbK
zzO6zwvU<22)!2qGSFe!c7Y}-kluRpAY1nXq!KL(KGJQdRA#k4mF%P@!UCH|}Hm6P5
zoLKV}mWd7bf|?J$$XstiGx$T#Va<DByXs249%HfQWCQig+UiJ?-cF}~4A~Cetf>50
zQ|a-n?08moJS#h%l^xH@j%Q`Zv$Eq^+3~FGcvf~iD?6T*9ZyEtu~^BWS8nK(8fod>
z5=soc@*)v=ecA4VyFeMSyb@yVC-fdGEsWO2t0^fKoB8geGGa^8M5FRybESh`*-)%E
zSW0TXvQj~nJ8P8)ODPY3mR1_5!|9a-%T2RbDX@VuU}IIBWmFVexQ2%YDH#Eg7HI{B
zW{#9}N_Xc_Lw7hsqkz)VDW#-ziqaB8clQ88H^N-bJ>DO8ul?uQ@3Z#rcdzxW&C+oh
zneX~(6=RiJjBx=%8bvI|__0N82ItpMg0#<}G2=pQ%wmvt@Z<13CA6YF?Q`N?(syh=
zTBM;1NY7Ry&uI3JYN;Ri{E%ZO`7X47{R_j6gceRhl=JdO_C++Qt-LloHG>M+<VSBR
z-2iK_QK;Pku8WD$0IPo^B4i%+t-V5Rl#^)Y^HIzcJ9KQcr}AaNv!~^vk%EU2C?!n#
z!N$HnN3$;L`QeSV)jvnw5$}_8$PhsP&e6LUiaSrm@N|<$XlBrN2_rm1TQ11#B?TF?
z!C{H$ogCRS#}7N<w0?91cl9m{E;z03u%8B|*{j0~OIt78Kxvl|p;tng+1!gVO+D|@
zV|U#A#Nwat@oLQvFjHP_g3i|B0Mc->ju+GljSP8$gt)h;@D5RPr)A$Q;>atU0i54&
zgcF5xdPlCe!KN}B9}bkilK7$Gjdt!7XgZAoPHe|P<j2k3oV}6mzhK@di56%o>?~(-
zcvVMXwO6rwQsd})g%~ZhQ#>8Hl<_K#p_F&GuO)KUKKHcUf08WDg(NmrUggOv{x5Ki
z9WzlhCP~P%OwcT@Nq$rz26+`03c+*2{-a)pfTO1jA<cRkI8unkxRIcazwzP4k7A2O
z{hmsF3mgn|uG7O50;aaLxNbHY7HT6bGrz!Gj6uo<9d#Y!*LUiuLyE<&z}$$!rs^y=
zaDD-_NV;@R8m`Snq^(|yQm~P28OE$LL#h0tXOw1jQw};FCM;VwTj{~sDxd-aH5<%t
z!o+A^2J?3PCjB*YEiZK`avLGJCT^DY3GxKH7>IcfAAG?ISZ8elK=i;ivE{E6PM_b?
zk_hxOSZ|<=e?>m=dJ}!hvv3U0rf|Q>%doaA$wvVza;S9W4tUydWH|J!|GZ0|hC{V5
zLx2+ulESKz*wl!hu#^vc+}mlSuf$`VEww~lhiI>SXBY{f*^%kloA-fH_Iv<fBg2L$
z$?QAkThbuIGtVxpjz6%43t7wC=FkjYG1_?CUOV8V1NC^Txd0WzhdYs&xGeSRPgwy?
z7BO3W-Qszrau!9c>1wCa9^ouNC58h=Aq{^bd*4e<+V4r^dXU~?iJZ-0cZ0>@L_2rH
z*m-pYLJiq`@&iCqyh;@C1s&@W?~36_Uvwks(BBJDRx7bE=75zgY4<xaj9d^?p6$OC
zv(s4>d6PUHc@_Zf2Y;XPUqeQ2cI`BGFfXfHrtG^5Oqlxt*-e}J7nm^!)}4sM`FO+H
z^*4x^^iC~OziO#*-U-O(`%B-`(N~9hatS|IDQXGljPJ$?o&CC!3}SuJO5AEHkYisW
zTzG`GYOl~V`3-yhGAhvI@<da$q8Afvicw(ov64fwPuG~%)MGY9+^XD^R8BaxUD6<-
z)JM-o6n9K-=~LR`N@maP4y$G(k;?SZHDE*_bx~@$yl2Db>NKT@JrVZ9VAsu-awL82
zCc{YdN2O4J8T1HlcqA}?6_mWT68n6QP<k>$dSY7}aRXcF2YZ!Vs}}>k6%?`1Azj_0
zbJ|ogM98JL+!T|FhCwxw1@}keW31J_W%m7H-oD^+5Lf)z;|z}aZ@UmPM}&c>SWv_6
zbmsU`#nvA6_O}`XL;v=QckKqsp}jdSLn6y_tf%G3ZKL_?z`dU9Dd9916N%-U;q7_Q
za6@%}AdKebTF6^`xyY@3NOfy|0@2WPdR-rL3Wf45r@U(~&q6dnGhG4_uj|iGp@)I(
zbnAhyGX@(9a$F$Wr(RC{ofa-#ZZo(kolAF_gsEjijjx_$)CGtS@bViD%Vnlmnb&15
zo*I5kn{^jjtEa_k+1$@wb{{1ATtn8oNu|#XfnADzwz6%`jBVuZ?eGS-Y`4(zuWvea
z`GIk#24=+$H&fGiATJIEc&p5Y53YH72jO5EH}j9dI3C`JP_QlQ;A|A32a!{1O@R2I
z;HkxdTwto>O6S7jsYOK^sfX}dr!f}8)<HI@2O+j;hGMG<Q|14UVE<-AfvGKI3|rJ!
zARiO)m^~GA*4!Pp#HLYU8dI~bMCFU-DW7le7S%o5>X6Mn$O?GxjkDmm$<yctp~ZB!
z=9jru?M6eM)3Ph&stwMW2ajgH9qRHgX01DSiY!vltN*Wjd0ktF6p9@;Sw(&MH}x`m
zYn0(UAOc&Y$X5N&7=1A6|24Y*GnSPfjNX5*Q2tLStrZjM6gqwOvNef_ZcilE%S>rL
z!yUu1?wN~?Wrg>!3E1|+fx@pY&uTHrXV?O4OX*1A_LpqHwnB~+_J7G9Y^&=?Vevq)
ze^n^h*4vT7;BV*#woP%Q(D+MUVB2~}3dO(V2ezGZq<Hg}f|_g(94WvLl(k~Dz3|y_
zt6i5&i{_sxRlf%^VqBP0X|@5nln(?ERL1K#y+8D&v6pL2P^`7%Qg??Itd_&uVF|My
zxSl@H5#spb`ZSPBC$qvQk(|vnZzz>dI70qfnSrHLBDJSRc`GyUcfNgowD<UTnv`)3
z6J5}5rzS<A^3|KUfH%jDac0RKP$uj5J$g)0pcRO?er_K%pzC?fJ3OX1oN5`7WT#k<
z1Hph?vjPd5DF>rf0ZKW&?s(*P7FwCpS!;2tU<vfu9U4nr84H^n007_v5Oy`j4nF-w
z{Y(G=Tf+}>jIC!d4xGy-(B+b#BJ|gzpDCdckFtgu9zMPf8J-ZZB~9|uNau8!_l}O)
z(<ruFwYLS`6Py!)a0rSd;=G)h@|05h%A{xv^HMMRHZ9_Q^RJhBA#mGp7Ve1bdqaBW
z3w~0+%~YEdDEej10&OdXn(%OSZ|JMDgdbyS<+E{mhtp-klyg8>35r}X{P409^5y&M
zRA8HD448n>siixbrhI(g$$Iak#7dzyKQe60kg-ddp_nOA8}B_V(1Dkg2ENjXr&zXP
zLdQhcJa)<Pc3mktv|0Is+-*qwlxnMk|G16q#NJPuRcD~ql!BL{c6`h-Skqqh`L67C
zI-6UK{BjEH(t}U=1_?XOlM;n#NRyJapdfOvDym8rek~7w*?A9P+Lf<y>sGp7`4%@b
ziLt|^lKv@Lu}imtGYjhIV$`hy`w-#X`CE^ioH(IXIn2yciTUr%91<&mNt>$_R)J-i
zq0|GgI321(%zf$4zdfJv=RIx>?Im#5TQ6^(*mQ;^-YqDU<SdEhX&W|w?Kgo>VBtU|
zcG{-Kaae`@gUyogBMOwMLV8tXrz=9jxvxt?as9dIw3+z(zs<Ckx!2#xq~@m-3D_o;
zXZ2HFhFmoACr*Dqv-CA^w{R8HOC@pq-oei9Za)l9YL|SB!J9jbtEI*loDgq|9h9{D
zl*1n;LRmsf?HA2cs7wxMLP?3Sv#UL-ZI{|oZ4U$H&_K_D4u_O7v=X9z2Ry=iI-*bx
z06MCI;ZWe&BW8_}pPD*cCtO}NN!3yE&`E6XJhw21M4Zk5&LQDWDsl`Zfr&DinR=X&
ztdA+6J5v=j>VV9Kp8nu~xO)EU=tx{2${jXmH71V1l3V-U@toE8No6k4A^`rDhC?&1
z0vZ0~RS+#_&;athpaNgOwYBi`7ls?J5tya(U`?UW1Y)Bm|M!v>vby~^;FYVu<gBkO
z6-^^k<-*C#k!cluiPtR{vpp?8Gy)@xT5GwfR?E`U6+$WC?R#<-XftyIy!HBdM*)+>
za!ZXs)eBp?eY*hj_~y}&Fa{+|OngFY;_!pYwuUCi_f#bkwD)5eil~gZTD?9X1>c}s
z+w@4GTgM^#7lmcJxcs*&&VCHc-|t?9yi~y6&m!EDR2O6&daPi4EnYY&q8DC}O~PT`
zvV~0{ds3tEzSPY`h4SF!(2n(L^B2teo@R9gS&U-o=GMW*O+Npw{>mQOgl7Bl1D3Ke
zD*aJXnZDQ*WhcP;X`cL(xMqZlWInu{`KRQ7d(g`pyt#SdwUymOxkM!!kHMphl6ojJ
zO{xs&)nyf(c2%%|8s!Brq7)f0S+?i7o??|zmpTO!FX5awii0j$8yQM*8NjG0V7y95
z1LVdDge{$3^O0fxwZ#zXTNuHFSw4BL$`{{?i5K~JN^|di1*5FYot&2~um-ABqUy)(
ztgK(ij``x86*ml;yS%Z8o_$fs9rL{A;m^DJv%|X6m1N|^xIOY1!j@!86G%7zvRT5H
z!;KW%9ZQqib}1e{D-@NYrw7Aoc!nr?Vpq)Q+wT*(&l2c8GdVQpZ%n>1XB}M^(OwjT
zcX73Ge84et<Bt&*KmUawhYi9V%-hpiw$F7g*|x`Hau!mKI>~kF%~RtxTVM~LO+ZIt
zWH!8ows|w}HFk&gq`t}H;_wrDym0Y4v7Gf`IM7X!)#AFEJ@DL3KLEBcMY9Yk(kg9$
zDOsUY-9xHYMBqglo$PWG9M4Qkld8i|ZB|pQz3FSs7=MPC%rr9x1ctiw+iEB<&1*Ca
z6N_SP-Bm8Bxb>)%pFGCWNMj7GE<|L7K-3Q*&7Hh|=-%FkB+goL%93&Ba`)9)Uf<1z
zLn?<BhOa$8&}F@ebb$5G85b}Tj(d(Y1qS5qpdc0#%C`)j&20^BOKP6PxnrFj)vGIs
znv}Sfuj0>4G8XSbleHr~UAoVz2D@IL(mRr4wmI@@nMc*>=1>;#m4evp1Dp=z8#th&
z$2kGszdfDC+ej5@WU)r=2c%3ZvIzLkSS|p{#;nYPuD6aCXE35hJ#PLm#bO)0=4r)W
zAAb$pI++Jp6G_k88EA1iNJXqZlOx1XV7st^=&Uj0xspy_v_yO3laDje&d=l<vGYNl
z?>A_3mwWtJz3}4t8sQ$MdM75Nb(QmK!~`abbB)48EE#3^AwOHHWa)#(lE)*OtIeXy
z146i{DS<%tW|-#vz22XV+aJCAY_<BOxbt%*11gavPqCRxM&4wQd}+O~jEdLs`Mi(;
zqWEoMTylQ)s!0k3sFk(XF49IO4FAesI4{5HGZY$#anFO)ThV!?_!?Sh^1=^;_k=~_
zr%q%MWip&S!U^Yrr0_q_KT3WA9z&v|Zh)_M{>;ArF%26IQ~QT`mD8k!qC)H_1jW|m
z=@(pj&T<%s^K;4M>*C$;)B)4YV0a^_%gmN|5gCgs{O%FHkl_GZRj`mQ1@ObX>qy1>
zFNX;XGky>}`*7>`l+rT1mxRxivg3Qom`yaQxZhG~kHU#?e>10NS-x)aD^wS+^zn+-
zrEN~afhxl~pxhiIyJh`N{dQ!!TB7{rX~3ATD>yDQYGj1PO{Q_?kvfT!fMPwFwALfO
z_C?O!mqlJDQJzm}{}I?FXhXP;)oWfORPWm^0tGfDE`IwbP+HV>JjK4$rSQa>lb~kt
z1&rYb^X>yW{d=8Ucro7}%GeqSQLD~DrYiV%a#CRlkgphmjnF_g{>(MUl;iKZoBlVZ
z<y*au&{9E{`5T^8KapLB^@9X_GYerp;eh#xe=;&Z0P5lTLmTgywsci;UaA<onl^cX
zd5^2PzLL1NzUFeI&BWiP-jAuxjWxCu&a|X9A$PdvKn36CU)?`>*RFp*5qQ$Gaz+xB
z_q`M*ExMFPUI{E?ZIz5^6tO&c=^!uA=LZJi?1%DB^NofYX=zCO<Bz0o7K}ks&XCot
zN9^BUmT-`O)CfO$s(+Jzcs$&Rr*N1j-VWN3p!G|OXo;+tw^m)Tx4ZaJ*&U?v2j{03
zLq`(6<z=#OdAiLk8zNVaVvE<ahI<wmLS4DSa*`v;{HAF<IPr%r&05iGXn?vh1|~Vy
zf0b$ap)!5M%j0N%f&o~Q`dlxJ!OQsnYE(4<@bsZv{onc$jC}GLPXvPlcUuVK;qZR|
Dj%^}~

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index e3a7abb909f..e2a77b70b7c 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -641,7 +641,7 @@
                 "name": "huntingquery8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Reconstructs the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
+                  "text": "Identifies the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
                 }
               }
             ]
@@ -697,7 +697,7 @@
                 "name": "huntingquery12-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Lists every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
+                  "text": "Identifies every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 7f968c9498c..25afd872bd4 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -28,6 +28,20 @@
         "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
       }
     },
+    "resourceGroupName": {
+      "type": "string",
+      "defaultValue": "[resourceGroup().name]",
+      "metadata": {
+        "description": "resource group name where Microsoft Sentinel is setup"
+      }
+    },
+    "subscription": {
+      "type": "string",
+      "defaultValue": "[last(split(subscription().id, '/'))]",
+      "metadata": {
+        "description": "subscription id where Microsoft Sentinel is setup"
+      }
+    },
     "workbook1-name": {
       "type": "string",
       "defaultValue": "Tailscale Operations (Standard)",
@@ -49,14 +63,21 @@
     "email": "ccfconnectors.county118@passmail.com",
     "_email": "[variables('email')]",
     "_solutionName": "Tailscale (CCF)",
+    "_solutionVersion": "3.0.0",
     "solutionId": "noodlemctwoodle.azure-sentinel-solution-tailscale-ccf",
     "_solutionId": "[variables('solutionId')]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "dataConnectorCCPVersion": "3.0.0",
     "_dataConnectorContentIdConnectorDefinition1": "TailscaleCCF",
+    "dataConnectorTemplateNameConnectorDefinition1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition1')))]",
     "_dataConnectorContentIdConnections1": "TailscaleCCFConnections",
+    "dataConnectorTemplateNameConnections1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections1')))]",
+    "dataCollectionEndpointId1": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]",
     "_dataConnectorContentIdConnectorDefinition2": "TailscalePremiumCCF",
+    "dataConnectorTemplateNameConnectorDefinition2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition2')))]",
     "_dataConnectorContentIdConnections2": "TailscalePremiumCCFConnections",
+    "dataConnectorTemplateNameConnections2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections2')))]",
+    "dataCollectionEndpointId2": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]",
     "analyticRuleObject1": {
       "analyticRuleVersion1": "1.0.0",
       "_analyticRulecontentId1": "668b43fd-cf28-961a-85af-957850df5027",
@@ -4576,10 +4597,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4592,22 +4613,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -4692,16 +4713,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   },
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4714,22 +4735,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "PT5H",
                     "enabled": true,
-                    "lookbackDuration": "PT5H"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -4814,10 +4835,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4829,22 +4850,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -4929,10 +4950,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -4943,22 +4964,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -5043,10 +5064,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5058,31 +5079,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "NodeName",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -5167,10 +5188,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5182,22 +5203,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -5282,10 +5303,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5296,31 +5317,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "Hostname",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "User",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -5405,10 +5426,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5421,31 +5442,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "Hostname",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "User",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -5530,10 +5551,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Users_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5546,22 +5567,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "LoginName",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -5646,10 +5667,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5662,22 +5683,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -5762,10 +5783,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5778,22 +5799,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -5878,10 +5899,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -5892,22 +5913,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -5992,10 +6013,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6008,31 +6029,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "Hostname",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "User",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -6117,10 +6138,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6133,31 +6154,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "Hostname",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "User",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -6242,10 +6263,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6258,31 +6279,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "Hostname",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "User",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -6367,10 +6388,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ],
-                    "connectorId": "TailscaleCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6381,31 +6402,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "Hostname",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "User",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -6490,10 +6511,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6506,40 +6527,40 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "SrcNodeName",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "columnName": "Src",
                         "identifier": "Address"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -6624,10 +6645,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6640,49 +6661,49 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "SrcNodeName",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "DstNodeName",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "columnName": "Src",
                         "identifier": "Address"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -6767,10 +6788,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6784,49 +6805,49 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "SrcNodeName",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "DstNodeName",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "columnName": "Src",
                         "identifier": "Address"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -6911,10 +6932,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -6928,40 +6949,40 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "SrcNodeName",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "columnName": "Src",
                         "identifier": "Address"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "lookbackDuration": "5h"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -7046,10 +7067,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -7062,31 +7083,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "SrcNodeName",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -7171,10 +7192,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -7187,22 +7208,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -7287,10 +7308,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -7301,22 +7322,22 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "lookbackDuration": "1d"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -7401,10 +7422,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ],
-                    "connectorId": "TailscalePremiumCCF"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -7415,31 +7436,31 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "SrcNodeName",
                         "identifier": "HostName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "groupingConfiguration": {
-                    "matchingMethod": "AllEntities",
-                    "reopenClosedIncident": false,
-                    "groupByEntities": [],
+                    "lookbackDuration": "PT6H",
                     "enabled": true,
-                    "lookbackDuration": "PT6H"
+                    "reopenClosedIncident": false,
+                    "matchingMethod": "AllEntities",
+                    "groupByEntities": []
                   },
                   "createIncident": true
                 }
@@ -8112,7 +8133,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Reconstructs the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended."
+                    "value": "Identifies the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended."
                   },
                   {
                     "name": "tactics",
@@ -8452,7 +8473,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Lists every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it."
+                    "value": "Identifies every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it."
                   },
                   {
                     "name": "tactics",

From c0089a19d7b9f05b61b48a2fb96e1371e8ceff6d Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Tue, 16 Jun 2026 10:43:40 +0100
Subject: [PATCH 26/27] fix(tailscale): address PR #14482 Copilot review
 feedback

Cross-referenced against PR #14253 (UniFi) Copilot findings and applied
matching fixes where Tailscale had drifted from the same conventions.

Description length (26 files, all <=255 chars):
- Shortened the `description:` block on all 8 Premium analytic rules,
  the OAuth-write-scopes Standard rule, plus 17 hunting queries (every
  one whose original description exceeded the 255-char schema limit).
- Original wording preserved verbatim in a new `description-detailed:`
  block on each file (pattern matches AWS Security Hub solution).
- The shortened text on TailscaleOAuthClientCreatedWithWriteScopes now
  opens with "Identifies" instead of "Detects" (Copilot's #5 finding).

Duration format (2 rules):
- TailscalePremiumDerpRelaySurge.yaml: PT6H -> 6h
- TailscaleOAuthClientCreatedWithWriteScopes.yaml: PT5H -> 5h
  Both nested under incidentConfiguration.groupingConfiguration where
  the V3 converter does not auto-convert.

WorkbooksMetadata.json:
- Added `author: { "name": "noodlemctwoodle" }` block to both Tailscale
  workbook entries (46/48 Community workbooks have this block; was a
  Copilot drive-by suggestion).

Parsers:
- Parsers/ASimNetworkSessionTailscale.yaml: regenerated `id` as a proper
  v4 UUID (`2b9c1f5a-7d3e-4f8b-a456-c1d2e3f4a5b6`). The previous value
  had `5` as the 3rd-group first char, violating v4 spec.

Cleanup:
- Removed duplicate `Solutions/Tailscale (CCF)/Tailscale.svg` (canonical
  copy lives at `Logos/Tailscale.svg`; resolver looks there).

Package:
- Regenerated mainTemplate.json + createUiDefinition.json + 3.0.0.zip
  against current upstream V3 tooling.

Copilot's other findings on PR #14482 do not require code changes:
- "VaikoraSecurityCenter dropped" - it's present at line 313.
- "ReleaseNotes uses ||" - it uses single | (Copilot may have read
  rendered output).
- "publisherId noodlemctwoodle invalid" - approved Community publisherId,
  used by the previously-accepted PR #14253.
- "BasePath should be repo-relative" - kept Windows-style path to match
  the v-shukore reviewer note on the analogous PR #14253.
- "PREMIUM-ENDPOINTS.md uses ||" - it uses single | (same root cause as
  the ReleaseNotes false positive).

Verification:
- ARM-TTK 48/48 PASS.
- KQL validation PASS (56 files).
- Hyperlink + Field Types + Classic App Insights PASS.
- All 46 rule/hunt YAMLs parse, all have required keys.
---
 ...caleOAuthClientCreatedWithWriteScopes.yaml |   5 +-
 .../TailscalePremiumDerpRelaySurge.yaml       |   5 +-
 ...TailscalePremiumNewPostureIntegration.yaml |   3 +-
 ...calePremiumPostureIntegrationDisabled.yaml |   3 +-
 ...lscalePremiumUnexpectedExitNodeEgress.yaml |   3 +-
 .../TailscaleTailnetLockValidationFailed.yaml |   3 +-
 .../TailscaleUnauthorizedDeviceConnected.yaml |   3 +-
 .../TailscaleACLPolicyChurn.yaml              |   3 +-
 .../TailscaleAuthKeySprawl.yaml               |   3 +-
 .../TailscaleDevicesWithSshEnabled.yaml       |   3 +-
 .../TailscaleDormantDevices.yaml              |   3 +-
 .../TailscaleExternalDeviceInventory.yaml     |   3 +-
 .../TailscaleOffHoursConfigChanges.yaml       |   3 +-
 .../TailscaleOrphanedUsers.yaml               |   3 +-
 .../TailscaleOutdatedClients.yaml             |   3 +-
 .../TailscalePremiumBeaconingCandidates.yaml  |   3 +-
 .../TailscalePremiumCrossTagFlowMatrix.yaml   |   3 +-
 .../TailscalePremiumDerpRelayPersistence.yaml |   3 +-
 .../TailscalePremiumExitNodeUsage.yaml        |   3 +-
 .../TailscalePremiumNewNodePairs.yaml         |   3 +-
 .../TailscalePremiumOffHoursFlows.yaml        |   3 +-
 .../TailscalePremiumPostureInventory.yaml     |   3 +-
 .../TailscalePremiumTaggedServiceFanIn.yaml   |   3 +-
 .../TailscalePremiumUserMultiDevice.yaml      |   3 +-
 .../TailscaleSplitDnsPerDomainChanges.yaml    |   3 +-
 .../TailscaleSubnetRouteExposure.yaml         |   3 +-
 Solutions/Tailscale (CCF)/Package/3.0.0.zip   | Bin 79926 -> 77207 bytes
 .../Package/createUiDefinition.json           |  52 +-
 .../Tailscale (CCF)/Package/mainTemplate.json | 568 +++++++++---------
 .../Parsers/ASimNetworkSessionTailscale.yaml  |   2 +-
 Solutions/Tailscale (CCF)/Tailscale.svg       |   1 -
 Workbooks/WorkbooksMetadata.json              |   6 +
 32 files changed, 371 insertions(+), 340 deletions(-)
 delete mode 100644 Solutions/Tailscale (CCF)/Tailscale.svg

diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleOAuthClientCreatedWithWriteScopes.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleOAuthClientCreatedWithWriteScopes.yaml
index 1acfe79d43c..66b8165a34f 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleOAuthClientCreatedWithWriteScopes.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleOAuthClientCreatedWithWriteScopes.yaml	
@@ -1,6 +1,7 @@
 id: 7237a848-30f2-499b-9ad5-024aea1288bd
 name: "Tailscale: OAuth client or API key created with write scopes"
-description: |
+description: Identifies creation of a Tailscale OAuth client or API access key whose granted scopes include WRITE permissions (anything matching :write). Tokens with write scopes are high-value adversary targets.
+description-detailed: |
   Detects creation of a Tailscale OAuth client or API access key whose granted scopes include WRITE permissions (anything matching ":write"). Tokens with write scopes can modify tailnet configuration, manage devices, write ACLs, and revoke keys - high-value adversary targets. Compare against the recent actor history; revoke immediately if unexpected.
 severity: High
 status: Available
@@ -45,7 +46,7 @@ incidentConfiguration:
   groupingConfiguration:
     enabled: true
     reopenClosedIncident: false
-    lookbackDuration: PT5H
+    lookbackDuration: 5h
     matchingMethod: AllEntities
     groupByEntities: []
 kind: Scheduled
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumDerpRelaySurge.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumDerpRelaySurge.yaml
index 0a67b705d5a..2b7194b412f 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumDerpRelaySurge.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumDerpRelaySurge.yaml	
@@ -1,6 +1,7 @@
 id: 0a1c8d12-e7d3-4890-8b89-8d6dbc1be2f0
 name: "Tailscale Premium: DERP relay traffic surge"
-description: |
+description: Identifies when a source node has more than 75 percent of its recent flows falling back to a DERP relay (Tailscale IsRelayed flag, traffic via 127.3.3.40). Operational signal useful for spotting policy drift.
+description-detailed: |
   Identifies when a source node has more than 75 percent of its recent flows falling back to a DERP relay (Tailscale's IsRelayed flag, traffic via 127.3.3.40). Sustained high relay rate indicates direct WireGuard peer-to-peer is failing - causes include NAT/firewall changes, a network blocking UDP 41641, or potential evasion attempts. Operational signal but useful for spotting policy drift. Requires Tailscale Premium or Enterprise.
 severity: Low
 status: Available
@@ -44,7 +45,7 @@ incidentConfiguration:
   groupingConfiguration:
     enabled: true
     reopenClosedIncident: false
-    lookbackDuration: PT6H
+    lookbackDuration: 6h
     matchingMethod: AllEntities
     groupByEntities: []
 kind: Scheduled
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumNewPostureIntegration.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumNewPostureIntegration.yaml
index 56777da2221..0d705f006f0 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumNewPostureIntegration.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumNewPostureIntegration.yaml	
@@ -1,6 +1,7 @@
 id: b2c3d4e5-6789-0123-45ab-cdef12345031
 name: "Tailscale Premium: New posture integration added"
-description: |
+description: Identifies when a new device-posture integration is added to the tailnet (Jamf, Kandji, Intune, Kolide, Defender for Endpoint, CrowdStrike, SentinelOne). Verify the addition was sanctioned.
+description-detailed: |
   Identifies when a new device-posture integration is added to the tailnet (Jamf, Kandji, Intune, Kolide, Defender for Endpoint, CrowdStrike, SentinelOne, etc.). Unexpected additions may indicate an attacker establishing a control plane or bypassing compliance gates. Requires Tailscale Premium or Enterprise.
 severity: Medium
 status: Available
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml
index 712ca67876d..1361958eeec 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumPostureIntegrationDisabled.yaml	
@@ -1,6 +1,7 @@
 id: a1b2c3d4-5678-9012-34ab-cdef12345030
 name: "Tailscale Premium: Posture integration disabled or removed"
-description: |
+description: Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance - removal weakens fleet posture and is a possible defense-evasion step.
+description-detailed: |
   Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise.
 severity: High
 status: Available
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml
index 4826adbaef9..67f92176534 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscalePremiumUnexpectedExitNodeEgress.yaml	
@@ -1,6 +1,7 @@
 id: c1d2e3f4-1a2b-3c4d-5e6f-7a8b9c0d1e2f
 name: "Tailscale Premium: Unexpected exit-node egress"
-description: |
+description: Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a node may indicate routing-policy drift, data exfiltration, or compromise.
+description-detailed: |
   Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a specific source may indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise.
 severity: Medium
 status: Available
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleTailnetLockValidationFailed.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleTailnetLockValidationFailed.yaml
index cd0e551f20a..9fd2801cea0 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleTailnetLockValidationFailed.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleTailnetLockValidationFailed.yaml	
@@ -1,6 +1,7 @@
 id: e9f0a1b2-3456-7890-12cd-ef1234560040
 name: "Tailscale: Tailnet lock validation failed"
-description: |
+description: Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Suspicious - likely an unsigned node attempting to join.
+description-detailed: |
   Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires new node-keys be co-signed by trusted signers; errors here are the only direct signal of a node-key injection attempt.
 severity: High
 status: Available
diff --git a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml
index e9cc0b56206..9df4f541e56 100644
--- a/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml	
+++ b/Solutions/Tailscale (CCF)/Analytic Rules/TailscaleUnauthorizedDeviceConnected.yaml	
@@ -1,6 +1,7 @@
 id: a1b2c3d4-5678-9012-3456-789012340042
 name: "Tailscale: Unauthorized device connected to control plane"
-description: |
+description: Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). Often benign onboarding but can indicate rogue joins.
+description-detailed: |
   Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). With device approval enabled, persistent entries warrant review; without approval, persistence may indicate a node-key injection attempt.
 severity: High
 status: Available
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml
index ea7e7885a30..1084aabf5fb 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleACLPolicyChurn.yaml	
@@ -1,6 +1,7 @@
 id: b82e5d4d-2c8f-5e3b-ad2e-1f4c6e8d9eab
 name: "Tailscale: ACL policy churn"
-description: |
+description: Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate a defender adjusting rules or an attacker probing.
+description-detailed: |
   Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml
index b9b3e83fc9b..9ecdae14d99 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleAuthKeySprawl.yaml	
@@ -1,6 +1,7 @@
 id: d64e7f6f-4eab-7a5d-cf4a-3b6e8aafbcad
 name: "Tailscale: Auth key sprawl"
-description: |
+description: Identifies actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; same pattern can also indicate token-spraying.
+description-detailed: |
   Identifies actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDevicesWithSshEnabled.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDevicesWithSshEnabled.yaml
index fde464a26fd..affba148758 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDevicesWithSshEnabled.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDevicesWithSshEnabled.yaml	
@@ -1,6 +1,7 @@
 id: c3d4e5f6-7890-1234-5678-901234560044
 name: "Tailscale: Devices with Tailscale SSH enabled"
-description: |
+description: Identifies devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity and is governed by the SSH ACL block in the policy file.
+description-detailed: |
   Identifies devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity (no SSH keys needed) and is governed by the SSH ACL block in the policy file. Cross-reference this list with the SSH ACL to confirm only the intended devices are reachable as SSH targets.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDormantDevices.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDormantDevices.yaml
index 2ab88f565e6..80aa9a978e4 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDormantDevices.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleDormantDevices.yaml	
@@ -1,6 +1,7 @@
 id: e4d5f6a7-4567-8901-23ab-cdef12345004
 name: "Tailscale: Devices not seen in 30+ days"
-description: |
+description: Identifies tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags.
+description-detailed: |
   Identifies tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExternalDeviceInventory.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExternalDeviceInventory.yaml
index 6fce5a0e915..9ad35e7c3b8 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExternalDeviceInventory.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleExternalDeviceInventory.yaml	
@@ -1,6 +1,7 @@
 id: d4e5f6a7-8901-2345-6789-012345670045
 name: "Tailscale: External (shared-in) device inventory"
-description: |
+description: Identifies external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement.
+description-detailed: |
   Identifies external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. Confirm each entry maps to a documented collaboration and that the corresponding ACL restricts the device to the intended resources.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml
index 60e0b91791c..a5180186d29 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOffHoursConfigChanges.yaml	
@@ -1,6 +1,7 @@
 id: c73f6e5e-3d9a-6f4c-be3f-2a5d7f9eafbc
 name: "Tailscale: Off-hours configuration changes"
-description: |
+description: Identifies configuration audit events that occurred outside typical business hours (Monday-Friday 08:00-18:00 UTC). Useful for spotting impromptu maintenance, account compromise, or insider activity.
+description-detailed: |
   Identifies configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOrphanedUsers.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOrphanedUsers.yaml
index e58252d2216..ba5b0e293d5 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOrphanedUsers.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOrphanedUsers.yaml	
@@ -1,6 +1,7 @@
 id: a6f7b8c9-6789-0123-45ab-cdef12345006
 name: "Tailscale: Users with zero devices"
-description: |
+description: Identifies tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted.
+description-detailed: |
   Identifies tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOutdatedClients.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOutdatedClients.yaml
index 06026b74b41..a5e7bfa7bda 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOutdatedClients.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleOutdatedClients.yaml	
@@ -1,6 +1,7 @@
 id: e5f6a7b8-9012-3456-7890-123456780046
 name: "Tailscale: Devices with outdated client version"
-description: |
+description: Identifies tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security updates regularly; outdated clients lack the most recent improvements.
+description-detailed: |
   Identifies tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security and feature updates regularly; a device showing UpdateAvailable lacks the most recent improvements. Use this list to plan a fleet update, especially before enabling new ACL features that require minimum client versions.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumBeaconingCandidates.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumBeaconingCandidates.yaml
index 5f6716d7121..48cddb9b063 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumBeaconingCandidates.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumBeaconingCandidates.yaml	
@@ -1,6 +1,7 @@
 id: b28cbdd2-8cef-be9b-a38e-7faceedfdbec
 name: "Tailscale Premium: Beaconing candidates (regular periodic flows)"
-description: |
+description: Identifies flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looser threshold than the analytic rule - investigation aid.
+description-detailed: |
   Identifies flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumCrossTagFlowMatrix.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumCrossTagFlowMatrix.yaml
index 03c18902fde..9b424a7221a 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumCrossTagFlowMatrix.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumCrossTagFlowMatrix.yaml	
@@ -1,6 +1,7 @@
 id: a8978f27-3c85-4c29-a45a-c4a5e43fef2d
 name: "Tailscale Premium: Cross-tag flow matrix"
-description: |
+description: Identifies network flows pivoted by source-tag x destination-tag over 7 days. Highlights tag-to-tag traffic, useful for ACL validation. Same-tag loops can signal worm-style propagation.
+description-detailed: |
   Identifies network flows pivoted by source-tag x destination-tag over the past 7 days, treating untagged user devices as `<user>`. Highlights which tagged services interact - useful for ACL validation, detecting unexpected tag-to-tag traffic, and spotting tag-to-same-tag loops that can indicate worm-style propagation or service-mesh anomalies. Order by Flows to find the heaviest tag pairs; sort by DistinctSrcDevices to find broadly-used services. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumDerpRelayPersistence.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumDerpRelayPersistence.yaml
index 30e94f9bbfe..25e55a16556 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumDerpRelayPersistence.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumDerpRelayPersistence.yaml	
@@ -1,6 +1,7 @@
 id: 20457fba-08e2-42d7-b972-fbe9acf583c8
 name: "Tailscale Premium: Devices with persistent DERP relay usage"
-description: |
+description: Identifies devices that have consistently fallen back to DERP relay (IsRelayed=true) over the past 24 hours. Sustained relay usage points to NAT/firewall misconfiguration or deliberate evasion.
+description-detailed: |
   Identifies devices that have consistently fallen back to DERP relay (IsRelayed = true) over the past 24 hours. Sustained relay usage points to NAT/firewall misconfiguration on the device's network, a tunnel-blocking middlebox, or in rare cases deliberate evasion attempting to obscure direct peer-to-peer paths. Useful for proactive network-hygiene investigation and capacity planning. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml
index f1709e06371..799b953ac78 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumExitNodeUsage.yaml	
@@ -1,6 +1,7 @@
 id: a37bacc1-7bde-ad8a-f27d-6e9bcdcecadb
 name: "Tailscale Premium: Exit-node usage patterns"
-description: |
+description: Identifies traffic leaving the tailnet via exit nodes. Exit-node use is typically intentional (regional egress, privacy routing) but unexpected egress from a node warrants investigation.
+description-detailed: |
   Identifies traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml
index e4a8500e422..cc6263a845b 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumNewNodePairs.yaml	
@@ -1,6 +1,7 @@
 id: e55f8aaf-5fbc-8b6e-d05b-4c7faabcadbe
 name: "Tailscale Premium: New src->dst node pairs (lateral movement candidates)"
-description: |
+description: Identifies tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk.
+description-detailed: |
   Identifies tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs).
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumOffHoursFlows.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumOffHoursFlows.yaml
index 9419376a05e..4990f80cdec 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumOffHoursFlows.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumOffHoursFlows.yaml	
@@ -1,6 +1,7 @@
 id: 622ce88a-0838-4bbe-8a00-ab8ac8377f41
 name: "Tailscale Premium: Network flows outside business hours"
-description: |
+description: Identifies network flows occurring outside 07:00-19:00 UTC on weekdays plus all weekend, over 7 days. Filters to virtual/subnet/exit traffic. Useful for spotting unattended automation gone wrong.
+description-detailed: |
   Identifies network flows occurring outside 07:00-19:00 UTC on weekdays, plus all of weekend, over the past 7 days. Filters to virtual/subnet/exit traffic (drops DERP-only keepalive noise). Useful for spotting unattended automation gone wrong, scheduled exfiltration, or unsanctioned after-hours access by humans. The TaggedSource column makes it easy to separate cron-like service traffic (tag:backup, tag:cron) from human user activity. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml
index 15b14198492..5a245511699 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumPostureInventory.yaml	
@@ -1,6 +1,7 @@
 id: c3d4e5f6-7890-1234-56ab-cdef12345032
 name: "Tailscale Premium: Current posture integration inventory"
-description: |
+description: Identifies the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation and detecting drift from the expected baseline.
+description-detailed: |
   Identifies the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTaggedServiceFanIn.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTaggedServiceFanIn.yaml
index ec1e49bf559..23fc4a069ee 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTaggedServiceFanIn.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumTaggedServiceFanIn.yaml	
@@ -1,6 +1,7 @@
 id: f8d4e7bc-3450-4c55-84ac-90e6e9c6b8fe
 name: "Tailscale Premium: Tagged services with broad inbound exposure"
-description: |
+description: Identifies tagged services (devices with non-empty DstTags) ranked by inbound diversity over 7 days. Surfaces services with the broadest blast-radius; ACL drift candidates.
+description-detailed: |
   Identifies tagged services (devices with non-empty DstTags) ranked by inbound diversity over 7 days. Baseline: a tag:plex serving the household typically sees connections from 1-3 user devices; a tag:db or tag:internal that receives connections from 10+ distinct users or 3+ OS families may indicate ACL drift, credential sharing, or unauthorised access. Sort by DistinctSrcDevices to surface services with the broadest blast-radius. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumUserMultiDevice.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumUserMultiDevice.yaml
index ee35cccb8ba..0a2df129d51 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumUserMultiDevice.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscalePremiumUserMultiDevice.yaml	
@@ -1,6 +1,7 @@
 id: daac10bd-d842-4122-90cc-9957256f04e3
 name: "Tailscale Premium: Users generating traffic from multiple devices"
-description: |
+description: Identifies users (SrcUser) generating tailnet flows from more than one distinct device in the past 24 hours. Useful for spotting account compromise (sudden new device) or unauthorised device enrollment.
+description-detailed: |
   Identifies users (SrcUser) generating tailnet flows from more than one distinct device in the past 24 hours. Normal for a user with phone + laptop. Useful for spotting account compromise (sudden new device for a user), unauthorised device enrollment, or device sharing across users. Cross-reference NewDevicesToday against Tailscale_Devices_CL.Created to confirm whether each device is genuinely new vs long-known. Requires Tailscale Premium or Enterprise.
 requiredDataConnectors:
   - connectorId: TailscalePremiumCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml
index 54afc73051b..e871bc93bfa 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSplitDnsPerDomainChanges.yaml	
@@ -1,6 +1,7 @@
 id: e7f8a9b0-3456-7890-12ab-cdef12345012
 name: "Tailscale: Split-DNS per-domain change history"
-description: |
+description: Identifies the per-domain Split-DNS change history from the audit log. For each modification event, expands Old and New documents and surfaces which domains were added, removed, or changed.
+description-detailed: |
   Identifies the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
diff --git a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSubnetRouteExposure.yaml b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSubnetRouteExposure.yaml
index 62bd5b7a989..fc31c96f864 100644
--- a/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSubnetRouteExposure.yaml	
+++ b/Solutions/Tailscale (CCF)/Hunting Queries/TailscaleSubnetRouteExposure.yaml	
@@ -1,6 +1,7 @@
 id: f6a7b8c9-0123-4567-8901-234567890047
 name: "Tailscale: Subnet router CIDR exposure inventory"
-description: |
+description: Identifies every device currently advertising or enabling subnet routes (bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements so only true subnet exposure is surfaced.
+description-detailed: |
   Identifies every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it.
 requiredDataConnectors:
   - connectorId: TailscaleCCF
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.0.zip b/Solutions/Tailscale (CCF)/Package/3.0.0.zip
index e3742df4a100047c23401ee8e0f755d76e55a982..65656be69d01843d5d83344da05424f28e83b3db 100644
GIT binary patch
delta 52139
zcmYgWQ$S|#*Uh$VPIgVUH8t6uJlQAPuE|aOWjE>Vt;w8h+ve2Q{I9;7b8epJ;#qs|
zwYFL=VKP==2-FmzVQ?TIAP^udzfKvraY!b&qCrCVe6A;OHUru;=zZM_e;PR^>D^A!
zB>oK8^d*w2ZH!+vCw-&UR%Jx3ebRw2b<cx*SQd!%oQ!yEMiG_Sbmpg^VnCF)t(EJc
zp#!W2i?v(<w!V!iTX&DWXUL(~Jq$M9UN&P#C3&>&;L4>rdF;<EOIAT4>^LwLUiF{p
z7Gy2xIt_L3Du8@-N`axvjNjs^B&#>U@Uc}d<YR)R)z~)ZzkiT5q;F{=qUzwb@T!n*
zRGcse9&(P$XzFOi^h4d<DXv-_nh4ZYQBy=@nK4HNcIv|YW=FSBpLfYQ;ox1BK3eP;
zvt5*4l&VK(8I%kc!=$3zd!<NN4k+LCX}fNn6~5Z@?M(?YSAfFhPnkBi0lND#Z7@wt
ztcz?EZ1ANuQMH7FKmU?Z+`Ip?g=S{KK$gXiWTd2z49%D?f+8b}1ZQJ~1)p7JZ*%`A
z;`e`G?fQ`u{Y;l1D@ajYmxoPM7hbMjh=m5*y^gD5ff+@F><iqU6_5REhiSK5Wu`FY
z&g5QDfk-*yt6_dH#Lt`kCP3bP<4kLa=jOMG2T9R&Xi~4xiYkqOaBJ<Ezj5y`=5a-T
z2g%p9px;{S|IX|Kl7cMfcW2aCiVcJk;Orp6kiFc9j-NXUg_iz^V4l;<A6B|kM*|mn
zJ8uP7cPsg#9O;3q-@aj*=vsR>L6v;(6e`S6(;O&fJyT4;jg_Q8BLr~LUE4L3w%0wM
zS=X@HFmhA4+$Lqi8}VfSa^x*C@%=^LE>*SLrv<ZxHqW=LIG<<pm4=lbB8U~CbT2z2
z{LpdW4-L~MMl(H{3lF&t<|Wx?lJ3;<X+e!>lDo$uMq?}x_2?^{MQTV!g>O$2v~zFX
z5<{-#CD9^AWApA4{{mDA^@jJE`%$AWx(`V(+Y}l4EEHO#s8Z;>zjdJH1{+39*e+~U
zc#uwzj?QLacU}te3uOtwF>Af0NY3n34Sw<nIL!@LDHXeTeH28c;Wmuq)V@?&%u4Yt
z1oa1cxruPKq@lw|e<AD1W<XsubT+^@C}}GyJIt>3YRf*;S7e4=8>f8pLm9>YJ%{4D
z#Yluwjvr;m)@tg^3Tg>@Sw#W;=WH$J_6i7HC<>(XT44jLx7TF%e@wRv51z(2wWhb2
zT3v1belF^Ju?arIaC0m6&ayL{E_<=4SvGRoODF-DfYTB3A6`aJ=88||JNMiz4Ef{a
zE8aPxys)=}&*q9tOKFehd-Hr%b7`XKcpt~K-xf1Y6Vh;)R5ugS^n64>SJ`3WQ&MG3
zJIx=!02JcyZ}AI`K|9SIE}bH2JGi{OHPbF>C^QqURb~%^_iY|r(jE_@{W}UNL813(
zi*^=Hleeji4{Hug@TbjXHtBn-pOE!$dYK|oeuLUh<iuM}bmn6%(CYo^w?`brU@rUJ
ztfP;ZTC?HNbd~%K2v-|2y(W0Rj76CVTISY~05v`0a2Us$VS#p7z+cTHkpS`00RDcn
zISscCme_!XWB8`aK<+CAR^R-ptM?_}hx3*s8sp3NH=L!sHM<7nf~SB*+KaF9m8@$G
zEY&pHXE`3E<cV_0HX#ti5VVcfwjwVwyU=oh5cwF=3YT3P%8*$>L)sR*Y*f^&r4;cd
zfXd?VC(Z6fW<9waZ<bxTnC{zKaY>Q37^V(TXfeQsiXDK{iErqN+=>5=>*W;m!1`*q
z*+sn7CGS9XyVSMSHNJMajx+E1+n4XpH972s;e{J*Ii43Ao55xm?7Hue*G0A&Eqtfv
zFrz1ODqqY+qLiz7s;6YKz|i=PthYWBpti0RbiE&TZRFPqHORvlgNdP2Q1pu|C)i}l
zn0x<6PEe8AiMM%owNm|>4@YJ#$o?<r5-NYlGUz*B6{ze!k>GNc5@#N@H>`N88r=y0
ztw*4Kv&Zl6W52si*sIlIdK7Y~_pZxv<k>H%UaHSmtJASEH0?30;i32J<}#7Ezzk-Q
z1u+<epZqB*oxgz@|Eb%=ly>U(?{`n{hdo?QOlSq_x5NWgP=i?b)z5q_vaS1Au($Y-
zoL8~ev<~Hh&2%!fa$<Z?_ZX9x|8A?gA^OuegEmDE?DY@WneAcppUV{?M_-{Pn`aW7
z@HZmTNxj<PoyzeLI9?uf5WW)y0seO>sevaCf7mE|$^Xkp^nfhFr+AKmn@$;|=BGGC
zm2x_RD=Mq&W{T{du0K*2yS<D5FW45c=mrcMX%u)Efl^e<sO17N%?CngftYJt#!R+x
zK&f<+<AfLRc`fkqg)Lua6}#&cyGx)5Dz+Fq>>qv^aq(O142Dk!J-`;90K*jwpIY+y
zeyvZW9-QF^*PvJXM!$^oOB-a$Du5S%DWK5iZym|(YM|1#<8!YhDcNceY7M(!n9!RO
zoFYBhjLDNn|Kifr-2|XRcFN@9K>RzOL!8w5vXsRmVWu1-2qYiLu~@!BjY2H*2cbGk
zW|C%fDlq8X5*TK)_<|Sy0^JavWV6rv+pYf@vw10<+{B>cAEp{kFtQcn-7K#QD;A6X
zP%?r1`(s4*@gf{uWb_M~MP|1CCp+6DhM!zA!+8W7huZmYC9_&3bDi87^NnLt)%h%w
z=sFZGRaOEe1hM37FTHBfL>t)B#mRrYQT|@gSJ?jKH6m!$+2|CdtOjuL;5I3D=^Y)^
z7%Mm${xY!hzQz*ONQd$|3#m3kGC${*{XmMwSPZ+P9EGV<VNM=JJauB6I-8e?P%(Ae
zd`D`%g;F<u>=2vflbB7BrQ*jqMOAmY2rvI<v!d>4^&@qRySw=EVB4Vb51SPkQ5;9a
zmjAPv*lcSsbPE8QZ`8v{wsDHB{%5o(pVvhnYuJ``#=5)Cx;xi>@fW6CW50YogqhV}
zH8;Wax4X00xPp_!iWe3N*Aq8`e@aC8J?S2#6^5gNA{0khCDjdxXEWFZeDVY-=;b0Z
z;ewCj88Q0n*kf$B+r(zgOzFmu+H<`nZD1v$BD+^L0ACe9{1(m#5eiL5{>ZkMh6scq
zyaGh>5PV5|x;XhU!Wy;PSWjz6=44cH_wIRWx}<a)EGKzKozL&d<j4%95h@$l=DX?3
z=6C}FQk79#aowz&zlfgn2{8>-?*7EuD75p4;;+T3oWxF+$L{s<^K-4R8eW=eHpoQN
zPhIsw10`sT0_TzyN}q7Sz^mBjdZp-tDS1!UcNzgoFLX)>l^!#T%RhF95{dJ{r33QJ
z$Qt7-eO=Sj=zmOmL|$fRhHx>|dP=9H%OCOD49OWCYa?*V@R_!?L?N|ESPJ@NW7xJB
z5EPym6-R#1Q~1SxSJ?e5;(T%3wES{Rh2spX2fSfTUF$8o^K1PQ8y$u$+#8leFaPT+
zIV#vuxW`y^5uNVjM&N_f<kuxxUZ7X7*XbOTj&JisS-fW#oklWstvvChAGoWFiYV{K
z3pdP1lNCZC9FW-A0Y!6xN8#N~@$?O+bK7Iy)5dvc!X(s~T_-OmxXA3mJ7jN7NqpV^
z4KQg(IKdhmlh2Q5$BQCb|81=p>YXUrjP<Tz4ft4?D8+Td9wd8b74AmDUVE*h7+4$b
zO!#dJ4$P8wh==)k6v?e$f5AnD6yexc8xP%s|8G=HXhJyvHpbdQDt_}(n4pniwmWcp
zE7g=e!6RafWWzbLjPC_%AU6m+(Lx{?19%o+{+gl|lsMzXDuUie81G7*>Gkw$L<vOi
zDrkk+`nnu`KzLKj>n_vV=0>#cvxC)uLjGU(%QnS~e_t8z^4As%L8)WH2f8On(ss-`
z{OTobR}1e<!~#w9;6#k36m%4*_jfl_vMnEx`XhFB6HIARh#!HrQ#!WPZ3d<+azH~l
zW>Dp*C|@gK)q$arAe$0g*szItN-sPKV&B{0Iu~VLK$U;a;lZ8W^Fllirj@C)9Hlw|
ziJYl(WEv|9+HN2U+HeRpN$$Os^WnLbvz)2Fc1WKL{D>?Ef0bt<z9w=AG@Ahd2~tQO
zB{9i74$~7M2`{8@OP!!aGd<1p8nAd?M>$Ngdvvuz>ce!3)&)LK%vgg&XXUF=X0!Ks
z2RDY(S?887`mUFT8<iqlbP;Iuq2TqN3@L7e+))&G=c5RFLP@hbx5HOAowNLiXJEr_
zBN<#k(3G@tzbZSyeCRDSilmh+du9(mOd;1Jc|~eRJ5o1@+y0e>zCql_51c%N3m5kz
zKqbP8jafp6(=56}NG0ZiWOY0_rK`x`O(gZ9Sb=rCPcUMO<#m_>i<lDI^!+(~olS5h
zfS>nok-m^W{m%)aW*cwU#|aIAca8R#i=l%JQWR%2&Ix~#rI(Z9kfId)au@y#!4q=G
znx~1hqfZ6A((1u9B0hWl2f+Qd$8mSXzme*U8|J0xSjbTw_Q^i$b#ZRFf$POd=bjVk
z+kd~Kp&|fAd#)CwdaPuBoAQx2Rn=I{f{i9usML+WB{6{4PJfe8YL9H`Q%i^gm?KaA
zdNiNEMdApoYgTW$u(3Ztxqf^kdskEF8TchnQC%<2!rT8b<UY_nJ$$Ur{&1(#^g)sB
z9~8N7WO5!6+y0LtL92W)@GYQ~#$~MJLx<Sbe+;SX^XlbW{R_&u_A7F~FkAm$yt{JO
z!S};#FMjXg$QN)YHqYD<ozz7mcvZJ!#?q_dDC^|!qPnLWI3rL{Q19>{-w~5OL8US>
zRJH$8MIx|Lmxvq#YGgn8#9r`&RmDHpd>p@$NK!UH+`8R}HqkM2On-v{&7Y#^Ewm52
zt)AnM9H54k!55KZt<{Cdt-n*HkVs4@95p+D3GNS{dU22`wv6!%U7IPIpx+*EJpC`f
zc2bq2-|v=JxJ8J`&(r5=Yv%V_!yhxfF=<qrjRj!k1U<vkcniO_)wJrV4xHwY*BC#r
zc;Rn;i#vmwx>=!ji0v=O2%|bDQC2FCt0#i0<3(x{&s9(o8CvS6Q4L7aXIjvwNN6f*
z5a{8R(WlF5ZK){w#eAp19&V^=AP!uqzH=G2N@cn{qsn<v*;>WNp4f+TE;jau1FhMT
zQv)DF7=JblN26b2ZNre1tH|_tvx^Vm-xn&s5zjnRcz$~50Iw30S&_jW8a+@j9^$F-
zu^EW1!Or>*sXZ(g(ZbjHhU`4ziFsNnN)ScCRYSWwDRJX_Kcj4(FMn$5&;qTs!?t|)
zJN=UH!~cRb<@^19xcRH^et{>8e&&J^*&*<EnVx#(jF>khIoCM~W92%8|Jwi4<}pI=
zJUofGsrV|bn8Ty`EXiNU&`O20d_Vs`4+eb}`MYAgSTZEUy<P3G&0OXWl_Escc7e3i
zHvThmJoV{MlNifyZqHZS_uKoeF+bLN&-AAi=^tf(yS?&Pk#>cPV$~8_<V0J<=w$=f
zK{zymxL~yZWGv>x>SpYaZ3O$9kP$ip>yQzCq%lyOLV;N+?B8kw>&WrJDtV%6@9X5D
zxp>5O*a(7gFS(Sb<MDI}(5AKC%s6fzH}F~i-4L-s@HL!HmW@rF8$5F;IH|&uVsLeE
zJ@nBiY9E@mhA>>v7GJo7`Za+J{Mv`e+!-AM*a(|cCIs6nk0(i*YOG@}o{=G|B}o>q
z<=Jo8ecA;{%rfC&Cu%Ud70f{Ov4z1sFK+fG{q9bfjsrGyVk@L51h;03_c;Uvg{0wg
zvgCFd6gg+KCU&G5nLIgMypLr=AzRons2J2ult!eStQwUf=mpO^M;mOwBt~_2cl+bh
z_Wt(F((iMdW}NscnGJV`&{%PWD>9`v3pP9%6hW=bRvMYdP;nA_pMD#LC+&s4BFnGJ
zB{x40T`?OvLHXFV*pIF?AeSJrogOG*)~TJa9^_juu3LU@3^8dh;PAV@>@EKXT+=(_
z69@?*WVPNR*lx(TnfSoRStwx<n_I6Byr6wLPcJ)A?Q?$ngkH|`Ma1#ZX2(GI!_|E^
z$F*N&Fxlxe*%6G7^mm5e2;j0GwLpC)B<r?^5fFgggR&EHg=tS>0TWM>i^p4E-9Dl4
zMecn5d~456KVsW{DHOZR^u=KWf&_|&tN|A1nGd>SV+iy^6@d2KC7h|}3FKkH*AH8r
zc&*?uK@@Q})8Al_7-5Dj<8iTASD^-#42bSFm<$ka{|@#9XGV#zd5xnAY0YTW#5#3J
z>nX_3T$5(p4RxlHq*=!Ij5f#^JrM~sR?Df`FhbV|J*7=Fv#0!&QOT-ASLV2h-^zh4
z!y^Mre;Ho$147xhR;>u{k06NBTugjm-c3+0{QMA{lD=|=NhN(v#<}#Ya)Sg?B!hcW
z$_Qq+AK(E#kI<f(whh9!_0zx`{>z8#2u1PMz#i`{s5jQli;(c11zZ*Z(1u<9UTZJ-
zqax^?j~lPQRF2xGQqG6OTQ>*`<3nZ^YCR-Bbp}p=1kq`DU)IZnjM!j$`g{YuaqIYC
zzD8Q_o2TN<v4qcGf*hRy@d)ehMAE9ZlHgV5JZ`(6f;VRZ94s*ZL38q+Gu8(q{m0Z_
zs;Y+HpMXMubed4%fE@y<$}H!>48x0ljLFg48)8y(l}Ryc$|0i@h`Bx4N$Cb(A8xTf
zbwNP@K%+=q6F;=dL>S=FjQ*%&qfjifCf_9N@PILJge#6&ow$1Yu4XdCx{Rq{oG$VO
zcHv678<B=O(Xa&dS}juIXg5cxhvCE_wnp*P&pUefjwshWd06=ck`9?+T|w4jH@E3u
z+Cd~+LI1UJAbK}R-{b6UMjmf{JB-C_t2rBB<h+Z0fs7cb6Ajjs;h`IJOTKGTeBJf>
zI8z#lgB8XYj8ht^a|Ff_M;pdT5>nV!w*^Wg_v1?=xz9a$rR_aN{75wVv+4cBTiK;A
z!C{O=?9wDnjAsABpCm*1GSOiSQ`aGi8Gd|x9P<a(xO9;Sw5ya|nn2OlOzLY+K-SMA
zcB(kFmJ^b>)4o{B1!)9!-e+GXN~=Z5Nf;;&bsLt=JR&3Ag?C{o5EO!XnMR}8j>A55
zhQFiJy`I1ga#p>>(Wm>X3mU_9B}%lZpoEH@9@X7H{IWai4~~!DLux0IXiX7uuS$|M
zD7zpcL-vl}Wj`uy!xD=+h_^}wwtC*eW#HV86wMW@dh6-PaxVgAD@^@xtjcsrDiCZZ
zM~mNMO=(Jx+uo<eR)aY`-&AX&M3K<npm-8AypU#v&U5p9C^UlZUfFL{T0vvTV?tWL
z{`b481&xv8bE)RJsm*MVTdgl+a;feFSdaNNN>1&V?Awuv!LC7Z0S95oW1XNebRsTe
z?WWzpEGPfY4LH$BTWuKkR^GwMe+=N}5BKQpiyN@cdU?}%d4p_I1JANaACNwNM!T~=
zTtSbo^^&!-e`epl9`M%IE=jIqV`qTyb2mX8;By~kj0pS;p5gR~yY03P_=_GnOC=QV
zOyyIoFBJaS)2IgEyW<#;y&x8Wg^kb}3gaM1xrBDnFWxAF8=_KK|M3KQ6mo1qw4QUw
z(c`C;Qg_1+e(iUI=Q4n<qa>nEXmIZnGjm&ifS)2KHao^&>Jmf2L7N<NdjEs2pVPV#
zfD|5J9s64Byfb;8F6p*2d3Xf=ucuCxhC!&ypGx~i($pMauty1tE3D(d;SC>b=Acmx
z^ZK-$A4kceuu8`p{^4RR9QGb2ek8<w*%9vIt#uq9F81#@NmHEZhl_>8nPRt@6E{j|
zX;2}H`MNfOOQl>f%O^oqQ@WN~hd5SYonuG~WVt$x!w2lML%%(l#9F6gFt>@=miiNO
z!d;R8_q_I~!W5Qy!O4w&&^9cgkV2O#;o=2hA0=FSD~el5S)JIU9XI{h<|ckCt()6S
zCR2LozXIEh+|)!1R|HiL*?f&&ax!<QR=FU1+d;JN@bP)Jxw<zeGmi&_I~bm~fV1f|
zForA+gm0=V=1ZU6lZ6=+*_?pq*Zxcx^BFLY;Dk&JAr$w36`&;5C^-JpBxbv_h|TJb
zw{@?|4N5W|-32kG?Z5&YeyR4Je$0Cv!(9`~pJBY^87Z#I*L|RQgzeO>x*#LJS2>@<
zUul<;gZ|6kuY*}aUa?FFxj0qNdc_dF>2H+QfcU{3nFt*fwb!o<CH6LfilQF?T?wSY
zT)pKyy%yubcn#!}<V1+_e?k|<$c%VLT*8N@i1^k@8L2A-PI?zdak7EH1VoM~SacLp
z^E3oybF&CrQlvI|@iJu;<;O+`E_PHwsS$Af$((ska@BfHT9sSqakHbU&LPEhNvFdy
zSS(e3_B0YzqNNouln^?JW$}!Tyg*6*4qIyOC)p5%+Uz$0uemDH!fNTH*|2tL%K9nA
zLDTQv+bViJAu7r<iahSo;iprg84F<?$4Rm3)lI%>Rc@xSR1p@j3fu5r0qgl3m5s$5
zpFVUpPW^{Ca)NoR9`-z@8?rghM+sDnWIiiSTs)7<B1l}!8#dm;A#2G)2Q-kl^YY0$
zC~)H^J>$Fkke3Nmc8rkBv5ct;{3sS7SdTOshuSv;4hZ8#f37RGNYfq^7?`eEJH{Ma
zDc+sO)JvP*BV=xL^Gzv>2D;mO+oYPsfa$Rp%-fkrzWk>(JeZF+qq+&MOH_;7aPbc0
z?Lfx`YY`qz3W;9s)aPa90>kLBn0~tY-28+VW>3)H<7KAEL;LLYDEUZ)?uNluQO%nm
z#jc9huB_;r6Qp_!k02X%CwsE{PoZ0q{DcmgQ?-D(N#|p}r*V#3#}JWesf6O7Q#$?_
zieQr^4Jv8OMaGH%CyIJq2Ry5<sQ{!<?)JtHqVmA8Rtj~Zd>W)iK=w*Uk1+g`X)o9?
z4DK4YtnE)IENWaHn7q(5<}a;YRjhP>?@RyUxkciWQ|3%TG)0esslixSeJT4q4Wm$D
zJ)KpUyzq8jJMU?gfd04arL0fKb6|zOcVR)MII5f&qc3teEmeDSgi+x1uZs;*N8og6
zwBhu$e)7xLE>V3gK<{-z*<SbC>V^I2GD@}=iT-?cU1EX$VuRP#|8Afyr#IKw3{R&w
zQ?|6ksWbieHR*3fN4vV+zf^L*r~KxXKTfaft4y_#>Fmf-`5iXTW=DZ(K6DS8@P)j~
z+wk0+?>=0$QH#w*7e>hZln43iWl<z%tDX1aLqEc1J0L5|wQ?C5=27h1`La^|wjqk)
zIh21W7ZDp<p$d0DhR%R&^gFm#JS0;7479nTUHuIGZqqK|Se;}J!@iL;p-Z}m5rf5|
z*?roWIeapGrU#{ACG-g;OG0Va<WI7-lZ(XhHPU>)OMn%15FD#Fe5C(twvX42G*6Jb
z_>ZNLV}Q2DPpqYuc1asc=BF~V+Sn;9Jya7sWk&d<{1tf)_C43SV)$e>JPdPR%bRjq
zOF;1ZZ!m!)Y5?mhWZy%l=;Dd~JoaPa1Dvnd#4{xMNViEsZC^ab(q___yc}jk5T*d)
z(H6D%Hce5Pvv2$fDh<6K7zPg7<o>^Js1YR#BESg$O*0-Z!!$e+Ic3trPuy1O20m-A
z*&y^fYSjwnU!O(HlKThD@dGMvG53?$XJMy3c^WQBL^R+$ELKID?H`SFKJR^z6tvc4
z?Lz#)QKKX9B)gs;YNt<_pFdkdnk_K%V`OagtJPKPq3zGoSj`*~KTbn8oWj3IiZ;RE
zm@c4Yewa7%{?8u`1pRNdb!peY<OGt=qJqXdZp$Cse{Q4o47M+k#u%ZlPopbj3H7+Q
zW;#2wVN(9kQvD;V@`as6g#{@R*fp@$2r_=lAF!6sRLdWCX~p=KKX+Hl4r4!cQKOl&
zyT-?V{>wh9-lTK4Wxvr?Yino9pUi;)rR>J6TWY!eeAEM5yiSvsLva5`1^q<Vf7#fO
z(BM%Pb7L{Xh5uT=BHM=yoQkynZb;soqjKa!HTdFGxRkW^@`GcRgG__-*ZIO9`gAU2
z8?T)U536jOARdynT-g3=j&Hb=Z4<SKSemm4%(8=~+V9Tn!hHh--q1}Y6H9*q(Zh(S
zb9h%`bE97x=1t^+j0)k2o_GQpN980{KTF9Qz325;)^6;S^FWJ)e5U?ZGusBaxb*$I
zR$Pu)ovvk33)nlve~&e^#6kv~aFnoS_;W*<qu?#?KOM*5)U4<C`v`md$6E3j-g=@(
zzR+QmVWiUh=`U1pO&udHZ^>^}AYXAfGa&jE1bZmU5d2vpe*dRtt(Pg+NDDX5N|->@
zI}-|RSfNFsvnhi>fTaBQic@|RT4ZYjp`EjFwJ)m3RGmSEG-)q}sI<gn0QqmV2G(1O
zL%eV-qc-+bobY5x-qb1<Js0lOD&$3bQ@UY$6*=nZO7}4uV(fA0@()`8n}grzDylhC
zW|6q$C#;fJbT<lnQLC8Y9@`qHy*?wWka|M(T_&^854SUD>z!rktJp4Gcip=%)7yWo
zJJp?~F2TG#4B<FPPwlqOBA8;wBgS;v<L`H`TN+c~s9VcoJWL&4bXGDDjk_ou{*Cl1
z6<^CPnK=X<4o?xBgvYcCc-Z<EM{PzQuW<&P#Omvltp&IcpX5;B5KTcV+3uQ1BpJFm
zj{V(x>ZaootlLaP$jK?#jl#ugNgN!89_TRrmRvDQbxk$ynAPP-pxse&uF%>-bM3X4
z-5V2k@T}XJ*AnB+FVp+fkf#!$rTGM#UL%}=t5M!X+3b;_ytL>B#L>eyZnE!57h~?j
z#GINQYkK8B-}Nw#N^zhBXfB}j43+%xNs&RWb^5lQqL4G{)s-rip%<L_g)eSr%p~i2
zV2{pKXxlRhS@|d|b4l$eXAogv$<Q16ETp5&8?O|6xDmsHTZ0|R<t^^ebx~u=X77Hy
zB-2Y}m;I<s0GmGoFzD!Xd$juDYKO-6U#ImmT*h{bj%sIn4$-C8{!7379N>(F;`i*7
z59Ov<n2kG~O`kq78^b$1>3yWDHc!hCwkrdVX>&zGDqmMtADbDc4R(*Y*aPOY344yi
zu9&QM7I;XS#TtyjWwM>>2kDck*BSOt3Mx|VW5<)L*I$9j^ou)u^C!+A&&Q$ES`<7g
zb!ODgee>wOAP*WHiF4ss3pB!LmMV!Fe5RMs&yx5uhJJyd)NttdEs$z%3a9<GSez3@
z_|Q~o-HALI#&Lub@gt~p^G3`Z;di;p1!~LrYoJOiw^hky_WTH`gC6F(*JrM33Xi7)
zH<0fFWeLDmJHaMmuxjY%U6RCBD`K3VzwNX~q-Imq-p4;G4vQ~GD0$@X?e6dH`|z~C
zeX>{95!17gvu<eQ|9p+af;|;^Ya3wV6*Nhst3&!<=zWlerln{bwTW^&Lw}x@y<hBK
zJ*`g$G5#7XtRhE4MTC^t#ZKRfWSbImWcV@T43+@8fp_0P<2+c)7)7B;{HzS7JsamI
zSJpJvHZ=v&W5b>Jpa&Xw#-YRcOg};F6sP9+t0EN|6eLhPL=H0O$pqqHcN*gB&R@uh
zZ(kg-K>{DS59GnP3Tgs0f33IKM~?xNh0h9c0Oc%V1M>bzn5j2ApT2t$uL}HUiYaBV
zK>~QLr`oV?-w|$3#C>gZEe7Sf4&;hXM@Sz&(MnDX3ovNw>|{w!#MvWmcyS~)N|I}V
zCc?jg?>}0BO!y`5=1Sp2Pjk*=fF4m$8n-LM>)A4e1c&PY1`XQXP~w_5ds$|uG_`f!
zi^)1%-W}@Su&`j)y(yP4u?4+8ffqQxDZq>zVE5Z5MuVoQXm>ZugHN94oUa;`O(zuc
z^Kk72?Pi42vY8F3qLSlhNh3iBkPiFfIJYgI;32TTXj6b-p*k-;gCLy3A?SJBXEh%p
zAox6_0{?XfAlH?m01_Clap=?neG1UW+yVk0;ZmF$bP}Cz(1=y#sj~+6Fm4N|z)bV<
z4*LJAv()_I+MHZ*&sUh8H*&sjxE?DzF;w-eWbqZT5nd{*h_p9lPm)|ZSRvo;$3Xf$
zEneDuHt##Qat^NFN>qtal4dm-n<RVW+(uT_gNP6zroN~n*(Gp^$T40ukR;Uk@)O6w
zDnmry@-WAqn3@Hp%GHVRrxtLbNp$(1J?9d}01kW1{If>Km5*l4D;f8<f*9tptHMq{
zM1VsWxpdHjpblKVJ0MG0NB#O^2xOG7y-{~>jBZwe@VT00rgqc<#?%=H6I(`Eo~7ZN
z-D?^_;G&|P4w9@)zy6l@f31;U8pTJBKl%&cL~0?HyNzuFE9(j^hE72BL=QK{h>arZ
znKlhk`ALhJBnk{pv1DVQO2)yI|DwJx8_(zBcj=C)Npok6sVRjQ;Ee!uAd~?l2*9;X
zxNOQ_%GYsH%(oA&ka^@2Y!*fX_v}aMPO)GF7`2H#B8R>gV7~p6V}y4iwSL~s04+r-
zlJ0haww`}faRk%{y_olF<xIcF$oeFy5E7M%D4V@Vll)yR`1`NSa%6PR9R0IkTx2BM
zukk9s$RI>61>D7^JawQ$Osf8{>i(`eu5ar#CCX^?2KKQ(nnQClYFQ@R;<JCqxY=Yn
ziLGVCB_|Fm^Bh3<_U?e)`OIQEqx-<&(i((Kbkn{K1CW&us&Wz#PcYn-KO&jWBpAf2
z{MRV@*Md;CVXqw%x|45QisE`h_j>Dcj&tyU8$tgMtJ7ZU*pXiM&h|Cxeo474m9--S
zIs$aDB8SlkXPY#$1}mVM&N@=>S#dsZ2}xnR+K2VE&J!k@dSLr|zr$w~6aus_3InbQ
z&*=HJn83I&Nhvv22)2wHx?o36WL&pn!i@sEvgsR2uuky^0krV?2nKD!=Zzuo5H)IH
z9+I15G^qk)!8tmi*kG6Gqz#y6056M8TbI2wT{e6%dKMSIG(3@-g3G0NAzWE}u$8W@
znSf47I3JgqL?R?fCWbJ4?P@h@uP+l#XvB!H1(-CuEGP;JK_|aN;DIyOM2?_{RH8&;
zCJ)Etjtn#&AP7O(Go~U-sZ2A(lv&Eaax_{>V6JHQ{~VaxyO91%)oEBRRIPS<uSV<a
zr<Yz?Q3R|}bD%b(&x{bHc6F`LfX7|idPYsX-&gVo`dYoGtIL`;iMG$7=h)l<Ty6H$
z%Yb4pr#q5;V4A~!F-VoLUj~rz<#dBmNzuNvG;7LlTM$a@VXBB7Wo9jIKusMe>iU;8
zSJv%-Y94%EYZp%8vpA}E(*GL_ma%fz`s%<y-{9csf@ZYfTxUejD;~8h+-k+>i_CP1
z!VY>yLa9Tb&mo5M^10v2Zb!(Av(CFQ;{ZUru_=i@L6B5%Z3JDXY8+yj6My#H1F=6l
zW!8!k`xPI?E|sgm3=MV{|ElEG67#dQhbCn3tX_okEXyDlF<fO~V)^CHYAfbxPdGv$
z0m~Nn&NVBKE312t(VNeY!(b{MXGf*O0Il$9B2^oA5w%bVIEd<MU_%!`{J`|RPzA8e
zG5Z#ZT$WVI;o<7UsXN6sExJjZX=5Wfmm=`if3Z&;y+V3m6WC|*VMa@$KjXR(vJ1GV
zT9VopW&9H86A;t!(K-j=OwQR}CeAI!gg;GYO{T{Tvib)GBhtoE1Xd#%^{t+mV=eeg
ze!JRiUT(HtlXQwbgk=?D{h0@&aRRtE$1=3QHh7c|=?QBf)?T3M>XS0vA`<m5HME4@
z2P8J%aSMqzi_Lp&LFqCjHcQIP&!>Lspte(-z#W9mV>zlfhnsA1nCF6-Bw_+JQqkEu
zZZ6F^M-DIg2lVd6?i{n>Nh+!csb6706_P=Ow-CG^sc~>;&OH;9-3168JOf<h+zcB%
zzxi|WLm&kx4Ua_WjSTte0QD0qGdrj)@SPWr5Z}HUkxDa8Z$j-<tN76<lReIUnL@C-
z+OzGWV9AC~Zo8mg;0AJLDojq%pUj6!Tic%w>4@Gp;j0rQ<rB#PYec<cA)@@Ldp=0U
zqO48)B~vdcQaheevLp54od8QFR#NI#46#*fG{UE+YAKyBur4t#TcoI`c=>m56C4ul
z9cJvjP}^uGGgs{8ugsUGp7c{;WAe)J1Y7@=-A@00DtJHD<!7l}Yn`h!>U&R~^t9eX
zddk77?KM+zoH3DcMh@KS6LKZuc*Irxji}OxXf7av%pD`QBzzhYMhxgfwveJP&JSrW
z6Z=B1Xhm511rJ;xwXhU+k=Hp0e^pas0r48OL98IvohA0R@RW?4o2)#;C+>jP)7>^X
z%$-(vPYBJN#&H+*F*7(t2YD8~fRdY)3TvT7Hau5F75)$8&D6;t_FD*&_S87|a>jRw
zbFuTs4`f~S|BHid0tR}De^od0I_s}6&`us5bQpKP`CR1-`WE%NJWT4`GHTpOhYV&M
zC_3fo(T&s)e>Pu&&`=C0LdR9b0fF%~bb8r?&c^;|rZd#;)Roen`(GPr=-<B42rzK4
zE3^1;t7W%QjYx!V`Jwv%LE+f&hf$BqEYlCm!6HXmxem9|1Xi5)JFz6JxCX^U`IKs<
zNhg~fQmehDXTEnK#{O`#r+%Esg}sPGj|=KTwe?1Gb>Xt#h!a|adLVXpBMEuZXsc)3
z%<{lnciJ0T#{OJ4M-&FVf@x|yu4LKS&Zp$yPSHef^IDU+jJ5pIJ3Fs&2Qvqyu@i=@
zR1KO%Bh=8>04jGkLFwKgepVC*`3O?3@D_*0Jj(ESy`aKoBor1llrs`l1r_HBPJ$kT
z!RFmqY+QZV$Z!h16B{vZj)bTkxKLQ}I+I{6KrFw;pliP9Etx4|#{%<<rB`t+@&ggi
zH6Px7toAQ%Y61i&$%ZLo(FP2QxXOxOPPx!8t?66^02R0X;k=bzpXm`#6Iy@hj!0^M
zmjW~1&EYor?l)of?C!pRt5dSf<(;vXqCKqXscmB!ZML!Z@3!kZi%+wi->vJg`_(G>
zYh^<;hKbWkGsVXyV_*^c+G)5i84_Ls%c3dR(Md-@3=EDMhkTh%_P@SHCRS6*o3m#s
zTPb<@0O{{>hjQOk=-|pNf-F~FT|qgPoUw}3GK<rh&#*q(?S7^kr|;1vd+4jaId7^^
zQn-$WgD~RFobF5W>lEd`mF-k9W*a^{R{WpGBG?K`%d4?aFc`H379b%UCsLOG^H_}8
z?Bl2JTk48F7nxV(4nOWtuFCI`gena;)d7JQx2OEom<x^3A3Zu!p9Bu1etQJTQBuu`
z5J??#ySbXC%zfuTYEP>PyNH+B`m=-*EwRAJl}=+~wNgUta}iK%MYsibMJ(J-bFK-N
z*bCFMAO4a*ht)G<C$AIjZvfp)fdfa93XTBJAO;X<6gw?3I~k*VOYT-1#9}d)Py&(;
zQjj>KynD^vVFxUbh`y*%<{QXbJ2`XKDNv(}m!NFW!)vIieq)EmoTw>$HutnLM}paI
zhdf~=AVHVHLynu=w>TUqtxq`dALCRKfcyF=hAW~biy+p_m9}ud4pIJF*j5$de+Y^F
zLkPlFxJyor1>yrChyo;tV;~Xo10sb05jDl8s~xEP^xIXA5Y>M{9juy*yQxtIk?(@M
zzo$GHE~zXO+-+c7z8m_n00ny;I;3%6lSt1S^Cb0`@6O;T{F)zxZOlnbsY-IFUS!Mh
zCYAGq{UvUF6;6izX4v@ZQ=#Zh8Or^pCn9a~t+)}v?2z{?HBme8-QkgqzMvvs4TA3I
z3<o+xBBIJ%GQ-MmanKQgS^k|GuW<zNRN(3mfdelg8<#39Pp+AuPSJPj2)d7hCG`B!
zP|%Zq_N8Vki=Qv_AX#>+7|jn^LELGRNAMZ0^ctqg26-m5;R`x{C`wcCr0_SlO0au{
zSiDvceXi1YV<R81Yx6x}3EQQq>Z*fER?+4HUO-Q^7E=>>Hxi#Uu^39=v&F8Baz%rn
zOOxIY5!Ou``9V@H=ca!_>O5-*N#c&Y$-uUGh{yBCb+D&&y*(y#QV|^{KgYMotQC}q
zA$d%O8s1OW67Y6}x2E8hGVXvGniR_->P$YGbR_ReCjt2OtQ!Gsoi9i|EwQ?^pA44h
zo-M?Wx;dVs)61}gptkO!L}-jb)Xm2g4z8xbVSYq@VdFFI3c+S_L0_|0i&HS3UoJnX
zNmj&r&KHQTnnrQum|$2o#cjje_U6BD&b^r!t8Mh=U*}2$#(a()uzYOl-!VZ1*wZ|+
zys3MU`2dp(&E+XlV<SR3=)0!GV1`TunzUe9`tvRcYLa~ZsGd*M84{AOB{#Zc>Mz%}
z`=OIK8+_9Na4Mf@=VQwzUo@~an--n>;Wq{P=LUbIL{milR5bXRSa_hKV@l>juB8?B
zdg>EO6vC0!MyIyZkSM#ifRO(x;z9m{YU=yPBnN0jj9Hp|-LzWA;6WnbL5|Ec`^N5^
ztSlTC`P6r=6aC%qSSj6W4E9`=^d{Dr-yaL1an9D9Y}5nNf($cpX<P`={Q=H`_0wlx
zD9#L?0Bs6a#IwH;StpDOA6uFh*I?L0U5Km*6pI?huO9H6e1d;S@ypwPVkZ#JuD0k-
zV$1@k)et-%Tbfz=HtddDkEAUz`heforso)bj13)qUil&uhO!j5uWX3T2nLLOrA+qn
z*%@2tHRBt9pq0vZa8X*Mn&syBA)RUWgemZ_O1ss~-mNW^tu1$DL$YOt*-4epw~w0f
zc{8owJY^X#MCb}V#5*1n#s4=(#n3p~ff%5v?ln0MD<LnV1HE=!fL%}a2aL1rpLxsd
z#Lx%!61gh0oav%gCO0Ya4*!e!D5d*!n?-!m3}y70%&Q`!BIW)bj*aE~vu|)l`p4_N
zzJ0tNq<He}^T+GiuE4OJnjpmp6t-%{uh+;|&FKOD28Vx=MTD%}zO7gZOS)BP0fvxl
zbCs~&srcP)SEP;3gf0BLpKXRcjh*{z!-nZ?D_vFW8QHMRE5G8~kueO>l<_h?ne)eI
z{@P20WrdUlIHu8wtbg71@!AJ*(O#B>{YYmNo0+EN{kddbWz;Oiy`QH5k}Z(Mb%9q5
z5C8o#>tXs6I)fk{d9RZ}E7RO%7pR;(FUrPd0vY{kMKNPI#%&06{e3CKy~}~AWzd|u
z!9wvfBs6g`Jfp^YzS0*u=}SwRaG~7jN)J<fQ|fa-;!k%TBJoyG@<)28_^Ixv<UsO#
zI&(*{{Ett624NXk&W6mxQ(K%CU18E}{}U_GgZ#9I2e!jA86!%`7c)MG9RtGT>A%+M
zLDF%sGnVWJ1<P~9L^JL45!NBH(w~W&%jcI3T^|Wg{a$J!A1u+4zcq|jAV(ia%}$*v
zE?=Vey@TmUZ6mQV6Vwy)8_aw*=Tjri5sKDD3QA{#;mK0=PGw7ow`$p1y73&=-G}b&
z<&*J-3W27DXI^}TY1N?H&I2gOO;3wfXAENO7LePHA~#F*TE6J5kgqniU7aF3>Mg(J
zZk1ZjKEUu*SKJ`{f?e%L#&_0$<Rj%?ZK|;tUh@9dT<LFNGt&?tWZU%ZBwSdwsiGUn
zp%ULl!|{8Ml|O&pnu+cGhrBIBtZna6sSHQaH`n?E@pJT71aL=U=L7ToecoqDjiWcj
zD0O|M4?AsaOP4&)YuikSlFC`GhnjY3&x0A-b4V|MQ>C$yX<%uq)71j`-p9OWHR#iA
zUKY??!G$zXqH#mkF<(Y^P^q+@@+llHIt?r1DwRsXhIu^!lM-`qv?*NjF^8)FnS46c
zk%3JO$?1)DxW7%O07&}NMq_;x7vs-kzxpfF@S0e!6PKiMG_o5AT|nc2dNWw2!+mF)
z4lqC>=tUw<=<&CVd-^&1!0Z}2NxCpidkX(P2m{Id8D$IaDItw%cl!mD2l<~x^nX~g
z2A&2f;Tt=3Bv*#ppFwbv@W1(rn@>mUbY9Ti(%J$ZHMP-r9s#H7OCmu!g4(?5vxNuv
z9hUR`m*A`P7QmXoiSSOi*URoxa<C)h&POc8YJ<GsQFp4DbX^d>H*Y=d4LNsOl6ueb
zug|0U#`7DQ<Hj#AICpkBciJVWR4wgd`#-{1m)rIE^d6Dp)8%RQ5W&U|I(H5vZF)(K
z9k((QwOpXy0uQC+7~xn--=kBK$I-Ves8qHT{`7EHJJS29@}uS^W<Q<Bgs47;tBQN}
zEnbm6#b%f>CFWd$PNtpxw!IKSo-X4;TehdC{<j6pU)aD*06Qd$7tq*gVzua*$3db8
ztt(^Zur7vrPOe#SBBq!7BL2$ZMkfT9OX<9XJQ@TD<7yznI6f{RM86X1^><CG4E4Kg
zC(=x{zr4-lnCGjN;k0>CVhq8)azu~*xWzKk+_qlv$9UpG)F@CyIShs4xQA_wTHmOs
zeNjVN(FC)i58l9Y#9Dr-C=a=sErw)*Ej^`>JHoVFr^I+tEmyrf^)j0=H32E9-r~!>
zz$5_#0fce)^`HzaSCl;%d`!oUvUOoA__VyR%gS{US8XXg;rE%jHHrEP>vpoE!%_}(
z!J6R3OJ}P_x1zUM)XYa63~}}VhN95MVni(Lkm}x7F`SvY9$}s@6}kFv5Fs7o$YTv4
z=7s)Kq9ytt18?l3(&LuKnR|ckFJg6Bi@O2(F&E{Mk9HBeqEQ=&8F}owfMe91cC;qb
zGQhf-x{ou%{ZidLOP}vlz$|P0tBzG8h|_g|^J4XgG$;K~QHC>RM&*;`IMlF(oYl=?
zqEhA@3JmD*^sm4xurK632}y(H48y2>$VrN+A1*XMCZ#aJ9m}Ncrznk%pD2mTZva4`
z?wlukvffrBaVj*3$`L&>GKV(A!ZF(H-L-<)B)#_(Pp6j;fBxY)RU`+3x5;q$6p?)Y
z-+Wuw94eEd`jcW3VY-Ob>o`}A6IB#Mi|m+J=HbW0I1j!SJO+c69kXQ*4L#4iejOIJ
z$IqU|om64MKZqNM5C@2q4*bnQG4=9`I~YmbTpbHyL`lY>p6KP}DWs|h7Hq^k=Hfu6
zx0H%R7l!-#X*c}M&ML@;26+_!FFBi7sISK4^+W#U=Jv}}12n5!GuJ{3<0!)`H-k~*
z0H>`763#`WTBlWu%El^rbZeX41@dqG4@Oh({9v@u?dl44B;Xfp^dK@mgHg~nDR*@1
z2c@C^UU|%Mv8Y>XAQQG-bo@tYi#5$iEq1tdh7)yb|5hl-`zJ;GZuY1=hqLH$>$QSb
zId*H@-G<hry(GVfYY@*{1Qr@<^tN`HyEF1xBpC<Ihw&NjB<6iF<H?H%L&u*{4BCeo
z#Sz|L{MidUV=vbBJaaQd?c4lZ$69wU*eh85)o<6m4goZ*bSU`#-a%5i;$&*3p2zoD
zVGQ%O>3OFs*A=@u{%!*J;bHzDdf;D}6DrO;f^>RtDQi=(C#@&$q$sF@yoqnjOtcJ+
z0%-|s_Z%Yp%&jd{T<_w@Y}DttOyWG6gu>n2*&70;T<QBa(+}X&Rj4kPN(eI%sChB(
z(N?zv(D2qO%=3Chw%c1uCA?KbHts&wVy}>1&m%88v|3y?mdOKJ+dMCjd;TGM)$tF}
zjp_<sq+hTBAAmj@25pdX2mBAv9{rsr7mLWX1`#3K{{I2mU(<zDZ-*agH~~bism=yo
zNJQj^y|uC7w<=DERs=R9uf}hAoE7(-fsd*me{i`$y24^SHtc232l}G#1z0b7tU38B
z2|ItxmcuXmT`+1S_$#&2Jaq|E7H0btb3Dy6>C6`f_`MAiPwM4@PM|`rM_)YlG@wsu
zi||VMN1ieff?uYtaPS{l?tu^uYtfx?E`E{yJ_v%AJEzLacf>b*WM~bvSA({q*b8ss
zrH>KwXTKr+A+o&2mMzI8k^9Hb_9PcBGW#??BMnC*b3$(~lPJDpO>49XmwA|g@B*i)
zf_fn`Eh#Y-YyFW@di|=yP!(>2z_N0?!ry*>*SNQ8?kK`bj?`xJ4+XB?mWtVPb18~S
zlEMzuno;r-3qQ>@Z24}vGad+o+tk~c*%Ub1i=!`8!M}@dcT|s;5w8~9?uR!pG%VHZ
zrL?JeN@RC-H&c%6xWYFEPDqqJ@aS$VRPfZK5nkDc2t4q7SsN?Z)#gK%iEa~k2)Oz^
zln_rv<1tOds66E+j)9^KW-=PA2RqmBB#{azw`Aa#e~*MnTg{}9NJ%O*++&H|;`5m|
z1b8vzmsCP=OMl%x`R)})(h6FK=$hRYaMA_UBTV($lIuTfcY)qxIJ<Qpw!!M~KJj?Q
zdF%^zS`ZTX$QlAhKRm)AXoHM9pyOYN^{m~``dAd4H^c+NwrZaLVoa^I5oz`er@(Qd
z;GBm9Fg<8X?KLxIE&7q;_l5QZCz4gtO;9%CFz;#=$71AwUy?xv%FHYElvN!)eDu@n
zcDR6kYPQh#n0^IwHUfl!-KH^u*va#9^Ud1Y>CqJsf|Ur4OKu_0ui&&7h=zy(F2vF8
zLF^GH5`d1PSBfK&{i=z^XC(2(0z@Qg?irPvd11<!Bujux-|Q$5Ft-R>Z%#M?F~AP;
zf%0@wdh`p-aJT~3TcbjsTSOWob)olB1WA)^U3S2txM#9!((4PHouY^9t$N+VO0s-l
z!9M$eMR4K#tT)UWRQPrnGC^fvAsSJ*o^}JU3oq$VX-iJ{+EgW(Koqe2%XAVm;J79@
z{}=3QD%Y!<O4ku8?2=0y^$~pL?#-Tr+At!+T)iWtI0r(duNy|{(88$ondZb*;J+~o
zHafk?LkF-t+IzRpACRTBJEUe<zw4m;7G14tJ7A>O_osx-XvpP&3iEgSq}gFs4ifN6
zdoex|%$xv|tT;&oMmB{r)TKkrk#2QO({CTkNTfdwBWKpG<pbGw(jQwI`l(I0(AZUY
z$4j5oz$d*Ecw)ckcgi+&4d5V&bwav-b#@}1ZzgcKYs{7~jB)S6yQ{^!H$!>Rc$7#Y
zz3CGq66MjT;@z*{h1&{E%-3<b&jC<SS4z=L16qRqtLe4b&NF%2biuK69x+Ev=8#kA
zk#MvQfDlBkBC)&*p10fDGc9;Jx;-DCx;}*VL)x!rqm->d>>#VN(f8*yN8FQJoq4Gg
zM#WoXtOJ>Yp*oi6!_MF8K+>ot#yXq-6c_eGap{?zmG?BJSn9++1Q!ZGX1*+_2f5QK
z2Iy?!S?5uQKxf<?srLo_Q(SOR*H>qg+Cb==i9OR;ner5G2Jryi9L0mZ;Gp3n`n!4~
zNH|XRI!`wfiu^S%>aR-_FL`z*(Lo|b@`rT0&+H3%c<86)e6lPX-@iw}y7r%8=`68@
zllRcZ62J>}=H8K3!U3pCVlh}bSOgitsL}ND5SV0&T@ozWp_pmg+E>Zi0SG*$RM`Sh
ziAbHpHI)O9vd!3g{<i#a6e<}gG()Pl94^L2U%NX$y%#^ro<cP%P`v(3|Kq(ZF==-t
zvO|fr0D+<b7Y-dE8%_upC9TW(^=|GvY3{iHQiUb0dXzy^>2F{eCXB#-k+PJ-TBne&
zpM}4E6Z5M@3>hifOXTWdo~a(!JE?&13&ks3@hFLE9_%BQN>aLMK3V}R<6vu-B~%R$
z5v+-qRG=x_3-j~}xk+0&?I|+5!G|P3_Wdgx2x=+{J|w|p2pK=n6q109+obJ-05~Fs
zv<`}>`%p3f_Y-yV@DH#F&BE`Fk;dwbSlIh=IQqCY2jDS-4<-`elx{EB@VE>z1ByyN
zpY$8uP;vD6xYzFonTOkZoCI;0QIZUWDqn_(!58ZUT5r!pRuGD?e5X+AMJ-9lmBCv*
zZ)yUQK+qT){pAlazUb-1D!B~08UIdB;#JD|{Tv=(%1VTY2TMINR9`+T(bSE*`F&TU
zz$VaT$lDX~R;*}5>PofznDdNu&(6kw9VF>SA${m|FB4<pg;p^$H>IH)GFDA}8}lLd
za0GL4ru~OeYY^@(lUrWVX{X-$&GevOY~mw{Bkc~B?(D8`zknmD*fskRm2|O~Blh!`
zsj3-Ju*XI)n}BF7C36R|l$Kh@L)EAs(w{=mg2ImcQiM-^qNBAKUUP@pyIcQm4<)4R
zCYl*yAo=Z^kh(`2O`UiAdDa61Tt3=t74HgcxwlXOokrasbiuphb+K_A9xK&?{p<S+
zBwN;!ZgMqOLsY#f7BS_I)*BD9+D)SPcrz`a7|&OvO|lw~+-<NNG>BsCxKVe2U_7tY
zo6!u_Jx18wNrVRUc37U4Ke;50?vDK*0EIw$zms}btw1gra+y-|z>&*OF)+fN1wM!~
z(x3UD2l+m~P<aqQ<_4aO;#qn^WL(Cd15DF_ZF7gFF<;0ma?X4Q;f*_dp!C}U1{ZQ8
zX#Ge!?0=i$&-W*!*24!#$8t!iYHFk%!()XDHJk15sT34;ZOC$Wm&gQ|$pl@5WA>9Y
zHBuXw*SN@?euG<E)A3S^^-<L4(UtGDu4Ie5*b1q11{M%X)(fj0ERPy{bO#uh5tpu9
z_|?waYE`fG;J@Va-5Ew;#1(+3BbnMWpWuyYe18IySc_wlKU+2mHoRYb&zI;MpRLL_
zEMK$$Cu1QR{iz!;$uV;<M5AM3LZDgTPWVOak?T<M;JMCd?<l027eqUZtJu|gPh<H)
z3Mlf3pvYSG!KJo8C~{FR*%uVKwEa6nk;|y>35r}(B^GoGD3TX0pvVG>JZLC#UCELk
z6o0wlN$kjw$z}a{)X3!44SSBrWPKGfSuc>uoRLX9>3*EqfyI4iUM@D7oO@Ccs~6ZL
z!zSxThfVT3$0LqA;UpFq0?*el!AU=b^5QCJo+u?IarUUlK${L(VujVw8r4!M-jlLG
z0_ekkkw4)C_Pnn?jX5A{1U*@jrDcBLY=4JE{CDNw!30fG#!JPu7|peSMf|r8xX1{`
z@k{xFV~E%v@%~cV^!|j@MRIL1+-Dv|`gg8r%wvNjI&R}ZS~KMfCy&`)RN{i06tbqk
z6GcTF3}^_ST(M-=4}x*oA{dviEL*P+(ybJFMg}f6)9^}Z{h+oY9Ng%`<+6%F|9@im
z;a6G4XU~{_wW%`-#-#*1WoTG31SW@Al|hn!0Fz>hX|Zo;$wsbyi#^6EzrU_dj-x?e
zXH1}lt3M{%M2;J-{c{25!o*_Plo1CF=Mf)wv@4`UzDxsGjR9M5EFliiwR|`U`!f^R
zA`X2J^vY<jm^u824@FG*9qM?lZGW>}ecvE#>`uF;#GZblOwHW_c|9WJwVr)2tM3na
zUDUevg}g3p|IWzkGU|ImUe{Fk1>FL9<%J96wLo4E8hKq;vgC)nZhg)?G7NTE&mJ`f
zyLH2k9)rb?^<DSdLe$F`Vp<@rWEZ6MHZUC1@XW9=KKWhr`}09m<xG<Cfq#;K-;>~`
zu{nd>r2wVNmc>~Z<RTTn+!g<nTBAP(h2C7_*ac^<ZYqWw9^E!Oaws!WHkqCM<%}h$
zT~){@&}T?s^f9?EOi>03IK&8aLm$~JL+-EFmt;&mmv{)m7&Frf2%ggKWxPBTMH;Jx
ziWm7o!ULvf*|zCEIHZKx$$$O88o~5~<x3}hYNA7zkjvy>!Xi-`BHE+-c*U6!^EKiQ
zhdM(r$Y5+ZBSenA(Ya2)Pc1kv!VZq(Dj^AY=}=&azozIhHpb#eXBL<Yha0do%kac>
zJy=CSRF(UrVOp4gh5>6da(nxWPMz3ipb-|sZlDWF2;D#>n~@M{nt$;SOKf*!IUFn=
z%r#boPzKR4AGWdO2kZj0>rJ6)K%Id=KwCyIEM47_H=*QsgBN-k*yCA!CdHzX4y7g=
zJM@*~uZA<*j#Br<TgSdKfQgBP4I941`x7R`ge5ml^yAPrMjAQ0`Fu_&62$6;If2&k
z`B1_MflZ=DFfpc@n12f2N%FZs&TCar1wxNQyheWh>6VnjRL~-evle1sQ`fczbAl5H
zdKYgl^VuLf5%~csQ)|lD#}C>t^d(pXdVoU*3LEvuXfB7L!)XLP0mPv5qismGtwPQ{
z>mC!$%n7bM{5lSPm<u{uWj7bMcjWZ?asdEaI2)}758}$`f`8D#6<pJu1?@Z}0FwvC
z()u?w&$+mG^<Q748uR7V+b^#^xdBBgZ$P2JXb7(?*qwZM^$#eB5*B{;;IY^Z;I9OM
zU;kxaORg@VZb&HNRZz1`R-x0cwv1M<tG8<Ps@`l2n|goPGWAxcJ*XR<;jrE{8G*IF
zf^BCd5PiSF;eTh31?Np{kbgt}HG>(8pT|T%NE&fE-WF5j@%e~scH7M={`*sqxTOpe
z^?6aB+Mqt-%=r!L%XY;mG}?kd@<pxL%y`pm)HB{h>?~00)Vmq4+SO*(t9q-)KUMwn
zk3awX0~*OL@U#A#f?)Pp-!Ze+9q+&@{4KX+@#xE|Nq@NEDhtJ0)Yrbe`coYtbwV)S
z#30p@(+iamR^vz0x+jdqlP_Ps$kp(6Xw&cS;EN+iXS4M!$`9(jn;Iqxytm!ycTy#_
zHvZ4MJ~IpGeK!c)$=ez{1AWgj$$!*nz1Qd?-S<EG_ajiv%wWvE)2!luL0({k)F%-u
z6T<^Ju77)20)}?_{T(u;`(xNGzrC%#8$xfs{f|b!TOYPr)$bGA@mW<=+CXP}czCEh
zG%Bt)dV^!~23TMPap(NW{mzP3p&77B@c%fUQv(E;$=-czw<>K?t9L4$L8Db^K+$%i
z($ni*c+7s`e{M08Sr6Y~Y3P(nm#`A}0}J@Fe1A9k597myA%v}reXGJg|0d=8jas)-
zTk?IM{jG<83#O2ZT90$nYF6qY7rl^+Ue+g}GdBI8&WOT`jvkV~ZB#2w*1MAGdd;r4
zI+gl%?PmWW;R_P}NuodTKNA?I9{lfP(a&tv%Gp%!)hjJ{$BS3}rC;nu13Ia7dstx^
z?SE#s#-?bq*@l6s4s>2N?Gt{=C)OK1PW(|vFY~KgPTY0BncjGmEALT`zE23#AxK=^
z2hHGZy^i7w|9oH)4|b61I~#UB5Su8-QKahCN^AO^38B>EL`fbY%0IqY`mtIAJ~nV|
z*L(XPy`}*Y@|}>SfjfO$7vH#rZ`xF!f`0}K0@1hnmW^t)1!^mq!)BytTT&YYjS@|M
zOlK?o>`^>a08<{cg2yCM&p7^D@-TKa_>U3be=$}Nv&?gq5g!X>(yWl%0c>-q2ZAn)
z9NAIGZ&Zyjb~q@VeQLW8@7Po2WP`^j(27l;oHFf~skQtlG_?lb5J<!WSa>X|NPn17
zM>hHApm)`KICz8rg*7E9w_heU=%~`x>r>oufrlUAbl^IpjFA%`gn<*q!n0vTjHUA5
z#Fh>!HEgbl?R;TBR~5Mrus_BWxJU!R6DNCw$a_L*>~(rg+8dgBuh#DC&0f>gyR=i+
zjbXcC)`!hOd(dHZ2h_HI6WX2B*ng;bXY@nLcQD;(5Z6e;mmdrmNA~VYoMJhXv%XTz
zjlBx_$NHixq^esR44XZ(uQwWlmfkd*eH|1qL$A|8b<j5It*$x9muqF}r7&(K-!9?3
zHE6Z_{YFQxS6dCe*)ghmzl{UXYV<no?f~>zGhf~j#`ROU9!JlY@N0q=)qgapsaHG0
zt_~8{(2WipFosnFrbx}~nWm9*UyIXzT1UrTE#Z1tZ}c0q*3@gQT1{^n^&TFEsNOf*
zE!t|C{eH8WFW17OCWUEJeY0#<*PFv`qgB^wy#{NsWwiBP6&P>y%t5c-?llJ0R=zx+
zMW{py--G1aCA@dxKt%`brhiUrHJl~1svB?)(7R1zNPEqGmsV-Myq_{i<P;&16yA;K
z`4X=C9SVoKc1@?|&;YLMZCHzast;?RG!2YayVq~$%eA~+@V^j*N#R>;NGmxX4Euv#
zn>O`stBVq_3tc^IxAbnK*&K8SgEsBg^X2?n!act*xF>~o2?(V#|9?kpgX4QrY<sIO
z+ukIc@^{ajO~XBIgnxy{X9`1(AVL=0vi5mc9Bpkn4Bj@QgDpRG#!kaERPnf;^_HKD
zNtd6Fjls7O%X$6Q8}*G+tEbf(RjuA^Yt>4%Req;vZq3zdVzq+mT|mDFdH`yX54z3d
z?Q9C#28Qp9>wTdziGSJ~=vxNi;Bu;>0grT{>FEj(tyi10UGK+7sIdaBim4wA?BL^1
zF`MCU8P1`bdwjn8!W~dQ-`>P%GV?J~+`x+z>qHcPz4*@<#b4=M5L}-k)ZqkY4t5Q?
zpO&!oDuLflKxKthR1zMz<s`hg>|f|N`jG~nHDD7~?mh5R3x5k<;Uqq(l{J+K?k0Q6
z-3$LsO^iW`*xe=^B)Vg<HEAqHpH#TyEY{Ol{5(Yq!s$H>27{D0=5uov`6uB-AwSAF
z<xDoxn7sAJ7s6PvuYN=WiTGyJk(|Y*WD!@!qs}+B)Z(*EGSP}N!Tae3tuZJ6L$C@n
zW$<&g7kdGxG=JE5QeKEXQIBeF)pJZ?NOH}YZcC<70x0(cX0~0rq4(}LYL?j%vm_o~
zFjI}symiHI@}4;EgW9=Uu!yEUiZaAc4sJ)X7>OsQ`*0DO=34(>A#(rcR_hgQO&82a
zLrM{?w>D}7f0os?(S^TMKXLYy82*4np6Z;mMwl*g@_!rG5%8u3-&b<P#?cI6`7^Z6
zuwq=_ux#-Tf5puYaG<d1nYyvTema{tAB|uzX0<u<tUB(zX!!F`p}?&awS=XWh4z)K
zTMr*xF^jTbW@@mlUnsGG3tKRL#UHy5Kd}ymH$%|K>7TKE{9ig8<IT=sINZ_(@C<aG
z(?xSR1Ame-6(4p;&}9W3E9iQw*=~2cxoAF%OZ7`uj3s5Ueu;$~;!9B8C=yE+7g>5d
zAPw;_u6QU5GX5=CnCkMY?q&H+=wNJkfmnipI2-UG<ECI_l$)@*0n$aw>PPBh_G@tl
z5EgJzK7`}=nT9-Aj_E#B$nS^}Bw)mM#G@1Rg@5o8MrBSBjn2fIIlh1+|EE#KyH=G&
zPHx4yrj=NJbT}NC&0hEAF2CQ$?rWczF1kh_(3`pJ9<ZR!3hG!;Z`EtfCVlE9C-y*w
zCr5Fx1}+fu2eibVSD2d#zxl@>D4qoJ5w@UQ{*sy$mX#={Eph)u#uE!;U-6~vpNM;e
z{D04K6n+0>@tPklBKD2A01*2)IxxYWjGm*U*4n!e2oL9x0Jw9f!uyDnfKRrvxs)r5
z6TW4}ck6Hym8bjUe#_gsu;F%B@3(!nQUA%NVUlW?@gPaJjVAxNENC<bozBqcaR6rK
z2kzu|G=g*dw|XEGog+6mxY2Cq&-e^ZpMStnt>v?rZ98Gv1DuUhD}6_j>I3i@F#ZW2
zsHD2pZ}dCWp1IZ-zoc#8hI^fHk2StiXYK^tLyaHobY52Pb_P9qC~G9w&0x)Sr->3s
zCFRqisKdS?{;*8(33=K|D29CJ5G-j52kN)*G-r*hrK+R4WE<5(*g!tIei$PFlz%o=
zLELr&i8Xm0dEcTPv)!n+CCUv`6}VuH`z<uG%k4%W?4M-yBqWd5gF&E50b%(U|H3e<
zF7J~N$&YNMF=iMduB$KiiLmGE(Ae)bjCyNO(@g_yN<E{l8_i}@Z?|flVXa|yd$qw9
z4vn{>!?~Ko3>}eCDSRecgk2VMbbn-L?*)9@od$jkI^Id(d_cLfmDE|Pb~3W7ckQTb
zOr)@>cM`oszia5W6JQc=5~(j3MpxnpQP_$L>C4RC3h!V1T}HILG=)O)Blz^|*V7Ll
zzJBFI_?Pf^=@brXTw&yu8IKHWXM+%qUBbh3>^_{+p)s?A5I@OZV1<iQGJpSS@4ldl
zCxXr$VRVDf>6faH2>&3d)=8)PY)}ZxN1zZZ4-$URK;!%2C?z?`2<)Q&ib=#j+4?*=
zA&FIpP<QlYSs<nEN&)jckSl&Rk5ERU>s&CsCGk!Xh<OI6#fwHadcu1TeBPR#J7w2;
zj6Qq`udfiB8ut|4@?L{1e1DB`o_$K;e*(h}r}+lJRikb;tKH_4Bc4Yzxt~;#4|iFq
z)aRqk*Qy7h&WqEdKzN5-axY&~kD}pc0niF#!PxS}qRl{}*I$H2rwJSC(2Os_eAQ{A
zHyCz$)s8-_S8IB+Q*Y@;6<s~MeY4T*(_yDccTlIf4?;qpRvzxCP=71o#NzwQdQrk+
zs~}A6np^;j`fe1oE1~a(%UCV(3oLSng?WqVz&u2kP*=B6c;!vVLgQUa<2A*sd#Ng~
zT$1u~@JgLm3NF!eOzG9D)jl=MoYjKFGEUj2d5L8kb+qCZHfp8v)?z~J?pF?W*(VlG
z@r+$#KI8FjxPk>mrhl%5d%<5h50X1k3PS;kG!@b}C?;Og#D<g<7z2`jQe0ctlI~EN
z;=-koOaB6R_F%baic3;tC(@*kiiWNw?Dza!T;|rIh5}L3gi=1`sao*zuX&HxXnktl
z;8kY-5LAR)Hl}lazk~Inq8;#VT~Fnf%Og~|Wn{yc&RrowjDNC}Dop3zU}LY<s=cN;
zI27%AJC#+@RKpUN=E8eWUKM^yo2+Uh#+xkh>FWG~ZF#t^BF0v(`dp6^>p<#4BUiO=
z*-J;NhsPW<0(UkTqgj8A<+fLCJmwDK(E;|aNsN&JjSu1~xf-q$^mgehqTY8K`C+h4
zPLW+lQ<ldGPJc*#6^(y+NP)8J*mFWB7F59ZvNEV=0~QnZ&5X(JHzu%xK@fbGfbttf
z(8V|wbMXjQ&L&PLhFPn&nX0ol!$a(@Q;O{&@xE~Ie;gg}=VbI2c?h+6B-(MNvKPgD
z;aH~+L#7XCqignZ^Y>2)+P%VCHHz3Axuc$LDYs+pu79kfPzwUuCn@o>(<~tJLI4kV
zVgdh~G^J022l!qI8`P+pWm2hxjmxKXVGv@*sp#zgCjSJ5lwdHV6P($G6If~sKp>r_
z1wlV8D{i`KZ;7v;oXS2T={_6>v0w2u@Gy4C7~#=R7r$NH5CawvhJ=D48DbP?91hZl
z1%(>#)_)F0Y9FO+S83iu+xsNB9*@29XVx}&!5kJj4#mVlLJmNG_)$j~0piC#Uh7tZ
zS9=yzhQ6tY%UyF8TWQ%&R7>ncy}r@ucUv#`(0vuf&T^fhH4^b*WF)OjaU90n(xZBM
zW6<byI|p)Tz!aP(OR}^Y^Q+<SlzuzO%GCO%W`8Q*L~?4XRuKInO{*ltleKE3UCv*f
z-`x3)Yx?A`$P|wBhpWF|e&R5l`19)XU4+bSiQKPuN;n8n%VUvA`&UZFQkklB{|AC7
zfF1Wg6N@i88|WfhnUHYY!r(xcj||81`HIC}!P8DW=hp_puv4#5+U&hxCqS7sg`J?j
z(SJD+A@5`e!Axl=&O|y^)J5z;-5k>1p!T>(<Tgklmk$e&S{`^`1l_4XAA)jAOc{qD
z9puOd80zK0vTYvR5LTd$0U|M;0A>Rsr7?U&hvViq4AL^(-raktV|JFDkVkK(E2hj(
zkP{=<1$~H*DM|yS6hGJdAr;ovSTi-=D1WTS&_y0naRU+3HM+Du?6+R72sxGEM7a=g
zT+#bWZgX*wA%utHg6z=ywOYNJw<0C(g>ND^*tPJuZ{GTsOXs%~ksTieOEs=#FuItA
zCyY$1iA(Ja>*u<K$V~)4jH$suA&VyDh)kSxC}Kq1gk|HeEH54+bz4y(8o80AP=7+R
zvY4;otkj9;1|qoZd<4Q92bD{W^_O|A(W!Tu)xpbM=5oLAW{!g$oD3bjQd1BWb*!lO
z2WGXC_j1ooQ^<&EkdK~lM7jY+I38gLX4W6N5q1c>GbFlwfBJypVZl&)5g3_IKv?IF
z8!+of;F2kRW`p%j2edz|4LdJ*eSgOTf0I%;E8pXN4Ll~6v)4GU9Io|}ZTNbpU8}X)
zhq}hY=KV+{{;T2+=g{6u6W2aWC(8*+B^ERSW|^#5CT~d1EaxK><mXl$BSN+gO;lLO
zRHOO>n<&sr15lJK9;OA4?j8*+k7Z_f1aXlD<jRiP2FmrQ`4bClyadfv&VMG!ribC>
zQO{rz);ADD!+v{E8xCHuqH&v+a3I?wij~$`X<d}o>)qa<SwB?C6H6SLblhQ?L-9Zn
zD<wRIlp?CE;*Xi6l6QDw<yH3}wba75H<D#hZB1~X3N+QdNewA=6nc*#n#S~8FI0Ke
zWD!0{fBM}D;P`5SG@gl2mw)@lMO02>>{ZA$2FIO%^nn4N!YUhW0&DbIjYhxPt-V|^
z6hlUDZ+{^o+sS%}sPB(4Jqk#oR=tt8Q(113XfZ6>i-tml8<BK0QU+a#=B4u_Qzpi#
zabeH#$CTZ4#GJcNh>fPRjb|d3s^{J^^r#3!b77+#LPu?4E@`wH?SJmDzfUhF5&JmB
ze<^%ZcrHDT1jL1|D6=yEP^JLHL``~FUT5WX42j$x<mRvRIX#l-7I8$Cu%Dmv3&NNc
zi1Ciy`kO6;V@$;U{2Y(OXgUAGP1#{YMJ*P9QA>@w$evn3;sLBqG>=42%iD%#<dON+
zwj{!XMy<GInZLq_l79><mVqHR?$zyrG$x~8Cc}hA%${*P$)1Nd1GWejx;dNC*BtjD
zJ5*>!pW@+D-e^dHH1cMaVGnO)mbj4HWJu8{IxNf*?kUdM<(dDsngUydU}Yb}G;aLT
zMJyI(d$(Aa`?=Em++$(3+TEVnqc1oZ-?@^xF#Bks6oPX`yMIIT*-;mF(oGH&d@oJZ
zU;!{yA6?wY5++O*Bl9Vg|BO&#JfAgihRG-w0*F-y%}%dY7r8SM0mK@OqZtUkZyd`|
z@SLFwgF(B4devyBN9;SI!I1mnu?z?HC@G1+tZxY4#>)%CQy;WyolZMF*j{pYUXqv(
zqZNvzugjv^@PBwVqM$x7+D1KZpSm3<wqhf@wVVMJ!8q2jl!>Z8%?95n3zQ7~RbpBr
zNz(g~)VSyFoogC%aga$b*bxQUjWJ5UEiDY=9+jRzH;$JU?}_5q=#Brc8B3_9R>0pq
zVf~4`i=$3ueXXv2-uC#)XWhVGoSekl44n{r5o=>T<$q<=q(=PhLJOK2X_cQMSWn;Z
zmT$y7Jv4ELO48^BY13#`F^iG;a>dHen9iD|+O|PO%)Utm#W*~J#q?UEZ5RipL57&K
z8kzG$bWH%&NKNQ4TDW~`0;6Udr<QVpSA6P1jP<a==u<JGJ}KE~K93TAlc|7R$mRLg
zNOQJp-G7F`l+%hcT|ec(nNn0}qw5t`26-EMz6=+=5D#=fX}w`KUa+zK%A1Z22VK1Q
zl;aQ`fukl`4rDl+>^o7SIukCw&Z@(q-fR!^wt4L+URJ=7QC3osz~O{cHxNsaI9efX
z4%B<s7%=rjSit^Gy~wz<;K}0-hke)ZaB9Og9e-v4eM(WZ>cXYcM1ILKx?4$QBmsVp
zKzayoasi+*9GJbNx5-PAA<R@kahVD)Yj%}6+y5U?7CkDjV|l%AcFke)sV`E-E)t69
zC7*9EZob}JeYp7g`TG3y?m`Jem{#ic>*?+7<=;PDoF@umOEBIAD~=@}Ck#sL-sCnB
z4SxlJpFMYiBO6t}vds#P9fp>1<F7u^2mWfio0Ysp@{5xEG2OKk;SjM8<Xy(cx>T7a
z9C?SOXj9qV11hV@Xe%4IE4BySMyqS=HLyvTTR1JMiSn{=40ue}C^EDu4OY7ah){K`
zv@S~Py+*Iy$tO-TOIw<2(o!`e=q|1S*?*1zGSjqTn@(l{-6aQTPFX)Aw(5&)MX~H2
zk*)9(C5bo-?vlAacS%ROeF9P=o`7`0Xdkh)MFP_8QjXGO%F$>LTZ?REUWv|=E!b?L
zJGqNfzP-rS8XnR)^cHiMeG@wICY%{Mi)?M|U$GTi0ea|_<b8s2f~_4>couF8d4ISq
zG}`T6yE%NpxY6cr3$Wpv)w~U~Ie0=ZG16Wgy0u(7E+enEDUJ)>VXKEJQukpif83#n
zxteE<N)(#&K<rtVG_h8d7gR-$E;=<B!`h(P8mwnEKZJpr+~ZX%9t(EFRPPZBx{EBj
z!x9Gtl6Fw>U6~|P5)=stM<>>BSbu_DUL-FZiO}pND9bJ(i;WQ9B(6k?MR1tw5}02Y
z??J<;(qXG#cu8d3xp63E_%d$b&hjlrT)Gi8bgZEdt4*VMY{3N(Da=;KGrW5dU5p(M
znYyCFc$dCEV|N32I)txGwJyN`eG@;07Xz-o49@sM#2)r_9tj`{s>U21G=GIgW)paM
zj1;9r>X1j^R8lDo<|Tbpk(X3V=@MRY<`{`{ZdhNC)*=s%WCwy!o0P&b8vFYzu;K*^
zPobXr%%f8qgveI`mU4>Xds@T?|8}{Y)0J}mnFF_WCnHTT0~DHNU}jHT7JrAeVn3J0
zFQbpG3!|Ef$cp3@(TRa}e1EoDKp3!F;2JTMdvUmX;%eZ*X`ImppsP7(nf-3_1s^|{
z-%A)NT--QX?*1ZRNLgC%cdG3}yd(ZJc_&iRO=KjNIBa>MhKNb^pAnO02M?MJWy;mM
zPA>5yPMQo#UdJ4EXvgRoFINnxp&~qaBcC9cmmQ8u4H)71`WsM0EPuUU?bgkM4OO!m
z4vm?S!vZn^%d(IU8WGYUrEolo#FoJ!1l{C!(yxmjxO7R24-pRv;d)9`h=Gjax8K+h
zetcC(+in086QAp3x=Un;R<+tRhxOJzExyuRmS*r(-WB%V#}Tt<9%WW_I7qEF_YR`M
z(%Kv7L$ld#8o8N!e}9dcdqtGb^=-W@7H7iH`)dw&z_abW7>F{}uo~KXe<fQ*90if{
zp0N8C<s7d_FPME}+_^!V!8QMF&Yk$eB6|tzZ^WJKlOK7Xu)a(7XI|X#Z)I}VTyJD0
z$1)cQ=UXHq(K{xedRuab`xA)&j>=@h7QE%WlaX#uPO96)5r6ok28mTWFkuq@Rkc*B
z_sH=iz0oc5?OY<#7H-l$oXz9Zk}iPqP0R<-O>e{&oL*mo?t67A$R+Lmg~|8;OvasF
zqu1>ZUUI5|jZMb2*09~q$4M-wnBYq+lwye=xWyP-FYog%-rjA{cDvS1w@bCEhcpnW
zTh_`8rfbD*=YL>4+o9BJo(a{0mpZjUI-A0`N$3I#<=IYNlg5i5F&R~MxsEJX(>u%P
zMb?lm{$5hD7nW?)@Q;+ct7h80RUDs<udSwaNa6x(*a3;Vt6_r^w^pO}HRCUo=CtB(
zWRtXZ{CPB}9gTDk>E>$`MqkNr5lX^^mD*``n`X_Zu79;sU(zNc`Y}3$5|56cC#kpm
z#ywTet-1$))jO?5K4}*BCGmtL6Ia}Jl6yoo&MuRG7c1pnD9_~c=sdDYuqibfi(>2Q
z*GOn3l5B+eG*Yu|gje*!T-$2T9aZiP7I-o-;l(9BMAl}=tPm%Dbl>*Tuj+}8-K6w<
zqx-;8*MC~WNYd=rJ4WXvi^K@MBWE|C&qdnfHSjz5IWu)EuG40#)z4c2-0gN=>?jQ<
z;IF@4{O7V8cc-84epyxK3JWbO0QJ9~-CQi*0$eC{bMf2Nulu;-m!98U%~`l4apJ}~
z)45#TG-vuD2upE8Ptgo`b};e=uQ9`Jia%VIYk!bNNnrPy6mgJPsWKMO_Sf?|old*g
z=$rdA)+k$1s=+4lzA)N6R$4Ype1DIVGdp{NfrWHlNH=M{XXNb>v$2qm6ywEw-~D7(
zaE;W)<z>?62~KzcFpzr0V*|ov3v)%mY^94!SqcL~Exxt@XeICGwkW0bB#8E+)&bw3
zMSnOooFUln7+K0RmgFcL@X!Pz2wQ)yk6nGx?VHKW*@v0zdF4vN+H#+duOF7_8J3Oq
zl$ql(^XSO+Ea;)W;UyN*?_=t~shNt@!7{<|7;~p%o{s-#(c!*5Y_`na%U%U825yY6
zhGo;=_4GHfWuTkgdbOXA5r6mTpN}T3*nhP7#gmBa>NT_&&mz8(l=TzcOxpX^q%>Xl
z_p!@zQ*jIN!`K>(#WLDf>Ai?lW>wp5uC}5@!MPrHC#<#ywMM_uf4MS1oPgx1B0D}0
zD;Gr~Z8!S$+LIstAMXU6eMZ)H2&1#p(VBD557%NNX6K&E^HoRf1Cuo9z=*uW7Ju<$
zovhQK!qZ5st$U>-CwbE`>Mf&L-RIGpah`hU4&M~V?ML!%_;iaP;LsY)_{t$AnV%M+
zce*5Zs^jaintExVw}y3E%loKt?rds)I%9l=ehpHlMUORtbJnLG@}iNC#>g5#S7_vx
zqM`HJ2*xrkpzsAfiLc^>yM(0sB!36@6!{f3$Whzrv({mj;qh*F(?qANDa@4N*hHY=
z+?1}kLZVR;b_bcmw#CX!UE5{}zFCOG|7lbSp05UmNu8y6!jhuTY#VK((R#sIJ?@0B
zy)ULjC=9a2fN;;(WfhPDGo4l&{aW7lQsg|{P!`-#$8dtwTWbF46du4nbbsY&;iFmL
zia1Hi(_iWQT!=Xgw9c)vvFe|AI;)>;_W{%+7}*g%y`dwvn(;1*cytZ=*vzAsBH-H@
zOkT=1`zvAW^)V*isSSi+BX$3eYdP{3oEV<vlIZ}XkDNxZFs;FyjIcAa5yNn@g%{p%
zWp8pqs@Dg@!Ap)mfSWiAiGR2<h$-8(Sy5dS)qAGd=;Xavw>>BEbHufWb1|4N9B-!L
zMR|o`6?#NkI^z^EknUH*ne+T~Q0(ic(~lRo7dO9M+}uWY+VREh^@q#5uYwYP{PFbf
zmuImjtl-7z&Dk$suTSrOxm~!2pU=T><ItqCy+>&3gf4}%yv^+(41X$p<jADUHISWS
zjT*H^eK>5t;QOwpXCLHVAbN8Nf@|x%s1Q@WJ{(qQJMXycxrA7TcBKbbj(c$6S02Nk
zVgsSD4J30wA^|7R8##rBmQBgTHLamFFa$cgZ^3{J?JO92&2FtbXuV*?<u-N+`G0MC
z58l@e$JFU}ozh{mGk-jad+_ng>ER{#v<vFdwe(n}lZ=b*i$O0=mffE}lDsmUUowy>
za!8-D>+1+<m}Ka=lQ1gr6JAyq?yQMB>l?^|cFpMY>Vv&{Jc$g<slco9u7F-2NBCXh
z?g3K>UH8zhhILG)+_P9|9ZTy_TF26Qy-8cce2#AHPC4_z=6`GY<c`HsThy4e)QIKk
zQ<?KdeJ1V@#40<<CrN}SO)q=T-0kblanjIz<37a9+;=>l&{6wdVVejad0-4DN!VF@
zx`Yl{7&Qnc6YG~uq$R3s!pn%TfL0|1OrA5QgKzBNfTtt_-F9GjCV|xgU%W-^%Aq#F
zkB~E2#NPn58Gp2gX0_IQ!O9P_F(P(NaQN2{0XRN*II?xDz@>oR?DeayeDZ7_q6moA
zH+C1Shm!@(i{*6*5Mxad0P3mhqvfD3aXNBOQZjx*b(ZjR5`%B}{f-lMD=Df^ek5&i
z@#tp^k;n0%*!zYoz>hE~C2Gy4C~_MQ4EY=8e+r)^&VPDbstJZwib^lYgoAM@r+oZC
ztW?)xAEP|bpaT+P7bOmwzNSGc>WYO5YvkqgsQHtJ&1Sdg)6SK0Ahw|{9g8-~KDcmy
z$f(w7qhq{aTh<46L{4Ff&I4=U6J^e>x=CcaBRE%ziaM{Tw;R<?GoOo<UxBkL$<DfZ
z4lnZcMt`izOEZo!1yX=YAnKgrqj;f6%7%DU280x{2a*PQ%hm+FWAox!F$GBA&IV&V
zPA1f<y}J6a9^S|>uC{~+n#Ih+I4%pi+y+O`ezR8})>?b@{Fz!)3WH2j&!FndEo2xM
zN_yZ<-!@Q438}>%prm>ygdF=jl5sU!?=|{TpntTRoo2VM$|@km<jaqK;JMD|eKd8#
zRpXNqNNUFfg}F>hXJ<c`e|#fKgR=2aPV`8P7VY711`c0DlvPLGW_&$L!k`1fD)eXG
z5Eey+>jgejCnYQrr*m_0dq+;MFW+)MF-@W-8c(6Bv5-OV)M0KSe9~9Q&z2qFy=s<{
za(`+dulJV0NHe9?V@5}#@7~jQ?CGU*4`&JsO}@C42=uwn5osk^DVbV>ZwQ-UVouYu
zY}<4n9QYdiDS!tuwA}~HpY5}HQ*Jbe*&Wc4=wuE4!jRgwIH$mbV+!o@fw}hR#F|Z%
z5y8(PZb6`~LBxB|1TWxQ-W29A4e^}RJ%3~9x@^h*`3Ejx;0JfUNKi9T@#WR&zmfls
zu46%8e0jyn!YJL*$rMdpm!?=od`9RY^E!+_TQvWd4~Mde!HSK8VCuhp^JWCP`mA4p
zw!aBy)tl4l)E3CNektUq{<~<T|E6!d{WlW>V+*|DB;Uv$sPLuq=NIRd_LpQNDu21V
zy?RSt!KRj0LN*zT{No;$Kbw@L*P-x^dgXQbk2DJ60>vCD$i8@$DE4RU??2;I{wq<K
zNe!eH_D|(1lAf1~+shkt>99a9_-{bM8F)}$U=%}S{TB5`y;`s9)f)c)DNilCSOaGZ
z>lRq*(8y9KLDlYgUDjSl16jGHgMXO^GB@P%wI*u6mcyyP)|jX-`7q`|DbeRx;?k@!
zvac~h`(mHJ5*Brf`oLbY_u#!5#Ueod|M!1M!f>2B31_L4O3_M_9KORv?1CI&pmtQF
z;@^+n5rz6m>Us?qCyEOB6@s#_LO#LlKq2G9;)lt}GB3aq4s=5w*@gph=6~1gOESi^
zz#g8JxPxqXI~D8TU}>xt6H!0NILo0>A|*wl!AX-&`qadIc09w`IU=anSQxc=Xn8)m
zK~X^r<dZub>IlyG(pJQzEKeaY$Cyz((?BSR)eHkH=(-Tf?kr#d*+oVc6w|0Fun<k6
zs)|Qr>;xBf224C3rB(~GVt<3&6uw8K#L}{3N=+mo0!c8{fteo(bEzN9HJ){IF;_0I
z7E8ok)}koZSGOQTh0K6ofia53hS6dn=wn$kG=h=OqX6kz0&Rz{sBt4oB2)x!NT@C(
z`Vm9)YibAqs4i|`vH4IkVt0!)F%`a(<a2(%0Cn547H(5)Q~PwQcz?|bCnhZnT&sFP
zX^Q1gc4C<a)tA~1e$a-YFHILu$C|+G7-+1eXtd=DIrl91iTXJM`BrNLm3OQpD&qb*
zol*z=CSgjS+|FT>m{hL%ctrTeAG}xu_AM_fB;n-*G)`YG|CDlKhMd5bQmKLtfy#Tj
zD2Q|_C?>Ye8}t)__J5+o?lNh_cD8pokN5|WKQ87^&fLjl2D|bcUr(p57r<KqfW0H~
zMjx>LPUJy2`Lm)5#gttPggZr-!?b-cl*#G)A6EnytA3Sr&t!=#65lL`)s_Ny#a5oi
zpV-^7zQ8*tb-Pf$e=Ahh6bj0Im{4@n3uoySU!_{i^@)Y5e}ASh&&M!}dC8XJx~5Gh
z16btvBb_Z!oh*BSC-!u0cEprh#m`#Zgu5aZ4rlZVwg-dZAcF20ayqZoy8nA>_&%0F
zy)vBy$f<8gAw>^mdM^L3F3&e__#t(@9x)ZMlGQC-@UdZhb^7T%ok>`suv=IL6#7TX
z`$b(bs;RERMSu7^^>eJEocrfOo-VdHqt)B66Cv*h!jJ_04}=|IZ#WQcey9C0p1%%<
zBgNEmARKXX&|xqGVs<@7LWL-Uo0O-2EDFNqXI$m4sIJn^SC|+L6s=#g_g-1#xAd()
z+)Bm!_|`8gf0C!zw3_%bz1qs1Td5*O<CY;43bPH=4}Vh%ZlNm4s=sDyO0N`eOGZC=
zUdQq^-C1n1pndJR=4`NxyJW#6lh*cCH&E~XqRuceqvT521v?QeN_fi;*;~X;8hW*v
zhMh#1NlF_e;oB)4;2_o2E_h|T9RErkI>xImi^S@2-NV0fVmiaCe=uV(vK#?eB`^B<
zdfg6st$&dW;0F$Yua_V{a>V(1LONNCDH_v1!e(V)JV|UPlzjpNRnA^=iSQte^7IuR
z?{RU~)ENlsqa%kXp~OibQ`H~&lgh+!pmh^yXvIJUk|~t@o&Tm@t@Zd!c>}{_yYq=M
zzu5WiKVkw~uEY$1mskw-<XI=Oaj;H{Z7Q!qI)96=<h1Y?)Xp`a$=H-(aP1N#F{Lq~
z#9L_2F3TdUFSk8^3<q3u4Oq0MSGzD^izP#7bsfxcH87YC+M|I)=eCPrEOJU91QNoC
zA&sd$^W&BWW&rjrpOgZ3N&>_F#xKx%1KmWo9mB#uqnt@}<S~4vPYsxN_^|<e#A5dd
z%YRuWj0obYEP&jb1GQ`HSoM@0D<t6KVadjHR_A<VUS&9VhBoaK2hQFKoA|ZlDrOvy
zcoozvZVu`6t1Y9|>*}pqy{b1G!=~OJwoJX%X%Ff~XE>~Pxs`RTuY?wx@M;IQ7jw=r
z=8NUu(0|QXXy8|GS@ze+SP5L2;tJ?TWPh{UZdUQ%pMpf(Qq1k4xI9^+2HCC{g+^Nt
zNWMVNp!7G*Mm^(A#Lfb>PQ9D)s$Feny{fl*{8LqQE<tmZFYLx>wY6<O@@mM(svond
zsS{!=<F8l^Z-+Mh{tmu4a&$IZ-y()fy_gG2m2k%uX%OzaLEugnZNkFrdq09*(0>fZ
z>^sdW^SBr@zZLb#f*qQ93<*~kU`qGLp5=UdTYWc#-h3-uYgpCq6Wj4wRoow8dwh6!
zs5~?(t~YvvWAX-AU<FZK`pNyyidLZ+uuAa%IG=dQpP203$N#^*Z|!ayNe=zKzoMg?
zjma!Q5#ZZnIjfcA8C`oUMY3m3&VP8W4+ww~W0K$!q_s-o{PtVbFEoH|kRTzE9%;@T
zSpxb|-RP>WcXitJ4zZnXz3VmG^(Hj!H0yoK>A_?A8~(Vq8;yD&-(hRmlzNZQ7WfM`
zh(!Bd{Db+MppVYtp3YUL(;sT)Z`!@Ooil$#|F-1c94Lgs?lWlGt-2$j=zmKn`lcyi
zGm1`V(Lv!w*OJ3uHyia9-CZ&2ddqg&-MX{cy6F!hUl92xiT}hO6ZlSj`1hg4H?C^s
zX>$5by$$bJ^G1|AV=w-o6T8>P4tZm@dNw_xtyTv<OvAHSTiq0qW{UN`9vl2Yzn*c{
z4G-?RbLtn5bmcYD(bp+r8h?AgIL>NMJ*!b~b03*iE*QCU+34_>@ay|Qap@6mIM*=c
zIIz$+1?Zu0Q$j8)B=_hTuex?IgB&nkmvFOCvsvZMJV3kdH5Nn<n3Ia&CXs=RUXr`p
zum(Te1^&dkpVSwR8SU^fH|P0va_zw-mvEM0;!@IEW)J{_S%S9=2Y-_}0@3MUZ!_*Q
zHLdSVm5gP)Qb3{r?^}RjQ`Z^p7^D77UFf%gORG#JF7wQ7uCj6O;C4)~Z!!OYHh=mE
z?GP!JvES{tg8tCA`gUhvwfZgJ>IGfLa)+I!?+jaB$Llf=wO~B{MLMFT{nv107D=Dv
zN94<Q?f|{^;N1oHBY$8(E(c1tF!4&lkNx>p2u9cThONFou$oP;ZMFQ?zykKmwVc3f
zcpcYi_k6EhsFkCq0eqBxn*)2>Yj*~NX4i5W?WWc0x(#d4!4J@G_Pd>)2i&Y*F6=)o
zMK-o1)VJ~T9C&>POTh-d)#wg;7SLPQa=Rd23>z*S5!>(kzJFWtUUPp7-9{%~<v=}j
znuBIww=BDD+g8hU`X~wo*1+$ygLc~=3|ftHp*~f@Dw9B~0hhU_+G!1Y&9-9&jt#ij
zb~{$T0f0CAzSnm;{ifGwmkaZWnxs7gx0imK1A7m|sle;BtiZPMlmrdS1u4MlwcKIQ
zZw-1uBPbX4V}I(Da?CQ`Wng#X=Q&Uhx&erE9oq{0p$kwu9l*swU=3|xnLM}M=?^;P
zLe29Yk$*uq7!BMqkaQK~y>_GHH+?JU*gyfh-L}>9Iz!8D`F+pp`hz~kiaiA6n6gQC
zS~%p^Fn*r{zt``zyRE>px^AaowLIIk25{K`Eq7X8dw<|J9Ixc_!V^hpAfKsk@?ahg
zynZKWS-o}-Z=D_-?_mcvzS(MdJ<sa|1E*w|g_F}y)X7N)yL9^20snh~sbGA-bA<9k
zr-K6?*CouQa%CPk#r@K1w1SQ^C?#kH%V(dS{gNo49Xmj*Uqf4@XTUPrIOfOetHhYX
zhk=mw$A4rMy2OZY&;CPO=DWy<x=P=;`t56d^Z#_^c*T8B;}FGvsdC>82%ZavdQzdj
z81vzvwzLQYWYgNlY)S>nRLyS{M3%_!_$z!2>PT4_&f*~Q+<`<+${<aZ{#Jp!j&6A(
zk4M`_bPMKl#v7Tc|BaaOpy!RETJp4I%6u~**nd7@T0~i+8hIrV>!!W{$(WVOOurDf
zdE9fOouf=z8tQcQZ=e7hRVRmI^O}_@tSUQK7(|wf<ZYq^c&hk!)~SuGOoO!%zM_XU
zFDOun$9g$Nj^JBW#SL2SI|CkP(#imEqeDuW!&RX7v)j5o+&%;RdhWds{eY$YS|4tH
z2!B2>!=)a}?8ZaDJsJ+ho*x}GY6Liy8amC_8{}UJeK8tV&Li~PzDJBWB;pI{&(P`F
z)g|Gr$)EX3_yX+g0z`UMMcGw+F}atsGW5B>0a9=X)o~*AG}+E}h3}h>5pDa2FMQt$
z`hM3N4xerS{c$#2imI_!RArO(H?V_cwSQZkPH*Sg8&magSbh5=va&{-zCzC4<_k*H
zY6C!(;y7!Tj6h=mlkP=6L-H%?C{sp^AILnIU@Y7`6;#AVq*-lfLUv{h;W^n0qz4Ly
zL(gyZpK$()UvI+~5%EJ->d0Lf(e4f#TC|~s4Xw6gw_3rjQBF;Dx>1%>@rahR$$zVR
zm0$9zMovc&Tu<JDp>lM@IV<+3k_l0hT1eK*T3sTmy$=~LK7=zKeM%|-C&g?=<*J*e
zv@n#&+A@<(ZqmgREoip9Zg=SRnJRJ_EyBsK=zznlPy15gX|2M=nFAd6T3xs;Zo7x4
zaW>N5NP>L;I2ROt!ah`{-g$G-ZGZIrwZ8FFx&}n`Gin@Kk-11zK*P2cYisqoUO(6u
z94YlO*pp&ttLmVwn=`4o7b%l|4l%l%ow?@Ylt0VR`*zUvJIzMtF%uERo*J4&MC!}O
zv^ACMOg-o|U8n8YmhYlPyYD)d+iJC}PTTGd?WW)B+ujDw)Yp8&8Jk2+et)q^TR!6}
z!YxZUSyS0NW9bQJaG$A0ls`nd)dWeQNAF0@)lawW2!O;4FX{`bt*$T?QJni*<g%b|
zdG-gIFB0uWl^HY=li<_OpO4?Y`}~;=!e+wXE5{(HF@~`kC!1u6K=C8UZ<q3JzYXtB
zgQ2?|FQopYe1avBQviSP=zo6biXW84-0)b9;it=waPLIH)`_GmD@rm;r4Vfo6y9q#
z+WW+mltd$Ni~c)75x-IV<OM?%EacTf_{^e#rteAu^T*I!@oMN&%SbGX5vG?UxhdQL
zV^C_brg26mnfHdBTYnzTXj&(lvJTT1k#XRD4bUg}1<=A5KwwD}1b^_)!X3+FUO;ix
zbo^GM*V?(p^E*1+J7wez^|Q9+=JzB6DwiI)hIhy)cRo%%Y8@Q~Fj_c+A+13Zy*?7U
z-4<M^LqCax<+9Um-y3%OjjlCx8n)HyI&I5sprd(j;5S=?VAyR1Td>p28z;q2D-XA1
zs7okrqpumGB0!ekRe#IdB=}v4#%hb70LgJ<s!1N0)y3iL>Lv`Y$b|RI@vg=3`ux;A
zRhCzvq(~0AlIInKi|-sO*U)GT0@p8@El8oU=ALFP@-FHa<1!bu(s^St!Eg7ADQ?;O
z@D9k(2~A_k6X!4n3!2QZCPPI2iNPSC<E^k1F1iKG!?Ey^Gk@025@bWIpv9)-*$HZC
z$H1E6%vdAmktn!ZQ=Ic+J5fz|Yt_)nivE6o%9DB4;)P;8E+4Z3V8ahChGM15aP0$&
za81AIJ&P`*yQpvnY+Ki3xdnPimituXQdN2GI^kp#v#&FryTHY6+l_w9_x6Rm-i&2c
zI91u=+|RrR=6_Xzr&0u~-2`l+#rum>TBx!bm&IKR>mR9TWvo)?9J$JUi(UFo`S65e
zhO9cU2D&{eH=b|@krf5p8>}F)NV4P{*Hg7G6T!AOk!Zz7q`|NXdK}?_WPz}3=3xLM
zhtu&r2__@xfbT_Ttg1Q>U`dBdO1lqz00ooaMj-*_H-C`1kTH+(J%5ClQ^e`S_3cK7
zvO14uct}KAYHSaw_s^j&55wcVNoVg)7t$~?dvV@xrt6I0lUZKS?D^%Ci$U>?8{~8r
z5rb!ITs|iDK|S7(ZYO+P=|&+J1Y;jf(yGU5O=kfSp)oAs^$6fEvXnuvxP$pBxS(dk
zuabIQE`P3^)%n~(h(XFX`+vxP0z*nL=hYFOY<IdCsVe}2bWC)%p{nAhtL_$`{peWi
z5z+f_?8SY>aNzDXB)6y@eSh}L*%fgCfiUwId=fw?;7Q<fkO3eRa=aTm7^!=txvq5H
zL!0{~g>#no>6_^qJfjYaOb<oLLAp5NtsBJ~;eRere;i>>2~Va|n9WDf8TO{m!yNBv
zZvDKQC{r4G;C2VS_7fJmFXGw>;dD5<;kl_+7Lb=U7p%CS)%2R(UUyG~hMxesBLp!V
z`tE&(exADb7sFqJ;L8!b4TnJbzNFe5+G=%a9FDvqU1aL%@2`p7r*gd*2+w7uQ6rsd
z`G4$uapyP2>63p#pzuq-yZG_^JyX;1KQBIhh&6K?YVOyQ683`BvRV|v{<U00BR?RG
z?#o8QvitCp;1Phcu!A!9aRC$Ne<n)aOWDBU)halJV-|)fZ265l9YqXdaaT~<87!j_
z7O|l9YV%6Prio$Kv4f!1f5J|HT+PQMsDCfPJ>ex!L<t!qHRLjpg&i$kd&csILEkH<
zWNfJh1x6n-Dz!57eX;6JRrH}!F2|Iy57a??`2{ALx*LththfzepoNtzFq;XMC?S<w
zn8X5c^9!bk8gB0Ho$Huwq7y>&ro5u&d;*=g2}9tA*f&LLptNFgeI!SrYfUV(#(x%t
z{it@4mDDLfLV9j5aE62S(<LFtqMQ^XBGZuXeoizOBN?1{Ohcd@*1)!%M%j!M&yY}r
zZqNh?N#DHn!>sSG1Jvw9NLU(4E`yGX)lOvs;u=ryKz03$w>Y8a6`q{9GnXobMnQ^>
z@FsghMtC?d{r(Diu@YIEk_x`aLVuJ(Da}P|e#uj5k$Je_#l`M#fOz9aWmIE*G`E{w
zr`u|HPZ!O_eKB87X%^~q>A01g0`F*HM{D5ujc(cKUK*!h$nH@NpYR>=23X<l221eK
z{jglQAv9)46o!5@en9cCpjvxg7>^x5!1HOyvav5hGQ(*K;CJ8!gP}d_K7V2SP8NP7
z6?rOOW4s26iB&U>v(6IND`PjZx*gkYclH&><?>z;q5oC&4yUl*b02XZj?-wms8neB
z6gXv~BPN)z{c1TxK}@$wjF4dM8>tu}P|e0)=s|&9ii;Fb(S05)Msr$#;{nKpPLV4%
zY7<rNJn;WUld9)va~0Vny?=CBdja_jT4A#QAsP-ko;~!QFr#s;D>!TRh@!16+S=l+
zEvMJ_TF$;w9(O)>?>~=&>CNJ{l6Ksw0=aFVK#^$0J%yAeDy?FVDWwuIJc;(Idyv{H
zGj}0c7Wb}k2vmZmx;LrG)xHb9$K^|-eC}MbylS!F2&jKtq{UzIM1Q-Ftrt-tO@LP?
zmzWA@0@MdS_zbY@rifaj-)=Ssjh_8<$xuQwdVT#9;nl9!(}+gVEtbayO4N3mWjmFX
zMv1Zs0-v-hl)DiLM<eB<D|x^yR!hvsJT)QQInixEBOPIYXotE{J=iD{(NgVSN3In&
zq1s%yD2K37Ma(75c7L<e8x9`Ri-~7m*Z42VH_x6+4?_VF(G_M^)SovJz$LV|WP6LY
zw=f}l$1BZW>7zcU?gklkl?1pS%S%UU%9{9rM*S@_iAhsga6cw<l8&bT%S_oaw`eVq
zinON9KT4mD7O4k-ooF73pH?@>Fi1_xtS*SUmQ<qLcoo+RcYm>rWNuZeD;6nI3-9V?
z=}OZXD$@ybV_;91K52X}BLg-_n_C>rc(!SHXHJ@H*i#ffMMQ%}rBODpRQGU5xV}e1
zn@+A9=ShZB!aT(pxU9hAMn_<SWW;nbQVDp_MIyCoXS-aOj}y}TN6&@X?)3V8KX}5)
z_%Masd^Dg{c7M&Hh0+M*j7~Qw=SI!mq(uY@c9*7l&;*#Ok1k$hDHA5mk+}=z-;hd-
zE*>G9BdqBJVhv=SV{oRywzlI;CbsQ~ZQB#up4iSC+qP}nw)IYI+di|u{rxyq=jZ*b
zTGdtkRIRS=zWQFZ%a`j2wHt}jL@U<59E1UzxZ9JZVOUM4vB(d+rMs>V*zY}svBX!y
z*N09!F$q5vraUFr*z~5o2}Z5fH*F<ytr<Q&a!}G!fj<Fu;BHI~<{p|h8vM9hb9Wmt
z=Si2!t%v<;)+Vck<(M}nc;^}u?yJ3Y-3*{|NpSC~`8uRhvCk1}Q%=t!C!Nnaaq}D(
zcOk4sv_E<d*h8)fT66l?w~pAa?~hXdk$BJK)kkHnecSIFZ>V0FqnXmrTEjjqPh>}n
zHU<naF$n;x5IM;%$*TGJuBg-{*`DdDJXO-mGx~%_xDAglv8Z_FEk2k~THb)SNb@qe
z#?3yQKVOUFG<GS*C8|Wm2FTO#CUa5c=5^_&96U9h=6FR*T$Slu+rx%nW8y2Eh{}np
z=F#V6r^A|yk~a|w*-Q0Tt;}y}fcY?$5et5O$zcF)x<fN8m%ygRqP1%^O`5FcYS!Hw
zj=%C^l2hS1n;QQe#glhDJ$EAF5-eEhDM#)<7|)2m)1~xeZ#V`|c^(;wZQhY+0hnf7
z;O-`^LlWr<oxgPrH`(H0Bc-QSM!KId*5x;dY>7rB!^EW}Wb^b7#(Sjl8lW@yMxQd?
zR|1SAQsN;%=ktsf!ml<}33bURHT~LA(j<Xxh%%-DkC*ZrM*e}gO9BcqoqznixJ985
z9`ajR%+F$?yULQP5%^8mOslrBHSqLrr~W#)QUgwn>L0}GH9mUYSUIbXc|F4q=;G!3
zvM(tjUTW_6^7i)e`PzSPTvQR!fjR2Tn+DV$4i*VX4awOi%*P?#m=Va|Opa_ajQHaB
z;+LerB-U<0yIm}s#V1>f8HqD}Jfm5SFB0z&glUX~{;XI+mS{1=v7NZ!%L~YuX;JFa
zt>1slxXgJk3zsu7b<$NsJv?kQ?i1+{kKg6|fl;{$=3c@5pORMX+qiw2l31FK0l1-S
z_O8{!b;Df+X(aV4bE;h{S$wo_Ef3LF`dr7NrG!<>n!Ez-Pf%6~8c7#Pt?}%XGu)b%
zx$PKN>cTGcfm?wpcITk!!7Yls9wDsHhMdGg(WTI^2M#f{14*~X1DZoZonbn~Hcb(W
zQSBzu^D`kU>j1;z26S^GwIq8mfC}n5&skg8PB(1}SME=FtCyfh@!?I3oq=auQ(Oy~
zo1mG09NtA|vkoUcY1JyuXz*6u<|s;e>^}}~O(EW%jl(CIlkGTXt+CFcU=s<n!ds$I
z9{y_XNz2BLukw}OyKGz?uGy&Fz>ezNM<nrzBy6{CAPLNphbmVcZ5$08a0eE|A)&E_
zYwMxcbrVu*Rx7BD6Ewvj?49^C{6MlU*Bz$Myr*^58MnWV&;2QZacDy}(C;ku7A*Hj
zpNaP*<hiacl+C(nW92zT2ZSxy%ynaDGxG0nkh>%hT{YT`KuiV)cWi>#yQInml79~K
zi{{x#@Pb8f1PR%Vvq6Ib;Kx~x<KkXMZH$%L_t&_Did;Dq$-h~|5@SkBe2nDSdC3~a
zsy(ZNnoIrZSY*`*G3EgZOfgf%BopWJoyCt?-y}y^;1S517VRJAeKeuOPLf-TG1z}p
zqbBo{+I;b%y_qN5G5{xUjuxEK3uWPh#~D5LpZ7n3LQ4(Kvbv-iK(;naOs8pI*&5VH
zu&~c+NOf=T=1J7rVBE5V12U<mXY~oXdj%CkplmyG3T=io=5ABJ4M(Y|1!_~=oX~j4
zP1#LY*>>Q!hEeZncm|31xxgUeGzI}Hq~*l$KMGF@SwbRkVK;5icFyJfYLOiLPeoXJ
z*cfHm6iaEL5~}zVfb<**D?Xmh;sFm}r@UOH7D_QS*5FUomymjwFV4v}$0~0YzsAS~
zLCC=u%dg`-TOLU-Aj(WF%BkKU>`oH7y?+!EmY_jw-3iN?_Oe0JXu~Yhgd3eA;QTk%
z@)rGwIlEuo<JtP!2aDN@8L><iAEJEuNRPpmwyGP}>ZFw$K-bFZbiE$bo@)N8v%MnY
z<WK_FZ6^~3%CYXngj~E*_v^CTZd@E&!vCO)f_1Av%P7ow<Ra6LUWW`+=e~Du?iRaY
zr?{$@$=OIjubwa8D|KtOA<x(eJKw7M*%Wf900Sm46O*LAgP+F}S2*+;HSW9Sr^y6H
z*KRv%x@~L>04MVR*}aw`T$O{-6vekvt74hcF{ubvEZ*)2C0}Ht$!862-<nJZWH>Vj
z(V$F!2r5o52mIR0VJcK+{WDi?#LIyB>M8SctIunq80u$c)a6s%BK4?LRZ-Rs7lw4q
zo|i4t$a19nmi2=z%Zc+v&KCW$?Zsl~oSr5Pxa{f#V0|X(_8~-RkXN}1(#nMw>g>X4
zn_>pm<nLnU2F6IFx<=H*Mh(qhpc;o=*BZ{k;I@<2lj&qhG{C}0-A8xhmv8QXVPyxr
z6lC25yyS4r1Y~J}+Wup60z=YaQ=;8a!k_Ge`<FsjtD;tg_*w@XpW=bwq9AP9%N9?%
zZC6|?fZ>^Phsg{7h%i+;G)G-xKd-<Z|L+4eD+B=7rfXvsb7ZX8EhqUtv90zzUjdH!
z{mC{^x`XmG-JM{PwDL#hLSZ_&Hm03%LGrH#;&V%jN}DkxK20m_&GzexCn!1IbnYA8
zFhn*h8Hkj`M5>rppPS!&J@sN*+n5p17+otk0P%#CzSEA)Qdtz^OMI^OH}{E2g4+Dv
zK>gI7;OXkTWn07vGmzHE8JVyJB2a*@*At-!vfC)3z(-TXG$i|k709PRu1>aTAqY!#
z&5Uom`#Tn~@7vqepXq_Df$(6f5|$3FCbKtwBpHJIQhTT>ZY-`LMzc1#+tj!f9JoCa
zKwYdB+PsWm#TaChhr3?u`sG6=_%~BD+k|Qn+gj0<0Im%|1uZT{&v!)Vq7GmGusDX5
z$*cdO+vHOiwd{fM2&eY7S6t0cJ<=x|w%E4|!2xX$5G~|bUnFtuGMb-iG}8qQL{K$<
zy=}ne<VTNN0*UMwq?;&%p)UfCPM2<i06RU#X4Ko$<%%cuOAx#;>pNQ=@N~5tH;c)Q
z&y8#M(y{|vdpQbwh}92p7Ru|UhwfFpo~Sbtbt2$yIl@Kyc7fEA)1VCav_J8-jV_(5
z7H{n|L*HlWmY?1gaAAdIH`0bey7mcYss|x(G<;_*;U<{&>;NB=yG7`k?6ADyfKc6N
z5ui7Ql&sPXWsI!n!yFkt!^gReq?Ixg?Cs{|Sm&Wd6ZN7OM&s14)^#l#vB*Rxz6-gv
z6L(jqIXqrnoIY|QV%4<!`#Dz!iUoP6oi!fJFGBeM_Q|nkx`h*KaxIpVbo*%rqhHTi
zxiu)w&ru6`;G_cyf_tF}RW20+fc><pYTN}yl<w0G`E?sM0_BI2IICdW*CWjhU!v=f
z=hZR@ycpXQI44Q5rBbnFuQ+8M7aYy-9JS%bzao@%lNfCBrDD?xlxXy)t3(!BA8q0{
zQ{w%2hUM|Oo0;*@+KQyBpg7zNo5R&quwy<#u?ZSkj;TodSEBZ-bG7b50A-hKWL<nU
z?4C_}_Gr6_j3L=qJh2}*IdZ!Zlhj&*2d;5mZ7mj=nw$iSVB4%>d*AH15Qj9gkAar9
z*>$X^_dK?vHZ8gKs<DV0tNeQs!YJS@*gIFRDJNhm29}V~M}71>^kP|y0Zlt1j4q|H
zHc48}yn)d6h`O>?ck_<OfIHrQ<Xvn3CpD#0nnkvzDeC5SqobPL$S!`J#Eq%l&8e!r
zNIkZ(;!B~-&S=X0P8Ov%kN+U<+~ijPt{3T4xEpVX{|*WKw;g9j1Qq9(#~t+|!EZu`
zC=e!zExz{tX;v$^L&HQ+yD*>_8QJJ<$d>YqfL|)7TzDIEICXb3z*0Gqqxr38`ywT}
zDsw_gHl{6WUsGqpd?*tepr~u85sZ(VGIJ1?Ci&dR({28Eng=|79u>&d&DH&MbalZW
zZQ74KpL9DW<iC$!+s};!@Cr!r=EKj%)XMw5d3${9mY&Pv`Emv5?=BS?b#LdFqqd-#
zy#9Lu{9E-D+?-+>a4gs|!*=#p&Ybgtch`M&KhbTEey20NupeK$ikeb6o(+#ZKpyA;
zl#!~3J71twm-n>ap+($PQ1qj+E=T~9Cip?0{Km`QwZMy$I*AP-ojv>u9HoH!F}D(w
zzkLSetNjeZPCXYzy6Z)Y4veLBJJaqLs3O8@=@`5wLEy&*WYGuixPYEHXm}PZ#uLx+
zWj^dtG5CJ*l+z6Ekmpdvi$H<G>q{huD1_YGlQg1SGiqdaHkKHzz|IB4T)Mu;JeLtD
zbb&Rh-Bxr>R_GDJGF$x+uG_+;S>Dqm{{Uh8RvVexKbkanT_`x%&h?QT8h4uh37f3n
zUr}7J?@$I0*x#QPy1f`1_ghvG>~fIK5xDzzKM)EVQ}0k&8gz6atU_v{taw#f!W)et
zRuXhnLY+BI4IF(LkM_l$#ta*Ea{D2x`IT~Ba`5S**he>*6y<`%f{~l>xJtocfm^~0
zekCg3)}OQ{fa;nXfu~-|8(Sj?*At4`qZZZ7j}D3p$aC~`b)j~2j1;`79;nQW?MI~A
zT@DXpDUwHbXhnL^A#)n~uF#x387u@-oB#WawGdsYX;i+>(Zpp1eSidL?7U%Dfew4o
zVp53a$N+iUUFutlp_m-c<Z`Owf^0{o+h)MsUWvjgO$GaQR8XzyhnTQe_4ems_`cH#
zVu|Dc&}w>y+f5hz(r9zsY7aEXf*(QMGMfW4MMWafa8-L$GXA4zRKJub%Dx;E(EfHO
zZfGn?E&dQ!Se|MrEh!=*J8&sS8`+{=2e*3j5^X}{Mkp6K8X`ADZxDnS3v+7%BSmLZ
zXmjKb9o85<+sqj^zoAVd=oV^@=AMLZj;2Khm@ONCES@Q|uD~bv5N|9jnkhRWmQZf5
zT|(I!pwu#l<b?d1AlGFpQh}v8RMj-nN=j7LwHR94OA$+|6~(PzWCOk7-%+T^Wivu1
zLflxN$`8(0BG2&8i$GdbYSLGfRCl8ab)mxU{;;UW@Z>9pO>A6FoEMM`i{D5ptrUd?
z_`yyK_MP;Q=|~fW2A#tr!Za-1%pP9)1cmlrl=QVHNE!5_z0*`=ko`)CEbMqG7!j4~
z2y)NFXj)0EoXFtBXk9_AnaEHd(+SZW?w^;c(VqGhG9B_(`eq!9Q<{Gs8rV!A_OuWh
z*d71zV|sM(`4V=^1jS*Mw3udyf!jj~@KwOg6O!VNtVkjqXn5-KL<+FtXv?~zZ-c1=
z%4CdwFZTO5HjP_IAL1~jZnPU?B~p$}%-OYU(IR_D58=4LK+rurW5u!PZ5%1<YFtfq
z7%N@X07tV#HBRnfhVWpSB!^**i=Cy>DyVR$k&9_k5xg>nobhVK_x7$k6$*v{yO1m9
zGiptIIcN4kzIGr&lLt-zyd)$oSK%6J<*8JyKB*GuDu)&K`N~xK&Ma=&3%H@_663i;
z@xq2o2cw)GrWHr#(vZx`{ie@-hI!k$kNDSaM88fg>K}TL492M;%clk)6>x99UIurO
z<d5;ya`TE=q?ZqD4A7>m4f}5Zb#Z5;r*uY)TnpGu>=L9(<smbyMlLxG4}#=ekur``
zf+AnS8<w07qxMpuO4Uek8@Q3JD;m6}?;Z{1kN|<MQ-{`!K5ulfs)5OqlZT%IV)?f}
z4{ug2hleT;A0}D5GJ9q?m1+tZq`*lDs~2jj;AMLP;_L4#3PhP7nmk4Tl>=MIVk-u4
zpg61&Ev}``ZpHz)qx*keUHi05eGrR)qRD+A2$bGgeR-HWr82Q0yy@)a2IB2C4EL7n
ztw}Zp_)PtK7C*gp0$3EAqRKR=`~@a{5f6B%3H9Yr4|oOmZiEmGO!GB!LaPp%s(!je
z81=IG)|x>HdO4f<MG>$A%t7Scntn49(p<c+>il>Bzrkz=pF4y#O9)KdBSR;GzaUdr
zrPNYeJYZr&<ei@?r0P_kBGod}Sm7w-x=-WIC}Ja7&PbtOxYuOK(cu09ga~T?j<pY}
z3WJR@jFRbNK6*lDP7SImnW~tt8FTd#iHpUSxlNeT@r&;2eGw!91R*||gw&7eYN@Wv
zW|j8ihaYX_BiaCws*-T`gDE8SEnjq20~`)U_(47~csk82c19iu7Ts{h`7T1l-1=oN
z0pCw5?T3xHoOAJiNcsm+I=8@%v#1b~X1SrAn^bjJtR6>A(_H>sm?W&v2Q1^M!8lIU
zQ`9t8(K(=>kB0&P*1~3UEZO7IN`0=yD8iX1>N-BsWl60pP4l;m+)fA3P|S4#6=kgI
zkJOq~+}smA(RMzx#wmxgdjjY7<o49Z#VI1M>z@JW5y7zT$f5b7kHZ2dm0E>bkQs3v
ze6jkKgSx(&SmJ{mNBu+VOPZzpsm=wY?i%^Mh5@MFQMxAp<&R)9zWf|k2^@79+li5B
zY3j*6n1q;@DhD}_+Nod1f1$VhJEE!3c!d5=Q<aJ<S^K$U-a=2<+S#8D(gkD%>y=Xo
z%&_kjx*8lRW8%5CWX+CnIZ}T^z4SXSc`Br;@80UG2<$>*srer&YTD+YkND;wL_GfG
zE1rdIDuj>%m<TXyM;e#576!4B4QteR@i70|_bbCE*MO()b5z?OE8~7QWfhnxgZOh2
z?vT{e!^rY^LNyMzJSVYFW#v#y?V2{)Vt;(-Gx72vNw|+sGsZ4Ok-V`N<Wx`b*cHI1
z`S)G}S&$`#Tm<)>bepe<>^6ytPC*9j*bQ_b0}U1c;QxHRxp;_>RMRqx960IxjZt#6
zJtUd%>ILf~+7lDdx$sa;Nmz?gp%$+vraAJf*(yP$G&|O@kT2PixtI&Np*b+txgYlo
zr=gycd2fsp(L9jhwX_iR54dlTI9E#QiFG+6DLdkN-%CjTBSS@+T3`g$6!C%H&>-%5
zu)e!2;DbA!u9E$%)Llu=T28su&$4Vxa-FU~YvC8a{A<@ioc&<p8@|@Ic~^{Mn174G
zo4>str@MIxsXP;L1!|k9VmBA@B=!+Vr!KA8{N$iWhG>2d(ojA^>MXGwwIfvm0{+i|
zB7{#otOq22A)``<_neyA0j)!_VYTAO@?@$30M_+*L5%bHb}S9w&C6pW<(1>v3XwYt
zdRO$=(i^v|0|?Z!n$cfq#BtzqJ<>Ah34Ge!E!Am`8TapGbqzLO#@x{R<U&Nldr>}{
zGe>$)%P#qaK>Oh;xKYJ!1^y9UK`rVGA^esKJ|Vm>WX)6dy*)HVFiHaKz$6^UStgEK
zfSfaZJ5vd%wg;}%(<P#?6U1tk`@d7e-_co7gT)F~3^5Y@Nf-#IKv99wYEjUUM@Ppi
z=|&fn$V-@m3WI`f3uMaeArygdd|&_rgYJ8>0kTpAZDOH~e8XPUmDR8!K>A>J(*n!=
zd5e<>J;OA-I2Ag4qRI`klLJHdnbeXHAm=I3=yc!ZLy394o%KD2j)a{Yq9sL~K7M_-
z_cl0M*$5|LaOLpzH3*DVA0?b&*qS`OTX>?z?o7}Gsbo&oud?y`UYkm1EmvMKcFF$1
zenegT-HvQwDNwE(&t!|VfJC5&d226~$U*o9N+ei7VMG9_Jp3&OOU;|Zzpa7?5H6g;
zJVy;idpP?rNB87{TZZ2%dLcihljazaq?KrD4z8xNurainw1m7g<Z4eVr^vuiHPi5T
z0PQE%{G&zMkrjHToRQ4?7=;O`;G9#ETcq4_Zt-Mwws+BF%ks}?hm!Iq;PRcmB+QEB
zViMfIUGl)JexHPf){%!}6O;525W(ZLPD+@zDvd;n6zSgT{~XL8RLBZ%p~*Iz{SHwF
zY1TC&SY^pb!3nd{Xdo9c^yQJAzg?%Tz?n(SMqteJvt&t64(#ULpk<$FQdY3sZ}|)n
z$L1YT2F&QAM96+On_?iIN6Qk%uY&H)gH;TAc|Y?ej4MgCWEa1wd1y@);3#<^wLq9F
zZ6%@7i}p-eD_Pp_%w*?>vB7L3zvrXOYCs!S61@56mV$AdGmK5Rw-1{5PV*NrNZ}tm
z0~b+K%%HgRBFBjXFD2Kbgl%I`>^*w<a`PKAZ{+PbHm(A98fJXY%4#yAiZ7d($r%^A
z&ION(S|-mNE1*kNhP3)HK*~Jcj#H@doPT$Z^?Cr;5l-U4m+6kAAWL(mB6Hk2j5xEa
zaF|;w+pKW?ELGS{0Nex<EX(B;Z{^?~eRRS}fSOY}vlxjzJu1Z-O&O><Pz-@c^{;oK
znUj&P!?vbo54r@1=v}c}<ZHgN^>X3LRUuE+uq7&CX-!Z_uf)bPfOc{ceT<sV;xRja
z(|1Y9w{bp79OD$fH7ON$j!`^`F?3~;0)<+>`2@U3MZlg!;ycDN3!n4zNDwJWzH<Ex
zUPTL1MDgwJm)6wa>Gb)_iDXr{<e?*htoWo<vWmR?mWn?9-N*?E`HaVu*!^MM!@<kr
z9+RaTgw6O|d@L*;fM~~{DGL#l{49zljEaT2A&WA!oxAf(Fot1PpV>xCj!dX_{=w{K
zHWg%2<yBehF&h6B2U+F-*r@5O(UtO(Th`#TLS!os$8Emc({z^Gg9T^sREQNq&HQMO
z!W+LG?PP5*ur2V$>IU2=VkOjqY2fegumXr4(;;UA2x9_yK)W_@Ok~yS$da8fdeqmQ
zBlyxEv<;CSv1){WAQ(O*(jNDO*A>@tk4!XT1c_~+9m|OATyR>7{8BLUF|yip(9kNq
zE*eMbz3b?$b49Z5=4_ceOxsT@N;MQRf8>ySTp+5CUDhXVE6FL02jW6q)N+jYF7h4{
zT~K4ZuH(rSfEPkcF2C(7VRRTX>OMNEjzS)hixBe->-KnT&mB;Ef9lr~O!tW-Yi7aA
z`OMXC5W1Z}bYJ*MqmNdM_KoLH#_eE<xLfQ54mRN^nC(PHk54dbW~{e8$bI~;b8<)o
z0`$JUJtt@e))XQzF4XA$EXvpWot3ZbGrZ^vRsF3WAma$Kt+y&%MUeUNgl<7FJUjvG
zVLXicQ1I4i3z3s^Lm+{)?ilyyiSG8f^?>R-`;V*?c?`vKsV}lV_A!v>@ps1^KA5JP
zB2OIXLtl2ZZ@Al_C1=cX-R(D!SCDYp8j+XNS=+DAaH_70ed*FevAR1<z~qzrCdH}E
zf-H#v@Tcn;_Li#}lg+dDcCC0R$2ihyJAbgJYybe{6WDR-7Z-xqDRx8LB4uD9R7Akv
z{XPdo`U{2dNfWMNEkgJS<ZY5d;7Dv9?IS#%oKGW)Vt+_R)*3N~6j`Il>isBk<`3jS
zw<O!C7#=$gU}pUIi<w3c%Y@57T7Y6N?6GbEfN(ZMKE|&x<g6nf^tX}@!iOEHiWk}$
zNbMWvO*0X-B2c3yUoKxQma6&!UuGxH#mt6cL8=HWhvoq|`yifhmg~dCfq!1Qt<bKJ
zAGRKvUwMPU$&tBgEynC$BNN$mgQ~;ag}mves<Suk75$`Uz&PvM(BaC>R*EBJ6pVle
zd<Q;!a)D{_35~XUdGlok-$QmC{!Jzf8<Y9z_YH!1zsH_M=u=r4svtrK5?<z@DPea2
zTwTN-F*E7(#qd!Og<V9#vXAW^meLnucDZrDG0O0_iNT;tey!yaDZ&=Y=b>ho-d+>!
z6@V>?oWGP^wZqu~a<GCj^kszP3m{Mc2zJQ63ZP+Y%H}!2QGGhtIX}j#1I(*!gcAaz
z55x69TaMwoH5g=<9iLk^-_NI_Nvs2(TYY~Ry!P(=$av3bz_=(SZ#x#D0IhB%?GaXy
zT^}f-dBaAG+0H%lhk%3p!|RwoZ<p~5<l(w1H!@Uft;mjXMKk|SQeM1>fUn#FKxAoD
zcT$4DMBnB34JHG<z@}^acQ9TzKK&)<_pf0@r&j7H`-YJ7y};tO%54Sw_Tex$<j(s^
zJtV<@XO#Au+r@f=%D&QERnlUvv0lU8l-NzfMOxfN=IAGUKm&3QQbmuSg@+a%hf?2c
zX@K~}u-{axD%NU#HY76DmTjN_0Ch(XTVpD;w2(5luU6X7Qw-ZQeR`}97vkr?wOY5s
z5NB-uNEh~I2%w~ZC7=jq*n)h)6($UiDs|Hk;IsIr$vMD>c8<o%?;1p%C9&-SbD8^H
zTh@sWmiNQNwF@75KaToOQ*Qi#O*q9FyW<gEM;b+1P2hG}IYxgh8(lKM<KsNih2vZ-
z8jBTe8OI~OumDLvcNZhZSh(ut{fj=;^tX6XGLpUos;`w!ASVK%aZ9$Rq0WL&>5&(8
z-_P4rqME<|CK|*0SC3)@GKMrqGPJqE8LHb)*sMOSb9(08Bx>{P0+CX~XJ9{95Ca>+
zHRXguA@kk0)SR7v8q^!0R6xC}K068DI1plUaH!ddXmqLvrIc)<?iM@wFSo=ui&q@?
zwPP4uPII+5W(&=F17n87)oNcaLY;hE0MM}up6TD?di1x3oj|WZ<L^rO0tMu&{qy_W
zV)h(D(*gFFUtI_Fdd0t%v6Qe7PPh?LmCqnOcnR7S`MFO!l+Vclu7#$&8UjR5k#n%4
z*M5Es<_BSCwPmk$%!BH=qYuL}Dv`?z*#|O5=GvdEpV3@rf7yij@w0M2yu*Lmzm<s)
z`f!Hlu5IG*zPjTGSU&&hT3?+h4OCd%2E4GMzlzPK)hp*3Cbhm#M4?Y{I~F<1h!2=g
z;q19&`TlH_IbF90q-HF&C`(wOtm1IRc@3k??cer2Ukg{oIrQzCrrWQ8aHPY^z*e_N
z@z-_nhr_Hy9vb=OAfo6jmDGS%Wgy7IR+I?w=QZVxYZ)+KGd$ugE$P+_TZL^FnuMg^
z1M9D6V@tnGITea9wU-Lp)vL$7nYrLC_n20G4-=;2Su2(TV#RRN*yP375l)eKA=8=l
zOU8MD5aRt-JQ_tKhSUQGj2Y~-keaHE*y>mKvkg!Tj9=|{s|wKHwMySIkEVyMA<N&N
z49kEKJEK)*?a}~9Ku@XSnj`dGs1xfTwG0)A>KjivZat_<`mS^4h}PI|dF-aVC50WD
zGP709$aM*T#duU4tWpP&%?Ett+fH~)BK~+QJKY*PLdhBH5Q)4hHka>kj;VYz_KW*_
zCGc_%oX~9^w6-VOU%f;MoUnJVZ=Z7KM@jGOjhfmV<L9_iw*4guU+!0hGKy-&{sifS
z7fev{$tPy`$an~o^e@g2Oi0Z|B;^bl_|21Ikyr-6-@3W&ya4Cu9+bJc5p!kzZ8SYH
z9LM%p6jhJ$iOzKPSIC_o#~yTPesbDm;q5ip=46)V;+y4e3DIPqv$!xr#fR?w*DSO9
zTdB8RIP6helAz<4L!PzscVVh7_1CXSuXKt>DlztN%RDi58T+?b*(_}Cu@WdAR!{h*
z6-=)Hg2$d)FEs-4&zRbjL+RyZM9ww>ISV7ck8HJP6cLa#%nvwSQ6^!U-{mlK2VRiB
zcHiSYN<*co$qf8{YW*nNS;eZT&9RJKa}rnC6Vmt|QkE)RnD*$oJ3u%Wh~8tjXm`8f
zLyX{XXlsT*FCV|KKW(xv_qGogwTFqtLeQ21e6cwqI<SC%gB?v5eiU=R&gq+^!am)Q
zC^?=<DG(`x-Mzg3en_}x)YACCeg8PYrk%zYUOJa;$6o_U=&FA>66|?_Mb6bx)|Ige
z;x_$LJu4j3p#pgo=*?1B=+Wty&AK-8@Yj&q?>KW5xOAc~xx3IcTLD;{*f!VCoPebO
zNM-Wbz*WRLZO=G#&ePl+oU^IWF#3)>eR>(Xhz$fAp~@L5Z5yrNu8hGp=H!>9hUgJf
zsGi|OCmLZgS&73{oRXYz@GJG4ixb-gK7R1#=yH6O)!@#KaBP`+?Q0`9#J3EZmWg9e
z=yVIk=<{OnD=}TlR&V;j!qFFFHon3F-eCRjKb}qPrw^q0L+W`hCsu|!FxM#9H(}2t
zUPxTJVJ3Inx<lZv{T-*1J$Xj{Opaq5rAJT4Q*>s}U@0MNp|Sc}TRgb4yYk}l<V54o
zj>MQ7k2cot1J`b?FaGyuO5+O+n}a!A4rlS`q9<E;(vU58<Vrx7FN6Bd43l`3UC^3F
z(3Wvw@cepPTD(zn<~2VKsq_K`PBh{=F8;$vh<9hdme&1%IHc-z6&p#_zp}M%ktbiu
zfl}2v<z3i^G2&Mp4YExTF~BDd5o8?YXP-k#)Dq>#+2cDvj3l3d$L)m)woB%6G2`?j
z$i2P%DOaV0cma^NdqQ|%du7zZlO5eUR2PPaHyItt=!7xrEBaAuE>M6@+g{i(C;#dz
zI)2;BB2a)gv@sGtHhy=5)1jL}I$t3Z75i`@IfNs?gTlvya#>0`|EuBFK1P&Aqu|qx
ze!*t*`AA2_9UgZJ{_qbN!BqPg?aM{0)4a6K-@m&Sd=7wuI;`8Od=9)#frJp>WX|6z
zB6bGf&oUyt?3wxteBH?r{JGfxwRwTc6AqPmSiU<7oVNzMjasfQ#~Dq%++F$2ts_zg
zMs0+V!V~ti+?q|X_7Pt#*%Jp3w#4@HdXx1@PU@FKPWwVX5D~xfK9LMXcdP;qShG)j
zh(2C}gl&MuZp`Ql#5QbFprKi<fSlotf=pM~82TrDIQv1ejIH4VsSUH;<+%1#pdi^5
zMkgNr1mri+@&kC<U+{hLfLIImQ-J<gg~EpdbnPpuFkv^hvwo@nhhVlM<rQC*Jb3o|
zaJ7P;x0A&XH;I;IIx*yw@b_LYmOTpXVUQ}v2?ijziXhJq-vZ#8ND1t&mXT!g@WEi#
zya}|$2O(|^5+-uPd*y>aACU%#{iONv0)36~T)-+QhhcUYEU1w#@-Q78iF?zvfH6(e
z?KcgjlexX9@`X7nXn{{7tVeWH|0JkF3DAxifpu;fRCYiynjfZ$I1i2I2&+!AF?B(t
zWd^{H<IbGN?*rjvGH)^{>b&lEt|yT(Vv;k-5!l(FheZ`rOq2e>{MvHFFs1HL7*%Lv
zd}_*(&yY9PTG0+cvrTyWv$vAUkisQ9Gb+BEiX5!HNQ3waCz_<C*R}fza4rwJ1D~ji
z6KG$_9DY>G8L|fouy}Q|Xn}bq&;KlSU;#+jqbxVM<O|W0E@muIv4fdoNmx3KQ2d0h
zVNO}*`6cEaZFt7raDEV1(CslIPkejVh{jqE&Z4A!A5+J$!^fQjo3f|7KiD|ME6Z0B
z(~jN}=O2E1#||O^VbI^#+EWRm=JDErlubueRY@H87Wo#ob)v$j{rE!|(y_$T_W-?c
zFtyCRvx}F9<Hjk?nu^?evaHR<4j=22d*zPW4~D)GkGekO)82VH6ncZ{z#%M2y4Mfu
za~PMXN{GiyZjVFIzda+Ef#SV~|2&bi^2RGg-nwuw34s;@w-1A^My|RB33gOWk-d(b
zD+V4}OnU9(S#2mV`_}LbrolfxtpJL=VLEi9LIrX(whxOa;b-u#Zb(KF<7)D<X|isx
zY$TDeP?Ku@NsQ#EUGN)1Z8{cZ9K|=^#yvGCA`?85h<uwjcS_N<qj-FJ2!+NowbX)=
z96H&0PMbLd#?^Y!6dW3(g204!FLiTXs0DTYnDot^tdY(e3Y9jvs`Z;w5Ww7${>H%C
z=F<h?%`siID#f>NcZ$84+FZunTc#K9r26`}y7rIXG@^~whm{b}cCwnenH5`E1^mXI
zE0hW|X(H31+=}fYe{fz<$>>{FN(b_cBx771%hTi&jxy0P9z*q0TEd2n>15Pe1}Dq=
z8bobGE=pc%Dq{Jn1<b$h9sq+C3M@i{om#cVI<+(AmY0v*Z;vH>@C1NvxqZ*f^{Uo#
zeLJV)a~tf{^}lA_bf2EuJo<L)ZCg+5=Qii7>szn?it?jti>94K@7B!B>N;CZYv;6Q
z=i8&JThCUGLwC2$%KBn$YwP{vQ}p?zUE@}dZ}(?*?W%1WcFc$x9zbHS&ym%&_Xv-|
ziidu3$m}v_wqZIdr5nA}6jy`J>$xk%#;oO{x{YqV&lcEu+-l7-Xlgg?0E9}J+~S)x
z%}l5FqN$l=uhV_HdZk~VatCTV=(YGiHn`1t0nLskw<6vf;4f0Uy}l;dSqz@k@X~Ay
z`Y$%`4O-G+8e8`U0M_8RX4g50PE+1#jp&3&STBs`&)#XqM}t|_FN~vop<JEEgIRdN
ztFAZ<i4#`;CxpjBcw{{s$_2$g1x!NRXI})A`u3hPysDj+l-2y}$X!<R_-}?=RdiEZ
zbVl1Yz}%|{)fzYC>f4$Q*`p`v`~U-QhHR6YX#O(Vwv+$jYnA_rXYbpt{}W(Iz8cex
z9O${y+P42mZb<xpIyvi~Uj3(y{;Sb5{^{9&8s-1TQ~&Ahe|jL{zxl}%#w<8y{Dpo+
zCRiGyme#+hlUon)R{rp8O#p^;F0(otrY}^HeVPpoHWS=t41s1Cm0=x!8S8Avd5#;b
zSu#~cwQaC8S`V_Fv|7@ae-%`*!&PbD&9u|4PuZf+tKvef(0Lr=rP`RaN0e2-gP*5#
zIsN-3jk;p2%OU<QGFx27rkR?xBoTiG`#Q+4v)&!2Hq?>%{tcJC2QWU~NHsp{i6|@o
zZ{pSDxT391=_Ye|EBj%O=#nI|{vOYkL<cgaV>m`Pq_ph?tIp4p;Ef#RJRaOY+c92M
zv;Ho+NFu&H&y~sbX45V79)d##pOm6q3j#WNP5V3Q$&zs5zxb8&Ef+mF4FQ^jD}Sg&
z1`reGVWo$Hy>%+cY*DFYSnE-I!(ap&$HBywL5L8_KY5VCX~W1D%8RtK?#qDSp9G)O
z&FZGbiyG;==;kHsj!5*FjfVl`UmuID--y3uz#-5;KtO(ggvib5taa!T?csxf6cnWP
zp@9+rbUzc;TU@^d6#Rkg#?;8ogbp>R+uYgHH9q?z`j0h<r)xPnVL@c>QURcS$;sNY
z51MZlJ_$KaAaQv`E*H2C&8s%d`^i*D5D31UoZBDk=24fQjZ()2J6>+Ut&P7E8=Kp1
z>LZX0ud-+bO~zl^)x(^s!Qaytgi(m25>my0;bOGNPgJ@#bOwT)h;rKE<O)228YddS
zuMxYbU*DE?L9rS4%#*<*5_~D;YT|O2FKHby-1asM!R&MJEtk9#pIQ#nu!i~YtS`7a
z{#NC`N*!0cLunR1XaW1&fmX^nxJ*9<WZUA)!!rh&Wz$q9C*DH8B5BR0P9C-@LufMq
z3?nR-$B#wq!h`#?2~gp}PWImv=JtvyB-_xx`azxv%hQ?Pk9CeH4%@LZCxMlGEph4D
zBHL~~HCqF#?QxCmHa&pn3U5{4+hJ7G;Z24fgIUM^Xag<TU^6u)9!%?sI~_U`E@M<C
zRV_wMoXLB<+MR3hL$;Yi`oW&B<K8boCLiUSi?0boF6=4?|3nu-P<e-?9v??#@DEhp
z`)skqkB^g``$9W;c>-_Whsz!S1fQXfi3lFzAZYe1WK`#lOd6P%hhl};coCBeFOn}P
zC+qu&04LnWZ>v@Jv0wRg&>Oo;@!Sh_jAh7`E8*%@i`G$v0igA%(`0{z*351JaYTbD
z-g7WkaZ_L}dF$znD|IC_6f7Up^b)jzs*=NDTumz(or-tdi7EYG27%^UXbtosRcNmH
z4`R&0!Dbj`Kf+dJT&cOdJayJz6^%rHPA1gvn<GxA`RGq>Fk@lR--b`@AQ<n6Xhtjz
zND}Vk^b-I<Qq0Cs)P6nX(JN;FCLL6nEQ0Eww7{yHUYb+p-q-wZleA-cJ7(Zy7Zf{)
zNBWc#32LQvG&5%$6jLfzkeMp7Qbqb6E13=Tz324=8W{m=HMZ`4?-0=2O5@1XadS~v
zwjwW1#3?t|!m>xwx_zaKl;)&nLBYdmpqhGEcnG|w*iCBWv%nqDJ~vLl0Q4V0#`sNT
z{G5nN_#%$|<=a<^`I{^7R4uIx(zrrwK=LX@6+z+h<nq*<@h?+rxv@s0qmpIp0ssVi
zH=>+#aWV3I-Vet`oU*K6?wmK~y}b73!Zc=N7c2!=yJ^|uno=~yBnCVWtZ0865DJqH
z+ag_a&>J=oZJyCXwGCkbgwg57Kt`2q{R|lpE_?PDSy>9zWP5N55Dl0j0xaT_)#K+_
z1;TB8k$I$&d-R9u3UaplY<^zygcmyyFFM*MF~Bq)SLiQgf46M{RF?Z$XA@&`qFneP
zcXl(tuvKE9ot?ScNZr`Yxqhg1g{si3*DI-CxT@f4ED5ZzJ(e9H$!v93sjd*YhHf=%
z_2_-pF9wFBrQH#3M@K8Y;n;<K<8a;mGZY7VGV0TduIWJlZ+B3SA4Mm%N>FcvvZ4jI
zZ61fAxRIA}iTGWiWlLsoVH@By7|oK5@GO3*`R7c^JFTUZ_5-SQaH420T`jc_;}imb
z&1O(<e}kscxlRU%#WghP^{{>ztGwEO9bDJ}{&{lX$cO+xUaK8wd^Y53CU?}|)GUS8
zs;^uhuw+pF6ZXD!A$F<9k-IHcG@&}d5f9_eHwz*~v#J=8fSpA_Rro=~5+rs4=0TJR
z`gfPi5(IuHxO(5-R6``t-Qao;c%cghoqj+vCW{M=zj6a$&{|$T8{_&(@w_b^m=;V}
zT~nyXANl>pukAq#LYy#Zf4*m8X!H+7wH+ah9-*h1Po~EGh>3M^(2-h;R;%oCN>qAn
zAL_r(CI!zJ0K)hgB$~>QfukLyz+^@4tMs*gEMZUMYbYYD>zFvK+Dn=-kHs^X4^cc4
zVIEG+K;r`z;6seFw(Ol5y}MWQuWO0c*5K39Xp+pHzZ}220)>#mF0%-r5usV(_V9lw
z!~;*%g5D4}slF#@(%q##w&wfig&c3>9PQm<#XEZn3M*G_Zw)713nIW+LzSy5lnqWD
z_Old3W2!kwK*%Cgrc`sd4)>xkf*o33+i7TW`}YCNyh0c#G0S+XTFD*|fj=OR_6-cG
zpfo2kqP0a$1a9$C(o?E;mivV4ci0Da)G%*aL-u8?`Hgxu<2K*vC9TX1mPt<(-?t6A
zg}Pu?*@bO?z(W!JLR(S@Hec*BK3>_@<MQnN+xh<IdL_(|rNe5-w)-z`_us;J>#xU6
zx|2763ucy3f{rm1a<f(oDx1Ta=Vd#D1@7`SBg{csbyNqkAkC=LhFQYBY?h47pu4_E
z!tiFth{Wp8!Y$si!J&v&*GGtUN0uy+{cHb0{i?0}Uv5w}If!f6{6u{`Hv@SWSOaz|
z@kdgUozh5zjo-i7WQ1l08xJegY9!Y1$=qxJzaug(S<Ob3lR9dDYiKV^#!XR5BedBo
z?M;;VtGE8SsY=0y#zq?52?|zY6B>5wS|wiWJkdS|`N$KKHCV$8?WQN;HynJ#ny_-r
zBqT}*lstU;tY{O?UeX$&AdK4)<gy!)BcZ4M5?Wb*_Mu#JK;hOqecr^7@^-#|mXaU_
zbp6S6#`z@NAeZ>=mEreJWz7w2xbae2uHarkPg?PXtiOr3n?siTMJI>_Y5`IISR{m5
zVB5IY7&;PlWm8%ar4s3;o>Pqr{p?Wsho!{o2-PfFAt)Yh3JIRhDPFy;7YIkjVlAe`
zrsbV=*wTDZTt_EmU9{OY0_U3wiPfYJsQ(+JKOpG&cY|)&a&<G!raL*>%4$a=;TQ%^
zb6^yLi`8cTlEBeFjF6r;3x;{Frp4|DGVl?{3I-SA)Vj@c8@<!oXDl<c+p@JA@S$EU
zu<61ErBiBnY?EOO?#7#pYl$`;W&8wzk*vwjG$S9u10io_i<&d#$PEJUenM&iRH(^T
ziWvi-rS+vdP23T$(vUaBMo&_=uHfECPQr^A5eQOJ^GYVMsb2Er!;MH9;9T!F*3W%i
zp17CRn(D)m2i(lWW#vl8@ra<nvz#6<<M4Tq?P$tVr6}NYjy0{$=^^39KjDtC{%U6f
zaS>QS%73&dwk1&O-Ym4Vf-On_aH%W+YJNDdI=FEHM*qyz$mFdp2*4A6<osk8Jm=m>
zQpQYK$N4(KYcg&KWu{Y7ESW@RGXzr~)jai=8bI5HE~ZJtd60K~Gc;~94=gpe&h_X7
z^KQVCH)@la3_rHcH>HM1Z)+3N$Ndx?v4aU>*i_yF&MPa;vDPy|ukhLf9w2_Bfw@O$
z<nOZ{HzM<ReC;K{Tp-y|PS%VL`tfX!>Da^Kyp4(M(rI_g57k}V>=<zVq5Y;x&F1Ga
z4*a(^U#yVVPU!#@jZ<q>=oiUFKtNq$6$m_7AxQSz=d6fmaQOKdLyHOfC?sj6yp`v!
zj*A)XJDqr#)(99CmT_DG0~;e3Dl#u&D8w-Q=s5zKRy5Xb!25Ue;}cb!TIOEWr`EU6
z$L(<h0Uha&_ccTN3Y%11+a<*<fsgau5TVnx*e=N#&_p5}l2Y^<uR)$n{uMqA6A^Zz
zZ@8)oklt6w*R3e|L^wfphj9I2ZOcR@(>^4#3_&jBGNheBLAD9NZxzwlOZ1vLSN(6M
z9iJquO^s2Gi22b>-%p<56FG%95u=BZexEF?%_z%bBWI2Z;;6_|oJTE16)xf9=jFYf
zWNYU=d4&>6U>o^<DJ`z~K!Kyxv7||25gVS;aPOBlKmCHfiR*RxLLHS9%cMTlpMzA+
z7W2vmXChC;h6i21lPK*CL{K6BFyqfk`ke!amA?+IJWZzST&fwT7e^`{l1htckSoJ@
z<f@z?{C*I1seI@I4tv3wOi(X<_26Cj8LC?Sp#?i_s6L@E6Ml|oyr1$-13omm2CCZy
z5=3r@1*4nv;Rbq=;z(<_N{UHC!ZNsfWG%4y_%Ia6K^6soF`Z?!xF#I01@fp+@C9=w
zbx>wOazbH}N!D7Sl9$)l!TWctOI1nZES*sqh6&bwakuaaqKh0-ooVi3>{TlL*&~?t
zdchqDxuC+7zDGE4Kn<*i{-b}FxqNY&G|>|XYXor?ICjl=O8b&JPbii{dDw2=SChWj
zBJ>K{5q}I|kZ^YaEe)|x+TSQ;Av#3%8OoN%rbm<wTXQ}LO>de7=8kdnGz}rLlfG!<
z3Y>a$D`IYz+V$ORXE57{?i;2A6=GC2sf?eP8;s5%SrN?CMT#P{sy^C}wOojk?qtkL
zww=H|{C?yFOvDajgUCC}5L2jVn7odJqV%7WBXl~T_T6vFXYLy7)NP23t}Geb(LvA9
ze!PYF;Ze>%E))c~F2~}skXMb&m1U2$DfO2@5!y!oYl|5x2`?B<d?Y4a{W(kP#7m-#
zvoczk4ga86t4WvpE2tn|Ud$Btgp2R}@9)P_{@;&jxTxuu7K26oM1H&3ID^uYvUDwx
zwE~*}IB&VbV!^(+$OYJlf1S~i;D{qyWu;+f)hyl(%iQ9AnM(DqT4)o1n^LzCL>F4{
zFHO8j3SC6^(~?(#@QU0t)My0rBBDvi|8i|2%0mV76gop$g=*sQ0l8edWHtFV0Ug1=
zuyhSI^=>z%{+OA$MQ;<WE9JTE*rEC*;fzE9hy#69g!y#$L{irJog==O79-C&u3@hf
z1=OrA#iD{HBF2mWftjEZq{{04LAaxXiq?BfQaQf|$7>q{#B!47LZi-UaIs$iQDdt5
z?C^V%ixn&c2QT(J84CME*B)8t;2F&nVCbw1Y|b5D(2;{=x7SBK9s=!B@g{MyOcenG
zXdMdA1p4?h_oMwd=+9*~W0+9e`xyWe{wGZrf)cupi}j~?6s?m{RN}pZC=qz66EhZ0
zteHVW7M3Z@UfwRfLP(AubcfTD4z6tPC3p!#Kx8cF4gEMHXhL-+p{x#_ApaJ<Xm2+)
zl34CRb&3!Qau?+a*AV9*mTtC+mR^7wfD^SwE>B_qNakZzkU_9hH?I_PA0Vbh%3~e(
zXXHY2QU8DiGG>B@9mdMT6EwSg99IZ$*}<r0p4ljF9)k#?BWcWPaA#MDkchX^pp^22
z>hfUd(WHfww+;J8)Ut#VBqaA!WQr_SRvvi;#0k`lO8+?ib{k7UVVCM}>bL$tK!o{B
zxqL-^Z!ZWWB!kgUBHO?n&3xZo|BGD~?$P5rcxPc>n}6LqEV|D3-VD|vy9v#M6u^4?
zp89%r+(e?@kvaWfXB^o;xvFKrQh(0(@6<!fM;4R0l(Ug7Lzd;S<9RAz_${@mA1AX|
zgEbUH#@fdX#2_mk<RByjM%s8y0nC|)Q|QKO5v{x1pfj)`u{|fL*1JD*f3L`*{x-3S
z9!SiP7m0A(r{pFlaaQBT8-DR1Il_bF?~Xxq#KbOHNWzV90UZu3^h;a$OEvK<{&9+)
z<$|ZczXvt#I&&|IuS?kHc?*{1H4+OuL7%w;#vXjGEwO&33u@&_&+W704Nx{E5&W$M
z<;fdBxwWcwsyO#^fa@6a@MMvZfkeL|HCgQ1lr7a#RCdWrj$C;`48<T7v+SAMMrdXt
z&nQn3a%86xwM%i;L+NRc<7UDp3C8&eJObr}o%(&pjAJNyE}O9~8;P%+1eXa$R7eCe
z!i1R=A44O}03{87>zsuN9-#SfLri_DXGVX=>n@@=aXw~$MZ2M*91x?V_$DZYHXHDh
zrW9l(4<{C=5Oc2htJ_WE_Xj3ixDg_{6#v~@7FuYxJGEYtq<Zn8UG@72r5PvuDlDB!
zxDlJ^QEY(AvwUP91g^4<`PHW2ECTu34p|egI=}fFL5VQ}u&4!MA3zSmL~>;U^yGvZ
zoqqI6;^xO|ELD!YE%BSi&M2mguu34R=Q*CeDZxIz6g+bG>4_TD%ff!%E`Z0cj7sBL
zC6O`VvK~T*L)>QGa=jiBq*K!2vl5xanF01qhbhp{)pgAePzt&8bjTs!Sr5RA3B&?@
za%ME|{YF@1*m<wh0IO_Nbf~Jvg6GVRQ%XrhTc;#q_FjHl87q>WO{ddM_81~2F=KGl
z8V7H6Yk|F_qM+N+(}k7D9opjiSGolK=dsEVvc&YPx$=sRiCz1}<Oj<o@H$R)orxwV
zY*vELd2(BM+AOlKR6a}19Oz1J_}Yz5?b9fPu?hYCk;RdWfD65@VOpO}&pp>2J)VpH
z%lW-aWGJP4(ol91dO^#&kCa49Jm@v%8{4RB@M2bH5>fwKc+jZ(+l1}&n;k#CFJIlM
z`xTxU1pH^GnCtq|Q-}vGs}A#08KY)A8`nY?X9uXUKMldVQ&6DwHH<_N70hYy?GyIu
znH=^$X&3#YfO(@ksjTTaGxD~$qw3rVj-gp0u`rxii0gucDzZGLJ{LMOmzm~BhV~)j
zkIcZ?-k~+Qjy>tQX?Mu6Nvo<iOlwXkSSwQ!Xb6-9M8qCvMEs6D<18iKyxhdXuoJ)9
z6>L24C#ZtEGU!r?Na>$G>37WiL(bf?yx)DOrjtzl0FI&i{(WlZUzic;_ym=C`FK8?
zqJvAtAI%t>q^+iL`jmNY21>>|@#btPBmW@V{8Rf-))s16bwgU@Dj`jj#-S_}c>CEn
zkpjbcF<WX~vJrZx2#d0pixH#7SlT_POmhb_@(b4&#!Pj#h_MPkP;2ZQjv<zTPV8c9
zzwz{cHyoEgYEbDKff@9LRJO%KIL#2jtm-aD@7T=hPb+n`TkLHq_91SEQ{vK(4OEZ>
zokTT_(t2UZECOa3G1=Ub+oEw#@#{dp2Ve;80EL&<F0s0`0OR9H$cuWwG7~UO#*!Vm
zVEV~sg8^4EtVQnU)Sqc{v1A$PECn6)J~qq%fO5nzD`wK<MaL~awk!j?$|CGrnlMXz
zn9SV*Bkh5U&&_#%FN#cZWOR5HpN40Q>$O=p$=Nm{Zw9}1cmm-EE<*|F6Di0+G+upZ
zaWxa^x5Qi=lgS&JVn9y^^=)~T(%flSwng*UOcfLX=O5`pUb^{?7v&_rl=g(kgAprZ
zKywYEDWAKRR#NsB;0w-G7vWfplR_5$Y$pZORpf&<pCpmT;h1+N<Jvn~h(W~~G#Qms
z+~*XMl26`8p7E^BnRc`Yw<*cTB4?l6Bvb{AgdG{5U=tev`Mu3A2=1yP4w~(GQ_B87
z0fPyA_F`J+gi=!}Dgex4E6+8iuKPkGzRpOT1m1t3X{B~>+@_mL{+@;(mr>pw)D253
zUn$M<yXoY*CUMM&wW2Oq>8VEGQ4|y<L|>U(&i+_(`3glp!3=Xh!|kSrM`T;}5;FE+
zrK}GtIE9yVqxgI%%XWBmXHGk3*RGgRm^SPa38yy_Wg`h1)kdicV$eZtM<FT~GdREt
z3e$f^ccP(Y-pP$gD&)3pqqpNKKZy^7#p8n#3k3OzoDV$nYa^qqJlwnJk9UqsO$FL8
zT^-uQ+Z@A;DsmyH$oqeC@?f>ZVtcaua*Tz8emQx>T)B5f1tUQS9`-GX#K`C+W(}QU
z{+vtawO+gDj{|!5T2-8DW_;qyN`^6uGmL*x+SCHG%hAtW;45z`3=)?Go-Ge82@e1?
ze~-veVrf%dWSJ7cyShDh3R6arx^HT#qwb5BxNL+bkQa8tgp~eI2fDpP!#!<_tz8dm
z-o2`puD?0O*8y{`ca>6AvJAa+219g1GT;Q`j4%Mn5p3{Sl^I_q541#c)xkG+4-S8l
zL;RP$I6oQEyGz!@VOh8Yg_>btIBX3x9ANddRH4Y!@^Lb^Vu?%wyRW|YDZ#nl#C=m~
zzR0%^-`y*MUb1jiM6kR^V6ANqEcpOph7H1ea4q;0t>$iCF5OKC(<rw;PU^>`MqQvY
z!1HHJ_{m{={MmWALUt_jYLGfq%dmf`FiwJtvHZliaWCO{r=hr`!dLkSO7i~d;L9y0
z;C804b1bh0ClmiA`4cIy7M#}&$wR<Gb9{-J1u7Ad#_Y6P;}bb+4O@f)Po%j3i5PlX
zQbY=f4|(n$N1@9;yF9Aj;F2(j6<a>rmLTj`dDjT;CC0C<7D7(NQu)m2?W2Ep_tAX;
zy)EO7@yntDtH$yIUxi}v4P0f?WZ2V9t_s){thYp?UL|aeg=f)!0BpU^GgrF6QfxGN
zFz7umzIc|X=0IG{^ASBfp->~?;JqaX<Ga9ijo)7CAYk6F$L?=f0@<^X?ZbEX;ec)Q
zJWYA78srAv>8tbRON@fSSOI^0=OKF<iWmDZd+7^@wN*@sHDej)CaT$UT`lmPJn$@N
zb?FnV_v5N%)QVzXeW9~0;gyzk*MRM%o<f`a8l}8;OC@g~yt@x6q@dJx!cnGlXX>p_
z*Xen=0wMH)@^&znzUk}fkP0|zLZ+YQu0+)nN(6S%(5~o*x1Qmak<fpM8-a1CCGXxS
zc$7y?&hXZNd?RGvUMen}#tCZOgrcqHPIV@-a~yXh-<IDJC*DYe@yg{)<dSle@XN<0
zNQH=m8QxL4td%(JX+l|kAqKp)?tNN<a6iQx-k0st6!Y%E^|AX{#`k8tv>10uSXY$B
z4b6eB%B6>LPzmR4kUW1um$u1-yi8evmgdZ*GDJ|vA&|`i>x1}rwtrga?Wg8L%#Byx
zq!Hdv(F1sQ@3`A&k^ub*jcG3`B*XC~G{I%21i%pPO*PnURCuX{pmwi$H;i6Nj%>HC
zoSf`~%k$-**WOkF9b%vc^js(`wCZ9x$b5Y1$oz@HxEIe{H&B1~<l*V_<~1+9GU46(
z>pI0CBBmQv8dJXH$cCz8O)xLk320sw?(#(97k0T{hGRJGs1UVb6_U11rR&rj!ypv*
z23guU{+aE9n8q{xiDA3<KugSC`3}=pi0Jgn5jF@R{DtQj@q0#k!2Iq#drj4-Kn+I-
zHK77KSto$}==Og+%Cvp*^n9(^=A6e(PQ5ik!}f5MX?+o>@)pYAH5FmO7sPxpy!|4-
zALTxOYv(BMHPG|CeYXy3DU&7fsY|JCjUg~DO0f@E@808g1*}1yz3?iVvgn>Bl7xgx
za$pBNFd)7IU#umWqBMf;6qoel^up;fyZ|(r3x2tD5u|_aeOnFY+u|AQQss5w>wBbR
zo!*#$`4I^ipXB!F!DHBNkNeGuTN{kB^e)*xV(V^z+t9}(gIImJnsJ2sUt1b{+#w8!
z7(SXKU&b}9*Z?iu?v-%<^;}rplBdg%uI>tbM5uS|I%)1r5lY#-{gATbK1DS5;5}^7
z{QZVkqtSm7Q7UdF;A92{<I`z-fcWlxi$3MkDW6R;GS)$L-k45K^2nQ_rL&8hkIyb<
zZ$SDPvqwr9m(VCci3LVZnFa9++T2UWk}kp-mme;%|3jg?*V-c|{^ghNecfLV=)M82
z$9bcZqE{SodUe)R8?omKiggmFR?IHQ8{&JrQFwn*svaJX#(MOYnJ;!gat~&zw0@(8
z-?u8jHi7Ol3?D|*-8txcEr8N7ELLbpbUElzHWEoNJ>Y)#Ud#13r#1^8_&VljVNo!j
zq7^4-HECJC>R2P%S5CBdF{xB{5nb$5bGD%+ql7_9%z1KrzCQ&Sd;yP&tDiLK(&$f`
z(7S(sm`_UmG&y^(6;;mpY=%_}@m1Lk*j-s)S-Q$U!Rplm&Uf$Cv@7!;bgGZGwMS2l
z1yY$|q{{~SWaQNhZyfh8-DuvYVOD61JHgd@#2RO)?k4WlWPc_<rsL_YEcr=7y5Djv
zC-{c91m8za6>kb|wS3z{qRZ~xm+{M;4Xc0TrLqp1F87vb@HQ^ILRUH{{Q>24%ALZk
zkXS`cyxKa7^JEd7ow~U|6Kb3*RfRY2QF857rB^;hB==gp<w<9KLy|`~xuXYQ@7}f9
z1-46bA+6Ap;NT8ruzc$?SP(u7Aui}`NA%irlo{{}fNRtR`~%P=(J~7XhBwLXJMVwa
zKG|YC@;6)0qsUiYTU9twWQMQmT4?nVSp)x25bw40i;H6QFL5LbnYWmcTGM2V^cLKD
z1FFEdsMf)mPLUYH4l%s)=nEqdNt!YW2)j%oZ%=I-uCqzh-h}1#JT82L6P4a-OM?uV
zOSN%Dfz75DY4(Qs{(YmLtzLCkUb}x)-2-M*)iz$qJ#s2nAk|?}dD{KBmM<w?dQk9c
zFeUCX01aHGW^ijJ?4#qK!%eq_V|p{ti1~IycJDjX=?9oDf}xoMs~+JCi~R3nnGHuQ
zT*DV<;IaM}t?Ftp93z~E!;$zEc$f)y;KfmR{Gxp_{0EPfRuuG5{4fr47!EgIH%Q*=
zOe}mE#4Va$smX?Cy>_dD)O`2ZyU+d?P)h*<6ay3h000O8WmV8zbTLDcw+;aSdODZ3
zHvusqhE331*t%UH;vE10qM`r*7XSbN0000000000q=DuRmj^fjDF*#40RR91oWf4m

delta 54895
zcmX_nV{~3!*LBd?jT_rmW81cE8z(jz+qN3pZfu*4t$w+mcZ~1Xb;h{%{<F?pbIyg6
zy8f;C`Wu#lH260(5D*Y(5DSZGofccy5l=Kwkb8-GEC(Y1tYwDKYu=?DDO_dOFYf{(
zBEgG5%xd<apVao@-uwq$JxKo<4|sT!GxAjq(v3B?Uv%%TgMf&__wEI~ct1&*&&gQv
z>Z4D+(4PFovy1Tu@Lw+zM0z%X`rR98bL|_l0rezN2hp>nFmJH0W0z5^`NrV(7#^s?
z<?*v*<;G6Hp=im}dWdQKD>ixpE+~L>j5ogo0}{3;i=;VmU4BmM&&3=Pfxe>?S5HP8
znYm?(@gmFyNpl%3MBg78;A_E&&kPBFZ__4HVbE2rZ<Ht8GZ|ot2Wp%~#hwy=nrW&4
z?<`Cmqnw_3W(C@bhS_gyuUT>6)q2~qz<YD(-8YvQW-JMo?VLDgYyp%Fw8m*K`yPEl
zT)L7+mIR9_icA}Hk(?A*|5mYMz`Mi~3*C#?EZj-{-Ng9o_H@9&rO3d-jQl3Yb3D|H
z!B-=Y+J~;<z5ekP!)$}VI&&Qsru+J&li1!fvE7V@WrWbr>?~c)#qqS7+NGV6HmYm9
zf&e#XXM5+@uy7y_R36Z0?i;~b>Ign-6lvBwxTs@+?UTCI95}_J(L}k1Hmx&FQDcjF
zDgbu2+s(@RK79*#R36!c!lOFpG^tERG}O)FVJxSSlHu)GE<iFnANvF{qI>kU*}p*(
zBlH>$>g<@8+CyFSLgZW#0-e@84ywvTRqycA^yKfu|32!)W`WOrB>PIxf9orsmUlh*
z*%<EP#-Wf!?7|WnER4y9KOtgKU%wamt?Y74HRR35Y&Q*m2=1S^@B;;^9Qo2(THiF5
zq6n%5EO8m+Psq@c9Ur8*UyLF4k;8={Lk=IoD9LYZL0{>8qXY=KD9l^!k+J`1xgp2a
z|I+wN@J{#!WeMP=2J>^EJ*Lliq}cv)UhZU~V-*z#p)kE(lpD38C@RSQb*IQ6>yU6;
z+4U<cMctd|#hd6xlvZz;cU@0H>z8jt*Dtggf(}e2D@W}yz3?pMfTs2}xcrc>lV3Md
zJ28o=)N%|M4w$y$p=`oUh%i`Z>AQ%O8pbG)tAKw9K)hUEsDybF(X9#&@o}u_*#wN<
zD;{nRvU}wV0UjHHIj>s%ow0qO3p0e*G1TU_2=OU6(CfOOIu?pMp@0a`{97M08yW)W
z$RZv;HpL%xPrI%3Kcx-N11_{ZS~LD?OG9i<8B!R*Phbu$!aMI${eUmSglS`FF?FEt
zZ4P+b0N{Ho9qa{MJ^-F8>9$YF-PyjKgL{i4^^BO!gvDM;QQU`HzQ;L~i~OsXNoKWx
zbD9wr29=JH<~Z^dL_u+mjMTOz^saXKqpH6TYWSK;$NUo{9g(s~XEpEj^2c#8>+>rG
zKJ0+avE%2;SDen{=uFMk_u`VZx9il@KQ*)fkHa|K7i0Yfel?{ko&bI|tJ4>d5o-)c
zLDcNI*yRLSzJPBZZ`^tv5V6ab<2SD=vFa-;tzr|ZISD_f>mxS_*7w(@&{jA9A;-~7
zDSuz%HmHs7;+<D6*>G>E#;se<DbP%DuB5e@f~qBC*4SwYv{|mN!j`l$di$5#<!);a
zY)E`(>zS?{tyy)JX@bGHN~NxJGnKSEZ>86gG`;dHc`XMAll-nr*b6C8zQU5T-Hj5T
z-ip#Gj7HVRVyi4b9KS4ZgcFZq2X<)HZ?=KMLSul`KAn{8wjr?bgK=aNt-rzvFTnXb
zsOs!N25sHlt;j7-uC9nKE^to*lnr_Tz~?Lu-$T9S9Fphl>pN;HDzZ2u`Nchn&gRNw
zykx`mVV%g~iLCt9^g$Ole<K_@?#JC++I8Wz9_t@E5Bomvfdz;w-2~@8@6@}kdn^2<
zM(_QusZ9@iv03-SE}ZIHf{>@0mX3rrj81h@`u{E<r9ahBsX6U*NxQXaD*#)fhlq_9
zb~2tElgv<Up6^L5O@X(~u;ZDShh6V>5V6)yw?C0J>NMPVS5^c{dn}GJ@dIxAmhQ~D
zt3!-B9*ojzO`84kyaT2eehbtRs_i&?_qw#6F(TfD?haDzmm}TKzV~o8?`#`=K2N%O
zgnZPjr$nFz(>jS>j=Jee)&Xh5Jnlaa6;t{}FuPQ}u_j4OhJ3=4Y=q%`%AHJS(ME_X
zCA%4Dah+WqU;gQC`g(?hNchi{`Dh%)DVRuxIx1%+<2$|u4tf%qOnQ*0FFgy?#8#=o
zj5D8qyC<vMc^I=VY{!4m{Z&KQ1M#98Z0UFmrSx~QZ<Hb6cx`pPWdgVYpFr%~*yK=w
z6Pm<NL^khou6BDxAKcmcAvrewkO>{7E^rT4fQjr&5}vb#-v?=EkKEOSBQj0-T7&Fc
zXggmhaR1O;$-E3!5H$!P!a(>+Bz(^{B!!6V3ocd%p`x!6#~8IVtl&F9>-?*51Zi=d
zCeN$G|IAbH0f{i6@Fy^9F-WyG?&S0A0fB_3{R}bxaIcVr)SSzqYtN8${1;Pb8ET1l
z<Z66Hl%AG{EZ==I4T&t*qaA-$#al;9a2|8)fL+}#nHCC^8%NMweFe&Q`1RL9_Fe+S
zCyoTcMjB3#->@g-)lNH0wm&jV-WK9K)HMNytSaO@$l1?Oq#YnM4X@OPr_f@q5U|X6
zl$m_<1$EzDdOf;*lJC)ltzE)Qy<(W9d?PLW6@M7K_;?9Q`f=(3k9wl7quUSIi5x3~
zxQ>RVv=t{h@kkylV1JmzJ=nijP6sKORX5~xGN<yHr<a%d)${NZsvkV39VUIp;!l6<
z!k4Z9<jG=`9szTh*KPS@EwiRsogT8aqfIL7>KR4>?EYKQCWM=;J-vpHQ8xDXXllJ!
z=C$5y9%U#-d-t4bYRW7F%(XC4YJXRsc%7KtH;jWamlHH8D6bMmY0PrCf^O2|z%mAk
zvr{@08`wv&h4l`Uhv<SUsRfQTYF=1HefubCXS(oq2|x$=A+U^qSy5lP>Of$jr5{wg
z?m?6dw$Z|Va_PU6i12#1>1qtDc86`w!PM>{gj?HwzPNoG6q0d1Z~p^lc6ypmL2$ui
zpR%P%ImSJmTTJ8afUT|s*@=7JDqUoea3V5z+gi)Wsg=V`NTCsy&L!kJlJt#9Mn+E-
z7n8XO7@Z2%G;C3}2Wb*W3co+Z2bX-M_Zi3i^e@wK|JC|d5rQ>}F^Z}O$pJ|Z|06M7
zIV;}+`$`TxjTA@7m1((9$Vjh2s(`$$-sOgze^-GkLT;PM_atSF#AzQl!K%c2pw?NZ
zW%AQ2P(=N}%T&yhx{a;l*HpCFxym2Pm_uQH;HUCBy>6sk^iWKadfsjj)E_)Gr;V^V
zm`atj=Npo9QX?uo0g}zOz2u9eUCv+-saJH~pj1D9@^6-OceGKoDQ)E#4=76~7M!Ou
zwbOi0;}@tV$bdGjzQ|CE!rFtRqc^WoR(933wl8kg&kSepk|Fgv^kC5!>=5`rsL)rN
zfc%(Vb>(6-@csO(${nASMch(j#)(YMTJv~<(p7LG^+0Fl_V71P*J*(1zby+-a}KQ>
z#d}@L7qQHI@%+PcTOrdL2s+FNI4!-ITj7#J>&RqWix={@cRIqCg2-S^7xvHt9JBNw
zLS8?KEnU#D4hYg|%!FLgKQwlwzF|-tz$Kd3GsM8{J#rF~TP_Ff6+PO)<}uPlv34pc
zi@7hKh(4*~6Fr|SN&{ioh}52Z%;$YtzWjYR#9P8DjG~iCKz}YrpR3gm_cNC5S&Gk5
z1nP@MRL@(ru!>QLXN}xGV{#e(G+nRBy$v++IuQ{uT9gZ#7!=R^N3zH;-B39U;4fk(
zSNG+wVva7*k3RxN=Gwz@pLRy3+1BxRiXAc7jzRGGA<0hcJ|o-{AU+llT@b->$JO3B
zd~a6H=2+2E=DXz_L`3pCri(55xU??%Pi-+?$#hY830~A)V}2sScHbTw*xxE*rI1KK
zF&4#;&AvUL;RWsdBcP8a$(k-@2ME4#$rO}<?vNm>ThK0|=v2>O6h&#6B~(=Mb1Y+5
znd|CxP^v(Nj2jpy_jzByY<})+B_dC6E%C)Z-FeZy*~)*1ZdCYbl9aFTb5tdy|LccG
zK1A4SA6mP#iwd{Bg9?{9vb(b1un^&}kP>%keRM(xE+j}ohY}YyWPpeUz+FP4d7;8(
z55U(x!NXXjm@Me1-!lA<ElWpg-A}4#xbI=Rg!R0jHlj9K*?WG!e89#1$iR2K?c2Ij
zW4p(QyxxjZWRo%c{*J79>di<%n(?&S>pb%78(ylng7o=T!^^KI)&QEHe(8P28XB^n
zr(To34y~9CCKf6LugJE*t#C|`zTvW=AFg>JkKNJ0o7l|sT9=(X=X?-|38=}DQkWrz
z3oZyu1L||Q>j<jJ!wM+Q*>{K6sCEY`kbbF<<Wa#mWHZ0<N$hCp3CfR=RQ3BGyGi7;
zetX}$-X<!0awV#IBrpS1J!oaW9c4p4QPPdg$5yDMmG7PJl{0$-wLC{jr}=T0;0px6
z*pEJoK=!Q)As9T-%?(lB_$uReM2!t=MLE@b+RdQD9ScnKK%%PK=oW0Xe+;FHp<^9;
zcz|Tnxl!#;m)rc#vT~}Hy2ZOCi3N2lQdoD6u!=Z^MC)xswdA}W_``QTw(r@r#6x-#
zWlIX|Xp>zAm(J4w#w0KQQO=fNAHI?OWLFE0^MA@V>06k+SjhPF;P#t&Ik4?Z*_;{D
z-iTP9{!_L|U*Vs15cc{isf<xu!=3+Aw&IcLb?Zg+-Yzw|aBscA4~%6+%-DZ@Y>quQ
z2@!7_t%>r(VVP)M(~)h;U5%z5?PqYuZ}rOVto?v`Z+0`r+R%vh!NF_}hUBxxp9I(r
z1k^T07#_I78X-{D`Jw#jy4oR;n70{4`x(lmO0d&*$)#5==V$Q5={N|-UL>4+;5~*@
zq5E3M%~clBMQn+m5H<7=tM!1J;+LjP_?A7Uiq@is_(jg4E8n4gPC>0-clS?W%)8l5
zn{D7W>G|^F>|<o2!?gUcE^Uk=&rjdJc3XebH$;E04Z(LR49TZq3eL*n{$p!7OrL2(
z0H$Ub)%O4iJ7UL*XExpPRzr^uX|xMbWrWFtYP<l~+x-0nhi{mW8_qdAhk69|_oTc$
zajZ?1%i%&tnF#eSTG8Z95WAM8D6$Sh-9DftF2J6kj{E7wzp)L}?sug=NUQc=bEH<d
z(kqBvdgv!T=%<ZX2=xnZ<BcY(r7%n1(QM6EU8bkd%ye<k&2u|a({6|}j0m^|-MmX-
zu}$l!6kLNR$n_gKfv5hAV9z4z--u^hKj(E0PFZ?4n^apn)OId6aMyqGv6oNt;`#y*
z_c;W<R(6XyocA?!7)MR1P+h?F>Wtf4yDa4@Oeu6D9lu1v6-z`VNnka0VBRlOcZf1q
z{@aW~UVnv{V`{f9zH{#yyEz(&(c$QLW0H+bDt&HcF7*dN0xigr=$Y4&9INkacezAs
zpB|69w~x0+PZOD&yN}g2#meu6MqGg3cWd#M-M9r?q2Y8=Z9di5F2W!abK;BZS;|aT
z6t~Cu@3vtw9Re#5{fMaO(Eod&M|KOSBfv2%eIjW6+#=}za~snH)BlJ1;}5iVWA)fR
z;RRbu2=g|W;TLZE>5(4=NiJMPrSbWc)a+YY1ec?%kQI;Cj!wMhWt`)I!f6oQW%c}X
zuYj66p=B_C&hE(fr-Xc0uZ?m|Rp4l*y<5X)Ss(g0B4^!UqrqAJlao8600$CNmad^u
z3TbcsZGK?Sn@>^Uh^sw5M<EC5=sFv`5JS7|bXqL_TE4dL?|L`vJsXCQYPKw+B?GY`
z<XWSz0)h67aNI&z4-W&-2~qLI&wCwM-LCl)ucp7P^XcU2{BrZ|<gQg6Ou{?su8R}T
zBtbPBNR@c;GB{d?8X+qC9Xt0sLf&rtC<zAO%8OBrPd9Sssr0JTO3U!<eC8I(e+-)f
z=cO~V&*&-`_n(69qu>ARLg@{;{ycH?75B<gea$|-G4l={$p=QPFQ-kqA$Y$a^xuu3
zl9BVs6x@@WhN&y|6%WN(l78)NTparhOM0+-Y=iw_YMTwpI!C>gXF25hr<$9;?widr
z6*CMDH>Riu_sA-!RX39`PR8}n_B=pfR`lL!6iN-th%2kbs==^P<Kf)hjCC!1Q#r1K
zgal6>4B8sNA?(=0G>|C^=6-UT7;oB}rIuJ-;AEO4V?>d=;cGA`hmb8)$7dc|DHujF
zdpYfJcTyNf)4um&k3DkxEE8&dpz>q6-uyb`9+}HXXw&S{pPIBGWG*q$E;YKTJ`#ud
zL}aXxdhGQWvS>e_QT=sti+G`UeEt?MHN#L%>ggU}Hr_Lhr{sSzb+glszos&WFIY+5
zey+k5E2V8@S>qE>o$UM&Vi5WrvUr1{uuTD{(iXdUgMI-)x5>wn7mS@*Ctk-XmOATQ
zGAvp&9?i@{r@=t1iXqV@a26M{Fwaf0fqj8g&fz9<rdhm=U2flO>4jU=eH5yCq)q4=
z-zor{K`8NC6m{2FjDeQdcBO8I)-qIx2lwM--aW{&Oo?Xjfp>4|3@v9u=ub}-LjPT`
z|Ckm3G?*s+=P_o&%lo{rV8!R$u%$ygmN}hUm1yhs`&)b02YO7|p&VLuqie{YF>yB4
zx$M{ATG^vkP@L1JEKR|XoMfYU^Hz+(R4fr7-~*+_wglCKcw`->WvyRPLIt`HJWx~f
z8G9G;g^s9{Y%<pi+yc=IVP#==TaXd*WaGfya3Dsk`@mxYXC9|c!u<GZ_XnP71N+bk
zvz|+XFD@EZMTDEk>4cEd@GjTZ7zd^4x7B^mAfBWG1#G!eVXlf}_LB3+Yz8FlHoaoN
z8D6K&lDpR+AjG|j2xG9}_Y2{SA(r?q?Y>nEIw)0(&Duv;87=J$obKSpUyu8-N#0BE
z3+l~J5GCwXCeF~ZDsxUq19`N91_jaoOo-^0385}f5am%;74f2p&@TTdC(humAa0QA
zX{0u4)IHiSBVO9ro$!HE4VKU;BL-kq2L&sMm(b}vpF>xJ!)yv;HB?e1oM$$4@aio~
z+9Vdt^I|QkmBfF;x{BzXg-^%gYb8Z$lK1sbs7V!t<z*ODo7W^+(50MKAJ--+n0<z)
zUvm2Bz_Ve_M8O4qoWPO#rm<K!KrPEsA7;~JpXcm_UIjmtf|k>m@fggi2m@fz__I_$
zT&bAP_=;sOBtt#|5~V%U((|yEY#*v=j1Lq9+re5fJc<-%dF9=Iof!}G6tAB4cPtLn
zhY?QH^C?rHd*nR+b95|-%(WO4X~f&~^e-zE;-@cqOTYSn-adAf+R5?{#O8;;78Eb*
zI}Ps@KM{IX%z~wqc%M&vE&_&tBXS1B^Sk})Y`eZ)I7EW!f}Lw(&;K5K7!Y%}cy})i
z0o?8;lCbG7g2nY~j9J`wcxK~hV%`oM_#)UahM(_(&d*;2i-_xY{`Z4j#!s<}*k@}k
zYwSPLn0vrxe0iiM-=<IV(UbZ7UU4pnF!-2V@TbcJBNyMx3NUKQ<&3gtNICy|JiRx&
zj*yBPko=BPwJkg4Bqt;hM?O715!-N5+6aauVTIC0A}1nZ2cv)0PuRY-Aa*j+Rr`jE
z@w2m^-qm=pAG2)w$3MPVL5zrt*%rj}fw{4TF6{a5&7b$Ag)wv$h-s%kl(WFE1sB5b
zOFe~uVIh5ch6H|(gvxw4InprVg$%H8!#Ny=vHf|Y6@V1(nGgF^#6{59pbhh2H4v1>
zq=10^80<Txa8l(*;|diTQ8>YZ#S_jq_Rzr-_EHb;DEK(VYT%i+EifMaiWFDq6nk`B
zp|OT@BmEtn3p}x7zA>c>JXE!@hWhV=JmZyb?ly&L8h}c&1o+IBPIcWE*r30_rgl=L
zMB@V6B&25*VjUM(efsQt(tU8-fu6T|a){hEEUm^=6qcW1l5JjNbV7@9o_$<vL`Wdg
z|D64jWzbWK1bGs@JvYmfJMayqMKPN(gw8@Kb!Jw^7h|6E-N@4~?<G9oRMCU2N~`RI
z569yYz}h+**l4`QGm;>syD5#W<u(D3YWG;_Ca&RSAj=L{`oR<&$(OpKh#<$|rScmi
zthI-u1;I$V6>IBo(76e<9we#!k^0TP%r+{(5)(WQHU*kQng42~!mfCM>+-!qca`cq
z?fWbZFGOX`clBWCO!FrKPyYc6x{r|2Q_^(cT76TT$&&&yw4I}SIoL1UP?P!l=uUl0
z4oaLPj*8E;zdabA!!FdAb_qdmb*?#M?rG@Xxx*c9T`og@v1J}lTfJHV5@bhi6Q<^@
zB0tcE9%t}PwJZM-DdxM+Xhh^ZDTwiCeu&dB{%?C>1QIX1{DwECP-S*&)o|a>66=lu
zAZZiFO8FpHeofNZDpg}*2#11?8I#gT$rfsRzN*t`HoW{F-#dKBtpbi_<ioMGTIEt^
zvek3p<Qav$18$K*>p`_c{4G0wmozKcQ<b}54hZV)B-0^NxecYmi?6|I04~vsrMcJQ
z#d2S@*<Vc>J0s?<nN8BhH0v@7<!u{aQ$l_D%_jF@{b-W4OXj2E`FMp*yShp_E~$OS
zhHk8F#-@74rr7YC-SAWC>e)rv>i8G9GODM34((esFPVriZwob&eaFnG7HV{z$*6V}
zo%s4!wtkhpy;?LmVnHE$%2hklEF((dqviRUPi|AqJ=v~O`=r@v$+l~`iwO9~iZH73
z@6S9Q(A$+-wIUTK$TrYEty90KOS{;?AXXo;OK0HomXn|E2XeP^t1uv%*l%u}8Ypy*
zSgBfhF))31!{lJ3k)|k%o9^k))q#XA))@UznnUnB=?^dTfqprZMsOlLCwqf6oS0FO
z773fr4;^-TFuSNy&{=~9X9%E<!bXiB<<|<q6YQBRC<=CbCL46VPp>n`HS3um<f`VE
z?7L6Em9*oXG0#QDzPwF5;KHFPUb`acv>S4Q>SXV1XHu6DX4(r<v*}5al}JmD=)j?=
zDg}k;qvMxp6OSZQ)0SDdpnpQ6Yu~3<IaV<geD9Qg_$vpS{x6UTK^j1zwWnp0I}*}V
zrnFWm09RNd{mq!Jz2Usv9MaK?+r&CGl+Sv$C?xG1u9eZ%tRxdnpiYC{UNy;#)?Ou)
zs(R9pQ%+AaMd0wSi(gkQg=I$8Me|GPHB+0gGdys0mohXYj<io2ME3r77Evp;=}YMq
zQ=5pi*Tu@4%G7}P&+?8oCF}pZX!Sn~g5#0$g|liUs|VO(wLenTxowD7A;q^4Nl(R4
zW|DFIY#m<HI{Ay*v}@iBBKd4}n^62blm!$ITKLVp^Wd$QH@gc<yk_}Z&;un&?Ti0z
zNSvYeB12#5^7(Gk4dp-l6DeqK4<ONv$Xmd5eY&j{34kGKdFqR$A6#A_`*?SpwZcpX
zMIs2vwQIEbw_Yw?DWn4`!x{lHROC(ymQ*Uea+<n$eLuASFf5>!?I@Z1pByf444^VN
zqHAEPv1nU%Eo34|JT;LfNlQiij)06@(5oX6@I_8hdJ<LJ3!{YjkZDf1RDK`?mu{&B
zZZvfH`vHK7>D4YM*V(-Hy4wP&-B+3}08`X@W(dv-s<Uh@kX}CwfoNdSn7!06b_F46
z%rcEYFF`X)>}5#GJKzq1l%lgg7z|QjrM83(E6ML#aX6hnX#lo(jZiI?G10v$d4Xgu
z+j--x7tUfrnJZp4`+_NXXxJCCyW$>nI9_D|0+{ulu({;wJo*+{m<2LCANo{WqAbg{
z;4F69P+6zhXRIZ6li*&uyAk^^J$+M-SHam>DP?s@ZOK#UGf{<cUT)%cJ#I6r_zXkK
zn$J87Y9W;SxT0lVFZ4SV{aolw$~&ay9=XXsq{by%joPI+-IUU$7%Gp3jz=qWnttRZ
z1gLQ#(Y5?xOSHC{Tl2f6u!gnrp8H&iqfjrdkVZH0=eQ4?Zn=cci4>gfso=TPGCCdS
znbh)e(|VaCrYhx}#Us0VqTQFy8a-_93BOY=7CoH7vRQU%l}S3QCHjGky+>X8WI!@#
z@N;ooA0*z~kPlrq&c!KpH4b@x72y=`K>fM+065^1vr&Ld;qhDIL>4@CQM=5o$Qe*B
zh?Rs&o^|X=VQ<c|>>WS_T9oHS5UMUME?Esy;!x^Dp4}W}e(egy^trg;a=nISpPsV6
zj<P7EauwbIGl<4hNM`I@GcFXb4*Xt9N$`fNV+iI|`A#zl8Gb^?n)bHte`?tPKQL2s
zrI3g8&>>MDl`LlEvZ-LH>p$5=cK_E$rV_-a?uloSjD~Ujfg!2)GhbU#+a&31)3RU@
zwe*ZR!QP|2=E1OQ-*xqLPpep8a0Z>LSg4d$KNyY-yU{)VDg@*MMA9MVS0NYGJhk3g
zG=_CX#$Taq6-p^s(J>#45TGEKP9X^`Y`ot*wXsu3u_2<s#4aw%yR(Z*>P%BEm_s4S
zB*jl%bS!jzTU;@zDhl7EJETB_lpc*Nq~PEeI@x~(H#*rlSSH;9DO@G$QGCTBmsLW{
zmvt}u)b{ZwD9tEpmXcMXSs>-Cl>EP*BV!}<bL;%B1vA1QT)-WE^E!cz;<UcZOzUsD
zwVYMdq4(cI3poq5on1&CB()zxQG6#X`I4vJDG`VWsNE<xDzO7PP?fS;umf(TC6mX&
zF)ky6FZ0j%6*^VD@(}QF12JQHMy;SmCzkd7b`(n-IZicL{MzJl*)X;fh3E2is4=L)
zLf~5dMPi85Xuu*V=If+B{*^UP6F3}ughGOH5>G_166Wns$6gT@S_J0gbP>FwRl0^{
zgk-Ch8Qs;j6cyZB9TE>kpoU=R+%i+6)i{Yve`)S?d0gBtq}+OXAqcyz%dE*QHPpta
zl{_d&vo8I%U<=wfQ1rF#S-~Uq<*{eDL{f(7nTXGQ5D={K(5r2{?cdineHl;7oj7pD
zj-{U{pEQ~_OZLcblyTj2N@T)McJD?z)Sw|<2(2IXgg4LHOs1IG>bN7A7E;CfxHD1>
zIsdsQL!h92)n$DGr=9(3RBV94R;>WbSFdzU$fiGpl7GD_beCLsL^DO{5ZBE=rJmwC
zN}f?$1<YMly{y6O^TZxm%es)>(Xr}(IkgvRR(+`I7p*U+R`#+6(qvosuBB2aA+Nfw
z^V0NX)J7N0^WH0JmHZar4%PpR*IKV+1(<XNsw0UO)6?c+9586!CF6%%Wh~~l9aVN~
zbT8{iA58=|3`mn3nf;0q;bgl`i=!%qI*T^|VB4Oq6XBVS+UsCDa)1@{4eZvL^IHh`
zP*xiUmysQNQMm)|+1)dAzF}gx1?8W^WA3;Y8-}^31AqC-M|d`Wm+;}_4I?-O7ijRk
z>bgwAaGl=~=whcRE?23oDN<l4jx?5ALPQJ*n}?p@g(Y`)wzv8Kp6)M)s_DL-4==C4
z9y~A-ixM)P!+k%GtKtxtok!EnP+P;lx#ip4_U`p?b9rmeVeYP;%jf4Al7Ubr@@V|u
zxKBQT(Fd0R<^j&U70vGoG2fy-NX(_lXy4RkIdKJi`L+W`o?id7tO!nrUhIl`0)r}S
zH938>Xp(Q0{1wT^Uq1)JGD=tgVii!2I67YGjsv*?t?GL|?7C#wIMLt7gqqg;fnDcf
zU9zn=daqsGMR32$Q5{Pv4q63g!24taTIKw0>9iVxzWNEOs<CK;yqD{XHo?!Q-0<SS
ztClxz#(dxm=)Pn2wu3A|AyoaxnqcQsEd%Qg=c4FQ$j-jbc3oeuF?`t^=&i=7Y;`T%
zS>kj)k9#-7*X=Pe$;J<|3T4aTY_OwExsJgMs>1uM1Jgb)fyvG7mBn49{9y3qp={iC
z8F>#=HDgRHK@98B#Sx(t+rsi6+{Ldylpaf*xY%$em|X8|?9T71*V*yuhw?N~k^34B
z4D`s429R_weZTgunl1<eaJbO8pal#Bjy90;-028fx)soc)2x}XFf7hvLPuMF3}m7(
zntR|L-i)zBW2Y?UETqLvH^NBeZtHyS_p|)wouk9g_M3h$A8myzlYk#Kq2{q2!rctQ
z9Z?x`!&CAPgu7l}_WT>T4#8C%H;3E7pD%Ng&TZf9>VbRNdDJWm9BDh4$G7f$9ptmP
z?EEq(Y$^R-nTxg-cLir62Cem+wp*<8I>Bcwc~euWzuPotj<PK8AfCuMaF4eCF5ujz
zMyJmQ$;(zBv5ZVk4S{vN7%?`U;Ov516utFF$urL3Em_t_L>oja9)jz?l%wQh7`$1M
z^c9buo=}GC>TCfz!avfKs?h#46Zp6t&hrQtT4@uc2!{zgrTnpakShlLw_IiP{8CQP
z`z<h-<isW&-D&U_b76IJSkevB^YnH}ySWf{TPZ|M=s!_vK7S75HdeC}W!Cc0&2HY1
zHD8_%Z(jcq{Jfn>{~w66S5Sd&D0O8>2p<T!?>>%G8BK0Lqu4GkIejdQbPF~nd31Q2
z;YB{Wn+!fPR_=4|C#%8rTHgZs;N`$Rs2P`|?L->We4~L1Kl?%KL$H+%LGebcPbLrQ
z*v={z7_pPI$fma~DY1x)*1<QkH!PI==^v*R6!=s+kem!r+D<-Xc3MG7Kd*~$a8cxZ
z;En}xM85X`Fzdwk-$)8V{;_F}5A_Wgb9PQxt^KsopO%+-m%R~6GQN`Xh=@Sn9Sf8~
zi#0;boFGuhy4`r@X%ARs$z|~A!Y#lkynaYfGSt~_YCNDRW=O)4cA`(hqDjI!-K4ne
zek>idxGWp|uOyX<o?<VFD;(57g&p;QBMbc+!Y~1_WW$0qOke#EPHLtlf0XqT28=~g
zB{o)$Wqq43UvYcCa*s(;MDyqR-;iuqv@=3-l)h{wLnH`Pn<c}4W8K!n4I<&n+8(j$
zSOxXZu`<k@xH+STaOHqSBmvWSwn?9loXi%Tr#xR~Gz{mv`eIe?8IP#czbIk(wLL$e
z^nr4wZZn?el}JdxQY5CU9y_6`ZN?veGUDhLU2$iyEYw#*Mw%-km&|J_4FwQ%`%3o<
z`MsmkOjfN5qjH`y&Ble_3DD5FI-4e&x#5f|JLQ`jIxt?ey7v<*4Amm>Wg%D)4?#(A
zb)}LHMLZECgBdYW<&x0d_Vh|bUm`?CQ-LQ&QR90&MMssoq9FH7Brv@8pyavO$HK>f
zbL-Ysq>j@OmE+)=$AMu!NzQ8hmZ2eGMj69*EWrXLijyop&52)$;xV-h1qZXR`8g3>
z9K~T$AcH+fa0;VeGbB%`bMeGU^+sAO#|dNbD$%28IAgame1-hES;nEGy5W{#7vOOq
zIR99gnY<P2o|PJ6e=7<;E>kG+h$SW>1k#PKv)5RML#&k+*PoENn6l0X1D`9PQ;bk}
zC^Jo5sVM<so!v0Hf)3q5Z#5Rpc8iZ?XJRKcRV&<H^H;cHE%k(M_1YLC`Sd{;L~X{t
zYQ5_`ZAj&kJ`Z{K*_f;TW8|UrJK)rMSCP$we<ei^t^UUD7dUPoI>A2fO+_1p6o8<y
z+H9?uZY?-2vKN?yUUcCgvAU#0HZ_I;oh-frYRba$;`_zN`dSNahid5EKd%?x4DY82
zPM|X9D)!ZA<4p142uj8G(b3aw*0Tz}@h{Xh`bqeHLvQl7Ta5J8rtD)e0Q?`&;p?vN
zvT(q8xB)=+DEPRr{J2vCG7aAmwj2{48GENwyH(iKpD`=hvnl|b%YJe>_s90n3}f~R
zW0;o{UPt4_Vc0=T_w76$<l4jT-Tyz#F>U;FfI5S#?PVQawnLWm4|lnUNm;W!{F)*H
z3|);jDjAww%l|vDeLidZ;eF<2VYn{OubF~}44$cYvz1-)O5C?x;1V^ZfCOJBNY*Lf
z#H{b?G087&Q-?&$qft<(`vLAFo7bo+AT5DNccQ+cD&TaGQ)%8B5&C?zKr&5zLZH1u
zO%`<GWf4pwO44k+!2wsr=z5~Z-`0Ikky5&DzpsEKeRcx`kcKJ)73+`Dt0%R%<5iUw
z4@Rc#?ii^qG&<dnRo)hVh<XOGX^S=z1={plI(vH@0*(;Trxr15_RhV9oh!Rq`2-K$
zMV+N@w~#Wl?IS3i>1MJdbn@E3rtp|Ew3RC^Vvka6WMZSb=`8DwOYGOx&avlOhGAdT
zJSwMRx_yBk@O~lfFMF(0Z6J3H82!aiIX>6OIt%z9!I@9-u4TxGVomJ*hFt{n9iIzf
z=t)=G1+{b20ey0s>exGD+NrTrb_?xryICS8KMD8|=<l(MLUrlHy>8Lh*eSo3b&~r>
z4J|Vu%J~sKciwS$S)8GeuDubhsEp8yhr>-&8z+IaBN*da{l@ij@Hl0x7H!@%uj?=a
z!x~JQWqD_|KN9zstg0`%KFzSL;ZT$;oz36#HW)88k_>5Y(_A)x7`sUdcNgxujVadd
zV;SqLa4U`SE&IpChFyM^1|aFXL&{31*;S0BrSXy_B8`TGTs9)nBO?68obE?a`rBQu
z*7O7T%=GQ%<}a^fxg${KNA^J0l2sD^?OIqEX9LN}tS-Tnrj1V^v`T&99O?}db#X!7
zm$WPX4HBeXg`Pz>D>G(wH(nlY;$|$Hp`qFPIRPWZ1)_!<UuRjP^}_xFVY%AP@8w(a
zHu^H%m^Xi`UDr_2WK*vzv17nFtd9F=tDP)R-oRa>4Zu0;+}lZl<Fj<FH)~D*+G10m
z>F9qm_iJ{(-u;M~wxh`TH0aT=O2v1$?GwI!_5@k5+oGDxSK`K<y1>b0${oHd)cmt3
z_We)9(;(fk7LLXrTeRnsi@VKQeW2rgn;U1K&*f=)tT7RrBP?h_9a9>qM~i&C28RzQ
zmWWHI;=c`xq(C*;n}C@#!0LVMU(hN3sX1a+lf~sltwpC-=w5m%C%Mz=F;^JiICm7i
z;kfI8Ftz8xxiwo!laV(R{g?VeCcP*^xL|g^odp$%h&hw%q-U{j#&Y9EXI*SH(p(mA
z8ArH>YMm?eX~Xh5<v9xpJ@5*L=adsLu`XTj#=+izxa7FBSV3a(!P;ht$Ww#ZuYBn~
zx&gh%ALc^M#TezVrpIaMaB*>sW_2)Fz1D**gq%0Hs-q7*9zWhC((Aj-nHjBFqKv+X
z4PRr!q<_lvE_AEx>f-%Mj$*g}lA}r6o{7qtt}I(ZN1-Ed4Uf6$D>)7f0FxGnuiz)y
zNe1Du6#p;yb4_Xr?P`Ljw*@Ykt(eY%aFM`=Q_T4si5%YwH6xx;`_ild7iVnxK4dfx
zuLh$)C4a%DW=)E#qIY>ZiG<Ezzl;5|>*cjs`bV-)TSQpRBsA+6NN(*PQC~EzRi;`a
zRw2;-Ejhu{e@usz0Pg>5T==gAq&aMaCGhY>j(t}%-wPr3f(gZTI7x*z3Ph3lV@s1k
zuZVwmkU5KsFp!m%{<PxG$6>!g<pc8_msWGBkjU_CrHo1(d9@&(f)!WV34;E;kVuYM
zL<Amke`Ys0pRjEzf776I)}fM-N_&9Tbs#Oal$3{e;@>d9I%zpP%tbo}HqktEp68Gv
ziB>&%Uzg9+FY9lZ#E8ZF8zF?>NyqfJSU|jvl@c;Cx?2r*Nl0OE<k3yNcN`3l);~`>
zfw+r*lvMbkT_aTYq>Pn}eB9*Gi(0Mtc7G9!r-0|j;QAC*KlSJ)(yI@Hss{}1uWdQw
zh(U;9YQ`mi$heBFc>EH}dW!7Rk*S)j+I>>SdfkdwxMWeU@An$S{P^na<i8U=zg&&2
ziy@`z`?N%)X1IzFl}cY$m2+Cw;ru?>bw4@qH^*=cx$G$ij2|B95f-ptTTPqS-cL9j
z^2pqy+ZOgEE2=Q4*^|7Y$|-O6N$=SoNkZE9x6HHvoRA@5FNR*yqsFyx?uqY2i9`sD
zRxxdJELoL*ze>EX8m`KiBT-fc#H$AwO;KJyUwf>Wy948lurN~J0vH?}lxzh#Pg)>!
z>3;L)X!aTwjZhv5PiBMyj2O)@avl@*kM-o!LoEVuX6L?oSni7c*fVHQ74O}>rY;T;
zwtq3e8mhmR+KVpeLPF;gc;1pW=9mr~$X7!bqyj`C3_fouiTY(#kxny)0Mkcn&S?Zb
zx4C+WC0ITi{kmMaw{#;b#WOMf(gC$4k6}57ns?_QC_9jc$ny*r!LvY-7V@m8^_W^Y
zWdu~-Xxv65=i5nyCsN_9WY~LY)sM|KgnI+vtg&Y&KpZ%ehxQIfjf*7hQXly-aY1Yq
z&)nf?``j{`hYN_pGg3vBf75}DX^)MemlbV^+d!tJ!Xdw%I{fw+on`XEDAuNFD0MQH
zmIR7N7c9n+gq`pc<pdE@YkQFwbtLq+-|f%Ng#dR!Y6}D&_)+}<1^fZ(wSJF^q%%;U
z<5wPf1J_7VVnDxz6z*OWD3eo%t9>6ECW+oFdQlt}m@+|s=DUE$+v`JUm)cOa<yoPO
zqbghGxeA({fI6S!{Y1Y?1)*xCfvowiR7)d=65Bu7b=30zVk)`#6;t7gC2jGqm@0k6
zwCL+#m`uf2Ogj=Q7Av3j!Bhe1AD3x@i_ME(p?MV@U@ER~3dxvd?L+9NA^ZBySN)>H
z_j7m`r6V~$b=r(HCTg37hH9*JO;K?z7Q+SUtj)#NQtS=yy}q;q<rD~JFb^MI-XEW5
zmo)EdbBU=wJBhXh2v|jz=L5B)DpC$G!OP;Gzq&zF_u_I^n~}-WMvs9$^=FTEImsie
zBZ0W+t654I!&r}RIpMsq#}|3L8-kK(KUD>iX4xYNJYYZHk#1JDPZ4gsuS?r8Cj`Q|
z?iEYkI!QZ&B;Oi6wkU!#c0zGxx;(aKaP{?0$pr_U(t>2t(k0ChU04}X#8>#oXg|N7
zw?*?D=x1OZD%$Dm$z}uBT9Zq1OSuLXv_lz=up-_mru2s*?xfs1oP#vI^Epg{-z8Iv
zBn-i)@sy2F=0MEULO%AqqR)rJV{}oSP#Y9PxG7nfo`>M_U@X%F_L=6{N{l1J1e)EI
z?folZPdMS2nGf#?38e;VCl9a+8uLju2jS_8QVUR57MmC*tjGbOAHDw^x{Mj+_hvy~
z`R1`_9l6dUn{YM%`9DCTLl6*$^=x5<kYMAVxqvOjM~o~fw1Z*fTA*YH^pgrm=5o1E
zUH0VTo5y<6%U$uoXxlceVYU9&MP4EyuG$RI{(ZRxef|z>BOmOldFW17^`8(J>e??d
zIMYE_O6VXj1p;;W%!ayOHc3u{W8E4b(^hvbd_+dO<txdGs=LsCH>uAoZM;{(EKU$y
zx3xZqry_Qb_|%uN@m?PUb%8YzTm8jDuu|>DvM3XyX<A>`$Ho+Xca*S}lUpuG4~J*F
zF7ZLlwZy#kecB-Fo}bawnq$*S+n?3=M!u0RIt-X#0BNhc$qS~5>lpPK@4^&`>`p4=
zfsUb%p+6xDpptd*X*lV5B|?1>kI8c=FnE#?m~cqtXByJ5O9ljPebZpjcvD8R!>Re}
zE~0lpKxt>w5H_(wU=-57)d=ZMy4u`;4b>Be*)fLl9C)KO31PazLr-6ATV3-;yUMrl
z3smN{0)DR=xer=`t+8Pa4;b`O-rgiScLd$MC^e?Z+sO|9*_L4IuA!94CPE!zN5NLu
ze%H}pYuWOI+>WNEl;;tM)|B77OyD)Pl@IWs>ecOm4vQ5Kd*g79x_%>Rw(WFJtB6{h
ztqdz~Ya2UXOJE~e??s&wld6?}_&xKoq!DZZwOjEzJSMgY&UiGC=^v2+elum~<4EUq
z5NA?EHEqhZ*j48zLWZ|PzPS94k*r5KG@YcNY9X6nHq7vruSNIwFQ@d&8KQ+z`%Gh4
zkEK%QzM~b`y5vi`?9=)~bPUju$V<;MX;PHoKV-j%qnKOw3@`j)(xuMw7qLvtTAQnZ
zCtb^k5PMQDihc|M-uH;}85Eswy4Mu6qR|2?`D09ULAb%aG-zx?nk&~`5F=a?v7-8$
z7l-!M?HmcoH@54j<63(EbPbp0HlBhSmvq&>8c%s&Oe0VUq7?@JdntvsgQQwk{cc3G
zDTV!j$+`M3%_HuZnl1Wj1-c0hN3I<(50Z_QZiMshBtQBGfvf4h0$n63Tx~cJO6vD_
zD?IgBd$So3^`OVRfTd#?jF$`iTe9=aE-VK!r2+)?q*o6Cb+aPrxczay&5F{MqDl0s
zsBR0;J3QaLxD7(PlS4;%Ul`99C55QFKpi9jvHDYyR{y(a2dncOUhk+*sj3!$uoMbc
z`1JC(U;`W}TWF53x(!-}LG-p(0>GDT8lCO{L60XITm{80p2<93KlwAq?6=E$PCefU
zOPr8>1cU1{I1{7hOdZuHXA|M-ic{5%OI8Njo4CQ4a<sg&S-ma;)(Q$!-P&HVlPv&m
z^J(460NMQelbfZ^wCyS)pt=n}PJF?Dmm#Ic(&+0&%m}Ea(R5-z*XsJ@Xa3e)g%|fD
zz*e{ZIK20)5?P~5z@W`DD)Z5B+5<cxP~R`NmCuJxj~-GQiKpqc0uw8mQRBmcF%4^J
za=`I#{as}gj?09|z?&m{hm8l$Kf8$ZV8pLAP1Xw2q|g0{N~@61E7u2Lg2v_i;RxaL
z^=<5H=6HDz|2NW1-}VwdNbz*CbEM><jY`V3f2*FFD^aQ_fr89f(g<-;gj)<-^2)x1
z?U(uABR!>9wt+Dnx!w9n7xoCH$-{WXHkYvmnp6*KjW$<7qgT8`6S{9-WJ9tCJsoV6
z6`Bs_!8Gwx6Uc%+d6EGX+4<Q=eAF7KJC)3Qr<ubBcXY&+MZSNE?|~ppZ?yVuN`~nA
zaa>TLrO7(j8TDAlTHjt*gTXc^{fvMX+{5KE?506-B%VqdiYRHT^{Gl{Dw62_Ga46W
z25oLA11BFG2}x)fa1uZ7xG<xE7`YXf3x|L=FgBi)NbXsH2V4WnOCDH0;6XYHje<hY
zR}O<!JLS{Ke2bcM%<mm)8hd!CAyo`pRSQqzM8}vUZw0@k&wE%xbW+}OC=W8u4btre
ziA47Tg)q==^QaEm6Ud;REOG35V&R49tw#%oe`%{<a2kycQ^T)PGMeaN-LCB$TXTJm
z67cmOU1_!GIYa}CZ2_ez`Y~X_-$QM1VM0xuRC<V>uDZ=Fu4MQPf;q^44r-2JWIC{?
zbX;qgOjW6F%6TZQX=OKLygWt)slT>Q8~zOiMddonkPv10l^tmTuITQAMi@p(wxwu7
zj}5kiHy>svY2s4wT}+Xv4!TEMk8$xYw>$wnt#Gko*$fM?he8(!%Zeva3CAy?7djj~
zQD+AI-)Q+-cIX*90H>RsxV%RoCRlWvD#M>Fg8IPu>Ek$EpygVI%HgJn!UQvXf|B08
zLD@qwQs3rD5VG9#w?92fX$Y+1jj5q>b&s<46A}7Sd9W=0<8fRAj=V<k_p9jAON2Bk
zMw1xALQ%kIACZ%K*xIz!ou}!))u*D;HMk;Q>cnq;F<x&PCzXN4`B})s{eRy!I>gb+
ztJrqcx;Ve*#rKQ)yt{Cu+U#l8jBsU?PxpsPi$q*g*a_?z%Y764mmi*>mPjrk<8r`3
zCOsk0(qjn5RUt!>#{|o;s`_dpcTGg!9UPYnRSeu1)>3ma;`Fli3H<mRQ&yh74LQU)
zv3F3ro(=?R#{T_?a+i$xxS4)Yo#}o)o_oET<WD{9rub|-0@FFtzLx*$9p^&)<FWW`
zt1($k298>;xS8qOs{-OOqU^phcT_a9velw-r-0LWmfPJ4iksmxq1?i2rCe0AF|R;G
z6vz}87d2EtRp_Mz`@nwZUya{{!x{n;EOZ*mTXnI;9;!+&Pixlfq*YhLpon)yV@4!8
z1~Hj)y8jc>90M+${5Oso$p@WWNOL#{{?_w@?pmJE_d?di(smBp`iIwiST0c;)Yz0#
zl}D{+wU)hF#cmvPrLrj)7GX8@P#S_V0l+eG=W?7GZ5{9sPl6BGzK_&;+*i#Q7~1ax
zV`hHBXnupnK4cb>uabho2Fa2IDq-;(W%<fnWW~qu7gk_*Ik>RKH~+4%>4mh39fHdR
zF&hgbEN!`TMglE(e9hdyf3x>>{RlMN2!rijHkxeZh}v>P_t>n_UYe8@I!OvVrhp;q
z*P~C$t#@^AeKdQ^5BCy}38!t;A#LYA$~!vBoUdxNGjI=&bx2#i;XwR`eXA4~yIFgw
zKs@GebIpqLpj)--N{y;PM^^pjp*xL$_wY1d=iOmK$Ni`>T)mp$W%x!@Z0v?^=m=}+
z&)<e}kSAUosNH|F7fo?7hHs^`FadlpIpQvj$VDC`R08_>2?6JZQQYb)i<zA}<7YkK
z!BZh&k*d*4TI;Nj8tQNfJ;&n_{#_C(-S{CnmFDN5Jmq3+6~ph1C^C#1%zsh4<6sHu
zaX}vuii0*a+xr@EBLhPYgdT&MSSzY!>S<ZxE=Jhjl1zUU<Kb~*1V;3gIsue^H$)QL
zJ<&(LPwh;FsO;AXs7tw!j=h-Kg=$0j^W*Iv>HNe;%a~z~1`6<&7^i%sX|4Bq9?OI6
z?%>ZjQh{~$XV2}zzYy+9op2cm2LBRI{$&~A!5rzFa5Q>mO{-I<L#3r<+(j|$U)tjp
zu?Er{{37ZYWLm#O$hhCM4Y-0qt!d**e!)mnAf;zC41huUfm%bOc{>nnZ4(&_4^MAB
zPzV|HACCq0JyJ8S(DxerF}OCb8Su{Un-*@|PK|<^-<PNBU4y_U<yqn5;=w|^O4H;P
zgoj7%+nGwSCQc9_Dc*?VT(5bnMrusYZfNIP;AzG!GLq=BQgwX?QeZu&czN8tI06ls
zoow%ARv_APuBTe*0TuhLmLY?UV#9HHlThBAxEq1s@|<v&z^eiRV)xhdsvLU8EF`?V
z^`#z<s&|6jo-{1j!`|sO<wXzug?PJdrN7q&WkkB2dF{KRs{HLfcxrO2oTkn{j>2W7
z)3ZWfcFEF*ER*zss^6F!h%V3H@&GwX1CS6hilkx!AH<-(_k3J6%0<X}r{MHX<7(2J
zV(!Xn;t4~Hu@Py4ydI#Bk&KbJuyg!tcY?<YtXAQV;J)R++gz)1jCawHV!P;YhLeLh
zQa3jOg?tqr5IdcXd}oH4`++`7hq6t%&0IO8#hQ-S`StyS9XX@pZF(WhoG`QeP+>qZ
zbPxd-PG9O!PPqWrpdYVCJN#c`Y!a{ml0Q3d`{AS9m;TwyrZk%UbQFHIQ{}Q39AMcO
z1a{lCbx(xp!B-PWq7@eZ>>hykaL+k!Hm+>mL6C(|-iO(MM7a-|aeprmRPGl4o=nlq
zlEkepjL!~Wiw5}`g=pt-Z_~&dfcEgiZe{q^`2`M=oiB$116tb#9{+*?twBnU>=59O
z^aHf^3md|{>vleI(QpjbD}_h>|6#*v_YXDw234!WAD!nPZZp@1txEJx`t)dWNPJDC
z=V%IPc@D=XdDm^wl>OvJ(Wo|9Qc^dRM4km00DP(H^DqMV-@zQTSvNF0*$u*2F(<8|
zoMCJCjoF*!<&z`ZJSb&??}i)kyA)|{NQB-V%;Zf{emscq;)V-Y(U(C2l7j-X%<UVP
zg6g5lTn`tdRix78;R~$}k^J5XJZOIdSL$6x{Q2OoIhl(3%jluo?)`mRpRZqU_d;J-
z00NN`q>rg|ollZoH<@_&aYIj!Pi(GmO+ScNi|9<75+uRsSK{B&7G~I78}K@1*8U{@
z_q50;VH3lVW%CgK)_(nS!KjVoe%sf-)9>`XsV#okP6y~FeC6M*r@qRDmYuJ8dS4Ih
zr|ZnSweDB~!M`<^7{Fx1S~Ccr?P;wYFq)3{c2#$*wd?D0I?}_e!)f0o)UK(gFbsn1
zXiJ^wo&#5)8)=7lBYs@u<$5G5<c?D0Ry5`@z)a;>o*W2Z_yf=L_vO^fIf=)fRybjB
zYIGsM$T8}OmIIZeTJUr{l|!W+4*O}ppMoQ(WEA34Njyqb2zEVS)fCDSC4zAaXpl-I
zcbf%0TIn-w2tqT=-h~o%dxVeP^!dR*9gQi6f!)`%r&w?Lw<c!vQ8umhgKd>Kif+q@
zQ{V`}gIx}NnaYbZ-u=DlP~-Cd0j5A%zvV>Jm!tMAhpm`^j<Ir~$WGW09*vEiDQ6p5
z*^NLrA?TA+&YrP>Zrj{pWFs87@i`a`T(p0&^``tJa>zIl4jI`9WT#(Yw^KiWZwsW1
zO<!?X+Q(c!p5473SRQ|Xm%&K(73~yjVF^6L5YaL)N}1^_n8KFK*7_i>zTs3KTPEy4
z`|kHLf<wz;9+6Akr;6HEpT<4og69ze9ZyI|Kq=h5Z{RxIgpwG@QMsoDu7>}`<4J!b
zKS5Gq_#s4u_LAk%Mzf&>Gb?sXoZbObV9pig0VB^jbHJyeo}Gev9uxKKF5VM$_eVYF
z*E;*6o=fY$Gxc1S`<|%hn#*jNZ$Ujp;(~e>)bpUJ=em+5KkB)~?(WFI=dw0EYVf&r
z#hxSh?5zTyy#jpZ9oR)54slK9p#*>VMR%^8my12q!%wZpdIk0*?Abdy>?uY!o*RyR
zAp4%HW4wtzohjtsC$0};?P<wpCw{)y@*S5T$_xo*iVFU!`^mH1$Tr~O?X>UkxChA;
zL{%70(!3Z2l~>ZJ6fUcEMLcO5n8uQSN~Zkehfp<>-R6i|V<49f6erPYyb*uZsdw0o
zAdyUal@vSrM0Q_ZRldAB`H$+~6UW@+8HBGaXEa`UuI0<gHWU6b*Fd8g9U~Cwk<rm0
zH7QGGeEI6Qjz(i&HR?$$YK@w-rbTsvM1)5>%+zOoh5an8A>Saz)Q4{-HvcZ(Bi&$*
z+^NsW%R=Pm(&yY)hL~g*N{)XjYgz+cVtR_@zLi;;eVlLji_R*eOH6f^nnR(oa;p9q
zg&m*L)Po!vKeA7^Y@m-V8{1^8&!Px8XXo#Q6=#_l9yg^oOn;=~5G@N=m|{b1`Di+7
z7~~4`R{B-Q7$<=X;=mh#I8MnzY!s4*XztoasHJ(jX-yB=vt~Mi_7#6@x}ky2s2QFx
zigvBhDER6T@zvhqtygb<e06?NwJ*N9wEjEu)n&QwiLb7?o|pL+d{rba_-esd51Oy8
zD_L@kzq8dg^2iYDvSvMM#JY9Go*`nbS63j`dbL2TIV09{D2)#y1h?rQbQtL0Uo2vs
z8-DW1_^6ZLniq*!>(zhxCl4I4(&*L#eMnA4*q8?RLBQ0=!R5JpH6lpe=Ow`nW0+ML
zUzXXNJ!Uy8vEZfb%d4Ld=)C*#N~XdK&Ns(>aNt_J5Ep*1vJi@Q#R?H#%1XR`AyOzf
z8^><ReW4(8$rstx-g54&g1suuQoCB!mgRWE#`_%J3=Q|*btiw2S7HR5Ci+584UoT_
z#@chy-LP>}CbOBP3i0kTG#oWzIbQa1)NJLjaS}}U$k4Ae>y%C?DZY;YyFzS}82OIX
z31pZkx{@@36|fg3iN|#kA~52_`aI5SF_zH(5gqw|D(qKuZ%GneI<!nPXo9&qbfbp3
zD0@@{u}}?kqXd6tDa#Y~Rx*@1WQ8WJSWp@2C>8cxCP2rPl*)#lmA1i#?nKxZT4t>I
z!3?A;%4}U4yQ0rbQA};j{SoBtj&+2_74|7P3<8%8Ea@f_qp({Db@7elYV&RAcsCmm
z)1$Phv1i)UkG0MbvEU0dbiT(g$J24(YO`H%;N#)Iv?hPe-XGShd*i?vE5AK);N|t-
zl>;x$eLoy{-A#wgx8T4calwHL4t&TQcx}m&qj!N7d)?zAzDpbMn2GQ96?=}vx3-G-
z)(YaAGx7a282pN-G-+G*a$#?J<f(O6t$@7*do!LqaM=4X!EfAY;Db10{izS@Am0~9
zlMjOZZeV{aE3ak8U&m?uIlyo|ST}cI>a)2BLl<P73U}PW1Lxo7uw_^pnb%LOL+_M-
zzB^^L9$vtFEQgh<W|_4U2wNKI(`biRWq|9oDevw^w<-Qhf-XY8{dAsXRvVqH;S?d;
z8$x+a)82BTjiNS>+$XH%-az^_h-H;sfH|m3t+0REg!ia%t!tojRh+tN;#WIws#UGl
zgMYKncjxF;0B3;UvlDyjGju-S4(KWj<Z>p;tw6KcDCLks-i!JA+NUY{nqt+f2=XP<
zLvo6z+BDa(XY3p26Wu0%0j}lqq+8aIzfK+WN#K}hDmx9_vB0WB*Wv8JbJ3zUJ9JTb
zF6e)}KEUuqB;};lEq3Z?3g20%#T`^DF;fj#U5p)=Lf?=u2aN0fj7)JkN_P0%!^g<c
zZ0lQSl^azREsW7Y#B@?7Yhz4$A`FV@eFAoqw**-395A7c2R<qvh9iV(y;r7yNCl=n
zB1~Ibys4}057W-C+4hBLm)3u0OuH=iJz;;^HMa{g-vZN$#091;FzrEO+I1yMewcQ{
zUFwlh+hy%})YNwCiakeaTVF+O>jkyVnc5-+_%O8tOBltxTyC2ldukz8FSspn+xpRQ
zTXEulD3~1Cq)E;|Kw*r7eqt+kkhv0E40MlYqbW*vHqONdR(pkwr^+zKRS8lM6#svT
z%u|uXeD!(4p0&)-$|s###ZX^t|BC;7^6y}PrgO$4{k24%Ye851XC3fL87A4Tx*_-~
zwnwtP;&pm=%Ia^wIM^?;yU)>(lACv~sm~IfBpYtyPFgdjmB=2$S;aG#rOC)PJVY-Z
z#Lj?<h`|+u<sbQjEV!x>^vhQ=@brH{x|Kph+rY(Y>Ru_U9pbeJJ2!gq$w{2g|El}p
zTj71W=jpSrHg|@>sFW(s2~;fYYFFUrSSP7JppbHil@sqMrz^R(4~axch4+Z~;5ZsG
zE&M2ivp*r)WDqa0`WFJug@F}}bo6`6qj4nq9d#}l{&hdP-dGnTSr@QXcvpWLVHQ6!
zTb~5(BpW#E2F*(f3<j^aeAqDiQxi(h9R8qQ8|8dbPC9gu3Ap3AwoPWO$Z+LV=>`H`
zg2pJKAu7@`#p45*LKuiFJqc9su&l{lQBy8(Rmd`&i_j(><GL{l+ljs)Q`}3>s3P}1
zvt4JXkvaSUBj|*Kh;q!s|I>fa=T5ia&PT+Z>x;Lg_5E?@`8DUhxbxEb@64T-<-RBG
zyykXC=38)Qk+|T_1$RDZ?!2yK$&Wj4y~{o_0==wdkD5SlU9qDl(D<^x>wcT_xSQa`
z1!rcvaOT@UcTC+g!^-&V583X|hbOC%q?~P~ap#jz<HVT3(q&-cWz&D+JoFfoNpE+h
zziQQpdwXuKvF(CAS2vSjhg-MJwj8k$sj5tTLXB94tE&q8NRh_%K6<%?AxanmBmQW*
zHnb@K`ft})Y{Wg6d5EC&sc8kFks2BQp(rZTQ@HSAKPtFjdX{aQ?t{ZhS7EFl4%3&9
z``kp^Jt>#jKczmVG(dmWrTOSDfHL#T%pDA*d7d%Sogs3wZ+xcl?-L95i|_@<epP@4
zZaN%_ByMvw4jf@}%x4;yghUM6f_{f9CgLC`h#nONiWqz=;Gy@YGP}L~RpU<LHBbqQ
z$Q3j}iAa*?+LQ$ac^8{lX1ha-t%Nkwn3X9B;{+(lTybRi0eOEDaJ>msO`dkgyw!pC
z(x+SYI+Pr*>EJh_F3;*u)$w(a(&5~szC*J}aceNO?I=KMvUc>A$Pp>LNwg;niZQuc
zO||2|)`w+we)IW)am)}O*Ud51PK<|=Zip&zJs9hgvK$KES^B!v8`P?>6bNlm@o4?U
z$6Ho1WT;o)(I<cY$PLON`J1@5Wy}~3AZT4Y#4kpJYQz(9K!0LQsQCCo8@j$U!QfQb
zb+BOL{s@f)pzClLK}$ep(D>13NY$;vE<EcV!+FgZ&OCfOc0R570x}6zv+U;b_Kuxh
zU(ErqxxLY9c#vF-&Iuiy!8Og9Tb+j)z~F(twEo4-3n70lUj646wT$`l>dlu|AKids
zF0WxhgRVthS@3o8;nsgZLX@!Zvj>;u*8u)XW$@cS?Q2!4D|j}{C@QPW%`)kMPQTjH
zTfMH<s@1DnvoUCD{XxsrTAj90*E@qjy=zhiYrO^QPAO3LaD&}Xmu1PDSRr2$OME>B
zTf?l8(}{n&m@-z{2P|f{-K^q2f66RwIiX%(B=xxs%SRkJzvJ_&UWptUZJ9y(My=Ug
zaHrX*FSrvGXD+u+y}RI6yV_iItKRB~S5^P~`=5XQ9V$tFD5(7=Aeen>J5uW1i3Y5~
z-|CYrFMWA64nMfDiDJ#K*S@^^Gu}h-0YPPxom78I4=-Gd&=WtI);*&lo__iAMa_mc
z1Dk(;3vV1c8jaRBC_lLOcA}do@ZNMM-&vK_+W4QheNu{OeK!c)@tYc4gY}+evVX7f
zdau#PeBb@#-w$DFW(FgAPqT{u26=%MieHI}GS)qi<C=#lplc`J-(sOOe*|C4Z*Qt^
z2he|-Z~nc}@74!xdi49)c6@pi7j3X+dw6)LJTxk<H++qK@*0Xj3GvJMv-_QrR-qa&
zOYnc9oES@wnRM?%yH#nkTD?>07>!n?0ZH49N>8hI;WGWgf8Aod$R6Iq)X*rEE~6Cq
z0~7cveK-0SmBSTr_vl>}dj0E+_cv<YN^O71`+fRb3;&jd!cx?FqBN~$r5=`|7nY*8
z=#|hIo4!z^OyNdH3$wp%R4YwtU6t#4)vmWXmHKw|rhl>U1`GdW(VzIQG4xXp{`*+@
zFRazd(Nyo%D=oMul2`quZ|p`LI<9ql_`tHfo81}>(Ppy^9aA+lkv8iUe#R@->pg#w
z`J?vU!nbZYaMyijcI8p7yhAzqE+tF{AaOMxRt9hCbrfIt=L1PR_<~g5+VJHAv5A5l
zMXFY<v?kw42xV?3N@@#n^3&_3FRL}+Wrl0J-kX2#HFc1XZ>1~^+{v4|e8(-k)8^U)
zR=^+-eXDQTxU9Bd*~(_{F^a9W)M|eaR+OmnqcvOU7mwqn0t)2?czy;Qe8u-T{u}l%
za?9{9J-~mX<1MmF5KG1fa@s_TNwdOk4fxFAIuO>vSRy;}sgFxzj9UPU&OW!@hqrV!
zwzI))6s(F(pPkX_mzK3+D>Si;ZwL}`0~T(JDhe}dSWNLcXx;b;E!;xjxhsFy4>05^
zT09J8H=Hm!B_%c8;rXMVV0Yj;!v#GjUkDv1lZAW3itNkSzf+%dSW?5sHT5~4`<}-a
za_`~$m{`C?D-hgq(j_GCsYPS2(`)kHz|?xRc3*4unx@v}ow}wE+6}WlXc}#!L(dxA
zwtttaJGElt=AGUTbH0P&#)E(4iX^=GUWb09d!OVkRuppDk3HrlZiVH?=Veo<rEbj_
zG<#-WYc!0O)-;=a4HjU!R_8|5XzTS>*EI4ib!_Nm6x>SRT~hXz(Q5bmjgD5Ywi;Tq
zqgS<l8#|!Y=ylp%1J<)<zGX*@>t~dD6kT6ZUK3VPO_Q5iwKM2yAaQ?nP4B=4V^Gy$
zh}6uUY3ez*wcPDzHFV<El2Q-qjedjInp&+@t7%QW-owoh*ZO9=#ak`2-)~m)EwwZV
z$tbiLzq4#q*PDZGqgB^<y#{l!rMI<S6$;+ynMSYP?lp{RE8jAoM^qxC+(!EDlCpPU
zL&c4DQ{%N7juKwgbl86fXx*kh;Js$Q%d0%!vY!zWIYT6pQFcALzNFOs4u?%$yQXn-
zphKzaZJ3LFt_^CiXfpIxyVq~$TWWQ-;(sE9$tbt{AgwI9G3Xn;Hg9U(Ru?5;7n*v|
zZfV^{vuSh<qs{yEd`o_<aL=!Vdos$dfKYbf|DO23iEmQk^HzUf_IXn{<!_!lorK@G
zA^sI^pE-0nLWD)QW$pd2+}hfF5WHzd8(XpKOzehhxWp6dtT$p`%(`NCtQ+63bdLGP
z8}{{5t5>cys^xmKU9MKDt&_L0m0NT5GO=30<z2wP2U-BjA|KW^<2Ta@tTxaWZgSlh
zE+%pH2J0=I3AlfpxzK=1nq28=F%Yd)o4j4`Cwr)|0#_xL9|Su@|8tC_`uhUY*v;)-
z-+mG1x1Vos5_yvP7<1gfh8CZRa{TS`e<yPMjn8C;>*om1hzzF=HVqozmaz8m41Pa_
zB`eILlC(cQN#n(3|AbbvA9&zd1`SyC?SY@=Fd=z2J*|J8l;edEM#5*pSn^-oM2Eh}
z?lvhwsyXIslU2m%m9bKaBG$8t_<4dFgtL3-3_{8qmvi$XidVvpLcLU!R1~t2RmfX^
zbSae;`)Ws2kjQsN4JnG)R7J#@@u=gCrdo2esY0}pg%Is@gW8zW|7Q3IsWQaA+DqJk
zT^f9NGH!p!Z=x1GxmC;2f+1aMQRucRG)jQjDT%3Vmu~pI`;D6?w8bpRi<hLTfqfxb
z=8E6!9dq1=c;jwSL{#;0lp%h)b33Ytk$9rDj}W0*2Mhi)B=>)AHD6KJbV*7YR*Ld^
zW8;e8&y)Dv=)zxdD|z8pS@#VV+3Aa{%Z%0{r@w!TH3FV95#N;@**K~pEPsmH8A>MB
z8<s8a;jg6n0X7siKaYRdgy)eDdSHy`X;FB39KXD%`15c<fuB-bB`keduD;UG*24>*
zNTVzZGtueOFBh?a3!h+oi$8K7ex?S7I|Epe^FI^c@qcQtjW;{SV6deQ;2ErW&gRwS
z1d@LiE_`T{ps5Emd_dD$&33!n&1K~?KUKdh^1c<DtX~q&sKgXh=c(kB#YvX!DXNS-
zOe{QN6EgWOn3(bDSKZ6>8*^i%dx4ySf!rI2E)%L?ET~Xn3k9T$n$-{7_w^x{djP2c
zm+3<sC-yY#!E#LZp~C(^N|3^cZ<)u(XbXSgrIgAdM^rj9Z|e9GNB(!CiYLt~^Ch{J
z`<hm2`tiZQFq^&Z%bk9IjNBi5X1Zt^fuMKcw0ppW8YR>)q1LL`noa)HQ%-&Zi6=)M
z(hL_e^9^32>lHFH5$7Jog_tFQx`Z`2Ir)+qkeX7QWKD7ZRC$^Uy`qV!?4Qb0l;VHS
zlPHwM>HHx_oJ91FqyUiLaWr6pZ!%hrvRZ5JLLl6nM*`r^ok;5=R)TWU%obAaMDFk{
zGx@a+KcZ@PpZ?y8y3T!YyQ{yqefm)UNy9LmYZyKxoo^de{z+NTXd0c)K<^0vGxY;^
z{0Az*1^=xc$Uqn520J$z?c$mk!P$QUIC^UND5lR&nDzii<HXATBB|vAlry06Gtp7$
z<yODZ?^Ju{T7CSIJ_9$x>P%Ryi7)lSFM+U76B|2Cq}93|qsI?rj^z3=SaaT$WeUtC
z<JB^$L+_A(Sf+f1+HIv4hT_X1i&T!4ApS1g%~?Zh>C!PiWgFE)_<($H{m_3y0xa6%
z3&d?dAc-okBkx<hW40UBwxZlHRG}19x!*%2yZYQn!v0Y`o<{O`>KO#85)hVu`A>Af
z>xwoBNq(d&O%#TRxE8;;Pr{zBL1Vw$(CaOurkOhGlzMty)0@qv)^620gIdGv_G-o!
z2939}!NoF(6djRLDZD0YgiU{zFm$B7_Z;7LCxM?p$2$p}_b6Akk~&M5os{kBuXdC+
zAyR1Qoklm&?i!ly6bgwaiQ+ei(Uk-t3TttxY?<k<wEo54CrHan6G)_9f>*zOJ$wKD
z>sOJ9coY6Eoxw&;EEvVZR7PU$)CpnVr7TQG?!yHi=u<lg`APl)E1Z9vs_?J&ZVMW-
zM9_pGjHZh*{ZiK>(mqHn>y**`Vkm^^BPc}aLBbmiRK6e1q9i97flc(E35ob8&Ck<Q
zmYRi#x}!I%1R2k+6fn<&T#3DTL>ZZ;3BmM+B^yN&^94{#B#ln=gy$Z_xJ8%UbgW13
z!<)#FiOuzUj%Im3fGmIfK{&+b@Si}pBZt=OgR4f}Y*xF?CnugqG`OF1As>Ea)uKM1
z)qJgb5X*VFdz6HCASCzlIrS(j{6zpdR<K}X`Et@OAkphjLcP<359+{7PQrYb(|XSs
zbb8f}HmFx?TC-DcX?hh+J-dCg(d_d<r^$C%P751^)OtF0amRlJb<CMs^82!$kF>-r
z2;(HDC&2uAH*#5)TJMI_IG*BHnB)#Qxl62pg@ZD=T-|2Dt4=}|E8ewMyrvv=FLlYQ
zrldL?ymHN}1ea_%TJ&nwYM<+7&dY+-G|u==ixkT~)X|Ka`%uRo-daq^ulpwlo9rVw
zlRT$m%;&=2jaYwRL6V7U;kV!~q715ZG8H;PltDU_ZBRnIWQh$WDbNF^c%?kHUQU}s
zm18DcWp?FXLYY07F6Ed>Qluv;D;t$EnwHS-*@ZmJU5+XWnVKe~^0^4&gNJ|3dpt(#
zbMpp|GW&<HM7X6sor&`u)QYjyfoRtCmfWEyLAB&oejR@kYwik@VwB?R(3*RL4|}av
z?KMr~P*&I5Em>nL)iA}CId>lxud(u!Hks9WqHHR~$4?iR^vT0{6%}mdtj~2Tu?|v~
zEAsg2TeZ@WuEP_C8G$=BMyS?bW4i5iHJ&gB@wkEQYlhA`6HD^Avr<^MD_fEHdAFe-
zx(*dN(s6&Z*z`EX0V$56i8l{8<V>No_}GF6@V<H&mS+Yz27Nsx+5OstqM#E5-(|4)
zjr<3rAB&m1gfnLoqZ8e%Rok@G*_+}aan>nA_mH|@82CTV8t<31_ZGDYwS^zv(Za=E
z<o89eP9M5VGkBwG_HwiL&v043!df-*R~?z7o^5|Aw-e^B)KItzg1k>NyoYCLK-7T%
z;qb(Q@^4a=J`Wz?eI=|=qiUY8N+qmZKD7&7FjGloWB(WX2P{Y#Izu|ek*zy{6|VsZ
zq_Zp+@MkA6Gu?P=$+w@LsWxKSHXH}>y%KZaVdSzA;?a+nzhB-k9VQUEgn}*^pbu;8
z4%UB%356@(tqqLgZIto3%Ca8X-X_WQgzuF<7kvgV$zV}%C=v%LIRNe9M-8C|$d7$I
z)*W-*?OE_Jv`s}G?wXNrrDb2DTIx&G>+79<xAlTI-Jc@gS?C0ODE-4IPg)Dbap-eP
zi=NXOMx)d19LS~tgR`D4iQlWwJ`Mih{M&!&q8PrfYi8`7m|Z-GFNl5_z*l7?!uXb1
z`y~J6{N~1QVx`aif`!7Ke*fujS04qYlYf5td>4_qEy?|QyM%)fwZa#f(tl;dvQ<HB
z_rD>C9M}o_GdcO9y@4jZl}QOFGz<<j`A~N(U(8r+72NG4Bc5#_3_JB2=gr;=HUfWC
zF=J>4^^MP%ba|&-2riU{a!;h;gPQa`sF?%aGir}ZBDW!hLO#qPwLExVgzn;?524%=
zRmLGm2i5Zdx_WuAY+E=tgc+!zgGlrzfU%HRX#_9PV7vJZowN+LH}_s@n7v3&sI51x
z6*I;s$cdrr!g@&bDN2J_DzUHk!(4x;u8C@vMWygLqKm?%;szq5t9N;Q&~Lq55pt&7
zi3%a&xU%(^oaPcDLkbVa1=*qXYqfec?}d~+7ru$ypkv`l+r0G;m(FfEk{urfOEtO5
zpnNe1QRtbrEDyC4>lbSa8K4G!=o6iwki}DSM8&W<6fq)C!czaork8M$x~+exkd@p>
zQp8-dlF!$0RBFs~1L<6LHU!}<BK)A#Sbv(=8l8HlSv6knG*{mXZ|XSMz-iaPD_08g
zK@A_&`i5EU<UQSUTPZB?X^_u4;fU4-=;3&XE|{r3G(Bt(Ix{4jeShnLn1uyVd+8Wi
z3_zIYjvJ8nBXHRSU$epd<_3T74{C$X3!dLe$KR|Jj>>m<UIVv@CyVE}csQKvC0qBk
zPP<lXwGVZUht>OuDgGPh4i`}0D--8F3@6J8N+og{0i#Skc*0(@nt76sP*AU1wT%di
zb!ei(!a_BwKhi*fRx)6rWC=GdxOMk<V0jdo;St0|7RXf%wGGPkxcPrGIW}HGb7Omx
zbk#%m^0>|*59=EUqCvlH)CR^2UTEBA1sqsx5k;vrO0CJ%TD{vdn)O4KJc+QWX~P|g
zn~EEXL@H@16iX79RpK&9Ds_e@kv?u76i+qx?u}$w^mJL4ATH42=1p;zQb)1w(Ph<W
zo$G~5-gvMGAEZD3ZUuj^eKkQEPo=BNeRGj`NfX7ZuxoUVI|k_k9X^3sHrxbj^jeKZ
zzuK+6Trrd&qqn!eG8ye;JtFG+BMgrMlBiX0<ZV=zn<Scdi}s>Xs5B!|hDNbYk9qUb
zM35;H{nWVd&GAQ^PC8=D-6v$D*~P{^5ryixw{$H^LNpgXlmmZgs7=%*jaH-G9rX8U
z#Uy<nXV@==cM8j;$B}?I(PN8Q6@O@<0K`B|T9{s=^cuQEZX3DTD}B!PB)Wwk(U{xM
z&-poFT;z!Hj!yke=iD)-e1CpUdSbMk{}!t3(4%5G;efH6>2;B=T0!ap%uZB~L|0F?
zb<HR|^T+Fwau0tR)#8>Se}x_;i4`lykQ=w^c1{}8-Y?T`LZiZ-3!Y@p!jl18I1Amp
zn9<uD_hGTC&;@OZn@@G3Ap>dTU07lduT_+|u(WBHqLFu47$w3|TohMC{@ZE@Y~g~H
zUWQ@Z#G#9XFU<CCzA*Q5r1`n~!fds>J+sGOurt1kSmb}g#aoM5BG_lNJ3OB+>im~<
zlMRLVmZqK{2bggiUHp)xRG8!=^C=ep3tWkbc-Bxd3`RNUK&)ysJH1+6#?DAN5NkA!
zrX$36<5;>v#0;J54Bj>BRlS|<vG0gFLwy&Ir8}@iSxGu(ea*yY{A8|s>PD;9>9n(*
z?WMctC5eCe&|9Gl`nt@kjqqn96KaOu*6VrO)a^L1V>+^1%Q3ig#<7m3Og{Sa)cD59
zQ8KhwiB^p)o!?KaCM<XFTvMOPjZAjJj!Z}=#yJ1BG%@shlzI%!I9i&#CzD^JHU2-R
z6i_Yx0RHYt?N4M~95pJnb$srNx+iBoHG{ZudYXT%Gc-ctMxu`OjGIxF8p*qJHE5Pu
z>*Oh%_4IXb`G;79hi2{|7BqTJ+B8~KjACTIT(R;ChO?$n+cqo_7oQ}9WCG7%GOgBV
z>-vGMAVcOH_ssb|IwpY2$g*6+l*7+wSu$$+aF#Q6@G+aZkg*;%j6Rb+>a&uK>hmb@
zH=BP*?82@twkFMsP3tyvrks_W*7_M6&WxmTHM(BnSSN3z&sXlE=lp>hoYxy>;{_|*
zKY5dp?x2a67;*y9G1zLN=0Lf#S$rl+K2E~L*XVKB)SK-=-a4-x#mfpD8AT<P0US<Q
zbpx>!iK7+L=0L4?b%T~CQUmrc?nTO_IZJ;YcQEL?x`#s>KGR_o(5Dnds}5YoswfUw
zMrSLz@+2V65hx4cO%4Dw28P*7TbsNj8A7TGj?+|HS<_MG#rFS5S+pp<hUvAw*)<2v
zr#?uTI7leHmwdjxy!m?b>HX!`&({}ccb73YgjuO>zn<ORUj6Ok<wYtX)&%`sP;!4v
z`8aM+66Yqj@n|SB_{DR_*t5~&pKP;&eTS}P+~lo~{6XB>?qsE?k$R)b{+P~MN_U9Z
z2I?&1V;!o@5{{z5GFDTItq0;oO?z9}z+ACybQ`U%zE{U4VQk?nuO_jZg<-&BnntmK
z&3UleEI_)dqtu#At@Rqcb|)V{%@lvOG}oY|@ra<im<B911W=KtW4h^d6wqB_faVnS
zGb&bnzF3hjyGJZm_==Ju&a!mrSf9IuBi%j#sh$i#I;XUcinT=m((OWy@^r}2s1sZB
z#aehII?rOk$0j<HJ3r*x^Tk@jLOO@mB6Hc-p%HJ&n4vRYtc~p}wklSD7J7drb)MiP
zRjeIDcot?0d6+FU+U;JuIe5X`Xmhg#_~4t>ycM)LSVAvR(tbL0ZMiaB#<JdK7%p@N
ztsaI*-G{FHal0a6YQCsfBG;S;qR+yhiM6UapekE*-l#zz)Qo1!SWjzy2pu)P$D>xl
z7wnLh-a~S_i$!z?B>@G}dQgA)UKJ!$Whes>4o|JYpafre8N6^PU9*=UEgeFZA40s7
zIua=-!C}rzDEwT18x6h62d#c#C9&Yljl((dW&D6U%Re#l(2aaT!zZ*swW&9c&A9-Q
z!o|z+1=hVt7Zck<TCT(~-j(l9>1?0~hwzn_)+OkmZ}O+KV!+wApk#kyB4P{sn(zb=
zIaMQrhjJ{Bg;fyg(Nk2+Q-|6DXJ(aAVUg0uCGwI7Gnz!CoH}}HpBp|evo1##9O(uG
zp*AjsY0C8XS15`X%w2`&;@3Pru|bG@m9SLgDBo9($|2r;a+1@La`Bo2*LJ5pO^^Z#
z)iN-$$1eHbp<3+c(D;8<^s;p^su>emk-TCW(@~F4vjv0!odPd2J$5b*zn(Z7gmW5a
zxB+xEjh5N(Hec}egX~^HPvP>!(Q@+_i6K>Lt>3A(5Alrn)5M*~2sg1Hu*6}@lemkR
zO#2x*Xm+rm*-)l@TGz-Wxy8wnLFwa|gAVWLJ^kg1fw-#(Po00rX9)8ayQ7LbjPQKz
zH7rCdtzYfd&4YDSvl@pc)W~516@X=#%ZD<P(jX&o(u>5F&LL#J>GxzG7e8?6lI0&F
z=@i2CVqPH(<;8Emz9IbNtWdh$00t&r*Vtqi&k(I@wP_COt$k{ImAWiT;TyYG=zAYW
z%$|FkwCb>tTCIQXHKN2y+Z$*Dv)OLyxv6`9OQ?ILm(TTez2u8CrRe=Fhcn=d^}Xnb
zGE=b{>U)1<TX`G>k@Jqxd5e=Ak4Vp{eG{c~gJc2M{Acsh$v4awFQxsBN~hZ7C($O<
zcIo!at90UB3rp8ruV+<>RV)%wZW)L~>zHEbZCN_}K7oJu@5Bq4(gklh?v$t7)6?oU
zegr<ooy5i)Fr^ayEv~7KpCiYe^hT%1w=;>znz(8G@ZvH~EM)?y?j&pg-Rw$iQPS%x
zSo?lDli8*9{)Ni;093}EUZdCT8!tK3z{V=$T5Hg5=VK(6lTYv^8cI3E4_sr6wO8kP
z=TGl8c)NdH>t^evTGd19h|Evc$^)ir`E3_4p1x4=W1gv{g-CT~gLF2fZIfIJ%%!I<
zc}*!Ve!^f>i_>*fx|-HmmS3a|>EiDtDSKhcMh*YSIJ;_Qom<8J+4$IMR)eGtu!aqg
zI=dQHICW|@s$VmCBUYVO@{X!fxt+Wob!w-~x`%&s@-=d!AB%7iO2WCB+G%#1W=*fI
zHB(>GM@F_|v<YP%A3{rVZ~2LP9^1ES9{g4Bv>N$@S=^Vzlafpxaob7mvAA+}nf$w4
zDfdEormjc(kyU~%_C#Y|Y<>DI5?ZMs8(}<+%xD|o5xp?hcD&_|D)t6Bo=gpRd590m
z+7y2aE5(T)owt4Tqk6JoH%UF)=sd7mYptOqY4+<Kz4MYqVnpxQ`OW7G8TNP$eg{9N
zriRHi-fXq{c`pEWJDr!<O2ZEL>u;C;d)bM*v(I<Gu1fO>6D>;s&wo9?xtu=*IG5_?
z^7l`_?c<1Fc6|4E%)%vs6E}{TF68Q_G1Gq!L0HNYda;#(hz`bH<1uFVn&J<aVh!>r
z2<%>iA{wcgs(b-$e>|_#>9l)|zPV3jP3%*Ysjx}iFO)Wq6_yPH-{0flTpT??$3&V)
zq?x?l)AP27*;vR&3*-5C-~Dt{@G`57PL@fZC)nWyP=L%W9(9P2Eo6#<(Msp1vJ!s=
zdOZ2s0-%*XpWEV`*V7Q~Ma={8ftK#naD-sHqh~2oUlOCx5UvTN6Sn?L8@Za%?VIVy
z*@qeIdF4#Pr`2~pIe#e9GfbQEQ$~)*$fHBov!I3gx|f<re~h>TyJjv!2de<bBaEGn
zaXS9*d4v1*pxH8eFMAfa=(sUC8<u|!f7jDqC#HdBcI(xCK1%%EhkrgR>6lJi96X7#
zT|I~9{aGYuQf&T2CzJMmG%0H>{Kv?p*i=G8{4lbNk(@@`E_yGcC3AeW+gz<hi=1;k
z?w7FIHfoK2qyKVcfZPG8UBzPmJd`f-MA~lj>$NA}{6F3fdhs5)yn`E^owk40qV!^O
zEkDGx@432Iwbec_NrMKASeC>jeyp8!7Aic8#M-(?I&zXX9lhSto7H`8y{Y7xo9^&V
zvE6<o>xPfF2muGya4KdFE2;Rjh~D{<*r|@MC7#quhSnO?c`fg)#)Y$~`stj?71}i@
znHF6xGaR!%_pmHw_CX(71~h*~ncZ?!bYAPhNQDKIwxFlUS)4MLQ29Q|#yvxRMHO=5
z_4KKB7-e|0+u1bPC~FF{Sa)n9&~R)jQ(P(0I18JD&ET^|X(q01Q-E)Bk@(+@D#QJi
zp_|-U8Ye6*`pmZ8)*G!C9M$7a+S>baNQA;*u^5o%`I>qJq`*|;)kc56miM_7HBL8_
z1$W%hognj+ntwKd3-BHK<dnlp)4-K}l44hX<FgAX=Fri)(8?wr|0u#){bIWhusnjE
z9pcp+KBU=<XHn#(Ygms>J$@w}zMaG1<@B-tB$d5B`ouf4AtU&Zy8p|y9CZp#cF%Ij
zbO6#v4I`MCmN8>PY|MYf#4sFe;ej`t*_-T;>UCpayk!3a_z@?Uh%23#(pQ_3YBH(T
zGtEXP@5#FDK1u8&u00%!!EA1OGm$q=Rw!1XMU<v9nIk&V{i-`N5uXl{ef@a$;qvzK
z=J(5++vrR?-nhMfe|7g&<|HnEIQ!exdEyEsyga)(|Mlzj+1-Dyw{z$4^V#@q?3z^7
z_Xt&;(4?@Jw}l>rQ0XIkCSAS)+1b~qUTf3`gZ2wP?|OFrUVRH>Yc3(UwkDEFG39H6
zL6x`j_RF4&i)E-+wsYmA1qZ(6G3+Te5DMEMnFA6DIDlTOAvCaT&c?234J<>Kbavl@
z0SmOVVCXfwwXT2Bdcg~q+r%N{|GDWocwf^UQ{&$?&IirT;3&?)Cl9BGhv2ggs7J@r
z6Azs(IOsm_^x|~c`S~M>D<jIw3>6}W^*J41N2Fo0f#;4xuf$JySY4X4rp~NyAPd?x
zz0<23d$o9y5tuW<YwTWuULQyJUE$XQh7g+Wp<N9%%tC*;XHjYmQ)`e~!_->6$y<Yb
zwr+H$oNTbgoIbrHUuyF!rgEmo^7vI1^Co^xo*_s)?4+-x2~XC#>>Zig*PElXqWi{u
zNT|8*gg>F9w!OkSG12o-FdQUdV~ODs8f2l@AQ(*4E(=LZ^sosxql_h5RXJeroDny^
z(M3aqB!hpot)Y7+gV_RayhV29aGT*v*ttsLZ$NE~_Q0&xnlE_qLpnxe*9^OV4H1C-
zgPS8;!v};E(3-t|wUtkt%|jFc(fr2dg86VdxALO6E&(#u3;__|b$zfLTuYn{-P4SS
zpYS*Z{2V9njX2+NN~e;d=h;uJEe{_3f-dp|4@!UBZ>R)f3zLze)@;fow@Js4zhnHT
z@LFoGC#0Gza6HFYE2w~jNhue5`GIJuuH|=(3rB+vNQ_+;aZvR&6;e@C%ssG1Tt1JR
zKYLhhIz^wguT&keP43FDXrt(ZbLWTjYMnPa`U}=&y?2M~42I||uneEY#_Xz-M7BGG
zeWibVP!kVo?MAiJ%;#X`S18#hRh)I#IU>o|8#ybl%p_w9lmJyA>Vo5?WTHsQhCFHk
zLJErqk_KAKF3bFm&5CEm5MY5jHAc9dOf9SSYU)ERypdu&UK8PH79$U1zs#-WHrRsp
zo4xv=*4nG(&%~N==wzO`2aVs{LWT*Uqy>NO<V^#Gl$2U@0VUO2DdgzyNXFH8z1Qd~
zfzobvn%#a}RzX%IUw-lf&vl0HqM;Mc8lROwQadIrm`_;g{QQ@bpI*z<u-N#Z270uN
zmh}-h1G_KElpe>jO~rgv8N(V7W}!dz1~4fqVqM_Va#CTDWIi{Sw|DI9`s$6a6Dxl!
zYEl*<RLkTt2(CJ0CL#uXh5cgL0iLU-kdzZ0%X)9=lr=3{JyJUAefOTfrK?xYJ?tqg
zRQcjmV$kNkAkwj5rEFpu-w>N%U{2GsY}<4n9C#c2DZv99*zN<y&-UrLiBOuu=nnW$
zHgXyMLYLaM+^4{RqXq2pj=A>u*qVQiV?BbeLvF#~S)IxIuoAq4cX<;S!#w0Uncs|o
z>(Z3{^Y1u?p*;BIiv%@^iZ8Fu{)OfL;5rtx#g|u<7JBK9k0+?=x-#W75+gzj3$H={
z)1>*oeAtwYbxJl0f{Fj;_3I(5)u;Um)ctihs$QQ>CblHw+Le@_+8?r#{_B6f?e<@f
zb@VOpT4ecJwLnEor9Zzougd?H_C%$=Zm-_3SMX8GN};NZN&e#=raukJ(hs5Vj#}l1
zlfP%>AP-Q?FbCBZuTshWO#J<4GME2MB_^qXxrOah`4madtNG8%Yc%PwKrZ;NLBi>{
zQJyO(y2$!HYK?leUe~HM{QrN62rWDR1dbMJ7MSW#$x<jm<IVHKN%@DUBP+Mun0g>{
z!&3fGmQVknx>Nh1OrpNzL!SqwRGVXpE3-z~{(v6Z=iB_1)TmqBhvKDM5AK_hF9Iz8
z|MQ<JW7y7}hNDzTrD&$9628Sr?1CI2s2x2~@$ZLkSuFR{%=sElP85F?>MaaqUxj^y
z(Sbt7hsh6vlOiv`6b>|98``=9a^|<|D>lNgz#i_Egn?{$Iu)P6&MMPWB%*#)ewIU_
z#7Z%V20P9FzrAnmZW~Ds{l34Vqhw<;OHcs#wk_Y)O7f1bJ(eQcGbd;4s{;a{#F!+w
z1Zj<uIKTZ?^$QK48+?CCq(}1E)kx@9^`ok*>lu!EVSxAS?Ho_%4MDzUfKi+KgK3Or
zP$BOO=u_11TPU1~g|3KFS(ZZJ9%DwaOaqb<s~HAp&~;9fqxp;mWak-KkW3?|KtnX~
zrm8#|V<$v#GhpKRB(<8%iVbv=+a8e;P0NlcHL(jGNP@BsRQ-QQs7bwlUtw7{^SN>X
zv{WMQawUmkebEIP%4r7tHuG*$v0*By5cH|685M$&&yxV@m5j6<Mp5HNlz6BJypWJx
z$gCrV=&z_D1fV(hz@q1&<fVLzD*Pz?PO{&be*yBg<%+zf=%x0dt60r)Bc_TBT&r3^
zRTRykSi~|5sxN=I9UO27TVI;wU&j?Lv!g=eiiV>tSIOyg0KX!CPKA7nIfCjdS`!)Z
z_%xh^W3-!uBYo7phf88qz3AZ+;kPfWS|aQ#uFEOm`3N}9SfIbA9zP*RaHUjj;31HC
z*OP*Tr-Ewy+Pp$L5tuI;>=scYdb7R4bHoNf_!yZ#I*ETqqdDBl_gFlcMAI3Rask*Y
zB0Ty4^zT)b7HTdppy?r68tSe;Ns9H?9^?P=O|M1U6H&v|#n-`@wia}E!40m1k6&q~
z5!jk&ZwY1mF6UG=Jt)^;hQHNUHn9`ef*WRRM6T&~4e%_5g$Z~8);NlSVL0*uxA7M}
zSimt2hB<$j=+~ve;U{eoJWDMTUWQm%9^?gJ`+na~B=%Hbdha;xzfQb3#yZGO>bn5)
z^c8#1u%DE@Wj`(PtT|+F)8$qqP^gJ%Ss1;e+jwyN;ZzSKU?^M?0}m?wrYX;}h)GKo
z3-eNM?QpcAIQyrZjOJ%-nDsi~Bm(z60Z7RD_XK|&u4dR1XnqZQxA^SZABYqU%bq~Q
zv_Sg-43OF70Fiu<0UFKMFL^>({Ipg6O4=&(JivTtz+b&H-@T&BFZ!!rUZuP|ef5jR
zAH?HT*Aff$%@*F=N)x^tT`G`JfUO~0sHwOHt0bDfGjmD@ijgJlKl@C_`i?cuPnq|9
zIgNjUxnBfbwqh2@!TL>CVDJ8<o-lr*1g2~vGT|T!sa7n(%Zp5EmR;A0OcGIvW)7m`
z?j-balU#KP4u%mEdug|h!fJ^ssdkL_h%d$|p5fp(ssl!l6S-Asn*91=*#&x0AqII5
zy!~Dj2z<njGkn5+Ovse%=@&UIgJ>r!(vg3(kBdH)Czn7G7MoE#y5y@Kk<(F6Ah3^P
zu|*jsPRK7+{*isDj=V9<ZUhspddNUhhLV-Vhpz2(*hx8rZ5l@RBjtS2XWc)i2)4jP
z1HsE6gPVQpB&rR%XsJu(K=zX_62~IWv7JjuBvVI*N@)uOh?>brikF+tCTJnsi)()`
zzJ&*Fu!J<!vFtW%SiYu|s4gRFTr3aN%j!`tVlkD)?3SmJK*@)c9?Cu@!+D%mI8eQB
zJcvnY7EQ>^8-8Vevs2#+&|1eE;GapVr0`}+#WKCngL8+2`7p?Ux(}93nu|oTRn5t^
zSC`K&abvlf8%uT&<6~)vS*%Xk&K!Rj>^h|?TVuD`S)dBP6i}sf;t8z0w*k|Fw0d^K
zYjoOH!*Ok^UhCJbUcV7ojaJily;i^PwwZEusZpe&MtXEGH8F!6L%j^*tMDIl8WH&5
zB~AL8=qLfIfO~%aj9|8#bsPVE=Ut=~#7qr}=t=W4h<T-Ys5N;9*#a~O(wBeKYp$Ur
z0Vmg6%WWHqns(h(<Tg5NC>w1`P)ikabulVyhr>8AX4sB0Kcz}j55!tJUycng`@`_}
zS1{tu*rKQPC5mptY07fNCd^(%=z)9DY!;33s$j0|{dNPlU@*I-<J4_xXmLx;Rn#vz
z^)odT;ubCdloj7j2jj0V?N@(&Sk0H*qJ}p8eKZ`$v?<<?a6R7L-Bs^u)o6Nih<kDf
zAkd1)F8wX~omRDB8h|DEe+DP|_LG2?{oHI+o5XQj)s|mtRBKSRS*vy|w+)}^Z}_9@
z*mkvpWmp>)rP?O62L6H-Vo|@H{9tA#Xqq#-r(;#=@Q0f5YfiiB6pVi#)4whGHwOx#
za5@Z{M!o7vC^`~~j%i3(j8zA;Xs1xnvSjz&nq95a)fK%iH*L4ks=DjVoBklOfXF{d
z@+bZn!9I21zYo>FaaIdYliP8t4Jc#P?YMBncCw)(r`^E@MSa)X4n3mvdJ{Ir_AORd
zH$<!%V!7R8oj>UA8ApFz^WZK!rhf8BSKc5UeUl-kiP4MeE;i7!>}rFX#w@bDC>+Z{
zJHM1U-z&wEM_Au<VaQ=<p-BqRLt&kSTvkNx(H>s4=wf;}V7xBjW}(`$(%Wf>>fA2o
zK@XX2ir^-Zfs9|0yW6M&KfD?K#B`t31dr+J@H5xq1y$1Z;gWw#*~qZxQrbwS7XpL1
z1tS>_CbR#c!@=6-tY#`&lbJFZN;jpD#3A0d0K>W#Gu$3V{h7JYZ$pnJmr7mcx!YW2
z<KDyVm}1`&{sUG0^b_hKGAv`K)v1S_eqeQ+X3wg3>Vee`Tdw8xo3+60*Zrp7Vuoqq
zaQKU~Kg*h}Vb6cefj-TT$inwt4~_Mp?1GyQFd*kWrCF3JlJH}Dz7&Gdb^Lz46ZEWF
z&2L!spx(29{qig~^liWCxs7(<Zx?Fi=xG2SWJ?QRZ}^R7uUBhXuHC3v^_FK_y(Vrz
zqt<CP+dgo!!FFN)X)c1WrJ=q}z8An7xR?Pp3@p3VZ(DyrZ#~Ov!SkYTdvHXYpc4e%
zme-n_S?CrzRa5|V->vm(p;Nb<hT~Xu&+Xt-D71P(vk^8LL9bW0w+r>D;!T+bTJ^Im
zJk@T!->x-WD|8*e#fI0kIyL}a>jZwsZFXwD-PkV7Cu(f=9Nd1kv;g)tJf}jxS+_#R
z!BZ02mIr^Y0IOa1`eCQuYln8YUD%JQEy^(qbeDtOOTHIC-D`#Lq-#1>81y}W+HC?Z
z_Cl-g0L$cijb^9U+%D8S+!6U#w0_aRE&WFqLEdiI&7c-oVbcK$*lIPbw%_bqPCe-O
zek<s8&_(PaAje2ey3@iTxB5wW0sMZa-DuTA-)et(P1~ybj%W4YvH@D|*8N5=uw8%4
z=Y_|Q(m*~@ONwCb_xw&XtXu6y8*iO99PfS;7QR-m`)%KEhCO%7FbmtJpQvq<4t8nl
ztpol`im70Hz_VlWLq~xF9@itxl5%1AH^u7Gvg={f?QO+Z2D4_Lp8b-_o1GXyET1}C
zL}h=#?Ah4or|wm%PhrDA$nt%%#9X4scW3{h&F;NQkGcfkIQz|0eDi<0EWF~rr|yU1
zUna{p1A>RZp_WuAFUBx9C@ozD0<vyOV>YA$WhT|P3L=Z&cl-@DgW6B74Cm?~@{oZ<
z4$2_SWc*fv?8dh|e#fJ&BU%IVF_VSNr2T(J%y`iAMo}$&+H%>w84zrpFdCvvO^v*g
zaB))$;APA*WM&J*ZJxATYvm}DmW4W-^cyI^T1m;_*t}uc3CqgLtqdXyLGmt@`8$*I
zJ8#rR7Dm5X3t!Q&n&%NHC4IddB1iDOtl|dE@|^>ZGiloZaIHg1nZre(ck;`+Ioy8%
z1H3!+KSV*uqJ1q7H$Ma)nc`B9Wsdz2a1Z)@vF1ldc7*_^QbAk!s!jfl(1Jm~bRMI@
z_B~?6ArU*IKSQTySC@p>CV%EL;S+H36A)2V6=B!vlPSEMm9Ec&HIRZssP+@9r^#_Q
z%XeRU3@6(^e7^g7*a=#GzyEao=8u2#UQ$$yy&xHzOuK;%EUQs(HrqQ7+L%d$!_wLx
zk%g(*^oeoyHcU_|MH>LB<iuGrQv@ml*y~<|F(kjDj54Fdctxh+2wmW&8DApSBMoLl
z<FGSj2oJ@+LR6rz-}i%h=Lv_c`1Lk=5tATd8IHV}5$*1<qD3oOSkY>@PQ8B~?i%IP
z2&ZcWHx-{~CYz#kSH+pGD&%w!!}a9P7%Im{oU>woDgh8R5rt%$ti_qJ8v79F;$t-7
zPN$><a8k@>RIa>kBnv}ktPKO$6vkT2(1KdsZ?*bfhlwKR@hlqsiUv4L`?N2KotDa1
zoIAittHt@+lDd0%8Yct&jU<2A2Y_=%;U{dPa%s+My_VexmfGW|bPb54XH+?~AYhS5
ze1>%`R@Z8`{7$$pII`8tU{7+OElPj3Y^bE#UPMazIYOs$cIIl2ll3e|?;Bw&Xx8lJ
zW5yp!EHyOoht$Hy)HQ9_n7Y@ld2YjZtiVH!cE@uquU@ZP&4$zJJGFnH-EsUijH$bP
z!5N!GRep&|TYlp+!X--?S<|<7PSX=j;6788D1V47t0|H~kKU0QqMt6?5devSUDN_9
ztu8SUQ4;c7gs`BcJm>=r6N!4G(gZ4rLGbJK_3``n*Vn8QHWL0`I);ZDV;IXxj7b*%
z6E{KbUB<foHo7|v``&+iIFs^|?Gr4CoC5fRN4G;)?4T@WhR0G1KV5!=TPF&(PQ+SS
zkcn9eg=l@C@P5s1>=RS6B^rTC^xr9p_?_Y>&l93xAx{#*M-~+{Z5I-lKZfLrCqb7|
zMq*ivFuf${Md1n<gHVfAO#(T|a5wDS2GeLlqdCz?br`jX3`2kKTZlHnFMt-l00K+m
zFogfiyrDeiD+sP?Zcw+|^_@#Rf1ty?Q%2s9HfvLEeoq3Q^4BAm@b($yF2<=xO`oFx
zM)PGbq%}yQmq$XcRfh|;AEc3RyX>^r@%ycg-Lm?w?O64e+ps(v4b9uVpjPjN{Z>8P
zfSqR6I2nFg`M7@}L%oHZHu_XCDgxyBT{Wvsir<xJtk(DmkQ^7LoaTX9IvmcfuEX$(
z0C>+F?@}CZz)#&%WqAckikOfKd0s)d_{y;?4Yu72y<p31K?aRA_cW_fbWtZ5m%FHy
z#%q%ae!E|camhYJcR+?tX!J@RIEOJ<P-TLt7-I5I3<iGz9j}EMaM3Ja8V!Y&oH1RN
zARB7pEH)&MPEg4j238bf#tJ!)MV{S?Vw{)gi7LWctAa*W^!NKy9>cSeOcc{_1sD|o
zD}MCQ6)T&4YadvIF5T06=3PctQQ;2QvM$GR3-pjI_o)b>s`A`b!pSHGU1vP^3KzTM
z*qwUd?+br-y&lV|aH_J#d5|jy=2d~Gv<g;xDcD4f4;QC2KV><|hPxEjKT@vBM5N9+
za+UiQtMr5N;VHumnQUMQbbC~8JY^0d6A5@Xm^fmVX306OXHs6KoNaGnQH%FTonaO9
zIKl(T9AVkW{SbPN#>0COjt0;G%SB^MraBE_N{4@QO1lpO00m>;#t{MLH<TfeF?{ho
z|Ad&ciqVM|IChh=I*+D!NO@XnbPt*GXIGbp;ql&PgLY^0XBe5iB-}TXb;ht|mLJyI
z!FIC5;PZ_u<a8PlgJo-yH72n^JzkS;r)*s5LLnCfeIJdoqQ`P%onvqyQTyeiiEZ1q
zHL-2mP9~moY)*`cZA@$@6JuiAHaGu$-`d@(t?DnQ@A=++?|shih?jt(RI|`e-h*rz
zn$vayPVP{<$xb31eAJ0H>Ix2g4R9?1$U#X=51;X$5TQv%;}vB5%Nw4YN|qoH$7x4y
zqUM8gn)(caFEe#oWckh8OHr?p+db>{Vh+muFWYCS4Rkx8V8(k)OQ^!sThc~+Qb@?K
zJR6M&(eoU$dYZhadH43e@@b-8@7CQAvXz4Xamuj#J>pEX>xHPqkShynp;(sUV5WW=
zxngiDcw5zdhuBB<LcbaLq%r9ATb)k#T^OM@re8@gGc7_b+jV7_2QjH-n3aXU)o*R9
z+-(&J5rjb9B%w{_kvd-S-}&z^m|nU=w-?E%V_t+`x-3rcd2Ljz&tf|$8O%<OFCD{y
zxx7p78I<g?U-~2yHxJ9t|6(?=OB6p~0{XsYzONr|k>uotKRcf8SQ5soXj%;~l54RF
zQ;KqtUuvG|2_Z=8beZf|U3jk&w@~~WYJ<)mq&HA407};NvF3omL^UVaVRm>^tsA_r
zEfdbrPWhH?30E9cT6<ve*MAOjCPgT~un5!t^^L#-bzvd$`Ti5(5@yPclyw-pj08Z_
zUYg#av8>D`a(_EFi(D@k3784XlCsCU=@N4*fqhY;Za&n$9GskDo}OPf;x^;42LWdo
zHw&1NV`hV)S??pp<mc)(2`~M4IoJpZU8dwE$=*oPoX=9sMdMP2ctc)QErbMQ7#^zQ
z%$eM(%d9n)3Tp|H8SCYE>Eh#?77^F|YOdX+N9smM2g66WcPb3GCI+P-sR(zWt-}7f
z;xBG+k`0oPSBh|1`3L{8-?(vDcw9%O;A26><eM;`_G1|>gBRA@-X<um%(=#-y6fmm
zMRVLy&YLD4pGGk-cN~HCfGP%FYjUy1q8k~@wi5LsRH$)Ut;(6aXc<^zEci>7-Vu-;
z*VH69QY2kV7F=|HtO9LTj2BVIzH$XhmTW@|d+45`aCkZbLbYFYN{>~}u%SnUtJ`RP
z#2X-JtLsJw0&RpTR9L|;@DaY#aYIPdn3!rdQ@7i7;Lx6ev0Cg8+F}4D_c-hm!HaRt
z<(;k~cK6&fp|o`NU#_E?fT@9coMCO#h|{7xEZwT&UG|LE$Xyrjnuz$%a+fgGv`a7l
z7NlWo=Imq{c3;>m)){1QIqvUXd}80>n~!ivdRMqqScG$J9t@AZ2dK;Z`WmizWzRw=
zW(OSxkB9qBtVuu5o4*EFW52~fsx!qO&^jib&6{6*+hembnZSTn?q0n6-Srua6I0DN
zRk=(WxzJ=~AGO%D=0050{wm|uaXjDNO&GeHxol5k+oB5TV!Inesve~aOQWu)GbpGk
zL*eVGa<6_%+^FGjmTaXx+tx>-1e0O2Q3$E|O7cV)rx<h7syYhXl=B3d=6*>3N->%Q
zKNoD$6ANMgW{|9BLY<4EM6`4TW3)U$YZ9YSpmDlve|Y>WFUjoB>U+c$`Qn(g*zOZ%
zg9$i=O-rLaUb1}*>OMGxptUkJ7a3}(#NT2%=N|eLS^6Gs4wN;XYkMgHg1jKluzF>I
zr6<aKoRw|_e!4P1q^Q+N`N23(LpgOGx6z_~(?^bulF&=vw3}Qun<14j6pS>VZoE>8
z&yn2UwbXI+1+&W0Soop1o5QC_@g=RzR%~7!Y|C%OfLld%ejslC)G-@QE+ZoFm4+bE
zjrqf{_-{&`I9-`iA%^{%^2-nAF<+1~v3seT#tw<#@8v3hh1d7_Rx_}D%7&xKj%EIo
zI`y(jtzapAFZD$@&5RhObcD1_5TCw1>3*MMoLY&cwST>G5_pmx2f3}G9D~CpS60*E
z>`e&t$pZMOjF$=17D1<!&cC*km}Q+I8D+0p7ErXvuvrMAlSD4u5@4%V*61-0c3ap#
zXH1PbGtL!&X_y=*W<huoE`mF&6#d&dkur$OXbZZv$(W38X-zMs+IIH2K*%07d$()S
zu~KI1=y84K&rl^3w;SkXbmIv~<c4?eirp4|S4B#Ht*VE9JBW5Jzoe>goIlGG(5qdx
zKJq^Yx`?dU20EV#?4YWtX|8)J!-Dm9_tzd;{Q9kd#*7yupXGBe88ZV3x(<ZS<&jKu
z@kZloJ5TYk$BgWD`^+{3q^5kbQ^X;^ksxRK0-9a<PtM2gP<AEOO3etD81mIk+a2by
z^*H6N_1m!ME|VzDLPAsHr^Z^=GanTnh%rxHt<L@m!~CydyaV>kf)x<p(&=2$L_dq3
zR^JxDcwAnaOH)h@z`!RcI)smkr<IzR`G-!aT3#gU%2ui=RnQS-Bp~3Z<BL*I5)CNk
z3%bVTKJ4(=sM;>2i86S$neCtZjugV0LDT0iC&HJrT*GTLWa-S^K12s4v08Gl9=;C9
zgDj809vai$yi_{jaCCChWngufs8X3%zA^yOf(LxKiL=Q64%uit$<P?xNe)YFWiuv<
zf6zgyE~uAubRG1TmHlm<*{7w;?1&XK433%{1i$Z}uKLzURcY6qrr^-YlHplLHZ0}_
zk)2V>gS>4wE~wnWL%~=lp4nd@X!X!sb-NPZL60m+$&=s(7Di@LBb<Wj^2dMWtn41B
zK2&`Ow(a?#%cA^SltrO9fB8u27%7QYZJi$EnObO-&|kzVeqfgVq!CK`3*?pz8MCi~
z8)W{)Z+cWGlb-@tL>+@9pQgFKxO&{;6-cVrlKu&Is@s`MaCh47UMR<ddUHgP(`Ko;
zsEKtsRV}2SO$hL-_936x{HTd*U%v&q0dBqtwSjb_4mceGTR}POq@>L~UK9i`D94f+
zXb(<nKNk4%77uJ4N*S!5(3e^>-r31^5+-6Z?{Ry!qx~d1xX^|}VJ_wKD3VP^xDJ2q
z1abp2Vw&m$TTSL17jf+`mBBMd#t+&`DP^`BjC({gBoaQD;Vq*kz&uNNbyk6$#wvxX
zIXinQ1vdGu_J4PsHV$j@a^T~kAf!{B`I(ak{p;j-7b!QJlwa`A+Fx4kNYE+x`Q+r2
z_-%FztMaI~)j5%ivL!ncH0Nlw3sQsa1~==>nZ8`h0}_Pv1+sUXy@6wt*P|0e&lZH0
z6!eA7wL0^94@$V#7ST95UbTQmQ;il}C63Nfa<I^M9&nA<Wjo_X3%Ev$hPleeoZ2<3
z9}VAHuE2d(VOJQmM6jr>nI80Y8R1h=7OIDw^41;Qn8i;_kNy(5)2S366zfZixL!mE
z!X;AjHaRKn(`9hkT)o5^IzEkAPdpkINNi63iyRE>%&UAvKxm61mUstH(O}K)bA9y^
z$W`4&(2zIqjlCUP_PuWU@CY+HA%2vhv35h(k?*38CKw4_qxw&sHyhrb)ovaM=t^Vz
zIt&?0?T>i|#6{I$U%2(_YAyAhtp2F^DENjYES;B5z@_z=@5XY^Uw9TtJH!{a%X5!l
zc8pw2W2+yC@bVYf*MJAYe?pF6lkUI{V@5&5L#P)(B4HFE?V@Y_j7BdKJ3&@7ve(Rj
zX~<xyANhvBA=_s&Ic#w7n{M^Cnl9p-q&sLpX^c$0LdeHYgj_kx)|zRBcTNN<QDV|X
zJ*~gqd%NnW+)GRQHz|65mzjO4&nG1^a$%{}#(G8x#o0d)e-G{g+%Y*+K@4;f2<X3(
zr|C>kknW$*b^WoGn66;2(Yv`j1W@p_oHDK_U_};t93eX0-(iG=O4p;J(I*9BBPR@7
zuvO-pycybC;{<owNBQ!kxs0Xg>o)Ji5KsylbGE}Qz~M45tp5(yOE4Z&#l}LKud}>X
z)$af3D3OJnS3*$*zR>(iX_knRMUc^HLklF#q~H~n&Fe;vqW|bI!;0re>I0>ERM2no
zM7TMo)f6NXwAi>IF1h$(H}rj{%Ayzr#dxX3*wynzo=77%cZWj5=d?)N+S$0%p4Led
z<w-@^?b-?N)`v`Od_&sgO0LxZX5V)riCQQYll&|17qzJa+7=aQ;p{KRPoVBC)>kvy
z9`$9`#|nHIYfg*mxY;5%Jan%>xlVmpkc%|xXzx2OM|4mm1NJ&d<~Q>@#IcUER=B?D
zv&(|F>~;Uk+a=rU9kT+^js`M1ENn#<8QZg017l;%gR8sNCSk+H8Brm*6va#$!QAf_
zf)OvNh(8$sjFD(Y&k0v5(se?D<<kL_uZ!#mbu8urRKF6Na&;jWU+J1X@vdy?U_|GJ
z7h|^Q!~kYcbP5{09x0&+4&qLJsEx;+G>_DOuR;~kkHY3_C-c1L*`G<O2$hwr?zrz3
zu6z<Ex{)vjxp{lkU5B`)S)Esh6F!#<eHL@pr}ruVf=>>oh>tmg8?!#G10UMZ9G=XN
z+woe=%7ts>Qr8~)Om3$53Pnd3NopnoQ&w8n&Xm$at*ZPFRC_5rfT?sjfx{N@Bkx)t
z!OgFtMToAw>I9Q~w}%#sc(<LFD(hND{y<X^i+awwP<9}RcH-{QOjQ?Sc7tkakvzKV
z*R}|t(uZH%baL*!<@unJ_L9Vi(-k{PmL%7Yr#0%NbLLD$d#Pay3$#{A*z;Lq5=HGe
z%M9tSapwDosZV0gbT@>!DbBK83wXuRliJBd>15mKcgTioP>zO<m*h<}k?7x<RonmA
z_bXk)W4|&x=y9bIOsbqf(Na*@8Q6U2)xQUx`l?l4{U`vVUR#Dd^0LRZltu5q<SYpr
z35gYoCH&{ts5g91KM1w7)?rU$Bpg@aw=6ci%1YQf{A)IUze^?zuV0tM2{Dwr1|&z)
z3csEvRy1^A8C5U*TV}$#B<vql%-PhR(AJ9QcHYlAj;^lGVEaiFPVqRc$_<`E5RDJy
z<FTz3Kgo)@B7{n#E=kHq9$7N04}j@x3e^0w;oxgDxJvtryH7hyYsb1jC6gH@GZq?g
z*}c8ZZmD=x`)iO^`}>i5hrRAVrQ9Cc5O>aHd+G$N0m-C&Yxv9ARtOh3$R9=iHj?Nj
zB~|osjSNZi@9<x+=2?i`g!?J`VB;geBE(7&7HR3*M1R>fOz)535tRVV_=0K6JQz>p
zrj5=Yc-nsLSY~XNmzMR1A!)%?g9152L>b38)5Y~;<JW0kca#~3Mj_rC>_Jl98=<D2
z9AW%FYNecfqgv-!6o)@Y@z%Ir?<J<aR<w|fw}#j`(Fs1SYzT^{dtg_p*H>c!RN!{E
zn?ONl#+q$7v2b;eJ1NdGVTk-2fI3wu=^;OR-PgS#!On#-hrGFt_@)~xamw0h2{Tsd
z(tbav^M{;!v411jea^$CQ|Iz{7UTmAwFcJJmr#c(LTsh-UeEF{?la8id*<dyGD6>x
z-Q6FH>4ssB?(pOG!#B4XRi7z<8UdG?l%9s%uQat$LCrHOzR_Htw@J)VCwukk<iS+1
zlV)#4vYFn?&p{~uM}HV2Ea+=cCQm=U3hJ}9@*N@Oo&v$JMtPC?O_jtZ!f$&a4u#>0
z@*D+fz1iyT(|`6{L$=am`f2)9NQ8X2z==}wMcPPcd6_zwtEAvY?7znWvszg!smSja
zd)w7{hNHnlC;X<oeB-RX?dguVhDj6=>GcE^$n5-?edwvGf8s~>i65QpXLu8>xC>#r
ztiuOBtCk@)HM_8acl-E_wP&%|JBu}K`L`<xiCU|Ej>iR)Lt3!*Ox!ZeK$P~Z!Jg|(
zEjJlPa+lD}2F7hK;Z6Mk3~a8iAq0B_+*qnd6mPW$cFAcBH$xsvvc`>be-tOnbA0y9
zYIhPyc=QnVPHt>1R$PUeu)XA8DW>+sO_Xf&AU(N*g>e<8zJJqv7{W%o^n@np6~}$w
zv|`3IaPswuq?sdBB65xfVS)M(Xzd+jmxbRqPDFGJU#{qg*IT><UKM#hKn!-+$#?pQ
zi|-bS)fo)_oj`oAYP2`gfBZeLfs(4qAJy=>c5BfG_ZJSmqLx%-F8u-p{Mf)}*C!<h
zv0NYE{&=qRalap1R_D659uB<Nf4z-c?4WvhKHTlj$tmobj<g)sq!Q9MBm~~dGH?4g
zC;J`urwdKGgmTLPv=sD>8_{B@y!=_HSUH{X06To!c~={U?oHpmkLqEn%R&7f%?9B>
zzCT*(3dJTBo6Y?PO}q7u6a%c|vP613_PqfG{J{c)uwupp3FCwb5d6YnJJ9z~{qfQH
zM$<%3gsGE)oW{cboRsjty;rSYW2nYk+*B1tKHJKPeC@n|-5yw=xv$pH@g9H{divwq
z<`%ffQ%dD<TqYq2Df#F-9aTX3`AkG!10R(7L@JJW95VltKpYqJSg{}>TBbwP@`uA@
z#<jL#046&@%|GXN$wto|oV3P3%_4dx@1OJ|m4f_%_X}F-xKpItP$SRH)0Tu-hP-2r
z6S5!u%fm@P4u5JTv*z=+N}VA-!gifGp^Y>2sn{$xtqJY{ys*7%vUb%^a6PB!7+rpH
zHA}4g6Oznp7en?vYkpmGsZs~r`V_)n_CtyWZ(~NhqWsz3KaKuIrs{E#JJ#HSRpW)4
zRR&=@-;-$j*gFM<8jrATDeU>%!bhCDIy~Y`IsX^|Zl7SYdmo+pQg7-O!bpt>k`$(@
z8O7xswxPSez@+CaPoRUHy!+0f^JU~0n1Lx#W|2>ZoU%CJPk#b6{@jqYx$W8=q@6r4
zR85|M@(gTdVJ1n~K(XY|4V7I(kqHao<6^J&S_yjdnTK+eTseqMJj%Yl{vzDHQ`zEs
zRNLeLu!V7|BWs)vF$}XCtW2&Wb^SWYn-9uKwOU*@d^(-dJciH~ER?`EDX+qfX0-pw
z#zcrm42lGyYOAlp4V}=Pgxr%DvgC)H$#=@J#j&dm6pn8U{ITl9iE={7*_45FdEEHp
zX}2VN1}5=zm4<9s96vwHsbh)z;?JGAq!$Ga;3&Qq;k$WwN(4x1J4xh8yhPLLDIG-r
zEnhL1wPfFvJ&2CPtmjI8{VTUkU^m0c)<bfo`7x`mFVk47Vvzi;c+kV880H>3bDcHr
zCd7(Nqm2|~1L}?DPlE(K*j|87Ce9ybHQGTm&r;F>c8qf_-@*zywH{tOoX$YcCUkEB
zpbRdt;a@@TCAo;A!{52&9h{yJ8)73jL(~r$;;`T`1SFXH`Kz3<)mLn!pk=uLSBiq^
zK$3^YG8=E@1QGmy&sfW36i28#_78cDYwb3=;8asp`-GaSxSAcU@CA`U1wO3~%;iU%
zmnS*aaSXIsp^TS^8bDHW>IT7C)t;mkz)#raV0cZL7~YOgqkr|5A5^kwsAe%djmktS
zBUZ*n-#Pg)DNB&qt-2A$MWW#&z54_RwkSSw;zl30OGHy>USPlMf!4d+WlntkT4kfw
zNoa$8M|c<D-GjGm9#q3B=Bv9{qVrfhGyP6X|K}OPBsK!Oa4V!vg_i^tBMG4x2%jyI
zP5miv%KM;6B7O6?4mGoL1$N42&bETD_=8*I5l?uUmFHf-Q`D@`Hnh3sLb?3lMcJT<
z9!oN$IkyHZMKWj+Wtqn+BYK=?Pq>f~uQ;oKLXt<^^n^v0Xo-JQvoEpY=S2{r;y_NU
zrRyghXiAn!{49CKbuB1StPtS?u<f>C`~Z`|Yg+NEgCi-hl|pYufIk05$~y{ME!GX9
zYH}uAtvsJCN^7Fz%{!NgC#ridEim*g#B<kb4`KTkSfS1p^OXa=fo{Qd(tXKsIp*8@
zRr&C`3|N#ndIU5RRlywG8+yQyt#4TOC@iJH)EDb<X8lQiGTsHpOBxd!c(zV(Gq*O1
z{1zSkTk{*mue_3ft{NDVvDEdDrqI*5H1&;qMeVj|YXd}@W6j_Tw6{LQqm+>l-cH=c
zt|CEt{yB^SxHm>Cg~2HMIswro=W8lW0UQG$Q9&$M&NP!^39R`>#&B=S2GA(-w_soo
z@?IS!N5l3IiY;X|l!v({Kubqyw~X=`*Q+egBIrqhE5Y7g?Kc9awt|qrWi8{?ZcLHf
zOMfhMci|GIG-*VI&_p$V_S!@}wcq91lfQ<?xv#|8VoA>om}5)RO|>@>i^ok)tdf$$
zljwBXq^2wfJx#1XKXE|qzw`8=)RPi2hr%#|j%h7vbhMJ2VVJAM0B+(7t9XIF<64oa
zW;>vEd;NowsARsilxTP24l|W27CZcims0%qNZ_SoZAN8l*i7sqFEZ<gI+%B4SP!5_
z&05P8`rwPjkJw#vQWwS?^lh*fHlO>is{1KZ4qL**<&h9bvL@beS+2A^N-U@Nvm2Ps
z6O{`@sm2Qtb#vbx04TN;S1pPWnBk1J$(yzT@k*-8k2;w2?~`tnY|@~s$uQ9N`G(RD
zG$bk;ax)UIqL<^}k#R?QKEm_s_5K~Y)t@|38)mG%qz%zerIQ01+cH}<S*bdR`;L!n
zDb$#ZTiQFJsG64DbNP|_jNtMk7>bD|jqPJKY@&`@CKqx^fW;(lV{0KeLGLi?I|6vt
zmZhCY_YM>L2~1-l&up5Gi#jKxhJ;oMd_3oXWip*iD{DEvEs-ab4QIa68M-xBLDq?M
z9ppmQFcEb{=TH$+Gqek)cV5O?mV9>HN^EkKLEY-8FE0*ehwL-qRwzdJeKuoF-+Ond
zFDdj)71&$>P`|_vm-Nn$k8a!OBV)K{B?<E@+|O(QlS;x-vTQNlcgSUVH9;90O6;6^
z&}IaR-jX9WI={gXa;_jtDmO3%TXOjnj%*Goc6MCpn>~B%4en!PewddXf`{^2N!CQ%
zAC`?ef4kpCD#sKGI9RqKQ*=v-B?58#pzOw9Vb(4op#Ch+5LGc^_NJEH$<OjiD{-nX
zM-dR@=j$Z>m7Fq@KmE%1E28W<8(W%{sd-vrZ<V-XHKXHxZ%$oip0=-odQOYnT|V)o
z@>)5sxr9}Yk%LO4>CbJ#q?hP#(G4s~Z+x8LZM!RqO<vyIg>6Zxq{K&50)}0SfgxkK
zv^8dS;8Pr@-)5Q$k`1~Q>*H$3dq(pDtvlLsEI;Ih21jjIS9MO_2%pBWaDq~KW0qbp
z=DB4r-f1wg4e6d}&QOwPKv<XgO_*JO*~>DYOaX?Z9JNL4>+p;87G?;f{r3dr^;o|s
zu2>!~+CUy`>J$kAjSF=kA^~h)q5Jz8_8oF8@ZF@y`8m6~s!!#Zd{D(avCRG&#<YV<
zlcP}g!%xpDV7MknfF)Hm6|y(8bgN3dI3?9M5`4P7S*2gFMRu|}He>`**s&)%W;o@-
zni5>yD@6P~Y|ffpf60dkQ*m#unDQ_`dFX_E6$Wcu#smM~%bsc<xLHU(&%ANN3fjOn
zkU65#jDi#vuF8Eqf?c>5@AJ?q?U3&}8pDFK+_x%K?+74gkhL7BNsAkZVz{tIAAnAD
za^nY^W^l`ip>-<QL_kE34eqTao1Kz-HI>9y1P46qXrua~slF9zn1Ofsp3c^wN5!L<
zrNi691!5eU8N$WBsFEUGLcLFSKZcP2G&9t)^d0;irQ<Fhb>5;gZbE?%Gr1n@yj*ds
z9xm70=g*t1Af!~YN^CTRWY78rZbE)-ykpJ~2bhOMg4yryCr`W2gHSwr%1eS2CYrpk
zM%qI+vV{m&aWPqNiM$pJn1>NYKeJU{437d*8WUGAaCTuy5Vp6yP>>GUJ#UQxWH7Ko
z7g9`R=KJSv2hxz?#KX*AqE^ArCVr#|fd*Nh^dg&xqCbMTXfDV*#gF^2Bli6lnrfTA
zH8ND%x8B#zY%0)O&_)zXC*x=k{uFbP%FfUTXFSMzNtU3P^4*p0RgD>5W?GIv=goKz
z&ERgoU(K>q8ybn|GkmT~q}j;=pjW*>;E^Kq=-u_qLdB~Oi%(4o4Wv!0ef9`$^<eU$
zOi(^K@49E>oRWq}<SPz*=KMjLdcyVH25`ef1A~kN;WW%KHif#Ek?cx7f(z1B_E{(k
zj6}`{$w3~W3J8$2&A?>7ReG0La%Bn8!$@6a^7e{*;37#nSQSx#l>a#b4tuc?)Z!fT
z$t;vKa3wvI7Eynuj*>V_So`?C=<wy=6cq}1$!BmT4t9LgaT+V+DZ9xi?a@M(M<_8k
zR5yw@PLm4u3qT;b(WN8?DX_seYLqm`7$9Sl-%sj&BtIXg=pGiC9ahIz9oxEpBJCoU
zbrBm?*~9&VWh=c^_R>rPD6~)iIg_z0>k_*ZFE(EnV^5xlOpGCQY&Wjj7ueoozbwFW
zftS4V<GeD>&(fYO&m6T2X3Xr!8^qO_$XGA;XcDog0j-AvovimotZ?}`Sa-uOC4^rz
zslv~>jK`o)lUE-_n2O4u%U-L4JrS`y_-<tVjEN8G`D^N3HyY_TU|d1S;X$Nt%%G6@
z#QlSE{$1dp$<oWfAtY_K(|h=wFGf;+p9@E>)G}eiNtQ-0D3m2XnB|YbLcEl7xwsH<
zk@sK({ySfuv%-<Pjlg%MjC+mFbyaH&H}T`KQ%}yAAuh*X1!Q%Ultp9K+_>YC<|@2A
zUb=oiN9YP7lDH3H0IZ3U{=UTB3yPn!2hb~7d1RMZ+`>J*o`UD#GHN)Q$f_19Vmyi-
zu0IyurDB<;3|Xzk#UZ}eOkY`C<<yWAm%$FPpW^Y|V2~D%6j-ud)|xR=u&4FRtA}-n
z@L1=g-TzHdzj0>{o(r;quACg`7k}csqMnWjfx7mdX}-dE{{o(cd2;rwDTU`lJg{1@
zG6xDGm8@0TZ514IG_YqPhV~P;;q~7LL#;uk@@bgj8TUc154OO&;g<xkJEN0`n}*}=
zYQfjpsOKIOCUN9WtPX12T+}9KtxANL*&D!}>(h~EJ^ypT$kz4OiB=DT$s5?Gpb?Dj
z;fx0N?4&tF1~j3UYSL!oMfb2u*j_-4Y5L1oR_lnwlem9=1`hniL%fbvtR|O17b3#{
z#Hv1-n(+i_zkT*!2%&h#j-@Q+=SJf0H45AOMSNTEPM3pTg#L-zFYC59gV`r@2uVnN
zOUN;q(BkIFpAPTkhjf}{h?{amD|m)bu(1toWx_3B2Ivz;4py+fT)*Ew<=#;JdZwzr
z3rgJsc`(ov9Ve`KdqA)v92}g5^D?D?yUTwQUj#=|^o$b-H|H5qd(D1%^=V7}oK!0=
zMD<BLRqd3jj=p{S?M*HJj2KYqLrpLO>b)fo*-c)ty;5zvjQHWmiZCO=wh4xWsE<kP
zbi_tq10ekHGDxCh`V~{@E(!>SL`jG|=lAJ$Bd=O_mQKIMyfT_E;M-<FF`hq&<9zHd
zzWE=1!wY8dPt_NomNc;7&Bf>K`&|6QB<RO`p!P9BlS2dP66utLV2{n1ph76WZqC#c
zJARXjsxe^>Ewn?1H-Ij5;|<`$uqNLs9~?Q123VQjR<P2t?^tjqP4iKmM7&l#LEMZ}
z1_-Ki`D!WF1Lz{d2waCM;|-2_6}F57;aPKekj9dJoeZ3+P-y%VFOnZQ94y&}ApEzz
z6qYP>vH{K;TaG2LCk(vyl~dFg?zFv)|Bmy|ix`x#J#l^$0NbltaY`n3EH(V$WiHB~
z0F=kynB*fyPpH?PCk1whK+!C`(^<c|Lj3U#4t4!Mxq#!pbfi1Kz_vCkPSWR)VR{J4
zRTmO)y!P(*LY%Rlix>0HBT9`=z~0a58o9UNsEZH<6?o;yYB^?13RwM8Z@*^{qPrw+
zXWu2uo4x8>=|t-tX80|FTuxX5%`@{59U!*&;=RoH&;F55QH1m@>5%>Sa(Ab*TUUuq
z(Ah;PFf<4nDNtUZOI@3fXwJ;ZL+gABuQg~)v2}<Bt1pcHbDxm{R@GjAm1}cSj53gx
z`z>2BV9<3;bTA)E^Z#!y0C_tAD%o!?>9A&}uqZObE1}$-8(2}wdRJ8tyJh1X_a<;c
zwZ6y(A%__C0YgkRzJy`#4(-%6b9{s%75D9?LT16}&jv~44!nR7_SS8C2Z_DacH&}y
ziZdfX5Vr2}8{H%vyky+3DXe1EH=28^>G{>g#zy~@67cquz9H)1pJ0mkN(qd~{3j()
z&-axQpaJw>bTqzV0#sFBF#&+)D<;s83ME6Rx&k~PMBMA!X63M6zPjLkbM1z1vm2z3
z54z8+?m_#M7BGGjg9%>V6PWsrKAWl)m<miS(zjRpOi^8Wnj_XCIdL?ErQGK0nFCSA
zZHd#v46eWSxv?eW1Pj(BV4Eq*OUFjio1aXw0FyREzXDtx2qBc(q~g&UrWE~3EDRH5
zxg@$h@c=WCGr@j_v*BQ^(GS0bIo1*4`uZ@(Ae3&7wkz1MIG9z17$(N!Hr1+5-{we7
zrtf+`=D}g;pR~@DLs2m6Ig_C*4a><K;nDDW^(qKix07fr&9C!p`3T&d5RFShXWpfF
z0Eav4w<($z2IM*6&%47&P4`*HVKJodi_Aa1XjOu@;yXzLJe-15(z*vnh7CyRw~Xy0
z+uHs0y0v=G8FU3+XFuVB9Kw$S(8p8Wt0J67Zy1piLx?)@&R#d&m|ozw1uwEc=|isG
zsL`67)Fvt7?nz<FB!E6A;l)}ZBGuht;H!loDr!c0F^iU=4rgMccLlUAN8FFy7YV{w
zkVI0=PP{R+2nJIh$+}lIDO9~a#*Bomh5;b_96EFT4NH=PG^yy<CDzLIK3|w4m`!e&
zrSYxHmsh@veFbCVO!xM-_wYJZGiR8z@(5?n`2;-b#(Og@HjqX<Hp#*o>M4s85Jjg_
zE@3WB>OyQT9Hr-Ltf7>SOaO1ypugZJM4|_Xj7_4!5t-op8z5Sak+pQJ8r35M_N}Gm
zY7NFM1=u~~xAKvHz!?3bcG6Mez=#Ab@{&sdOT_tEc9@%A?Lv_*YJx!lK9;2z8)W3o
zkH}bHO<TTHiL3bTA|9GRQ!2F!#MDL7evG6UHPF7(pY)VUL)06KwQnU1CtbU!7a!A3
z!x^k@)6XGA!Be)+%o`^R|IHX|xw-Ik;-D68KAbfaB6{mqxo6r>E!woJxZP*k2YLmZ
zX<Lg_djo}pln!lM!3Nh`GcJ;7DnZoUbLK;|z{~YK+Qdyc3ZY8w)Rkrd$}60t+uKU=
zds8)|p^<Mi^6{J>p`*T6VpJ@#W@Vzce-QfXc;V~9bv3*dBA1%i$~eJu=mDN?eDAHV
zOU|u-vk;!<Y4lgpC{TpW{$yz%g8jPM-}}!}%yGBZ#MK1f)k_9S)LxS%lbTVX>1JM;
zP-EsW(2~@go|s_kEl7$1_SBQ+8SXGbLpA-p^zSgoxD2S%(|;{@g$*%aRWP30<51PT
zM*p^_YdnA33NIGtSOU*nkV13S|LTUHU2*?c#W|Nu{?2p)lP!C@9ldGUH5J2{=yJjk
zohJ!8`g`8Dz0_&ItZnJRcYHjV+LhLa`~853ifiK9DV#GMw_}(Li0I&0mBcZYODS06
zqOsIgt~d8>q8BS?wD0-u!JL16cjb{WFY5+sWN^jihC&5hC0sNlkhl-4*0)EdSsW%a
zN@U~@YXe=nwFpt}*kv8F<RPK<OF`>(UQ@cH{-0Oc%^mD%vqT-{pANpu?AN|b?lqan
zNHsI17CZJ9IqViS;H^1{1U}4O)`G(Y!I=dFT*P9a;H_xoVcO6v5$@rdR72!g8vG03
ze{BX(dylfZp<;f@%l*8APdPv&Ir&k%hFA$My`iP%N^IC6+(MzL7Bvf-*OaDn-ry;z
zUygJUWWrHfLG!y;2G`Bf`?%KEAFE<`dD==tYI`>6aIjk&*uHFtkU#$BBb|w02cI8z
z+e1^^Gy`{Kc8!{kaU@jo`cYrsLTWBj7hA~8;K(wDK(`m7Jy~0x9BM#JDSm<*k(iIg
zA}ax(f2=;>*im9K7n59xkkWAL$+`Yikm0~jx9OQUk?dFzA5%%lD9O=8GX9Tl?`bf|
zfQ(}9uNp2Vpl9Sn)0rk`IBf`>bqI|2Gx})W2u4p>t8!8;_=cF9^mpbS1TnELW=_L@
zOuK5`5-wG@sniT>Rq`wg3p6zG&K5S$(TFw$anaEVEvR|()A3~|6HNV$wKN}YsNdCI
zzOFp;)NucQUneTN(`&dKCFAiHN$3FH&B3UmH62o728K<qTZ~E)^fkd+uP~j%GH?Zr
z*ETYdgBD${rO`{j*k?+8m-LQvH965w5mJ6-)Ksb|?N91_5x4#Z6(vKSIC)d_y3EmQ
zz}n@)FKNMCz2{M{nR*JhNFYH!E`ythB8Bf>pt%P)HSA5V^I<`AF_?Pf=o15C+ikOe
z3a+G7&`Z$f==yv=u?H`~CFVLQtW)JQQ{T8Y|0>FLclLQWX6;_}Uy=6JW-^(_&!A-#
z4B`XIP%($>u*K<fdmL1TwgFGYsZg=Xn+B4Zug4D;m4Orw$x`Z%Kg9~LOS(S$ZZ#xM
zH)TB0ZruLMABv5URmk^Y6=<;{VYIh%`m^S0vTr%i5WL~!_9=z>B0d$MPH_kM0Cbbz
z$u>Oewv}+9&R{j%PLaM?qP%C2dXq>RNQ!iy<2~wv*62B<q*}JHH8(#?;maL#ZWDJQ
zl$6MFDOcC!Sde+^87P{Kc#qFNutt3I<ALwwChtKug18EYM7{Vrf1L>I_46TNM#5g@
z%J%9f@#}R7aG9Rin>b`~`|ygzLTSx^{Z%e%;IoJ6Ei^lHwUFJh%nmQ!;ZXPYIxp)g
zNB?!o0gv+Cvf0%WL*>a?#rX%iub^jtH}cEzecmG_+@7ROH1ExYu{-WjM~%S`h`mfv
zvICSkh%tB?BlH)nDWKaw$Ow{3uIYO!wTU&zx33PZ+bI6OHTLQvku0aT@uU1iZpR?d
zt>oxntve%^)>>RC*K`_M-+P3pGry(~Krqtdk`F(PmJwz+xkjyf`lWT*v+m$A@to|v
z70I3q@xk+cRAGAsF!v;ZJ14){3t~@BFCi)pN(Z-M?s7}xNdOz9O)5>vUy!sBZc;~{
z8p&8Hv~jCG)%2bd`F>y=Dve2lF@<|cjUWkGJUvFaS~h}-BZM4x7bmR_p7=3Mj6oZ#
zr@@)07e#Q^H(V$TT>b_M$BQrZYFkWydgl$!gFn|YB+KuJG9A0zsy+CWDl|FaRn`$y
z`7Z`ecg_Ka5wM!%p9^shH7$>Z95Cd1l~a@-J?3=)9)(npxrC0S#|9-x$SEa~d6-vh
z*(yY2k^%1zaRJ2>C)z|b`XQQwDL`-y!YtJMGhwOgV#`7fNwTn)B}1$+V~Cvz8(}ES
zL<o`0j7sgy^w7WoyMV`~PSL7dIgO^~VD4>N&p0A@76{`Dmro)T#og#c52L3T{I`64
zJZ0J1pr_G%OP;aT;P$if^j5X4`i-e)$eO#K@EF+DCD-f82rCne*SWb~o<+04)`YF#
zQomV&`tvjBn?SoNl8!pJg3|sy$-9AqOKfFhw&#m64@(;(^C(wR8bv!k0*6*MM5Lwz
zE0?rzAHc0EnkNUJ$ArlfH1f|EyZB^2QATJYp>!i22$MV`)*q9HPCRzVlQDDdHEN>u
zq=+7cb_B1%ny|z@k*9h4OslC-OTC$dB{f{^>`+TQtrL#b>^Vx?wS`5l$G{3()N3l5
z(yCYtnn5ULQc5v9Sy#u23%E;uG_~O3F1Z$L10v8F!RI)91wq&mESjf1Dp;NgK01nM
z{_br$rg&$ifBRG1@^OGUby+d7p^3+zi^)I1>1SBP?P)sl(x-HPfPByMuR+k$MS;LZ
zaK0><KxMY4o7ma;4<`mBifCJNqOACjUmBbA)1^XhfBs0*6WZ#q<`Ebu(8<XbvJY59
zo&)7C%Zn?nn2L&<RWBTe>>U-)Z9~r|b}1>@H5ECI3$t6-hq`Q&%}t}ewlB{M?t+_b
z&RzHN2fB+>&0V+8oYA-TcC4GBeqAxYr<$#^99<KiIqz@nFMPWgc71g-$D50C9BmJ8
z?ePv*H_W>1-+fp4avX=bHzz4?&yNmQmw{(rg4J=SB|K;Rrhxrg51~UaN?SI@u>p(o
z>?xP==#&POl6`C~2Fu5e6jO_)te6&t;T{K`_QPg;w*Gy)0cRe_l(A)jsr|HcMoY5l
zF_v2W$%|*k;c-tMJZFR0fO{ABDIXq-gR$lCR~PuN@pPY$F%~wXNeTQkQ={Ijb>P-0
zHXX*5bEgj<9Pi*P8_9LTH?19o=m7VL+2heS&Gw*wE#`@Nu_vsx{jh%xEMU<Bl__z=
z_WxVbV<S3n7zk^H6dc!2McU<^14`Vx#}uD6tc$~||4p5SSKqIf8*-uRJKDEZJGaqo
z)phAkxGe&MJ5}<{7Fidt)RmVSZ0kQzJZ<Ny@Jiaj9!}c-$$1>MtTHQjgg_<zZ}(3@
zd;2!|T{lfnzT^K{T~D1`C|+g#GFT@5$H4w&u>T(e%YO`yvtI_5FT?P!{}^cP<0fh+
ze1~9}C`5;O6#&!q)Y*q(y&fI=A>H(}ir=o9vFV*U;s*9dT3q|TUA1D<2X(~t{;RZO
z(<gMqb^fb#V$=WWh->{<>Bgq7>xgUoSLwy3@9T)G{a5M7rl0GGtNd3P#HQcth%5bX
z1^jk3tWJN`5m)$<R8LDhkNX*|HR=QNp|L+yH@*}mbTen7L;8U3sf%Hstr>>y4&R1E
z21<<?DuWJOlHRJ7CtYrh*+UlSx;~zp=w6vU<@hQy%q-cYWowH*-jM$Gt@6jLr1S|=
z@%7m+9;%#rtBj-k^*?8!`)+Ef7|}K_wQAzWsDAMe21@*ldzutZnb6w#*U8YN@K5PT
zm|wS0AkHI|n*q>f-|0~lD0FwTd?pBw7LOFu8&@>AV?t)soz2?lp=NwJ)2Fnyri6Ze
zek#d=L!g6zfIx#VSWW2}fLCyKlY)TI)}?+Rf)WA(wyvv9DVwi!%p2!oHsUV{cf~&(
z+ICkIGVKlU__!Jp&Adrae<3GA$i{2Tx2G>})(d@=q-48Z5mS#^yU^)myEz^XH9-XS
z^m=t)#W7*8K5PCS7n}4zT%N3~mi^h%ZYvn!YH(FHBCb6A)?AG0obU4bdt*K7aW|;6
za-ax6zg^#zxzg$I^dzOMk8e~He`^`FdH#w8R;XVy@saudi^j61r1kx0nyw~OAx%Iu
zGv5ngaaL5yE*E6VSHrrQ(y`N8Y77tm1mz2sLs6bKQuc`_nDA2c7Nbey%ekG7N%lCH
zW}ALwMD3db`&+HP@?7?l_LgQ&-Q}|pN_G%9yjJ@v<XE#(?me}EKmZGQF#3p@+!ECe
zx5LVXfLr@nSS)jy?V5fZY)QJ1I=9GY$2jK=>ALw|><a}<24_v$d_F$bL@f?#8VV>k
za=)F>J<y}+!D&Q9lxkIJ382~K*UL?qvzVK*C?^}$PjgJMzCm;^(%L#Pg~1=bY<>bC
zL=Rb8i_gD0y&1>Xo@n1Kwwi33yzVznWT2aS+4!_;N12cwy7-?So}PMBp*GJ~G^g=)
z_z8Bru^EqiDUH^740|w_DxyRt;3yj%`a-VYdPF-b&ZE}*IAS=1!Ya|#CqOTqPN50P
z(sk#<lPh}0G>tKL%Z<LDC2xwghpzxcgkWY%fk>3bgo)`vh;n=wZ42XygJzMN|DsT2
zx6x5qOdxeLBQw=+D3dwBUyOn*lSj-Gk+expTFV*pVer{2KqLLH{{`yHOlA{u+@BH8
zk_MPcFV8fD@mdJ6vsU2H!^J&m6<q}{T*)ej7ltMa3TO1<EQ7>ajF4(jKjZ>5s4HX2
z+N{{YRtU8aTIxHC5`AZN--pl)T;CStij5N?X9=;v;pDwLX|K#q%|gTKmE<u%3dTKI
zAUgc?#m*{fR;H$GmW1Lfw7<~Y!BLKRX8wD^rIPTY$bNd^-`@DJcGFd`u2x4A8&Kx*
zL;KUfv<$5D5Ic@>qBXuvEo}jyxtC7COqC!(FlU%2R~r2GAf2(Pi<V&!V|?Ej8%wR@
zKoGk>SZ)9C2}qQrmX#GRCdn)!7#lDYTj>6#Skc^?R>f9HPM#;#LeE<(1f`~eH9&k@
zCPd=LnTfE5ag&%{k6TX9!gN!i6}Af!AQWN9?x!_J@u>S<(n{~XzN8NfZYvXS2c_Yp
zAjme}QlvwWLrp?<qa{kK(ToSefZD+15?YZQtsa(0QpG81)>=WYwj#JzxP0ws3y~C|
z$sd@6UuEXGvEJv|_VCN4AOwF>QCe7RTK5dW_V{ulU$a{P!&5^(o9oh-Lrx=C=bK@6
zDrH$4k0+MGlp0`qLNEY*cwm3L692z#<=P;WY=#<S!}m=lP`;t?x{pLM;Yo1@w1<w-
z;O8eqzYo=*X!E}x1t`gX4Dq+d3<OX+XtiQHqT|$6Yqq~;^^?q6O-n@|4DEhkPR$Cv
z)gBI&$%OJ1Xr!E2;KR;o{O$9&;?9yI%~n4_T_Tmf((DDnq=f<$0~+y2z0Q&o^gma&
zk~IZ}8^S^)mdia7aDR*jxSpk4thYO5tIKb7dDl<EyP0UleY0jl!wq+<@d$Kwe7n2^
zS2CyFKJ9_%$S(1hmdz=^q)?5gEG>8=R~3Wf`gSAC`OOYWdItqJ9!qL?E7^h&a=ULM
ztbMr^0+DqxcrG1SU|jjV9hYqLcR$%xO-^A`I))q0a6uhy{6_p~ZgTm=6cGii6J8pN
z3l7i6?QXV4NK3wxT3oZ_?g@`b{aKkN0QXeJ{C8N=-$@Eaze9YSX$UhaVhB7Y9b#*L
z;+piHPHcs5zGDu*XEp*b%!Lm~5lSFQ(q&2{yE0HSD<RVX>f(F5Y0z~e?A?dZg3j&C
z--y1zx4~kAAT+j+m9xpXl0yP~h>(`-nbWO(e}tfTux$obf_2#14^x=^O-~xKiil02
zCBCJohpw212ghC;O+`1i`{fCti=|lg?4W%om9iTMEpKk_UDJf^qeg5HTyathTG<$9
zXNj;rZrx8{qbN~v`v;9od@Dp<#<q3^Dcm%157@i4RqiRQTbWJ`1xmt4jHT1Kn;j1m
z6y!IkP;AKNHfX>W+i>R!rC~Sp?Bh{EcP>arAP|S{l^~0&l<T6Qk(w(Q6kG|zC8I=a
znZ35f^^~Xvp~LVJziXqF!-P9J8@Eok#zUgU!-@hp?fwbC75mMJE0joAGY5g_Fs#Ca
zVy}6dwnAv(?O!s(?4?!3wqXXO47hSzWL>Lejb)@<=LHl-Wx67WFQOJ0beF!DVqTt@
z!?;keWc6<m`S%;r3+2g>fv4_+D}*vR9i4mTvAMHvJFd(eNK3cNpu{Z$<)IY0hk16b
zHc3D_N@>ttHHSn3RY@9wywYh`pOL*h*>~O?YVNI&8Prq_gpM|jppqClo+JMj$O8I5
z#W1*C*9uT_mqFdUU{?i*EP>{RXOG_DPoW$+VWl1U&CB0NxuMlUFH-+uWE7T}9o>K;
zAV#}(JE%C1UU{@_RR8Adiy-5=p6$5gg5CjwG8L%^g05&;kKtd?R7QJ0RY!+aBR<!0
z;JQoH88XTA#jW>smEee$K?y<%D<P=K{BafR1s;|{w3;`rmcLs{Jl3J9Llh6b(wU#G
z4F1eeySHt#5X{qj3f3JJMw*#nMbnPBn<&mr-=>}|pV>9#Z?2+Z0<9-+Oel2@!FdB1
z;iiweO=8?PTSD%{)))pNP8{I19fO@tA-Plbv>{|uu55$xGe$fcL?%J6cay`|z9X*e
zUlSq+7*6@fe!=H0`}Ys4bL;<6)EGYS+Pq%9)bIk{CpP%ZiM)Sxn<e8esFOQ6BOQj)
z1Oi0OIf!g`sl;JHN5@aYCFi0cwx)n7La;K8NOhZw_e+ptS#2h4!60<D{1T~XKl}Gd
zBc{OLQjoh_#?CMnZC{l-NC!zH!=&;78I}u%j}_O8d4n3qyt5)pqj%wDqvRQ&k-cD+
z_`BcshGPfXRWzcglX3UGR$kiRKxJ7Czo;xgg|knPFgQ8JBo}N>VfkM#<z^rbY)+Dh
zS_^0dVZ&_UH2Mht{repqr?Iyil5?9B!_I%>hbMIbjg0}<72B>6L84HSIw^{HJ@yPT
z<&|4>Dq$MA9ZHvyI*e}6@~EQFU91nMr}vP1`aNBbBL|c;yrQ~`9Zx2nHuQH!Mg!Bz
zm@d-8W{4iF1BUI3BL*0)3~nF|+?EjA6HH|f%rjCeaF={{4u#L}V<#9U3z>*&s(LUC
zl&dZweTzfuh%5^Ba_Qy}B0A&z@*F{O<2KHFc{GuYQ!1mJwEIV|tbpqM$ZL^o@~Bxa
zasWu1<Zv84CpYnqH?s|~td3w8b5H>h2#OeowJ%!jg=NU}RSOIs3o(GSRANKG=itb~
zS4RF8iAzEwNbxu4&pk$y+QZx38GeDxHS4Xe1uzD5KT|Dl58Fn3;`6zEZ=7)HZ{++N
zmI?^0P2&)>e@7pMFd`iYCAJDVyznZ?G35vp7c@h7nab6m*m89LUdN?Rp$sdf=@J1%
zdeq0lCWDElX#^*k1^|$tUGQ=R=<4FpO9m*gw#P4VBpXy^GaGze8Zm-8kLN;V5;Z<^
zL@EV~j2CnBR^7!_6*KFVkj;!599D~w9plJ9{5I*`m8BigJS=7fj)xeqg)G;(F*tCW
z@8JU~3kpF=l0R3+Zn+ix5{}<3%L7Ft-WY+r$^^r{wd|OaSpe}!;Al4NEF!G{0zx^*
z2v@v{QP>5{_8g)ep{Xb{f!2?2HGvjM+BPG%k2fc;7#3`cOc>;kUEbC}gt~)?+!bgY
zcn3jfa&n;IO%@r&3Jlpi=>CA%ON>p38=bs~`eu0;xCc`CurZccEfWM8^%<dB5(P_*
z+4&7QXOxJp3LvKtE~FJKJXucZFEJKDrC+M0C%iRo`F9)6f8-!;gme^FiP}IA@brr;
zGiaS(q5jcP>m5DC?%nAsCH%7!eC2{?r^4VH2amODGU|c0xGxRCSfOAOWs(>EovS_i
zjf`I3o>?F$=G2}Wrm`G-B^0|YcLsh(h6yGL_)`jg48VB@6;K{L;&A>g=vHH~`_LlU
z3sD0pSGvi_r7r`l62k>eA5VJiB8WU2N7s@R6a^CGZypbLtM!A|t3~aUKN{)ISxWCi
zfMr|fu(1K9FFU9&Sdyj@3*}wzcTI#i3=U$5EilrpH2Ukv5>)gbv8yu#8$SAJE+t5E
zJoOhbe!#%#@5}%qiH@d@nP)d-p5lDrcEq~=UN8k5b<-`#JviykImr1n*gpqZW_6D&
zx&u-0rWG#ZFd42B_;fI>*jH&H`b2+y=b-*(1#XXyT#+N{1$AcT2X9kYblTyDbhXk@
zn<@K)fv!0ImV4ESf-ht${{2f^VfuSX*3TxVY(@Z_B!;G)rNO<lPV@XMoObAU;WPje
zsYkX#g8+#9u96Yc_L*lx^tbIV@4gFAk852B5K4fibk2qy=c{7gY?S)v+wgRsni*h-
z=0$^SOzm#Np{3+6!k~aAah)Qq-dB%7Dm4Dx<D{CNnhyW>28(b?{l|=Ll;4ERKaJbI
zWo+O~r4Ocu4}vM<SMtbhPyW8yD-;yi5UmlDRq)OV^0@<1xVs58!m?0naY7)&_(gpZ
z6Q>>F+B&Zv592oeyTttzPx&<{ez3cdupdOEll}I0IctS)<bKQ%3h`#+;)*8j3u<WN
zTj1n*ONiz3I-sF}XX1CDlN=HaMwGLV`rAOyu7wsQ>#o{bLT-}1-W{|P#_f3x+)URw
z%8ZmzE+(>6G;@5tvG1$<>6692IoA2sS&7jveS~kE%zy-C8^n{!P2IRzCpKz+G9}gq
zk6@{oe1OOWm;j59@*mt(RXHj3{(7o-{GNkpT^#26`BD~%sbP!&#H{g=#4-j>@I+vL
zfErE-ii7JL{~aXy5oMs8z1538k=0AzAR!L%28EZLa0AC{P)r5S(Qu~t%%uZtq)F|a
z#uzaSG^dyy>5nYq8z+q9<PL}mC)#mrC?X;t`YZ?0!2kRnUvxSxjs6$pa^A2SL4&1V
z7jYUKezM0K-j9hyxHP$#P1v2%P&D8cwv!VV#~x88x9ndBC;r;zDLBlOOzs^tSqs6X
zlA=S@duL`qK;Cm{jlb|PFcS#VKuH@x2|84wn(X=)?aDbtIH?(uw#ZzoaHlNdA<^0{
zXR24Y7wLZm`4a~0u{IIOz=eEhUU(sU_>AQEOumIlDBz9}P|DdiQ(PY!_7aG|9pRgR
ze=neKu`l$yAyJ0_Ie-gJGc^W1tqTHEqtU^^Ba1jKE=7r{`5~>&p$b~VZuV#nm>SM%
z!iAcRL02@18wRCtV#Fwln>)?HB;7scQ<>n%7Rj#<*?Ngv_#HVNdc#<@rNG28micW0
z7S&CK%9EN*T<x?EV4V;UIw$Q!G5$Ule>08>U$u%K6vxs`B?;G*gad{LM+GryDy^sx
z9r3SP!n009%%%dN+s=f<Xrk*wuwJ47=a%u~fwD`V^}r_Z`Npwr`=NjpI~RjdAm3CG
z2~d<44jzx-ji*(ms*$q_oSd@=W#HqP7lALS7G;fL)p9120GM$X%C`JUlT=0He<C7R
z4H&+OinN>}_Kz1>ccm%rhM!dW9uv48&B(~+Hid;M<5Ee%2^<K_nPPlyT3G#CgAA0j
z2V1;8eC;I`VGZV>?CI<$1SE!Hiat2x4GB+lHw>)IrHZP+?@UUTvw8_JQnHJIEea-q
zf#S2a>{OGN5MPpzJ*Q_P%Utvqe>KOBUTEa&x&|5~o<(7^LQ&;&W^p%G%Km0JDfJDo
zK@duIgC$X-r6O%gUL%6`68U&hAY4@?e``ZRwhF~q%~lbjwj0a&Kz|fjw;u>`jMcmM
zI(zSCwRRxE2FGsXxv~Y~_p$bL$i_`gXuJSK41hacv{946k^lTY)yWTIfA$i2yOaME
zRl(d_LpCEci8Sb~==*{HQ(m~Wnys~bkAwpjD7lA&hZ3>uF}evHx0j&H={xlGW1AK|
z1F@4vvKV@>Vt)OGad`W|7L?24>RoI0R@v@G0f!{sJ4e~P))Of~$vn72B?fHFHKmWo
z?35=n=3n3=$mDCZ2?VGGf3UG?Fe7*o1du7s5}!2LHb`<{UndQM9(|9~N*K>3GF)V^
zlx%Z-xY$En#-&johHl*D6z2_N<Mu-{E;|9Y2snj!QSr$HHB8An(PYBBMz@)N2JP-f
zDMt4^(miOaU+B>kYi0_Ywr*XT8lWrj9k#7PhuL+U+%B<vjnBN4f0qjNW*bGc88<MX
z<GsR+8><knR_VfnZN~idA#V?{o)&o@VI~?zuZXJgGz*Q*(2UY$*vW>m_{Ic$P>saM
zNl>QX0iaD_n}U7&dwcBh5372pby;$@Z&;~`_Qw{cV=(4xmjGdr)sz(1d`gHY-eE_M
zDhzH1_=rjcXs}Ire-m-ChrmvYlTX6hlD0;~B$#hp#NUwM4z+~xVHn=UN^%W>3J0H8
zV%lW9GD$V4L=L{)`|@ivwCNMm5OB&%z`P7?_R2Y~G`2ZQMFtp1n7qIDwR!2#w1VSQ
za0Bxk9|S-L{AwfMA;R83tUTx;($iuk<@-!{5up}NlF9N9e-tkp&d|Og;T|4tkx}zj
zth2GW3MSOSH$DZZDdew>=*sVwL4Ff~VT2{7jz^v~*r?3I6AK0432Ot9Bdo*(Dma6p
zAZCdbJ{6#QiX0NXsU}@bRe7ZAMMh~HC7<3{-0Y*K+vDb0Smz4V4!=xiC0dJx%3%Q;
zM$a1(4&vSVe_l4gQrS5uhlH-<N~Y5l!$?uGPJtbR2^Eq|HL0Cv$V?Mr&2GQ*cr8JO
zca>JJ@><1~vaL<#+F2<t#FESpnWkZ<2BmKzlJ-$)>yh-?nwm~u%dSw!<(tpOJ-8u3
zCFd56)>gLab%1DVuYJsE4G7WsO4(?we=jdHiERw-f0>y`j2FVa!Zj{5PkF0c7MM`4
zF~%8|4@{`-Z);0|%~vXHTXz%Dw}+rqsFlvwmL>P#b~@O8Y$_;2_%Pzq_SsTt!QkI{
zJ{hr}0kPi75qntF4fa>~8H{esGd~d%tWq$c(Nl|2BX(S=d3sh?z(YsA(alqQP}E60
zTuPWTe{D4NlIt@_7y(TL1GIW((nh)tUg~{Sf=Wl#=bmItw}qRC+dTxZTHHQ4ef|uX
zMaCCixakIr*bSrg4GCYlu3kn@nDNlozxxgP)u{jvO)3!nwj9ssyc1hjj+Qwo6CvmZ
z9<sMId#In|hsegMkx1w#+dsG)--iG0?4j)ie^wecRZl6E&Q65|J|3&J3#z_^A3rwK
zMO<K$4;A50q(Y1Un;e0JH#(?{d~$TYJAudM*nHi0li|L9!x&+UPrf*L#_sI@<<36o
z)upO!7QMKnBn1~g0NM!J!n!ao21VetlO`jQ*6=vRsI8YRtt6c2H4)Vp%b$Lzzk}_@
ze`A~Rgq;#Rxhyr<4##vGE_`6%r?p+^F6xH$URdg1^t(M5s)n>=Emk@oVLP-2DT^}l
zsB6HL4H(!T>%g!C(a*3AgWcg~dng28TlA8?_+Y8`6$tYSBap+4Qp>hBBaAwG+PXY4
z9lzYRfleeSMF^C&An+EaQWqqFoHqq^f747%K_kjZ3&Jq8reQWY0t==n+}~>QVJoc2
zhM7@5Qjv?GSfI(BNbT9kph6UB7xOqwz`LR@hS<{q#)M>!DQ_i(iBym^a(w(?xesY8
zI)6FB?pnVbKVs%i1V&v|!EPD$t!jms(M$d$20pDsOlD2B^2{Gc=<OT3Vcny)e??eJ
z)$S~;cE<!p&`v6eh083*d!b4!Sdcl&mWMT|8h~i_8Iht&)|Op?nnMWQb-7?OpUB~%
z&CKw%2}@xXLtna-70>R4M1(7?#Kcl)qZ`W8%+OY*RAK8HwG}m=5$^Yr+WE9?X?Q)n
zefuVKvU)#}?Y3t;Fe;(me<?;^e>LWtyUNxvCb(hdn*rD$#f#Gfq1|Iuq<j%Qs3dwM
z_r5*c+l%(`U-shsc!;^~ZyVc21WCveBC=~r%rLE`ZTmkeADfc9{KXpGUFN1<r(swp
z0n~~1F?Kmj6l!g)C?SIZTiK#T@494uP6W|!9}8Vpe4cHd0Jd*zTh?hBfBs-69>?9=
zl5mO+g)#$B*l|`{vFM-X#lk#<Xd1M-2zy*$jc=7>n8=C<tbfaZ!0xp%P**UHA_J5k
z)yfTOVin<mEL>qnkYtCqS}Cm~x-E{f?)-IDALviQ=oTTQKy&>D`Jn(-pA&)flDm51
z+Po^f)JsrTh1+{yZ?NLMf3t<HQ_FHS0LchavJnC+nX6rQCZZ|~$LkDhfD!>IW+&Zl
zzsS2AAVN}+q`m;PA7)yR2UXX2!418RY6WaNhoE7Ksd^@6U-PN9iLjksvXnKAwg8Zd
zYv@T!qc{W(sE9ONM~4m3fW?$;Q$a5YuWgGTVm1J9)6QV?6tMkNe^*BVt#}A&fCcTE
zb<K0USgFSQ{EEo8#h`~wPr)k$M1dT=6m^4btWlQ-;nQTP={Hgn!zO&CTcd0%K2gp9
zxE1DH<I5vTl@o?UHiW`>v*5Pzx0mK6Sgdbx_cv^)ZduXh(Rcf~v2A$@ZF#0V<~sgs
zdwqi$iHbKSXJIYMe^b{A-PW;?>I7zU+Y_01C^m&3D_*6>&rh7Y5*RvwcfqJj+ZACq
zY=cOnC=uLsPNb3-Y#K)l-*v?G6i2H3B{nov=m^rj1)b|qNEXCT&)KdoyNTT0ag>T4
zfefOhh(uNCrs#vvXxjwROVgFMLO!UA?>2hhJh5y)1(!0yf7=ZQ?G!p&Z*w4w{hX<3
z%pNG~pfok!w&@m`)}v0n!qd#)`xELIV9F6pcOdK9L^72yky(W{ltK~hk;}p$g=fZ7
z>zoZb3%J`E(vJO%cSnOQoH&oFX-kEvO4|BP+p1n#ipj8`Itt?hrZi7f>k2zKmp)wv
z<dRw#R{+`Me<{BG^D!iP=@)Ynme+Pm7dKj^+1bd}39MsAw1S63(pn(IOCP5qlT-zX
ze|%~wCL4g*!v{&I;7uJO9lFBzDNf@Gi-W35ibeZ!k=9APYIxICX4L7yo8WE|Q`AUR
zNmP%F-#Jog4I%18=UOLmvq#^Q_j58z`ssf2p)x#we@#OV@w)BjMSrjquO%~6ae775
zb2l8|s*vMjPO37!<(vfsghG@$rqF1bV|XMrHC6$&;S$Kpg{7kA0&Hw4ZLpstBvzB6
zfnREqtr8UF;RR!Stekrqi+_++7~cZyLzl|*7&Czoyn!dFb=Y>mdLle^xw~XPHxlZn
zb5AIhf0iz4a@QaAKtbCNd9U?zfx(SF;1?x=;ph^E;4xFlwX0vDD?aL=eO^lkmB>u$
zDz+}GoMk@|rlh4QjS*!lXR^h;pgHc$WVI~47+#iK7+lX4Cc~N>FbauWnlm7!FAzjP
z45+ig)RRo0WTY8EAEoL=iXDyxDu+hi;!EiYe+58pyHF1b%8~-DuaJ3@FQLTeMq9lE
z+Pmct#}7}Q`>V}*6;Im_zjyi!1>z`ZVyUVY1D6_F%2>pswr~O)(Ku?g`GVn9mFAma
z4B7zY8fsP|fZH1APE$*melMo~cK3)p4-a?uhS+e`sA)*)b~)`?X`h1<klVy{dlRmY
ze^*e6ZU8_>j$|oF;q(#;mOc(OzvT@3QCAKcINs7rA`o3W=t41<=Gkf+YH9LWk!J7N
z^jPBfJ=Qpy0&Tn{j163!S8f??cr{oLB)k1I0pCy2LBjw-jj8oq+Nm-+xHAiSJ3M)M
zzA|immHoQ-{tBRhI84uW+a9sFRr|CTf4tKT2ar-py6VTL^MWlH7W8IniY2EXNh)^6
z4^xaS7~VR?^qQl8-d?SThVytqEc;Scb%V)$CcV5564`zt!4)I|M$d)yBB&bkW(Xv%
zf}b*LoWH_RPlpt+V{?MqB01Zr%GCHTCJT4}cQh0Ha$%DHjd1Yv)3%dhmns9Rf6BUA
zD4evm;{Ove;6F?9=pjv@C680Db~GCE$8DBJA6dgUAXmT^lVGf6xx^Kn1nmVJad7)d
zqe-Q*X=ZqVRNFa{4NNW=R(#kdD%eAsCkuNI!_>6CYSuNoam%s&T1<BsA6J#_MaVXF
zvaK$mt}Kk|zZhlptTc1^vlC4Ze^~`B(fqLH0#?EVYB5m?P$p75S85Z{10`)g=fJiy
zFow5pvVoOYCQ94swK1~cB57O$`qR5+u(zPF#q5z%7silT5@{x3`u93|@X9pn>2&q@
zvlB|MJ-&|ZE!`iym$(N4xdB-XGw(>igd0T5s|$kLq-WC%v{Mtj<iJDre-b`B?CNH1
zNiGU<Z4$;>Ltj(U1ABb(c=r@+eZ2s}$Zg()Pn9$Gz!+m*R`#NLpx*WOE_%V%HhNID
z>Ch)vFm9B>Y}Nn60M1*dwqBc(b$sJNZ_J?9mXy362yXkC5v%#1ZD$;iNmzj_3SWR6
zmLInz$M>0OR_g7a(%3(yf1)6)IS!y{)G!JZb*hF}ie)Ted+(Sv@3E}7ZUBF?$X6BT
zGEFlvR_|<)0N8Al*`#TsnH<wqhRa39(nQ5TR3^w^Z1r=e<{8xcneK25e~pvB<7Bp&
zN>PLgsEc&1Sbl$Y;n{0Hw{t$7VpC_(p<1#wHz~-%^c{3A-ySG>fBUHz_0s+aordpi
zyY~}a1E};caBMjEq?C$*7)vC5*Cu%XU?tTdU0pFfEHm-WyvG`aK<`@26c}Qy)u)9i
zPAbev+BTc}(QV3Hbo}R@oiZKUjPFCzM$tfY+Om+BYiGhFeTi+r5|<1KGu-}~Jv{^N
zmCFoa(&^fP?sbx|f1~jJJ{#R08N<-_TGmvKnvh|5h9N@$(usZ9S(P}+0o=oN{_dh3
z0>yL*$4<8B7K%)#n?E@R=(l&C$=?AaGA`hp*Oh$NL;36W^Fu;cw>It#L&+vJf?)72
z?2<>Hbmg?6ZfqH1OP^qihJ}O#imsHu{}n&^{_ipS2`yGCf5Wym>N3+I>IDG_Ds<4P
z11Yb)8)9VD-6i)XOoeh67iv8{ORi8m0Bunkl_^!a%(JjAcYU`$vX;#<qg?2jZCXdo
zC7xE8R}A2L;93q&q_up}Gb@pb@r`6X-vc0jh$GOWMEuzzqSnL?I)8TJ@3lGMlMYF^
zV%KhwYY)6&fBTs(U0z_yeaSmyL9ln1%6GrB<-3SJb0IDa@t0Xc*LtJDjh_O7jn?uB
z?4gZ?g@ocZ9JFg9>AU0ycHY@RS|M4Y#Sl@<{X&S6XQVMJNw*ZNixUQgG$4b4GKprV
z*imj?DU{FaU0tIUhc2Z;+bVFIPztm<YjSSVT7=aUf6q*JrUauZc*h&IRK(h8t`{WO
zVbx?c!08oHCNI2<Z?}s2is_y_BHaat4vl(3?=zgVEmr<>lYg&mA58_2y|tdCMHnsc
zHNm|V2Hk)TkVXj}fHXp23_HNE-Z9%=j6mX>k=d?|Mw9mGwd)M}C#LF|%0LZn8{f$c
zr}&y>f4r<!xt_jP3;OY9Tk6i+cK-`z9*(-&xVtC97uk)><=!^G&St10fGr?a)489B
zxfRpr3KJKcS8iQSOnhwXs)I!DPS+X-C&IY~n<Fh~BbV3^r<g_;g_?g#hv2>_zW;=u
zFP1+wpS&?Ry#r#XZ0Zn?cPPcH1gi<}5F;**f0+D=IuZ?XUJgtR`(VtqO!VN^RMd}-
zUb=^F4P&|pcEs$sA-n%QYKjBQ)50Si)anu5Piw!AWeV8jK6B~AKUS(K2g4YNc{m)w
zIq^)pC-B3Od;Pq9GyD%;D{GO{OYxW3?O`~4<LP*(voZI_AROUmr6FtH^~RhELi7C>
z9`C>SKTt~n0u%!j000080BC5>T(@m?$9WV10Q5+g7cBuXAT4OmTwVjKHoqbO04lKn
g02crN00000000000HlGa6qjf%0VxKYHvs?u0C`hW4gdfE

diff --git a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json
index e2a77b70b7c..0084ccf6de7 100644
--- a/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
+++ b/Solutions/Tailscale (CCF)/Package/createUiDefinition.json	
@@ -197,7 +197,7 @@
                 "name": "analytic2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Detects creation of a Tailscale OAuth client or API access key whose granted scopes include WRITE permissions (anything matching \":write\"). Tokens with write scopes can modify tailnet configuration, manage devices, write ACLs, and revoke keys - high-value adversary targets. Compare against the recent actor history; revoke immediately if unexpected."
+                  "text": "Identifies creation of a Tailscale OAuth client or API access key whose granted scopes include WRITE permissions (anything matching :write). Tokens with write scopes are high-value adversary targets."
                 }
               }
             ]
@@ -351,7 +351,7 @@
                 "name": "analytic13-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires new node-keys be co-signed by trusted signers; errors here are the only direct signal of a node-key injection attempt."
+                  "text": "Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Suspicious - likely an unsigned node attempting to join."
                 }
               }
             ]
@@ -379,7 +379,7 @@
                 "name": "analytic15-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). With device approval enabled, persistent entries warrant review; without approval, persistence may indicate a node-key injection attempt."
+                  "text": "Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). Often benign onboarding but can indicate rogue joins."
                 }
               }
             ]
@@ -407,7 +407,7 @@
                 "name": "analytic17-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a specific source may indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise."
+                  "text": "Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a node may indicate routing-policy drift, data exfiltration, or compromise."
                 }
               }
             ]
@@ -477,7 +477,7 @@
                 "name": "analytic22-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise."
+                  "text": "Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance - removal weakens fleet posture and is a possible defense-evasion step."
                 }
               }
             ]
@@ -491,7 +491,7 @@
                 "name": "analytic23-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a new device-posture integration is added to the tailnet (Jamf, Kandji, Intune, Kolide, Defender for Endpoint, CrowdStrike, SentinelOne, etc.). Unexpected additions may indicate an attacker establishing a control plane or bypassing compliance gates. Requires Tailscale Premium or Enterprise."
+                  "text": "Identifies when a new device-posture integration is added to the tailnet (Jamf, Kandji, Intune, Kolide, Defender for Endpoint, CrowdStrike, SentinelOne). Verify the addition was sanctioned."
                 }
               }
             ]
@@ -505,7 +505,7 @@
                 "name": "analytic24-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies when a source node has more than 75 percent of its recent flows falling back to a DERP relay (Tailscale's IsRelayed flag, traffic via 127.3.3.40). Sustained high relay rate indicates direct WireGuard peer-to-peer is failing - causes include NAT/firewall changes, a network blocking UDP 41641, or potential evasion attempts. Operational signal but useful for spotting policy drift. Requires Tailscale Premium or Enterprise."
+                  "text": "Identifies when a source node has more than 75 percent of its recent flows falling back to a DERP relay (Tailscale IsRelayed flag, traffic via 127.3.3.40). Operational signal useful for spotting policy drift."
                 }
               }
             ]
@@ -557,7 +557,7 @@
                 "name": "huntingquery2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
+                  "text": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate a defender adjusting rules or an attacker probing. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
                 }
               }
             ]
@@ -571,7 +571,7 @@
                 "name": "huntingquery3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
+                  "text": "Identifies configuration audit events that occurred outside typical business hours (Monday-Friday 08:00-18:00 UTC). Useful for spotting impromptu maintenance, account compromise, or insider activity. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
                 }
               }
             ]
@@ -585,7 +585,7 @@
                 "name": "huntingquery4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
+                  "text": "Identifies actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; same pattern can also indicate token-spraying. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
                 }
               }
             ]
@@ -599,7 +599,7 @@
                 "name": "huntingquery5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
+                  "text": "Identifies tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -627,7 +627,7 @@
                 "name": "huntingquery7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records. This hunting query depends on TailscaleCCF data connector (Tailscale_Users_CL Parser or Table)"
+                  "text": "Identifies tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted. This hunting query depends on TailscaleCCF data connector (Tailscale_Users_CL Parser or Table)"
                 }
               }
             ]
@@ -641,7 +641,7 @@
                 "name": "huntingquery8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
+                  "text": "Identifies the per-domain Split-DNS change history from the audit log. For each modification event, expands Old and New documents and surfaces which domains were added, removed, or changed. This hunting query depends on TailscaleCCF data connector (Tailscale_Audit_CL Parser or Table)"
                 }
               }
             ]
@@ -655,7 +655,7 @@
                 "name": "huntingquery9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity (no SSH keys needed) and is governed by the SSH ACL block in the policy file. Cross-reference this list with the SSH ACL to confirm only the intended devices are reachable as SSH targets. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
+                  "text": "Identifies devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity and is governed by the SSH ACL block in the policy file. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -669,7 +669,7 @@
                 "name": "huntingquery10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. Confirm each entry maps to a documented collaboration and that the corresponding ACL restricts the device to the intended resources. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
+                  "text": "Identifies external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -683,7 +683,7 @@
                 "name": "huntingquery11-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security and feature updates regularly; a device showing UpdateAvailable lacks the most recent improvements. Use this list to plan a fleet update, especially before enabling new ACL features that require minimum client versions. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
+                  "text": "Identifies tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security updates regularly; outdated clients lack the most recent improvements. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -697,7 +697,7 @@
                 "name": "huntingquery12-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
+                  "text": "Identifies every device currently advertising or enabling subnet routes (bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements so only true subnet exposure is surfaced. This hunting query depends on TailscaleCCF data connector (Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
@@ -711,7 +711,7 @@
                 "name": "huntingquery13-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs). This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Identifies tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
                 }
               }
             ]
@@ -739,7 +739,7 @@
                 "name": "huntingquery15-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Identifies traffic leaving the tailnet via exit nodes. Exit-node use is typically intentional (regional egress, privacy routing) but unexpected egress from a node warrants investigation. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
                 }
               }
             ]
@@ -753,7 +753,7 @@
                 "name": "huntingquery16-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Identifies flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looser threshold than the analytic rule - investigation aid. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
                 }
               }
             ]
@@ -767,7 +767,7 @@
                 "name": "huntingquery17-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_PostureIntegrations_CL Parser or Table)"
+                  "text": "Identifies the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation and detecting drift from the expected baseline. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_PostureIntegrations_CL Parser or Table)"
                 }
               }
             ]
@@ -781,7 +781,7 @@
                 "name": "huntingquery18-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies devices that have consistently fallen back to DERP relay (IsRelayed = true) over the past 24 hours. Sustained relay usage points to NAT/firewall misconfiguration on the device's network, a tunnel-blocking middlebox, or in rare cases deliberate evasion attempting to obscure direct peer-to-peer paths. Useful for proactive network-hygiene investigation and capacity planning. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Identifies devices that have consistently fallen back to DERP relay (IsRelayed=true) over the past 24 hours. Sustained relay usage points to NAT/firewall misconfiguration or deliberate evasion. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
                 }
               }
             ]
@@ -795,7 +795,7 @@
                 "name": "huntingquery19-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies tagged services (devices with non-empty DstTags) ranked by inbound diversity over 7 days. Baseline: a tag:plex serving the household typically sees connections from 1-3 user devices; a tag:db or tag:internal that receives connections from 10+ distinct users or 3+ OS families may indicate ACL drift, credential sharing, or unauthorised access. Sort by DistinctSrcDevices to surface services with the broadest blast-radius. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Identifies tagged services (devices with non-empty DstTags) ranked by inbound diversity over 7 days. Surfaces services with the broadest blast-radius; ACL drift candidates. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
                 }
               }
             ]
@@ -809,7 +809,7 @@
                 "name": "huntingquery20-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies network flows pivoted by source-tag x destination-tag over the past 7 days, treating untagged user devices as `<user>`. Highlights which tagged services interact - useful for ACL validation, detecting unexpected tag-to-tag traffic, and spotting tag-to-same-tag loops that can indicate worm-style propagation or service-mesh anomalies. Order by Flows to find the heaviest tag pairs; sort by DistinctSrcDevices to find broadly-used services. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Identifies network flows pivoted by source-tag x destination-tag over 7 days. Highlights tag-to-tag traffic, useful for ACL validation. Same-tag loops can signal worm-style propagation. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
                 }
               }
             ]
@@ -823,7 +823,7 @@
                 "name": "huntingquery21-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies network flows occurring outside 07:00-19:00 UTC on weekdays, plus all of weekend, over the past 7 days. Filters to virtual/subnet/exit traffic (drops DERP-only keepalive noise). Useful for spotting unattended automation gone wrong, scheduled exfiltration, or unsanctioned after-hours access by humans. The TaggedSource column makes it easy to separate cron-like service traffic (tag:backup, tag:cron) from human user activity. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
+                  "text": "Identifies network flows occurring outside 07:00-19:00 UTC on weekdays plus all weekend, over 7 days. Filters to virtual/subnet/exit traffic. Useful for spotting unattended automation gone wrong. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Parser or Table)"
                 }
               }
             ]
@@ -837,7 +837,7 @@
                 "name": "huntingquery22-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies users (SrcUser) generating tailnet flows from more than one distinct device in the past 24 hours. Normal for a user with phone + laptop. Useful for spotting account compromise (sudden new device for a user), unauthorised device enrollment, or device sharing across users. Cross-reference NewDevicesToday against Tailscale_Devices_CL.Created to confirm whether each device is genuinely new vs long-known. Requires Tailscale Premium or Enterprise. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Tailscale_Devices_CL Parser or Table)"
+                  "text": "Identifies users (SrcUser) generating tailnet flows from more than one distinct device in the past 24 hours. Useful for spotting account compromise (sudden new device) or unauthorised device enrollment. This hunting query depends on TailscalePremiumCCF data connector (Tailscale_Network_CL Tailscale_Devices_CL Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 25afd872bd4..24050d808cc 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -4597,10 +4597,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4613,24 +4613,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -4699,7 +4699,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Detects creation of a Tailscale OAuth client or API access key whose granted scopes include WRITE permissions (anything matching \":write\"). Tokens with write scopes can modify tailnet configuration, manage devices, write ACLs, and revoke keys - high-value adversary targets. Compare against the recent actor history; revoke immediately if unexpected.",
+                "description": "Identifies creation of a Tailscale OAuth client or API access key whose granted scopes include WRITE permissions (anything matching :write). Tokens with write scopes are high-value adversary targets.",
                 "displayName": "Tailscale: OAuth client or API key created with write scopes",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n| where EventType == \"CONFIG\"\n| where Action == \"CREATE\"\n| where tostring(Target.type) in (\"API_KEY\", \"OAUTH_CLIENT\")\n| extend Scopes = extract(@\"scopes\\s*-\\s*(.+)$\", 1, ActionDetails)\n| where Scopes contains \":write\"\n| extend WriteScopes = extract_all(@\"([a-zA-Z_]+:write)\", Scopes)\n| extend ActorLogin = tostring(Actor.loginName)\n| extend ActorType = tostring(Actor.type)\n| extend TargetName = tostring(Target.name)\n| extend TargetId = tostring(Target.id)\n| extend TargetType = tostring(Target.type)\n| project TimeGenerated, ActorLogin, ActorType, Action, TargetType, TargetName, TargetId, WriteScopes, Scopes, Origin, ActionDetails\n",
@@ -4713,16 +4713,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   },
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -4735,24 +4735,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "PT5H",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -4835,10 +4835,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4850,24 +4850,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -4950,10 +4950,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -4964,24 +4964,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -5064,10 +5064,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5079,33 +5079,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "NodeName",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -5188,10 +5188,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5203,24 +5203,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -5303,10 +5303,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5317,33 +5317,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "Hostname",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "User",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -5426,10 +5426,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5442,33 +5442,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "Hostname",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "User",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -5551,10 +5551,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Users_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5567,24 +5567,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "LoginName",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -5667,10 +5667,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5683,24 +5683,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -5783,10 +5783,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5799,24 +5799,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -5899,10 +5899,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -5913,24 +5913,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -5999,7 +5999,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Tailnet lock requires new node-keys be co-signed by trusted signers; errors here are the only direct signal of a node-key injection attempt.",
+                "description": "Identifies tailnet devices with a non-empty TailnetLockError, indicating the device failed tailnet-lock cryptographic validation. Suspicious - likely an unsigned node attempting to join.",
                 "displayName": "Tailscale: Tailnet lock validation failed",
                 "enabled": false,
                 "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(1h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where isnotempty(TailnetLockError)\n| project TimeGenerated, DeviceName, Hostname, User, Os, ClientVersion, TailnetLockError, TailnetLockKey, LastSeen, Authorized\n",
@@ -6013,10 +6013,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -6029,33 +6029,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "Hostname",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "User",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -6138,10 +6138,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -6154,33 +6154,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "Hostname",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "User",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -6249,7 +6249,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). With device approval enabled, persistent entries warrant review; without approval, persistence may indicate a node-key injection attempt.",
+                "description": "Identifies devices actively connected to the Tailscale control plane (ConnectedToControl=true) but not yet authorized by an admin (Authorized=false). Often benign onboarding but can indicate rogue joins.",
                 "displayName": "Tailscale: Unauthorized device connected to control plane",
                 "enabled": false,
                 "query": "Tailscale_Devices_CL\n| where TimeGenerated > ago(1h)\n| summarize arg_max(TimeGenerated, *) by DeviceId\n| where Authorized == false and ConnectedToControl == true\n| project TimeGenerated, DeviceName, Hostname, User, Os, ClientVersion, Created, LastSeen, MachineKey, NodeKey\n",
@@ -6263,10 +6263,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -6279,33 +6279,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "Hostname",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "User",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -6388,10 +6388,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscaleCCF",
                     "dataTypes": [
                       "Tailscale_Devices_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscaleCCF"
                   }
                 ],
                 "tactics": [
@@ -6402,33 +6402,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "Hostname",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "User",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -6497,7 +6497,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a specific source may indicate unsanctioned egress, a compromised node pivoting, or a policy misconfiguration. Requires Tailscale Premium or Enterprise.",
+                "description": "Identifies when a node sends traffic via an exit node not used in the prior 7-day baseline. First-seen exit destinations from a node may indicate routing-policy drift, data exfiltration, or compromise.",
                 "displayName": "Tailscale Premium: Unexpected exit-node egress",
                 "enabled": false,
                 "query": "let baseline = 7d;\nlet recent = 1h;\nlet recentEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated > ago(recent)\n    | where HasExitTraffic\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst), Bytes = tolong(t.txBytes) + tolong(t.rxBytes)\n    | summarize FirstSeen = min(TimeGenerated), TotalBytes = sum(Bytes) by NodeId, SrcNodeName, SrcUser, SrcOs, Src, ExitDst;\nlet baselineEgress =\n    Tailscale_Network_CL\n    | where TimeGenerated between (ago(baseline + recent) .. ago(recent))\n    | where HasExitTraffic\n    | mv-expand t = ExitTraffic\n    | extend Src = tostring(t.src), ExitDst = tostring(t.dst)\n    | distinct NodeId, Src, ExitDst;\nrecentEgress\n| join kind=leftanti baselineEgress on NodeId, Src, ExitDst\n| extend TotalMB = round(TotalBytes / 1024.0 / 1024.0, 2)\n",
@@ -6511,10 +6511,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6527,42 +6527,42 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "SrcNodeName",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "columnName": "Src",
                         "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -6645,10 +6645,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6661,51 +6661,51 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "SrcNodeName",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "DstNodeName",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "columnName": "Src",
                         "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -6788,10 +6788,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6805,51 +6805,51 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "SrcNodeName",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "DstNodeName",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "columnName": "Src",
                         "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -6932,10 +6932,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -6949,42 +6949,42 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "SrcNodeName",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   },
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "columnName": "Src",
                         "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "5h",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "5h",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -7067,10 +7067,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -7083,33 +7083,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "SrcNodeName",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -7178,7 +7178,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance; removing one disables that enforcement and increases blast radius for compromised endpoints. Requires Tailscale Premium or Enterprise.",
+                "description": "Identifies when a device-posture integration is disabled or removed from the tailnet. Posture integrations enforce device compliance - removal weakens fleet posture and is a possible defense-evasion step.",
                 "displayName": "Tailscale Premium: Posture integration disabled or removed",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n| where Action in (\"DELETE\", \"UPDATE\")\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Action, Provider, Target, Old, New, Origin\n",
@@ -7192,10 +7192,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -7208,24 +7208,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -7294,7 +7294,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a new device-posture integration is added to the tailnet (Jamf, Kandji, Intune, Kolide, Defender for Endpoint, CrowdStrike, SentinelOne, etc.). Unexpected additions may indicate an attacker establishing a control plane or bypassing compliance gates. Requires Tailscale Premium or Enterprise.",
+                "description": "Identifies when a new device-posture integration is added to the tailnet (Jamf, Kandji, Intune, Kolide, Defender for Endpoint, CrowdStrike, SentinelOne). Verify the addition was sanctioned.",
                 "displayName": "Tailscale Premium: New posture integration added",
                 "enabled": false,
                 "query": "Tailscale_Audit_CL\n| where Action == \"CREATE\"\n| where tostring(Target.type) == \"POSTURE_INTEGRATION\"\n  or tostring(Target.type) startswith \"POSTURE\"\n| extend ActorLogin = tostring(Actor.loginName)\n| extend Provider = tostring(Target.name)\n| project TimeGenerated, ActorLogin, Provider, Target, New, Origin\n",
@@ -7308,10 +7308,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Audit_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -7322,24 +7322,24 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "ActorLogin",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "1d",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "1d",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -7408,7 +7408,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies when a source node has more than 75 percent of its recent flows falling back to a DERP relay (Tailscale's IsRelayed flag, traffic via 127.3.3.40). Sustained high relay rate indicates direct WireGuard peer-to-peer is failing - causes include NAT/firewall changes, a network blocking UDP 41641, or potential evasion attempts. Operational signal but useful for spotting policy drift. Requires Tailscale Premium or Enterprise.",
+                "description": "Identifies when a source node has more than 75 percent of its recent flows falling back to a DERP relay (Tailscale IsRelayed flag, traffic via 127.3.3.40). Operational signal useful for spotting policy drift.",
                 "displayName": "Tailscale Premium: DERP relay traffic surge",
                 "enabled": false,
                 "query": "let minFlows = 20;\nlet relayedPctThreshold = 75.0;\nTailscale_Network_CL\n| where TimeGenerated > ago(15m)\n| summarize\n    TotalFlows = count(),\n    RelayedFlows = countif(IsRelayed)\n    by SrcNodeName, SrcUser, SrcOs, SrcTags=tostring(SrcTags)\n| where TotalFlows >= minFlows\n| extend RelayedPct = round(100.0 * RelayedFlows / TotalFlows, 1)\n| where RelayedPct > relayedPctThreshold\n| project SrcNodeName, SrcUser, SrcOs, SrcTags, TotalFlows, RelayedFlows, RelayedPct\n| order by RelayedPct desc\n",
@@ -7422,10 +7422,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "TailscalePremiumCCF",
                     "dataTypes": [
                       "Tailscale_Network_CL"
-                    ]
+                    ],
+                    "connectorId": "TailscalePremiumCCF"
                   }
                 ],
                 "tactics": [
@@ -7436,33 +7436,33 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Host",
                     "fieldMappings": [
                       {
                         "columnName": "SrcNodeName",
                         "identifier": "HostName"
                       }
-                    ]
+                    ],
+                    "entityType": "Host"
                   },
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "columnName": "SrcUser",
                         "identifier": "FullName"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ],
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
-                    "lookbackDuration": "PT6H",
                     "enabled": true,
-                    "reopenClosedIncident": false,
                     "matchingMethod": "AllEntities",
-                    "groupByEntities": []
-                  },
-                  "createIncident": true
+                    "groupByEntities": [],
+                    "lookbackDuration": "6h",
+                    "reopenClosedIncident": false
+                  }
                 }
               }
             },
@@ -7623,7 +7623,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate rule-hunting by an attacker or a misconfiguration spiral; legitimate ACL refactors usually land as a single change."
+                    "value": "Identifies short windows where the tailnet ACL policy file was rewritten multiple times. Iterative policy edits during an incident can indicate a defender adjusting rules or an attacker probing."
                   },
                   {
                     "name": "tactics",
@@ -7708,7 +7708,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies configuration audit events that occurred outside typical business hours (defined as Monday-Friday 08:00-18:00 UTC). Adjust the time window to match your operating region. Useful for spotting impromptu maintenance, account compromise, or insider activity."
+                    "value": "Identifies configuration audit events that occurred outside typical business hours (Monday-Friday 08:00-18:00 UTC). Useful for spotting impromptu maintenance, account compromise, or insider activity."
                   },
                   {
                     "name": "tactics",
@@ -7793,7 +7793,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; the same pattern can also indicate token-spraying for persistence. Cross-reference with the Tailscale: Auth key created alert to filter context."
+                    "value": "Identifies actors creating multiple auth keys in a short window. A single admin creating many keys for unattended enrollment is normal during a rollout; same pattern can also indicate token-spraying."
                   },
                   {
                     "name": "tactics",
@@ -7878,7 +7878,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags but no operational oversight. Candidate for removal or key rotation."
+                    "value": "Identifies tailnet devices that have not connected to the control plane for at least 30 days. Dormant devices accumulate risk - they may still have valid keys, advertised routes, or tags."
                   },
                   {
                     "name": "tactics",
@@ -8048,7 +8048,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted and can still create auth keys or invite others. Review against your HR / identity-provider join-leaver records."
+                    "value": "Identifies tailnet users who have no devices currently registered. Orphaned identities are candidates for off-boarding - they retain whatever role/permissions they were granted."
                   },
                   {
                     "name": "tactics",
@@ -8133,7 +8133,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies the per-domain Split-DNS change history from the audit log. For each modification event, expands the Old and New documents and surfaces which domains were added, removed, or had their resolver IPs changed. Useful for forensic review after a suspected DNS hijack and for confirming that a planned DNS migration deployed as intended."
+                    "value": "Identifies the per-domain Split-DNS change history from the audit log. For each modification event, expands Old and New documents and surfaces which domains were added, removed, or changed."
                   },
                   {
                     "name": "tactics",
@@ -8218,7 +8218,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity (no SSH keys needed) and is governed by the SSH ACL block in the policy file. Cross-reference this list with the SSH ACL to confirm only the intended devices are reachable as SSH targets."
+                    "value": "Identifies devices that currently have Tailscale SSH enabled. Tailscale SSH delivers SSH access over the tailnet using Tailscale identity and is governed by the SSH ACL block in the policy file."
                   },
                   {
                     "name": "tactics",
@@ -8303,7 +8303,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement. Confirm each entry maps to a documented collaboration and that the corresponding ACL restricts the device to the intended resources."
+                    "value": "Identifies external (shared-in) devices currently active in the tailnet. These devices belong to another tailnet and have been admitted via a Tailscale sharing arrangement."
                   },
                   {
                     "name": "tactics",
@@ -8388,7 +8388,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security and feature updates regularly; a device showing UpdateAvailable lacks the most recent improvements. Use this list to plan a fleet update, especially before enabling new ACL features that require minimum client versions."
+                    "value": "Identifies tailnet devices that report UpdateAvailable=true on the latest snapshot. Tailscale releases security updates regularly; outdated clients lack the most recent improvements."
                   },
                   {
                     "name": "tactics",
@@ -8473,7 +8473,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies every device currently advertising or enabling subnet routes (i.e., bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements (0.0.0.0/0 and ::/0) so only true subnet exposure is surfaced. Use this for change-control - confirm every CIDR listed is intended to be reachable from the tailnet, and that the device's ACL restricts who can route through it."
+                    "value": "Identifies every device currently advertising or enabling subnet routes (bridging non-tailnet networks into the tailnet). Excludes pure exit-node advertisements so only true subnet exposure is surfaced."
                   },
                   {
                     "name": "tactics",
@@ -8558,7 +8558,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk to each other. Requires Tailscale Premium or Enterprise (network flow logs)."
+                    "value": "Identifies tailnet src->dst pairs observed in the last 24h that were NOT observed in the prior 7-day baseline. Useful for spotting lateral movement to nodes that don't usually talk."
                   },
                   {
                     "name": "tactics",
@@ -8728,7 +8728,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies traffic leaving the tailnet via exit nodes. Exit node use is typically intentional (regional egress, privacy routing) but unexpected exit-node traffic from a node should be investigated as a potential pivot point or unsanctioned egress. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies traffic leaving the tailnet via exit nodes. Exit-node use is typically intentional (regional egress, privacy routing) but unexpected egress from a node warrants investigation."
                   },
                   {
                     "name": "tactics",
@@ -8813,7 +8813,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looks for src->dst pairs where 80%+ of inter-flow gaps cluster around the same delta. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies flows that recur at a highly regular interval, which is the signature of C2 beaconing or scheduled exfiltration jobs. Looser threshold than the analytic rule - investigation aid."
                   },
                   {
                     "name": "tactics",
@@ -8898,7 +8898,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation - confirms what MDM/EDR systems are connected and what their status is. Compare against the expected baseline to detect drift. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies the current set of device-posture integrations configured on the tailnet (latest snapshot per integration). Useful for compliance attestation and detecting drift from the expected baseline."
                   },
                   {
                     "name": "tactics",
@@ -8983,7 +8983,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies devices that have consistently fallen back to DERP relay (IsRelayed = true) over the past 24 hours. Sustained relay usage points to NAT/firewall misconfiguration on the device's network, a tunnel-blocking middlebox, or in rare cases deliberate evasion attempting to obscure direct peer-to-peer paths. Useful for proactive network-hygiene investigation and capacity planning. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies devices that have consistently fallen back to DERP relay (IsRelayed=true) over the past 24 hours. Sustained relay usage points to NAT/firewall misconfiguration or deliberate evasion."
                   },
                   {
                     "name": "tactics",
@@ -9068,7 +9068,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies tagged services (devices with non-empty DstTags) ranked by inbound diversity over 7 days. Baseline: a tag:plex serving the household typically sees connections from 1-3 user devices; a tag:db or tag:internal that receives connections from 10+ distinct users or 3+ OS families may indicate ACL drift, credential sharing, or unauthorised access. Sort by DistinctSrcDevices to surface services with the broadest blast-radius. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies tagged services (devices with non-empty DstTags) ranked by inbound diversity over 7 days. Surfaces services with the broadest blast-radius; ACL drift candidates."
                   },
                   {
                     "name": "tactics",
@@ -9153,7 +9153,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies network flows pivoted by source-tag x destination-tag over the past 7 days, treating untagged user devices as `<user>`. Highlights which tagged services interact - useful for ACL validation, detecting unexpected tag-to-tag traffic, and spotting tag-to-same-tag loops that can indicate worm-style propagation or service-mesh anomalies. Order by Flows to find the heaviest tag pairs; sort by DistinctSrcDevices to find broadly-used services. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies network flows pivoted by source-tag x destination-tag over 7 days. Highlights tag-to-tag traffic, useful for ACL validation. Same-tag loops can signal worm-style propagation."
                   },
                   {
                     "name": "tactics",
@@ -9238,7 +9238,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies network flows occurring outside 07:00-19:00 UTC on weekdays, plus all of weekend, over the past 7 days. Filters to virtual/subnet/exit traffic (drops DERP-only keepalive noise). Useful for spotting unattended automation gone wrong, scheduled exfiltration, or unsanctioned after-hours access by humans. The TaggedSource column makes it easy to separate cron-like service traffic (tag:backup, tag:cron) from human user activity. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies network flows occurring outside 07:00-19:00 UTC on weekdays plus all weekend, over 7 days. Filters to virtual/subnet/exit traffic. Useful for spotting unattended automation gone wrong."
                   },
                   {
                     "name": "tactics",
@@ -9323,7 +9323,7 @@
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Identifies users (SrcUser) generating tailnet flows from more than one distinct device in the past 24 hours. Normal for a user with phone + laptop. Useful for spotting account compromise (sudden new device for a user), unauthorised device enrollment, or device sharing across users. Cross-reference NewDevicesToday against Tailscale_Devices_CL.Created to confirm whether each device is genuinely new vs long-known. Requires Tailscale Premium or Enterprise."
+                    "value": "Identifies users (SrcUser) generating tailnet flows from more than one distinct device in the past 24 hours. Useful for spotting account compromise (sudden new device) or unauthorised device enrollment."
                   },
                   {
                     "name": "tactics",
@@ -9416,7 +9416,7 @@
               "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
               "properties": {
-                "description": "@{workbookKey=TailscaleStandardOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Standard tier. Nine tabs covering an at-a-glance KPI hero row, audit activity overview, an actor + device drilldown (Investigate), embedded hunting queries (first-seen actors, off-hours changes, key-expiry-disabled devices, never-expire auth keys, outdated clients, dormant devices, subnet route exposure, SSH-enabled devices), identity (user roles, status, last login recency, role escalation history, orphaned users), devices (OS / version / tag distribution, devices needing attention, full inventory, subnet routers), credentials (expiry timeline, never-expire flag, CRUD events), admin audit (action heatmap, actor x action heatmap, recent 100), network and DNS (current snapshot, tailnet policy gates, ACL change history), and pipeline health (per-table freshness, ingest rate, operational events). Driven by data polled from the Tailscale REST API.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Standard); templateRelativePath=TailscaleStandardOperations.json; subtitle=; provider=Community; support=; source=; categories=}.description",
+                "description": "@{workbookKey=TailscaleStandardOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Standard tier. Nine tabs covering an at-a-glance KPI hero row, audit activity overview, an actor + device drilldown (Investigate), embedded hunting queries (first-seen actors, off-hours changes, key-expiry-disabled devices, never-expire auth keys, outdated clients, dormant devices, subnet route exposure, SSH-enabled devices), identity (user roles, status, last login recency, role escalation history, orphaned users), devices (OS / version / tag distribution, devices needing attention, full inventory, subnet routers), credentials (expiry timeline, never-expire flag, CRUD events), admin audit (action heatmap, actor x action heatmap, recent 100), network and DNS (current snapshot, tailnet policy gates, ACL change history), and pipeline health (per-table freshness, ingest rate, operational events). Driven by data polled from the Tailscale REST API.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Standard); templateRelativePath=TailscaleStandardOperations.json; subtitle=; provider=Community; support=; source=; categories=; author=}.description",
                 "parentId": "[variables('workbookId1')]",
                 "contentId": "[variables('_workbookContentId1')]",
                 "kind": "Workbook",
@@ -9528,7 +9528,7 @@
               "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId2'),'/'))))]",
               "properties": {
-                "description": "@{workbookKey=TailscalePremiumOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Premium / Enterprise tier - everything in the Standard workbook plus network flow analysis (top talkers, src-dst pairs, exit-node egress, beaconing candidates) and posture integration inventory.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Premium); templateRelativePath=TailscalePremiumOperations.json; subtitle=; provider=Community; support=; source=; categories=}.description",
+                "description": "@{workbookKey=TailscalePremiumOperationsWorkbook; logoFileName=Tailscale.svg; description=Tailscale Operations workbook for Premium / Enterprise tier - everything in the Standard workbook plus network flow analysis (top talkers, src-dst pairs, exit-node egress, beaconing candidates) and posture integration inventory.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Tailscale Operations (Premium); templateRelativePath=TailscalePremiumOperations.json; subtitle=; provider=Community; support=; source=; categories=; author=}.description",
                 "parentId": "[variables('workbookId2')]",
                 "contentId": "[variables('_workbookContentId2')]",
                 "kind": "Workbook",
diff --git a/Solutions/Tailscale (CCF)/Parsers/ASimNetworkSessionTailscale.yaml b/Solutions/Tailscale (CCF)/Parsers/ASimNetworkSessionTailscale.yaml
index ac12904b67e..11677937446 100644
--- a/Solutions/Tailscale (CCF)/Parsers/ASimNetworkSessionTailscale.yaml	
+++ b/Solutions/Tailscale (CCF)/Parsers/ASimNetworkSessionTailscale.yaml	
@@ -1,4 +1,4 @@
-id: 1e9af7d2-4b5a-5067-ad9e-2b3c4d5e6f70
+id: 2b9c1f5a-7d3e-4f8b-a456-c1d2e3f4a5b6
 Function:
   Title: ASIM Network Session parser for Tailscale (no-prefix wrapper)
   Version: '1.0.0'
diff --git a/Solutions/Tailscale (CCF)/Tailscale.svg b/Solutions/Tailscale (CCF)/Tailscale.svg
deleted file mode 100644
index f3418621b91..00000000000
--- a/Solutions/Tailscale (CCF)/Tailscale.svg	
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" id="Layer_1" x="0" y="0" version="1.1" viewBox="0 0 512 512"><path d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8" opacity=".2"/><path d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9"/><path d="M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512" opacity=".2"/><path d="M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8" opacity=".2"/><path d="M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9" opacity=".2"/></svg>
diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json
index a115de24564..5e23a612b73 100644
--- a/Workbooks/WorkbooksMetadata.json
+++ b/Workbooks/WorkbooksMetadata.json
@@ -10747,6 +10747,9 @@
         "Security - Network",
         "Identity"
       ]
+    },
+    "author": {
+      "name": "noodlemctwoodle"
     }
   },
   {
@@ -10786,6 +10789,9 @@
         "Security - Network",
         "Identity"
       ]
+    },
+    "author": {
+      "name": "noodlemctwoodle"
     }
   }
 ]

From 74a07e68c49efa4d3b846451fa12964bac49611e Mon Sep 17 00:00:00 2001
From: noodlemctwoodle <tobygoulden@pm.me>
Date: Wed, 17 Jun 2026 09:47:02 +0100
Subject: [PATCH 27/27] fix(tailscale): resolve PR #14482 CI build failures
 (KQL + logo)

Three upstream CI checks failed on commit c0089a19; addressed:

KqlValidations - vimNetworkSessionTailscale.yaml KS006/005/198 at byte
1367. The case() expression used the function form startswith(x, y)
which KQL does not have - startswith is a comparison operator. Switched
both occurrences (Src and Dst host extraction) to operator form:
`SrcRawHost startswith "["` and `DstRawHost startswith "["`. Same
correction applied to ASimNetworkSessionTailscale.yaml.

KqlValidations - ASimNetworkSessionTailscale.yaml KS204 "vimNetworkSessionTailscale
does not refer to any known table, tabular variable or function". The
wrapper previously had a one-line body that called the vim parser by
name, but the KQL validator processes each parser file independently
with no registry of other custom functions in the same solution.
Replaced the wrapper body with a verbatim copy of the vim parser's
KQL so it is self-contained. Both parsers now stand on their own.

logoValidator - Logos/Tailscale.svg "Id should be GUID format and
uniquely identifiable". The SVG carried `id="Layer_1"` (Adobe export
default). Other upstream community logos (UnifiSiteManager.svg,
CrowdStrikeFalconHost.svg, etc.) carry no `id` attribute at all -
removed `id="Layer_1"` to match that pattern.

The third failure (run-arm-ttk) was an infrastructure issue on the
upstream runner ("no space left on device" mid Docker build) - not a
content problem, will pass on the next push.

Verified locally: KQL PASS (56 files), ARM-TTK 48/48 PASS, logoValidator
not run locally but SVG now matches the canonical upstream community
shape.
---
 Logos/Tailscale.svg                           |   2 +-
 Solutions/Tailscale (CCF)/Package/3.0.0.zip   | Bin 77207 -> 77290 bytes
 .../Tailscale (CCF)/Package/mainTemplate.json | 544 +++++++++---------
 .../Parsers/ASimNetworkSessionTailscale.yaml  |  88 ++-
 .../Parsers/vimNetworkSessionTailscale.yaml   |   4 +-
 5 files changed, 362 insertions(+), 276 deletions(-)

diff --git a/Logos/Tailscale.svg b/Logos/Tailscale.svg
index f3418621b91..fdd0d65fbae 100644
--- a/Logos/Tailscale.svg
+++ b/Logos/Tailscale.svg
@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" id="Layer_1" x="0" y="0" version="1.1" viewBox="0 0 512 512"><path d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8" opacity=".2"/><path d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9"/><path d="M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512" opacity=".2"/><path d="M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8" opacity=".2"/><path d="M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9" opacity=".2"/></svg>
+<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" x="0" y="0" version="1.1" viewBox="0 0 512 512"><path d="M65.6 127.7c35.3 0 63.9-28.6 63.9-63.9S100.9 0 65.6 0 1.8 28.6 1.8 63.9s28.6 63.8 63.8 63.8" opacity=".2"/><path d="M65.6 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9S1.8 219 1.8 254.2s28.6 63.9 63.8 63.9"/><path d="M65.6 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.8 28.7-63.8 63.9S30.4 512 65.6 512" opacity=".2"/><path d="M257.2 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9m0 193.9c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M257.2 127.7c35.3 0 63.9-28.6 63.9-63.9S292.5 0 257.2 0s-63.9 28.6-63.9 63.9 28.6 63.8 63.9 63.8m189.2 0c35.3 0 63.9-28.6 63.9-63.9S481.6 0 446.4 0c-35.3 0-63.9 28.6-63.9 63.9s28.6 63.8 63.9 63.8" opacity=".2"/><path d="M446.4 318.1c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9"/><path d="M446.4 512c35.3 0 63.9-28.6 63.9-63.9s-28.6-63.9-63.9-63.9-63.9 28.6-63.9 63.9 28.6 63.9 63.9 63.9" opacity=".2"/></svg>
diff --git a/Solutions/Tailscale (CCF)/Package/3.0.0.zip b/Solutions/Tailscale (CCF)/Package/3.0.0.zip
index 65656be69d01843d5d83344da05424f28e83b3db..2e07c0f245d92f4a0c3b9d3e1ef8ed3671f90ba1 100644
GIT binary patch
delta 68071
zcmZ5{V{jl_*L6IxlZiRe#5O19#C9?<CU(cRZQFJxwr$(iH}|>s{qt4zudcoJUgzxH
zUDfNXPFjUHS%m<8N`XV5gMffQgUriJYh4YU;=>|=g1{=lf}s4pYo%{ytz>LvYpL&G
zOlNLyV}0gnp}0CUbM<(rTI?c+k(AJ*3g&A5$O#d*MZ-qJkv4jvLLy~I8ckO94g4Ve
zc60N%MLe%e%o}-_QL~{Yzs2G4?(cPX_jU@P8=n(q0$w47D=QYp=QEEc8>bogFTdPN
zmscQUV$N+W9__zcoleAi-a4h;4|r8<RL<jaL#3)ufQ=wbJNz=^Tj{*Pd;P2^nd-b)
z;`_Mcw&R_x$w?b<!vDz2DjHgZ9}oKY49L31wYt#dqC>C8AFQ5IdbAlvDkwa9!D=!g
zU3b<(0{WPn-bM0i9w$={TouRbL4;@Mj$L3GT&HFN497j!I(C?$6KZz9|Iq52WnH@&
z*xp_pXVtpohbT@tFvntmw}VdHKT4Hj%(l7W1{i-#wI8+>^6KM*D-?SAo`nD*{A|8W
zP&gL$qo3M!2l)$xbT{cOWqHn(%vn~J*0*#Y0IEi4Tu{T_aV4kWRyhKmZi@TR&xGkU
zRZD+(Bg)P^5M}i7j0KNR9K(y}ktVbSk@KCI6irbC)rt<m2E%byhcBwHjTMxHF$OD{
zQ7qsZ%5PHn9&L_m7B+>)#REQXg=;#gF9il}p*~u-P|loA8B|nWcG(aZ3s_5^#GfBQ
z0D^2SFLvtym0GkcptsSJVO5@$2cr)qmeXG5lFt7W?IKxG=mL!enhc4&>%Fsx`Agu<
zLK^|w*f0ao-CTRKfSDnwT;?#gOM<T?bkz-wApUmdwIdx5u33lKS>o<;7abPgS<)7H
z81A_bHi<DSiV0sF^!7}H9|S##XgiApU^hV=f`^N=WH#kUXQPB3fXCb%kk%aUJgKD~
z+PE-}{`vg6(wm&(qEdN@oJkp&xfE%DgCv6BV!g+)7?Jwk-2+>&cMRX+-_L8j+q-B9
zE)_9utRN@r`<nprxJPh8toZp4bViG*`9#rVkX*KvHOu0hC?;w=0+=xr0*1T`pzEgr
zK*(5^$0ePDzE*hd*G9^0G&Ey|C!w)8Q%|ijm@PeK#^jcj^#8oYid%5mPMvfw)1O22
zoNg4p>Z1ok^daIkVe+20_Zy73r^=#Q?V+?#nS2-<F1S30*qPQ;#gGsEA_J%BgfQ?L
zjnucjt&S<tDGH}BT4VxY(`sr7tdM)p1pg$M<!zw0mh1Ux%-Wlv0fl<vHa=x>da}m$
znMumU$_DX*34*OCte3au#!!Gt3A<@jgRnw{AvGff!L6}o;Px@Z_A3$wgQU9rGMH&)
zH6#^$haJS0BKLNu0L?r>DWzp1BBX-ah9dfP6%?+h56gxlA#49j2R61aKu$_HR5@;9
zy!cDdX}tH&M@y5hHvcPCrPT+PRvF{!y@z$q>@<dT4sj`P&5Sk`q1S?KeqUw4nK2t5
zzqY=P+n{NfR~VJ%-tfL2sIq!$y1U|aIImM=9nO7!P*zP`gHMMo42ezx_}sNvyo7l}
zf5Ei#EFMhxQa{xy{dk%S;8O{8Yqlm6<BJN(nqTaJv{cgV>x@U(SA9c8vFET7p3oXh
zKK&hXYOzSkBq)3;a6SiG=;)|zzc`E(;OitPXlP}mLZR$;kJ2rq8S^8=saZBTV&`j(
zMqK-<R&Se(*#;SzE~{o$eaC}Ng)$+##rgZYyp=99SA$z!1#!hRu(pbet=_)s!E-s{
zKtJAQS9^Qxs)`8Xx?!a<*``2=aj?FCx?v@8OGg``!@BzFR<|(q5TViGSESLF7iIpU
zV?vno+oZlIhi1cyH`Cd;HR)hoMWmfN$e-u3vGh=zDjxRM+8ySyvA{Jcehq(~TgG#;
z*b%;7^~XxFj>VZX;AGMEs$u^*U$!2(VE*gc`W40!D&(TTwMjc+oG9R*EM@;?F@d>s
z%Kw`MuPJT!z{~UNBxSv(MPs-dLc`;ohG&zy*i!AW1I|6o#yQV_L}dRX;`ASpiwo3^
z^@Ia$1-te|mw;5mibif=;iREv<7|$rV*Ncea^N*@VxvqI!79DKtxc}G4Ru}W_QG1Z
zo%$al7o8v*34$dImz^5DZB_qc!dhRr!L-sKS~p+m=%l-?Y^>cE7~wN;RjOFUUhDEW
zzw4@6=x(;*sf=<tLQFi_R`q{GHvSTc`%6Rtu!&>{E>;BhHpd!x*XTfjWSZSrcmJ;$
z?ikmVc&In+ZK}MNk~vDr&W}k~7o9AZv9Y33gG7<e7Fe0<IDsg*`{R_+6*L>`z<;>c
z|HJA2hr6CJ8$J-$_Hy<`$8WfgtO?UGJ`FnC$FbT5Vx0VhKW|>q?n~jnP|?6z{+ug2
z)T2rdwZED<ZvcC>$fpdjYfq{m!$}FW*@bahGI~im+$wEc+N-AQ?xEL<l7TJS!E3jS
zt03+g6%C7gtbdo+wwbFgby4ms&GjLU>|P#A?2)UUB%kf#`J&n|O&%lyis%K(ZKc40
zakym+Xj&mWcd%)opGTc)7|w;Oakt7F{=8T?J-0;k@?B?3`Pk=dE<I=Cq=B`)f?KkQ
z>n-8<LceNjF?88Hor^BnfstYcRm#YqtItta5lpdUA9t*q=~uSm5Z9Lr@}<jLoBe-l
zskLefeCx!emCRuQQ|urf;{?IzOF0&{-~oCj(xg9c@U-R^((o`LIi4WTIwZE0(*2UG
zI$8IeH%;YX$zY}L3mFcJNAoj|B`tV*KK=thrT+)${twW@y7#zcD&L{cB5$!)$y$F<
zyfCvWTH)t3*r2+yVX9k&i!e8~CSc9eLzn(<O}2F4zZ`x4<@ocr=+57w1q&stVzeC#
zY+S{S++GFqLX?^s<X`xEbpAvB`oH1>{{aX87T^5~+&5)s8#X77KbQX}Jo3Nr#QzH)
z{u}-_)?drpQuvmMM=J^B%<1-%tJC_|=9v(*x%l#O{@w9OZKVbZiXagmzpwOqa<cz+
zSgw+)i$W|+fij|F>04RA&x>D#cy9m3|LqVj=YJiF`?o{9Pbyn`n#{9ln9Hta#uuh6
zS$`810<MUa=5n%#VPJS~U=Mrww%>t?p3#TB)EjrZdehR$Z?Gl@k)pRS4}1TP*~8v{
zWA^`%SZE0BG}(F%(80zMUgBQE)en9Q*EY;&7gaMh8r`B;iu-R0;{KZgUQVj?MBA%<
zycuX2uQXEUnAm5*xAdfEK^owz8%Z!s%_de;M52yGxK56S``TP}$t;7p;~b9TKotYn
zt1q>TWl?N9ToOPr-vj}r5N}17V_E8$D5<VsSHCEX4_>vM_OgMc8CxMQ!<<?im^1H;
z5(sNX$~nRprXMe)jt!qrxvC+wtW-vvP@A9sQOdd@;$pSj`y=dYvK7$5CRFjeqQo&=
z)ewH(C4W@@K^@%**4UUKI@i)2##pgI{kyS*gke*JPQ-O;QA7|Xy$4tHOJ2pi1}V=5
zjz9snUA!lzNbG-Q)P<JkhJutvVq=S~90uA}%Fc*d+%zL=Cs7@u{|#wt^RF%8zA1?>
zIMlx;(FWXES4MSC=D7c+NgTgI9~sdj5?NN2qD*U5O#iz=g;jjR;=6ZCwDwMFv1OCx
ze3?3gZ-2R+ZJ>@6Ug#AnB*y!D+d!v|^SR8Lj{GIhhBTY+^Up4=>;C1E(eMu!hiMK(
z0dp8SWXusNDw8Z@Me1?3=xzb)f}gs8(8`^?+OY+sLOfU@<V+WB`Gk6WPJXdx=8vCd
z4?YmEc5~XT$kf%Sq#{&$c`jF)5rU0Df^q0gllB4>GT+6siNw~8!)oqssgLIh4ppJ`
z+;|wu28dP%vpZt*t(8w1vC;R6+bjhWy&6d}TJJ1HikP8pTNipTove^>S6TCb4ea@q
zm$I5dpJ`s9*trUG8FD{gJjW#3k(u3(*%GPUkJUD{MFZouvSU#zLU5%Y5!xLKj1TqG
z;)CADwX&(D3&u>8L-Nkcy)?Y!ycw-5<Q@0s`NwW~59UVMsez!S5ouN7D|9P=qoGB0
zVq29f#*KbP=UvqHtGl&3a5)0%?RS}cOyR$*<ivJYpuv@9HQb8>DH0;183SXI{#gO@
zzbo)bBp6MTT~|#xuy#liwj;jg@u{zUu!e`^JfYLfFBnWIR7^s*GBCXQJ4Ev*?#1dB
z>=A!ow;yG{tioLdW(PAm5<4j*)=L-6{^ct~%L~Pn(F)`rxga6EQI}ijhu5T@JD9s$
z$qY7<_S#8p;-5ztTLqRbnEwTw^U`RR6$~C0T=GTdu55gi@s>lFyLfYB)gO4tSUA_G
zZY*#WujAzXR-8$A<>~otrXd6NKW2YHkp+rL<kB{5j`dAnW=k7XEuut=8;j;oS*_}e
zjsf=y)vAFVi7~Acl?IhKLBYsYDfS82v-FtUz{2B*m!V>8cPpBDoN@9@d9F;A*9_J1
ziHqh9QCf+A<B0=W-v-jl$JesE^^Lx=H+T5x%A#*v-o|Y9pji;{{|3By=@Dz7dNEy4
z;jcTvJ{n?acUI*+82(heDs}gtG66F%Z-c07arbC7`$*8@&G@_=L_SE|R(jZwru0-C
zc6{NeR1d6-9dTNzZiB(_aR(w)n7?KU;p6zi{!k9(j~h#`XpQ8{V3T`_@9o?&nAvm2
z4Fvm#ToSXBnI2HTD+mzjKUt3*gFIiofVoa-c8|queP3|uw3TT~q&}Kjz1FD5HPRv)
zpQpd2J66C@&!&`4fZkPSnxn=&TEPZo!8{bnnGCVch0MKiGoz4ipuUl0_EY_~4+i0<
zjc%04L;PqoMgphI)x;B~B)y%8S4_4<HhvXe14mWc9@m6O2n6YlVrfB!)jazVr8k=?
zr1JMs*I<?SZYdL!IR1itgk?J&$L!F>z6Eb(oVHSn)%JK+6Gab^KUxt?7FT!dTSdup
z&V*fjt9*}vwWVzrP%Spe#;!%UoI@1#Y5xFU*Jl!9-^Pf>MMA;nT;w+}i}}GnahvK@
zArqa{quK4c4LEiK0ke~i3~HTJS}zhCU!=O5$rO(=2co?M1ZVs5TEul8hgBtF-1$W)
zy;!Zl#8l5TXxQha)0m|okP7bH`**8h6%UcHH{PgMB!|Gg2LX~zlE*qxellZ-&sWvG
z<74u3zp9IHl61P?sSPh)sefS1d4#S+yb%O%V>5Vu0!k3~RoJTp6TF)#sgDAcMkV3c
zls6aw_kJNg1Zi<|1_EfaO-3e(OP?M_DH~)Y?CXSFvs5Y`A0!>+`_gzPC^rp@2k4WT
z_?N$KX4mIlHe(KQ)*IcNcuc+2+s&f*HpcH?TTAe>7Vj(V?Pr)Y26AUl=(*Tml)8>}
z@z)-ZfXB;-66=RZ`geI}r>ZV@_j_YC_WRw(#EmykeQEyW4(EmY<^I=?L%GBPO?PMB
zTbb9hT<5UQ^J*YXm#?F1k?&&i`gVPI9>w}{^lX%3*LE)T?6DG&{Jqal6j(}w4-^aA
zP<EHI$#53E<a={4KstFh{DgX$=gV-G9e>yX>YrcVZU-MXlEMO?pLe_8XWRfok29?-
zS?<K?(#wo`D95|&39h!*w)eN=wd0Ogt1f448$`O5ah*p~Mzwm)tjpJkxH7)G)ie5)
zj5z%&PrG|prsk7LIr@{m^`KYMaG-7Wlwj+T@BsXF3v)3mi-3Se7D+<$DlLBgGT;Tc
z({5XQ_W<lzd+xAZviK1$7$YtsE___=qORQ^8!PcUL0b{jRv+KDjW#})x(01GX8B-f
z%IQr{S12y|?%zM=Ar?!RmjZ0M9vM9;;y&i(gZj9zKG-f-J!|k$CS)hqUXRb7#tW{k
znVx4V()zX!p?V;r0^l?5AOje|1_J<S+-|>Z?K#L+wZ4z{9*^$9j2RFw`U2I@lOLyh
zrR>L>g!*b5I`^0SW3O;nxGVex<33Yej+0xmJ`sKHL^}*9n<A!8f~)uljFX5}Ip>lu
za*^s)KF@CQ;a%<-oy*oBRgf&a7gD{<DBEUHfnw*ga7UjJ@VtS37kh|XJy*c|m-Wf+
zFHKor9VcFw89Yu*dcF6@=8x7_-J{LiPMcQ0MR=7VjX8BJo^NimU1SC}RZ;9{?HQ8o
z;Nf>|$Vk)ueq+4sstQh0I1=6ekUQoQZSLu;YFP}lw_qOkukewoZm@|)E#)9oU-G|Q
zhip0UvN(meFl7LXk7%M3N`nPdynS%iRurl;9Wk0;*F`&<D$+R<_o*7qNFlGOy)kB0
z@ZNl}VX8jsKkF?<n()it$X#fmq1YFC?ai$`6wM{~0&>R@W>u#Ud<)s6HJc8w$o99c
zgq2(U;4mKfmQ%V#`b&3+2_GbRM7riIE!%BoGT|-n_3|KB3i%nur!oP*nzd#J9zshF
zWzPPH`w5;Il8>$e*AGac#?tJzlw&$IL;H3ua+w~a8sfzoThh#`XM3$QCx@dkD_!Ng
ztzRZL_%(%<)4i|!<F#H7>zuyi4J|-Px27^D$0=2(eZ-&`84EwJw@s_@&ILM;0L~J8
zeTpVaE5sv1eYcmG*$_~y=g#d-3H1u~^XD@67?j~22`=TIP1isBOtWuNGv5oDA+?s1
zNt}J*!<#NC2?|+%rPzQzdYrFpEcV6OB>OJ0DO$_G->{n-Bh&;u%k)@aj)g1EE-;K^
zVLW9EiiOAZ`rv80(8MFKS+2mJ$&M@dh==w}^?~o5uBLUXeq{zm?<~NYm(a_x5z9@W
zQ4t5$`kl&}N|KYM>QkZ?sRHc`%|n3@tSbEhCEL-Y?&ahtbOb-}gYVXpbqy)b$4~G*
zI9Fr@?jzPy`C$%&thR9w&ZhP}O*F>-SC&HDD_FSgq1#9HYVXm%=eyCBSvH-=r_&AW
z-OWyt@)_T3pdkR!eg}9(B=04t@TNve6BjNv_ngnJL-K5Ybp$sg3O3`6MVAS$K4`Zp
zQoNfLkyOyU$wJtVliV#b{pT&1<U48xv#UU6y`@n64+2tz;I{-Ms`qS54mwa<mL>$a
zzE^}v@E0?CP1i8~T5WWpeA0FZJCn-e9DxN8Wd=yvNqNB1|8#Y(D*$_-B>?44ydOJr
zt=V2rl|{de@w->=nva;V1@$+i%Sg3{WbvO+Kk72*lzwa0NiD^)DkcWM(OW4Cn)`XM
zI(FLfBSUDJ+c=bXlLylQz00EJJI{&Qa4IN9ha7nZ<{h8;>=YrgNwUfl`H=Ft4IM#5
zWJ<K46-WTlIbksRoF}rRU_UA{*H&vG7G2j44w7KNA~k4Sl=K_=5C26sXeNVoRAiii
zdOgNJbZQkrMC1#!KiKpzr0*yE_Wj-&mh}#^<8L0S929ZVwDbmf1ol>c(^vRkL4l)d
z)gOwBEs3*(wSROE{874PU-(r1jJmPuPm?Q3wb%d*t!!kcCl$}F!M)mlur*&r*T7I=
z#o|{5eVk$m!bbi^Wyhw{L3Pq!B-?4y%1-jfzibv>ON4!j{b~4~7@QLShaQGI=Mt4M
z9`&6}pYl$-&`6!+b2Rq56Q9n^_dm0R%y7Ie`$Qb}AXMF`3o#1R!CiHWpukEpN#rSY
zUH~dU><5P5tGaZqigW)m8*Tv~(bsYcMj&wrzbyIKXZ#4CIGL~Xav_D8o1;Qh4CPnV
z5?2*cqnc15lMPWZ$DBPf=1Alg*nx`-pg<e`eT3mge$+Ppa<?wELv@La?6&u}4ao@{
zZ)P$TV*wL@yC@Q3*>24T5#ft=$uxz8?VbddD$`a!ps1V>v*Ud%tA7z+V3;7%p&w*W
z`*Y2*LNW}pQtmV*LBGLd@-~$tu(hX!?%w36czvk%IFa1^rpEngT8A!qMFy4u&w7Dn
zcrhsS2N|NN98Y`#`qEp_Hnb(PEA@3E2phT2ugPD&*PuWWwFewJl0bjGCw<x<5z-h4
z){Zt28Y~j8x~eFJ7jiByy=w?5L5pHTaN!2OJT<&Wc;wkk{@9sf^(=R;-!Tsg`hsVn
z^X=E(^p+WWa{J0qy<QlPCm}&Rx$()OB&lcng7js$2wS^KcT%Rp_k@~-YQB`zZzOcQ
z8s6wTJwzrn2gGq+%jo&PVcHuVl10b?KveK@Mm(Fi^|nMg8=IR@zq;ishbd!|Ae0_E
zj_RF!A>B2fRMLU$2{X(|-S;MMMBMeWM2Xc@V#NsoOjwOEn&g4u<;&051MVxjHv3vq
zhwZ#&aGD+>t^k>Vso5;rIfLF<IGUfiG3R9CsxGEU`_j_xtA|!`(RAa<sZP~^Ro!m1
zHg)IbHnFh<9EYt%*ttZziflLjCtRFIPa(qjMlWIT6dYklE_6L~$&rCRj3h2UvH(El
zZghsAtLd|4v?|&~X>;88<0;gVBl)GFdN%thlIb^VHx@OFOMjC*10)_UZp!M2<}6!0
zWaekj20D%8(;pJ#v3eNEO^RS3%JG5YFoG4|hTK;_HY&X>{Wu}mZIntvMViz|q%R$-
zu*Fk=9y9YWDYD-mXRg$<7g+6VqLt4u-1A$~P)MYQz%~+Q+n*asZA^K9d{dV8;sQUG
z6gqZ<L;ZAf=T3t(<Ul9pNPy<u4Jv$qoLS#FyVwp8kC-V^@qS?*zpV!N*g_*fz-waV
zIpA}@22L0m<gnXs4&v+$Lj^1sQ+Qaa0i)0mH4rta>s#~SR0-E)GBsZr?Z=Pk{yFLR
z=5f7{J6Xd>Lk*iUuM?&Ae0_@%&>LsG8;5J$PjRc3vJ=yr9H>9!wSS0OyHifc%rRU;
zwO=eWb$1`@_eHQLO$-ouuM<7mG750M&5_chBDfZ}P))ZoyYJ>0E+3}qo@6T+@<EsG
z?sZzDk>+4&+{MC7J^7%0jzI)THK2<3&S;l$v?=o09XDYfyie*u!-?nIzCjkCM4=+|
zt~lK#^4(k|mmU1)_(tw$*-t1HO6;D8LQmREjg&2nQ4e7i7T}AmR=`J>lMm4*Sgq65
zh(n|T51tu%PEks9g$WE=vMQ2O7f-+CmH>~XonQ8F@?5$8#F7?|D82~fn=l#GfH!tq
z(4ifU*;k8i*fQvGQ;8zSkg8<yF3{w*_3+nV3x4Aj@e_$=&6Iz{Xbjkg@znQg_jq)!
zNUT;wS_^8j+kkQj!O5FBg<cY-_1|2W8MA8z4v}9Y>%f<3z^kk>vqGa-9}i8i6H=fW
zX^1X~JUE@lzjh1BAtr&s9Oo!Nv-Ij{3$Mu}_{Ey1d=p^6Yz{3+5{nE?5wfRfk=i{Z
z^50EGQw&8W1Jf@mm&*JKHaKFBBmN`$MQ6h?BYH`wS`}zvT8$U#YHtzvs6YqvQYp}&
z+~N>uK<2=(_@W*DSnR?u1oaBKE;hdWhT@IQ85vL?j_@Q_N>lrj^)hBoi53NUmb<mj
zsi8t013cGIYAK0SEaewD|CkCZUa;t}62bthMzl+Y$l{&eiqd!`Y5PIjgInW;bWJ)k
z=DPBvNgvRiw=aRH=30o9K2(kcVT2~i>3ra|zc&?*tG3`y4}n*Th!pTMFBCM@{H4Gw
zPd5ggh)g3qQl1w%Fl5!KG@$2}F6u0a$TZ~=3;V|xkMv5#2G4F19NFr(s&qvNwMZ@1
ziO(8{)FK^AC<+^|vx36p)iMPE@i*0bJ%))hWgdWLzD?Xd?=4F#{!lELfAS7G&SD6}
zU?t_6sH|W;t|w=9$=%}jkfUXPspA2c;jEBJ;YUw`!tG@F=##`Kp;iKn;9x=<ZJ7!Y
zy|7U`GJSZMb^7T^Nsa}x8$^G(2bpICX5WYvyj%7K*mgrKu}Cz}`^%h=BF`UfyI=t<
zM0w!cmVqNvG=x_+D>ixLgfl)^evsD{J1p)i$y^WO8FwHjTUk(lS`=8t=QpPNl78{U
z2mijLeK@pT<5)pyEO{o-ok4$U9Xu>5lXzVyaToO|<Dk7(4OzF!o3G8cOCjgx!#}cp
z=D@xr?yvcNdE`|I^GHj=53X8b?5RcW><0ldr|t?9;>JbL>@Y!{LUq7+XvhpFy*VrZ
zl)wZ&1S2xa&^iV|^JhD|ky?=UpBm65Fe60)6nla$D*GueNd&i-&(T9{^zF-b<X>Da
zXgw5xZtP2<Z#+Eq5H17sLSY!g2(w5MQgWRBhxdvW;-W`I@?y8F$bRakCWUU^L)QRL
z=P(Sm9O0IO#-AYiI&KL`W5?awt2f<G@<Y`lN~%wlAs;5v#9#X+WYE$`VR(>LwfuF^
zb~?WN11sHVkV)Rps9v1NewEjY;>b?<$-6U?Pn&Az*{R-NVekSsj-s~us9+BI2~Cx3
zp7gz~uQhQ$`DrXbCGg%p830L|c}YM3k5veo^^aOaZn1*WlV*ZoDO0zS_m6-~X7XvA
zg}k~JKoAQ<v>utiP;!ML9d0ys%gdy$$H|(Vt#6Wt^y`NK&h=t-rr-Be4$esRKQtfR
zekOfU--<3LSz_FW>=|J2d~Vymd4YB1`=D<Ji7(I(d1JUDx`&9G3I)}$Z(9Pey%hSQ
z0Z4*AI>-yq-=GPFl8foVvh}-s<#?#EKL(n@A)dSIRH??;@w{GG38;hM$aW5UcWi2f
zmTeox7@DeIM3AX`M}zc9!2&~|5o0}Qu9?1lkJ1NEh3bM7WW5efPKBnA`lClrB)O+<
z%7qgo;uhQyS`&svhH)jmXZ#b$ArxlZ_SF}UBVsgjK}n$yy_;n~RS~)hYZs>$H{i<^
zIWCjl9zD#%84h#CTPsHXHIx@e8AC<S#;&9fRSZ^FmR_Z3e@cd>H2zCSS&xA=AZadI
z+jNGHbp+1bU~E3#M>(KI@tL8dMo=ED9;hA|PI@suO@E`=-)tJl!A1ghU&zBJa?FWc
zU;}8KW&G+9yarA1%{YUtLLO4h%Y9zKyZkAU1&v~Z;gOT>#H8tC8DP8>UEJzBIixKg
zexMB}2?j9#W+q6Au$(ZF!jc4(zqR0?sv^LYKnW|tBq)huD(4H8;z{J@ispD;)sLlN
z8Ox2VdAx2urhjYUKqHT9AVLM~TU`<AV%}kK(b?j2l&|Ig_{#ilJjOjuu<5?(^gA4D
z5jx5Z&4)ge>wffEFuE#3F;zxP#DU!DQ6vgN7|jHgqBnc$G!b-x%~~qz`H>5f(9}z3
zCrtT;yH$xiC~Eqc*s}4)m83Ivp27o&J&xaEoHO1TATF*SvTyuK)UAt&ajim%RSKhI
z@Z#;4C)(q}a7(}4Jrk!z{0%yu_eHA8?zuBAnD`qY<;>~|Hwp)PF}J7k?YgS49Wy+2
z=@&7h&CaFJdrU{tmy>UYr>IH3!d%yPJreoYs$^8<g{aap3c}-kFFke!!<L><$|$S*
zZ=fQgO3KiSI<Td_6#5hd><@~P>UXz~R=Tx?;?}1hSAO(sHs9ep1t1xC11P94o7Gyi
z-zn(;@%AvAKYUD#8V?ahX2;Vwj>C7RQmBrxVM?Q;aZv2G-#Tff!VZp;OiPW=kG~S(
zQFYOvli0uVABh{aoK<+XG*1NS^f=VB=&#s=RMW_(Dg`g@ibsEa(=vbjqOd$Y0!4hN
zRINocu{%`-b*b-#S#O8JKR)TDVtweBUT#7L<YmO2OV=L8H`(<_(fOVgMS~{?Zgr|W
zoXVA3+E)%~m8^b=i=2C6M5o)-tP<S`czvF~1KMe3wM#mHp;22^^T{F%vxgrg;ZFOg
z+Dvg7T2Hrr<Kg?*XCsi=O+5D6Eg*PwoD(XwYuxII6WM2u1F?0}WX@U8ze<DQm`IC(
z($pj==II2BNW@#Fsf5-07^Q=jSXJFx?86aAQfzZo6r%Ti>;p;VL_e~W{Sj8gTjr63
zmB;=YX*;qqv1fR@eK6Dr@`@2gk`zW+#L%R6JtW^}mC<{H(R=CMm>d29gZCd^);YBW
z*E3o^1z^=Y2!r-R*`-61eUW9y?>zJXp<YX<%dpJtzI)Nl?I*2VWVHqnfAObLyN3u=
zv~=`Gl%DGq)=9#){Mgk{E-uxF;S&D0y{_-r?L1Y6$DvK%_o!7sF<vPrllH7=G(m^=
zENB+rZ%<=+BK8Mz#P?0&s{x(b8MH~+a&%qB{v<JOh5f;wUSgwY4vE}IWT^H)B5Zex
zw9v%OeYP~o1fe=^*3h>N8f>T(aElqqYqC?w>+C<0^yss2uJxqKUho~!970Ml0Ll59
zLPPdYAtvpl^MfE$foaQLG&ics^n`T`dhUKK)$fOj?_!(a3W1VBcd^R&+;H_Xc94C3
zv%{j2pIESTJPs-`!5VH1otB@#XzXmFF<kyW#k&`@W?D&Z0`hk{e>-t8^EWJC=-jE&
zn@(>Zhi!|>v6^y)=r16VXD2Fem56&);vl;lW!&F-epXFv`-2vrWJ6uF_Wm?lbD#HF
z(w+?Jsj7Z0-I2vQNU(aExhP9>#PU8dLcC}%rHX2+v>o}2&AjPKtK<h3%X7*i2Aj`A
zg*QEnNV_z!A}_{5i8<P|TncsW)&71L$!Ag;;|Fh34q+Pm$OkizfaNmS$2)l6;Hj_d
zT<eF>yP8dC=Qc)>JJ5FAVDRas&`F3Yybh|>!WF9+i{DfSg!)3#m{==evWrj9tIWS5
zFXP;OH0+=dU7XJ1?ri|AzZ^{@jFA}Hu|6xV(4B}`Is%PP8`uQ96hK>@d>~b5c#^)N
zIQY7xEvZH+>u=`Wq^J@wfE6zIN7b0O8iJQ5ABVSG)NzkpNtJ`Md7R@|<u`yoCYMMS
zb(T~vF3dar(52vyZ?XE|75nN>%dSS6axXDod0=r??7KUo@&^_Oe0q-dU19cR*Jfd}
zLesFUhQi2ks=wJ*7hr!&5^ddsv_|os9dZ&>N@dWiIDc`{rg4emOHQeN?^jQ;L*FIh
z)AfDs38GXE0H<{lQrreRw*O1mC*#T%2ToYLPUqxx$*p8u%fS$~q$E_6o@cS82@RAE
zf-D{$sll|FtPiN=Nqvl|Cs%JAOP$bv)>DwcW;R*ym~F~+f?spg$4#}M#0?6vVJBs>
zvSK4tFLVwm;Em~+rOFhlvA?yI%jvU3Ja6FaPjB5_m-cE+)A;0`;i+F$nT-50P9Mg8
zK0Vmh;-$;puzTCO;b<+ZAv&t&pz$tpD4KP`{$A#{`T=ZzbTH13Z(JAfpG;ibJKI!s
z!k-p;y=}~-b<u|(f2n(%Xyt2j+5CJPu63}utTgE~%hJBHzV5<*u(=&AdVE|NeCPD)
z<Zj{WJ@-uUd^W<1)QEfEnD5C4T&9kY+~az#OsCt-FOMs3Cyv&GvSiN$JAkuIfv%OJ
z+li889Uz?z$O1l|HeT(f8TbLbW?hX-oA9WN(^<1YCXM@!xP|OUz72H~Rp+KG{tWI8
z=dSa|%G2>4k+$Vi0$Qjrr_)={uHSa^L0)O^B5n3eXAN?dd~#5#@6X2~8SSsOfd93P
zv)elO+ee>=9>Lnq%k6BRU;i<&8Jt&K?Muf`Agj~ju{G;bu97^N5B&1BsE4<3x?`G`
zLGFUl>vChEp^sgl3Dn}XlRtgzmGJcuYr=hn!YAM!(n|YvZ@s8<vnzFr%Mq&W>im(f
z@X~0ei|fQz?MvV0foB{2-xIav;}m!P4E(MZmJJzl-Bw3?j<+?U=B=9OoVd<x2GOl%
z09ha0g`qvHRp6_|QWt+R(o?e{PWNTO-HEQJX@=H4`THv={OD@g$9s?~0BZQ-wWyvG
z`K9RsdyT64w+oUm9{Eli^f;YqTORSj@-}O|w#4T!<0&hHE`8{=bJZ;SD#BKScj2I?
zgbO(d&-wIKv8Nm8dsj@(pzTz~8YmAI(D{=6iv6_paGN{f%8wf;_b!c9o!)}e;qH#a
zBxCdLl$JkjbMLcU`Pll-y*98ud-ZTHoF3*;E}WjXyVw>oOcu$1@cxK#tpK}Ty!J^|
zs_8%K@{;Oq#nHqzE36i#OH!Wpk66t_s1ALq>YNjfue!X#)t8DH-&}jWAYuwAP9H_6
z3a?vPQK<o~Z?LpBnw<7Dql%WZqCF85nFcGNe!2`~pD%K+a&3hkt2L%B>yfhcG+|+H
zg>&&ka3X$Zop&0_a?1=>>#2tE@qT@1%EyRwO3hrhCSW0E%Ke5YjiFv8%V>L6Gnq@C
zpi^w`A%eaSc;Wj4#<toURMtSb^Fa*e^=HLa=yx|zWQ%Yu2oRYVcj|yZExYrC!O9M%
zKNeMYL;%`zq?+QQ>GpfpFLnOc3p~L%+rw{bVi1pO8TaU$Euyw21XFM5OnEi0uo(YH
z(y)IeX{QYc4ZW^B79*wV4t#ES{FlO7XCd;3t&HewT#W#hGYDH_Lm+ewhKXULGtVV?
zA=$XI-><8a>JMkZS}N9_jeheSdviGg^Dg>L0ykYA7$M71@NWf<XhS%<z%{+T!kQsv
zjNp7McwQcX&dv@P4@bs2=`M2bFq!t$ZE4mqzpI6w<hG@YJ2s42zqFk0cOy#n!osJd
z;A@;;(vVFaFzFG`;=nWmhn~~U1CM5!Yf|JSayh8(PEFAnluWC*vlckJgl!Ppp#7+V
zDD)(GeO^S(b}3dQUsf+eZ}SYCCo5r9v8a9M_<2EzZtTES7cnvx#w?>WFNgsy!^TQ(
z`u6csdcenLW|}wZFV-X8^rd)5on6jX1k$69NZTQcuVzr;d_dawr?N2LB>#Os3cZ=C
z?))Cy32%LBrziJt7NQ$fzWh7C+U;hD?&&qQE#GMy7lJ9dw7<gB+x3`;qCFp(Fjub>
zrt?860jv?iPe{e78@zteX1+ExaOQA(IMSn-&@)7My~Xan;vI@Hd>5t0MxmRli(ts8
z5C~%imQ{KEP+&D#`-5$e)F(D`$bS=Suejv){>6uANMWtf)c43vgq)P892O*8L^MF?
z;+!&>MTJ+7N#f`2&G9dgG)IeHjJCsMy^ucR6J+tA<}Wh7{UE$swc3aSW98u3M1>o7
zD)2&H*7AtmYiPOH0>3tfl;NlJrKN^I)7>4Yz_-TS^#Rxks&cpDc3Pe)Cbq=d1ErC7
z43t6RIhH@<5J$!^@`-D0!<e#q96pPec*oGVNunT!gtkENflc{m*$3hNW+;1>EbGv{
zr1kxiYw5a`@PjGaqOvjXa?X}u9Bx=V);*q?GU}avk{k%o2tp0xwy}-Yok_JM36^pH
z2oZfK3AD#%e|_-)gSQjWlfZ)Z<m(?Bj}9^(*Wkv#kd8Sqn@tJGrxn)!jo1x#S4}t6
zfc`nr`1(=L82FFWEOI79egxgw8yGcHycibo1714O_q#EpRS%;SzZUtpUds<jD@kHh
zNeN#`2DMb~=Tt0e<-a~>Y1dM(;@-;;ShS;A0QczXgs=H~=DAtE&M!HVcY+_dBvhc^
z*=bp|a3-`GF}srwHbPXg@jt`Q!&}a6q7A-ruNy|gSgO>fJ04UU8E+s{%_X1FdSee4
zL+smJk9<{`Lk_C#2{cjcIqlt&J<7r$$gKelU?U8mVyB|2TWHSnX|d0b#(>B;<B_&2
z2mXwQT{E}KF~&hg!O(<5x+id6LU+d6FVS%v<oJo_iw!7Oo7>Lo-VLxzJeR|@lpztn
z^{_VV8>HIU5LoCKacj0}M(C7*sK;T3Totnp7*!>R#&=qfYr#o4Y3NdKk)n5sLb)M~
zE|(m;o*{Ot-MTbJkG}X;#~DE@OVTXT05r566=|sB#J&Rx1&Grbat#^3&OH1Dw>C<%
z3+4i`1PpqW)fx`wiFIlU3YurnXo5n^DPdCd^I~ucq3FunFQICGP6_1-@MMy`yr~{M
z`8ADXpdsA`MEycd6sry!Pv*QsC#P_gHoby@A0gUFT=3ZcpXnUm_9E?}adH({TgW($
z{3R{JZTon^@n?1XJ)c0KvC*5fu`!wcw!sd}x?MN<8+3X{y*nI0Bt+!#&6hDcH9t2j
z;0q=3n*hjr!qdVsuC=Bgk^aSjZhX_6Hg+dTq@-dOCQp3mB_*0Fcz8{<zv|k1DAm@|
z($ccZMrvaY%~d;`$BN#VohSwHk7&FitDuQBdS^PQG_XekOTIYNA{CVb??=J(l%_WG
zk7SIC1%+LsVd27dax_zuT<ty6Aopam`q*e+`a9SY`3tu36PUN4z=4P4uo0G;<j^8>
zOvD7Vx!Ly=XR?71r;d&cqX4XMCjS{%|J_I70=WFPo3nj=zk1Q@azNszRiP`v0<}70
z7UKxxPstn|m$1>P6lt2fUl*^~%iIOQ!<H#%vWg2{n7P%Dm}S!lIuZtW?q~=NV{E`!
zvFh#BmDLhqm9jYtUKu`uXgDMqCS05*CdH!52?uBAVH=Mx!ffyeNH%VZCbj^#iHhFj
zl5JnsX>GKghVhh_BA~orADo4;`G~bs1ZiIQ#|hJndFERbUU>EBt^r@bNc_`vwGiL8
z8I;nUvuHR-Oa?gLxIR}(f#Mj=r5)s(4a-4B8kYHY%^T7c(9|9EOz)8Pi00`(7wylM
zfvThG?*W10k}hNr*?Yn&P+LbY9KmOIjUjPH)23(dXmjB4pa2{zX1v+T;?KCWdNj+D
z39&!1yv>8;B=5kv?|NCMpDLpLUV)+MKmHG+)8Ra3i`F})J4UTRZucc4ADGo4Zo2w`
zekli^^g6yoC6K7-WcWqm)QMnSCNaGx^LwY#ZZDGeIPCffAHQLof(E1Pw(LLx9158f
zwA$SeyeBXv;0u3?fZyXT&X4%89HVE85;u=lDiHF7qtIw*=);cBRDLUeSmd@pE#K(4
zK2Y$Q;quWv>v-oarJ4SEz83_fQEEiGT)D^H46~Tt5DDBz)ujW>YCZQkA3noEg`gY;
zYA__8<4k5NWey6j+kTDjQZhl||NSxHaC7nFsZX@&60nVkU<pA_&j520GNULq2;|oJ
zy*h-zE6jv!#BdkqokxLyKA<nP9m^FPji8b{H&-tg&3jGX!<hnicOFKZmD5)8g?)xd
z;@Vxo`hW`2HTIa*iR;I-pPb|sZGQol)&5^AIYFbG_#6=i&-H+omM~)g({DLFa^v)A
zWdqQ!ML@_Ae+(93jmvR5S~JZzkl8v!+e8Qq`!C`@61Rt4cpQ2a=WcO_w)3SErc98O
zd{U-tZ?gr2<@c%G1LuFG-o@xFQ;5D$sXPhhjZUn0ZD9a8j(mind*boc4(gpQ5+&D9
zWNL}vL=O$oq(sG<OT^JcA~THLpEI)ZMO?6`Q@|c4yl-!9q#uv%3_c8u%MBi^;I_x0
z5b9YkVqkX2AQui;=pUIt9>^rxs96ZRIiW<g%Rok@IZRR%Nn0-H7RDA-wU3fpKF5*`
z8YwU_GF7t{Wr2;SFU)Z>dCkp}Iz+;rXV^~1(U%7_QTy5kvR`BhamN5*Q*@U4&Xx=v
z3i2N;v<(HuuOZ6gM~Ipx;%RoiGkv=a#wIjd^il%9P$HSXFT+_B##JyA0HM^;!dIyY
zneB#F&_xTvY+H5+a{DgA-D7JlW;5d6_;xEYxx<F}*e$OHV_?O<yBn6rn2yWWTFTZp
zHWrA;>)D)XjZPzd2s+gzNyM(SCUEq_bshL@EgY#NmS8O@$Y}xsuw9@RXOZN8MN&Ad
zim4f+dAT{WNYjh@w(=RM1N&<aXPq!Rm2uk02CW;hM4F}!KA-0AUgHdbgM(E?vx}LJ
zWEPobl}HIlOWRFEbs<S9sxAnBkF7D{V_;kmz?5ajN{&C-q(Z7;1E-z8vQ!;e6eQ>)
zO2;riy0djXoj25K%2C`feeg^<vfS>b!&o;BGUT%N1zH!%OZbIs0=s;s%~~p$6%Bx8
z-*yX&z~0SC@&>5?qOmYX2Yj5r2z13*%vbZsJ-kVE>~AoB-%jz!-YTR~70irdA+ko<
zC6-WbK5^5AnA)>gN5A(F3{Q1XTgi2PoqDjW_p%I-Bk@x``3NX|9h)tuHqQF_aGV0Y
zWm9k>QIJrI#Ftcc0!SDnCpZBuD;e-pQ5CD(l;e^OT|ehD6VCJtmeEpqS$&Y+D$u!0
z>J`p<4sS5rzcFu1_H=1M%Atn7PrYPh&1fG#eJ$O+ogt~X^AMUeIq3H5N~okrP-*3R
z((0@{T-H=I|JW~e<rC#^EWKRGj6OCgxY8}|ogC_Enz<jY0G^?LRIz+W?o!hW?haam
zsZo7=EqekiJtyrgD_Gv)=I>meeN|8RaxR$b`ujE|r{g54MF>6Ubf<5%!l)6tX0CR2
z?JJKadru2g+&%(Mp65gPj;x<Ub@YxBa&@WP_Q@z;mUz9WJ-cQe|3;p;6H|RkZdTpB
zKUQ5r2I?FGuL+&1I-#9kFOIa2Uq78Z>3LvM9Q#xjf3bv|R9&;k4U=H2^ZBtT97|NF
z8`FuCq5Zth*D<Ly9CM_*T5|B=j%BMw)%&YVMAF8sw6<R0yl_1ij9H=8-9SoIHT7r=
zTYAsQOumVvQKuS&_Yx&EI5Q`>K-ziz?$wTtuk4Km8X8Ym9c%Qi!;L>lZ|1%e)|oo7
zs=B7=YUms+T@CG<M6Nw#FjaVIJArmbr6zDvw3yDP@DYxn)VlIMW*H|?t$E9DxW&;K
zj=2*pk|w4Rj=eSL*#<4$gpfJ$|069>C1_9Ekt3pmqjs_tx!jz&u*YRx6fS)BA}qC8
z-Jkvapnt1%nI-USPdj~dROIHXI@LZr$TzMJ7b%+8b+EoG@tW=8YCb2t*u+&_Kf~93
z$-6ky0UjStMyst)1}|wlo?m;Dy%^jt%TMdV9^WUkXr!7RF5C{%9+pKeF+W%JKiRrG
z+<+?2wXEI4wzx9VwT-0ZB)Ng@V%FtLZG1rbCFo1UM>RV(d=zF!*+b?A*Jb#I=hN{Y
zg1Ohh4}`liPp-@K)boC`+sEg_sLKxeuL!rdgFdeX_a6gKOD%jEPBeMSo7`pyCr7&(
zj!urwug|kBv+j?pUYD&Kcv|&o9T(FE)uv5+n~%5@s-8zp%ewX46n#3cdndO>w(~$%
zmd@O88`7f~)~8d^B5(I!|Jav<9@<KNeqJ86bb{E%Eq1E1O}P8xHm9oB=Z`&e-(%)0
zJ^*LU5N92C9sG8WVE6IDN}JmQ+yS?`@$$8Axc##Rh}v#1@<dfr)16vqklXM)d3`T~
zsZ=znhTHVIG<=aIe=o~J402?6vjR4nUJbZO(lat!9%q-Y)1-FSjcy7w*@OBf5q#kY
z;IO%l;b09RBH>Wjyub9d6~j5y1irueJ$pxS7l6L$NLGE!2Q3UM+st(F_g1%eoNNNg
zk6#(s>H*0#@EqVYvnK-#H|SB|k3LCf*wmSCBR7sgCce&()r7k&ygD85Ti`wy3wY%6
ztXl`sfirbmOY%1%>76A&h*~N7I`xT*?FRp4eHj0*^R5i3HOmLdnxFn8{jpB}X>QUV
zbTp-Gx~=JvX!dTwrbz<lU4=0D+^uT0tIukU7r{nX?oZ3mpyVG;F0YQXWUZYi!wo<e
zg}z`aV&pxG2`_T{JkfK!17J(nOfw_5gxB&d@bv3lWyJVvfb+dw4`6cAGPVe_;2CF&
zC$$W2W?sCTT1W(g@qeBV*=Pit&_$xVA7DkfMT}`9@=L=3>nIz`E)T`cQnyE9?|&)g
zY;5>xYp;h$X*k-VOr%bD>~`Q{Yh#Si6iPlv2Sb0bp%O`Bs}6zh4!r5;{z_{9nEjZo
zq}rUhmGJt<DkriRcw;I8g|7r->c=P!*5P9noqCRyoLk98kjB*kJ7<57-*?;Naf82J
z<0J~#uC$h)QEenL<??p%Tf=*g+k5hg^n=l^7z5U<=YD~o>Wc|)Kr_j<VEcUh_Mn`e
z0Ph30BpQ@HOZ`I{FtP!YX5Yiz<MX8g)|o*rhFcISaMKwbNfD!Ny{Y-}BTWczHQsy^
z(Qh@ji^_I7%R*L0v#*(X<XW8QC|Fl~WOG|^njBtcK$IH{*Y&#Q%=wjDY~7wLVLm?M
zamAthdzV3BJCkyO$*VoCwZ0>bB|@2`9zXRGY9M!w7E@F+(50k|sC~Eq@^yk$VZ%HT
zQML1CZn0<z_2&LuW^1v6mP_{RLfI?q(gJ>mU9V;_<~m2Usq_qOcW{ermqx2!q(`b(
zrU%V-RCOzH3*j)N8iV_dxA5z**S^v()xp?Pqw8|QajU*wL%faeZ7nh}ClPs%1F4yI
zf!p4Wfq%s!KqOepk3bv&nYk1!X`t7*o;dA~wfD1VXt#1hGALb+40#h+N!<lxof0yo
zFy{6JV^&O?^)<Jq*`lUx9Bt<4Ut=f8#>0Y2t3y9LQ`?(Wq!zPr$<XHvZ(H@)fbYWG
z^Gim)j_i3L9p)6o@^l*cEt6)QMs?&9t!tR8Q>w`mAa%Wn+3ja+NfRhxtuW@Hb;Bgg
zM}Qj}TZ%=;iQRR>I4ld?yYLW!iZQa()}`$k#-yC=UW;GN_V*(X^Y>;%Nnf}g43hpa
zEDa-$Cv47)`e}{+xQl}G6I&CWQ018T2wGXH`ykvrBvX$Ly^p5ACrB@4S{l0-H_dFW
z`X`Sj@Q*^Hs}#!*-)~JIY1S5=vW=lf&L@CPQ7IQQRhfA3yd}&p#?^aDN!ooH#VCQ@
zRr68x0>lH<8y;NqTDJsM^<z{o|EL7rQO-k96x2*?r23+QgC*>J$iC=!yWgytUK+oh
z^;Sy#v1vi1gW=xz9nwszJVur?@Is5iOa;hjqdEy~k{M7Iv`Y2<JZck$H;#9efDY77
z3f7fR&_S&{){8G;EbXalgP=E??f%!NRzde9Z#GsIY01CyG+Gn)F~O|$S<fhsx2P%#
zM<xUV`Ql%N{5_xL<h}@d1&jQLNntkkY|)0~nDo$Xwh1AR<um4`LcKM8Oc**a?%2?;
z8n*V{^4q@+M<MB`@Fq+l$Y3@Nr!~z-b3oNg#UJ%5=8qrN2(E4XPF1HN=Yvt-=ELPs
znaqCCRmSK>Nq$V_VI1t8kiy&Y)tijac{C)xZk@~Q(>;_08WN<1&lF)?@iOr)T0Ffm
z4dNl4mZKRh*daBnwsPUz_ix64^o)o|Jn}y}MsjFrt%x}B+!^*yn*%OeYMVR1()5~a
z5an%@&hJmhZ?2qkCj;qwAScHn#54Ylrl59HlJThe7z^kJq;}jpP*iRjhzHUy!LR56
zQwMP2p(03z&cAIy+S_|^;?H-H(PzNvYJZ+#8sFGP3GQ9}b+JJYTPpztRWj1}KVUCj
ziF`k5xI$ga#&KtL@mdR`91~Qul&|$N4QX*6pG~joaiw*vj5Ls^W3g+_rm?e7_+*5D
zNi{qL^D}xMD&9t@7RA}yV34u1%pmLE`tcH7masFFBs!X0l;7j{^Rk`ImNt;7*|?He
z4G&4-*(|xb4<uZcJ#+v+_-<<!=&L+w?b?EG+Nqa384^FUlv^MjmX3ZkNv|xxr`SQ&
zMrWZ=6MPi>wtILrN_WHD?AeIrrihvP%9qO9?FMf!ykvy#w8p-qq8#ZG79vB}ias8B
zw*Nh~>MB}#G$q;T4Ly*N^<1wip5SK=Zh7)4PrjuUD802+4ecPXI0AEK^x11fv}&sK
ztoiFW;HnH3a;%pyL=T=YL{S()=^M*&ZzYwb>}M`A`j+!mU{$|hbFKE;Us=Lol+i<k
z4Oix!t9G=wowcR`YuUiR0X|DJ-!FwtaCLbPGmzW8_%<*Nk&{0u@bG!4Wi&-Ugke5C
z)+mQnNQH$iMn4r;{c>lpUE+1DCS565u|o0Ibnd>2I?pM}CtgWr{QM%%u^LzDd8E5A
zHqOGhRb_B9TOvlQU9d<i{&sqPZiyMb{nLNz4PqTh#>(lVim1(f(NsR~t^^~SPwRIi
znf41pxzO_wGy^g<cEHuv#Q#YUvM*GBvaMqT^?v~;Fod`Zn@nJWd$Q%f*j?@gB#k{J
zX3s@vw3%B=`jzm~g=FKsa@~&!o!z_%d%~AqYi>3ABQb_DsZHY@D?t<m!GpuZo(ypU
zDXhNp%f>tM?J)YqIT1AaqlpU6E=nQ7LqdiT4oaE%Bg!t+!1Fo4(9|KK!8-aalRJAc
z2Y>-R!!!AK;yn;FmV@KH{yz-4BlUAiBG1j9{^wlN|JS(|`JZ!boM$QH>iICk-lv%(
zgp>|+sg)1W;JV#vheVSF$NdxH9QOZ_c2D7zbX()-W3yx1R>!t&I~}9baVoZLTOD_7
z+qTn5r(@&f-TT}BbI$jitFtfG&3dZpqQ;uF#vJ1}XPFxXCpgIrHU3-<nzumfFiDRc
zi8um@NuT{#c1J%%GANvye{J|=YoRFd|6*&vr&}BNUv7;gTyji#7mTnl0o_y&+6{U7
z5PhCeLyi@WhO%t%6_+B%7@m(wRI`D9g+%t$HoZW0nlIrXzRFp9FUJD$lyr0M(N}b6
zL&^*t*2IGK&4ni=Z+;`#HAXka1@g)x5RY@(X>b^~FqW81G$kBJ|7Jf9c0J{K)UbhJ
z1OmSqNeljEPP7=sDyXw9%srbHnqpB%+RupI5kr+J79WEx_(;JSYiwE=W|)Jj1f4_%
zqEA6PhmQ#&Ciz$-E`<25vxA8@9h^1_f?m@iQ{^O;6KkY9S;X<w-S<wZr#07_#F2Ih
zX+d<DVaOWV6lw_=1>Mw|)Os2Gw^>`bRg4V|snMMDBIi(-g&4Svxv15*v(XszJ6ZX1
ze>kFCk`CMJibYM9xWU%ve_>IQ***V;Z=_c^h$>Wnl0hh!S+VLGwCufXFujyblY-W_
z*8cm+78_-XireTgU7#z)W#H69Na(9^l8fbqrUKF=(Bg02`5@Ah|NBxYjK2aque`)C
z<LfhqG^k3!;0g93xN%yGU8xQ>-{0#IU)X?@*0^|<?>&pBJnHMv^j*6U;~!((;(muC
zu7|HgvUwiA2Q3`w&xQ@GBhsH}A%lYa)sdn0CkzJrRXQWl;j1D@jAmOG6_EFw3uuxk
zK>Wq#fy!e2RmYRp^U=>$0~nP{>1R>$@Y(6l(3&!nf(?xO!;XNXI^_VN=0$Urj(-PA
z{FO)tGh>@mO=W3F&E!csdc$?{Er$*Q-7gjxH~Pm(@Ysc)iVW<7XzvuEFhRR0i%8Ic
z``?mQ_HSumtE+NE!?9gA5>xBAJV-<c&U?B{fi%+wPpyt8>X~OnQq^3YsPA^MIWn|{
zG1!Wt{*tYtr^@pYf1DJ#j-SD_MJB3LSS4q|!UJ)n)Fye7S)*j}v5}@X+yvtOnEfsG
z3rdyJ|6yNSd3ZoX57a3pWOt>ZlFel8A0g9^uv#NzKdgxD=x&LosJHG-B71h-FhE@f
z0TzNaS+<NBar-#6Huqn4jMKS24}NofqPCS!)TYQl5<DSy2q(3|S-Ex|61B<H6L-y_
z$@p3?=jN}^PoU@HmtJ5ZI(F&pS77aRG4%b78}o*JSb4C=NR>$TITaKhj!jS<Vf5U2
zH~l#=W>!`9CW`O7U^6F=)VNCZaF6p5Ah8I?$aP})Cxy1Y>34qKYJq}7oGk0K8pF=v
zgI2DB75P>%ksJElvpN20U&uUYa~)P!xghbZydwf5pFN^`MCq(b#6gY{!W;6fpJiGj
zbyLW}?g0C5tFHSLa%VY7UeVgQd1sFRj^i}FXOPl)QUUMuO=%U{O1xYm>DN04!1;S>
zOv0BUlPHUb7j0Oi{b2E!0L|6h)pG9t(76PzKEd8p@T)wWcU*3FOq!#XTef#j4c;=!
z9dRUCVTW7E%iSb=qduY&>5|KSkj=ecU*7?(C9njp#}DH#ty*2Jeq7c;DAr+hxZ=vi
zWtYEb1J%s^%0WWm_$}pt0*(%YoXI!%zB1;5;71nqF9N%IT0ekcx374%$3INjUMCX8
z_n1mh0mMuqC2=&WVHRGBAi+y;(OpTHyndn)NF|c#UUEl>slN$n%C8Afu^~iAgNaOW
z6|C3z_h0yv!3c)7f*NSJSi#t6y<y;P0}Anl0xn5{!Y{f(*v~bA%hRC2p&bW4If*#r
z?^yT;&@UL?&m6u2AXqY4I53gjqj1~9i>#tA{lBq<ztfY)BNB-qpea|9%UbQ3OQ{k5
zLS{$wg%7Y6QQ7SiB;g(aar+-X=cVvJeh!E5Uw-bB&)M$>7-RqX<a1IS|HJ2GWPyMC
zxjntY|M)ptIbn`87us|qtrU@F9#*%7lPu+Z7f}ogKU(JYu_qnG7Og}2N=lsnm!nhb
z!?jMrS{O*HqyevlGcCO~Rxu4MptSlhicVy@8(-pn;$-mI#ytjyO^P_nWF}3o2;QMV
zZ}#Q|2#f44c?Hg-#)bJD8kf~f5u3R$Wy8EN#3;2%{9B3yO+4d+Lcp^6<_qrzjY)e@
zGo-o@XtTmW!&+>~iCJ{}l%6X|M;GH-tfizlh%;o$1`^FHNikForM_Tr!2Jm<HQySb
z_EI@Az`ysImX6YifW;orLeW6ZO;AmT5|o*Q^v7>F$x5V^;)AZY?3r6X>Pobek_P}-
z=#&e1l>Ii}9vl<{DxsjN(64gSKfJx{wedm_u~Mu0S%WrNYinqCElFPCB4C&4`h&Uq
z5GT$=fWTUo8J4|@WJ4n%OzU&Yk$Gdwp4mQCN<pj+n%&;BkO?oa@uSINPD|hIs?})8
zCdm6=kBrKC2s~)kVg|!>gMEE{)`{HG@WA(Pwiph^9>Tq=nFwK|TiZ#?0izi3+N498
zuli-1^<)u3tB2nDdzUCu#U(M>87y4ZS@#v>!Ha4E<<b#l9$JE03iRpK=J1i`4|Bej
z^#Ky9;+yXLfgV?4@JLWEU;#NNYg>1PxwZMCh`hp!Gc&~0)4t)kY2Can1ChzAA;4&R
zx>eAsXZT#6YGJWrXQOir7Q-NZ^{dOmZbWyauZ{urpy9f?lO*xUqv92ro7<xixV>17
z?EWDqC)%X4B7&qp)@$MW@>hZ+vuG|4Qr80VK90R2EZO0aSXoI}+LUM%j8ro*j7Txq
z$nmfs4EPe1hX*Nk3`QcvpAjpk#y}BT(|oX{F@+6Wa8Mk%u#9A3pb+cuR!}B)Mk)w1
zYmc(kXtI0!no}8BG8r}bnS^rqf>@o+Bk5hjqxkQkxah^d9>*hdnACmQ;k0qnT5NUv
zZCh4dYxcVzYj=0H6cSJRh=Y-1gW+SxU1Nj6v@+ny3O|ykEjU>17LBYcdI3JQ{-@#y
zG|593k>c|jX9Eo~gvudomFVki+Ur!@V{(pBChGv$g_W5K8qt!F{!1gojGujD8hPS1
zd>>Ou-zF|&^a`+VP@N6^c1}^;j-{}1R}%`mP4L{#@m_HH`c0a<;Hq!9Y93WMqRI<&
zQ)V@}-(RD`vs_Hcg@rqKSOL(|3=rBD!|QxG#%YVumI8ORSu(UN%Wclwl<f}X)Cq^K
zgFeJuG4te<6MQ|aaEI~h46kR33~OyrYe*Q$F(!EL$tZJpo-f*5ybAJ+F#=>Yjx;Ee
zvTQkm&>-Wi*|LM40x=LCrKz%i-i2s8JywYiitZ93X?^gY7kBt46aiBM#=X*~)A8{?
z-f@Y|9cGO#bIG#zS=SnjUzWukBVkuyZZ}SB%)8$Q#x%kNwaeE{et!-9UNjV&@92@I
z#qos+L7}qbW8b{|x9p!cQG<wQ6)%BmsRkmM;v%NhlZ5h<!zm`gl?kn!fG#}{&vDi1
zRQR6V1aEeV@y<l^Cm3Mdz>;3tUc>nzd}Je{g_sS$rNX0?J=weU=!BUm*t=DqNV+(N
z$>WY9leJ5aIl*Zk19Z+XhqO!0oLegaw@YuIS&+iJ+{ch!5z?^UGf5HDkdb({5LKO9
zf?Tz0T=*&h>s;9E*}B!hwlznZOXYo7s|pxVMAB<!H^?~eRs%p%j%U4*aMUoKo^Ud(
zJq4#_PYi2FrxaPQ5Vp!+A>PN?o~toOkbet$JXVr|OC1fY{=*u<h3WbW({|&<IaOYV
zYk5bWnkvjLuOo3}G&|Hu4C~;^RwO;T4)%iUG2$kI;Sbw@mH6q1J*6T>t+;=yMr5#>
zf2l^`|FA}f6>2v^nT;xCS`bTCPV1zf(B}4YkMT`c;S-ZM6#c|5&pJ9ZU1pucIhDGn
z!6u$0u|JB&V)L=SP$|$|D;5#BRAZvAzA%s7WDg?UXow-Tq77jDImc{$D9~f2h>_7e
zJn`z`$4WryG*hR-_tX8>W|F}e`W^Tuk|$744_QgHB>{=G>Lk-s+Zq;*Os&dAdLL-K
z)_Sv3hVC7$tRNK;i59~xm3a3R`^4?z7qv8<FBQ!`fu>Iwe|`m(gV2KK@uZ8Y5UMS?
z2CEuO{82)M=^o$2Qm;QrY@@0;5V8$_$sY^ek-Ii1bIz9{hb_0#$DWo`0SK^zxeDot
z;n*alk5jMFx?fQ~vzJDKN^{RT^EPrE=|4oKqlBY^s()&X)uH8Y{?>SfsMe_8<&03N
zp`w~GRno2IB}Ngw`~ISBrz_6m6QVJTi%xoHNfJt{Xe(f#WRQy0U%isfNNgv?bM+v-
zOr`b<Dy@ajKjq+y{n-Tj3?wToHNo>~o9woBgb@P+l`P$!Rd6qa$&ek_e#$IOl-^P5
zfqI$P>Q#6DU`2TDD_MGn|6s*b=ZgO?tjJzXWkcQ|P`<Y49ZjI_sJ9lO)r%rXq@v^{
zaaj^MRAMI*DZi9Qx)7rwzz4vegnZ0NrFKNKgE``^GKM{(Lsd2DZ`VXZI?O?{p*44N
z(W%Cm;15vAGfO|B6j#9K4JwqSFvbZC4-JscNF$fl2?epsYi|!{)PHrEjixCop{=3u
z;E{Ep0@H($p~fMs;BQ?r(<YjHk<v+|?`$n`(Go~gQyx$|&Tx3vPy;M!Eg3U1Zp!PO
z+#i3ik<Kky+{BxErmn1!XISzKvQhuACA`>hO>3Js$W)yu<K3D(C~Ysl>n58N{im_;
zU-uP&|E{s{U-uP&|E{s{U-uP&|E{s{U-uP&|E{s{U-uRG{(m(V3fjb5v}%4P+N)p#
zSYs<r$<+)stL)DFSQ_pBZXpC<l#Vk6+%_k(4cGIvjN&aHV7bw}Qv^UvHs`m7d^u4!
zhcZ{+c$~=aYN1(@oUE&c>{b-V(Vb%0;N6X{SzV;!V7uL>DM5raCUC2(#@BWXb)TsV
z?WT!|ezYt9KdbK}C2s$~&d4p%qu*qzs3sz*;sCgM19^}1k?+-~hJ6gEydlSdPy4*?
z9Gz@Bk0a}!{R3UcJf~+iv3N{k&7~eo=MR_jeGVP>k5cWW=`LPLB^Z0tkj!VkL#o4_
zs?x_P4nq4^M>y#vEfdF(Z3f<Yu)CGN)biLt&A&`TE0-N;y{PmAF*?xf%K|iZeQ8FJ
zVt}M*8t2`wsC-H>d&U(e%`cb_g5IiOOu;IDbX!b5pi)y!LUKe*+=k7QZnVrez7M#o
z?EbyXvqB4@G%Y0XkM4NXx^I8WF1%<>7_%N5^0MR6NH%0qHApAVecF(CT&<I92_&us
zFl<Lnehl<O+=LOS`>(HO>4K*yE=ze-Y6CnQ?(V(U)43wDBg?-y{SALLpKy8bG^_Ft
ziUZT~SU5jf!nXYe4J3z-n<Cl4trP`Vd=U&-r~1_O&^yRC(D^`rc|+R6ZaL<_=+^ab
zn-+mmbUV||BacBzU|PIc+2c7v-*ZmH-Oe9<6|dmbz?|YkA&5AovBXBwqN2ug&<BFP
zVr)nda|lh8rM;)Q(#skp)<V>^cE^*p5E=Q&S|yHF3;nM0>ZQkkfQuJ*<Xx){&vZle
zwWRyw2``HbDUzrU=J%_!2_v~8jm09hdoo@&6<OIqtB(^FY;obKExU+L@d~v7w%`mS
zJ?XNR(eE7#2LtX&q42WK$dw!B<{CJ$=t*<Eb77&DMrg&4S}hM`C6?=k{Dtl9_^glA
zG4Tq9GgEA!q=UfaEAo#mY{>hxg$Cr>2ui+Y5=b)}{n9vo76#}V2uhe&^w5?DW*$&!
z+P~`116j@cHIYnK5g!mv%xhMusf%j4g)#E>R@WxlzpEfc70Fha<dy1k0XR;OlGS#T
z%RO@ON^qmuskYycIi~}N?mh+L`q{q(;@_zMB@lCDFZ7@OB@ln;eci2@F$)b)RI#U5
z`4R1WD<nM=sxJWgy2?{Pe&P|T2;x-&Mg#kOX&X%_r&3!cz~JNtmU%>-o5Gm*_6Y*}
z0H7&MK!IuZ275GDSCwula{EC4a_4dNc~`Q_fAiV#G{oKFN?nSA)`E2Yk;JE>d4BoJ
zCwiiYM|RrM#i}!Kp%vJ*Lw9aZ8|~S-qBKBEz{BQ@NPc&;BP@|qDpr$1hjjmkqR(b}
zq&h;f4i6`P<+dc`!lG6$_)IwXvw@)B3EW!<Gg;mcjMq`&y*C4r2A}29;J<qJF$RJw
zcivad62SUD?SsiUbNr62Bl-PhyefG)>m{&!CQA7R(G#L10KGbJ<A?tZY_O~=+p@KM
zzQ^-I6lujj%k0bZX>}nMr5cGB_J6G%>X{BZ{4~8%kIk3hJc59TQ%GdN`&I^oHY<aE
ze@dpBrLCfI{@C8Q=aibAA2uGc=svMb7Ky~Gnr6Sl;f?5$y%d49K|Zpi%(EYhmQ$ug
z@W~~G4slQy52I4SAY22tA7mbrP$@YRv3L*-Q}`}#*J^c~`7xY<1$!TNp;4F`BcxC#
zPO4-Vy+sqg%~^1(&(_I?8F~rmfR_Hc<Y1k#VLMQepEiB)8_F2I&eB`K5eudaTvsXh
zZDIWFG%qwsiwc!JMan%4k~f<yqwWS33N$NzM-5R&#x4w$yo3x&QPF^4Psczf!YgOm
zxojjNAxz^dZaHYs4&2m>Juy5a13BD4VQ0ZKU>+m*7_!MNt?js5m>!f!phfiMsB_Cd
znqq$I-s5b&jcs!_sytCaixB8D16xN?`mFwY1Udds^*;}WXtY2LQB2^o`hNjsOZxVo
z>VL7&O6_LKKh=L5;?L?oq}*rqA208-`hWLj6%GV1?S|*ns6>9|N5Vv(V@YU1$u(uF
z3Ujx_l)k5*4Yqz#@7@3i5eXgcM?dojjD=o5nu=s95HolHnN;)d73<lm(W2*pVk6Z3
z%ZLbItbbHxDEG-#O-OUYZNJkh$x4rQ$gwLle%AiU=?09FNYJ~HpV|xNAm{Ww?yqZR
z3qJMXzwu!TN;+q-B+al8O|a)Khoq<_Yu!v{>tD;FU&*ADY?caK^4c%jVSQ81RT2QF
zJ4LwDxjZ{2_c|DBp@KDK1v2t>$maD}u|#zJ+HBsY){I@9<DB_bQFLhx)u5IQ$nLe2
zq8u45oS(fJH)38kn^&!+ZOiVotF{z#HLF!D#$QjQtA;%zBGK1IzoR7V6H+^gj04nW
z)E^#twv9^ZUjzw#$3w+<5_Gc&oJoKiFbiQ6fD0KChQnFc7++*7^AA@@a0yRy_l{&E
zIQw8CKPZ|9o>O1=rpL`H!cWhJXEfUdGkn$omV+Q-=zj^s^vmYa1mIr+u@NE(^b;U<
z+Ws$q7;1%g{ec_nyxMCM)_Owqg@t_vp}@kH-vh|{CZB2$ClGSxZi$>p&upCOA=$Fj
z;vUYJ?4mK20JnqsC2^NWOx0F8jOt4wSi5@VFIC8UwA0*)egb^1v?^sCSwa}pg&EOl
zG^L{;`UFzwE|A4u#m5;@MyF_!u|cK!*CsW7flYLfahdNj^nzTyydNCE5)4MIZ9RA5
z00l5C7{C_iA6MYeT$&M0^L3El&W5-+Y@uMgBio|0PVvbH8oBe3zNC+S^<Vomi&Kz*
z^Xz|5EqWYnuwABfnScD;5!neH2Z(8EJ-qpA1H2j+uDi7iNn{AYDR6;t<~O>;u-p**
zY_~fIsUgLIVSRj(?wL)zhc&G&b{x&x07gS-m94GUsLZgSvyxhwx4W=^<FsXZcF-Uu
zpnp)ATjanb4gadC6P1e~^oBDroY#w-)tEZQ{B3*|B=)XShvqObD2}d5jrIUzp)!P{
zPod%Dlo6(Y9)5)ynL5SozbyjB%uhEhBCW)d>&I?}a}hNxO2sG6-{X(15TOQZ2iyxm
zrokd|BEgA;t9R8{YT1=Y6P>#Hm=xuj_z<zT(WCXj8~nx6IlRf2iV=f_Pd$`PO~Q>e
z^fPDpFg1j41r2Bm-UNkJA>RahWnx$ss>mb;mCtD>rlvppIs#6$86D?GHJy!uKIKM7
z-phDy0F&Wfl}VB(wP7}*>bQE%1;`UiBASISUU>HH%gV8SIdYUxC>a=#HTo!3_*l5}
zY@ip$$1p0U=mf3XCz_CxiQQ8X^h%HW?J!-d66zgj>Ct%qWuM22b<_KuOr#<&|8DZn
zEe}qBb-6jix?+{JgxiXS=vvZzGNoP_18)ihpuNW$>6m3WdauPskk&t=2E^o#BJRsQ
z`C>O&s#ebbOqcI);aERD7qRgk#27h*{nUw<7IrX}Y~o*cRFI}m+`s=@CzgHc#1hqi
z>qK4i3Bv#A#Do9n#J2xiCjv5i(w9m9(TVH-=tR#?oyZn!j_VG<FV8E2TK=0S`u~R~
zigXH?#Q$3-s{BkO1S@<x8OX|bcW6k;EAf-)YR^k=Hl(XYnB*0o+W5QrO4+wOX3tL$
zXdVdUomm|XhZ5lHl^1433qsU(QYeqitblziKEGucBgDoUDwh7_|0|pFIHN~IOZ4at
z%yMSD2q%y+-NXcPnBkSH?+nC}lX<e)-dkj(u`^%sQ-UKFjE{LX-^bc<xn@exwd$#r
zxPb_};W#NWjR_ggiqY*KnB!5kV%1hnB&K;JxVC(G*MNd6Z)8;pn4Y%GtDR?|n>RDh
z7~s`Pr-Ypk5@+}+mzZjoagc>>`1u7ePfn)|_o*7uK2>AJKdMn)i?aOxp&EHcnK8S7
zn}b$YLA>e@xI4uu#_FVxagF!%ZyFjEg89$$4RO8OGFP8AaPS`+c$H`yPpALk?8=Xm
z_W>u5Y#FE-@orA{T$N=;$DccMQ~t!a>rj03i6ArnL6E=^nfAaZlRT{O!Y=!OvzvB_
zs$zd1UwZUt<<ry=%)etp`!okKH=mcE{O9sFH)n(zG9QPuJ^~US7!lnzULqF#$<M&*
zZ^4_jo#dlfhtqXJJKy4G%?d*g*b2cP)yrdG?sb?wK;)hvJX4Y`&3p2mA<es)CEZ}R
z%Bv!f{}|lPs~G_lKMoGVp?5oe>y^3siT)vTMaBECV*$89CcT+Xl~=k!CINw8d&io=
zRci0!8c&~lE7#omiu|?QVn77wniOfP7kn>Uy_=^0Ch44h%0?`rT;1)`jfqy3HzwUX
zS%Zd-day4VLQsbqP`zWsWgEmsZghXc05`gyQGr-C__mT4J-&pp!tP%#Na1w#GiPlq
zeWOc<6fj3yuqmWEvwab<D<=*s&F1WLVBRKNqgtoLi8F;9d2b~&<{Z^e7wY6ybv2ju
zKUZgVf3D6n>FUbkENReS#Upl|Zz!HWiYPHJWtQ4>X-t>t0P~pR-enwN;OdKO0{(|U
z(*OO3K+1OZ$_R<~^D}v?Li6q<=@HNMd<}R^ar0mi<zY59b)8n5^(ry>MF|};53)&^
zb;nL0#~(}WHcU~1#6ez50Q##4;5Q1)*Jj4g>C5GZ%vo(3wT(j`s)MU_7BxFe1-urV
zHOw&Zl>ZR4E6^V6BtdTj$_ZI5uv6SUHaLb^Of>M+Pq2^b-UNE?v+fBPCXW5!gc9JK
zxz6EJrkbAPDUNlpvt;+z*jSpMfTh|hBHA8<j{}{D6P=YCeK^{H)!q{>lPp5|?}EkB
zb~7vaa+qQdk0vwo<M8*0-bIf<jx_2ccVX*q#6uX9Ar^i!-yUEAOM}aM9h{M#F%Wqh
zoYfvUW^&UGGpSaNoVCo^LE34~k5c*ZS3K%t(nG&3(z~1Kv0R(bV@c@#Lc!%dbMH_C
zzDAaX4cHP)#|O$d$Ng!JsF7vESb>k$l07H|WC4U&C#ufE-plEx$yx%^QpA%9C&e9K
zx5MLF_3Iy*dM`-8f{aGtW*=uAF8I(?`5c=HZCZ#De(W7a>jdHY_^Y$0C<cf+POus%
z9EX*Gx`KXUQeWV+<(f`p%%E<4Rh=s<wPn9VX|DDy!VQkTf?3K93Ui?%?ipEsR_P|P
z$OU^ZDZGVes`+=zYC<L&-^Qd~W??F{1C?T#3#VQ>T_Y{P&Aq%h!G96kU{7Gj#9oiW
zoF5EF?2Q}7zbO!Jq8&t1$3{p2jVZHT8CmU_mBduPKbvQ@5}xADIdY)@pztTZ1K(C<
z^2~NUAUwNdYW0-)<~}(L22**1(6T%w)ZryC@YDQ}1uV256jfMSO2te3nS$ksjhFE2
z?-wte_Yeu7u!(LNS?GxA*}V?d_sPUm=FFKBawvvAfo&*+{9JcV@rPj%Y$6>gE9BM`
z1Kr(k-u#dl`Mz&E0K%ahk8ZIO#480>Q+<c&8V~5RQpYKY4UR&x(&xfvoBf5W?3O9~
z6Y6>TI;^ZS)aG>Y-i6i)T<W>U%t2HHMh?{Xkqiew>)Tl>cFYWoi;=eQV3Z7F-%_ZL
z6*nO(gc(~9QTdnOJLqnpuf>nTgiUWsV|R{&4&`2Z;|~GFuxZt`dB51Fw|hboajq!n
zf8EwqN506>-{UMmPL8i|7+yiDk;#*Z+t1O#dDhvS5w?P%&_BaG&BIwdvJtjjn^Yee
znx?kkDlw|>ptmK+Ut93eDDM6~YWsWq`B_xfElE5vB?P*GQYV-2`Ic5^T*2h|v<Z?n
zS05?M8A*COL6fkV;F!$o_eg>vr>|xhnS#yzE$KANnSx#YX;!F4MwV4pGFDjPYKR*A
z0X%II@Q3$vyGSNx)P(6=a0YU^F5omo(_Z~#kl^eb;oy_1U)jBO`$g1t=~NEy801<f
z?Scmk+=1^p@opX59YIQrS4PYB#67aJ2x&GM?MmKz_P21)>GRBBYAwiophB=y78fD{
z0f;`A<IIXTr#p6k3EVSo-ezJSgrEtHY0r{!cUKp`1N*r^jdJ71>->5}@5k3>VC@yU
zael{On~}7RJd=dH3MY+4Ys;fWmZt_?XDO9f59mkgwoZY}wtvlEyg;@#?0UaLGle}#
zNWlb6aZQn=Q^Fk{NArXgH|P63*LADa%LTC)Cv41}$~#DY;Zyo|j{gd5mYZAj!P|_B
z&S`;YKfKd<{)5>5xzWOa^i@R5#=ITTvc|(y$0{HOgnVqL5;1f!q~E&VxM}zD&6aCG
z6NqrHzO}_e`WAl<`4wM92sjTB&BrjK!9#MUb6fgt-S3ZSV8>PU72n`GB(O-!BLFdU
z_)&te_AD+~YeuZ$vPQI*GFPb9_oE%Dn&R`bSktfihv#$i$a1D3_gyzfcUD&ft%g_5
z(2`;8SasXC6<)+@IsdKaD>qyzt2PvKpk^n%mW}L2#6KML>crc^mhKorT!pY3myTma
z-%$@suehb4^dzI&y(Qz1E<EJsB=Ng9#5mUAB7(~W4K6|%R=5pQv#}#(PqY8a20{;=
zlcmu2SAgqGhWlN5cUSnYnIroI-Q<vcueDJUslBHMvez#2)y$2zHBRNpW%4>V(Bz9T
zyQ|MW^aF;cZMI{gspe$fhgH+AwBdTV=C!Wsag3<_dRSnL2=7;Eo%oaO`^wV(YaLCV
z;1ZGU$Q0us5#6sY<Lb{N8!!KLWS1FG^?94XfU1SL8_<|#dV~N<onV5WkeS|Ku+MM2
z2J5o;KmR1}-<9M4tgUm31~4nlh@EmwG1di}hnuo#>eoLg2sJYh$Q#{y49L8^N=oHg
z{@Uwu8~x-LZ=gTcNMFxDHV`(Wh8ohBgsaydt}h{X3H!r~s%ei%>Ni}%t1f5Qy2$4^
zV)A=`Y$s)Kz@;YMBnD%h=6BGcqYpHWP?;(QSk0%6P%VCW#9(OKB}9o-hd%kCi~VM{
z=)(Ts$9^Tl=#^XL#NNLLa}#uzm}{xPnxJ0hU8mg`$91DK5|8O~dKwtw?TDrM!yi`i
z!vL4^mD-)D?FiG|!T+It4{}R)r;|64+DadCxQ!6sHZj5~0W2>ok?@-|a8*b;@Xb)a
zGS?TBrRA4GU##7dv`QN$u_tH&-3J_s4|iA&A7L-3u>-NE4JQhJ@SVQ!ZFG!$ELg!$
zH$4nBc$91`Mxk3UF+npFANjfj@USjWiCW0AoW+<pF&k4QAJGKvk=cFd#dSKNyC0wx
z$B-2O1S~#<sRWh6mS)O6(0_!%R}0a_gsrcrAg)~Z)-ikcqlC|)8|Ax?)u!r(CMDxu
zAD_yXp(S+_>L&z6PSRX!>e0@;)fh9C%&}UTlt2((oPHzC5lK^pXQhSg{4uZ(JZyYH
zachVnoMjyEK-?)?I1zHcAG`zDeIIdF<zKX*W`<yG{qXwETMpDkfZ2lKlR4W}w62Q>
z$d;SDB~Gkv{Ws5EQ=MEx?-rrbb7ut)oTjwp`wMN{w^cJR_>*llfj)rK`%*i_nYe#p
zLq%IPQj8><Mdp6sQKI{qow~T0w)&{JwK2z>()!KT!?y=4-jrjUX3*%>eHA%GW#KW0
z8aMfT+VlhvlvXDLny&g<2A_}KV82z@GJ_zK2s+sW%1B4Y|B>{s+qGP9WFT$y-}k6M
zG@AX(x2dKS)WcYXtWD|XY7(!fU<ANBv-5n1E9~FLC4dv_6k0HZE6Cyd(wlGO5a#K{
zDfUmeQ17B+WMTu#e!7W$hD+=-Tqt*7%7SKM{|XmS(1n3t3)!5rSP&=XWor9RyrdTP
zhnINiYVQ>MtB-@LbJ>vB3{PM8UKT{sj+R`rv7(BpN^{CqJhrqvsZ<l(as*Qt-+Eiw
zTA5U26cG5RRes<^?5*W>1&z+$Y=CkL^9-<~sJY4c6NdzAtDy};7GT1&8EcIEnZOgF
zLjh#OZVz+TT=v>)leup}^PT&J2R2jr#e|wc<R7s+u-llw$(c+!1{YX%@WLC#+rm`b
zG!e3dH;N^?%R2YZJ*B>C37v9%f6l=s`?WyWz&u5wB9Gv3>k7KOII=w!cH&%-Y9XdN
zR{hj^V)0$a(p$ouo@l5yef7s_0CHghhYG;wAA?Lt?J70uL?mObQjYSz4?P!duEH0p
z(B|?)H45A71q15%j6oKdY9NXg(1^*-p<tq&X1zst5gpT&g7k8?TACwK<LCFx5zHtu
z_^ap7vy_t;e-T%w7V58O*xEfSPyzuRZ&*oTr7=Zql`THd-OgbeZpXjYG-Nq*pl`q>
zi%U{2q>h1XdpIU4)66v(!?eJy-&!|kV@Cs?PEOx*jn$JxXuhQI_%d%0Tm_`g6g-xd
zhkptYt4>#m)+i{$_CZ!Rq*TsgT%4GtX`J_G{9xwxp-0>4gs$yD6OQ2%awU4{>@9sl
zp*SxPBpx9H4@YUJX@BH$YHdxT9{`)j$SIMvj7}3-x2G_s@nyUE-pyiZ(A;WtSAwqh
zrIJuX3n#jcjOnR3GBH}jvB#4=u1g#j6I5NMa&L8bY9p3Z5eE!R>UAhPXr@Sua$3H%
zZ3u(=8wZ-T?h+CQFfrSKERiCA;He1}aG-9i+(ss@5JNpY8<>nXaH!91BZ0aGcTTvU
z@ci{;3-)9rJVr4y8?xL4-ou>ZAdfTfp71CJ#dhvFEFadYmgrHkrMuOfj3ncib-&x0
zkXSc4y{!xN&1IWKi*lSC5{PEv@j$(1GkiECQ$o{0WbTMzV1;>~dWbJS6tRv_YmU(}
zk-)(*l@~y3VauSRi@yepV*pD5<dL|jWo@r6E}6ZaTZc_IeP&8&2w%VAc=yCJpT}PC
zqwSpzuMLO$8vHB<{z!i@#)Jw*Cxi<Oq*lkqhYRe#Vdo-8j&c0Hmf4%%p4m(CIph$L
z@Cc}h26t+=gbkD!5Rf_?jUA~GkV0)8wN$GPEFD)MZddv);udq_!~i$b_WlrZm$=el
z2e*^zTHaf@c2R>L(0tk(EnhopPv79DaWk@93rzlcWa4_JlXg6q$RV<6LHs0R@<Cn-
z^gHrlz1@IC@9jAxY@BQRWy@30A-Cg<Z%C$un7%leTO+vv9qLJvf{^{YAG<)&*UIUV
z?trIA(upJD%tFB10Rh;r+Qz$&`a%XHgbBiuiin+Hv<!+O`~!^0cykoJ&J*7c(GIrd
z)kC)o1;n_pPvXEx5+*zs#RchR4mauj>JZ}v0a*s^Oz=I-=ViQ7a13l|x?bD}jd1*n
ze`8_~zl<#AH_5NG<g{0=2C`&CW&`-q>dyxPLN8aTR;Uw{C;LD(E_#FV!leEL+SOOe
zb-#0i&+Q=2zBNOS_pVOiL8xlYsl6a%ek>=38ND)m3>l)mWe{M5ZhFtuw`C~9d+|F&
ziun|a7r?kRV0i`U(S$lg!$7`?Qy)Kki$5tMQ7MvI#9a#O|C7&7!~6i|qWO-I_ToIj
z?-3BdHn7F~uw@UVdBL5vn_S>!R}n(G82%NbE5l6VWzsXcfIRXYNqfmKp@5$75p^_z
z@8GXwAPL_Za)0?JT*bq&zm_ZLKpu3Ogf?zOHXM{=dE8!OYr-XyQlna!CU})qv+YH0
z1?VQSn|Sp@s4{a}w_*ugC8@k&TN(<3ecw+povu%cA^@pJv8n{PRz&#LS{Od~h8i&N
zw$r@@Dy}8({0f%u2Uy=z&eXw9Lq<F95cg)FNq;MH?fK#11-@T#su+FW4LrEcfSke6
z{eU2ac*1U@|DixEWed}}ZNaY7>@K;&&+yxubc=7i>-p*VbGzgTNr!pU@rFLP(o`Y=
z{S5{>h7w><Z^7^0r?d0j(c=Nb_sSD*C<B>JZ}o`#%qr?_i&MgoWm5<?ry^KjHZ)1(
zQjOueb%t90;k;k)vi}hmxK4zW)fngEGw1gJ=^v~#VomJ9`Q}cZCLU%O7mWkIuq9dJ
z>Bni?L0dL;m{M&eTEVs%`&$2^Px-Ly+S-F~J}&~6ARE;`KpmMtHpFKhz;-bK444N>
zn1{Y_NRInX<BcZkwV_6Vk?gUz8s>+P&~!=Awq<@PxHiazNq8(JH&9n1)`iYyt5MMN
ztsSl|$eHZbggA);;WMF4JhVyi90Bl__GY+?8VpA_dw)B8qV|PS!l^E>TZ1egXS>B5
z?h`<N9P_9t7231=estu=OUPuN8I>OCK=UhcjCU?v3y(<c9jK&|7K$6J5}q$Qha>=!
zU!igcEtz}Ezs$T!#T^$NggPwY=)h?DXJVzZB6es5*Ju<*XPaF`zRLWaEvQ*A+qa{o
zv*qc}o`sv^i^lC7?7K1xfgqBN<j>vM0UH1cr<8QHAf?2c7;;o0xVFCnHQklu{B{j&
z4T<FsSRW(tIar?s1sqJfUoAXL<_8_|`EYP;;xY0<_XD(X>EO`XCr97+wS@6%C>-4v
zTCpMg%*Vm{j)LL;IRhED&p@;B0F})A&dCe!gr^b`bxdy^zilhYiqZKNM`-yDP@i$_
z^sBiEsNn`VdSt!XmW8TLyiusBcxHpHK3m;ue-{xtLxFDg{xZQAWpIHMihU&P-#{1i
zGXdL?-n4AzuK)oaw$r9=P$o+T?92~naHvk~W_~It39C@!yV>D23K&Z-*cF{&3Jb*J
zD8zS~Yoo^j6Yv2TyD-hrsPUu<U>dya-TnDtoK39qrvsyJS4->T_aAk<It;;Nm9uX8
zcqFEADjm>hjH{8ssQob*M-1Vp0>&_)nS?C3GVhCbwN~2ds;7K3&w4@hOqa(4XAtjM
zbhUbU!;qd65m+Zq{)B%+2&s_4%3%H?^Vj?hBP@05X7lV=#o2Y5+2@$H1On{+32*u!
zJwH!@jwbv`r{gRXn@ZsO%Rjn7D;8zz`Kb1)M9c*>ZyMyQeN{j-9;9s+maX?NY8~>$
z&bmX0U3!(UV1IvVG%;0ao}N*(WehQAy}0}S6WPcWeU3oxE|im=WM~fJk(f3ER!*q0
zmw1Idj-ROCfM~Oy$cKdy@PLQoe)DZ7hR>9z8LGDA(4;bMJzcN~ioUm0!S)PKTq?bI
zr%@tiV*MLL%fe%*9_EC*XouFN0yf+1G33uy|6%L3vE-}jUsAF(-*me6>j~3S6AJ4m
zuH3YjM(7O5ESoW4;TX(&lBv4qS}`pW7Di}P@A7FZwpg+nb{6_Xffgy+*38&TimY||
zegOiZLKP&r*d3y%-Ry^`OH6GFRd=qhC><lT+CAHlubnur*?fa}nB9Vp?R8|Y*+Xwr
zmk$=uS;PL_%Y1sDgYxxrP+q!$0z~Yuoi(3>^4;Ktz8ewqb20$aY;PMA>>$IA_3as<
z_VS39zC+t+w^bbYFbaLq1zy7iR$Tmn4l{H<?x%w}YXKMZj&z36%xNM>OW%cfxbI#s
z@H~8x{rH|Lcwdezu8OqDHq#xZ!@rSe5yaIwDTZUHY3Y-E^$BPr_BHEKG6Ll6GO-cd
zO@!-BNoqZmV#8o#2q8XSIRKH56v@&D7KH*FA?EXjagYOSp}x?)*ha(&+b!K3JO}l}
z+FL<BpxQkAFCfz^O=LUHY}on-KVlwY1HnXp%*H4^*Wbp|w!}DG%M;`HpVQjKg^Hld
zP#v2+i)%ZWe%CiS9#@sCSw6u}l(Sz$X4V$E(%>N_`&%R*>JK{4CBt8y!J$DOyHRiR
zkgHICiOB@mqQd`Nl#4I7+(7113wc8=Vy$4|E=jB^)!(C1Oj4+47B9L~N+T63??YEk
zBh4wNA@xWaC|r1#L!Bg$NBy?(*EVA1Jn4z6B#cAxF~Ht9Vka10Rm?bo%Sv^it$-qy
zi!pPDWIc_ne(j4kQbuMb*;k5;&;LxQqp&4f7qLo!S@OU<=J6amUy{bq98Al7RU-TV
zJqf<*ZX)_iwQc&A=eq>#X+kXXJU`C}@_~+!n>)mPA%WBY9@We)(r@|tgKRpm-JBhg
zTDj*2zjV4IcH&tTQ3&k9)P{-K;*s)~plqgb3}=oYdn%vbT4bRu3fmlfnAiBD#&hyc
z6n<X}rU@pg`++yaXoTN$sY5ARfu{0&Jlk(&s{N1D6ABGnDyR!NsgfT!{Zev^P9KH-
z*bwFyueo|?06O6-q%~pbC3>012Cv|qPzl)Clkriuy?;7ZTB}S!&jkDg-%}#J`y5yU
zLxRTx*mvxPCl6Cl0HZl24MTVp63#`oV@O2u(9CJIEs^o(!;)ZWNqYWfFa~B@DYHb=
zTn)R#0KBQ1ag<H~(aw_xFjO`bGgQWY;r3O+4vK*<hQ(T5OLB%GO8GOpi=vHEhPI2+
z(QG`ojaozhx;})TyqGrPys)}~-$XO3C-&QL;nXMVsO*9ka8dikEO}@f^K9f!=E(t{
z=Ju9t$@L!R$+U`@oE7LC?3&xkP?5>7*v>SB8N5nn<omKE#Q6rYRCk!K9KisWE2kHG
zSmP*FtwTWs=*S8B!}p7baQKcNg07tlsKMx(7YW|H_QVc*n*5*?WR|!zx0~HDiwi$Q
z9^l3m22hZIhHt?ej+YBm@R<}#0c?zSC0q9vv{OIn21HgM3wk^1JXR`ELXdaO8kL2+
z-=qDn_JA!Pr@23*HbLod3<TZU2Fz^dGb!=x-|4#y?T<&8#d<FYTh4<IAuhj101no9
zV658#V&A+Is3!;qO~09AR|G-AyJ6stXlCunpkcBD?4EEyPzb|)s#P5;CMxt_G}HD(
z;iGP2g+SVXSK44F7ObI+KCQ%}%b=l*Gz`kSFt4Mv+J+<B;%^p~6=j<6bdw}H-;g>|
z(R&S7>i0O{bTy2}X>GN~bI_Zs^li1JUqPq0UmDDd2mfviq$GbnqMEBFKX*W>Gp~k)
zhiwZ67$UJ4ZMB0L&hqTE&mvOr?X>YsY}T=x>UA(ybK5fUn*JFewr`O<)3Nhqi@N3u
zzcD1Lv!ZnbmBG8<*RHuQU*>Ld$d7aN^gAu>XMUSU-fzLPSRvXy^dd7wU^}&^g!(8(
zf#i67XKz4^)w1Gj8*cC3{QdC;?iBhO9`hX-8A*FKGn#(&tKU(lf5c@EOItuf=<->t
z5WI{{p*vW@<(2@sAvn!i^hd0to)tM97l=&nAl$5>U^X8r?2Drr5JRG5fCY&|Q%TjV
zrA)bD!-Hja9OV@{-(Ozn$78C1t%6^h(9mFdIs~uxVHoX7U?#OQ@i(zx;zG^ihiL`a
zy%i!pcCu=7uMAkdm-vW{aGLKNDjM(5UYRh59BnRLc9F2Vj^BC>w(E0xLOVED`dyZg
zAC>MQy}Sv21dTw&nkk4xa3MsENJ}9T!G57a<quwW(Q_c?-bJHi#s+CHl(*rc@4QzY
zO8?nZD;zGM^avB)K~>#C5Z}q&Ux);F`w@7^n9nX=p(c`lC2YS`EskZ54a#Q>>#B?o
zKE6z6ttH#PFE{Uh=$oTS#a-hrbUu||iE<ho8x_2MC)ZmadweZo{4+C=zNKbyRKpr+
zDW*xrVP3R%u#<RNPzdu!Q%eL5-Qc{bNugP|F*PMeWJSg+xVo`68MApV3JCsE&Hlm`
zC1y;=5TG>lfzdoS+|*zXID!JFD3j8``Q*vLeM-)1Aqjgb>DND*lju2<=(C)zqJD9T
zO7k;>T|$K<s9m^mB-y&Z`k;%Bw#@|Q>0-;c@AfIFV9Ow_D%F4HqO(f%j7AN?>EsRE
zB++7(ODu`Da_m_7&seSjM5XCP&0}&ZbQ9#<nbQBBmDko|@9a+j68oq0T&^3i2>r6n
zS>(qBdf%EX?YYa%#~;?l>#}Oqd+RNgW0NFi3XzAhbXA^n%uR&)wQR*YlJ`-Tdo9@L
z277*duDVvGH0@_`dSmYjrNpAUMC0!2Log;q#wPTGk<h7%TQ9$hrVOB~a2tQDX0x~R
z`2I3#SLG6*WF>?QFqg*%!ixVGZDn~#J$}iUIPVD%C3SQTNTAYCS`qoop|Jmk6ib(=
zM2<wVx0~O$8SDK?X`|a*OBmTtwt-^$nsa7(<+;Xqw2KXSJnqT!q^*32rPX$?ry-Yr
zAF{Bf|JB@do+Af;BA`DBD_SBAjlMp#Ty@vy_wq*xJ=!2M@TjcM`%0QBb0&|=(9u;K
zu1M>|xPPYtrf&^vBD2XJ!xm^hhL@T-aTT^L&d6SjWnv*(>_SL}ZRvK1*ob_wcch&L
zR|qgIskJB&PaQxu-F3Bxbk;7GTjD`RR(%Urz6_5JkhFiIt%0HWfE!<i8`u0&*u(bx
zPH*^aizHJE=$dQUUcGL@@xJ0p`N@$_Cj6_``>HSau(H;hpz+W~e>S1;&<4EB4sTym
zBa)O?-Ogoy`7<+&ubl3AR5vt#t-u=knH6og>{tLk>Is`mcqNgoD=`1fu>O#a8}*R2
zQqW~wlV7)M*)ZyG9AayiOtp(uD@?48{W2q#CIxy8h&O_5eYi~IHluE?g=;maI!F7B
zppWf(1q!B$i^LTIF6gQ-RyzvL(dCa#Dw^3>L**e<M$~1u1HK(F4IWK`UdYqQxzct6
z&a*j}mfUBfL+94`?K2TQooEbLIn130{i`3E)YZY${pjfAc6FF6(be(n?c*EKoopkN
zUw4EA?9)SI=n<PE6h9m;-Yx#wJkE^#nVNgS`0nfC>E>~FI!@OpCqy<^`Q*O~DUfJp
z>{|6@4O&4t`E4i0kK?ca#Y?B|isjx$yWElCUcRa2v4||vB1kUkGm?a}BF?zGV(iZ5
znb;qHL47?ilNcDU_zcYqYLW_j52stz+IB<$nzu5yXkMtTMEoM+K3&u6KXP(ii)%09
z+5M84WZJ4AQ;<7VuXG^C7=A9-R(=&%?;ywQG{0bXvOXX2em54SA;X|q%Y1dPZIC+?
z@K}B>pj<@kI~|`{D5~SuD^~~NMb=_13~7x+4DUZ#=+!fV<M9yfMyvA96!-pA?g`LO
zdi$C{a(sZFL|1h+L2@k79OTe}J+hjQOlM@-&u;tzyRniSIrqUrDH{E1&2=Qm5Zxn_
z!Hxd@!ww}sjoTFFOQ@&W$OT`Ts@zsVJlnJnvjh0_bI5z2NN=mNRjWvzP4#Y;54eC;
zU92Fsz-JW<G+|+bhh-XE+6KpFX&)dPM<5hvZ#6QymhDf#VmT-ciH)2fh4jmcIS_#3
z();5I578pz=WzuF%80VFiLz5v67%`K5tN;w7#K&~2VSzCOq#3MK#-pveqX-BL!^C{
zd3V4-1*{<4KYzJ48Uc4mmFqiQ+LPhLYePpZfB%`&R7`_B*wys;WI|qKvH=%f3Z18j
z!FO)FHxjoL;9aAmRH+&_>EK<Hw*Fh*EPhNxc!ctnwvT*-3d~>e=f1_4k3dE}t%4g$
zc<)NX@0eMc9uTAi;)`Cy-9%>EP=m`xBo$1a&skO?WGC9076tpeUN8hM{LYpEe>ZH<
zsX-BMK_OCYTQ@tJ-<_~1s{;gG13|huUF~d`sY)z+Z&#4OHL#O69;qRI1OaF`D`(2D
zcuVhR!t@xzrA_9~uIW+42r;B4ePuM|;$Q8eyT5>=czr{Z-5m*Yr{i<D!&J8ZDy8j%
zb}x?Y98_BTuA4P}PQM5j{P0b`(q#4wl3cmFh&7*PJ0h4&S<Ait91;*0OCTkcrX717
zxstd?FvJoT&w(B>gup;eXweUvkA260`G5-&^kDBV9DPT5KZ=0?{<-U~nb~WE(7T2=
z1N0}DFoH~a#IKNjzzodCXYMT-1RzqI;5iCbQlKJjZ{Tlie@?rvZ&!NWSWM`qPCf?7
zI;BbxqE&M#>)uF#7+?FD_vw^l=wC@Z6Qw6-Ov*pW_GsS8ZP9a(3%WgrMqf9f{f<lJ
z*|u9sj~F=kPIA%N0b~B=TWe?@CSAMOOT6ZnagWPn*P-R4h}h`9d0x|?#*b!LgSV90
z)2bKj*7Y9P=qEiVFyw`ODx4@p%OuZpui&~<Nk+-i#noKES0;*V_4+abbSu+>6y@nJ
z{gdOPb^5*wZV<z_)L+grN8cH?ot&PaZdBAb;@LQppo9Epi?Nx^aW+U(Xi^1fWw8!d
z+ST07>Ota|E{wxzS9rk&QBAM7_P!E8L4CfTnqt3I@-1|FIqZlKX&yPe7nZCoG+SR`
zK*I3Xum?pNP{IsA30EnbNBI*vn1>}uW;>V}AH;_!DMIpa4k8tUC_RKCSnY4sTCy8|
zF^!x^t)$0R9VZjD75^OpuPQo%8i&(5Ytvtnx37z~p@V={k~1BFid5JuRXB*yf8l;H
zaBVCHO=$iTVcn9&U1_$bHx$`D2se<WB3KkftONxTNI~w0!4>OaGK~@rxn@F*m0pyg
z?dbsRqkd88o1}Y*r{MUd2wltexTf-O%77D&@>{)QW3eI|UGYrqwzj7d^O9EFA%kkC
z;x2i3rG{|%WsW1|=kNW?19dt<!YvF<7|qZbpMW6;s8l;KFB+{91%JfadOKHT;U=Lm
z_gyd=fG)1SUwEuJg;qL?UbKv_50;vM4edo2<k_31@^7OC#t;0JJA>GdyNowtwi4G3
z=R2*Lk*cYR3dBRP=06Hky=S;cOJ@U=)XMG0OZ4Ur#*jInP+ErmpqRTsF8v^i(*k;I
zSiKEb6D|hyP-$6CUsRZwg$6*d3R4Map<w2<fwm4LN0DR1n>))u2lQ+fyv1;krxiCf
z&BY<OFvVy)V(`NnjP;$1+w1<)$aeE$@n2Koh$k@&qBvq@JCK(^2v7MQ^*ABvBU&gJ
zMOB%TJOsSCP&iT4Nz)bo70>O@KU6l>CLriWY$ku-q)q5e9(B|h*J1B^K)zZ9VZmfg
z0IA?LL8!`<FEf3*SWrCKf<5+Nfebg4B2Fj5-6D+Ol#&<aRig5@Dx8*F&@i&oW1U%h
ztvZN=^|)TM%pcr0tIk&|#mGv``9-J@pUIL<nwO8<UYi3o17U|o`+b$yNi=F_59CPj
zLZXp%XH5#~V6)H?5{7oACGGBACy7lZU>YnSyzeHylrpo0T;H4%LRE%2g8Mn1Z6ND^
zjEt;hsF=H%*^RdDwe&Pl@c)?DS#6&54B62(g>=^#5Sv8gYsW=m!D*jnYRPiadmA*d
z8V#qSB@`iE0PmT>+!rLE4S{OVA=+=;iapi?jsl?$Uw&bS-ncLmQx(y@9S>9j@WTg8
z)|+y+^2B;Agg--$hwx?k%Tq`nuP~m!Qu}xWNB6y|Ni)OA7$O3tw|JFoZlTDRUZ9By
zeyVD?HwNnR(T$U=Bo14j)g$ml?YW=2WN99k(4qBuio0jS!I-7!o<M@tE8~?E_t&sr
zM5?3-tlm!j=NhQO6y3=%vK2yry^~-^q5tMy!&VQs1htzc!jOc}2B<9$AyjfMq`>(F
zL|Ytp`6w!x_g#`e8yC@SE<b#!c+*R>&Z5nu;q}u+l^#j1>K=#I#Hbza1dKf>vv-=M
z0vS|yeFazVH!frPVM~7tRGRispIS##x}N5J&~@B&881@@qxIjlQHnFbqkeBQMdJf_
zb9E`)XP;|j2p-Ew7qppxb)~sPZI!@Q_XEUPZ)H6JiO=Hv|Dx)fqQh#tZeyddt;V)(
z+icR<#*Wb#jcwbuZ8vOVn}6PKoSSpMZ}uDu&zf_=cEg-s^sK54%$s&k<?p{%D7?!W
z7eC(nDCpNA6T30k|B$B}2k+g)B&)}#`5W4h=2PIj*YN!I)6Tl7&VTvIU9F{Q8OqKY
zujqjL-RE&)#SmcpaJEon)4KS;i4^!z-u?6H>Bi@HN_9eP%~jNb4$sJHOz|#nF9J;K
z$pnrTo3b`bJAEAW&=r5Vaj;8q+uAB}JBJ*a0;;%7JQhj@O;b#Jlqs_&Pcfb3Z$~U~
zIm)d|MV#uMsIl($Y?Kw=bf%`rsLfyOqko~tO{M#7&Cx(T2BQ~GHD`chVvH@spSFe_
zg6lly+7@B@8Dj;z(DRP?65SoYf|wXnCIF6;1CnoHy8rcS8p&G(x>={d!HAbst}3l8
zit{nFtO_ak0V4VjhN`ZJw_xhJS9x}>j*(TTLqHiu>N<(3m9@-oeEd}wWbBcUJo@8W
z)8W}>+hu@ta8`$wsZk>!?=U1UYhQW{c3K;1KjpMFIny!Uqyl8_o0v5LVmRerX2(tc
zT4ESXx!DusqlMoUD>{pYPKOSebRy;dDX+T*1ri^_{h8M?DdrI1yS7r8FQ<~2ftAYa
z>W@{<MxV=0P-?;E@LTJ0|J8}1%K@nln_&s9fM&#y38DU55MLEE)VcdAWA+xfs(0p^
zMx!1nuFl)U(Mia&pu&_lK5tI?myqceh%JNh@BXI)jc36;I&1i|XC1LIS4uDx;h`hZ
zl^P1f-#k$qY{(&7xOb@AX!#a6lzMh@O9ZHfu_#!@nVTLI0_v%;L6F~cwKf?5Qfh-7
z5b9_-2*Zo3+9RaMn!<RN@orex_!i(DyYMOPU)o=Fno3-%QOvNhjt9}yYIzPDsI&Z}
zPg44y#R^xIe1|QEgcyRy`lbddOuz!s^q<8B>ZtMyGVobRUlOnqHrY00lMpT$1W0~O
zn9^9}FnlI@U;A2l-eN^cQT)p+T?H7vQHvF>O9n}0h1xOL)blV%khIJ<U2V;M*W<|$
zRzBkSF`NJ~Y182%dbwr4NJq9w>{mdQGMFW!RobZ(Nw0m<ptI-hMGq@m7i*o18Qkw5
zr1GTX!PAFqYIR4SQFIbXB0rCHqLqIr8%}-WqasYn%;-^B-J2>WEDA?+kO-U}ogpef
zX;>bRlqT)I9vH!$P$QZX_ph<50cX=TasfhooJL!aLHhxtCVAIunFw2}Y!8lIvD%^3
zBe`%yrTx$+FrcMw#W(BQcpy!!lIO7g{~-kWKZJy;O0d2V0{KD+L=9AkfCc0Wp|Kfg
zs|XH1y`6=GY+iHV%JM&_zA9?~^EpA^QMK#q>^xp|D2<SuO*w`Co#~KoQX-W7&GQ5w
z@n+DRIj8iqIGc7$i4fXjPu865AOf6UMvZ<rC!7@!DWA*O=!G#Cc&0U=xU=|3>LYw(
z$P-Ht7=;hQ<&O0dBjc<_{5*tUyGMiTCGW~I*-<%)a|LXU=A)2bR}lj!j)6fF4ekJb
zDnbI1;XUOBk-}NDGE8tcOJp8jBd+3*S%Mzxe@J0oUrZ+2ztAhao9{l00rtYwM~I!~
zl7D*Dvi&h_jnkDhPC&!r0yM7LsG=3rTNyA$=V-196U#i^9zyZyFPObWVv^bYG!K5l
zp1%`Io&v}0fmQ+d*Zq)AYQ&OZQTSEV>TZ%T8rBOVkofe+t)@^hUtY=z5z|iVUtkA{
ze+Y@cl`r9S@wBqY>yC2kc^t5l=&Y!AhKY@8BDGb}7q>dNJR`W3uNz@k-$ozElu&mF
zePPPY!f!b(_VaRO;}ki?-Eem$nYltNgmyzL2cY}D^`-XB-KYgh5_f*7eFyL!g&O=#
zwhVH$af(4TwVv$?(n<)_wKR#|E~p{^kpZOD_oeG;+`BMdI>%5ng#4&x<u@Vvr(2@V
zb)qx)6W%A)ZdDiu<*>O{gq&m#e7ara;&}#EdvcFmsIx2?y!QPG+5xlNY)qAJkg5@d
zfXda;V3+34;C(czYt0`ADnG+}Tm&Y_tPBmNGOyD1UMbgSdZmj7)35J50jt1Yn0PTy
zAber1FCNY+DCF@j5s~QsDdDt}qL%~X<#9Rsu}Y>)lxQmuR(hB>rEj>qiGM~eOjRLx
zVp1=RIE<NJ(}*@F@$w}=3(P@LROt`_D24j65)@`&l|Ys`Mlov)HMXtyz05TG8oopk
z%(z*{cG7f>!GDqrjHM%uD(_<3e^OlBLQ&{%{qQB68ADzd5wSD>p^g&0znnoU2n#&%
zZCt=4d(rrX&|h=O_I)t+6qm0(UFjPfr#OM>T^PCMH6ZNH@QB0o_&oz|j;FBzBmP^=
zvkA)7!5|ujH)MW9xcTMJZ}K>S{_;ywsvTYLAxZ*6M9{O7)CyXSs3_$Koj6<MlPlb3
zm)RZUn^?n-za($rs0pLV^ymUL4{nD$cU7P}6Fh8GHcaBEK8%@Wm;>`_ut_o6)^_p3
zY2Yr~+JwH3!C2?&61b2qi|V8TBAv*I*@uWfw6JHW1R8DH-3yPw<=AFw1;KK@)8+^`
zn|5jR%8r0D-m|#QZ*T7u4e47bUd{ja_l)#kfA3+*FE6P?ze8cr>YoDVaU8c>#9k!h
zN7B7KUlR+juQMMu62)M<QE3s*uvAXFQ>4?>n{v~i!q9Ds$uNK!rUyXNKVQJdJT);r
zi^;oAN6;UNo5(etm`s5~rX4I&QUC}eD5@=)^}Q53M~sv&!uxV5eygGM4#g1NjSdSe
zkUx3a2SeGsqn0X?!-qFjVV_{`N<}V=#%60ha@HB5Ty{_g9P=`<hTxp#V)X9U^wpeA
zAXjA{lZ6q)yF@S@ssZfmuuwkA{$CZzHyx0{E^*&bH?HQ{XLMZciB-m%>#5K!Jzw32
z;*(YWASX0dOOPF5YN3Ah2}naGyNqhhuP6L)XR}lle`y6NDkAWljGKQz^p43@vBfA=
zqZKOJ6!Dk>i_$i|K|7l0@^520E<91E?InkzEL!AKVxl%zb_9mrD8V`U4h#8z(jDKT
zYYTKiw{vAY?6;!RMs&+6AMf|2swAR%p|ii5)npr`pr#DS*+{~NUt+5QXHexqiIU8+
zB(pamxs(mmu{VcvbCVo=-X9Fy6F$UTPs868jT~|h{2?=PcHG9rHqj2qqV$uz)2$uP
zy+An$P&U;jGyoav*Pskc&TQX4dD)E~*3HJKm+YNlc2`2-7XOT|3dN3Qr#L7yWBE57
zH!owAMpG<;t<G|+WHg8ER_(uVjwQ`J`Fk+iar%puO5~9SJh>^qYu}TXTHQ{)L2B;n
z!UuK6Z&aaNOR-Rndkg6vTs8boZk~QYpl+*oe)x|RctE#AkFF1eaVfPkQkE5>%;(ch
zxsLJYrTqN_EyC>G1O3NK!P`Y-BCk@&HtTH-hpR+itBcjP>B`IEf!^;iZ<V20p*od4
zmTVO<*yy2GW>WG!kF;e6m>g#)mtC^-dBj6Vncb-#@-%ELcs3Q>lmogh$GV!(XkDxZ
zSwGRp79h~n4QK8#_G+C(qBlo&qj2w&Vm($CluXNb|GK57k~t^oi*t>+YTM^&4}RbI
zOeOXg4<p$m{j75e(eoi%Wi|RO=cv9Hei~yvf8~vzOx7){2fb=^l>21fnCy##Y5f^c
zjk<!Ib26R>^;v~sU^)V^ztqt5{_<heIke?t2rzBWKU^a0(-(A8VcW}#tIX0H@qPKy
zH5~S3u5qU;g)9<DH3wf0K2A(aC0Q))$VR*I49bXgW&brUWK0THjQjaq1bc>0K61_u
zf~&0-BiH+W|6t;YW<l>YcFYPFDt>IZ_ItAUz(ZHS$Mzj~zfvHzf}=|PGfAf0Ahn(}
z@RCxzbRK*OTat&S!urS8@k;v774?xFHg7js&b5jSWC9wY2S09%B0jP)6H#~ktOg(M
zi?>PCCMuO$GGqbB^Ju?)GS(!*>ojYqs5S9~ROJ+2Y2SMgoC|?eg|lF|VCZ!4NG>Y`
zgSRnvZHWm@Krf;oo^ZUNXk_c-8f=;tpn#tM!Q=i1NO%5XK9j((7$Lyg`~@W(JrfQ3
zBW2!fI*>^LN@F;e2+*uq;^A&1j=5LfdsiYE;|!VA!(ERL;?O!d8VpyaY%eyWqTVC|
z2x|WPNnQxjPuP3dYyw3a9t4Ec<A@J1%N%0V0mgzk0n8^AlbF2B9n${u*ToKC<Sci-
z;hVuyhUvwx(fofvd%Ny;j(fTlGJ-9(zs4i#-|z^hZITrhbJ{`Ch~P<KhLOdS9NgH1
zO-yRpQ;EV&a35MqBxstPCy0z3T08@^F;frIQ}xMS%@$UP%-c%a&fpvL)<3eCCw?qG
z25VQBvB9@PnvcO_rTz%eCS)@Q+N#agFd8N=E8Wbr{?;Q2SkXD3hVo0&HMGG^*kEdz
zPiy`CI-C`>fa*IYW$v^tT~w(}oQ5!FLr9PS+mIdrf}PbR81^}nS#rVcF9sGvd<dss
zOlC3>H<F$vHI^3Yc=*e{>}VIvsT3>>KG%3t|7JR*TU}T}`T<%RTreaAP)eR7hOFxR
zz<m1gy~ZbkUk5Kstv%HDcwbRzGic9T+V~Q&O#O69hW#xsp2u1a1g%j02Q|yU{76)f
zXXvdwIZE$CI1Vz})^*t8?T&hCnvjSybEd6PZ~BmKcWo^`ba4VD3kJf!R<Lh*b0dqb
zIf*0)u{GCvX{ebQ+)N?DK!V92_i8bv8o9cI1&4?)rTK1Q6wGzrNUluC<}5Hp_buAY
z_&NV`A2Qs*{zUuZ1C8*@?R4CFL#o~Wu5<jr3CV#PvR>Abm{JJXBS87JGP!)5@hW<a
z>3;5;=kZ@e`_=Ll(UdybF(iargs#6L+7PW$XOP78S44Zx^8oO2RAUgDb(aey5jXw|
zX)qg28hvh6V9gUa%^gp6kVipJYhm`?dIt>Lw}qt3G;zG4n@urDZ5=T7-=`g{2GS9j
z8m(!bn%yfI4nyf~XlL86{#xVDtIAXk-_~C3ns`yqW*VjCkKkvpX#rrb_nJ9S6m$5|
zi@N<CNR9YOfNqM%)C%5?qMNs-WsQekAGLvbk=x*lh&^u+6Y}}v9|(5%?*{xxXR$M+
zCaU{{|Ju_n&{_F+&J8ZmH6yCX+=8$mlGu&59Wl}B<(N=bX(ZpU2m%^!*<HpuIH8=~
zXrTmDDBrbn!F)RLal9^qu{UqtdgrAf1UlHj(ToQvf&T3PUcQmOd|uZ{)>TQqm1VW>
zmzGx@2I{8Y4FdiUp!ltfYh38Q4qReBUij|1|A(mGe~4anurGZf+I#thXb<gGN6_%)
ze~9k7TW4y-Ak^tDhe<}S{x3(YHffT$orBd);MBcF;9lt;T{X-SJs$44jXhIg0JUxb
z8_b*4zAml$TwNG|b0~vRH3*ntv)%%(!)4y)CBjDaYgKF+w1SlW_P1;;q<(c6$))le
z23pgbbT5yHTRVgWv$J(<sv3AFeoSfyeIq45&p*{ZR{mXLi~Z=5+(c-?4n#cJdtg07
zehw#R7M-3@BO^Z8AOp=G@)#e2K;Nf{vC()y4!ma4HNQQXx9@~b7_uk)+L!#v;q!fC
zgwQZ7dS8EfG&2~z&Kf5^F^*6Gm0W?;3$Eqgmw>wp#-v03pZrNjZgSkDXv~uO|EZr`
zcH`TXZkmfCsMjZ7dgr#FH+pdcnph)S{S|(B@-7<7*IHm54j;x&hQm%tY)+b#Lvd<K
zceU$x=~j;<zc*=pUXqXWX@O@vlX8S#(MMK=#dkk5@qJi)ZHKQmJhBSLru)sZC&$3b
zVFHMta0aGLW`1yBK#hAT=>~n&L79fG#!v^mk1&HFNF5-JY3tu53<Zhp`Poi0%~PrS
zE8Hl4T~N^+g<iQ&8!1V0>ILa>LDcQxM;5~NR!TW?TujDZ{s`hDBz4*_ek}2(f3xq>
z+-Z>v{?ptL>vjIV+Y-sM*?qN9bp8jYM_<BM@##E$1p3P&>^;9Mg8phFXxM(`KZ|JD
z$kvHPSkzyxlSDkR`_IKr+%y8(v%nUoa2A2C(0#@;{1g_gvk7sR#6-n%vn;T=AK`ZY
zj=pWNW@iM-J>y%z3`q$g#3pP}ob)+phZt@$SwyNNQrX38S)M_H_oZeg;{;u=5x63}
z-Lrdn;$inqhKW?OHcDvLIuQvy%z987YrlDjJVy^ekf(l!LZQq~7E{D=%0bZDw>SeB
z>d<ca=_qbs3ib+@=|^gCJBZ!r25@?@p|lit6k=d=kgw|L4Y(dEjeD~Yu4VHcjj_pV
zN6GO0TKw~n&_YklXiKu*`;;Q_X1a|^|HC3w=L-v_#dMz7T-{!!P6tp?45mfl0i{!!
z<Ts;IdG&L$pqymaBjo`_UCuLZpkHxI{YtgPKgTIFXS$5DE00*W+L8PnB+;i^4~B*t
zw1{V!p7=YIuxl(*AnLQ%b7j^zH{t)Zmc8A<e}0dO-rTL*_#=!9zwmL&X_GtYCk*S@
zWv5nUt+m?khTyd?^vLtM9<>qp6IBCx4!X3p;|}A6oQ}0cJxC^VX(s^kfQBQtYA4#1
zXVe?9uB)KKlY6Mt=tr@x%1GpK?HDt9_L;h$Tld5_MEiCoK;)xT^Gd1+XgFtXHQYtj
zKs#nZm7j)csdZiTO8&=Ezd_X3O*F&r^`?FvlKUm*zm|simWGKlzuln8PG=|P8E-6-
zOwMpPEU{zDZ=y{S>BRshhzg#S!Yoi@$C_WW0mw!c0ly3A3}(IPJNXdU1hclgaC8WL
z{T2K89w-h**^O7gF>Nbm%<1y*BfPx~n@ak?cp))8<g|=9Ukhiqh%j4ALC@gf|I4^_
zz5iug$m%kmuMRcLQFtsZqX0-kHq6#)voU1&&AmxyGl!jeK!D$h%i+I_%T?O~hjfPF
zV6@%F7c~dt%7RQWIuq)A+^NUJ#Qk0<uuR)41O@dFgM@I<fM;JwgJ<@~8BvaTR+0^N
zD_D={@A|@C0Kxs=(nDSbhB~8|R(&wq*P*NZmSB{9|FD*ZZqcRO0N9_(fvRBpDz(Db
z<gmp3re&Hysdyq&zRDYo!Ob{w-msb&t0ag@0Oy+e64y?tTYje^VhPINaY6vZbA*7z
z#YDw;ism7p_8G39s{tFFv#7$OsC(o|ziq)MwukF)Jl^ZDb2Z8|KwS4-wz#~Tr~2z!
zI3sUUB{@xe<Z`1{M((#DMBYKRzX-H<p{<Zqn0)!bFPpi70b`<gye(Ea>%To@B^E@%
ze~etx_Qx7P4Ew3)S<V(f8;K8}np@<0n<NTA5Mp7N&VJ-jc)fxnU^RX9%!U4!5{z2E
zQUb^TJBFHY3kbqj0AQj683=+x_zD2rf4{Ar=((7s?$+D!TTT9lwdiE6fqnqaas{M0
zkjiTA0k!!=EONE^Jm(+r@x`Hs!Y?Q;s##>MS{sm?Yt=9;^Eph$P1*4?Nzes@r`5vx
zeLFHjhrg2Z!DVJ2D4{?Krf$u<t6LZi+{jASNCo#ln5ZDKxH^4L(ac8|aOmc~2m+r`
zqnv&>qCi9KRZfK=D#9?xiGXNMi(#|_V9mhD;D;JEsqCp;HS$vGCsiJ$*HY5g>rPS!
zQu6i%S})Ll4w?5#+t5V~LOh>F%;#v^4@}E@NEAC^?ERjooi0UV|LsnH!a;wQi9PCR
zrd2$kSsT8>*>thxPxf2ShL!n-AOkI2jq^+zq45ne=!JPVYP6KFwK9BkBj1<?!1RR2
z?UOMAQ<k|iF(a6O+n8+<AWh|a$dUIiiMW7vj<fzwA5Ar0odCfxGsk~RIJC16kiKNz
z0m2>&y=Vrf@nT$Ju!UEemOp$3yQsJQp)WjDwD<^aRb3(c_0lZ;dTHjGgIW=?l(sdS
zja^IJ{R-M}>`Rg5y-MAkILCVc@OLNHX`bpedQ-RuQZxs489iE}2-po7oYFEqRW8dh
zMkz!YRILcPoSvznBw8DKp&cb&Sc&e4|NO(EK?WP$>`heWlT{3lns{>dx8$j{y_jYD
z3!f%Fopwpw=@^Eb<fq%aBVq?pMI;^OtNQl*5xnU21aho}ME#$1Vd?=?I^>x*5D5GZ
z?5{@DzPLb517S_ejdYmwODLAG+P}fYYFn^(u(swgu&NXI^}^SF)3yBD#t}=G<o9$h
zn8=uyaZ}KtvT5uE$Ue*7{BQW4bx+-@lP1Eq6rXP10hp+-cc&}4s`p>CPUdJuBUEcg
zxf_cKiN4UsipytI-~9$a{W<h75_89lPOL!C6`YdW94Yjti<}$`8~i40PdL95feazv
z3eGt}h}v!7&oD=f4xLL&IzuT?aY7Vy?FoU_#Rq6{h7*d{K+=?Ez~Z|T&ON_yymk3t
zpdG0AO+O^Mwop7YqIfl}_Dv8eCtm~s4oh35U@UIh=6`iuS|v~;LU{_wlE%ssLA4dj
z%3IrdIXN*z`NiqcnB0S9n5~+<AJt0x{qq=fq{<uw6Ww{nrQ|v;Q8LhjoI)!aB%db4
z!1=jAB3oI@qf?+mGvuv;DFx#D#CSuM*_-{iRKg4`7M)8aTi-Z|oOxaw{#pITo0=;<
z?orl?S<r@A8xDLfgJR+IarsdjIv}9Dl5HDWWo+lfwM$jghrUi0NPSMTM|;}DiH+Fu
zNm&>B>>e<0M9SznB#JDfd*qjf2Z18)CekLKy$CZg=tAt@{QhxzFWmlHWM;H?$Q;*z
zx{7E~BRB}p_v`W%^N}Hf;2X`v(;3eHtK*Z5N)P}<+0fpDZxt+3H^@dRa?JD(i1cft
zP4;yoT!)V<OJj~~N2gJ+jSlxCVi}{315E(Kj$W!3T?Wfu?k?ZnevDg4(rAk1PC2s?
zd<?}PXnQg;l`&urraPF29B6=Zj=>s6be$JY-6Kjc(`4IRafufky=A$Qw7Q^}RMw_T
zTmwi3cP=*|o8P~a)I{p6bjPjym%}~(d(VuXro;8*etq*Lp>$%7o(hxI{FlSyR;p&w
zBt!ccPS*;Cjauwh=S*v#>bg(;bi=)HMCITMf1d?5ZbOBd;%4J;3{!nA&;<m-%QK}}
z1e8#(yiqsVI4t5i&~shZ>bc;9^nk*>l#aa|73;f^+}R9k{EnT;CHWzTfr1TlNu(bV
z<CF~zJ(+b7O%-s@5HAR@Q38}JA=KkSpkdenc1L6xKStm0UlO9q{-GiZW1E`mfcB}r
zbVa3v<x811DP5BaN_q6&(QR;SL5C$V@wO3Zk)`_8`WzQ3%DWt)I;FkIY60XjqGH}I
zL^WKjCfyR7yGj-?Q2%ua1dq;f@~j*`mO=g#U+r_$qaX)mB!Hv4UP0#{9@fG?o&-zW
zbpTH`$H`8uhOYP?Uhb5`CI^o;%VZQSVP_A_m7%>Nu=Sg)BDx5}=HZo^v7(a7vl5y_
zoX60G1q}tY4gdN!PR#Rn0N`kT^Vj!x>!M~uEM@%$^K$|ww5US&hB67?{z`-q+?%gr
zrcg_5K5x;?G_2d{ZOOrWL;0lJ<8)OMiix?d)_5Sr1L!YItvwiy@WWppmLjv@%$b1|
z57gRXqMGFqAd=xCsg+)Yp&V92Q{Cm27Qh<ytb!{SI&utO8T}&4fdrLQI2|*`Wsx)M
zll5gI1qU$U%e|=|0(fRrq=G^}tmJWCpM>#3yCEWlkR6VMj0--nrw*B1xW2r~AKS&R
z5pk?peYDMD%QQcYyYF|H;Yc5{v#?~v+26f~m`nph1`s27i-M&cVLcrEZ#=Dm*6j_s
zSz!=HH@#XqpT&Q<0W7SVkJCss)9y~M*TW?$&RnTO#P4j_h`YZbI}(v=K0qOr`}=1I
z`7k>`-+mKco%Wnrk1bIwBEpJy!dWGc(YU-UCC{C>-fL8SaTw9Ys+Y*R#oH&1(5?ln
z_{$xXWVOqhwda)(`InqrZ)bHooe_vP_D4PDOs3bjsW33o0GYzbhRH8J0iyURyAJIk
z0DwbnNixnCU_4R9Ta?V??lJaVtHutI(ETRWUCN$;W1k-FHJlNi1!<M##ksHEu|Dag
zZh!w&QVx7v|H}b{$krhJmI2jolLDu_=F9E-1X>|Ihskt=zMkx`oO(a<v?5>DQ#65c
zvO)!z;S6k`P{+wDkEP%0?WfLTaGl4^;RIG2?lzL`%R7OO<H3<lbGP`jaF@I4fLOp|
zGw-`XdExT#r{{`=IcV1<Q~<B1ZjeRpr8ebrEN;~!u5aP%hvcUpM0pxc)S7#``WxdY
zyiME-xycU`58@G5WZB+Xg`OVKViy3R<FKV=$z2pUnriu+J90lA;HY@<HQ^Pg_$7mP
zWP^;1{5woy=w8C!L2erazLNMNQ?Tui_8bixxCZP8(LZM^e-PHSj@WaJB6+KOg(B9U
zjWmeg*X`82yt?3H*BIYs=*?M9cX{a$vs8{zHNXHPP{ZU)iBDsnR;J+E-*xuttN;EK
z`t&FRry5qW-IonL_gD6P=uXO~j&?dzGW-YmSWa^jFXS%6#YBrZ${urbqBkwkRz+i8
znkxD=Yxf!@Du1fC&IHMQg!=`h@2Ea3!1fn|K7Hw4(yDa0Gfuj^iXbmNuFHGwBDa1D
zQ8n2i)6x}eoh`4T+j49$F)am5PZaz1D?SebUIil&f+t5m{9Gp@IxaXD@M4_~`N!uT
zVU2kpA}U^UaXPD3lznz{kmdIJkW_pv2Bx7+&>*>gsdedC%J;C6Bza|iA0rcc9^sS~
z)UfUyfvP_Dvi~etVG|PRMyqFYD6v1?!)v*c&p1(?^%o|7(fCuZT-7XOOX0j4g>EYg
zSOw)O=a0o6+Z5&S{|bXM8V}OAN)<c783AMohpVAJnZH&|4a1ovdsegTndZr*V>t2p
z+alcy&4$F2@xnbvmopC|K^HYB+CJ_Qc$a6|Twz1%)Ey_P7QeGJB@=}dFYn-iMR<U~
z$BJXXvYw1me&XL%dm%%|e#@;bCO>=tCI+Dh)YrXyfAKP0U6ExX=~*N(JM9HAIpk}3
za8!oZseNRu&I=cXPO;ZzF`oS^Cw&Bc7)b@gvLyD{GmHJ^srWs*OQA;ETU7OOY2CML
z%{tvH#qFe>*@koSrI!0AGEe1&|N4WyNJk<r9{XjKpVTu_F&^R`uJqGQ5a|9Wu&p1V
zN@wA;tXbYxr%CduW#|&3=4u^e++gu=FJU@6pJCom69i^{<jPZuv@X%L#18%JR3+Di
zK3sLMLDAU)Rpr+6=jiC(sv?h*S3>==#Sug&+Mr~Mz+b@n?*wmus~_CT{?Rk4pZsio
zIwkwPmBs3k@E&gaTmblRtyM2NP?pBOz~*#e?YORZdbC<Wp@)1L?H9D1?p38;aV%f3
zJuvWX>D9bLT$jG#kG;n2p^nF5A(L&nee%?am-DJ^;|WjIiV=NtRP%NP*nafaXx-9A
z*KqFoc*?&9nBP*n-f=!1!H*31rAN72i<VWP4Z#|&;M1U9EtUwDHEWmi0L@g&qbgKH
zCMkJBe+LS`VZUpS=&sUA_3<J;Zm(+>qII3(y)j}^alo9_<IA~ETXGBh2UZ{xwNE6X
zCB?rWV_?>Lp?LeNqYBI|uOjR`dE1sPBk00tw)owvJJV3M^&b}0W8oD8Xr9a8&v07@
zAH`p`_V+(FGJ;h<F4`I_f!2}etD37PIpa|jvC%-?WdY>Kf-3p2z72Di+QX9RRm;{;
z8p4%^?Hgz2<C}##<|hsl?wUVd1>MS4_l-IQ<x3g1RXSzO<Co}DRc$)*l^RN2@JEkA
z$U^it!Yyf?S@Oagy;oU|U5sj!%HH6<6U6v>3hHb-@eFMI`k?vufK_7i>H8B5yGE}%
z^L<bNfzKPYIqMt!0Jn>C?2Nl%EBML3jSOsga{-B8cpmX4S>by%Sf4lrPqbO^fv2j$
zJefO_ebvH`3#iQo6jvLtrIoe6WctBdGJ~;F-r?UR1m}AjpltfbyP*B7jQeOa2dSFs
zi&^@%%oN+acYDer0A?waj*Z|TF?YIV%IKk^M7Wg9Aurs>oRXiyTwP&(MsYX8K6cZj
zpX8a}4<xxuGRGuv6I(u>M6hWemSTSrqx^~DNoZJ2qT3tySbQE%*70eUrqpqy^bp+2
zW&e8sz-Sm3BluN6m@w`nLE$Nm!`D%rC{I;+#ZV(iS934e0%L44Acxt#lg+Z6ciZn0
zQ!KnD$%6y%=H=IEE!9u*+h`-cO1$pym~)Gg%ArqVedkh`WY>c(L<}MedZ(YXVi%vA
zR$cj3$ALJOQq=kP%M#H$GxhBp?N=!$RMXk014MD7s#%H4Fbm=ee)~LN+l@P~GBK-M
z=_GVO=rWE55Os=|OuxNb)A|gGgwDaQ%E_^+Xo2>x00m*VlEWffeIyGD5g?>NZ~dL0
zT-#Vb+nwNgx*J4mu8cV;huC}%Pr>0}3_o1+Wcs*EwcK}Q4ui}6&e|ONDH~?`HExIy
zrn?T39Wd?O{*%E%NTqmh0139eGS?JR-=2Nr+>R3qn6hvz^BenBS4g+aSQjVi13Qi<
zZZft<DjN%3NJ2P_f&4>wxCatmRo`!^i>?QjAPSN3n=I2e3vdCmP4uWJCo~RDq4uBJ
z?^3>#e)Q8I{a_5^VGj6$3vtjB%v)h_&jiYW5K&Jt9xj31-wgUoC#m!2(mYs4upACP
z*~&dufb#m$u_~^WM%0N|q%iP?wbSm+!^hWE-*dDD@f8>dFV>VTaLh$*VFLJ*DzB=w
zLdC9wLBi3igYQVoy^tm!{>iJiaL%l|oS#qNLy1BH{g_D;hAN5u^{9u96c;(89wx?T
zwB1SXXpXUQpV~3`mpOC>w*%sX-6&WfCPb3Z0Oe}poO9BmjyD$A?k*oHi2H?_2T?rg
z)tClHiqj9r{+7unI|94>8<(6-drw^~j?Igc_vRUn6Tvk$ITb`!Lh|G0xdWmU$mqYh
z3plv^NWGJ9y;*ND5)Lt+8pvk(&IeG?oayIpI5~aCXk6t@K9~)*RCM0{4USetmr^Re
z0Ehtiu;4EEZ?%?}Xupzm))n0Slt#o&hZ@$4x?%T|$t-{G((9nC>4}rA>0C+VAJGTx
zIF)S|Y|3C|g+4myuB)7bM9I_wB#OGQLvfe*ffVw)LhqQ_e=Fmg)Lhk4Yzn+!@J1z9
zkWC@{=Zk5=H|&V(C~L?rbsJ5a@s^s!fHvcDFsw?)o)8JQwk??8_r%KV;Dc)~CKxqp
zV!F>gLu~V<Ltj+V=lCkNVFb}Z*ZV^Olm{OI+}Ev8WqU-ccFSD(GK)pmf;F3ybB!w2
zO7=;+8jjWeylV{?F3rT$JTexVkQuSa+6j}Gn6tAkfBTMw-dN!gUf4|J@0!gC0FUgF
zf`r?BHNo%b2y~8nh5VEwcf>6>Fu6T>(tF5(BN==WI9*2)-?TN|-S^0ziSXo<VkId*
zh#bFnub16{m6}YLPt*^FtbXBW+Ne&J{dnVZn{WMfvL2~1TVc*TZ02s?_NboWD;*qV
z{u-WdVX0k<&9;$6*<EqJtK6gP0z~9XJjX6Mh;YWwFz6<S!u`m&KYax8i^!>P0`%_;
znIoR4baSYv$m`%xPGY+0;0qV^sg1IsorY%qqKr$qWWg7=kZ)6iG0%WBdCVP2D0*B5
z%;+vSmz?Ru&V@1V-eY{JCfWJA+tzU*HO$iuiqvn4MytDQe?VHT7N^XcfDIp~!P{`k
z$3&W&T?X3UFFuXWI`_njo{nDVFqd(%7l+m-%4~0RAUei$*t*?XjW|+wFOjoHY{sGl
z>DS_^H9WR=Py-4z>vLiER`T|4C-hsT`4tu|_8jTHJZEgjNGEKM!cs>I;{ya3Ruq|9
zK7cl(jFt^XaG8E0ypi%BAUe>E;%>_Ur-H&SK>VVX$)1@YHS7rW<b(sRrW02CXQ#Dg
zXK|`4qx#`*Srr2$gR)zhK8mmK+2z%=UJ{ztpcAJxO#RBnSZ7lZqp{g9QKh!6BNx8)
zKHkUhI@nL0U1vRM!MBa5S(`h$*yO<YMEg(JiAu)!yHI?w$P3gEFesb88kYcODs-dx
z%lcGjo<K%bua(W|*brofkPb`UQTo@JSo)pv+-y_udv;Fb#HP-o60udf(s&7<I=sOL
z`{gxmmEsg$=lB^>;4g=XVVCJk_gVwBM)2*b)3Qw`&tRICC>!jBHd?W8<z$tR<4ru9
zvnHLU6*lOwe0}>8pq?h(N^5Uk&jWe9qF>Q6QQdaXBauQtKg+O|9(hH5aCKZg=TzB*
zKuZ7TLHPr{_p#LdRjR4P&NP%M+i6YR=0kb($fhtKPwxkN1T#zSwXhzA=74M9HiNJD
z;;S8*AVTvPb^Ynj@f)r_*s+@YYer;hB{u?Zg`>ehxF-V*0P5bR*QCEYjd|^T7(#;y
zCh!tf$*%yW9ec!tfpB+xZSZ)I$$E)H)%C&LBYewMrjDO{8w=?pwqXA~GisX@IgcY&
zjCWe?A-|Oo|Mbpy^bXY4Wy-+r<AYkbL(`)|0wsgYeQ|;Q&~0+-w=24pu+S?xg`ZnG
zq?iHB4yYm>umdC(-&tOP{Gl}t!c}jOqxoIy_}s{VATr5?k@f!PASX8t6(Q6mkafcW
zOx6|@rf{K=_^9N^ki6zO{q=pK>Y60^R@grA18p}H;V=UZ8Q;tCUP~mNNiSG`oDvhc
zXw+WRfbdIguG0S2dY{yJLDD(Rl=n~X9P*X@I?azsU>%Avb%1mvFO^Gb6!ZvL@C1fT
z=xuexdQ0ZYY9?@emJ`FV&3f8|mVP6`Dk7_Ng_Gyq?i7-!y(WKE`#+I|R3Iv<@HchL
zK&q~nnxZ`dZkF9YAtc1qz*{rvWDQe4_P4Bgdn)ZToj;3mhZ#}|@=I{}hJ}{DgFWgs
zq8lfG=Zf15-X2H!oHvZL{`e1v`^O1I{9-h~z_&Xxu8lta^<DuMn#9VJj>Ym*W=xAl
z_4mc6&^O51{SOP1YjF#3eKA@z)EHfC{G*%rT`d8_x>Z__^@x9O>q6LWC+spAU07!j
z-y4c+(H1#*s7Md85J*y~5r@*GMt-%2^Ot4-qU(5zgjf-qP}B!E#-J(_;FpoPyckEK
zN_G*{``-$K@Sj0MyZE%4r-JbM;TD;N$cNE-ZG;NhLSv5{Hs3;pbwW2fycu05rxVa_
zj;36OlAd9mOb*&}k*}G>EpwCh{&@)&_OIhw7Z2lw++(+oiqhB-i?mCmEQh@>PhgM$
zB`lfWu}EWRy?`-W1_qYkD+j$e0<Rv83e8)M!ojX9`2(m9Ov1-0-A||Ew`9`#{Q{%1
z;U)wLtc9!KcuRK2vMl3wy_Ron5j$bb?AYJU=7RC#BNCCsqrx+4ZQgz#4v7}p(b9Z1
zKPI5d{M5j_WzYQ0bG<19k&+cF<guR%IF;3Xu+*^g+$%Kjc(hIEU0`ibI@Sgy<^^e5
z!R6=2VBCN7R=V97T(nuj;V>iK%%R0darVNDkRkL<zKC-6BN@AginUxS5-IV~VOueR
zk=??=oNhXTo4>>8u?)@F)OH{HKZG?Ie{C(e^w_aifwMUD?yLzI8FYHU{r7tSXfmir
zG`wuIZqj&FTJc!zB#IaW)HiqW*S#(G*29j?xP{9G10{Ot5-}zY5X;gIeS!nuHp@-L
zMwjy<;Na7&)BqziNH0r}UkO74jXQH&1p$Y3lL)cI4D<eaYswo!ZG`NANkDW;Zrk`8
z`Pv;*C*KJUUH=PI;LlZiWUB$74_<@KZUGg^%v-E(o`<$7a^9<J1CQ-AjK<R>LNqak
zm(KY+;dhgw;F35MvES-%%!z6@NQ#x6CxnH`I!_N0^>pP`ut;hF#qFGBBt<bIm&{@d
zsoAF?G&SjT{m{pXJ-VRyhVpU4tSBc=e_F%GEu*^N+J<*p(c%P{c2u>19|iJ8(FPTB
zN17c?DYT&`qetiGjACZI+Q=yP@65%Lpwf%woHuSX6Y{9^q2k_iN~I2D2{97mxwLbg
zF4<<|gIw$kXWSpD^%*g#&X2Hlb1u!-a)T=Oo4TQd7{)&tY?4HeO64ahqQ5qO5<EN}
z50RS?l{_(q*u%{fjl}x{t+N<EH2xBeqx+|pN+VC4R(8ga#BT&`zWo*`kwo1hjVVQa
zxOMgu#%=&(-mcRH8bTbRB35&9_T#bX{{gMkyiuj4Ltso+Wy)A<s<cvk{!0;m<Bu#o
zH)f;wSbElz#XM$9F<R(uHL;ZwjE7j54u-qh_2Y)k?k3DqXT#S3))=a_+bi>4%svrL
z3)YwPeF3vDxTzymKA&+sMCv$+?Mari-RMbFET;?vYFzQK5bb{cA?^;o+dmqrMv>nt
z&rDN?qYc}`hx%<UG2xvBHPdsv=_WNgHdwvyAffkpHCeFCiRhC=9HxJ|{}kXo*;8mA
z3kbX{iom4<DLyFxBJs5QgU3wF1VV0dP-LS1H9$=>;T(#9)Scw69WR}bx=WDyYZW-M
zf%iQ|o8rJ_v$_~F{d8BV!9BkV_myPBb~5Bk-t8r%pg>8zN8H`;@HF-~3DT%quq=Vz
zkVTr2MZGm{6p6oc)mFnJoRL6ZgqGMS{dca~vOlO{W7d)ku;!9tkMJb3DBqW??cn_g
zNXYAvk+UY3_7Y6MecbGFmN#WUVmXH7%_r_)mN;%H3NhX+m`6JrzMkLXSAN6oy8dK0
zg<V>Nd+MO76pVLwTr8`sS!$ZuAT)fg#CwWNO!UaeLo;DCv8^oWj7nb&@6rD$tV&jO
zqY80)jJJIQM5mU7QC=uX<8~3-;#Sd^GqV_0YdzyEXg8>BaFm9xagOC;hgsC78dx_X
z?)S2desk6!bM_0bhRww-gC&rFZ&8#tTC~|;R8hG4rKlfXN63NgOCzyJMS(Z<PkGOt
z1)~<ejqeYx<+NMX22-k&j$`p@2|kzVFF0G5uKsaiz}|EwWj7ydF97L#73btIJV&#k
z=R)0XZX{NY6MjCK!=l(k0D?uLFO`g%MgP!>wky|S#<}q}M-9Qy1RNL3xC{*{S7zJ^
zlnFJeByHhTfY&81cyTri{Ay1b7ETH#pXcUo?IkXug6(SY09~#k^)C(mR<-m|Mr{dq
z+OjBep!X6*3VBza0fa3SydmX|!&90iIF05zgX->&scIIB*H5zXe91#sx|+wSYHk~W
zd-3sAaS@cRgWL0=sg;ZhWGq8L!<?LL{qM#w3o=`N{9RpLZ?7ehw_?IJu)`fjLv;uH
z!NL(+8Jm>(dBj%@{}dd|3QjbewfpJ@W?AgsfF-JzUPD{=hJ+R=Kjj3$;*MleeA0)2
z&WR_j6q<!#vdda@Tbd1Tp&#rxwm-n#haPe_e!50?L2<x3e+}ZWD;r?OfW{u<iidI(
z^;xxmpp?h_UKY3PS~+UseIB$lx0H33*C{uL*cxId-arvDPuH+n7^BPWH~^WVKD8Ls
z0DR-Cz9(;y)noYOlcQMl>9ef-V>p&-Q53QoM2lm<J|}B#mJ({$A6HJ7<Hkiav5v2r
zq@DAuhs=<7p>lT|Z^2sA84%?O+cvqVw-=$>4rUd#h_8x%r)@T&6+-Sx=u}ivsBJQZ
zo9VYDL2e0==-9I63}eLRT;H?><?v}p2U-F+pcRiOB-SfLTasl*ejMC$3_0fU+T1gV
zp9t6-#`2;wYu;8WM~FBRhV#QGQZAR@1ePDoiI+f`YT>cz2HjWw4P#PD^zO78GVO~=
zJ>fSIc8?c#*V@Y!nn$APrcE@H2_yyGJsQMClC7PHJP08}N$-OAu|{E5hq9M32>h0+
zgF$lE2fKye=l_YV&SP^A&lnNK%ZXHkU^tApsogykF3Xu88pD2P++@iXOWz7Y8nSlc
z5$evEA6d6gqN=HeeL4SVab`!X7<To$Y?%T(*M6_$%A|KGr4Pq2e089EnhaD-cqw%t
zsCahN28=N_K0ir{;07jBhNh^m6DW+Oxk>m%t=}&@jZfw{jd%(_uXE5Be<t+JDp5sC
z!V~}?H9C!UsTWmqJYB4UzCF|QswgP?C`LZ*{9#COZdaKWblzFMFe`*L_ZMkEm^_P^
z*t@LNIQuvM^y9A1)mTjxMLWKel!tjXW<~=Z2HXu^k1W)Q5y@Rq50Q^68em-qabbu4
zBKK^&clM!gy<y2hBJm_AwhSQ<sAW&z6`Fj*-3N0hFU4fqBccXT!{`+kzcH76u$s)D
z?FcvI$+hXMj8XUvN+$}Bou&>Ton!OwAN~SmR|}@HKR|=HtshV>10~}#1i*iV7d=*N
zwR_g)S!oR9F|#^p2~iqp1DH3$WFokQ=rNM<t1Mi>xfyQ?FRs_%DGZj^BzwXndWsQn
z%yG(Z4|sU}u{Cg(8;C|Gd(K&M?hy!c<r*1(Yq!@+hBVVB<`KHbJNma@xlA4=3nt5v
zpv#v2ZVRhv>3nf+KRGt!$vB-aYnYvD!f)ETt5Syc<gmSfsa+%wpt%bRT)7xmL)81S
z#;hW|fY@mp&FxQq=03(TWP|;eA%wHG{_UA+Lo?JeV>Et`ZcX&PA-hCdb|3qgjO6{O
zlDkMhjjlY<`b)a&6DdaSHFBV8FMHttfL;GlPLo>=Y{_(InLi(scFo`d%UL9@vx26S
z>+dN~wz?<e&MxEx+QqxGWX0C|<=4X+JTrCXA(gr#o<Z7=qgMkLPGx6(YZM^c3b%Tg
zaEScJS{JPE+TZ(R71(R*##)zgn>U`hA`a2fd?G?r=&r$AuuV@7eYb};IuO_GR@#r<
z$~5ldph#UObUgc9s#?$Sqbzunyrx+5bgooNIHW98pEzIveWN_SjWO$ak83i@f^mkG
z_(Ll%3!JV|-1(tDvN8|-3DLM8@lNhbavd$d_8YF7mKu?y^^6dCi5=b9Z5;NNtrok@
z-$LdyHQu6a5|(2GW1*S~;x9<He4_i0XmJ=sq+4rMc&F?ZDsh&YG)`pK&BO#H!j$&r
zQ0~a@lmD~=CF5=Ck2^J9B}=1JQ+wUy*>Prjzcv({VoQhDe%xG|6m7yEruh(NNov4y
z6iJvW+vvaJ!d8hTL^I_`ST#pq{W3_k);(`481L!>Q>3KqY#j_6T}Md6*c*(!*bsP8
z=bx*~NXoW%A<{b0vBs88fA<<W>NJbT&T~IF`+M64NO^Zc`9TX>6vqs?uG=)dc+&cJ
zY)wZJ6zxL1-LFJ`>bdP-+}&<5R*dTz=ly`p{a9(ph#b=OhcB{Y@auSSCDMGGzwM~t
zhEE|^*yOU{NvX*AD<=qHOl@~WoenyKB(c52ZoVpi9X8>FIR72?%pj2z36)lT7;OE+
z%b;Wdu>4Z3oO6b8f6&UXuYQ%55*Z^h6QL28myS;67K%)@anta}lvR&Wo%|*om^bkz
zovD`{Ig@bJ@$0RfaxZ*+u#6y3DzP3mLajE&)!$RATpX!ojg3l&Rxm-T4&FC0iyE^b
z<_s2jcJLZuN<vv7UJ1x#(}ol9L%<2sg&>T9)0z9a3gmWQ)->){rbPZ4J!vi7i`(n_
z0T%v&`nhZtXFhX6g0^f({zcBtL6H|<IRY+r)p#B)N-jdv3zx}->rXnK&6cpK<TdZL
zir%5#=<B6go0pF456Wf)mj>OMhg;^oOM&;>xk8K#jvf!xuM16~nEPL67!vCJ@-w6X
z@1FFeV)#!1H*Gr_I}$%^-Jm)xi4B@AtoZRttB$E9jmGa>EBhD0OAoorN1QK=no!|r
zaeV4#BmayK^Q8*UC3+0JZw5a1vvM0|M%R&yUEFwdoG+etb!-ODHl01YPfC4_5}*jM
z<5N~i{VEe(an(F<Bbr=mTn@<Xc_g}kA8Zw`d|s^6s>oZr8GEhoQrn0*b|?_|It4g}
z+=b+~3#4}nDF+I!KKvT0jEHy3wF=grMC{X9@>7ZyQ8lwQ!sCrcbrKHKFN>lEY&Ub*
z+TcfU(VHr4E(UmgTE&p)-MLiP>X{BHaV|LrJK3Z?`B2<eyuQmklPrAO=XUA9Q4)Jd
z8Vh~~3|nT#Jcgzen@s-&vGZ!PR$7_$23;Q~eEgGOG)>>_QZG|k1Dm3j%3Ydmfi0U3
zBUi;p)>YHvP!ddta5MI|i|6)AFcqWX1*-zXiC2SPnI(ARfxIW!3UOYtQ-WFj;HzQP
z`1C$(@Omgz(w;B0Svl~`VFAlPn>vTaJDQ@!eZ#qczZV1<Z+{7=%b*79wm3>`wJ=eJ
z=bZ|K4{y+z?3y`15!EFyJjmM=@Xe<1;?t2{ayt-hph1s?!2d3O0S2>}Jv9-<&78vo
zTcP=?AFujMUP0>q#fZye>>Anu&4L6)6N>pq2M29=WWLu78(vl?)@d{FkK8Y&^}&Gw
z>NaG5O0DyI4O68^tdy)pCMneXyA_vnb`H`n-*=an>%E7)zb%m&8%GMf-L3!ITdA(J
z7b}?k@qR=15RB2u)y4gKczS=l#n=M>cy-JDWQ(7!*8B(~pEX<LklfNn5G-62i=XDw
z237A|sa&vJiX3*1<pcb=zdH-sgcq}C5O%Q5!on~aUkMwavHeGo!k_YOVz&BjXWS7P
z>22KfN!5lJy*a=PNs4?2!i%hAcD9~6t+klF5h_&3;*lOZE-wpGv}Uc!6}k$mvUPKq
zf#kDB{<812eK(coy;_yW#w}FR5m~^Go4*qx$4!{OJ(;k=B>`}p^JP978moW3l}ykK
zy_JPx5l1>!b@L@4K}<y8cSn_=@avyA>Ca+!wD1Mjo~_2oGVra{jHQYX;KuM!-^Q3d
z-G}Ls-Q+id%R41}S*nd0OY+8~tunPFkU7=Tso}J=PMw*H-lDb;SoM+5*{svDio{J!
z#;w!yrE%UaodE_30=0fnJ(EXV6(0Y%OzZIN;#R<Ix8Dp)O?!<QLF2LdLu-S!ONJb^
zOAgB$shBcL0$%{tXJ+!A@U@Nkx4Z`q3g&Eiq5qiku*+36KmJvcS?&fB!VGz>&Q4@Y
zxIXtH<r9h%W#kiHE=SPAY~^w~qt>%Ahs0ntEYc?~DF`qEjV#$5gVBmUo6+Uh^jk4|
zN)#P*?q&EQ@ZO<5*R!sZ0o0_D8cc}a)wdCUkwQW8LRw~6v2+^MPr>90vFDFtza546
z{a9=vJp<u;6v+)2A-eaUILIdy$|A9<HFR;i{QweR;7xJ2VNg3(mc6f5M)?>r&4G#G
zFe#QO{5No-b7q<Zjq4(0a+W_Rys*M1C9YqmWE|b;^F<uo)UKUj`mVRBAPsUX7MadT
ztU+U4Amc3Y*t$ev*-X6b#EeqQ&3PIj`s7cpsdGlyxI_GtQC9wkaqm{JZu!@_?uORE
zjbcq(b7oh(dplg+({h-(SO`uDRxC@^2b~dJdJXs%JMJGR@*p%XWWSc4>uzJfM_UX6
zySZi*H8K{g)1;|Mv^;=^GrW|1CDf4Wi9PZ|IAvo8X5IebWI)HdCR<R|TE;le@&rfC
zw=D!=Uql*t^LPUaj+&%t6+B7pGC0l@kYuTrIPH=!giCU3SU7u7*M=-i^?9B{{%ULM
ziUo=lTCIFkz@*PpbD2`4kI&Bj-Nf39St@Y|j7Jcb&E@msPxtOdhS#5rZba2cN@KeS
zX@z`D;`Qg3I&}3~oD>F&@4479*j<hu-yiB;P!&rritSUYv178pWb;hQ2P?k7J+IY+
zcWO?ls3;&F+;6jBTNXEZO&<Nc+wy*i;Rm{0E_UUN^Tx1JPy+-Wxk;<YX(?2#uMmyV
z<R&e>l5I1-x;G7j1R<}4LYrUxpBsEN?8l@3GIfCSpk`I}8Dgt!VE#i-b&w0t7hqZ;
z%+hLzU?F|t9;Am^WDoa1PTzs_naJqJFDA)OY_~wrPoZBE{OqMbc-xuAg0-Tg=>|G^
z-Z^hR=UnNIA{lG6w6TkLdD8OBPUq1l!e?Ok%?!e>Eh7JZ-s~!IFl*I0ev^A|vEPmo
z(#*N1oqgckt@Lu{$yx`)Sz!!$TLiG8@BZA`wtSkK7}*4HW**?Jfn#(heZ1{;&VM9C
ziBY(>Xxfj_t}f2Yj8dA$1DgXk7C>VC9S{1pa!n`0XS{^4UT!KG<Qi5D>d;5j`@2Qv
zI6wi%S{AU_|52tVK7Z@v=<ONAK!7<4`HA>{Y@JhZr$Lv8W7{?-wrx*r+cy45Cbn(c
zwmGqF+ni+c)z)5Y?cSZL_qMCw?$gijIg*^9h!e0;MqyPu1>0rn7p~n}gWm#2<))a{
zyEcYfATszknlR*L>wLA7>lYS8G_5X-4}!-bIz7vxS1V4OPb)a6Pd_ff5nd|tcRU%L
z3^ws+HgOC6%Lny=0y{;*RhegkE{;MCu(9v&F9s>B7-z~o+GHhaEz5*K_qH(II8wO9
z7%P>}k2#)#-vUy)wR`)bip0Ibzn@jdDAVw%Onfvx8M!o%!8Hc{L#k~!2u^=``AUtX
zVXO`|qPWMw+m{;Q<Iw`5myAfxA+gQ5(4>osBw0Bv=cRHp+Gb+RIe8?&o^W6b*%9ex
zBsi#kg$4LHg^J++T&mV1(vps-!H%(5BFu51$m=r<{lRrHh1asdX^A?=#sZCS*uXIg
zq*PSzETXb^2d4eQPYM^U4ApGnG6!D5k~Fm3WXr?JM2VnFxETQtq=xiQKRjBa9sThH
z__9%W+oTrS@cTK2Nm(5BEe)f1{VJmtEtoH@b%;3Qy(b!xu1wz5EjpW>s8moyA3XF@
zu;|Zl6hAq5VxXmAcv^NsY4J<Dc#4t%_XMBm8_YaA?d1X62wSUMJM>!3y`di=lC>%W
zm0UgEggos--a9~PqaSgd@v-=9|4ail4IebR87;a+hxjB1TtHF4oM^`?I`2LvSyXIO
zpj7!hZ--3wEOCR&1|@Mql`t0S`}GfIWM9vbX)sw=mjB4v<Wa7Y{NFg#Ri$65v&6qW
z6)?f$<-v!CT0H;wk<9A3tm;xkuTDQBoFIP#-H#4`j;8~7(*GK$=Nw#|Ek1#G&;ZrB
zi*BESF7Jf%LQw+LRPxgrA_E*sPo2_Q5JQ-`e7_GOc8!*58?Mu7<HhzfkLuQyfNEDK
z7G6=kwU;qHPKxX>CtmD>Co+VE)(}x6?7a49yZ0+qBHQ`ve?QHj9lv3jF)^$;>8v!J
znE*xN0g3>P;1!9c47Wo$HB&KZPL;2km6;CeLj!wJdi~D^jCi86d?NBE%~~%21^As&
z<}&q?L?Eswc<Q3leA$_!@1>)+V|an0nibL#619eoU|4?ks9Je}>{1qJ8Z<Z9$sgIS
zq-Sp#jX2wqY8w=w)GtOg$@yDnY+)F~yvYmKjRbJ`PY^31?>nH5^b#I&VCtqxVB}$C
z&!H$y3n7Tq4uKoaOz>~bsAL(EsYBxZW2~4^+h<heC;F1=`Wp;tVL-u?_477O<Y!9H
zQ>b>i2jR}U>5;-cTBaJReu=tvyEBdIki{mmiLhZyz`LPzKb;D>=F^Ie+*$Iz?f5C>
z%mqNBr-Ua`4x_1-ZzT&p#W9sO&18PP=N#gEOMelY!YoOLy3>F%Pz>7sjo3SKRZ66m
zeW5N9ibcxu519{7F(_V9$2xeeP3nPuxyY!;l4-mKUyb*xy1cBp#}lF%oOlW;Q01YR
zfPU?UP%T>m@Mj<K?GwtOL=30Cf+VFilNiAGU1GHgE{ZbzDyTuhAa7z#h8~%qNHM2p
z;DC>QI)fWj$k*i%i9CrD+N9#06rhxjh0tUN0$+_)CdeF|(EG5nSlLXFOKoqEX5-GU
zc#O%j^G`z7U@|$4_!cEHKZo~1lpSH&vR>{;Rnq(}ISb<}aJ?OZ6+4p|u0}VItOUSH
zk>mk8wPvar^mNp661(SbT>~7s{Ah&<VN-7cRbBIks|EsMLCBjm?sU@)IZ8|(I!I6$
zi>ZjI+1zjQz7Ota^(QLr%1arn?!1C)+2>`Rwis)?nkTV@$MA;CJeC7LAPBJg$7);>
z7;;SpAq(jwgU5M0=eb4WSLQSr2Lr%-cxl(trq8ot|5n05&dio%@As`~8>056=nO|4
zAlC+F3{Mef`!$<3dFghmR;oXl8LuvW45pN~a$gB;ox+7a(YH3#JSEQ>q3T`jJ{wJQ
zjri1m;=b2n!@_@_(@lQiVABN9DC+?K3$t<CnELhgp&S>c9nsE*mP#qJNCenGFPyc2
z1sTUY#ZLMvSt~Q|3SZUCTP}BJ(QB@ps#1Saiv?6fOp{yG+y`%ARkyTUN$A19X*?OT
zv$+b}n0}&H?p@86?CkVoO2kZ?U1$$Elw&#@mZMy^k-!i5azJg47szR(`QAv>!DjTQ
z`Ic&$5?~r1w-)eg)`_sh5(D<mL1fRqRvWYI?JI9WW;5-Bt>OQNg!~}2iTyt$WQENC
zA|X*3-cS>}KUVEj*NfC{RJi|$SKfcOzEp47l8)!^yr{dlG%}@=Q-Szwq%>+t5nQYr
zQz!5`JB>K|3IZizB?7=wiK<mmPFi;={PKZa{xC=uNj#<(#{2uJaCB5$=(<|0SEzTU
zECh@`a(p`4u2?P6_Y5xAQ7<9n)7@g)Aca3?zd}B62oYwlfo4}qmkKQY)o<ld<uU&X
z`?4MH<@ya3yk$DeimNIiJeU02MNWCZtcp8d3^EwgRt5o}TMJOdb#Wgqo21*YY^j{~
zx+oC{^AS4CCHq1JMD6mp?tRCy^*E}+DkLtrR>*mbW~>x!V)NWV;;&`XyN%&?&efkG
z|6Imy4Xtv9*UwABSe0pCo>q5b-=CryYdjrNvz2>2ifHWPVtS;I7gj%p9WlJmHJhyx
zKgMXC`p2>-#Q~wcLHav1!^IM9dpd(jgMGp~XnCOna?tHnalCoPUFYk=a87+5x&u?f
zQ)b1j3qV&LD;h|A2J*iGGeseoy`-*h24FrN%wJJ2{FL;0&6);BH?vOE$D1Kjbp|v;
z!eylF)AfMh%z(F<@nnyoL`(m4PqodcH1)8UGAG?h0|UZAy6k~NTy@RcjHBLJT=RFp
z>8qKO+y1h&woi=s`fo7x_Y8kRu7949Hi;BzjM#N<Ky~=;oUd2sES<9ZRH8QFPhPd2
z_bk|Z(A7@yE(Y%1VxEPiJnIj}Ym)gU5XLhIwDCQz|8d9MjP(cRx}n}07@~m|cs|i4
z#?sxm`00Q7%~Y&(mn_}l^1-e$tT=(x9yjZhuHAJT<*UWyK->zw+ag@b)vldCo!d^9
zvt6haUM*MY!3qdAZriqU6F4;b)z|fAM%vg&mEG*0aNWKmqy)nIR4!k;)8@6-9JL5_
zov!F`lC<nR`L^zMAAezVM9X(g1a#aidO!8qX#m_7TB<`XToln@s&aO$Af`%oF4(Mw
zg?%f6R4D?~K<S+onio#p&*es8@NgaK&swVN;DKu0eQPh8I$Ud)X)%sb*`&N7>=^#B
zLp~#fDF>`rX$06FP(xd#z$*DKS+@Pl+c<R%)cQ?(Il4%FlxEsB*>^oM<D7Th42pE7
z)dE0&^~KC{)AEn(?mOS;WA?ObT)JwG2+la+Bl!-rW5j7QB|0M+<C)T$to=}%Z3qBq
z*^sL|Xns%Gy6wzadG^+gLidInV=_&=ZgLo__WR_A^sD_@%eVpN&0A_yRvs<ZPrD7k
zTGy;yW;3;1di^KClnL{K{E9n={hK$QTL87$I_@ciZEk$d?SB|HKHYP-+&L>SUh@5n
zu#~0li{ny|oi6Xoz~A11<pw@|{K9Yb3;n>c7bwR{?Tm<7`+k;7I6{+W=qRjzjv5ta
z{G`xkWAKSmYV+ylSq!jk@g5eQRE=c!1_j6NjT>NejfP&#zw_xHx+lUqq<7lhrvTQz
z4}cD*uKk`;$FP0<icJpCz>|Ue9F;PL5g*PnI$dy(20L40_F@pzisM!o5}8ByPk4R^
z*CHM4=_R4VcF^#wB%zF7|EfVe@we_o2^3mlPci<UL~$^ye&aG7D9+%DH6L0|CcT*n
z*7*)Jg*Aw?-Aj`!%lQH)FwrEZ`vHjU9@<W{cqG!BSQpREcLaf#E94PIkKt*QHPqbf
zOp!F{6JEkmcFXs7G)vhV7~z+-ULy#WyYd972`-M1xB_oX(K#&IZ{R$#q-a3;nh~f?
z5ikR`r|d3{9X{Z0FUnt-9zj!{tv%b`h}#T9WcX6nnn(S;XKy0;1h^|yp#ToQ&|NZW
zm&bZh-i>A%vL#O2|M_D%N)BPp=jJaoR>}-$Cki|y--55MfrmX-L^N1G4Ik=FPt2Zt
z;YjuqtBi&(E|~CSqW9Dah&5di_T2iCp1#}G?f`m#A4k_5s4GVFekaQ<@AM(0EZH<^
zWmlWq%PtKXK3&C*4dB?m!vMH=G8w28E8&4uBMxXanL(m~Wjiq6;Kpmq3T3gG^x`cU
z2Q=C&f0czrOE#|023`Ke8gOo?jU%8sec|h!^BsAk@#}`w7ac;>EGKn06Ycc2v6u_N
zU~kHZ*|GrJ5a(iBI@8jWA12kBr>MPF^&78*;ldYn;PYe&nV3U9sRFF#N>hl+SrKb8
zSUZMS9n+h1wLw$zz9%IC$w#b3O(d_#SsGHsHycu9ZWcvSYyGzOxN_UMVpcum%?K{k
zp92on%ylasSWpU%WP#+oZf<kX-gJXhI55fUjR*Sxa+s$24Dv0L?SAm8)xCI^@jW<k
zfe$-3U*v2ea*i+a4*}THEia!pb=%d^a4Mae){zd+Vk`-1vzsgVQvL+z@r+!!c$}X~
zsR1eZFH?CxJ6-d#G6hKl9~*0U*kY=JrS-4n^p2JCPWgpKx*f4dw-r~~);SA}>XNPN
z4cFd<=5DsE^4hl$7WVLrPou;ZpAq#S?G%TGk_PvYc~tpbet>c`6(G#15;{RRb~`?!
zGS_Yc87LfEZxK^PTi58<Pjt6+%v5OS{t}T@pKLu^8r6b~qQ6wX2M_RidjyLcG!@jF
z8YA@E7|xhWo_!o8U|%9`hyG~G4|6*g!q=TYOX{E09heMBDbUyM_`g|n0jkLMy?UI%
znN-5P?eM^ARDhH^Mv_U2H1RqCRhN1#n|nAlb(r`r#y|H!62H>dao7+ljj_t$+jKEd
zxt(CJ<JkQ6{iWIBlz0scQdtHmC*?Nak-SACxq~Qq<{NmP)-Tqq*(P~bQ~VMJlEJ=z
z7<me}uzA4@{(T8lP`dyYcdFPon25@b0}iX~k!7|V0l@6u_AgTVvfO5Bj$Tsi-|dfM
zY+b(M?GKLUQWvLG{&NG^aF*~Hr$_O#wj8^{S07Sjv?<wcoqD}n)y>sC%8k|H8<tvj
z@c2_ae7)PJ;Q!o6SN*fiwmGT&v^?90MRWxnaeb$-(19C1YqYj0`fsFJ)wH`n$ws58
zDLoC;Fae>Bl^2X%B&gdt2f7glPjBVkHMF&YQt^0B#4|Kdm^)l*HTh~6;5GV;+Hu0h
zQ+!iehq{YQBc}9L#SiNyfjifj#+wbXdwg;Es2L*(l+%WA7_8|Aav@=#sDFe6N3{*9
zbzET6LPYk+&8srW$3nD(BIU*#QB~$+0?>!k>jA>kq>2u$1)L|tZUqsy%N2Qv=>Puh
zB~d<94Z#k3>F}F@_l0oKhZq%4I$VK7I>_~&fkx67c9uCn+GwX5w}X30rhKRzDye#2
z|JpM_Ypi9-@eYpMYO&r5xw(RI?<Sb6aHwb)ZqM~Z{96g4V2NJkhFTYnLC7F)nLpvA
zg8^`-t^yPkB-cx4J0Jdfp>sQfJQ_re!EQM3Lpgme+VmK}7ga-Zu&)msq8(3g)=^mM
zkp<h>7B4_2jE5Nfb?O)dnE*b}kp2N2g%=ZwNQMQU2ik*~U0-p|>Q9b8O?}1x2#h8h
zh#L%+wj+2fJi<GI_=#*Z{Y##*#(qUBX$j!TJSajkuVm~k*}W6m!HW?4!k*pDqboT$
zb~)_Xn_j~bs9@$P)O~=dOb;>4VHdZcDGHZU?f90q3i;$A*O7heSd1I2gB0b<DqTr1
ziJlEE8Z=TDv;yi6NG^U1T;uzzJ^;RC?U$}n>Et+EHGP6045!qy_AT;-ilr3DRSSr@
zHR(K96VwGpDl#r;gil82&~<Hny_6U=iVfQiHKx3#2?2d^CvF#cIvs7)pRNgmg$hdV
z-Ax1%237#c{qqQvA9tX;(J#40I^|mYK%lilNuAZurLZHnvWxAiVd6z4jW9oqe6vZl
z4dov4egNex?ZKQqV8ZP`UB{tHa13}AbiO#*5>20<<!jx#V9l+c^+jHhhZ_CYPd6ji
zT<70a)ow8Suc|}c-hG{igtZIwGzMv??xqtF``z=LU*{13A6P4K%YF%Z_K{)bY*D#X
z?8tea(G*`^+S^O)mOAldM8um~tQFieG2Hl2$<xaupZkdl60H9|IIM6&m=4H@`S!d!
zqgei1UEZ!QFTDz_G-;&>^|9iE0sra0xXxhBHhDdu5GVmOJ%BN>ISMYD_MJ}U$zTc^
zsb0B@7NdzZQg_sP?SaG;HLNRSS;`R$p)nM=TscL9o=Fj6JBkn}{({W|?8HWxnAZb=
z7?jG3Ol}gj7&j@3;nw7Fg$<azfz+){OQ;XVLBsMLD_e}1eHpIcQJo8wZpTv|q5lne
zcVwPsaqh>6*Rap-AAq6O&}T!TQ4o}LZGZwhG*z2MQqkMf>0V>p5-txlmw6wN@c`|z
z&kh$rXtaY?9xxv<{uGZFT*FrX7e*WHxo}-fP01V_W!{k|VBv->mjM9Hg>h7bg^V5Q
z^Wt34jy1kJWQ+%LRp-@mwHRSm<Pj32dI}*I7xy@&&Hwj(k6Um`J}9U-<&gQbP2)<1
zf~e;95kX~T#v>BdOK)#HoX4?T$pWe96w1DV#Uv;cbm68p50fUonZA5CQYT!As<_=^
ziox?29W%UnSKI0!9TLF)vn<MrHul)9`>N?DAoNzy-o{Y!z%(VCO^@Fir@V_#cWLp&
z+q+DUvjuyA2Dio+v4`qMv<*bFxn%^+-$9r{!x1zB7d|knFoH-$fT3bN1A9;p3gy9%
zpvnHMDM`UO1@nsUAyjMsvN40zn;1+eC6zP5fmIt|WV9A_Pz7ildYYe&u5z1f$*k5L
zc5Lrj5j_Q{b`Mfly=+Qsh90nD%}A4H@Po^zpN2tG*!1eaDIzV<p^%bkbc+8NgjKqq
zF};2pr0$b|tGMJsH1;Q9?0SGX<traXL~BVT^T2=h&J~?=t?P)fOEKs!>k0DzQCrms
zKzj0~o4NL$NdwHaEu&|#d5g|1W7yi>EvGD;dBK~jQ^)dTcOdGA^uM~fsY~-*Ck1RS
z|IU+a+RqV|Mom_$A5BsU$I21)UgDFqO-}bF*TQ(Iaez_@{11gUzT^khGkPRb=yR>o
z&}CJ>3snZtDH_gw5bac`##AJh^H(QNO@pxjTZH6)Wd^IebVF|zZ`G`QvBLj&OUMs0
zdwhS#-&?9lT?iAO!%rE7kY02-7vo7r7Y}cM2FYzs6xzoG=n9hJ8~R&Bb|~_#QlZW%
zUF|^BpmXG}>$FjQ)G1b`$(&DlRW97{6=R~#bk*GHC)hvd$i#{OBhR6msV(Mmp!9Jy
zwVHTGwzM)5dr#8*)jvz*FTKXWc1;Fr%Z-qcu$sv55GnjRP9G{Nr)|qk;F5wo_%<!E
zN!M;lkQCDb%pDUJD?m2>XolrkV}}$btxd3sC`{EbMRjF<DcW^KT%_}4N-($nT0)OR
zE2p_R_d1ha!2Y!W?QCqIkj8KMN<<2}EScHKopxt)aJ!wwx>8q4<r5JG5iMP4VNia(
z7w6y`8^oTi!!ex*R~qCQ!Q!A9Fxni`hcg~_W>SO(xXp_cwOU#>YiG=*D0+*{fo)tn
zcll>`8<lux2-AL+_mhCl5Q8m79>cD7`~5dMqgzTHnQB!x<6H>Upn|`{BfeNRjaA~9
zJq;l8i>bpS$R?t$1T}1_OT5#Xr^`v<SAa(M*PsuSoBbzME{V}>iGcX*T~@}%y!quv
z0Dnju027cj6Tl-a&C7H_Y`EgV_27wDYuUO%=iAWzc;YE<qGv|a1-rR6mVId2Z1`s5
zAu{Q#U8CHjuoVKST_3NDIHK2==tyf!eW3fz{?Y@%s>pn)9_|!P#<y*4#4@v$IqOc?
zMpS6OdJJzlq=Do!Wec~%XU7+4+cjyseKf@Yn8W?Pan_nryz=jLZ-1hErjOxBzHW~A
zu(^`@Te{JwhlfwT0+$)*5wB5L=!wlxp5v3LDO4z&ab!z&an`=@8Hq(|+69U7tmy&v
zggNs&)2lIrZSnI&Ms0gKRJKwuq>m(nbUY7RdB%WcvZhtXeUwwO+*ys~hrAmEi;J!T
zI1rSO)Xu=HC@w@c7R2wO=W>@DZ`qnYGJO{yQ^U{s@FzxaFz;DmI{9_9l&oE9wHh&-
z>N-zcScA#SDNje!uV}oDU93Kcb)3rb|7L*7>d*&_j66r49ZusHMq=_f$%;t`{s+C2
zG&hb3-`}Ek45wYk5Ay0=Vpu<JCiVnq=EX!=lRSVRNEEezXhw|Bfmk&bZg<v5tfATg
zf7BY_;HEO?@EZ2+z;00!*tV6J!tdKA6o>(*PM~PUnc`_<hslD_#t3>q)uI6XzVY_s
zxU#*^vVdY!1q&<LoXiMe&iwbSIB7I|MQ3CG^ck~bZ^IMEj4V0UnCjEP-}w%3a=qKT
zoGhJOILKrnhtIEBdP+UGxOm9r&&e*q*_USA0k@5zBcz0vCb4tMjtcSdZ(VQ*(r3T+
zV|uK7y<%*ZP4jtTYBR50j;u1FL1Bs50~Be<<RBow2o5pxtNkvH;cS3ka8Ne80Y+bR
zX-P)kMAz0U-M(y7$XFFsV_yN7{*ZUq_@D#}Y!Q#4LX6s%7=6l1KYN(Ht?R{>T4x&X
zRFl7b{*m|6dRt~2L>fM@Xtwt-dv;A|rxe>};Q7vo0heaozK&ZgR7zF>8S6A&hs)B2
z9Lz(Fe#DAg%KjAAm2urN)o`cY-4>Cq564&76s^Wc+$l+a;3P%N_!NNPO%0=poVN&e
zmF}G0n=0Ewc^dADR)gk4y$XC8j_*;LBquKmq_WXnd$ngnxO?fm1?Qi66^GWAEik=L
zuUb<;3y{Jo9_iI^jrL^l0rP-YwWH4IW2P=`{5x99{pde5Xm#fW^>Ah9>mTYal46|=
zId8(9^<r`N*|v7>F$K_=aWfE#<2(49CI$96rD403^^86c>sdyYI<Do<y{A~bEE5rf
zpoe$RQTJZT$uO+Fr`0n`Q?bz4C&>^;d7NYnSZ8=Dkk7HVw`(iLV`g`EY7p_U86KEQ
zZxrS$=Xb=O5Jy*NFkh8l^&Y!l(;-M1HEZJm#Esq}J;jj7L=B+Ks_TI&V_{WL4Pg(~
zv|8pipyyt{9TU_j7nnIDtZguUm>GCTYN>2cL=1bd4Q!c!MT|O~I|!-@U%Js?nOPWv
ztF+KeMq~1ARc^e!L4dFW#oM8X11W61jBG>YbVna3>5TRP?Y(@aq~8Qe^bl4(r2+ZP
zCm9QY-MwAsw<Lfo(`>YQ>r57P5h&OUn{%x&?szA^(jz19?!lwMbg8UIxWULvjCQ{O
zKi3Er2^0rhkGKW}Gqjb`2vkO%rAJrj?A%+fcg2#|`0mep_n7RD%z|p?UvMR{n04h!
zO|u)5xDSsjCF>CdTrjy?W=<KkQPUU8=d8^Sb4McAt^rscC#T*&wfN1A*SLf5Lwou5
zm<Y<DGod5DfhBt$yQo+Vgjt&4gOD=Uc{Rrz+}KoP44=;iVQaD@fot3={Y(rig~%8g
zr$w=*2;Ds>IhhNMyy0}6I|`Mg2!<+^R)bP7x$|D%L{dbd39@yEfJDvJHffMD3p1-;
zzWtDYpa#(O4Cs`wy#Bg*e%>A>ZlqlB*IE*a)3UjK+8-HM=V^TRD_nAbWqIjQNb~kg
znK`oUX2mq0nEmMS$8u=w#za-Lg0Gz4{>Z6Hc0`k$#uYxGn*a}yH2>QJeLA3t(ntPX
zjews^468Tsjw?d>e8{$e+Tnioj~0fTJr%iQ#0j9UCP-@)&)DWkj8b{kSlCM8;voS1
zW?v~-V$*M(!xMk@d|K8bPY@7mm7w7Ys!Xx>Qc<iGO)4SfRZMmNq(kBomf3=sX_y5U
z1e@oPcnb{o6sZ9^Kk2;d%MkPCVA=V-ZPEowap2avef8LNqGM%XnpnSe*{U_n8IGQW
z$_p439#`}kr5kDULY~Qt-mZqMPT88<D9&iseMefSu{QKSQ}WzMXU^IFZIxyo(QHs1
z6DpYPd%ZE_86fNJmAEnBafcJBn7+|0#<O8{5{;=X!u{$kKUrg=*?Na4cUe&zsXctt
z=(Jj4C!z#g<pio!U+L6eUbf`n8+{0C$_1D@#H}xqrg`K2D!YO?yHq-~&Jx!zcOa%V
zgizjymLF{0T31SY&!WffiLFPHF6pPcG+~^IZ9_zBU&<KJm+#bMDEYgutjH@r?h&>j
z?(!enj`!WYCGJ|viy~+AevD+G<gv_re0lgI&7wHMX3Ps`-3pgkRAG5t&HXyG0?;jl
zs!)Q!i?}Z`wT>5XbVwF)U`xoS5^I0?tC~<P0urNZ8AUune8#f#>O>aB_zIt^{oQ3^
zl7Jz<_mBQbPw-TA-ki;Igc%S=<g`rKJP|O!6YxyviR?a_Yqw2j<s1-wk0bcaK&fuN
zM%5=<S=p#hzbzmZmfO?Qsny6>3g@st!M1>{tJ`e$PM<h?feld5LYtE@tQZ4t^7GK^
z+_H1M;QOYIW}8qgVp}cRzKLd!RZW41-2n^^TGr(38j(h_HGKA+b%=QnRmmP2k8o<=
zbf(t8=n+5ba>c&e2n}Qc18E`0`XPyHm(jqe(M%OI5JA+e`&fd^%8s6}{~>aimu@l-
zhP(_sK3lvE+D){$L;z^t^moA0)h;|NBsaP@u09CM4s7q|DC{FvKf+lkubCZrRPlP@
z%0t$P@VRFQ7wO*wGD%MTcvWa&@OBKZT&foC>@`C_)OzP0J7;iVg=II>hC;dy2<58>
z!EiMEM$4ZfnD*`cJ|p-3!_vX>hKK4#iLCixNXaVQQpU)70q$qX@EJZYbS15onPBh!
zZS{2?STxZucw;pF{nfgmVIvlq=*)L5r(x~s)~$ZSr;pP|PDHGl_V6(4=14KG)_t<7
zjrm2W5Xe3`mJC0CYD1>Qa+>Zi#bEU7B`cR6rP)1dJ`a?1AVF|{G@;71V&EXHiVk;P
z5vkkqr~hTU2*^=-EQzxYwtF*UuoFmd9~`w-0eOaObq@If>CP7l&iTg5v$<ocL=`Fz
zHK%$|SH&W6N)J@06e!W?&sK;mv_9K}Z~uz-qZyXR<!)^RKx!)zuK?q4Gi<G8Q^Ah;
z3dJU9WI3fG9oUIEtjyMW2pPL(BkSU;VfSp%vPaub01}3NY=M<Xth|{6=&8z0{$p1}
zhz_=M?1>JXMc_S_5kueAD^L^aITw%zo7{$$^CzvFDcbh@2NeVyn=AbL62d5;EZDo(
zZz-oBDh77o&0aI~-1K5u3+R^pa*S@HEVfBnF1!Jd4v4x@H1~5p827wV6ALf>gVdDH
zX%^X<08`X0fd(fv`_MhUI*D6T`@1t$2bp?oW5w4(ncdOjh21PlAD)0g+}X*mKwNLq
zzv1q@K>@oY@Za{FSdmnmU!M2W3kbgn9ixDlAh$u=ho@Mr;f@Rwf$hWADkUXj4xYMC
zvH(B~ju|M9hA7HjKjH%ndn;Gp-femu&6VUtKpLJS*Ki}J_gEMQ>Q_NmUmXk&32pW`
zGE@9Dru%2#`GQa*17R$Hzw_q=b#!^o9b-9)xspmaZQpYnzj}}x3*Z)z;?0MjiK&&}
z_HF0w@pR7)A7l`})#hR=*SJBnI1i!&*Yq2^BvMg*A4`{d_!)!j9Npozb@rk?!@2zg
zcs=~n2K#DvY~c`!VLdUfV)FFSoTuud_bjYLJJ|6!o}5U4$2s{!(p3qfEh~;+B1!du
zx=_XZ1~9^nQ9VNb3pjDQx>QDm0JAV2n6-7ej9Kv+iJEjJfqK(di~bW!>wc--FHl8v
z%CY{BkOYArJB$9$t}F1lqlQ<(LOk(o;>`^d0J5BBaF;xXDqh437+zl@IYi-o!GWw1
z#hytcyR)&xXjwfEoNmL`9sfp(FUJGita@M7GgY;lAKgTaFvy^rL#<+1kNgvg?Hgm{
z@4@k;!P`K=p+L?S+5Ta>S#a<KgTa#0+#Tm)#@*d<o`>6^NuSj(qHRv{8A4CKC;kC&
z!02k*u(GhT8*v44Lpjxpm~xJIqiRXeaS8RsIQ817$BB3^TnWq2LHPz`2`ymKRr&s_
zgK9U#P<n(r3|l=n;c10}!vd#-7xY?GzHKCFRRGm3Hv&(+lsC3U5YEpZwMQkYnI9b(
zH_ye(&6V28DN^t@dZ6+`p&yZIZz((sz)~bn?%0a-s6(ba^xdF2c{*5#UR97x$W(-@
z&N8ahYH#Vhj4($0W!Ac9TZVvi*KCx7W6uckI9MJ~j~{hh*s6T2;SA$Ms@0>v+{1v)
zB+mf;b(B-7^9MR<ui_QPUGM9N3zibYUZd_2WhbMu!eDRWZTC6QkR40GBU1<#kR&G<
zX0WEYBokdO7Cx->2W3r#2j=*E5;r)SxEO0rB&I~Kgqj#0o(Z~@qn>u%ZiHE9@Srsz
zVAGG4jsTY(xzit+pO<1Nk({i#DY_*cf`Dk6f`4USP+Zx*9B7L!M{!pXBTLaDp0^MN
zGl{#fq1-L$5PK>nfxECE6i@C5(4!>dftYKNj=qcbN|Wlc6sJU2m85POZmB3Q@0yQn
z+{lBW*n?y{B(DzE*Xb|N?zbE!=FjV3&k~9eB3*0&68KA4R%XsmgjjbgA8$F|;PJk2
zP3iQhie7eFEf(UNh*;c7Ij06~3W%N+6u9ss!GSse52c2KmuyUF@SFYyKtRF^XT||O
zog4)MTe7OFxJ0HHuY<QVjJYH(Jx@Ng(UjMmrK7qyRNvN|<)FIQC49{M_ZLEpywjF}
z8j}tCqQDZNw+bh`E<aw?9a%#vKi*~ap@aoLL65!u9YtbTCmyvfk>A{S;yvcl8dK9y
zWEhGf4xCJFWA3YV=g3hK0I}cJe@btj_bV5XAfYfC!uZ!pSo_bdZZM5kNG-&#@yRTF
z%$a1lOoqrJAJFHYwRcIMdp_Vqxy+a7)H=m~Og12#t3Y(D5hnCY4~wQ)x!||hnn47W
zZimb20$Is{2RaHSV8;)I4uPSLU%91V>P{t;^wAp>N{gbj9+X)WAl+#e=j$q5u5}?1
zZ=*>U19Kx(45B9SrxkgL%OX8$k?T;9j2_o4tI$4%Ib<Y=Q3l*b?}p}he2K}uKZNpL
zL87t!B^gLYo?6lpW!huiKX#NO)R!~+MZ-5RWtvJQu{A`Iu`!q?Bs5rsP|6<p&v^WF
zUNaX?yfm9j33BBVAgdVi*SMxmf-wZnJ?4JQU_4Kd3{0F=fWhvzR#)@LKJ|t|q8#1p
z$DLg4#uC_ZC6y7np14G*`YSa|^a@pIuM`c1-pr`}=-$6qxsiA$Y+orHtT&5zH&aW4
zd-SNNY;|<<g#6Me7CrRm6siUYW2o6Y>V{_R;!bPSO-=%Jz+@}v@~;bTvMGuRFfRwr
zy#p|aZXf|&FV@5HCMjr^iDut)g^iv<8_<g|Xbec>-2;@Y@B&lOVPW7;MKx$-`9>I!
zXIbQJ)W-vQFl4*)@?owr9Qw-hS|zlP>Su2*7NGS)7EqJNIxbL$j>6!;Hx0v`-eciB
zLjT?|e1G~MpL`--78+$akfi}-dj<DgLl#ABx#w=U8G+bZw*kQ%^I$^{zHIvF;v7{q
zGPQb>OZ?Bkw7a4CyKfe-^+2y6QWG&912|(HkQAoY+PHQylb>{Gw3}GV26mv&UyX=V
zlYJ1I!-HY?a3ucKMCcKcR!db|7Doce7qSemQ2r)UfJmK^T@)q`v2XF7vn}jMJnje7
zqxR)xLVketg179BCD}_IF2)u(OY`@?59gzl8M{3}iHdMAM43x3*evG)&fokOc(ZdD
zj#E`jgsFzh<@JeDc91M;&Kl%nOrsfX(+w>{VpWucU**v0LNhKDG*ZAD$<k1^1^SLp
z)cH!=fWNciql2e^0|>Fk`mW0g=5>}%OzO{1sXo|yp6a7CQ&_^ks|J$$inCI+5RU8-
zS=6X7=yx^oLQquAzw>H;H9KKj2p>PO`c)&izqy)W!SAF&qS`B)XTR&rhsW$1hJS@X
z%il7&<tyA_W;_LX&Er|>(6v+Ja?ljhMp8<01NIw7(2u&AE3>RIJs{873w~dMS#lI+
z;Yig(ELV>bQgwEZ6eG4mIbnDeXMA#IhQ+Q2BrA09*CoEWF#nC0dE@9qOetLU?&*Sw
z{VsTi7Wnyz)5cCXJ<u{fKe+s^T6w1S)yu;tmn8X!U(>?l>Bc87BBma3+S-U$#D)~T
z0#Nl^Ndl)d;z)=utug#LQxqrvEu;`t`1ll@eg-KaWmXo*k0YTO=`B`2$lDyu!*HWK
zaw74LWv?mJBF|iYh(VbZ$yR=XemOp$QyKx3QAdltzDoFZT~8i<B5LWWg~Hj(g0x(u
z@%nH!6KY<nF4{29tc@nV6WqYa_Dvz40QkG3eM)+7i?oSZV$b*HlKi_l;_=r6Gscha
zqKNy-CkgkeTsDz<Dm;!3-=_$6`}ay*^l&_~#E2&+uFtpte)ezNTT<4E`Yus(nPBXn
zsnif79B|bD#gQf)l_3KJVnh;x?N$089DhGG+(xrW@n&C&t)9(w3uGjpgw(br4B#YG
z`O13ykRUPuuW;^e@tJnVJwXhy9(V>ha5mA;gNpAM0j-$aM;>uLg`BRy2)Vjt!yc|j
zKrl}Rvy@JRpxWkxU@09h67O>Q8;Qd8)Yo9v7z`pjd*sTyrw2wRIT1}enZ86V56ZZU
zQr)#k`^!(~G+?wg7vC{exfP;66HvBWEmo4UVi*BB>s^Pk!0#nF-4YXAh9GF)mlP`@
z^uoFjP|-C|aQEkoHH#jv8!?me+)_E!c~0iQHGv?A#>|v6=G^z5`WSd#dJgWqPW1|E
z|2B3^x)m9-Gz^9FZV0PrF>YgYbBJTE{ct2L#%9l!Y^_xQY6@A$d0$RU4<Lf>#0+=B
zU){}#2WG6rDQklI52Y0a94mElyq#`pS&FuWGOjWx{JB6g%Li5Flg!Now5QAAN<C0a
zlDa`QriE)ff~BJtT;d;Bd??}{zg<3$LH{I+6!H{30<vF?+q#$Azg@PXi+own@TaDy
z9-gyxe0;pWP}K!ZRB)`wg8?QKy_1m_nF{LW*fD*Z2cHL1YYOV494DBBM=qY0A4yTV
z<Fx*!>5~l0?0o|4&J=RzX-^tDl!4Kn(q{lWFs*e3D{Ye~+#uGV&=oP>tcAm=P(L83
zxU%pxiGGzkz?LwKLg@?#dgv_G!|=N(F?cukk3y9pB)?-g6Rnr58z6Qzf)#$`-_lao
z3|>uVW6Kqtx5hw$$+9H6P%r^U6KjWrmrz`SUNGrd#$T*Ct~}$Rcq@A1_%6k5+8JZk
zn@>M2e?X6lo$TaPaI5ZjX%x{$G0?*c6cQ?GhrvVNFhJ7kyx_~ERNKbV%6A{&Sq;Vn
zQXl4y>7jon!YO^=4@gmc*eq87(l!{eh8x0x6bVc;;DcQ@NnRDGU3#&0JHR$)DIPJV
z74J`4kCX!PBmC>eYmyF4g<glVrB`kFZ73xewZjTU|MLvP=_Elz2mHHPOaO7@G|$Ti
zmw+j>VV<)qv?T?rQx+kdPx}2p+43svJazx;kj-)_jsBQ!77)l&G9}ej8wn8wKG#%-
z3%?CUfeleFev0`@B+4&C4rZVd4O$gbb{UAooTwt7?jtcVt#j{9OXRyb%=84O7t64Z
z+dw9PW-nGEVqTvNCc4xs=eX8hW2(-r@I)>?<4o5XqpEyX!Ffh|&qi6+x@E4Dbu8i`
z6SEh_{})0}6p+L+sp-m+4$owg=-#9uQK?$njJqW~c8TeKDeT`!n>(1{)4s3ac})o}
zVcCc_K#@3?5N-6UQ?e~-7q~cJYrsbSFT*t?&1CB?l)ohZ%Qd5bOGLHT{JO78Xfvnn
z{=s7M?Cnd~M~<myJGztf3yyB7Jx6X+(vAsZe!Q61D1h$h2!}Nanf!15Q$vhsgfiVb
z5cLv`{Nd>iQ*<L}srC(Y;Jj56Zg!4zr2&<+zMe#*C1;N>Dj|M28#1-7{GT}k{$Gjn
z<Kr9m7b4qOx<x}=vF#Q;cqut}y?VS9S21~0*xdJy0ia-bQO67Xd7{aV;K-&FVkr-Y
zjOykq9Du{u`%m%(H5E~mM;JMKi0=;^gY;hj*~*@JQhj2ha9(frNQB50CE-wLT3y#M
z+@u3~Zq?dLO>%ok5l+6akiK(Soy{P7&{Pn7Zx5taOg~t?xl#+?Ff-69_+TpOU2Sn$
zNO8vFy`;`$cwU!ovmCR9euvZ07vog|EdP()dqAJnC8^G;K^s(Sz_c+(JVlIfkp-M0
zX;vh$S~tvMR?<8|lV<O#G&^2P0`x{%T+@toO|Nw@7)z~IO<)^%*|3JI29lMIUc%=f
zl+EBO<e3~-Xq!l%pIA}|9!W1}wjyv)GF+vV{iq+7(*EN=cQUnWhcI^^A9BTl*SFo*
zUVwu-0AUpLl{**FLVI;S(|}dzpuc?v8iMCD1uUKLO8>2Zs`&K;ifk@k#v6(uTN~;3
zG2eL>spHwL2Q&8lJHawnFDosRipwf)NcSM}?2v)iSO_m#rn>3l!N<v+(2)Y!lY-6}
zB*QqckGC#ty_e1X21lMJ8m0`xVKln^EFkj!rUTi-YXA~Y$YxTgV(n#UXD6}n)4hU;
zJef0NGxuD~$280QW>Ms9!X3(FOYBMzViwe$`IUSdzVw(=ZEED3VgbmPwUO_3ch(jd
zB$R3Je*JgriCFtR$yeOcMPH`EUP1itp0e9*hM|)tJ(bgcBgUyp-Z6C3zM%*o1pv73
z25-N<i$M55s6Lq+f-VU?GwwV*?t$->Zw$~saNbG$bxbADK>GPxq+mD_TgL|oOQ#!G
zGzD;eMZ@Y$*dj{o&=d?{O5E9f*%7QL4ogOd&f?fuepj%vv7>2lC&-G>ocUe0tUw)%
zkq-#!jCiXFdwuBS12N#nYLW~NdjOeT69QT0JT}D1q=fUui+M6NU$JJnu@kY<ez2f(
zgUkMDLR|qM?wATpzC%I4M>boetJItATRIORun1~+_Hxs~t2fw~c6GmMU{}81%26_W
zHD|f-L}V~GBZvC5c`4c<I)r5Xp1#yhE@|EpsY{l3-%6qsXLi4KjjpGdC_qmM=o4M%
zZ)2x}*JF1D0Y7{*5Lv;9DSmgnxxRuqR%ZOwyVxTiGM%i5K_A~U2Bk0X_+tO4Wtb&I
z3zt@t%5m>8T)Y`r@O9BDm9H`Czb}$Bdhu2k-Ck>d^PO3+E+A{XkS|6oPyfW%NCMin
z0*FC4*~hc_-CNRDsGQ;!Xn+&~dkUo&@M_M=i%~bD>LlN)+es}dM?@X`_Rc%8|Iv2@
zsl~PTgjQW{%5Dx~I#|<Y%qxr{lPzpw&8ayr=a)wXBnl&1*<D|-c(3KQ`ORTlX+*H*
zR)rh)x?<KpWqG+q8ultLd<UcE>lh$1)(IXE1a-3;DArzxZk|JDcK{@bSZpsT5|j2|
z3=pbB&^45xS82x<Pz;NX0|y;s>>)9{pk>ZiPB-5@IO9=mTWy1m!9rJUUuF*n3vIzT
zgO{JwJ>jQsf<8*N01UFs3ab8jC!L9V68&ePj&i*wa7zqrbIBggXYuL#_Fp{$DsZ{8
zS4%^b4W4DrP80s;BLM5;i5`K=S%@VO<b}I#0OePr*T8Ey3RGjb!Hf`^RhndAD*EMx
zT6I3^rE!3sCa4c&TSoejX)l%f+Ky4ih1BjIW#hpWCsv58V&T6iG&>nq#nyNh`?+Dx
zei!^tak*wFzbZ>=xdVND+Mg!!uc5qrD)q5QJoMn#ceqvuJOHZE@Xm{SJMAB4lIoyW
zcC0(?1Dqj853I(kMc9LcYaX^88DO=rUNFZcHAJ$yUE{lGrKq~!9p${7-b(oG#u~d&
z%UZ7S(513m-kA8@Y@L$`)5JdIhOdlDF}TU`-wJ_#utTh~0{`0gqpylCv2e*w2`Fl^
zLAlJHlR3#1Ljch;Ws50X@A|8M7Clo%Om3?zm)7fa*HUN-JrDh0KQDkTz^K#cMzv87
z_OEpF7+~!-weddmT~T}^90>JuziFHAKB-V!998znW1mP=%SYk{90XVD1qhWH#t!!S
zqVMOVR<gAi>T&4~`rm=;bA$CbKY_q}_=zP{0Af?2#Q^A@cjh7ny#lSOgljT=W`T|S
zlRNvriYqlp_iwwOhbJ;B{tFUx@2AIPenzb{w}%UspG9lsw{|;PxrqF+0Kk(c?R{hp
zlW{5kAeH?~G&W6|>!IXXN>tEH8r#qX=RY*F)cMvudbV=g(wJqk8a5}Qmk9E_(Sv{+
zfglay1AzbFB=a6EupKjI3Wk<#qK|>6FA8cE=7T08A0b&=nVc?&1{;1BhKk%DA3;l@
z#Ns}aZT)kuva(K{@D-#^iE%iVlSJd4T!PqtlMWe@4D6NS%C$Q2ZzfJS^Fzi}`4Ixl
zT&q>mgpurw)>#oYSo6dlFwCYsvWb=r&{2UaZU9D^=s~5RaYI&H4VZ=oGnSf7?;KNj
zJ%dl@v)Ww5Fa7fO)ceVKd$!7t5B-VnsGXr2lNNb!*so8?!nz}bL&Ot{5apCQ5S6o=
zBD*1+-=-l8wm8<rB3!1kfl2}awRu^(=Hzy@mw+JgsW4{ITtq(+gI(Uy@)!@64kHh4
zIKap`*$|1mCJ()L3fF?!?7<X+IfqEP@SCJ(-sqIdY_imR-e@i7Y1==%_D6T@?J*db
z5&`uJ)Eb?l;{|<Z=>%z49Zz0QhJY%R=5G>3&NW7H32?x70g)Ask+gkzJT9Nhk9_0<
z{T(MMu4GOf1ZVx#=JFzQAW~F>{y{PD7l1*-lVO3P7YJ{UwH6$;#xjzOc!ljimdsYS
zl6y(5A-?FJCuu+#E8+C3?y=|Q1GArkNC?w66;WHZ#toYmetiM`Gan&KF8M^-1hRau
z=ja`sGcR6&aS6o9og|6=R8OHS3&l?1G>6}ebYaoX-BJT@dB-|1<jNmpxr)%<1;B)!
z5fsovU~YaSmAE<hFSfUIpISlkPk!c`$KTXqU~s>MV1dy;aYUY`Sgw%0rzNF%p)PVg
zewC|qaLuUZY#RP6Rn&o?d)fBg1-_%WZb`@^K~Kk~&qkq7hNX`Oqu+xcG^8186~897
zgD?>6<MmAHRe>aYkGyp1C(sj><_GYdftyJ4695P!^zQM+VIsdrzxch5rJesEJuxfW
zL9+Xk+0!<2#W8#d4^gPAw9doiBcy9hHpb=Cs~Ua~?SNfcY)>0d!n?6_n`yx8yp=ez
zv%O;|wXxnbR_rwGyWf~Ad-WGtG^R!iT{&KFaM5#k9cBA;2Wf$i%&c|;^Z}Zx@ea8f
z5;AFv&1tS7==TFv#u`f^BDHXd=PuDLQuX0!%_I=bkH0E7_?3D#Mx=8fCf__Rx7feR
z>~OsYac>&h_iWJ{;#>Mn%fyi*bh?>h^m(zkm6)$&i#7ki!qFFFCZ55*!v;KjzIZxJ
z9ZK_u)bm_TEDv?m*2&p)U;-9HZ^h2NP}TYgz2L34L5DMbJ+Vg(t0ltAvRG%5$g%Te
z6Bl81Y0ll&m-HLkpRVF^KZnG0=l}oZfhHC=1}^7g2z<5>>Ce1^0snjsouTuZok;W+
zXE@|ZT%u)+T=!K2!$)SlDZ%>HZg&7CJTkZ?N_0r*6g+~Lh)B<r0d@4-1O&M1NfjFr
zttqF*x<Q_NDF+g5>tCNgeGno3(eOY!gpmV$Vuyc>qkJ5m;}LPi`SJ7x4rU=K<q)#7
zVSODE-d)WJ--+~UD&HuJ9m8151YRNAb34+G<jr^J81YCTN1yMIyjl9UW$OSOsFzb<
z|6TvDl2@H2;I%b2bahnZ@Jx8xxAfH`?C@1UgI6>r!7$MuiqblE_B1a7CQPF!?tt_P
zltkmeS8#}*$cO`!1S39r6gEsFZ+q(>5%kvbKMNrgnp(rD&U}r^<3ez$v}n#we6o6^
zRCa_cfW|ay14sC!9Eo@0*f!b!U*6Nol6;Iov#%0zI~m1W8ZV7O|DiT+C811V*F-CF
z-lTFN*<r0m%w7$Zufpag{`^=8&!W=uex;MR$#qUi<sc|xjXx%JWK4ev`EyF2mP5ZK
z);_X5CH~mf1;`oG8XydS_rb=r?8bv2qEE1#9i6WtuD)GGj8`A|71a%dWlh@wm9Xm&
zrf}OW$c1HgfBb+2@y$CL8KyILlVBmD*LjHW<88)JU&`rPV}%kWR;{0$%h$Qh&0f#V
zMxcG4k$*vILkl9rL|2vgI{Cx#37sFSN7!LMFSz}i4X`ri`x86KbMEa}LXNXXh}MvJ
zbj90_#a8O0ePqzX!lfkkh}i_D)0J{}L_!AUnf<z?h;8uJPL4BT+M_jT0OHx=1`@V|
z4i>!TJg;H1vPdHi6BLYAK-eYh%H#`EnnJHa*&^JW7Bh6y8cR>viHeka;LgRUe&G5u
z1)-D4515^wz#J8{z^4(`Bf71}a8V%#WFiU<z-nI2q8cy+1c{3-E0EYDYnQ|1EakV1
zagy0{)k?%rqSCU>SpOZomiyB?1Ig&srMYjgz?hvz)!<Zoi+$LW^s1&TIlz<?fK4;?
z1(X`uz~FCw;1osbQ}TucK!D7s*lZxPDnWS(2Xy4W1=rtr2Cy0A2<VNHH&jw#?|p?^
zno1qbYYU>Oh};cKH0`o}$TC4mH=6=&H32CCvx9zX7JOFfn78czpy1K6!CGwAyAOt;
zESk>juxxyj|K5-;QbEZa1jbzP8g7sQ0IY?AQc@hCV{?9eD*m0PT{l@oiL!nsjS&MK
zfZWd^Di-2E<c<$P#Dr4i()dKrk5SzD&@5LL6b{{av@4wh4`}&LkeMurU{lB@{}F4x
zqqCUGpn0HnIz|D&KbdvZ@Xn<$Fb-<_H<VwX_+#Q5#3l=Z1uy<fphIK;yvj2U3$&a(
zH`kUg-^iW1Y+G&I8gcd+zUOqQ1HM-m5PSe8r$;z{a@2<Psr3<FO4x#0i4T(KBNMLq
znLL;eF?j&fGa+|8l)Q&+ZtX!01HjfJG(Ov3>myZvFpRTU2*d5pBvtGt|K>-mYpPkF
z2!~EQv&--I-46^X1^`hT%8Gm7wskx3FZ{Nb-uoW)(IpQ_a!(=j>exFf#?g-jaPdQP
zMa8slrvnjhIXJdAntFRhHGA=4Z5ioWn#z=1`zGIEN$S6Gnz{XP#vvTo_`Szm7xR1q
zDyR%_gEVf<Oa%1hx&t#e+~07>K%1MHqbg^cI>&bVG^hJC2LLq-vTkVfNITq)pbWGZ
z|Cu8H!(!L;Zj^$(BL9#tucDL+$bk3)3y-Xhc4aHWN+`_M`DJGyrQQU--5=XaYpZxy
zs+H1~Mbed}rjauFVaP#V8uq@raJ)9ApW~<TWJwW!(XxDjwNe>LuJ6?y<JWCjdseD%
zzty(=PH|Cvv7){6?u9$@#Llj1FVed`vb?gvTGQG-?v?re#NOJoo#NOHsFqvan6GVZ
zetK$&zOc1#*lzLbzN)TmHP*2=PkeHFytuOQ?bbc;>ddTat<<-7zqn|&HVY|iK^|3P
zsl#i&s^tnDUyqt(uGic+X|!P}G_@bHT!T=X+~%(}%}l5BCbgSnuhV{hexuv?>#&CF
zsM8W~)X+NPyk=H1xgB-^Xn?m#?e^`NWM|QP7SBqxHR!&)deCc0e{0~_@38^>FtyM9
zZkU2g>qdq&!_{E){@_isH5<5$Ze!f&3t8JZ8N_2DJhmAM<$~b<yT(s=oc6|OPRjq6
z>DF-i`HhiMVy`)UWU}af{r`L#{Ts@Kdj~L#2|#pSJ{oMBdfc&uJGhtWQSP9wuztGZ
zuCV@BcfJ6xx)Myc!bI;5&by3Qsd?R@p|k3AF>+MnKk#nIHmQpl0IO{`*tUuOU)vCF
zzb0*G^zpmP3U_LA1b`*OYqWB9>OL+CpD_2!;jC%9*F6cjQFI%qS;6dO`&FIt*oE~g
zH#{xtIUVbmbO~(wr=Y~sZ>6U1ZrZR!K5X-yQrD%AZuHEWc|O81$cSgnW0PxBr*uUZ
z@nvt7%uh{Px9wc)&9rY>qP1HS6YfshelGE5npn1IDU_FbGtDepG#ARtyqOl3Eec#+
z3RanWGp#IJG<It}gj;wsZCbWyC{(iaX4<xFQC}#p@@Cq#Y*AMzuhuf{UACw#kT>^H
z^6NX(lb`Ji3k;TKyQW(S<V{|D=a$dz)S&#er)xV`Obo5*d|xU5(rwQq?=3HM1B!B&
zKXh`4Kl#>@b=PLI7i~Jbj@DlhI1_((QB|Y={&`P}1oCG%Pg?K((|i8Mt@bnAHhYWB
zsX4W3PGU#d=~bq>yH~fZNx0U&RO-}(56vlGnuH1!=WBVcaQ)@#yQW1xNpV}wqvDB^
zIXaxP{`0vgaVK@=7`+sGZj<%RVZVF5*W1v*mnLFidk@cixlN|!^UV~yWY(Mi1i$?K
z&m7>*%p$_Tz`((<*Z1P~&wPwxa(q{PFUEX0@miLPpOJwpWV*O6qaia;cDlDNqcoEx
Q|MU!9MoqQ=T}Gfb0GEg<fB*mh

delta 67868
zcmZ^~b8ux{*Y+FRb~?6gb!=N5+s2M<8y$7Ww$rig9dv9PU+(*P-uF9oPMxa#*RD0k
zb&WA=uUhlkzjd+>k-iQAP?80QzyJXOfdMg7pV4z=5ld=80tNBrg#$tT`qs|a%3jUP
z&e7J`)r`^F#lil}?^Shur2gviu}0~7la`1sI3L2<X1WU^d7B=JlRJC(LW5M+ge-xg
zh8+AL=e7qhf14n2iTdr&K}OY@)*OGkkN4Nd+xz3$FslAxD-YlwX}-2*V|G6GcnCbr
zC44dWDP3K|m`pf#uz7^XwmY4Q@w;_jn_TiQTD4=><%7!7okAOnow2pI5?t%PA$a|)
z`aRQqu_E|!hwm&fUsssD<c|JPly5Pzj4&Dg@fn$ajc>PO$jgY)NH|<OBlqYqid<57
z^a9ahLAL3khYT2KsC_r9XnF*=Ox~JjS%F3r>(5;y7~K?<zz^#@wfYQNpwOZZt4p+o
zmD#lJ#|{j%WZSd?dtjAZCKs8FaQ0B>$7eb6e+X}Fdwe*@6?jd1$oq`(LKVxsLaeHO
zq5*6n9T3@PvC=-X%^9Ssw)FRS;58*L^(<JnRyGdw-vBg?7*xnMqx1SMQ@z@JZoXza
zBx34A@P>7$tO<orabRl7>>f*3?=~@Qhjd$tTG+ACvKGd;h<Z)eP#kd_%QJ*}=daB_
zeMO_Jd<5qZEY+`>5^vs@oNBt-N{gVNZ#tZPtWMISj%lErC-FD-|G1eKKaB>WscD%Q
zeP+MCIsiDiM;}a&@XCy&dEeu_pgo%FK0xJR*|_2M^#}jH^@aaY#X}qv>xJp155R%O
z=xJsK-!(k79-+oReS3X5ILL>Tif%Rkn=-1;+UmdSN5dJGQ2QFmrjBGgsq<2Lu`?^i
zs1jCs!JEf+oeIydDTlAkTtIY#ed|g<%I_1E?GG4frQjwuq94ESL^OkoRbnTONNK@|
zmQNoZp5q4$Wb0CX^vqxlP5fza_6xuI&U5$29b?{;+Pc@pWVp?q;|v-}gPLOcV1$DH
zf(9SE+Z<oZ+7?S%fCqNS3!@ksnuoaX0iDeC;%8=Ch5)f(U~}87o+`esloBUQ3NE{v
z#16m@-uj)0y{%5cpc?wD<so*Qm(y!`SBKd^VP+#&*kPd9cnex0s=5?QY`{crZ95cS
z@UkjUS@uqR9jy<!2ZkFW=ngy?v@#E$-@bDCNp2NMLc0N~*+PNI&w&ah9@t(Up~7#e
zlTmNO3=H?hK|-Exkh)>eNzf4lC-a<_L<h`sf~IJM++<w*)_3xO3!|+-tzKYFP+G<h
z18QkvH$N|f&Hk<<nQ4I-$sh&8-(L!*NflOpqKvkiQ7F+$G9X=<-Nl-}m2775ko$!a
zXyzxGG7D5#AVBE>4d6q~#b(M?swf`YaI=@Q)%W5H+}J|W;wBvO9Qgf4FLZQ1@(sX>
z`z-8kCq&oLEL(4bRf@c~c9KZZCFNxII=rnDyIM_*g~f|+xPzth^95Uo4RjMOExS<T
zlQM0dM_zh#bF<5-g^dO8rMPQ(Wy{Vgwkwa*>g>_r{61@_c-giG4j*lOCrLz2nB)dq
z%CNPx2O+}Ih-5k3JI6~HzG~dHhY_%rND9$e63sJbOukoqpn#NcYEANJZJ*;qkr<IN
zU`6J9!8;@xFRN$RA(046ssn9Z1It`hahlbk;7^Uw2oHy6L)O6i8?Q1R1ZypdK&ElP
zt=|@-Ct@*cZ_^$0vbn@7J;itNqI2${-6vMTWzOF9@o_lTZ}NyE>%2OwQ3K%P;9zTd
zZU1`RNjKlcemOQeRd%S)L%!$LqAzqQQ>d2Z!3Wv7o_L_IgVts3@p$iERC10VYmThg
zWUolfb=L(H6io(tDvD`$u6yxcj=3^TcI0MxY9hgU0nZnvJ5;Ds4>s*VFWvt!vO&n@
zW9K(*d56%rEWFmbYI*($aL4a>)$#dUtk}$3va-0ge}uJ#io7WCYSB%f{1zI*f9ZaD
zs85q3b8BA{;NdgZDJ!GUelG3P(-v)kv1ZrEC(#i2bwe#`Tel~*UA^<JGRL}nAe!!A
z-IV=WK?zJ16V3DRxxcN(kSX!<XbJG}_{T`jS(8EG!*`oA1wf;@$<G#_SOW`>p2DKh
zkJgsQ6Lr~a)9Z^1^sDOck8_<Jy4aU8BqY-v9ZUfpW=gb^9W`*CkE!gJNlAaxmX`P=
zT4t?1+GBwibe-k4)+@CvGY|&%S(6%Am)+j~9Y~G!?!O~_RDbWJ3stcKZqjXU3RnRt
zDDD9dIKdI#h#<cLjW-<Fb(O!doo{vx-&V{0qpXR3Irfk8|N8F<@Ob>kKRYiklvDkB
z@6{P6bIc00gJj^@m*bDWUYeyoU)5_OJ@yk44maOlyfooT<~pO(6(F<G<)1fURa`d~
zeTEplQ>%#U(`_0<B>`)QXz$~fitMMX1jV(~bt1Es`N1WQw9|c|>oyb*%Tmg4`=(5~
zvW={WTTAF?wWD`T(|vAsb)&}0LBWQ-MA;Y$`#i0d$yF3R;}X#d4~_3mstz2r<(`YZ
z<v&A7;(Ax7()tu@rzz)q_@S4ZW+}tPVUhen`Rr7<QxCU)RsovR-VE>=q8_N^t2pc>
zD+xC(nW;UpC+#_*h5GEX<vwo+^p@ST39u-*pCHd#q<7Tvf}=S%bZ+?U8>vH8F29>+
z1>zx0XyQ!S((S@NY?!{JA8xmEZtm4m_w_LuEz84|eN|{YUrO5YC=#bhkuWN63E_b*
z_`%JVYgt9L0`N*cHp~k?UGq*J_z3~s6VSy)lQZVxID4Qg>;D*wRigB>SIq(5C9Ykr
zJ+r#;YXm+29YODZM}U;`pAo=UQ}jSfMxQVg#quWG7nL*($HoCU@B|w9tiFDIL$BWR
zmWA#IP|l~Y?mPc+*}St?3;5S2vBH0BqAn+GMgC(`r)HMO<4$7vsBq|FFLeo~@XRuk
z;0?mZiS>Ql#Zf=o$yqC9dmFnJpDI+<3yE<p&Svy-c=jj8*tNZF5{D>t$6q-l{~$u1
z%#W|#sb=8ep_g&If?r8a?*ILk8U0hBt@$mFfI+5k0bn>tsZADAUuHqn;Ta_G&w^?F
zg(fPhaPi1sY$hYc|2m^uPTNZU$Jvm<zXBc&$VdWxc{%^tpuC*_ZqVqz8w8Ksoyz^Z
zG<8=h?ry-F$%l7N^(FnEIVb;j&H_CD&KWS9r>E<$7>6Z)pZR@fVq?})=>M;3^uylT
zjgNDqrK-)b4^*DvQEH$_NY_9YOPJ^M3dfMQO^mukGlKtrn)vEk;Q!fmKrj<_f`sME
zDOlTh$^`Q6Vdn($kG2_ffQVeg`%<xu>z#zn8yrV_a&wq`ZrZHn&#6`}uTaz#Y(1+V
zd`)}$t#5R{yD69xe%f{f)c;=6rZtluy*9wVN9YW5IQ2odm3ALOoU|;03e(sU$Du8b
z-KTz~4^xISGy7*r+1C;cv9Bf4@9Gxy(N}Br!Qog;%pKk)F#z6V3EflN8cLk<QLXf%
zvj*xjjIlAJZ{n-=pk}H~|L91Yv_u=oUuBg=e=YL$PIxJ*;NUgk2jU5r;5w)HVTmV+
zYU3glQ?Jt%*jn%XE3?4ioveSZ?w+96Kqt9s0m~~@Scw3olCsHAV0#khOKW!QrPV35
zY!Lehs88pe%p)+%H)G=ut!KrNQhreX684BvrID4f?m$OK?asFg;_~>XpX^4f=0J#l
z%6uuEAesN;4dyAVVD&7RtE%~*8n?{ycvAnEe+L^Yy{IfvNlPh?9+C!8k#r2KRZ@`V
z`6{CGZxLs@P;*eL`DuW0Ne$-LO(p|N>a)6**Frfg>F0wNl1RxaG#d4Ya*HF0#t#aK
zD3#u!>+Ke(U|Zy1N*eq8!vKXWwFF_2xOVaAy1QGt<Ast#O&B9@e&&k4Z|lPaT}j3E
z`ll?o7<<2T8^6g4=_V@ZdpG}F&JOU}JTivws0)uh51T!U#n%VCFMglzJt88LK3Qs_
zOcwdKWc^+1r|ZdF>*odIQj^x|g?0Pv$}k9rl8vUrU5tPo{}PK)du4KIwOb|vobv*M
zPDaUaahYoRP_c(WEQh`Whe0gj!VI%;tn_Q@?27m+4l`ljh^$IWb<=;Z&nX#}{knco
z_VO5DGGNK|;L2_l!y=4W)ew&7sd5a1i;m;<j~~JR_<?V{(*nAlbdRxn6m^g%!ABm#
z7N<6OnEW#z%fvJyi!23wmB!fEKF#F1CCiIK_o8)91CF8BnzdNi15o+=y9eHvJaV^F
zowCt_Z<3ooLv_3nOnKd;XGe*M08g4)%l$Ye9P6hX5A9iTc9J3cY2AFl?2$DDx2i=`
zrG#}KYMqLb;lq+k!Gxb{z>f-nN(em903V#j2Y<2ChsH4AqW7=$%mQiMxztzwJ|`<3
zc`!(x6RfJmIg{bJ-?HeXE$h5%>%mrwt2VB~CJQU`S(9O$!1=qbsR~VWz%{u!<CnFH
zf35Y$HlXoY6#pu;@~+_F#2YfehOg4-h_y(GD_iuxRPSivvvOCKOltqvnN%TT4-1tI
z8yB@B&gvkdy~B1odg$Y;@2<zyAG{I84Pv9|XtBz`TF5*IvCf(RK$ThalRE)1g43xW
zrsH*cj4RluK>)y~-k-Gj4HOi%<u5ce`IT`QB8GCnLsAgg;Q)2w4@2~MzR{B39x)@#
zRt70QtSIfqnU5Q!Vv^+67=O&UlO#8rW!#Y@Mo$kEpZ}nYMTJG*60?_?nc#XU2@&qU
z+RSKB-5WTC-xF~FWs?l5&{}`)=Q!7?E)a7Vp0`hM3S?K)?3w5&mQ^<m{K>pX8gn?R
zRAXC!e+V(7m4h8BNYx&R6)|?&ukh1ab1&5$szz!I5(cV+dX(Nv^kOta9IM>b-V5t@
zMn40Ol5DMP)()--wn}kpau*V@LA2pGjvi!m-E;1@oK`E9ETI9qI-K7@+v+5wZuW4G
zaLw80NL_}wx8Ut8vvyiZ`o7Ov5*U%nCu<@ZQrd0<>!?K@d2q{b)$e(5j%1y}n!hXx
zc<K=^Cy*opJ3k1Md6Dq|iRpd1y<R(Ry@0U!X*XuAZW_H8X&|(0Z!3lBN#0O`zp%*s
zKvA2V!Q-f=bfS-tIJG~E9hjuynGQYIyj(V$ECh1NjnClUS~%514_x3I+nUS>c))NE
z*%s+zgM<);8N}zS#oqBT<#}+;MGR>UqtjaKfq&K?SZjXKEAapTqR4GhF29l*#C;9!
zIuRrPR%Yg-aJA|07+mTb%+ULy$iBRc`Gp_C=<_Y67HKP=KWsCB6r^06#Jml-8onQ_
zU6uQCgeRysP0I%e(|LrK<}dS`6EFF72Zfu}-u}L8AML*Lgn)M4qeppFzK@xO*QrVA
z;Uk=J1B=$P%_BCzySb;EBOm`p50`m64|n(7@cVPu$Hn>Lvhw^w{FbiwYfA~st0fXp
zd-)LiGTcy5H_iTh6LErT^ESGV;iF~v!w&HN_F?ea*wZ`hL8U3#+EsH~lOH?aWYI3v
z%A0|NjI1*-Yvj$#tAkYi^^kig=J0m$SCQ($%Ej|+OSlKHc8J`?*3iLk^V$4#bKLcK
z|I^I>+4aQ#yt9Wz@V<K5Twwf&{ZWCpO#be8inph|<NfA2n9cL?^kchyRj})*8T!3w
z|G0kr*;&XoR}Zmp>%npLJU0evGr59ke!gO7_w1)M(63Xd|H;EA_yg4c)5*!2Xk+&!
zx?v!Af0YDa1@E6+|I($D-+hYoVtAogU78_S227tWd(4n{l=$rBZySE<@>yR%+5*{B
z&|ZHWm~~}&WA7Yx1kMY>(pNHBo~}_{3L?MnEMhEMv95$V^dPeMmCf%gD#s6a^S-#T
zG=~4+BhBdwY<rx4zRs5YyXpGUw8bu2#KaH;PXrIZ<vo^#Gl7VMN97EF9_X-zbFGsY
zcnuz;A@+~~f6|w#*;yQ(8eKHv{c54MvkMOh&_hUP=4=GWWP=w1PV@S5!SKT$h5s1S
zc1O>g1vT>#8Rrq|i>)`^<r6fBz~A2269ACC#TwSZ4B#!j`BOqHX#3|0<Kx;buxCE;
zaRJ^j3a|5gU((C`=KxT_*7tf_XW(?$&Mh-K6um|D&?OKUEH}^B1EjRNv$<V3<Ai?S
zA+-N{VdeSiO*<tns6je4dyT*GXAf<d`1a#9%abP5UhU#DrP?F}|13Pq$Bw&&b6#!*
zuN6Y~6^f=X>NYV{o_k9_$>yS^d8#f907WLe>Um1q_}d5)=T~191LUc;W?;vb-JZ|-
zSeuD<-j8ff6_g$@Ef%}MKBkPss~6-~<c>n$t-djbsO2CdM-zt5f~6sklEUu>)NB3B
zevq5rEUgC`-E0DtRgjPr)k*-~g}cBqKGoJ=TI&3J0|t?0N9kFyv5)d=$$?cw0NY04
z^*bsk*fkgCH2n0q!(hZRT8q}YzBWmnKc6k^(>=l?8knwJT$>a&wt?y6#WYVOoO`@j
z_J3|U0D(61aY(tL=M_;z8)tIeWJ?PiI^LfZ+Dp^j9l|rk%~wpAo)xsvhv0)A)z?qI
zLJlmTujE_gHgbcYrNFZTIbEWM0O{LAVOT4d)QGs4whquJgGO5*aI`+*t42Y3rr@DZ
zeDSS%2U!4Vok7>q06KiOJ%z-;>j%QYfyN>FTY>F72fy`Kch4I_Rg`t}v8qUs4~42q
z)Mn-$I?u_VOega-yi(jEFk<$j2qzWp1a$cL(E7eG`Rw4$-`cb&(kwXM0M7tlKOgj`
zlOOh({$e25*+GZ{f%ga^{e2l7EB5!CnCLE%oR8PMgG%;t^4CnLe>o;H;Ow8#xbbfj
ze;PaX>J6TIHFG{P66TYvfOP*cQCvmLa!tHwg|biDMzT}DN-K#$&6Bs3%r*+vWFhba
ztsrKt#>@B_b?{ovW1wVf4`7miPht=IL=5cxl@Vur0*bO8aJ_`JkDxeg&UE*=+z*k$
zTp@C~^QW}(7H@j>5=Z3HEkw+qLyFDlZdI+%P#>d{oSv8;G}#}V5)tSKg`itEu!UX>
zn%HwqQbL@9I7|T&huv&!?Ai0zOIXOxp3dP~vN>8b!Zjpa_+o=Y0Dv)qR{&R9u+I|}
z>*$yL(!xBz-NGD1^qYG)8Q%lxEUMI&OJYzlgYW8>tzGEe&L-+O5jyOck!ACID6PGX
zKdf%O`50Q_XGs;UlwCqi=@j+_bWnioc`PI5494ufBKNwKJpWd`O&@L08G(hGT-D>{
z-2wUR@%-<x%tmsVMnLl;N^wXzX2Csb@jG~8P&=|H%`YubQE0v8l!1M0y}u;CuDmgg
zZXzS|og=PvkVPaabwNdoGO*~wS0F3yQU3gCS090@4Ehc9s`afUro=xZNKpZPWZKJ^
zB*UL&Ku7rUU6iDv0F45Iq94HLP&wyfL29<@SXk!YV($T*pMa`2*=wwZ%!8~)t@UiS
zyIZ-A^#J0_1Vl!DQ(IBEFw^1F!cSg_gd~%kKk^b$nj!itZlO<@@OM$Qe+e}sbPEG&
zU^tc>LNlbL-=b>KU#d~WXl4yj!$h~#WzxW&4O7+XZm*LxNb)$db&vY!p!+hxr9jha
z<5F})-cq}eo&W<w7*2YIxJ;=qxEMz$-Tn4GbJm>s=6WWU1dMvvS5mwdBO2|*j2(xy
zzLX_%9)|TOh)rN395}v{x&E>-UFEiRU=)@mfuQOK)!?&iXPY$F*n!L%scfAE{Ny$^
z&4;D5RDp*_F#M7*={Qy^F%?1X-^oB4xBY3w(W_-;lmL5Vk%y5Q1t4!R=k1~A4hcVq
zK~iWF5SQrxbnVjjhW2;5lqgxWmqHx0LW#dUpalx`HDIST^@Vw;I_U{6j7<yCttfmK
zv^N8Xv(pfT?fzbnT-ZlwGV!hzg%h-$mI^+KyF<tfGsV1os|mmL%nkj+^D2#5Mypaq
zn$#1dZx%pS$(O;FHB(rOP$zpMcl3mDjM=T8IzK~LK`Ulwee$PB9vnE;_xhscHy|+0
zRocVvDo=b$Sk<|<vjaMug&m3O#qPO=NLj<l$*@AIxD^gvBAxltG$%t`!!gfik%(A>
zc~w%DB4bv`QK@K785toPkM%9olX-+E+H0iPkP`rDr3Y5SKxm#gny)<b%8q6ka^Y)@
zX*o1Sg=2dGiKH`OmjJpFKZNO*^jo%bdak4``9&}2rE-j+U_gSa!)&hEd?bY}Av6e!
z4ZhUL`QcTl<Qb`R{37TKM*qq314NcNLcuth<?hY`zA2-24-7uV($q)#7L#brj7N1I
z_+ad{PF^g_W?o8YyMD%Px*T=s;VHGc28Oh;_QMCQCKcUr_%m3#+h{(_-C+m$`%!58
zcV!5j5H;7jT8NTZVwi%S1Oe8Eu$n4i$9lUW0JXz$v)EIVEqBICQ|)}gQyi;XGBGYD
zfFkd+4~Ri8^Yn)lWul2jW{WB!-tB?=FqVVRfilQADL%I&=QuUOdz?mEL(arhd>{v>
zw9QYL2`ld~J#H`rZ^7Dk2(aGW!l0aMvKPEUOFfPqguqIg?QCr-zb^L*_F+valpE+u
zQHbzD5eew(%AE{iAs9o+kqHUB7E^r%fF0X=xj$Zs7K<FuQ;WQ}9e8OG<L^rZ1Zs^_
z6F|+vlUeXK&18pOnjqeo2KU=8pbK(V_K<>!(2G=>3whoP%b58}tDc!n=&`j&J9$2F
z!Wwoq9l6*dR78oIH!YKC_`msz|GqL^ecIDdzaHh+DD^F7E;YufH+*dispLKd3?nEw
z+tTusqp<twJ6?UG_PqV|3$O%3m{WOWFX#$OKS)Mobsp8gP(_48mC3;a`LtS!!IKaK
ztF;oB9SR#h<W4Xk%C^}<Av6an%tjxIR-4@N`{JD4v2)P(qSYUjzfdF-oe>!{1TFCf
zbfsMomh`F1Zr4?>`70HLw#FO-^uke)tpFQq236@)JAY`$j7A-R#8u3EaxtRp=?X6)
z8DuglMTL{alHReS*Wc3{gWaC=U8I*~AQD7`%iE){<0fZuOyFim5C1Cq6_WppbP$Kx
z<nt;xM`CRdPg(+fki5}M*}G327LzClmVkk*GvMCHg|4K56cIc0DMI`VK$%Hap_i63
z3~x|8`6AWAj^&!pL35;?Cn2Nty_8R3_@_%+N6OT7zmxm7Y_sjA$y?Ryx`U55`Xbi(
z-ZaQP!Vspz>Sr*mqtPAOZzKW>aDfsl74Z=rzulEo7?L4ihR`%w?oURP*;Fkr*gdS?
z2tpk7T&!hKe~NxPOK}^$1&D5Ic`1Nf!KiGFcT}UJ>B2meYnW%N9BFc4kMuN&_D+{C
zz(W#1|H1|<Ge0kgz9!;8hFUceDtP_HlPv_sY%*MzkX8r!DV6$lTsja)$|}bM`{6C=
zu~Oa4QDH9ZY76`7y!UHvVlRC4Bn*6(I<vj6RYDf6rr|7`NG`j572p=L?7Ix?UCPBx
zL+}6Daq(=6<JrhR3R*FB7l@w85gcIKPfeT?YRJdK{ue6k9taN_UOpg3vhd41z&y*}
zYV8P{98xM2tH@*lImCFkIoI3xs&ky|l>$cRfKOs*1eCb!bit0eHX;n2{?q0V12m0n
zIrSERA$+?KJ-NL%35f4nz;N+dgoBCvEGI@7$_&m5FY(8=vQPQEjktM(xjoDzGImD9
z6_(>;BQkAj^kL<8#q)7sKyHhx(r%j4xA>uRw6P%6u44U>>4qz0^&DKmN^;cd-eR^1
zw-*`_gS{K-G#l%pFT~+$rx0I|(Nt4hGwZC@5i5ecp#QB?1Hf7glT>DyuVWb%-b#mr
z3Nt`*LWl%4JWpLWe5{J5sx1_b#&Xh1#bn}iBO1cH5-2vzOlAIF>ly7-aG(FZRImx>
zcs<YYsovZ8N2eTX1S}aXrSMyZ<76~A*?!E;I0!5g{L5K_p5eIkwE8=k2P$8kK9d&=
zdxFk(Z+(vL6=1u2*gDbSwjTVNgO5@RtG@-O7d;Eu=w9DuDKkadt1v4Y5ME+RfP-Rj
z&NNUvR~A?aChkN;DOF{lFr|eRfGq=0!Xa|scoo7AGhNP)emQ6IAwZ0_dJxK`J9P&#
z-Bsdng3SGwFeD`0A`WEwN!+rIw9WX1#OjzP{HoL68h|(o^Ui)^*$wrB8UB1i4H<<e
zZ<vdR<nJ+fjzaX)m6<!0^zTZ0U!uIval^egI6{hjLpUBK^FMQyZ<P>%$Hs|8+v*P%
zSRzxhSHoKPo<FzIm<{`xpnuG8eBi<M$6>hWz2JW0R}iY9Uy%k5%;3MH`f`)?bv}W|
zo*)Y4`~>K}Ee(AlkLw7dL4OKO<fF+pp`l2|qKG20XcSSGV_<%0m?e}WFk@~j6&}V&
zH-_CG`R*8^NQ9y?495RXdVoC?RYu$BS+%XrU5}l-Vw)Zb?a7dM<ET6=h@w=8Gr?ks
z7P{JAy&@Yuer1#2Bf24w1C!i-6O7F7WwQDv{sbUNx`$^q63-hj_=%b|V|*shogH)~
zouRxVreuT?!T|=`AC5wK5)ERxQnQUdEfdyr%|Iq1cy*=@cZ(RF?;kllwj&z()K>eH
zU8%&W$G|qhQ0b5QJ!<>LcqJmhm^3JuoLIIKA#%)QC7`s=K}1PjfV8x<f1HeE1wI1J
z3k#4HH)Nbh^rPm-8L5OcBtN<rt{M)MvRtbX&K$Xv9G=1VgGkhO_Nb6lls8hQIk=>Z
zcuVCMTGgkU=U);xyM)kOv>~`RN8~c5W6_g{>KUNry=SzCrwbe2uu$p^nM#;Aa`HPA
z9H!V=jf$~1L0LF19A-x9#%F4Ra@Mv=3lM;F;!3BR68}YBDk0hDE#1E}G2u>r=n{uY
zO(^`K{b?PgB5P1Re;eW&3H~&H_mSsV>U|G16vc@6#wz_CDnj;!tQ1>11EQCPUqHu@
zfRgjIFmi9apuepZH-21#^RR&ep`?d4Ne?lyA}mA={O9iw8CtSvS``xYIC5p>q8UL1
zPn`q#m~tvJ`|kIi<hpOT0A$x&Jae*FOipTBYO#vlq6o<BUE6uCCAzJEeLv{wOqb9Z
zaZG8{sr-OT@T$>mO|qGC0(uU(Kfz_fNcb88;BZV<Pd?K@R~UkIioxOEL1`UA_4gu_
zklbB=%OMdL&5Nzr?%#g*rKnJR`XHaD=`;B?{wG#U$tv;CmPt6E2a9&MN`hGp{nwv6
zP-w~6plhQ8rtRLbWJ3~i7&U>HP|dctuH<MEazJQDR%hsLP!JzS8>aMI1x*cP5oNQs
z)I|1EhZ4Z_azBuF^jT+HB|(ZRPmnv3{ckyW=%QNCZ|SICURpw03K$bh7D||P`cuS8
zrr*^=9nVV&Xg$%~cb!axN>T=y0b36gHc@-c7sx_S{qLpy+wf{2^QxXnKLVrs&rc+s
zL|AwAeaRjYBWLR!$Yo{Ym#k$<CF!IVq#0GJ7!~n0dJ~^CQm`iHnP%n2*XEf-xK+BT
zlZ{Ey0csh{=R6?PGAWdpyZ78^dyqn!Ywv+-?v3RlBRrV&*b%qfcc*<mDfy69I)A2b
z8uHcGpRE*@8lq;WM%^h_UB-0Vwkfbh9#ls_<-{Bf>0T$PG@5xdO{*8qgQX>{-*Dj4
zFRPZxuKVBLykCSE$6Ph7E{ShhH`Lc|wdJ$k0ZOz*`c2={CrqiZKi-VkinxRIn?Mkv
z*p}7ddyV^?nxpoC(#pKS<;%E`7DaRyf~XT}=-8$bN{bv!@NBc{HgRz`tTXEC_lar;
zZBd$r^|*)SkYu>ln&{sKb`e}sX~*Y-CY%@X!k=;XY0qDOawqEzo+t|j>oo;@FOoiW
z2E<62$0P^uQZTIq8+9)_cWpQeBs&(r#n)+lX5{PsvbNI8psQ5@iJEuh4@W4Ee&auD
z%>xSU?Sofppki;Z8+Lin3Vj+nIfpEQJ&U|k{oS`=4KNM513-)i4=dFm#5;#cVr@!Y
z6AxT`Bl&b2-QMktOQi$0C)8*|E}Rv;0hAJ2>Z~EjlWXd99;cZgz3?hx#S+J+sf|B7
zO-rcqa<yo>ouioI-HXTK3*X|R&|Nk7kSWkyG~jyM<V2@V?hE8dr--%j^GC>ml{iqD
z;5KtI*A%Ca*9CuMm{R89y&B2X{SmqnxJA{H0i@>}DqRI5rC3!{9uLZ_C6-NlfCN4?
zjrl42OpKq4Ni<FmRg98b;3{D<qIXH^gnaOgbIue4!SkaMGM_kbjQp+|$q}^tIEGE1
zCEJZ=i(tQ>inoxBZP?Ts(M0z{m5`35Vu{62L@;#pf!NFmjJ}hpJZb8%Hz2)<`dd+3
zi-B((utpm`e&OUeC-*!#%ph)rfQ4TDWt^xOpBg@tj>~7}Ck}T*%?;Rr&SpfzH9x-w
zBygqtiN4%rj(w+P4h63bpH0;duK9cHEDq<UQHU1(<Rje}yS-)jf!SPbHi*M?+3AH-
zqG*#zx^eW>N^lkeiq)UA%rZ_A>cT1JaZyN0{=#X^zP?(!vIbc$>A%j405tltHNK(9
zTBWi{i3=YrX=h;NZn#POwuPlepyS#&O@oL@x6y9*f}+h(U4RNNh=|vhGpM$fYV9p;
zl~r&ArXc_wf2cl;e2wv{ca{7slUhKvzEL11{Pey!MD8~r<-??j`pV-k--A>|Tu@b;
z{$VYS%{ox^3D+Uf$5ldez!Sw1D1NtlEa%)>pwEO_$?}HUGXCjFdtps7@mN3Sr%nNU
ze;R&e;>1g_wc#y?yV}=(4s<^t#om0SL<n*EvIVm;nqe85wSuFR_;jAH_zUnqWXbez
zz*=B>txP+<(aPi0PPw~u&|q~+6HmykeC$=q@kBYH<TLfXZHuLp1NsB8_zHhJ2HrvD
zjgR*#cyh-=k``+-P5Rk(u^%wDvxF|F?N?#voo=j0f?x-s$%KXLux}(8YZFbrO6eri
z>zd1dowwP47sq6>*>oT4D)T{IwAUg|a-{qVPoZWua~j4l%y;~m%Nqf%A}AKFw0X6b
z%@}irKdj{#D{KO;?MsC=Co4a3ZHU&+%MXXk&TGcGHm}P%LjAYcoBkrpcU^AexW>fQ
zow<dL17ii}9l|uBTLuQ+eN0NTga66`HuASlFM$SrgdFnkPhBM~0A0L>_=D|SH$VSt
z|EK*1v*RV;X0PwOKo8EwF2Lt(>tT8N^0G<s75>fF!x`Wfvi{2Z`LfDQ;8FS-ToHVH
zbydJYfLK~qRJ6Zc-cjZucsFz@_~H5^pEG>;1M#lH?_-9Ktz*35!6BL{ALwJqq;rt2
zSaz{I^@{&j_437bsUb$e<+9ji?R)-3<!wdBI#a$7cd$p#1#)%v`Fym!&y0{x9%Dx?
z)8oL>=pq2+#SS@r6F6!)BhdE3D$s?;IK}uyvkbqI#Q<8kj)=D(iLuKL`WUKvxcT_C
z@(7cfx4CF4w&3rNJ1z=7_doWmqmErp{GNTi<E>mB?vN*vePXscTIA2K5NFO)n*4+a
z<go`72Ye6?1<sRu`(J{ZtNm^+ZfA%M<ehRUg8}+a59=uN9=wDGg!kN)WkrVAVm{Q(
zWc{o789qX}#64~7K>0GmS9urqmpRhb?Ye}*<nCf-iS1StV{lLA&hb)VY#a7YA+4Mn
zr!w|{t<XC>1HZEzJ;c(1S2Be0^@^SM;Xy}O6S3E_Mjn)xmJ8esnp!7M<nIKfyB#o-
zi~!4yzo-YRvmA~3vY(?Y_>IhlOyk#&1zhYM4BJfsrNd&<o~5Mxo7YFbeB43bdlCzW
zj~a!#zNCF8=RdHwgV&kHDG%RmaRiasjC-9Atluuq1xDDrZcpu!Bzia%C+%Hkh=Dtt
z7kObVHD$YcdnOdS1cW_(@^Xw$Z!DKRfSSm3l_QD$4@KooQoSLzg$<j5wx&$Vew{Zo
z<4xb-6s6SX5mBw4c3HFC*0H4}o~6cuKdG@TjH2055)PfDC-ye7eJ}I-nwDPwn?l3c
z^Iv1kYY@Bz(L65$RsbuA`>%201E=n;Kh3oD_WqMV<C#8|ESGx&#=@*lm%xgO2?+9j
z$$Z|4hE{-klqO_osPkhPSA6Bq0^&f*^T<tX5WD$&9CFL)J}rAasOA0Kogt`0A}iF-
zEx77mKe0jThDO9eW-!`XR4hj*mJPhl*674KA7qekxDqcTINV~>fS=ZB_YIefDD1Ev
z3jKcH9j7;+g|Bk~HV_^Mpp(<z*zh`Pl={Gn1FM9y+sqE-3m_l(WW*#O*VpR?W(qH9
zeW*--AOm4x+Y8mD1{6RvIn76MNx}b~^F@VQ#cCh;@IRe)h~}vNn=BKB$@+zluQ9Vt
zeKTzP%SwAC5*&v^6$;K%xBX)Tk<%70T2DPtDyna00Gx8~bUnLQ6We9{4j-&_<&O={
zl-vM6j00gzTlBetgDQ(aD=yrIVzL7UHo%<9e!8Kl&Exn9p%3bcg2-pgex^9ub(q63
z8N$QTrM{NlEau8qly40JzdCB?C>j@mEQYRYM)USM%DS^)Wy2urg~AHq6CW&4nT2p*
z0sLDt=-(=aG2FbkN$sQ0nowA3V~t?oK%~6(AxB=r7E2KD6ehgWJ<+`PsNr`|51^ge
zQ(8;V6O8g5N)E4c2LY$~M|cmF6gVm1ub7MwHGZ5d2mzBVI3vz`+#%?DV_Q|{An~+5
zI~z8eXfau*sncQgaiQ=Mh&nSQ!?dz($Z10~$Nyx=BNx3O?uh&`wEq1Yfs$r6bmYjF
zaavayQc6%_4TPAbt+CJhfEsvyH0t9>xu;l>xGY}78e*6r`a!$s(g;RPQ`Y{0a*$pv
zb2aLHU|f*2$s#yqG6V-xzCBc}c8hr$c)A{`9@@&8o+xfX=@z*b(hNA``o7V`1aAW9
zj}v)^{cn4RSo<Io0wh_WrU$Wl`yhmajUfcRZIbD%AXA;#rF%L3fb#IM^|@PG6B8O6
zg^~?JR3|+Nc`;kj0E09Xv(c_>+Z~87bkBFeZ-mBw=U}$q2rrOl{}UbmH#vrCGZ?KR
z5}I!8h#euCJZLYkq~gQiw{$j1L@UZ8tD+4OJiCG2p2jl56q)Ap1zTZ*)D<si_{amf
z(TmhXy#t8mD+Y*E!&Jh67fzRDwBg>=mTTLT4dl|O2-tD9Bs7Ln(@%kF1rRMkwx#VF
zuDWj#a}Lco`I&Xb=#M}U_GzwMDeFv{w>d=wj;bh?(3diBn;(ad7xU12Nd1<l`7TN$
ztpp1t>r%FbW>P|{n;k%-xQML&B%o{z=I0GgXaLxR)*NgQh+P;zlP=yeu@obx5Z*5>
z36mYj9A84incv`>g=_qqUzb}~`;Mp*V_N2ez#2Fylh!Z=mR31|Pa2As+(p4mhMQXO
z#$fQ=ABDH8#JO^1OY5nRvjO|w&@aZ$Suk@@#Jo>QVYUS2!OrXvhfyC?kenMX9hchb
z#RBjTd!#Y1-)0F6tuv}&J^bp(8EKtjnBNs8@@}LRP6M&}B^vldNt5qJ;&D$BBGg){
zL0|g(a8P$3-rP{qv3S%3m%w3_2@|hlBKM$UC4Sst-rtm9T6W(ACMddNV_L9Wo0FTF
zH+%sS!x3)*-&V;4!zUf4RPx7pa$s(59nelQOF(K#uYLlv`K-2X^-u5%aZv@QBV!i<
zN=~U4s%~RIxQj_gKbUKN$fIT|E<J*PAG^TJ;b^??$MsL}iw3!SO+R}m#5PRaseTdU
znZe}Co?gozq;ESkQCP;zGio9ltZ1YJh1$}1K$qSv^k{Gy;Ih@&;s-ovzL)^GvzwT&
z1$KB0lK|~6sO}T$n;;45ng)F{{|SHpz6VPO^{&cxv|K@xLi9_L;(-5_rft{q3_$Bg
zhL|yoaLDc2Y36`IJFx!<ze#JS8_@itY<0366s~ejXm(;9z=D-_71d$L0!e_6&$m9N
zJI|Ryk>?Sph##Xpbp#RA#t9H#m$rsC$s{_@7|YQ6-nWOx=W)!EVtn--3V<%_9aCxP
z2|n<ROv46oT7poY7YiLrsr?%F)9w}MuE2p*hrIi(2*D798D=C$ktP!XTo(4(o3efu
zSA;>H;<ow^_iS}bOL8SjuyU9ZZ@l9hpYk!-aW%h>*UC3LC4PJ~wQPV*UiiI?#)L(T
zGeU~YFKpm0t8=L;e3$l<zr=$A%@0=HgOK@@ru<Oqv#vqwyI{>EoMGU1F@}aoVz!e-
zetuv4hhZCaJj7vZ$zW8IzL5R?y{O$i9YsQ_;YZ(SvK8joUkD)Wi5;n+jmQ&l1UUHi
zPcHgcXmS+@YYydO-bjG!hTT^pvA0Iy$&{5TRy&ETy~JQtcQ3t(GNnv3AtH^D@bA2$
z>N$kYg}q?rB96}7$dE7`&hWYfqQLBP?yykvc7Uw^cRpb@{&95X#1>Sptd-oBjOlA@
zo{F9s6lvI+5RjCdkueYg{d|bTTp*`Y61{F!*C+Trh*_^_EF{1z>w#lokMbNtw>+Aq
z&J_8gE>h}qtJUbS{Bk>W0L<$c2hTFj7JSwF=4c{|u?xWuVflKBh*R6BzxgH(zRKwu
zP5;|rWjqCDFBv)IfLn;U%WnDv>PoIeLpE(~zSO5FRF%uNQN4r}1MU&yufp&lY1M;}
zGfz_JZji-3MMl8P_Iv9P%Ki^(?GJjjcttMA-eNR;R5Z|?&PT(WvREb1AL-obf5e9Y
z(9joPG~!#f)9m=k2tQ+*IZ#x;+s--w6*^Ye$`E>jhk?#%Y{pr(hF)>+pFe*lfaW^c
zimQC=tv1@shg!XrYDaTN#fVU?_1`={Hf;e~X3zQbOvnK8q>vV60l7+Ru;m#$ahe;P
z&SJ=k2oSgk@8sJ@(%_*^S|oZZl4$jPGAUV^53u!R9~9hFE`i;CEPHIOT=&}&c;qzx
zier=fgCvTqT|){M)ZSOpu-zrC7)4dST3VI?=jdo0Qjm(BEZEq}a)ojm=o!+u7QU%k
zy@OVyFNy&2AxU}zo<j&mc-Y>%O7I*^k--hnxdby$RwCrwD~$U$C}(aORf@Y+aCIX}
z_6>e&RAsf-u{`6i$0@&J&4<WD|0qoV8OzzWSM1JRrlzSwu|$GMxHQJW==2o4c*7tw
z9*`e~vOHix?Ina@uqxz);BQRl7;fc7-$3Q_2EGBP=});wz^OJ969TBF3sEqpJm|^$
z7|)GhvOFt`ND8DjOh;55S8urGzezHfM&8@wh>6>=pcO)t1t;Jq(*^G5^Ioc^pPZMI
zJE}RWr|ClO#R8bQXavThU(X;#7l!kU)8n4(6`bfD0(l78Gwqo_i3*ixW?l~5y>k&}
z)htP6#~;uuvStaJrxG~-LX?CL<BMC+Z!^gXo1@0D(XPVVlqJ`(5s8M;C49fiO3mvu
zv4bdE`p&uSjHtNp`Mq~zqs?kwDuB>=P5$SoNilBQ>yHUAOUK@(=MC25%8fRg4Iq&7
z8)ajiV=^i`7N9AC+!nGK9X+kTAAvvQ^f;WFZ5X|skhHQMR;Y^)uLPS+L_fc_(%ByR
zVFto!d7Kf3Mc+X>fq}jK4<L4@))=Sg@89KyRh#M8ERJdR<?u1+vn$<%)j#7Cbe&<g
zWKD2mBM_ZXfwWWy6L)~zvhP}u14kXQS(<lEbEC}A=716HC-7{;w+Ee7yHfPF2q9!w
z!pV1Ti=g#$mYAc-uUBuZ)aHzKA6t>}7}Hb5ZO(gIcCPgBzBzlj$z6i<pR$tX7=%gp
zlZI#<jKFh9I>#MWA|!=~B)P?*eP~d^{%&NI4w_!fCO?CD{#1}N#RX1hnW-Dan;rpE
zo2j;BEdf59Izr9;REd3bZl9uyeg{@dsr8D~uXl0~S1l^{#d9)?(D@ab_v9=SG95j7
z=L%3q!%OFmDdr_>hQF+*Wgcqh&R{3=vU;IEG@^3VbZ8#7UGAd<k}@4jwhgO;s9*>E
zE#IdUkE>nZ;1{pGtP(Z61q%<^T(<kRWR{a<=m7e}zSRcHw`Wy!9G}jM{KQ4Xx{Hr?
ziX(RoDo;#mI~IG}y2mejOTHn6ns|Vc>(umuYZETeN{r8F^*5pB?n9ntjjWGQ>z7X7
zuMYB+9y3>WcN|KNq)SqNA`5EP9C=j_riK|>d0t=hXx<&}+^f(De2U(`S&I|9YIgp_
z2H<#?9BD=wc)>;qy2o$HY}MR#Jw4^T7)Xuv%stZieLgNff{E4Ky~}LTF^O-%d)!su
zy#w02vGYPE+Knr0T(Z93r+a3VnI^{2=ZoO|zAIj;WW_E{g8k*GQsc7Bg2jvNY1`gQ
zD2=ZTTl*C|{7I8G(bxAt^viuy!D^1w20RB9FRvR_nQ{uBlv;fJoJ^HxkuXjeTkFV_
z=|tn{;of1ClF>9C;a#6RFV(8`9jgCC^RiBj*JkfntLU6yVqkKy_1wE*leB+T$kgb;
z&<D9HGB=x&X4LU0oep;nu{D@}x6n3&<1$if0Tz$r+!Br4N9-R+vH=)yHb^x10d;>a
zuuaDA7)$Eubfy*pe+c(~acheI%dHW&g8H;n<PqmL_b_g`4(DHBz4*;9#0jzAce}XE
zvG5MnFXJ-$aJ|U&;2IEaAR#|q#%9_h#WB4*0sL!ve0=WR7TE9qKBfUb?5rjPvw}UA
z?w<!=chaZRN_2fZz;6Nak8eL5qd(8<0PBWAJw3~U=S)|(o1=@U_Lrw`rxt%5H!{DD
z^hl)x1Hns<>=}7+acRL77kR+v8T_8tr};>~H3Fhnu9=#LXR*tPGsfw)9)@mT?@PZf
z%S=PT+;&60ONSW6uG0qXX;$9JuH-2zbiek7shSJ>9^a2`1R&u3i;A;vR%B{F7x}dG
zYCm)D-ayu+(iA&t5zuq@p(+x2+&dY+yR&ZP?yyYqAij)e{@4T-00OoEdO2CpEv+BB
zXIDmE?ow+(Tg8?BObca~?ZF@EugMiOrPIG3_iv8{N@u%fg_spDSo|-6oJ|8<!Y!&x
z5ATlb`UpaZmjITW$3{gk_*3|`_J`4qX)%B&$Dmslg8R<8gP7dbv8$)s!r$7wIDdVF
z^TL%l7z+oZi+5N5w}UxPu3Z0fuF2UW+34+{VbL&!m!y82z`vp)h}(TvjM-rNm9tkL
zMoweHxpN@?*mE|X_jNAL92rPo9nd?}gni{50~9fcfb;yh1L32sb_>U{-k}`<6sL@+
zOH%fZg7Y}Z3=7HS8Fz+vs$tuie%~(o;jLic%vp25GFTQ7GR012)RpUSQPIUJ<lU!4
z7*Wyu#~sp_G>77=VF0py4}EsdV}tP%|3nDrcxJ_QN6X{4`Mar_7HPcqHGYncNfCf&
z_<AeA2M^et7v+)|pBmxf`Ub_t()Q<ixbw4{(m<vVKlN3}jGJI!o#Fp-YdEbCvae8~
zEhe;r^|g?P9sdaou$Dcu?5HJIQ2ssreL-tzFt-)xU3QQ;Jw$pZu{NX!grpuKP+S}k
z-kO<W+L&B|Em%bMQTMX|M_ZfU+XuY_N|b3X6~gs`bN3t9+rTj>drbM?`e+6dT~!3y
z+x0NK4^Lg)6O3N(;qT#_O5J6L$#2!{DI?J%i2Jiq2)w`0W}r+GAiTlXzag%(FpKNk
zv9h>%WBxik;R`zqe%|A2H#v_<_x#-|&1XCsRdD^Z`L_{d)B_|Rup{|qvZq9cF&A`N
z1yDhnf`)Sv?+^B@pc#nI?+x%i^GKmY=(n^y_ekwR=R6GZ2m(je!MrfaBk_nrK<K%o
zCMu;h@3?fjeD?_DZl+o6CWdOE0BCOi6k5*7Yz}j>Nco#6JcHVkkkT^{{8Jt`D<;+*
zg7aqAgy#&|BkqM5kfNrc$_cb-h%A2#%Dfp<OAS0{vTY4rtgGdyqz!zpG?K-+_~Sgv
zzx$!0&f}V^3$Dk#Eag?9&8zo3rfQfkB0I9&!WC%P(tN~S*P;2$&|Sk4u@yLIAUPCn
zuvuQO7(*PK9@F56i4DmF%LS>}%di!o8^o1E)vs}O^%!CRAb*Wj&D1B9txg_n@b9ce
zgpYUftT;R16t`xM1mfFxkMV?oFX4_2>0*;OBYJ=15T5u2r-uihJ{x9>)&Y9JM+2t0
z_yejngfnvku6U{)dqPE|07W~bW7t>XqJ8kvwq*URSH9VkF*srX#B*I&_jnGIZRG7{
z8Pa(&rG)eoAp3aM&x#MPqk4Gik>t(Ogx{_utZFLhkTo%GJ89j=ySu!{aIk8Xx5G4O
zs0)UiR#!(r*(S|$>ohu!^6Y6VB~$L)x@Y<}HcZa<zWDb#0D@qDW@O4fDPG*XJbsw0
zPZ2v^jQkVELy)!YFq1eQCH^;KxRU?2x1ea7@<zNQ;3#Em#rdgL23bV%mkucBp_(iL
zgi9fTISnE|#CVK(ISOz^t|%;YcXe%}!}YB`>CKq>;Z{jz-E0D(288Vzbd1}{FDk^n
ziG3QH>IM2M0EuG->-5i0NV&#8{j~kieNNwHFlU?OxV)Ab&ne8eSlfhp^9;9jtS2>L
zLo>$!xaN4XA&^LovMB6Q7CF%MGoH1JzD2n?imzP9(fz4XV$lr2J8co2C}wvPUxD@0
zj3`VwsfH0Nyo6&(Q9i&V!Ex6o@i$ZV7H=&LRxTO(1wHK#YA{zCST=cp<$a~2e^oS>
zp-H&v|K~d0gz7!jqV>br<R^D^O-#B>2pZfS0M?L1P0ETRTam4iMNVQ$PsF2Cu`4wr
zGvQEVTF`Ulh5;zrXwQ@wjWOxgw9gg2@!sYX(t)R(epGscTmn02&V}g81>F);^HvE%
zu}u~U&62{kO+9GnH|%_N9M*Hbm8h9LrntkG-lZx{<~L1+c@$dw)UflM9kNCO&)aPd
zxGuduMO>mJf?EPB6rxn_kQ}0-HXPOZV%=I#=5(N@G%?!C<$kM6jb#)^M^Tfod%Q5P
zV5*x%Cy4&yVJ-k}xNU0ykD%3gEJQ%d`^kLOujZelt$!`X^NfNnG(@Wu!`jWF?G>a_
zQ}okT(o9J1x&J{_xvRvR$h<>+q>(8EOk(43L=z2N>;geNy+S#t*M~`{i=p*Q3s;!N
z_jZVaM|O5})lri+e~l?+XYqz%Y&?oUyqmaT+-hY14}3;j)mgsV$3LvYesMdyZN-(*
zxwg{y?I#7>kJTbJK{DU0kdM3u?&5_NLoiiuTSRAz(nD0xj8y^T&E0+gb+Z2|MzQku
z&SqC7HA;Yl$mM)(7pjJ>E2GW7$k~c(z-01O{c|T2Zos=G$~IMIyQ!>nJNuRwZ+d}X
zg){t7?d+s|W@8mD>pp@hi4d6v|C{XJy|c$r?tA*~;4TUe5z@l100IzjkMk#~Zj}10
z)uFbkoZuP@JzLL}29QO#I<C%cxI>be#>R2}M1$}ZKJ*#T2o#8NX|XJO{ezwve4%H$
zabM}f%IF7la-eOI^1ef633h)CEe10@fINuBms|mrLn(2l7`~&lmggNgv;d?hn9G*|
zsXz66_e0D}wuN9o)3jlBp@ys@W=t1dH#(6)LTmi0O`I2yVWZlZD{pVy+7Qm`(0ZJ3
z>tf}Z_YZxBn+BsgNh6J=^F^QiMZ^6seRlFipY8p>=(D{q`fNGAe>KnbT<o*n+`cpt
z6u^<3uOMK3OdISky=&;;V9{WN5Y7s5NOk0IY29!Opjh4PkQj$5Q3Mo0-0wuW&>zn^
z7-5b{O8yI=g+O~qOu1SYa=~wT%qfyUxs4;hv8gIPt<-)*!9XPP)n&bJFM`vgUQ@`o
zq}RDl9+hILIyu7eD8GEY<O<k02K9$v`*AruWs}OM@y(~YKz*?dOb!z98zb>fycJGf
z<L`HF<)!C{F9vN5;I#s$fCDLSh)sY42bU%kmp=Cogl2;4dxWNCPDqJy0@WaY@n#MO
z8I)Wi{r@4*2-oMY$Ou8$2l}Z&`Mk1E2o%AGbtewvvb}2gc5bKn4#Aw9&?NQ1YTf+M
z{_J|K{}FGtZF=}XZlp^I#FQDL!3E5B8=xy>%U?&Cu~5=wfpeQnd~R(kr|@~kwoBbk
zmnw%4iGFX+qmVN)5LiLI#b^iwzpfoc45BnqX$T7?C!&!ImGz9FRf%yT+z@*ER+iyj
z_ajMJibaIsVENY-g6_5#Zd=xQACk6=g?JRBz^zo0Wc`>~q)!${alEVS-&X)4t_xYB
zGI>Pi=-u?OR?w95|KaN{gW`y`Mq%R++}+(ZIKkcB9fG@i<L>SnG`PFF6WoG31cEys
zIp=%ddw<<OGgVW2chz+F>|WjLS!=MCxb3*7F$Rwi>^AsDFo>+9`2(ZjwJ6O>+8E$Q
zd6%^&oi+SH>0OvAU?nAynuPOF?oY{fT`LHZRlzAh1M3FWWV?8r7ADa%d8hQK1)xdr
zm$NgKgUgU%c)xpIcOrAC=fVl$1};2Ycb}Ug0%gpowb~iB(gg;ay2Kw#uzkgQPj@1q
zM}DUvz2#cGibw=4*k=UM+?rI-E+*_I7g*qC=UkY-l;;J$VdA#yvtK4Gs8%5(&-1nq
zxHVO2v4a<y$gHH1Nu-!jLM-d$N6R|Rz(BWWW!b&UKREk4#-vJsjMdwFG25P+Ewkv~
z0D9iwI__qg@-Wty?MDqpf?Rp~{%YpWkJ{5HrAMHktHDbATyQ;ZP8P!m^k-dIV2EmA
zVZ!H1Qy^1c-+ndDF-gM4!!n4Elo7!U4BGPE^>2HoN!-gIH%^8`M<;++%P*I&^Bev}
zpwfI_o~8k#m#C&Y`k?kdEXT^~tE(jP2Fhv74u4`Gqe7_*U`Mk-vm?p8F)Gv7T7~+H
z9WC*G3!jK6QA`DaK$WXWbyFKCxM`pY(;Zo=)IO?aV_|TyJ0;SiVgHzHk0u&;>r=}>
z_SWrKueXD|78V_b``h1oJls~Dhuh9kYOXxFrtxdpg1cgKn0TXZpA(5sxre`L7C={c
z)W9c24i#D8#fOhARWgp7FC}lR_d}#GUT{><AKu*$fpM(`4~sRDpL{m@i@7IwCJ-U(
zYsK=b<(n66xfi!F9|9!d0b;R)oOScax1H=WIMXjI4bnsSLS&SPhr~+kXR_nW)eeSS
ze4pG{vN@?M4GdME^lr7SuRApf0BWCy_@&&Qjm4t{Z$LQ#L!ne9ll{&SO0cbK!n(?F
zc6-0sn;d%<f2yx9ju)oRbIJHK{(22*AV?FFEW{ckPZP|8_m;%oR$pjL%_`Id`@6L^
z%{WcZ{Xj#LYucQ4($w1F&Yw@VPfOEjtT=wa&p=b3HXqr^E*luKC^+LU0`Tx0cXdAi
zoZ5Wm8<nZ}Nv5>ia)A@<Z=V6hsK|qfcTrFy{hb#)y}8js)plUe`<-1msm@O#*i44g
z&jdaBjqE0vzF*wkNwD~?-m{|wNtMBH0;3HVfgzsvN!Bws>L$d<cK_azf2jv9L$Tza
zFGI5*f=C{rQc=p*l7#ZIKvC?WwY?PSh)W|I1l>1=G%8K!*s)?H2Ofsqfwa{e^5XjT
zzfTE+2JfU2?kChVLbSscC9QcW+syi!`_vvOZy7n6dlZi*l?Z%F#1Uk#Xg=J?NSQk|
z2|?xw#<4O2dw@w(kQJEzel7Z~H~>L3Jqk+s8jx!W`-$NG893m75u7Y3)&wWk{}aJ2
zPuzq6Lf9DMjpza;(*0D~aAFVcuTy407aMjqp?RM5lCMKwcWaDpz$+|v_qohUgRh|d
z45?pXKwTce+dyddxzizHd!Kw!*&+>oZO>f|6nFsFkjiS}{}^1Ua{j<dmIDW*gt(!2
z2$E2MkV7)KBr<<6^V}Pjf9M-5e@^WR_G?Vo7|eCRpTMA3!=6Bep1~RDZQ%$uaHGGR
zT01YT+GZAj<{N2vYzTS%j!3u>sa1;U7rB2BZtp(ezYtD}R`-#LJPdmqQ8a=N4v>>D
znUO-O(_nE!AsYbCjp&4@g%29F)n$g?!z8CfD5ty`4EMto6Sn-~mw;snDV1&ANbQ?K
z<MZUB8bVVB<t$Hu20x)ZsxEODi<`q{<zrXY53dMmronCS6BO%b_V-2dpo&%5GFbSM
zlB-1A`Y35lk^dXS0skZ7{tt-zC@Jn~8Ge!kE8cykjFv31BJqF?Vc3d=w#0jlo#FZA
zggk?H!M>;&WQ+KUN@@U^Af+xz%y<%)u1{W208)B&YvJpd4&x9^naC6bdt?kk%82(x
zax#@U`MpBYiJiO}7gZS{yabi@ujy)qBvXhgccQ3RjPT30Wd<ipMQ(B%R@htD5xF?S
z5Cpt2J<QKAg|TwkAfn<!!C0-^fFwFeKIjT_!5v#?AjwWr4(Ra*r+a`5chnQuhKH#^
zBNko~!7DN6?e40rL>LH-l36ms>9@nt)JVB%K=y+i3O-BO>BrxJI&>}Qng49-z_MGB
zVqhqUX?1QsI&Wm&JJ+v5DUjAlv(tALI_VAe^Khy^i|ylg<!YQn6Xbo%BcqZoJP(?c
zsQw7uP=9~FRT7UB9MH(z9ND6%tLSh~30@ffz<JPQ=rkmp8vYjpz_MyN4<}W0<2Hc9
zCj={BSg2EBgOZ4u*H8ITn<>rAE``F5bOt>U5xA<|R7>5Sc5hEfXYo~SA%>GV9ZR8c
z+pw02_&B2aLQmlN3m(rxEt)C<0z%;RdD>&dQ%8_Yr)Gw2I?$OFA)a29MvcJ3uKheI
zLwDpcr#v|~E+9cr{n&9_dJv-g+T@Gr4iOmpfiB?W9)`rRExzCWRo~B<Z4Uo#&;i|}
zZz~J1n-`K=3QwX^rjjPrC6o86bBTU!bxF=QUWHL|loD61lT5B{jh57`GlX>nqC{18
zuIH{Q!gC140Ujk@Jr7Lv`VvJ+7%9{rE?;?I$eqvSS~H3~zkrZ|<A<c`Mqrf_gz+eI
z2MX8Qp{Gd7p?8EbDKkYF{IG*x)qD$h0M%MU6>DWvg1pADrfim2*16DFCwMhzY0Iq|
zr0)4y;GxvUrS!C+(blRcW|{wMtonMjQoN)JS5}Ta9SF1H>QQyvE%T8tOWstQp0Elw
zTErHqQ0i6@dsp7e{z3U9CdV9ri>J;0eRRPAo3K*oMon`OwsA7$2w?k;%hpMjMm_8k
zyn#jR!85qYjT$Q6ynkG?GEDF?>=$}fn_guve8v|`*R6_RQgNL6{Z=hjK){6bXaieH
z5xFK-7U(Uf^oRYE=0lw{(V)dzO--nFI|^~M`Y=^`z-iA;ag&9m+q#ofRymHE6Ld!U
zw~D%^t<<0}BNZcGJ<#EYkJ7fa8NJSI!f5}hqm`56EskSIh#)?O86SWM63Ln)Gvvh|
z3*lLsMtAWpNZaMPNWA~!E-{MM7ytQg``fsJ382rgYyNaH@$=&KE0wM1kj2pty0mld
zgDPF}>Zol@v|5zowz=hTznh4ZDrBHux#eKN_P>U0=UTANi(DT&TV3H}M6CRj?&8fv
zKk`}HoByX&1Cey`kDAou#PZ{VX(oY{Nosi^0|t<w-G!S)FbB=}xDw+wcje@`+Ec()
zT*#>*vO_`iaA^=SW2e`3YNB8DdNH%8s1yBq(ao1Ug{OOWG0kTD(W*~!IA$4Qw3bWE
zr+ECjk(k}5Y1qh5`ce9&n_3>ypw25<0n~tjc&-S=m0O%#rF%l?Zz9&Ykm<8ko4#FJ
zt`wK@`-o;GFsXp3+w_%D_TGR7WC-y5nkNFaDCXxETJjGqQry<4qa0CXctBmM`hk7y
zM*IDQybgL+AbhVF14-m|yeHEnd=;D>zoItxFrAA*|6n;sbn>fW#L@L(5jlu#VcfS?
z2W5Yu7C_hSRBQrEY;!2ken8^A)>6TbT!4f_y`Pa$_u3WeP1&U@eZ01i04iRw$1lqs
zLu0It3I?ZeQ@|V;or}cpyc7>9WB!8{H?oyj;8{y+ic@xFmf&{V+EetYOR+wue$MnF
zaolaB{19DZS@sf2=t3&u+0r^^wwK$F=M~cZM;5)ADkxNT%UtwgyP-FnNxsa<sJr%q
zwx*QOm7X|Be%ez2JMz!hkK82bAyo&|X2$*1r}Z`XKY@5+6?X!4MZ@eDuOTB@*5LWo
zT$XOp9o<GXyomJ%E@5&9o6AiXc=!`FmOT`*kcxO9cVqa8*ZIxW*4fv_c43)<k8*#y
z%Ob_{7QQKAKpV?!AgM7x93?&otHFtpN=eF{^?R5lKKD`sLpW-nN}1fWJUz*Ij|X9z
zndUz(G#Tb680IO)B&|NMW$q>4GrZgp&Uh>`0ryR|Y^SQ952E}9nc>9VT6#lJIi{~y
zTkb#Wdz4|v!IOodRwYk}M7{)<S6HtZ{|dZaX(Gt`!QEzEuM~wA&?5>;{$Gi><LUEH
zBD&NA)q2}wsQ;mePh|QrPyeNe^xK~l5#zrUakMEyX-IoU^O(OQ9<68a+H7FCdQM!M
z*MX+A;x;qu)ax@Rz<KL>Euyt@XaMITH1Aa}&U%(q;XAdwq69foTosN1|M!Lj($x^c
z{@KEKjk0mY41reo!s1}y#@`NjWQuVaTbCpQDNVQt3|BDf{cpD5iqe;v&FCemf%SlT
zSjguWL{c!4Qbjw6_Ia??XVx3eMwT8t=hguiPE>L}dCIqv2G1F5GhNuK;yN?2wBgo`
zv^OL_IB}<7Ey-Fg^=_^+?g#tWuPkexu!ABg3^7^P>ZcNWG1n3&;6I(fXz;?q>^aFu
zZEd@;bxPbLs^khi&Di*Yj7JW4ruD+gc`ur{2cp~eHf4eKEUgc=CBDXWwV61Db%Qkf
z_B{o6xVLUgs}Z71udO!j6Kn#L)ie0CE<E3oE%+KlyRfjAhhbSx=#jMdR)L=7t*)+T
z9;?jfzuq$TAI-p5Goq<J-m~Y|-M6a=^NC+oT^#{WCEk84twSI8D?JxAd0Si7dG}b4
zPk;7LVOkzs-|re6x&FvLKx;tH@9YR!bK%M=NJvcdsktj$`W(k>`M#bE^4lWDz2O~e
zyu22;o4KW#Uu<C-@OM3Q>o-m^<;ic><UDW=m;Sz6tuzO4at?n>9W_SqZ)zQBxVISa
z0}fD^ew#$Poa?1noA>!ZBcGldufd<Ns-&MJx1UV~I=YhP^1YqzzI%DG>t^eH9qWjD
zkih=1v!4~{y%b=Sp9<2^1svTxYWaA{ZTsw%)qAi`=iN7jJ|^DA7SZRA7GAEOZVBg)
ze;*U2Q#}CKJ?{2dYdd)P>onFceq5Q1p?RSX*wfx?Q~@D(khXd+`<q7v0-c$=JaSMS
zR~IcLC6_Kdojj+GnhFv<jG_06HWI-NoXih?JOX~smYrGhJ@;9M7PrM>4t*vhB2>Oo
zM$x^FB>hlVh8}5h0gOu)9zZSE!JfP&NDtfzdnfR`!rg`|8}|7XQd=|zUgDy5P=`bB
z6)c^JZ|yhPT2&19t_Z`qWQW{QGWBNNM#v@`imWX<Qs0wII4q31^;7pQh3qZdbb75p
z<>JB;uVlqM+V|#^9?rp@0Wy)eIZMC``pWPzv-FLr7rMnDRc`uamDz{Ttl$4&a`AC<
zozFYo((7n>ojk_RHaBzgFkhf^z;@#sg1v#lP}}H;^dL8nUr<)M?(U<>Z@>VJsdzSK
z{4KArU945pt}Mx385>9&A9PHqVyIsI>hujuy~BC=c6KQ>5TkU0De$&A#d)NjuXPM>
zc^}K2=A9xCVyd~IEfn=w?K|RkwT;IOZI4!(C5eH$DvBNju?)>=h7I1GgzD8rDg?IM
zEt(R9FGd9JZJ${LhcJ)Xy09La*qBG#@|us@k6OI(2ZAW^+lw!=vP<;nHyytelaN$!
zRH1YS^B?J>-m6Xw`WaCElR((x^<eK}(|;aa|B+Lx<B;$8%qE(ENvyHdYwq;ne7^U8
zmANaz*qMZ8J@Xw<9c=sLKTfj~+PykJCHbge1OIrTt^h_Snq66-`i>vXC}M1K435(d
z2MV8J?5<ITaq|n|gMg1lI8%u7g?Fp*2Vz>9acHiPvHQsP<Qq*>c9%g9<(<o`d<&IO
zN|PdjfSArlO~jXhoT7JVij>9Vn1?l+LfRg~l1^4B{+p1Ps|J${2WTO~589Q)q4RJc
z?8_mFKm}M!3wH|?eO`6KwR(d~>))%ugFJzt)c6{Ed$1lm+d0Q;7n@SA$f$SibVgQv
z6XYK7sIJ)P8EY&{sM%Z}<5%oX)9jF+t)EJ;mBs_i?g?rGwR49L<^NZL(tdlYC7*TX
z(e#tgfBQMM5zjBvNlr?qY$F!{!$SHTF=8I{d6j7v{91WMj^FJtwzRD=f>!?NN-S?I
zXPT+Klty2SodGH_2Z3IYv{}j|oqz?chd?b_7<AI8ZMQ}pG|o%X*J<_kDa2Gl*kH;I
z2oQU3YdTsr7L!RPK#w?$k*M%@ZLmEmL`C_HE3cGB?k<_Ais&*OE6omIqzCfG#73KZ
zog=<u(s$~Fe0VT7<<D|<dgP>-i0#CU-Jk;fT`=7b&W`(W`?dq$BjX8@HD9JHzY*Wz
zHMkJpzs+2T&402}vK~MGbu=13zb!0@6=bTDx)ML1epd@|x^wgzp1Hx!ga-QicxVm&
zU_IU+oY@K81|?-lBj-SXR&eM)u=58#wp5ztfuKT%1M4nqtoC|lO+W@|0eT`Y)9Nom
zyIe?t)6YzTO${DscF#Z;TV_w)`^;fa3PAJQm}8#Uo3YLP;3&hb1!dK7HMm1Ki2#;g
zs;y3Pm3@2;97Bl6?Fr(_{46{&|A>Ge^gILh2kER9pa9}o4Vaa~cooc0^%83ws0Ihj
z9-$e=mqycmmSlc<#56TIjGe^aZz_@tM?*z<pzb9VH;t<s!oRGE`;Z`e!ET$09J7BM
zU-n$X7YNuy|JZvT_rU2eL3j?VsqH9l%$#x(K?!o%pB!V4U&soA#_`NWZPTviTWLvy
zsrg3MLQ6Pg2bcyMH)KJzXAL-ER6}D(_e!|ktz}VkWly=&kL21tuD=s_HkH4kcRR20
zdc7HL-3(3Oyx9)iaDHJINp-yP%HoVMu&?D{Dc6Dv?oR)DL0AANzAH5%I;}%aQ=v01
zPU-$+4>>$hVT&v~l<%P^39Ya}Q6-xTRE*oQN^_1O0D8J&hcv#0;=ZM$Aq(=z4BPxD
zAY2otm_5+Q75!OTGWrI<t#1*F%@Bs+WW5#UslhVX)$-3Tn4eQWGxotzRDMg(%kXcf
z;bi@u!F=l*iI3f_hCz}mspesU)QT}cjVF~+4VSTrM8Y%2-ef#C&G`|>&V+hSvRNh0
zL=cc|3`~gTui<v7p!V4RLy2BT^oTo6VDk3=F^Pwx|1pW6G3;>%+-<dN;jnU0EybdX
z|4gC~5>1`_CrM1Wf`N16k@#wIga!}xSx#7v+nBtD3@#}v0iT=O$urobs~PE?JL6n7
z8krcb&VgGF8oUiV{bEN92gyJVJBV7;RX78f#R@!zZbC|FIqVd*B@t*6qyFjo9S}qD
zS$pnzw%*RRJ{O&lq@YO%1dTy7ljL8wOkTt6sAIsUhX|kwq3|b)mE(r{So{jvL|74h
z4ii@N-|EBbP6aa>aMO7&=q%O&-=V9gF+5#P*aSJKil|B(RR>w=&0dy*cD9XdPBO&|
zW&4KCp2FFd9QefU_U9M4?!a*&JSG*?BevGuBT=Z3IP)HEZahyr;6hKyl<%^~_P&1K
zb&+j_Z%jlkERNG{XNVkcnWxN(LzRJw_9Sasq!OSlEq(aC(6La@-kwT}1gZ$W;L&#!
zprh3z-b^uPy2NF`L!SwSSUk);GWwF>sp66RUs<T{{Plljp_k65EOh=~Sx7%(1^f>!
zG)ZV+AZ9!LVOIEjb!EH4P@`+PK>d>dVJ!x7GZl`CA(G1Wn=2p9ur@eM6xlbHm@?{5
zUU=};|2|+f2;5`<0jQo34zx@W@~-q)b`H<OfPTT=ErtAAIw+WC$@Yspt~RE2V$ZlJ
zWIXxt@0AWe`LBeH-Sc=jAOnjTF7R={lUlGWVI6i4`TDob2n+q!`MNhqfkJ|OoZRy-
z>7(o6X!7UNpO5@K7PA)f42vlD;z?pjs35pOB$la!CWBk#QeP+3tuH?WWdw0*6;0+Q
zN_-L6+oX7hQcsO#=~sii!<$Jy?60WP2s%SG!~IB6M8Ky=tcI78fRT(PmlMbnlh#=G
z``R%uwB{W5VC$Huv}0v%^J4mP5JD0boNBVK1F69tq%1VGyfJ2+YK8&{?_+!$eE~sZ
zxW!HT0mwoK-){Lpzsrx3(l~9yDH6N}BYoRPUB)idg{PRv3pxFJQUao>UZ_&|xD9dn
zn)a$irrKLSb|{OQ2H<}XWCy?pqx&{|o41jz!}(*W15P9M1M}_hqA{z=cl?sq<Cwvm
z8_jI&KILfTgNgPF&MZ!82l<df?)MH3z4T%G%%<?7(MRV(2Kqd};N{I7Z?k)Vo#PjT
zvO_;g>zCpj=je<}k4;-LP8W<Z!T7!z1+duMMg{C3jD8AdCx8mCLbN=?GA~{a-$D7X
z-{-}+%>3By^l!;mN#)nP<P1+zMZ&H2VMG=huPd5xUpZ$6ah<2y+F1}CD)Q^J$Q%z7
zM#jQ);fz)Z<|NkXN7}l`sCiMBLdobj%}%H3FRz%W{wG?Vn6!bBPY^#yCLGN92zhpB
zPC*d|9h84aTL2Bvw7s$xt&WPM(v|nF-v+GM<envK&d|u-(9d4-=L%(Em^``+tWsve
zNV!ol=yfC07-`rEdq5_%-$%MroxmYnWjer7e@M1NJ{o9O2dHuifo1Z!3n^+Y*~UZ5
zx8sq3D&+E#P-kDNO9tw#bs>NKtH~)Mn9w>FU%Fj?;0R<2#^R2m{@lC^9!X0#C7;~M
z&X$dcNb7x9$ayb6yK_?u<f84RmGJ^M9uY{-N+vug_Pb{#S=`DsDvo`GQgCc^3vm1g
z4Ea9@N!0!a7z(LbX#I~bT>SKfF2!H4aK%OvKYgL@r!TyrTP3tE1$V~I90ypwwi#v9
zY#|lh+gQ0ivo}PzSDU?L>siFuw}Q3t2{rse`&}8cZBsG|r8~ZZLlB3Up2f>)i;Gb!
zGVLP$)ie4lnfuS^Rd58vR*pO!%A9Oo_n7tdbtus^4$SHhn@yJ4fd>UCzAw4Iw8*0W
zMomN8bzmk2SB<zCv#My81hfDS-`>z24n2fhM1nE6c1qnPif)a`7tYWywWcq62{VcB
zyiQ1%GvnkZGfqBu6uwx&TI_$qLd%y=SUB6swom^WFlA5bQ+3WU&q9s+3a%&NEWm%h
zy)8{}VDn1if58wT96Fr(Si^$P0dL~s^XkRnec@@)Fc^0DtoYPB5(RYs?MF()_snp|
zuOwNQtOBF*BgdJ`GHKwPAN&yzamj*Xfvl&#)X?<tJ5;5`vN3T&?7J5<vP&Au!)+lv
zI;LDBtGs@*W1=_c#5i9>29;JA-H!eD{CH_PaEixQA1GK}f(BMO^%AMhpcKnQW;xA;
z>+!Fit0hv?Qh)z_0LaxR7WZzAe<exz9CX#@H6Q#v@p&sEf_~sdtDzFMG6~*f=h8lx
zujP+<(H&92``Bu6$~CY$F2FW5E`3L(3V30%KI+i;DO(ml2F)ze`6V(q6`vVYS5txC
z5*3{6*j!1^_1K8zr6k!DAE9~iv*%I0RxR+AH!9!s9i1)$KIBo4(wjZHu1MgYo4@dk
zO-LCAR&fQG(vGChs2csu0&O03EdOo(>2veeetw$+(kDH-#WN$v0>Xd)8Ah8{<qsyE
zH*<Zw&R?&88GP4^rfO6_r0?jMgziSF@3gf*n3ljE6_j3&c0!!!hI*7=>4x&oZHgZ?
zB0p#V^d1NIBk8|2=sk~`LAzLt44O3WDZ2(V@22Me8LLq67y{R>5eXDO4vieCzrI$)
zr;G!uv;vpS6DhwHj^8Fbia#mj{U?Q7`$r+~pK_Gxd_Ps=?w<46OL7*sM#abXpMGQ3
zsT!YoBiPaWjd5a49Ec`7h;zFGg1>;>L5ky*aZJ#~D8b5%2@Q-wzn<tn@#u9i$@F(&
zWsDRDs|cdJWxfW~B&E$KMRsiptst)>wr;i!#uN?4F6{THG;TF*7iF_0?q{K;_3_z$
zT79kD<TBRnu*;IP8Tb!7uV$Au-POi(bf|LgSPqp44N?Ujstw3CND1uvY2ZKQl=OKA
zZ#|;9UgeycU&<_6k3Rb<7(!<!z=>+Fh$C-ZGcp}YLQ~pQ{mG#9o>4tt+V6GX5o`Hu
z@Pz<pIzu+T=@?Nig7C#gqL<-h3vtEJ0uw&0^vYZzz}(H26^}f`u@bCu16AwkV2e;~
zGP2T`uA<9iS?WMH>Ux_OkWNJ7?Bj;^VAzYgq4*9;ApqJFQ4<8mq^(dd3~%SrJ7BSW
zsKPksc`jXJ@dYaj8Qhpj!NKw19(6UcWaU`BPer7_S%f4>#Bt-8Vy~pMmb)<hR^Ha^
z&6bYLDdrKq(isvw2$(d(*3IEu@sBW;PyLY!Wvn}AV*v$|<Cf<D975XHq^RI%;^bR0
zkl|^9hMESZ!PB%1t9Y}uYaToue$-lK0H6oDKk#RDe)zp>J(*lw4b1f&AICL$;A|CO
zA=yTMb&o8E-01p3zVT>+Kz4nRR>TBUmbV5p1jQAZY>aImyWEbfnXMou%tN^xwo*Ct
zbX+^H(0X>rRr^8%Run(y>~^v=V?a%gRB^CrFl0rjV@IANb<N@~zWZ@^6~OveL<?7d
zgy4Ryp*63TlHL(|BeSg%8`)*hT3X@3Nxo6~$vH{y75fy;NX0tg36nlY6@!pq#Q5tE
zG>LnrVFDyu*9>cWgL)iXBoPKHHs!HPq;7@k*f&Ox?{M&EKrCaEDr+rnk<13P?qtl*
zAC(fsL1jH4B(-i1L7rIKlGX^Lmb>4b1x^E`4Jb`3ty@*7yj=@^=-VY|-_DT7|M1)P
z#ucq;h}|$Dc&E@%ph2j4(gZPb%>{i};|_P9343gU7ZBfe;36ia{vu^nBiTbv37Cx(
zsXGHq16#9JfUDcVGwA5+0WuRuACrNdtQ2B*V8!a96dF(Ss#!n~Gde`MM;#C4vV<vR
zr=BKed7csp_vlsHkWe!I#!Vn}bma@tByUL-ng!BO7GZtrj_MZ#O^jv^d4jF-GkX7H
z)+upSP4%cju)8~%4YOlI?%GN+;;;;3`Uw9{EvU~{1W2YzOHSEmEF2qRCo3J3Rx4sF
zqIF0NBO;-KD5N9@uf%a{er5Y!t=BCJ-~JwW_x*yHRM(u<$vm<*92kp!M2%$dwK?16
zM~m`>a+SJab(_-g0bP`ymrTgI9S_w1v(_$A4FVCxFZ|vZi1QvDR^6%j^J#g7f-zYJ
zgR8jO6fLO}M`2v0wY}}nrL*(q)}oS5anh9uA@K1ozvmV(-`eGbE08juK1tH<>MLnJ
zOGR%hU=%(Z5}S4X9z-zg$YF}HF3>#CnnSa^F3>%YZh>NGXkKU`ZGk1GilF{2kf&W-
z=HUL<4x+IsHDLx9tiG%c95_uLKfJgEER=;ADs*P4jm7=1u%Vy*8g=7mI_XYX>#z}B
zSHN*2>7|FW$Cm=#-9EbwLI1Qu9OmV(?&Xhzo5v})Y^6pJWe!9hVE(Y#QyU>Z5O~kq
zgNC_>4f8EQ?%S5r4<Z7;!3jKq%PUp<Ld`Yi-(o&qOkxV(Mu>i^gTJ@bz0Ds2BD@TL
z?k>nsW$JN+`!fS@f(~-RI)3a)7ku~q(hsnoUuBtT&7KTjYVW=0|Git!6JSa8XSB3L
zG1M~mYy>NI?Bpv*Q&b%;V!V)v!-y6kM#Mo+b#7CU-Tm$U%(#ihgq)Ma<}xD@+JGtX
z#*({2$N7e|TcTinNYT#}+_coZ?(ip*vm~VC7)G!VzI)99CQH+nD>y_057FpkF%$^8
z4&=b!r4#E^_i9E6Ym~f4#Y3dY7jPRWSb(ihM1XEf;k9;c+7X1S;lNkNLuB$C5K^w>
z>kAz)@gYN6aUB(=w<y%}S}rh6QXtm+c<(^W3DgUlwp!jPcO#f4m{>?d>%8LS;>+NM
zqE~-U5}Dtt9HDjdJI@J~FA=<aeFS(B$iM1^vua$)u4E*67W5AKd${nkHK!m!h$$2H
zWKtun=sD<O=@z#ZmL6wTd9-F;=*U2BPLaI(z)xTeEy6qR(BQ(CVMSOowHP@t_BIE+
zY{2*abTAimc?I|`Ww_s^cINuF_irtdH8Nv16Bm1_#WrrQ3GaUy?G_w8O#-ayb31e`
z&Q@<cg##}ZffvXwE=8Uh)_QZLFQ(ON`t}EL#Q+^}K2DV7q5ote^JKDj|FxMqZ;EK$
zGh2WI@^<9eL}qn0<<aC|iL-JsMIaUPbC|~aO4@l`3Ob#_c3g_K7k}^H%n+ej(bC4f
zrhofM=;J+h*)CwOsly5A<WJed;NYm9b4r0HpLVV^ei*rLbz>8Adk`4hlTHc<zDHcK
zHnpF*O{RI+w55YSZz{D&J=may)4A!R3x^--Z9S6|YCh9kiZ(^8^QGDyw-toA8gwy_
zJfUmJghteo_0`4Ms89EpW>=n!Fy{T9Q;T2SBLszfsv6>NjS3LIsh;rr2~GHM4H_@1
zxO6Z?`_-R9H(vRF{VUDromcrcsn}eem$8I6)=++Bj8?UKg<e}S+mm5mGOGLbR!D@u
zHHxmIH@FC3LO}CF@5It`hU>)o!0@mScwl_h+wQ_kqOj0|ENmyt4onKONCf+lmxO02
z1+ct4Xu>$+2Ke43CHtQ}{9+>ZCi<Bc?*>|kMf@BEHJ3C(#zlONAZmXBRajcvO&8uh
zS9hW$czYN7GtdgO@TMO!T;KmV48E|2M%@Wyj<Xl08Dz0x4JFaS7QVt>k`<cU>owoY
z8?x*-qu^bq;9VSXK#}R>@!;6YxRcLHClCmo+WP=mbT(E_P1~Hu+5USv`RD>Guo|h#
zJMv|GP)s*nLb`vYT^gPuZ|6jOUj>1p4eRTAf~=Jaj{2ArvLTfT_Brg6#iSHbWILOx
z);0hhv{xz_)62ET6J)PAkRc}&4l!#NhAr|)gvy`>HUYB66@cI%l1`A;DNU_?3t;PI
zGI;kdzjcGS6D~X-?za3iVDgYXyNN==I!@M`reP|=yjlDGO{Pd7OV$wdEo)rj@iG*N
ze?l42G(A&?*4iq8`Uji%ST6R~u|^(L@q&8sV&~VirG`n-syv1nBu!$cN;B?a>}VpU
zmp;Wv+$}V*qQo~(__s@{a;qO4`T%x|=2oWwNfibr)HcaJm7T33O*u>b8#Ob>Ycy`P
zSTKhJpF$HT{c}!f7HlN)O2{3_1VpVoed5HIb9<WEizV?ec_WwY57?GlFeQV>4#5RZ
z;e{j#QZDp!1SR{+(6WEWtgw4d=|l<n?k=`0&?=zp^OzOt6Q71fm(|b!>P~_SErH<8
zy-N++=!q8g(N+HrT7=i@ikCTL^KY8kyUyA>=R=_vx*P+aJZ+fyjrQuBz`EQ01vCua
z89bRwQ|asJn~`6|0$lEt4`R||5dmQ`<BTFox_Ap|%-mkNyu?(JVd+qTr?E81gSE_2
zR=cf&3&uv2ldx?$o+5w+q;N!d_lAnMybo40YZyPVsvTE&>q~tY%qV957os365iH6W
zsY#q_#oK6ib5Qz31R>Y%B{Ir{R0~vlDLYM`k3=FkYJxENEi{w;)HM^#VQ$fih@F^j
z#_e|8CmkFVJ^8y|(H7Ee>;hPu(eh`}GiA{S16*8e>x_C=Myf!)cqG;A-#+kSL>lft
zBIUBQ82!MjAWxla<k75@JL3mAH;D%l35a};vFX(>>to^grNEM5DS9}Ssr7-bxjCd?
zMm_v53-hBG$cjBBvtnhBn5}w5G<G#%=%rY6yXpd<>iC}>93`TdcBo;bpJ-&pv#5xD
zq8+98dH5YJPaA=?ms3)72T1LA)Y)t8HCHb6cEO1;(1L?85u~y=Z;=V!j)DW4%FD=9
zdlzgk^hTd9k+OX4{DV%1fK)7tCz7HA>&O)R*=xD!CmsKNErc&pE*wx}oa7ln#NYhl
zJ3GM0FENQdyNRDH(K~nDmfS5I_NEPk4VX1^vjYo_A3TAegH2hX-@fmLZ7^r3Ba>2j
zvCNnexW9+YWr989MVe4QRLlV{Q$yL9ZpfoV&y0foaL8+q-|)KTdVAA8yS&2-L>)pQ
zK5m7Qzps@s;6V9V4i%?@51@ZeDDq9q`9VgRn~KJ6KYqh*pkC<q-`z<zVvchQo5bI8
zNH67l0UHK#0{W+$v3aB1i>}&d$#{h?I8Y104`HUdlIQ!}eH!5Xk-G9*Kz7vDLXU86
zYB*fQ`&wOae|znr*25G1?0(rLp7$Ln<ycc|HsuvP#d)B70wriesl}>V)o?cTO#hOv
ziWC@++?a#}5BBllVnn#(#b0;A%xs7vMgWrKZ#4^OT9LKt8Zk)Lm!SkyObBqc;8Y&z
z>GLwlLWPVOnk4l><9``=KmN@|lIvILn|*wAr~SMf%Z_4Z<RD3+gpDt0<Pe_12#>h$
z505w&M24SpZ{~3P$IL;}$X6q1Kpc8pf`zNnJswLHE(n}S7aJcoXn+I{e+ixL2?w78
z^jkAf%WK+1MLxH=@~4($41fRR?>d1O-8o`c|DX7@O;998&T2U(8?TT4hEPiLoU#?~
z-zA~?B`}v=*eV0?n0;rXGFw4+#QC0i@Za3Q#F!o0psO1HFl5D2GoiKOk1WHeikP|n
zEj>ed=qu0<rw}Q9W)3}0BGSfxg>6GTQPPb8cH1+Mw(thH&K^R)6%E3G#X|~Ceg_XF
zUvUKyjnC<o&~#@Nt0aUr6wv`=1b$=ELI|#u)uM2(pa}0$4Q3B?HbNBxKAuDT13|wA
zpW_6Kx8AQ$<LdqI8f;Kjf=B8_i7&_<;(jHHttG_3Mo9bQEdLsX#$k~#N#Sopn)Q1H
zD6}COzC3&Ugc`CzcXh_P5$%i_;~?%>&Q=)n`UJjC4$U`EedwuQ7x@PcKkmp$v4M%6
zzssUMW)ee2oJ5V4)n*I*`ZMdKN(Pn*)cu?1Lxdz6<2yQJ!a@Mb_>-?TIge#HI`?nY
zsvRdL<_9q6&li!tjU*~+E|GHt=S$!swC&##dDuNScB;hua3|mRxkR>oE|G`&hJV7M
z+x}hFdN(*BpqqQw8`e-0k8Pt{{;iN&UaubBRqbF7HEM8!-<Ss9Fz?EoM?Q`-J-9r_
z!e9D3(byMHC`B(D`Zu&X=D&N?pJbf9tth#>^r!jr@@gL+<=LT7#mNH|;lT=nwB_;Z
zwefIKy$#G~w9NTgjPkyLCR11yxFQmMLgsDy6!CWHlR8_(h`z*y@4*9Tt#vHNL;xA2
zI2OMoV~rL_PTidXv2c7`!G!S<MBrfP?2D~<(f26#;LZ8MX{z0+hV!3!H8Tn<gFd$$
z-<tX8eB8aBcIJmR>wf{p+LK}k7F)~fXGm%820K_aEk>13wf!l!xec+yE0?||w;1yX
z$=l`H$7sHiG!P1l!lflr7~1>@njQoev26Lp;lU+7Dpi08Rk|rvlCY|b3br<8DOIY3
z`i{JePn07$+E{&MJ)Zx1)t%FrSu)+#1!?w+{LTgz+VmlmLlI!$3)Q=6MMT!C2jR<v
zY^UEY*g6JEvH?ehxv=sO>bP8Ci8udD>`wd8(Z7L5XhsNmtp7kvbBw9T$)qc|3Ax}q
zs`#*0NC92z9klm|Dd=t{Ba9mXRR!*9FZ&hC^BI2o&l+uOhkEa38)UPi&$)7*7uO5y
ztheL+Sd*IfVLsr_pp(9=Pk8*cMn$%MfyWV)nBx$EynY?Tb?r;LeG1dJ1dT6bB(y;x
zX#1$Nfd2*>Tp^v3=i~e9L3hA3Z(ooDRU99$ud6M(iOuApf*+U6+Mj~V!gpShy)N}>
z26^q><@xXK{qA8)RMuwSh0dG|)uY6a%PUtUL06~%Y7Ky6njL8xrJZ>lfKJYf(U163
z+;l0VcHSD!f_JbH4yMDu77ivWg_`&rte=tC=Do(hmI$j~K372T<2O-o4kn&88VqmD
zOAg8TR4ip2xKWKKJ-W;13@pZfGx#lFy!GZ1C8CoTM=osh&nhuRshw?|kG)h1+eYWi
zLG+dZ4WZ>bu=Z)V_Ct{Ly@^SH38zthnzyaubOyh%+C1v=84k2c1b^jPius1wtBn`m
zI2{^tx*EA#+PJqax*)LU#l^;O(A6HrZrFlSaGd}i`__2nJ{udmfFN{Hg2+0JIQxRa
z(3&7Eojse4<FRx!Xa_9{0hz3kM4y0_QKbUlN6LTRJK18IL9XiVZhL&%J=~pN9r|O@
zgdSTdzU68g94#dMmr%CVlnGNDo>x7+g<SkGSP0+7YtVxFNn?4S@VlB^@y(B8XO#NR
z-aND#v`6RaUZ()Uy&kY{jI(<oJ#e=kY`0vV$bw=Xz_FvR#4Xq7?wZ@1nuduBBCG*C
z`O#e9Zqu<o$AW$1x48BA++W~co#$5_2sYV6UcpyOoMADX6q!*VzEHJ}CKxsw)P{SV
zhI_oR;l2*gTYhXd6Q&5yIE39c5Zv652VmBG&Jb-04E=aBL_)FVe{Y}QIm7pOcy4W&
zsm86^uK1$Y=#*_gn>2ut6V^kbKLecL9b2QlSqk9p`#AG;?EdTwSUMpa)34?1hF|zy
zjdixDg~#b3OWB=Ff6J5g77q*T*BcJw?G6RH_oqkjGkHuQ@Tt$MS4Z1-iD^qq&0iCw
z-Hmo8<EMO&?U|?-*MGw0Zm5z}w4ed6=6gz+ZemXQAugX$fh5Or6T6cQSqfkh_KPWx
zZTbW=?QEFg+@FBprZ^dTL3|j(U;6mK*e9s5hKMGpC8A%sSGs@#Ng{zgNu}5eyARL+
zr(1B(eCrm@`|orA8?LK|%rF_D7XKd49k6%C?aQFho@ERM?%q$JbI{V)|9MByw-hr~
zcO@5bNGg{HiuqeNB!m-=9^h*^COUTj&f)~-puHKd;?kl6si^XFwWrKu134QgJa3+g
zwkP9wlmqPS0iiH+M_e%lE0O*U`rNP9KX`90xLFt=euA@d{Gq7}g#Af3SfZeaH5dnv
z4SOC}Zi^NKsz5L4Mi0S(bc({#*B4}1{WqO>!H7j%(;sDbrjx`48mJ33J)FHH#s-HM
zy~cZJ5f9VFB%jFo)Uh(9=0w{#9c~c1c2Gr88`FQ^9Tg2n8P`yx4O01)A(#Kkb$=lz
zi`OegxK<1oKH1Nf?V&!ijjonC_wkGzyTi>fNgR`V0i}ea{w*zGx}VedFYLgTD5p|u
z7>?Xe&~dwXpO?Y}e(#1b81FP?(y-n|zkr5~*9ruxinCLWxFp^+%DnD-e2yszM@J2z
z2}Cam*F5P*7eX9EPvDc@Rk8v~!VhCh!oU7;=Mb}T8~4Fi8O)^e5o%!;yXp_2DP$JI
zZ=^B)_w&b3le>zyokY>Hji85~nwmn%LY)#T<Og>awFXkS3)Rxeu305~+@fcTl51E&
z={s$TM4e#AA(y-k#Us?4W$nKKMZqp(66q&|1pClV4Eel#U@vos<hwCw#}3eUlv>x*
z7y%9nSLiyFZ(6;R7|yuy7Ud*h(Q^}8hsVnM3%>oau?MhixWX+-{H~P=BD$rQxP)+?
zvHQ#?CC06&f)PitX30A}@1f#Qt|u}kGL?OGl!Q5#ehcMBKImqpTKMHKRx=YtAJInS
zC8w<)bAlUztnTj$)e!=)Nbg|maVj3L3w(ca^1O&u0`6X!Z{%BgC*daf)Z72__BV;b
z;}_TsbJCN?1K2iJ!?mXgC_qq9C6=%d(k4byH!Cw@<mkC8uiX<QFE=m4?iv|-J}Z#6
z9Kv#%5Uo_z=$%sOViZjpW*RNM3+>_eJCCKJp@@a{a}kMA$`XQ$Gl|wlTS9SxGeQ51
z?}}he7KHGMmM|E2@rpP?rkYtKzOz%-<GXTjO4v$&#Y%X_a`hrA1-L6Z#_<;!CY89e
ziukdAhwD#)9qIu`II#jhe#<nAQ5@y#8f}`}MV*?--2I8F6EnJpN#E+`oRt&sceU}f
zNH&h@r$SpcX`{ne{;57Tl7~63u-#u9uNbrC<mu1RfrQboj&m}@Cvde_mz$n5h7^tB
zqowne3&+&>3EVMO9GE2v9<b3S;l$^=8|ycVXxi?T=_+sO%80x<gRMh$3$S3ew;{Zz
z4c-yq!m(AItpQ97J0J7h4YFN2MsbZwgk?tTQ?VxDc^kizBM?Mgrmb_c!YkEwKr?z9
zaf9;Z>~3Y@mibS%5G&#4k;67f{MFRP38gja>(>i`y2dDN1%3rXBE;nO6BQUmy-{da
zMvD#hy$r7WF^zw+PoK|^B<_(m(wz*cD`8$Dr{OE8qcjVV`nH?f#&KTBtz((Fnn8QI
z*e^Zs@r{=*hBP}$Us)2px$<BUC!#-9ZKYoHq(4;*aV#}ukm%~QOF&0m`*m8*M$2;J
z(q>`}KGOqV2UyCijnCIvsrT6V&kV%1)TU~SvANVHlIG?ZCAyz#32)^cZA#Yvu9HhW
zWjC)}G1^^f;#K-a3*)P0cWCU}9r;Fi;5|&=E~T8_#}*g85232`n=LN8kb{<H-H2YV
z3d2!atUXsA24S|_BqZ3@ufjvzio82t)~nvP1OR0B(Y#~Hu;}P=1*rQ;Bx*SQp}-oU
zpm3>+-tBdbs%P*Ii#B1qsss}V=B<QjErJ!~C{za3?(>H9v9q}gZ7>xxK3ez;VcC7d
zUy0`SPQs_xuuFqZer99=P>i0?;l8h#ULJd5>;bMqS*zox6g@tI%{3IO8mQtw<meSA
z&jCm(utsQ-w9px;zeL$+_iVpqLT56eA?OF1-{n%8{Q^IR`mya0{1`Vt2Oc^FR?c*m
z&>rI-pu9b%pFxSnyA9)N24ay{w-Y9%BvHZwP`JOG?2rlVk{6abc*mY0kW=~eLqLHW
z-v6{j2rFLZALqJh!sMWygN7v{NqG2y(E^awbDDcB1R&LtDU{Q<^Y9xd4i1}O`BmJa
z940U?K+d_d*I(iDt3bJ#ZtyqRJnC!m94L$MnyWH)eaT{}*5rPY_?;JQt%H-7w@^%w
z$vvMnKDnW0_BZ<2>PJbmYBs(PtDXyb!5gfMMPPqaSM$;sNBI4(Un(#<mNm7X$wb_l
zX;{q_X_XI*=3f~9P8;>-ew$)3<Z-gP1_QtW6o~ksgQo~7FfDK}qUQD!k#a0Q=Ypqz
zGuP$YyO>f`R)8bz3@9K^dC^0lz#{~Rh7{`=Z;6jFLs9ixnUm2&6Gb?ZD;cz%z9v_~
zt=Je*j@igdlFe1PPLkuHO^KDgi{)&OSW=c(u_i6RvPn&wC9Z3274#ug(nCGAHq3eO
z0C4gI?qCB~i40U@ZPXgt7a2P8R;$-t_fGUwHfpu!S_@>wD7VK!EJvxy-R2qCv&@)y
zDE0?jgRZr!lhQ1;n;A66$zv-Hvbq8>mjz=(u&<)AHOwOEqu`;?#DNKzbo*{rzC{t+
zk*AxierM4-I)s~kPIzb8#OS!Q;IdZxfT3`Lo|E0=+rd*eB^z(;c05dWcK&_@26}V+
z$Qbx=hmmDs`2y)R>1Ty-mmRi7NAVx&mS*y6kAuv<sF<T?t<K!$C{Hf&zNh+Jc|Ud4
zC&<+5Z)q4RWnCmqZfSC>D=slq&<)$n2VzAihY(TcMyIMCdCzw}G!vpM@P4Yx0AkN*
z@h`6=akv_L%iSdD><N#qWWhA;z;tEKn7v8EjO*b8N@u=Z_XIe(laTaP#gpt2nBi4D
zPw<PNj#f|1lK$hZD0Yl$v~V_0A=|FYY9l5a*V9$;K2qz<M-6Pqym4wx&2G0A9}JD)
z*um?RLF%jMZh;AnO!raB)S9n<0QY7eTPOp**aK_1W64<tdV@{}qbFK=18CbPZH>l#
zi>EaZtM%c>l*PhPdA0S8$0nLN-ThNGX1_%ZoSxH=zjWq%%k20~g7y0Sr4pS=N2xQ(
z*J(CS((<BhlczHq*J?AVmv>kuPpkp%kE6*o@R+1Z^a!1YCXojLZseN6z@KlgrieI^
z43)ywSadJJJR(@)dOrTW$)Vt}JG}}yNvt;4f-&~Qp`)`UwP#X<$fsfUc#pj;+c$zH
zFhgbXmk7;&Uj5};zM2(ZWiE{q*lMHv_TXWwB6fQ^a_RM6CMjmBnP%eG-O%&#EKXpm
z;Wx<3+qFNyRkWyV8{nD{0wA#@aYRmhJzafWy&s+qch3$=JED5FvVZI8`#xX8GN8?d
z-&*+@dIZdnYiSbv489LgQT;B^N@gh6Mm?CTZsQaErmaq^8|ACQz{r0xT8Kk}R%CBk
zDA5?7EzX4!qq|Bu{Ne3ykPG=eN``L+D<h5Wz{26lnK6a2RZ&{t6wup?4R|1jrWrk6
zO84PKOR{f@{aYwc4*%J<86+F7_sJ0CXnzhwZSM_q+EUpLt(W`ratwMjC65pX&Q;@S
z{29{sW?(Ub9DzCTTl9K<#z17-ollM)cpKb5jZj2&xA5J6CtEP?-r;Od$EdYB7xm^i
z59bKXg^3+MQHV^B0o>FYntK@{(=j$*wmewk8$^iId#6J!`|m$*z3H%uKTKppai10)
zCIM~SfRwM!)UOw7#KJ7j!^q@_ccbx}p3J4`onmC>xi5ylp>ppK-a<kGoeyT6LIjt!
z2e@CLd}fV_0A`<EJVbEv@-|oFT<F9l)}_i3iBuduA2;Vdpm#qll!D24Q~`kqD?<zx
zgqvW@7u}(C?F<u!`9*`c7ZR-V$~^$YJ`{wC-E~3rAq<4mP1OHiG!FV(HUhwh@R$Nm
z&etLC{d`Ucf(3IWMAmy2nX21>TIsI23H2~#B@Z#j!7<|d@5V;a7pm3X8RO47y~9?v
z<CgPhKTCkRvS&SmvychrN=}}?tub>3|H{@3?)ESW)aPmC%7Vva;OMVIVBJo<e3Yyh
zqv7NX;UnuVoPst;7(X7_Wi9?bwo_QP!G^8~j;8VtbX&7Dex2{f**17&4DglC_BcP(
zFI91`J~9`bLa6&g9@BqqQnKYCnsbQ6yp`iYJaz%));dAlEZ^WtM%=J#`^)x+B}i(?
zUb9Af_2YK8YVQq@jLTtosu<>LCQKoW9MDnF#O0(I>MgBbQ?UJ4WUMt|CBz4Hc07N!
zgex})jh}wT^ZoH;d<=J6ySirP<?7U(3TN6FQTj~85ziDUU*w+D>G31_`;)#iQIjU3
zqeubDN{14$oK8Mht|+SHcLpe`qL_Z3FhB=PDS!_HTw8=nB)yTmP7$EIe@5TpkDR<s
z-w^wI4kNT?8Ib+-TLmBCf<N+6-d)9HVqrdT6$d%C{nTYh@w?l&TYLU36(@B8FD8TP
z*>fLJ5?%@NIJl+!a>g%W_-`BeZ=Y!c0LhNVHGSgOvO%G~#GuNn)Cx5pktlE%o%Ga!
z1Tv$LW!CMeFr{PVF)Ki0@!s!cbFzr&qTjqmxWj4lkan|8cNSekgF%EBQtCboWBFl=
z*7?j}G_Uo*;?xp=hI`Yt3qe>mqQHucH%)z4_6Tb-AEz5D|Fc2h%@jwX{-6y70Pp0S
z5+%Og(z@QcT4WtL`U<1-i_!iddGbWNdvEs|;jp;OiqzbW8VLrxNQOm!oV8VqUWE}*
zO=TRfb1(n1^c|GgU}FGPt=1hPl5BX_anP0r9v&M}S$fzx?ines24(6SehCq35Sq9P
z5^qO#cucol+>JD|oY6acpk~oHfDQib_c$^|9M9Hh|0o$kK`yL|T_k}tX#O809Kn$;
zqZx~S@?p#jCJim-l2nP%mB<AQtdh`pGGaETqUBIIp^+BK)+TI9*>8CmWcb2C3F1*W
zp__j<A`S-95&6dTahhk0uks56f{=)=VA!EdRN=yi!(~Ze>4`#7zJ~i70K?cp@COE@
zgh>@CdMM(nX{dJkt8w(@ZN5DIIep8i?F#l|lEI2Ky9d?k7e73-OAEsw^_%=PXuRh6
zKsBmr_=er?T7Rci*ZHUsg;CXLKmEO`ZWV6j3I2oj)sL;!hHOoykJS~{#y`dOXB2D&
zr1CHvmZVldG6AA;bCasnE?|lye1IY^c#@v6vIRDKB%|e9+Eh`y*IWJI^;)xh4xPbL
zwU_#HBv9PURb9=NnyTK`-3d{D*`ZdSibE)3?OTf(jW-<K6+CnAGc0^93{^HBl!w>-
zPG%cSZj5>EjWJ8_esog2R{$s}R4aDZxgv{T`t+{@SAR4f`}7(CJiw>uIC`~A9%6K)
zyQsZ_LtW6v$_5;V+P!K8%Dps=h+l7mfsUcwmC;Jj-3DizSQwJY|ATEo3PVEc9=R`%
z3!U0X?6WzOCN;S9tD$I3%w@!K0bnbjrGf^Y50ZuAeW`$If-<mN=(H+d1`Sm!^!b;e
z+os+44iwShtgB&|{~t@&7@Y~zEMwan+qP}nwrxGJZQI${wl=nHI~#3s^M2?4pFdM)
zx@)?tdS(aE$vAiZ3G9xFWt+)?93_JIj_&-6k;_@Z49~hKy_0K*OHk8W{iYvncG>za
zVR<b&>}@u4HZ6LL-Y*~snk<$upaw>NXzS7hWz|o_>VB_fqs3xd#3AMkoL-Q=Bo9pG
z(yb+ivK741y<%LOPX)T}7G6sSkLC#)yN{-^HRJ{0pV0Em$}7|&xZ=4FqD7O?A|k%B
zl0w}@Vk0wyJ_epgcivzEG23dl!U8snP1D~*Om1zzx4!HcF|p?7KX4p#c)@@nA|ubM
zbdLm5hz}IjiuHZ2$i$kl{Ek)r?9Y4p&O*RSx!X6wnUfz3%tfSkE<mBL$4L%Qx->Vo
z0oex(K6|q9a-1k)%eSBn#MjNW37t>U*rJ`3O9v?_zFWWYl<sQgcJTNH?80WGfaMe|
zWc;nNwl1+tgZ6q1+nT|xm`U>A#vYgo7T`=d_J%PKpl{|Zo%=`@J@kl__|qWNO_za^
zn6e*@W8M}8Mg3MIs;La_9R0D62Y-c;{|o_`VG{1>GG=54IY2O6yl1TVq`foppqLAt
zl9G$V+OIBunjd*9_`cHOq^sI)TdvX{`c9hlusDW!%R#9dFqXGpG!%D)4cH&zb-`wO
zMOPSsmLGyP;o^s7jh0;Jy9y4)(E)D7LtI-KSKYwz0o_y&H}ee|y@hF|E9@btx8nn-
zDJs(Sv+K75ZNk)FCk(W*mHxRg+<b>jI2_zbbKPSyaoA+P{AKJgjlQOXoX#vT#<u1O
zD1F?lwBTK1z;Ka~=lnt5SP38Kq!laiSdob%XZi>y7d3zSRKi84Iu^Wnw6D0criI;6
zXOog__WZQVp!duBKA*>@Xu$dJtR~=zO66HBcr5)?#vxCe{7)?ox5+w?ij02|BDw-v
z{~)G{<^W^h_0)oD8fD#KeHqz}--Eu2&eInu7bO#;9Gy3-VpcoxAK|clUwFR-IHp}c
zFs0axa-Gl|6atvdhcI*1O~;dN6k&6gF+l+i**Y=2*%rH$8qfJfryl5-Y*&CS$?Hrm
z_-zDYY+w((wHJbmGmGtREblhRUmQ1A+~7Br_6DlGOm~bOhvV@LRPOp^>`>56WFzZo
zS+njA4p}=l!e$D~&)SR)l#P#pr4^NDuw@XH!%$e+n*Jq(Un)8(RY!aMX<q%D^l)}k
z;dm@zt#(a$L}4r1frTwFaC86$xNBSmX?e#PW~@Hlv6iD4RCFEih%iF!OG`mkrufK1
zh!Ak0dcz=ffM9;DZqG{5R}xM5p((PmnP+hw>|boQ2M&yr7>!O=5-cbOk;XX#fkq_L
z*s97-hg{H)wltOkVpg5A6?5$&qjR=qgyE1w{*>V!X<CfOvjc)7D?R{YR_~Di{S|)3
z#^F?J(J{*W+<}3(2E)|1ll9Kw+S^jMlSMu1uwoTwokXz81WsyMhS1b(G&uB72Px|v
zW&B4#c@!ZdBHo{VN=kc`GmZ=g+fKEJgc>3#6UGcVb6HRCwC~t6Nh^7Bhzip{v&~PJ
z{v0#r7#R}rwfT&9aBo0Xhp*A@)pu0sG2)g_&X)p+D7wAg7?@BCv)lU04q?TJoQ(p~
zQsd8&75eYULRs^PNh#71QtGz{6u>}TBoI~ncVdy2vM%17_LXG3Z!_*I?6RNX?kiqk
zc&qgGl(;@z-}1MjZ&fC<`!q$VxlTn#+yf<vh?n`XMK4$Zt}aH&%T7!%9jUdUw{hb8
z3+r%E!mCs)X{3hco25A3xBkWEzxE;Sarin&Z&U|=eh<;MolwqSM(JC$k<yIv(*<oI
zM1#Oh84Mp>g!ac$DRx+=bufUlO6pY{L!mPemQ6fOhGCBM8ZdDKA2o%+R#qg+*Ojnv
zaAdBRCP5Sel)~*&K&mJzSTTYk&(s#an|PR;z<?ce0AJE$;UbD+z{bv=n4XQ6HN;=~
zO)<-IL8!e7qVp?CKnb?6q^`c~09B0eSt|hj4<W(-5CXF1>ycEX1NuP-r~n4&A_4dZ
zA!&bpMVaRNLy-Kmr!A&nh5uqYNFf(}51>*Gl<y3Cax6C%CL+fh)T?VyaTM}nH~@bL
z8CN;AOrT(oeiQx2@vM6u_Q2VXYQT&`q=0*-RAkNcC7SbwsvNts1tHG(IAL&4T`2Ha
z4)?O>0Zo?lB&3hEH14%Tg5BX{_sT#~P?@g?M1Fpa2AVD${@X+(-Q0I=%pQtX3h+&W
z(ewxUitGLiiU}h=3!OMLPqGE8UdCtc9CV0@F68D_kH>>^>7#Z(lanLlG)ZE=7{M1-
zTF7CKjprSr>;bIV5_U19Q5lgl1g<$~me0zyYS67xFit&?B3E|0sfpvr(kXr&)w%ii
zeHXEWjO8sPm$pJ3vMTIR1SWk#F#v>%+w{m%uCkHGxmi1#pMK9$Y7CFXvH8C!bzIT|
z#&v_;qh#1S!(dx*8S5+C>4?sll|cl{&+#cTZtG7#61l*K4;v<L_5V7@*p_xpp0+~{
zNsOTra3q*aJeP7I7xwAf(Fe45f57y$#%PgI{}g2Jrb6evOz%-?<tV%Wkp1UKeo}*e
zl9r1~I~Sv%P+x4{(CI}t=^$gtK()-R;$)=vk2`8bk;*ual>&h+qezw<LnO22*aJxG
zf&A~i<u5}6#odAYhg{)+XzrL%v)AU~Lqli)W2$?m7s&uDhvBX2#vGo3{x5RS=jMbU
z$_#1J)F26pn;u~j+<Z<zWFIw2y0FM+>7y3D(#M1KNysePF2}q-ggiCbN=*6ehYG4{
z^P1x@<Q~`X@>q6q6k%kEjBZIn;i<f)5xzHpx_ap6m3IhsFjHnbx#D4Cg2eGERQ@Nw
zJ3%(_oYSx?WD|7s`t0YP`3@2r3>F(~M24{yqhpdBUu?wN(2XV_%E|XaHqCPi{6+!q
zF~)$?4+W}e+1dnu(jC|oA30%tnitybFN7&QHMb84b2^*92B8b|^*^A@ORCi$SCr|)
zAb5fnP-ZxsX)TqSJ0vp)&jKE1MMnv0{I8|0R;^j2rK=hswjWberj8|}{r)RnYqSo)
zcYn`g3NzZ0oFWfUu||U=C(7z05p4Mf3Cy-iJZt0nnjz$Y>WeeLT;6H0C^bUSY;XFE
z+^BcP2=I4{Y`>SWSA#c8L-O7dci$Mfn>e521U{X6FLl@?c>^Pu_Z~6WD-IdXZv?4w
zd>Y|YP*urub{bq*N?a3k`=S7~0e@i-?Z7YNiPnK~XwVbDe_v>}*h3;mU|8f8_7C}0
zRO{_26X&u8M4ubqvogIh`Q-(If$oOeCn!DbXZM~~KfCXjxwPW`**(MkAb7WGzf3qB
zLk*SM1MGcEn!lg!*+LROueqz$ra7O8Yo)p#FvD^ccy9`3uj@TtljE;e&LeKi2@eCu
z;kwWX3V?N$i@Yrr1BywN8m0|C<v3|MJJp*BXIw_-aSAv+umpf<9ueE3^J$3PHjstv
zt~4||jY@EFo{YU@-Q>4^izw?!-p?3dfdslUq)b@Y$j6eqQ3+@|RvhecH>G-piStp_
z>`hS?DowwBXB(U`<pp|UfXm1oFY6H#vbt_d3SgIxup~GnVJ$4Z)@!B82Q*Q+HI=VW
za&oheCayW<-9MqkjSX9<tv~7KdMHC(Um`M^w30^KRV<ZFy)Xt&Nq0SN5|+~Hu;v1m
zYF#Z@strtij4^0~VK{}IoG)l_13nchMWI%w4NT6&NL6|g7$n6M9Yu4(@v9!1p5j`_
z1R#}PKK^jdH#f50OfXieDfOfmB~5@hnv#_=S6s19;qwgEmC}xDZp@=C=sTA2Zo;96
zm%|&S1rwOY0LGRn=as?`A7|dWzy9bkp>+Z}Fu)=11riKO21&d23D%}Uevn5<V02Zq
zwWu3yvkKdO9<f)Z-Kwm;NwC%2et!jP576HD%H1zBTlx#eQB(N{)d{{e42$Wg0?dKO
zy4753I<f9$)l%hWYPs0x&uiUmbs5Gd(OlUJV^@V~sbcTcXYR+Dw{2+s^22Yd;oAqt
z#PSo76fJe$ft*akmHw;|sQD|yLtfX3O_Pr}aP>oFe-GOk*6-Nfw-0EbMdUJF0B5Q;
zitl6T8p|*r0Ea3AeWQS~Hi!FFg5w_vVk?mPDK8VyQpo}{TB`Dh-?dUsep)5FlS~~3
z5tWLPexE`tZArTmk4%I-HrX5|@|wd^0822RVo%AS2;=ZYHZk0;S&+EUPHJ%;8|}wt
zyVaSY_kg3_jgH$i8PN*}Sw&z1fPCq0kfVPy%=_!YU=6_F#P|7`#lDp+{iSsYnZ;Y3
zC%c0D9s>iW<%ZkGc#BV^IXd|0&jYSDjjH~670*LAIc)c^9`|1FfV&?;1agF<xaDfH
zUh@OdHMQOURaFCl?bV^?4x5J@t1hqRdi5{lA>GZ%N6>v*E5HKF;ny=CV8GLcIw{B=
z`0yu|Vl?_aA>j{eXtbQ6oLctZj>jFl&G5XIICoayed0LvP0-_3DIL4J9lLGf<$tdq
zq58doSyb2zc@LZuV3Oyl_F;p^jX8FYChmEPPF=LoVz=JHKm9EuKng>Vb&5((nnv6=
zC6?cpUg%@3v8V7=;DpZwBxJqaL<cLphbaho46WVcy~U&((<J2F^<U0A`W|>f1;5?J
zhO{2c&;8GJ$644&iv>O|f#KiOZD_vck;jCq4XPz>Y_}r_e?y>Ja4D#r`yuqn<Vwy9
zkxS&b4m%mhhpqw*X8*bl74`W`d$?y-etg*ZAc1tQ<Kt^F#{`hCSdP~2NrW^G{>c<I
znf-*KuX<py>4)^j0<BUY19uhz!Sn*&6uGloS@)p`v#B~rk2v-S$rNLzTv-u(zf=rN
z173DTD0z--wnK#Urcj}9cjalkXk^$gtMG&=`2m)Q<^L=8rJ+9^#Rcvd3=`RYw|s}s
z95OX8^sZ_L*9D*<ioy52xV$agP-)SDe|}cRgve7Hw07rc-sD>JwFIB>s);1T=ucS`
z(o_tMf*M>i@F|G4Sl`FTrd*k;^92;#H4Qt}*iXAUe1*MEkv;mwI4L%5W{`2b@NyfY
zMPJ-YG36{*`qM39l+kbRr-hw*C}5g&Bb%(vF!Q%)Aps0Ar@P%LnPlp4TyYs^POE8}
zH}x~Sj56PDo#W-CoymwZCojrVn@xjEm`a*Io+Zd;EW?5IpI!aq`UITty3GQUqBw$4
zX`C_RA?t+ku1twa&#=bOX!y#AAz~(opmXX1!5`ivdC))Az%WZU3P@tVQqhJq#z0V6
z9zVDBGXO-qj%BXqH_l2H*sf#<06_=%XdE&yJ`R#K+79Yf`-rhiS|%VFgf-MMiNDhL
z%|EAEavX>wfm$V|JTuOIM9e(My1^+hl&t7|TTsvy+MS2c&|^-<RMx~wL(Vbu0H|30
zveADza7LcKv8R7h_O_-1so;{(NM;7u*$Rm(g8)2D$QLY3uoPyZ5r}*cYSc$zUpD4}
zmZY$gnEwbE1VemOW*`3M-|ZcI%r%12ySA{bwo*+}ezH>PH;pn|yThQ}Mkschx61Es
z5k$4M+uXvA==@|frS6}M7IIKi$q3U49yJDwNvR)rfX5ou_LI>NM>bz`oK5Su8}a$9
z0c-aErL?u$7MNBW^m@IS`t1=98bN~LS$^NgV`7hqObYY{^}sErqgprD@oh0r5vMQ}
zoE6i6LOqp%wjL8VDh|^`gTR$g4uivlJY{3Hyzo#&%te{N6R=4%zLT|*fp^rky1sW-
z%E%MTk{y&Cw}Rt>t<GVa-W?!7<7O8?+GpetM*g0eriEk$(|eOD)XTE(o4i6x@czQd
z5a5e}oQ?gLb9I@wIO81H;jeRfyR<D{15P(#!EfNlxTcH*v!KX+b*_WHGpLf>x<Z+q
z9;S>Y9j3cP=JQz)^u5F5@i`ZY;k~p|$TWH4yY<pv8Biqb$S(+6`&<YZ+m$AOyaE1$
zj@B|^FNNUU=N}u|J<R7##9fzqtMl##fqz@O$1QB%e~8|9{fFpoO(pveqW(XKzUl?;
z;<5Vw579oI!)9mGi0wvxUhCoi0XkgU1JhuG8KE~5v8}Kaa4Q_1ANtkKfY~N9BTyO8
z0=pHr?|xl8bPX6huX)X8aRqh(M|y2M&RPlZK|J=iSaaWY@RQ|p{E<7u?uMO_YK1wg
z)KfjQekHFi4awwqm}HQftd4Se=_On?NCsYl1V2oExF4&4UXc}HlyUxf%YX{{n7c>A
ze5HE{R<RH`oMz$VKN$kTYJGO7y8DLy!h{7?LHN{dF9O8edf}}9sGi)u<2vK`c}=bR
zBJ2DwuiUn{x6a}xq$Lr0lMy)~Pj`ugPAKy#?R@3#hW!`;^TdGzKpAF4$TD?)Fv$bH
zHKFj*Pl1CHl1F@2BTgzW<}F=C7)cQt41OW^U+cw;xw(WzrHP?GpTolCClpdIH}3oF
zyHTC;4FcMgI%pZBnL3K2ZWRVcik}V@E;gX=S6yEwc9B%f6m3N{NZ3jx4v+Sd&uv)3
zc1JI9<=ipIA5G;k6vd!E8OO2QF?{HoDj5}5f;X_A;@PlRhTUbMuLR<d4F!okBxf#)
z(rNKYQU2PvgeCG<g19CDI{o^D`P*w}dHG9IKmic1r8aBt*Iqz_Yr&nO@x`sf^)CcR
z_ehDG2wei(Hv53f9*{mh;?LGxza^Vn#6G>H{g=>Pdb{tL*K6hrpFxLJUjCn3ga72u
ziLeXY#b@>J`Y*=%wqKUKO$%-s<M^x<J^l+Z#kMAxrE9bT`<a3pHe7(wX?x0mu>pX-
zC_Bejnd}lRf?mXxM<V<z?|uu-^v@}$2&FiPv1iH^y%J*BB=zS(7?(~;7OzwEu(SyS
z7S!lb^AuLh>`jHqUR~Y%<YqsVIX{|nZXsJ|Q0fOzWB4cw^yI-9>K_MOa>4;orU=IS
zW>W7z2_L5Y*a9XVk+~VSMpTIsSm*$X7JDxL<u&jIlV3AHqm2FDARf-Luf754cK3q~
z7Vw}qrV$1(J%~eufnxakcU|CcZW)ZK6gphjSBPQSTb?iAB6L4kFfRRI5mdOc<OQ}3
z5_S*@i&Yg+h=3iYt<iV{DPmV;P4Mfp`L{?sw*N+_(JZq6MQu=iC-`Ry3*ggLzULes
zeBC*g<Qy{N=<!%saRQohxxpS-hzY97#}z4Me09>|T6N|=;6IrK6_JAfZx>)=a^U%d
z(?3)FXk1aR;mA(wE2>7zdQ@L~XrYurf86<$7<r^)*7z(l2j-LPcKS~cZ9G_#%q;dG
ztPzBs7CCf|Ser|#PRCR_Ac5i{lz>*Fj-%hUo8rPu&sTBAnbfAzD^BdP7BcZ0%LDa8
zr(2@2XA})aup8J-&CvmGr3K6GxhYFnFWRjK<GBvw#Tf2G<yANl?{SC+TYydFH~UE?
zJH&oSLcXT+OAZ|TW*LH!e`{cM?SSP$p5fP?Gn$R#9~1Z_CQ11|fUv!VKM)V>Z(Otc
zpcR|_W21t%^QW8XxrZ}QUzn2y1|o@C=q~(vOC3LU6X;{ft;LTjK6s2Zs``GDL6EL>
ziqM;{`hGEZLj%pd{}>niKgOkXlsi_LqpKJEVO$Vc+Pi{=em621f6YA%i#(EG(DdhX
zrJ=z82zM|L(4*#PSQh~LICE?iBVLj0MJeRZo+ER5927WlPVwBJ4-CP~SnuI#NSMFv
zNust+_>pI07!}B0By~o9^v<}Nhk<xi!68An>*N#(?lOFhqPflxM$ktVg9XXko%@Ve
z1pzNB7>$yHf|VWwA4MSrgp4oKBTSbSf}DDwai63C@P}e6BhKOiNr35|sI3|WmS{me
z_Os@UC6rHxBOO<GVsbXnSL^Mj{w{u(xB_XBCj2Z(TkzTtp0&B>KO{m~1%gw72m=k5
z2>S&QDW=7&_Pp$bmpkpZUTH?A6sg->HnIU0ie<Y-RK{eXS;#R=$JwxltY#XGkB9IP
zv2~UQFw$oE#^d7qApC?Vp2Sti1Aj%4PfRn)M<@WN8f)t@1F2=h1~>E+4KQN(pq<|&
zFl?_NyMkrZ{h<Wlq5sMTtlG+gA4)JBhs6vq0>;8;HEjP$08HWI>Ze5{LvZPCmr5pK
zKVbhd4tu_UnX1>PV;st18e-WSg+vZI1<b@l$UfaNV6f<B_!pINUk>X(5;F~XyEU8y
znuOW9Uj{N66XA}B$lV1CLKbTVSR5=yRQ}?pb0U--fG>^D701}RX>K0G1tK-j|Hm0@
zaNF07QhFEoIPFA$>siL^bOT9~nE(_wDEdlSbN4PwT0iaT>m);nils%Fcg*i41E_3*
z=}9sB(Ru##E-l5Wjp6pf;r$(OD;K0;2bDKAF(M@&H&96Vn)1eRw;yC-POV0&(+zVI
z&#kEJwoz)cGCCa=oFN%v#_J6d>+Y>|yM@55JTlIXOuSvo5iIF6QZOz!X24pChqe$E
zf9^LE6WzgpS7{j6nS)XXL5)x@0$`F{YO1e=)jlH+95sB~g7C_@3S<Q9idb3kD!HeU
z)_cX>Wd5au$VXWE&Atg<;l*1(u2R2%$n$)$BRGx5X0A|h^6+vCV@+S$OQ7hY2d_Ox
zCn)#RdSioCd`u9UZXuJ2<0#U=-HL<l)!hgjgEO$-tv`h_SWzEHZvp9@0{rUj#zp`P
zbeUaMyg4UM9!({CYt#tR|8mY$e(X=2RA6Ep%mwF<U|Gn2D}a3C?^FEo*PcM+#T;mP
z3!CbW=7Y*E2HLrVmoXWP(>l-iLhi@%_!c~Ef<Rz8lUV+f<i5&2nEgvpvN8lIIp!=`
z`6FH64Vi?(vSnZ2RidG}1MJ3~J<`X)GA6+ELQGzgS=p3v(pTHZbNz#LbQbTGqo0+Q
zPUll^TWU?CyVhVTT_G@#q*q|8@o3|*eOw{2(vj0^bzhffHm%j_p7;8W9=Csq8xErf
zRFGtDu;lN>TKR$`Yet(S3FxrHuy-5y&8DB><k$S+pfzX)qA(%C2K>m-j1x>QjH1OR
z#=-?!d-AVhSBaO34|^Rmmba88S(u_cG1Y6!-U=pf!Z4H%5e4JgF9W5m0+h~54C|O^
z9nJrEL=q<}ZlR-eRmd=0VJVX^=?lg|qIfMSo%JS?2+%tArLM*kCd~eMEsY=jSI3Q;
z`k^yxF(gdnBueoD&i!-N14sNU^y%3%b9|JMt1;I|hsZA_!sQ-##z^9L_DM0YKxS7N
z2c!f-9}cK3^C-#4on9)&1+x*fj6;{_v6q#pc9I(fLC%H%i30mzFWq(gv0Q}KV0>Ch
zrDpznw&7x*9>==_U~<Z%G9xWm(=7pFpKS>3<4~jbGH*culZZ8f`!D6qr>~GDF=sob
zEem|HcaK`DDU)DQZu>(aZI)wLium=Psw^lQt+A{hRZI*Q&JrqLx50E3G01717%RPw
zR;Lbep$5%c9D<&G@lM+6UqLG|?$+7RabuLwxAE(~hSsRXY{viB@nAe=mYU39<l&mB
zLP-DsP_l89RfB`&gm|rAG~XyyUtg_!T(OXWg=|4+wE+2sXdF)MKNsNB!C~X|6l6&F
zQ)B{<W||VwURh9$SYRDTS|WtG7GF;24;IulVgx^=r$3f;8C;(ch+?vDco&|vc1?PI
zyM(q^@?B-adHzMR)7v0ke8fjBd47!5w}@T<y`|2V(C+{4Gvk*(94@TCs`?84v*tJy
z_NYZr9}(M2?}x*~yY2mEc$wkcwPx|zAiCU!;_!n<;-B^YZVE3=Vi{`_)|g_JJhL<6
zF5XSmGx5LaJ$*b1sUFKF-3KNG>?ZG(HE;!Ql>(Jcrj2M}9TB7VZJ~dsXcr4W077?k
z57)pgYVE1RaPYU;d7LR(l-V<L{~gDWRp_aWQ_NXN8a^>~(90@8z;F&jxrz|1(~8{G
zt)`pG@}+x14Pvn@!a(IM+?sXsqKRQwhelz(2@QglS**97^K+JjtWW&w#~yeJK9-^I
zvn~=zPnbM17$jE0Cf+Fi@EplR20XGIAcS*^FpeAAa*~L~_0D(5_bJeEG7KWb9a0lP
zd!8#AM)sARF|m&xNLpZIz=h+~vrhgDyYgv@38|)jlo)Ae1cU+GusZvEM9b%{Sri~+
z4A~dJN<(c6l4U0%S!LZL$=G_Ba^ceAPqC?oC_>CL5wtcOLtcS2U&<9)0R(dc1qF4)
z8EN&llQ;^GJcBX4f2|#A`H_zlB_WiO<M2GC9@d4iY{n`79nl%<We$jp428$(9sWQi
z9|<AjkbgRyV;9Hf>U#5)r$iaP2;&M|xqnj}gbtJ|5@%#8%gTV+m3rt9oUu_;1Q(7M
z=@$QKl&7T(s?HHdH(~tTKUG#+AzXq`p}a92=pWY!d63_Lsa0(Ltc@XVFg}rKf_Vps
zK*HcWk6F@(7Y<p0@c|DPJQmwYw$=#G@Ll4gPESGC@_uq7_-DX!YnyRkws{;qy*mQ~
z>2TuIKp-CcISZN_K-XQ&1;6Gc1xkh-U3lkUo9$@#d^RvB!G1hm25kO#vO0jps2v0g
z2P~oLXxDOmJ)aRNBTz8>U-lZ-;P>jl0u8>+3}kBQ3+*K-57ZQ!WYr57>sn*f>#EzV
zpR0Ck;j+B}Ys}B;<$M)5x%>4yY`+3qdV}mN$dLT{2KFuD!B6FE696LLY{9>x^T$L5
zC9$2jcQ90r?%yJ80q&dA)L$Pe3GJnDsLx(X`5OiN2UBnGmy_-zl&l*;f)8Rf>r<YK
zwo5EKqF1zvmrGs0>Nb|mSE{|M#{|^=J;n=se}ZC9(BCzEWd|9)XzemJt>E4EQ-9L6
znckmGR!g<-Q^SsEFRk`=zpLO8xd}7w3==LVEyAWEs~<`%0y-&TMv@r}ddHXV+$|Sx
zZ}*}}BrKYq>HZ*I^kid`!*sW8pL-~iwXlE9cJZ^op80V=ZB1-q^Md-#GEV@OEPGbZ
zNVfk9y#FOpoSrhA>RtSO01(nQ3|^u@ra>J7<*N131POD0|A)t1`eCw0*Vj|iizDpN
z`!8O+PlupY3$T2Px_Pgqrn(_$;p6F9!OKcr%i$et@&KV}2<~+HIq`2MO1<z`z4YBT
zXTA#P4^Qp**|t&JDOY<?=L!|8SqaX&7cVSc>UmE2?*r_alC=<bjjYa6q|@tBUO{1B
z8+|$65f6t#i9%{({Hh1}zsZk3Vzt|pbsqfk|J8&80I+2V(c1AYi`MEFM3_AZ(fTVC
zg)Hp<3T7e(qvP<C`s`F`<W{<pF1)8}+qhHT-LK8RiS}VpzNCr-?gdb>%JDyMP3C89
zm;bD*-Y(P7d5%SE{3|uM5(nk3bo0?P`gLvIHd<!cv>p~%`C}Ynzee@{L$QLxC;zD=
z!SGnE1CZZx>&x8nOrg0|itAN?S|pOx-G-drv+IdFfc^G0L_u^<xZuHY=SRw>99Js2
zSeCYV&xI~rIuw<{C;B7MtM%TX4a(2%Xt(O~LC{kMjPj71P#VbNr-QlM9_p~6njZuK
z2QuIGo)&A}0&Y!{Ib>d9siTYo7K<Y1FKa>b4{)W#s|uuo-yAeXsyxg2rSrh(&h{FQ
zya!-XM{1gKNkt}rHCy<dunBDIQUMu6AA`HDH141p%jC{Und@iWg?PKBa%>trMmZNH
zm!HFYonG1UNy*v*v5O=*465l#TP2yHB*Ff6THvwl!|53U6v{?M)n-7>epa!ta;dWA
z1PBZ#*mvFIE{;h=B?t*b9T{vg5{oH)*d0zopk}kJjlA|X63{^JK&%%SMQfJ?9YCe<
z2^sehwz_ijmfOI|@~&ICxt!KtT<U68S&cR7GFl0r7V?=ha)VrI1)y%^F0EB~Sv-mS
z@nGDxL|T;`OecWDl6bk1&N1dnZt7K@2E_Kjyp6pV(Uer_;J{_`HPvxo2dC|@X8Ylx
zF^beJ3c1a(U)0ocji=j~U6eA~lkL*)_pn*EeEbuasMFAa?^$Q6^6rZTowI)8zP<r^
z(qb{#K^}cpX~&nCO~11V!dPaltkmEcszpFqor^`lWeigTEt8zS$}CHCF^FFD2WU%-
z>C^3dYdSpPG_Ne#)M(2&U_ayIhgIxwY|?F5Xa4hV%3@d@EG7@NQt@lDRbR~>vM*L!
zwd#SeX)tSk)<?&3c$yNb+qq$bSXS@l%@?Z>h1m^0+9d1t*cTLoye^ZsVap+FuEKFd
znCp@=k@T7NPgl3<?apVGJVGN%1fcE2p1q;ee&E4`ce=}!pUeT(UfO9!`&A*@6tKd_
zsCTV8oKCiM>)rJsg-Gq|*h<oH5x{)}>u0k++gC@U)WhoW*|t5|7q8>GLI$&6uRb1s
zY7g@DF}72LdO$;!vV2R}1|Rw;+xk>9Z0?ZeJb29J$_??^hX6vyEMP?90EEIATa7PX
znz(j9#<d;x;$S)fw^8{aHr4y~yyvw1XsPu4xY&U<<Vml8D>%=w%GKq|*lIO9wl>Ss
zEo%PdmiE)j*2XPC7kYwyklsMniHM!kN7uG68xUc)F_(UY%#j;7XF3r3d(Krw!11ny
z=jSj;H5%E?dbeW|6%8P@fT&6WxU0QG1*YtMhhH;=**?C#AA@*`0=qlImduY#%3J->
zXqTdBfS%V`tPz8AT_oLn;-!5s3j}xg&iu6cXX?ORc|o&KHB}V+_G8lS_A7%kj`u`}
zJT^mA^&7rB6<ApPeNz6)RJK&;8*-mN+pynqaxp?tYun_wq@5-W05&UH@qE?xBifZk
z%}-u2*uir?IEdgBjuRIbj5msXQ6hmqT*tEP3mM(dW0-@Q4R!vappmcUONlunWv0j)
zqs22EtxE?@a?JBlECV0s5H(B`-y-!eEM|8uEto#Q<*aL-%K8y}O7YhA%Pz7;lFrka
z_A+HkAe4W>%v<$30fm2WIIPpwk()^I^%+%SXS>}-93JvGZ-O^Ebm}9@_@kJI6%gzt
z8nGfN%03*Cvre?X4Tzk-Pt`Bc?c^}0Bt@i=YuebY!2oH?E%Tv$ssc_gDOg_tqInlN
z&EgsK&JQ@N$aiJnyBf~Jqw{b^Z!FC-^~Sop^|tp2fRSlLfMY@Zd1hzBfIoLOCqb+s
zqj?M0<8SVpZp+t4#lrp?w3d+4)X<mI-#Ul{x=hiHhUV7wH3pOofv`G^{v!lkhyo1=
zVH_fJ<LCJeexC;1xIg2DhMZdq5O;8{d5dB$T%bwJ=mhSPb7tUpG-uw`>-HX99hUsj
zGS4#VF=S>90RPBP+yfcK9ZD1#3`{L=UPAbL##&EGSmrM}&5VnO>Kn5+xidps&p^$f
zKu(-HqQf#n)0FJ`4&Vi`$qR`KlNTE&2qX+gCH|1Z*UT_p&A4-Z)$!X16jH-skKtm}
zr_ehTaWi@3*qPyMuHFEW?{cM)F7;F~dHa!$vQ$lffGa0%#<c$5WBR_`u^XHG4Ej!S
z!ny2@EByL`8JG)AMTcdZX>z{{GKv?$FbWB$dI)-?N66;kJdKQO=)Six0?ItF2jtcQ
z-LIr9w6s*payqAP(NR=b6NCHGtNaL`kk46XG{0}t`z!)_;+NQVAfyjYZpMMUn7rbW
zm5nYW02JbBB2c?a`QS%HN`OLZV@C>2G-|KesK=!vYHIn%k^kgoXZ^mr#%-HltJ3#G
znNgB;#yz1_TP*o^JFO)vWbVw|nG=xt3FOU@2WybaXPY-6YAy)}XZyVE>Fg_<e15-D
z&2dwP9gopEXilsOjh{r)1?b%`#xH1sijvM{fWs5da$d&@R$qzTUYJj=Q#@O*ip34s
zmPjnYm8-t`tvdvtH>C~f>a^jsTX`gkB-!y|QN>U%(O13fJ+#+`G-a6YDH5#}4CF=I
z9jis`@6xK`PE(v^ku^d7PJb*CpcHmBp)GgNNH#A#uiYZNrtOMWvOn-D=<SBFA9SpZ
zfXQod!mE7KXHwGm)nK6lX<(x_%<n<QYWmw`q=|UjQYLdO;@WD4zmfH)mvd{k>@nUp
zii>ifcG7&swK&t}Dh_Sdxkfcc?mjI87znX#MME7~!*F<sN>sk&+97%vF0Q5)x8S~;
zxe)$v+&fZxzJeW%sY_Z_?#zwV9@iDN0NIlIN)MDC(LS5AR#Zb22b4+%EOCtkD5bS1
z*z?J$9hh5#Pd)MGZq`uY2a?yP%hg3hf?oe)(bx1lk8?BxYh9zG)L-#%HWtB1ae9M8
zu2=jyi-k;0!AJrV28N;0D$L*3x4i{X6hSk1My|oL=jm1PP~U`=D^lejwu(@b0Eq%5
z8blQTIl;q^eM&N}38<^0?<lEZf%SJ@E}}@a2t|)4GcCfOsT1Hw-UJ$d_IO3{qDx)I
z9<qCR<OnZ_ijin>4(~x9MBkmPJRY-E?-+hx=(;+jAJqhH`$0dL);HEE&rf<E05XJ7
z{sz&nR&38+y?v5Qk|)91k*}HvK=jb6TskeDUaf*GoQYm67W53)b!IS7i7(o>0G@*}
z8CZK5DVi26S~Um}FNemtn2TW;^j)?p=D>3IUXJ7ctzqNcq~dTcj;_bo<<~TSwP;i>
z<)K*Kfha7Tua19Hp-8hoeDE>ptu$y{O(=Vvr3)1OZjaVXQ+OLTsY!PafTeW~5A}*Z
z@8=awSJY@z@;sIs7e3UJIb<98?Ndozr<?TPd?%f&0Yg9UB744Ez0A)xm9rc)%q+iN
z?iFc<<JNqD!ERmpuwpEHb)$jczD|K5e;=b~!hd*g-yQ@mR#qG8Gho1ln8c$5BLW=7
zioU=>Nv^*z9F~HH1^QEeE9>g4Cfz7z9SoKx%6x-(z8H2`M#(6fQY@6jM}^grUH$#k
z)je4$3IkDE3{mDkuGGGJsPl?nwe+*z*;6zBMp6yYVJ~y>?+bn|D#E+7*Hbu7n<P=~
zFf$#>n9(B=j%iGxmOb4uG^tyz>M7&mM7#FpNmZLy9YRSz8T3&E=%f2fXaBY)8O^4>
zKfm}4vh!-MB_36;eb<dgxfHw*CedhdSeKEg3LnE|0r6nRD%JwT9=B@P@tz<Y%mcsF
zNyQ`r$08n3cVO3|KDnRM6zzE6ycyNY$tUVbsHBZS%S-yB#{#@00~;^bT!bkwRQvxn
zGFMoDVxYcE$4uM+ILPaRgphpG10Hb1=0-R%T<)PXX2|6!!nCSeGpm|7hD5GvRidtm
z?t2~Y0JwO!r>0LBUQjJwq#I6UjhG{T`<ms5B4vn{#WpX_kAD@QH+lwj*rL{OJBst{
zsoG3#YJV3i!h&p2P~A5z(h@!h10i}E1Ak|;mMR28zUo5*aF!~vezfe6*vWD?BP8R|
z%CoC)@^7%v6hp=m)SUG&R84DGLBiZJa3KLY8v9Obhse78oIm`;=lr;k4F>mYcZ}{6
zSo`w|n0<O%NT3)<VIe_8zl_l=a1j>5!9%fcR}jRl2}*4>tad~;KS(?9<9i+~R@glU
za51<LMuvp|!U%$ZS0xE7;Da%K{Y&*A4Id2Eu-?juNj(<~9jkSDRhcW%p5FO$4;_Zr
zIY0D~ng2u<lzSsn(i&MO+|jLtVsCGgxieQDNN3A_v>XbV#%Aot>iydkf1ZgyOYddo
z)Vre2)>Z0A|A^(PNr#hLtV{G}403n3-ePUukLm#9XmL;B)qMv32aLI|j~9=6Ayamd
zTXi1NoKQ-WCW%rX8q%Z6nN_aekU^9Icz*>@qZzny&WN=$6CAe&_XN}9;l>``qDJ%w
z7Ug+QS0M)LRqB*Bu6hh91T)z}a|?RsxsZu&O`!&4tte+ixz(4%u7tL67j_C>+9i+J
zC5Zs(h_DIT_?`w}+m(U@LC!L=zrqRej>aLeE{+Ep?eMpd)C=N(iJ9_%%t47unS4dV
z4^KGY7MQnowtXs1+|zOrBpk|U%BB<&P)Sz7{UYM2q(Mv31Xe$Y&{tM8S=e?ce~-<H
z;VV0VA}_FYHuGP#>DNMWrS6M%AUWyIf5-srU7Qk$Lc$M&uI4^kw0pAJh{<k39f&#B
zTJG8%cHYxvPTSBD@d&_W*lNufJ2S#4Vq~i$Wv<~aPdh`$<-i1DDhC9KqREdUWOH08
zjYYRY%ns{l8SshSbd-p&I}%G2g_{~P>h^yxMV>+sw_o{!4dOti%EUgWd)3TWdSn5X
z2PXASocr#~<AU*W;PASYRglo#epmd3G;c}%>pUx`G9F=-5TEBL+6gSqiEjjDzCzH6
z><-n%LfYvEcn>%*8c_5>#>!L>)I5#DVZ4;sOQP~O4}O+|Y!>(p&%@y9HwFqwR_3JH
zJ@kX;B~NQw<*dW4eNM7_^)A<|ZrK2Yca9F7{F5a8sy;wCo!gN?UFDahn1q%l!(at5
z&-|@P?jSi$drE?KbgGU=BHW4~r>Z%wTKo>0O*tn6s+dBHUj`n3gAY#|Z)WZZ=9CC=
z^e1iu;?Hx%8!D`AH`uh=4EaP^`2MldtReCW2a@QJzmFmgf_{CGQ+Apo;U)<nDs@H6
zN-t&Q^5;)*EdkXDR2keX*Da$=k$XX88ZzF{6ymDi2l1IDNgkfY$7+8GTb2gfIFihi
z?BpB^U|5%Xq~NLC(7fY`vPPeD8C1QNO_BK}0q@%|d#~0(ta*`&=^vwFs`4gRYU6AW
zW4QrOfx!8L)Hrq^Hc#5I;(Z%{njT#yG!bzJ2LKWA=7e`d#cezjAB<#?dQW1Tik5wn
zB@^vNbeM1`PNFNTGK5~_N$Df03i)WIlhN$`Sjx8Ra88#(L~L18tOape)#(oNQw5ZW
zi%~JIu!Nm4y;U>z^-X=B0s}en2j>WY%2&mco-Yn;IJB0siTPWx3}_f2D(9`KZ*lAf
z7rBLhbW-=k#g}x3;Ut<`pP&B-JD7nUaUZw+o=q2GB0K!`i5ov`$@M)Xw{9dVMu!og
zBoo^?o~JEz0Q_5?HC|L<ax={QDDiE%m2@yzyr$hOvu`jW363T$kci`E`8tS|yx4$z
zC`5cJ&xv;;FPsCk6$%5;$(237iu;#{N7Yh1|6pHb$5Jwo^}#&N2+_ebtvzAWRC1n@
zn|2E2hH7U0IP<$T3q&Wx(2QV+)&6rqj26S(r%f~CqhsN7%fzU4V>@rXn1K^(w<D>8
z@x!tZEyzW@OXP7~3DaXi4gt-VL2k(qm{E;DZ)+TdTo!}mktzl79iwQ>o6qJLHbIFA
z5}^h;EnlaO*};MWJd7P%{0pkr0e4dIE~gMSSg0%5d)cyF;)<teAmQVn0S@wok}9(Q
zw*%Df=p^ir3PH1Vt~?Lln!dBAeo_WvF?v)<-DJ_mohN%y0YBr0IG;m)CmuzsF-ccT
z4lw!v=So9LWR(D58e*3cHU;jVnz1&C)WS#NQv2ymt_`+}Q-T!38Z!8LER%E}9Ua^u
zerlc|M_f9_ZREk~S?qV+FPVxm_5NKxqkoaz(Z%v+el@jzJ1?()EVla%a&m?@;c}6D
zkZnx(j?I=z#6PcvVY9HUQuB#56?X5^9EN%MSe?S97tX)|R*RNuOwoyN&Le+jGiI_%
zH(G_nrh26yMmTwcN1n8c?XV!rgu*hKurnV;T;+h4CFRZ-wcGuyL5j_B%F~>KG<+|F
zW1i~=&QzF+_^H+{`QuRl$&~?m<Hv6+k}j<_+hGGKi%~3k0>}NC%Bq&dm+0ycUN}Cz
zaF{(vh^~SFs~#hE{rZM~f3oA?A@#anQx1{v0*lGD5llI=uXvP-xKZhQXR3w@cWe<K
zTfMF+_0{_mmDH6J`}adsIgn%$Ikk!G5SDyau^694HT%EhddAzE_a+Vz!u?k79Ic1g
z@yvn!q?MX421^%2{U?|^b)?Klf&JqJy`dbOfeV-bxEVbqZ4)v{L{q9lPMI(aHtwlh
zo8JUV7<|-qCSE-b?$bt(l?=+G^e9nhWcdyZ_Psm0e(kUCZ||Q^H^R^&8R{1=m*>~l
z$GZZ0ITSF)GK@RmG;w4E6mZg4J4fuu@Zf>@d>%n0IBI>3(=c&(VQEf>b^P;?U)EjO
zsoi3Lhv=kFrtKEAeWV7&BfZhFPSs3uT(9s_OO^E<Q0nRlOB$SZnpVhd@oJkZwtA@y
zou5IR$cIKpI8WJCO6F!Nc=ayu2t~Kw&GgcjJ>qrS6BP0+GCEl{3(9OHXY{qe>v2HL
zi_ON_^5($XWRRBfS^^}k7tyw24OjSyHFu~0vPe$Yo1_kY4=IUGKM-Y-ya3k$OM-?L
zF_498<+ugYKl7GII?=Xf`jIoqbZfRnJRQ+0y*=YA*!T-vPZ%!geyH5{<T<~%qiyZ3
z3>wgNfW6OBkNkq1gKF?pJTdHHz1rzmH?H-&xO@lN=TGcm>-V#lyWyL;JcSvU7WDA|
zoh`cD^dxm{RB^D|M%Cd|%72Y$09%C-9a$E!(r8(af>&A@tPSd^n5ts&^xSM%LmLI_
z*uO2<1VRF{whq;3@L}DDRd11DJELhkhfpBFliU^W^)g9SP|%>EBq&xKHG}l@Nf~e>
z=dQ>oC+UfzW07`AYel2P95XIaG7Nrx)Dar0STL$K@RTy$>Tseodu6uYn|YuU*X=}R
zbNyY2SS?rVWjg?lL^Y*8#?tMBtQUianAur0=$YR8V<Z9f;tr{kZJ{3k@<SB}#RRSG
zg`0U59>#xh!-pn>sT#$_XAKoMNA>iIK`Rx#NRZf5Ri=VJA@fsBOjngXN6~i%oM1(|
z*lQXjtPmr{nL-9BW~U4?V}E?m)E|JuDir3uPZg`+gp6wdr#VL*_-GG9e!F+%ET%et
zWrDW3Q;^6pf}&-a8Ja8TVgSNhj0Mt18H(d;V2iV&#-onV=OY8%eOt8!vFdg9u$fYP
zoZ5X3toH`2a^@ils<|vP|JgqRzzGC0c4e@rbhkLQZ@!2PCAG9~J*uunx=FrRy(p9y
z<V;D^IBmU(!Xl)e^O2LyArZ6S&HgNR%G2MI$Y;Sx>yP2OTaKOmV$guAC?w|fBFQJr
zNXLtlhR51}d&f}}rR_1eUYQPtS8KvXh|NqK0$~Q8Y)nAJMqVH+b>xi#45tkcfo&go
zEYw94w7W`0BO)Wh?0ZYAMg+zjwC%1T`TMF#ZrTH(qUK+kcFLGWsJCpehCi?H)AcUs
zrkUTV?V!Kxj3GB!;G3ztaZ1*(|3xSoT=?m^i8QU-V|Qfw0Ae$J#8PIT?Rsc2EC%O3
zY!E#9o34AXBAA!!u{V4G05TmhT=2xly!sD}W86APh73QGtq!4_0k&_uncUYwVjt*B
zhvD3-WCE}J`d*nA3;nHo2Q%kYT?bRLF=kBYQyo&`c^>k7Zyo3G57db7xId<Y7~RL+
z$%*y~@>QF|$gd?3k!n1QMkrruEvnUj$L~pd=II`;b%_@+>=*a}In#$rN%R2^a#N6V
zat^~7Ir;`cH$HCE<7C%gp%bq_vZJ~B#jDqd`p#8>v2vp=EA`tmV^Xx`8GACcDaMfm
z?ITz^47ZQ;J3DrB?p-T#Z89xY;jBoNIxBx*%WOvMP7QfC3zuy2pqGQvxm$#|vj^Lx
z&Ol&~*X8w-N23V<Ouy9JJK|_H7I`Mm#8wjMzx0(GG1F|9?&4Frs?9fg)Nu1->uSo}
zBo9Dr)_^0ss*QqC+tiC+*bW&|PMQxKOp}}4KfPEh@M2vN&rfX7#0@4Kk);PiQ#Y*K
zv(2X~YFm^I7RX87nYcqx;^PV^D%(Cs`P61=Iw1keJT>9~ek+W>WcMMYs2W@DNj{=%
zGxW&-OqyeT%GsmGGu}q&dMY;TXyeO^RY^;-B-@ZTR^=wU5RIon-A(IRJhdBm3{PgJ
z{Sh*L(G~OY-$)exuDdVubr+Fw+a*uF#UK63KV$fk3s<W=;-_TM!%#gW799DrVjG8S
zcRa6LEN--b+C}r~<yjrzt!sDvD@u5Zy}CaA&(lU6kMjIme=W5W7+5+Qpy$54ZC%<O
z5M4?)m;24-x{vmQ^t@fYX{~lrr-M<h#SYzVR*QEcC>bXag?Ttncg6>ZI;J7}C;{Cx
zn*?zw!@pT*P6?Wo%ouYotB>5d@?EQE*&nPclsZa)ssZx*Ud9bxb!~Q8UqE~^3y)7w
zV5qCUB!^Xx#nCl#Q$s>L+Tn=r?mts?$JnLOW3z=*Xn9Xy#su$S6VO33SQoJY+tO$m
zEf`P{y53eGOS0S3R?5<6(ukL$72w?hF;2D|qP1Hrtv{@3N0hjCb6~_!I)K`EJ-@l@
z?1?GBdU)oQ*Rk~AhI4*=9YNapue8{gl*~h>$FuQg+OxvmeKL%NTa%0a%FL*x0p@{w
zESGYVytr?R`Tbr#+t#U_Nqum72>Y12Ftf$o=O>N^vx4kx@0R>{WWe9^{CM)3wdS{x
z<cO;awq~qZ;@+f`XVh)kjgRFLR=wB14U^6Q6(`vHp*8H75#|l`^PUJ*bG1#o+SVem
zfew5Rir=k}E#iIifDUHCoPeWBVjg}(8cZ=_JC66~jbwr^f?Kd$Kk*fJsN$x@`7D=N
z#8qPw^V7V^M>UCS&}7!L{)p~jjC+&Z--`u<i;}-<d`d|uycU@*=!&(rPv^6p^1ROg
z2)k%w*Afr*uddOAdvn;+uYZWhGV?JCJvvD}stzw3vb?Pd+QQtlCqF8jZfvdnxlMdS
z{o$3%#Nye4Tvp2QABqy=N5`=RH7t+PiV7b$phlVL3hu!9BI^!9x<X1mNFo2Cy`i&>
zD{Y=Ptr(^4-`jgEikAPTno8MU6D`;WY^D6nix(-OxI<<RwT}Fe)!Q_O?$wGI{<czu
z&Z~n6lgcgi8cZshwZ*Y3p7$Qm;=2i{>tQGprG#r732>ZUHA7DTVaZj;`KP_}SNVu{
zTM=VRY0NQbNyqx@91Xvp-}TsXzgTN8ic{*(qQUv6ZUh%x^Gr=+!$rO)cXhrU;4knJ
z3D!C?e@`JvYt}t|l&35F``T1-I`Q7-FIoLR>>o5nSI<o3JC*Puh9qv^@itr!7&%yZ
z$4TcvCGk1p^^7$GIWhGtO~^xzjiH!3j%Gh^6jiN44h_h}2?S(w!bY|;M^J6HXesHT
zE&G(MpB?pRw((Kiy9~F4yD()i0B{}34#d1djnKVCwYd+`m=bO@hB6;NT@|k`%NOG@
z+b}tP8XH^U9vk-~*U#aTU3EbyfY1A<+jNTtir;%9=hN#926YOz{vCSl;rX)z4u^9k
zjXe^U7a{baP2JPigmBb;N8=@vYzet0vDhu*ew?;_dmptwFTNe=6MDNq1A=TWyDN}X
zdiinHt$1$RuR20B!`w?DHR606_cZW_@{K_Y>)}aV1c`wu=5V+|!_wp?hS_Qg*%-mN
zyBr1r;I3)0yr=DJcr1GiM~>Ouq2B;@-iSM^@MBBo9=QufO)R`oK6m$%=lf)@&9E2q
zEl--I$uZG4(LxOJY1{b%fTV8b90TSADrd?3#>-16s|?e#j$}sadsKaO%$whlJeN4*
zLGIIMPZz;G-n@};Q<eSI548dM1QM@$2RFbfP<nso>cZS)%eI;{t?*<n6}86}ynCc{
zhJ54fujIKN2Tp#vEO8^sI!hVNOA*HxDw&Vse&jbu!_+(z6jC7+067Mq*{$o#X{Uub
zzeE1vsVxuQyg8*0eWPqB0xv^23aK?M-_8&OEi5)Da@5Oo*%GoU+ri0*`T%t@aM?VT
zvS5d+{eW^(&~0}^Px8QJ5QA>9t3QS81MvwgTEn|QEx($>&0AJ{2mT;7F%i4VIlitU
z0dw+uayGjC?k^440bD&-*Z4lz;uk?htZ=wv{tizDpN>9ugGMruLk7C2yevL0pm*YS
zR#0a47j{d#b3qAqc>NcL>P|ydrQlC$=X8H&0hc&-U$FKOM%y3HNJVBnT}J7Qg9!JA
za{_?LC!6ust%43yi;`v-4+(anD);>q{H?lbOi;`_R{)A)0>C6g$m%T<qP~a<g|Rt0
zeyn&)4xct}J6oJdbtY^rq{oY9|HI$z2pF$eu_`v{Hq=>x^bnOdikbnn*+Vs(sqK_9
z?IPjSh>GH_t7yYnmS@S2PBr*H0D(Y$zk#zW$<DfZ4lnZcMy$$9GmbF@Qh-Vz>YU=E
zc%ewjhImv4gcPy|k_LKz%hm+FWAox!F$GBA&IV&VPA1f<y}J6a9^S|>uC{~+n#Ih+
zI4%pi+y+O`ezR8})>?b@{Fz!)3WH2j&!FndEo2xMN_yZ<-!@Q438}>%prm>ygdF=j
zl5sU!?=|{TptPHvX1A}(Dj>z=%a4BGxz6Z)G<CvN<C79dYR3eBg}F>hXJ<c`e|#fK
zgR=2aPV`8P7VY711`c0DlvPLGW_&$L!k`1fD)eXG5Eey+>jgejCnYQrr*m_0dq+;M
zFW+)MF-@W-8c(6Bv5-OV)M0KSe9~9Q&z2qFy=s<{a%v#2_m;s(Go{sIMn|LX-qUyN
z>7{cIX9^2VzPOZs2=uwn5osk^DVbV>ZwQ-UVouYuY}<4n9QYdiDS!tuwA}~HpY5}H
zQ*Jbe*&Wc4=wuE4!jRgwIH$mbV+!o@fw}hR#F|Z%5y8(PZb6`~LBxB|1TWxQ-W29A
z4e^}RJ!9y)Y{~xl2QFdY2Y0?mP%}~S<<;rGk^hgbV?keke0jyn!YJL*$rMdpm!?=o
zd`9RY^E!+_TQvWd4~Mde!HSK8VCuhp^JWCP`mA4pw!aBy)tl4l)E3CNektUq{<~<T
z|E6!d{WlW>V+*|DB;Uv$sPLuq=NIRd_LpQND!IG8dP`oxrj}MhHW`cj;~thjo0O&3
zq417+<#qXgk2DJ60>vCD$i8@$DE4RU??2;I{wq<KNe!eH_D|(1lAf1~+shkt>99a9
z_-{bM8F)}$U=%}S{TB5`y;`s9)f)c)DNilCSOaGZ>lRq*(8y9KLDlYgUDjSl16jGH
zgP8|1H{|lQCThQy!>Pa4n5ZxLFy=ui(dSs=(yTFmvac~h`(mHJ5*Brf`oLbY_u#!5
z#Ueod|M!1M!f>2B31_L4O3_M_9KORv?1CI&pmtQF;@^+n5rz6m>Us?qCyEOB6@s#_
zLO#LlKq2G9;)lt}GB3aq4s=5w*@gph=GW^>GRCyP9-fuBgKT&^73<(&X{;6#Q9sBy
z%b`$zA|*wl!AX-&`qadIc09w`IU=anSQxc=Xn8)mK~X^r<dZub>IlyG(pJQzEKeaY
z$Cyz((?BSR)eHkH=(-Tf?kr#d*+oVc6w|0Fun<k6s)|Qr>;xBf224C3rB(~GVuRci
zzDK0Q(z0VpO(Y=#NifxcnI8#rsUOTWo^^A7F;_0I7E8ok)}koZSGOQTh0K6ofia53
zhS6dn=wn$kG=h=OqX6kz0&Rz{sBt4oB2)x!NT@C(`Vm9)YibAqs4i|`vH4IkVt0!)
zF%`a(<a2(%0Cn547H(5)Q~PwQc+CnYCM^tHt9n6cisevtVwnfkm)Z_~(1xKeO&3pp
z$C|+G7-+1eXtd=DIrl91iTXJM`BrNLm3OQpD&qb*ol*z=CSgjS+|FT>m{hL%ctrTe
zAG}xu_AM_fB;n-*G)`YG|CDlKhMd5bQmKLtfy#TjD2Q|_C?>Ye8}t)__M*e?GHJwi
zws$y>_y>?bF6K|p+{t7HyYd`gPp7Vb7r<KqfW0H~Mjx>LPUJy2`Lm)5#gttPggZr-
z!?b-cl*#G)A6EnytA3Sr&t!=#65lL`)s_Ny#a5oipV-^7zQ8*tb-Pf$e=Ahh6bj0I
zm{4@n3uoySU!_{i^@)Y5f2J_c$1sa|$(G}~rcEaUSmgL4oh?wEEPH_`_H=E3cEprh
z#m`#Zgu5aZ4rlZVwg-dZAcF20ayqZoy8nA>_&%0Fy)vBy$f<8gAw>^mdM^L3F3&e_
z_#t(@9x)ZMlGQC-@UdZhb^7T%ok>`suv=IL6#7TX`$b(bs;RERMff}QbF8AA`{zQQ
zF19$M)!VQWA@2vmkOch?gdJgjZ#WQcey9C0p1%%<BgNEmARKXX&|xqGVs<@7LWL-U
zo0O-2EDFNqXI$m4sIJn^SC|+L6s=#g_g-1#xAd()+)Bm!_|`8gf0C!zw3_%bz1qs1
zTd5*O<CY;43bPH=4^s+mp(@F$zh-MnuM}@fMn8F8$MQAZS!}YPeeJn_=4`NxyJW#6
zlh*cCH&E~XqRuceqvT521v?QeN_fi;*;~X;8hW*vhMh#1NlF_e;oB)4;2_o2E_h|T
z9RErkI>xImi^S@2-NV0fVmiaCe=uV(vK#?eB`^B<dfg6st&t4i2M&R+mmoiK#QAzc
zI$4V;8q+_*W@TVJNo*&7lzjpNRnA^=iSQte^7IuR?{RU~)ENlsqa%kXp~OibQ`H~&
zlgh+!pmh^yXvIJUk|~t@o&Tm@t@Zd!c>}{_yYq=Mzu5WiKVkw~uEY$1mskw-<XI=O
zaj;H{Z7Q!qI*YI5wD1?y&NZOP*py*#?Ghw0r7@wzTWHQM%Ob3QFSk8^3<q3u4Oq0M
zSGzD^izP#7bsfxcH87YC+M|I)=eCPrEOJU91QNoCA&sd$^W&BWW&rjrpOgZ3N&>_F
z#xKx%1KmWo9mB#uqnt@}<S~4vPYsxN_^|<e#A5dd%ULFj2;!<NfZUq{wQKBH^^_ee
zB;ey=$;Nb6=X_*;US&9VhBoaK2hQFKoA|ZlDrOvycoozvZVu`6t1Y9|>*}pqy{b1G
z!=~OJwoJX%X%Ff~XE>~Pxs`RTuY?wx@M;IQ7jw=r=8NUu(0|QXXy8|GS@ze+SP5L2
z;tJ?TWV73DR`K7Tf<)X>%<ZALJXxX!*{&FcMq3a_zCh1^p!7G*Mm^(A#Lfb>PQ9D)
zs$Feny{fl*{8LqQE<tmZFYLx>wY6<O@@mM(svondsS{!=<F8l^Z-+Mh{tmu4a&$IZ
z-y()fy_gG2m2k%uX%OzaLEugnZNkFrdq09*&<w`xJIyNdxEM3P74^x29h!Lz30D_j
zO83W}<$Qa8TYWc#-h3-uYgpCq6Wj4wRoow8dwh6!s5~?(t~YvvWAX-AU<FZK`pNyy
zidLZ+uuAa%IG=dQpP203$N#^*Z|!ayNe=zKzoMg?jma!Q5#ZZnIjfcA8C`oUMY3m3
z&Umg52!Ik}lHd}gwMydr_FL62G=Of9AR&<+Y0eyfSpxb|-RP>WcXitJ4zZnXz3VmG
z^(Hj!H0yoK>A_?A8~(Vq8;yD&-(hRmlzNZQ7WfM`h(!Bd{Db+MppVYtp3YUL(;sT)
zZ`!@Ooil$#|F-1c94Lgs?lWlGt-2$j=u0U2rYT`FicV<JLE%N$lEYs&8}%05T`}r<
z%XZp--MX{cy6F!hUl92xiT}hO6ZlSj`1hg4H?C^sX>$5by$$bJ^G1|AV=w-o6T8>P
z4tZm@dNw_xtyTv<OvAHSTiq0qW{UN`9vl2Yzn*c{4G-?RbLtn5bmcYD(bp+r8hgJu
z&T3CRt5I)rADLAy7`b!V=<t{D>-#}*=@D*!IM*=cIIz$+1?Zu0Q$j8)B=_hTuex?I
zgB&nkmvFOCvsvZMJV3kdH5Nn<n3Ia&CXs=RUXr`pum(Te1^&dkpVSwR8SU^fH|P0v
za_zw-mvEM0;!@IEW)J{_S%S9=2a`Dh(dl4sGww4rt?x{gjAgu1K%xNeTYzCx*BS1A
z7^D77UFf%gORG#JF7wQ7uCj6O;C4)~Z!!OYHh=mE?GP!JvES{tg8tCA`gUhvwfZgJ
z>IGfLa)+I!?+jaB$Llf=wO~B{MLMFT{nv107D=DvN94<Q?f|{^;N1oHBVa%-2THdv
z@k+vv{rOf1M%VU+t-e37noX~5wfxq9zykKmwVc3fcpcYi_k6EhsFkCq0eqBxn*)2>
zYj*~NX4i5W?WWc0x(#d4!4J@G_Pd>)2i&Y*F6=)oMK-o1)VJ~T9C&>POTh-d)#wg;
z7SLPQa=Rd23>z*S5!>(kzFYEMbAJonMkik7Ks|JtgJxj2EW2&nR?BtzC<+CC*1+$y
zgLc~=3|ftHp*~f@Dw9B~0hhU_+G!1Y&9-9&jt#ijb~{$T0f0CAzSnm;{ifGwmkaZW
znxs7gx0imK1A7m|sle;BtiZPMlmrdS1u4MlwcKIQZw-1uBPbX4W9pQ0%rf3(V0Yu^
zIZzL}0f=-R+Y0=l3s5^9z{Np-U=3|xnLM}M=?^;PLe29Yk$*uq7!BMqkaQK~y>_GH
zH+?JU*gyfh-L}>9Iz!8D`F+pp`hz~kiaiA6n6gQCS~%p^Fn*r{zt``zyRE>px^Aao
zwLIIk25{K`Eq7X8d*C-5ujKQ>6G>?xpQ&&1U>**<ekW*Iy><_8ogN&2?_mcvzS(Md
zJ<sa|1E*w|g_F}y)X7N)yL9^20snh~sbGA-bA<9kr-K6?*CouQa%CPk#r@K1w1SQ^
zC?#kH%V(dS{gNo49Xmj*Uqf4@XTUPrIOfOetHhYXhk=mw$7B_{#E5Ut{zF^lyU2*T
zO5eEp?Q4DW|8(Ve#eGkI;}FGvsdC>82%ZavdQzdj81vzvwzLQYWYgNlY)S>nRLyS{
zM3%_!_$z!2>PT4_&f*~Q+<`<+${<aZ{#Jp!j&6A(k4M`_bPMKl#v7Tc|BaaOpy!RE
zTJp4I%6u~**gj!eL|LO6c_k6+roI5ln3c**zYw>1+;gLyqfA<V8tQcQZ=e7hRVRmI
z^O}_@tSUQK7(|wf<ZYq^c&hk!)~SuGOoO!%zM_XUFDOun$9g$Nj^JBW#SL2SI|CkP
z(#imEqeDuW!&RX7v)j5o+&%;RdhWds{eY$YS|4tH2tF{wr5?-d#zVk88V<#tA00Jn
z1UQu%I?dM`<X;JYeK8tV&Li~PzDJBWB;pI{&(P`F)g|Gr$)EX3_yX+g0z`UMMcGw+
zF}atsGW5B>0a9=X)o~*AG}+E}h3}h>5pDa2FMQt$`hM3N4xerS{c$#2imI_!RArO(
zH?V_cwOgG|Z|B(?Q}u9IefuM_vPPS}LeAdi3rf^#13;C3;y7!Tj6h=mlkP=6L-H%?
zC{sp^AILnIU@Y7`6;#AVq*-lfLUv{h;W^n0qz4LyL(gyZpK$()UvI+~5%EJ->d0Lf
z(e4f#TC|~s4Xw6gw_3rjQBF;Dx>1%>@rahR$*X&nU-GI(PDc@3Pu_x|a&*KwEB2?7
z2~m?;NY=}LT3sTmy$=~LK7=zKeM%|-C&g?=<*J*ev@n#&+A@<(ZqmgREoip9Zg=SR
znJRJ_EyBsK=zznlPy15gX|2M=nFAd6T3xs;Zo7x4aW>N5NP>L;I2ROt!ah`{-g$G-
zZS?)MzVTDK21NBUY8+aTxkyw%!?qS{YxTNbKiC(494YlO*pp&ttLmVwn=`4o7b%l|
z4l%l%ow?@Ylt0VR`*zUvJIzMtF%uERo*J4&MC!}Ov^ACMOg-o|U8n8YmhYlPyYD)d
z+iJC}PTTGd?WW)B+ujDw)Yp8&8Jk2+ez8egKI1FGElW6AQ`tLX=?Q0WpQ%QaKSa6J
z1WBQPNAF0@)lawW2!O;4FX{`bt*$T?QJni*<g%b|dG-gIFB0uWl^HY=li<_OpO4?Y
z`}~;=!e+wXE5{(HF@~`kC!1u6K=C8UZ<q3JzYXtBgQ2?|FQopYe1avBQviSP=zi#m
zAC$%1@K}xEr^}CU??l1YiKHtlN-|5O5N!{C6y9q#+WW+mltd$Ni~c)75x-IV<OM?%
zEacTf_{^e#rteAu^T*I!@oMN&%SbGX5vG?UxhdQLV^C_brg26mnfHdBTYnzTXj&(l
zvJTT1k#XRD4bUg}1<=A5KwwD}1n|$o9m`{0KylS{{8ppa+PTK_J38DuW#kR@v$o}b
z=JzB6DwiI)hIhy)cRo%%Y8@Q~Fj_c+A+13Zy*?7U-4<M^LqCax<+9Um-y3%OjjlCx
z8n)HyI&I5sprd(j;5S=?VAyR1Td>p28z;q2D-XA1s7okrqpumGB0!ekRm<BX_+5#{
zYKxx$$#G+<NgkNh#o_GgCJe90g!jyU@vg=3`ux;ARhCzvq(~0AlIInKi|-sO*U)GT
z0@p8@El8oU=ALFP@-FHa<1!bu(s^St!Eg7ADQ?;O@D9k(2~A_k6X!4n3!2QZCPPI2
ziNPSC<E^k1F1iKG!?Ey^GuF)#WJ9f>#ir!h32JG_z?$OBSR?0=D7afwobzITJ5fz|
zYt_)nivE6o%9DB4;)P;8E+4Z3V8ahChGM15aP0$&a81AIJ&P`*yQpvnY+Ki3xdnPi
zmituXQdN2GI^kp#v#&FryTHY6+l_w9_x6Rm-i&2cI91u=+|RrR=2d~GQUt5r1Z<+k
z`-@XrsInTD#a#>QAE{_%tWxKH9J$JUi(UFo`S65ehO9cU2D&{eH=b|@krf5p8>}F)
zNV4P{*Hg7G6T!AOk!Zz7q`|NXdK}?_WPz}3=3xLMhtu&r2__@xfbT_Ttg1Q>U`dBd
zO1lqz00ooaMj-*_H;}oIF^};*e}tG*#OcKK?M8>PI*(>}NJLs{Y!9h__s^j&55wcV
zNoVg)7t$~?dvV@xrt6I0lUZKS?D^%Ci$U>?8{~8r5rb!ITs|iDK|S7(ZYO+P=|&+J
z1Y;jf(yGU5O=kfSp)oAs^$6fEvXnuvxP$pBxS(dkuabIQF0P!_`P@N>LCQD#f5?9V
zLrO5`)e)X-ce)s<D*%FjbWC)%p{nAhtL_$`{peWi5z+f_?8SY>aNzDXB)6y@eSh}L
z*%fgCfiUwId=fw?;7Q<fkO3eRa=aTm7^!=txvq5HL!0{~g>#no>6_^qJfjYaOb<oL
zLAp5NtsBJ~;Vw{r9AQogPo`6t%}3A~_NLCm9Pepv{k)qfQyO}I;C2VS_7fJmFXGw>
z;dD5<;kl_+7Lb=U7p%CS)%2R(UUyG~hMxesBLp!V`tE&(exADb7sFqJ;L8!b4TnJb
zzNFe5+G=%a9FDvqU1aL%@2`p7r*gd*2+w7uQ6rsd`Rsgg=QqablYc^>@JqkD`0@Nb
zQ`7N3FFt;VHFFz(YVOyQ683`BvRV|v{<U00BR?RG?#o8QvitCp;1Phcu!A!9aRC$N
ze<n)aOWDBU)halJV-|)fZ265l9YqXdaaT~<87!j_7O|l9YV%6Prio$Kv4f!1f5J|H
zT+PQMs4u}i;U!N*2^k|b<T8<k9W7pa#`1?j-z%qNY^er+1x6n-Dz!57eX;6JRrH}!
zF2|Iy57a??`2{ALx*LththfzepoNtzFq;XMC?S<wn8X5c^9!bk8gB0Ho$Huwq7y>&
zro5u&d;*=g2}9tA*f&LLptNFgeI!SrYfUV(#ukPBsCJQ+)G0thdTuXphJ*IgB_YS6
zoD?G>(~$3feoizOBN?1{Ohcd@*1)!%M%j!M&yY}rZqNh?N#DHn!>sSG1Jvw9NLU(4
zE`yGX)lOvs;u=ryKz03$w>Y8a6`q{9GnXobMnQ^>@FsghMtC?d{r(Diu@YIEk_x`a
zLX<)&%|&Z|$x~^OdAQ)k#qMu_c;iQ9RAYTKx0_vmr`u|HPZ!O_eKB87X%^~q>A01g
z0`F*HM{D5ujc(cKUK*!h$nH@NpYR>=23X<l221eK{jglQAv9)46o!5@en9cCpjvxg
z7>^x5!1HOyvav5hGQ(*K;CJ8!gP}d_K4JV$7JeiZc`9FHyatMiRWpvW&Jx!vV>hz8
z9oueyclH&><?>z;q5oC&4yUl*b02XZj?-wms8neB6gXv~BPN)z{c1TxK}@$wjF4dM
z8>tu}P|e0)=s|&9ii;Fb(S05)Msr$#;{nKpPLV4%Y7<rNJn;WUld9)va~0Vny>wZ7
z0r?DCVY2`s8V)+1J@lS1qj9Y(IBWKZqOC1|+S=l+EvMJ_TF$;w9(O)>?>~=&>CNJ{
zl6Ksw0=aFVK#^$0J%yAeDy?FVDWwuIJc;(Idyv{HGj}0c7Wb}k2vmZmx;LrG)xHb9
z$K^|-eC}MbylS!F2&jKtq{UzIM7xiz7f~TifLAA%m<nhD)CWHJ46y8`h+3oHZZ-!e
zjh_8<$xuQwdVT#9;nl9!(}+gVEtbayO4N3mWjmFXMv1Zs0-v;#J>nOCZ9pR(VSs3d
zx=}sYC==0A?O#W(6*r;UT(~HQuu(<KCCzrT(;E&R(~F5`Uf1|9$v4lQOAkW<5z!T9
zR@9$262K+2w`6;Zwzn`Ld&euyU+JShr|t$Bb(I9TAInQeYRa1Ufkyo;Gl@x4S#Uol
zbCQmx|I19-GPh_gk&3i`rp-S}pN<x(2Y{Vu9*Lh;H^?wZP0Fk;h`N?kqTF~D*9&*C
zjAU+Asw);LQVZ|uX6Z`P87k8Wb7Npnm_BKIFCzmsNSj+6%y_nGcxO(UYuHm1K1D=>
zMx{|UuvGVONVvX7LYq#m8|O)eQ^GvO8Mv&#<3>kdgJi^XGExbDc+f>6wQ6U(T$qm&
z()>ryh1u@(`hGun!pZnBh1`5JpjCFwqJ`23<cv-?DCb7a-lRnY3U-&Kde8)zs*f&S
zWGNFS&5^ka=HHM?j4mD_n<K301Y!-Z)$Q93uiTSLAl7VtHy?uC8{f;Ph#0i#j}i1d
zr{Q+=8T-DYk0I`V#qZ^F;Es|CPt1Bq*fn0wd>+SZ+ud$QpKLGvd7cuPm)Qz$19vfT
zXL(s|SUwxx(DK}l>y+(Nx8=cBY-HD?sTc5M9P3!hc-Oxzy)OYxlnnb-p<E+LkN1k$
z%yaic=)3n^kkL2n@`f~GEC{~jHiqvWx1PW@-sU#%^X8X-=#BsPC9USDcEI2J-1-xH
z7ss1Q_gck$w)Q0E(`{fcj*gORhD}JkNUYJ(yo{IBOuo&mpj9L7>MoM?4BUDCMU0U$
z-aQG2EIfkxi)W}!v)#ZNYW~wDD{q!#rd1$gU=hucWYCPMXRw)NH#@GoXB?!|IjfmD
z-^F19$VS$GI1f{k*Jq9EsOiO7(@5}&Po31U?zb}fn19iTRK{pNUr5CpnQ^rXIX~T4
z(`<IFE0|1K*PQbD8i7;Olyjr&HC8_ICiZ-hE;^GB)C&Tq={KLSvHfB`yLG4N;>C^}
zQ_&F+HPLb)(%G0}qIh>oTq28h2ch2Y49m88ZAo5#R;VN6n#jC>!x3o|AWJbhT0w30
z)O*+UD0{*!VE+}&W8+fBlP4Sw2cbL1qYc-ztU<g>QnV`IQduGkvW#OZ1CdF9#SsV(
z;UWP5&7tS_)7~aeiH1;9MSy6^y{u^{v)TV2wJcWL-op0Q!0-9P)~*976M=+0d&$S^
zv#Za4R~PTjK7YJCJ^pZ}q#@L`y8e88eSQAp`?J$jLtF{wyP(an<-?>wNyJTVlF^V4
z@Ma!P@XN;CFUEcyza6HQ36rnh2Y2k%W|5U_MPf!V{Pz@V$<ra?9*9`RhYG6H5l6OR
z8g9z$J)nY`&bCs(U9sc!n(dzZsEJKvWpiDBRukprvtz(Rx<--VI0zQ2-2!;3I@;Re
zt*w5u-|3c<r<oS;Ewy~FS{rv8*8sC4fT(k?*rwC<aJQ+3TT=bo7%V3XR-DW30l|_}
zRD{NvLzk|4yG>!<%}epR$x^%-qkRn42Bmm6E4~|~i|@uCv7H6W7!qA3Sa8|IF}c})
zBj3q_wT6du3A;tzWe=qjZ_1gWn+2<|f5k>%Ezm=+BH{_EDX@CaZVS72TWEGV{Z4E6
zg!M+n-4@`&_Zwv!XiM;f&N0$n?7OvGI4&cs*BZx#-mu-r5~+`2D}UHek#IFPeU&&h
z=bqTJuxO&)5CN)uN3%{1?$GvHZErn)tNA{BsL59hwPLwoZz$`1LzC_zh~coplmclx
zD4$mp$rJ<f0)#h5Sl%0Md0xEmhNot)KwBDw%r8QGlM0FCNU)!H3BYH*x7TzV!LU7e
z_L4Bf+)RUj>X-2XpXOgNJm`k^u&{?UY_#0g_m*4$HHBt&+~D1d+Qo!;NZA#CRgHHZ
zMN1kR$jTvnrmS@ZKF}BbEB9hR>@z^d5D|AcvREd7IH?+Sc&I637?;4>W2Pu2Q-=_N
zwL@tZ%vwgsBIk6}Yzb?*oVqDFSN7*a*J2Nj^acV^n^a_*8vXk-fHGfXo<cwM**uty
zfrxzO%2GBWpRX3f!RD@3OA0A}XVdJtwL6_@f*PREECVNd64LxTbQO;iG=3gWwyql0
zS4dV&uZTrlwBu830b)R-z-z=+;^Of3L~LNmX{I*?l&-$l_6NPz6Ba+H-;2x?&LfWU
z-CwvGQna=P-9~30W5jn;cS2Kc!cbUZzv+pZB1Y>!!w=0C9yA4M%Eh{WPA*9iM@NIw
z;h4j2&~^Ln(<K9Hs))IW$S0`GGpD0c6GqG<>kt@`ku_-a9Di?9)vQ*BCd|mPfhfR|
zm-3-TI5p5TPG*tVFgXMtH$9I&Tzt=|i!MJzGATqjSF%EQB8%VS=7xxpSRrh?3pkkg
z+#<7WGDEZ*jg~)j+K*{}@fGGWoxxXm_iXQd7&3b@52#fg1gX{LUN3Geti20s=(jp8
zw={F_+l0B7XZc*;)=P77rVPDrONaqC+j}t)rPi=2?Y(cwMj1ze<h&*{-lAG!h;+v6
zn}9A{BmrFWzv9sG8M5G|tiLgIVozSNJ)wJ--p{h2V{;jyYpwTxWd+2d772r!7b3B`
zK0A6FLWlPgkpHd<WXcx2;kgr;ZjX){o8%FAuO^9AH!x)qeydul)i`pLqzgrnZ{`xA
zL)^4|*bL)rBwPT+n}iQws9(eekY1hx?|X5~hfCZ2pH0SlU^4FZoBiIvd&;E-3Y(1W
z_OR0_$4RWDoZvZs7D|rddu}nt)r)xEZ1iq3=ydF!-Y(T{?9+$PURf&xOxMcW&Xn==
zhEl^kQ>+DRbvy>@>~r5H&I@GP)0^BD#*0^2jLO`uE85vsH*dVy8q&kxb6WOg%chNg
zXku4=UEC^upTc3Qx(!JMu*wZc#jeT)r=nKl^|g{Ol;yO4lW)Y5YMtcs_@j1fq_<Cz
zuW=fErNV`zgc(fjwt6k!b{lJ9>QlO8_&&x$D47R0u#>?&KjJ=6<W_4Ae>vTDvz#)E
zk45n~CF3D(ThTqD8fWw9-`PsKC+V4Z9?K)E2%FNQnI&5nZ)2jBDzYK#X=tl$$PhhQ
zYg^s9@2d8H22DJfI`BM*4>fB`1eTMND2}&%@K8Ozu|-<n7m5cKyw(~<lGecKy4|Nt
z5@YQhIl20H%F7<Fp}&J)m%fF~t)SIz56Wf$w~Nk8h|(Yde|~%RA9)dX#~(lZw5rVo
zHp*)N{Xd^von@l{Gp(-9ez|!27$JW8`tEAY!koejiG^#XGrC%|X8Jyp&FdL|k6IMb
zOJS<W1+;m1Uboxr^qT|!F^x6KRiri8q~1RpZ62yD8y3F*iigu&J;B9B7Heerfzx-(
z_J}D=<YUG-Tkm_2t_ofw_H8wf`s_f$TL1uB5s!WlMq8*W3RWx4qOu?cuG)NU0?<y!
z=eC0&aMDV&Cxr*>g68Se@Py!hzGG%7-_5B}=&{rUJPF(2-ntDfuQ%}1m9zJ=*z-zE
z!rtPZPvQ@)^bBZI+hyf=tUP)X&PT9A19zT6q+f4?DM-x$FC8oj9N%K?bga|yZ&`=?
z&al<?`%fDSLQLG4#D=`%AI`1A1R7X=&uI+GG2(B3{LA5_6`M8-Jc);YU5!K8d=^Pe
zQt&5^OnUUtBpomO>upGDQ!xwi-R;P`<!H1i(|Z=P%qq9rT5Uy(lXE@nP1xvoc5~1i
zJY5>VB_JVHnDg_{c5x=sPIKVcI~V>RPJ%Ye$h9rf=xilgGw7Lc%`ajq_ne=u61De?
z(x3w)!jeGZhmx#ys>0)cn5?ZE(oqt<>AFtaZ8aWK^rnz&g>L!gS=@dg?}qo+s0192
zZk7ylNJZ4AMb&$dQ#*AUS&5!j#k1N&C$P&FHBP5R%}*y3F6q}GXj=TZM)1r=!5m?!
zk)Pe0kq28*Bi8{MIxpSDttbn~eL;_sSe$Z~5aaGdaM#eUctKNtb)6Ai9ab5>-7Yqb
zZ_1j)O!*u|2pXPE;fl*CT0rD>kbAhcXq#C$9@7HfG)3b7HX8)xE6??VX>OgcH0kp@
zZpUr5pKw)=58T&2;zvRf12Y-m?)jGJ0#smW1&!vwE;}wooYR7|;6pHVrweVAT68>v
z2XGHvOl$JdauM=>JW0yax551>Cv%u+ompiQ-QTlvR&U1P9k566WpD85Rd7SG8DmlS
zqf6k&mh<48Cwx1B!yC}c{(>8OBg~0+JcfbbA`Sm<IGTzmIR1I^DbpTMA90KTF-P7#
zxxvjeYYgRKlL2pt*+nEI$MJ^VQ_eqtmpDy{xH5?;y|rn7Q;RpX`o7=nmW`~N%1KO)
zxSZozT-;~Gn;CymU13;-9TAq!<cOF^_p>{_XZ7iz+2{AiKc8KnUHx))bsfjF<BRLd
zcjq5I^O4x&pO1e$KS?~H4bP6RPJa4)dHmt0>r5PeIf7r|)TCm)-=V1!wiIOfF|&hE
zRp|p~Ce7!6K(@{`>e@|bIP5&(c-P~Tcj7MKyP2cG9b2p^CsUC%95#YZ*?HMZNwEy;
z(kE9=dT`(@58+QyfGBLDlG!7YfCuPM9HHT89FR%qkA@@9<=WZDCJYGB)`X$o>e)T7
z{e&5p>qHRpzZ8vwk1TiUTfsl9AQ-l~!|x&vJ{g>o-tQKFJE<$f;3b|YkwXRn4PQr<
zhEIm`a3Zr3?=V=MyR)WZ)(g;rj_r2)j`ye@PrL%NR`II5%c@=<3o>g6La^Q&E7jsz
zCHw$2|5nD#<L1j?`O>1~-=BR*#L08b3JaBA!K$UA<8i1B<KxXi@$AUSfYnq$ym3mN
zKk|C+y@v~bj<Ip8r-bJ0LR2GUQ&H}#raX-nMW%%2rYW1rDcQ&P$&G#)%@>Hrb9V?#
zS^k#mrsVx~QNS(3l#F!{GZvqc_17jhXd9+H1MWmlxWSazKNEJJiX2y`JddtG48DgG
zzE+I2J{18QpmKV4bt!Uki$L(L!mFE)!4D|m)rp9IGo(%xakmikTqJYE|EgKb=)<D|
zR?*t`7}AZaSz@W%H?%ox2jmccv%By%R0oLoS}{+JH<|$Y;ncv`jwZ{=n>ll=IR&{9
zE#EI2-`0#6r<Vf%a!*yR!34^1ReXUvFaPpfgfojbELnPqZ_T1ASh#ZDxr1Pw4aO7R
zX3zqEWfKr0Saw$RQe$dSVzJbqL^joqg1P$gMqy(}DMs{=qp6o^N=QRPOv3F=EQ_{V
zungDm_>E*BcOOlQ$A(SBE?|TYj|uT)2}vz&qiyDa2Z*zc&$T#^(cD`rKzD~{6nK;s
zXB1i_&#1x$rOv2qsvRYHMzf=&&Zy`iM^m|fuhbIW!Y5j11vmx%$|YSjq*Mzl<yBc?
zT9lJhU1-GE;+92}uS6TM(=`F`KHyKTpEY6;AP?Nz%%O#$QYD&!po$RFQnX)DNLP0#
zhjl0!z5Hmg7J5CY3zM_elhHp&h>_fsr>jH@fD6q)!05gtTuLB^gzF6t39{7i&*klZ
zeT0X>?54oEl1X5}6#FZxnj|Wci=(>uqQ*o?x`cR}7PQurtIC=<7Pr<DuF9HM$Xte5
z#lg`@u3OA1hRufhr}|@$8mFP_hl8~qMfTE%gT0ab2+haC_w5VbWD;@LBc&_EFFJWr
z{-QcNhL(5{Q6fr%Vd-`DBY$f*xSaBTF1QJ>*-M(o|I@*Ja<s{4O63|cm)yBy7?UT+
z%Fu7N-YgM$O2is<2?Q<l_ZW~fUfkwWU0CkSx?@uAuGz<&L|Ewa3B()=F-XM=W2JOT
z6sjm2%@L(5mkxWH#B?05M&jb{yHBFU;RV)b&Q`QNp6YOfes2Il%jC57K!!+vY1a(0
zuTCgcYyBvaEvv;*<2|TU!0Kr5HljKQEt8Qtha8B+Wy6ef^vzMm(3lWrsesMveZ@Sv
zI_5su@I?OUXtDIZ5MaqE1*y!!1y39B{`kY;5KiYER-d4yGfLIuZD174Y+=Fhu#oB_
z=`CU~Ino)lHb)~;sfNxpVs)N>vh+YDIg3kj%s@l_LfmOMamR2;0aC3H4BQ)wx7JuZ
zW&3%usRe&Oyy<bbn!tP&MXbWh=;-tcKSiPO3gz(EX~o2=<@C!myqmtxI8v^oFG&L<
zAFa}^tPM=Qf|0TFs-i?P^t5@#tHRz9Mb=;p0U9(%wsxm<cVmJZ$Kz^$`F6lsWql8%
z*+iAV01hX7oWP(L;HOKEhCG=zsbEIAt}pXx+qaZ$U>z~R;%EwdT!J%Ew2Y`&D1kr9
zDj~voRzbj?DZ+b#e%yv2!p%LkI0se3WmWxkiekStey?T*Kznp%fQ%kCX8=xjv`{b~
zEA0E%TnO|7@E5rQ(B%t%W|D)G;v^Ly4eTUWRVP|j)8sKV4?NM#qbR#q%p+Q6Sk^bA
zIrEr0nxr)%)tZ(r((_p}o>)5me}+I?P>*ngtcVMYVT?<_GUoObGM9v`rp&6*uE=(K
zLy(UdOYxG-T!4+dzxY5Rgb(&)hOx+9T2<RjoTtGZiRRv+4{h0h5Ui9N<Ao+jUupPU
z*Mf26#y$Z37CXCUXyC^59@BRk$vy0bMR&nW?SKFFRJrA|8#vIBY9hhI61(04=bR`G
zl+QW`bhK4mGi&w7Wteqp>|~PL(Sp?+Rta*<u_mswtSxaB>&b_IY(i$xGo8swQowel
z5<;8kS6qEcsFb&VGqln1FgkPO2L>{*KdPuSSM@1btU5Z%zKw5vEMu1COyWQ5a3ydl
z=cSfI`P==16^exmcoB!8MD@i#=&M?zS_PVrc|DI`tHWJ>Sr|scH|D{_+tgX7K9_W&
zBY0S$zhQzCe2iV_Q~ZTyJ)xd7M;cd4Zpy~ZN-4|Y36hR~_^feFd9TbW=h_F}fx3+-
z6gxrM%_yfvQfz>AoAC$AZf|hu!!3fGg<h#9Kh8Gdqjq5BQx_a|ww%w#IdUog2Kd2p
z)Ot^sSK;wrR6pSd7*>JhQCV)D6~=y^4vO{KJ*CeJw4($`WIr-ni({v^ql7dh#aOO;
zJ2EQcfT$gRC0Gq9z;agO$f!E|Wi&s^s03>0iE)&^zA!WW=qSky)zC-dC~I-ADR!90
zws7a=eaiU!NFU=JE66rUCY9XcgmbYb^}K>TS=#eh5kNDRB|{tgBi}u=B=M9eEl*1V
z=XU|ZniLCvKK=Rd?DUFAR$69@!sxqD7N+Lk#7L5V`Fjg}M81xKyVCTnCm*j8s#cL+
zMOnrwwQG`8r=5>-qdk>rGNm~YvbBScbio_y8nUrCGUCWM4`+if`KO~3Y6E_RMmd(3
z=xnJlBQ_7)!1#ut^)ITJR)dNd%pv4n#KRlgg<p6~{5p{>t2XMVcv4MlO;fjkX{g9Z
z+byDhTGA>$PWim#kZ{A3`W;%|XS|Mbh=I0X`hjp>ICy8KBTg|PsuQ?GQN1}K%NgbX
zyIm}1(aXa_nna<#5X7Mlm(L+hDRL;14jl@@qz?TY81xW<L1L$I`<||^!dm4d#a5+@
zsg)?g81KoVj&$qak1IX!`1P|V?sDqZAb2x>6}*ke)cQJ1aR3JQR$|%*56Ripu@Kb(
z=na_i@hIt@W;#%nS6DTEFrSC>m7@<~^F%#u>T)i6X}nI-gK)*H498KuPd>&xKw2r9
zK^?ZLJwY7)5n1Ur;^Guh0w*3BgOnO_&oMXgO>{1~F{UG1c^gUg?GHk81lOE+Q<K+!
zP>r07!=+DaFOEmSlok#X*+f6btwaIF^>T9VO0#tmi|q;Is$inMXb~sh#1cP=9od2}
zFJ1eUU=dP^ER&;cPO{>R?rX(Se@f)x-Dnti_ue=l6`Ey<rI!bZ%B*)6yEhhH_akW^
zO?pSObMw4?Cl~MEod3ub5E+$*T1g>)naS_+;`+nKtFsJ8VD54L{=?aiSH~aDFW$@P
z^3wJx8M~5M0IM>WU#x9_|Jcl#G^tb8V|ASfHs&d%|G5!pX+No5kuh!%(hweA7x8dO
zlQ$pw0U$u4CSo21Q^o&H3n@IFKHpRvLZi$V>l1|(^y>U)6?!=g)eYXH_$BFoElM}W
zNGwORwS}!MXl-F@%V`DeVL7>&sV15hRc2Uu^Z~&kS!!A%x}1mVQ<{}L^^6w<PjsH9
zpQKZ^>uC0C>f-FQZZnZlDJLfif9?A&rig1I?8^gScu3@CvEw2uEOI+H-4`SEiaT@L
zBOjR8N)RIui+Hzz_k})$qcjbFXjwJSo%;l^1!la)K&)vnCO8S!vtUh%#Qu4mq2I7u
zPdJ+?H6CLz3Z~RvO#<-yV7B8i%S=G2fYs^`8g2UzO9Ep2ra^GwohHJOJ6dT8fT}I}
zc{D`_)#ID+h&hy1rr{m5wZzy}a!Bk+(jT8nYe!VS6!#~uNT<PcF>io>7ThvzPU3x2
zG+-=<riI;V@g^|IIEXbuzrY6}@>wb&0HbOgV0A=g7le?Rq;ksSds24hlHX$i8R9NZ
zsb}zJd=cM}H94YqD>5B=tF0s;s{U<`%g%KzyV7~8uQ7U_YuR<Ino3v2NoSF7I6<@P
zKH=gt@4_2$3`g{SG4djRqMTXIs+-Adh#{N2qs2N}oo1uk>X$-hKLcbJ0-SaE9M<IX
z701eRKPfm$o23vonT(cf6jRw%!leWcC=KiuW^-bGao<^4z7<CRMDnF~i}|5bY}KRI
z?xQ=b#c2~Cr>=yCzen8nEX&Ik$SFN&^_`*Je$-Nav(b!37U>;-x0II~&@e`nFo)L5
zCK4%5wdez+R6lScNB@p#oE<p*=0FgXPOIDM4OChMLs9zjDq76L>CNl-=t!)INab=K
zOh(H|l~hhn-c(;5^2X>QCC+)wMf2sb^yK*U;xTD=1Z~OCk&g=;AmCuMoDTsd>WnLh
zC^IRtoF|95I=lXVK#niZUove)O(a3D(e!5U&zAtpRQXd{^^G0*8WBt6*|S-6SiF`B
zI!s{cszctO8h6pDdS%Z#c{3Wr=|MCER%hnoCVU;a6zJH)gSdn6Yw!boiq?l{F~ZtV
zh@u3(WyEw~1Y;gfxm(%DL)UBOX*M5?$9{M>h3$a>xDPIW53I&M!i5cni*Ot0Ja!vt
z;v__h#t=2axfo(K>p;y(CG9|)^^2`#!(nTgu#Fl?`@H7*yVgjs@aok%h+BYKj8%sP
zp~mGU$v=$1HcWkx-js8QI|S@kL}|z&@{98Y6+l?Yu)6kk9EKq!PTzh<V&#s<c*n<A
z5+#bC4vznS3wQPBa5{po^XY)Lg)RLMOlD|2IQKchV29t5AoHXBD_<0)6#pE7Bsy_v
z58<VA0|Lr&K%H|WE*&1vW@BF8!#d}eh9!oI4hQ3Ka5w>)7|ajZkcVRP>WqGT`!qeM
z{fVUh6Ic4dOL73;Ue`jb9-I936=)vC#mWnLW5pYP^rHH^ZUmm5@E%7H+j5X<_AT-E
zx8x}QooY-;C5|Tdr+yJ%8RywM^-#L<9RgW*Q9F<U^uV2seu;O(X*iD6u<`%dJU}1K
zY!5s*bX$PHVa%|+Hq`BTQLVj*KV<zn@RoD9Xe5*`YP|Og@j0y*HG04C*rn8-V~ca&
zp~Jp^sKS5QJwM=e!A3y@;H7sD-XkwFA5jh+;s5J@i-AFgJxU+g7}ErRKcL+s1R6)(
z=Hm|a=<Cf7L>c@@i?3obhNNr~OkN12bUuSS6=@{ks>R6Xf-*4t+83A}k1-oBBcc*;
zLV4S01ax5$=N+zLIItzdfon>H9Sg>+kwM^p!k56wJeXueYaUi9CDp0drAe&*1JyPm
zpBJ45GZ3nSsRuiMbbSx#IH_L@kOTegch)S{CFQr}XYPCg3{50<TGNi>?-3wxy#ZGV
z@`n0dmsd8l;-m^GFBa;++*~=Iol=k=FhGh8|AX}XIRaWeLC3j!d_9|m^98)++La%F
zh{#I{fd2p&^Wrv~AAPH<hfhN-0Ewt^Sx0Z=+1Jw<#%5%@einUCL<`dp7;ulh#Yta5
zGIj8A8e*D(ZH^W#mHDqZL!=o&p*txyO5fN-zdsA6i_z^&*KZo&**7!+FTk3Hp+62L
z9^fSYq6Z7EsL?nB6MeciIQ+=1f@iINZ9<ZRjpd160k-E2y;v_y)pGZ?-TUjzjUsG=
z_qTosVEMn`2%7tzvKH*8CAjB9CIPLtBfdgZOxwbwEBYA^j^Cf^fdmW%YCLkG(Qlgf
z**iJzsbXPPx2m0vb`)p-lvC5}iVdsY1e{o{yC(n%jq;v=!<E^40?n_%;1>CR-2H(_
z(c|w4M9kK(C&0uJp?d<5-l=Xsfa44o+)eAjBY8*zP@1Q|XK#;u0ZjQT?yD>p*fj48
z@TPCg42x*;i=JPS{0D!Z<d;O}_d>+d^~9I@ZY$Xxr3?Qk*Hmm)fNdg6t!cOce<`}Y
zHM5roN<mXPep;Bs_Kr2pE}4&ieK`;PrI!a?x?vi~(dJzX@Wg*oPZ&Q@0%5ih>^X=+
z4HHT5vVwinYP58MeJs!`Yk=<nS2L5i>=)HK`&&$NJqtYiWOlqA2jh?_YP6q`!flBr
z>NaxbExMQ{n6880sHqmgk2NiodHm~(bvNrpjTkf()f#z`qoNRBpWzmNj$=Zs`1}4Y
zmt{~!q?Hg~M-zT)T!T0c4`a5SdSP7BeW&JoDZmQxmmsd%>VX6nd@8<CiV+q{H<brx
zPwEqQ3JaXTTI(({;gl(7@1jGeVfWd=IfO4Y4(}(*aicQw|4GnqftUvRr$1M`v7MA1
zV}k_U!^E|7AjizU5~n18%CPYnmD)N-|1*1#I`49b44$>EMi;g#+p;j4NAB0azYefY
zkb>EAybUof-rg1ZvfzVzgJb`zPNGi{?&It8pQSdQA7#Qejw-z5v0kMr)fiG34(K`#
zms9Emc|0DuQ9e59x>M^VcB5rHSU({4i_i<l?|^_WXXJ?Luc-Ndurk9}pU3pYOH_;1
z(w*c>=4V^|H2sY^>e@9zJ{_E&{CtTDaQdi2AALB9pV-|RJo$JUKWX=ByxZ5#r-M(^
z-+%Zt75PQan6XozVU)M~%8V7vI&!3ROGd(H%o^f#oPG+kOX=HimzvbJQ%7qO*BUvH
zd&Lsa<MF`v??SA9ka57_Wtni+05_QnOAD>GNj|W=K8Xp|i{)Z~o(~dS)TXWhteOr^
z3#z6;KA^Oq$y#7C?=STn)YM(B#cPP&qhyAe^VzZQ&yT16WjIfy7hBY$xmT^pd@?x=
zY2q=~P{kja9Bfgik3}1pHBLn~4(Sj)1(`BmrpY|n1V+JsYdct^#$hSK<S?2xECpFr
zvl&<J9nZ1`FEIYO^4CuX|F2U2OZ8>tw}#dK{V&yj#&2TRGFzvD1%JM$QP^?^@`rOY
z!zoKB09E=ssT;8YRGHy)o5otmP)-@Npwv&`E2w7IS&Q38XvvI_3sSluZTt<Z`rwI<
zlO4&oHZ9nHHV&rhG{hoKRT(*c#hztOwHf$$`>WaQ&;uWL(E+c%je%FDNdq6h;=to4
z;0UI_&+t}O&@lbUQk`(^B0Zn}s#6kGs^iKd%6kcfmFWE!iN?u>F-j^p{1*jT(-2dd
zOAX!Vr9+P|+OW{ypn`Obz7o*T#%EJs-xOXX8gjXRj}ldR$;!K#Hu(kM2<Le%n1D@N
zB#F7M8D}JE>qgzFcan`H{m&Z-#HHnU!S6HA<KCC?dm1*3IY<G??ZkSo(ej8@b+PaH
zl=&@D=2VVw`qev*Z<^!r7@adUc#lUCd299^WvVgx9`(NQdsZGL{f@7e<x17n4>-6U
zO=x0&J^Y<k_Yy+@m>2vET|_ZLD^RHk(ByjsD&hN)d8da;DI{Qk3R(!L;MW+cubyd-
z*mFiy;z3yd#8XM9(#?6k^5hQdKaJuxXt{UpJr9aEak#Yv6{*SWaOt#gseEvWL~sd@
z7!F%W{xxzBaWen|0_M%5{G~ei&|hSi3-<7TB2sedNlzeC0`mC#Q1p`TFj`pr8~gm|
z87$2mLe%R_xgFR5lDx6>=0Lvq3lX1OQ(a4IggRwvt<OS^x>N=3gM2fvqj|f4oiy0a
z^x9!5fajaX+0^J?Na51F&#HgZ%HL;So5~9&Nt-=w462WF-_CKn(JS!e>ors>Fn-2=
z_WgTdbw$F3ViQeaQr}|M8`j7Rv!0=-mxf*;CROShjgw**F>6K)s_7!?H$GCn>qa4O
zgZ2D8o?SQosID8&#y8$&d*fRXvXQpKWvE6O%3Qrcj$b?&K2kC5Os(C33k)u$7qj^b
z`U`>c{P$&W&E!fxhOs;C%GSiX7uY6$Hr)&ANBAOjy$Q?UcfE!U?}2j7m3lkIYRkzM
z=9!JnktVyH&KOb--V`)`Y-sd&Hg-H4JD!al&&G~tW5=_x<Js8pZ0vY8c03z9o{b&P
z#*Qar>{xB&&>J^&MvbKQZVe-b-gptKynZiN;Lb5dtZ#(aScKkVqlMAixR{ZDVzry^
zJ{luR(k2>>58E3Z^u~sKyTMvo^TI|2Rqw1dBCKURSleizPNz2#thda3qreu%fUS)H
z-yVv>Jw^nCV~l`so+BW(jDR@4e!?LTPMRD#dlv%XBz5f0a|ncZxvBP_RHh-)pyB8r
z<ZkX_wmY4Tx5TiB930Dyi!gJ47SDb}{I6#}q7^K;qq5LW`F=#n@xL=aq8!BB#*xU$
z^6(nEU6v!!s!NQI^z2B)8b3P{Jv$QZrz6oSvhi?^L@QXL{dX?XZQb|gTvT`s8{Q4&
zY62e2xyUT|?6-5#N?h97;b=W^qOch8tf4m?-9M6sew8>-R6}oI|MyFOL%%kgU(!9j
zm5M%}oqtx*Kdb0BRM87P@+KPkvTxk4IlOYtSze#vPTk(-BXKZW4#uPCHkhBT-9@>^
zep*cEad|b9x$CiH+sim9_~kfoqksTIfT_Skno)QdqBjd>{T&3rJYbUFXyJ~>_ypez
zl!IYruRl#;@J~y;h{zRx{Vs_%<dsWqVe}(yGH>n4Tg-z%B<>cw939F9|JiB$+3CTe
z|LpV+uL24`E-I=|{7(n3`4d7Py*hMXr-A%Holz(5J*-Xxo%_YDPk?-LXv8`qT4|Xf
z1<XSK;)NJ+5-jC}RX6Asg{&T+fE{Rmc9SRBy{$_~F?oF!GFk9{gKixFA-9A=Aa@-3
zJq_!|N`FNPD+u@p?-uu>G(b%jX61!ISeZlg&5es2@VwF%%`3ft%?4bX-_un77so(o
z9V<d!An>vFKvXAxTaLyHbhg7&aS~$D#VCsFhmkjkt(0wLbq_2u4apnM>yhKx3`?8v
znkKM&^Wg8x5f+Yrm766FHZ=#uL{XMyl>1WQTTLMer+5YytQ5#SR#S`j1@LTIjd6s}
zv>fBl@kmnzLZ;x(RDL*7H#ENx!yQlPStF<Kuj7&ob@W}r{S(v56#kVrfGE|POyo}s
z9I($6gP>&h2hdFm5E;ia@Si2pjmvdrGmMYJo5++HT(bs$J|A|7bDU?Pre}G$9Amu<
zfCTObxsF5jJ>u^VV_NidL?gib%;yWm=er)=OzGhWH8@7Asn(O2=K7P-^iX_{!w}gC
z75mt^mmiGL9J$#iwB{(RlsEHep=fTfL_+Do9mEz&k0H(TUWo!$o8s#1`1I$q%vr9g
zpYtS~-LtxXeQfCSQ@XGGFTlomu)q=NztJrcE?~`r#282|`TT6_33ZIC1ofLbdF27x
zzQz}WM!)5E>u{W)$*V*9yc!oD*=RrU^uu;yc3ohSZzwT~zj8R%V0oM|Ub)GfxDpBD
zYz;4Eg$Vs?Q9OuTEyqEkO)GBn(-Mj54f%HvVn@k;R!&TqOm_=4B8v+K%T|GuFeMYb
z4cq}%1gZN$xLjzcH>L3ZW4^8uL&`hL4?W%R@=}ej#~eLg4x?kvuPH!CH(Z@wbKRaE
zW366|CO25eK-rSHdsk;X2GUnPj+x!yoW{HGCRDf#tlRME0MOK5+``!1_Us?<=Pj*O
zCjWlDmT+cPf6$up`kQ+^%U9dUS6c{BD@3!c<*Nh-Z%kRAo2uTNqCR7K)+bNSm_yBn
zI#IbpY8v<xBrdkrr^29ONRD=LshCcZ=9?83^@m@Uwur@JElXCm!^^3_vP5k|?56mx
zs*gRbKWF~(^uwx8GeN_<TCZbVug+&_?e#kP^`<=ye;$9mP2+l-+pM>#UvG2g>unj=
z+uCNmE&Y01J6~_xxZd_Q>uu}T+ur$lJI3{PwpnjSzuwNy*V{F&x4X@HyZZHZcfQ`9
zalO55*4xvsx3}~4_KoZ9Z?oRMe!cyjuh(vv8IHzQ97n^zax`|o<{Tz#J1)z_X6>HO
zvdxT^f4vo_WgA#6d-uGSZDzLYt+*}Qz;4;Q=eKM#!)0&9aoGlz%icZDWt*8Udn>NX
zHn3gx?)fg;%y`*babC88^|E)*d)a2@%ifCnvJLE)y?g%4HZx%MRvegZV8QI&^I*1_
z3A4B2!fXQ@X78R4bIg30vlSoa82B(}_k5URf9AuSt@tp<z=t`z=fj*Fh1Yf(FO$k^
z_k5UR=EIz=_%O%7hdI0F!yGdo=4{1>IR-w=*_03CHq(Ene!uH4`Bv$ssIJw=o2ah!
z!>UiWR9%<0T*tWF0(h(+R<qnqvADG5HjT?IfWrD=HOt);flFI%%edSE*sC8_v)rBI
ze{S2j+yVlWept<NHx-{sTW-g=+yb(bept<NH<g@9TW;65+yY{gept<NHx-&nTW-&|
z+yWAlept<NH<g!4TW;UD+ycUqept<NHx-r2V>23NKBIu7WEfb-X>2MfmAB*^)@nQ6
z%EVmloV&8k>{StcwP9f0l6THw*=822e~7x;FtBdPJLj@&Gn-XJTWuIvx8$93TDF<h
zDx$1546Ix7&bcky%x)FYRT~D@EqUi0mu+Ubim0j$1M8N&bFRxavt30r)rNs}OWrx>
zWt&;AB8qCmz`7;xocnUj+*c7jwP9eL;$!FBmt*F>im0g#1M8N&bMDK@QEqLgf88>v
zw>IUzMAS$TU*bF7N4gOga)}nb1xjx0G+YYkh1{M~pgS9bZpb`UX2HBIiy%GXde+O^
zwPoHFz8>W-eU_x*XdW#tS#a_x%chAT+8wLWw(PzdvVvJ3)@mq2!Vi+s3rfU=e5xdF
z6DdnHu@ZiW2|u&R0!7sTAP%YhIy(@FEQlr2sia$+^QhSa{T}@(wO3`O(^#2Z6=$Z~
zau6;Tv*m&%{`}Lo{|``00|XQR000O8hE347Mh^iN9u8$y&|GveLz1@+0RVbBmuf8m
cF$0E8(3hSq0UHA54wt(v0VxLkECB!j00;4!RR910

diff --git a/Solutions/Tailscale (CCF)/Package/mainTemplate.json b/Solutions/Tailscale (CCF)/Package/mainTemplate.json
index 24050d808cc..5f88745db6f 100644
--- a/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
+++ b/Solutions/Tailscale (CCF)/Package/mainTemplate.json	
@@ -4613,23 +4613,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -4735,23 +4735,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -4850,23 +4850,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -4964,23 +4964,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -5079,32 +5079,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "NodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "NodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -5203,23 +5203,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -5317,32 +5317,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -5442,32 +5442,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -5567,23 +5567,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "LoginName",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "LoginName"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -5683,23 +5683,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -5799,23 +5799,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -5913,23 +5913,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -6029,32 +6029,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -6154,32 +6154,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -6279,32 +6279,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -6402,32 +6402,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "Hostname",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "Hostname"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "User",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "User"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -6527,41 +6527,41 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcUser",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "SrcUser"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -6661,50 +6661,50 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "DstNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "DstNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcUser",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "SrcUser"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -6805,50 +6805,50 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "DstNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "DstNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcUser",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "SrcUser"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -6949,41 +6949,41 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcUser",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "SrcUser"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   },
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "Src",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "Src"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "5h",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -7083,32 +7083,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcUser",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "SrcUser"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -7208,23 +7208,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -7322,23 +7322,23 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "ActorLogin",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "ActorLogin"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "1d",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -7436,32 +7436,32 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcNodeName",
-                        "identifier": "HostName"
+                        "identifier": "HostName",
+                        "columnName": "SrcNodeName"
                       }
-                    ],
-                    "entityType": "Host"
+                    ]
                   },
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcUser",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "SrcUser"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ],
                 "incidentConfiguration": {
                   "createIncident": true,
                   "groupingConfiguration": {
-                    "enabled": true,
-                    "matchingMethod": "AllEntities",
-                    "groupByEntities": [],
                     "lookbackDuration": "6h",
-                    "reopenClosedIncident": false
+                    "groupByEntities": [],
+                    "matchingMethod": "AllEntities",
+                    "reopenClosedIncident": false,
+                    "enabled": true
                   }
                 }
               }
@@ -9636,7 +9636,7 @@
                 "displayName": "ASIM Network Session parser for Tailscale",
                 "category": "Microsoft Sentinel Parser",
                 "functionAlias": "vimNetworkSessionTailscale",
-                "query": "let NetworkProtocolLookup = datatable(proto_lookup: int, NetworkProtocol_lookup: string)\n[\n    1,  \"ICMP\",\n    6,  \"TCP\",\n    17, \"UDP\",\n    58, \"ICMPv6\"\n];\nlet baseEvents = Tailscale_Network_CL;\nlet virtualFlows = baseEvents\n    | where HasVirtualTraffic\n    | mv-expand t = VirtualTraffic\n    | extend NetworkSessionType = \"Virtual\", NetworkDirection = \"Local\";\nlet subnetFlows = baseEvents\n    | where HasSubnetTraffic\n    | mv-expand t = SubnetTraffic\n    | extend NetworkSessionType = \"Subnet\", NetworkDirection = \"Outbound\";\nlet exitFlows = baseEvents\n    | where HasExitTraffic\n    | mv-expand t = ExitTraffic\n    | extend NetworkSessionType = \"Exit\", NetworkDirection = \"Outbound\";\nunion virtualFlows, subnetFlows, exitFlows\n| extend\n    SrcIpAddrAndPort = tostring(t.src),\n    DstIpAddrAndPort = tostring(t.dst),\n    proto_lookup = toint(t.proto),\n    SrcBytes = tolong(t.txBytes),\n    DstBytes = tolong(t.rxBytes),\n    SrcPackets = tolong(t.txPkts),\n    DstPackets = tolong(t.rxPkts)\n| extend\n    SrcRawHost = extract(@\"^(.+):([0-9]+)$\", 1, SrcIpAddrAndPort),\n    SrcPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, SrcIpAddrAndPort)),\n    DstRawHost = extract(@\"^(.+):([0-9]+)$\", 1, DstIpAddrAndPort),\n    DstPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, DstIpAddrAndPort))\n| extend\n    SrcIpAddr = case(\n        isempty(SrcRawHost), SrcIpAddrAndPort,\n        startswith(SrcRawHost, \"[\"), substring(SrcRawHost, 1, strlen(SrcRawHost) - 2),\n        SrcRawHost\n    ),\n    DstIpAddr = case(\n        isempty(DstRawHost), DstIpAddrAndPort,\n        startswith(DstRawHost, \"[\"), substring(DstRawHost, 1, strlen(DstRawHost) - 2),\n        DstRawHost\n    )\n| lookup NetworkProtocolLookup on proto_lookup\n| extend\n    NetworkProtocol = coalesce(NetworkProtocol_lookup, tostring(proto_lookup)),\n    NetworkBytes = SrcBytes + DstBytes,\n    NetworkPackets = SrcPackets + DstPackets\n| extend\n    EventStartTime = todatetime(FlowStart),\n    EventEndTime = todatetime(FlowEnd),\n    EventProduct = \"Tailscale\",\n    EventVendor = \"Tailscale\",\n    EventSchema = \"NetworkSession\",\n    EventSchemaVersion = \"0.2.6\",\n    EventType = \"NetworkSession\",\n    EventResult = \"Success\",\n    EventCount = int(1),\n    EventSeverity = \"Informational\",\n    DvcAction = \"Allow\"\n| extend\n    SrcHostname = SrcNodeName,\n    SrcUsername = SrcUser,\n    SrcUsernameType = iff(isnotempty(SrcUser), \"Simple\", \"\"),\n    SrcDvcOs = SrcOs,\n    DstHostname = DstNodeName,\n    DstUsername = DstUser,\n    DstUsernameType = iff(isnotempty(DstUser), \"Simple\", \"\"),\n    DstDvcOs = DstOs,\n    Dvc = SrcNodeName,\n    Src = SrcIpAddr,\n    Dst = DstIpAddr,\n    IpAddr = SrcIpAddr,\n    User = SrcUser,\n    Hostname = SrcNodeName\n| project-away\n    t, NetworkProtocol_lookup, proto_lookup,\n    VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic,\n    HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic,\n    SrcAddresses, DstAddresses, SrcTags, DstTags,\n    SrcOs, DstOs, SrcUser, DstUser, SrcNodeName, DstNodeName,\n    DstCount, DstNodeId, NodeId, IsRelayed,\n    SrcIpAddrAndPort, DstIpAddrAndPort, SrcRawHost, DstRawHost,\n    FlowStart, FlowEnd,\n    TenantId, _ResourceId, Type\n",
+                "query": "let NetworkProtocolLookup = datatable(proto_lookup: int, NetworkProtocol_lookup: string)\n[\n    1,  \"ICMP\",\n    6,  \"TCP\",\n    17, \"UDP\",\n    58, \"ICMPv6\"\n];\nlet baseEvents = Tailscale_Network_CL;\nlet virtualFlows = baseEvents\n    | where HasVirtualTraffic\n    | mv-expand t = VirtualTraffic\n    | extend NetworkSessionType = \"Virtual\", NetworkDirection = \"Local\";\nlet subnetFlows = baseEvents\n    | where HasSubnetTraffic\n    | mv-expand t = SubnetTraffic\n    | extend NetworkSessionType = \"Subnet\", NetworkDirection = \"Outbound\";\nlet exitFlows = baseEvents\n    | where HasExitTraffic\n    | mv-expand t = ExitTraffic\n    | extend NetworkSessionType = \"Exit\", NetworkDirection = \"Outbound\";\nunion virtualFlows, subnetFlows, exitFlows\n| extend\n    SrcIpAddrAndPort = tostring(t.src),\n    DstIpAddrAndPort = tostring(t.dst),\n    proto_lookup = toint(t.proto),\n    SrcBytes = tolong(t.txBytes),\n    DstBytes = tolong(t.rxBytes),\n    SrcPackets = tolong(t.txPkts),\n    DstPackets = tolong(t.rxPkts)\n| extend\n    SrcRawHost = extract(@\"^(.+):([0-9]+)$\", 1, SrcIpAddrAndPort),\n    SrcPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, SrcIpAddrAndPort)),\n    DstRawHost = extract(@\"^(.+):([0-9]+)$\", 1, DstIpAddrAndPort),\n    DstPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, DstIpAddrAndPort))\n| extend\n    SrcIpAddr = case(\n        isempty(SrcRawHost), SrcIpAddrAndPort,\n        SrcRawHost startswith \"[\", substring(SrcRawHost, 1, strlen(SrcRawHost) - 2),\n        SrcRawHost\n    ),\n    DstIpAddr = case(\n        isempty(DstRawHost), DstIpAddrAndPort,\n        DstRawHost startswith \"[\", substring(DstRawHost, 1, strlen(DstRawHost) - 2),\n        DstRawHost\n    )\n| lookup NetworkProtocolLookup on proto_lookup\n| extend\n    NetworkProtocol = coalesce(NetworkProtocol_lookup, tostring(proto_lookup)),\n    NetworkBytes = SrcBytes + DstBytes,\n    NetworkPackets = SrcPackets + DstPackets\n| extend\n    EventStartTime = todatetime(FlowStart),\n    EventEndTime = todatetime(FlowEnd),\n    EventProduct = \"Tailscale\",\n    EventVendor = \"Tailscale\",\n    EventSchema = \"NetworkSession\",\n    EventSchemaVersion = \"0.2.6\",\n    EventType = \"NetworkSession\",\n    EventResult = \"Success\",\n    EventCount = int(1),\n    EventSeverity = \"Informational\",\n    DvcAction = \"Allow\"\n| extend\n    SrcHostname = SrcNodeName,\n    SrcUsername = SrcUser,\n    SrcUsernameType = iff(isnotempty(SrcUser), \"Simple\", \"\"),\n    SrcDvcOs = SrcOs,\n    DstHostname = DstNodeName,\n    DstUsername = DstUser,\n    DstUsernameType = iff(isnotempty(DstUser), \"Simple\", \"\"),\n    DstDvcOs = DstOs,\n    Dvc = SrcNodeName,\n    Src = SrcIpAddr,\n    Dst = DstIpAddr,\n    IpAddr = SrcIpAddr,\n    User = SrcUser,\n    Hostname = SrcNodeName\n| project-away\n    t, NetworkProtocol_lookup, proto_lookup,\n    VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic,\n    HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic,\n    SrcAddresses, DstAddresses, SrcTags, DstTags,\n    SrcOs, DstOs, SrcUser, DstUser, SrcNodeName, DstNodeName,\n    DstCount, DstNodeId, NodeId, IsRelayed,\n    SrcIpAddrAndPort, DstIpAddrAndPort, SrcRawHost, DstRawHost,\n    FlowStart, FlowEnd,\n    TenantId, _ResourceId, Type\n",
                 "functionParameters": "",
                 "version": 2,
                 "tags": [
@@ -9701,7 +9701,7 @@
         "displayName": "ASIM Network Session parser for Tailscale",
         "category": "Microsoft Sentinel Parser",
         "functionAlias": "vimNetworkSessionTailscale",
-        "query": "let NetworkProtocolLookup = datatable(proto_lookup: int, NetworkProtocol_lookup: string)\n[\n    1,  \"ICMP\",\n    6,  \"TCP\",\n    17, \"UDP\",\n    58, \"ICMPv6\"\n];\nlet baseEvents = Tailscale_Network_CL;\nlet virtualFlows = baseEvents\n    | where HasVirtualTraffic\n    | mv-expand t = VirtualTraffic\n    | extend NetworkSessionType = \"Virtual\", NetworkDirection = \"Local\";\nlet subnetFlows = baseEvents\n    | where HasSubnetTraffic\n    | mv-expand t = SubnetTraffic\n    | extend NetworkSessionType = \"Subnet\", NetworkDirection = \"Outbound\";\nlet exitFlows = baseEvents\n    | where HasExitTraffic\n    | mv-expand t = ExitTraffic\n    | extend NetworkSessionType = \"Exit\", NetworkDirection = \"Outbound\";\nunion virtualFlows, subnetFlows, exitFlows\n| extend\n    SrcIpAddrAndPort = tostring(t.src),\n    DstIpAddrAndPort = tostring(t.dst),\n    proto_lookup = toint(t.proto),\n    SrcBytes = tolong(t.txBytes),\n    DstBytes = tolong(t.rxBytes),\n    SrcPackets = tolong(t.txPkts),\n    DstPackets = tolong(t.rxPkts)\n| extend\n    SrcRawHost = extract(@\"^(.+):([0-9]+)$\", 1, SrcIpAddrAndPort),\n    SrcPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, SrcIpAddrAndPort)),\n    DstRawHost = extract(@\"^(.+):([0-9]+)$\", 1, DstIpAddrAndPort),\n    DstPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, DstIpAddrAndPort))\n| extend\n    SrcIpAddr = case(\n        isempty(SrcRawHost), SrcIpAddrAndPort,\n        startswith(SrcRawHost, \"[\"), substring(SrcRawHost, 1, strlen(SrcRawHost) - 2),\n        SrcRawHost\n    ),\n    DstIpAddr = case(\n        isempty(DstRawHost), DstIpAddrAndPort,\n        startswith(DstRawHost, \"[\"), substring(DstRawHost, 1, strlen(DstRawHost) - 2),\n        DstRawHost\n    )\n| lookup NetworkProtocolLookup on proto_lookup\n| extend\n    NetworkProtocol = coalesce(NetworkProtocol_lookup, tostring(proto_lookup)),\n    NetworkBytes = SrcBytes + DstBytes,\n    NetworkPackets = SrcPackets + DstPackets\n| extend\n    EventStartTime = todatetime(FlowStart),\n    EventEndTime = todatetime(FlowEnd),\n    EventProduct = \"Tailscale\",\n    EventVendor = \"Tailscale\",\n    EventSchema = \"NetworkSession\",\n    EventSchemaVersion = \"0.2.6\",\n    EventType = \"NetworkSession\",\n    EventResult = \"Success\",\n    EventCount = int(1),\n    EventSeverity = \"Informational\",\n    DvcAction = \"Allow\"\n| extend\n    SrcHostname = SrcNodeName,\n    SrcUsername = SrcUser,\n    SrcUsernameType = iff(isnotempty(SrcUser), \"Simple\", \"\"),\n    SrcDvcOs = SrcOs,\n    DstHostname = DstNodeName,\n    DstUsername = DstUser,\n    DstUsernameType = iff(isnotempty(DstUser), \"Simple\", \"\"),\n    DstDvcOs = DstOs,\n    Dvc = SrcNodeName,\n    Src = SrcIpAddr,\n    Dst = DstIpAddr,\n    IpAddr = SrcIpAddr,\n    User = SrcUser,\n    Hostname = SrcNodeName\n| project-away\n    t, NetworkProtocol_lookup, proto_lookup,\n    VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic,\n    HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic,\n    SrcAddresses, DstAddresses, SrcTags, DstTags,\n    SrcOs, DstOs, SrcUser, DstUser, SrcNodeName, DstNodeName,\n    DstCount, DstNodeId, NodeId, IsRelayed,\n    SrcIpAddrAndPort, DstIpAddrAndPort, SrcRawHost, DstRawHost,\n    FlowStart, FlowEnd,\n    TenantId, _ResourceId, Type\n",
+        "query": "let NetworkProtocolLookup = datatable(proto_lookup: int, NetworkProtocol_lookup: string)\n[\n    1,  \"ICMP\",\n    6,  \"TCP\",\n    17, \"UDP\",\n    58, \"ICMPv6\"\n];\nlet baseEvents = Tailscale_Network_CL;\nlet virtualFlows = baseEvents\n    | where HasVirtualTraffic\n    | mv-expand t = VirtualTraffic\n    | extend NetworkSessionType = \"Virtual\", NetworkDirection = \"Local\";\nlet subnetFlows = baseEvents\n    | where HasSubnetTraffic\n    | mv-expand t = SubnetTraffic\n    | extend NetworkSessionType = \"Subnet\", NetworkDirection = \"Outbound\";\nlet exitFlows = baseEvents\n    | where HasExitTraffic\n    | mv-expand t = ExitTraffic\n    | extend NetworkSessionType = \"Exit\", NetworkDirection = \"Outbound\";\nunion virtualFlows, subnetFlows, exitFlows\n| extend\n    SrcIpAddrAndPort = tostring(t.src),\n    DstIpAddrAndPort = tostring(t.dst),\n    proto_lookup = toint(t.proto),\n    SrcBytes = tolong(t.txBytes),\n    DstBytes = tolong(t.rxBytes),\n    SrcPackets = tolong(t.txPkts),\n    DstPackets = tolong(t.rxPkts)\n| extend\n    SrcRawHost = extract(@\"^(.+):([0-9]+)$\", 1, SrcIpAddrAndPort),\n    SrcPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, SrcIpAddrAndPort)),\n    DstRawHost = extract(@\"^(.+):([0-9]+)$\", 1, DstIpAddrAndPort),\n    DstPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, DstIpAddrAndPort))\n| extend\n    SrcIpAddr = case(\n        isempty(SrcRawHost), SrcIpAddrAndPort,\n        SrcRawHost startswith \"[\", substring(SrcRawHost, 1, strlen(SrcRawHost) - 2),\n        SrcRawHost\n    ),\n    DstIpAddr = case(\n        isempty(DstRawHost), DstIpAddrAndPort,\n        DstRawHost startswith \"[\", substring(DstRawHost, 1, strlen(DstRawHost) - 2),\n        DstRawHost\n    )\n| lookup NetworkProtocolLookup on proto_lookup\n| extend\n    NetworkProtocol = coalesce(NetworkProtocol_lookup, tostring(proto_lookup)),\n    NetworkBytes = SrcBytes + DstBytes,\n    NetworkPackets = SrcPackets + DstPackets\n| extend\n    EventStartTime = todatetime(FlowStart),\n    EventEndTime = todatetime(FlowEnd),\n    EventProduct = \"Tailscale\",\n    EventVendor = \"Tailscale\",\n    EventSchema = \"NetworkSession\",\n    EventSchemaVersion = \"0.2.6\",\n    EventType = \"NetworkSession\",\n    EventResult = \"Success\",\n    EventCount = int(1),\n    EventSeverity = \"Informational\",\n    DvcAction = \"Allow\"\n| extend\n    SrcHostname = SrcNodeName,\n    SrcUsername = SrcUser,\n    SrcUsernameType = iff(isnotempty(SrcUser), \"Simple\", \"\"),\n    SrcDvcOs = SrcOs,\n    DstHostname = DstNodeName,\n    DstUsername = DstUser,\n    DstUsernameType = iff(isnotempty(DstUser), \"Simple\", \"\"),\n    DstDvcOs = DstOs,\n    Dvc = SrcNodeName,\n    Src = SrcIpAddr,\n    Dst = DstIpAddr,\n    IpAddr = SrcIpAddr,\n    User = SrcUser,\n    Hostname = SrcNodeName\n| project-away\n    t, NetworkProtocol_lookup, proto_lookup,\n    VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic,\n    HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic,\n    SrcAddresses, DstAddresses, SrcTags, DstTags,\n    SrcOs, DstOs, SrcUser, DstUser, SrcNodeName, DstNodeName,\n    DstCount, DstNodeId, NodeId, IsRelayed,\n    SrcIpAddrAndPort, DstIpAddrAndPort, SrcRawHost, DstRawHost,\n    FlowStart, FlowEnd,\n    TenantId, _ResourceId, Type\n",
         "functionParameters": "",
         "version": 2,
         "tags": [
@@ -9768,7 +9768,7 @@
                 "displayName": "ASIM Network Session parser for Tailscale (no-prefix wrapper)",
                 "category": "Microsoft Sentinel Parser",
                 "functionAlias": "ASimNetworkSessionTailscale",
-                "query": "vimNetworkSessionTailscale\n",
+                "query": "let NetworkProtocolLookup = datatable(proto_lookup: int, NetworkProtocol_lookup: string)\n[\n    1,  \"ICMP\",\n    6,  \"TCP\",\n    17, \"UDP\",\n    58, \"ICMPv6\"\n];\nlet baseEvents = Tailscale_Network_CL;\nlet virtualFlows = baseEvents\n    | where HasVirtualTraffic\n    | mv-expand t = VirtualTraffic\n    | extend NetworkSessionType = \"Virtual\", NetworkDirection = \"Local\";\nlet subnetFlows = baseEvents\n    | where HasSubnetTraffic\n    | mv-expand t = SubnetTraffic\n    | extend NetworkSessionType = \"Subnet\", NetworkDirection = \"Outbound\";\nlet exitFlows = baseEvents\n    | where HasExitTraffic\n    | mv-expand t = ExitTraffic\n    | extend NetworkSessionType = \"Exit\", NetworkDirection = \"Outbound\";\nunion virtualFlows, subnetFlows, exitFlows\n| extend\n    SrcIpAddrAndPort = tostring(t.src),\n    DstIpAddrAndPort = tostring(t.dst),\n    proto_lookup = toint(t.proto),\n    SrcBytes = tolong(t.txBytes),\n    DstBytes = tolong(t.rxBytes),\n    SrcPackets = tolong(t.txPkts),\n    DstPackets = tolong(t.rxPkts)\n| extend\n    SrcRawHost = extract(@\"^(.+):([0-9]+)$\", 1, SrcIpAddrAndPort),\n    SrcPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, SrcIpAddrAndPort)),\n    DstRawHost = extract(@\"^(.+):([0-9]+)$\", 1, DstIpAddrAndPort),\n    DstPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, DstIpAddrAndPort))\n| extend\n    SrcIpAddr = case(\n        isempty(SrcRawHost), SrcIpAddrAndPort,\n        SrcRawHost startswith \"[\", substring(SrcRawHost, 1, strlen(SrcRawHost) - 2),\n        SrcRawHost\n    ),\n    DstIpAddr = case(\n        isempty(DstRawHost), DstIpAddrAndPort,\n        DstRawHost startswith \"[\", substring(DstRawHost, 1, strlen(DstRawHost) - 2),\n        DstRawHost\n    )\n| lookup NetworkProtocolLookup on proto_lookup\n| extend\n    NetworkProtocol = coalesce(NetworkProtocol_lookup, tostring(proto_lookup)),\n    NetworkBytes = SrcBytes + DstBytes,\n    NetworkPackets = SrcPackets + DstPackets\n| extend\n    EventStartTime = todatetime(FlowStart),\n    EventEndTime = todatetime(FlowEnd),\n    EventProduct = \"Tailscale\",\n    EventVendor = \"Tailscale\",\n    EventSchema = \"NetworkSession\",\n    EventSchemaVersion = \"0.2.6\",\n    EventType = \"NetworkSession\",\n    EventResult = \"Success\",\n    EventCount = int(1),\n    EventSeverity = \"Informational\",\n    DvcAction = \"Allow\"\n| extend\n    SrcHostname = SrcNodeName,\n    SrcUsername = SrcUser,\n    SrcUsernameType = iff(isnotempty(SrcUser), \"Simple\", \"\"),\n    SrcDvcOs = SrcOs,\n    DstHostname = DstNodeName,\n    DstUsername = DstUser,\n    DstUsernameType = iff(isnotempty(DstUser), \"Simple\", \"\"),\n    DstDvcOs = DstOs,\n    Dvc = SrcNodeName,\n    Src = SrcIpAddr,\n    Dst = DstIpAddr,\n    IpAddr = SrcIpAddr,\n    User = SrcUser,\n    Hostname = SrcNodeName\n| project-away\n    t, NetworkProtocol_lookup, proto_lookup,\n    VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic,\n    HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic,\n    SrcAddresses, DstAddresses, SrcTags, DstTags,\n    SrcOs, DstOs, SrcUser, DstUser, SrcNodeName, DstNodeName,\n    DstCount, DstNodeId, NodeId, IsRelayed,\n    SrcIpAddrAndPort, DstIpAddrAndPort, SrcRawHost, DstRawHost,\n    FlowStart, FlowEnd,\n    TenantId, _ResourceId, Type\n",
                 "functionParameters": "",
                 "version": 2,
                 "tags": [
@@ -9833,7 +9833,7 @@
         "displayName": "ASIM Network Session parser for Tailscale (no-prefix wrapper)",
         "category": "Microsoft Sentinel Parser",
         "functionAlias": "ASimNetworkSessionTailscale",
-        "query": "vimNetworkSessionTailscale\n",
+        "query": "let NetworkProtocolLookup = datatable(proto_lookup: int, NetworkProtocol_lookup: string)\n[\n    1,  \"ICMP\",\n    6,  \"TCP\",\n    17, \"UDP\",\n    58, \"ICMPv6\"\n];\nlet baseEvents = Tailscale_Network_CL;\nlet virtualFlows = baseEvents\n    | where HasVirtualTraffic\n    | mv-expand t = VirtualTraffic\n    | extend NetworkSessionType = \"Virtual\", NetworkDirection = \"Local\";\nlet subnetFlows = baseEvents\n    | where HasSubnetTraffic\n    | mv-expand t = SubnetTraffic\n    | extend NetworkSessionType = \"Subnet\", NetworkDirection = \"Outbound\";\nlet exitFlows = baseEvents\n    | where HasExitTraffic\n    | mv-expand t = ExitTraffic\n    | extend NetworkSessionType = \"Exit\", NetworkDirection = \"Outbound\";\nunion virtualFlows, subnetFlows, exitFlows\n| extend\n    SrcIpAddrAndPort = tostring(t.src),\n    DstIpAddrAndPort = tostring(t.dst),\n    proto_lookup = toint(t.proto),\n    SrcBytes = tolong(t.txBytes),\n    DstBytes = tolong(t.rxBytes),\n    SrcPackets = tolong(t.txPkts),\n    DstPackets = tolong(t.rxPkts)\n| extend\n    SrcRawHost = extract(@\"^(.+):([0-9]+)$\", 1, SrcIpAddrAndPort),\n    SrcPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, SrcIpAddrAndPort)),\n    DstRawHost = extract(@\"^(.+):([0-9]+)$\", 1, DstIpAddrAndPort),\n    DstPortNumber = toint(extract(@\"^(.+):([0-9]+)$\", 2, DstIpAddrAndPort))\n| extend\n    SrcIpAddr = case(\n        isempty(SrcRawHost), SrcIpAddrAndPort,\n        SrcRawHost startswith \"[\", substring(SrcRawHost, 1, strlen(SrcRawHost) - 2),\n        SrcRawHost\n    ),\n    DstIpAddr = case(\n        isempty(DstRawHost), DstIpAddrAndPort,\n        DstRawHost startswith \"[\", substring(DstRawHost, 1, strlen(DstRawHost) - 2),\n        DstRawHost\n    )\n| lookup NetworkProtocolLookup on proto_lookup\n| extend\n    NetworkProtocol = coalesce(NetworkProtocol_lookup, tostring(proto_lookup)),\n    NetworkBytes = SrcBytes + DstBytes,\n    NetworkPackets = SrcPackets + DstPackets\n| extend\n    EventStartTime = todatetime(FlowStart),\n    EventEndTime = todatetime(FlowEnd),\n    EventProduct = \"Tailscale\",\n    EventVendor = \"Tailscale\",\n    EventSchema = \"NetworkSession\",\n    EventSchemaVersion = \"0.2.6\",\n    EventType = \"NetworkSession\",\n    EventResult = \"Success\",\n    EventCount = int(1),\n    EventSeverity = \"Informational\",\n    DvcAction = \"Allow\"\n| extend\n    SrcHostname = SrcNodeName,\n    SrcUsername = SrcUser,\n    SrcUsernameType = iff(isnotempty(SrcUser), \"Simple\", \"\"),\n    SrcDvcOs = SrcOs,\n    DstHostname = DstNodeName,\n    DstUsername = DstUser,\n    DstUsernameType = iff(isnotempty(DstUser), \"Simple\", \"\"),\n    DstDvcOs = DstOs,\n    Dvc = SrcNodeName,\n    Src = SrcIpAddr,\n    Dst = DstIpAddr,\n    IpAddr = SrcIpAddr,\n    User = SrcUser,\n    Hostname = SrcNodeName\n| project-away\n    t, NetworkProtocol_lookup, proto_lookup,\n    VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic,\n    HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic,\n    SrcAddresses, DstAddresses, SrcTags, DstTags,\n    SrcOs, DstOs, SrcUser, DstUser, SrcNodeName, DstNodeName,\n    DstCount, DstNodeId, NodeId, IsRelayed,\n    SrcIpAddrAndPort, DstIpAddrAndPort, SrcRawHost, DstRawHost,\n    FlowStart, FlowEnd,\n    TenantId, _ResourceId, Type\n",
         "functionParameters": "",
         "version": 2,
         "tags": [
diff --git a/Solutions/Tailscale (CCF)/Parsers/ASimNetworkSessionTailscale.yaml b/Solutions/Tailscale (CCF)/Parsers/ASimNetworkSessionTailscale.yaml
index 11677937446..4b8af4fb11a 100644
--- a/Solutions/Tailscale (CCF)/Parsers/ASimNetworkSessionTailscale.yaml	
+++ b/Solutions/Tailscale (CCF)/Parsers/ASimNetworkSessionTailscale.yaml	
@@ -7,4 +7,90 @@ Category: Microsoft Sentinel Parser
 FunctionName: ASimNetworkSessionTailscale
 FunctionAlias: ASimNetworkSessionTailscale
 FunctionQuery: |
-    vimNetworkSessionTailscale
+    let NetworkProtocolLookup = datatable(proto_lookup: int, NetworkProtocol_lookup: string)
+    [
+        1,  "ICMP",
+        6,  "TCP",
+        17, "UDP",
+        58, "ICMPv6"
+    ];
+    let baseEvents = Tailscale_Network_CL;
+    let virtualFlows = baseEvents
+        | where HasVirtualTraffic
+        | mv-expand t = VirtualTraffic
+        | extend NetworkSessionType = "Virtual", NetworkDirection = "Local";
+    let subnetFlows = baseEvents
+        | where HasSubnetTraffic
+        | mv-expand t = SubnetTraffic
+        | extend NetworkSessionType = "Subnet", NetworkDirection = "Outbound";
+    let exitFlows = baseEvents
+        | where HasExitTraffic
+        | mv-expand t = ExitTraffic
+        | extend NetworkSessionType = "Exit", NetworkDirection = "Outbound";
+    union virtualFlows, subnetFlows, exitFlows
+    | extend
+        SrcIpAddrAndPort = tostring(t.src),
+        DstIpAddrAndPort = tostring(t.dst),
+        proto_lookup = toint(t.proto),
+        SrcBytes = tolong(t.txBytes),
+        DstBytes = tolong(t.rxBytes),
+        SrcPackets = tolong(t.txPkts),
+        DstPackets = tolong(t.rxPkts)
+    | extend
+        SrcRawHost = extract(@"^(.+):([0-9]+)$", 1, SrcIpAddrAndPort),
+        SrcPortNumber = toint(extract(@"^(.+):([0-9]+)$", 2, SrcIpAddrAndPort)),
+        DstRawHost = extract(@"^(.+):([0-9]+)$", 1, DstIpAddrAndPort),
+        DstPortNumber = toint(extract(@"^(.+):([0-9]+)$", 2, DstIpAddrAndPort))
+    | extend
+        SrcIpAddr = case(
+            isempty(SrcRawHost), SrcIpAddrAndPort,
+            SrcRawHost startswith "[", substring(SrcRawHost, 1, strlen(SrcRawHost) - 2),
+            SrcRawHost
+        ),
+        DstIpAddr = case(
+            isempty(DstRawHost), DstIpAddrAndPort,
+            DstRawHost startswith "[", substring(DstRawHost, 1, strlen(DstRawHost) - 2),
+            DstRawHost
+        )
+    | lookup NetworkProtocolLookup on proto_lookup
+    | extend
+        NetworkProtocol = coalesce(NetworkProtocol_lookup, tostring(proto_lookup)),
+        NetworkBytes = SrcBytes + DstBytes,
+        NetworkPackets = SrcPackets + DstPackets
+    | extend
+        EventStartTime = todatetime(FlowStart),
+        EventEndTime = todatetime(FlowEnd),
+        EventProduct = "Tailscale",
+        EventVendor = "Tailscale",
+        EventSchema = "NetworkSession",
+        EventSchemaVersion = "0.2.6",
+        EventType = "NetworkSession",
+        EventResult = "Success",
+        EventCount = int(1),
+        EventSeverity = "Informational",
+        DvcAction = "Allow"
+    | extend
+        SrcHostname = SrcNodeName,
+        SrcUsername = SrcUser,
+        SrcUsernameType = iff(isnotempty(SrcUser), "Simple", ""),
+        SrcDvcOs = SrcOs,
+        DstHostname = DstNodeName,
+        DstUsername = DstUser,
+        DstUsernameType = iff(isnotempty(DstUser), "Simple", ""),
+        DstDvcOs = DstOs,
+        Dvc = SrcNodeName,
+        Src = SrcIpAddr,
+        Dst = DstIpAddr,
+        IpAddr = SrcIpAddr,
+        User = SrcUser,
+        Hostname = SrcNodeName
+    | project-away
+        t, NetworkProtocol_lookup, proto_lookup,
+        VirtualTraffic, SubnetTraffic, ExitTraffic, PhysicalTraffic,
+        HasVirtualTraffic, HasSubnetTraffic, HasExitTraffic, HasPhysicalTraffic,
+        SrcAddresses, DstAddresses, SrcTags, DstTags,
+        SrcOs, DstOs, SrcUser, DstUser, SrcNodeName, DstNodeName,
+        DstCount, DstNodeId, NodeId, IsRelayed,
+        SrcIpAddrAndPort, DstIpAddrAndPort, SrcRawHost, DstRawHost,
+        FlowStart, FlowEnd,
+        TenantId, _ResourceId, Type
diff --git a/Solutions/Tailscale (CCF)/Parsers/vimNetworkSessionTailscale.yaml b/Solutions/Tailscale (CCF)/Parsers/vimNetworkSessionTailscale.yaml
index 31a739d01ae..9f4faca048a 100644
--- a/Solutions/Tailscale (CCF)/Parsers/vimNetworkSessionTailscale.yaml	
+++ b/Solutions/Tailscale (CCF)/Parsers/vimNetworkSessionTailscale.yaml	
@@ -44,12 +44,12 @@ FunctionQuery: |
     | extend
         SrcIpAddr = case(
             isempty(SrcRawHost), SrcIpAddrAndPort,
-            startswith(SrcRawHost, "["), substring(SrcRawHost, 1, strlen(SrcRawHost) - 2),
+            SrcRawHost startswith "[", substring(SrcRawHost, 1, strlen(SrcRawHost) - 2),
             SrcRawHost
         ),
         DstIpAddr = case(
             isempty(DstRawHost), DstIpAddrAndPort,
-            startswith(DstRawHost, "["), substring(DstRawHost, 1, strlen(DstRawHost) - 2),
+            DstRawHost startswith "[", substring(DstRawHost, 1, strlen(DstRawHost) - 2),
             DstRawHost
         )
     | lookup NetworkProtocolLookup on proto_lookup